Problem z wirusem

IP: *.internetdsl.tpnet.pl 19.01.05, 16:45
Mam problem jak otwrieram przegladarke to pokazuje mi sie about:blank ale
otwiera sie strona SEARCH FOR... Skanowałem juz wszyskim CWShredder, Spyware
i nic ciagle to siedzie w przegladarce Prosze o pomoc
    • Gość: gosc Re: Problem z wirusem IP: *.sieci.ibrokers.pl / *.crowley.pl 19.01.05, 16:53
      Wklej lo z hijackthis
      • Gość: dimus Re: Problem z wirusem IP: *.internetdsl.tpnet.pl 20.01.05, 12:00
        Logfile of HijackThis v1.99.0
        Scan saved at 12:00:28, on 05-01-20
        Platform: Windows 98 SE (Win9x 4.10.2222A)
        MSIE: Internet Explorer v5.00 (5.00.2919.6304)

        Running processes:
        C:\WINDOWS\SYSTEM\KERNEL32.DLL
        C:\WINDOWS\SYSTEM\MSGSRV32.EXE
        C:\WINDOWS\SYSTEM\MPREXE.EXE
        C:\WINDOWS\SYSTEM\MSTASK.EXE
        C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
        C:\WINDOWS\SYSTEM\mmtask.tsk
        C:\WINDOWS\EXPLORER.EXE
        C:\WINDOWS\SYSTEM\INTERNAT.EXE
        C:\WINDOWS\TASKMON.EXE
        C:\WINDOWS\SYSTEM\SYSTRAY.EXE
        C:\WINDOWS\RUNDLL32.EXE
        C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
        C:\WINDOWS\TWAIN_32\A4S2600X\WA TCH.EXE
        C:\WINDOWS\SYSTEM\DDHELP.EXE
        C:\PROGRAM FILES\INTERMUTE\SPYSUBTRACT\SPY SUB.EXE
        C:\WINDOWS\SYSTEM\WMIEXE.EXE
        C:\WINDOWS\SYSTEM\PSTORES.EXE
        C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
        C:\PROGRAM FILES\POWERARCHIVER\POWERARC.EX E
        C:\WINDOWS\TEMP\HIJACKTHIS.EXE

