problem z Hijack
witam serdecznie mam problem z tym trojanem hijack... porobowałem juz wszystkiego skanowanie programami nic nie pomaga cały czas jak otworze ponownie przegladarke internetowa jest przeikierowanie na strone www.msn.com...
Ad–vare nie pomaga znajude tego wirusa zaznaczam go zeby sie skasował no ii niby sie kasuje a po ponnownym wejsc do neta jest to samo....
probobowałem tez cos zdziałac programem HijackThis ale on nie znajdueje tego trojana ?? pomocy co mam robic...
ps jak wejsc do rejestru moze tam sie gdzies go usunie...
a to jest wyciag z programu ad–vare
Sprzedawca:Possible Browser Hijack attempt
Kategoria:Data Miner
Typ obiektu:Dane rejestru
Rozmiar:20 Bytes
Lokalizacja:...SoftwareMicrosoftInternet ExplorerMain "Start Page" ("http://www.onet.pl/")
Aktywność:2005–02–06
Zagroźenie:Średni
Indeks TAC:3
Komentarz:Moźliwa próba wtargnięcia poprzez przeglądarkę
Opis:Possible attempt to control/redirect the browser. This object referrs to a "blacklisted" site. If the site listed is the site intended (in other words, it is set to the setting you wish it to be set to), add this listing to your ignorelist. If not, then selecting this item will reset your browser to the default setting for this item.
Ad–vare nie pomaga znajude tego wirusa zaznaczam go zeby sie skasował no ii niby sie kasuje a po ponnownym wejsc do neta jest to samo....
probobowałem tez cos zdziałac programem HijackThis ale on nie znajdueje tego trojana ?? pomocy co mam robic...
ps jak wejsc do rejestru moze tam sie gdzies go usunie...
a to jest wyciag z programu ad–vare
Sprzedawca:Possible Browser Hijack attempt
Kategoria:Data Miner
Typ obiektu:Dane rejestru
Rozmiar:20 Bytes
Lokalizacja:...SoftwareMicrosoftInternet ExplorerMain "Start Page" ("http://www.onet.pl/")
Aktywność:2005–02–06
Zagroźenie:Średni
Indeks TAC:3
Komentarz:Moźliwa próba wtargnięcia poprzez przeglądarkę
Opis:Possible attempt to control/redirect the browser. This object referrs to a "blacklisted" site. If the site listed is the site intended (in other words, it is set to the setting you wish it to be set to), add this listing to your ignorelist. If not, then selecting this item will reset your browser to the default setting for this item.
Odpowiedzi: 4
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = NOT USED (OK)
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = NOT USED (OK)
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = NOT USED (OK)
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Search Bar = NOT USED (OK)
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = NOT USED (OK)
R0 – HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.msn.com
R0 – HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = NOT USED (OK)
R0 – HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch = http://ie.search.msn.com/en–us/srchasst/srchcust.htm
R1 – HKCUSoftwareMicrosoftInternet ExplorerSearchURL,(Default) = http://home.microsoft.com/access/autosearch.asp?p=%s
R1 – HKLMSoftwareMicrosoftInternet ExplorerSearchURL,(Default) = http://home.microsoft.com/access/autosearch.asp?p=%s
Wywal to i nie będzie szukało stron Microsoftu.
