Proszę o sprawdzenie loga

Dla specjalistów Bezpieczeństwo
#1

Logfile of HijackThis v1.99.0

Scan saved at 15:00:17, on 2005-04-08

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Winamp\Winampa.exe

C:\WINDOWS\System32\P2P Networking\P2P Networking.exe

C:\Program Files\Gadu-Gadu\gg.exe

C:\Program Files\Tlen.pl\tlen.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\System32\wuauclt.exe

C:\Program Files\WinRAR\WinRAR.exe

C:\DOCUME~1\Ania\USTAWI~1\Temp\Rar$EX00.370\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

R3 - URLSearchHook: (no name) - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - (no file)

O2 - BHO: (no name) - {00000000-DD60-0064-6EC2-6E0100000000} - (no file)

O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {38D4D5D0-423E-4220-B6F9-30918C2AE4A4} - C:\WINDOWS\sasetup.dll (file missing)

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: My &Search Bar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL

O4 - HKLM…\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM…\Run: [WinampAgent] “C:\Program Files\Winamp\Winampa.exe”

O4 - HKLM…\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM…\Run: [KAZAA] C:\Program Files\Kazaa\kazaa.exe /SYSTRAY

O4 - HKLM…\Run: [searchUpgrader] C:\Program Files\Common files\SearchUpgrader\SearchUpgrader.exe

O4 - HKLM…\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART

O4 - HKLM…\Run: [PayTime] C:\WINDOWS\System32\paytime.exe

O4 - HKLM…\Run: [farmmext] C:\WINDOWS\farmmext.exe

O4 - HKLM…\Run: [afnurum] c:\windows\system32\afnurum.exe

O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray

O4 - HKCU…\Run: [Komunikator] C:\Program Files\Tlen.pl\tlen.exe

O4 - HKCU…\Run: [PayTime] C:\WINDOWS\System32\paytime.exe

O4 - Global Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O15 - Trusted Zone: *.iframedollars.biz

O15 - Trusted Zone: *.skoobidoo.com

O15 - Trusted Zone: *.slotchbar.com

O15 - Trusted Zone: *.windupdates.com

O15 - Trusted Zone: *.iframedollars.biz (HKLM)

O15 - Trusted Zone: *.skoobidoo.com (HKLM)

O15 - Trusted Zone: *.slotchbar.com (HKLM)

O15 - Trusted Zone: *.windupdates.com (HKLM)

dziekuje!

#2

wywalasz recznie z dysku

dalej:

wywal za pomoca fix

fixujesz to co powyzej

nastepnie usuwasz:

to od kazzy wywal i pozbadz sie kazzy—centrum wirusow

nastepnie:

O4 - Global Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe----gator–wywal go

pliki 0 15 zafixuj albo wywal je a pomoca programu:

http://www.searchengines.pl/phpbb203/in … ost&id=459

i daj raz jeszcze log

a poza tym ,gdzie ty masz programy zabezpieczajace???/

System zupelnie goly

#3

jeszcze to:

O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL

#4

To 2gi log:

Logfile of HijackThis v1.99.0

Scan saved at 15:47:32, on 2005-04-08

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Winamp\Winampa.exe

C:\WINDOWS\System32\P2P Networking\P2P Networking.exe

C:\Program Files\Gadu-Gadu\gg.exe

C:\Program Files\Tlen.pl\tlen.exe

C:\WINDOWS\System32\wuauclt.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\WinRAR\WinRAR.exe

C:\DOCUME~1\Ania\USTAWI~1\Temp\Rar$EX00.943\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM…\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM…\Run: [WinampAgent] “C:\Program Files\Winamp\Winampa.exe”

O4 - HKLM…\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM…\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART

O4 - HKLM…\Run: [PayTime] C:\WINDOWS\System32\paytime.exe

O4 - HKLM…\Run: [farmmext] C:\WINDOWS\farmmext.exe

O4 - HKLM…\Run: [afnurum] c:\windows\system32\afnurum.exe

O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray

O4 - HKCU…\Run: [Komunikator] C:\Program Files\Tlen.pl\tlen.exe

O4 - HKCU…\Run: [PayTime] C:\WINDOWS\System32\paytime.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -

O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Program Files\AutoCAD 2002\AcDcToday.ocx

O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Program Files\AutoCAD 2002\InstBanr.ocx

O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://C:\Program Files\AutoCAD 2002\InstFred.ocx

O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://skaner.mks.com.pl/SkanerOnline.cab

O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\AutoCAD 2002\AcPreview.ocx

dziekuje Ci bardzo za pomoc i prosze o jeszcze :wink:

Ps zabezpieczajacych nie mam -jakie polecasz ???( wole zaufac ekspertowi , a nie swoim przeczuciom) :slight_smile:

Pozdrawiam!

#5

kasacja w t. awaryjnym:

C:\WINDOWS\System32\P2P Networking\P2P Networking.exe

O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL

O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer)

#6

Logfile of HijackThis v1.99.0

Scan saved at 15:57:19, on 2005-04-08

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Winamp\Winampa.exe

C:\WINDOWS\System32\P2P Networking\P2P Networking.exe

C:\Program Files\Gadu-Gadu\gg.exe

C:\Program Files\Tlen.pl\tlen.exe

C:\WINDOWS\System32\wuauclt.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\WinRAR\WinRAR.exe

C:\DOCUME~1\Ania\USTAWI~1\Temp\Rar$EX00.542\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM…\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM…\Run: [WinampAgent] “C:\Program Files\Winamp\Winampa.exe”

O4 - HKLM…\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM…\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART

O4 - HKLM…\Run: [PayTime] C:\WINDOWS\System32\paytime.exe

O4 - HKLM…\Run: [farmmext] C:\WINDOWS\farmmext.exe

O4 - HKLM…\Run: [afnurum] c:\windows\system32\afnurum.exe

O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray

O4 - HKCU…\Run: [Komunikator] C:\Program Files\Tlen.pl\tlen.exe

O4 - HKCU…\Run: [PayTime] C:\WINDOWS\System32\paytime.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Program Files\AutoCAD 2002\AcDcToday.ocx

O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Program Files\AutoCAD 2002\InstBanr.ocx

O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://C:\Program Files\AutoCAD 2002\InstFred.ocx

O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://skaner.mks.com.pl/SkanerOnline.cab

O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\AutoCAD 2002\AcPreview.ocx

i co teraz?

#7

antywiry darmowe BitDefender 7 Free, AntyVir, avast! 4,6(PL) do wyboru do koloru

antyszpieg PestPatrol, Ad-aware

firewalle

Agnitum Free(PL), Sygate, Kerio(PL)

starczy :slight_smile:

skosic to jeszcze (tryb awaryjny)

O4 - HKLM…\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART

O4 - HKLM…\Run: [PayTime] C:\WINDOWS\System32\paytime.exe

O4 - HKLM…\Run: [farmmext] C:\WINDOWS\farmmext.exe

O4 - HKLM…\Run: [afnurum] c:\windows\system32\afnurum.exe

odinstalowac ten progs PayTime, P2P Networking w dodaj usun programy

recznie wywalic z dysku

C:\WINDOWS\System32\ paytime.exe

C:\WINDOWS\ armmext.exe

C:\WINDOWS\System32\ P2P Networking \P2P Networking.exe /AUTOSTART

potem skan skanerami AV

i dopiero instalujesz to co podalam na poczatku

–F-Secure–

http://support.f-secure.com/enu/home/ols.shtml

–Softwin (BitDefender)–

http://www.bitdefender.com/scan/licence.php

–Trend Micro (PC-cillin)–

http://housecall.trendmicro.com/houseca … t_corp.asp

#8

w t. awaryjnym fix:

O4 - HKLM…\Run: [PayTime] C:\WINDOWS\System32\paytime.exe

O4 - HKLM…\Run: [farmmext] C:\WINDOWS\farmmext.exe

O4 - HKLM…\Run: [afnurum] c:\windows\system32\afnurum.exe

O4 - HKCU…\Run: [PayTime] C:\WINDOWS\System32\paytime.exe

później skan:

Ad-Aware:

http://dobreprogramy.pl/index.php?dz=2&id=107&t=55

SpyBot Search&Destroy:

http://dobreprogramy.pl/index.php?dz=2&id=188&t=55

PestPatrol:

http://www.idg.pl/ftp/pobierz/pc/3538.html

Skanery:

MKS:

http://skaner.mks.com.pl/

Symantec:

http://security.symantec.com/sscv6/defa … &venid=sym

Panda:

http://www.pandasoftware.com/activescan … IdPais=152

#9

Niektóre zostały więc wejdź w tryb awaryjny i wywal:

Ręcznie

C:\WINDOWS\System32\P2P Networking\P2P Networking.exe

W hijacku

O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL

O4 - HKLM…\Run: [PayTime] C:\WINDOWS\System32\paytime.exe

O4 - HKLM…\Run: [farmmext] C:\WINDOWS\farmmext.exe

O4 - HKLM…\Run: [afnurum] c:\windows\system32\afnurum.exe

O4 - HKCU…\Run: [PayTime] C:\WINDOWS\System32\paytime.exe

O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P

Potem wklejasz loga od nowa.

Co do zabezpieczeń to:

Spyware/Aware

:arrow: CWShredder 2.14

:arrow: Spybot Search & Destroy 1.3

:arrow: Ad-aware SE Personal 1.05

:arrow:PestPatrol

Firewall

http://forum.dobreprogramy.pl/viewtopic … &highlight

Antivir

http://forum.dobreprogramy.pl/viewtopic … &highlight

#10

Logfile of HijackThis v1.99.0

Scan saved at 16:41:47, on 2005-04-08

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Winamp\Winampa.exe

C:\Program Files\Gadu-Gadu\gg.exe

C:\Program Files\Tlen.pl\tlen.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\WinRAR\WinRAR.exe

C:\DOCUME~1\Ania\USTAWI~1\Temp\Rar$EX00.944\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM…\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM…\Run: [WinampAgent] “C:\Program Files\Winamp\Winampa.exe”

O4 - HKLM…\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray

O4 - HKCU…\Run: [Komunikator] C:\Program Files\Tlen.pl\tlen.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Program Files\AutoCAD 2002\AcDcToday.ocx

O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Program Files\AutoCAD 2002\InstBanr.ocx

O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://C:\Program Files\AutoCAD 2002\InstFred.ocx

O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://skaner.mks.com.pl/SkanerOnline.cab

O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\AutoCAD 2002\AcPreview.ocx

#11

OK :smiley: :smiley: :smiley: :smiley: :smiley:

#12

Log czysty

Start=>Uruchom=>Wpisz polecenie msconfig=>Zakładka Uruchamianie i odchacz:

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe 

O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

Zainstaluj sp2

#13

kosmetyka—log oko! !!

Masz jeszcze jakis problem?

#14

juuz chyba ( nie znam sie jeszcze na tym:) wszystko ok:)

dziekuje baaardzo za pomoc:)

dziekuje! !!

#15

aniu zainstaluj sobie koniecznie cos z tego:

http://www.dobreprogramy.pl/index.php?dz=1&t=30

i z tego:

http://www.dobreprogramy.pl/index.php?dz=1&t=55

Masz goly system :slight_smile: