Kamilllo90 utworzono 15 grudnia 2008 utworzono 15 grudnia 2008 Wcześniej miałem problem taki i pisalem to na forum ze po kazdym uruchomieniu kompa wyswietlało sie okieno o aplikacji winnt32.exe ("uruchom" i "anuluj") ten problem rozwiazaniem odznaczając winnt32.exe w "uruchamianie" ale jakos nie podoba mi sie to ze siedzi to w moim kompie.Gdy ja to uruchamiałem zawsze po chwili avast mi wykywal wirusa.Tyle ja rzeczy juz robilem w celu pozbycia sie wirusów bo miałem tez inne,że chyba mi zostal tylko winnt32.exe.Może ktos mi pomooc,co to jest?
Mateusz J. komentarz 15 grudnia 2008 komentarz 15 grudnia 2008 Proszę pokazać logi z: a)HijackThis b)ComboFix
Kamilllo90 komentarz 15 grudnia 2008 Autor komentarz 15 grudnia 2008 Conbofix ComboFix 08-12-15.01 - mateusz wicek 2008-12-15 22:38:06.1 - NTFSx86Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.767.488 [GMT 1:00]Uruchomiony z: c:\downloads\ComboFix.exe * Utworzono nowy punkt przywracania.((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))).c:\windows\system32\paul.dll.((((((((((((((((((((((((( Pliki utworzone od 2008-11-15 do 2008-12-15 ))))))))))))))))))))))))))))))).2008-12-15 22:28 . 2008-12-15 22:28 <DIR> d-------- c:\program files\Trend Micro2008-12-15 12:09 . 2008-12-15 12:09 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\ESET2008-12-07 14:00 . 2008-12-07 14:01 <DIR> d-------- c:\program files\Common Files\Adobe2008-12-04 01:27 . 2008-12-04 01:27 <DIR> d-------- c:\program files\RemoveWGA2008-12-04 00:57 . 2005-04-15 20:58 1,071,088 --a------ c:\windows\system32\MSCOMCTL.OCX2008-12-04 00:57 . 2000-05-22 19:58 608,448 --a------ c:\windows\system32\comctl32.ocx2008-12-04 00:57 . 2005-12-14 22:16 237,568 --a------ c:\windows\system32\mcstabs.ocx2008-12-04 00:57 . 2006-02-07 13:02 152,848 --a------ c:\windows\system32\comdlg32.ocx2008-12-04 00:57 . 2000-05-22 17:58 115,920 --a------ c:\windows\system32\msinet.ocx2008-12-04 00:57 . 2000-07-15 00:00 101,888 --a------ c:\windows\system32\VB6STKIT.DLL2008-12-04 00:57 . 1998-06-18 00:00 89,360 --a------ c:\windows\system32\VB5DB.DLL2008-12-03 21:19 . 2008-12-03 21:19 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\3A21D2008-12-03 19:33 . 2008-12-15 17:34 <DIR> d-------- c:\documents and settings\mateusz wicek\Dane aplikacji\SUPERAntiSpyware.com2008-12-03 19:33 . 2008-12-03 19:33 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\SUPERAntiSpyware.com2008-12-03 18:52 . 2008-12-03 19:01 <DIR> d-a------ c:\documents and settings\All Users\Dane aplikacji\TEMP2008-12-02 16:39 . 2008-12-15 19:22 <DIR> d-------- c:\windows\BDOSCAN82008-12-01 20:31 . 2008-12-01 20:35 <DIR> d-------- c:\windows\system32\CatRoot_bak2008-12-01 19:22 . 2008-04-14 18:20 221,184 --a------ c:\windows\system32\wmpns.dll2008-12-01 19:11 . 2008-12-01 20:17 <DIR> d-------- c:\windows\system32\pl2008-12-01 19:11 . 2008-12-01 20:17 <DIR> d-------- c:\windows\system32\bits2008-12-01 19:11 . 2008-12-01 20:16 <DIR> d-------- c:\windows\l2schemas2008-12-01 19:01 . 2004-08-03 23:45 4,190,352 --a------ c:\windows\system32\dllcache\luna.mst2008-12-01 19:00 . 2004-08-03 23:44 8,412,672 --a------ c:\windows\system32\dllcache\shell32.dll2008-12-01 18:59 . 2008-08-14 14:46 2,181,632 --a------ c:\windows\system32\ntoskrnl.exe2008-12-01 14:36 . 2008-12-01 14:36 <DIR> dr-h----- c:\documents and settings\mateusz wicek\Dane aplikacji\SecuROM2008-12-01 14:22 . 2008-12-01 14:22 <DIR> d-------- c:\windows\system32\LogFiles2008-12-01 14:22 . 2008-12-01 14:22 <DIR> d-------- c:\documents and settings\mateusz wicek\Dane aplikacji\Leadertech2008-12-01 14:02 . 2008-12-01 14:02 717,296 --a------ c:\windows\system32\drivers\sptd.sys2008-11-26 23:24 . 2008-11-26 23:24 <DIR> d-------- c:\program files\AskBarDis2008-11-26 20:20 . 2008-12-08 12:03 <DIR> d-------- C:\My Downloads2008-11-25 21:21 . 2008-11-25 21:21 <DIR> d-------- c:\program files\Common Files\Ahead2008-11-25 21:21 . 2001-07-06 14:41 569,344 --a------ c:\windows\system32\imagr5.dll2008-11-25 21:21 . 2001-07-06 12:44 544,768 --a------ c:\windows\system32\imagx5.dll2008-11-25 21:21 . 2001-07-06 18:24 283,920 --a------ c:\windows\system32\ImagXpr5.dll2008-11-25 21:21 . 2001-07-09 11:50 155,648 --a------ c:\windows\system32\NeroCheck.exe2008-11-25 21:21 . 2003-03-29 16:45 89,184 --a------ c:\windows\system32\drivers\imagedrv.sys2008-11-25 21:21 . 2003-07-22 16:29 57,344 --a------ c:\windows\system32\ImageDrive.cpl2008-11-25 21:21 . 2001-06-26 08:15 38,912 --a------ c:\windows\system32\picn20.dll2008-11-25 20:55 . 2008-11-25 21:06 69 --a------ c:\windows\NeroDigital.ini2008-11-21 13:54 . 2008-11-21 13:54 <DIR> d-------- c:\program files\ACD Systems2008-11-21 13:54 . 2008-11-21 13:54 10,368 --a------ c:\windows\system32\drivers\pfc.sys.(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))).2008-12-15 21:41 --------- d-----w c:\program files\BitComet2008-12-10 12:23 --------- d-----w c:\program files\Lx_cats2008-12-04 16:43 --------- d-----w c:\program files\Common Files\ACD Systems2008-12-04 12:49 --------- d-----w c:\program files\Yahoo!2008-12-03 20:30 --------- d-----w c:\program files\BearShare2008-12-02 17:14 --------- d-----w c:\program files\AskTBar2008-12-01 13:23 --------- d--h--w c:\program files\InstallShield Installation Information2008-11-26 23:14 --------- d-----w c:\program files\Winamp Remote2008-11-25 20:22 --------- d-----w c:\documents and settings\mateusz wicek\Dane aplikacji\Ahead2008-11-25 20:21 --------- d-----w c:\program files\Ahead2008-11-21 12:15 2,516 --sha-w c:\windows\system32\KGyGaAvL.sys2008-11-18 16:32 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Microsoft Help2008-11-13 22:55 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Ahead2008-11-12 19:15 --------- d-----w c:\program files\Ganymede2008-10-30 21:48 --------- d-----w c:\documents and settings\mateusz wicek\Dane aplikacji\GanymedeNet2008-10-29 19:00 --------- d-----w c:\program files\Corel2008-10-27 21:35 --------- d-----w c:\documents and settings\mateusz wicek\Dane aplikacji\Audacity2008-10-27 13:01 102,664 ----a-w c:\windows\system32\drivers\tmcomm.sys2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys2008-10-24 11:10 453,632 ----a-w c:\windows\system32\dllcache\mrxsmb.sys2008-10-23 13:01 283,648 ----a-w c:\windows\system32\gdi32.dll2008-10-18 21:54 --------- d-----w c:\documents and settings\mateusz wicek\Dane aplikacji\Corel2008-10-16 20:33 826,368 ----a-w c:\windows\system32\wininet.dll2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll2008-10-16 13:06 268,648 ----a-w c:\windows\system32\mucltui.dll2008-10-16 13:06 208,744 ----a-w c:\windows\system32\muweb.dll2008-10-15 17:00 332,800 ----a-w c:\windows\system32\dllcache\netapi32.dll2008-10-03 10:17 247,326 ----a-w c:\windows\system32\strmdll.dll2008-10-02 12:29 43,520 ----a-w c:\windows\system32\CmdLineExt03.dll2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll2008-09-20 17:50 98,304 ----a-w c:\windows\system32\CmdLineExt.dll2008-09-15 15:40 1,846,272 ----a-w c:\windows\system32\win32k.sys2008-09-15 15:40 1,846,272 ----a-w c:\windows\system32\dllcache\win32k.sys.((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))..*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]"{57BCA5FA-5DBB-45A2-B558-1755C3F6253B}"= "c:\program files\Winamp Toolbar\winamptb.dll" [2008-07-16 1266992][HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}][HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1][HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}][HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-09-29 325000][HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-09-29 325000][HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}][HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}][HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]"Gadu-Gadu"="c:\program files\Gadu-Gadu\gg.exe" [2005-08-30 1708032]"Orb"="c:\program files\Winamp Remote\bin\OrbTray.exe" [2008-04-01 507904]"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-09-24 68856]"BitComet"="c:\program files\BitComet\BitComet.exe" [2008-12-03 2514744][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-03-17 339968]"lxccmon.exe"="c:\program files\Lexmark 3300 Series\lxccmon.exe" [2005-02-21 192512]"FaxCenterServer"="c:\program files\Lexmark Fax Solutions\fm3032.exe" [2005-01-20 299008]"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-04 36352]"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]"NeroCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]"LXCCCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll" [2005-01-10 69632][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]"VIDC.ACDV"= ACDV.dll[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitComet]--a------ 2008-12-03 11:11 2514744 c:\program files\BitComet\BitComet.exe[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="c:\\Program Files\\Gadu-Gadu\\gg.exe"="c:\\Program Files\\Winamp Remote\\bin\\Orb.exe"="c:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"="c:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"="c:\\Program Files\\BearShare\\BearShare.exe"=[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]"7271:TCP"= 7271:TCP:BitComet 7271 TCP"7271:UDP"= 7271:UDP:BitComet 7271 UDP"8461:TCP"= 8461:TCP:GoD High Port"8462:TCP"= 8462:TCP:GoD Low PortR1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-11-10 111184]R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-11-10 20560]S3 ATE_PROCMON;ATE_PROCMON;\??