moje dokumenty x2

[Boosty]

Witam.Mam problem z moim dokumentami.Po zalogowaniu jakiegokolwiek profilu system uruchamia PODWÓJNIE! moje dokumenty.Sprawdzałem w autostarcie i nic tam nie ma.System był ostatnio sprawdzany Avastem,Spybotem,Kasperskim i Ad-Aware.Na wszelki wypadek podaje log z HijackThis.Chciałbym pozbyć się automatycznego włączania moich dokumentów.Co mam zrobić??

Logfile of HijackThis v1.99.1
Scan saved at 21:13:00, on 07-05-11
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe
C:\Program Files\Navigator Mouse\moffice.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Navigator Mouse\MOUSE32A.DAT
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\System32\UAService7.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
D:\Program Files\Jok\Moje programy\Mozilla\Mozilla Firefox\firefox.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
D:\Program Files\Jok\Moje programy\GetRight\GetRight.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\userinit.exe,userinit.exe
O4 - HKLM\..\Run: [internat.exe] internat.exe
O4 - HKLM\..\Run: [Zasobnik systemowy] SysTray.Exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [LexStart] Lexstart.exe
O4 - HKLM\..\Run: [VGAUtil] C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Navigator Mouse\moffice.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Startup: Skrót do HijackThis.lnk = C:\Program Files\HijackThis\HijackThis.exe
O4 - Startup: Skrót do TeaTimer.lnk = C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
O23 - Service: StarWind iSCSI Service (StarWindService) - Unknown owner - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe (file missing)
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\System32\UAService7.exe

[Precel]

obejmi loga tagami code lub quote

[Boosty]

Log objęty.

[Dzi@dek]

Log czysty.

[wojtas]

skasuj:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\userinit.exe,userinit.exe

i daj loga z:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

[Boosty]

skasuj:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\userinit.exe,userinit.exe

i daj loga z:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Usunąłem te wpisy jednak moje dokumenty nadal się pojawiają,ale tylko raz.

[ Dodano: Dzisiaj o 21:16 ]
Oto log z programu ComboFix:

ComboFix 07-05.17.6.V - Running from: "D:"


(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Program Files\install.log
C:\WINDOWS\system32\vx.tll
C:\WINDOWS\start.exe


((((((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\nm


((((((((((((((((((((((((((((((( Files Created from 2007-04-05 to 2007-05-18 ))))))))))))))))))))))))))))))))))


2007-05-18 18:51 <DIR> d--hs---- C:\FOUND.046
2007-05-18 15:33 24,192 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\usbser.sys
2007-05-17 21:40 <DIR> d-------- C:\DOCUME~1\Ela\DANEAP~1\Teleca
2007-05-17 21:40 <DIR> d-------- C:\DOCUME~1\Ela\DANEAP~1\Sony Ericsson
2007-05-17 16:32 <DIR> d--hs---- C:\FOUND.045
2007-05-15 14:28 <DIR> d-------- C:\DOCUME~1\Boosty\DANEAP~1\Teleca
2007-05-15 14:28 <DIR> d-------- C:\DOCUME~1\Boosty\DANEAP~1\Sony Ericsson
2007-05-11 21:56 <DIR> d-------- C:\WINDOWS\SYSTEM32\Kaspersky Lab
2007-05-11 20:39 <DIR> d-------- C:\Program Files\SkanerOnline
2007-05-11 19:28 <DIR> d-------- C:\DOCUME~1\TED~1.OEM\DANEAP~1\Lavasoft


