Wyskakujące reklamy CID-prośba o pomoc

dar_czar · 26 Czerwiec 2009 17:45

Witam!

Od pewnego czasu wyskakuja mi okienka z reklamami CID.Nie wiem jak się pozbyć tego problemu,proszę o pomoc w rozwiązaniu tego problemu.

Logi z ComboFix:

ComboFix 09-06-25.07 - x 2009-06-26 18:10.1 - NTFSx86

Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1250.48.1045.18.2038.1228 [GMT 2:00]

Uruchomiony z: c:\users\x\Desktop\ComboFix.exe

Użyto następujących komend :: c:\users\x\Desktop\CFScript.txt

AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}

FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

SP: Kaspersky Internet Security *disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}

SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

.

((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\program files\akl

c:\program files\akl\akl.dll

c:\program files\akl\akl.exe

c:\program files\akl\uninstall.exe

c:\program files\akl\unsetup.exe

c:\program files\Helper

c:\program files\Inet Delivery

c:\program files\Inet Delivery\inetdl.exe

c:\program files\Inet Delivery\intdel.exe

c:\program files\Sotfone

c:\windows\a.bat

c:\windows\bdn.com

c:\windows\FVProtect.exe

c:\windows\iTunesMusic.exe

c:\windows\mslagent

c:\windows\mslagent\2_mslagent.dll

c:\windows\mslagent\mslagent.exe

c:\windows\mslagent\uninstall.exe

c:\windows\mssecu.exe

c:\windows\system32akttzn.exe

c:\windows\system32anticipator.dll

c:\windows\system32awtoolb.dll

c:\windows\system32bdn.com

c:\windows\system32bsva-egihsg52.exe

c:\windows\system32dpcproxy.exe

c:\windows\system32emesx.dll

c:\windows\system32h@tkeysh@@k.dll

c:\windows\system32hoproxy.dll

c:\windows\system32hxiwlgpm.dat

c:\windows\system32hxiwlgpm.exe

c:\windows\system32medup012.dll

c:\windows\system32medup020.dll

c:\windows\system32msgp.exe

c:\windows\system32msnbho.dll

c:\windows\system32mssecu.exe

c:\windows\system32msvchost.exe

c:\windows\system32mtr2.exe

c:\windows\system32mwin32.exe

c:\windows\system32netode.exe

c:\windows\system32newsd32.exe

c:\windows\system32ps1.exe

c:\windows\system32psof1.exe

c:\windows\system32psoft1.exe

c:\windows\system32regc64.dll

c:\windows\system32regm64.dll

c:\windows\system32Rundl1.exe

c:\windows\system32smp

c:\windows\system32smp\msrc.exe

c:\windows\system32sncntr.exe

c:\windows\system32ssurf022.dll

c:\windows\system32ssvchost.com

c:\windows\system32ssvchost.exe

c:\windows\system32sysreq.exe

c:\windows\system32taack.dat

c:\windows\system32taack.exe

c:\windows\system32temp#01.exe

c:\windows\system32thun.dll

c:\windows\system32thun32.dll

c:\windows\system32VBIEWER.OCX

c:\windows\system32vbsys2.dll

c:\windows\system32vcatchpi.dll

c:\windows\system32winlogonpc.exe

c:\windows\system32winsystem.exe

c:\windows\system32WINWGPX.EXE

c:\windows\userconfig9x.dll

c:\windows\winsystem.exe

.

((((((((((((((((((((((((( Pliki utworzone od 2009-05-26 do 2009-06-26 )))))))))))))))))))))))))))))))

.

2009-06-26 16:17 . 2009-06-26 16:18 -------- d-----w- c:\users\x\AppData\Local\temp

2009-06-26 14:57 . 2009-06-26 15:36 831488 ----a-w- c:\programdata\hide cool shim link\Okay Dog.exe

2009-06-26 14:57 . 2009-06-26 14:57 -------- d-----w- c:\programdata\hide cool shim link

2009-06-26 14:57 . 2009-06-26 14:57 831488 ----a-w- c:\programdata\Blahlocksuser\wmbrjhdu.exe

2009-06-26 14:57 . 2009-06-26 14:57 -------- d-----w- c:\programdata\Blahlocksuser

2009-06-26 14:57 . 2009-06-26 14:57 724992 ----a-w- c:\programdata\Blahlocksuser\beepspam.exe

2009-06-26 14:26 . 2009-06-26 14:26 -------- d-----w- c:\programdata\Babylon

2009-06-26 14:26 . 2009-06-26 14:26 -------- d-----w- c:\users\x\AppData\Roaming\Babylon

2009-06-15 13:44 . 2009-02-11 15:11 329752 ----a-w- c:\windows\system32\drivers\iaStor.sys

2009-06-15 13:31 . 2009-06-15 13:32 -------- d-----w- c:\users\x\AppData\Local\eSupport.com

2009-06-15 13:31 . 2009-06-15 13:31 23600 ----a-w- c:\windows\system32\drivers\TVICHW32.SYS

2009-06-15 12:52 . 2009-06-15 12:55 -------- d–h--w- c:\windows\msdownld.tmp

2009-06-13 16:04 . 2009-06-13 16:04 -------- d-----w- c:\programdata\Trymedia

2009-06-12 07:38 . 2009-06-12 07:38 456304 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtb5CF2.tmp.exe

2009-05-31 09:34 . 2009-05-31 09:34 -------- d-----w- c:\users\x\AppData\Local\ACDSee

2009-05-31 09:34 . 2009-05-31 09:34 -------- d-----w- c:\users\x\AppData\Roaming\ACD Systems

2009-05-31 09:33 . 2009-05-31 09:33 -------- d-----w- c:\users\x\AppData\Local\ACDPhotoEditor

2009-05-31 09:30 . 2009-05-31 09:30 -------- d-----w- c:\programdata\ACD Systems

2009-05-31 09:30 . 2009-05-31 09:30 -------- d-----w- c:\program files\ACD Systems

2009-05-31 09:10 . 2009-05-31 09:30 -------- d-----w- c:\program files\Common Files\ACD Systems

2009-05-29 13:34 . 2009-05-29 13:34 25104 ----a-w- c:\programdata\Kaspersky Lab\AVP7\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav6\7.0.1.321\ushata.dll

2009-05-29 13:34 . 2009-05-29 13:34 112144 ----a-w- c:\programdata\Kaspersky Lab\AVP7\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav6\7.0.1.321\X86\kl1.sys

2009-05-29 13:34 . 2009-05-29 13:34 772624 ----a-w- c:\programdata\Kaspersky Lab\AVP7\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav6\7.0.1.321\updater.dll

2009-05-29 13:34 . 2009-05-29 13:34 150032 ----a-w- c:\programdata\Kaspersky Lab\AVP7\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav6\7.0.1.321\diffs.dll

2009-05-29 13:34 . 2009-05-29 13:34 354832 ----a-w- c:\programdata\Kaspersky Lab\AVP7\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav6\7.0.1.321\ckahum.dll

2009-05-29 13:29 . 2008-02-07 15:10 -------- d–h--w- C:\ckis

2009-05-29 13:29 . 2009-05-29 13:29 -------- d-----w- c:\program files\Kaspersky Lab

2009-05-29 13:15 . 2009-05-29 13:34 105395 ----a-w- c:\windows\system32\drivers\klin.dat

2009-05-29 13:15 . 2009-05-29 13:34 94643 ----a-w- c:\windows\system32\drivers\klick.dat

2009-05-29 13:14 . 2009-06-26 16:18 374114080 --sha-w- c:\windows\system32\drivers\fidbox.dat

2009-05-29 13:14 . 2009-06-26 15:40 -------- d-----w- c:\programdata\Kaspersky Lab

2009-05-28 09:34 . 2009-05-28 09:34 -------- d-----w- c:\programdata\WindowsSearch

.

(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-06-26 15:42 . 2007-07-16 18:20 712112 ----a-w- c:\windows\system32\perfh015.dat

2009-06-26 15:42 . 2007-07-16 18:20 145686 ----a-w- c:\windows\system32\perfc015.dat

2009-06-26 15:35 . 2009-05-29 13:14 4998344 --sha-w- c:\windows\system32\drivers\fidbox.idx

2009-06-26 15:34 . 2009-05-04 09:47 12 ----a-w- c:\windows\bthservsdp.dat

2009-06-25 10:31 . 2008-06-01 09:49 -------- d-----w- c:\users\x\AppData\Roaming\OpenOffice.org2

2009-06-25 10:07 . 2008-06-01 09:50 1 ----a-w- c:\users\x\AppData\Roaming\OpenOffice.org2\user\uno_packages\cache\stamp.sys

2009-06-15 13:44 . 2007-07-16 08:47 -------- d–h--w- c:\program files\InstallShield Installation Information

2009-06-04 08:09 . 2007-11-30 17:03 -------- d-----w- c:\program files\Toolbar

2009-05-29 13:34 . 2007-10-31 11:41 112144 ----a-w- c:\windows\system32\drivers\kl1.sys

2009-05-29 13:02 . 2007-07-16 08:58 -------- d-----w- c:\program files\NewTech Infosystems

2009-05-29 13:02 . 2007-07-16 08:58 -------- d-----w- c:\program files\Common Files\NewTech Infosystems

2009-05-29 12:53 . 2007-07-16 09:00 -------- d-----w- c:\program files\Common Files\Symantec Shared

2009-05-29 12:53 . 2007-07-16 09:01 -------- d-----w- c:\programdata\Symantec

2009-05-23 10:50 . 2009-05-23 10:49 -------- d-----w- c:\program files\Common Files\Nero

2009-05-23 10:49 . 2008-01-25 15:43 -------- d-----w- c:\programdata\Nero

2009-05-21 06:26 . 2008-01-13 17:10 -------- d-----w- c:\program files\Google

2009-05-13 14:19 . 2007-04-20 10:45 -------- d-----w- c:\program files\Intel

2009-05-13 09:47 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail

2009-05-11 12:02 . 2009-05-11 12:02 -------- d-----w- c:\program files\SystemRequirementsLab

2009-05-11 11:56 . 2009-05-11 11:56 -------- d-----w- c:\users\x\AppData\Roaming\PeerNetworking

2009-05-11 10:42 . 2009-05-11 10:42 -------- d-----w- c:\program files\SDC udvikling

2009-05-09 09:13 . 2009-05-09 09:13 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files

2009-05-09 05:50 . 2009-06-10 06:41 915456 ----a-w- c:\windows\system32\wininet.dll

2009-05-09 05:34 . 2009-06-10 06:41 71680 ----a-w- c:\windows\system32\iesetup.dll

2009-05-05 13:41 . 2008-01-29 15:03 -------- d-----w- c:\users\x\AppData\Roaming\GanymedeNet

2009-05-04 09:49 . 2009-05-04 09:49 0 —ha-w- c:\windows\system32\drivers\Msft_User_WpdRapi2_01_00_00.Wdf

2009-04-23 12:43 . 2009-06-10 06:41 784896 ----a-w- c:\windows\system32\rpcrt4.dll

2009-04-23 12:42 . 2009-06-10 06:41 636928 ----a-w- c:\windows\system32\localspl.dll

2009-04-21 11:55 . 2009-06-10 06:41 2033152 ----a-w- c:\windows\system32\win32k.sys

2009-04-16 12:23 . 2009-04-16 12:23 0 —ha-w- c:\windows\msds.dat

2007-11-29 05:57 . 2007-11-29 05:57 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT

.

((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“Delete Owns”=“c:\programdata\fast close close.qw111u” [X]

“SHIM LINK FREE BALL”=“c:\programdata\boob frag inter.mgndsd” [X]

“swg”=“c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe” [2009-02-20 39408]

“WMPNSCFG”=“c:\program files\Windows Media Player\WMPNSCFG.exe” [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“SynTPEnh”=“c:\program files\Synaptics\SynTP\SynTPEnh.exe” [2006-10-23 815104]

“IAAnotif”=“c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe” [2009-02-11 186904]

“Windows Mobile Device Center”=“c:\windows\WindowsMobile\wmdc.exe” [2007-05-31 648072]

“IgfxTray”=“c:\windows\system32\igfxtray.exe” [2009-02-26 141848]

“HotKeysCmds”=“c:\windows\system32\hkcmd.exe” [2009-02-26 173592]

“Persistence”=“c:\windows\system32\igfxpers.exe” [2009-02-26 150552]

“RtHDVCpl”=“RtHDVCpl.exe” - c:\windows\RtHDVCpl.exe [2007-05-29 4472832]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

“EnableUIADesktopToggle”= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

“AppInit_DLLs”=d:\uytkow~1\KASPER~1\r3hook.dll d:\uytkow~1\KASPER~1\adialhk.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@=“Service”

[HKLM~\startupfolder\C:^Users^x^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 2.4.lnk]

path=c:\users\x\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 2.4.lnk

backup=c:\windows\pss\OpenOffice.org 2.4.lnk.Startup

backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]

“Adobe Reader Speed Launcher”=“c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe”

“TomTomHOME.exe”=d:\użytkowe\tom\TomTomHOME.exe -s

“Media Codec Update Service”=d:\essentials codec pack\codeki\update.exe -silent

“LManager”=c:\progra~1\LAUNCH~1\LManager.exe

“eDataSecurity Loader”=c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe

“LanguageShortcut”=“c:\program files\CyberLink\PowerDVD\Language\Language.exe”

“NeroFilterCheck”=c:\program files\Common Files\Nero\Lib\NeroCheck.exe

“Symantec PIF AlertEng”=“c:\program files\Common Files\Symantec Shared\PIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe” /a /m “c:\program files\Common Files\Symantec Shared\PIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll”

“NBKeyScan”=“d:\użytkowe\Nero 8\Nero BackItUp\NBKeyScan.exe”

“IS CfgWiz”=“c:\program files\Common Files\Symantec Shared\OPC{31011D49-D90C-4da0-878B-78D28AD507AF}\cltUIStb.exe” /MODULE CfgWiz /GUID {BC8D3EAF-F864-4d4b-AB4D-B3D0C32E2840} /MODE CfgWiz /CMDLINE “REBOOT”

“osCheck”=“c:\program files\Norton Internet Security\osCheck.exe”

“ccApp”=c:\program files\Common Files\Symantec Shared\ccApp.exe

“Skytel”=Skytel.exe

“iPlusManager”=d:\użytkowe\iPlus\iPlusChecker.exe

“SunJavaUpdateSched”=“c:\program files\Java\jre6\bin\jusched.exe”

“WarReg_PopUp”=c:\acer\WR_PopUp\WarReg_PopUp.exe

“AVP”=“d:\użytkowe\kasperski\avp.exe”

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

“UacDisableNotify”=dword:00000001

“InternetSettingsDisableNotify”=dword:00000001

“AutoUpdateDisableNotify”=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]

“DisableMonitoring”=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

“DisableMonitoring”=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

“DisableMonitoring”=dword:00000001

[HKLM~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]

“EnableFirewall”= 0 (0x0)

[HKLM~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

“{765444AE-B123-41B3-AAFE-4CEB4571EA66}”= c:\program files\CyberLink\PowerDVD\PowerDVD.EXE:CyberLink PowerDVD

“TCP Query User{E2AFFF1D-862E-4BBB-BF3D-7F095B0D094F}d:\użytkowe\gadu-gadu\gg.exe”= UDP:d:\użytkowe\gadu-gadu\gg.exe:Gadu-Gadu - program główny

“UDP Query User{DABD4839-CE91-48FD-B8D8-14B8B85416E9}d:\użytkowe\gadu-gadu\gg.exe”= TCP:d:\użytkowe\gadu-gadu\gg.exe:Gadu-Gadu - program główny

“{8C10F982-FD63-4F4A-BD36-1E47737573CE}”= UDP:d:\gry\empire\EE3.exe:Empire Earth III

“{FCD40638-AE71-4575-A99B-16CC96B1558D}”= TCP:d:\gry\empire\EE3.exe:Empire Earth III

“TCP Query User{F4538E23-0070-430C-94F1-F8735B1DDFA4}d:\użytkowe\gadu-gadu\gg.exe”= UDP:d:\użytkowe\gadu-gadu\gg.exe:Gadu-Gadu - program główny

“UDP Query User{C3201E07-46DA-4DFD-A9F7-00EDE45C7533}d:\użytkowe\gadu-gadu\gg.exe”= TCP:d:\użytkowe\gadu-gadu\gg.exe:Gadu-Gadu - program główny

“TCP Query User{A1A6A963-12EC-4C4D-894C-D7802690FBF6}d:\użytkowe\emule\emule.exe”= UDP:d:\użytkowe\emule\emule.exe:eMule

“UDP Query User{94298666-76A4-45BE-8A24-23ADD8073006}d:\użytkowe\emule\emule.exe”= TCP:d:\użytkowe\emule\emule.exe:eMule

“{63553B7A-B07D-4EF9-8EC9-55E2970D9654}”= UDP:d:\stronghold2\Stronghold2.exe:Stronghold 2

“{9B590612-A22B-4C34-BDDB-426102CBDF3D}”= TCP:d:\stronghold2\Stronghold2.exe:Stronghold 2

“{C49B12AE-28EE-41BC-838A-EDA01954E34E}”= UDP:d:\gry\tw2\Stronghold2.exe:Stronghold 2

“{AB2BCFD6-19FA-4244-9DB1-957892454E2B}”= TCP:d:\gry\tw2\Stronghold2.exe:Stronghold 2

[HKLM~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]

“EnableFirewall”= 0 (0x0)

“DisabledInterfaces”= {A1B577B6-A2A5-48BF-A46A-4ADC436E2B20}

[HKLM~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]

“EnableFirewall”= 0 (0x0)

R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\System32\drivers\klim6.sys [2007-10-16 20496]

R2 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2006-04-14 28933976]

R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [2007-02-09 179712]

S2 gupdate1c9ca2b97cc05e1;Usługa Google Update (gupdate1c9ca2b97cc05e1);c:\program files\Google\Update\GoogleUpdate.exe [2009-05-01 133104]

S3 WSVD;WSVD;c:\windows\System32\drivers\WSVD.sys [2007-12-01 80744]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

WindowsMobile REG_MULTI_SZ wcescomm rapimgr

LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

bthsvcs REG_MULTI_SZ BthServ

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]

“c:\windows\System32\rundll32.exe” “c:\windows\System32\iedkcs32.dll”,BrandIEActiveSetup SIGNUP

.

Zawartość folderu ‘Zaplanowane zadania’

2009-06-26 c:\windows\Tasks\GoogleUpdateTaskMachine.job

c:\program files\Google\Update\GoogleUpdate.exe [2009-05-01 07:08]

2009-06-26 c:\windows\Tasks\User_Feed_Synchronization-{55BC0DCB-800B-4D81-8DAE-B36E44523D15}.job

c:\windows\system32\msfeedssync.exe [2009-05-09 11:31]

.

------- Skan uzupełniający -------

.

uStart Page = hxxp://www.wp.pl/

uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7

mStart Page = hxxp://pl.intl.acer.yahoo.com

uSearchURL,(Default) = hxxp://uk.rd.yahoo.com/customize/ycomp/ … .yahoo.com

IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

Trusted Zone: tdc.dk\udstedelse.certifikat

DPF: {4539348E-01D7-11D5-9A39-0080C8D85044} - hxxp://download.gamedesire.com/g_bin/pl … 0_0_35.cab

DPF: {A6212120-01D4-11D5-9A39-0080C8D85044} - hxxp://download.gamedesire.com/g_bin/pl … 0_0_35.cab

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-06-26 18:18

Windows 6.0.6001 Service Pack 1 NTFS

skanowanie ukrytych procesów …

skanowanie ukrytych wpisów autostartu …

skanowanie ukrytych plików …

skanowanie pomyślnie ukończone

ukryte pliki: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services{95808DC4-FA4A-4c74-92FE-5B863F82066B}]

“ImagePath”="??\c:\program files\CyberLink\PowerDVD\000.fcl"

.

--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

“BlindDial”=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

“BlindDial”=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

“BlindDial”=dword:00000000

.

--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------

- - - - > ‘winlogon.exe’(704)

d:\uytkow~1\KASPER~1\r3hook.dll

d:\uytkow~1\KASPER~1\adialhk.dll

- - - - > ‘lsass.exe’(768)

d:\uytkow~1\KASPER~1\r3hook.dll

d:\uytkow~1\KASPER~1\adialhk.dll

d:\użytkowe\kasperski\dnsq.dll

.

Czas ukończenia: 2009-06-26 18:21

ComboFix-quarantined-files.txt 2009-06-26 16:21

Przed: 26 832 781 312 bajtów wolnych

Po: 26 855 571 456 bajtów wolnych

Current=1 Default=1 Failed=0 LastKnownGood=6 Sets=1,2,3,4,5,6

299 — E O F — 2009-06-15 14:41

– Dodane 27.06.2009 (So) 11:52 –

Nikt nie może mi pomóc?

– Dodane 27.06.2009 (So) 12:14 –

Wrzucam jeszcze log z HijackThis:

ogfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:11:43, on 2009-06-27

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\RtHDVCpl.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Windows\WindowsMobile\wmdc.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Users\x\AppData\Local\Temp\RtkBtMnt.exe

D:\użytkowe\Gadu-Gadu\gg.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wp.pl/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://pl.intl.acer.yahoo.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://2uid.info

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/ycomp/ … .yahoo.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

R3 - URLSearchHook: (no name) - {8A4E1972-8F42-4B50-AA71-29DCA9F336BC} - (no file)

O1 - Hosts: ::1 localhost

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll

O3 - Toolbar: Procesor Driver - {25F97EB4-1C02-45BA-BA0C-E67AACE64D4A} - C:\Program Files\Toolbar\like_googlenew1.1a.dll (file missing)

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O4 - HKLM…\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM…\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM…\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe

O4 - HKLM…\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe

O4 - HKLM…\Run: [igfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM…\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM…\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM…\Run: [AVP] “D:\użytkowe\kasperski\avp.exe”

O4 - HKCU…\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU…\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU…\Run: [Delete Owns] “C:\ProgramData\fast close close.qw111u”

O4 - HKCU…\Run: [sHIM LINK FREE BALL] “C:\ProgramData\boob frag inter.mgndsd”

O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Statystyki dla ochrony WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - D:\użytkowe\kasperski\SCIEPlgn.dll

O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

O9 - Extra ‘Tools’ menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

O13 - Gopher Prefix:

O16 - DPF: {1A781DED-C22D-4153-3213-A3211E29DF13} (GameDesire Card Games) - http://download.gamedesire.com/g_bin/pl … 0_0_77.cab

O16 - DPF: {4539348E-01D7-11D5-9A39-0080C8D85044} (GameDesire Slots 90th) - http://download.gamedesire.com/g_bin/pl … 0_0_35.cab

O16 - DPF: {5727FF4C-EF4E-4d96-A96C-03AD91910448} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab_ind.cab

O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab

O16 - DPF: {A6212120-01D4-11D5-9A39-0080C8D85044} (GameDesire Slots 70th) - http://download.gamedesire.com/g_bin/pl … 0_0_35.cab

O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll

O20 - AppInit_DLLs: D:\UYTKOW~1\KASPER~1\r3hook.dll D:\UYTKOW~1\KASPER~1\adialhk.dll

O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - D:\użytkowe\kasperski\avp.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)

O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe

O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe

O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe

O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe

O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe

O23 - Service: Usługa Google Update (gupdate1c9ca2b97cc05e1) (gupdate1c9ca2b97cc05e1) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)

O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - D:\użytkowe\Nero 8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

–

End of file - 8112 bytes

jasio96 · 27 Czerwiec 2009 12:08

Sfiksuj w HijackThis

Pobierasz ComboFix , ale nie uruchamiasz go . Tworzysz dokument tekstowy o nazwie CFScript. Zapisujesz w nim

.

Zapisujesz go obok ComboFix’a . Przeciągasz CFScript na ikonke ComboFix i upuszczasz . Ma się rozpocząć usuwanie . (Tak jak na rysunku)

Daj log z usuwania