Witam!
Od pewnego czasu wyskakuja mi okienka z reklamami CID.Nie wiem jak się pozbyć tego problemu,proszę o pomoc w rozwiązaniu tego problemu.
Logi z ComboFix:
ComboFix 09-06-25.07 - x 2009-06-26 18:10.1 - NTFSx86
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1250.48.1045.18.2038.1228 [GMT 2:00]
Uruchomiony z: c:\users\x\Desktop\ComboFix.exe
Użyto następujących komend :: c:\users\x\Desktop\CFScript.txt
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
SP: Kaspersky Internet Security *disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\akl
c:\program files\akl\akl.dll
c:\program files\akl\akl.exe
c:\program files\akl\uninstall.exe
c:\program files\akl\unsetup.exe
c:\program files\Helper
c:\program files\Inet Delivery
c:\program files\Inet Delivery\inetdl.exe
c:\program files\Inet Delivery\intdel.exe
c:\program files\Sotfone
c:\windows\a.bat
c:\windows\bdn.com
c:\windows\FVProtect.exe
c:\windows\iTunesMusic.exe
c:\windows\mslagent
c:\windows\mslagent\2_mslagent.dll
c:\windows\mslagent\mslagent.exe
c:\windows\mslagent\uninstall.exe
c:\windows\mssecu.exe
c:\windows\system32akttzn.exe
c:\windows\system32anticipator.dll
c:\windows\system32awtoolb.dll
c:\windows\system32bdn.com
c:\windows\system32bsva-egihsg52.exe
c:\windows\system32dpcproxy.exe
c:\windows\system32emesx.dll
c:\windows\system32h@tkeysh@@k.dll
c:\windows\system32hoproxy.dll
c:\windows\system32hxiwlgpm.dat
c:\windows\system32hxiwlgpm.exe
c:\windows\system32medup012.dll
c:\windows\system32medup020.dll
c:\windows\system32msgp.exe
c:\windows\system32msnbho.dll
c:\windows\system32mssecu.exe
c:\windows\system32msvchost.exe
c:\windows\system32mtr2.exe
c:\windows\system32mwin32.exe
c:\windows\system32netode.exe
c:\windows\system32newsd32.exe
c:\windows\system32ps1.exe
c:\windows\system32psof1.exe
c:\windows\system32psoft1.exe
c:\windows\system32regc64.dll
c:\windows\system32regm64.dll
c:\windows\system32Rundl1.exe
c:\windows\system32smp
c:\windows\system32smp\msrc.exe
c:\windows\system32sncntr.exe
c:\windows\system32ssurf022.dll
c:\windows\system32ssvchost.com
c:\windows\system32ssvchost.exe
c:\windows\system32sysreq.exe
c:\windows\system32taack.dat
c:\windows\system32taack.exe
c:\windows\system32temp#01.exe
c:\windows\system32thun.dll
c:\windows\system32thun32.dll
c:\windows\system32VBIEWER.OCX
c:\windows\system32vbsys2.dll
c:\windows\system32vcatchpi.dll
c:\windows\system32winlogonpc.exe
c:\windows\system32winsystem.exe
c:\windows\system32WINWGPX.EXE
c:\windows\userconfig9x.dll
c:\windows\winsystem.exe
.
((((((((((((((((((((((((( Pliki utworzone od 2009-05-26 do 2009-06-26 )))))))))))))))))))))))))))))))
.
