Fisherr
(Darek Wiki)
9 Luty 2007 14:14
#1
siemka
wczoraj podczas przeglądania forum DB kliknąłem w link który jeden z użytkowników podał w podpisie swoim i zaraz po wejściu na strone antywirus poinformował mnie o wirusie.
podejrzewam że właśnie z tej strony co klikłem mam dostał mi się wirus do kompa.
daje loga bo chciałbym to świństwo usunąć:
Logfile of HijackThis v1.99.1 Scan saved at 15:18:35, on 2007-02-09 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0011) Running processes: D:\WINDOWS\System32\smss.exe D:\WINDOWS\system32\winlogon.exe D:\WINDOWS\system32\services.exe D:\WINDOWS\system32\lsass.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\System32\svchost.exe D:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe D:\WINDOWS\Explorer.EXE D:\WINDOWS\system32\spoolsv.exe D:\Program Files\Norton AntiVirus\navapsvc.exe D:\WINDOWS\system32\nvsvc32.exe D:\Program Files\Norton AntiVirus\SAVScan.exe D:\WINDOWS\system32\svchost.exe D:\Program Files\Common Files\Symantec Shared\ccApp.exe D:\Program Files\Java\jre1.5.0_10\bin\jusched.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe D:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe D:\WINDOWS\system32\ctfmon.exe D:\WINDOWS\system32\devldr32.exe C:\Program Files\Gadu-Gadu\gg.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe D:\Program Files\Internet Explorer\iexplore.exe D:\Program Files\Messenger\msmsgs.exe D:\Documents and Settings\Dom\Pulpit\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Program Files\Norton AntiVirus\NavShExt.dll O4 - HKLM…\Run: [ccApp] “D:\Program Files\Common Files\Symantec Shared\ccApp.exe” O4 - HKLM…\Run: [symantec NetDriver Monitor] D:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM…\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe O4 - HKLM…\Run: [HPDJ Taskbar Utility] D:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb06.exe O4 - HKLM…\Run: [MKS_MENU] D:\Program Files\MKS\Bin\mks_menu.exe O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM…\Run: [nwiz] nwiz.exe /install O4 - HKLM…\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit O4 - HKLM…\Run: [Picasa Media Detector] c:\Program Files\Picasa2\PicasaMediaDetector.exe O4 - HKLM…\Run: [sunJavaUpdateSched] “D:\Program Files\Java\jre1.5.0_10\bin\jusched.exe” O4 - HKLM…\Run: [share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM…\Run: [WheelMouse] c:\PROGRA~1\A4Tech\Mouse\Amoumain.exe O4 - HKCU…\Run: [Zinio DLM] D:\Program Files\Zinio\ZinioDeliveryManager.exe /autostart O4 - HKCU…\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray O4 - Startup: UniSpiker-2.2.lnk = C:\Program Files\ivo\UniSpiker-2.2\uni_spiker-2.2.exe O8 - Extra context menu item: Download with &Shareaza - res://c:\Program Files\Shareaza\Plugins\RazaWebHook.dll/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll ,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe O11 - Options group: [iNTERNATIONAL] International* O15 - Trusted Zone: http://www.mks.com.pl O15 - Trusted Zone: http://www.mks.com.pl O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MTSIns … _load.html O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar … /cabsa.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup … 1234104385 O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: WgaLogon - D:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Google Updater Service (gusvc) - Google - D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Usługa Auto Protect programu Norton AntiVirus (navapsvc) - Symantec Corporation - D:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe O23 - Service: SAVScan - Symantec Corporation - D:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - D:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
Uzupełniono tagi
Asterisk
adam9870
(adam9870)
9 Luty 2007 14:59
#2
Log czysty.
Pokazał się alert o wykryciu szkodnika na stronie czy jako plik w komputerze? Dla pewności możesz przeskanować http://www.ewido.net/en/ i na następny raz nie odwiedzaj ten podobno zainfekowanej strony usera.
Czy masz jeszcze MKS’a? Jeśli nie to usuń powyższy wpis HJT i przeczyść rejestr, opis .