Ads served by Adssite


(Djdarcco) #1

proszę o prześledzenie moich logów .Mam problem wyskakująca strona j/w której nie można zamknąć.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 16:21:28, on 2008-02-12

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

C:\WINDOWS\Explorer.EXE

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

C:\Program Files\NetLimiter 2 Pro\nlsvc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\PnkBstrB.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\System32\vssvc.exe

C:\Program Files\Analog Devices\SoundMAX\Smax4.exe

C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\PROGRA~1\Grisoft\AVG7\avgcc.exe

C:\WINDOWS\system32\dllhost.exe

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe

D:\Program Files\Picasa2\PicasaMediaDetector.exe

D:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\Bandwidth Monitor Pro\Bandwidth Monitor Pro.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\WINDOWS\system32\ctfmon.exe

D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

D:\Program Files\Gadu-Gadu\gg.exe

C:\Program Files\NetLimiter 2 Pro\NLClient.exe

C:\Program Files\Skype\Plugin Manager\SkypePM.exe

C:\Program Files\Mozilla Thunderbird\thunderbird.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.daemonsearch.com/intl/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: MEGAUPLOADTOOLBAR - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL

O2 - BHO: Alcohol Toolbar Helper - {52D06F97-5511-43FA-8FDA-C481864FD26E} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll

O3 - Toolbar: Alcohol Toolbar - {4C4E7CDB-5BFC-4D74-83E2-8AE659B7EDA2} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll

O3 - Toolbar: MEGAUPLOADTOOLBAR - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL

O4 - HKLM..\Run: [soundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray

O4 - HKLM..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot

O4 - HKLM..\Run: [Ai Nap] "C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe"

O4 - HKLM..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe

O4 - HKLM..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"

O4 - HKLM..\Run: [Picasa Media Detector] D:\Program Files\Picasa2\PicasaMediaDetector.exe

O4 - HKLM..\Run: [CloneCDTray] "D:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s

O4 - HKLM..\Run: [VirtualCloneDrive] "D:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s

O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM..\Run: [nwiz] nwiz.exe /install

O4 - HKLM..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKCU..\Run: [bandwidth Monitor Pro] "C:\Program Files\Bandwidth Monitor Pro\Bandwidth Monitor Pro.exe" /minimized

O4 - HKCU..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU..\Run: [HEXelon MAX] "D:\Program Files\HEXelon MAX 6\hexelon.exe" /auto

O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU..\Run: [spybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU..\Run: [Gadu-Gadu] "D:\Program Files\Gadu-Gadu\gg.exe" /tray

O4 - HKUS\S-1-5-19..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')

O4 - HKUS\S-1-5-19..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'USŁUGA LOKALNA')

O4 - HKUS\S-1-5-20..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')

O4 - HKUS\S-1-5-18..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS.DEFAULT..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Program Files\MP3 Player Utilities 4.00\AMVConverter\grab.html

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.00\MediaManager\grab.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: khfcddd - khfcddd.dll (file missing)

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: MSSQL$SONY_MEDIAMGR - Unknown owner - C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe (file missing)

O23 - Service: NetLimiter (nlsvc) - Locktime Software - C:\Program Files\NetLimiter 2 Pro\nlsvc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - D:\Program Files\Spyware Doctor\svcntaux.exe

O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - D:\Program Files\Spyware Doctor\swdsvc.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: SQLAgent$SONY_MEDIAMGR - Unknown owner - C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE (file missing)

--

End of file - 8685 bytes


(Arekmalek) #2

FIX

DAJ LOG Z COMBOFIX

ODINSTALUJ MEGAUPLOAD TOOLBAR


(Djdarcco) #3

oto log z combofixa------------poradzcie co mi tam siedzi

ComboFix 08-02-13.1 - Admin 2008-02-13 18:31:27.3 - FAT32 x86

Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.494 [GMT 1:00]

Running from: C:\Documents and Settings\Admin\Pulpit\ComboFix(2).exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED!!

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

---- Previous Run -------

.

C:\WINDOWS\PSEXESVC.EXE

.

((((((((((((((((((((((((( Files Created from 2008-01-13 to 2008-02-13 )))))))))))))))))))))))))))))))

.

2008-02-13 18:31 . 2008-02-12 17:58

2008-02-12 16:21 . 2008-02-12 16:21

2008-02-11 17:51 . 2008-02-11 17:51 6 --a------ C:\WINDOWS\tmptmp.tmp

2008-02-11 14:46 . 2005-05-11 04:05 7,207 -ra------ C:\WINDOWS\Disktool.INI

2008-02-11 14:46 . 2005-05-11 04:12 6,565 -ra------ C:\WINDOWS\fwupgrade.ini

2008-02-11 14:46 . 2005-05-16 10:34 5,870 -ra------ C:\WINDOWS\GenAmvTool.INI

2008-02-11 14:46 . 2004-05-12 03:28 3,677 -ra------ C:\WINDOWS\SoundCon.INI

2008-02-11 12:40 . 2008-02-11 14:20 72 --a------ C:\WINDOWS\MediaManager.INI

2008-02-11 12:28 . 2008-02-11 12:28

2008-02-11 12:25 . 2008-02-11 12:25

2008-02-09 17:06 . 2008-02-11 19:06 80,090 --a------ C:\WINDOWS\system32\adssite-remove.exe

2008-02-07 19:51 . 2008-02-07 19:51

2008-02-07 19:51 . 2008-02-07 19:51

2008-02-07 19:48 . 2008-02-07 19:48

2008-01-29 16:09 . 2008-01-29 16:09

2008-01-29 14:58 . 2007-12-17 13:53 159,458 --a------ C:\WINDOWS\system32\nvapps.nvb

2008-01-29 14:52 . 2008-01-29 14:52

2008-01-28 20:14 . 2008-01-28 20:14

2008-01-26 15:13 . 2008-01-26 15:13

2008-01-25 11:33 . 2008-01-25 11:33 46,300 --a------ C:\WINDOWS\system32\AdssiteSocial-uninstall.exe

2008-01-20 15:52 . 2008-01-20 15:52

2008-01-16 19:49 . 2008-01-16 19:49

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-02-13 17:18 3,632 ----a-w C:\WINDOWS\system32\PerfStringBackup.TMP

2008-02-13 17:14 1,609,306,112 --sha-w C:\pagefile.sys

2008-01-08 18:33 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll

2008-01-08 18:09 278,984 ----a-w C:\WINDOWS\system32\drivers\atksgt.sys

2008-01-08 18:09 25,416 ----a-w C:\WINDOWS\system32\drivers\lirsgt.sys

2008-01-08 17:40 --------- d-----w C:\Program Files\Common Files\COWON

2008-01-04 17:58 32 ----a-w C:\Documents and Settings\All Users\Dane aplikacji\ezsid.dat

2008-01-04 17:58 --------- d-----w C:\Documents and Settings\Admin\Dane aplikacji\skypePM

2008-01-04 17:57 --------- d-----w C:\Program Files\Common Files\Skype

2008-01-02 18:21 17,642,616 ----a-w C:\WINDOWS\system32\MRT.exe

2007-12-29 17:11 217,088 ----a-w C:\WINDOWS\system32\srkey.exe

2007-12-29 17:09 --------- d-----w C:\Documents and Settings\Admin\Dane aplikacji\Leadertech

2007-12-20 16:37 77,353 ----a-w C:\WINDOWS\system32\adssite_sidebar_uninstall.exe

2007-12-19 17:35 10,760 ----a-w C:\WINDOWS\system32\drivers\avgclean.sys

2007-12-05 15:38 22,328 ----a-w C:\Documents and Settings\Admin\Dane aplikacji\PnkBstrK.sys

