adkoz
29 Grudzień 2007 11:56
#1
Witam, mam problem z wyskakującymi reklamami CiD w IE. Normalnie używam Firefoxa, ale mimo wszystko wyskakują same okienka IE. Poczytałem już co nieco na ten temat i usunąłem ręcznie z pliku C:\WINDOWS\system32\drivers\etc wszystkie wpisy z końcówką “## added by CiD” (było ich bardzo dużo), przeskanowałem także Hijack This, mógłby ktoś zerknąć, czy jeszcze coś ewentualnie usunąć? Z góry dziękuję za pomoc.
Oto log:
Logfile of HijackThis v1.99.1 Scan saved at 12:23:19, on 2007-12-29 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\PROGRA~1\Wapster\AQQ\AQQ.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Konnekt\konnekt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Kalendarz XP\Kalendarz.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\DOCUME~1\Adam\USTAWI~1\Temp\Rar$EX00.609\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: SecureBrowsingBho Helper - {7632ABCA-B104-4fbc-9C70-419C4147061B} - C:\Program Files\Finjan Secure Browsing\bho.dll O3 - Toolbar: Finjan Secure Browsing - {B99F805C-F0B1-48EA-8C8B-753BFCBED913} - C:\Program Files\Finjan Secure Browsing\bho.dll O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM…\Run: [nwiz] nwiz.exe /install O4 - HKLM…\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM…\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM…\Run: [sunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe” O4 - HKLM…\Run: [TomTomHOME.exe] “C:\Program Files\TomTom HOME 2\HOMERunner.exe” -s O4 - HKLM…\Run: [WinampAgent] “C:\Program Files\Winamp\winampa.exe” O4 - HKLM…\Run: [Ante Software Log 16] C:\Documents and Settings\All Users\Dane aplikacji\glue type ante software\ref bash.exe O4 - HKCU…\Run: [AQQ] C:\PROGRA~1\Wapster\AQQ\AQQ.exe O4 - HKCU…\Run: [Konnekt] “C:\Program Files\Konnekt\konnekt.exe” /autostart O4 - HKCU…\Run: [Twoje TVN24] “C:\Program Files\Pasek TVN24\tvn-ustawienia.exe” O4 - HKCU…\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU…\Run: [Five Amen] C:\DOCUME~1\Adam\DANEAP~1\BUILDE~1\Cornsiteway.exe O4 - Global Startup: Kalendarz XP.lnk = C:\Program Files\Kalendarz XP\Kalendarz.exe O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000 O11 - Options group: [iNTERNATIONAL] International* O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - O16 - DPF: {3D8700FB-86A4-4CB4-B738-6F0FC016AC7D} (MainControl Class) - http://arcaonline.arcabit.com/ArcaOnline.cab O16 - DPF: {5DA9D8E0-5A57-11CF-9E36-00C0930198C0} (Pegasus ImagN’ 32-bit (Windowed) ActiveX Control v4.00) - http://83.3.120.50:1023/LNetCam.cab O16 - DPF: {62D6556A-808B-4322-A76F-B5DFF38D3DC5} (Media Class) - http://82.160.70.200/NVCTRLMEDIA.dll O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab O17 - HKLM\System\CCS\Services\Tcpip…{F4ABEA44-F93C-4D48-8551-724C172D93BE}: NameServer = 194.204.159.1,194.204.152.34 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
Gutek
29 Grudzień 2007 15:58
#2
O4 - HKLM\..\Run: [Ante Software Log 16] C:\Documents and Settings\All Users\Dane aplikacji\glue type ante software\ref bash.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} -
O16 - DPF: {62D6556A-808B-4322-A76F-B5DFF38D3DC5} (Media Class) - http://82.160.70.200/NVCTRLMEDIA.dll
usuń wpisy HJT
Użyj narzędzia NoLop
Daj log z ComboFix
adkoz
29 Grudzień 2007 16:54
#3
NoLop nic nie wykrył, oto log z ComboFix
