Jesli poprawi Ci to humor to mozesz sfixować :P

Bobi_robert:

Praktycznie nie ma sie do czego przyczepić poza:
O4 – HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 –k
i Alexa:
O9 – Extra button: Related – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:\WINDOWS\web\related.htm
O9 – Extra 'Tools' menuitem: Show &Related Links – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:\WINDOWS\web\related.htm

Czyli te logi które wypisałeś mam pozostawić bez zmian czy coś z nimi zrobić, dzięki za odpowiedź.

Praktycznie nie ma sie do czego przyczepić poza:
O4 – HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 –k
i Alexa:
O9 – Extra button: Related – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:\WINDOWS\web\related.htm
O9 – Extra 'Tools' menuitem: Show &Related Links – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:\WINDOWS\web\related.htm

Proszę czy mozecie zerknąć na mój log i przeanalizować go za co z góry wielkie dzięki :D

Logfile of HijackThis v1.99.1
Scan saved at 22:45:26, on 2005–02–27
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\ctfmon.exe
D:\Program Files\MemStat XP\MemStat.exe
D:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
E:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
D:\Program Files\Zone Labs\ZoneAlarm\zonealarm.DAT
E:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD–LC\symlcsvc.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
D:\Program Files\GetRight\getright.exe
D:\Program Files\Winamp\Winamp.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\GRUBY\Pulpit\hijackthis_199\HijackThis.exe

R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – D:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 – BHO: NAV Helper – {BDF3E430–B101–42AD–A544–FADC6B084872} – E:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 – Toolbar: Norton AntiVirus – {42CDD1BF–3FFB–4238–8AD1–7859DF00B1D6} – E:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:\WINDOWS\System32\msdxm.ocx
O4 – HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 – HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 – HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 –k
O4 – HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 – HKCU\..\Run: [Norton SystemWorks] "E:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD–5CC4–4ceb–AAAF–CF00BF39736A} /MODE CfgWiz
O4 – HKCU\..\Run: [Gadu–Gadu] "C:\Program Files\Gadu–Gadu\gg.exe" /tray
O4 – HKCU\..\Run: [MemStat] D:\Program Files\MemStat XP\MemStat.exe
O4 – Global Startup: ZoneAlarm.lnk = D:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
O8 – Extra context menu item: Download with GetRight – D:\Program Files\GetRight\GRdownload.htm
O8 – Extra context menu item: E&ksport do programu Microsoft Excel – res://D:\PROGRA~2\MICROS~1\Office10\EXCEL.EXE/3000
O8 – Extra context menu item: Open with GetRight Browser – D:\Program Files\GetRight\GRbrowse.htm
O9 – Extra button: Related – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:\WINDOWS\web\related.htm
O9 – Extra 'Tools' menuitem: Show &Related Links – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:\WINDOWS\web\related.htm
O9 – Extra button: Tłumacz na angielski – {CCCE5D70–9AA2–40F1–9C6B–12A255F08500} – D:\Program Files\poleng\translatica\bin\win\int\browser\iepolengextension.dll (HKCU)
O9 – Extra 'Tools' menuitem: Tłumacz na angielski – {CCCE5D70–9AA2–40F1–9C6B–12A255F08500} – D:\Program Files\poleng\translatica\bin\win\int\browser\iepolengextension.dll (HKCU)
O9 – Extra button: Tłumacz na polski – {CCCE5D71–9AA2–40F1–9C6B–12A255F08500} – D:\Program Files\poleng\translatica\bin\win\int\browser\iepolengextension.dll (HKCU)
O9 – Extra 'Tools' menuitem: Tłumacz na polski – {CCCE5D71–9AA2–40F1–9C6B–12A255F08500} – D:\Program Files\poleng\translatica\bin\win\int\browser\iepolengextension.dll (HKCU)
O9 – Extra button: Zachowaj przetłumaczoną stronę – {CCCE5D72–9AA2–40F1–9C6B–12A255F08500} – D:\Program Files\poleng\translatica\bin\win\int\browser\iepolengextension.dll (HKCU)
O9 – Extra 'Tools' menuitem: Zachowaj przetłumaczoną stronę – {CCCE5D72–9AA2–40F1–9C6B–12A255F08500} – D:\Program Files\poleng\translatica\bin\win\int\browser\iepolengextension.dll (HKCU)
O23 – Service: Symantec Event Manager (ccEvtMgr) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 – Service: Symantec Password Validation (ccPwdSvc) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 – Service: Symantec Settings Manager (ccSetMgr) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 – Service: Norton AntiVirus Auto–Protect Service (navapsvc) – Symantec Corporation – E:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 – Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) – Symantec Corporation – E:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 – Service: NVIDIA Display Driver Service (NVSvc) – NVIDIA Corporation – C:\WINDOWS\System32\nvsvc32.exe
O23 – Service: SAVScan – Symantec Corporation – E:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 – Service: ScriptBlocking Service (SBService) – Symantec Corporation – C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 – Service: Symantec Network Drivers Service (SNDSrvc) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 – Service: Symantec SPBBCSvc (SPBBCSvc) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 – Service: Symantec Core LC – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\CCPD–LC\symlcsvc.exe
O23 – Service: TrueVector Internet Monitor (vsmon) – Zone Labs Inc. – C:\WINDOWS\system32\ZONELABS\vsmon.exe

Proszę czy mozecie zerknąć na mój log i przeanalizować go za co z góry wielkie dzięki :D

