Wirus win32:trojan-gen {other}

[DANIELOSSO]

Witam. AVAST wykrył mi 3 wirusy w pamięci operacyjnej. Nie wiem jak się z nimi uporać. Komputer się trochę spowolnił. Mam problemy z Internet Explorer i Firefoxem. Otóż coraz częściej wyskakują mi błędy przy wchodzeniu na strony www, ale gdy kliknę jeszcze raz to już jest wszystko ok i wchodzi mi normalnie na stronke bez żadnego problemu.

Oto screeny ze skanowania:
http://img16.imageshack.us/my.php?image=cghu.png
http://img25.imageshack.us/my.php?image=fdyd.png

Oto Logi z ComboFix:

Kod: Zaznacz wszystko

.

(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\xpp\Dane aplikacji\wiaserva.log
c:\windows\services.exe
c:\windows\system32\apcupsc.exe
c:\windows\system32\AutoRun.inf
c:\windows\system32\crypts.dll
c:\windows\system32\msssc.dll
c:\windows\system32\u32Prod.dll
c:\windows\system32\wbem\grpconv.exe

.
(((((((((((((((((((((((((((((((((((((((   Sterowniki/Usługi   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_UPNPHOSTBITS
-------\Service_upnphostBITS


(((((((((((((((((((((((((   Pliki utworzone od 2009-03-11 do 2009-04-11  )))))))))))))))))))))))))))))))
.

2009-04-10 20:14 . 2009-04-10 20:45   <DIR>   d--------   c:\program files\ESET
2009-04-10 20:14 . 2009-04-10 20:17   12   --a------   c:\windows\system32\mapisvc.inf
2009-04-10 20:04 . 2009-04-10 20:04   <DIR>   d--------   c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files
2009-04-08 13:25 . 2009-04-08 13:25   <DIR>   d--------   c:\program files\Alwil Software
2009-04-03 06:53 . 2009-04-03 06:53   <DIR>   d--------   c:\program files\Common Files\VideoMate
2009-04-03 06:53 . 2006-01-17 20:47   163,840   --a------   c:\windows\system32\CpDTVMen.dll
2009-04-03 06:53 . 2005-03-14 14:22   81,920   -ra------   c:\windows\system32\PhilipsDVB_TXT.ax
2009-04-03 06:53 . 2005-02-22 10:00   77,824   -ra------   c:\windows\system32\PhilipsAnalog_TXT.ax
2009-04-03 06:45 . 2009-04-03 06:45   32   --a-s----   c:\windows\system32\3437661450.dat
2009-03-30 13:30 . 2009-03-30 13:31   <DIR>   d--------   c:\program files\uTorrent
2009-03-30 13:30 . 2009-03-30 14:29   <DIR>   d--------   c:\documents and settings\xpp\Dane aplikacji\uTorrent
2009-03-28 16:48 . 2004-08-11 10:27   27,232   --a------   c:\windows\system32\drivers\ULCDRHlp.sys
2009-03-28 16:47 . 2009-04-03 06:53   <DIR>   d--------   c:\program files\Common Files\Ulead Systems
2009-03-28 16:47 . 2003-03-19 14:20   1,060,864   --a------   c:\windows\system32\MFC71.dll
2009-03-28 16:47 . 2003-02-18 11:23   122,880   --a------   c:\windows\system32\u32Comm.dll
2009-03-28 16:47 . 2003-04-17 17:34   61,440   --a------   c:\windows\system32\u32Cfg.dll
2009-03-28 16:47 . 2002-08-02 22:25   53,248   --a------   c:\windows\system32\UVSC.DLL
2009-03-28 16:47 . 2003-01-09 13:58   24,576   --a------   c:\windows\system32\U32SN.DLL
2009-03-26 15:08 . 2009-03-26 16:08   <DIR>   d--------   c:\program files\KM Remote
2009-03-25 20:21 . 2009-03-25 20:21   <DIR>   dr-------   c:\program files\Skype
2009-03-25 20:21 . 2009-04-11 09:31   <DIR>   d--------   c:\documents and settings\xpp\Dane aplikacji\Skype
2009-03-16 19:44 . 2009-03-21 10:37   <DIR>   d--------   c:\documents and settings\xpp\Dane aplikacji\GanymedeNet
2009-03-16 19:42 . 2009-03-20 15:53   <DIR>   d--------   c:\program files\Ganymede
2009-03-15 20:42 . 2009-03-22 08:37   160   --a------   c:\windows\mafosav.INI
2009-03-15 20:41 . 2009-03-15 20:41   <DIR>   d--------   c:\program files\Mario Forever
2009-03-14 13:29 . 2001-08-17 23:02   9,600   --a------   c:\windows\system32\drivers\hidusb.sys
2009-03-14 13:29 . 2001-08-17 23:02   9,600   --a--c---   c:\windows\system32\dllcache\hidusb.sys
2009-03-12 13:51 . 2009-03-12 13:51   <DIR>   d--------   c:\documents and settings\All Users\Dane aplikacji\WEBREG
2009-03-11 20:14 . 2009-04-03 06:53   <DIR>   d--------   c:\program files\VideoMate
2009-03-11 16:43 . 2009-03-11 16:43   <DIR>   d--------   c:\documents and settings\xpp\Dane aplikacji\HP
2009-03-11 15:24 . 2009-03-11 15:24   <DIR>   d--------   c:\documents and settings\xpp\Dane aplikacji\HPAppData
2009-03-11 15:24 . 2009-03-11 15:24   <DIR>   d--------   c:\documents and settings\All Users\Dane aplikacji\HPSSUPPLY
2009-03-11 15:16 . 2009-03-11 15:16   <DIR>   d--------   c:\documents and settings\All Users\Dane aplikacji\HP Product Assistant
2009-03-11 15:16 . 2009-03-11 15:20   <DIR>   d--------   c:\documents and settings\All Users\Dane aplikacji\HP
2009-03-11 15:15 . 2009-03-11 15:15   <DIR>   d--------   c:\program files\Common Files\HP

