Prośba o sprawdzenie loga


(Henrus) #1

Przeskanowany komputer, wirusy usunięte, naprawa programami które opisujecie w postach i po 15 minutach dostępu do internetu dysk jest pełny i nic nie da się zrobić, choć było 15 GB wolne. Dlatego zamieszczam loga z prośbą o pomoc. I jeszcze jedno system to WindowsXP z SP1.

Logfile of HijackThis v1.97.7

Scan saved at 11:50:06, on 2005-01-27

Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\Program Files\MKS\Bin\mksmonsv.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\MKS\Bin\mks_scan.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe

C:\WINDOWS\system32\config\winlogon.exe

C:\Program Files\Internet Optimizer\optimize.exe

C:\Program Files\SED\SED.exe

C:\WINDOWS\System32\ctfmon.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Documents and Settings\O P S\Dane aplikacji\amas.exe

C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe

C:\Program Files\MKS\Bin\mks_menu.exe

C:\Program Files\WinZip\WZQKPICK.EXE

C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe

C:\mks_1\MKS\Bin\mks_scan.exe

D:\uruchom.exe

D:\Programy\Windows\Narzedziowe\Bezpieczenstwo\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łšcza

F2 - REG:system.ini: Shell=explorer.exe

O1 - Hosts: 69.20.16.183 ieautosearch

O2 - BHO: Recommended Hotfix - {0421701D-CF13-4E70-ADF0-45A953E7CB8B} - C:\Program Files\Recommended Hotfix - 421701D\v15\RH.DLL (file missing)

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: IEMenuExtension toolbar - {6b95678d-30a4-4ff8-a72f-4208340c1f7f} - C:\Program Files\IEMenuExtension\tbextn.dll (file missing)

O4 - HKLM..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM..\Run: [statusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto

O4 - HKLM..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe

O4 - HKLM..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM..\Run: [sysTime] C:\WINDOWS\System32\systime.exe

O4 - HKLM..\Run: [service Control Process] C:\WINDOWS\system32\config\winlogon.exe

O4 - HKLM..\Run: [internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"

O4 - HKLM..\Run: [iE Menu Extension toolbar] rundll32.exe "C:\PROGRA~1\IEMENU~1\tbextn.dll" DllShowTB

O4 - HKLM..\Run: [sESync] "C:\Program Files\SED\SED.exe"

O4 - HKCU..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU..\Run: [sysTime] C:\WINDOWS\System32\systime.exe

O4 - HKCU..\Run: [Noha] C:\Documents and Settings\O P S\Dane aplikacji\amas.exe

O4 - HKCU..\Run: [Gzpmpy] C:\WINDOWS\System32\d?dplay.exe

O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe

O4 - Global Startup: Menu mks_vir.lnk = C:\Program Files\MKS\Bin\mks_menu.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: Related (HKLM)

O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)

O15 - Trusted Zone: *.blazefind.com

O15 - Trusted Zone: *.clickspring.net

O15 - Trusted Zone: *.flingstone.com

O15 - Trusted Zone: *.iframedollars.biz

O15 - Trusted Zone: *.mt-download.com

O15 - Trusted Zone: *.my-internet.info

O15 - Trusted Zone: *.searchbarcash.com

O15 - Trusted Zone: *.searchmiracle.com

O15 - Trusted Zone: *.skoobidoo.com

O15 - Trusted Zone: *.slotch.com

O15 - Trusted Zone: *.slotchbar.com

O15 - Trusted Zone: *.windupdates.com

O15 - Trusted Zone: *.ysbweb.com

O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control) - http://office.microsoft.com/templates/ieawsdc.cab

O16 - DPF: {11111111-1111-1111-1111-111111111157} - ms-its:mhtml:file://c:\nosuch.mht! http://iframedollars.biz/dl/adv516/x.chm::/load.exe

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v ... 8782141718

O16 - DPF: {79849612-A98F-45B8-95E9-4D13C7B6B35C} (Loader2 Control) - http://iframedollars.biz/tb/loader2.ocx

O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTickets ... refid=2732

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shoc ... wflash.cab

O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://bezpieczenstwo.onet.pl/skaner/SkanerOnline.cab

O17 - HKLM\System\CCS\Services\Tcpip..{18CC6FEA-B017-4DAB-AFB7-7D0FBBCF355C}: NameServer = 194.204.159.1,194.204.152.34

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = 192.168.0.1

O17 - HKLM\System\CS1\Services\Tcpip..{18CC6FEA-B017-4DAB-AFB7-7D0FBBCF355C}: NameServer = 194.204.159.1,194.204.152.34

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = 192.168.0.1

O17 - HKLM\System\CS2\Services\Tcpip..{18CC6FEA-B017-4DAB-AFB7-7D0FBBCF355C}: NameServer = 194.204.159.1,194.204.152.34

