Reklamy CiD

ewa25 · 10 Październik 2007 15:23

Witam

Od pewnego czasu ciągle wyskakują mi reklamy CiD i inne.

Prosze o sprawdzenie logów.

Logfile of HijackThis v1.99.1 Scan saved at 17:11:31, on 2007-10-10 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\alg.exe C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Spyware Doctor\sdhelp.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\ctfmon.exe C:\Program Files\Eraser\Eraser.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\neostrada tp\neostradatp.exe C:\Program Files\neostrada tp\ComComp.exe C:\PROGRA~1\NEOSTR~1\Toaster.exe C:\PROGRA~1\NEOSTR~1\Inactivity.exe C:\PROGRA~1\NEOSTR~1\PollingModule.exe C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE C:\Program Files\neostrada tp\Watch.exe C:\hijack\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM…\Run: [part chin math idol] C:\Documents and Settings\All Users\Dane aplikacji\That size part chin\Media Beep.exe O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU…\Run: [Load exit] C:\DOCUME~1\ewcia\DANEAP~1\HOLDCA~1\ooze tick.exe O4 - HKCU…\Run: [Eraser] C:\Program Files\Eraser\Eraser.exe -hide O17 - HKLM\System\CCS\Services\Tcpip…{932B1124-E1CB-4CED-9069-2D7D0BFA5858}: NameServer = 194.204.159.1 217.98.63.164 O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe O23 - Service: France Telecom Routing Table Service (FTRTSVC) - Unknown owner - C:\WINDOWS\System32\FTRTSVC.exe (file missing) O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - Unknown owner - C:\WINDOWS\System32\nvsvc32.exe (file missing) O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe oraz

