Problem z wyskakującym okienkiem prowadzacym do "webfetti"

kinq · 15 Wrzesień 2008 18:47

Problem polega na tym ze samoczynnie otwiera mi się IE prowadząca mnie na adres http://gallery.webfetti.com/webfetti/home.jhtml | http://www.freelotto.com/register.asp?s … filiateid=

Wklejam tu log z HijackThis

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 20:46:39, on 2008-09-15

Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18241)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Acer\Empowering Technology\ePerformance\MemCheck.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\Explorer.exe

C:\Program Files\Nokia\Nokia PC Suite 7\PcSync2.exe

C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe

C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe

C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe

C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\dllhost.exe

C:\Program Files\Gadu-Gadu\gg.exe

C:\Program Files\a-squared Free\a2free.exe

C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\a-squared Free\a2service.exe

C:\Program Files\Mozilla Thunderbird\thunderbird.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O4 - HKLM…\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe

O4 - HKLM…\Run: [boot] C:\Acer\Empowering Technology\ePower\Boot.exe

O4 - HKLM…\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM…\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM…\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe

O4 - HKLM…\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe

O4 - HKLM…\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray

O4 - HKCU…\Run: [ctfmon.exe] ctfmon.exe

O4 - HKCU…\Run: [skype] “C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized

O4 - HKCU…\Run: [Nokia.PCSync] “C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe” /NoDialog

O4 - HKCU…\Run: [PC Suite Tray] “C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe” -onlytray

O4 - Global Startup: Acer Empowering Technology.lnk = ?

O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows … 1401924187

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/s … wflash.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe

O23 - Service: Usługa bramy warstwy aplikacji (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

–

End of file - 7629 bytes

Leon1 · 15 Wrzesień 2008 18:55

Log czysty

Otwórz notatnik i wklej

zapisz jako plik.reg >> wszystkie pliki >> scal z rejestrem >> restart

powstanie plik o takiej ikonie

w który dwa razy klikniesz potwierdzisz chęć dodania do rejestru potem restart

kinq · 15 Wrzesień 2008 19:42

Przykro mi wpis do rejestru nie działa …

Leon1 · 15 Wrzesień 2008 19:48

co znaczy nie działa?

kinq · 15 Wrzesień 2008 20:58

Zgodnie z instrukcja postępowałem, dodałem do rejestru te wartosci lecz nie pomogło dalej pojawiają się te irytujące strony.

Te zmiany nie pomogły w moim przypadku.

Leon1 · 15 Wrzesień 2008 21:13

po dodaniu pliku zrobiłeś restart?

Sprawdź czy masz dodane te wpisy do rejestru

Start >> uruchom >> regedit >> rozwiń (+) klucz

i sprawdź w oknie po prawej stronie czy masz podane wartośći

to samo w kluczu

kinq · 15 Wrzesień 2008 21:53

Zgadza się wartosci podane pojawiły się w obydwu kluczach.

Leon1 · 15 Wrzesień 2008 21:57

Pobierz Combofix http://www.searchengines.pl/index.php?s … przeskanuj daj log

Podczas pobierania i skanu Combofixem proszę wyłączyć wszelkie zapory i antywirusy

kinq · 16 Wrzesień 2008 09:30

Log ze skanu Combifix`em

ComboFix 08-09-15.02 - User 2008-09-16 11:20:18.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1250.1.1045.18.579 [GMT 2:00]

Uruchomiony z: C:\Documents and Settings\User\Pulpit\ComboFix.exe

* Utworzono nowy punkt przywracania

UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA

.

((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Documents and Settings\All Users\Dane aplikacji\Microsoft\Network\Downloader\qmgr0.dat

C:\Documents and Settings\All Users\Dane aplikacji\Microsoft\Network\Downloader\qmgr1.dat

C:\Documents and Settings\User\Ustawienia lokalne\Temporary Internet Files\SuggestedSites.dat

C:\WINDOWS\system32\config\48785558.Evt

C:\WINDOWS\vmreg32.dll

C:\WINDOWS\system32\drivers\core.cache.dsk . . . . nie udało się usunąć

----- BITS: Możliwe zainfekowane strony -----

http://hqsextube08.com

.

((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Service_asc3550p

((((((((((((((((((((((((( Pliki utworzone od 2008-08-16 do 2008-09-16 )))))))))))))))))))))))))))))))

.

2008-09-16 11:23 . 2008-09-16 11:23

2008-09-16 11:22 . 2008-09-16 11:22 4,154 --a------ C:\WINDOWS\system32\PerfStringBackup.TMP

2008-09-15 20:50 . 2008-09-15 20:50 167,976 --------- C:\WINDOWS\system32\drivers\core.cache.dsk

2008-09-15 18:57 . 2008-09-15 18:57

2008-09-15 18:57 . 2008-09-15 19:01

2008-09-15 18:44 . 2008-09-15 20:18

2008-09-15 18:17 . 2008-09-15 18:17

2008-09-15 18:16 . 2008-04-13 22:15 26,112 --a------ C:\WINDOWS\system32\drivers\usbser.sys

2008-09-15 18:16 . 2008-09-15 18:16 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf

2008-09-15 18:16 . 2008-09-15 18:16 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf

2008-09-15 18:15 . 2008-09-15 18:15

2008-09-15 18:15 . 2008-09-15 18:17

2008-09-15 18:15 . 2008-09-15 18:16

2008-09-15 18:14 . 2008-09-15 18:14

2008-09-15 18:14 . 2008-09-15 18:15

2008-09-15 18:14 . 2008-05-07 07:39 1,419,232 --a------ C:\WINDOWS\system32\wdfcoinstaller01005.dll

2008-09-15 18:14 . 2008-05-07 07:38 659,968 --a------ C:\WINDOWS\system32\nmwcdcocls.dll

2008-09-15 18:14 . 2008-05-07 07:38 90,624 --a------ C:\WINDOWS\system32\nmwcdcls.dll

2008-09-15 18:14 . 2007-09-17 15:53 21,632 --a------ C:\WINDOWS\system32\drivers\pccsmcfd.sys

2008-09-15 18:14 . 2008-05-07 07:38 20,864 --a------ C:\WINDOWS\system32\drivers\ccdcmbo.sys

2008-09-15 18:14 . 2008-05-07 07:38 17,536 --a------ C:\WINDOWS\system32\drivers\ccdcmb.sys

2008-09-15 18:14 . 2008-05-07 07:38 8,064 --a------ C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys

2008-09-15 18:14 . 2008-06-06 09:24 8,064 --a------ C:\WINDOWS\system32\drivers\usbser_lowerflt.sys

2008-09-15 18:13 . 2008-09-15 18:13

2008-09-15 18:10 . 2008-09-15 18:11

2008-09-15 18:10 . 2008-08-08 07:04 545 --a------ C:\WINDOWS\UC.PIF

2008-09-15 18:10 . 2008-08-08 07:04 545 --a------ C:\WINDOWS\RAR.PIF

2008-09-15 18:10 . 2008-08-08 07:04 545 --a------ C:\WINDOWS\PKZIP.PIF

2008-09-15 18:10 . 2008-08-08 07:04 545 --a------ C:\WINDOWS\PKUNZIP.PIF

2008-09-15 18:10 . 2008-08-08 07:04 545 --a------ C:\WINDOWS\NOCLOSE.PIF

2008-09-15 18:10 . 2008-08-08 07:04 545 --a------ C:\WINDOWS\LHA.PIF

2008-09-15 18:10 . 2008-08-08 07:04 545 --a------ C:\WINDOWS\ARJ.PIF

2008-09-15 18:10 . 2008-09-15 18:45 492 --a------ C:\WINDOWS\wincmd.ini

2008-09-15 17:44 . 2008-09-15 17:44 0 --a------ C:\WINDOWS\ativpsrm.bin

2008-09-15 17:23 . 2008-09-15 17:23

2008-09-15 17:00 . 2008-09-15 17:00

2008-09-15 16:43 . 2008-09-15 17:00

2008-09-15 16:32 . 2008-07-31 21:05 593,920 --------- C:\WINDOWS\system32\ati2sgag.exe

2008-09-15 16:30 . 2008-09-15 16:30

2008-09-15 16:19 . 2008-09-16 11:00

2008-09-15 16:19 . 2008-09-15 16:19 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat

2008-09-15 16:17 . 2008-09-15 16:17

2008-09-15 16:17 . 2008-09-15 17:42

2008-09-15 16:17 . 2008-09-16 11:01

2008-09-15 16:14 . 2008-09-15 16:14

2008-09-15 16:13 . 2008-09-15 16:14

2008-09-15 15:31 . 2008-09-15 15:31

2008-09-15 15:23 . 2008-09-15 15:31

2008-09-15 12:59 . 2008-09-15 13:04

2008-09-15 12:46 . 2008-09-15 12:46

2008-09-15 12:44 . 2008-09-15 12:44

2008-09-15 12:39 . 2008-09-15 12:39

2008-09-15 12:33 . 2007-04-09 13:23 28,040 --a------ C:\WINDOWS\system32\mdimon.dll

2008-09-15 12:33 . 2008-09-15 12:33 421 --a------ C:\WINDOWS\ODBC.INI

2008-09-15 12:31 . 2008-09-15 12:31

2008-09-15 12:30 . 2008-09-15 12:31

2008-09-15 12:30 . 2008-09-15 12:30

2008-09-15 03:16 . 2008-09-15 03:16

2008-09-15 03:02 . 2008-09-15 03:02

2008-09-15 03:02 . 2003-03-18 22:20 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll

2008-09-15 02:55 . 2008-09-15 02:59

2008-09-15 02:48 . 2008-09-15 02:48

2008-09-15 02:41 . 2008-09-15 02:41

2008-09-15 02:41 . 2008-09-15 02:41 355,584 --a------ C:\WINDOWS\system32\TuneUpDefragService.exe

2008-09-15 02:41 . 2008-05-29 09:28 28,416 --a------ C:\WINDOWS\system32\uxtuneup.dll

2008-09-15 02:40 . 2008-09-15 02:41

2008-09-15 02:40 . 2008-09-15 18:57

2008-09-15 02:40 . 2008-09-15 02:40

2008-09-15 02:40 . 2008-09-15 02:40 85,888 --a------ C:\WINDOWS\system32\drivers\dmioo.sys

2008-09-15 02:37 . 2008-09-15 03:15

2008-09-15 02:37 . 2008-09-15 02:37 83 --a------ C:\WINDOWS\LManager.UNI

2008-09-15 02:36 . 2008-09-15 02:36

2008-09-15 02:36 . 2006-05-09 20:22 806,272 --a------ C:\WINDOWS\system32\drivers\BisonCam.sys

2008-09-15 02:36 . 2005-01-14 13:47 180,224 --a------ C:\WINDOWS\system\StillDrv.dll

2008-09-15 02:36 . 2006-03-30 00:05 90,112 --a------ C:\WINDOWS\system\BisonVfw.dll

2008-09-15 02:36 . 2006-03-02 14:41 77,942 --a------ C:\WINDOWS\system32\BisonRem.dll

2008-09-15 02:36 . 2003-09-22 13:49 15,190 --a------ C:\WINDOWS\M2000Twn.ini

2008-09-15 02:36 . 2003-09-22 14:36 13,448 --a------ C:\WINDOWS\M2000Twn.src

2008-09-15 02:36 . 2005-12-05 12:08 2,264 --a------ C:\WINDOWS\system\S20H0220.csr

2008-09-15 02:36 . 2005-12-05 12:08 2,264 --a------ C:\WINDOWS\system\S20F0220.csr

2008-09-14 21:42 . 2008-09-14 21:42

2008-09-14 21:41 . 2008-09-14 21:41

2008-09-14 21:40 . 2006-12-22 11:56 988,800 --a------ C:\WINDOWS\system32\drivers\HSF_DPV.sys

2008-09-14 21:40 . 2006-12-22 11:55 730,112 --a------ C:\WINDOWS\system32\drivers\HSF_CNXT.sys

2008-09-14 21:40 . 2006-12-22 11:56 209,664 --a------ C:\WINDOWS\system32\drivers\HSFHWAZL.sys

2008-09-14 21:40 . 2006-12-20 17:37 176,128 --a------ C:\WINDOWS\system32\UCI32M16.dll

2008-09-14 21:40 . 2006-12-22 15:04 144,201 --a------ C:\WINDOWS\system32\drivers\HSFProf.cty

2008-09-14 21:40 . 2006-06-19 14:26 94,208 --a------ C:\WINDOWS\system32\mdmxsdk.dll

2008-09-14 21:40 . 2006-06-19 14:26 12,672 --a------ C:\WINDOWS\system32\drivers\mdmxsdk.sys

2008-09-14 21:39 . 2008-09-14 21:39

2008-09-14 21:39 . 2006-03-03 12:52 192,672 --a------ C:\WINDOWS\system32\drivers\SynTP.sys

2008-09-14 21:39 . 2006-03-03 12:55 114,688 --a------ C:\WINDOWS\system32\SynCtrl.dll

2008-09-14 21:39 . 2006-03-03 12:55 94,298 --a------ C:\WINDOWS\system32\SynTPAPI.dll

2008-09-14 21:39 . 2006-03-03 12:55 82,013 --a------ C:\WINDOWS\system32\SynCOM.dll

2008-09-14 21:39 . 2006-03-03 13:10 81,920 --a------ C:\WINDOWS\system32\SynTPCo2.dll

2008-09-14 21:39 . 2006-03-03 13:08 69,722 --a------ C:\WINDOWS\system32\SynTPFcs.dll

2008-09-14 21:36 . 2008-09-14 21:36

2008-09-14 21:36 . 2004-02-13 13:49 356,352 --a------ C:\WINDOWS\EMCRI.dll

2008-09-14 21:36 . 2006-05-25 10:19 74,752 --a------ C:\WINDOWS\system32\drivers\ESM7SK.sys

2008-09-14 21:36 . 2006-05-25 10:19 61,056 --a------ C:\WINDOWS\system32\drivers\EMS7SK.sys

2008-09-14 21:36 . 2006-05-25 10:19 40,064 --a------ C:\WINDOWS\system32\drivers\ESD7SK.sys

2008-09-14 21:35 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll

2008-09-14 21:13 . 2008-09-14 21:13

2008-09-14 21:13 . 2008-08-06 15:27 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll

2008-09-14 21:13 . 2008-08-06 15:29 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll

2008-09-14 20:50 . 2008-09-14 20:50 4,100 --a------ C:\WINDOWS\system32\hdvirffo.dll

2008-09-14 20:49 . 2008-09-14 20:48 724,992 --a------ C:\WINDOWS\iun6002.exe

2008-09-14 20:48 . 2008-06-14 19:36 273,024 --------- C:\WINDOWS\system32\drivers\bthport.sys

2008-09-14 20:48 . 2008-06-14 19:36 273,024 --------- C:\WINDOWS\system32\dllcache\bthport.sys

2008-09-14 20:47 . 2008-08-22 03:07 755,200 --a------ C:\WINDOWS\system32\dllcache\VGX.dll

2008-09-14 20:47 . 2008-09-14 20:56 309 --a------ C:\WINDOWS\CoDUO.INI

.

(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-09-15 21:50 --------- d-----w C:\Program Files\Mozilla Thunderbird

2008-09-15 16:14 --------- d-----w C:\Program Files\DIFX

2008-09-15 15:23 --------- d–h--w C:\Program Files\InstallShield Installation Information

2008-09-14 14:13 315,392 ----a-w C:\WINDOWS\HideWin.exe

2008-09-14 13:53 --------- d-----w C:\Program Files\Common Files\InstallShield

2008-09-14 13:50 --------- d-----w C:\Program Files\Common Files\ATI Technologies

2008-09-14 13:46 --------- d-----w C:\Program Files\ATI Technologies

2008-09-14 13:39 --------- d-----w C:\Program Files\Atheros

2008-09-14 13:33 --------- d-----w C:\Program Files\Usługi online

2008-09-14 13:31 --------- d-----w C:\Program Files\Windows Media Connect 2

2008-08-01 06:38 3,266,560 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys

2008-08-01 03:39 53,248 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll

2008-06-27 03:36 1,424,896 ----a-w C:\WINDOWS\explorer.exe

.

------- Sigcheck -------

2007-07-10 19:06 642560 ce594e18fe0d0af804f1f3694921ce62 C:\WINDOWS\system32\user32.dll

2008-06-16 03:28 549888 335813eacd16e84f3047a3326f6e5473 C:\WINDOWS\system32\winlogon.exe

2008-07-07 23:43 2074240 0dbf1939df18ac8f8c1e4bd63d7d4b0f C:\WINDOWS\system32\ntkrnlpa.exe

2008-07-06 23:44 2197376 37d5daaeda594b9bee00c82f185cc549 C:\WINDOWS\system32\ntoskrnl.exe

2008-06-27 05:36 1424896 4ec7ed41d95d18b3cd1a2bd9dfefb591 C:\WINDOWS\explorer.exe

2001-02-20 13:09 8192 d36a33c21eeed5a6c1daecb7c80a1909 C:\WINDOWS\system32\CTFMON.EXE

.

((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“Gadu-Gadu”=“C:\Program Files\Gadu-Gadu\gg.exe” [2008-01-30 2131392]

“Skype”=“C:\Program Files\Skype\Phone\Skype.exe” [2008-08-12 21741864]

“ctfmon.exe”=“ctfmon.exe” [2001-02-20 C:\WINDOWS\system32\CTFMON.EXE]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“ePower_DMC”=“C:\Acer\Empowering Technology\ePower\ePower_DMC.exe” [2006-05-30 421888]

“Boot”=“C:\Acer\Empowering Technology\ePower\Boot.exe” [2006-03-15 579584]

“SynTPEnh”=“C:\Program Files\Synaptics\SynTP\SynTPEnh.exe” [2006-03-03 761946]

“LManager”=“C:\PROGRA~1\LAUNCH~1\LManager.exe” [2006-06-23 602112]

“Acer ePresentation HPD”=“C:\Acer\Empowering Technology\ePresentation\ePresentation.exe” [2006-03-31 204800]

[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

“nltide_3”=“advpack.dll” [2008-08-22 C:\WINDOWS\system32\advpack.dll]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\

Acer Empowering Technology.lnk - C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe [2008-09-14 45056]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

“DisableStatusMessages”= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

“NoDesktopCleanupWizard”= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

“NoSMHelp”= 1 (0x1)

“NoSMMyPictures”= 1 (0x1)

“NoSMConfigurePrograms”= 1 (0x1)

“NoResolveTrack”= 1 (0x1)

“NoResolveSearch”= 1 (0x1)

[HKEY_USERS.default\software\microsoft\windows\currentversion\policies\explorer]

“NoSMHelp”= 1 (0x1)

“NoSMMyPictures”= 1 (0x1)

“NoSMConfigurePrograms”= 1 (0x1)

“NoResolveTrack”= 1 (0x1)

“NoResolveSearch”= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]

–a------ 2008-01-11 19:54 623992 C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]

–a------ 2008-05-07 15:39 16862208 C:\WINDOWS\RTHDCPL.exe

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

“%windir%\Network Diagnostic\xpnetdiag.exe”=

“%windir%\system32\sessmgr.exe”=

“C:\Program Files\Gadu-Gadu\gg.exe”=

“D:\Gry\cod\CoDUOMP.exe”=

“C:\Documents and Settings\User\Pulpit\Quake III Arena\quake3.exe”=

“D:\eMule0.47c\eMule0.47c\emule.exe”=

“C:\Program Files\uTorrent\uTorrent.exe”=

“C:\Program Files\Skype\Phone\Skype.exe”=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]

R1 dmioo;dmioo;C:\WINDOWS\system32\drivers\dmioo.sys [2008-09-15 85888]

R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]

R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2008-06-16 14336]

S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-09-15 355584]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

UxTuneUp

*Newly Created Service* - HELPSVC

.

Zawartość folderu ‘Zaplanowane zadania’

.

- - - USUNIĘTO PUSTE WPISY - - - -

MSConfigStartUp-Run - C:\Documents and Settings\User\Dane aplikacji\Adobe\Manager.exe

.

------- Skan uzupełniający -------

.

FireFox -: Profile - C:\Documents and Settings\User\Dane aplikacji\Mozilla\Firefox\Profiles\n972u4xc.default\

FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.pl/

FF -: plugin - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\browser\nppdf32.dll

FF -: plugin - C:\Program Files\Adobe\Acrobat 9.0\Acrobat\browser\nppdf32.dll

FF -: plugin - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-09-16 11:24:20

Windows 5.1.2600 Dodatek Service Pack 3 NTFS

skanowanie ukrytych procesów …

skanowanie ukrytych wpisów autostartu …

skanowanie ukrytych plików …

skanowanie pomyślnie ukończone

ukryte pliki: 0

**************************************************************************

.

------------------------ Pozostałe uruchomione procesy ------------------------

.

C:\WINDOWS\system32\ati2evxx.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\Acer\Empowering Technology\ePerformance\MemCheck.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\Program Files\Skype\Plugin Manager\skypePM.exe

C:\WINDOWS\system32\wbem\unsecapp.exe

C:\WINDOWS\system32\verclsid.exe

.

**************************************************************************

.

Czas ukończenia: 2008-09-16 11:28:04 - komputer został uruchomiony ponownie

ComboFix-quarantined-files.txt 2008-09-16 09:27:58

Przed: 8,800,464,896 bajt˘w wolnych

Po: 8,775,409,664 bajt˘w wolnych

275 — E O F — 2008-09-15 01:22:07

Leon1 · 16 Wrzesień 2008 14:07

Otwórz notatnik i wklej

zapisz jako CFScript.txt (zapisz by ikonka CFScript.txt była obok ikonki ComboFix.exe) >> Przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe

http://img.wklej.org/images/88953CFScri … iemoes.gif

Powinno rozpocząć się usuwanie

Potem log z usuwania Combofix

kinq · 16 Wrzesień 2008 17:31

ComboFix 08-09-15.02 - User 2008-09-16 19:21:14.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1250.1.1045.18.574 [GMT 2:00]

Uruchomiony z: C:\Documents and Settings\User\Pulpit\ComboFix.exe

Command switches used :: C:\Documents and Settings\User\Pulpit\CFScript.txt

* Utworzono nowy punkt przywracania

UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA

.

((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Documents and Settings\User\Ustawienia lokalne\Temporary Internet Files\SuggestedSites.dat

C:\WINDOWS\system32\drivers\core.cache.dsk

C:\WINDOWS\system32\drivers\dmioo.sys

.

((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_DMIOO

-------\Service_dmioo