proszę o sprawdzenie loga

IP: *.chello.pl 25.04.05, 11:20
Logfile of HijackThis v1.99.1
Scan saved at 11:18:12, on 2005-04-25
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Network Associates\VirusScan\Avsynmgr.exe
C:\Program Files\Network Associates\VirusScan\VsStat.exe
C:\Program Files\Network Associates\VirusScan\Vshwin32.exe
C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\Avconsol.exe
C:\Program Files\Network Associates\VirusScan\Webscanx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\WinTools\WToolsA.exe
C:\Program Files\Common Files\WinTools\WSup.exe
C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\Internet Optimizer\optimize.exe
C:\Program Files\BullsEye Network\bin\bargains.exe
C:\WINDOWS\System32\atipatxx.exe
C:\WINDOWS\System32\wmpctrac.exe
C:\Program Files\AutoUpdate\AutoUpdate.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\winpinst.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\CxtPls\CxtPls.exe
C:\WINDOWS\System32\svchost.exe
E:\Program Files\Gadu-Gadu\gg.exe
C:\Documents and Settings\ANIA\Pulpit\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
www.onet.pl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
F3 - REG:win.ini: load=C:\YDPDict\watch.exe
O2 - BHO: (no name) - {016235BE-59D4-4CEB-ADD5-E2378282A1D9} - C:\Program
Files\CxtPls\cxtpls.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1
\COMMON~1\WinTools\WToolsB.dll
O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} -
C:\WINDOWS\System32\msbe.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02
\bin\jusched.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet
Optimizer\optimize.exe"
O4 - HKLM\..\Run: [BullsEye Network] C:\Program Files\BullsEye
Network\bin\bargains.exe
O4 - HKLM\..\Run: [atipatxx] C:\WINDOWS\System32\atipatxx.exe
O4 - HKLM\..\Run: [WinTools] C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe
O4 - HKLM\..\Run: [tF5j37j] wmpctrac.exe
O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\RunServices: [atipatxx] C:\WINDOWS\System32\atipatxx.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [atipatxx] C:\WINDOWS\System32\atipatxx.exe
O4 - HKCU\..\Run: [coutRXH7X] winpinst.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-
00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} -
C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-
00aa003c157a} - C:\WINDOWS\web\related.htm
O12 - Plugin for .spop: C:\Program Files\Internet
Explorer\Plugins\NPDocBox.dll
O16 - DPF: {99410CDE-6F16-42ce-9D49-3807F78F0287} (ClientInstaller Class) -
www.180searchassistant.com/180saax.cab
O20 - Winlogon Notify: ntfs32 - C:\WINDOWS\SYSTEM32\ntfs32.dll
O23 - Service: AVSync Manager (AvSynMgr) - Unknown owner - C:\Program
Files\Network Associates\VirusScan\Avsynmgr.exe
O23 - Service: McShield - Unknown owner - C:\Program Files\Common
Files\Network Associates\McShield\Mcshield.exe
O23 - Service: ZESOFT - Unknown owner - C:\WINDOWS\zeta.exe
    • Gość: Kolobos Re: proszę o sprawdzenie loga IP: *.warszawa.sdi.tpnet.pl 25.04.05, 12:15
      eh tak to jest jak sie instaluje wszystko co popadnie.

      Odinstaluj:
      WinTools po resecie usun caly katalog C:\Program Files\Common Files\WinTools\
      Internet Optimizer po resecie usun katalog -> C:\Program Files\Internet
      Optimizer\
      BullsEye Network lub/oraz bargains po resecie usun caly katalog C:\Program
      Files\BullsEye Network\


      W hijackthis zaznacz te wpisy:
      O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1
      \COMMON~1\WinTools\WToolsB.dll
      O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} -
      C:\WINDOWS\System32\msbe.dll
      O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet
      Optimizer\optimize.exe"
      O4 - HKLM\..\Run: [BullsEye Network] C:\Program Files\BullsEye
      Network\bin\bargains.exe
      O4 - HKLM\..\Run: [atipatxx] C:\WINDOWS\System32\atipatxx.exe
      O4 - HKLM\..\Run: [WinTools] C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe
      O4 - HKLM\..\Run: [tF5j37j] wmpctrac.exe
      Po resecie usun caly katalog C:\Program Files\AutoUpdate\
      O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
      O4 - HKLM\..\RunServices: [atipatxx] C:\WINDOWS\System32\atipatxx.exe
      O4 - HKCU\..\Run: [coutRXH7X] winpinst.exe
      O16 - DPF: {99410CDE-6F16-42ce-9D49-3807F78F0287} (ClientInstaller Class) -
      www.180searchassistant.com/180saax.cab
      O20 - Winlogon Notify: ntfs32 - C:\WINDOWS\SYSTEM32\ntfs32.dll
      O23 - Service: ZESOFT - Unknown owner - C:\WINDOWS\zeta.exe