ComboFix 07-12-21.4 - Adam 2007-12-29 11:52:49.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1045.18.183 [GMT 1:00] Running from: C:\Documents and Settings\Adam\Pulpit\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Adam\Dane aplikacji\milihk32.dll . ((((((((((((((((((((((((( Files Created from 2007-11-28 to 2007-12-29 ))))))))))))))))))))))))))))))) . 2007-12-28 11:46 . 2007-12-28 12:01 2007-12-28 11:33 . 2007-12-28 11:41 2007-12-23 12:27 . 2007-12-23 12:27 2007-12-23 12:25 . 2007-12-23 12:25 2007-12-23 12:25 . 2007-12-23 12:45 2007-12-21 16:03 . 2007-12-21 16:03 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2007-12-21 16:03 . 2007-12-21 16:03 1,409 --a------ C:\WINDOWS\QTFont.for 2007-12-21 10:45 . 2007-12-21 10:46 2007-12-21 10:45 . 2007-12-21 11:25 2007-12-13 17:08 . 2007-12-13 17:08 2007-12-12 20:00 . 2007-12-12 20:01 1,393 --a------ C:\WINDOWS\imsins.BAK 2007-12-08 11:22 . 2007-12-08 11:22 2007-12-08 11:22 . 2007-12-08 11:22 2007-12-08 11:22 . 2007-12-08 11:22 2007-12-08 10:27 . 2007-12-08 10:27 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-12-29 09:29 --------- d-----w C:\Program Files\Mozilla Thunderbird 2007-12-28 23:06 --------- d-----w C:\Program Files\Kalendarz XP 2007-12-27 19:39 --------- d-----w C:\Documents and Settings\Adam\Dane aplikacji\Skype 2007-12-27 19:25 --------- d-----w C:\Documents and Settings\Adam\Dane aplikacji\skypePM 2007-12-23 13:11 --------- d-----w C:\Program Files\eSkiMoS R2 2007-12-23 11:27 --------- d-----w C:\Documents and Settings\Adam\Dane aplikacji\Build Each User 2007-12-09 20:42 --------- d-----w C:\Program Files\Lightning Download 2007-12-08 09:27 --------- d-----w C:\Program Files\Common Files\Xing Shared 2007-12-08 09:22 4,229,496 ----a-w C:\WINDOWS\system32\SpoonUninstall.exe 2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys 2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys 2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys 2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys 2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys 2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe 2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr 2007-11-28 15:39 --------- d-----w C:\Program Files\Pasek TVN24 2007-11-26 21:16 32 ----a-w C:\Documents and Settings\All Users\Dane aplikacji\ezsid.dat 2007-11-26 21:16 --------- d-----w C:\Program Files\Skype 2007-11-26 21:16 --------- d-----w C:\Program Files\Common Files\Skype 2007-11-26 21:16 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Skype 2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys 2007-10-29 22:44 1,291,264 ----a-w C:\WINDOWS\system32\quartz.dll 2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll 2007-02-04 20:48 20,200 -c–a-w C:\Documents and Settings\Adam\Dane aplikacji\GDIPFONTCACHEV1.DAT . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “AQQ”=“C:\PROGRA~1\Wapster\AQQ\AQQ.exe” [2007-02-28 13:18] “Konnekt”=“C:\Program Files\Konnekt\konnekt.exe” [2005-05-24 22:41] “Twoje TVN24”=“C:\Program Files\Pasek TVN24\tvn-ustawienia.exe” [2007-11-27 17:06] “ctfmon.exe”=“C:\WINDOWS\system32\ctfmon.exe” [2006-03-02 13:00] “Five Amen”=“C:\DOCUME~1\Adam\DANEAP~1\BUILDE~1\Cornsiteway.exe” [2007-12-23 12:25] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “NvCplDaemon”=“RUNDLL32.exe” [2006-03-02 13:00 C:\WINDOWS\system32\rundll32.exe] “nwiz”=“nwiz.exe” [2003-05-03 00:19 C:\WINDOWS\system32\nwiz.exe] “NeroFilterCheck”=“C:\WINDOWS\system32\NeroCheck.exe” [2001-07-09 09:50] “avast!”=“C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [2007-12-04 14:00] “SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe” [2007-09-25 00:11] “TomTomHOME.exe”=“C:\Program Files\TomTom HOME 2\HOMERunner.exe” [2007-08-15 15:59] “WinampAgent”=“C:\Program Files\Winamp\winampa.exe” [] “Ante Software Log 16”=“C:\Documents and Settings\All Users\Dane aplikacji\glue type ante software\ref bash.exe” [2007-12-29 10:00] [HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE” [2006-03-02 13:00] C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\ Kalendarz XP.lnk - C:\Program Files\Kalendarz XP\Kalendarz.exe [2007-02-10 11:26:55] Microsoft Office.lnk - D:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 09:01:04] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] “NoResolveSearch”= 1 (0x1) R1 VIAPFD;VIAPFD;C:\WINDOWS\system32\Drivers\VIAPFD.SYS [2001-12-18 14:45] R3 RT2400;RT2400 Wireless Driver;C:\WINDOWS\system32\DRIVERS\RT2400.sys [2004-04-22 10:57] R3 V0260VID;Live! Cam Vista IM;C:\WINDOWS\system32\DRIVERS\V0260Vid.sys [2006-04-01 16:16] S3 k600bus;Sony Ericsson 600i driver (WDM);C:\WINDOWS\system32\DRIVERS\k600bus.sys [2005-05-11 12:12] S3 k600mdfl;Sony Ericsson 600i USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\k600mdfl.sys [2005-05-11 12:12] S3 k600mdm;Sony Ericsson 600i USB WMC Modem Drivers;C:\WINDOWS\system32\DRIVERS\k600mdm.sys [2005-05-11 12:12] S3 k600mgmt;Sony Ericsson 600i USB WMC Device Management Drivers;C:\WINDOWS\system32\DRIVERS\k600mgmt.sys [2005-05-11 12:12] S3 k600obex;Sony Ericsson 600i USB WMC OBEX Interface Drivers;C:\WINDOWS\system32\DRIVERS\k600obex.sys [2005-05-11 12:12] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{fa64fd02-7e8a-11dc-b51f-0080c6e69ded}] \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe \Shell\Open(&0)\command - Recycled\ctfmon.exe *Newly Created Service* - CATCHME *Newly Created Service* - PROCEXP90 . Contents of the ‘Scheduled Tasks’ folder “2007-12-29 10:00:01 C:\WINDOWS\Tasks\A36772DF91B8E3EF.job” - c:\docume~1\adam\daneap~1\builde~1\deafcopysect.exe . ************************************************************************** catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-12-29 11:54:28 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-12-29 11:55:00 . 2007-12-12 19:02:44 — E O F —
Gutek
29 Grudzień 2007 18:09
#4
Wklej do Notatnika:
Folder::
C:\Documents and Settings\All Users\Dane aplikacji\glue type ante software
C:\DOCUME~1\Adam\DANEAP~1\BUILDE~1
Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Five Amen"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Ante Software Log 16"=-
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2]
>>Plik>>Zapisz jako… >>> CFScript (najwygodniej będzie, jeśli zapiszesz w takiej lokalizacji, by ikonka CFScript.txt znalazła się obok ikonki ComboFix.exe )
Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe (czyli ikonkę CFScript.txt na ikonkę ComboFix.exe )
– podobnie jak na tym obrazku –>
(jeśli pojawi się pytanie " 1 or 2 " - to wpisz 1 i naciśnij ENTER) Ma się rozpocząć usuwanie. (i powstanie log)
Po restarcie usuń ręcznie folder C: * * Qoobox**.
Po tym nowy log z Combo
adkoz
29 Grudzień 2007 22:57
#5
Zgodnie z zaleceniami wykonałem i wklejam aktualny log
ComboFix 07-12-21.4 - Adam 2007-12-29 23:51:59.3 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1045.18.229 [GMT 1:00] Running from: C:\Documents and Settings\Adam\Pulpit\ComboFix.exe . ((((((((((((((((((((((((( Files Created from 2007-11-28 to 2007-12-29 ))))))))))))))))))))))))))))))) . 2007-12-29 17:55 . 2007-12-29 17:55 2007-12-29 17:43 . 2007-12-29 17:43 106 --a------ C:\delete.bat 2007-12-29 12:00 . 2007-12-29 12:02 2007-12-28 11:46 . 2007-12-29 13:26 2007-12-28 11:33 . 2007-12-28 11:41 2007-12-23 12:25 . 2007-12-23 12:45 2007-12-21 16:03 . 2007-12-21 16:03 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2007-12-21 16:03 . 2007-12-21 16:03 1,409 --a------ C:\WINDOWS\QTFont.for 2007-12-21 10:45 . 2007-12-21 10:46 2007-12-21 10:45 . 2007-12-21 11:25 2007-12-08 11:22 . 2007-12-08 11:22 2007-12-08 11:22 . 2007-12-08 11:22 2007-12-08 11:22 . 2007-12-08 11:22 2007-12-08 10:27 . 2007-12-08 10:27 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-12-29 16:40 --------- d-----w C:\Program Files\Common Files\Teleca Shared 2007-12-29 12:48 --------- d-----w C:\Program Files\Kalendarz XP 2007-12-29 11:38 --------- d-----w C:\Program Files\Mozilla Thunderbird 2007-12-27 19:39 --------- d-----w C:\Documents and Settings\Adam\Dane aplikacji\Skype 2007-12-27 19:25 --------- d-----w C:\Documents and Settings\Adam\Dane aplikacji\skypePM 2007-12-23 13:11 --------- d-----w C:\Program Files\eSkiMoS R2 2007-12-09 20:42 --------- d-----w C:\Program Files\Lightning Download 2007-12-08 09:27 --------- d-----w C:\Program Files\Common Files\Xing Shared 2007-12-08 09:22 4,229,496 ----a-w C:\WINDOWS\system32\SpoonUninstall.exe 2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys 2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys 2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys 2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys 2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys 2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe 2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr 2007-11-28 15:39 --------- d-----w C:\Program Files\Pasek TVN24 2007-11-26 21:16 32 ----a-w C:\Documents and Settings\All Users\Dane aplikacji\ezsid.dat 2007-11-26 21:16 --------- d-----w C:\Program Files\Skype 2007-11-26 21:16 --------- d-----w C:\Program Files\Common Files\Skype 2007-11-26 21:16 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Skype 2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys 2007-10-29 22:44 1,291,264 ----a-w C:\WINDOWS\system32\quartz.dll 2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll 2007-02-04 20:48 20,200 -c–a-w C:\Documents and Settings\Adam\Dane aplikacji\GDIPFONTCACHEV1.DAT . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “AQQ”=“C:\PROGRA~1\Wapster\AQQ\AQQ.exe” [2007-02-28 13:18] “Konnekt”=“C:\Program Files\Konnekt\konnekt.exe” [2005-05-24 22:41] “Twoje TVN24”=“C:\Program Files\Pasek TVN24\tvn-ustawienia.exe” [2007-11-27 17:06] “ctfmon.exe”=“C:\WINDOWS\system32\ctfmon.exe” [2006-03-02 13:00] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “NvCplDaemon”=“RUNDLL32.exe” [2006-03-02 13:00 C:\WINDOWS\system32\rundll32.exe] “nwiz”=“nwiz.exe” [2003-05-03 00:19 C:\WINDOWS\system32\nwiz.exe] “NeroFilterCheck”=“C:\WINDOWS\system32\NeroCheck.exe” [2001-07-09 09:50] “avast!”=“C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [2007-12-04 14:00] “TomTomHOME.exe”=“C:\Program Files\TomTom HOME 2\HOMERunner.exe” [2007-08-15 15:59] “SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe” [2007-09-25 00:11] [HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE” [2006-03-02 13:00] C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\ Kalendarz XP.lnk - C:\Program Files\Kalendarz XP\Kalendarz.exe [2007-02-10 11:26:55] Microsoft Office.lnk - D:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 09:01:04] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] “NoResolveSearch”= 1 (0x1) R1 VIAPFD;VIAPFD;C:\WINDOWS\system32\Drivers\VIAPFD.SYS [2001-12-18 14:45] R3 RT2400;RT2400 Wireless Driver;C:\WINDOWS\system32\DRIVERS\RT2400.sys [2004-04-22 10:57] R3 V0260VID;Live! Cam Vista IM;C:\WINDOWS\system32\DRIVERS\V0260Vid.sys [2006-04-01 16:16] S3 k600bus;Sony Ericsson 600i driver (WDM);C:\WINDOWS\system32\DRIVERS\k600bus.sys [2005-05-11 12:12] S3 k600mdfl;Sony Ericsson 600i USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\k600mdfl.sys [2005-05-11 12:12] S3 k600mdm;Sony Ericsson 600i USB WMC Modem Drivers;C:\WINDOWS\system32\DRIVERS\k600mdm.sys [2005-05-11 12:12] S3 k600mgmt;Sony Ericsson 600i USB WMC Device Management Drivers;C:\WINDOWS\system32\DRIVERS\k600mgmt.sys [2005-05-11 12:12] S3 k600obex;Sony Ericsson 600i USB WMC OBEX Interface Drivers;C:\WINDOWS\system32\DRIVERS\k600obex.sys [2005-05-11 12:12] . ************************************************************************** catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-12-29 23:53:20 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-12-29 23:53:56 . 2007-12-29 16:55:20 — E O F —
adkoz
30 Grudzień 2007 09:34
#7
Problem usunięty, bo póki co nic nie wyskakuje. Dzięki serdeczne
