Pomoc w usunięciu heur.w32

mefpef · 16 Styczeń 2012 16:17

Witam od dziś mam problem właśnie z tym wirusem. Niżej wklejam logi z hijacka i combofixa

ComboFix 12-01-16.02 - Mateusz 2012-01-16 17:00:19.1.2 - x86 Microsoft Windows 7 Ultimate 6.1.7600.0.1250.48.1045.18.3071.1963 [GMT 1:00] Uruchomiony z: c:\users\Mateusz\AppData\Local\Temp\7ZipSfx.000\ComboFix_www.INSTALKI.pl_.exe SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\prefs.js c:\program files\StartSearch plugin c:\program files\StartSearch plugin\IEhelperActiveX.dll c:\program files\StartSearch plugin\ssBarLcher.dll c:\program files\StartSearch plugin\StartBar.dll c:\program files\StartSearch plugin\uninst.exe c:\program files\StartSearch plugin\vshareplg.crx c:\users\Mateusz\AppData\Local\assembly\tmp c:\windows\pkunzip.pif c:\windows\pkzip.pif c:\windows\system32\28463 c:\windows\system32\28463\OJEA.001 c:\windows\system32\28463\OJEA.002 c:\windows\system32\28463\OJEA.007 c:\windows\system32\28463\OJEA.009 . . ((((((((((((((((((((((((( Pliki utworzone od 2011-12-16 do 2012-01-16 ))))))))))))))))))))))))))))))) . . 2012-01-16 16:03 . 2012-01-16 16:03 -------- d-----w- c:\users\Mateusz\AppData\Local\temp 2012-01-16 16:03 . 2012-01-16 16:03 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-01-16 15:31 . 2012-01-16 15:39 -------- d-----w- c:\program files\SkanerOnline 2012-01-16 15:15 . 2012-01-16 14:26 16432 ----a-w- c:\windows\system32\lsdelete.exe 2012-01-16 15:15 . 2012-01-16 15:20 2558 —ha-w- C:\aaw7boot.cmd 2012-01-16 14:26 . 2012-01-16 14:26 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2012-01-16 14:18 . 2012-01-16 14:18 -------- d-----w- c:\programdata\Lavasoft 2012-01-16 14:18 . 2012-01-16 14:18 -------- d-----w- c:\program files\Lavasoft 2012-01-16 14:18 . 2012-01-16 14:18 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates{B36527F1-B262-4F24-B4E1-69129F322176}\offreg.dll 2012-01-16 14:11 . 2012-01-16 14:11 388096 ----a-r- c:\users\Mateusz\AppData\Roaming\Microsoft\Installer{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2012-01-16 14:11 . 2012-01-16 14:11 -------- d-----w- c:\program files\Trend Micro 2012-01-16 13:32 . 2012-01-16 13:32 -------- d-----w- c:\windows\system32\Wat 2012-01-16 13:24 . 2009-09-10 05:52 257024 ----a-w- c:\windows\system32\msv1_0.dll 2012-01-16 13:22 . 2009-11-25 11:47 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll 2012-01-16 13:22 . 2009-11-25 11:47 49472 ----a-w- c:\windows\system32\netfxperf.dll 2012-01-16 13:22 . 2009-11-25 11:47 297808 ----a-w- c:\windows\system32\mscoree.dll 2012-01-16 13:22 . 2009-11-25 11:47 295264 ----a-w- c:\windows\system32\PresentationHost.exe 2012-01-16 13:22 . 2009-11-25 11:47 1130824 ----a-w- c:\windows\system32\dfshim.dll 2012-01-16 13:16 . 2010-02-11 07:10 293376 ----a-w- c:\windows\system32\browserchoice.exe 2012-01-16 13:16 . 2010-03-04 03:57 190976 ----a-w- c:\windows\system32\drivers\ks.sys 2012-01-16 13:15 . 2010-09-14 06:07 276992 ----a-w- c:\windows\system32\wcncsvc.dll 2012-01-16 09:13 . 2010-06-29 05:02 1413632 ----a-w- c:\windows\system32\ole32.dll 2012-01-16 09:13 . 2010-06-29 04:57 4247040 ----a-w- c:\program files\Windows NT\Accessories\wordpad.exe 2012-01-16 09:12 . 2009-09-26 05:58 194488 ----a-w- c:\windows\system32\drivers\fvevol.sys 2012-01-16 09:12 . 2011-04-29 02:57 311296 ----a-w- c:\windows\system32\drivers\srv.sys 2012-01-16 09:12 . 2011-04-29 02:57 309760 ----a-w- c:\windows\system32\drivers\srv2.sys 2012-01-16 09:12 . 2011-04-29 02:57 114176 ----a-w- c:\windows\system32\drivers\srvnet.sys 2012-01-16 09:12 . 2011-04-25 02:35 338944 ----a-w- c:\windows\system32\drivers\afd.sys 2012-01-16 09:12 . 2011-09-29 15:43 1285488 ----a-w- c:\windows\system32\drivers\tcpip.sys 2012-01-16 09:12 . 2010-08-21 05:32 316928 ----a-w- c:\windows\system32\spoolsv.exe 2012-01-16 09:12 . 2011-11-17 05:41 1288984 ----a-w- c:\windows\system32\ntdll.dll 2012-01-16 09:12 . 