Log

Oprogramowanie komputerowe Problemy z oprogramowaniem
#1

prosze o sprawdzenie

Logfile of HijackThis v1.98.0

Scan saved at 14:07:41, on 2004-09-18

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\savedump.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\rundll32.exe

D:\Zainstalowane\Gadu-Gadu\gg.exe

C:\WINDOWS\System32\wuauclt.exe

C:\WINDOWS\System32\wuauclt.exe

C:\Documents and Settings\SYN\Pulpit\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\SYN\USTAWI~1\Temp\sp.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\SYN\USTAWI~1\Temp\sp.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\SYN\USTAWI~1\Temp\sp.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\SYN\USTAWI~1\Temp\sp.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\SYN\USTAWI~1\Temp\sp.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\SYN\USTAWI~1\Temp\sp.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

R3 - URLSearchHook: (no name) - {269B6797-664E-48AA-B283-B012BDF6E525} - (no file)

O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL (file missing)

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0 CE\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: URLLink Class - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet6_38.dll

O2 - BHO: (no name) - {5321E378-FFAD-4999-8C62-03CA8155F0B3} - (no file)

O2 - BHO: (no name) - {91752D2C-BA83-4787-ACA9-88B2A5B2473C} - C:\WINDOWS\System32\ncceac.dll

O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL (file missing)

O3 - Toolbar: GameBar - {4E7BD74F-2B8D-469E-C0FF-FD69B994BD7D} - C:\PROGRA~1\GAMERI~1\GameBar\gamebar.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM…\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM…\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup -s

O4 - HKCU…\Run: [Gadu-Gadu] “D:\Zainstalowane\Gadu-Gadu\gg.exe” /tray

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://D:\office\Office10\EXCEL.EXE/3000

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra ‘Tools’ menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O10 - Hijacked Internet access by New.Net

O16 - DPF: {11311111-1111-1111-1111-111111111157} - file://C:\Recycled\Q330995.exe

O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file. … 729109a237

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/fu … .0.0.8.cab

O16 - DPF: {1F831FAC-42FC-11D4-95A6-0080AD30DCE1} (InstaFred) - file://D:\Zainstalowane\AUTOCAD\InstFred.ocx

O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab

O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday) - file://D:\Zainstalowane\AUTOCAD\AcDcToday.ocx

O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab

O16 - DPF: {AE56372C-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://D:\Zainstalowane\AUTOCAD\InstBanr.ocx

O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bu … eRdxIE.cab

O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://register3.valueactive.com/211/w … lashAX.cab

O16 - DPF: {E0B795B4-FD95-4ABD-A375-27962EFCE8CF} (StarInstall Control) - http://install.serviceurl.de/StarInstall.ocx

O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://bezpieczenstwo.onet.pl/skaner/SkanerOnline.cab

O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://D:\Zainstalowane\AUTOCAD\AcPreview.ocx

O18 - Filter: text/html - {F6639BD3-D09E-43B6-91CC-9C30B533493C} - C:\WINDOWS\System32\ncceac.dll

O18 - Filter: text/plain - {F6639BD3-D09E-43B6-91CC-9C30B533493C} - C:\WINDOWS\System32\ncceac.dll

#2

mi podejrzany wydaje sie proces wuauclt.exe

#3

kasujesz

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C** :\DOCUME~1\SYN\USTAWI~1\Temp\sp.html**

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C** :\DOCUME~1\SYN\USTAWI~1\Temp\sp.html**

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C** :\DOCUME~1\SYN\USTAWI~1\Temp\sp.html**

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C** :\DOCUME~1\SYN\USTAWI~1\Temp\sp.html**

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C** :\DOCUME~1\SYN\USTAWI~1\Temp\sp.html**

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C** :\DOCUME~1\SYN\USTAWI~1\Temp\sp.html**

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

(strony startowe/po usunieciu zostanie ci sam jeden wpis (blank) pusta strona)

-------------------------------------------------------------------------------------

R3 - URLSearchHook: (no name) - {269B6797-664E-48AA-B283-B012BDF6E525} - (no file)

O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL (file missing)

O2 - BHO: (no name) - {5321E378-FFAD-4999-8C62-03CA8155F0B3} - (no file)

O2 - BHO: (no name) - {91752D2C-BA83-4787-ACA9-88B2A5B2473C} - C:\WINDOWS\System32\ncceac.dll

O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL (file missing)

(puste pliki, pozostalosci po intruzach co niektorych kasacja)

-------------------------------------------------------------------------------------

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra ‘Tools’ menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra ‘Tools’ menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O10 - Hijacked Internet access by New.Net

(strony podmienione, -schakowane- usuwasz)

-------------------------------------------------------------------------------------

O16 - DPF: {11311111-1111-1111-1111-111111111157} - file://C** :\Recycled\Q330995.exe**

O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file. … 86bff7585b

7e883263ddf35912dd813dee463c744961d2b31add589650eef4d876c0f

c2a2f745d64562:c31e3730b38c174130e1e2729109a237

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/fu … .0.0.8.cab

O16 - DPF: {1F831FAC-42FC-11D4-95A6-0080AD30DCE1} (InstaFred) - file://D** :\Zainstalowane\AUTOCAD\InstFred.ocx**

O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab

O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday) - file://D** :\Zainstalowane\AUTOCAD\AcDcToday.ocx**

O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab

O16 - DPF: {AE56372C-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://D** :\Zainstalowane\AUTOCAD\InstBanr.ocx**

O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bu … eRdxIE.cab

O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://register3.valueactive.com/211/w … lashAX.cab

O16 - DPF: {E0B795B4-FD95-4ABD-A375-27962EFCE8CF} (StarInstall Control) - http://install.serviceurl.de/StarInstall.ocx

O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://bezpieczenstwo.onet.pl/skaner/SkanerOnline.cab

O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://D** :\Zainstalowane\AUTOCAD\AcPreview.ocx**

(wszystko to juz zostalo zainstalowane, sciagniete wiec kasujesz pozostalosci w postaci wpisu do loga)

-------------------------------------------------------------------------------------

O18 - Filter: text/html - {F6639BD3-D09E-43B6-91CC-9C30B533493C} -

C:\WINDOWS\System32\ncceac.dll

O18 - Filter: text/plain - {F6639BD3-D09E-43B6-91CC-9C30B533493C} - C:\WINDOWS\System32\ncceac.dll

(trojany)

skanujesz potem swoj komp

–GFI Trojan–

http://www.windowsecurity.com/trojanscan/

–mks_vir–

http://skaner.mks.com.pl

z tych wybierz sobie ktorys ponizej

–F-Secure–

http://support.f-secure.com/enu/home/ols.shtml

–GeCAD (RAV)-- (skanuje takze archiwa)

http://www.ravantivirus.com/scan/

Powiem ci jedno, masz jakiegos antywira czy niemasz

bo niewidze u ciebie takowego

musisz cos zainstalowac, nawet darmowgo daj na PW to pogoadmy ewent. na gg lub tlena

wuauclt.exe - proces jak kazdy inny ,sama mam go w

systemie jak chcesz zobaczyc co to jest masz google

:stuck_out_tongue: :stuck_out_tongue: