Uprzejmie proszę o sprawdzenie loga


(Aga Denz) #1

Znalazłam na dysku trojana "rtb 666". Nie jestem przekonana, że udało się go usunąć. Z góry dziękuję za pomoc.

Logfile of HijackThis v1.99.1

Scan saved at 00:46:58, on 05-09-30

Platform: Windows 98 SE (Win9x 4.10.2222A)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)


Running processes:

C:\WINDOWS.000\SYSTEM\KERNEL32.DLL

C:\WINDOWS.000\SYSTEM\MSGSRV32.EXE

C:\WINDOWS.000\SYSTEM\MPREXE.EXE

C:\WINDOWS.000\SYSTEM\ZONELABS\VSMON.EXE

C:\WINDOWS.000\SYSTEM\ATI2EVXX.EXE

C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SYMTRAY.EXE

C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE

C:\WINDOWS.000\SYSTEM\MSTASK.EXE

C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON UTILITIES\NPROTECT.EXE

C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON CLEANSWEEP\CSINJECT.EXE

C:\WINDOWS.000\SYSTEM\mmtask.tsk

C:\WINDOWS.000\SYSTEM\RPCSS.EXE

C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE

C:\WINDOWS.000\TASKMON.EXE

C:\WINDOWS.000\SYSTEM\SYSTRAY.EXE

C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE

C:\WINDOWS.000\RUNDLL32.EXE

C:\WINDOWS.000\SYSTEM\INTERNAT.EXE

C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHMAISV.EXE

C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHWEBSV.EXE

C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON UTILITIES\SYSDOC32.EXE

C:\WINDOWS.000\SYSTEM\WMIEXE.EXE

C:\WINDOWS.000\SYSTEM\DDHELP.EXE

C:\PROGRAM FILES\OPERA\OPERA.EXE

C:\PROGRAM FILES\GADU-GADU\GG.EXE

C:\WINDOWS.000\EXPLORER.EXE

C:\PROGRAM FILES\WEBROOT\SPY SWEEPER\SPYSWEEPER.EXE

C:\PROGRAM FILES\WEBROOT\SPY SWEEPER\WRSSSDK.EXE

C:\WINCMD\WINCMD32.EXE

C:\WINDOWS.000\TEMP\$WC\HIJACKTHIS.EXE


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.internetia.pl/cd/0007/search/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gazeta.pl/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.internetia.pl/cd/0007/start/

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.wp.pl/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Program Microsoft Internet Explorer dostarczony przez Internetię

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~1\TEXTWARE\QUICKF~1\PLUGINS\IEHELP.DLL

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS.000\SYSTEM\MSDXM.OCX

O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS.000\scanregw.exe /autorun

O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS.000\taskmon.exe

O4 - HKLM\..\Run: [SystemTray] SysTray.Exe

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [internat.exe] internat.exe

O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\AVAST4\ashmaisv.exe

O4 - HKLM\..\Run: [NPROTECT] C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE

O4 - HKLM\..\Run: [avast! Web Scanner] C:\PROGRA~1\ALWILS~1\AVAST4\ASHWEBSV.EXE

O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS.000\SYSTEM\QTTASK.EXE" -atboottime

O4 - HKLM\..\Run: [Welcome] C:\WINDOWS.000\Welcome.exe /R

O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\Run: [SpySweeper] "C:\PROGRAM FILES\WEBROOT\SPY SWEEPER\SPYSWEEPER.EXE" /startintray

O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS.000\SYSTEM\ZONELABS\VSMON.EXE -service

O4 - HKLM\..\RunServices: [ATIPOLL] ati2evxx.exe

O4 - HKLM\..\RunServices: [ATISmart] C:\WINDOWS.000\SYSTEM\ati2s9ag.exe

O4 - HKLM\..\RunServices: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\SymTray.exe "Norton SystemWorks"

O4 - HKLM\..\RunServices: [avast!] C:\Program Files\Alwil Software\Avast4\ashServ.exe

O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\RunServices: [SchedulingAgent] C:\WINDOWS.000\SYSTEM\mstask.exe

O4 - HKLM\..\RunServices: [NPROTECT] C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE

O4 - HKLM\..\RunServices: [CSINJECT.EXE] C:\Program Files\Norton SystemWorks\Norton CleanSweep\CSINJECT.EXE

O4 - HKCU\..\Run: [Gadu-Gadu] "C:\PROGRAM FILES\GADU-GADU\GG.EXE" /tray

O4 - HKCU\..\RunServices: [Gadu-Gadu] "C:\PROGRAM FILES\GADU-GADU\GG.EXE" /tray

O4 - Startup: Norton System Doctor.lnk = C:\Program Files\Norton SystemWorks\Norton Utilities\SYSDOC32.EXE

O4 - Global Startup: Norton SystemWorks.lnk = C:\Program Files\Common Files\Symantec Shared\NMain.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS.000\SYSTEM\MSJAVA.DLL

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS.000\SYSTEM\MSJAVA.DLL

O9 - Extra button: Internetia - {C66D53E0-40CC-11D9-B082-00C0DFF95E09} - http://www.internetia.pl/cd/0007/b_inetia/ (file missing) (HKCU)

O9 - Extra button: Wyborcza - {C66D53E1-40CC-11D9-B082-00C0DFF95E09} - http://www.gazeta.pl/index1.html (file missing) (HKCU)

O14 - IERESET.INF: START_PAGE_URL=http://www.internetia.pl/cd/0007/start/

O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://skaner.mks.com.pl/SkanerOnline.cab

O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C2} (GameDesire Pool 9) - http://67.15.101.3/g_bin/pl/billard9_2_0_0_22.cab

O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsecurity.com/trojanscan/axscan.cab

O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab

O18 - Protocol: textwareilluminatorbase - {CE5CD329-1650-414A-8DB0-4CBF72FAED87} - C:\WINDOWS.000\SYSTEM\TEXTWAREILLUMINATORBASEPROTOCOL.DLL

(Gutek) #2

LOG czytsy :stuck_out_tongue:

Jeśli Quick jest naprawdę potrzebny łupnij go i zastąp odpowiednikiem TU


(aju) #3
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.internetia.pl/cd/0007/search/

 	O9 - Extra button: Internetia - {C66D53E0-40CC-11D9-B082-00C0DFF95E09} - http://www.internetia.pl/cd/0007/b_inetia/ (file missing) (HKCU)

O9 - Extra button: Wyborcza - {C66D53E1-40CC-11D9-B082-00C0DFF95E09} - http://www.gazeta.pl/index1.html (file missing) (HKCU)

 	O14 - IERESET.INF: START_PAGE_URL=http://www.internetia.pl/cd/0007/start/

Jeśli nie korzystasz już z usług internetia, a wszystko na to wskazuje usuń równiez powyższe wpisy.


(Aga Denz) #4

Czy mogę prosić, zeby ktoś rzucił jeszcze okiem na mój kolejny log, bo Windows teraz o wiele dłużej się ładuje i miewa chwile zwieszeń przy otwieraniu okien. Przepraszam, ale nie jestem specjalistką od informatyki :?

Logfile of HijackThis v1.99.1

Scan saved at 21:25:04, on 05-09-30

Platform: Windows 98 SE (Win9x 4.10.2222A)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)


Running processes:

C:\WINDOWS.000\SYSTEM\KERNEL32.DLL

C:\WINDOWS.000\SYSTEM\MSGSRV32.EXE

C:\WINDOWS.000\SYSTEM\MPREXE.EXE

C:\WINDOWS.000\SYSTEM\ZONELABS\VSMON.EXE

C:\WINDOWS.000\SYSTEM\ATI2EVXX.EXE

C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SYMTRAY.EXE

C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE

C:\WINDOWS.000\SYSTEM\MSTASK.EXE

C:\WINDOWS.000\SYSTEM\mmtask.tsk

C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON UTILITIES\NPROTECT.EXE

C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON CLEANSWEEP\CSINJECT.EXE

C:\WINDOWS.000\SYSTEM\RPCSS.EXE

C:\WINDOWS.000\EXPLORER.EXE

C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE

C:\WINDOWS.000\TASKMON.EXE

C:\WINDOWS.000\SYSTEM\SYSTRAY.EXE

C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE

C:\WINDOWS.000\RUNDLL32.EXE

C:\WINDOWS.000\SYSTEM\INTERNAT.EXE

C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHMAISV.EXE

C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHWEBSV.EXE

C:\PROGRAM FILES\WEBROOT\SPY SWEEPER\SPYSWEEPER.EXE

C:\WINDOWS.000\SYSTEM\WMIEXE.EXE

C:\WINDOWS.000\SYSTEM\DDHELP.EXE

C:\PROGRAM FILES\WEBROOT\SPY SWEEPER\WRSSSDK.EXE

C:\PROGRAM FILES\GADU-GADU\GG.EXE

C:\WINDOWS.000\SYSTEM\SPOOL32.EXE

C:\WINDOWS.000\SYSTEM\RNAAPP.EXE

C:\WINDOWS.000\SYSTEM\TAPISRV.EXE

C:\WINCMD\WINCMD32.EXE

C:\WINDOWS.000\TEMP\$WC\HIJACKTHIS.EXE


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gazeta.pl/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.internetia.pl/cd/0007/start/

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.wp.pl/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Program Microsoft Internet Explorer dostarczony przez Internetię

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~1\TEXTWARE\QUICKF~1\PLUGINS\IEHELP.DLL

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS.000\SYSTEM\MSDXM.OCX

O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS.000\scanregw.exe /autorun

O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS.000\taskmon.exe

O4 - HKLM\..\Run: [SystemTray] SysTray.Exe

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [internat.exe] internat.exe

O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\AVAST4\ashmaisv.exe

O4 - HKLM\..\Run: [NPROTECT] C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE

O4 - HKLM\..\Run: [avast! Web Scanner] C:\PROGRA~1\ALWILS~1\AVAST4\ASHWEBSV.EXE

O4 - HKLM\..\Run: [Welcome] C:\WINDOWS.000\Welcome.exe /R

O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\Run: [SpySweeper] "C:\PROGRAM FILES\WEBROOT\SPY SWEEPER\SPYSWEEPER.EXE" /startintray

O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS.000\SYSTEM\ZONELABS\VSMON.EXE -service

O4 - HKLM\..\RunServices: [ATIPOLL] ati2evxx.exe

O4 - HKLM\..\RunServices: [ATISmart] C:\WINDOWS.000\SYSTEM\ati2s9ag.exe

O4 - HKLM\..\RunServices: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\SymTray.exe "Norton SystemWorks"

O4 - HKLM\..\RunServices: [avast!] C:\Program Files\Alwil Software\Avast4\ashServ.exe

O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\RunServices: [SchedulingAgent] C:\WINDOWS.000\SYSTEM\mstask.exe

O4 - HKLM\..\RunServices: [NPROTECT] C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE

O4 - HKLM\..\RunServices: [CSINJECT.EXE] C:\Program Files\Norton SystemWorks\Norton CleanSweep\CSINJECT.EXE

O4 - HKCU\..\Run: [Gadu-Gadu] "C:\PROGRAM FILES\GADU-GADU\GG.EXE" /tray

O4 - HKCU\..\RunServices: [Gadu-Gadu] "C:\PROGRAM FILES\GADU-GADU\GG.EXE" /tray

O4 - Startup: Norton System Doctor.lnk = C:\Program Files\Norton SystemWorks\Norton Utilities\SYSDOC32.EXE

O4 - Global Startup: Norton SystemWorks.lnk = C:\Program Files\Common Files\Symantec Shared\NMain.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS.000\SYSTEM\MSJAVA.DLL

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS.000\SYSTEM\MSJAVA.DLL

O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://skaner.mks.com.pl/SkanerOnline.cab

O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C2} (GameDesire Pool 9) - http://67.15.101.3/g_bin/pl/billard9_2_0_0_22.cab

O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsecurity.com/trojanscan/axscan.cab

O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab

O18 - Protocol: textwareilluminatorbase - {CE5CD329-1650-414A-8DB0-4CBF72FAED87} - C:\WINDOWS.000\SYSTEM\TEXTWAREILLUMINATORBASEPROTOCOL.DLL

(Gutek) #5

broń boże nie usuwaj tego wpisu! !!