problem z IE - podczas pracy uruchamiają się same nowe okna

[hagi]

podczas pracy z IE7 uruchamiają się nowe okna z przypadkowymi stronami. przeskanowałem komputer ad-aware'm, avastem, spybotem i nadal to samo

log z HijackThis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:16:44, on 2008-07-31
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\svchost.exe
F:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
F:\Program Files\Alwil Software\Avast4\ashServ.exe
F:\WINDOWS\system32\spoolsv.exe
F:\WINDOWS\system32\nvsvc32.exe
F:\WINDOWS\system32\svchost.exe
F:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
F:\Program Files\Alwil Software\Avast4\ashWebSv.exe
F:\WINDOWS\Explorer.EXE
F:\WINDOWS\RTHDCPL.EXE
F:\Program Files\totalcmd\TOTALCMD.EXE
F:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 80.48.41.11:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://F:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 3061211781
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - F:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: Antiwpa - F:\WINDOWS\SYSTEM32\antiwpa.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - F:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - F:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - F:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - F:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - F:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Usługa iPod (iPod Service) - Unknown owner - F:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: NBService - Nero AG - F:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - F:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - F:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: STI Simulator - Unknown owner - F:\WINDOWS\System32\PAStiSvc.exe (file missing)

--
End of file - 6005 bytes


log z Combo Fix

ComboFix 08-07-29.1 - hagi 2008-07-31 9:03:45.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.604 [GMT 2:00]
Running from: G:\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

F:\WINDOWS\Downloaded Program Files\setup.inf
F:\WINDOWS\system32\winpfz33.sys
F:\WINDOWS\system32\drivers\core.cache.dsk . . . . failed to delete

.
((((((((((((((((((((((((( Files Created from 2008-06-28 to 2008-07-31 )))))))))))))))))))))))))))))))
.

2008-07-30 23:19 . 2007-06-14 09:29 241,904 --a------ F:\WINDOWS\UNBOC.EXE
2008-07-30 23:19 . 2007-05-08 17:01 208,896 --a------ F:\WINDOWS\CMDLIC.DLL
2008-07-30 23:19 . 2004-08-04 14:00 24,064 --a------ F:\WINDOWS\system32\wsock32.dlb
2008-07-30 21:34 . 2008-07-30 21:35 1,374 --a------ F:\WINDOWS\imsins.BAK
2008-07-17 09:45 . 2008-07-17 09:45 <DIR> d-------- F:\Program Files\Common Files\Wise Installation Wizard
2008-07-03 17:41 . 2008-07-29 23:04 747 --a------ F:\WINDOWS\wininit.ini
2008-07-03 17:00 . 2008-07-03 17:00 <DIR> d-------- F:\Program Files\Spybot - Search & Destroy
2008-07-03 17:00 . 2008-07-03 17:41 <DIR> d-------- F:\Documents and Settings\All Users\Dane aplikacji\Spybot - Search & Destroy
2008-07-01 08:03 . 2008-07-01 08:03 <DIR> d-------- F:\Program Files\EA GAMES
2008-06-22 11:17 . 2008-06-22 22:47 <DIR> d-------- F:\Program Files\Odkurzacz
2008-06-20 00:02 . 2008-06-20 00:02 <DIR> d-------- F:\Program Files\Common Files\Adobe AIR
2008-06-16 09:17 . 2008-06-16 09:48 <DIR> d-------- F:\zdj&copy;cia -mecz
2008-06-15 09:50 . 2008-06-15 09:50 54,156 --ah----- F:\WINDOWS\QTFont.qfn
2008-06-15 09:50 . 2008-06-15 09:50 1,409 --a------ F:\WINDOWS\QTFont.for
2008-06-11 08:37 . 2008-06-14 20:01 273,024 --------- F:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 08:37 . 2008-06-14 20:01 273,024 -----c--- F:\WINDOWS\system32\dllcache\bthport.sys
2008-06-07 09:23 . 2008-06-07 09:23 <DIR> d-------- F:\Program Files\Webteh

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-31 07:08 932 ------w F:\WINDOWS\system32\drivers\core.cache.dsk
2008-07-31 06:50 --------- d-----w F:\Program Files\Mozilla Thunderbird
2008-07-30 22:09 --------- d--h--w F:\Program Files\InstallShield Installation Information
2008-07-30 22:07 --------- d-----w F:\Program Files\Bonjour
2008-07-29 22:14 --------- d-----w F:\Documents and Settings\hagi\Dane aplikacji\Skype
2008-07-28 22:21 --------- d-----w F:\Documents and Settings\hagi\Dane aplikacji\uTorrent
2008-07-25 21:10 --------- d-----w F:\Program Files\Texas Holdem
2008-06-30 12:54 --------- d-----w F:\Program Files\II Wojna Światowa
2008-06-22 21:46 --------- d-----w F:\Documents and Settings\hagi\Dane aplikacji\LimeWire
2008-06-22 21:46 --------- d-----w F:\Documents and Settings\hagi\Dane aplikacji\Azureus
2008-06-22 21:45 --------- d-----w F:\Program Files\WinUHA
2008-06-22 21:40 --------- d-----w F:\Program Files\QuickTime
2008-06-20 10:45 360,320 ----a-w F:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w F:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w F:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-17 21:53 --------- d-----w F:\Documents and Settings\hagi\Dane aplikacji\BSplayer
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="F:\WINDOWS\system32\NvCpl.dll" [2006-10-22 13:22 7700480]
"RTHDCPL"="RTHDCPL.EXE" [2006-12-19 11:12 16062464 F:\WINDOWS\RTHDCPL.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="F:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 14:00 15360]
"Nokia.PCSync"="F:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2008-03-26 18:41 1232896]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Antiwpa]
2005-12-29 20:26 5376 F:\WINDOWS\system32\AntiWPA.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3fhg"= mp3fhg.acm
"msacm.divxa32"= divxa32.acm
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv
"VIDC.YV12"= yv12vfw.dll

[HKLM\~\startupfolder\F:^Documents and Settings^All Users^Menu Start^Programy^Autostart^BlueSoleil.lnk]
path=F:\Documents and Settings\All Users\Menu Start\Programy\Autostart\BlueSoleil.lnk
backup=F:\WINDOWS\pss\BlueSoleil.lnkCommon Startup

[HKLM\~\startupfolder\F:^Documents and Settings^hagi^Menu Start^Programy^Autostart^Deewoo.lnk]
path=F:\Documents and Settings\hagi\Menu Start\Programy\Autostart\Deewoo.lnk
backup=F:\WINDOWS\pss\Deewoo.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a------ 2007-03-09 11:09 63712 F:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 23:16 39792 F:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2007-05-16 09:27 153136 F:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2004-08-04 14:00 15360 F:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
--a------ 2007-12-29 14:05 486856 F:\Program Files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-01 15:57 153136 F:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia.PCSync]
--a------ 2008-03-26 18:41 1232896 F:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
--a------ 2008-03-28 11:20 1079296 F:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-01-10 16:27 385024 F:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 2004-11-02 20:24 32768 F:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
--a------ 2006-12-11 20:41 25343016 F:\Program Files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-09-25 02:11 132496 F:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Synchronization Manager]
--a--c--- 2004-08-04 14:00 143872 F:\WINDOWS\system32\mobsync.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2006-10-22 13:22 1622016 F:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
-ra------ 2006-05-16 18:04 2879488 F:\WINDOWS\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Bonjour Service"=2 (0x2)
"BlueSoleil Hid Service"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"F:\\Program Files\\uTorrent\\utorrent.exe"=
"F:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"F:\\Program Files\\OniGames\\Sniper Elite\\SniperElite.exe"=
"F:\\Program Files\\Gadu-Gadu\\gg.exe"=
"F:\\Documents and Settings\\hagi\\Dane aplikacji\\SopCast\\adv\\SopAdver.exe"=
"F:\\Program Files\\THQ\\Company of Heroes\\RelicCOH.exe"=
"F:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"F:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"F:\\Program Files\\Strategy First\\Disciples II - Mroczne Proroctwo\\Discipl2.exe"=
"F:\\LOTTOmania 2005\\lottomania.exe"=
"F:\\Documents and Settings\\All Users\\Dane aplikacji\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 7.0.1.325\\English\\setup.exe"=
"F:\\Documents and Settings\\All Users\\Dane aplikacji\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 7.0.1.325\\Polish\\setup.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"F:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"25271:TCP"= 25271:TCP:BitComet 25271 TCP
"25271:UDP"= 25271:UDP:BitComet 25271 UDP

R0 hotcore3;hotcore3;F:\WINDOWS\system32\drivers\hotcore3.sys [2007-04-12 13:00]
R1 aswSP;avast! Self Protection;F:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 16:35]
R1 updatee;updatee;F:\WINDOWS\system32\drivers\updatee.sys [2008-05-10 23:29]
R2 aswFsBlk;aswFsBlk;F:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 16:37]
R2 litsgt;litsgt;F:\WINDOWS\system32\DRIVERS\litsgt.sys [2008-03-14 22:26]
R2 tansgt;tansgt;F:\WINDOWS\system32\DRIVERS\tansgt.sys [2008-03-14 22:26]
R3 PAC207;Trust WB-1200p Mini Webcam;F:\WINDOWS\system32\DRIVERS\pfc027.sys [2005-02-24 12:29]
R3 Tetris;Tetris driver;F:\WINDOWS\system32\Drivers\Tetris.sys [2008-03-15 12:57]
S3 hid8101;hid8101;F:\WINDOWS\system32\drivers\hid8101.SYS [2006-10-23 11:42]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{52190ae7-f284-11dc-9c22-001731140c2d}]
\Shell\AutoRun\command - F:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe pagefile.sys.vbs
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-AdVantage - F:\Program Files\AdVantage\AdVantage.exe
MSConfigStartUp-BearShare - F:\Program Files\BearShare\BearShare.exe
MSConfigStartUp-DAEMON Tools - F:\Program Files\DAEMON Tools\daemon.exe
MSConfigStartUp-iTunesHelper - F:\Program Files\iTunes\iTunesHelper.exe
MSConfigStartUp-Picasa Media Detector - F:\Program Files\Picasa2\PicasaMediaDetector.exe


.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = about:blank
R0 -: HKCU-Main,Default_Search_URL = hxxp://www.google.com/ie
R1 -: HKCU-Internet Connection Wizard,ShellNext = iexplore
R1 -: HKCU-Internet Settings,ProxyServer = 80.48.41.11:8080
R1 -: HKCU-Internet Settings,ProxyOverride = *.local
R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s
O8 -: E&ksport do programu Microsoft Excel - F:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-31 09:09:19
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
F:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
F:\Program Files\Alwil Software\Avast4\ashServ.exe
F:\WINDOWS\system32\nvsvc32.exe
F:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
F:\Program Files\Alwil Software\Avast4\ashWebSv.exe
.
**************************************************************************
.
Completion time: 2008-07-31 9:12:40 - machine was rebooted [hagi]
ComboFix-quarantined-files.txt 2008-07-31 07:12:37

Pre-Run: 48,389,001,216 bajtów wolnych
Post-Run: 48,421,564,416 bajt˘w wolnych

182 --- E O F --- 2008-07-30 20:21:42

[huber2t]

fix w hijackthis

O3 - Toolbar: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)

Pobierz ComboFix, ale nie uruchamiaj
Wklej do notatnika:

Kod: Zaznacz wszystko

File::
F:\WINDOWS\system32\drivers\core.cache.dsk

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{52190ae7-f284-11dc-9c22-001731140c2d}]


Plik zapisz jako CFScript.txt (najwygodniej będzie, jeśli zapiszesz w takiej lokalizacji, by ikonka CFScript.txt znalazła się obok ikonki ComboFix.exe)
Przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe tak jak tu

Rozpocznie się usuwanie i powstanie log, daj ten log na forum.

Logi dajesz na http://www.wklej.eu/ a w poście dajesz tylko link

[hagi]

zrobiłem jak napisałeś, nadal jest jak było.
Zapomniałem wcześniej dodać że co kilka uruchomień komputer sam się restartuje tuż po uruchomieniu i po ponownym rozruchu jest informacja o błędzie winlogon.

Link do loga z combofix: http://www.wklejto.pl/7074

[huber2t]

Pobierz The Avenger

wklej do niego ten tekst:

Kod: Zaznacz wszystko

Files to delete:
F:\WINDOWS\system32\drivers\core.cache.dsk


kopiuj to i klikasz na Paste Script from Clipboard wybierasz Execute oraz Potwierdzasz i zgadzasz się na restart klikając OK.
Kasujesz ręcznie z dysku plik: C:\Avenger\backup.zip i wklejasz na forum raport: C:\avenger.txt

[hagi]

zrobione
log:
Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at F:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File "F:\WINDOWS\system32\drivers\core.cache.dsk" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.
i nadal to samo

[huber2t]

Podaj nowy log z Combofix

[hagi]

nowy log - link: http://www.wklejto.pl/7233

[huber2t]

Pobierz The Avenger

wklej do niego ten tekst:

Kod: Zaznacz wszystko

Files to delete:
F:\WINDOWS\system32\drivers\updatee.sys
F:\WINDOWS\system32\drivers\core.cache.dsk

Drivers to delete:
updatee


kopiuj to i klikasz na Paste Script from Clipboard wybierasz Execute oraz Potwierdzasz i zgadzasz się na restart klikając OK.
Kasujesz ręcznie z dysku plik: C:\Avenger\backup.zip i wklejasz na forum raport: C:\avenger.txt

[hagi]

log z the avenger

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at F:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File "F:\WINDOWS\system32\drivers\updatee.sys" deleted successfully.
File "F:\WINDOWS\system32\drivers\core.cache.dsk" deleted successfully.
Driver "updatee" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.
Wygląda na to że pomogło. wielkie dzięki.

[huber2t]

Tak ale poprzednim razem było podobnie, podaj log z combofix

[hagi]

log z combofix - link: http://www.wklejto.pl/7253

[huber2t]

Mozesz być z siebie dumny;)

usuń ręcznie folder C: \Qoobox , usuń instalkę Combofix z dysku.

Przeczyść komputer Ccleanerem

Wykonaj optymalizację autostartu

Wyłącz i włącz przywracanie systemu na wszystkich dyskach. Instrukcja

Przeskanuj obszar mojego komputera http://www.kaspersky.pl/virusscanner.html (uruchom przez IE) Daj raport z niego na forum

lub

Dr.WEB CureIt!

[hagi]

raport z kaspersky - link: http://wklejto.pl/7278

[huber2t]

Usuń to:

G:\bsplayer141.832.exe
G:\daemon4121-lite.exe

[hagi]

pliki usunięte. Jeszcze log z Dr.Web - link: http://wklejto.pl/7323