Żółty trójkąt w tray'u i wyskakujące oferty z antyspawerami

lolaf84 · 13 Listopad 2007 22:44

Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:41, on 2007-11-13 Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\PROGRA~1\WapSter\AQQ\AQQ.exe C:\Program Files\Eurobarre\eb.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Mozilla Firefox\firefox.exe E:\Program Files\Outlook Express\msimn.exe C:\Program Files\Internet Explorer\iexplore.exe C:\PROGRA~1\FREEDO~1\fdm.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\explorer.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\pbeuzddv.dll O4 - HKLM…\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime O4 - HKCU…\Run: [AQQ] C:\PROGRA~1\WapSter\AQQ\AQQ.exe O4 - HKUS\S-1-5-19…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘USŁUGA LOKALNA’) O4 - HKUS\S-1-5-20…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘USŁUGA SIECIOWA’) O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘SYSTEM’) O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘Default user’) O4 - Startup: Eurobarre.lnk = C:\Program Files\Eurobarre\eb.exe O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Pobierz w Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm O8 - Extra context menu item: Pobierz wszystkie pliki w Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm O8 - Extra context menu item: Pobierz zaznaczone w Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra ‘Tools’ menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra button: Upload - {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - C:\Program Files\Free Download Manager\FUM\fumiebtn.dll O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.eu/buxus/docs/OnlineScanner.cab O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C5} (GameDesire Snooker) - http://67.15.101.33/g_bin/pl/snooker_2_0_0_35.cab O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: Office Source Engine (ose) - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (file missing) O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe – End of file - 4644 bytes

Nie wiem skąd ale pojwaia mi się zolty trojkat migajacy w trayu i wyskakuja oferty zakupu oprogrmowania antyspawyre. Próbowałem SmitFrauFixem ComboFixem w trybie awaryjnym ale to nic nie dało

