Log

Running processes:

D:\WINDOWS\System32\smss.exe

D:\WINDOWS\system32\winlogon.exe

D:\WINDOWS\system32\services.exe

D:\WINDOWS\system32\lsass.exe

D:\WINDOWS\system32\svchost.exe

D:\WINDOWS\System32\svchost.exe

D:\WINDOWS\system32\spoolsv.exe

D:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe

D:\WINDOWS\Explorer.EXE

D:\Program Files\Common Files\LightScribe\LSSrvc.exe

D:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

D:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe

D:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

D:\WINDOWS\system32\ctfmon.exe

D:\Program Files\RALINK\Common\RaUI.exe

D:\Program Files\OneStepSrch\onestep.exe

C:\Vista Inspirat 2\RocketDock\RocketDock.exe

D:\WINDOWS\system32\IoctlSvc.exe

D:\Program Files\OneStepSrch\onestep.exe

D:\WINDOWS\system32\wscntfy.exe

C:\foobar2000\foobar2000.exe

C:\Gadu-Gadu\gg.exe

C:\Winamp\winamp.exe

D:\Program Files\Mozilla Firefox\firefox.exe

D:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.atcomet.com/b/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

R3 - URLSearchHook: (no name) - {0A94B116-4504-4e26-AB05-E61E474AA38B} - D:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL (file missing)

R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - D:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL (file missing)

R3 - URLSearchHook: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - D:\Program Files\free-downloads.net\tbfree.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Ask Search Assistant BHO - {0A94B111-4504-4e26-AB05-E61E474AA38B} - (no file)

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - (no file)

O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - D:\Program Files\free-downloads.net\tbfree.dll

O2 - BHO: AlxTB BHO - {F1FABE79-25FC-46de-8C5A-2C6DB9D64333} - (no file)

O2 - BHO: Ask Toolbar BHO - {F4D76F01-7896-458a-890F-E1F05C46069F} - D:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL

O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - (no file)

O3 - Toolbar: Ask Toolbar - {F4D76F09-7896-458a-890F-E1F05C46069F} - D:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL

O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - D:\Program Files\free-downloads.net\tbfree.dll

O3 - Toolbar: Alexa - {3CEFF6CD-6F08-4e4d-BCCD-FF7415288C3B} - D:\WINDOWS\system32\SHDOCVW.DLL

O4 - HKLM…\Run: [sony Ericsson PC Suite] “D:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe” /startoptions

O4 - HKLM…\Run: [Resume copy] copyfstq.exe /startup

O4 - HKLM…\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM…\Run: [egui] “D:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe” /hide /waitservice

O4 - HKLM…\Run: [sunJavaUpdateSched] “D:\Program Files\Java\jre1.6.0_07\bin\jusched.exe”

O4 - HKCU…\Run: [NBJ] “D:\Program Files\Nero\Nero8\Nero BackItUp\NBJ.exe”

O4 - HKCU…\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19…\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User ‘USŁUGA LOKALNA’)

O4 - HKUS\S-1-5-20…\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User ‘USŁUGA SIECIOWA’)

O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’)

O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’)

O4 - Startup: RocketDock.lnk = C:\Vista Inspirat 2\RocketDock\RocketDock.exe

O4 - Global Startup: Ralink Wireless Utility.lnk = D:\Program Files\RALINK\Common\RaUI.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O8 - Extra context menu item: Alexa Web Search - http://client.alexa.com/holiday/script/ … search.htm

O8 - Extra context menu item: Get Alexa Data - http://client.alexa.com/holiday/script/ … tedata.htm

O8 - Extra context menu item: Mail to a Friend… - http://client.alexa.com/holiday/script/ … mailto.htm

O8 - Extra context menu item: See Related Links - http://client.alexa.com/holiday/script/ … elated.htm

O8 - Extra context menu item: Write a Review… - http://client.alexa.com/holiday/script/ … review.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - D:\Program Files\Paltalk Messenger\Paltalk.exe

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINDOWS\system32\shdocvw.dll

O9 - Extra ‘Tools’ menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINDOWS\system32\shdocvw.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe

O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe

O18 - Protocol: wpmsg - {2E0AC5A0-3597-11D6-B3ED-0001021DC1C3} - D:\Program Files\Spik\url_wpmsg.dll (file missing)

O20 - Winlogon Notify: winemx32 - winemx32.dll (file missing)

O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - D:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe

O23 - Service: Eset Service (ekrn) - ESET - D:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - D:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - D:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: OneStepSrch Service - Unknown owner - D:\Program Files\OneStepSrch\onestep.exe

O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - D:\WINDOWS\system32\IoctlSvc.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - D:\Program Files\WinPcap\rpcapd.exe

End of file - 7190 bytes

czy ktoś mógłby napisać czy wszytko jest dobrze i co usunąć, z góry dzięki. :smiley:

Podaj log z Combofix

Logi dajesz na http://wklej.eu lub na http://wklej.org a w poście dajesz tylko link

http://wklej.eu/index.php?id=abb14dfd75

a teraz 8) ?

Teraz jest lepiej :slight_smile:

Pobierz ComboFix, ale nie uruchamiaj

Wklej do notatnika:

File::


Folder::

D:\FOUND.399 

D:\FOUND.398 

D:\FOUND.397 

D:\FOUND.396 

D:\FOUND.395 

D:\FOUND.394 

D:\FOUND.393 

D:\FOUND.392 

D:\FOUND.391 

D:\FOUND.390 

D:\FOUND.389

d:\program files\OneStepSrch

d:\program files\AskTBa


Driver::

OneStepSrch Service


Registry::

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 

"Sony Ericsson PC Suite"=-

"SunJavaUpdateSched"=-

"Resume copy"=-

Plik -> zapisz jako -> CFScript.txt.

Przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe tak jak tu->

cfscript10uc2.gif

Rozpocznie się usuwanie i powstanie log, który dasz na forum.

Logi dajesz na http://wklej.eu lub na http://wklej.org a w poście dajesz tylko link

romeo-i-julia ,

Proszę zapoznać się z tematem Ważny komunikat dotyczący tytułowania tematów i poprawić tytuł na konkretny, oraz dokładnie opisać problem. W celu dokonania zaleconej korekty - proszę użyć przycisku ac7a4cd89050aa6e.gif

Zignorowanie zalecenia będzie skutkowało usunięciem tematu do Kosza.