2007-12-05 15:36 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe

2007-12-05 15:36 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe

2007-12-05 01:53 356,352 ----a-w C:\WINDOWS\system32\NVUNINST.EXE

2007-12-05 00:41 81,920 ----a-w C:\WINDOWS\system32\nvwddi.dll

2007-12-05 00:41 81,920 ------w C:\WINDOWS\system32\nvmctray.dll

2007-12-05 00:41 8,523,776 ------w C:\WINDOWS\system32\nvcpl.dll

2007-12-05 00:41 753,664 ----a-w C:\WINDOWS\system32\nvcplui.exe

2007-12-05 00:41 7,435,392 ----a-w C:\WINDOWS\system32\dllcache\nv4_mini.sys

2007-12-05 00:41 6,901,760 ----a-w C:\WINDOWS\system32\nvoglnt.dll

2007-12-05 00:41 6,549,504 ----a-w C:\WINDOWS\system32\nvdisps.dll

2007-12-05 00:41 5,773,568 ----a-w C:\WINDOWS\system32\dllcache\nv4_disp.dll

2007-12-05 00:41 5,773,568 ------w C:\WINDOWS\system32\nv4_disp.dll

2007-12-05 00:41 5,611,520 ----a-w C:\WINDOWS\system32\nvdispsr.dll

2007-12-05 00:41 466,944 ----a-w C:\WINDOWS\system32\nvshell.dll

2007-12-05 00:41 458,752 ----a-w C:\WINDOWS\system32\nvmccssr.dll

2007-12-05 00:41 45,056 ----a-w C:\WINDOWS\system32\nvmccsrs.dll

2007-12-05 00:41 442,368 ----a-w C:\WINDOWS\system32\nvappbar.exe

2007-12-05 00:41 425,984 ----a-w C:\WINDOWS\system32\keystone.exe

2007-12-05 00:41 385,024 ------w C:\WINDOWS\system32\nvapi.dll

2007-12-05 00:41 356,352 ----a-w C:\WINDOWS\system32\nvudisp.exe

2007-12-05 00:41 35,328 ----a-w C:\WINDOWS\system32\nvcodins.dll

2007-12-05 00:41 35,328 ------w C:\WINDOWS\system32\nvcod.dll

2007-12-05 00:41 335,872 ----a-w C:\WINDOWS\system32\nvwrses.dll

2007-12-05 00:41 335,872 ----a-w C:\WINDOWS\system32\nvwrsel.dll

2007-12-05 00:41 327,680 ----a-w C:\WINDOWS\system32\nvwrsfr.dll

2007-12-05 00:41 327,680 ----a-w C:\WINDOWS\system32\nvwrsesm.dll

2007-12-05 00:41 327,680 ----a-w C:\WINDOWS\system32\nvrshe.dll

2007-12-05 00:41 327,680 ----a-w C:\WINDOWS\system32\nvrsar.dll

2007-12-05 00:41 323,584 ----a-w C:\WINDOWS\system32\nvwrspt.dll

2007-12-05 00:41 323,584 ----a-w C:\WINDOWS\system32\nvwrsit.dll

2007-12-05 00:41 319,488 ----a-w C:\WINDOWS\system32\nvwrsptb.dll

2007-12-05 00:41 319,488 ----a-w C:\WINDOWS\system32\nvwrsnl.dll

2007-12-05 00:41 315,392 ----a-w C:\WINDOWS\system32\nvwrsru.dll

2007-12-05 00:41 315,392 ----a-w C:\WINDOWS\system32\nvwrshu.dll

2007-12-05 00:41 311,296 ----a-w C:\WINDOWS\system32\nvwrsde.dll

2007-12-05 00:41 307,200 ----a-w C:\WINDOWS\system32\nvexpbar.dll

2007-12-05 00:41 303,104 ----a-w C:\WINDOWS\system32\nvwrstr.dll

2007-12-05 00:41 303,104 ----a-w C:\WINDOWS\system32\nvwrssl.dll

2007-12-05 00:41 303,104 ----a-w C:\WINDOWS\system32\nvwrsfi.dll

2007-12-05 00:41 3,715,072 ----a-w C:\WINDOWS\system32\nvvitvsr.dll

2007-12-05 00:41 3,710,976 ----a-w C:\WINDOWS\system32\nvvitvs.dll

2007-12-05 00:41 3,420,160 ----a-w C:\WINDOWS\system32\nvgames.dll

2007-12-05 00:41 3,334,144 ----a-w C:\WINDOWS\system32\nvgamesr.dll

2007-12-05 00:41 299,008 ----a-w C:\WINDOWS\system32\nvwrssk.dll

2007-12-05 00:41 299,008 ----a-w C:\WINDOWS\system32\nvwrsno.dll

2007-12-05 00:41 294,912 ----a-w C:\WINDOWS\system32\nvwrssv.dll

2007-12-05 00:41 294,912 ----a-w C:\WINDOWS\system32\nvwrspl.dll

2007-12-05 00:41 294,912 ----a-w C:\WINDOWS\system32\nvwrsda.dll

2007-12-05 00:41 290,816 ----a-w C:\WINDOWS\system32\nvwrsth.dll

2007-12-05 00:41 286,720 ----a-w C:\WINDOWS\system32\nvwrseng.dll

2007-12-05 00:41 286,720 ----a-w C:\WINDOWS\system32\nvwrscs.dll

2007-12-05 00:41 286,720 ----a-w C:\WINDOWS\system32\nvnt4cpl.dll

2007-12-05 00:41 282,624 ----a-w C:\WINDOWS\system32\nvwrsar.dll

2007-12-05 00:41 282,624 ----a-w C:\WINDOWS\system32\nvrsfr.dll

2007-12-05 00:41 282,624 ----a-w C:\WINDOWS\system32\nvrses.dll

2007-12-05 00:41 282,624 ----a-w C:\WINDOWS\system32\nvrsel.dll

2007-12-05 00:41 278,528 ----a-w C:\WINDOWS\system32\nvwrshe.dll

2007-12-05 00:41 278,528 ----a-w C:\WINDOWS\system32\nvrsit.dll

2007-12-05 00:41 278,528 ----a-w C:\WINDOWS\system32\nvrsde.dll

2007-12-05 00:41 274,432 ----a-w C:\WINDOWS\system32\nvrspt.dll

2007-12-05 00:41 274,432 ----a-w C:\WINDOWS\system32\nvrsnl.dll

2007-12-05 00:41 274,432 ----a-w C:\WINDOWS\system32\nvrsesm.dll

2007-12-05 00:41 270,336 ----a-w C:\WINDOWS\system32\nvrsru.dll

2007-12-05 00:41 266,240 ----a-w C:\WINDOWS\system32\nvrsptb.dll

2007-12-05 00:41 266,240 ----a-w C:\WINDOWS\system32\nvrsja.dll

2007-12-05 00:41 258,048 ----a-w C:\WINDOWS\system32\nvrstr.dll

2007-12-05 00:41 258,048 ----a-w C:\WINDOWS\system32\nvrssl.dll

2007-12-05 00:41 258,048 ----a-w C:\WINDOWS\system32\nvrssk.dll

2007-12-05 00:41 258,048 ----a-w C:\WINDOWS\system32\nvrsko.dll

2007-12-05 00:41 258,048 ----a-w C:\WINDOWS\system32\nvrshu.dll

2007-12-05 00:41 253,952 ----a-w C:\WINDOWS\system32\nvrsth.dll

2007-12-05 00:41 253,952 ----a-w C:\WINDOWS\system32\nvrssv.dll

2007-12-05 00:41 253,952 ----a-w C:\WINDOWS\system32\nvrspl.dll

2007-12-05 00:41 253,952 ----a-w C:\WINDOWS\system32\nvrsno.dll

2007-12-05 00:41 253,952 ----a-w C:\WINDOWS\system32\nvrsda.dll

2007-12-05 00:41 249,856 ----a-w C:\WINDOWS\system32\nvrsfi.dll

2007-12-05 00:41 249,856 ----a-w C:\WINDOWS\system32\nvrscs.dll

2007-12-05 00:41 245,760 ----a-w C:\WINDOWS\system32\nvrseng.dll

2007-12-05 00:41 229,376 ----a-w C:\WINDOWS\system32\nvmccs.dll

2007-12-05 00:41 225,280 ----a-w C:\WINDOWS\system32\nvrszhc.dll

2007-12-05 00:41 212,992 ----a-w C:\WINDOWS\system32\nvwrsja.dll

2007-12-05 00:41 2,854,912 ----a-w C:\WINDOWS\system32\nvmoblsr.dll

2007-12-05 00:41 2,519,040 ----a-w C:\WINDOWS\system32\nvwssr.dll

2007-12-05 00:41 2,498,560 ----a-w C:\WINDOWS\system32\nvwss.dll

2007-12-05 00:41 196,608 ----a-w C:\WINDOWS\system32\nvwrsko.dll

2006-11-27 16:56 848 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Bandwidth Monitor Pro"="C:\Program Files\Bandwidth Monitor Pro\Bandwidth Monitor Pro.exe" [2006-10-04 15:09 187904]

"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-12-07 15:08 21686568]

"HEXelon MAX"="D:\Program Files\HEXelon MAX 6\hexelon.exe" []

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 22:44 15360]

"SpybotSD TeaTimer"="D:\Program Files\Spybot - Search Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

"Gadu-Gadu"="D:\Program Files\Gadu-Gadu\gg.exe" [2007-11-14 11:54 2131392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2006-05-18 14:26 729088]

"JMB36X Configure"="C:\WINDOWS\system32\JMRaidTool.exe" [2006-06-02 10:45 385024]

"Ai Nap"="C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe" [2006-07-10 15:49 1093632]

"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 20:24 32768]

"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-12-19 18:34 579072]

"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-05-18 08:22 843776]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" [2006-12-15 03:23 75520]

"Picasa Media Detector"="D:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-06-16 00:15 366400]

"CloneCDTray"="D:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" []

"VirtualCloneDrive"="D:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2006-04-29 14:21 94208]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]

"nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe]

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920]

[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 22:44 15360]

"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-26 18:35 219136]

"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-11-09 17:15 1634304]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\khfcddd]

khfcddd.dll

R1 nltdi;nltdi;C:\WINDOWS\system32\drivers\nltdi.sys [2006-09-13 23:01]

S3 BENDER;Pinnacle AV/DV2 Capture;C:\WINDOWS\system32\drivers\bender.sys [2005-08-18 19:43]

.

**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-02-13 18:31:55

Windows 5.1.2600 Dodatek Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.


(Gutek) #4

Pobierz program SDFix

-


(Djdarcco) #5

SDFix: Version 1.142

Run by Administrator on 2008-02-15 at 19:32

Microsoft Windows XP [Wersja 5.1.2600]

Running From: C:\SDFix

Safe Mode:

Checking Services:

Restoring Windows Registry Values

Restoring Windows Default Hosts File

Rebooting...

Normal Mode:

Checking Files:

No Trojan Files Found

Removing Temp Files...

ADS Check:

Final Check:

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-02-15 19:38:39

Windows 5.1.2600 Dodatek Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden processes: 0

hidden services: 0

hidden files: 0

Remaining Services:


Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"D:\Program Files\Gadu-Gadu\gg.exe"="D:\Program Files\Gadu-Gadu\gg.exe:*:Enabled:Gadu-Gadu - program główny"

"C:\Documents and Settings\Admin\Pulpit\emule.exe"="C:\Documents and Settings\Admin\Pulpit\emule.exe:*:Enabled:eMule"

"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

Remaining Files:


Files with Hidden Attributes:

Tue 8 Jan 2008 0 ..SH. --- "C:\WINDOWS\SFE130324.tmp"

Mon 27 Nov 2006 848 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys"

Mon 19 Feb 2007 25,600 ...H. --- "C:\Documents and Settings\Admin\Moje dokumenty\~WRL1810.tmp"

Mon 19 Feb 2007 27,136 ...H. --- "C:\Documents and Settings\Admin\Moje dokumenty\~WRL2950.tmp"

Mon 19 Feb 2007 27,136 ...H. --- "C:\Documents and Settings\Admin\Moje dokumenty\~WRL3085.tmp"

Mon 19 Feb 2007 27,648 ...H. --- "C:\Documents and Settings\Admin\Moje dokumenty\~WRL1589.tmp"

Mon 19 Feb 2007 28,672 ...H. --- "C:\Documents and Settings\Admin\Moje dokumenty\~WRL2492.tmp"

Finished!


(jessica) #6

Wklej do Notatnika :

File::

C:\WINDOWS\system32\adssite-remove.exe

C:\WINDOWS\system32\AdssiteSocial-uninstall.exe

C:\WINDOWS\system32\adssite_sidebar_uninstall.exe

>>Plik>>Zapisz jako... >>> CFScript

Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe

– podobnie jak na tym obrazku -->88953CFScript-createdbyMiekiemoes.gif

Ma się rozpocząć usuwanie. (i powstanie log).

Daj ten log, który powstanie w trakcie usuwania.

Log wklej na http://wklej.org/, a w poście daj tylko link.(czyli skopiuj adres z paska adresów)

Jeśli pójdzie dobrze, to:

Po restarcie usuń ręcznie folder C: **** Qoobox.

Sprawdź go na -- http://virusscan.jotti.org/

albo na http://www.virustotal.com/en/indexf.html.

EDIT:

Nie odpowiem na PW, bo właśnie przed chwilą odkryłam, że zostałam wykluczona z Forum (choć nie jest dla mnie jasne, za co?).

Może ktoś inny Ci pomoże?

jessi