Trojan Horse Startpage 16.B.D
Proszę o pomoc!Jak usunąć tego wirusa?
Logfile of HijackThis v1.99.1
Scan saved at 12:01:42, on 2005–03–19
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Gadu–Gadu\gg.exe
C:\PROGRA~1\DAP\DAP.EXE
C:\Program Files\Winamp\winamp.exe
C:\Programy\totalcmd\totalcmd.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\HijackThis.exe
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\KAMILR~1\USTAWI~1\Temp\se.dll/spage.html
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\KAMILR~1\USTAWI~1\Temp\se.dll/spage.html
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 – HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 – HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 – BHO: DAPHelper Class – {0000CC75–ACF3–4cac–A0A9–DD3868E06852} – C:\Program Files\DAP\DAPBHO.dll
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 – BHO: (no name) – {A19118D2–3919–4F0F–987A–BF3C866A5277} – C:\WINDOWS\System32\akam.dll
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:\WINDOWS\System32\msdxm.ocx
O3 – Toolbar: DAP Bar – {62999427–33FC–4baf–9C9C–BCE6BD127F08} – C:\Program Files\DAP\DAPIEBar.dll
O3 – Toolbar: MSN Toolbar – {BDAD1DAD–C946–4A17–ADC1–64B5B4FF55D0} – C:\Program Files\MSN Toolbar\01.01.1601.0\pl–pl\msntb.dll
O4 – HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 – HKLM\..\Run: [nwiz] nwiz.exe /install
O4 – HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 – HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 – HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 – HKCU\..\Run: [Gadu–Gadu] "C:\Program Files\Gadu–Gadu\gg.exe" /tray
O8 – Extra context menu item: &Download with &DAP – C:\PROGRA~1\DAP\dapextie.htm
O8 – Extra context menu item: Download &all with DAP – C:\PROGRA~1\DAP\dapextie2.htm
O8 – Extra context menu item: E&ksport do programu Microsoft Excel – res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 – Extra button: Run DAP – {669695BC–A811–4A9D–8CDF–BA8C795F261C} – C:\PROGRA~1\DAP\DAP.EXE
O9 – Extra button: Related – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:\WINDOWS\web\related.htm
O9 – Extra 'Tools' menuitem: Show &Related Links – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:\WINDOWS\web\related.htm
O9 – Extra button: eBay – Homepage – {EF79EAC5–3452–4E02–B8BD–BA4C89F1AC7A} – C:\Program Files\IrfanView\Ebay\Ebay.htm
O9 – Extra button: Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – C:\Program Files\Messenger\MSMSGS.EXE
O9 – Extra 'Tools' menuitem: Windows Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – C:\Program Files\Messenger\MSMSGS.EXE
O12 – Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 – DPF: komentator – http://sport.onet.pl/komentator.cab
O16 – DPF: {00B71CFB–6864–4346–A978–C0A14556272C} (Checkers Class) – http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 – DPF: {15AD4789–CDB4–47E1–A9DA–992EE8E6BAD6} – http://public.windupdates.com/get_file.php?bt=ie&p=d9ca5207915d1a49660bba9fd9113004513ccee94c28f56a62f97731f78df97339ddf39bf85e115badcadecd16a1889f49 1dfe85387c09c644dad2ab5c37f91a2971:2eea47193509b137ed6cce1a0b4583a4
O16 – DPF: {771A1334–6B08–4A6B–AEDC–CF994BA2CEBE} (Installer Class) – http://www.ysbweb.com/ist/softwares/v4.0/ysb_regular.cab
O16 – DPF: {8E0D4DE5–3180–4024–A327–4DFAD1796A8D} (MessengerStatsClient Class) – http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 – DPF: {B38870E4–7ECB–40DA–8C6A–595F0A5519FF} (MsnMessengerSetupDownloadControl Class) – http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O18 – Filter: text/html – {1B9B2265–BF8B–4F6F–9AB9–7FAB9A416F65} – C:\WINDOWS\System32\akam.dll
