Nie można wejśc do windowsa.

**Posty:** 358 · przez **Kemuel** 25 Sie 2008, 20:00

witam
Miałem problem z wejściem do windowsa tzn po uruchomieniu komputera zczytywał wszystko i zaczął wchodzić do windowsa a po pokazaniu się wyboru użytkownika i wciśnięciu ikony z użytkownikiem komputer wyłaczył się i procedura uruchamiania zaczynała się od początku
poniżej umioeszczam logi z hijacka combofixa i sdfixa
z góry dzięki

Kod: Zaznacz wszystko: ComboFix 08-08-24.03 - Kemuel 2008-08-25 19:38:52.1 - NTFSx86 MINIMAL Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.633 [GMT 2:00] Running from: C:\ComboFix.exe [color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color] . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Kemuel.YYY-LBVCD7WBFM1\Dane aplikacji\macromedia\Flash Player\#SharedObjects\DJJKDHFF\interclick.com C:\Documents and Settings\Kemuel.YYY-LBVCD7WBFM1\Dane aplikacji\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com . ((((((((((((((((((((((((( Files Created from 2008-07-25 to 2008-08-25 ))))))))))))))))))))))))))))))) . 2008-08-25 19:21 . 2008-08-25 19:21 578,560 --a--c--- C:\WINDOWS\system32\dllcache\user32.dll 2008-08-25 19:19 . 2008-08-25 19:20 <DIR> d-------- C:\WINDOWS\ERUNT 2008-08-25 19:19 . 2008-08-25 19:32 <DIR> d-------- C:\SDFix 2008-08-25 19:19 . 2008-08-25 19:19 2,830,141 -ra------ C:\ComboFix.exe 2008-08-25 16:55 . 2008-05-02 21:44 <DIR> d--h----- C:\Documents and Settings\Administrator.YYY-LBVCD7WBFM1\Ustawienia lokalne 2008-08-25 16:55 . 2008-05-02 21:44 <DIR> d-------- C:\Documents and Settings\Administrator.YYY-LBVCD7WBFM1\Ulubione 2008-08-25 16:55 . 2008-05-02 20:52 <DIR> d--h----- C:\Documents and Settings\Administrator.YYY-LBVCD7WBFM1\Szablony 2008-08-25 16:55 . 2008-05-02 21:44 <DIR> d-------- C:\Documents and Settings\Administrator.YYY-LBVCD7WBFM1\Pulpit 2008-08-25 16:55 . 2008-05-02 21:44 <DIR> d-------- C:\Documents and Settings\Administrator.YYY-LBVCD7WBFM1\Moje dokumenty 2008-08-25 16:55 . 2008-05-02 21:44 <DIR> dr------- C:\Documents and Settings\Administrator.YYY-LBVCD7WBFM1\Menu Start 2008-08-25 16:55 . 2008-05-02 21:44 <DIR> dr-h----- C:\Documents and Settings\Administrator.YYY-LBVCD7WBFM1\Dane aplikacji 2008-08-25 16:55 . 2008-08-25 16:55 <DIR> d-------- C:\Documents and Settings\Administrator.YYY-LBVCD7WBFM1 2008-08-25 12:00 . 2008-08-25 19:36 <DIR> d--hs---- C:\WINDOWS\system32\sysproc64 2008-08-25 12:00 . 2008-08-25 12:00 53,248 --a------ C:\Documents and Settings\Kemuel.YYY-LBVCD7WBFM1\svschost.exe 2008-08-24 19:53 . 2008-08-24 19:54 <DIR> d-------- C:\Documents and Settings\Kemuel.YYY-LBVCD7WBFM1\Dane aplikacji\Ulead Systems 2008-08-24 19:52 . 2008-08-24 19:53 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\Ulead Systems 2008-08-24 10:43 . 2004-08-04 00:44 1,392,671 --a------ C:\WINDOWS\system32\MSVBVM60.DLL 2008-08-18 18:23 . 2008-08-18 18:23 <DIR> d-------- C:\Program Files\Trans 2008-08-18 18:23 . 2008-08-18 18:23 <DIR> d-------- C:\Documents and Settings\Kemuel.YYY-LBVCD7WBFM1\Dane aplikacji\RST 2008-08-17 19:02 . 2008-08-17 19:02 58 --a------ C:\WINDOWS\Progs_.ini 2008-08-17 19:01 . 2008-08-17 19:01 <DIR> d-------- C:\Program Files\Common Files\Thraex Software 2008-08-17 17:47 . 2008-08-17 19:02 222 --a------ C:\WINDOWS\VOGEL.INI 2008-08-17 12:03 . 1998-12-08 20:53 212,480 --------- C:\WINDOWS\pcdlib32.dll 2008-08-17 11:57 . 2008-08-17 11:57 208 --a------ C:\WINDOWS\SCANFX.INI 2008-08-17 11:56 . 2008-08-17 11:56 <DIR> d-------- C:\Program Files\ScanDrv 2008-08-17 11:56 . 1999-03-19 11:17 152,064 --a------ C:\WINDOWS\system32\drivers\Scandrv.SYS 2008-08-16 19:11 . 1996-11-05 16:13 299,008 --a------ C:\WINDOWS\uninst.exe 2008-08-16 19:11 . 1995-10-02 10:16 235,584 --a------ C:\WINDOWS\SFTTB.DLL 2008-08-16 19:11 . 1995-10-02 10:16 190,976 --a------ C:\WINDOWS\SFTTB32.DLL 2008-08-16 18:57 . 2008-08-24 16:51 <DIR> d-------- C:\Program Files\Odkurzacz 2008-08-14 18:57 . 1998-11-13 13:10 307,200 --a------ C:\WINDOWS\IsUn0415.exe 2008-08-08 09:27 . 2008-08-08 09:27 <DIR> d-------- C:\Documents and Settings\Kemuel.YYY-LBVCD7WBFM1\Dane aplikacji\OtakuSoftware 2008-08-08 09:26 . 2008-08-08 09:32 <DIR> d-------- C:\Program Files\DeskSpace 2008-08-04 13:29 . 2002-03-27 14:54 217,088 --a------ C:\WINDOWS\system32\libmySQL.dll 2008-08-04 13:29 . 2002-03-29 10:13 102,400 --a------ C:\WINDOWS\system32\TrackerNET.dll 2008-08-04 13:17 . 2008-08-08 20:24 136 --a------ C:\WINDOWS\wininit.ini 2008-08-04 13:11 . 2008-08-04 13:11 <DIR> d-------- C:\WINDOWS\solcache 2008-08-04 13:09 . 1998-10-30 22:21 1,022,976 --a------ C:\WINDOWS\system32\SierraNW.dll 2008-08-04 13:09 . 1998-10-30 22:21 231,936 --a------ C:\WINDOWS\system32\SNWValid.dll 2008-08-04 13:01 . 1999-12-17 09:13 86,016 --a------ C:\WINDOWS\unvise32.exe 2008-08-04 12:56 . 2008-08-04 12:56 <DIR> d-------- C:\Documents and Settings\Kemuel.YYY-LBVCD7WBFM1\WINDOWS 2008-08-04 12:56 . 2008-08-04 13:25 383 --a------ C:\WINDOWS\SIERRA.INI 2008-08-03 12:03 . 2008-08-03 12:03 <DIR> d-------- C:\Program Files\Microsoft ActiveSync 2008-07-30 08:31 . 2008-07-30 20:01 <DIR> d-------- C:\Program Files\Ganymede 2008-07-27 12:17 . 2004-08-04 00:44 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll 2008-07-27 12:17 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys 2008-07-27 12:17 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys 2008-07-27 12:17 . 2001-10-26 17:29 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-08-25 17:34 --------- d-----w C:\Program Files\PeerGuardian2 2008-08-25 16:52 --------- d-----w C:\Documents and Settings\Kemuel.YYY-LBVCD7WBFM1\Dane aplikacji\AVG7 2008-08-24 20:12 --------- d-----w C:\Documents and Settings\Kemuel.YYY-LBVCD7WBFM1\Dane aplikacji\Azureus 2008-08-17 16:22 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-08-17 16:22 --------- d-----w C:\Program Files\Common Files\InstallShield 2008-08-07 18:10 --------- d-----w C:\Program Files\Gadu-Gadu 2008-07-10 16:07 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\Innovative Solutions 2008-07-08 11:17 --------- d-----w C:\Documents and Settings\Kemuel.YYY-LBVCD7WBFM1\Dane aplikacji\Ahead 2008-07-05 18:35 --------- d-----w C:\Documents and Settings\Kemuel.YYY-LBVCD7WBFM1\Dane aplikacji\Talkback 2008-07-05 17:51 --------- d-----w C:\Documents and Settings\Kemuel.YYY-LBVCD7WBFM1\Dane aplikacji\SpeedSim 2008-07-03 18:44 --------- d-----w C:\Program Files\Azureus 2008-06-28 10:05 --------- d-----w C:\Program Files\Google 2008-06-27 17:00 --------- d-----w C:\Documents and Settings\Kemuel.YYY-LBVCD7WBFM1\Dane aplikacji\GanymedeNet 2008-05-02 19:22 12,288 -csha-w C:\Program Files\Thumbs.db 2004-10-01 13:00 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:44 15360] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-04 