Problem z wirami:/

system · 20 Maj 2006 15:49

Witam, mam taki problem… za dużo wchodze na strony porno i mam taki problem:/ full wiusów jest na moim kompi;( proszę o sprawdzenie loga. mam wina 98, jako antywira uzywam avasta.

Logfile of HijackThis v1.99.1

Scan saved at 07:47:06, on 06-05-16

Platform: Windows 98 SE (Win9x 4.10.2222A)

MSIE: Internet Explorer v5.00 (5.00.2614.3500)


Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\WINDOWS\SYSTEM\MSTASK.EXE

C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE

C:\WINDOWS\SYSTEM\TERMCAPS.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\WINDOWS\EXPLORER.EXE

C:\WINDOWS\SYSTEM\INTERNAT.EXE

C:\WINDOWS\TASKMON.EXE

C:\WINDOWS\SYSTEM\SYSTRAY.EXE

C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHWEBSV.EXE

C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHMAISV.EXE

C:\WINDOWS\SYSTEM\RPCSS.EXE

C:\WINDOWS\SYSTEM\WMIEXE.EXE

C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE

C:\WINDOWS\SYSTEM\PSTORES.EXE

C:\WINDOWS\SYSTEM\DDHELP.EXE

C:\PROGRAM FILES\GADU-GADU\GG.EXE

C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE

C:\WINDOWS\PULPIT\HIJACKTHIS.EXE


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.eu.microsoft.com/poland/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O1 - Hosts: 127.0.0.5 makethemcry.com

O1 - Hosts: 127.0.0.5 loudcash.com

O1 - Hosts: 127.0.0.5 iframestat.com

O1 - Hosts: 127.0.0.5 toolbarpartner.com

O1 - Hosts: 127.0.0.5 hqcash.com

O1 - Hosts: 127.0.0.5 verybigcash.com

O1 - Hosts: 127.0.0.5 makethemcry.com

O1 - Hosts: 127.0.0.5 moviepartnership.com

O1 - Hosts: 127.0.0.5 callmachine.com

O1 - Hosts: 127.0.0.5 regcash.com

O1 - Hosts: 127.0.0.5 toolbarpartner.com

O1 - Hosts: 127.0.0.5 klikrevenue.com

O1 - Hosts: 127.0.0.5 p2dll.com

O1 - Hosts: 127.0.0.5 t73.com

O1 - Hosts: 127.0.0.5 www.makethemcry.com

O1 - Hosts: 127.0.0.5 www.loudcash.com

O1 - Hosts: 127.0.0.5 www.iframestat.com

O1 - Hosts: 127.0.0.5 www.toolbarpartner.com

O1 - Hosts: 127.0.0.5 www.hqcash.com

O1 - Hosts: 127.0.0.5 www.verybigcash.com

O1 - Hosts: 127.0.0.5 www.makethemcry.com

O1 - Hosts: 127.0.0.5 www.moviepartnership.com

O1 - Hosts: 127.0.0.5 www.callmachine.com

O1 - Hosts: 127.0.0.5 www.regcash.com

O1 - Hosts: 127.0.0.5 www.toolbarpartner.com

O1 - Hosts: 127.0.0.5 www.klikrevenue.com

O1 - Hosts: 127.0.0.5 www.p2dll.com

O1 - Hosts: 127.0.0.5 www.t73.com

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0 CE\READER\ACTIVEX\ACROIEHELPER.OCX

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX

O4 - HKLM\..\Run: [internat.exe] internat.exe

O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun

O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe

O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\Run: [Zasobnik systemowy] SysTray.Exe

O4 - HKLM\..\Run: [avast! Web Scanner] C:\PROGRA~1\ALWILS~1\AVAST4\ASHWEBSV.EXE

O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\AVAST4\ashmaisv.exe

O4 - HKLM\..\Run: [termcaps] C:\WINDOWS\SYSTEM\termcaps.exe

O4 - HKLM\..\RunServices: [SchedulingAgent] C:\WINDOWS\SYSTEM\mstask.exe

O4 - HKLM\..\RunServices: [avast!] C:\Program Files\Alwil Software\Avast4\ashServ.exe