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-05-18 17:38:12 5,112 ----a-w C:\WINDOWS\GPCIDrv.sys
2007-05-18 17:38:10 17,962 ----a-w C:\WINDOWS\system32\drivers\GVTDrv.sys
2007-05-18 17:03:10 12,508 ----a-w C:\WINDOWS\mozver.dat
2007-04-30 15:46:10 745,600 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-04-30 15:41:56 85,952 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-04-30 15:41:42 94,552 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-04-30 15:39:42 23,416 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-04-30 15:38:52 43,176 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-04-30 15:37:24 26,888 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-04-30 15:35:28 95,872 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2007-04-04 15:40:22 -------- d-----w C:\Program Files\KotOR2-PL
2007-03-28 17:18:02 -------- d-----w C:\DOCUME~1\Boosty\DANEAP~1\Tlen.pl
2007-03-23 16:00:10 8 ----a-w C:\WINDOWS\system32\nvModes.dat
2007-03-21 12:40:18 -------- d-----w C:\DOCUME~1\Boosty\DANEAP~1\Media Center Programs
2007-03-20 18:36:58 -------- d-----w C:\Program Files\UselessCreations
2007-03-17 19:15:46 710 ----a-w C:\WINDOWS\unins001.dat
2007-03-17 18:30:38 -------- d-----w C:\Program Files\PITy2006
2007-03-12 12:46:32 -------- d-----w C:\DOCUME~1\Boosty\DANEAP~1\SpieleEntwicklungsKombinat
2007-03-03 13:28:14 108,144 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-02-15 14:26:50 76,452 ----a-w C:\WINDOWS\system32\perfc015.dat
2007-02-15 14:26:50 451,646 ----a-w C:\WINDOWS\system32\perfh015.dat
2007-02-15 12:13:08 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"internat.exe"="internat.exe" []
"Zasobnik systemowy"="SysTray.Exe" [2001-10-26 17:30 C:\WINDOWS\SYSTEM32\systray.exe]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-04-30 17:42]
"LoadPowerProfile"="powrprof.dll" [2001-10-26 17:29 C:\WINDOWS\SYSTEM32\powrprof.dll]
"LexStart"="Lexstart.exe" []
"VGAUtil"="C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe" [2006-12-28 20:10]
"FLMOFFICE4DMOUSE"="C:\Program Files\Navigator Mouse\moffice.exe" [2007-02-05 19:12]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2006-10-22 12:22]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2006-10-22 12:22]
"@"="" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2001-10-26 17:29]
"BitComet"="D:\Program Files\Jok\Moje programy\BitComet\BitComet.exe" [2006-09-15 19:02]
"Komunikator"="D:\Program Files\Jok\Moje programy\Tlen.pl\tlen.exe" [2007-02-12 12:01]
"ares"="D:\Program Files\Jok\Moje programy\Ares\Ares.exe" [2007-05-04 02:32]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Microsoft Office"="Nxcxt.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]
"1qaw3edr5"="C:\\WINDOWS\\System32\\userinit.exe"


[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages msv1_0
Security Packages kerberos msv1_0 schannel wdigest
Notification Packages scecli


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Run]
???

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SystemTray"="SysTray.Exe"
"OWCCardbusTray"="ocbtray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
"pccguide.exe"=""c:\\Program Files\\Trend Micro\\PC-cillin 2002\\pccguide.exe""
"PCCIOMON.exe"=""c:\\Program Files\\Trend Micro\\PC-cillin 2002\\PCCIOMON.exe""
"PCCClient.exe"=""c:\\Program Files\\Trend Micro\\PC-cillin 2002\\PCCClient.exe""
"Pop3trap.exe"=""c:\\Program Files\\Trend Micro\\PC-cillin 2002\\Pop3trap.exe""
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\SYSTEM32\\nvcpl.dll,NvStartup"
"LXSUPMON"="C:\\WINDOWS\\SYSTEM32\\lxsupmon.exe RUN"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalService Alerter WebClient LmHosts RemoteRegistry upnphost SSDPSRV
NetworkService DnsCache
rpcss RpcSs
imgsvc StiSvc
termsvcs TermService

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs*


~ ~ ~ ~ ~ ~ ~ ~ Hijackthis Backups ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

backup-20070518-193914-399
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
backup-20070518-193903-777
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
backup-20070518-193903-163
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
backup-20070518-151933-624
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\userinit.exe,userinit.exe
backup-20070518-151933-810
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
backup-20070518-151933-415
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
backup-20070518-151933-635
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
backup-20070518-151933-718
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wp.pl/

Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Rozpocz©cie aplikacji dostrajania.job

********************************************************************

catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-05-18 21:57:30
Windows 5.1.2600 FAT

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0


********************************************************************

Completion time: 2007-05-18 21:58:38 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-05-18 21:58


--- E O F ---

[wojtas]

sciagnij gmera:

http://gmer.net/gmer.zip

1. Zakładka Rootkit >>> zaznaczone wszystko oprócz Pokazuj wszystko >>> kliknij Szukaj >>> czekaj cierpliwie aż skończy >>> Kopiuj >>> wklej do posta
2. Zakładka Rootkit >>> zaznaczone tylko Usługi i Pokazuj wszystko >>> kliknij Szukaj >>> czekaj cierpliwie aż skończy >>> Kopiuj >>> wklej do posta