        R1 - HKCU\Software\Microsoft\Interne t Explorer\Main,Search Page = about:blank
        R1 - HKLM\Software\Microsoft\Interne t Explorer\Main,Search Page = about:blank
        R1 - HKCU\Software\Microsoft\Interne t Explorer\Search,SearchAssistant =
        about:blank
        R0 - HKLM\Software\Microsoft\Interne t Explorer\Search,SearchAssistant =
        about:blank
        R1 - HKCU\Software\Microsoft\Interne t Explorer\Main,HomeOldSP = about:blank
        R1 - HKLM\Software\Microsoft\Interne t Explorer\Main,HomeOldSP = about:blank
        R0 - HKCU\Software\Microsoft\Interne t Explorer\Toolbar,LinksFolderNam e = Łącza
        O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B 084872} - C:\Program
        Files\Norton AntiVirus\NavShExt.dll
        O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D 6BE0B3} -
        C:\PROGRAM FILES\ADOBE\ACROBAT 6.0 CE\READER\ACTIVEX\ACROIEHELPER. DLL
        O2 - BHO: (no name) - {200CE561-6A34-11D9-87B4-00501E B516F4} -
        C:\WINDOWS\SYSTEM\FJIH.DLL
        O3 - Toolbar: @msdxmLC.dll,-1@1045,&Radio - {8E718888-423F-11D2-876E-
        00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
        O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF 00B1D6} -
        C:\Program Files\Norton AntiVirus\NavShExt.dll
        O4 - HKLM\..\Run: [internat.exe] internat.exe
        O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
        O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
        O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
        O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe
        powrprof.dll,LoadCurrentPwrSche me
        O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
        C:\WINDOWS\SYSTEM\NvCpl.dll,NvS tartup
        O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
        O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE
        C:\WINDOWS\SYSTEM\NvMcTray.dll, NvTaskbarInit
        O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec
        Shared\ccApp.exe"
        O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec
        Shared\ccRegVfy.exe"
        O4 - HKLM\..\Run: [MKS_MENU] C:\Program Files\MKS\Bin\mks_menu.exe
        O4 - HKLM\..\Run: [MKS_MON] C:\Program Files\MKS\Bin\mks_mon.exe
        O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe
        powrprof.dll,LoadCurrentPwrSche me
        O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
        O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec
        Shared\ccEvtMgr.exe"
        O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common
        Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
        O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
        Office\Office\OSA9.EXE
        O4 - Startup: Watch.lnk = C:\WINDOWS\TWAIN_32\A4S2600X\WA TCH.exe
        O4 - Startup: SpySubtract.lnk = C:\Program
        Files\interMute\SpySubtract\Spy Sub.exe
        O8 - Extra context menu item: Otwórz obraz w programie &Microsoft PhotoDraw -
        res://C:\PROGRA~1\MICROS~1\OFFI CE\1045\PHDINTL.DLL/phdContext. htm
        O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa00 3c157a} -
        C:\WINDOWS\web\related.htm
        O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-
        00aa003c157a} - C:\WINDOWS\web\related.htm
        O14 - IERESET.INF: START_PAGE_URL=www.microsoft.com/isapi/redir.dll?
        prd=ie&pver=5&ar=msnhome
        O14 - IERESET.INF: MS_START_PAGE_URL=www.eu.microsoft.com/poland/
        O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B 06BDE3} (CamImage Class) -
        192.168.1.13/activex/AxisCamControl.cab
        O17 - HKLM\System\CCS\Services\VxD\MS TCP: NameServer =
        194.204.159.1,194.204.152.34
        O18 - Filter: text/html - {200CE560-6A34-11D9-87B4-005071 F9B36F} -
        C:\WINDOWS\SYSTEM\FJIH.DLL
        O18 - Filter: text/plain - {200CE560-6A34-11D9-87B4-005071 F9B36F} -
        C:\WINDOWS\SYSTEM\FJIH.DLL

        • neder Re: Problem z wirusem 20.01.05, 12:45
          Jeśli chcesz wiedzieć jak zlikwidować "nie Twoją" stronę startową to masz linka

          www.searchengines.pl/phpbb203/index.php?showtopic=12510&st=0&#entry76262
          tam jest wszystko świetnie opisane w odpowiednim odnośniku.

          Natomiast jeśli nikt Ci nie podpowie z logiem to możesz pokusić się
          o "samodzielną" naukę (jeśli oczywiście masz czas i cierpliwość:))

          www.searchengines.pl/phpbb203/index.php?showtopic=15989&st=0&#entry72837
          Podpowiem Ci od razu, że szukaj w interpretacji R0 i R1 bo one powiedzą Ci coś
          nie coś o Twojej stronie startowej. Generalnie znajdziesz tam napisane, że
          jeśli nie są to strony ustawione przez Ciebie to to usuń w hijacku.
          Może ktoś powie Ci coś więcej a to wszystko co wiem ja:)pzdr
    • Gość: dimus Re: Problem z wirusem IP: *.internetdsl.tpnet.pl 20.01.05, 10:37
      **** Run Keys ****

      RUN: [internat.exe] internat.exe
      RUN: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
      RUN: [TaskMonitor] C:\WINDOWS\taskmon.exe
      RUN: [SystemTray] SysTray.Exe
      RUN: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrSche me
      RUN: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvCpl.dll,NvS tartup
      RUN: [nwiz] nwiz.exe /install
      RUN: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvMcTray.dll, NvTaskbarInit
      RUN: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
      RUN: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"


      **** Browser Helper Objects ****

      BHO: [CNavExtBho Class] C:\Program Files\Norton AntiVirus\NavShExt.dll
      BHO: [AcroIEHlprObj Class] C:\PROGRAM FILES\ADOBE\ACROBAT 6.0
      CE\READER\ACTIVEX\ACROIEHELPER. DLL
      BHO: [] C:\WINDOWS\SYSTEM\FJIH.DLL