      Fix Checked, nastepnie zainstaluj:
      www.safer-networking.org/pl/mirrors/index.html <- SpyBot S&D ->
      przeskanuj i wlacz ochrone przegladarki
      www.javacoolsoftware.com/spywareblaster.html <- SpywareBlaster -> wlacz
      ochrone przegladarki
      www.wilderssecurity.net/spywareguard.html <- SpywareGuard

      Przeskanuj tez:
      housecall.trendmicro.com/housecall/start_corp.asp
      www.windowsecurity.com/trojanscan/
      www.pandasoftware.com/activescan/pol/activescan_principal.htm
      Jak juz to wszystko zrobisz to zresetuj i wklej nowy log z hijackthis.
      • Gość: Julka Re: proszę o sprawdzenie loga IP: *.chello.pl 25.04.05, 14:24
        Bardzo dziekuje za pomoc. Wszysko juz dziła! :)
        • Gość: Kolobos Re: proszę o sprawdzenie loga IP: *.warszawa.sdi.tpnet.pl 25.04.05, 15:47
          Ale wklej jeszcze na wszelki wypadek nowy log z hijackthis :-)
          • Gość: Julka Re: proszę o sprawdzenie loga IP: *.chello.pl 25.04.05, 23:06
            Chyba jednak w moim kompie siedzi jakis trojan.
            A oto log po naprawie:


            Logfile of HijackThis v1.99.1
            Scan saved at 23:02:48, on 2005-04-25
            Platform: Windows XP (WinNT 5.01.2600)
            MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

            Running processes:
            C:\WINDOWS\System32\smss.exe
            C:\WINDOWS\system32\winlogon.exe
            C:\WINDOWS\system32\services.exe
            C:\WINDOWS\system32\lsass.exe
            C:\WINDOWS\system32\svchost.exe
            C:\WINDOWS\System32\svchost.exe
            C:\WINDOWS\system32\spoolsv.exe
            C:\WINDOWS\Explorer.EXE
            C:\WINDOWS\system32\ntvdm.exe
            C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
            C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
            C:\Program Files\Messenger\msmsgs.exe
            C:\Program Files\Network Associates\VirusScan\Avsynmgr.exe
            C:\Program Files\Network Associates\VirusScan\VsStat.exe
            C:\Program Files\Network Associates\VirusScan\Vshwin32.exe
            C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
            C:\Program Files\Network Associates\VirusScan\Avconsol.exe
            C:\Program Files\Network Associates\VirusScan\Webscanx.exe
            C:\Program Files\CxtPls\CxtPls.exe
            E:\Program Files\Gadu-Gadu\gg.exe
            C:\Program Files\Internet Explorer\iexplore.exe
            C:\Documents and Settings\ANIA\Pulpit\Hijackthis\HijackThis.exe

            R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
            www.onet.pl/
            R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
            F3 - REG:win.ini: load=C:\YDPDict\watch.exe
            O2 - BHO: (no name) - {016235BE-59D4-4CEB-ADD5-E2378282A1D9} - C:\Program
            Files\CxtPls\cxtpls.dll
            O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
            C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
            O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program
            Files\Spybot - Search & Destroy\SDHelper.dll
            O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
            C:\WINDOWS\System32\msdxm.ocx
            O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
            O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
            O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02
            \bin\jusched.exe
            O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
            O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
            Office\Office\OSA9.EXE
            O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
            C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
            O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-
            00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
            O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} -
            C:\WINDOWS\web\related.htm
            O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-
            00aa003c157a} - C:\WINDOWS\web\related.htm
            O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
            O16 - DPF: {2A32B14F-4D29-4EA3-AC54-E9B19F436CE7} (Scanner Class) -
            www.windowsecurity.com/trojanscan/TDECntrl.CAB
            O23 - Service: AVSync Manager (AvSynMgr) - Unknown owner - C:\Program
            Files\Network Associates\VirusScan\Avsynmgr.exe
            O23 - Service: McShield - Unknown owner - C:\Program Files\Common Files\Network
            Associates\McShield\Mcshield.exe

            • Gość: T-800 Re: proszę o sprawdzenie loga IP: *.tpnet.pl / *.tpnet.pl 25.04.05, 23:18
              Do wyrzucenia:

              > O2 - BHO: (no name) - {016235BE-59D4-4CEB-ADD5-E2378282A1D9} - C:\Program
              > Files\CxtPls\cxtpls.dll

              > O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} -
              > C:\WINDOWS\web\related.htm
              > O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-
              > 00aa003c157a} - C:\WINDOWS\web\related.htm

              > O16 - DPF: {2A32B14F-4D29-4EA3-AC54-E9B19F436CE7} (Scanner Class) -
              > www.windowsecurity.com/trojanscan/TDECntrl.CAB


              Jak już wszystko będzie OK, zaktualizuj system: www.windowsupdate.com
            • Gość: Kolobos Re: proszę o sprawdzenie loga IP: *.warszawa.sdi.tpnet.pl 26.04.05, 01:56
              Dlatego prosilem o nowy log.