Logfile of HijackThis v1.99.1
Scan saved at 22:45:26, on 2005–02–27
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\ctfmon.exe
D:\Program Files\MemStat XP\MemStat.exe
D:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
E:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
D:\Program Files\Zone Labs\ZoneAlarm\zonealarm.DAT
E:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD–LC\symlcsvc.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
D:\Program Files\GetRight\getright.exe
D:\Program Files\Winamp\Winamp.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\GRUBY\Pulpit\hijackthis_199\HijackThis.exe

R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – D:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 – BHO: NAV Helper – {BDF3E430–B101–42AD–A544–FADC6B084872} – E:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 – Toolbar: Norton AntiVirus – {42CDD1BF–3FFB–4238–8AD1–7859DF00B1D6} – E:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:\WINDOWS\System32\msdxm.ocx
O4 – HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 – HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 – HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 –k
O4 – HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 – HKCU\..\Run: [Norton SystemWorks] "E:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD–5CC4–4ceb–AAAF–CF00BF39736A} /MODE CfgWiz
O4 – HKCU\..\Run: [Gadu–Gadu] "C:\Program Files\Gadu–Gadu\gg.exe" /tray
O4 – HKCU\..\Run: [MemStat] D:\Program Files\MemStat XP\MemStat.exe
O4 – Global Startup: ZoneAlarm.lnk = D:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
O8 – Extra context menu item: Download with GetRight – D:\Program Files\GetRight\GRdownload.htm
O8 – Extra context menu item: E&ksport do programu Microsoft Excel – res://D:\PROGRA~2\MICROS~1\Office10\EXCEL.EXE/3000
O8 – Extra context menu item: Open with GetRight Browser – D:\Program Files\GetRight\GRbrowse.htm
O9 – Extra button: Related – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:\WINDOWS\web\related.htm
O9 – Extra 'Tools' menuitem: Show &Related Links – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:\WINDOWS\web\related.htm
O9 – Extra button: Tłumacz na angielski – {CCCE5D70–9AA2–40F1–9C6B–12A255F08500} – D:\Program Files\poleng\translatica\bin\win\int\browser\iepolengextension.dll (HKCU)
O9 – Extra 'Tools' menuitem: Tłumacz na angielski – {CCCE5D70–9AA2–40F1–9C6B–12A255F08500} – D:\Program Files\poleng\translatica\bin\win\int\browser\iepolengextension.dll (HKCU)
O9 – Extra button: Tłumacz na polski – {CCCE5D71–9AA2–40F1–9C6B–12A255F08500} – D:\Program Files\poleng\translatica\bin\win\int\browser\iepolengextension.dll (HKCU)
O9 – Extra 'Tools' menuitem: Tłumacz na polski – {CCCE5D71–9AA2–40F1–9C6B–12A255F08500} – D:\Program Files\poleng\translatica\bin\win\int\browser\iepolengextension.dll (HKCU)
O9 – Extra button: Zachowaj przetłumaczoną stronę – {CCCE5D72–9AA2–40F1–9C6B–12A255F08500} – D:\Program Files\poleng\translatica\bin\win\int\browser\iepolengextension.dll (HKCU)
O9 – Extra 'Tools' menuitem: Zachowaj przetłumaczoną stronę – {CCCE5D72–9AA2–40F1–9C6B–12A255F08500} – D:\Program Files\poleng\translatica\bin\win\int\browser\iepolengextension.dll (HKCU)
O23 – Service: Symantec Event Manager (ccEvtMgr) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 – Service: Symantec Password Validation (ccPwdSvc) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 – Service: Symantec Settings Manager (ccSetMgr) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 – Service: Norton AntiVirus Auto–Protect Service (navapsvc) – Symantec Corporation – E:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 – Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) – Symantec Corporation – E:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 – Service: NVIDIA Display Driver Service (NVSvc) – NVIDIA Corporation – C:\WINDOWS\System32\nvsvc32.exe
O23 – Service: SAVScan – Symantec Corporation – E:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 – Service: ScriptBlocking Service (SBService) – Symantec Corporation – C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 – Service: Symantec Network Drivers Service (SNDSrvc) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 – Service: Symantec SPBBCSvc (SPBBCSvc) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 – Service: Symantec Core LC – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\CCPD–LC\symlcsvc.exe
O23 – Service: TrueVector Internet Monitor (vsmon) – Zone Labs Inc. – C:\WINDOWS\system32\ZONELABS\vsmon.exe

Mrówek:

gumis99999:

ZGRZESZYŁEM co teraz????

Odpokutuj :mrgreen:

Jakby co moge wyspowiadać :P

gumis99999:

ZGRZESZYŁEM co teraz????

Odpokutuj :mrgreen:

Zrobiłem zgodnie z powyźszymi wskazówkami i nadal nic nie pomogło, wchodząc do internetu pojawiają się dokładnie te same komunikaty norton wykrywa trojan star page jako se.dll. Po wejściu na internet zrobiłem jeszcze raz HJ oto rezultat:
Logfile of HijackThis v1.97.7
Scan saved at 17:21:34, on 2005–02–22
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSSystem32Ati2evxx.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesCommon FilesSymantec SharedccProxy.exe
C:Program FilesCommon FilesSymantec SharedccSetMgr.exe
C:Program FilesNorton Internet SecurityISSVC.exe
C:Program FilesCommon FilesSymantec SharedSNDSrvc.exe
C:Program FilesCommon FilesSymantec SharedSPBBCSPBBCSvc.exe
C:Program FilesCommon FilesSymantec SharedccEvtMgr.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesNorton Internet SecurityNorton AntiVirus avapsvc.exe
C:Program FilesAnalog DevicesSoundMAXSMAgent.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesCommon FilesSymantec SharedCCPD–LCsymlcsvc.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSExplorer.EXE
C:Program FilesATI TechnologiesATI Control Panelatiptaxx.exe
C:Program FilesJavaj2re1.4.2_03injusched.exe
C:Program FilesQuickTimeqttask.exe
C:Program FilesWinampwinampa.exe
C:Program FilesHewlett–PackardHP Software UpdateHPWuSchd.exe
C:Program FilesHPhpcoretechhpcmpmgr.exe
C:WINDOWSSystem32spooldriversw32x863hpztsb09.exe
C:Program FilesHewlett–PackardDigital Imaginginhpotdd01.exe
C:Program FilesCommon FilesSymantec SharedccApp.exe
C:Program FilesSkypePhoneSkype.exe
C:Program FilesMicrosoft OfficeOfficeOSA.EXE
C:Program Files802.11 Wireless LAN802.11g Wireless Cardbus & PCI Adapter HW.21 V1.10WlanCU.exe
C:Program FilesHPhpcoretechcomphptskmgr.exe
C:WINDOWSsystem32 undll32.exe
C:Program FilesInternet Exploreriexplore.exe
C:Program FilesCommon FilesSymantec SharedAdBlockingNSMdtr.exe
C:Program FilesMessengermsmsgs.exe
C:WINDOWSSystem32 undll32.exe
C:Documents and SettingsMZbMoje dokumentyOdebrane plikiHijackThis.exe

R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = res://C:DOCUME~1MZbUSTAWI~1Tempse.dll/sp.html
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = about:blank
R1 – HKCUSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = about:blank
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Search Bar = res://C:DOCUME~1MZbUSTAWI~1Tempse.dll/sp.html
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = about:blank
R0 – HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = about:blank
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,HomeOldSP = about:blank
O2 – BHO: (no name) – {7E168D31–9F8D–4B3C–B901–D7FE5DF8C54F} – C:WINDOWSSystem32jnhi.dll
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:WINDOWSSystem32msdxm.ocx
O3 – Toolbar: Norton Internet Security – {0B53EAC3–8D69–4b9e–9B19–A37C9A5676A7} – C:Program FilesCommon FilesSymantec SharedAdBlockingNISShExt.dll
O3 – Toolbar: Norton AntiVirus – {42CDD1BF–3FFB–4238–8AD1–7859DF00B1D6} – C:Program FilesNorton Internet SecurityNorton AntiVirusNavShExt.dll
O4 – HKLM..Run: [NeroCheck] C:WINDOWSSystem32\NeroCheck.exe
O4 – HKLM..Run: [ATIPTA] C:Program FilesATI TechnologiesATI Control Panelatiptaxx.exe
O4 – HKLM..Run: [SunJavaUpdateSched] C:Program FilesJavaj2re1.4.2_03injusched.exe
O4 – HKLM..Run: [QuickTime Task] "C:Program FilesQuickTimeqttask.exe" –atboottime
O4 – HKLM..Run: [WinampAgent] C:Program FilesWinampwinampa.exe
O4 – HKLM..Run: [HP Software Update] "C:Program FilesHewlett–PackardHP Software UpdateHPWuSchd.exe"
O4 – HKLM..Run: [HP Component Manager] "C:Program FilesHPhpcoretechhpcmpmgr.exe"
O4 – HKLM..Run: [HPDJ Taskbar Utility] C:WINDOWSSystem32spooldriversw32x863hpztsb09.exe
O4 – HKLM..Run: [DeviceDiscovery] C:Program FilesHewlett–PackardDigital Imaginginhpotdd01.exe
O4 – HKLM..Run: [PHIME2002ASync] C:WINDOWSSystem32IMETINTLGNTTINTSETP.EXE /SYNC
O4 – HKLM..Run: [PHIME2002A] C:WINDOWSSystem32IMETINTLGNTTINTSETP.EXE /IMEName
O4 – HKLM..Run: [MSPY2002] C:WINDOWSSystem32IMEPINTLGNTImScInst.exe /SYNC
O4 – HKLM..Run: [MKS_MENU] C:Program FilesMKSBinmks_menu.exe
O4 – HKLM..Run: [ABREGMON] C:Program FilesMKSBinABregmon.exe
O4 – HKLM..Run: [ccApp] "C:Program FilesCommon FilesSymantec SharedccApp.exe"
O4 – HKCU..Run: [Komunikator] C:Program FilesTlen.pl len.exe
O4 – HKCU..Run: [Skype] "C:Program FilesSkypePhoneSkype.exe" /nosplash /minimized
O4 – Global Startup: Uruchamianie pakietu Office.lnk = C:Program FilesMicrosoft OfficeOfficeOSA.EXE
O4 – Global Startup: Wireless Configuration Utility.lnk = C:Program Files802.11 Wireless LAN802.11g Wireless Cardbus & PCI Adapter HW.21 V1.10WlanCU.exe
O6 – HKCUSoftwarePoliciesMicrosoftInternet ExplorerControl Panel present
O9 – Extra button: Messenger (HKLM)
O9 – Extra 'Tools' menuitem: Messenger (HKLM)
O16 – DPF: {18506D80–9B80–11D4–82C2–0080C8D7ED4A} (GINROULETTE Class) – http://gryonline.wp.pl/files/roulette_2_0_0_6.cab
O16 – DPF: {1A781DED–C22D–4153–3213–A3211E29DF13} (GameDesire Card Games) – http://67.15.101.3/g_bin/pl/cards_2_0_0_60.cab
O16 – DPF: {1F831FAC–42FC–11D4–95A6–0080AD30DCE1} (InstaFred) – file://C:Program FilesAutoCAD LT 2002 PlkInstFred.ocx
O16 – DPF: {37A49D66–2735–4BB9–8503–82BA5E2333D0} (MailCfg Control) – https://poczta.wp.pl/autoryzacja/mailcfg.ocx
O16 – DPF: {41ACD49D–1974–791A–0981–AA9872721044} (GINBOARDS Class) – http://67.15.101.3/g_bin/pl/boards_2_0_0_17.cab
O16 – DPF: {5F874A6F–8B34–433D–BA4B–47AC91C0567F} (MailCfg Control) – https://poczta.wp.pl/autoryzacja/mailcfg2.ocx
O16 – DPF: {62CEC9E0–3811–4C36–A94E–4F7565DCD23F} (DDSC Class) – http://www.msinfo.pl/mssupport/Portal/resources/msddsc.cab
O16 – DPF: {67135BDA–6546–4426–BC94–BB5AF5005231} (GINCHECKERS Class) – http://gryonline.wp.pl/files/checkers_2_0_0_6.cab
O16 – DPF: {70B410C0–BADA–11D4–8308–0080C8D7ED4A} (GINBRIDGE Class) – http://gryonline.wp.pl/files/bridge_2_0_0_6.cab
O16 – DPF: {776290B9–F53C–4676–8DAF–3DBEFC297308} (GING358 Class) – http://gryonline.wp.pl/files/G358_2_0_0_6.cab
O16 – DPF: {78AF2F24–A9C3–11D3–BF8C–0060B0FCC122} (AcDcToday) – file://C:Program FilesAutoCAD LT 2002 PlkAcDcToday.ocx
O16 – DPF: {80B410C0–BADA–11D4–8308–0080C8D7ED4A} (GINTHOUSAND Class) – http://gryonline.wp.pl/files/tysiac_2_0_0_6.cab
O16 – DPF: {83AFB5CA–ED35–11D4–A452–0080C8D85045} (GameDesire Poker Games) – http://67.15.101.3/g_bin/pl/poker_2_0_0_34.cab
O16 – DPF: {A1FE3DE0–CF77–11D4–8340–0080C8D7ED4A} (GINDEMON Class) – http://gryonline.wp.pl/files/demon_2_0_0_6.cab
O16 – DPF: {A7196C8E–35A5–4FF0–9E46–E28918B5CAF6} (GINDOMINO Class) – http://gryonline.wp.pl/files/domino_2_0_0_6.cab
O16 – DPF: {A9ED6AA2–D9D4–4D71–9586–E293E2E3580B} (GameDesire Marbies&Diamonds) – http://67.15.101.3/g_bin/pl/marbles_2_0_0_21.cab
O16 – DPF: {AC120B1D–9411–4111–AF52–118052D85D45} (GameDesire Darts Games) – http://67.15.101.3/g_bin/pl/darts_2_0_0_28.cab
O16 – DPF: {AD7013FF–1D9A–4F36–94A6–3CD408A663F9} (GINBREAKOUT Class) – http://gryonline.wp.pl/files/breakout_2_0_0_6.cab
O16 – DPF: {AE56372C–B4F5–11D4–A415–00108302FDFD} (NOXLATE–BANR) – file://C:Program FilesAutoCAD LT 2002 PlkInstBanr.ocx
O16 – DPF: {BFA1F11D–3121–AFE1–4112–894323212DAC} (GINWORDS Class) – http://gryonline.wp.pl/files/words_2_0_0_11.cab
O16 – DPF: {D27CDB6E–AE6D–11CF–96B8–444553540000} (Shockwave Flash Object) – http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 – DPF: {DCB16E44–D6DB–473E–A251–F6FBB381C1C3} (GameDesire Chess) – http://67.15.101.3/g_bin/pl/chess_2_0_0_15.cab
O16 – DPF: {E23FABEE–12E3–33DA–DA12–195DAC123984} (GameDesire Mahjong) – http://67.15.101.3/g_bin/pl/mahjong_2_0_0_17.cab
O16 – DPF: {F281A59C–7B65–11D3–8617–0010830243BD} (AcPreview Control) – file://C:Program FilesAutoCAD LT 2002 PlkAcPreview.ocx
O16 – DPF: {FDDBE2B8–6602–4AD8–946D–94C5A32FA6C5} (GINSNOOKER Class) – http://gryonline.wp.pl/files/snooker_2_0_0_6.cab
O17 – HKLMSystemCCSServicesTcpip..{9E68B54C–D7D9–43D4–9A25–ECD0A779C342}: NameServer = 194.204.159.1,192.168.216.1
Tym razem przy uruchomieniu wyświetlił inną bibliotekę dll ale z tym samym komunikatem.

Jeszcze jedno podczas uruchomienia windowsa pojawia się komunikat: Podczas próby uruchomienia "C:/windows/system/fHahvoas.dll,UMonitor" wystąpił błąd wyjątkowy jak to coś usunąć i czym to jest spowodowane. Proszę o pomoc!

