Złapałem trojana


(Krk77) #1

Logfile of HijackThis v1.99.1

Scan saved at 12:49:10, on 05-12-23

Platform: Windows 98 SE (Win9x 4.10.2222A)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:

C:\WINDOWS.000\SYSTEM\KERNEL32.DLL

C:\WINDOWS.000\SYSTEM\MSGSRV32.EXE

C:\WINDOWS.000\SYSTEM\SPOOL32.EXE

C:\WINDOWS.000\SYSTEM\MPREXE.EXE

C:\PROGRAM FILES\COMMON FILES\SYSTEM\MOSEARCH\BIN\MOSEARCH.EXE

C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\VS7DEBUG\MDM.EXE

C:\WINDOWS.000\SYSTEM\MSTASK.EXE

C:\WINDOWS.000\SYSTEM\KERNELS64.EXE

C:\WINDOWS.000\EXPLORER.EXE

C:\WINDOWS.000\SYSTEM\VXH8JKDQ2.EXE

C:\WINDOWS.000\SYSTEM\PSTORES.EXE

C:\WINDOWS.000\SYSTEM\TAPISRV.EXE

C:\WINDOWS.000\SYSTEM\RNAAPP.EXE

C:\WINDOWS.000\SYSTEM\WINOA386.MOD

C:\WINDOWS.000\INET20001\SERVICES.EXE

C:\WINDOWS.000\TASKMON.EXE

C:\WINDOWS.000\SYSTEM\SYSTRAY.EXE

C:\WINDOWS.000\SYSTEM\REGSVR32.EXE

C:\PROGRAM FILES\AXIS COMMUNICATIONS\PRINT SYSTEM\TRAYICON.EXE

C:\PROGRAM FILES\ZAMAAN'S SOFTWARE\BROWSER HIJACK RETALIATOR 4.1\BHR4.1.EXE

C:\WINDOWS.000\RunDLL.exe

C:\WINDOWS.000\SYSTEM\CTFMON.EXE

C:\WINSTALL.EXE

C:\WINDOWS.000\SYSTEM\WMIEXE.EXE

C:\WINDOWS.000\TEMP\SAVAGENT.EXE

C:\PROGRAM FILES\SOPHOS SWEEP\ICMON.EXE

C:\WINDOWS.000\TEMP\ICSUPP95.EXE

C:\PROGRAM FILES\COMMON FILES\SYSTEM\MOSEARCH\BIN\MOSDMN.EXE

D:\ROZ\OD WIS\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mos.gov.pl/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 172.16.1.14:6588

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

F1 - win.ini: run=C:\WINDOWS.000\INET20001\SERVICES.EXE

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL

O2 - BHO: (no name) - {B75F75B8-93F3-429D-FF34-660B206D897A} - C:\WINDOWS.000\SYSTEM\ZOLKER011.DLL

O2 - BHO: (no name) - {5321E378-FFAD-4999-8C62-03CA8155F0B3} - (no file)

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS.000\SYSTEM\MSDXM.OCX

O4 - HKLM..\Run: [scanRegistry] C:\WINDOWS.000\scanregw.exe /autorun

O4 - HKLM..\Run: [TaskMonitor] C:\WINDOWS.000\taskmon.exe

O4 - HKLM..\Run: [systemTray] SysTray.Exe

O4 - HKLM..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM..\Run: [interCheckMonitor] "C:\PROGRAM FILES\SOPHOS SWEEP\ICMON.EXE" -minimised

O4 - HKLM..\Run: [AXIS Print System TrayIcon] C:\Program Files\Axis Communications\Print System\TrayIcon.exe

O4 - HKLM..\Run: [AXIS Printer Driver Scanner] C:\Program Files\Axis Communications\Print System\DriverScanner.exe

O4 - HKLM..\Run: [system] C:\WINDOWS.000\SYSTEM\kernels64.exe

O4 - HKLM..\Run: [bHR4.1] C:\PROGRAM FILES\ZAMAAN'S SOFTWARE\BROWSER HIJACK RETALIATOR 4.1\BHR4.1.exe

O4 - HKLM..\Run: [xp_system] C:\WINDOWS.000\INET20001\SERVICES.EXE

O4 - HKLM..\Run: [sAVAgent] C:\WINDOWS.000\TEMP\SAVAgent.exe -POOL=3600

O4 - HKLM..\Run: [sweep95] "C:\Program Files\Sophos SWEEP\SETUP.EXE"

O4 - HKLM..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM..\RunServices: [MOSearch] C:\PROGRA~1\COMMON~1\SYSTEM\MOSEARCH\BIN\MOSEARCH.EXE

O4 - HKLM..\RunServices: [MDM7] "C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\VS7DEBUG\MDM.EXE"

O4 - HKLM..\RunServices: [schedulingAgent] mstask.exe

O4 - HKLM..\RunServices: [systemTools] C:\WINDOWS.000\SYSTEM\kernels64.exe

O4 - HKLM..\RunServices: [shell] Explorer.exe C:\WINDOWS.000\SYSTEM\kernels64.exe

O4 - HKLM..\RunServices: [sweep95] C:\Program Files\Sophos SWEEP\ICLOAD95.EXE

O4 - HKCU..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY

O4 - HKCU..\Run: [ctfmon.exe] ctfmon.exe

O4 - HKCU..\Run: [xp_system] C:\WINDOWS.000\INET20001\SERVICES.EXE

O4 - HKCU..\Run: [Windows installer] C:\winstall.exe

O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE10\EXCEL.EXE/3000

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS.000\web\related.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS.000\web\related.htm

O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll

O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = boat.luw

O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 172.16.1.1

Nie umiem sobie z tym sam poradzić, prosze o pomoc.

Wesołych Świąt


(Gutek) #2

  1. Zastartować do trybu awaryjnego bez internetu(opis w linku wyżej).

  2. Zaznaczyć wskazane wpisy w Hijacku i kliknąć Fix checked. Wpisy zostaną usunięte. Dodatkowo O15 może będzie stawiać opór więc ściągnij KillTrusted 0.7

  3. Skasować z dysku pliki i foldery, które podkreśliłem na czerwono

  4. Zastosuj Usuwanie tapety SpySheriff

  5. Pokazać nowy log