win32:startpage–006
avast czesto wykrywa u mnie wirusa win32:startpage–006 który oczywiscie zmienia mi strone startowa na inna. wirus pojawia się prawie za kaźdym razem gdy łączę się z internetem. mimo źe to usuwam to i tak to wraca. w jaki sposób pozbyć się tego badziewia raz na dobre. czy wystarczy dobry firewalle. obecnie korzystam z systemowego (sp2), dawniej miałam zone alarm, to nie miałam z tym problemów.
Odpowiedzi: 5
magdaa:
mam usunąc te wszystkie kody? te z NewDotNet tez? uninstalatora mam McAfee. mam usunąc to wszystko zarówno przy pomocy hijacka i uninstalatora?
McAfee to AntyVirus :wink:
Wiec po kolei
Usun z dysku:
G:Program FilesMyWay
lbbho.dll
Oproznij Temp z Ustawien Lokalnych
Fix checked przy tych wpisach ktore wymienilem
Pozniej http://www.new.net/support/uninstall6_38.exe
mam usunąc te wszystkie kody? te z NewDotNet tez? uninstalatora mam McAfee. mam usunąc to wszystko zarówno przy pomocy hijacka i uninstalatora?
Wylacz przywracanie
Usun z dysku i z loga pliki/katalogi + FIX:
NewDotNet:
Poszukaj na forum linka do uninstallatora
Usun z dysku i z loga pliki/katalogi + FIX:
R1 – HKCUSoftwareMicrosoftInternet Explorer,SearchURL = http://countere.com/?a=2&b=hc
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = file://G:DOCUME~1MagdaUSTAWI~1Tempsp.html
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = file://G:DOCUME~1MagdaUSTAWI~1Tempsp.html
R0 – HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.interia.pl/
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://0cj.net/cat
R1 – HKCUSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = file://G:DOCUME~1MagdaUSTAWI~1Tempsp.html
R1 – HKCUSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch = http://0cj.net/srchasst.html
R1 – HKLMSoftwareMicrosoftInternet Explorer,SearchURL = http://countere.com/?a=2&b=hc
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Search Bar = file://G:DOCUME~1MagdaUSTAWI~1Tempsp.html
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = file://G:DOCUME~1MagdaUSTAWI~1Tempsp.html
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://0cj.net/cat
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://0cj.net/cat
R0 – HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch = http://0cj.net/srchasst.html
R0 – HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = file://G:DOCUME~1MagdaUSTAWI~1Tempsp.html
R1 – HKCUSoftwareMicrosoftInternet ExplorerSearchURL,(Default) = http://0cj.net/cat
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,HomeOldSP = about:blank
R1 – HKLMSoftwareMicrosoftInternet ExplorerSearch,(Default) = http://0cj.net/srchasst.html
O2 – BHO: (no name) – {0494D0D1–F8E0–41ad–92A3–14154ECE70AC} – G:Program FilesMyWaymyBar1.binMYBAR.DLL
O2 – BHO: (no name) – {55A98CF9–5078–434E–AB0A–F6BE7873F850} – G:WINDOWSsystem32ijo.dll (file missing)
O2 – BHO: G:WINDOWSlbbho.dll – {6EFB89F4–06D4–4355–A4D6–8693E579C0E7} – G:WINDOWSlbbho.dll
02 – BHO: (no name) – {CBB2E5D0–B2AE–4295–B1A4–5472874395D0} – (no file)
O3 – Toolbar: &SearchBar – {0494D0D9–F8E0–41ad–92A3–14154ECE70AC} – G:Program FilesMyWaymyBar1.binMYBAR.DLL
NewDotNet:
O4 – HKLM..Run: [New.net Startup] rundll32 G:PROGRA~1NEWDOT~1NEWDOT~1.DLL,NewDotNetStartup –s
O10 – Hijacked Internet access by New.Net
O10 – Hijacked Internet access by New.Net
O10 – Hijacked Internet access by New.Net
O10 – Hijacked Internet access by New.Net
Poszukaj na forum linka do uninstallatora
Logfile of HijackThis v1.97.7
Scan saved at 22:25:24, on 2004–12–03
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
G:WINDOWSSystem32smss.exe
G:WINDOWSsystem32winlogon.exe
G:WINDOWSsystem32services.exe
G:WINDOWSsystem32lsass.exe
G:WINDOWSSystem32Ati2evxx.exe
G:WINDOWSsystem32svchost.exe
G:WINDOWSSystem32svchost.exe
G:WINDOWSsystem32Ati2evxx.exe
G:WINDOWSExplorer.EXE
G:WINDOWSsystem32spoolsv.exe
G:WINDOWSsystem32 undll32.exe
G:PROGRA~1AVASTA~1ashDisp.exe
G:Program FilesAvast AntivirusaswUpdSv.exe
G:Program FilesAvast AntivirusashServ.exe
G:WINDOWSSystem32inetsrvinetinfo.exe
G:Program FilesInternet ExplorerIEXPLORE.EXE
G:Program FilesAvast AntivirusashMaiSv.exe
G:Program FilesGadu–Gadugg.exe
G:Program FilesKazaa Lite Rewolucjakazaalite.kpp
G:downoaded filesHijackThis.exe
R1 – HKCUSoftwareMicrosoftInternet Explorer,SearchURL = http://countere.com/?a=2&b=hc
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = file://G:DOCUME~1MagdaUSTAWI~1Tempsp.html
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = file://G:DOCUME~1MagdaUSTAWI~1Tempsp.html
R0 – HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.interia.pl/
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://0cj.net/cat
R1 – HKCUSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = file://G:DOCUME~1MagdaUSTAWI~1Tempsp.html
R1 – HKCUSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch = http://0cj.net/srchasst.html
R1 – HKLMSoftwareMicrosoftInternet Explorer,SearchURL = http://countere.com/?a=2&b=hc
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Search Bar = file://G:DOCUME~1MagdaUSTAWI~1Tempsp.html
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = file://G:DOCUME~1MagdaUSTAWI~1Tempsp.html
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://0cj.net/cat
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://0cj.net/cat
R0 – HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch = http://0cj.net/srchasst.html
R0 – HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = file://G:DOCUME~1MagdaUSTAWI~1Tempsp.html
R1 – HKCUSoftwareMicrosoftInternet ExplorerSearchURL,(Default) = http://0cj.net/cat
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,HomeOldSP = about:blank
R0 – HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
R1 – HKLMSoftwareMicrosoftInternet ExplorerSearch,(Default) = http://0cj.net/srchasst.html
O2 – BHO: (no name) – {0494D0D1–F8E0–41ad–92A3–14154ECE70AC} – G:Program FilesMyWaymyBar1.binMYBAR.DLL
O2 – BHO: (no name) – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – G:Program FilesAdobeAcrobat 6.0 CEReaderActiveXAcroIEHelper.dll
O2 – BHO: (no name) – {53707962–6F74–2D53–2644–206D7942484F} – G:PROGRA~1SPYBOT~1SDHelper.dll
O2 – BHO: (no name) – {55A98CF9–5078–434E–AB0A–F6BE7873F850} – G:WINDOWSsystem32ijo.dll (file missing)
O2 – BHO: G:WINDOWSlbbho.dll – {6EFB89F4–06D4–4355–A4D6–8693E579C0E7} – G:WINDOWSlbbho.dll
O2 – BHO: (no name) – {A5366673–E8CA–11D3–9CD9–0090271D075B} – G:Program FilesFlashGetjccatch.dll
O2 – BHO: (no name) – {CBB2E5D0–B2AE–4295–B1A4–5472874395D0} – (no file)
O3 – Toolbar: &SearchBar – {0494D0D9–F8E0–41ad–92A3–14154ECE70AC} – G:Program FilesMyWaymyBar1.binMYBAR.DLL
O3 – Toolbar: FlashGet Bar – {E0E899AB–F487–11D5–8D29–0050BA6940E3} – G:PROGRA~1FlashGetfgiebar.dll
O3 – Toolbar: IE Toolbar – {C44158E1–6121–2432–ABE6–FD53D6534CCB} – G:Program FilesMSN Assistantmsr.dll
O4 – HKLM..Run: [New.net Startup] rundll32 G:PROGRA~1NEWDOT~1NEWDOT~1.DLL,NewDotNetStartup –s
O4 – HKLM..Run: [avast!] G:PROGRA~1AVASTA~1ashDisp.exe
O4 – HKCU..Run: [Gadu–Gadu] "G:Program FilesGadu–Gadugg.exe" /tray
O8 – Extra context menu item: Download All by FlashGet – G:Program FilesFlashGetjc_all.htm
O8 – Extra context menu item: Download using FlashGet – G:Program FilesFlashGetjc_link.htm
O8 – Extra context menu item: E&ksport do programu Microsoft Excel – res://G:OFFICEOffice10EXCEL.EXE/3000
O9 – Extra button: FlashGet (HKLM)
O9 – Extra 'Tools' menuitem: &FlashGet (HKLM)
O9 – Extra button: Messenger (HKLM)
O9 – Extra 'Tools' menuitem: Windows Messenger (HKLM)
O10 – Hijacked Internet access by New.Net
O10 – Hijacked Internet access by New.Net
O10 – Hijacked Internet access by New.Net
O10 – Hijacked Internet access by New.Net
O10 – Hijacked Internet access by New.Net
O16 – DPF: {9F1C11AA–197B–4942–BA54–47A8489BB47F} – http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38212.3159490741
O16 – DPF: {D27CDB6E–AE6D–11CF–96B8–444553540000} (Shockwave Flash Object) – http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 – HKLMSystemCCSServicesTcpip..{9DD2A254–F1D8–4A67–9192–9318E98DE0D3}: NameServer = 217.30.137.200 217.30.129.149
Scan saved at 22:25:24, on 2004–12–03
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
G:WINDOWSSystem32smss.exe
G:WINDOWSsystem32winlogon.exe
G:WINDOWSsystem32services.exe
G:WINDOWSsystem32lsass.exe
G:WINDOWSSystem32Ati2evxx.exe
G:WINDOWSsystem32svchost.exe
G:WINDOWSSystem32svchost.exe
G:WINDOWSsystem32Ati2evxx.exe
G:WINDOWSExplorer.EXE
G:WINDOWSsystem32spoolsv.exe
G:WINDOWSsystem32 undll32.exe
G:PROGRA~1AVASTA~1ashDisp.exe
G:Program FilesAvast AntivirusaswUpdSv.exe
G:Program FilesAvast AntivirusashServ.exe
G:WINDOWSSystem32inetsrvinetinfo.exe
G:Program FilesInternet ExplorerIEXPLORE.EXE
G:Program FilesAvast AntivirusashMaiSv.exe
G:Program FilesGadu–Gadugg.exe
G:Program FilesKazaa Lite Rewolucjakazaalite.kpp
G:downoaded filesHijackThis.exe
R1 – HKCUSoftwareMicrosoftInternet Explorer,SearchURL = http://countere.com/?a=2&b=hc
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = file://G:DOCUME~1MagdaUSTAWI~1Tempsp.html
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = file://G:DOCUME~1MagdaUSTAWI~1Tempsp.html
R0 – HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.interia.pl/
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://0cj.net/cat
R1 – HKCUSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = file://G:DOCUME~1MagdaUSTAWI~1Tempsp.html
R1 – HKCUSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch = http://0cj.net/srchasst.html
R1 – HKLMSoftwareMicrosoftInternet Explorer,SearchURL = http://countere.com/?a=2&b=hc