Wylacz przywracanie
Zakoncz procesy:
wsxsvc.exe
vmss.exe
Jnutff.exe


Usun:

R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = res://C:DOCUME~1MZbUSTAWI~1Tempse.dll/sp.html
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = about:blank
R1 – HKCUSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = about:blank
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Search Bar = res://C:DOCUME~1MZbUSTAWI~1Tempse.dll/sp.html
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = about:blank
R0 – HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = about:blank
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,HomeOldSP = about:blank
O2 – BHO: (no name) – {B0768453–C63E–4325–90B1–D9EC35CFC0DE} – C:WINDOWSSystem32jnhi.dll
O4 – HKLM..Run: [dcj] C:WINDOWSdcj.exe
O4 – HKLM..Run: [Win Comm] C:Program FilesWin CommWinComm.exe
O4 – HKLM..Run: [Dvx] C:WINDOWSSystem32wsxsvcwsxsvc.exe
O4 – HKLM..Run: [winupdtl] C:WINDOWSSystem32winupdtl.exe
O4 – HKLM..Run: [sdziyc] C:WINDOWSSystem32sdziyc.exe
O4 – HKLM..Run: [version] C:WINDOWSSystem32Jyyzxl.exe
O4 – HKLM..Run: [saie] c:windowssystem32saie.exe
O4 – HKLM..Run: [AutoUpdater] "C:Program FilesAutoUpdateAutoUpdate.exe"
O4 – HKLM..Run: [vmss] C:WINDOWSSystem32vmssvmss.exe
O4 – HKLM..Run: [secure] C:WINDOWSSystem32Jnutff.exe
O4 – HKCU..Run: [SysTime] C:WINDOWSSystem32systime.exe
O6 – HKCUSoftwarePoliciesMicrosoftInternet ExplorerControl Panel present

Oczywiscie plikow rowniez sie pozbywasz
Jesli jakies kontrolki (016) juz albo wcale nie sa Twoje to usun

Cześć teź proszę o pomoc, mam ten sam problem próbuje według powyźszej instrukcji i nadal pojawia się przy starcie okno about:blank i informacja o trojanie se.dll oto mój HJ, przeczytałem chyba juź wszystko co moźna o usunięciu tego czegoś w bezpieczeństwie, próbowałem chyba juź wszystkiego i nadal nic.
Logfile of HijackThis v1.97.7
Scan saved at 16:09:52, on 2005–02–22
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSSystem32Ati2evxx.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesCommon FilesSymantec SharedccProxy.exe
C:Program FilesCommon FilesSymantec SharedccSetMgr.exe
C:Program FilesNorton Internet SecurityISSVC.exe
C:Program FilesCommon FilesSymantec SharedSNDSrvc.exe
C:Program FilesCommon FilesSymantec SharedSPBBCSPBBCSvc.exe
C:Program FilesCommon FilesSymantec SharedccEvtMgr.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesNorton Internet SecurityNorton AntiVirus avapsvc.exe
C:Program FilesAnalog DevicesSoundMAXSMAgent.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesCommon FilesSymantec SharedCCPD–LCsymlcsvc.exe
C:WINDOWSsystem32 undll32.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSExplorer.EXE
C:Program FilesATI TechnologiesATI Control Panelatiptaxx.exe
C:Program FilesJavaj2re1.4.2_03injusched.exe
C:Program FilesQuickTimeqttask.exe
C:Program FilesWinampwinampa.exe
C:Program FilesHewlett–PackardHP Software UpdateHPWuSchd.exe
C:Program FilesHPhpcoretechhpcmpmgr.exe
C:WINDOWSSystem32spooldriversw32x863hpztsb09.exe
C:Program FilesHewlett–PackardDigital Imaginginhpotdd01.exe
C:WINDOWSSystem32wsxsvcwsxsvc.exe
C:Program FilesCommon FilesSymantec SharedccApp.exe
C:WINDOWSSystem32vmssvmss.exe
C:WINDOWSSystem32Jnutff.exe
C:Program FilesSkypePhoneSkype.exe
C:Program FilesMicrosoft OfficeOfficeOSA.EXE
C:Program Files802.11 Wireless LAN802.11g Wireless Cardbus & PCI Adapter HW.21 V1.10WlanCU.exe
C:Program FilesHPhpcoretechcomphptskmgr.exe
C:Program FilesInternet Exploreriexplore.exe
C:Program FilesCommon FilesSymantec SharedAdBlockingNSMdtr.exe
C:Documents and SettingsMZbMoje dokumentyOdebrane plikiHijackThis.exe
C:Program FilesMessengermsmsgs.exe

R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = res://C:DOCUME~1MZbUSTAWI~1Tempse.dll/sp.html
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = about:blank
R1 – HKCUSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = about:blank
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Search Bar = res://C:DOCUME~1MZbUSTAWI~1Tempse.dll/sp.html
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = about:blank
R0 – HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = about:blank
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,HomeOldSP = about:blank
O2 – BHO: (no name) – {B0768453–C63E–4325–90B1–D9EC35CFC0DE} – C:WINDOWSSystem32jnhi.dll
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:WINDOWSSystem32msdxm.ocx
O3 – Toolbar: Norton Internet Security – {0B53EAC3–8D69–4b9e–9B19–A37C9A5676A7} – C:Program FilesCommon FilesSymantec SharedAdBlockingNISShExt.dll
O3 – Toolbar: Norton AntiVirus – {42CDD1BF–3FFB–4238–8AD1–7859DF00B1D6} – C:Program FilesNorton Internet SecurityNorton AntiVirusNavShExt.dll
O4 – HKLM..Run: [NeroCheck] C:WINDOWSSystem32\NeroCheck.exe
O4 – HKLM..Run: [ATIPTA] C:Program FilesATI TechnologiesATI Control Panelatiptaxx.exe
O4 – HKLM..Run: [SunJavaUpdateSched] C:Program FilesJavaj2re1.4.2_03injusched.exe
O4 – HKLM..Run: [QuickTime Task] "C:Program FilesQuickTimeqttask.exe" –atboottime
O4 – HKLM..Run: [WinampAgent] C:Program FilesWinampwinampa.exe
O4 – HKLM..Run: [HP Software Update] "C:Program FilesHewlett–PackardHP Software UpdateHPWuSchd.exe"
O4 – HKLM..Run: [HP Component Manager] "C:Program FilesHPhpcoretechhpcmpmgr.exe"
O4 – HKLM..Run: [HPDJ Taskbar Utility] C:WINDOWSSystem32spooldriversw32x863hpztsb09.exe
O4 – HKLM..Run: [DeviceDiscovery] C:Program FilesHewlett–PackardDigital Imaginginhpotdd01.exe
O4 – HKLM..Run: [dcj] C:WINDOWSdcj.exe
O4 – HKLM..Run: [PHIME2002ASync] C:WINDOWSSystem32IMETINTLGNTTINTSETP.EXE /SYNC
O4 – HKLM..Run: [PHIME2002A] C:WINDOWSSystem32IMETINTLGNTTINTSETP.EXE /IMEName
O4 – HKLM..Run: [MSPY2002] C:WINDOWSSystem32IMEPINTLGNTImScInst.exe /SYNC
O4 – HKLM..Run: [MKS_MENU] C:Program FilesMKSBinmks_menu.exe
O4 – HKLM..Run: [Win Comm] C:Program FilesWin CommWinComm.exe
O4 – HKLM..Run: [Dvx] C:WINDOWSSystem32wsxsvcwsxsvc.exe
O4 – HKLM..Run: [winupdtl] C:WINDOWSSystem32winupdtl.exe
O4 – HKLM..Run: [sdziyc] C:WINDOWSSystem32sdziyc.exe
O4 – HKLM..Run: [version] C:WINDOWSSystem32Jyyzxl.exe
O4 – HKLM..Run: [saie] c:windowssystem32saie.exe
O4 – HKLM..Run: [AutoUpdater] "C:Program FilesAutoUpdateAutoUpdate.exe"
O4 – HKLM..Run: [ABREGMON] C:Program FilesMKSBinABregmon.exe
O4 – HKLM..Run: [ccApp] "C:Program FilesCommon FilesSymantec SharedccApp.exe"
O4 – HKLM..Run: [vmss] C:WINDOWSSystem32vmssvmss.exe
O4 – HKLM..Run: [secure] C:WINDOWSSystem32Jnutff.exe
O4 – HKCU..Run: [Komunikator] C:Program FilesTlen.pl len.exe
O4 – HKCU..Run: [Skype] "C:Program FilesSkypePhoneSkype.exe" /nosplash /minimized
O4 – HKCU..Run: [SysTime] C:WINDOWSSystem32systime.exe
O4 – Global Startup: Uruchamianie pakietu Office.lnk = C:Program FilesMicrosoft OfficeOfficeOSA.EXE
O4 – Global Startup: Wireless Configuration Utility.lnk = C:Program Files802.11 Wireless LAN802.11g Wireless Cardbus & PCI Adapter HW.21 V1.10WlanCU.exe
O6 – HKCUSoftwarePoliciesMicrosoftInternet ExplorerControl Panel present
O9 – Extra button: Messenger (HKLM)
O9 – Extra 'Tools' menuitem: Messenger (HKLM)
O16 – DPF: {18506D80–9B80–11D4–82C2–0080C8D7ED4A} (GINROULETTE Class) – http://gryonline.wp.pl/files/roulette_2_0_0_6.cab
O16 – DPF: {1A781DED–C22D–4153–3213–A3211E29DF13} (GameDesire Card Games) – http://67.15.101.3/g_bin/pl/cards_2_0_0_60.cab
O16 – DPF: {1F831FAC–42FC–11D4–95A6–0080AD30DCE1} (InstaFred) – file://C:Program FilesAutoCAD LT 2002 PlkInstFred.ocx
O16 – DPF: {37A49D66–2735–4BB9–8503–82BA5E2333D0} (MailCfg Control) – https://poczta.wp.pl/autoryzacja/mailcfg.ocx
O16 – DPF: {41ACD49D–1974–791A–0981–AA9872721044} (GINBOARDS Class) – http://67.15.101.3/g_bin/pl/boards_2_0_0_17.cab
O16 – DPF: {5F874A6F–8B34–433D–BA4B–47AC91C0567F} (MailCfg Control) – https://poczta.wp.pl/autoryzacja/mailcfg2.ocx
O16 – DPF: {62CEC9E0–3811–4C36–A94E–4F7565DCD23F} (DDSC Class) – http://www.msinfo.pl/mssupport/Portal/resources/msddsc.cab
O16 – DPF: {67135BDA–6546–4426–BC94–BB5AF5005231} (GINCHECKERS Class) – http://gryonline.wp.pl/files/checkers_2_0_0_6.cab
O16 – DPF: {70B410C0–BADA–11D4–8308–0080C8D7ED4A} (GINBRIDGE Class) – http://gryonline.wp.pl/files/bridge_2_0_0_6.cab
O16 – DPF: {776290B9–F53C–4676–8DAF–3DBEFC297308} (GING358 Class) – http://gryonline.wp.pl/files/G358_2_0_0_6.cab
O16 – DPF: {78AF2F24–A9C3–11D3–BF8C–0060B0FCC122} (AcDcToday) – file://C:Program FilesAutoCAD LT 2002 PlkAcDcToday.ocx
O16 – DPF: {80B410C0–BADA–11D4–8308–0080C8D7ED4A} (GINTHOUSAND Class) – http://gryonline.wp.pl/files/tysiac_2_0_0_6.cab
O16 – DPF: {83AFB5CA–ED35–11D4–A452–0080C8D85045} (GameDesire Poker Games) – http://67.15.101.3/g_bin/pl/poker_2_0_0_34.cab
O16 – DPF: {A1FE3DE0–CF77–11D4–8340–0080C8D7ED4A} (GINDEMON Class) – http://gryonline.wp.pl/files/demon_2_0_0_6.cab
O16 – DPF: {A7196C8E–35A5–4FF0–9E46–E28918B5CAF6} (GINDOMINO Class) – http://gryonline.wp.pl/files/domino_2_0_0_6.cab
O16 – DPF: {A9ED6AA2–D9D4–4D71–9586–E293E2E3580B} (GameDesire Marbies&Diamonds) – http://67.15.101.3/g_bin/pl/marbles_2_0_0_21.cab
O16 – DPF: {AC120B1D–9411–4111–AF52–118052D85D45} (GameDesire Darts Games) – http://67.15.101.3/g_bin/pl/darts_2_0_0_28.cab
O16 – DPF: {AD7013FF–1D9A–4F36–94A6–3CD408A663F9} (GINBREAKOUT Class) – http://gryonline.wp.pl/files/breakout_2_0_0_6.cab
O16 – DPF: {AE56372C–B4F5–11D4–A415–00108302FDFD} (NOXLATE–BANR) – file://C:Program FilesAutoCAD LT 2002 PlkInstBanr.ocx
O16 – DPF: {BFA1F11D–3121–AFE1–4112–894323212DAC} (GINWORDS Class) – http://gryonline.wp.pl/files/words_2_0_0_11.cab
O16 – DPF: {D27CDB6E–AE6D–11CF–96B8–444553540000} (Shockwave Flash Object) – http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 – DPF: {DCB16E44–D6DB–473E–A251–F6FBB381C1C3} (GameDesire Chess) – http://67.15.101.3/g_bin/pl/chess_2_0_0_15.cab
O16 – DPF: {E23FABEE–12E3–33DA–DA12–195DAC123984} (GameDesire Mahjong) – http://67.15.101.3/g_bin/pl/mahjong_2_0_0_17.cab
O16 – DPF: {F281A59C–7B65–11D3–8617–0010830243BD} (AcPreview Control) – file://C:Program FilesAutoCAD LT 2002 PlkAcPreview.ocx
O16 – DPF: {FDDBE2B8–6602–4AD8–946D–94C5A32FA6C5} (GINSNOOKER Class) – http://gryonline.wp.pl/files/snooker_2_0_0_6.cab
O17 – HKLMSystemCCSServicesTcpip..{9E68B54C–D7D9–43D4–9A25–ECD0A779C342}: NameServer = 194.204.159.1,192.168.216.1