O4 - HKLM\..\RunServices: [termcaps] C:\WINDOWS\SYSTEM\termcaps.exe

O4 - HKLM\..\RunOnce: [DelUs] C:\WINDOWS\TEMP\deldir.exe "C:\Program Files\AntiVir PersonalEdition Classic\"

O4 - HKCU\..\Run: [termcaps] C:\WINDOWS\SYSTEM\termcaps.exe

O4 - HKCU\..\RunServices: [termcaps] C:\WINDOWS\SYSTEM\termcaps.exe

O4 - Startup: 22M WLAN Adapter.lnk = C:\Program Files\22M WLAN Adapter\WLANMON.exe

O8 - Extra context menu item: Download by Free Download Manager - file://F:\Program Files\Free Download Manager\dllink.htm

O8 - Extra context menu item: Download web site by Free Download Manager - file://F:\Program Files\Free Download Manager\dlpage.htm

O8 - Extra context menu item: Download all by Free Download Manager - file://F:\Program Files\Free Download Manager\dlall.htm

O8 - Extra context menu item: Download selected by Free Download Manager - file://F:\Program Files\Free Download Manager\dlselected.htm

O14 - IERESET.INF: SEARCH_PAGE_URL=

O14 - IERESET.INF: START_PAGE_URL=

InfinityToJa · 20 Maj 2006 15:55

O1 - Hosts: 127.0.0.5 makethemcry.com O1 - Hosts: 127.0.0.5 loudcash.com O1 - Hosts: 127.0.0.5 iframestat.com O1 - Hosts: 127.0.0.5 toolbarpartner.com O1 - Hosts: 127.0.0.5 hqcash.com O1 - Hosts: 127.0.0.5 verybigcash.com O1 - Hosts: 127.0.0.5 makethemcry.com O1 - Hosts: 127.0.0.5 moviepartnership.com O1 - Hosts: 127.0.0.5 callmachine.com O1 - Hosts: 127.0.0.5 regcash.com O1 - Hosts: 127.0.0.5 toolbarpartner.com O1 - Hosts: 127.0.0.5 klikrevenue.com O1 - Hosts: 127.0.0.5 p2dll.com O1 - Hosts: 127.0.0.5 t73.com O1 - Hosts: 127.0.0.5 http://www.makethemcry.com O1 - Hosts: 127.0.0.5 http://www.loudcash.com O1 - Hosts: 127.0.0.5 http://www.iframestat.com O1 - Hosts: 127.0.0.5 http://www.toolbarpartner.com O1 - Hosts: 127.0.0.5 http://www.hqcash.com O1 - Hosts: 127.0.0.5 http://www.verybigcash.com O1 - Hosts: 127.0.0.5 http://www.makethemcry.com O1 - Hosts: 127.0.0.5 http://www.moviepartnership.com O1 - Hosts: 127.0.0.5 http://www.callmachine.com O1 - Hosts: 127.0.0.5 http://www.regcash.com O1 - Hosts: 127.0.0.5 http://www.toolbarpartner.com O1 - Hosts: 127.0.0.5 http://www.klikrevenue.com O1 - Hosts: 127.0.0.5 http://www.p2dll.com O1 - Hosts: 127.0.0.5 http://www.t73.com O4 - HKLM…\Run: [termcaps] C:\WINDOWS\SYSTEM\termcaps.exe O4 - HKLM…\RunServices: [termcaps] C:\WINDOWS\SYSTEM\termcaps.exe O4 - HKLM…\RunOnce: [DelUs] C:\WINDOWS\TEMP\deldir.exe “C:\Program Files\AntiVir PersonalEdition Classic” O4 - HKCU…\Run: [termcaps] C:\WINDOWS\SYSTEM\termcaps.exe O4 - HKCU…\RunServices: [termcaps] C:\WINDOWS\SYSTEM\termcaps.exe O14 - IERESET.INF: SEARCH_PAGE_URL= O14 - IERESET.INF: START_PAGE_URL=

