Problem z explorerem i reklamiarzem (?)

(Marcin Mat) #1

Witam!

  1. Dziwny mam problem i jeszcze się na taki nie natknąłem. W hijackthisie nic nie znalazłem ciekawego, Ad-aware i symantec anti-virus nic nie znalazły.

Problem jest taki, że dopóki nie wywalę procesu explorer.exe nie mogę wyświetla i ładowac większości stron internetowych (wyszukiwanie w google, nasza-klasa, itd, itd) zarówno w Firefoxie jak i IE.

Proszę o szybką pomoc. Reinstall systemu nie wchodzi w grę.

  1. Co jakiś czas sam odpala mi się IE i otwiera strony travian i jakieś inne śmieci. Podobnie j.w. nic nie znalazłem

Z góry dzięki i wiem moja wina, moja wina, moja bardzo wielka wina bo z rozpędu zainstalowałem jakiś przypadkowy setup typu 846535.exe :confused: .

(eyeti) #2

To jakiś trojan,

który jest niewykrywalny przez programy tego typu.

Wiem bo kiedyś robiłem test pewnego trojana i nawet Kaspersky i zapora ogniowa go przepuściła.

Też już nie wiem co za bardzo w tym przypadku zrobić.

Ale w ostateczności format :expressionless:

(Leon$) #3

Pobierz Combofix http://www.searchengines.pl/index.php?s … ntry395642 przeskanuj daj log

potem

Pobierz HijackThis http://forum.dobreprogramy.pl/viewtopic.php?f=16&t=36654 przeskanuj system daj log

kolejność skanu jak podałem

:slight_smile:

(Marcin Mat) #4

O mój medyceuszu złoty że tesz soga czy czegoś nie można przyznac albo i 20 :d pierwszy problem rozwiazany :D:D

i tak daje logi:

ComboFix 08-07-13.6 - Marcin 2008-07-13 22:24:39.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.2274 [GMT 2:00]

Running from: C:\Documents and Settings\Marcin\Pulpit\ComboFix.exe

* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED!!

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\WINDOWS\BMffc8db6b.txt

C:\WINDOWS\pskt.ini

C:\WINDOWS\system32\bapnkpbw.dll

C:\WINDOWS\system32\cbXNHbBR.dll

C:\WINDOWS\system32\dwxkjsac.dll

C:\WINDOWS\system32\iydvuasp.dll

C:\WINDOWS\system32\kbdlqosh.ini

C:\WINDOWS\system32\mlJAqqPF.dll

C:\WINDOWS\system32\mmkowvpv.ini

C:\WINDOWS\system32\moxdjoiv.dll

C:\WINDOWS\system32\nXENonmp.ini

C:\WINDOWS\system32\nXENonmp.ini2

C:\WINDOWS\system32\pmnoNEXn.dll

C:\WINDOWS\system32\qcxyfhgb.ini

C:\WINDOWS\system32\umohxjao.dll

C:\WINDOWS\system32\vpvwokmm.dll

C:\WINDOWS\system32\yrmdwhga.dll

.

((((((((((((((((((((((((( Files Created from 2008-06-13 to 2008-07-13 )))))))))))))))))))))))))))))))

.

2008-07-13 22:29 . 2008-07-13 22:29

2008-07-13 22:29 . 2008-07-13 22:29

2008-07-13 21:19 . 2008-07-13 21:19

2008-07-13 21:19 . 2008-07-13 21:19

2008-07-13 21:18 . 2008-07-10 14:21

2008-07-13 21:18 . 2008-07-13 21:19

2008-07-13 21:18 . 2008-07-10 12:29

2008-07-13 21:18 . 2008-07-10 14:21

2008-07-13 21:18 . 2008-07-13 21:19

2008-07-13 21:18 . 2008-07-10 14:21

2008-07-13 21:18 . 2008-07-13 21:29

2008-07-13 21:18 . 2008-07-13 21:33

2008-07-13 14:24 . 2004-08-04 02:44 221,184 --a------ C:\WINDOWS\system32\wmpns.dll

2008-07-13 13:46 . 2008-07-13 13:48

2008-07-12 18:48 . 2000-05-17 09:52 187,392 --a------ C:\WINDOWS\system32\JPGUtils.dll

2008-07-12 18:48 . 2008-07-13 22:29 24 --a------ C:\WINDOWS\LogonStudio.ini

2008-07-11 22:06 . 2008-07-13 22:06 110,419 --a------ C:\WINDOWS\BMffc8db6b.xml

2008-07-11 21:38 . 2008-07-11 21:38 0 --------- C:\WINDOWS\WB.ini

2008-07-11 21:37 . 2008-07-11 21:37

2008-07-11 21:37 . 2008-07-11 21:38 163,712 --a------ C:\WINDOWS\system32\drivers\vidstub.sys

2008-07-11 21:35 . 2008-07-11 21:35 2,277,376 --a------ C:\WINDOWS\system32\kernel1.exe

2008-07-11 21:13 . 2008-07-11 21:13

2008-07-11 20:59 . 2008-04-26 16:14 42,672 --------- C:\WINDOWS\system32\wbsys.dll

2008-07-11 20:35 . 2008-07-10 12:28 211 --ahs---- C:\BOOT.BKK

2008-07-11 20:29 . 2008-07-11 22:09

2008-07-11 20:29 . 2008-07-11 20:29

2008-07-11 20:25 . 2008-07-11 20:25

2008-07-11 17:34 . 2008-07-11 17:33 12,731 --a------ C:\WINDOWS\system32\x3daudio1_1.zip

2008-07-11 17:31 . 2005-05-26 15:34 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll

2008-07-11 17:26 . 2008-07-11 17:26

2008-07-11 17:25 . 2008-07-13 13:45

2008-07-11 17:25 . 2008-07-11 17:26

2008-07-11 17:24 . 2007-06-01 09:40 1,184,984 --a------ C:\WINDOWS\system32\wvc1dmod.dll

2008-07-11 16:11 . 2008-07-11 16:11

2008-07-10 20:56 . 2008-07-10 20:56

2008-07-10 20:40 . 2008-07-10 20:40

2008-07-10 20:34 . 2008-07-10 20:34

2008-07-10 18:59 . 2008-07-12 19:14 69 --a------ C:\WINDOWS\NeroDigital.ini

2008-07-10 18:46 . 2008-07-10 18:46 0 --a------ C:\WINDOWS\vpc32.INI

2008-07-10 18:45 . 2006-09-13 18:18 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys

2008-07-10 18:45 . 2006-09-13 18:19 21,504 --a------ C:\WINDOWS\system32\hidserv.dll

2008-07-10 18:45 . 2006-09-13 18:18 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys

2008-07-10 16:58 . 2006-09-13 18:17 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys

2008-07-10 16:58 . 2006-09-13 18:16 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys

2008-07-10 16:57 . 2008-07-10 16:57

2008-07-10 16:54 . 2008-07-10 16:54

2008-07-10 16:54 . 2008-07-10 16:57

2008-07-10 16:54 . 2008-07-10 16:54

2008-07-10 16:45 . 2008-07-10 16:45

2008-07-10 16:43 . 2001-03-08 18:30 24,064 --------- C:\WINDOWS\system32\msxml3a.dll

2008-07-10 16:42 . 2008-07-10 16:43

2008-07-10 16:17 . 2006-10-26 19:56 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll

2008-07-10 16:16 . 2008-07-10 16:16

2008-07-10 16:16 . 2008-07-10 16:16 0 --a------ C:\WINDOWS\nsreg.dat

2008-07-10 16:15 . 2008-07-10 16:15

2008-07-10 16:07 . 2008-07-10 16:07

2008-07-10 16:06 . 2008-07-10 16:14

2008-07-10 16:06 . 2008-07-13 22:28

2008-07-10 16:06 . 2008-07-10 16:06

2008-07-10 16:06 . 2008-07-10 16:06

2008-07-10 16:06 . 2008-07-10 20:40

2008-07-10 16:06 . 2008-07-10 16:06

2008-07-10 16:05 . 2008-07-10 16:16

2008-07-10 16:05 . 2008-07-10 16:06

2008-07-10 16:05 . 2008-07-10 16:05

2008-07-10 16:05 . 2008-07-10 16:05

2008-07-10 16:04 . 2008-07-10 16:04

2008-07-10 16:04 . 2008-07-10 16:17

2008-07-10 15:53 . 2008-07-10 15:53

2008-07-10 15:49 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl

2008-07-10 15:48 . 2008-07-10 15:48

2008-07-10 15:48 . 2008-07-10 15:48

2008-07-10 15:48 . 2008-07-10 16:14

2008-07-10 15:48 . 2008-07-10 15:48

2008-07-10 15:46 . 2008-07-10 15:46

2008-07-10 15:45 . 2007-04-16 22:45 43,352 --a------ C:\WINDOWS\system32\wups2.dll

2008-07-10 15:45 . 2007-04-16 22:45 38,232 --a------ C:\WINDOWS\system32\wucltui.dll.mui

2008-07-10 15:45 . 2007-04-16 22:47 30,040 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui

2008-07-10 15:45 . 2007-04-16 22:47 30,040 --a------ C:\WINDOWS\system32\wuapi.dll.mui

2008-07-10 15:45 . 2007-04-16 22:45 21,336 --a------ C:\WINDOWS\system32\wuaueng.dll.mui

2008-07-10 15:43 . 2008-07-10 16:30

2008-07-10 15:43 . 2006-12-21 15:16 288,768 --------- C:\WINDOWS\system32\rhttpaa.dll

2008-07-10 15:43 . 2006-12-21 15:16 116,736 --------- C:\WINDOWS\system32\aaclient.dll

2008-07-10 15:43 . 2006-12-21 15:16 36,352 --------- C:\WINDOWS\system32\tsgqec.dll

2008-07-10 15:41 . 2008-07-10 15:41

2008-07-10 15:40 . 2008-07-10 15:40

2008-07-10 15:40 . 2008-07-10 15:40

2008-07-10 15:40 . 2008-07-10 15:41

2008-07-10 15:40 . 2006-11-08 10:51 62,336 --------- C:\WINDOWS\system32\drivers\rspndr.sys

2008-07-10 15:40 . 2006-11-08 10:51 10,752 --------- C:\WINDOWS\system32\rspndr.exe

2008-07-10 15:39 . 2008-07-10 15:39

2008-07-10 15:39 . 2006-11-01 09:17 69,120 --------- C:\WINDOWS\system32\wlanapi.dll

2008-07-10 15:37 . 2008-07-10 15:37

2008-07-10 15:37 . 2006-05-12 06:03 6,144 --------- C:\WINDOWS\system32\kbdpash.dll

2008-07-10 15:37 . 2006-05-12 06:03 6,144 --------- C:\WINDOWS\system32\kbdnepr.dll

2008-07-10 15:37 . 2006-05-12 06:03 6,144 --------- C:\WINDOWS\system32\kbdiultn.dll

2008-07-10 15:37 . 2006-05-12 06:03 6,144 --------- C:\WINDOWS\system32\kbdbhc.dll

2008-07-10 15:35 . 2008-07-10 16:16

2008-07-10 15:34 . 2008-07-10 15:34

2008-07-10 15:33 . 2008-07-10 15:33

2008-07-10 15:33 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll

2008-07-10 15:30 . 2008-07-10 15:30

2008-07-10 15:30 . 2008-07-10 15:30

2008-07-10 15:30 . 2008-07-10 15:30

2008-07-10 15:28 . 2005-04-15 20:58 1,351,392 --a------ C:\WINDOWS\system32\COMCTL32.OCX

2008-07-10 15:28 . 2005-04-15 20:58 1,071,088 --a------ C:\WINDOWS\system32\MSCOMCTL.OCX

2008-07-10 15:28 . 2004-03-09 02:00 212,240 --a------ C:\WINDOWS\system32\RICHTX32.OCX

2008-07-10 15:28 . 2005-07-28 16:57 152,848 --a------ C:\WINDOWS\system32\COMDLG32.OCX

2008-07-10 15:28 . 2003-01-27 01:41 40,960 --a------ C:\WINDOWS\system32\SSUBTMR6.DLL

2008-07-10 15:28 . 2007-05-27 15:33 10,752 --a------ C:\WINDOWS\system32\aamd532.dll

2008-07-10 13:52 . 2008-07-10 13:52 262,144 --a------ C:\WINDOWS\system32\wrap_oal.dll

2008-07-10 13:52 . 2008-07-10 13:52 86,016 --a------ C:\WINDOWS\system32\OpenAL32.dll

2008-07-10 13:49 . 2008-07-10 13:49

2008-07-10 13:49 . 2004-10-25 20:02 21,664 --a------ C:\WINDOWS\system32\drivers\Entech.sys

2008-07-10 13:49 . 1999-11-02 10:01 6,173 --a------ C:\WINDOWS\system32\drivers\Entech.vxd

2008-07-10 13:49 . 2004-06-22 15:44 5,632 --a------ C:\WINDOWS\system32\drivers\Entech64.sys

2008-07-10 13:49 . 2001-11-19 19:05 3,972 --a------ C:\WINDOWS\system32\drivers\PciBus.sys

2008-07-10 13:47 . 2008-07-10 13:47

2008-07-10 13:44 . 2008-07-10 13:44

2008-07-10 13:44 . 2008-07-10 13:44

2008-07-10 13:44 . 2008-07-10 13:44 0 --a------ C:\WINDOWS\ativpsrm.bin

2008-07-10 13:37 . 2008-07-10 13:37

2008-07-10 13:35 . 2007-12-20 21:05 593,920 --------- C:\WINDOWS\system32\ati2sgag.exe

2008-07-10 13:35 . 2006-12-28 18:44 84,992 -ra------ C:\WINDOWS\system32\drivers\AtiHdAud.sys

2008-07-10 13:34 . 2008-07-10 13:39

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-07-12 17:13 4,519,424 ----a-w C:\WINDOWS\system32\logonuiX.exe

2008-07-10 18:16 --------- d-----w C:\Program Files\Common Files\InstallShield

2008-07-10 14:42 --------- d–h--w C:\Program Files\InstallShield Installation Information

2008-07-10 10:55 --------- d-----w C:\Program Files\ASUS

2008-07-10 10:53 --------- d-----w C:\Program Files\Marvell

2008-07-10 10:53 --------- d-----w C:\Documents and Settings\Marcin\Dane aplikacji\TMP

2008-07-10 10:51 315,392 ----a-w C:\WINDOWS\HideWin.exe

2008-07-10 10:51 --------- d-----w C:\Program Files\Realtek

2008-07-10 10:49 --------- d-----w C:\Program Files\Intel

2008-07-10 10:31 --------- d-----w C:\Program Files\Usługi online

2008-05-16 09:58 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe

2006-06-23 22:48 32,768 ----a-r C:\WINDOWS\inf\UpdateUSB.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“CTFMON.EXE”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-04 02:44 15360]

“Gadu-Gadu”=“D:\PROGRAMY\Gadu-Gadu\gg.exe” [2008-03-20 12:04 2127296]

“STYLEXP”=“C:\Program Files\TGTSoft\StyleXP\StyleXP.exe” [2006-05-24 20:31 1372160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“Ai Nap”=“C:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe” [2007-09-06 11:19 1426432]

“CPU Power Monitor”=“C:\Program Files\ASUS\AI Suite\AiGear3\CpuPowerMonitor.exe” [2007-10-16 11:35 626176]

“Cpu Level Up help”=“C:\Program Files\ASUS\AI Suite\CpuLevelUpHelp.exe” [2007-09-11 10:32 880640]

“StartCCC”=“C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe” [2006-11-10 12:35 90112]

“SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe” [2008-06-10 04:27 144784]

“ccApp”=“C:\Program Files\Common Files\Symantec Shared\ccApp.exe” [2006-07-19 19:26 52896]

“vptray”=“C:\PROGRA~1\SYMANT~1\VPTray.exe” [2006-09-27 20:33 125168]

“Adobe Reader Speed Launcher”=“C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe” [2007-05-11 13:06 40048]

“GrooveMonitor”=“C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe” [2006-10-27 00:47 31016]

“RemoteControl”=“C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe” [2006-11-23 15:10 56928]

“LanguageShortcut”=“C:\Program Files\CyberLink\PowerDVD\Language\Language.exe” [2006-12-05 22:55 54832]

“NeroFilterCheck”=“C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe” [2007-03-01 15:57 153136]

“SecurDisc”=“C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe” [2007-05-15 15:55 1628208]

“InCD”=“C:\Program Files\Nero\Nero 7\InCD\InCD.exe” [2007-05-15 15:55 1057328]

“LogonStudio”=“D:\PROGRAMY\LogonStudio\logonstudio.exe” [2002-09-03 18:38 987187]

“RTHDCPL”=“RTHDCPL.EXE” [2007-08-10 09:21 16384000 C:\WINDOWS\RTHDCPL.exe]

[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

“CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE” [2004-08-04 02:44 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]

“UIHost”=“C:\WINDOWS\system32\logonuiX.exe”

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]

2008-07-12 13:02 210168 D:\PROGRAMY\WindowBlinds\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

“AppInit_DLLs”=wbsys.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

“VIDC.YV12”= yv12vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BootSkin Startup Jobs]

–a------ 2004-04-26 16:21 270336 D:\PROGRAMY\BootSkin\BootSkin.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RelevantKnowledge]

–a------ 2008-05-14 14:04 1660416 C:\Program Files\RelevantKnowledge\rlvknlg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\STYLEXP]

–a------ 2006-05-24 20:31 1372160 C:\Program Files\TGTSoft\StyleXP\StyleXP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

“UpdatesDisableNotify”=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

“DisableMonitoring”=dword:00000001

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

“EnableFirewall”= 0 (0x0)

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

“%windir%\system32\sessmgr.exe”=

“%windir%\Network Diagnostic\xpnetdiag.exe”=

“C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE”=

“C:\Program Files\Microsoft Office\Office12\GROOVE.EXE”=

“C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE”=

“D:\GRY\Full Spectrum Warrior\Launcher.exe”=

“D:\PROGRAMY\BitTornado\btdownloadgui.exe”=

“c:\program files\relevantknowledge\rlvknlg.exe”=

S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2006-09-13 18:19]

.

        • ORPHANS REMOVED - - - -

BHO-{27D7F3A5-45A6-4CD9-B499-BFE5C49BDFE4} - C:\Documents and Settings\Marcin\Ustawienia lokalne\Temporary Internet Files\Content.IE5\GRI14Z67\3077ahntdksr[1].dll

HKLM-Run-WinampAgent - C:\Program Files\Winamp\winampa.exe

HKLM-Run-BMffc8db6b - C:\WINDOWS\system32\yrmdwhga.dll

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-07-13 22:29:42

Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes …

scanning hidden autostart entries …

scanning hidden files …

C:\ComboFix\CreateD00 21 bytes

C:\ComboFix\CreateD00.bat 65 bytes

C:\Documents and Settings\Marcin\Cookies\marcin@hit.gemius[1].txt

scan completed successfully

hidden files: 3

**************************************************************************

.

------------------------ Other Running Processes ------------------------

.

C:\WINDOWS\system32\ati2evxx.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\WINDOWS\system32\ati2evxx.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

D:\PROGRAMY\Ad-Aware\aawservice.exe

C:\Program Files\Symantec AntiVirus\DefWatch.exe

C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe

C:\Program Files\CyberLink\Shared Files\RichVideo.exe

C:\Program Files\Symantec AntiVirus\Rtvscan.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\notepad.exe

.

**************************************************************************

.

Completion time: 2008-07-13 22:31:52 - machine was rebooted

ComboFix-quarantined-files.txt 2008-07-13 20:31:17

Pre-Run: 19,446,636,544 bajtów wolnych

Post-Run: 19,385,671,680 bajt˘w wolnych

269

/******************************************/

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 22:33:44, on 2008-07-13

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

D:\PROGRAMY\Ad-Aware\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Symantec AntiVirus\DefWatch.exe

C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe

C:\Program Files\CyberLink\Shared Files\RichVideo.exe

C:\Program Files\Symantec AntiVirus\Rtvscan.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe

C:\Program Files\ASUS\AI Suite\AiGear3\CpuPowerMonitor.exe

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\PROGRA~1\SYMANT~1\VPTray.exe

C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe

C:\Program Files\Nero\Nero 7\InCD\InCD.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE

C:\WINDOWS\system32\ctfmon.exe

D:\PROGRAMY\Gadu-Gadu\gg.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\notepad.exe

C:\Program Files\Mozilla Firefox\firefox.exe

D:\PROGRAMY\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wp.pl/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://codecs.r8.org/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office12\GRA8E1~1.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O4 - HKLM…\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM…\Run: [Ai Nap] “C:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe”

O4 - HKLM…\Run: [CPU Power Monitor] “C:\Program Files\ASUS\AI Suite\AiGear3\CpuPowerMonitor.exe”

O4 - HKLM…\Run: [Cpu Level Up help] C:\Program Files\ASUS\AI Suite\CpuLevelUpHelp.exe

O4 - HKLM…\Run: [startCCC] “C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe”

O4 - HKLM…\Run: [sunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe”

O4 - HKLM…\Run: [ccApp] “C:\Program Files\Common Files\Symantec Shared\ccApp.exe”

O4 - HKLM…\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe

O4 - HKLM…\Run: [Adobe Reader Speed Launcher] “C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe”

O4 - HKLM…\Run: [GrooveMonitor] “C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe”

O4 - HKLM…\Run: [RemoteControl] “C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe”

O4 - HKLM…\Run: [LanguageShortcut] “C:\Program Files\CyberLink\PowerDVD\Language\Language.exe”

O4 - HKLM…\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM…\Run: [securDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe

O4 - HKLM…\Run: [inCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe

O4 - HKLM…\Run: [LogonStudio] “D:\PROGRAMY\LogonStudio\logonstudio.exe” /RANDOM

O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU…\Run: [Gadu-Gadu] “D:\PROGRAMY\Gadu-Gadu\gg.exe” /tray

O4 - HKCU…\Run: [sTYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide

O4 - HKUS\S-1-5-19…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘USŁUGA LOKALNA’)

O4 - HKUS\S-1-5-19…\RunOnce: [nlpo_03] cmd.exe /c md “%SystemRoot%\System32\dllcache” (User ‘USŁUGA LOKALNA’)

O4 - HKUS\S-1-5-20…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘USŁUGA SIECIOWA’)

O4 - HKUS\S-1-5-20…\RunOnce: [nlpo_03] cmd.exe /c md “%SystemRoot%\System32\dllcache” (User ‘USŁUGA SIECIOWA’)

O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’)

O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’)

O8 - Extra context menu item: Eksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra ‘Tools’ menuitem: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~1\Office12\GR99D3~1.DLL

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - D:\PROGRAMY\Ad-Aware\aawservice.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

End of file - 8347 bytes

(Leon$) #5

wpisy

usuń HijackThisem >> Fix checked

Pobierz i uruchom narzędzie The Avenger Zaznaczasz tekst podany do usunięcia na forum

kopiuj >> klikasz na Paste Script from Clipboard >> Execute >> Potwierdzasz i zgadzasz się na restart klikając OK.

Kasujesz ręcznie z dysku plik: C:\Avenger\backup.zip i wklejasz na forum raport: C:\avenger.txt

Pobierz program SDFix