Explorer.exe i

system · 27 Wrzesień 2009 17:08

Witam. Mam dwa wirusy. Jeden nazywa się EXPLORER.EXE - nie jest zbyt groźny. Blokuje mi niektóre gry , np. C.S. 1.6. i można go wyłączyć w menadżerze zadań (ale muszę to robić po każdy uruchomieniu PC ). I wirus PresentationFontCache.exe - natomias ten używa mi 50 % procesora. Również mogę go wyłączyć w menadżerze zadań (też przy każdym uruchomieniu PC).

Logi HijackThis :

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 19:07:24, on 2009-09-27

Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\EXPLORER.EXE

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\WScript.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe

C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\taskmgr.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

F2 - REG:system.ini: UserInit=userinit.exe,EXPLORER.EXE

O1 - Hosts: 5.199.208.11 pes09pcgate-e.winning-eleven.net

O1 - Hosts: 5.199.208.11 pes2009web.winning-eleven.net

O1 - Hosts: stun.xten.com pes7stun-e.winning-eleven.net

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: IEPluginBHO - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Documents and Settings\Seru\Dane aplikacji\Nowe Gadu-Gadu_userdata\ggbho.1.dll

O4 - HKLM…\Run: [startCCC] “C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe” MSRun

O4 - HKLM…\Run: [MSRegInfo] C:\WINDOWS\pagefile.sys.vbs

O4 - HKLM…\Run: [PPort11reminder] “C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe” -r "C:\Documents and Settings\All Users\Dane aplikacji\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini

O4 - HKCU…\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU…\Run: [wsctf.exe] wsctf.exe

O4 - HKCU…\Run: [EXPLORER.EXE] EXPLORER.EXE

O4 - HKCU…\Run: [RGSC] D:\Gry\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent

O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘SYSTEM’)

O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘Default user’)

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s … wflash.cab

O17 - HKLM\System\CCS\Services\Tcpip…{1AB77D7E-07A0-4556-A0FC-012BF9B50EB0}: NameServer = 10.12.114.1,153.19.250.100

O17 - HKLM\System\CS1\Services\Tcpip…{1AB77D7E-07A0-4556-A0FC-012BF9B50EB0}: NameServer = 10.12.114.1,153.19.250.100

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

–

End of file - 4977 bytes

jessica · 27 Wrzesień 2009 17:34

Infekcja z zarażonego pena.

Daj log z ComboFix lub OTL

jessi