Od wczoraj mam problem z tym virusem, który zmienia tapetę na czerwoną za znakiem biohazard i napisem “your privacy is in danger”. Wiem, że wiele osób miało ten problem, nawet sam próbowałem coś poradzić ale poskutkowało może na 4h. Proszę o pomoc, oto log z HijackThis:
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 18:32:38, on 2008-04-20
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesGrisoftAVG Anti-Spyware 7.5guard.exe
C:Program FilesESETESET Smart Securityekrn.exe
C:Program FilesPC Tools AntiVirusPCTAVSvc.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSsystem32RunDll32.exe
C:WINDOWSsystem32rundll32.exe
C:Program FilesATI TechnologiesATI Control Panelatiptaxx.exe
C:Program FilesWinampwinampa.exe
C:Program FilesATI TechnologiesATI.ACEcli.exe
C:Program FilesPC Tools AntiVirusPCTAV.exe
C:Program FilesD-Toolsdaemon.exe
C:Program FilesGoogleGoogle Talkgoogletalk.exe
C:Program FilesESETESET Smart Securityegui.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesCommon FilesAheadLibNMBgMonitor.exe
C:Program FilesMessengermsmsgs.exe
C:Program FilesHPDigital Imagingbinhpqtra08.exe
C:Program FilesCommon FilesAheadLibNMIndexStoreSvr.exe
C:Program FilesHPDigital ImagingbinhpqSTE08.exe
C:WINDOWSsystem32wuauclt.exe
C:Program FilesCommon FilesAheadLibNMIndexingService.exe
C:Program FilesATI TechnologiesATI.ACEcli.exe
C:Program FilesATI TechnologiesATI.ACEcli.exe
C:WINDOWSsystem32rundll32.exe
C:WINDOWSsystem32rundll32.exe
C:Program FilesWindows Media Playerwmplayer.exe
D:ProgramyGadu-Gadugg.exe
C:Program FilesMozilla Firefoxfirefox.exe
C:WINDOWSexplorer.exe
D:PawełProgramyHiJackThis_v2.exe
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.onet.pl/
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:Program FilesSkypeToolbarsInternet ExplorerSkypeIEPlugin.dll
O2 - BHO: (no name) - {31E4C02F-9B14-452F-8163-86FAD63FE680} - C:WINDOWSsystem32geBsqRhI.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:DownloadsBitComettoolsBitCometBHO_1.1.7.4.dll
O2 - BHO: (no name) - {4020100D-29D7-4392-AFD5-5AD713FF4B88} - C:WINDOWSsystem32hgGwwWoL.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:PROGRA~1MEGAUP~1MEGAUP~1.DLL
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:PROGRA~1MEGAUP~1MEGAUP~1.DLL
O4 - HKLM..Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM..Run: [BluetoothAuthenticationAgent] "rundll32.exe" bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM..Run: [ATIPTA] "C:Program FilesATI TechnologiesATI Control Panelatiptaxx.exe"
O4 - HKLM..Run: [VGAUtil] C:WINDOWSsystem32G-VGA.exe
O4 - HKLM..Run: [WinampAgent] C:Program FilesWinampwinampa.exe
O4 - HKLM..Run: [ATICCC] "C:Program FilesATI TechnologiesATI.ACEcli.exe" runtime -Delay
O4 - HKLM..Run: [QuickTime Task] "C:Program FilesQuickTimeqttask.exe" -atboottime
O4 - HKLM..Run: [!AVG Anti-Spyware] "C:Program FilesGrisoftAVG Anti-Spyware 7.5avgas.exe" /minimized
O4 - HKLM..Run: [PCTAVApp] "C:Program FilesPC Tools AntiVirusPCTAV.exe" /MONITORSCAN
O4 - HKLM..Run: [DAEMON Tools-1033] "C:Program FilesD-Toolsdaemon.exe" -lang 1033
O4 - HKLM..Run: [NeroFilterCheck] C:Program FilesCommon FilesAheadLibNeroCheck.exe
O4 - HKLM..Run: [googletalk] C:Program FilesGoogleGoogle Talkgoogletalk.exe /autostart
O4 - HKLM..Run: [egui] "C:Program FilesESETESET Smart Securityegui.exe" /hide /waitservice
O4 - HKLM..Run: [Adobe Reader Speed Launcher] "C:Program FilesAdobeReader 8.0ReaderReader_sl.exe"
O4 - HKLM..Run: [SDFix] D:PAWE~1ProgramySDFixSDFixRunThis.bat /second
O4 - HKLM..Run: [4893ebbf] rundll32.exe "C:WINDOWSsystem32aqtgsvat.dll",b
O4 - HKCU..Run: [CTFMON.EXE] C:WINDOWSsystem32ctfmon.exe
O4 - HKCU..Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:Program FilesCommon FilesAheadLibNMBgMonitor.exe"
O4 - HKCU..Run: [MSMSGS] "C:Program FilesMessengermsmsgs.exe" /background
O4 - HKCU..Run: [PCTAVApp] "C:Program FilesPC Tools AntiVirusPCTAV.exe" /MONITORSCAN
O4 - HKUSS-1-5-19..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUSS-1-5-20..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'SYSTEM')
O4 - HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:Program FilesHPDigital Imagingbinhpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:Program FilesMicrosoft OfficeOfficeOSA9.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000
O16 - DPF: {BD08A9D5-0E5C-4F42-99A3-C0CB5E860557} (CSolidBrowserObj Object) - http://cdn1.acclaimdownloads.com/solidstateion.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:PROGRA~1COMMON~1SkypeSKYPE4~1.DLL
O20 - Winlogon Notify: hgGwwWoL - C:WINDOWSSYSTEM32hgGwwWoL.dll
O21 - SSODL: Internet Explorer - {F28A40D7-AD0E-034A-C651-5F0ED76232E6} - C:WINDOWSsystem32Lmgjlm32.dll (file missing)
O21 - SSODL: aKunX - {4893EB11-E239-41BB-4622-F5F26DDFF85A} - C:WINDOWSsystem32pobm.dll (file missing)
O21 - SSODL: vadokmxt - {6CDD5EFB-2E32-4321-B30F-920B356BF7B7} - C:WINDOWSvadokmxt.dll
O22 - SharedTaskScheduler: Moduł wstępnego ładowania interfejsu Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:WINDOWSsystem32browseui.dll
O22 - SharedTaskScheduler: Demon buforu kategorii składników - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:WINDOWSsystem32browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:WINDOWSsystem32Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:WINDOWSsystem32ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:Program FilesGrisoftAVG Anti-Spyware 7.5guard.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:Program FilesESETESET Smart SecurityEHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:Program FilesESETESET Smart Securityekrn.exe
O23 - Service: NBService - Nero AG - C:Program FilesNeroNero 7Nero BackItUpNBService.exe
O23 - Service: NMIndexingService - Nero AG - C:Program FilesCommon FilesAheadLibNMIndexingService.exe
O23 - Service: PC Tools AntiVirus Engine (PCTAVSvc) - Unknown owner - C:Program FilesPC Tools AntiVirusPCTAVSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:WINDOWSsystem32HPZipm12.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:WINDOWSprivacy_dangerindex.htm
O24 - Desktop Component 1: (no name) - (no file)
--
End of file - 7632 bytes