ok mam
Logfile of HijackThis v1.99.0
Scan saved at 18:42:44, on 2005–02–06
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSExplorer.EXE
C:PROGRA~1GrisoftAVGFRE~1avgcc.exe
C:PROGRA~1GrisoftAVGFRE~1avgemc.exe
C:Program FilesCyberLink DVD SolutionPowerDVDPDVDServ.exe
C:Program FilesMicrosoft AntiSpywaregcasServ.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesMicrosoft AntiSpywaregcasDtServ.exe
C:WINDOWSSystem32Ati2evxx.exe
C:PROGRA~1GrisoftAVGFRE~1avgamsvr.exe
C:PROGRA~1GrisoftAVGFRE~1avgupsvc.exe
C:WINDOWSsystem32MsPMSPSv.exe
C:WINDOWSsystem32NOTEPAD.EXE
C:Program FilesInternet Exploreriexplore.exe
C:WINDOWSsystem32NOTEPAD.EXE
C:Documents and SettingsRadekPulpithijackthisHijackThis.exe
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = NOT USED (OK)
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = NOT USED (OK)
R0 – HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.onet.pl/
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = NOT USED (OK)
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Search Bar = NOT USED (OK)
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = NOT USED (OK)
R0 – HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.msn.com
R0 – HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = NOT USED (OK)
R0 – HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch = http://ie.search.msn.com/en–us/srchasst/srchcust.htm
R1 – HKCUSoftwareMicrosoftInternet ExplorerSearchURL,(Default) = http://home.microsoft.com/access/autosearch.asp?p=%s
R1 – HKLMSoftwareMicrosoftInternet ExplorerSearchURL,(Default) = http://home.microsoft.com/access/autosearch.asp?p=%s
R0 – HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:Program FilesAdobeAcrobat 5.0ReaderActiveXAcroIEHelper.ocx
O2 – BHO: (no name) – {53707962–6F74–2D53–2644–206D7942484F} – C:Program FilesSpybot – Search & DestroySDHelper.dll
O4 – HKLM..Run: [AVG7_CC] C:PROGRA~1GrisoftAVGFRE~1avgcc.exe /STARTUP
O4 – HKLM..Run: [AVG7_EMC] C:PROGRA~1GrisoftAVGFRE~1avgemc.exe
O4 – HKLM..Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 – HKLM..Run: [RemoteControl] "C:Program FilesCyberLink DVD SolutionPowerDVDPDVDServ.exe"
O4 – HKLM..Run: [NeroFilterCheck] C:WINDOWSsystem32NeroCheck.exe
O4 – HKLM..Run: [zSPGuard] c:program filespjwspguardspguard.exe /s
O4 – HKLM..Run: [gcasServ] "C:Program FilesMicrosoft AntiSpywaregcasServ.exe"
O4 – HKCU..Run: [CTFMON.EXE] C:WINDOWSsystem32ctfmon.exe
O4 – Global Startup: Microsoft Office.lnk = C:Program FilesMicrosoft OfficeOffice10OSA.EXE
O6 – HKCUSoftwarePoliciesMicrosoftInternet ExplorerControl Panel present
O8 – Extra context menu item: E&ksport do programu Microsoft Excel – res://C:PROGRA~1MICROS~2Office10EXCEL.EXE/3000
O9 – Extra button: eBay – Homepage – {EF79EAC5–3452–4E02–B8BD–BA4C89F1AC7A} – C:Program FilesIrfanViewEbayEbay.htm
O9 – Extra button: Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – C:Program FilesMessengermsmsgs.exe
O9 – Extra 'Tools' menuitem: Windows Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – C:Program FilesMessengermsmsgs.exe
O12 – Plugin for .spop: C:Program FilesInternet ExplorerPluginsNPDocBox.dll
O16 – DPF: Cdm.Sdig – https://www.cdm.net.pl/cdm2/sdig/aplet/SdigApplet.cab
O16 – DPF: CDMNet – https://www.cdm.net.pl/cdm2/jar/CDMNetOnl.cab
O23 – Service: Ati HotKey Poller – Unknown – C:WINDOWSSystem32Ati2evxx.exe
O23 – Service: ATI Smart – Unknown – C:WINDOWSsystem32ati2sgag.exe
O23 – Service: AVG7 Alert Manager Server – GRISOFT, s.r.o. – C:PROGRA~1GrisoftAVGFRE~1avgamsvr.exe
O23 – Service: AVG7 Update Service – GRISOFT, s.r.o. – C:PROGRA~1GrisoftAVGFRE~1avgupsvc.exe
Logfile of HijackThis v1.99.0
Scan saved at 18:42:44, on 2005–02–06
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSExplorer.EXE
C:PROGRA~1GrisoftAVGFRE~1avgcc.exe
C:PROGRA~1GrisoftAVGFRE~1avgemc.exe
C:Program FilesCyberLink DVD SolutionPowerDVDPDVDServ.exe
C:Program FilesMicrosoft AntiSpywaregcasServ.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesMicrosoft AntiSpywaregcasDtServ.exe
C:WINDOWSSystem32Ati2evxx.exe
C:PROGRA~1GrisoftAVGFRE~1avgamsvr.exe
C:PROGRA~1GrisoftAVGFRE~1avgupsvc.exe
C:WINDOWSsystem32MsPMSPSv.exe
C:WINDOWSsystem32NOTEPAD.EXE
C:Program FilesInternet Exploreriexplore.exe
C:WINDOWSsystem32NOTEPAD.EXE
C:Documents and SettingsRadekPulpithijackthisHijackThis.exe
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = NOT USED (OK)
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = NOT USED (OK)
R0 – HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.onet.pl/
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = NOT USED (OK)
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Search Bar = NOT USED (OK)
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = NOT USED (OK)
R0 – HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.msn.com
R0 – HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = NOT USED (OK)
R0 – HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch = http://ie.search.msn.com/en–us/srchasst/srchcust.htm
R1 – HKCUSoftwareMicrosoftInternet ExplorerSearchURL,(Default) = http://home.microsoft.com/access/autosearch.asp?p=%s
R1 – HKLMSoftwareMicrosoftInternet ExplorerSearchURL,(Default) = http://home.microsoft.com/access/autosearch.asp?p=%s
R0 – HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:Program FilesAdobeAcrobat 5.0ReaderActiveXAcroIEHelper.ocx
O2 – BHO: (no name) – {53707962–6F74–2D53–2644–206D7942484F} – C:Program FilesSpybot – Search & DestroySDHelper.dll
O4 – HKLM..Run: [AVG7_CC] C:PROGRA~1GrisoftAVGFRE~1avgcc.exe /STARTUP
O4 – HKLM..Run: [AVG7_EMC] C:PROGRA~1GrisoftAVGFRE~1avgemc.exe
O4 – HKLM..Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 – HKLM..Run: [RemoteControl] "C:Program FilesCyberLink DVD SolutionPowerDVDPDVDServ.exe"
O4 – HKLM..Run: [NeroFilterCheck] C:WINDOWSsystem32NeroCheck.exe
O4 – HKLM..Run: [zSPGuard] c:program filespjwspguardspguard.exe /s
O4 – HKLM..Run: [gcasServ] "C:Program FilesMicrosoft AntiSpywaregcasServ.exe"
O4 – HKCU..Run: [CTFMON.EXE] C:WINDOWSsystem32ctfmon.exe
O4 – Global Startup: Microsoft Office.lnk = C:Program FilesMicrosoft OfficeOffice10OSA.EXE
O6 – HKCUSoftwarePoliciesMicrosoftInternet ExplorerControl Panel present
O8 – Extra context menu item: E&ksport do programu Microsoft Excel – res://C:PROGRA~1MICROS~2Office10EXCEL.EXE/3000
O9 – Extra button: eBay – Homepage – {EF79EAC5–3452–4E02–B8BD–BA4C89F1AC7A} – C:Program FilesIrfanViewEbayEbay.htm
O9 – Extra button: Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – C:Program FilesMessengermsmsgs.exe
O9 – Extra 'Tools' menuitem: Windows Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – C:Program FilesMessengermsmsgs.exe
O12 – Plugin for .spop: C:Program FilesInternet ExplorerPluginsNPDocBox.dll
O16 – DPF: Cdm.Sdig – https://www.cdm.net.pl/cdm2/sdig/aplet/SdigApplet.cab
O16 – DPF: CDMNet – https://www.cdm.net.pl/cdm2/jar/CDMNetOnl.cab
O23 – Service: Ati HotKey Poller – Unknown – C:WINDOWSSystem32Ati2evxx.exe
O23 – Service: ATI Smart – Unknown – C:WINDOWSsystem32ati2sgag.exe
O23 – Service: AVG7 Alert Manager Server – GRISOFT, s.r.o. – C:PROGRA~1GrisoftAVGFRE~1avgamsvr.exe
O23 – Service: AVG7 Update Service – GRISOFT, s.r.o. – C:PROGRA~1GrisoftAVGFRE~1avgupsvc.exe
MarcinX:
Daj loga.
nie rozumiem????????????? prosze jasniej nie jestem az takim specem.. heh... prosze o pomoc....
Daj loga.
Strona 1 / 1