.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-09 07:07   ---------   d--h--w   c:\program files\InstallShield Installation Information
2009-04-04 13:08   ---------   d-----w   c:\program files\ALLPlayer
2009-04-01 15:48   ---------   d-----w   c:\documents and settings\xpp\Dane aplikacji\U3
2009-03-25 18:21   ---------   d-----w   c:\documents and settings\All Users\Dane aplikacji\Skype
2009-03-25 17:19   ---------   d-----w   c:\documents and settings\xpp\Dane aplikacji\skypePM
2009-03-21 20:35   ---------   d-----w   c:\documents and settings\xpp\Dane aplikacji\Hamachi
2009-03-11 13:24   ---------   d-----w   c:\program files\HP
2009-03-09 18:21   921,632   ----a-w   C:\PAP7501.dat
2009-03-04 18:15   ---------   d-----w   c:\program files\Opera
2009-03-03 18:09   ---------   d-----w   c:\program files\KYE
2009-03-03 18:09   ---------   d-----w   c:\program files\Common Files\PAP7501
2009-02-28 12:36   ---------   d-----w   c:\program files\Wesola_Szkola_1
2009-02-27 18:10   ---------   d-----w   c:\program files\rFactor
2009-02-26 13:45   ---------   d-----w   c:\documents and settings\xpp\Dane aplikacji\.BitTornado
2009-02-26 12:08   ---------   d-----w   c:\documents and settings\All Users\Dane aplikacji\Trymedia
2009-02-24 14:34   ---------   d-----w   c:\documents and settings\xpp\Dane aplikacji\Cream Software
2009-02-21 18:39   ---------   d-----w   c:\program files\TransItal
2009-02-21 18:35   ---------   d-----w   c:\documents and settings\xpp\Dane aplikacji\Ahead
2009-02-21 07:28   ---------   d-----w   c:\program files\Common Files\snpstd3
2009-02-21 07:28   ---------   d-----w   c:\program files\Common Files\InstallShield
2009-02-21 07:07   ---------   d-----w   c:\program files\iXi Tools
2009-02-19 15:29   ---------   d-----w   c:\program files\Common Files\Ahead
2009-02-19 15:26   ---------   d-----w   c:\program files\Nero
2009-02-19 15:26   ---------   d-----w   c:\documents and settings\All Users\Dane aplikacji\Nero
2009-02-19 13:21   ---------   d-----w   c:\program files\7-Zip
2009-02-15 13:09   ---------   d-----w   c:\documents and settings\All Users\Dane aplikacji\Hewlett-Packard
2009-02-15 13:08   ---------   d-----w   c:\program files\Hewlett-Packard
2009-02-15 13:07   ---------   d-----w   c:\program files\Common Files\Hewlett-Packard
2009-02-15 09:49   ---------   d-----w   c:\documents and settings\All Users\Dane aplikacji\Microsoft Help
2009-02-15 09:47   ---------   d-----w   c:\program files\Microsoft Works
2009-02-15 09:46   ---------   d-----w   c:\program files\MSBuild
2009-02-15 09:42   ---------   d-----w   c:\program files\Microsoft.NET
2009-02-15 09:40   ---------   d-----w   c:\program files\Microsoft Visual Studio 8
.