00:44 1667584] "PeerGuardian"="C:\Program Files\PeerGuardian2\pg2.exe" [2005-04-23 20:03 1175552] "NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2005-06-02 16:03 1957888] "H/PC Connection Agent"="C:\PROGRA~1\MICROS~3\wcescomm.exe" [2005-11-15 19:44 1200128] "Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2007-07-09 09:39 2119104] "Odkurzacz-MCD"="C:\Program Files\Odkurzacz\odk_mcd.exe" [2008-03-03 14:44 266240] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 01:00 90112] "Jet Detection"="C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe" [2001-10-04 01:00 28672] "CTStartup"="C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE" [2001-12-20 01:00 28672] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-05-04 20:47 411648] "PCSuiteTrayApplication"="C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE" [2006-04-26 08:29 237568] "RemoteControl"="C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2003-12-08 17:35 32768] "InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2005-07-08 16:25 1397760] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648] "WINDVDPatch"="CTHELPER.EXE" [2002-02-07 20:01 40960 C:\WINDOWS\system32\CTHELPER.EXE] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 00:44 15360] "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-05-04 20:47 145920] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "Userinit"="C:\\WINDOWS\\system32\\userinit.exe,C:\\WINDOWS\\system32\\oembios.exe," [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadu-Gadu] --a------ 2007-07-09 09:39 2119104 C:\Program Files\Gadu-Gadu\gg.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Gadu-Gadu\\gg.exe"= "C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"= "C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"= "C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"= "C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"= "C:\\Program Files\\Azureus\\Azureus.exe"= "C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "8461:TCP"= 8461:TCP:GoD High Port "8462:TCP"= 8462:TCP:GoD Low Port "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service S2 ScanDrv;ScanDrv;C:\WINDOWS\system32\drivers\ScanDrv.sys [1999-03-19 11:17] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1f5011b0-362a-11dd-80b5-00e04cee6d96}] \Shell\AutoRun\command - EXPLORER.EXE \Shell\explore\Command - EXPLORER.EXE \Shell\open\Command - EXPLORER.EXE *Newly Created Service* - PSEXESVC . - - - - ORPHANS REMOVED - - - - HKCU-Run-DeskSpace - C:\Program Files\DeskSpace\deskspace.exe . ------- Supplementary Scan ------- . R0 -: HKCU-Main,Start Page = hxxp://www.wp.pl/ R1 -: HKCU-Internet Connection Wizard,ShellNext = iexplore R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s O8 -: E&ksport do programu Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-25 19:42:11 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run CTStartup = C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run???h??????s?????\?w? ?w???????w???w4???????.??w4???????4???TA?s4???????L&7????wd??w????????\???\??????????????w-??w\???\?????????`??????C@?\???\??????s????\??????s\???0&7?A??s0&7??C@?x???`|?w\?????@ scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-08-25 19:43:58 ComboFix-quarantined-files.txt 2008-08-25 17:43:49 Pre-Run: 4,408,967,168 bajtów wolnych Post-Run: 4,435,664,896 bajtów wolnych 161