Usuwasz pliki z dysku (foldery z Program files rowniez) i wpisy w HJ:

C:Program FilesWindows FormatAdWinForm.exe
C:WINDOWSSystem32CTFMON32.EXE
C:WINDOWSSystem32CSRSSU.EXE

R0 – HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://default.home
R0 – HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://default.home
O2 – BHO: SEDP Class – {3BA765C2–08DB–4fe2–9279–311CA10D582A} – C:WINDOWSsehlp.dll
O3 – Toolbar: SToolbar – {0E1230F8–EA50–42A9–983C–D22ABC2EED3B} – C:WINDOWSstlbd.dll
O4 – HKLM..Run: [DeskAd Service] C:Program FilesDeskAd ServiceDeskAdServ.exe
O4 – HKLM..Run: [Windows FormatAd] C:Program FilesWindows FormatAdWinForm.exe
O4 – HKLM..Run: [sp] rundll32 C:DOCUME~1GKSWYB~1USTAWI~1Tempse.dll,DllInstall
O4 – HKCU..Run: [CTFMON32] C:WINDOWSSystem32CTFMON32.EXE
O4 – HKCU..Run: [CSRSSU] C:WINDOWSSystem32CSRSSU.EXE

Proszę bardzo:

Logfile of HijackThis v1.99.0
Scan saved at 23:24:53, on 2005–02–21
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32LEXBCES.EXE
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSsystem32LEXPPS.EXE
C:Program FilesLexmark X6100 Serieslxbfbmgr.exe
C:Program FilesWindows FormatAdWinForm.exe
C:WINDOWSSystem32 undll32.exe
C:WINDOWSSystem32CTFMON32.EXE
C:Program FilesLexmark X6100 Serieslxbfbmon.exe
C:WINDOWSSystem32CTsvcCDA.exe
C:WINDOWSSystem32 vsvc32.exe
C:WINDOWSSystem32svchost.exe
C:Program Files otalcmdTOTALCMD.EXE
C:WINDOWSSystem32MsPMSPSv.exe
C:Program FilesACD SystemsACDSee6.0ACDSee6.exe
C:Program FilesCommon FilesACD SystemsDBLocalServer.exe
C:Program FilesAvant Browseravant.exe
C:WINDOWSSystem32CSRSSU.EXE
C:Program FilesInternet Exploreriexplore.exe
D:–[ instalkiWirusy i TrojanyHijackThisHijackThis.exe

