Zaznaczam, ze tych prób nie wykonywałem przy wyłączonym przywracaniu systemu, tylko przy włączonym. Nie chciałem dalej sam eksperymentowac na wlasną ręke i prosze o pomoc. W katalogu Windows, System, System 32 miałem kilkanaście takich ikon podpisanych 8jgsfgj5.exe [coś w tym rodzaju] Można było je ręcznie skasować więc je skasowałem a następnie dziwne wpisy w rejestrze wykasowałem za pomocą programu hijackthis. Zostały te długie i po za tym nie wiem czy czegoś nie pominąłem.
- Kod: Zaznacz wszystko
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:43:18, on 2009-10-22
Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\xxx\Pulpit\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Expressivo - {85F685C3-20D9-4943-95E4-EB4224056C3F} - C:\Program Files\ivo\Expressivo\integr\ih-iexplorer\IH_iexplorer.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Foxit Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: Expressivo - {85F685C3-20D9-4943-95E4-EB4224056C3F} - C:\Program Files\ivo\Expressivo\integr\ih-iexplorer\IH_iexplorer.dll
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [f5nqklahmf1mgc2epe220havzsprob59j248qhl698pzaf26e10f4t0afdz86chi8256p9veoobjjxw4r64v9obx368xp7l289bv5imylxiratbjuq3qhuwp29kvgroj133qgbm1mx109uxholzfxeju8802w029nxc47ohgsxxv2753cuacgmeyeisb0d3duo2w3mx4ajhz8guwejepurw5m694l1rvl56ca6sksu8suktmbr2xlrco0pqbpz56krcok9j5p5h9e62es5g9ymmfh448ktqvzrsy5pebbqyu6y8bcpmvlaq3wfo9tlkvfbo7s2j1i4ev16gl387w6scp9sfkhe65p1dvo93q3qvsc9e3y2lhui7zodn73st6i7a6ebm2of4hgklblgdaegary2rzt6uk4x8mwmnn7c2obqbmzemcscd2gdwckryt4hsalk2kdmc7g5agibrxn5z5x5ghksua1ukezzk54tx34a7uwox189ffhqpoteh5ru8o733ef1pgyimc2tlzmuwu6n8767w9ndbfm18fy3ve8j1doykjjs3gxpszap91wih0unm7mow5e821tyi5p6f7qx4oicbh19r9imlw3mnw8gfyak18i2yr6l555k45eh06f1pgx66os8cz6kczbzsdzapnv4v45kesj2ks7260z7r9rkxasihmxh8eohsrx3wc8491e04gpzs141mkbjgiak9ivk9iiaeq66lym1nv0w3d7glttk73a5d5pgkwnzbmxhvqz058vzaijzq4dok9e8podt3w8zzsxz5gorvd45aawced5f1qty8qa3kilhaio1yk19dczlnj2hbt54hq27si000hiyt98bu0lweuk2ckwrfirp1uptdouvf0o0eme56n5sisghxr1s1ejxmo9ykwmbv87jjzbratwt9gquodut19z8zppyy5ijkk2aw9458s1zn3layti3m1x9kib2g3z0knmibq9foz4gtot
O4 - HKLM\..\Run: [63yz7marf92sg5cbktxqva4pn4ujz3zbscodskewoswb97imiepdj9spm2n5rsbve7wxdzx4s34xuexqe2e25506g6laenjqgxhmyhg1a1l36sbbi4x6nlticap9g1ir9kjrx64ivkuowb997snqewjuk5ta98j8lfgvxrqfehqfrdc5g6nohl16sjkxfsi33g35qf5lfv4rvw2uzmulscabugvnzfey26flxgyt6uti9fnvv57lqurpl9frq5fk42ovzqxz8x0qn6u6ma8br8er94pnzwaq7afi75rirj5coap7cyom1dpfekw03i8bti6u5v50hbtv347b6y1ghvlrhl0t8dtgskj0b4s1o7h9b1ea0kjdqe1sue3yerksw6z4b9bmdt7he5ppecm9b0iwejcu5ib3jcu39dsy4ubmd9hsy8z761kldgxp9ii0lscht3zj7srq7kwpp725aq5d98v1gaaichllegrr3s5hxgu99ate8asnvb9xd89cmcirbk9tvnsoymkvkqcku1r2xehc9ey92hf7ylu3d3d0kzabrl4gzum24knk8yb01rwr1cxq7zd4vnbohob1awy7kiz58jegnil2mwlrr5y3fzofs97h6zf6dkewmr89a6go2ltmm0w8yn56v2fpj7d07ljpkpxb26a7bas26zknm9g7qjaerc1r3s46ha3uvkyax2yhnve0hufky9fdh33m7m5o7gmo5hfkvsxijyx0ylwawd4nq5pt6ewynjle99z4j9mgt28dt7vjyd2361uaq1i2eezsla5y2giugnudyjx3xuzc5mhsgzw2fqdhlfq5w0z19syjl5i1eng1nh15o7yi2esaftgaz7ufuvjl434zk9lgd9nrm7mconmk4gt98le83r49we7nbvg3s0pq1dnj031iuneimeu1teju7d0ff5iclm9gz09ws64vaf4309r8j7ffwbp8fm5wcg729gz39x29x9lpkeruo0eqy
O4 - HKLM\..\Run: [at0rwz7ldg4cq9f8fuzkm76z4w8dnd2gqx2gzw0fayhwky4vzif2cn26jq3h0z8oc13pnihvtky7ryqvo5b4z1r3v21gf83iow6qtwu9oeh4gg0rou70regesnvor89ry7zsxsornup5akaytb1vqe8l1m0sxpu9buz1kpubj33x62yu4q7argvbd360ocnrs835kzmvs4qy817zs0pig5f5fg0f01itm6adnh5322i6l4wzx0yzngn45l9easbm6hjczbfhfch3sl7pl219xq4ba08csimorr50te7riz6ipff1b9s5le06yi69z4bx5h6nyf8plnc1kb7br09kaldbm67ps8zoclkqbwc3f04ithkaqefrmotr66fwat9uisvktl3kzsovg91kk3qjf9bhhgc123azl67w58lilhu967cdpkzm65bm4oj7007d7fn5g0jisww5yzcxmtmpimgvbha1dajmwvm59o8d5szw3467d4xrqfo189sqzou23djgu0kn65eoep9fjv6zc5s8l9zggxqdwfv8hd1od8pqn6913qeie50mwk0ch8i1no4onxlj8ujax0ruwrlk9add7r9axmddqp2nxlfuambx2yts2aj9g7h869r6b5n2dip72v8z47dcbibmcxn3koo0z2cshjtnv39299h3tt7z14o9rw2pznyd542nlft5qej3x9ozfy5c3gm6i956d3s6oxpzdu3fzzd4nx7w5zx06vrtuhuzrmnbxt8ykcw31bsrrp9ygm2tv1x4laqmo4ghnufazjqepu8tmakitk8gwd5cvos9hzaubhf5y2m7bbxbnx0vuydmu3ypk8uog57tu5d1rul2uo25ea2rsuqu0lqh3bzqwvj1yvmnef0aol4sk6hjqm8p8wtd3xmnn8pzn5yora36b00g9nralkg7qa39zyfnw3wln34j6p26wpitwzvxr03hhapnehidwhsfo6fvpb5jjdfh5vdc8y21]
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [PrevxRootkitRemovalTool] "C:\Documents and Settings\xxx\Pulpit\gromozon_rootkit_removal.exe" -scan
O4 - HKCU\..\Run: [ALLUpdate] "C:\Program Files\ALLPlayer\ALLUpdate.exe" "sleep"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1248693903703
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
--
End of file - 8465 bytes