(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ALLUpdate"="c:\program files\ALLPlayer\ALLUpdate.exe" [2008-11-24 869888]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-10 216520]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 153136]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-03-11 24095528]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-09 153136]
"tsnpstd3"="c:\windows\tsnpstd3.exe" [2005-12-20 94208]
"GUCI_AVS"="c:\windows\PixArt\PAP7501\GUCI_AVS.exe" [2007-12-10 323584]
"PACTray"="c:\windows\PixArt\PAP7501\PACTray.exe" [2008-06-18 339968]
"PAP7501_Monitor"="c:\windows\PixArt\PAP7501\GUCI_AVS.exe" [2007-12-10 323584]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

c:\documents and settings\All Users\Menu Start\Programy\Autostart\
ComproRemote.lnk - c:\program files\Common Files\VideoMate\ComproRemote.exe [2009-04-03 155648]
ComproScheduler.lnk - c:\program files\Common Files\VideoMate\ComproScheduler.exe [2009-04-03 69632]
TweakYC.lnk - c:\program files\VideoMate\ComproPVR 2\TweakYC.exe [2009-04-03 524288]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\a2service.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ArcaCheck.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\arcavir.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ashDisp.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ashEnhcd.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ashServ.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ashUpd.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\aswUpdSv.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avcls.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avz.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avz4.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avz_se.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\bdinit.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\caav.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\caavguiscan.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\casecuritycenter.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ccupdate.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\cfp.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\cfpupdat.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\cmdagent.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\DRWEB32.EXE]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\FAMEH32.EXE]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\FPAVServer.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fpscan.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\FPWin.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fsav32.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fsgk32st.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\FSMA32.EXE]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\guardxservice.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\guardxup.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\navigator.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NAVSTUB.EXE]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Nvcc.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\outpost.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\preupd.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pskdr.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SfFnUp.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Vba32arkit.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\vba32ldr.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\vsserv.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Zanda.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\zapro.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Zlh.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\zoneband.dll]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"12565:TCP"= 12565:TCP:BitCometLite 12565 TCP
"12565:UDP"= 12565:UDP:BitCometLite 12565 UDP

R0 viasraid;viasraid;c:\windows\system32\drivers\viasraid.sys [2003-12-12 77312]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-04-10 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-04-10 20560]
R3 CXEAGLE;Compro VideoMate X series Video Capture;c:\windows\system32\drivers\VMXVid.sys [2009-01-30 272256]
R3 GUCI_AVS;Canyon USB2.0 PC Camera;c:\windows\system32\drivers\GUCI_AVS.sys [2009-03-03 540160]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12   REG_MULTI_SZ      Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt   REG_MULTI_SZ      hpqcxs08 hpqddsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
\Shell\AutoRun\command - H:\LaunchU3.exe -a
.
- - - - USUNIĘTO PUSTE WPISY - - - -

HKCU-Run-DriverUpdaterPro - c:\program files\iXi Tools\Driver Updater Pro\DriverUpdaterPro.exe


.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www.wp.pl/
IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {FD37A67B-F7AE-4931-80BB-F70DDBF83FEF} = 194.204.159.1,194.204.152.34
FF - ProfilePath - c:\documents and settings\xpp\Dane aplikacji\Mozilla\Firefox\Profiles\kf3jk7l2.default\
FF - prefs.js: browser.startup.homepage - google.pl
FF - plugin: c:\program files\Mozilla Firefox\plugins\npganymedenet.dll
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-11 09:31:20
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

skanowanie ukrytych procesów ...

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ...