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Search Bar = file://G:DOCUME~1MagdaUSTAWI~1Tempsp.html
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = file://G:DOCUME~1MagdaUSTAWI~1Tempsp.html
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://0cj.net/cat
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://0cj.net/cat
R0 – HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch = http://0cj.net/srchasst.html
R0 – HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = file://G:DOCUME~1MagdaUSTAWI~1Tempsp.html
R1 – HKCUSoftwareMicrosoftInternet ExplorerSearchURL,(Default) = http://0cj.net/cat
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,HomeOldSP = about:blank
R0 – HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
R1 – HKLMSoftwareMicrosoftInternet ExplorerSearch,(Default) = http://0cj.net/srchasst.html
O2 – BHO: (no name) – {0494D0D1–F8E0–41ad–92A3–14154ECE70AC} – G:Program FilesMyWaymyBar1.binMYBAR.DLL
O2 – BHO: (no name) – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – G:Program FilesAdobeAcrobat 6.0 CEReaderActiveXAcroIEHelper.dll
O2 – BHO: (no name) – {53707962–6F74–2D53–2644–206D7942484F} – G:PROGRA~1SPYBOT~1SDHelper.dll
O2 – BHO: (no name) – {55A98CF9–5078–434E–AB0A–F6BE7873F850} – G:WINDOWSsystem32ijo.dll (file missing)
O2 – BHO: G:WINDOWSlbbho.dll – {6EFB89F4–06D4–4355–A4D6–8693E579C0E7} – G:WINDOWSlbbho.dll
O2 – BHO: (no name) – {A5366673–E8CA–11D3–9CD9–0090271D075B} – G:Program FilesFlashGetjccatch.dll
O2 – BHO: (no name) – {CBB2E5D0–B2AE–4295–B1A4–5472874395D0} – (no file)
O3 – Toolbar: &SearchBar – {0494D0D9–F8E0–41ad–92A3–14154ECE70AC} – G:Program FilesMyWaymyBar1.binMYBAR.DLL
O3 – Toolbar: FlashGet Bar – {E0E899AB–F487–11D5–8D29–0050BA6940E3} – G:PROGRA~1FlashGetfgiebar.dll
O3 – Toolbar: IE Toolbar – {C44158E1–6121–2432–ABE6–FD53D6534CCB} – G:Program FilesMSN Assistantmsr.dll
O4 – HKLM..Run: [New.net Startup] rundll32 G:PROGRA~1NEWDOT~1NEWDOT~1.DLL,NewDotNetStartup –s
O4 – HKLM..Run: [avast!] G:PROGRA~1AVASTA~1ashDisp.exe
O4 – HKCU..Run: [Gadu–Gadu] "G:Program FilesGadu–Gadugg.exe" /tray
O8 – Extra context menu item: Download All by FlashGet – G:Program FilesFlashGetjc_all.htm
O8 – Extra context menu item: Download using FlashGet – G:Program FilesFlashGetjc_link.htm
O8 – Extra context menu item: E&ksport do programu Microsoft Excel – res://G:OFFICEOffice10EXCEL.EXE/3000
O9 – Extra button: FlashGet (HKLM)
O9 – Extra 'Tools' menuitem: &FlashGet (HKLM)
O9 – Extra button: Messenger (HKLM)
O9 – Extra 'Tools' menuitem: Windows Messenger (HKLM)
O10 – Hijacked Internet access by New.Net
O10 – Hijacked Internet access by New.Net
O10 – Hijacked Internet access by New.Net
O10 – Hijacked Internet access by New.Net
O10 – Hijacked Internet access by New.Net
O16 – DPF: {9F1C11AA–197B–4942–BA54–47A8489BB47F} – http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38212.3159490741
O16 – DPF: {D27CDB6E–AE6D–11CF–96B8–444553540000} (Shockwave Flash Object) – http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 – HKLMSystemCCSServicesTcpip..{9DD2A254–F1D8–4A67–9192–9318E98DE0D3}: NameServer = 217.30.137.200 217.30.129.149
Wklej log z Hijacka
Wytropi sie i wywali go
Wytropi sie i wywali go
Strona 1 / 1