R0 – HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://default.home
R0 – HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://default.home
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:Program FilesAdobeAcrobat 6.0 CEReaderActiveXAcroIEHelper.dll
O2 – BHO: SEDP Class – {3BA765C2–08DB–4fe2–9279–311CA10D582A} – C:WINDOWSsehlp.dll
O3 – Toolbar: SToolbar – {0E1230F8–EA50–42A9–983C–D22ABC2EED3B} – C:WINDOWSstlbd.dll
O4 – HKLM..Run: [UpdReg] C:WINDOWSUpdReg.EXE
O4 – HKLM..Run: [Jet Detection] "C:Program FilesCreativeSBLivePROGRAMADGJDet.exe"
O4 – HKLM..Run: [Lexmark X6100 Series] "C:Program FilesLexmark X6100 Serieslxbfbmgr.exe"
O4 – HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSSystem32NvCpl.dll,NvStartup
O4 – HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSSystem32NvMcTray.dll,NvTaskbarInit
O4 – HKLM..Run: [DeskAd Service] C:Program FilesDeskAd ServiceDeskAdServ.exe
O4 – HKLM..Run: [NeroFilterCheck] C:WINDOWSsystem32NeroCheck.exe
O4 – HKLM..Run: [Windows FormatAd] C:Program FilesWindows FormatAdWinForm.exe
O4 – HKLM..Run: [sp] rundll32 C:DOCUME~1GKSWYB~1USTAWI~1Tempse.dll,DllInstall
O4 – HKCU..Run: [CTFMON32] C:WINDOWSSystem32CTFMON32.EXE
O4 – HKCU..Run: [CSRSSU] C:WINDOWSSystem32CSRSSU.EXE
O4 – Global Startup: Adobe Gamma Loader.lnk = C:Program FilesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe
O8 – Extra context menu item: E&ksport do programu Microsoft Excel – res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000
O8 – Extra context menu item: Otwórz wszystkie adresy z tej strony... – C:Program FilesAvant BrowserOpenAllLinks.htm
O8 – Extra context menu item: Podświetl – C:Program FilesAvant BrowserHighlight.htm
O8 – Extra context menu item: Szukaj – C:Program FilesAvant BrowserSearch.htm
O16 – DPF: komentator – http://sport.onet.pl/komentator.cab
O16 – DPF: {6414512B–B978–451D–A0D8–FCFDF33E833C} (WUWebControl Class) – http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1106172598671
O16 – DPF: {9A9307A0–7DA4–4DAF–B042–5009F29E09E1} (ActiveScan Installer Class) – http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 – DPF: {E7544C6C–CFD6–43EA–B4E9–360CEE20BDF7} (MainControl Class) – http://skaner.mks.com.pl/SkanerOnline.cab
O16 – DPF: {FDDBE2B8–6602–4AD8–946D–94C5A32FA6C1} (GameDesire Pool 8) – http://67.15.101.3/g_bin/eng/billard8_2_0_0_21.cab
O23 – Service: Creative Service for CDROM Access – Creative Technology Ltd – C:WINDOWSSystem32CTsvcCDA.exe
O23 – Service: LexBce Server – Lexmark International, Inc. – C:WINDOWSsystem32LEXBCES.EXE
O23 – Service: NVIDIA Display Driver Service – NVIDIA Corporation – C:WINDOWSSystem32 vsvc32.exe

gieer:

Macie jakieś pomysły?

Jasne, zrob loga

Mam identyczny problem jak gumis99999. Są to dokładnie te same pliki oraz dokładnie ta sama strona startowa (czyli rezultat wyszukiwania w google wyraźenia "default.home").
Niestety, przytoczone przez Was rozwiązania nie mają zastosowania w moim przypadku. Otóź nawet, gdy zakończę wymienione procesy, to one dosłownie w ciągu sekundy pojawiają się. Nie mogę więc usunąć plików .exe.
Co do dll'lek, to z nimi sytuacja jest analogiczna. Usunąć mogę, jednak za chwilkę pojawiają się znowu.
Przywracanie systemu mam wyłączone.
Macie jakieś pomysły?

dzienx pomogło !!!

Wylacz przywracanie

Zakoncz prosey:
CTFMON32.EXE – 2x
CSRSSU.EXE – 2x
spwlo.exe

Usun z HDD:
CTFMON32.EXE
CSRSSU.EXE
spwlo.exe
sehlp.dll

R0 – HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://default.home
R0 – HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://default.home
O2 – BHO: SEDP Class – {3BA765C2–08DB–4fe2–9279–311CA10D582A} – C:WINDOWSsehlp.dll
O4 – HKLM..Run: [KernelFaultCheck] %systemroot%system32dumprep 0 –k
O4 – HKLM..Run: [CacheLoader] C:WINDOWSspwlo.exe
O4 – HKCU..Run: [CTFMON32] C:WINDOWSSystem32CTFMON32.EXE
O4 – HKCU..Run: [CSRSSU] C:WINDOWSSystem32CSRSSU.EXE

Zamknij procesy spwlo.exe, CTFMON32.EXE i CSRSSU.EXE oraz wszystkie okna IE, a następnie usuń wpisy:

gumis99999:

R0 – HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://default.home
R0 – HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://default.home
O2 – BHO: SEDP Class – {3BA765C2–08DB–4fe2–9279–311CA10D582A} – C:WINDOWSsehlp.dll
O4 – HKLM..Run: [CacheLoader] C:WINDOWSspwlo.exe
O4 – HKCU..Run: [CTFMON32] C:WINDOWSSystem32CTFMON32.EXE
O4 – HKCU..Run: [CSRSSU] C:WINDOWSSystem32CSRSSU.EXE

Zainstaluj Service Pack.