O18 – Filter: text/plain – {1B9B2265–BF8B–4F6F–9AB9–7FAB9A416F65} – C:\WINDOWS\System32\akam.dll
O23 – Service: AVG7 Alert Manager Server (Avg7Alrt) – GRISOFT, s.r.o. – C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 – Service: AVG7 Update Service (Avg7UpdSvc) – GRISOFT, s.r.o. – C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 – Service: C–DillaCdaC11BA – Macrovision – C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 – Service: LexBce Server (LexBceS) – Lexmark International, Inc. – C:\WINDOWS\system32\LEXBCES.EXE
O23 – Service: NVIDIA Driver Helper Service (NVSvc) – NVIDIA Corporation – C:\WINDOWS\System32\nvsvc32.exe
Logfile of HijackThis v1.99.1
Scan saved at 12:01:42, on 2005–03–19
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Gadu–Gadu\gg.exe
C:\PROGRA~1\DAP\DAP.EXE
C:\Program Files\Winamp\winamp.exe
C:\Programy\totalcmd\totalcmd.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\HijackThis.exe
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\KAMILR~1\USTAWI~1\Temp\se.dll/spage.html
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\KAMILR~1\USTAWI~1\Temp\se.dll/spage.html
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 – HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 – HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 – BHO: DAPHelper Class – {0000CC75–ACF3–4cac–A0A9–DD3868E06852} – C:\Program Files\DAP\DAPBHO.dll
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 – BHO: (no name) – {A19118D2–3919–4F0F–987A–BF3C866A5277} – C:\WINDOWS\System32\akam.dll
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:\WINDOWS\System32\msdxm.ocx
O3 – Toolbar: DAP Bar – {62999427–33FC–4baf–9C9C–BCE6BD127F08} – C:\Program Files\DAP\DAPIEBar.dll
O3 – Toolbar: MSN Toolbar – {BDAD1DAD–C946–4A17–ADC1–64B5B4FF55D0} – C:\Program Files\MSN Toolbar\01.01.1601.0\pl–pl\msntb.dll
O4 – HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 – HKLM\..\Run: [nwiz] nwiz.exe /install
O4 – HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 – HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 – HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 – HKCU\..\Run: [Gadu–Gadu] "C:\Program Files\Gadu–Gadu\gg.exe" /tray
O8 – Extra context menu item: &Download with &DAP – C:\PROGRA~1\DAP\dapextie.htm
O8 – Extra context menu item: Download &all with DAP – C:\PROGRA~1\DAP\dapextie2.htm
O8 – Extra context menu item: E&ksport do programu Microsoft Excel – res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 – Extra button: Run DAP – {669695BC–A811–4A9D–8CDF–BA8C795F261C} – C:\PROGRA~1\DAP\DAP.EXE
O9 – Extra button: Related – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:\WINDOWS\web\related.htm
O9 – Extra 'Tools' menuitem: Show &Related Links – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:\WINDOWS\web\related.htm
O9 – Extra button: eBay – Homepage – {EF79EAC5–3452–4E02–B8BD–BA4C89F1AC7A} – C:\Program Files\IrfanView\Ebay\Ebay.htm
O9 – Extra button: Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – C:\Program Files\Messenger\MSMSGS.EXE
O9 – Extra 'Tools' menuitem: Windows Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – C:\Program Files\Messenger\MSMSGS.EXE
O12 – Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 – DPF: komentator – http://sport.onet.pl/komentator.cab