\c:\program files\Anti Trojan Elite\ATEPMon.sys [][HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6e1d3536-8bcf-11dd-97c7-000d878db101}]\Shell\AutoRun\command - xyw9tmdj.com\Shell\explore\Command - xyw9tmdj.com\Shell\open\Command - xyw9tmdj.com[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c4e7d762-bfa8-11dd-9842-000d878db101}]\Shell\AutoRun\command - H:\Autorun.exe.- - - - USUNIĘTO PUSTE WPISY - - - -Notify-dimsntfy - (no file)MSConfigStartUp-Windows NT Service - winnt32.exe.------- Skan uzupełniający -------.uStart Page = hxxp://www.google.pl/IE: &Winamp Search - c:\documents and settings\All Users\Dane aplikacji\Winamp Toolbar\ieToolbar\resources\en-US\local\search.htmlIE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000IE: Pobierz wszystkie VIdeo za pomocą BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htmIE: Pobierz wszystko za pomocą BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htmIE: Pobierz za pomocą BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htmc:\windows\Downloaded Program Files\ewidoOnlineScan.dll - O16 -: {193C772A-87BE-4B19-A7BB-445B226FE9A1}hxxp://downloads.ewido.net/ewidoOnlineScan.cabc:\windows\system32\ArcaMicroScanUpdater.exe - c:\windows\system32\ArcaOnlineUninstall.exec:\windows\system32\ArcaOnline.dllO16 -: {3D8700FB-86A4-4CB4-B738-6F0FC016AC7D}hxxp://slimak.onet.pl/_m/wirusy/ArcaOnline.cabc:\windows\Downloaded Program Files\ArcaOnline.infc:\windows\system32\SkanerOnlineUninstall.exe - c:\windows\system32\SkanerOnline.dllO16 -: {68282C51-9459-467B-95BF-3C0E89627E55}hxxp://www.mks.com.pl/skaner/SkanerOnline.cabc:\windows\Downloaded Program Files\SkanerOnline.infc:\windows\Downloaded Program Files\Snooker.dll - O16 -: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C5}hxxp://download.gamedesire.com/g_bin/pl/snooker_2_0_0_35.cabc:\windows\Downloaded Program Files\Snooker.inf.**************************************************************************catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2008-12-15 22:40:56Windows 5.1.2600 Dodatek Service Pack 2 NTFSskanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ...HKLM\Software\Microsoft\Windows\CurrentVersion\Run LXCCCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll,_RunDLLEntry@16??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? skanowanie ukrytych plików ... skanowanie pomyślnie ukończoneukryte pliki: 0**************************************************************************.--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------- - - - - - - > 'winlogon.exe'(716)c:\windows\system32\Ati2evxx.dll.------------------------ Pozostałe uruchomione procesy ------------------------.c:\windows\system32\ati2evxx.exec:\program files\Alwil Software\Avast4\aswUpdSv.exec:\program files\Alwil Software\Avast4\ashServ.exec:\windows\system32\ati2evxx.exec:\windows\system32\PSIService.exec:\program files\Alwil Software\Avast4\ashMaiSv.exec:\program files\Alwil Software\Avast4\ashWebSv.exec:\windows\system32\lxcccoms.exe.**************************************************************************.Czas ukończenia: 2008-12-15 22:42:45 - komputer został uruchomiony ponownieComboFix-quarantined-files.txt 2008-12-15 21:42:32Przed: 24 690 536 448 bajtów wolnychPo: 24,717,107,200 bajtów wolnychWindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe[boot loader]timeout=2default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS[operating systems]c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdconsmulti(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect HijackThis Logfile of Trend Micro HijackThis v2.0.2Scan saved at 22:45:38, on 2008-12-15Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16762)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Alwil Software\Avast4\ashServ.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\PSIService.exeC:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exeC:\Program Files\Lexmark 3300 Series\lxccmon.exeC:\Program Files\Winamp\winampa.exeC:\Program Files\Java\jre1.6.0_07\bin\jusched.exeC:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeC:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exeC:\WINDOWS\system32\ctfmon.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Winamp Remote\bin\OrbTray.exeC:\Program Files\Alwil Software\Avast4\ashMaiSv.exeC:\Program Files\Alwil Software\Avast4\ashWebSv.exeC:\WINDOWS\system32\lxcccoms.exeC:\WINDOWS\system32\wuauclt.exeC:\WINDOWS\system32\wuauclt.exeC:\WINDOWS\explorer.exeC:\Program Files\Internet Explorer\IEXPLORE.EXEC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60327R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60327R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = ŁączaR3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45A2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dllO2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dllO3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dllO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dllO3 - Toolbar: (no name) - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - (no file)O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dllO3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareMediaBar.dll (file missing)O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exeO4 - HKLM\..\Run: [lxccmon.exe] "C:\Program Files\Lexmark 3300 Series\lxccmon.exe"O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /sO4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeO4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exeO4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"O4 - HKLM\..\Run: [LXCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll,_RunDLLEntry@16O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /trayO4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /backgroundO4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeO4 - HKCU\..\Run: [bitComet] "C:\Program Files\BitComet\BitComet.exe" /trayO4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Dane aplikacji\Winamp Toolbar\ieToolbar\resources\en-US\local\search.htmlO8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000O8 - Extra context menu item: Pobierz wszystkie VIdeo za pomocą BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htmO8 - Extra context menu item: Pobierz wszystko za pomocą BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htmO8 - Extra context menu item: Pobierz za pomocą BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htmO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dllO9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exeO9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exeO9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll/206 (file missing)O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cabO16 - DPF: {1A781DED-C22D-4153-3213-A3211E29DF13} (GameDesire Card Games) - http://download.gamedesire.com/g_bin/pl/cards_2_0_0_77.cabO16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dllO16 - DPF: {3D8700FB-86A4-4CB4-B738-6F0FC016AC7D} (MainControl Class) - http://slimak.onet.pl/_m/wirusy/ArcaOnline.cabO16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.eu/buxus/docs/OnlineScanner.cabO16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cabO16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cabO16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cabO16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cabO16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cabO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cabO16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C5} (GameDesire Snooker) - http://download.gamedesire.com/g_bin/pl/snooker_2_0_0_35.cabO23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exeO23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exeO23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exeO23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exeO23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exeO23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exeO23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: lxcc_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcccoms.exeO23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe--End of file - 8803 bytes PROSZE winnt32.exe już nie sprawdziłem w msconfig
Mateusz J. komentarz 15 grudnia 2008 komentarz 15 grudnia 2008 O3 - Toolbar: (no name) - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - (no file)O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dllO3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareMediaBar.dll (file missing) Fix w HijackThis. Do notatnika wklej: Folder::c:\program files\AskBarDisRegistry::[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"=-[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"=- W notatniku zakladka Plik ==> Zapisz jako ==> zapisz pod nazwą CFScript.txt i zapisz go w tym katalogu co ściągnięty i zapisany został combofix Na ikonę ComboFix przeciągasz zrobiony plik CFScript.txt Tak jak na obrazku: Rozpocznie się usuwanie i powstanie log , który pokazujesz na forum.
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.