      **** IE Toolbars ****

      TOOLBAR: [@msdxmLC.dll,-1@1045,&Radio] C:\WINDOWS\SYSTEM\MSDXM.OCX
      TOOLBAR: [Norton AntiVirus] C:\Program Files\Norton AntiVirus\NavShExt.dll


      **** IE Extensions ****

      IEExt: [@shdoclc.dll,-866@1045,Pokrewn e]


      **** Hosts File Entries ****



      **** IE Settings ****

      Default Page: www.eu.microsoft.com/poland/
      Default Search: www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
      Local Page: C:\WINDOWS\SYSTEM\blank.htm
      Search Bar:
      Search Page: about:blank


      **** IE Context Menu (Right click) ****

      IEContext: [Otwórz obraz w programie &Microsoft PhotoDraw] res://C:\PROGRA~1
      \MICROS~1\OFFICE\1045\PHDINTL.D LL/phdContext.htm


      **** Layered Service Providers ****

      LSP: MS.w95.spi.tcp
      LSP: MS.w95.spi.udp
      LSP: MS.w95.spi.rsvptcp
      LSP: MS.w95.spi.rsvpudp


      **** Blocked Control Panel Items ****

      BLOCKED: []


      **** Downloaded Program Files ****

      Microsoft XML Parser for Java [file://C:\WINDOWS\Java\classes\xmldso4.cab]
      DirectAnimation Java Classes [file://C:\WINDOWS\SYSTEM\dajava.cab]
      Internet Explorer Classes for Java [file://C:\WINDOWS\SYSTEM\iejava.cab]
      Internet Explorer Classes for Java [file://C:\WINDOWS\SYSTEM\iejava.cab]
      Internet Explorer Classes for Java [file://C:\WINDOWS\SYSTEM\iejava.cab]


      **** Windows Services ****



      **** Custom IE Search Items ****

      SEARCH: [SearchAssistant] about:blank
      SEARCH: [SearchAssistant] about:blank
      SEARCH: [CustomizeSearch] ie.search.msn.com/
      {SUB_RFC1766}/srchasst/srchcust .htm


      **** Complete IE Options ****

      IEOPT: [Anchor Underline] yes
      IEOPT: [Cache_Update_Frequency] Once_Per_Session
      IEOPT: [Display Inline Images] yes
      IEOPT: [Do404Search]
      IEOPT: [Local Page] C:\WINDOWS\SYSTEM\blank.htm
      IEOPT: [Save_Session_History_On_Exit] no
      IEOPT: [Show_FullURL] no
      IEOPT: [Show_StatusBar] yes
      IEOPT: [Show_ToolBar] yes
      IEOPT: [Show_URLinStatusBar] yes
      IEOPT: [Show_URLToolBar] yes
      IEOPT: [Start Page] about:blank
      IEOPT: [Use_DlgBox_Colors] yes
      IEOPT: [Search Page] about:blank
      IEOPT: [Show_ChannelBand] no
      IEOPT: [FullScreen] no
      IEOPT: [LastCheckedHi]
      IEOPT: [Window_Placement] ,
      IEOPT: [Use FormSuggest] no
      IEOPT: [Error Dlg Displayed On Every Error] no
      IEOPT: [Error Dlg Details Pane Open] no
      IEOPT: [NotifyDownloadComplete] no
      IEOPT: [Toolbars_Placement]
      IEOPT: [Search Bar]
      IEOPT: [Use Search Asst] no
      IEOPT: [Use Custom Search URL]
      IEOPT: [HOMEOldSP] about:blank
      IEOPT: [Default_Page_URL] www.eu.microsoft.com/poland/
      IEOPT: [Default_Search_URL] www.microsoft.com/isapi/redir.dll?
      prd=ie&ar=iesearch
      IEOPT: [Search Page] about:blank
      IEOPT: [Enable_Disk_Cache] yes
      IEOPT: [Cache_Percent_of_Disk]
      IEOPT: [Delete_Temp_Files_On_Exit] yes
      IEOPT: [Local Page] C:\WINDOWS\SYSTEM\blank.htm
      IEOPT: [Anchor_Visitation_Horizon]
      IEOPT: [Use_Async_DNS] yes
      IEOPT: [Placeholder_Width]
      IEOPT: [Placeholder_Height]
      IEOPT: [Start Page] about:blank
      IEOPT: [Custom_Key] MICROSO
      IEOPT: [CompanyName] Microsoft Corporation
      IEOPT: [Wizard_Version] 5.00.2919.6307
      IEOPT: [FullScreen] no
      IEOPT: [Search Bar]
      IEOPT: [Use Search Asst] no
      IEOPT: [Use Custom Search URL]
      IEOPT: [HOMEOldSP] about:blank
      • Gość: dimus Re: Problem z wirusem IP: *.internetdsl.tpnet.pl 20.01.05, 11:09
        i jeszcze jeden


        Ad-Aware SE Build 1.05
        Logfile Created on:20 stycznia 2005 11:08:46
        Created with Ad-Aware SE Personal, free for private use.
        Using definitions file:SE1R25 11.01.2005
        »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

        References detected during the scan:
        »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
        CoolWebSearch(TAC index:10):2 total references
        MRU List(TAC index:0):3 total references
        Possible Browser Hijack attempt(TAC index:3):2 total references
        »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

        Ad-Aware SE Settings
        ===========================
        Set : Search for negligible risk entries
        Set : Safe mode (always request confirmation)
        Set : Scan active processes
        Set : Scan registry
        Set : Deep-scan registry
        Set : Scan my IE Favorites for banned URLs
        Set : Scan my Hosts file

        Extended Ad-Aware SE Settings
        ===========================
        Set : Unload recognized processes & modules during scan
        Set : Scan registry for all users instead of current user only
        Set : Always try to unload modules before deletion
        Set : Let Windows remove files in use at next reboot
        Set : Delete quarantined objects after restoring
        Set : Include basic Ad-Aware settings in log file
        Set : Include additional Ad-Aware settings in log file
        Set : Include reference summary in log file
        Set : Include alternate data stream details in log file
        Set : Play sound at scan completion if scan locates critical objects


        05-01-20 11:08:46 - Scan started. (Full System Scan)

        MRU List Object Recognized!
        Location: : .DEFAULT\software\microsoft\internet explorer\typedurls
        Description : list of recently entered addresses in microsoft
        internet explorer


        MRU List Object Recognized!
        Location: : .DEFAULT\software\microsoft\internet explorer
        Description : last download directory used in microsoft internet
        explorer


        MRU List Object Recognized!
        Location: : software\microsoft\directdraw\mostrecentapplication
        Description : most recent application to use microsoft directdraw


        Listing running processes
        »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

        #:1 [KERNEL32.DLL]
        FilePath : C:\WINDOWS\SYSTEM\
        ProcessID : 4291768235
        Threads : 8
        Priority : High
        FileVersion : 4.10.2222
        ProductVersion : 4.10.2222
        ProductName : System operacyjny Microsoft(R) Windows(R)
        CompanyName : Microsoft Corporation
        FileDescription : Składnik jądra Win32
        InternalName : KERNEL32
        LegalCopyright : Copyright (C) Microsoft Corp. 1991-1999
        OriginalFilename : KERNEL32.DLL

        #:2 [MSGSRV32.EXE]
        FilePath : C:\WINDOWS\SYSTEM\
        ProcessID : 4294929527
        Threads : 1
        Priority : Normal
        FileVersion : 4.10.2222
        ProductVersion : 4.10.2222
        ProductName : System operacyjny Microsoft(R) Windows(R)
        CompanyName : Microsoft Corporation
        FileDescription : 32-bitowy Serwer wiadomości VxD systemu Windows
        InternalName : MSGSRV32
        LegalCopyright : Copyright (C) Microsoft Corp. 1992-1998
        OriginalFilename : MSGSRV32.EXE

        #:3 [MPREXE.EXE]
        FilePath : C:\WINDOWS\SYSTEM\
        ProcessID : 4294926599
        Threads : 2
        Priority : Normal
        FileVersion : 4.10.1998
        ProductVersion : 4.10.1998
        ProductName : Microsoft(R) Windows(R) Operating System
        CompanyName : Microsoft Corporation
        FileDescription : WIN32 Network Interface Service Process
        InternalName : MPREXE
        LegalCopyright : Copyright (C) Microsoft Corp. 1993-1998
        OriginalFilename : MPREXE.EXE

        #:4 [MSTASK.EXE]
        FilePath : C:\WINDOWS\SYSTEM\
        ProcessID : 4294838411
        Threads : 3
        Priority : Normal
        FileVersion : 4.71.1959.1
        ProductVersion : 4.71.1959.1
        ProductName : Microsoft® Windows® - Harmonogram zadań
        CompanyName : Microsoft Corporation
        FileDescription : Aparat Harmonogramu zadań
        InternalName : TaskScheduler
        LegalCopyright : Copyright (C) Microsoft Corp. 1997
        OriginalFilename : mstask.exe

        #:5 [CCEVTMGR.EXE]
        FilePath : C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\
        ProcessID : 4294851407
        Threads : 25
        Priority : Normal
        FileVersion : 1.03.4
        ProductVersion : 1.03.4
        ProductName : Event Manager
        CompanyName : Symantec Corporation
        FileDescription : Event Manager Service
        InternalName : ccEvtMgr
        LegalCopyright : Copyright (c) 2000-2002 Symantec Corporation. All
        rights reserved.
        OriginalFilename : ccEvtMgr.exe

        #:6 [mmtask.tsk]
        FilePath : C:\WINDOWS\SYSTEM\
        ProcessID : 4294857303
        Threads : 1
        Priority : Normal
        FileVersion : 4.03.1998
        ProductVersion : 4.03.1998
        ProductName : Microsoft Windows
        CompanyName : Microsoft Corporation
        FileDescription : Multimedia background task support module
        InternalName : mmtask.tsk
        LegalCopyright : Copyright © Microsoft Corp. 1991-1998
        OriginalFilename : mmtask.tsk

        #:7 [EXPLORER.EXE]
        FilePath : C:\WINDOWS\
        ProcessID : 4294885159
        Threads : 19
        Priority : Normal
        FileVersion : 4.72.3110.1
        ProductVersion : 4.72.3110.1
        ProductName : System operacyjny Microsoft(R) Windows NT(R)
        CompanyName : Microsoft Corporation
        FileDescription : Windows Explorer
        InternalName : explorer
        LegalCopyright : Copyright (C) Microsoft Corp. 1981-1997
        OriginalFilename : EXPLORER.EXE

        #:8 [INTERNAT.EXE]
        FilePath : C:\WINDOWS\SYSTEM\
        ProcessID : 4294792203
        Threads : 1
        Priority : Normal
        FileVersion : 4.10.2222
        ProductVersion : 4.10.2222
        ProductName : System operacyjny Microsoft(R) Windows(R)
        CompanyName : Microsoft Corporation
        FileDescription : Aplikacja wskaźnika klawiatury
        InternalName : INTERNAT
        LegalCopyright : Copyright (C) Microsoft Corp. 1998
        OriginalFilename : INTERNAT.EXE

        #:9 [TASKMON.EXE]
        FilePath : C:\WINDOWS\
        ProcessID : 4294801995
        Threads : 1
        Priority : Normal
        FileVersion : 4.10.1998
        ProductVersion : 4.10.1998
        ProductName : Microsoft(R) Windows(R) Operating System
        CompanyName : Microsoft Corporation
        FileDescription : Task Monitor
        InternalName : TaskMon
        LegalCopyright : Copyright (C) Mi
      • neder Re: Problem z wirusem 20.01.05, 11:20
        Ja się co prawda tak dobrze nie znam, ale to chyba nie chodziło o te logi...

        www.richardthelionhearted.com/~ merijn/downloads.html

        ściągnij to i zrób loga.
        pzdr
Pełna wersja