prośba o sprawdzenie loga.

[StFurca]

Avast wykrywa ostatnio dużo wirusów i mam problem z ładowaniem stron.

Kod: Zaznacz wszystko

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:02:42, on 2007-11-18
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\htpatch.exe
C:\WINDOWS\System32\RunDll32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\mrofinu1148.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\Insider\Insider.exe
C:\WINDOWS\System32\u.exe
C:\WINDOWS\System32\msq23.exe
C:\WINDOWS\System32\helpme.exe
C:\WINDOWS\System32\msn32.exe
C:\WINDOWS\System32\wing32.exe
C:\WINDOWS\System32\WUAUMQR1.EXE
C:\WINDOWS\System32\nvsvc86.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Last.fm\LastFM.exe
C:\Program Files\Xing\XingMP3 Player\XingMP3 Player.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\winimgr.exe
C:\Documents and Settings\QAROOL\Pulpit\hijackthis.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotinfolink.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
F2 - REG:system.ini: Shell=Explorer.exe %WINDIR%\VTTray.exe
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe"  -lang 1033
O4 - HKLM\..\Run: [Internet Security Service] msq23.exe
O4 - HKLM\..\Run: [Intec Service Drivers] C:\WINDOWS\System32\wing32.exe
O4 - HKLM\..\Run: [] helpme.exe
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu1148.exe 61A847B5BBF72813339F30466188719AB689201522886B092CBD44BD8689220221DD325762E902BC9ED7286138F75F2F0C8D6E84A1EF7F506DCD610837F810E7CA9D775A67
O4 - HKLM\..\Run: [OfficeWord Monitor ] C:\WINDOWS\System32\msn32.exe
O4 - HKLM\..\Run: [Office Monitor Word Exel R] C:\WINDOWS\System32\u.exe
O4 - HKLM\..\Run: [Microsoft] enpek.exe
O4 - HKLM\..\Run: [Winsock2 wqr1s] WUAUMQR1.EXE
O4 - HKLM\..\Run: [Win32 Servermgr] C:\WINDOWS\System32\winimgr.exe
O4 - HKLM\..\Run: [Network Security XP] C:\WINDOWS\System32\nvsvc86.exe
O4 - HKLM\..\RunServices: [Internet Security Service] msq23.exe
O4 - HKLM\..\RunServices: [] helpme.exe
O4 - HKLM\..\RunServices: [Microsoft] enpek.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [Internet Security Service] msq23.exe
O4 - HKCU\..\Run: [Intec Service Drivers] C:\WINDOWS\System32\wing32.exe
O4 - HKCU\..\Run: [] helpme.exe
O4 - HKCU\..\Run: [Twoje TVN24] "C:\Program Files\Pasek TVN24\PasekTVN24.exe"
O4 - HKCU\..\Run: [WinAble] C:\Program Files\WinAble\winable.exe
O4 - HKCU\..\Run: [OfficeWord Monitor ] C:\WINDOWS\System32\msn32.exe
O4 - HKCU\..\Run: [Office Monitor Word Exel R] C:\WINDOWS\System32\u.exe
O4 - HKCU\..\Run: [Insider] C:\Program Files\Insider\Insider.exe
O4 - HKCU\..\Run: [Network Security XP] C:\WINDOWS\System32\nvsvc86.exe
O4 - HKCU\..\RunOnce: [Winsock2 wqr1s] WUAUMQR1.EXE
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-21-1220945662-573735546-725345543-1003\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-1220945662-573735546-725345543-1003\..\Run: [Internet Security Service] msq23.exe (User '?')
O4 - HKUS\S-1-5-21-1220945662-573735546-725345543-1003\..\Run: [Intec Service Drivers] C:\WINDOWS\System32\wing32.exe (User '?')
O4 - HKUS\S-1-5-21-1220945662-573735546-725345543-1003\..\Run: [] helpme.exe (User '?')
O4 - HKUS\S-1-5-21-1220945662-573735546-725345543-1003\..\Run: [Twoje TVN24] "C:\Program Files\Pasek TVN24\PasekTVN24.exe" (User '?')
O4 - HKUS\S-1-5-21-1220945662-573735546-725345543-1003\..\Run: [WinAble] C:\Program Files\WinAble\winable.exe (User '?')
O4 - HKUS\S-1-5-21-1220945662-573735546-725345543-1003\..\Run: [OfficeWord Monitor ] C:\WINDOWS\System32\msn32.exe (User '?')
O4 - HKUS\S-1-5-21-1220945662-573735546-725345543-1003\..\Run: [Office Monitor Word Exel R] C:\WINDOWS\System32\u.exe (User '?')
O4 - HKUS\S-1-5-21-1220945662-573735546-725345543-1003\..\Run: [Insider] C:\Program Files\Insider\Insider.exe (User '?')
O4 - HKUS\S-1-5-21-1220945662-573735546-725345543-1003\..\Run: [Network Security XP] C:\WINDOWS\System32\nvsvc86.exe (User '?')
O4 - HKUS\S-1-5-21-1220945662-573735546-725345543-1003\..\RunOnce: [Winsock2 wqr1s] WUAUMQR1.EXE (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: Kalendarz XP.lnk = C:\Program Files\Kalendarz XP\Kalendarz.exe
O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Program Files\MP3 Player Utilities 4.00\AMVConverter\grab.html
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.00\MediaManager\grab.html
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: s3contrl (32-bit) - Unknown owner - C:\WINDOWS\VTTray.exe

--
End of file - 7384 bytes


[wojtas]

ale syfu.....

Wykonaj to co jest podane w tym temacie

zastosuj:

smitfraudfix z opcji 2


Zastosuj SDFix . Po pobraniu uruchom go a rozpakuje się do C:\SDFix. Uruchom komputer w trybie awaryjnym (F8 przy stracie systemu). Będąc w awaryjnym uruchom plik RunThis.bat z folderu SDFixa. Zatwierdź czyszczenie przez Y. Poczekaj aż ukończy i komputer zresetuje

Potem wejdz do folderu SDFix wrzuc zawartość pliku Report.txt + log z combofixa oraz z hijacka