Złapałem trojana – POMOCY
NIE MOGĘ SOBIE Z TYM PORADZIĆ, PROSZE O POMOC.
Logfile of HijackThis v1.99.1
Scan saved at 12:49:10, on 05–12–23
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS.000\SYSTEM\KERNEL32.DLL
C:\WINDOWS.000\SYSTEM\MSGSRV32.EXE
C:\WINDOWS.000\SYSTEM\SPOOL32.EXE
C:\WINDOWS.000\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\COMMON FILES\SYSTEM\MOSEARCH\BIN\MOSEARCH.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\VS7DEBUG\MDM.EXE
C:\WINDOWS.000\SYSTEM\MSTASK.EXE
C:\WINDOWS.000\SYSTEM\KERNELS64.EXE
C:\WINDOWS.000\EXPLORER.EXE
C:\WINDOWS.000\SYSTEM\VXH8JKDQ2.EXE
C:\WINDOWS.000\SYSTEM\PSTORES.EXE
C:\WINDOWS.000\SYSTEM\TAPISRV.EXE
C:\WINDOWS.000\SYSTEM\RNAAPP.EXE
C:\WINDOWS.000\SYSTEM\WINOA386.MOD
C:\WINDOWS.000\INET20001\SERVICES.EXE
C:\WINDOWS.000\TASKMON.EXE
C:\WINDOWS.000\SYSTEM\SYSTRAY.EXE
C:\WINDOWS.000\SYSTEM\REGSVR32.EXE
C:\PROGRAM FILES\AXIS COMMUNICATIONS\PRINT SYSTEM\TRAYICON.EXE
C:\PROGRAM FILES\ZAMAAN'S SOFTWARE\BROWSER HIJACK RETALIATOR 4.1\BHR4.1.EXE
C:\WINDOWS.000\RunDLL.exe
C:\WINDOWS.000\SYSTEM\CTFMON.EXE
C:\WINSTALL.EXE
C:\WINDOWS.000\SYSTEM\WMIEXE.EXE
C:\WINDOWS.000\TEMP\SAVAGENT.EXE
C:\PROGRAM FILES\SOPHOS SWEEP\ICMON.EXE
C:\WINDOWS.000\TEMP\ICSUPP95.EXE
C:\PROGRAM FILES\COMMON FILES\SYSTEM\MOSEARCH\BIN\MOSDMN.EXE
D:\ROZ\OD WIS\HIJACKTHIS.EXE
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mos.gov.pl/
R1 – HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 172.16.1.14:6588
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
F1 – win.ini: run=C:\WINDOWS.000\INET20001\SERVICES.EXE
O2 – BHO: (no name) – {53707962–6F74–2D53–2644–206D7942484F} – C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O2 – BHO: (no name) – {B75F75B8–93F3–429D–FF34–660B206D897A} – C:\WINDOWS.000\SYSTEM\ZOLKER011.DLL
O2 – BHO: (no name) – {5321E378–FFAD–4999–8C62–03CA8155F0B3} – (no file)
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:\WINDOWS.000\SYSTEM\MSDXM.OCX
O4 – HKLM\..\Run: [ScanRegistry] C:\WINDOWS.000\scanregw.exe /autorun
O4 – HKLM\..\Run: [TaskMonitor] C:\WINDOWS.000\taskmon.exe
O4 – HKLM\..\Run: [SystemTray] SysTray.Exe
O4 – HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 – HKLM\..\Run: [InterCheckMonitor] "C:\PROGRAM FILES\SOPHOS SWEEP\ICMON.EXE" –minimised
O4 – HKLM\..\Run: [AXIS Print System TrayIcon] C:\Program Files\Axis Communications\Print System\TrayIcon.exe
O4 – HKLM\..\Run: [AXIS Printer Driver Scanner] C:\Program Files\Axis Communications\Print System\DriverScanner.exe
O4 – HKLM\..\Run: [System] C:\WINDOWS.000\SYSTEM\kernels64.exe
O4 – HKLM\..\Run: [BHR4.1] C:\PROGRAM FILES\ZAMAAN'S SOFTWARE\BROWSER HIJACK RETALIATOR 4.1\BHR4.1.exe
O4 – HKLM\..\Run: [xp_system] C:\WINDOWS.000\INET20001\SERVICES.EXE
O4 – HKLM\..\Run: [SAVAgent] C:\WINDOWS.000\TEMP\SAVAgent.exe –POOL=3600
O4 – HKLM\..\Run: [Sweep95] "C:\Program Files\Sophos SWEEP\SETUP.EXE"
O4 – HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 – HKLM\..\RunServices: [MOSearch] C:\PROGRA~1\COMMON~1\SYSTEM\MOSEARCH\BIN\MOSEARCH.EXE
O4 – HKLM\..\RunServices: [MDM7] "C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\VS7DEBUG\MDM.EXE"
O4 – HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 – HKLM\..\RunServices: [SystemTools] C:\WINDOWS.000\SYSTEM\kernels64.exe
O4 – HKLM\..\RunServices: [Shell] Explorer.exe C:\WINDOWS.000\SYSTEM\kernels64.exe
O4 – HKLM\..\RunServices: [Sweep95] C:\Program Files\Sophos SWEEP\ICLOAD95.EXE
O4 – HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 – HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 – HKCU\..\Run: [xp_system] C:\WINDOWS.000\INET20001\SERVICES.EXE
O4 – HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 – Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 – Extra context menu item: E&ksport do programu Microsoft Excel – res://C:\PROGRA~1\MICROS~1\OFFICE10\EXCEL.EXE/3000
O9 – Extra button: Related – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:\WINDOWS.000\web\related.htm
O9 – Extra 'Tools' menuitem: Show &Related Links – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:\WINDOWS.000\web\related.htm
O12 – Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O17 – HKLM\System\CCS\Services\VxD\MSTCP: Domain = boat.luw
O17 – HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 172.16.1.1
Logfile of HijackThis v1.99.1
Scan saved at 12:49:10, on 05–12–23
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS.000\SYSTEM\KERNEL32.DLL
C:\WINDOWS.000\SYSTEM\MSGSRV32.EXE
C:\WINDOWS.000\SYSTEM\SPOOL32.EXE
C:\WINDOWS.000\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\COMMON FILES\SYSTEM\MOSEARCH\BIN\MOSEARCH.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\VS7DEBUG\MDM.EXE
C:\WINDOWS.000\SYSTEM\MSTASK.EXE
C:\WINDOWS.000\SYSTEM\KERNELS64.EXE
C:\WINDOWS.000\EXPLORER.EXE
C:\WINDOWS.000\SYSTEM\VXH8JKDQ2.EXE
C:\WINDOWS.000\SYSTEM\PSTORES.EXE
C:\WINDOWS.000\SYSTEM\TAPISRV.EXE
C:\WINDOWS.000\SYSTEM\RNAAPP.EXE
C:\WINDOWS.000\SYSTEM\WINOA386.MOD
C:\WINDOWS.000\INET20001\SERVICES.EXE
C:\WINDOWS.000\TASKMON.EXE
C:\WINDOWS.000\SYSTEM\SYSTRAY.EXE
C:\WINDOWS.000\SYSTEM\REGSVR32.EXE
C:\PROGRAM FILES\AXIS COMMUNICATIONS\PRINT SYSTEM\TRAYICON.EXE
C:\PROGRAM FILES\ZAMAAN'S SOFTWARE\BROWSER HIJACK RETALIATOR 4.1\BHR4.1.EXE
C:\WINDOWS.000\RunDLL.exe
C:\WINDOWS.000\SYSTEM\CTFMON.EXE
C:\WINSTALL.EXE
C:\WINDOWS.000\SYSTEM\WMIEXE.EXE
C:\WINDOWS.000\TEMP\SAVAGENT.EXE
C:\PROGRAM FILES\SOPHOS SWEEP\ICMON.EXE
C:\WINDOWS.000\TEMP\ICSUPP95.EXE
C:\PROGRAM FILES\COMMON FILES\SYSTEM\MOSEARCH\BIN\MOSDMN.EXE
D:\ROZ\OD WIS\HIJACKTHIS.EXE
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mos.gov.pl/
R1 – HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 172.16.1.14:6588
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
F1 – win.ini: run=C:\WINDOWS.000\INET20001\SERVICES.EXE
O2 – BHO: (no name) – {53707962–6F74–2D53–2644–206D7942484F} – C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O2 – BHO: (no name) – {B75F75B8–93F3–429D–FF34–660B206D897A} – C:\WINDOWS.000\SYSTEM\ZOLKER011.DLL
O2 – BHO: (no name) – {5321E378–FFAD–4999–8C62–03CA8155F0B3} – (no file)
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:\WINDOWS.000\SYSTEM\MSDXM.OCX
O4 – HKLM\..\Run: [ScanRegistry] C:\WINDOWS.000\scanregw.exe /autorun
O4 – HKLM\..\Run: [TaskMonitor] C:\WINDOWS.000\taskmon.exe
O4 – HKLM\..\Run: [SystemTray] SysTray.Exe
O4 – HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 – HKLM\..\Run: [InterCheckMonitor] "C:\PROGRAM FILES\SOPHOS SWEEP\ICMON.EXE" –minimised
O4 – HKLM\..\Run: [AXIS Print System TrayIcon] C:\Program Files\Axis Communications\Print System\TrayIcon.exe
O4 – HKLM\..\Run: [AXIS Printer Driver Scanner] C:\Program Files\Axis Communications\Print System\DriverScanner.exe
O4 – HKLM\..\Run: [System] C:\WINDOWS.000\SYSTEM\kernels64.exe
O4 – HKLM\..\Run: [BHR4.1] C:\PROGRAM FILES\ZAMAAN'S SOFTWARE\BROWSER HIJACK RETALIATOR 4.1\BHR4.1.exe
O4 – HKLM\..\Run: [xp_system] C:\WINDOWS.000\INET20001\SERVICES.EXE
O4 – HKLM\..\Run: [SAVAgent] C:\WINDOWS.000\TEMP\SAVAgent.exe –POOL=3600
O4 – HKLM\..\Run: [Sweep95] "C:\Program Files\Sophos SWEEP\SETUP.EXE"
O4 – HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 – HKLM\..\RunServices: [MOSearch] C:\PROGRA~1\COMMON~1\SYSTEM\MOSEARCH\BIN\MOSEARCH.EXE
O4 – HKLM\..\RunServices: [MDM7] "C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\VS7DEBUG\MDM.EXE"
O4 – HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 – HKLM\..\RunServices: [SystemTools] C:\WINDOWS.000\SYSTEM\kernels64.exe
O4 – HKLM\..\RunServices: [Shell] Explorer.exe C:\WINDOWS.000\SYSTEM\kernels64.exe
O4 – HKLM\..\RunServices: [Sweep95] C:\Program Files\Sophos SWEEP\ICLOAD95.EXE
O4 – HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 – HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 – HKCU\..\Run: [xp_system] C:\WINDOWS.000\INET20001\SERVICES.EXE
O4 – HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 – Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 – Extra context menu item: E&ksport do programu Microsoft Excel – res://C:\PROGRA~1\MICROS~1\OFFICE10\EXCEL.EXE/3000
O9 – Extra button: Related – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:\WINDOWS.000\web\related.htm
O9 – Extra 'Tools' menuitem: Show &Related Links – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:\WINDOWS.000\web\related.htm
O12 – Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O17 – HKLM\System\CCS\Services\VxD\MSTCP: Domain = boat.luw
O17 – HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 172.16.1.1
Odpowiedzi: 6
[quote="EL NINO"]
HJT i mos.gov to mi się łapa omsknęła
A teraz idę szukać taśmy klejącej i głowy
Peter_l:
Browser Hijack Retaliator
Description: Complete protection for all default page URL's of IE for Current User and All Users. Enhanced Internet Explorer Favorites protection. Real time protection for BHO's (Browser Helper Objects). Hosts file Editor with Hosts file Hijack Recovery. Startup Programs Manager . Browser Restore. Cookie and Cache deletion etc.
MOSEARCH.EXE – Description:
mosearch.exe is a process that belongs the Fast Search utility used by Microsoft Office.
MOSDMN.EXE – to samo
HIJACKTHIS.EXE – nawet nie komentuje
http://www.mos.gov.pl/ – strona MInisterstwa środowiskaDziabnij sie w glowe, bo z tego co widac, nie jest Ci potrzebna.Dziabnij to
HJT i mos.gov to mi się łapa omsknęła
A teraz idę szukać taśmy klejącej i głowy
Kiedy Ty to sobie do serca wezmiesz ?A ja proponuje abyś sprawdzał dokładnie jeźeli juź to robisz.