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = 192.168.0.1


(Musg) #2

O15 - Trusted Zone: *.blazefind.com

O15 - Trusted Zone: *.clickspring.net

O15 - Trusted Zone: *.flingstone.com

O15 - Trusted Zone: *.iframedollars.biz

O15 - Trusted Zone: *.mt-download.com

O15 - Trusted Zone: *.my-internet.info

O15 - Trusted Zone: *.searchbarcash.com

O15 - Trusted Zone: *.searchmiracle.com

O15 - Trusted Zone: *.skoobidoo.com

O15 - Trusted Zone: *.slotch.com

O15 - Trusted Zone: *.slotchbar.com

O15 - Trusted Zone: *.windupdates.com

O15 - Trusted Zone: *.ysbweb.com

O16 - DPF: {11111111-1111-1111-1111-111111111157} - ms-its:mhtml:file://c:\nosuch.mht! http://iframedollars.biz/dl/adv516/x.chm::/load.exe

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v ... 8782141718

O16 - DPF: {79849612-A98F-45B8-95E9-4D13C7B6B35C} (Loader2 Control) - http://iframedollars.biz/tb/loader2.ocx wywalasz


(adpawl) #3

  • Tego raczej nie należy kasować!

Usuń to w trybie awaryjnym... przy wyłączonym przywracaniu systemu:

  • To można odinstalować: Dodaj/Usuń, Ezule

...Potem jeszcze koniecznie skan cwshredder'em, pestpatrolem i spybotem itp. (oczywiście po zrobieniu update'a !!

linki: http://download.zonelabs.com/bin/free/p ... olHome.exe

http://download.softpedia.ro/software/A ... sd14b2.exe

http://cwshredder.net/bin/CWShredder.exe


(Trebron) #4

KASACJA

Jeśli znasz, zostaw:


(Xiao19) #5

jesce to w tryb awaryjny , wylacz przywracanie systemu

F2 - REG:system.ini: Shell=explorer.exe

O1 - Hosts: 69.20.16.183 ieautosearch

O2 - BHO: Recommended Hotfix - {0421701D-CF13-4E70-ADF0-45A953E7CB8B} - C:\Program Files\Recommended Hotfix - 421701D\v15\RH.DLL (file missing)

[smartPops adware]

O4 - HKLM..\Run: [iE Menu Extension toolbar] rundll32.exe "C:\PROGRA~1\IEMENU~1\tbextn.dll" DllShowTB

[Topconverting.com/180Search "IEMenuExtension" toolbar]

O4 - HKLM..\Run: [sESync] "C:\Program Files\SED\SED.exe"

[Downloadware/SED adware downloader]

O4 - HKCU..\Run: [sysTime] C:\WINDOWS\System32\systime.exe

[Added by the RANDEX.S WORM!]

O4 - HKCU..\Run: [Noha] C:\Documents and Settings\O P S\Dane aplikacji\amas.exe

O4 - HKCU..\Run: [Gzpmpy] C:\WINDOWS\System32\d?dplay.exe

[znasz zostawiasz /NIE/ kasacja]

z pozycji

O17 - zostawiasz ten adres proxy ktory uzywasz

jak sa oba ok to spox

1.) Added by the RANDEX.S WORM!

sciagasz CWShredder™ Version 2.1 i skanujesz nim system

http://cwshredder.net/bin/CWShredder.exe

2.) Downloadware/SED adware downloader

Removal

Dodaj lub usun programy/

wywalasz soft 'DownloadWare',

z rejestru

start/uruchom/regedit

z klucza

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run.

wywalasz wsio co ma taka nazwe

'DownloadWare' (DW variant) or 'SESync' (SED variant).

resetujesz kompa

i wywalasz potem foldery

'DownloadWare' (DW variant) or 'SED' (SED variant)

w Program Files.

3.) SmartPops adware

resetujesz kompa /tryb awaryjny/

i kasujesz foldery

'Network Essentials' (NE variant), 'MediaLoads Enhanced' (ME variant), 'Recommended Hotfix - 421701D' (RH variant), 'scbar' (SCBar variant), 'winex' (Winex variant), 'SE' (SearchExe variant) or 'msnet' (MS variant)

w Program Files folder.

4.) Topconverting.com/180Search "IEMenuExtension" toolbar

sciagasz PestPatrol i ETD Security Scanner 3.0

http://download.zonelabs.com/bin/free/p ... olHome.exe

http://www.download.com/ETD-Security-Sc ... 29424.html

INFO:

Update i skan partycji systemowej

5.) skan skanerami AV

--F-Secure--

http://support.f-secure.com/enu/home/ols.shtml

--GeCAD (RAV)--

http://www.ravantivirus.com/scan/

lub

--Trend Micro (PC-cillin)--

http://housecall.trendmicro.com/houseca ... t_corp.asp

ps

O4 - HKLM..\Run: [internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"

to zostawiasz

INFO:

nternet Optimizer U optimize.exe Internet connection optimizer. Leave this enabled if you find it improves your connection

hihihi :smiley: :smiley:

pozdro