Kod: Zaznacz wszystko: [b]SDFix: Version 1.219 [/b] Run by Kemuel on 2008-08-25 at 19:22 Microsoft Windows XP [Wersja 5.1.2600] Running From: C:\SDFix [b]Checking Services [/b]: [b]Name [/b]: TYE84 [b]Path [/b]: System32\Drivers\Tye84.sys TYE84 - Deleted Restoring Default Security Values Restoring Default Hosts File Restoring Default Desktop Wallpaper Restoring Default ScreenSaver value Rebooting Service TYE84 - Deleted [b]Checking Files [/b]: Trojan Files Found: C:\WINDOWS\system32\lphcv8uj0e73r.exe - Deleted C:\WINDOWS\system32\MWSGUZC.dll - Deleted C:\WINDOWS\system32\phcv8uj0e73r.bmp - Deleted C:\WINDOWS\system32\blphcv8uj0e73r.scr - Deleted C:\WINDOWS\services.exe - Deleted C:\WINDOWS\system32\drivers\TYE84.sys - Deleted Folder C:\Documents and Settings\Kemuel.YYY-LBVCD7WBFM1\Dane aplikacji\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#w*w.redtube.com - Removed Removing Temp Files [b]ADS Check [/b]: [b]Final Check [/b]: catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-25 19:29:48 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes ... scanning hidden services & system hive ... scanning hidden registry entries ... [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{52A34D90-EAFB-0346-55E0-16E262C0945D}] "pakegeamfcfgcpojhcegkjoaiibindff"=hex:69,61,6f,63,68,6c,6d,68,68,6a,63,69,69,6f,64,6e,6d,64,00,00 "abedmcdbmpkdockjlockofhjknlociedml"=hex:69,61,6f,63,68,6c,6d,68,68,6a,63,69,69,6f,64,6e,6d,64,00,00 [HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Twain] "y\1r?ó?d?B\1o? ?d?o?m?y?[\1l?n?e?"="C:\WINDOWS\Twain_32\SCANDRV\TWAIN_32.ds" scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 [b]Remaining Services [/b]: Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\Gadu-Gadu\\gg.exe"="C:\\Program Files\\Gadu-Gadu\\gg.exe:*:Enabled:Gadu-Gadu - program g˘wny" "C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe" "C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe" "C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe" "C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe:*:Enabled:avgemc.exe" "C:\\Program Files\\Return to Castle Wolfenstein\\WolfMP.exe"="C:\\Program Files\\Return to Castle Wolfenstein\\WolfMP.exe:*:Enabled:WolfMP" "C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe:*:Enabled:Azureus" "C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager" "C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager" "C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application" "F:\\SIERRA\\Half-Life\\hl.exe"="F:\\SIERRA\\Half-Life\\hl.exe:*:Enabled:Half-Life Launcher" "D:\\Half Life\\Upgrade\\hl1110.exe"="D:\\Half Life\\Upgrade\\hl1110.exe:*:Enabled:Half-Life Update 1.1.1.0" "C:\\Program Files\\HLSW\\hlsw.exe"="C:\\Program Files\\HLSW\\hlsw.exe:*:Enabled:HLSW" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager" "C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager" "C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application" [b]Remaining Files [/b]: File Backups: - C:\SDFix\backups\backups.zip [b]Files with Hidden Attributes [/b]: Wed 4 Aug 2004 60,928 A.SH. --- "C:\Program Files\Outlook Express\msimn.exe" Fri 18 Jan 2008 196,732 A..H. --- "C:\Documents and Settings\Kemuel\Pulpit\Jaggo7\gg_pion.exe" Fri 3 Oct 2003 524,288 A..H. --- "C:\Documents and Settings\Kemuel\Pulpit\Jaggo7\skplayer.exe" Sat 24 Jun 2006 30,208 A..H. --- "C:\Documents and Settings\Kemuel\Pulpit\Jaggo7\D2\3u6qnadfl.exe" Wed 31 May 2006 17,408 A..H. --- "C:\Documents and Settings\Kemuel\Pulpit\Jaggo7\D2\4ik54sq.exe" Sat 9 Feb 2008 22,510 A..H. --- "C:\Documents and Settings\Kemuel\Pulpit\Jaggo7\D2\AUTOMAP0.TMP" Sat 9 Feb 2008 592 A..H. --- "C:\Documents and Settings\Kemuel\Pulpit\Jaggo7\D2\AUTOMAP1.TMP" Tue 14 Nov 2006 140,288 A..H. --- "C:\Documents and Settings\Kemuel\Pulpit\Jaggo7\D2\d2maphack.dll" Tue 18 Jul 2006 54,784 A..H. --- "C:\Documents and Settings\Kemuel\Pulpit\Jaggo7\D2\d2maphack.sys" Fri 19 Oct 2007 2,647,172 A..H. --- "C:\Documents and Settings\Kemuel\Pulpit\Jaggo7\Ice Tower\icytower13_install.exe" Fri 27 Jul 2007 208,896 A..H. --- "C:\Documents and Settings\Kemuel\Pulpit\Jaggo7\SpeedSim\SpeedKernel.dll" Fri 27 Jul 2007 401,408 A..H. --- "C:\Documents and Settings\Kemuel\Pulpit\Jaggo7\SpeedSim\SpeedSim.exe" Sat 23 Feb 2008 1,859,715 A..H. --- "C:\Documents and Settings\Kemuel\Pulpit\Jaggo7\C.S\C.S 1.5\4961-podbot25installer.zip" [b]Finished![/b]

Kod: Zaznacz wszystko: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:46:20, on 2008-08-25 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Safe mode Running processes: C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\explorer.exe C:\niezbędnik\instalki\antywirusy i logi\HijackThis\HiJackThis2.0.2.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wp.pl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\oembios.exe, O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [Jet Detection] C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MICROS~3\wcescomm.exe" O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray O4 - HKCU\..\Run: [Odkurzacz-MCD] C:\Program Files\Odkurzacz\odk_mcd.exe O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA SIECIOWA') O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'USŁUGA SIECIOWA') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe -- End of file - 4817 bytes

**Posty:** 8001 · przez **Okocza** 25 Sie 2008, 20:01

Kemuel,

przeczytaj-zanim-wstawisz-logi-na-forum-vt93842.html

Nie można wejśc do windowsa.

Nie można wejśc do windowsa.

Prosze o sprawdzenie loga.

Kto jest na forum