BHR4.1.EXE – Browser Hijack Retaliator
Description: Complete protection for all default page URL's of IE for Current User and All Users. Enhanced Internet Explorer Favorites protection. Real time protection for BHO's (Browser Helper Objects). Hosts file Editor with Hosts file Hijack Recovery. Startup Programs Manager . Browser Restore. Cookie and Cache deletion etc.
MOSEARCH.EXE – Description:
mosearch.exe is a process that belongs the Fast Search utility used by Microsoft Office.
MOSDMN.EXE – to samo
HIJACKTHIS.EXE – nawet nie komentuje
http://www.mos.gov.pl/ – strona MInisterstwa środowiska
Dziabnij sie w glowe, bo z tego co widac, nie jest Ci potrzebna.Dziabnij to
WESOŁYCH ŚWIĄT :D
Nawzajem :]
DZIĘKI – JESTEŚCIE WIELCY.
JUŻ MAM SPOKOJNE ŚWIĘTA
WESOŁYCH ŚWIĄT :D
JUŻ MAM SPOKOJNE ŚWIĘTA
WESOŁYCH ŚWIĄT :D
Proponuje abys usun:
A ja proponuje abyś sprawdzał dokładnie jeźeli juź to robisz.
C:\PROGRAM FILES\COMMON FILES\SYSTEM\MOSEARCH\BIN\MOSEARCH.EXE
C:\WINDOWS.000\SYSTEM\KERNELS64.EXE
C:\WINDOWS.000\SYSTEM\VXH8JKDQ2.EXE
C:\WINDOWS.000\SYSTEM\WINOA386.MOD
C:\WINDOWS.000\INET20001\SERVICES.EXE
C:\WINSTALL.EXE
C:\PROGRAM FILES\ZAMAAN'S SOFTWARE\BROWSER HIJACK RETALIATOR 4.1\BHR4.1.EXE
C:\WINDOWS.000\TEMP\ICSUPP95.EXE
C:\PROGRAM FILES\COMMON FILES\SYSTEM\MOSEARCH\BIN\MOSDMN.EXE
D:\ROZ\OD WIS\HIJACKTHIS.EXE
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mos.gov.pl/
F1 – win.ini: run=C:\WINDOWS.000\INET20001\SERVICES.EXE
O2 – BHO: (no name) – {5321E378–FFAD–4999–8C62–03CA8155F0B3} – (no file)
O4 – HKLM\..\Run: [System] C:\WINDOWS.000\SYSTEM\kernels64.exe
O4 – HKLM\..\Run: [xp_system] C:\WINDOWS.000\INET20001\SERVICES.EXE
O4 – HKLM\..\RunServices: [MOSearch] C:\PROGRA~1\COMMON~1\SYSTEM\MOSEARCH\BIN\MOSEARCH.EXE
O4 – HKLM\..\RunServices: [SystemTools] C:\WINDOWS.000\SYSTEM\kernels64.exe
O4 – HKLM\..\Run: [BHR4.1] C:\PROGRAM FILES\ZAMAAN'S SOFTWARE\BROWSER HIJACK RETALIATOR 4.1\BHR4.1.exe
O4 – HKLM\..\RunServices: [Shell] Explorer.exe C:\WINDOWS.000\SYSTEM\kernels64.exe
O4 – HKCU\..\Run: [xp_system] C:\WINDOWS.000\INET20001\SERVICES.EXE
O4 – HKCU\..\Run: [Windows installer] C:\winstall.exe
Dziabnij to
Proponuje abys usun:
C:\WINSTALL.EXE
O4 – HKCU\..\Run: [Windows installer] C:\winstall.exe
C:\PROGRAM FILES\COMMON FILES\SYSTEM\MOSEARCH\BIN\MOSEARCH.EXE
O2 – BHO: (no name) – {5321E378–FFAD–4999–8C62–03CA8155F0B3} – (no file)
O4 – HKLM\..\Run: [xp_system] C:\WINDOWS.000\INET20001\SERVICES.EXE
O4 – HKCU\..\Run: [xp_system] C:\WINDOWS.000\INET20001\SERVICES.EXE
O4 – HKLM\..\RunServices: [MOSearch] C:\PROGRA~1\COMMON~1\SYSTEM\MOSEARCH\BIN\MOSEARCH.EXE
O2 – BHO: (no name) – {B75F75B8–93F3–429D–FF34–660B206D897A} – C:\WINDOWS.000\SYSTEM\ZOLKER011.DL
Strona 1 / 1