O16 – DPF: {00B71CFB–6864–4346–A978–C0A14556272C} (Checkers Class) – http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 – DPF: {15AD4789–CDB4–47E1–A9DA–992EE8E6BAD6} – http://public.windupdates.com/get_file.php?bt=ie&p=d9ca5207915d1a49660bba9fd9113004513ccee94c28f56a62f97731f78df97339ddf39bf85e115badcadecd16a1889f49 1dfe85387c09c644dad2ab5c37f91a2971:2eea47193509b137ed6cce1a0b4583a4
O16 – DPF: {771A1334–6B08–4A6B–AEDC–CF994BA2CEBE} (Installer Class) – http://www.ysbweb.com/ist/softwares/v4.0/ysb_regular.cab
O16 – DPF: {8E0D4DE5–3180–4024–A327–4DFAD1796A8D} (MessengerStatsClient Class) – http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 – DPF: {B38870E4–7ECB–40DA–8C6A–595F0A5519FF} (MsnMessengerSetupDownloadControl Class) – http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O18 – Filter: text/html – {1B9B2265–BF8B–4F6F–9AB9–7FAB9A416F65} – C:\WINDOWS\System32\akam.dll
O18 – Filter: text/plain – {1B9B2265–BF8B–4F6F–9AB9–7FAB9A416F65} – C:\WINDOWS\System32\akam.dll
O23 – Service: AVG7 Alert Manager Server (Avg7Alrt) – GRISOFT, s.r.o. – C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 – Service: AVG7 Update Service (Avg7UpdSvc) – GRISOFT, s.r.o. – C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 – Service: C–DillaCdaC11BA – Macrovision – C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 – Service: LexBce Server (LexBceS) – Lexmark International, Inc. – C:\WINDOWS\system32\LEXBCES.EXE
O23 – Service: NVIDIA Driver Helper Service (NVSvc) – NVIDIA Corporation – C:\WINDOWS\System32\nvsvc32.exe
Odpowiedzi: 6
Pewnie Temp nie oprozniony
Ok juź w porządku :) widocznie trzeba było kilka razy to pousuwać, aź w końcu się złamał ;) Dziękuję. :)
Niestety po usunięciu dalej pojawia się ten sam problem, tzn. przy włączaniu przeglądarki uruchamia się strona "search for" i pojawia się "błąd podczas ładowania pliku se.dll" :/:/
zaznaczasz "ptaszek" koło tych wpisów i klikasz fix na dole :D
PZDR
PZDR
Przepraszam moźe za zbyt banalne pytanie :) ale jak mam to usunąć :)??
Usuwasz:
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\KAMILR~1\USTAWI~1\Temp\se.dll/spage.html
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\KAMILR~1\USTAWI~1\Temp\se.dll/spage.html
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 – HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 – HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 – BHO: (no name) – {A19118D2–3919–4F0F–987A–BF3C866A5277} – C:\WINDOWS\System32\akam.dll
O9 – Extra button: Related – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:\WINDOWS\web\related.htm
O9 – Extra 'Tools' menuitem: Show &Related Links – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:\WINDOWS\web\related.htm
O9 – Extra button: eBay – Homepage – {EF79EAC5–3452–4E02–B8BD–BA4C89F1AC7A} – C:\Program Files\IrfanView\Ebay\Ebay.htm
O16 – DPF: {15AD4789–CDB4–47E1–A9DA–992EE8E6BAD6} – http://public.windupdates.com/get_file.php?bt=ie&p=d9ca5207915d1a49660bba9fd9113004513ccee94c28f56a62f97731f78df97339ddf39bf85e115badcadecd16a1889f49 1dfe85387c09c644dad2ab5c37f91a2971:2eea47193509b137ed6cce1a0b4583a4
O16 – DPF: {771A1334–6B08–4A6B–AEDC–CF994BA2CEBE} (Installer Class) – http://www.ysbweb.com/ist/softwares/v4.0/ysb_regular.cab
O18 – Filter: text/html – {1B9B2265–BF8B–4F6F–9AB9–7FAB9A416F65} – C:\WINDOWS\System32\akam.dll
O18 – Filter: text/plain – {1B9B2265–BF8B–4F6F–9AB9–7FAB9A416F65} – C:\WINDOWS\System32\akam.dll
Strona 1 / 1