2011-02-18 05:33 31232 ----a-w- c:\windows\system32\prevhost.exe 2012-01-16 09:12 . 2011-02-18 05:36 428032 ----a-w- c:\windows\system32\vbscript.dll 2012-01-16 09:10 . 2011-03-03 05:29 132608 ----a-w- c:\windows\system32\dnsrslvr.dll 2012-01-16 09:10 . 2011-03-03 05:27 28672 ----a-w- c:\windows\system32\dnscacheugc.exe 2012-01-16 09:10 . 2011-02-19 05:32 34304 ----a-w- c:\windows\system32\atmlib.dll 2012-01-16 09:10 . 2011-02-19 03:37 294912 ----a-w- c:\windows\system32\atmfd.dll 2012-01-16 09:09 . 2011-10-01 04:43 708608 ----a-w- c:\program files\Common Files\System\wab32.dll 2012-01-16 09:09 . 2010-07-29 06:30 197632 ----a-w- c:\windows\system32\ir32_32.dll 2012-01-16 09:09 . 2010-07-29 06:30 82944 ----a-w- c:\windows\system32\iccvid.dll 2012-01-16 09:09 . 2009-10-28 06:17 285696 ----a-w- c:\windows\system32\winlogon.exe 2012-01-16 09:09 . 2010-08-26 04:39 109056 ----a-w- c:\windows\system32\t2embed.dll 2012-01-16 09:09 . 2010-10-12 04:25 516096 ----a-w- c:\program files\Windows Mail\wab.exe 2012-01-16 09:09 . 2010-08-04 06:17 417792 ----a-w- c:\windows\system32\msdri.dll 2012-01-16 09:07 . 2011-04-27 02:33 78336 ----a-w- c:\windows\system32\drivers\dfsc.sys 2012-01-16 09:07 . 2011-05-03 04:50 740864 ----a-w- c:\windows\system32\inetcomm.dll 2012-01-16 09:07 . 2009-09-03 07:04 1320960 ----a-w- c:\windows\system32\CertEnroll.dll 2012-01-16 09:07 . 2009-08-19 07:20 442920 ----a-w- c:\windows\system32\winresume.exe 2012-01-16 09:07 . 2009-08-19 07:20 507568 ----a-w- c:\windows\system32\winload.exe 2012-01-16 09:07 . 2010-03-05 07:42 67584 ----a-w- c:\windows\system32\asycfilt.dll 2012-01-16 09:07 . 2010-08-21 05:33 530432 ----a-w- c:\windows\system32\comctl32.dll 2012-01-16 09:07 . 2010-08-31 04:32 954752 ----a-w- c:\windows\system32\mfc40.dll 2012-01-16 09:07 . 2010-08-31 04:32 954288 ----a-w- c:\windows\system32\mfc40u.dll 2012-01-16 09:05 . 2011-02-12 05:30 191488 ----a-w- c:\windows\system32\FXSCOVER.exe 2012-01-16 09:04 . 2011-10-26 04:28 1328640 ----a-w- c:\windows\system32\quartz.dll 2012-01-16 09:03 . 2010-11-02 04:35 1170944 ----a-w- c:\windows\system32\d3d10warp.dll 2012-01-16 09:02 . 2010-01-18 23:29 85504 ----a-w- c:\windows\system32\secproc_ssp_isv.dll 2012-01-16 08:57 . 2011-02-03 05:45 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys 2012-01-16 08:57 . 2010-11-02 04:46 728448 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys 2012-01-16 08:57 . 2010-11-02 04:23 107520 ----a-w- c:\windows\system32\cdd.dll 2012-01-16 08:52 . 2011-11-21 10:47 6823496 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates{B36527F1-B262-4F24-B4E1-69129F322176}\mpengine.dll 2012-01-15 16:29 . 2009-12-29 06:55 172032 ----a-w- c:\windows\system32\wintrust.dll 2012-01-15 16:29 . 2010-01-09 06:52 132608 ----a-w- c:\windows\system32\cabview.dll 2012-01-12 19:32 . 2012-01-12 19:32 -------- d-----w- c:\program files\Asprate 2012-01-12 18:35 . 2012-01-12 18:35 -------- d-----w- c:\windows\system\1033 2012-01-11 18:24 . 2012-01-13 14:09 -------- d-----w- c:\program files\Tasker 2011-12-22 14:49 . 2012-01-16 15:15 -------- d-----w- c:\program files\Application Updater 2011-12-22 14:49 . 2011-12-22 14:49 -------- d-----w- c:\program files\YouTube Downloader Toolbar 2011-12-22 14:49 . 2011-12-22 14:49 -------- d-----w- c:\program files\Common Files\Spigot . . . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-12-14 11:55 . 2011-12-14 11:55 686416 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll 2011-11-20 14:00 . 2011-11-20 14:00 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll 2011-11-20 14:00 . 2011-11-20 14:00 686400 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll 2011-11-15 13:29 . 2011-09-19 19:01 222080 ------w- c:\windows\system32\MpSigStub.exe 2011-11-11 19:06 . 2011-11-11 19:06 239168 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys 2011-11-02 16:07 . 2011-11-02 16:07 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-10-31 11:12 . 2011-10-31 11:01 83872 ----a-w- c:\windows\system32\drivers\atksgt.sys 2011-10-31 11:12 . 2011-10-31 11:01 25888 ----a-w- c:\windows\system32\drivers\lirsgt.sys 2011-10-26 03:03 . 2011-10-26 03:03 8853504 ----a-w- c:\windows\system32\drivers\atikmdag.sys 2011-10-26 02:06 . 2011-10-26 02:06 159744 ----a-w- c:\windows\system32\atiapfxx.exe 2011-10-26 02:05 . 2011-07-28 21:40 748544 ----a-w- c:\windows\system32\aticfx32.dll 2011-10-26 02:01 . 2011-10-26 02:01 466944 ----a-w- c:\windows\system32\ATIDEMGX.dll 2011-10-26 02:01 . 2011-10-26 02:01 417792 ----a-w- c:\windows\system32\atieclxx.exe 2011-10-26 02:00 . 2011-10-26 02:00 176128 ----a-w- c:\windows\system32\atiesrxx.exe 2011-10-26 01:59 . 2011-10-26 01:59 18757120 ----a-w- c:\windows\system32\atioglxx.dll 2011-10-26 01:59 . 2011-10-26 01:59 159744 ----a-w- c:\windows\system32\atitmmxx.dll 2011-10-26 01:59 . 2011-10-26 01:59 356352 ----a-w- c:\windows\system32\atipdlxx.dll 2011-10-26 01:59 . 2011-10-26 01:59 278528 ----a-w- c:\windows\system32\Oemdspif.dll 2011-10-26 01:58 . 2011-10-26 01:58 20992 ----a-w- c:\windows\system32\atimuixx.dll 2011-10-26 01:58 . 2011-10-26 01:58 43520 ----a-w- c:\windows\system32\ati2edxx.dll 2011-10-26 01:55 . 2009-07-13 22:09 4292096 ----a-w- c:\windows\system32\atidxx32.dll 2011-10-26 01:43 . 2011-10-26 01:43 1828864 ----a-w- c:\windows\system32\atiumdmv.dll 2011-10-26 01:38 . 2011-10-26 01:38 46080 ----a-w- c:\windows\system32\aticalrt.dll 2011-10-26 01:38 . 2011-10-26 01:38 44032 ----a-w- c:\windows\system32\aticalcl.dll 2011-10-26 01:35 . 2011-10-26 01:35 4353536 ----a-w- c:\windows\system32\atiumdag.dll 2011-10-26 01:34 . 2011-10-26 01:34 8449024 ----a-w- c:\windows\system32\aticaldd.dll 2011-10-26 01:32 . 2011-10-26 01:32 4189184 ----a-w- c:\windows\system32\atiumdva.dll 2011-10-26 01:29 . 2011-07-28 21:01 52736 ----a-w- c:\windows\system32\coinst.dll 2011-10-26 01:22 . 2011-10-26 01:22 339968 ----a-w- c:\windows\system32\atiadlxx.dll 2011-10-26 01:22 . 2011-10-26 01:22 14336 ----a-w- c:\windows\system32\atiglpxx.dll 2011-10-26 01:22 . 2011-10-26 01:22 32768 ----a-w- c:\windows\system32\atigktxx.dll 2011-10-26 01:21 . 2011-10-26 01:21 264192 ----a-w- c:\windows\system32\drivers\atikmpag.sys 2011-10-26 01:21 . 2011-07-28 20:53 31744 ----a-w- c:\windows\system32\atiuxpag.dll 2011-10-26 01:20 . 2011-10-26 01:20 29184 ----a-w- c:\windows\system32\atiu9pag.dll 2011-10-26 01:20 . 2011-10-26 01:20 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll 2011-10-26 01:15 . 2011-10-26 01:15 53760 ----a-w- c:\windows\system32\atimpc32.dll 2011-10-26 01:15 . 2011-10-26 01:15 53760 ----a-w- c:\windows\system32\amdpcom32.dll 2011-10-25 20:21 . 2011-10-25 20:21 56832 ----a-w- c:\windows\system32\OpenVideo.dll 2011-10-25 20:21 . 2011-10-25 20:21 56832 ----a-w- c:\windows\system32\OVDecoder.dll 2011-10-25 20:20 . 2011-10-25 20:20 13950464 ----a-w- c:\windows\system32\amdocl.dll 2011-10-21 06:51 . 2011-09-19 19:42 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl . . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 . [HKEY_LOCAL_MACHINE~\Browser Helper Objects{DF925EF3-7A87-44E4-9CAF-8D7B280BF616}] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension] @="{CDC95B92-E27C-4745-A8C5-64A52A78855D}" [HKEY_CLASSES_ROOT\CLSID{CDC95B92-E27C-4745-A8C5-64A52A78855D}] 2011-05-30 16:50 21864 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] “ConsentPromptBehaviorAdmin”= 5 (0x5) “ConsentPromptBehaviorUser”= 3 (0x3) “EnableLUA”= 0 (0x0) “EnableUIADesktopToggle”= 0 (0x0) “PromptOnSecureDesktop”= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @=“Service” . R2 gupdate;Usługa Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-10-22 136176] R3 gupdatem;Usługa Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-10-22 136176] R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2011-03-28 4323256] R3 WatAdminSvc;Usługa Technologie aktywacji systemu Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2012-01-16 1343400] R4 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-10-25 291840] S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-11-11 239168] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-10-26 176128] S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [2011-06-24 39424] S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [2010-11-09 21992] S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2011-07-06 89376] S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2012-01-16 2152152] S3 amdiox86;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox86.sys [2010-02-18 37944] S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-10-26 8853504] S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-10-26 264192] S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2011-06-06 211984] S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [2011-12-23 15232] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-08-20 189440] S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2010-01-11 1119232] . . — Inne Usługi/Sterowniki w Pamięci — . *NewlyCreated* - LAVASOFT_KERNEXPLORER . Zawartość folderu ‘Zaplanowane zadania’ . 2012-01-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-10-22 13:05] . 2012-01-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-10-22 13:05] . 2012-01-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4062272068-3305331029-3745420222-1001Core.job - c:\users\Mateusz\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-19 18:39] . 2012-01-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4062272068-3305331029-3745420222-1001UA.job - c:\users\Mateusz\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-19 18:39] . . ------- Skan uzupełniający ------- . uStart Page = hxxp://startsear.ch/?aff=2&cf=f6691768- … 5b39161451 mStart Page = hxxp://startsear.ch/?aff=2&cf=f6691768- … 5b39161451 IE: Ściągnij przez IDM - c:\program files\Internet Download Manager\IEExt.htm IE: Ściągnij wszystkie linki przez IDM - c:\program files\Internet Download Manager\IEGetAll.htm TCP: DhcpNameServer = 192.168.250.1 . - - - - USUNIĘTO PUSTE WPISY - - - - . MSConfigStartUp-SearchSettings - c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe AddRemove-LiveVDO plugin - c:\program files\StartSearch plugin\uninst.exe . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc] “ImagePath”=“c:\windows\system32\GameMon.des -service” . --------------------- ZABLOKOWANE KLUCZE REJESTRU --------------------- . [HKEY_USERS\S-1-5-21-4062272068-3305331029-3745420222-1001_Classes\CLSID{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}] @Denied: (Full) (Everyone) @Allowed: (Read) (RestrictedCode) “scansk”=hex(0):33,40,a1,dd,c7,a7,17,87,cf,c3,1d,a9,24,a0,de,22,a8,8b,44,16,98, 20,7a,93,a9,86,70,ea,c0,0a,4a,28,eb,72,f9,5b,65,43,4a,8f,00,00,00,00,00,00,\ . [HKEY_USERS\S-1-5-21-4062272068-3305331029-3745420222-1001_Classes\CLSID{77d40f65-37e4-40f4-8bda-d56578eab130}] @Denied: (Full) (Everyone) @Allowed: (Read) (RestrictedCode) “Model”=dword:00000163 “Therad”=dword:00000009 “MData”=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a, 1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\ . [HKEY_USERS\S-1-5-21-4062272068-3305331029-3745420222-1001_Classes\CLSID{7B8E9164-324D-4A2E-A46D-0165FB2000EC}] @Denied: (Full) (Everyone) “scansk”=hex(0):13,4a,d8,c9,c3,4f,32,e0,3b,b8,75,26,b2,32,96,f7,63,91,23,fd,c3, 31,e0,b7,bf,28,31,7f,8a,a2,99,9b,37,8a,27,1a,9e,bc,20,58,00,00,00,00,00,00,\ . [HKEY_USERS\S-1-5-21-4062272068-3305331029-3745420222-1001_Classes\CLSID{84669e0a-3b07-455a-8e1d-f497dfa2250b}] @Denied: (Full) (Everyone) @Allowed: (Read) (RestrictedCode) “Model”=dword:00000118 “Therad”=dword:00000014 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Czas ukończenia: 2012-01-16 17:04:29 ComboFix-quarantined-files.txt 2012-01-16 16:04 . Przed: 10 816 724 992 bajtów wolnych Po: 11 617 566 720 bajtów wolnych . - - End Of File - - 4DC73A9755D9D19A797BBCB45222718D

HIJACKTHIS

Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 17:15:59, on 2012-01-16 Platform: Windows 7 (WinNT 6.00.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16912) Boot mode: Normal Running processes: C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\Windows\system32\Dwm.exe C:\Program Files\Internet Download Manager\IDMan.exe C:\Windows\explorer.exe C:\Users\Mateusz\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Mateusz\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Mateusz\AppData\Local\Google\Chrome\Application\chrome.exe C:\Program Files\Gadu-Gadu 10\gg.exe C:\Users\Mateusz\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\system32\rundll32.exe C:\Users\Mateusz\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Mateusz\AppData\Local\Google\Chrome\Application\chrome.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://startsear.ch/?aff=2&cf=f6691768- … 5b39161451 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://startsear.ch/?aff=2&cf=f6691768- … 5b39161451 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: IplexToALLPlayer - {DF925EF3-7A87-44E4-9CAF-8D7B280BF616} - C:\PROGRA~1\ALLPLA~1\Iplex\IPLEXT~1.DLL O8 - Extra context menu item: Ściągnij przez IDM - C:\Program Files\Internet Download Manager\IEExt.htm O8 - Extra context menu item: Ściągnij wszystkie linki przez IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe O23 - Service: Usługa Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Usługa Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft Limited - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing) – End of file - 3182 bytes

kargulec10 · 16 Styczeń 2012 19:29

Przeskanuj komputer Malwarebytes Anti-Malware i Comodo Cleaning Essentials

http://www.dobreprogramy.pl/Malwarebyte … 13117.html

http://www.dobreprogramy.pl/Comodo-Clea … 29620.html

W comodo wejdź w ustawienia i ustaw herustics na high i zaznacz scan for suspicious MBR modifications

Jakbyś czegoś nie wiedział to poradnik :

http://forums.comodo.com/polski-polish/ … 935.0.html

Wyczyść system i rejestr CCleaner

http://www.dobreprogramy.pl/CCleaner,Pr … 13061.html

Jeśli comodo nie będzie się chciało uruchomić spróbuj uruchomić je w trybie agresywnym wciskasz Shift przy uruchamianiu.

mefpef · 18 Styczeń 2012 11:56

Ok, dzięki za pomoc