1.Startujesz do trybu awaryjnego

2.Wyłanczasz przywracanie systemu (tylko Me/Xp)

3.Kasujesz wpisy w HijackThis

4.Kasujesz pogrubione pliki/foldery + opróżnij katalog TEMP

5.Dajesz nowy log z hjt + log z Silent Runners

Bieniol · 20 Maj 2006 16:17

Proponuje zaktualizować Internet Explorer do nowszej wersji

Wojtas_16 · 20 Maj 2006 17:03

A ja propnuje nie odwiedzać stron porno to nie będziesz miał takich problemów.

kuz5 · 20 Maj 2006 17:08

Heh, daj sobie spokój z takimi stronkami

Dokładnie

Jeżeli sam user nie zadba o swój system to nie pomoże mu tu żaden firewall, antywirus itd. one jedynie zmiejszaja prawdopodobieństwo infekcji (ale bez pomocy usera same sobie nie poradza te programy )

system · 23 Maj 2006 14:29

NO na strony porno juz nie bede wchodzil;p zal;atwilem plytke od kumplal;]

A wiec skasowalem to co napisaliscie i teraz zapodaje log:

Logfile of HijackThis v1.99.1

Scan saved at 06:27:58, on 06-05-17

Platform: Windows 98 SE (Win9x 4.10.2222A)

MSIE: Internet Explorer v5.00 (5.00.2614.3500)


Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\WINDOWS\EXPLORER.EXE

C:\WINDOWS\TASKMON.EXE

C:\WINDOWS\SYSTEM\SYSTRAY.EXE

C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHWEBSV.EXE

C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHMAISV.EXE

C:\SBPCI\CTMIX32.EXE

C:\PROGRAM FILES\22M WLAN ADAPTER\WLANMON.EXE

C:\WINDOWS\SYSTEM\RPCSS.EXE

C:\WINDOWS\SYSTEM\WMIEXE.EXE

C:\WINDOWS\SYSTEM\DDHELP.EXE

C:\WINDOWS\PULPIT\HIJACKTHIS.EXE


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.eu.microsoft.com/poland/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0 CE\READER\ACTIVEX\ACROIEHELPER.OCX

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX

O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun

O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe

O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\Run: [Zasobnik systemowy] SysTray.Exe

O4 - HKLM\..\Run: [avast! Web Scanner] C:\PROGRA~1\ALWILS~1\AVAST4\ASHWEBSV.EXE

O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\AVAST4\ashmaisv.exe

O4 - HKLM\..\Run: [CreativeMixer] C:\SBPCI\ctmix32.exe /T

O4 - HKLM\..\RunServices: [avast!] C:\Program Files\Alwil Software\Avast4\ashServ.exe

O4 - Startup: 22M WLAN Adapter.lnk = C:\Program Files\22M WLAN Adapter\WLANMON.exe

O8 - Extra context menu item: Download by Free Download Manager - file://F:\Program Files\Free Download Manager\dllink.htm

O8 - Extra context menu item: Download web site by Free Download Manager - file://F:\Program Files\Free Download Manager\dlpage.htm

O8 - Extra context menu item: Download all by Free Download Manager - file://F:\Program Files\Free Download Manager\dlall.htm

O8 - Extra context menu item: Download selected by Free Download Manager - file://F:\Program Files\Free Download Manager\dlselected.htm

O14 - IERESET.INF: SEARCH_PAGE_URL=

O14 - IERESET.INF: START_PAGE_URL=

Bieniol · 23 Maj 2006 14:36

Kosmetycznie możesz usunąć te wpisy:

Poza tym czysto