[Rozwiazany]Wirus ? Logi z hijackthis

30 lipca 2007

1. C:WINDOWSSYSTEMKERNEL32.DLL
2. C:WINDOWSSYSTEMMSGSRV32.EXE

3. C:WINDOWSSYSTEMMPREXE.EXE

4. C:WINDOWSSYSTEMMSTASK.EXE

5. C:WINDOWSSYSTEMmmtask.tsk

6. C:WINDOWSSYSTEMKB918547KB918547.EXE

7. C:WINDOWSSYSTEMKB891711KB891711.EXE

8. C:PROGRAM FILESALWIL SOFTWAREAVAST4ASHSERV.EXE

9. C:WINDOWSEXPLORER.EXE

10. C:WINDOWSSYSTEMRPCSS.EXE

11. C:PROGRAM FILESALWIL SOFTWAREAVAST4ASHWEBSV.EXE

12. C:PROGRAM FILESMYWEBSEARCHBAR1.BINMWSOEMON.EXE

13. C:WINDOWSSYSTEMCTFMON.EXE

14. C:WINDOWSSYSTEMDDHELP.EXE

15. C:PROGRAM FILESMOZILLA FIREFOXFIREFOX.EXE

16. C:WINDOWSPULPITMOJEHIJACKTHISHIJACKTHIS.EXE

17.

18. R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.google.pl/

19. R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://www.google.pl/

20. R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.google.pl/

21. R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyServer = Click.Import._Download.Import.___:1

22. R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza

23. R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:PROGRAM FILESMYWEBSEARCHSRCHASTT1.BINMWSSRCAS.DLL

24. O1 - Hosts: 194.175.164.1 plgdno01

25. O1 - Hosts: 194.175.164.161 rtr #rnd router

26. O1 - Hosts: 194.175.164.167 plpc167

27. O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre1.5.0_09binssv.dll

28. O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:PROGRAM FILESADOBEACROBAT 6.0 CEREADERACTIVEXACROIEHELPER.DLL

29. O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:PROGRAM FILESMYWEBSEARCHBAR1.BINMWSBAR.DLL

30. O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:PROGRAM FILESMYWEBSEARCHSRCHASTT1.BINMWSSRCAS.DLL

31. O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:WINDOWSSYSTEMMSDXM.OCX

32. O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:PROGRAM FILESMYWEBSEARCHBAR1.BINMWSBAR.DLL

33. O4 - HKLM..Run: [avast! Web Scanner] C:PROGRA~1ALWILS~1AVAST4ASHWEBSV.EXE

34. O4 - HKLM..Run: [DAEMON Tools-1033] "C:Program FilesD-Toolsdaemon.exe" -lang 1033

35. O4 - HKLM..Run: [My Web Search Bar] rundll32 C:PROGRA~1MYWEBS~1BAR1.BINMWSBAR.DLL,S

36. O4 - HKLM..Run: [MyWebSearch Email Plugin] C:PROGRA~1MYWEBS~1BAR1.BINMWSOEMON.EXE

37. O4 - HKLM..RunServices: [schedulingAgent] mstask.exe

38. O4 - HKLM..RunServices: [KB918547] C:WINDOWSSYSTEMKB918547KB918547.EXE

39. O4 - HKLM..RunServices: [KB891711] C:WINDOWSSYSTEMKB891711KB891711.EXE

40. O4 - HKLM..RunServices: [avast!] C:Program FilesAlwil SoftwareAvast4ashServ.exe

41. O4 - HKCU..Run: [Gadu-Gadu] "C:PROGRAM FILESGADU-GADUGG.EXE" /tray

42. O4 - HKCU..Run: [ctfmon.exe] ctfmon.exe

43. O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:PROGRA~1MICROS~1OFFICE10EXCEL.EXE/3000

44. O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...html?p=ZJFOX000

45. O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:WINDOWSwebrelated.htm

46. O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:WINDOWSwebrelated.htm

47. O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:PROGRAM FILESJAVAJRE1.5.0_09BINSSV.DLL

48. O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:PROGRAM FILESJAVAJRE1.5.0_09BINSSV.DLL

49. O16 - DPF: {A8739816-022C-11D6-A85D-00C04F9AEAFB} (Web Camera Server Control) - http://200.72.68.149:18000/wg_webeye.cab

30 lipca 2007

Twoje?

