Prblem z wyskakującym oknie z reklamami o nazwie "CiD&q

kostek303 · 21 Czerwiec 2007 16:01

O to log z combo fix. Proszę o sprawdzenie.

ComboFix 07-06-21.3 - C:\Documents and Settings\admin\Pulpit\ComboFix.exe “admin” - 2007-06-21 17:55:09 - Dodatek Service Pack 2 NTFS ((((((((((((((((((((((((( Files Created from 2007-05-21 to 2007-06-21 ))))))))))))))))))))))))))))))) 2007-06-21 17:54 49,152 --a------ C:\WINDOWS\nircmd.exe 2007-06-21 17:54 2007-06-21 17:52 106 --a------ C:\delete.bat 2007-06-21 17:50 2007-06-20 17:36 90,112 --a------ C:\WINDOWS\system32\RegDACL.exe 2007-06-20 17:36 4,096 --a------ C:\WINDOWS\system32\reboot.exe 2007-06-20 17:36 21,542 --a------ C:\clean.bat 2007-06-20 08:23 2007-06-19 20:33 2007-06-19 20:33 2007-06-19 20:32 2007-06-18 21:54 2007-06-18 21:54 2007-06-18 21:53 2007-06-18 21:40 2007-06-18 21:40 2007-06-18 21:36 97,280 --a------ C:\WINDOWS\system32\ff_realaac.dll 2007-06-18 21:36 8,192 --a------ C:\WINDOWS\system32\FLT_ffdshow.dll 2007-06-18 21:36 79,872 --a------ C:\WINDOWS\system32\ff_tremor.dll 2007-06-18 21:36 741,376 --a------ C:\WINDOWS\system32\audxlib.dll 2007-06-18 21:36 673,782 --a------ C:\WINDOWS\system32\unins000.exe 2007-06-18 21:36 60,273 --a------ C:\WINDOWS\system32\pthreadGC2.dll 2007-06-18 21:36 6,656 --a------ C:\WINDOWS\system32\ffavisynth.dll 2007-06-18 21:36 51,216 --a------ C:\WINDOWS\system32\unins000.dat 2007-06-18 21:36 40,960 --a------ C:\WINDOWS\system32\ff_liba52.dll 2007-06-18 21:36 38,400 --a------ C:\WINDOWS\system32\ff_unrar.dll 2007-06-18 21:36 245,760 --a------ C:\WINDOWS\system32\ff_libfaad2.dll 2007-06-18 21:36 221,184 --a------ C:\WINDOWS\system32\ff_kernelDeint.dll 2007-06-18 21:36 200,704 --a------ C:\WINDOWS\system32\TomsMoComp_ff.dll 2007-06-18 21:36 20,480 --a------ C:\WINDOWS\system32\makeAVIS.exe 2007-06-18 21:36 155,648 --a------ C:\WINDOWS\system32\ff_libdts.dll 2007-06-18 21:36 122,880 --a------ C:\WINDOWS\system32\ff_samplerate.dll 2007-06-18 21:36 118,784 --a------ C:\WINDOWS\system32\ff_libmad.dll 2007-06-18 21:36 114,688 --a------ C:\WINDOWS\system32\libmpeg2_ff.dll 2007-06-18 21:36 10,752 --a------ C:\WINDOWS\system32\ff_vfw.dll 2007-06-18 21:36 2007-06-18 21:36 2007-06-18 21:22 2007-06-18 21:10 2007-06-18 20:43 2007-06-16 14:53 2007-06-13 19:16 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe 2007-06-13 19:16 2007-06-13 19:16 2007-06-13 19:05 2007-06-13 19:05 2007-06-11 23:37 24,816 --a------ C:\WINDOWS\system32\mdimon.dll 2007-06-11 23:35 2007-06-11 23:33 2007-06-11 21:55 2007-06-10 18:28 2007-06-10 18:26 639,224 --a------ C:\WINDOWS\system32\drivers\sptd.sys 2007-06-09 23:06 2007-06-09 22:32 2007-06-09 22:09 2007-06-09 22:06 2007-06-09 22:04 2007-06-09 22:04 2007-06-09 21:59 98,304 -ra------ C:\WINDOWS\system32\nvwrspt.dll 2007-06-09 21:59 98,304 -ra------ C:\WINDOWS\system32\nvwrsit.dll 2007-06-09 21:59 98,304 -ra------ C:\WINDOWS\system32\nvrsja.dll 2007-06-09 21:59 94,208 -ra------ C:\WINDOWS\system32\nvwrstr.dll 2007-06-09 21:59 94,208 -ra------ C:\WINDOWS\system32\nvwrssk.dll 2007-06-09 21:59 94,208 -ra------ C:\WINDOWS\system32\nvwrsru.dll 2007-06-09 21:59 94,208 -ra------ C:\WINDOWS\system32\nvwrsptb.dll 2007-06-09 21:59 94,208 -ra------ C:\WINDOWS\system32\nvwrspl.dll 2007-06-09 21:59 94,208 -ra------ C:\WINDOWS\system32\nvwrsnl.dll 2007-06-09 21:59 94,208 -ra------ C:\WINDOWS\system32\nvwrshu.dll 2007-06-09 21:59 94,208 -ra------ C:\WINDOWS\system32\nvrsko.dll 2007-06-09 21:59 90,112 -ra------ C:\WINDOWS\system32\nvwrssv.dll 2007-06-09 21:59 90,112 -ra------ C:\WINDOWS\system32\nvwrsno.dll 2007-06-09 21:59 86,016 -ra------ C:\WINDOWS\system32\nvwrssl.dll 2007-06-09 21:59 81,920 -ra------ C:\WINDOWS\system32\nvrszht.dll 2007-06-09 21:59 81,920 -ra------ C:\WINDOWS\system32\nvrszhc.dll 2007-06-09 21:59 77,824 -ra------ C:\WINDOWS\system32\nvwrshe.dll 2007-06-09 21:59 61,440 -ra------ C:\WINDOWS\system32\nvwrsko.dll 2007-06-09 21:59 61,440 -ra------ C:\WINDOWS\system32\nvwrsja.dll 2007-06-09 21:59 49,152 -ra------ C:\WINDOWS\system32\nvwrszht.dll 2007-06-09 21:59 49,152 -ra------ C:\WINDOWS\system32\nvwrszhc.dll 2007-06-09 21:59 266,240 -ra------ C:\WINDOWS\system32\nvrshe.dll 2007-06-09 21:59 135,168 -ra------ C:\WINDOWS\system32\nvrspt.dll 2007-06-09 21:59 135,168 -ra------ C:\WINDOWS\system32\nvrsit.dll 2007-06-09 21:59 131,072 -ra------ C:\WINDOWS\system32\nvrstr.dll 2007-06-09 21:59 131,072 -ra------ C:\WINDOWS\system32\nvrssk.dll 2007-06-09 21:59 131,072 -ra------ C:\WINDOWS\system32\nvrsru.dll 2007-06-09 21:59 131,072 -ra------ C:\WINDOWS\system32\nvrsptb.dll 2007-06-09 21:59 131,072 -ra------ C:\WINDOWS\system32\nvrsnl.dll 2007-06-09 21:59 131,072 -ra------ C:\WINDOWS\system32\nvrshu.dll 2007-06-09 21:59 126,976 -ra------ C:\WINDOWS\system32\nvrssv.dll 2007-06-09 21:59 126,976 -ra------ C:\WINDOWS\system32\nvrspl.dll 2007-06-09 21:59 122,880 -ra------ C:\WINDOWS\system32\nvrsno.dll 2007-06-09 21:59 1,290,240 -ra------ C:\WINDOWS\system32\nvrssl.dll 2007-06-09 21:58 98,304 -ra------ C:\WINDOWS\system32\nvwrses.dll 2007-06-09 21:58 94,208 -ra------ C:\WINDOWS\system32\nvwrsfr.dll 2007-06-09 21:58 94,208 -ra------ C:\WINDOWS\system32\nvwrsfi.dll 2007-06-09 21:58 94,208 -ra------ C:\WINDOWS\system32\nvwrsde.dll 2007-06-09 21:58 94,208 -ra------ C:\WINDOWS\system32\nvinstnt.dll 2007-06-09 21:58 90,112 -ra------ C:\WINDOWS\system32\nvwrsda.dll 2007-06-09 21:58 86,016 -ra------ C:\WINDOWS\system32\nvwrseng.dll 2007-06-09 21:58 86,016 -ra------ C:\WINDOWS\system32\nvwrscs.dll (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-06-17 18:21:16 509,952 ----a-w C:\WINDOWS\system32\ff_x264.dll 2007-06-17 18:21:16 403,968 ----a-w C:\WINDOWS\system32\libmplayer.dll 2007-06-17 18:21:16 3,146,752 ----a-w C:\WINDOWS\system32\libavcodec.dll 2007-06-17 18:21:16 26,624 ----a-w C:\WINDOWS\system32\ff_wmv9.dll 2007-06-17 18:21:16 143,360 ----a-w C:\WINDOWS\system32\ff_theora.dll 2007-06-14 09:42:09 49,492 ----a-w C:\WINDOWS\system32\perfc015.dat 2007-06-14 09:42:09 355,486 ----a-w C:\WINDOWS\system32\perfh015.dat 2007-06-09 10:54:06 -------- d-----w C:\Program Files\Usługi online 2007-04-25 14:23:30 144,896 ----a-w C:\WINDOWS\system32\schannel.dll 2007-04-18 16:14:32 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll 2007-04-16 20:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll 2007-04-13 13:19:52 7,680 ----a-w C:\WINDOWS\system32\lsdelete.exe 2007-03-27 01:39:14 20,480 ----a-w C:\WINDOWS\system32\ac3config.exe ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx [2001-03-02 12:02] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “Cmaudio”=“cmicnfg.cpl” [] “nod32kui”=“C:\Program Files\Eset\nod32kui.exe” [2007-06-09 14:17] “NvCplDaemon”=“NvQTwk” [] “nwiz”=“nwiz.exe” [2002-06-06 12:33 C:\WINDOWS\system32\nwiz.exe] “Ad-Watch”=“C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe” [2007-06-13 14:18] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “StatBar”=“C:\Program Files\Globe Software\StatBar\StatBar.exe” [2003-07-25 02:40] “Gadu-Gadu”=“C:\Program Files\Gadu-Gadu\gg.exe” [2007-05-10 16:36] “THEDUPE”=“C:\DOCUME~1\admin\DANEAP~1\PILEBE~1\four idol.exe” [2007-06-18 21:53] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\aawservice] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^WinZip Quick Pick.lnk] path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\WinZip Quick Pick.lnk backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools] “C:\Program Files\DAEMON Tools\daemon.exe” -lang 1033 [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] “C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam] C:\Program Files\Steam\Steam.exe -silent [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sXe Injected] C:\Program Files\sXe Injected\sXe Injected.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WheelMouse] C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe ************************************************************************** catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-06-21 17:56:51 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden files: 0 ************************************************************************** Completion time: 2007-06-21 17:57:28 — E O F —

slake · 21 Czerwiec 2007 19:18

Ogólnie jest w porządku.

Pokaż log z Hijacka i Silent Runners.