2009-06-26 16:17 . 2009-06-26 16:18 -------- d-----w- c:\users\x\AppData\Local\temp
2009-06-26 14:57 . 2009-06-26 15:36 831488 ----a-w- c:\programdata\hide cool shim link\Okay Dog.exe
2009-06-26 14:57 . 2009-06-26 14:57 -------- d-----w- c:\programdata\hide cool shim link
2009-06-26 14:57 . 2009-06-26 14:57 831488 ----a-w- c:\programdata\Blahlocksuser\wmbrjhdu.exe
2009-06-26 14:57 . 2009-06-26 14:57 -------- d-----w- c:\programdata\Blahlocksuser
2009-06-26 14:57 . 2009-06-26 14:57 724992 ----a-w- c:\programdata\Blahlocksuser\beepspam.exe
2009-06-26 14:26 . 2009-06-26 14:26 -------- d-----w- c:\programdata\Babylon
2009-06-26 14:26 . 2009-06-26 14:26 -------- d-----w- c:\users\x\AppData\Roaming\Babylon
2009-06-15 13:44 . 2009-02-11 15:11 329752 ----a-w- c:\windows\system32\drivers\iaStor.sys
2009-06-15 13:31 . 2009-06-15 13:32 -------- d-----w- c:\users\x\AppData\Local\eSupport.com
2009-06-15 13:31 . 2009-06-15 13:31 23600 ----a-w- c:\windows\system32\drivers\TVICHW32.SYS
2009-06-15 12:52 . 2009-06-15 12:55 -------- d–h--w- c:\windows\msdownld.tmp
2009-06-13 16:04 . 2009-06-13 16:04 -------- d-----w- c:\programdata\Trymedia
2009-06-12 07:38 . 2009-06-12 07:38 456304 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtb5CF2.tmp.exe
2009-05-31 09:34 . 2009-05-31 09:34 -------- d-----w- c:\users\x\AppData\Local\ACDSee
2009-05-31 09:34 . 2009-05-31 09:34 -------- d-----w- c:\users\x\AppData\Roaming\ACD Systems
2009-05-31 09:33 . 2009-05-31 09:33 -------- d-----w- c:\users\x\AppData\Local\ACDPhotoEditor
2009-05-31 09:30 . 2009-05-31 09:30 -------- d-----w- c:\programdata\ACD Systems
2009-05-31 09:30 . 2009-05-31 09:30 -------- d-----w- c:\program files\ACD Systems
2009-05-31 09:10 . 2009-05-31 09:30 -------- d-----w- c:\program files\Common Files\ACD Systems
2009-05-29 13:34 . 2009-05-29 13:34 25104 ----a-w- c:\programdata\Kaspersky Lab\AVP7\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav6\7.0.1.321\ushata.dll
2009-05-29 13:34 . 2009-05-29 13:34 112144 ----a-w- c:\programdata\Kaspersky Lab\AVP7\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav6\7.0.1.321\X86\kl1.sys
2009-05-29 13:34 . 2009-05-29 13:34 772624 ----a-w- c:\programdata\Kaspersky Lab\AVP7\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav6\7.0.1.321\updater.dll
2009-05-29 13:34 . 2009-05-29 13:34 150032 ----a-w- c:\programdata\Kaspersky Lab\AVP7\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav6\7.0.1.321\diffs.dll
2009-05-29 13:34 . 2009-05-29 13:34 354832 ----a-w- c:\programdata\Kaspersky Lab\AVP7\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav6\7.0.1.321\ckahum.dll
2009-05-29 13:29 . 2008-02-07 15:10 -------- d–h--w- C:\ckis
2009-05-29 13:29 . 2009-05-29 13:29 -------- d-----w- c:\program files\Kaspersky Lab
2009-05-29 13:15 . 2009-05-29 13:34 105395 ----a-w- c:\windows\system32\drivers\klin.dat
2009-05-29 13:15 . 2009-05-29 13:34 94643 ----a-w- c:\windows\system32\drivers\klick.dat
2009-05-29 13:14 . 2009-06-26 16:18 374114080 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-05-29 13:14 . 2009-06-26 15:40 -------- d-----w- c:\programdata\Kaspersky Lab
2009-05-28 09:34 . 2009-05-28 09:34 -------- d-----w- c:\programdata\WindowsSearch
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-26 15:42 . 2007-07-16 18:20 712112 ----a-w- c:\windows\system32\perfh015.dat
2009-06-26 15:42 . 2007-07-16 18:20 145686 ----a-w- c:\windows\system32\perfc015.dat
2009-06-26 15:35 . 2009-05-29 13:14 4998344 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-06-26 15:34 . 2009-05-04 09:47 12 ----a-w- c:\windows\bthservsdp.dat
2009-06-25 10:31 . 2008-06-01 09:49 -------- d-----w- c:\users\x\AppData\Roaming\OpenOffice.org2
2009-06-25 10:07 . 2008-06-01 09:50 1 ----a-w- c:\users\x\AppData\Roaming\OpenOffice.org2\user\uno_packages\cache\stamp.sys
2009-06-15 13:44 . 2007-07-16 08:47 -------- d–h--w- c:\program files\InstallShield Installation Information
2009-06-04 08:09 . 2007-11-30 17:03 -------- d-----w- c:\program files\Toolbar
2009-05-29 13:34 . 2007-10-31 11:41 112144 ----a-w- c:\windows\system32\drivers\kl1.sys
2009-05-29 13:02 . 2007-07-16 08:58 -------- d-----w- c:\program files\NewTech Infosystems
2009-05-29 13:02 . 2007-07-16 08:58 -------- d-----w- c:\program files\Common Files\NewTech Infosystems
2009-05-29 12:53 . 2007-07-16 09:00 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-05-29 12:53 . 2007-07-16 09:01 -------- d-----w- c:\programdata\Symantec
2009-05-23 10:50 . 2009-05-23 10:49 -------- d-----w- c:\program files\Common Files\Nero
2009-05-23 10:49 . 2008-01-25 15:43 -------- d-----w- c:\programdata\Nero
2009-05-21 06:26 . 2008-01-13 17:10 -------- d-----w- c:\program files\Google
2009-05-13 14:19 . 2007-04-20 10:45 -------- d-----w- c:\program files\Intel
2009-05-13 09:47 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-05-11 12:02 . 2009-05-11 12:02 -------- d-----w- c:\program files\SystemRequirementsLab
2009-05-11 11:56 . 2009-05-11 11:56 -------- d-----w- c:\users\x\AppData\Roaming\PeerNetworking
2009-05-11 10:42 . 2009-05-11 10:42 -------- d-----w- c:\program files\SDC udvikling
2009-05-09 09:13 . 2009-05-09 09:13 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files
2009-05-09 05:50 . 2009-06-10 06:41 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-09 05:34 . 2009-06-10 06:41 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-05-05 13:41 . 2008-01-29 15:03 -------- d-----w- c:\users\x\AppData\Roaming\GanymedeNet
2009-05-04 09:49 . 2009-05-04 09:49 0 —ha-w- c:\windows\system32\drivers\Msft_User_WpdRapi2_01_00_00.Wdf
2009-04-23 12:43 . 2009-06-10 06:41 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-23 12:42 . 2009-06-10 06:41 636928 ----a-w- c:\windows\system32\localspl.dll
2009-04-21 11:55 . 2009-06-10 06:41 2033152 ----a-w- c:\windows\system32\win32k.sys
2009-04-16 12:23 . 2009-04-16 12:23 0 —ha-w- c:\windows\msds.dat
2007-11-29 05:57 . 2007-11-29 05:57 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“Delete Owns”=“c:\programdata\fast close close.qw111u” [X]
“SHIM LINK FREE BALL”=“c:\programdata\boob frag inter.mgndsd” [X]
“swg”=“c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe” [2009-02-20 39408]
“WMPNSCFG”=“c:\program files\Windows Media Player\WMPNSCFG.exe” [2008-01-19 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“SynTPEnh”=“c:\program files\Synaptics\SynTP\SynTPEnh.exe” [2006-10-23 815104]
“IAAnotif”=“c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe” [2009-02-11 186904]
“Windows Mobile Device Center”=“c:\windows\WindowsMobile\wmdc.exe” [2007-05-31 648072]
“IgfxTray”=“c:\windows\system32\igfxtray.exe” [2009-02-26 141848]
“HotKeysCmds”=“c:\windows\system32\hkcmd.exe” [2009-02-26 173592]
“Persistence”=“c:\windows\system32\igfxpers.exe” [2009-02-26 150552]
“RtHDVCpl”=“RtHDVCpl.exe” - c:\windows\RtHDVCpl.exe [2007-05-29 4472832]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
“EnableUIADesktopToggle”= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
“AppInit_DLLs”=d:\uytkow~1\KASPER~1\r3hook.dll d:\uytkow~1\KASPER~1\adialhk.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@=“Service”
[HKLM~\startupfolder\C:^Users^x^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 2.4.lnk]
path=c:\users\x\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 2.4.lnk
backup=c:\windows\pss\OpenOffice.org 2.4.lnk.Startup
backupExtension=.Startup
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
“Adobe Reader Speed Launcher”=“c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe”
“TomTomHOME.exe”=d:\użytkowe\tom\TomTomHOME.exe -s
“Media Codec Update Service”=d:\essentials codec pack\codeki\update.exe -silent
“LManager”=c:\progra~1\LAUNCH~1\LManager.exe
“eDataSecurity Loader”=c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe
“LanguageShortcut”=“c:\program files\CyberLink\PowerDVD\Language\Language.exe”
“NeroFilterCheck”=c:\program files\Common Files\Nero\Lib\NeroCheck.exe
“Symantec PIF AlertEng”=“c:\program files\Common Files\Symantec Shared\PIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe” /a /m “c:\program files\Common Files\Symantec Shared\PIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll”
“NBKeyScan”=“d:\użytkowe\Nero 8\Nero BackItUp\NBKeyScan.exe”
“IS CfgWiz”=“c:\program files\Common Files\Symantec Shared\OPC{31011D49-D90C-4da0-878B-78D28AD507AF}\cltUIStb.exe” /MODULE CfgWiz /GUID {BC8D3EAF-F864-4d4b-AB4D-B3D0C32E2840} /MODE CfgWiz /CMDLINE “REBOOT”
“osCheck”=“c:\program files\Norton Internet Security\osCheck.exe”
“ccApp”=c:\program files\Common Files\Symantec Shared\ccApp.exe
“Skytel”=Skytel.exe
“iPlusManager”=d:\użytkowe\iPlus\iPlusChecker.exe
“SunJavaUpdateSched”=“c:\program files\Java\jre6\bin\jusched.exe”
“WarReg_PopUp”=c:\acer\WR_PopUp\WarReg_PopUp.exe
“AVP”=“d:\użytkowe\kasperski\avp.exe”
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
“UacDisableNotify”=dword:00000001
“InternetSettingsDisableNotify”=dword:00000001
“AutoUpdateDisableNotify”=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
“DisableMonitoring”=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
“DisableMonitoring”=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
“DisableMonitoring”=dword:00000001
[HKLM~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
“EnableFirewall”= 0 (0x0)
[HKLM~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
“{765444AE-B123-41B3-AAFE-4CEB4571EA66}”= c:\program files\CyberLink\PowerDVD\PowerDVD.EXE:CyberLink PowerDVD
“TCP Query User{E2AFFF1D-862E-4BBB-BF3D-7F095B0D094F}d:\użytkowe\gadu-gadu\gg.exe”= UDP:d:\użytkowe\gadu-gadu\gg.exe:Gadu-Gadu - program główny
“UDP Query User{DABD4839-CE91-48FD-B8D8-14B8B85416E9}d:\użytkowe\gadu-gadu\gg.exe”= TCP:d:\użytkowe\gadu-gadu\gg.exe:Gadu-Gadu - program główny
“{8C10F982-FD63-4F4A-BD36-1E47737573CE}”= UDP:d:\gry\empire\EE3.exe:Empire Earth III
“{FCD40638-AE71-4575-A99B-16CC96B1558D}”= TCP:d:\gry\empire\EE3.exe:Empire Earth III
“TCP Query User{F4538E23-0070-430C-94F1-F8735B1DDFA4}d:\użytkowe\gadu-gadu\gg.exe”= UDP:d:\użytkowe\gadu-gadu\gg.exe:Gadu-Gadu - program główny
“UDP Query User{C3201E07-46DA-4DFD-A9F7-00EDE45C7533}d:\użytkowe\gadu-gadu\gg.exe”= TCP:d:\użytkowe\gadu-gadu\gg.exe:Gadu-Gadu - program główny
“TCP Query User{A1A6A963-12EC-4C4D-894C-D7802690FBF6}d:\użytkowe\emule\emule.exe”= UDP:d:\użytkowe\emule\emule.exe:eMule
“UDP Query User{94298666-76A4-45BE-8A24-23ADD8073006}d:\użytkowe\emule\emule.exe”= TCP:d:\użytkowe\emule\emule.exe:eMule
“{63553B7A-B07D-4EF9-8EC9-55E2970D9654}”= UDP:d:\stronghold2\Stronghold2.exe:Stronghold 2
“{9B590612-A22B-4C34-BDDB-426102CBDF3D}”= TCP:d:\stronghold2\Stronghold2.exe:Stronghold 2
“{C49B12AE-28EE-41BC-838A-EDA01954E34E}”= UDP:d:\gry\tw2\Stronghold2.exe:Stronghold 2
“{AB2BCFD6-19FA-4244-9DB1-957892454E2B}”= TCP:d:\gry\tw2\Stronghold2.exe:Stronghold 2
[HKLM~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
“EnableFirewall”= 0 (0x0)
“DisabledInterfaces”= {A1B577B6-A2A5-48BF-A46A-4ADC436E2B20}
[HKLM~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
“EnableFirewall”= 0 (0x0)
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\System32\drivers\klim6.sys [2007-10-16 20496]
R2 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2006-04-14 28933976]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [2007-02-09 179712]
S2 gupdate1c9ca2b97cc05e1;Usługa Google Update (gupdate1c9ca2b97cc05e1);c:\program files\Google\Update\GoogleUpdate.exe [2009-05-01 133104]
S3 WSVD;WSVD;c:\windows\System32\drivers\WSVD.sys [2007-12-01 80744]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
bthsvcs REG_MULTI_SZ BthServ
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
“c:\windows\System32\rundll32.exe” “c:\windows\System32\iedkcs32.dll”,BrandIEActiveSetup SIGNUP
.
Zawartość folderu ‘Zaplanowane zadania’
2009-06-26 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-01 07:08]
2009-06-26 c:\windows\Tasks\User_Feed_Synchronization-{55BC0DCB-800B-4D81-8DAE-B36E44523D15}.job
- c:\windows\system32\msfeedssync.exe [2009-05-09 11:31]
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www.wp.pl/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://pl.intl.acer.yahoo.com
uSearchURL,(Default) = hxxp://uk.rd.yahoo.com/customize/ycomp/ … .yahoo.com
IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: tdc.dk\udstedelse.certifikat
DPF: {4539348E-01D7-11D5-9A39-0080C8D85044} - hxxp://download.gamedesire.com/g_bin/pl … 0_0_35.cab
DPF: {A6212120-01D4-11D5-9A39-0080C8D85044} - hxxp://download.gamedesire.com/g_bin/pl … 0_0_35.cab
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-26 18:18
Windows 6.0.6001 Service Pack 1 NTFS
skanowanie ukrytych procesów …
skanowanie ukrytych wpisów autostartu …
skanowanie ukrytych plików …
skanowanie pomyślnie ukończone
ukryte pliki: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
“ImagePath”="??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
“BlindDial”=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
“BlindDial”=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
“BlindDial”=dword:00000000
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------
-
-
-
-
-
-
- > ‘winlogon.exe’(704)
-
-
-
-
-
d:\uytkow~1\KASPER~1\r3hook.dll
d:\uytkow~1\KASPER~1\adialhk.dll
-
-
-
-
-
-
- > ‘lsass.exe’(768)
-
-
-
-
-
d:\uytkow~1\KASPER~1\r3hook.dll
d:\uytkow~1\KASPER~1\adialhk.dll
d:\użytkowe\kasperski\dnsq.dll
.
Czas ukończenia: 2009-06-26 18:21
ComboFix-quarantined-files.txt 2009-06-26 16:21
Przed: 26 832 781 312 bajtów wolnych
Po: 26 855 571 456 bajtów wolnych
Current=1 Default=1 Failed=0 LastKnownGood=6 Sets=1,2,3,4,5,6
299 — E O F — 2009-06-15 14:41
– Dodane 27.06.2009 (So) 11:52 –
Nikt nie może mi pomóc?
– Dodane 27.06.2009 (So) 12:14 –
Wrzucam jeszcze log z HijackThis:
ogfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:11:43, on 2009-06-27
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\x\AppData\Local\Temp\RtkBtMnt.exe
D:\użytkowe\Gadu-Gadu\gg.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wp.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://pl.intl.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://2uid.info
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/ycomp/ … .yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: (no name) - {8A4E1972-8F42-4B50-AA71-29DCA9F336BC} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Procesor Driver - {25F97EB4-1C02-45BA-BA0C-E67AACE64D4A} - C:\Program Files\Toolbar\like_googlenew1.1a.dll (file missing)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM…\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM…\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM…\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM…\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM…\Run: [igfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM…\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM…\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM…\Run: [AVP] “D:\użytkowe\kasperski\avp.exe”
O4 - HKCU…\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU…\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU…\Run: [Delete Owns] “C:\ProgramData\fast close close.qw111u”
O4 - HKCU…\Run: [sHIM LINK FREE BALL] “C:\ProgramData\boob frag inter.mgndsd”
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Statystyki dla ochrony WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - D:\użytkowe\kasperski\SCIEPlgn.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra ‘Tools’ menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O13 - Gopher Prefix:
O16 - DPF: {1A781DED-C22D-4153-3213-A3211E29DF13} (GameDesire Card Games) - http://download.gamedesire.com/g_bin/pl … 0_0_77.cab
O16 - DPF: {4539348E-01D7-11D5-9A39-0080C8D85044} (GameDesire Slots 90th) - http://download.gamedesire.com/g_bin/pl … 0_0_35.cab
O16 - DPF: {5727FF4C-EF4E-4d96-A96C-03AD91910448} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab_ind.cab
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab
O16 - DPF: {A6212120-01D4-11D5-9A39-0080C8D85044} (GameDesire Slots 70th) - http://download.gamedesire.com/g_bin/pl … 0_0_35.cab
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: D:\UYTKOW~1\KASPER~1\r3hook.dll D:\UYTKOW~1\KASPER~1\adialhk.dll
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - D:\użytkowe\kasperski\avp.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Usługa Google Update (gupdate1c9ca2b97cc05e1) (gupdate1c9ca2b97cc05e1) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - D:\użytkowe\Nero 8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
–
End of file - 8112 bytes