Złapałem trojana - pomocy
Pyrokar - 23 Gru 2005 14:14
Nie umiem sobie z tym poradzić:Logfile of HijackThis v1.99.1
Scan saved at 12:49:10, on 05-12-23
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS.000\SYSTEM\KERNEL32.DLL
C:\WINDOWS.000\SYSTEM\MSGSRV32.EXE
C:\WINDOWS.000\SYSTEM\SPOOL32.EXE
C:\WINDOWS.000\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\COMMON FILES\SYSTEM\MOSEARCH\BIN\MOSEARCH.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\VS7DEBUG\MDM.EXE
C:\WINDOWS.000\SYSTEM\MSTASK.EXE
C:\WINDOWS.000\SYSTEM\KERNELS64.EXE
C:\WINDOWS.000\EXPLORER.EXE
C:\WINDOWS.000\SYSTEM\VXH8JKDQ2.EXE
C:\WINDOWS.000\SYSTEM\PSTORES.EXE
C:\WINDOWS.000\SYSTEM\TAPISRV.EXE
C:\WINDOWS.000\SYSTEM\RNAAPP.EXE
C:\WINDOWS.000\SYSTEM\WINOA386.MOD
C:\WINDOWS.000\INET20001\SERVICES.EXE
C:\WINDOWS.000\TASKMON.EXE
C:\WINDOWS.000\SYSTEM\SYSTRAY.EXE
C:\WINDOWS.000\SYSTEM\REGSVR32.EXE
C:\PROGRAM FILES\AXIS COMMUNICATIONS\PRINT SYSTEM\TRAYICON.EXE
C:\PROGRAM FILES\ZAMAAN'S SOFTWARE\BROWSER HIJACK RETALIATOR 4.1\BHR4.1.EXE
C:\WINDOWS.000\RunDLL.exe
C:\WINDOWS.000\SYSTEM\CTFMON.EXE
C:\WINSTALL.EXE
C:\WINDOWS.000\SYSTEM\WMIEXE.EXE
C:\WINDOWS.000\TEMP\SAVAGENT.EXE
C:\PROGRAM FILES\SOPHOS SWEEP\ICMON.EXE
C:\WINDOWS.000\TEMP\ICSUPP95.EXE
C:\PROGRAM FILES\COMMON FILES\SYSTEM\MOSEARCH\BIN\MOSDMN.EXE
D:\ROZ\OD WIS\HIJACKTHIS.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mos.gov.pl/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 172.16.1.14:6588
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
F1 - win.ini: run=C:\WINDOWS.000\INET20001\SERVICES.EXE
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: (no name) - {B75F75B8-93F3-429D-FF34-660B206D897A} - C:\WINDOWS.000\SYSTEM\ZOLKER011.DLL
O2 - BHO: (no name) - {5321E378-FFAD-4999-8C62-03CA8155F0B3} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS.000\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS.000\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS.000\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [InterCheckMonitor] "C:\PROGRAM FILES\SOPHOS SWEEP\ICMON.EXE" -minimised
O4 - HKLM\..\Run: [AXIS Print System TrayIcon] C:\Program Files\Axis Communications\Print System\TrayIcon.exe
O4 - HKLM\..\Run: [AXIS Printer Driver Scanner] C:\Program Files\Axis Communications\Print System\DriverScanner.exe
O4 - HKLM\..\Run: [System] C:\WINDOWS.000\SYSTEM\kernels64.exe
O4 - HKLM\..\Run: [BHR4.1] C:\PROGRAM FILES\ZAMAAN'S SOFTWARE\BROWSER HIJACK RETALIATOR 4.1\BHR4.1.exe
O4 - HKLM\..\Run: [xp_system] C:\WINDOWS.000\INET20001\SERVICES.EXE
O4 - HKLM\..\Run: [SAVAgent] C:\WINDOWS.000\TEMP\SAVAgent.exe -POOL=3600
O4 - HKLM\..\Run: [Sweep95] "C:\Program Files\Sophos SWEEP\SETUP.EXE"
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [MOSearch] C:\PROGRA~1\COMMON~1\SYSTEM\MOSEARCH\BIN\MOSEARCH.EXE
O4 - HKLM\..\RunServices: [MDM7] "C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\VS7DEBUG\MDM.EXE"
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SystemTools] C:\WINDOWS.000\SYSTEM\kernels64.exe
O4 - HKLM\..\RunServices: [Shell] Explorer.exe C:\WINDOWS.000\SYSTEM\kernels64.exe
O4 - HKLM\..\RunServices: [Sweep95] C:\Program Files\Sophos SWEEP\ICLOAD95.EXE
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [xp_system] C:\WINDOWS.000\INET20001\SERVICES.EXE
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE10\EXCEL.EXE/3000
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS.000\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS.000\web\related.htm
O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = boat.luw
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 172.16.1.1
Pomocy!
Wesołych Świąt, bo moje troche są zatrute
Kolobos - 23 Gru 2005 14:28
alt+ctrl+del i zakoncz:
C:\PROGRAM FILES\COMMON FILES\SYSTEM\MOSEARCH\BIN\MOSEARCH.EXE
C:\WINDOWS.000\SYSTEM\KERNELS64.EXE
C:\WINDOWS.000\SYSTEM\VXH8JKDQ2.EXE
C:\WINSTALL.EXE
C:\WINDOWS.000\TEMP\ICSUPP95.EXE
C:\PROGRAM FILES\COMMON FILES\SYSTEM\MOSEARCH\BIN\MOSDMN.EXE
Pliki usun z dysku.
W hijackthis usun:
F1 - win.ini: run=C:\WINDOWS.000\INET20001\SERVICES.EXE
O2 - BHO: (no name) - {B75F75B8-93F3-429D-FF34-660B206D897A} - C:\WINDOWS.000\SYSTEM\ZOLKER011.DLL <- usun plik
O2 - BHO: (no name) - {5321E378-FFAD-4999-8C62-03CA8155F0B3} - (no file)
O4 - HKLM\..\Run: [System] C:\WINDOWS.000\SYSTEM\kernels64.exe
O4 - HKLM\..\Run: [xp_system] C:\WINDOWS.000\INET20001\SERVICES.EXE
O4 - HKLM\..\RunServices: [MOSearch] C:\PROGRA~1\COMMON~1\SYSTEM\MOSEARCH\BIN\MOSEARCH.EXE <- usun katalog MOSEARCH
O4 - HKLM\..\RunServices: [SystemTools] C:\WINDOWS.000\SYSTEM\kernels64.exe
O4 - HKLM\..\RunServices: [Shell] Explorer.exe C:\WINDOWS.000\SYSTEM\kernels64.exe <- usun plik
O4 - HKLM\..\RunServices: [Sweep95] C:\Program Files\Sophos SWEEP\ICLOAD95.EXE
O4 - HKCU\..\Run: [xp_system] C:\WINDOWS.000\INET20001\SERVICES.EXE <- usun katalog inet20001 z dysku
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe <- usun plik z dysku
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS.000\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS.000\web\related.htm
Pyrokar - 23 Gru 2005 16:18
DZIĘKI - JESTESCIE WIELCY.
JUZ MAM SPOKOJNE ŚWIETA