sprawdzenie loga
prosze o sprawdzenie loga, bo avast ciągle wykrywa mi wirusy, które zmieniaja mi strone startowa. niby czyszcze wszystko w miare czesto, a to wraca...
Logfile of HijackThis v1.97.7
Scan saved at 18:02:49, on 2004–12–11
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
G:WINDOWSSystem32smss.exe
G:WINDOWSsystem32winlogon.exe
G:WINDOWSsystem32services.exe
G:WINDOWSsystem32lsass.exe
G:WINDOWSSystem32Ati2evxx.exe
G:WINDOWSsystem32svchost.exe
G:WINDOWSSystem32svchost.exe
G:WINDOWSsystem32Ati2evxx.exe
G:WINDOWSExplorer.EXE
G:WINDOWSsystem32spoolsv.exe
G:Program FilesAvast AntivirusaswUpdSv.exe
G:PROGRA~1AVASTA~1ashDisp.exe
G:Program FilesAvast AntivirusashServ.exe
G:WINDOWSSystem32inetsrvinetinfo.exe
G:Program FilesInternet ExplorerIEXPLORE.EXE
G:Program FilesAvast AntivirusashMaiSv.exe
G:Program FilesGadu–Gadugg.exe
G:Program FilesInternet ExplorerIEXPLORE.EXE
G:Program FilesHijackThis.exe
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = file://G:DOCUME~1MagdaUSTAWI~1Tempsp.html
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = file://G:DOCUME~1MagdaUSTAWI~1Tempsp.html
R0 – HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.interia.pl/
R1 – HKCUSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = file://G:DOCUME~1MagdaUSTAWI~1Tempsp.html
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Search Bar = file://G:DOCUME~1MagdaUSTAWI~1Tempsp.html
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = file://G:DOCUME~1MagdaUSTAWI~1Tempsp.html
R0 – HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = file://G:DOCUME~1MagdaUSTAWI~1Tempsp.html
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,HomeOldSP = about:blank
R0 – HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
O2 – BHO: (no name) – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – G:Program FilesAdobeAcrobat 6.0 CEReaderActiveXAcroIEHelper.dll
O2 – BHO: (no name) – {53707962–6F74–2D53–2644–206D7942484F} – G:PROGRA~1SPYBOT~1SDHelper.dll
O2 – BHO: (no name) – {A2C2AC99–8B45–4936–9431–1762B9F91D77} – G:WINDOWSsystem32mbbgda.dll
O2 – BHO: (no name) – {A5366673–E8CA–11D3–9CD9–0090271D075B} – G:Program FilesFlashGetjccatch.dll
O3 – Toolbar: FlashGet Bar – {E0E899AB–F487–11D5–8D29–0050BA6940E3} – G:PROGRA~1FlashGetfgiebar.dll
O3 – Toolbar: IE Toolbar – {C44158E1–6121–2432–ABE6–FD53D6534CCB} – G:Program FilesMSN Assistantmsr.dll
O4 – HKLM..Run: [avast!] G:PROGRA~1AVASTA~1ashDisp.exe
O4 – HKCU..Run: [Gadu–Gadu] "G:Program FilesGadu–Gadugg.exe" /tray
O8 – Extra context menu item: Download All by FlashGet – G:Program FilesFlashGetjc_all.htm
O8 – Extra context menu item: Download using FlashGet – G:Program FilesFlashGetjc_link.htm
O8 – Extra context menu item: E&ksport do programu Microsoft Excel – res://G:OFFICEOffice10EXCEL.EXE/3000
O9 – Extra button: FlashGet (HKLM)
O9 – Extra 'Tools' menuitem: &FlashGet (HKLM)
O9 – Extra button: Messenger (HKLM)
O9 – Extra 'Tools' menuitem: Windows Messenger (HKLM)
O16 – DPF: {9F1C11AA–197B–4942–BA54–47A8489BB47F} – http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38212.3159490741
O16 – DPF: {D27CDB6E–AE6D–11CF–96B8–444553540000} (Shockwave Flash Object) – http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 – HKLMSystemCCSServicesTcpip..{9DD2A254–F1D8–4A67–9192–9318E98DE0D3}: NameServer = 217.30.137.200 217.30.129.149
Logfile of HijackThis v1.97.7
Scan saved at 18:02:49, on 2004–12–11
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
G:WINDOWSSystem32smss.exe
G:WINDOWSsystem32winlogon.exe
G:WINDOWSsystem32services.exe
G:WINDOWSsystem32lsass.exe
G:WINDOWSSystem32Ati2evxx.exe
G:WINDOWSsystem32svchost.exe
G:WINDOWSSystem32svchost.exe
G:WINDOWSsystem32Ati2evxx.exe
G:WINDOWSExplorer.EXE
G:WINDOWSsystem32spoolsv.exe
G:Program FilesAvast AntivirusaswUpdSv.exe
G:PROGRA~1AVASTA~1ashDisp.exe
G:Program FilesAvast AntivirusashServ.exe
G:WINDOWSSystem32inetsrvinetinfo.exe
G:Program FilesInternet ExplorerIEXPLORE.EXE
G:Program FilesAvast AntivirusashMaiSv.exe
G:Program FilesGadu–Gadugg.exe
G:Program FilesInternet ExplorerIEXPLORE.EXE
G:Program FilesHijackThis.exe
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = file://G:DOCUME~1MagdaUSTAWI~1Tempsp.html
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = file://G:DOCUME~1MagdaUSTAWI~1Tempsp.html
R0 – HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.interia.pl/
R1 – HKCUSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = file://G:DOCUME~1MagdaUSTAWI~1Tempsp.html
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Search Bar = file://G:DOCUME~1MagdaUSTAWI~1Tempsp.html
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = file://G:DOCUME~1MagdaUSTAWI~1Tempsp.html
R0 – HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = file://G:DOCUME~1MagdaUSTAWI~1Tempsp.html
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,HomeOldSP = about:blank
R0 – HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
O2 – BHO: (no name) – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – G:Program FilesAdobeAcrobat 6.0 CEReaderActiveXAcroIEHelper.dll
O2 – BHO: (no name) – {53707962–6F74–2D53–2644–206D7942484F} – G:PROGRA~1SPYBOT~1SDHelper.dll
O2 – BHO: (no name) – {A2C2AC99–8B45–4936–9431–1762B9F91D77} – G:WINDOWSsystem32mbbgda.dll
O2 – BHO: (no name) – {A5366673–E8CA–11D3–9CD9–0090271D075B} – G:Program FilesFlashGetjccatch.dll
O3 – Toolbar: FlashGet Bar – {E0E899AB–F487–11D5–8D29–0050BA6940E3} – G:PROGRA~1FlashGetfgiebar.dll
O3 – Toolbar: IE Toolbar – {C44158E1–6121–2432–ABE6–FD53D6534CCB} – G:Program FilesMSN Assistantmsr.dll
O4 – HKLM..Run: [avast!] G:PROGRA~1AVASTA~1ashDisp.exe
O4 – HKCU..Run: [Gadu–Gadu] "G:Program FilesGadu–Gadugg.exe" /tray
O8 – Extra context menu item: Download All by FlashGet – G:Program FilesFlashGetjc_all.htm
O8 – Extra context menu item: Download using FlashGet – G:Program FilesFlashGetjc_link.htm
O8 – Extra context menu item: E&ksport do programu Microsoft Excel – res://G:OFFICEOffice10EXCEL.EXE/3000
O9 – Extra button: FlashGet (HKLM)
O9 – Extra 'Tools' menuitem: &FlashGet (HKLM)
O9 – Extra button: Messenger (HKLM)
O9 – Extra 'Tools' menuitem: Windows Messenger (HKLM)
O16 – DPF: {9F1C11AA–197B–4942–BA54–47A8489BB47F} – http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38212.3159490741
O16 – DPF: {D27CDB6E–AE6D–11CF–96B8–444553540000} (Shockwave Flash Object) – http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 – HKLMSystemCCSServicesTcpip..{9DD2A254–F1D8–4A67–9192–9318E98DE0D3}: NameServer = 217.30.137.200 217.30.129.149
Odpowiedzi: 2
Wyrejestruj mbbgda.dll, wyszukaj i usun
Oproznij Temp
Oproznij Temp
Wylacz przywracanie i do kasacji
na koniec przeskanuj jeszcze CWShredder
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = file://G:DOCUME~1MagdaUSTAWI~1Tempsp.html
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = file://G:DOCUME~1MagdaUSTAWI~1Tempsp.html
R1 – HKCUSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = file://G:DOCUME~1MagdaUSTAWI~1Tempsp.html
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Search Bar = file://G:DOCUME~1MagdaUSTAWI~1Tempsp.html
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = file://G:DOCUME~1MagdaUSTAWI~1Tempsp.html
R0 – HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = file://G:DOCUME~1MagdaUSTAWI~1Tempsp.html
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,HomeOldSP = about:blank
O2 – BHO: (no name) – {A2C2AC99–8B45–4936–9431–1762B9F91D77} – G:WINDOWSsystem32mbbgda.dll
na koniec przeskanuj jeszcze CWShredder
Strona 1 / 1