Problem z reklamami CiD

jarba · 3 Październik 2007 06:25

Witam

Od paru dni zaczęły mi wyskakiwać niechciane reklamy CiD.

Użyłem NoLop ale nic nie znalazł chyba.

wyczyściłem C:\WINDOWS\system32\drivers\etc\hosts

i nadal mam wyskakujace niespodzianki

prosze pomóżcie zamieszczam logi:

ComboFix 07-10-03.7 - Boranta 2007-10-03 8:13:39.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.586 [GMT 2:00] Running from: C:\Documents and Settings\Boranta\Pulpit\infekcja\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((( Files Created from 2007-09-03 to 2007-10-03 ))))))))))))))))))))))))))))))) . 2007-10-03 08:09 106 --a------ C:\delete.bat 2007-10-01 07:36 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-10-01 07:12 2007-09-25 15:15 2007-09-25 15:15 2007-09-25 15:14 2007-09-25 08:35 2007-09-21 11:50 120,056 --------- C:\WINDOWS\system32\pxcpyi64.exe 2007-09-21 11:50 118,520 --------- C:\WINDOWS\system32\pxinsi64.exe 2007-09-21 11:50 2007-09-17 20:23 823,296 --a------ C:\WINDOWS\system32\divx_xx0c.dll 2007-09-17 20:23 823,296 --a------ C:\WINDOWS\system32\divx_xx07.dll 2007-09-17 20:22 802,816 --a------ C:\WINDOWS\system32\divx_xx11.dll 2007-09-17 20:22 739,840 --a------ C:\WINDOWS\system32\DivX.dll 2007-09-12 01:14 156,992 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe 2007-09-11 08:19 2007-09-11 08:19 2007-09-07 18:57 2007-09-07 18:41 80,896 --a------ C:\WINDOWS\system32\dllcache\charmap.exe 2007-09-07 18:41 80,896 --a------ C:\WINDOWS\system32\charmap.exe 2007-09-07 18:41 605,696 --a------ C:\WINDOWS\system32\getuname.dll 2007-09-07 18:41 605,696 --a------ C:\WINDOWS\system32\dllcache\getuname.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-10-02 11:10 --------- d-------- C:\Documents and Settings\Boranta\Dane aplikacji\uTorrent 2007-10-01 16:45 --------- d-------- C:\Documents and Settings\Boranta\Dane aplikacji\OpenOffice.ux.pl2 2007-09-19 12:18 --------- d-------- C:\Program Files\KodyPocztowe 2007-09-17 07:39 --------- d-------- C:\Program Files\IE7Pro 2007-09-17 07:39 --------- d-------- C:\Documents and Settings\Boranta\Dane aplikacji\IE7pro 2007-09-13 18:35 --------- d-------- C:\Program Files\TuneUp Utilities 2007 2007-09-04 08:35 319 --a------ C:\drmHeader.bin 2007-09-01 16:52 --------- d-------- C:\Documents and Settings\Boranta\Dane aplikacji\Real 2007-08-27 19:41 --------- d-------- C:\Program Files\AirStrike II 2007-08-24 16:12 --------- d-------- C:\Documents and Settings\Boranta\Dane aplikacji\RapidGet 2007-08-24 09:39 --------- d-------- C:\Program Files\SkanerOnline 2007-08-24 08:50 --------- d-------- C:\Program Files\EsetOnlineScanner 2007-08-23 19:39 --------- d-------- C:\Program Files\HDD Regenerator 2007-08-23 19:00 --------- d-------- C:\Program Files\K-Lite Codec Pack 2007-08-23 19:00 --------- d-------- C:\Documents and Settings\All Users\Dane aplikacji\Real 2007-08-23 18:50 --------- d-------- C:\Program Files\QuickTime Alternative 2007-08-23 18:50 --------- d-------- C:\Program Files\Media Player Classic 2007-08-23 18:50 --------- d-------- C:\Documents and Settings\Boranta\Dane aplikacji\Media Player Classic 2007-08-23 18:50 --------- d-------- C:\Documents and Settings\All Users\Dane aplikacji\Apple Computer 2007-08-23 18:45 --------- d-------- C:\Program Files\QT Lite 2007-08-21 02:26 81920 --a------ C:\WINDOWS\system32\dpl100.dll 2007-08-21 02:26 196608 --a------ C:\WINDOWS\system32\dtu100.dll 2007-08-20 08:47 --------- d-------- C:\Documents and Settings\Boranta\Dane aplikacji\TuneUp Software 2007-08-20 08:47 --------- d-------- C:\Documents and Settings\All Users\Dane aplikacji\TuneUp Software 2007-08-20 08:46 --------- d-------- C:\Program Files\Common Files\Wise Installation Wizard 2007-08-20 07:56 --------- d-------- C:\Program Files\Opera 2007-08-16 00:33 524288 --a------ C:\WINDOWS\system32\DivXsm.exe 2007-08-16 00:33 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll 2007-08-16 00:33 200704 --a------ C:\WINDOWS\system32\ssldivx.dll 2007-08-16 00:33 129784 --------- C:\WINDOWS\system32\pxafs.dll 2007-08-16 00:33 1044480 --a------ C:\WINDOWS\system32\libdivx.dll 2007-08-16 00:31 593920 --a------ C:\WINDOWS\system32\dpuGUI11.dll 2007-08-16 00:31 57344 --a------ C:\WINDOWS\system32\dpv11.dll 2007-08-16 00:31 53248 --a------ C:\WINDOWS\system32\dpuGUI10.dll 2007-08-16 00:31 344064 --a------ C:\WINDOWS\system32\dpus11.dll 2007-08-16 00:31 294912 --a------ C:\WINDOWS\system32\dpu11.dll 2007-08-16 00:31 294912 --a------ C:\WINDOWS\system32\dpu10.dll 2007-08-16 00:30 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll 2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\dllcache\cdm.dll 2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll 2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll 2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\dllcache\wuapi.dll 2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe 2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\dllcache\wuauclt.exe 2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll 2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll 2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\dllcache\wucltui.dll 2007-07-30 19:19 271224 --a------ C:\WINDOWS\system32\mucltui.dll 2007-07-30 19:19 207736 --a------ C:\WINDOWS\system32\muweb.dll 2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll 2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\dllcache\wuweb.dll 2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll 2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\dllcache\wuaueng.dll 2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll 2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\dllcache\wups.dll 2007-07-19 08:58 3583488 --a------ C:\WINDOWS\system32\dllcache\mshtml.dll 2007-07-13 01:32 765952 --a------ C:\WINDOWS\system32\dllcache\vgx.dll 2007-07-10 18:55 7680 --a------ C:\WINDOWS\system32\ff_vfw.dll 2007-07-04 14:53 233472 --a------ C:\WINDOWS\system32\OnlineScannerDLLA.dll 2007-07-04 14:53 221184 --a------ C:\WINDOWS\system32\OnlineScannerDLLW.dll 2007-07-04 14:28 225356 --a------ C:\WINDOWS\system32\lnod32apiW.dll 2007-07-04 14:28 196684 --a------ C:\WINDOWS\system32\lnod32apiA.dll 2007-05-31 14:19 10534 --a------ C:\Program Files\Common Files\acpiec.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “WinVNC”=“D:\mega\UltraVNC\winvnc.exe” [2004-06-20 21:45] “NvCplDaemon”=“C:\WINDOWS\system32\NvCpl.dll” [2006-04-03 23:25] “Bits peak locks body”=“C:\Documents and Settings\All Users\Dane aplikacji\Noun Love Bits Peak\Skip flaw.exe” [2007-10-03 08:13] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “Gadu-Gadu”=“C:\Program Files\Gadu-Gadu\gg.exe” [2007-07-09 09:39] “ctfmon.exe”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-04 14:00] “CLOCK CREATIVE”=“C:\DOCUME~1\Boranta\DANEAP~1\THUNKE~1\title ace.exe” [2007-10-01 07:12] C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\ Service Manager.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2005-05-03 22:07:32] C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\ Service Manager.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2005-05-03 22:07:32] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk] path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnk backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Synchronizer.lnk] path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Synchronizer.lnk backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr] ALCMTR.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] nwiz.exe /install [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Premium Clock] C:\DOCUME~1\Boranta\USTAWI~1\Temp\RarSFX1\Premium.exe /autorun [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL] RTHDCPL.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel] SkyTel.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe” R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe -k netsvcs R2 vnccom;vnccom;C:\WINDOWS\system32\Drivers\vnccom.SYS R2 XmlDataReplicator;XmlDataReplicator;“D:\mega\comm\XmlDataReplicator\XmlCommunicator.exe” R3 vncdrv;vncdrv;C:\WINDOWS\system32\DRIVERS\vncdrv.sys S3 usbscan;Sterownik skanera USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . Contents of the ‘Scheduled Tasks’ folder “2007-09-28 15:15:43 C:\WINDOWS\Tasks\1-Click Maintenance.job” - C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe “2007-10-02 17:45:00 C:\WINDOWS\Tasks\1-Klik Konserwacja.job” . ************************************************************************** catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-10-03 08:14:49 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-10-03 8:15:09 . — E O F —

oraz

Logfile of HijackThis v1.99.1 Scan saved at 08:24:08, on 2007-10-03 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16512) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe D:\mega\UltraVNC\winvnc.exe D:\mega\comm\XmlDataReplicator\XmlCommunicator.exe C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlagent.EXE C:\Program Files\Gadu-Gadu\gg.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\explorer.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Opera\Opera.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\WinRAR\WinRAR.exe C:\DOCUME~1\Boranta\USTAWI~1\Temp\Rar$EX00.234\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IE7Pro\IE7Pro.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O4 - HKLM…\Run: [WinVNC] “D:\mega\UltraVNC\winvnc.exe” -servicehelper O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM…\Run: [bits peak locks body] C:\Documents and Settings\All Users\Dane aplikacji\Noun Love Bits Peak\Skip flaw.exe O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray O4 - HKCU…\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU…\Run: [CLOCK CREATIVE] C:\DOCUME~1\Boranta\DANEAP~1\THUNKE~1\title ace.exe O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7Pro\IE7Pro.dll O9 - Extra ‘Tools’ menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7Pro\IE7Pro.dll O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O11 - Options group: [iNTERNATIONAL] International* O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/programs/ … canner.cab O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup … 0597651734 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s … wflash.cab O17 - HKLM\System\CCS\Services\Tcpip…{EBBB4A8F-89FA-4C1A-93E4-13617EA253C8}: NameServer = 194.204.159.1,194.204.152.34 O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: MSSQLSERVER - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe" -sMSSQLSERVER (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: SQLSERVERAGENT - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlagent.EXE" -i MSSQLSERVER (file missing) O23 - Service: VNC Server (winvnc) - Unknown owner - D:\mega\UltraVNC\winvnc.exe" -service (file missing) O23 - Service: XmlDataReplicator - Makolab - D:\mega\comm\XmlDataReplicator\XmlCommunicator.exe

co robić żeby sie pozbyc problemu?

jessica · 3 Październik 2007 16:22

No faktycznie - “NoLOP” nie popisał się tym razem!

Wklej do Notatnika :

File::

C:\Documents and Settings\All Users\Dane aplikacji\Noun Love Bits Peak\Skip flaw.exe

C:\Documents and Settings\Boranta\Dane aplikacji\thunk else\title ace.exe


Folder::

C:\Documents and Settings\All Users\Dane aplikacji\Noun Love Bits Peak

C:\Documents and Settings\Boranta\Dane aplikacji\thunk else

C:\Program Files\thunk else


Registry::

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Bits peak locks body"=-

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CLOCK CREATIVE"=-

>>Plik>>Zapisz jako… >>> CFScript (najwygodniej będzie, jeśli zapiszesz w takiej lokalizacji, by ikonka CFScript.txt znalazła się obok ikonki ComboFix.exe )

Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe (czyli ikonkę CFScript.txt na ikonkę ComboFix.exe )

– podobnie jak na tym obrazku –>

(jeśli pojawi się pytanie " 1 or 2" - to wpisz 1 i naciśnij ENTER)

Ma się rozpocząć usuwanie. (i powstanie log)

Po restarcie usuń ręcznie folder C: ** Qoobox**.

Daj ten log z ComboFixa.

jessi

jarba · 4 Październik 2007 05:38

Zrobiłem

Oto log po tej operacji :

ComboFix 07-10-03.7 - Boranta 2007-10-04 7:35:10.4 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.48.1045.18.609 [GMT 2:00] Running from: C:\Documents and Settings\Boranta\Pulpit\infekcja\ComboFix.exe . ((((((((((((((((((((((((( Files Created from 2007-09-04 to 2007-10-04 ))))))))))))))))))))))))))))))) . 2007-10-03 15:40 2007-10-03 08:09 212 --a------ C:\delete.bat 2007-10-01 07:36 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-09-25 15:14 2007-09-25 08:35 2007-09-21 11:50 120,056 --------- C:\WINDOWS\system32\pxcpyi64.exe 2007-09-21 11:50 118,520 --------- C:\WINDOWS\system32\pxinsi64.exe 2007-09-21 11:50 2007-09-17 20:23 823,296 --a------ C:\WINDOWS\system32\divx_xx0c.dll 2007-09-17 20:23 823,296 --a------ C:\WINDOWS\system32\divx_xx07.dll 2007-09-17 20:22 802,816 --a------ C:\WINDOWS\system32\divx_xx11.dll 2007-09-17 20:22 739,840 --a------ C:\WINDOWS\system32\DivX.dll 2007-09-12 01:14 156,992 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe 2007-09-11 08:19 2007-09-07 18:57 2007-09-07 18:41 80,896 --a------ C:\WINDOWS\system32\dllcache\charmap.exe 2007-09-07 18:41 80,896 --a------ C:\WINDOWS\system32\charmap.exe 2007-09-07 18:41 605,696 --a------ C:\WINDOWS\system32\getuname.dll 2007-09-07 18:41 605,696 --a------ C:\WINDOWS\system32\dllcache\getuname.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-10-03 11:24 --------- d-------- C:\Program Files\EsetOnlineScanner 2007-10-03 10:21 --------- d-------- C:\Program Files\HDD Regenerator 2007-10-03 09:44 --------- d-------- C:\Program Files\TuneUp Utilities 2007 2007-10-02 11:10 --------- d-------- C:\Documents and Settings\Boranta\Dane aplikacji\uTorrent 2007-10-01 16:45 --------- d-------- C:\Documents and Settings\Boranta\Dane aplikacji\OpenOffice.ux.pl2 2007-09-19 12:18 --------- d-------- C:\Program Files\KodyPocztowe 2007-09-17 07:39 --------- d-------- C:\Program Files\IE7Pro 2007-09-17 07:39 --------- d-------- C:\Documents and Settings\Boranta\Dane aplikacji\IE7pro 2007-09-04 08:35 319 --a------ C:\drmHeader.bin 2007-09-01 16:52 --------- d-------- C:\Documents and Settings\Boranta\Dane aplikacji\Real 2007-08-24 16:12 --------- d-------- C:\Documents and Settings\Boranta\Dane aplikacji\RapidGet 2007-08-24 09:39 --------- d-------- C:\Program Files\SkanerOnline 2007-08-23 19:00 --------- d-------- C:\Program Files\K-Lite Codec Pack 2007-08-23 19:00 --------- d-------- C:\Documents and Settings\All Users\Dane aplikacji\Real 2007-08-23 18:50 --------- d-------- C:\Program Files\QuickTime Alternative 2007-08-23 18:50 --------- d-------- C:\Program Files\Media Player Classic 2007-08-23 18:50 --------- d-------- C:\Documents and Settings\Boranta\Dane aplikacji\Media Player Classic 2007-08-23 18:50 --------- d-------- C:\Documents and Settings\All Users\Dane aplikacji\Apple Computer 2007-08-23 18:45 --------- d-------- C:\Program Files\QT Lite 2007-08-21 02:26 81920 --a------ C:\WINDOWS\system32\dpl100.dll 2007-08-21 02:26 196608 --a------ C:\WINDOWS\system32\dtu100.dll 2007-08-20 08:47 --------- d-------- C:\Documents and Settings\Boranta\Dane aplikacji\TuneUp Software 2007-08-20 08:47 --------- d-------- C:\Documents and Settings\All Users\Dane aplikacji\TuneUp Software 2007-08-20 08:46 --------- d-------- C:\Program Files\Common Files\Wise Installation Wizard 2007-08-20 07:56 --------- d-------- C:\Program Files\Opera 2007-08-16 00:33 524288 --a------ C:\WINDOWS\system32\DivXsm.exe 2007-08-16 00:33 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll 2007-08-16 00:33 200704 --a------ C:\WINDOWS\system32\ssldivx.dll 2007-08-16 00:33 129784 --------- C:\WINDOWS\system32\pxafs.dll 2007-08-16 00:33 1044480 --a------ C:\WINDOWS\system32\libdivx.dll 2007-08-16 00:31 593920 --a------ C:\WINDOWS\system32\dpuGUI11.dll 2007-08-16 00:31 57344 --a------ C:\WINDOWS\system32\dpv11.dll 2007-08-16 00:31 53248 --a------ C:\WINDOWS\system32\dpuGUI10.dll 2007-08-16 00:31 344064 --a------ C:\WINDOWS\system32\dpus11.dll 2007-08-16 00:31 294912 --a------ C:\WINDOWS\system32\dpu11.dll 2007-08-16 00:31 294912 --a------ C:\WINDOWS\system32\dpu10.dll 2007-08-16 00:30 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll 2007-08-08 16:30 19456 --a------ C:\WINDOWS\system32\OnlineScannerLang.dll 2007-08-02 18:11 253952 --a------ C:\WINDOWS\system32\OnlineScannerDLLA.dll 2007-08-02 18:11 241664 --a------ C:\WINDOWS\system32\OnlineScannerDLLW.dll 2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\dllcache\cdm.dll 2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll 2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll 2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\dllcache\wuapi.dll 2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe 2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\dllcache\wuauclt.exe 2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll 2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll 2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\dllcache\wucltui.dll 2007-07-30 19:19 271224 --a------ C:\WINDOWS\system32\mucltui.dll 2007-07-30 19:19 207736 --a------ C:\WINDOWS\system32\muweb.dll 2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll 2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\dllcache\wuweb.dll 2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll 2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\dllcache\wuaueng.dll 2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll 2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\dllcache\wups.dll 2007-07-27 15:49 225355 --a------ C:\WINDOWS\system32\lnod32apiW.dll 2007-07-27 15:49 196683 --a------ C:\WINDOWS\system32\lnod32apiA.dll 2007-07-19 08:58 3583488 --a------ C:\WINDOWS\system32\dllcache\mshtml.dll 2007-07-13 01:32 765952 --a------ C:\WINDOWS\system32\dllcache\vgx.dll 2007-07-10 18:55 7680 --a------ C:\WINDOWS\system32\ff_vfw.dll 2007-05-31 14:19 10534 --a------ C:\Program Files\Common Files\acpiec.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “WinVNC”=“D:\mega\UltraVNC\winvnc.exe” [2004-06-20 21:45] “NvCplDaemon”=“C:\WINDOWS\system32\NvCpl.dll” [2006-04-03 23:25] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “Gadu-Gadu”=“C:\Program Files\Gadu-Gadu\gg.exe” [2007-07-09 09:39] “ctfmon.exe”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-04 14:00] C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\ Service Manager.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2005-05-03 22:07:32] C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\ Service Manager.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2005-05-03 22:07:32] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk] path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnk backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Synchronizer.lnk] path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Synchronizer.lnk backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr] ALCMTR.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] nwiz.exe /install [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Premium Clock] C:\DOCUME~1\Boranta\USTAWI~1\Temp\RarSFX1\Premium.exe /autorun [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL] RTHDCPL.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel] SkyTel.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe” R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe -k netsvcs R2 vnccom;vnccom;C:\WINDOWS\system32\Drivers\vnccom.SYS R2 XmlDataReplicator;XmlDataReplicator;“D:\mega\comm\XmlDataReplicator\XmlCommunicator.exe” R3 vncdrv;vncdrv;C:\WINDOWS\system32\DRIVERS\vncdrv.sys S3 usbscan;Sterownik skanera USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . Contents of the ‘Scheduled Tasks’ folder “2007-09-28 15:15:43 C:\WINDOWS\Tasks\1-Click Maintenance.job” - C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe “2007-10-03 16:35:43 C:\WINDOWS\Tasks\1-Klik Konserwacja.job” . ************************************************************************** catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-10-04 07:36:11 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-10-04 7:36:34 . — E O F —

Czy teraz jest czysto?

jessica · 4 Październik 2007 05:51

Wg mnie jest czysto.

jessi

jarba · 4 Październik 2007 06:50

To wielkie dzięki za pomoc.

Niechciane reklamy faktycznie przestały już dokuczać.

Pozdrawiam