              Sciagnij killbox:
              www.downloads.subratam.org/KillBox.zip
              Uruchom, zaznacz delete file on reboot i wklej do niego sciezke do:
              C:\Program Files\CxtPls\cxtpls.dll i nacisnij czerowny przycisk ale na pytanie
              o reset odpowiedz nie, nastepnie to samo zrob z:
              C:\Program Files\CxtPls\CxtPls.exe

              Nastepnie w hijackthis usun wspomniany juz wpis:
              O2 - BHO: (no name) - {016235BE-59D4-4CEB-ADD5-E2378282A1D9} - C:\Program
              Files\CxtPls\cxtpls.dll

              Uruchom ponownie komputer, usun caly katalog:
              C:\Program Files\CxtPls\ i wklej nowy log z hijackthis.
              • Gość: Julka Re: proszę o sprawdzenie loga IP: *.chello.pl 26.04.05, 14:47
                Oto nowy log:


                Logfile of HijackThis v1.99.1
                Scan saved at 14:46:18, on 2005-04-26
                Platform: Windows XP (WinNT 5.01.2600)
                MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

                Running processes:
                C:\WINDOWS\System32\smss.exe
                C:\WINDOWS\system32\winlogon.exe
                C:\WINDOWS\system32\services.exe
                C:\WINDOWS\system32\lsass.exe
                C:\WINDOWS\system32\svchost.exe
                C:\WINDOWS\System32\svchost.exe
                C:\WINDOWS\system32\spoolsv.exe
                C:\WINDOWS\Explorer.EXE
                C:\Program Files\Network Associates\VirusScan\Avsynmgr.exe
                C:\WINDOWS\system32\ntvdm.exe
                C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
                C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
                C:\Program Files\Messenger\msmsgs.exe
                C:\Program Files\Network Associates\VirusScan\VsStat.exe
                C:\Program Files\Network Associates\VirusScan\Vshwin32.exe
                C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
                C:\Program Files\Network Associates\VirusScan\Avconsol.exe
                C:\Program Files\Network Associates\VirusScan\Webscanx.exe
                C:\Program Files\Internet Explorer\iexplore.exe
                C:\Documents and Settings\ANIA\Pulpit\Hijackthis\HijackThis.exe

                R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
                www.onet.pl/
                R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
                F3 - REG:win.ini: load=C:\YDPDict\watch.exe
                O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
                C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
                O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program
                Files\Spybot - Search & Destroy\SDHelper.dll
                O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
                C:\WINDOWS\System32\msdxm.ocx
                O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
                O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
                O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02
                \bin\jusched.exe
                O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
                O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
                Office\Office\OSA9.EXE
                O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
                C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
                O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-
                00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
                O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} -
                C:\WINDOWS\web\related.htm
                O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-
                00aa003c157a} - C:\WINDOWS\web\related.htm
                O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
                O16 - DPF: {2A32B14F-4D29-4EA3-AC54-E9B19F436CE7} (Scanner Class) -
                www.windowsecurity.com/trojanscan/TDECntrl.CAB
                O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) -
                a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
                O23 - Service: AVSync Manager (AvSynMgr) - Unknown owner - C:\Program
                Files\Network Associates\VirusScan\Avsynmgr.exe
                O23 - Service: McShield - Unknown owner - C:\Program Files\Common Files\Network
                Associates\McShield\Mcshield.exe

                • Gość: Kolobos Re: proszę o sprawdzenie loga IP: *.warszawa.sdi.tpnet.pl 26.04.05, 14:59
                  Log jest juz ok.
                  Ale sciagnij sobie najnowsza wersje (update) Internet Explorer'a z ->
                  www.windowsupdate.com
                  • Gość: Julka Re: proszę o sprawdzenie loga IP: *.chello.pl 26.04.05, 15:04
                    Dziekuje za pomoc :)
                  • Gość: Julka Re: proszę o sprawdzenie loga IP: *.chello.pl 27.04.05, 22:57
                    Jednak nadal mam problem.
                    Co jakis czas włacza mi sie moj antywirus McAfee i pokazue zawirusowany plik:
                    C:\System Volume Information\_restore{49946BF9-11DF-4CCE-A97D-943D7F0551A4}\RP30
                    \A0005717.exe\00000a60.EXE oraz nazwe wirusa Generic MSVC.
                    Niestety nie chce go usunac.
                    Nie wiem co zrobic pociewaz ta sciezka mi nic nie mowi i nie wiem nawet gdzie
                    mogłabym tego szukac ani jak sie pozbyc.
                    Prosze kolejny raz o pomoc.:)
                    • Gość: Kolobos Re: proszę o sprawdzenie loga IP: *.warszawa.sdi.tpnet.pl 27.04.05, 23:49
                      Musisz wylaczyc przywracanie systemi i wtedy bedziesz mogla usunac ten plik.
                      Tutaj masz opis jak to zrobic:
                      www.gdata.pl/pl/support/avk12_pyt6.html
Pełna wersja