Biały pulpit, menedżer wyłaczony

kRZYS_511557443 · 3 Marzec 2009 18:41

Jak w temacie, kliknąłem w jakiś plik z netu antywirus się włączył i go usunął.

Ale zmieniła mi się tapeta na białą, kiedy kliknę ppm to mam menu ze strony web zamiast ekranowego. W panelu sterowania nie idzie zmienić tapety. Menedzer zadań wyłączony (ctrl+alt+delete - menedżer zadań został wyłączony…)

Tematy były podobne wiec od razu daję logi bo pewnie na ty się będzie to opierać.

HJ

Logfile of HijackThis v1.99.1

Scan saved at 19:39:35, on 2009-03-03

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)


Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\CTSvcCDA.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\PowerS.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\RALINK\RT2500 Wireless LAN Card\Installer\WINXP\RaConfig2500.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\Program Files\Winamp\winamp.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Gadu-Gadu\gg.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Documents and Settings\Krzyś\Pulpit\programy systemowe\HijackThis.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wp.pl/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [PowerS] C:\WINDOWS\PowerS.exe

O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM\..\RunOnce: [MyWebSearch bar Uninstall] rundll32 C:\PROGRA~1\UNINST~1.DLL,O -2

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Global Startup: RaConfig2500.lnk = C:\Program Files\RALINK\RT2500 Wireless LAN Card\Installer\WINXP\RaConfig2500.exe

O8 - Extra context menu item: &Ściągnij przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_link.htm

O8 - Extra context menu item: &Ściągnij wszystko przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_all.htm

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe

O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: Code Composer Studio Platinum v3.1 Evaluation Tools - Texas Instruments - C:\Program Files\Common Files\Texas Instruments Shared\Service\ccstudio31FET.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

Sl

http://www.wklej.org/id/59713/

huber2t · 4 Marzec 2009 04:34

Podaj log z Combofix

Logi dajesz na http://wklej.eu lub na http://wklej.org a w poście dajesz tylko link

kRZYS_511557443 · 4 Marzec 2009 10:17

Error

Some installation files are corrupt.

Please download a fresh copy and retry the instalation

OK

Ikonka CF na pasku zadań i jakiś pasek postepu zielony którego zamknąć nie można a po za tym nic się nie dzieje.

Deckard's System Scanner

Page not found

jessica · 4 Marzec 2009 10:24

Spróbuj w Trybie Awaryjnym.

Jeśli się nie uda, to na dobry początek dasz albo log z > RSIT - http://www.hotfix.pl/articles.php?article_id=78

albo log z >DDS.

jessi

kRZYS_511557443 · 4 Marzec 2009 18:40

RSIT

http://www.wklej.org/id/60091/

jessica · 4 Marzec 2009 18:57

Najpierw zajmij się Rootkitem w sektorze MBR dysku:

Użyj (w Trybie Awaryjnym) -->SDFix. (niżej na stronie linku).

Pokaż Report.txt znajdujący się w folderze SDFix.

Daj log z > mbr.exe >http://www.searchengines.pl/index.php?show…mp;#entry470953 (scan trwa tylko 2 sekundy).

Przy okazji usuń ten nieznany sterownik:

>>Start >>> Uruchom >>> wybierz (lub wpisz) cmd >> zastosować te komendy (po każdej wciśnij “ENTER”):

Czyli dasz tu:

raport SDFix

log mbr.exe

log z RSIT

jessi

kRZYS_511557443 · 4 Marzec 2009 20:38

SDFix

http://www.wklej.org/id/60179/

mbr.exe

http://www.wklej.org/id/60184/

RSIT

http://www.wklej.org/id/60187/

Menedżer jush działa =D>

Pulpit zmieniony

A jak dokładnie usunąć ten sterownik bo mi pisze

Okre

jessica · 4 Marzec 2009 21:08

Uruchom OTmoveIt3, w oknie instrukcji (po lewej) wklej:

:Files

C:\WINDOWS\system32\frmwrk32.exe

C:\32788R22FWJFW

C:\WINDOWS\system32\drivers\a1lnc3la.sys

C:\ComboFix.exe


:Services

a1lnc3la.sys

ac73gbaj


:Reg

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"Tweak UI"=-

"nwiz"=-

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ElbyCheckElbyCDFL]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Framework Windows]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{35517270-f3e6-11db-8f0e-0008a1872800}]


:Commands

[emptytemp]

[Reboot]

Klik w “MoveIt” i daj z tego narzędzia log .

Oraz z RSIT.

jessi

kRZYS_511557443 · 6 Marzec 2009 18:46

MoveIt

========== FILES ==========

File/Folder C:\WINDOWS\system32\frmwrk32.exe not found.

C:\32788R22FWJFW moved successfully.

File/Folder C:\WINDOWS\system32\drivers\a1lnc3la.sys not found.

C:\ComboFix.exe moved successfully.

========== SERVICES/DRIVERS ==========

Unable to stop service a1lnc3la.sys .

Unable to stop service ac73gbaj .

========== REGISTRY ==========

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Tweak UI deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\nwiz deleted successfully.

Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ElbyCheckElbyCDFL\\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Framework Windows\\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz\\ deleted successfully.

Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{35517270-f3e6-11db-8f0e-0008a1872800}\\ deleted successfully.

========== COMMANDS ==========

File delete failed. C:\DOCUME~1\KRZY~1\USTAWI~1\Temp\etilqs_tUgRpXLDhTFAFSHGZSyJ scheduled to be deleted on reboot.

File delete failed. C:\DOCUME~1\KRZY~1\USTAWI~1\Temp\Perflib_Perfdata_16c.dat scheduled to be deleted on reboot.

User's Temp folder emptied.

User's Temporary Internet Files folder emptied.

User's Internet Explorer cache folder emptied.

Local Service Temp folder emptied.

Local Service Temporary Internet Files folder emptied.

File delete failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot.

File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_7b8.dat scheduled to be deleted on reboot.

Windows Temp folder emptied.

Java cache emptied.

File delete failed. C:\Documents and Settings\Krzyś\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\s6gu7ayp.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Krzyś\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\s6gu7ayp.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Krzyś\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\s6gu7ayp.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Krzyś\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\s6gu7ayp.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Krzyś\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\s6gu7ayp.default\urlclassifier3.sqlite scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Krzyś\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\s6gu7ayp.default\XUL.mfl scheduled to be deleted on reboot.

FireFox cache emptied.

Temp folders emptied.


OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 03062009_194132

RSIT w poście wyżej :!: