axOr utworzono 10 lipca 2008 utworzono 10 lipca 2008 Logfile of Trend Micro HijackThis v2.0.2Scan saved at 15:03:05, on 2008-07-10Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\Program Files\Network Monitor\netmon.exeC:\Program Files\Analog Devices\SoundMAX\SMAgent.exeC:\WINDOWS\system32\wscntfy.exeC:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exeC:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exeC:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exeC:\WINDOWS\system32\rundll32.exeC:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeC:\WINDOWS\system32\ctfmon.exeC:\program files\steam\steam.exeE:\Programy\Gadu-Gadu\gg.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.bearshare.com/plR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = ŁączaR3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe,autorun.bat,O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLLO3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb124\Dealio.dllO4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exeO4 - HKLM\..\Run: [soundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /trayO4 - HKLM\..\Run: [AtiPTA] atiptaxx.exeO4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logonO4 - HKLM\..\Run: [WheelMouse] C:\Program Files\A4Tech\Mouse\Amoumain.exeO4 - HKLM\..\Run: [MyWebSearch Plugin] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL,UPFO4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,SO4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exeO4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"O4 - HKLM\..\Run: [au] C:\Program Files\Dealio\DealioAU.exeO4 - HKLM\..\Run: [Windows Logon Applicationedc] C:\Documents and Settings\Marcin\winlogon.exeO4 - HKLM\..\Run: [6ce4010b] rundll32.exe "C:\WINDOWS\system32\hvlppleo.dll",bO4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [steam] "c:\program files\steam\steam.exe" -silentO4 - HKCU\..\Run: [Gadu-Gadu] "E:\Programy\Gadu-Gadu\gg.exe" /trayO4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exeO4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA LOKALNA')O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA SIECIOWA')O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...html?p=ZNman000O8 - Extra context menu item: Compare Prices with &Dealio - C:\Documents and Settings\Marcin\Dane aplikacji\Dealio\kb124\res\DealioSearch.htmlO8 - Extra context menu item: Dodaj do blokowanych banerów - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htmO8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000O8 - Extra context menu item: Easy-WebPrint ? Dodaj do listy drukowania - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.htmlO8 - Extra context menu item: Easy-WebPrint ? Drukuj - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.htmlO8 - Extra context menu item: Easy-WebPrint ? Drukuj z dużą szybkością - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.htmlO8 - Extra context menu item: Easy-WebPrint ? Podgląd - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.htmlO9 - Extra button: Statystyki dla ochrony WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dllO9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb124\Dealio.dllO9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb124\Dealio.dllO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwa...ash/swflash.cabO20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~3.0\adialhk.dllO23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exeO23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exeO23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exeO23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exeO23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: My Web Search Service (MyWebSearchService) - MyWebSearch.com - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exeO23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exeO23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe--End of file - 6709 bytes //logi wstawiamy w tagi code //przenoszę //vocativus
snip91 komentarz 10 lipca 2008 komentarz 10 lipca 2008 C:\Program Files\[b]Network Monitor[/b]C:\Program Files\[b]MyWebSearch[/b]C:\Program Files\[b]Dealio[/b]C:\Documents and Settings\Marcin\[b]winlogon.exe[/b] Usuń ręcznie pogrubione Dodaj log z ComboFixa.
axOr komentarz 10 lipca 2008 Autor komentarz 10 lipca 2008 Niedziała mi ComboFix Wyskakuje że brakuje pliku clb.dll zamyka mozille firefox ikona ComboFix znika. Aż po jakims czasie wyskakuje niebieskie okno pisze że ComboFix is running Please Wait. i po 3 sekundach wyskakuje znowu że brakuje clb.dll. Apropo pogrubionych plików niemoge ich usunąc a winlogon.exe nie znalazlem
axOr komentarz 10 lipca 2008 Autor komentarz 10 lipca 2008 Tylko że kompa w trybie awaryjnym też niemogę uruchomić. Chyba pozostaje format, ale z tym tez mam problem :!: :co_jest: :confused:
Sean komentarz 10 lipca 2008 komentarz 10 lipca 2008 Tylko że kompa w trybie awaryjnym też niemogę uruchomić. Chyba pozostaje format, ale z tym tez mam problem excl.gif co_jest.gif confused.gif że niby dlaczego ... po bootwaniu klawisz F8 i wchodzisz w TA
axOr komentarz 10 lipca 2008 Autor komentarz 10 lipca 2008 Klikam Tryb Awaryjny przeleci przez 5 sekund jakis rządek napisów i po chwili jest tylko _ .
Mateusz J. komentarz 10 lipca 2008 komentarz 10 lipca 2008 Zamiast loga z ComboFix, spróbuj zrobić loga z Deckard's System Scanner, opis tego programu znajduje się pod opisem ComboFix: http://www.forumpc.pl/index.php?showtopic=11018 R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe,autorun.bat,O4 - HKLM\..\Run: [6ce4010b] rundll32.exe "C:\WINDOWS\system32\hvlppleo.dll",b Te 3 wpisy też sfixuj. Coś mi się wydaje, że to infekcja z jakieś sprzętu np. pendrive.
axOr komentarz 10 lipca 2008 Autor komentarz 10 lipca 2008 Deckard's System Scanner v20071014.68Run by Marcin on 2008-07-10 17:49:37Computer is in Normal Mode.---------------------------------------------------------------------------------- System Restore --------------------------------------------------------------Failed to create restore point; unknown error code 0x0000007E-- Last 5 Restore Point(s) --12: 2008-07-10 15:49:38 UTC - RP23 - Deckard's System Scanner Restore Point11: 2008-07-10 10:59:30 UTC - RP22 - Last known good configuration10: 2008-07-10 10:59:24 UTC - RP21 - Punkt kontrolny systemu9: 2008-07-10 10:59:23 UTC - RP20 - Punkt kontrolny systemu8: 2008-07-10 10:59:23 UTC - RP19 - Punkt kontrolny systemu-- First Restore Point -- 1: 2008-07-10 10:59:20 UTC - RP12 - Punkt kontrolny systemu[code]Backed up registry hives.Performed disk cleanup.-- HijackThis (run as Marcin.exe) ----------------------------------------------Logfile of Trend Micro HijackThis v2.0.2Scan saved at 17:50:35, on 2008-07-10Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\Program Files\Network Monitor\netmon.exeC:\Program Files\Analog Devices\SoundMAX\SMAgent.exeC:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exeC:\Program Files\A4Tech\Mouse\Amoumain.exeC:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exeC:\Documents and Settings\Marcin\winlogon.exeC:\WINDOWS\System32\rundll32.exeC:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeC:\WINDOWS\System32\ctfmon.exeC:\program files\steam\steam.exeE:\Programy\Gadu-Gadu\gg.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Documents and Settings\Marcin\Pulpit\dss.exeC:\PROGRA~1\TRENDM~1\HIJACK~1\Marcin.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.bearshare.com/plR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = ŁączaR3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe,autorun.bat,O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLLO2 - BHO: EWPBrowseObject Class - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dllO2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Program Files\Dealio\kb124\Dealio.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dllO2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dllO2 - BHO: (no name) - {C33163EA-1726-4A44-9591-26BC0CC23D91} - C:\WINDOWS\system32\awtutrro.dllO2 - BHO: (no name) - {E91C2855-AC7E-4ED9-B488-0F78FAE8AD2D} - C:\WINDOWS\system32\awtrQHwu.dllO3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocxO4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exeO4 - HKLM\..\Run: [soundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /trayO4 - HKLM\..\Run: [AtiPTA] atiptaxx.exeO4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logonO4 - HKLM\..\Run: [WheelMouse] C:\Program Files\A4Tech\Mouse\Amoumain.exeO4 - HKLM\..\Run: [MyWebSearch Plugin] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL,UPFO4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,SO4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exeO4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"O4 - HKLM\..\Run: [au] C:\Program Files\Dealio\DealioAU.exeO4 - HKLM\..\Run: [Windows Logon Applicationedc] C:\Documents and Settings\Marcin\winlogon.exeO4 - HKLM\..\Run: [6ce4010b] rundll32.exe "C:\WINDOWS\system32\hvlppleo.dll",bO4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exeO4 - HKCU\..\Run: [steam] "c:\program files\steam\steam.exe" -silentO4 - HKCU\..\Run: [Gadu-Gadu] "E:\Programy\Gadu-Gadu\gg.exe" /trayO4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exeO4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA LOKALNA')O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA SIECIOWA')O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...html?p=ZNman000O8 - Extra context menu item: Compare Prices with &Dealio - C:\Documents and Settings\Marcin\Dane aplikacji\Dealio\kb124\res\DealioSearch.htmlO8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000O8 - Extra context menu item: Easy-WebPrint – Dodaj do listy drukowania - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.htmlO8 - Extra context menu item: Easy-WebPrint – Drukuj - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.htmlO8 - Extra context menu item: Easy-WebPrint – Drukuj z dużą szybkością - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.htmlO8 - Extra context menu item: Easy-WebPrint – Podgląd - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.htmlO9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htmO9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htmO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwa...ash/swflash.cabO20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~3.0\adialhk.dllO20 - Winlogon Notify: awtrQHwu - C:\WINDOWS\SYSTEM32\awtrQHwu.dllO23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exeO23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exeO23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exeO23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exeO23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: My Web Search Service (MyWebSearchService) - MyWebSearch.com - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exeO23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exeO23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe--End of file - 6819 bytes-- File Associations -----------------------------------------------------------All associations okay.-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------R3 Amps2prt (A4Tech PS/2 Port Mouse Driver) - c:\windows\system32\drivers\amps2prt.sys <Not Verified; A4Tech Co.,Ltd.; A4Tech Mouse Driver>S1 intelppm (Sterownik procesora Intel) - c:\windows\system32\drivers\intelppm.sys (file missing)S3 GVCplDrv - c:\windows\system32\drivers\gvcpldrv.sysS3 HTTP - c:\windows\system32\drivers\http.sys (file missing)S3 ip6fw (Sterownik Zapory systemu Windows IPv6) - c:\windows\system32\drivers\ip6fw.sys (file missing)-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------R2 Network Monitor - c:\program files\network monitor\netmon.exe serviceS2 MyWebSearchService (My Web Search Service) - c:\progra~1\mywebs~1\bar\1.bin\mwssvc.exe <Not Verified; MyWebSearch.com; My Web Search Bar>S3 AresChatServer (Ares Chatroom server) - c:\program files\ares\chatserver.exe <Not Verified; Ares Development Group; Ares Chat Server>-- Device Manager: Disabled ----------------------------------------------------Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}Description: Bluetooth PAN Network AdapterDevice ID: ROOT\NET\0000Manufacturer: IVT CorporationName: Bluetooth PAN Network AdapterPNP Device ID: ROOT\NET\0000Service: BT-- Files created between 2008-06-10 and 2008-07-10 -----------------------------2008-07-10 16:13:02 0 d-------- C:\WINDOWS\Prefetch2008-07-10 15:41:40 395776 --a------ C:\WINDOWS\System32\CF14334.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>2008-07-10 15:38:56 395776 --a------ C:\WINDOWS\System32\CF13814.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>2008-07-10 15:37:34 395776 --a------ C:\WINDOWS\System32\CF13547.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>2008-07-10 15:33:26 395776 --a------ C:\WINDOWS\System32\CF12737.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>2008-07-10 15:32:35 395776 --a------ C:\WINDOWS\System32\CF12430.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>2008-07-10 15:02:37 0 d-------- C:\Program Files\Trend Micro2008-07-10 14:59:29 395776 --a------ C:\WINDOWS\System32\CF6006.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>2008-07-10 14:58:39 395776 --a------ C:\WINDOWS\System32\CF5830.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>2008-07-10 14:54:03 395776 --a------ C:\WINDOWS\System32\CF4912.exe <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®>2008-07-10 14:19:17 0 d--h----- C:\WINDOWS\System32\GroupPolicy2008-07-10 13:00:03 80896 --a------ C:\WINDOWS\System32\hvlppleo.dll2008-07-10 12:59:10 22386 --ahs---- C:\WINDOWS\System32\orrtutwa.ini22008-07-10 12:59:07 282112 --a------ C:\WINDOWS\System32\awtutrro.dll2008-07-10 11:58:14 282048 --a------ C:\WINDOWS\System32\wvUMgday.dll2008-07-10 11:53:19 687592 --a------ C:\WINDOWS\System32\atmtd.dll2008-07-10 11:53:09 4 --a------ C:\WINDOWS\System32\hljwugsf.bin2008-07-10 11:52:56 1989 --a------ C:\WINDOWS\uninstall_nmon.vbs2008-07-10 11:52:55 0 d--hs---- C:\WINDOWS\TWFyY2lu2008-07-10 11:52:55 0 d-------- C:\Program Files\Network Monitor2008-07-10 11:52:41 0 d-------- C:\WINDOWS\System32\vbem2008-07-10 11:52:41 0 d-------- C:\WINDOWS\System32\2022008-07-10 11:52:37 0 d-------- C:\WINDOWS\System32\olixds182008-07-10 11:52:37 0 d-------- C:\Temp2008-07-10 11:52:34 31232 --a------ C:\WINDOWS\System32\awtrQHwu.dll2008-07-09 19:44:27 0 d-------- C:\vcs5BGEffects2008-07-09 19:43:19 0 d-------- C:\Program Files\Dealio2008-07-09 19:42:00 0 d-------- C:\Program Files\AV Music Morpher Gold2008-07-09 19:39:22 0 d-------- C:\Program Files\AV Vcs 6.02008-07-05 13:54:12 0 d-------- C:\Program Files\Headshot Player2008-07-05 11:47:49 0 d-------- C:\Program Files\DivX2008-07-01 09:12:20 96966 --a------ C:\WINDOWS\System32\drivers\klin.dat2008-07-01 09:12:20 88774 --a------ C:\WINDOWS\System32\drivers\klick.dat2008-07-01 09:11:38 75040 --ahs---- C:\WINDOWS\System32\drivers\fidbox2.dat2008-07-01 09:11:38 4420896 --ahs---- C:\WINDOWS\System32\drivers\fidbox.dat2008-06-15 13:33:18 28672 --a------ C:\WINDOWS\System32\f3PSSavr.scr <Not Verified; FunWebProducts.com; Popular Screensavers>2008-06-15 13:33:18 0 d-------- C:\Program Files\FunWebProducts2008-06-15 13:33:15 0 d-------- C:\Program Files\MyWebSearch2008-06-14 11:07:43 1970176 --a------ C:\WINDOWS\System32\d3dx9.dll2008-06-14 11:07:43 679936 --a------ C:\WINDOWS\System32\D3DX81ab.dll <Not Verified; Generated by JEDI; D3DX81>2008-06-11 02:07:20 3596288 --a------ C:\WINDOWS\System32\qt-dx331.dll2008-06-11 02:03:26 196608 --a------ C:\WINDOWS\System32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>2008-06-11 02:03:26 81920 --a------ C:\WINDOWS\System32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>2008-06-11 02:03:20 802816 --a------ C:\WINDOWS\System32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>2008-06-11 02:03:20 823296 --a------ C:\WINDOWS\System32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>2008-06-11 02:03:20 815104 --a------ C:\WINDOWS\System32\divx_xx0a.dll <Not Verified; DivX, Inc.; DivX®>2008-06-11 02:03:20 823296 --a------ C:\WINDOWS\System32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>2008-06-11 02:03:18 683520 --a------ C:\WINDOWS\System32\DivX.dll <Not Verified; DivX, Inc.; DivX®>-- Find3M Report ---------------------------------------------------------------2008-07-10 17:45:58 0 d-------- C:\Program Files\Steam2008-07-10 16:17:51 358702 --a------ C:\WINDOWS\System32\perfh015.dat2008-07-10 16:17:50 50748 --a------ C:\WINDOWS\System32\perfc015.dat2008-07-10 16:01:19 0 d-------- C:\Program Files\Windows NT2008-07-10 16:01:16 0 d-------- C:\Program Files\Movie Maker2008-07-10 16:01:16 0 d-------- C:\Program Files\Messenger2008-07-10 16:00:44 223472 -rahs---- C:\ntldr2008-07-09 19:43:36 0 d-------- C:\Documents and Settings\Marcin\Dane aplikacji\Dealio2008-07-05 13:38:57 0 d-------- C:\Documents and Settings\Marcin\Dane aplikacji\DivX2008-07-01 09:11:38 0 d-------- C:\Program Files\Kaspersky Lab2008-06-23 07:24:32 0 d-------- C:\Documents and Settings\Marcin\Dane aplikacji\Mozilla2008-05-23 00:18:54 12288 --a------ C:\WINDOWS\System32\DivXWMPExtType.dll-- Registry Dump ---------------------------------------------------------------*Note* empty entries & legit default entries are not shown[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C33163EA-1726-4A44-9591-26BC0CC23D91}]2008-07-10 12:59 282112 --a------ C:\WINDOWS\system32\awtutrro.dll[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E91C2855-AC7E-4ED9-B488-0F78FAE8AD2D}]2008-07-10 11:52 31232 --a------ C:\WINDOWS\system32\awtrQHwu.dll[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 09:11]"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2004-09-23 12:41]"AtiPTA"="atiptaxx.exe" [2005-11-23 02:05 C:\WINDOWS\system32\atiptaxx.exe]"Easy-PrintToolBox"="C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.exe" [2004-01-14 03:10]"WheelMouse"="C:\Program Files\A4Tech\Mouse\Amoumain.exe" [2006-12-26 17:08]"MyWebSearch Plugin"="C:\PROGRA~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL" [2008-06-15 13:33]"My Web Search Bar"="C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL" [2008-06-15 13:33]"MyWebSearch Email Plugin"="C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe" [2008-06-15 13:33]"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [2007-12-18 00:43]"au"="C:\Program Files\Dealio\DealioAU.exe" [2007-10-09 12:47]"Windows Logon Applicationedc"="C:\Documents and Settings\Marcin\winlogon.exe" [2008-06-27 18:38]"6ce4010b"="C:\WINDOWS\system32\hvlppleo.dll" [2008-07-10 13:00][HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-10-22 18:53]"ctfmon.exe"="C:\WINDOWS\System32\ctfmon.exe" [2002-09-20 18:05]"Steam"="c:\program files\steam\steam.exe" [2008-04-25 07:31]"Gadu-Gadu"="E:\Programy\Gadu-Gadu\gg.exe" [2008-03-20 12:04]"MyWebSearch Email Plugin"="C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe" [2008-06-15 13:33][HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"DisableTaskMgr"=1 (0x1)[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]"DisableTaskMgr"=1 (0x1)[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]"{E91C2855-AC7E-4ED9-B488-0F78FAE8AD2D}"= C:\WINDOWS\system32\awtrQHwu.dll [2008-07-10 11:52 31232][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]"Userinit"="c:\windows\system32\userinit.exe,autorun.bat,"[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awtrQHwu] awtrQHwu.dll 2008-07-10 11:52 31232 C:\WINDOWS\system32\awtrQHwu.dll[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]"appinit_dlls"=C:\PROGRA~1\KASPER~1\KASPER~3.0\adialhk.dll[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]"Authentication Packages"= msv1_0 C:\WINDOWS\system32\awtutrro"Notification Packages"= scecli scecli scecli[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\clbdriver.sys]@="driver"[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]@="Service"[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]@="Service"[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]@="Volume shadow copy"[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6e88edac-1673-11dd-b066-001a926e9fbf}]AutoRun\command- H:\explore\Command- WScript.exe .\autorun.vbsopen\Command- WScript.exe .\autorun.vbs[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9e47901d-3d21-11dd-8f8c-001a926e9fbf}]AutoRun\command- EXPLORER.EXEexplore\Command- EXPLORER.EXEopen\Command- EXPLORER.EXE-- End of Deckard's System Scanner: finished at 2008-07-10 17:51:40 ------------ Jak Się korzysta z BBCode bo juz sie męczę z pół godziny
Mateusz J. komentarz 10 lipca 2008 komentarz 10 lipca 2008 Postępuj wg tego poradnika, skrypt do wklejenia: Files to delete:C:\WINDOWS\system32\awtutrro.dllC:\WINDOWS\system32\awtrQHwu.dllC:\Documents and Settings\Marcin\winlogon.exeC:\WINDOWS\system32\hvlppleo.dllC:\WINDOWS\web\related.htmC:\WINDOWS\System32\hvlppleo.dllC:\WINDOWS\System32\orrtutwa.ini2C:\WINDOWS\System32\awtutrro.dllC:\WINDOWS\System32\wvUMgday.dllC:\WINDOWS\System32\atmtd.dllC:\WINDOWS\System32\CF14334.exeC:\WINDOWS\System32\CF13814.exeC:\WINDOWS\System32\CF13547.exeC:\WINDOWS\System32\CF12737.exeC:\WINDOWS\System32\CF12430.exeC:\WINDOWS\System32\hljwugsf.binC:\WINDOWS\uninstall_nmon.vbsC:\WINDOWS\System32\CF6006.exeC:\WINDOWS\System32\f3PSSavr.scrC:\WINDOWS\System32\CF5830.exe C:\WINDOWS\System32\CF4912.exeFolders to delete:C:\WINDOWS\TWFyY2luC:\Program Files\FunWebProductsC:\Program Files\MyWebSearchC:\Program Files\DealioC:\Program Files\Network MonitorDrivers to delete:MyWebSearchServiceNetwork MonitorclbdriverRegistry keys to delete:[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\clbdriver.sys][-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2][-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C33163EA-1726-4A44-9591-26BC0CC23D91}][-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E91C2855-AC7E-4ED9-B488-0F78FAE8AD2D}][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"MyWebSearch Plugin"=-"My Web Search Bar"=-"MyWebSearch Email Plugin"=-"au"=-"Windows Logon Applicationedc"=-"6ce4010b"=-[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"MyWebSearch Email Plugin"=-[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]"{E91C2855-AC7E-4ED9-B488-0F78FAE8AD2D}"=-[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awtrQHwu][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]"Authentication Packages"=-"Authentication Packages"=hex(7):6d,00,73,00,76,00,31,00,5f,00,30,00,00,00,00,\ 00 Po pracy pokazujesz raport z wykonanej pracy The Avenger. Wklejasz nowy log z DDS. R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.bearshare.com/plR3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe,autorun.bat,O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLLO2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Program Files\Dealio\kb124\Dealio.dllO2 - BHO: (no name) - {C33163EA-1726-4A44-9591-26BC0CC23D91} - C:\WINDOWS\system32\awtutrro.dllO2 - BHO: (no name) - {E91C2855-AC7E-4ED9-B488-0F78FAE8AD2D} - C:\WINDOWS\system32\awtrQHwu.dllO4 - HKLM\..\Run: [MyWebSearch Plugin] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL,UPFO4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,SO4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exeO4 - HKLM\..\Run: [au] C:\Program Files\Dealio\DealioAU.exeO4 - HKLM\..\Run: [Windows Logon Applicationedc] C:\Documents and Settings\Marcin\winlogon.exeO4 - HKLM\..\Run: [6ce4010b] rundll32.exe "C:\WINDOWS\system32\hvlppleo.dll",bO4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exeO8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...html?p=ZNman000O8 - Extra context menu item: Compare Prices with &Dealio - C:\Documents and Settings\Marcin\Dane aplikacji\Dealio\kb124\res\DealioSearch.htmlO9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htmO9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htmO20 - Winlogon Notify: awtrQHwu - C:\WINDOWS\SYSTEM32\awtrQHwu.dllO23 - Service: My Web Search Service (MyWebSearchService) - MyWebSearch.com - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exeO23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe Uruchom HiajckThis. Kliknij Do a system scan only. Zaznacz wpisy, które podałem. Naciśnij Fix checked. Następnie tworzysz nowy loga, tak jak robiłeś to na początku i pokazujesz na forum.
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.