24. O1 - Hosts: 194.175.164.1 plgdno01
25. O1 - Hosts: 194.175.164.161 rtr #rnd router

26. O1 - Hosts: 194.175.164.167 plpc167

Syf:

22. R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
23. R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:PROGRAM FILESMYWEBSEARCHSRCHASTT1.BINMWSSRCAS.DLL

29. O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:PROGRAM FILESMYWEBSEARCHBAR1.BINMWSBAR.DLL

30. O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:PROGRAM FILESMYWEBSEARCHSRCHASTT1.BINMWSSRCAS.DLL

32. O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:PROGRAM FILESMYWEBSEARCHBAR1.BINMWSBAR.DLL

35. O4 - HKLM..Run: [My Web Search Bar] rundll32 C:PROGRA~1MYWEBS~1BAR1.BINMWSBAR.DLL,S

37. O4 - HKLM..RunServices: [schedulingAgent] mstask.exe

42. O4 - HKCU..Run: [ctfmon.exe] ctfmon.exe

44. O8 - Extra context menu item: &Search - http://edits.mywebsearch....html?p=ZJFOX000

45. O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:WINDOWSwebrelated.htm

46. O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:WINDOWSwebrelated.htm

49. O16 - DPF: {A8739816-022C-11D6-A85D-00C04F9AEAFB} (Web Camera Server Control) - http://200.72.68.149:18000/wg_webeye.cab

Zablokuj porty programami WWDC i Seconfig XP

Użyj: http://stopwirusom.pl/index.php?option=com...47&Itemid=4

Dajesz nowy log + log z ComboFix.

30 lipca 2007

Logfile of HijackThis v1.99.1
Scan saved at 14:38:09, on 07-07-30

Platform: Windows 98 SE (Win9x 4.10.2222A)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:

C:WINDOWSSYSTEMKERNEL32.DLL

C:WINDOWSSYSTEMMSGSRV32.EXE

C:WINDOWSSYSTEMMPREXE.EXE

C:WINDOWSSYSTEMKB918547KB918547.EXE

C:WINDOWSSYSTEMKB891711KB891711.EXE

C:PROGRAM FILESALWIL SOFTWAREAVAST4ASHSERV.EXE

C:WINDOWSSYSTEMmmtask.tsk

C:WINDOWSEXPLORER.EXE

C:WINDOWSSYSTEMRPCSS.EXE

C:PROGRAM FILESALWIL SOFTWAREAVAST4ASHWEBSV.EXE

C:WINDOWSSYSTEMDDHELP.EXE

C:WINDOWSSYSTEMPSTORES.EXE

C:PROGRAM FILESALWIL SOFTWAREAVAST4ASHQUICK.EXE

C:PROGRAM FILESGADU-GADUGG.EXE

C:WINDOWSSYSTEMRNAAPP.EXE

C:WINDOWSSYSTEMTAPISRV.EXE

C:PROGRAM FILESMOZILLA FIREFOXFIREFOX.EXE

C:WINDOWSPULPITMOJEHIJACKTHISHIJACKTHIS.EXE

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.google.pl/

R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://www.google.pl/

R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.google.pl/

R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyServer = Click.Import._Download.Import.___:1

O1 - Hosts: 194.175.164.1 plgdno01

[ Dodano: 2007-07-30, 15:48 ]

Problem rozwiązany, dziękuję catchme za pomoc ^^

30 lipca 2007

Nie ma sprawy.

Zaloguj się

[Rozwiazany]Wirus ? Logi z hijackthis

Jakub317

CatchMe

Jakub317

CatchMe

Strona główna

Powiadomienie o plikach cookie