ComboFix 07-10-09.3 - ewcia 2007-10-10 17:00:52.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.0.1250.1.1045.18.120 [GMT 2:00] Running from: C:\Documents and Settings\ewcia\Pulpit\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((( Files Created from 2007-09-10 to 2007-10-10 ))))))))))))))))))))))))))))))) . 2007-10-10 17:00 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-10-08 08:19 2007-10-04 11:20 2007-10-04 11:20 2007-10-04 10:28 2007-10-03 11:29 2007-09-30 19:55 2007-09-20 13:22 2007-09-20 13:19 2007-09-20 13:19 2007-09-20 12:38 2007-09-20 11:53 2007-09-20 11:53 2007-09-20 09:10 65,856 --a------ C:\WINDOWS\system32\drivers\snapman.sys 2007-09-20 09:10 37,888 --a------ C:\WINDOWS\system32\setupnt.dll 2007-09-15 23:26 2007-09-15 23:25 2007-09-15 20:18 2007-09-14 11:04 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-10-10 14:09 --------- d-----w C:\Program Files\NAPI-PROJEKT 2007-10-10 14:08 --------- d-----w C:\Program Files\neostrada tp 2007-10-10 14:03 --------- d-----w C:\Documents and Settings\ewcia\Dane aplikacji\uTorrent 2007-10-10 13:08 --------- d-----w C:\Program Files\Spyware Doctor 2007-10-08 07:50 --------- d-----w C:\Documents and Settings\ewcia\Dane aplikacji\LimeWire 2007-10-08 06:20 --------- d-----w C:\Documents and Settings\ewcia\Dane aplikacji\HOLD CAST PILE 2007-10-08 06:20 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\cashtrustmorempeg 2007-09-30 17:55 --------- d–h--w C:\Program Files\InstallShield Installation Information 2007-09-30 17:54 --------- d-----w C:\Program Files\Common Files\InstallShield 2007-09-15 18:34 --------- d-----w C:\Program Files\Odkurzacz 2007-09-14 09:02 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\ace road mail third 2007-09-06 12:05 --------- d-----w C:\Program Files\EuroPlus+ Angielski z Cambridge 2007-09-06 10:15 --------- d-----w C:\Program Files\Sony Ericsson 2007-09-05 16:35 --------- d-----w C:\Program Files\Common Files\YDP 2007-09-02 11:04 --------- d-----w C:\Program Files\Common Files\Teleca Shared 2007-09-02 11:04 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Teleca 2007-09-02 11:04 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Sony Ericsson 2007-09-02 11:00 89,872 ----a-w C:\WINDOWS\system32\drivers\k750mdm.sys 2007-09-02 11:00 81,728 ----a-w C:\WINDOWS\system32\drivers\k750mgmt.sys 2007-09-02 11:00 79,488 ----a-w C:\WINDOWS\system32\drivers\k750obex.sys 2007-09-02 11:00 6,576 ----a-w C:\WINDOWS\system32\drivers\k750mdfl.sys 2007-09-02 11:00 6,144 ----a-w C:\WINDOWS\system32\drivers\k750cmnt.sys 2007-09-02 11:00 6,144 ----a-w C:\WINDOWS\system32\drivers\k750cm.sys 2007-09-02 11:00 55,216 ----a-w C:\WINDOWS\system32\drivers\k750bus.sys 2007-09-02 11:00 5,744 ----a-w C:\WINDOWS\system32\drivers\k750whnt.sys 2007-09-02 11:00 5,744 ----a-w C:\WINDOWS\system32\drivers\k750wh.sys 2007-08-24 18:44 --------- d-----w C:\Program Files\Sony Setup 2007-08-21 13:09 --------- d-----w C:\Program Files\Acala 3GP Movies Free 2007-08-21 12:36 --------- d-----w C:\Program Files\QuickTime 2007-08-20 19:28 --------- d-----w C:\Program Files\AviSynth 2.5 2007-08-19 08:34 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\nurb wipe rdr ace 2007-08-11 09:14 --------- d-----w C:\Documents and Settings\ewcia\Dane aplikacji\Teleca 2007-08-11 09:13 --------- d-----w C:\Documents and Settings\ewcia\Dane aplikacji\Sony Ericsson 2004-10-01 14:00 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “@”="" [] “part chin math idol”=“C:\Documents and Settings\All Users\Dane aplikacji\That size part chin\Media Beep.exe” [2007-10-10 17:04] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “@”="" [] “CTFMON.EXE”=“C:\WINDOWS\System32\ctfmon.exe” [2001-10-26 19:29] “Load exit”=“C:\DOCUME~1\ewcia\DANEAP~1\HOLDCA~1\ooze tick.exe” [2007-10-08 08:19] “Eraser”=“C:\Program Files\Eraser\Eraser.exe” [2007-07-28 23:05] [HKEY_USERS.default\software\microsoft\windows\currentversion\runonce] “^SetupICWDesktop”= [HKEY_USERS.default\software\microsoft\windows\currentversion\run] “Spyware Doctor”= [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] “NoResolveSearch”=1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk] path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnk backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^WinZip Quick Pick.lnk] path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\WinZip Quick Pick.lnk backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD] C:\Program Files\Ahead\InCD\InCD.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LGODDFU] “C:\Program Files\lg_fwupdate\fwupdate.exe” blrun [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe] c:\PROGRA~1\mcafee.com\agent\McAgent.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\McUpdate.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerBar] “C:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe” /AtBootTime [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] “C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VSOCheckTask] “C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe” /checktask [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] C:\Program Files\Winamp\winampa.exe R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);C:\WINDOWS\System32\drivers\sfsync03.sys S3 w200bus;Sony Ericsson W200 driver (WDM);C:\WINDOWS\System32\DRIVERS\w200bus.sys S3 w200mdfl;Sony Ericsson W200 USB WMC Modem Filter;C:\WINDOWS\System32\DRIVERS\w200mdfl.sys S3 w200mdm;Sony Ericsson W200 USB WMC Modem Driver;C:\WINDOWS\System32\DRIVERS\w200mdm.sys S3 w200mgmt;Sony Ericsson W200 USB WMC Device Management Drivers (WDM);C:\WINDOWS\System32\DRIVERS\w200mgmt.sys S3 w200obex;Sony Ericsson W200 USB WMC OBEX Interface;C:\WINDOWS\System32\DRIVERS\w200obex.sys . Contents of the ‘Scheduled Tasks’ folder “2007-10-10 15:00:00 C:\WINDOWS\Tasks\AABD8687918A3B1F.job” . ************************************************************************** catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-10-10 17:04:29 Windows 5.1.2600 NTFS scanning hidden processes … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-10-10 17:05:13 - machine was rebooted C:\ComboFix-quarantined-files.txt … 2007-10-10 17:04 . — E O F —

i

Prosze o pomoc. Z góry dziękuję

Gutek · 10 Październik 2007 22:50

usuń foldery

Po tym nowy log z Combo

ewa25 · 11 Październik 2007 08:18

Zrobiłam jak napisałeś.

Wklejam log:

ComboFix 07-10-09.3 - ewcia 2007-10-11 10:07:34.3 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.0.1250.1.1045.18.164 [GMT 2:00] Running from: C:\Documents and Settings\ewcia\Pulpit\ComboFix.exe . ((((((((((((((((((((((((( Files Created from 2007-09-11 to 2007-10-11 ))))))))))))))))))))))))))))))) . 2007-10-10 20:17 106 --a------ C:\delete.bat 2007-10-10 17:32 549,720 --a------ C:\WINDOWS\system32\wuapi.dll 2007-10-10 17:32 325,976 --a------ C:\WINDOWS\system32\wucltui.dll 2007-10-10 17:32 203,096 --a------ C:\WINDOWS\system32\wuweb.dll 2007-10-10 17:32 187,160 --a------ C:\WINDOWS\system32\wuaueng1.dll 2007-10-10 17:32 170,264 --a------ C:\WINDOWS\system32\wuauclt1.exe 2007-10-10 17:32 33,624 --a------ C:\WINDOWS\system32\wups.dll 2007-10-10 17:25 310,272 --a------ C:\WINDOWS\system32\winhttp.dll 2007-10-10 17:08 2007-10-10 17:00 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-10-04 11:20 2007-10-04 11:20 2007-10-04 10:28 2007-10-03 11:29 2007-09-30 19:55 2007-09-20 13:22 2007-09-20 13:19 2007-09-20 13:19 2007-09-20 12:38 2007-09-20 11:53 2007-09-20 11:53 2007-09-20 09:10 65,856 --a------ C:\WINDOWS\system32\drivers\snapman.sys 2007-09-20 09:10 37,888 --a------ C:\WINDOWS\system32\setupnt.dll 2007-09-15 23:26 2007-09-15 23:25 2007-09-15 20:18 2007-09-14 11:04 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-10-11 08:07 --------- d-----w C:\Program Files\neostrada tp 2007-10-11 08:01 --------- d-----w C:\Documents and Settings\ewcia\Dane aplikacji\HOLD CAST PILE 2007-10-10 14:09 --------- d-----w C:\Program Files\NAPI-PROJEKT 2007-10-10 14:03 --------- d-----w C:\Documents and Settings\ewcia\Dane aplikacji\uTorrent 2007-10-10 13:08 --------- d-----w C:\Program Files\Spyware Doctor 2007-10-08 07:50 --------- d-----w C:\Documents and Settings\ewcia\Dane aplikacji\LimeWire 2007-10-08 06:20 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\cashtrustmorempeg 2007-09-30 17:55 --------- d–h--w C:\Program Files\InstallShield Installation Information 2007-09-30 17:54 --------- d-----w C:\Program Files\Common Files\InstallShield 2007-09-15 18:34 --------- d-----w C:\Program Files\Odkurzacz 2007-09-14 09:02 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\ace road mail third 2007-09-06 12:05 --------- d-----w C:\Program Files\EuroPlus+ Angielski z Cambridge 2007-09-06 10:15 --------- d-----w C:\Program Files\Sony Ericsson 2007-09-05 16:35 --------- d-----w C:\Program Files\Common Files\YDP 2007-09-02 11:04 --------- d-----w C:\Program Files\Common Files\Teleca Shared 2007-09-02 11:04 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Teleca 2007-09-02 11:04 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Sony Ericsson 2007-09-02 11:00 89,872 ----a-w C:\WINDOWS\system32\drivers\k750mdm.sys 2007-09-02 11:00 81,728 ----a-w C:\WINDOWS\system32\drivers\k750mgmt.sys 2007-09-02 11:00 79,488 ----a-w C:\WINDOWS\system32\drivers\k750obex.sys 2007-09-02 11:00 6,576 ----a-w C:\WINDOWS\system32\drivers\k750mdfl.sys 2007-09-02 11:00 6,144 ----a-w C:\WINDOWS\system32\drivers\k750cmnt.sys 2007-09-02 11:00 6,144 ----a-w C:\WINDOWS\system32\drivers\k750cm.sys 2007-09-02 11:00 55,216 ----a-w C:\WINDOWS\system32\drivers\k750bus.sys 2007-09-02 11:00 5,744 ----a-w C:\WINDOWS\system32\drivers\k750whnt.sys 2007-09-02 11:00 5,744 ----a-w C:\WINDOWS\system32\drivers\k750wh.sys 2007-08-24 18:44 --------- d-----w C:\Program Files\Sony Setup 2007-08-21 13:09 --------- d-----w C:\Program Files\Acala 3GP Movies Free 2007-08-21 12:36 --------- d-----w C:\Program Files\QuickTime 2007-08-20 19:28 --------- d-----w C:\Program Files\AviSynth 2.5 2007-08-19 08:34 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\nurb wipe rdr ace 2007-08-11 09:14 --------- d-----w C:\Documents and Settings\ewcia\Dane aplikacji\Teleca 2007-08-11 09:13 --------- d-----w C:\Documents and Settings\ewcia\Dane aplikacji\Sony Ericsson 2007-07-30 17:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll 2007-07-30 17:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe 2007-07-30 17:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll 2007-07-30 17:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll 2007-07-28 21:05 640,336 ----a-w C:\WINDOWS\system32\Eraser.dll 2007-07-28 21:05 292,176 ----a-w C:\WINDOWS\system32\Erasext.dll 2007-07-28 21:05 112,976 ----a-w C:\WINDOWS\system32\Eraserl.exe 2007-07-12 11:16 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll 2004-10-01 14:00 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“C:\WINDOWS\System32\ctfmon.exe” [2001-10-26 19:29] [HKEY_USERS.default\software\microsoft\windows\currentversion\runonce] “^SetupICWDesktop”= [HKEY_USERS.default\software\microsoft\windows\currentversion\run] “Spyware Doctor”= [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] “NoResolveSearch”=1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk] path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnk backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^WinZip Quick Pick.lnk] path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\WinZip Quick Pick.lnk backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD] C:\Program Files\Ahead\InCD\InCD.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LGODDFU] “C:\Program Files\lg_fwupdate\fwupdate.exe” blrun [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe] c:\PROGRA~1\mcafee.com\agent\McAgent.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\McUpdate.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerBar] “C:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe” /AtBootTime [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] “C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VSOCheckTask] “C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe” /checktask [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] C:\Program Files\Winamp\winampa.exe R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);C:\WINDOWS\System32\drivers\sfsync03.sys S3 w200bus;Sony Ericsson W200 driver (WDM);C:\WINDOWS\System32\DRIVERS\w200bus.sys S3 w200mdfl;Sony Ericsson W200 USB WMC Modem Filter;C:\WINDOWS\System32\DRIVERS\w200mdfl.sys S3 w200mdm;Sony Ericsson W200 USB WMC Modem Driver;C:\WINDOWS\System32\DRIVERS\w200mdm.sys S3 w200mgmt;Sony Ericsson W200 USB WMC Device Management Drivers (WDM);C:\WINDOWS\System32\DRIVERS\w200mgmt.sys S3 w200obex;Sony Ericsson W200 USB WMC OBEX Interface;C:\WINDOWS\System32\DRIVERS\w200obex.sys . ************************************************************************** catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-10-11 10:08:43 Windows 5.1.2600 NTFS scanning hidden processes … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-10-11 10:09:30 C:\ComboFix-quarantined-files.txt … 2007-10-10 17:04 C:\ComboFix2.txt … 2007-10-10 17:05 . — E O F —

jessica · 11 Październik 2007 10:08

Czy znasz to zaznaczone na czerwono?

Ja dołączyłam to do usuwania, ale jeśli to znasz, to pomiń przy usuwaniu.

Wklej do Notatnika :

Folder::

C:\Documents and Settings\All Users\Dane aplikacji\That size part chin

C:\Documents and Settings\ewcia\Dane aplikacji\HOLD CAST PILE

C:\Documents and Settings\All Users\Dane aplikacji\cashtrustmorempeg

C:\Documents and Settings\All Users\Dane aplikacji\ace road mail third

C:\Documents and Settings\All Users\Dane aplikacji\nurb wipe rdr ace

>>Plik>>Zapisz jako… >>> CFScript (najwygodniej będzie, jeśli zapiszesz w takiej lokalizacji, by ikonka CFScript.txt znalazła się obok ikonki ComboFix.exe )

Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe (czyli ikonkę CFScript.txt na ikonkę ComboFix.exe )

– podobnie jak na tym obrazku –>

(jeśli pojawi się pytanie " 1 or 2" - to wpisz 1 i naciśnij ENTER) Ma się rozpocząć usuwanie. (i powstanie log)

Po restarcie usuń ręcznie folder C: ** Qoobox**.

Daj ten log z ComboFixa.

jessi

ewa25 · 11 Październik 2007 10:40

Jessica zrobiłam tak jak napisałaś.

Wklejam log:

ComboFix 07-10-09.3 - ewcia 2007-10-11 12:35:05.5 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.0.1250.1.1045.18.164 [GMT 2:00] Running from: C:\Documents and Settings\ewcia\Pulpit\ComboFix.exe . ((((((((((((((((((((((((( Files Created from 2007-09-11 to 2007-10-11 ))))))))))))))))))))))))))))))) . 2007-10-10 20:17 106 --a------ C:\delete.bat 2007-10-10 17:32 549,720 --a------ C:\WINDOWS\system32\wuapi.dll 2007-10-10 17:32 325,976 --a------ C:\WINDOWS\system32\wucltui.dll 2007-10-10 17:32 203,096 --a------ C:\WINDOWS\system32\wuweb.dll 2007-10-10 17:32 187,160 --a------ C:\WINDOWS\system32\wuaueng1.dll 2007-10-10 17:32 170,264 --a------ C:\WINDOWS\system32\wuauclt1.exe 2007-10-10 17:32 33,624 --a------ C:\WINDOWS\system32\wups.dll 2007-10-10 17:25 310,272 --a------ C:\WINDOWS\system32\winhttp.dll 2007-10-10 17:08 2007-10-10 17:00 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-10-04 11:20 2007-10-04 11:20 2007-10-04 10:28 2007-10-03 11:29 2007-09-30 19:55 2007-09-20 13:22 2007-09-20 13:19 2007-09-20 13:19 2007-09-20 12:38 2007-09-20 11:53 2007-09-20 11:53 2007-09-20 09:10 65,856 --a------ C:\WINDOWS\system32\drivers\snapman.sys 2007-09-20 09:10 37,888 --a------ C:\WINDOWS\system32\setupnt.dll 2007-09-15 23:26 2007-09-15 23:25 2007-09-15 20:18 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-10-11 10:31 --------- d-----w C:\Program Files\neostrada tp 2007-10-10 14:09 --------- d-----w C:\Program Files\NAPI-PROJEKT 2007-10-10 14:03 --------- d-----w C:\Documents and Settings\ewcia\Dane aplikacji\uTorrent 2007-10-10 13:08 --------- d-----w C:\Program Files\Spyware Doctor 2007-10-08 07:50 --------- d-----w C:\Documents and Settings\ewcia\Dane aplikacji\LimeWire 2007-09-30 17:55 --------- d–h--w C:\Program Files\InstallShield Installation Information 2007-09-30 17:54 --------- d-----w C:\Program Files\Common Files\InstallShield 2007-09-15 18:34 --------- d-----w C:\Program Files\Odkurzacz 2007-09-06 12:05 --------- d-----w C:\Program Files\EuroPlus+ Angielski z Cambridge 2007-09-06 10:15 --------- d-----w C:\Program Files\Sony Ericsson 2007-09-05 16:35 --------- d-----w C:\Program Files\Common Files\YDP 2007-09-02 11:04 --------- d-----w C:\Program Files\Common Files\Teleca Shared 2007-09-02 11:04 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Teleca 2007-09-02 11:04 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Sony Ericsson 2007-09-02 11:00 89,872 ----a-w C:\WINDOWS\system32\drivers\k750mdm.sys 2007-09-02 11:00 81,728 ----a-w C:\WINDOWS\system32\drivers\k750mgmt.sys 2007-09-02 11:00 79,488 ----a-w C:\WINDOWS\system32\drivers\k750obex.sys 2007-09-02 11:00 6,576 ----a-w C:\WINDOWS\system32\drivers\k750mdfl.sys 2007-09-02 11:00 6,144 ----a-w C:\WINDOWS\system32\drivers\k750cmnt.sys 2007-09-02 11:00 6,144 ----a-w C:\WINDOWS\system32\drivers\k750cm.sys 2007-09-02 11:00 55,216 ----a-w C:\WINDOWS\system32\drivers\k750bus.sys 2007-09-02 11:00 5,744 ----a-w C:\WINDOWS\system32\drivers\k750whnt.sys 2007-09-02 11:00 5,744 ----a-w C:\WINDOWS\system32\drivers\k750wh.sys 2007-08-24 18:44 --------- d-----w C:\Program Files\Sony Setup 2007-08-21 13:09 --------- d-----w C:\Program Files\Acala 3GP Movies Free 2007-08-21 12:36 --------- d-----w C:\Program Files\QuickTime 2007-08-20 19:28 --------- d-----w C:\Program Files\AviSynth 2.5 2007-08-11 09:14 --------- d-----w C:\Documents and Settings\ewcia\Dane aplikacji\Teleca 2007-08-11 09:13 --------- d-----w C:\Documents and Settings\ewcia\Dane aplikacji\Sony Ericsson 2007-07-30 17:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll 2007-07-30 17:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe 2007-07-30 17:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll 2007-07-30 17:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll 2007-07-28 21:05 640,336 ----a-w C:\WINDOWS\system32\Eraser.dll 2007-07-28 21:05 292,176 ----a-w C:\WINDOWS\system32\Erasext.dll 2007-07-28 21:05 112,976 ----a-w C:\WINDOWS\system32\Eraserl.exe 2007-07-12 11:16 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll 2004-10-01 14:00 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“C:\WINDOWS\System32\ctfmon.exe” [2001-10-26 19:29] [HKEY_USERS.default\software\microsoft\windows\currentversion\runonce] “^SetupICWDesktop”= [HKEY_USERS.default\software\microsoft\windows\currentversion\run] “Spyware Doctor”= [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] “NoResolveSearch”=1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk] path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnk backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^WinZip Quick Pick.lnk] path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\WinZip Quick Pick.lnk backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD] C:\Program Files\Ahead\InCD\InCD.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LGODDFU] “C:\Program Files\lg_fwupdate\fwupdate.exe” blrun [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe] c:\PROGRA~1\mcafee.com\agent\McAgent.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\McUpdate.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerBar] “C:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe” /AtBootTime [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] “C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VSOCheckTask] “C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe” /checktask [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] C:\Program Files\Winamp\winampa.exe R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);C:\WINDOWS\System32\drivers\sfsync03.sys S3 w200bus;Sony Ericsson W200 driver (WDM);C:\WINDOWS\System32\DRIVERS\w200bus.sys S3 w200mdfl;Sony Ericsson W200 USB WMC Modem Filter;C:\WINDOWS\System32\DRIVERS\w200mdfl.sys S3 w200mdm;Sony Ericsson W200 USB WMC Modem Driver;C:\WINDOWS\System32\DRIVERS\w200mdm.sys S3 w200mgmt;Sony Ericsson W200 USB WMC Device Management Drivers (WDM);C:\WINDOWS\System32\DRIVERS\w200mgmt.sys S3 w200obex;Sony Ericsson W200 USB WMC OBEX Interface;C:\WINDOWS\System32\DRIVERS\w200obex.sys . ************************************************************************** catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-10-11 12:36:09 Windows 5.1.2600 NTFS scanning hidden processes … scanning hidden autostart entries … scanning hidden files … ************************************************************************** . Completion time: 2007-10-11 12:36:57 C:\ComboFix-quarantined-files.txt … 2007-10-11 12:27 C:\ComboFix2.txt … 2007-10-11 12:27 C:\ComboFix3.txt … 2007-10-11 10:09 . — E O F —

jessica · 11 Październik 2007 10:48

Wg mnie- jest OK.

Nie napisałaś, czy te “CiD” przestały się pojawiać?

jessi

ewa25 · 11 Październik 2007 11:07

Jessica dziekuję za pomoc.

Jak narazie sie nie pojawiają. Jeżeli znowu bedą wyskakiwac dam znać.