help!! Trojan StartPage

help!! Trojan StartPage

Kaip man ji isvalyti?

Ad-aware SpyBot search and destroy Ir be abejo HijackThis. HijackThis logą postini čia.

HijackThis negaliu- nera winzip, winrar ir nieko panasaus is kur gaut nezinau. Gal koki linka imesi? S&D nieko nepakeite. Adware negaliu parsisiusti, nezinia kodel.

Kokia OS? …

Na winrar tai nesunku rasti. i google ivesk: winrar downlodad. Turetum nesunkiai rast gamintojo puslapi.

XP

bandysiu Šypsena

rarlabs.com

ftp://ftp.download.com/pub/win95/utilities/aawsepersonal.exe

Logfile of HijackThis v1.99.0 Scan saved at 09:51:23, on 2005.02.01 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon .exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\ Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Norton AntiVirus
avapsvc.exe C:\WINDOWS\system32
vsvc32.exe C:\Program Files\Norton AntiVirus\SAVScan.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\svchost.exe C:\Prog ram Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe C:\Program Files\Analog Devices\SoundMAX\Smax4.exe C:\Documents and Settings\user\Application Data\sgrunt\IE4321.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\ RUNDLL32.EXE C:\Program Files\Messenger\msmsgs.exe C:\Program Files\FinePixViewer\QuickDCF.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\BulletProofSoft.com\BPS Spyware & Adware Remover\spyrem.exe C:\Program Files\BulletProofSoft.com\BPS Spyware & Adware Remover\HiJack.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\WinRAR\WinRAR.exe C:\DOCUME~1\user\LOCALS~1\Temp\Rar$EX00.546\H ijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\user\LOCALS~1\Temp\sp.dll/sp.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\user\LOCALS~1\Temp\sp.dll/sp.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank O2 - BHO: (no name) - {4BA02079-D373-4852-A1E6-C1ED2CF03F19} - C:\WINDOWS\system32\eepc.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1 ools\iesdsg.dll (file missing) O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O4 - HKLM…\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe O4 - HKLM…\Run: [SoundMAX] “C:\Program Files\Analog Devices\SoundMAX\Smax4.exe” /tray O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM…\Run: [nwiz] nwiz.exe /install O4 - HKLM…\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM…\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN O4 - HKLM…\Run: [Olympic] C:\Documents and Settings\user\Application Data\sgrunt\IE4321.exe O4 - HKLM…\Run: [ccApp] “C:\Program Files\Common Files\Symantec Shared\ccApp.exe” O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit O4 - HKCU…\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background O4 - HKCU…\Run: [Spyware Vanisher] C:\spywarevanisher-free\FreeScanner.exe -FastScan O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\program files\bulletproofsoft.com\bps spyware & adware remover\apptoport.dll O10 - Unknown file in Winsock LSP: c:\program files\bulletproofsoft.com\bps spyware & adware remover\apptoport.dll O10 - Unknown file in Winsock LSP: c:\program files\bulletproofsoft.com\bps spyware & adware remover\apptoport.dll O10 - Unknown file in Winsock LSP: c:\program files\bulletproofsoft.com\bps spyware & adware remover\apptoport.dll O10 - Unknown file in Winsock LSP: c:\program files\bulletproofsoft.com\bps spyware & adware remover\apptoport.dll O10 - Unknown file in Winsock LSP: c:\program files\bulletproofsoft.com\bps spyware & adware remover\apptoport.dll O10 - Unknown file in Winsock LSP: c:\program files\bulletproofsoft.com\bps spyware & adware remover\apptoport.dll O10 - Unknown file in Winsock LSP: c:\program files\bulletproofsoft.com\bps spyware & adware remover\apptoport.dll O10 - Unknown file in Winsock LSP: c:\program files\bulletproofsoft.com\bps spyware & adware remover\apptoport.dll O10 - Unknown file in Winsock LSP: c:\program files\bulletproofsoft.com\bps spyware & adware remover\apptoport.dll O10 - Unknown file in Winsock LSP: c:\program files\bulletproofsoft.com\bps spyware & adware remover\apptoport.dll O10 - Unknown file in Winsock LSP: c:\program files\bulletproofsoft.com\bps spyware & adware remover\apptoport.dll O10 - Unknown file in Winsock LSP: c:\program files\bulletproofsoft.com\bps spyware & adware remover\apptoport.dll O10 - Unknown file in Winsock LSP: c:\program files\bulletproofsoft.com\bps spyware & adware remover\apptoport.dll O10 - Unknown file in Winsock LSP: c:\program files\bulletproofsoft.com\bps spyware & adware remover\apptoport.dll O10 - Unknown file in Winsock LSP: c:\program files\bulletproofsoft.com\bps spyware & adware remover\apptoport.dll O15 - Trusted Zone: master69.biz O15 - Trusted Zone: sgrunt.biz O15 - Trusted Zone: yeak.net O16 - DPF: {FFFF0003-0001-101A-A3C9-08002B2F49FB} - sgrunt.biz/closer/close.exe O18 - Filter: text/html - {1835D107-54A1-4DB8-B0B9-961EBF07E9D8} - C:\WINDOWS\system32\eepc.dll O18 - Filter: text/plain - {1835D107-54A1-4DB8-B0B9-961EBF07E9D8} - C:\WINDOWS\system32\eepc.dll O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - C:\Program Files\Norton AntiVirus
avapsvc.exe O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: SoundMAX Agent Service - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe Ar sita reikejo ideti? Drovus

Taip. Ištrink tai ką palikau: R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\user\LOCALS~1\Temp\sp.dll/sp.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\user\LOCALS~1\Temp\sp.dll/sp.html O2 - BHO: (no name) - {4BA02079-D373-4852-A1E6-C1ED2CF03F19} - C:\WINDOWS\system32\eepc.dll O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1 ools\iesdsg.dll (file missing) O4 - HKLM…\Run: [Olympic] C:\Documents and Settings\user\Application Data\sgrunt\IE4321.exe O4 - HKCU…\Run: [Spyware Vanisher] C:\spywarevanisher-free\FreeScanner.exe -FastScan O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe O15 - Trusted Zone: master69.biz O15 - Trusted Zone: sgrunt.biz O15 - Trusted Zone: yeak.net O16 - DPF: {FFFF0003-0001-101A-A3C9-08002B2F49FB} - sgrunt.biz/closer/close.exe O18 - Filter: text/html - {1835D107-54A1-4DB8-B0B9-961EBF07E9D8} - C:\WINDOWS\system32\eepc.dll O18 - Filter: text/plain - {1835D107-54A1-4DB8-B0B9-961EBF07E9D8} - C:\WINDOWS\system32\eepc.dll

Ir kas dabar? Suinstaliavau adware, jis ten nuskanavo, istryne, bet vistiek man mate tuos kazkokius puslapius… Liūdnas

Kaip suprasti išsireiškimą “bet vistiek man mate tuos kazkokius puslapius…” ? Su HijackThis išvalei tuos brūdus kuriuos parašiau? Restartuok kompą, žiūrėk kas toliau bus.

tai po ištrynimo tikiuosi pakeitei start page IE? o be to, tai pas tave kaip matau yra BPS spywaru remuveris, tai kam tau dar Adaware? BPS susitvarko nie kiek ne blogiau, jei ne geriau, negu adaware.

Perkroviau kompa, dabar laukiu rezultatu ŠypsenaO kaip pakeisti start page IE? DrovusPas mane siaip mozilla narsykle ar nera skirtumo?

moziloj home page keičias per edit>preferences>nevigator ir ten rasi kur užsidet, arba padaryk kad startuotu su blank page. keista, kad trojanas i mozila ilindo. nedažnas atvejis. Nekaltas

Lyg ir ramu ŠypsenaAciu Jums visiems Šypsena Gėlė