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
.
**************************************************************************
.
Czas ukończenia: 2009-04-11  9:33:04 - komputer został uruchomiony ponownie [xpp]
ComboFix-quarantined-files.txt  2009-04-11 07:32:55

Przed: 3,731,787,776 bajtów wolnych
Po: 7,687,110,656 bajtów wolnych

WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

276

Logi z HijackThis:

Kod: Zaznacz wszystko

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:51:35, on 2009-04-11
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\PixArt\PAP7501\GUCI_AVS.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\services.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\TEMP\CCA6.tmp
C:\WINDOWS\services.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\services.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\services.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\services.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\services.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\services.exe
C:\Program Files\VideoMate\ComproPVR 2\ComproPVR.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\xpp\Pulpit\Nowy folder\hijackthis.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wp.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe
O4 - HKLM\..\Run: [GUCI_AVS] C:\WINDOWS\PixArt\PAP7501\GUCI_AVS.exe
O4 - HKLM\..\Run: [PACTray] C:\WINDOWS\PixArt\PAP7501\PACTray.exe
O4 - HKLM\..\Run: [PAP7501_Monitor] C:\WINDOWS\PixArt\PAP7501\GUCI_AVS.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [services] C:\WINDOWS\services.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ALLUpdate] "C:\Program Files\ALLPlayer\ALLUpdate.exe" "sleep"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [DriverUpdaterPro] C:\Program Files\iXi Tools\Driver Updater Pro\DriverUpdaterPro.exe -t
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: ComproRemote.lnk = ?
O4 - Global Startup: ComproScheduler.lnk = ?
O4 - Global Startup: TweakYC.lnk = ?
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Kolekcja wycinków HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Zaznaczanie HP Smart - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{FD37A67B-F7AE-4931-80BB-F70DDBF83FEF}: NameServer = 194.204.159.1,194.204.152.34
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: crypt - C:\WINDOWS\SYSTEM32\crypts.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Unknown owner - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (file missing)
O23 - Service: Host uniwersalnego urządzenia Plug and Play upnphostBITS (upnphostBITS) - Unknown owner - C:\WINDOWS\system32\apcupsc.exe

--
End of file - 7520 bytes


Z góry dziękuję za pomoc, i życzę WESOŁYCH ŚWIĄT!!!

[wojtas]

Wykonaj to co jest podane w tym temacie

Zastosuj SDFix . Po pobraniu uruchom go a rozpakuje się do C:\SDFix. Uruchom komputer w trybie awaryjnym (F8 przy stracie systemu). Będąc w awaryjnym uruchom plik RunThis.bat z folderu SDFixa. Zatwierdź czyszczenie przez Y. Poczekaj aż ukończy i komputer zresetuje

Potem wejdz do folderu C:\SDFix wrzuc zawartość pliku Report.txt + log z combofixa oraz daj loga z hijacka

Autor postu otrzymał pochwałę

[DANIELOSSO]

Dzięki. Ale nie znam się na tych sprawach i mam kilka pytań.

Potem wejdz do folderu C:\SDFix wrzuc zawartość pliku Report.txt + log z combofixa oraz daj loga z hijacka

1.

Potem wejdź do folderu...

tzn. mam wejść do tego folderu już w normalnym trybie, czy też w trybie awaryjnym??
2.

wrzuć zawartość pliku Report.txt

-- Gdzie ten plik jest??? Sam mam go zrobić czy już jest???
3.

...Report.txt + log z combofixa oraz daj loga z hijacka.

---- mam wkleić do tego Report.txt log z combofixa i hijacka czy co???

Sorki za te pytania ale jak juz pisałem nie znam się na tym.

Dodano Dzisiaj, 15:31:
Pomoże mi ktoś???

[Okocza]

DANIELOSSO, instrukcja jest jasno napisana...

w trybie awaryjnym masz odpalić SDFixa i tam w trybie awaryjnym wejść do folderu i wkleić zawartość pliku report.txt oraz do tego zawartoścć loga z Combofixa oraz hijackthisa

[DANIELOSSO]

No ale gdzie jest ten plik report.txt. I jak mam wklejać te logi??? Każdy log do innego pliku .txt czy jak??? No i czy jak popełnię jakiś błąd przy kopiowaniu/wklejaniu tego pliku to mogę zepsuć system???

Sorki, może dla was to są banalne pytania ale ja się na tym za bardzo nie znam, dlatego pytam.

[sgsman]

1) report.txt - w folderze sdfixa (a jeśli nie, to bezpośrednio na c:\)
2) logi, które powstaną po skanowaniu, masz wkleić tu na forum, coby je przeanalizować.
3) staraj się nie popełnić błędu i rób wszystko zgodnie z instrukcją, to będzie grała gitara
Wesołych.