Gutek · 13 Listopad 2007 22:53

usuń wpisy HJT

Daj log z ComboFix

lolaf84 · 13 Listopad 2007 23:16

Usunołem wpisy, następnie reeboot, no i combofix oto log, trójkąt dalej siedzi

ComboFix 07-11-08.1 - jo 2007-11-14 0:05:25.3 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.1.1250.1.1045.18.102 [GMT 1:00] Running from: C:\Documents and Settings\jo\Pulpit\ComboFix.exe . Unable to gain System Privileges ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\All Users\Menu Start\Live Safety Center.lnk C:\Documents and Settings\All Users\Menu Start\Online Security Guide.lnk C:\Documents and Settings\jo\Pulpit\Live Safety Center.lnk C:\Documents and Settings\jo\Pulpit\Online Security Guide.lnk C:\Documents and Settings\jo\Ulubione\Online Security Guide.lnk C:\WINDOWS\system32\pbeuzddv.dllbox C:\WINDOWS\system32\qruvw.ini C:\WINDOWS\system32\qruvw.ini2 C:\WINDOWS\system32\wvurq.dll . ((((((((((((((((((((((((( Files Created from 2007-10-13 to 2007-11-13 ))))))))))))))))))))))))))))))) . 2007-11-13 23:26 2007-11-13 19:14 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-11-13 18:53 2007-11-13 18:19 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe 2007-11-13 18:19 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe 2007-11-13 18:19 53,248 --a------ C:\WINDOWS\system32\Process.exe 2007-11-13 18:19 51,200 --a------ C:\WINDOWS\system32\dumphive.exe 2007-11-13 18:19 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe 2007-11-13 18:19 1,332 --a------ C:\WINDOWS\system32\tmp.reg 2007-11-13 18:17 2007-11-13 18:17 2007-11-13 18:17 2007-11-13 18:17 2007-11-13 18:17 2007-11-13 18:17 2007-11-13 18:17 2007-11-13 18:14 2007-11-13 17:59 2007-11-13 17:32 80,448 --a------ C:\WINDOWS\system32\ybdhjbjp.dll 2007-11-13 17:27 144,480 --a------ C:\WINDOWS\system32\pbeuzddv.dll 2007-11-13 17:26 144,480 --a------ C:\WINDOWS\system32\vlytljvh.dll 2007-11-13 17:23 88,128 --a------ C:\WINDOWS\system32\rhkncdgs.dll 2007-11-13 17:21 71,232 --a------ C:\WINDOWS\system32\vsrxtxym.exe 2007-11-12 20:29 2007-11-12 15:55 81,472 --a------ C:\WINDOWS\system32\dhkahmcb.dll 2007-11-12 15:48 71,232 --a------ C:\WINDOWS\system32\idolmejq.exe 2007-11-11 13:50 2007-11-11 13:48 79,936 --a------ C:\WINDOWS\system32\pykrtffi.dll 2007-11-10 16:43 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr 2007-11-10 16:43 94,416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys 2007-11-10 16:43 92,848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys 2007-11-10 16:43 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys 2007-11-10 16:43 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys 2007-11-10 16:43 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys 2007-11-10 16:42 2007-11-10 16:42 801,144 --a------ C:\WINDOWS\system32\aswBoot.exe 2007-11-10 16:14 36,352 --a------ C:\WINDOWS\system32\qomlkkl.dll 2007-11-06 13:22 2007-11-06 13:21 2007-11-06 13:21 2007-11-06 13:14 2007-10-25 16:10 2007-10-24 18:35 4 --a------ C:\WINDOWS\system32\proc1935282620.bin 2007-10-23 14:20 24,960 --a------ C:\WINDOWS\system32\drivers\usbprint.sys 2007-10-23 14:19 376 --a------ C:\WINDOWS\mozregistry.dat 2007-10-23 14:18 2007-10-23 14:17 2007-10-22 11:45 2007-10-18 14:56 2007-10-18 14:55 2007-10-18 14:29 2007-10-15 18:25 2007-10-15 18:22 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll 2007-10-15 18:22 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll 2007-10-15 18:22 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll 2007-10-15 18:22 364,544 --------- C:\WINDOWS\system32\TwnLib4.dll 2007-10-15 18:22 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll 2007-10-15 18:22 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll 2007-10-15 18:21 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe 2007-10-15 18:19 2007-10-15 18:19 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-11-13 23:00 --------- d-----w C:\Documents and Settings\jo\Dane aplikacji\Free Download Manager 2007-11-13 16:52 --------- d-----w C:\Program Files\Nokia 2007-11-12 15:14 --------- d-----w C:\Documents and Settings\jo\Dane aplikacji\GanymedeNet 2007-11-10 15:19 --------- d-----w C:\Program Files\Winamp 2007-11-10 11:30 --------- d-----w C:\Program Files\Ganymede 2007-11-02 13:37 --------- d-----w C:\Program Files\C-Media Audio 2007-10-18 13:28 --------- d-----w C:\Program Files\Common Files\Nokia 2007-10-10 04:33 --------- d-----w C:\Program Files\Shut Down-O-Matic 2007-10-07 19:25 --------- d-----w C:\Program Files\Zylom Games 2007-10-07 19:25 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Zylom 2007-10-01 20:51 --------- d-----w C:\Documents and Settings\LocalService\Dane aplikacji\PC Suite 2007-10-01 20:05 --------- d-----w C:\Documents and Settings\jo\Dane aplikacji\PC Suite 2007-10-01 19:27 --------- d-----w C:\Program Files\Common Files\InstallShield 2007-09-28 19:58 --------- d-----w C:\Program Files\eMule 2007-09-27 18:31 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Nokia 2007-09-27 17:54 --------- d-----w C:\Documents and Settings\jo\Dane aplikacji\Nokia 2007-09-27 17:22 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\PC Suite 2007-09-27 17:19 --------- d-----w C:\Program Files\PC Connectivity Solution 2007-09-27 17:19 --------- d-----w C:\Program Files\DIFX 2007-09-27 17:17 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Installations 2007-09-19 16:57 --------- d-----w C:\Documents and Settings\jo\Dane aplikacji\foobar2000 2007-09-18 19:07 --------- d-----w C:\Documents and Settings\jo\Dane aplikacji\uTorrent 2007-09-09 18:45 15,872 ------w C:\WINDOWS\system32\winskfr.dll 2007-09-09 18:45 119,568 ------w C:\WINDOWS\system32\vb6fr.dll . ((((((((((((((((((((((((((((( snapshot@2007-11-13_19.22.51.70 ))))))))))))))))))))))))))))))))))))))))) . + 2007-11-13 23:09:46 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_42c.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE~\Browser Helper Objects{01CD0B31-9154-45F2-9414-F5D64B74EAF6}] 2007-11-10 16:14 36352 --a------ C:\WINDOWS\System32\qomlkkl.dll [HKEY_LOCAL_MACHINE~\Browser Helper Objects{13224cde-8039-4817-8ba3-23dc92badeb9}] 2007-11-13 17:32 80448 --a------ C:\WINDOWS\System32\ybdhjbjp.dll [HKEY_LOCAL_MACHINE~\Browser Helper Objects{A95B2816-1D7E-4561-A202-68C0DE02353A}] 2007-11-13 17:27 144480 --a------ C:\WINDOWS\system32\pbeuzddv.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] “{11A69AE4-FBED-4832-A2BF-45AF82825583}”= C:\WINDOWS\system32\pbeuzddv.dll [2007-11-13 17:27 144480] [HKEY_CLASSES_ROOT\CLSID{11A69AE4-FBED-4832-A2BF-45AF82825583}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “QuickTime Task”=“C:\Program Files\QuickTime\qttask.exe” [2007-11-06 13:14] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “AQQ”=“C:\PROGRA~1\WapSter\AQQ\AQQ.exe” [2007-02-28 13:18] [HKEY_USERS.default\software\microsoft\windows\currentversion\run] “Nokia.PCSync”=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog C:\Documents and Settings\jo\Menu Start\Programy\Autostart\ Eurobarre.lnk - C:\Program Files\Eurobarre\eb.exe [2007-09-09 19:45:15] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] “{01CD0B31-9154-45F2-9414-F5D64B74EAF6}”= C:\WINDOWS\System32\qomlkkl.dll [2007-11-10 16:14 36352] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pbeuzddv] pbeuzddv.dll 2007-11-13 17:27 144480 C:\WINDOWS\system32\pbeuzddv.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\qomlkkl] qomlkkl.dll 2007-11-10 16:14 36352 C:\WINDOWS\system32\qomlkkl.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] “Authentication Packages”= msv1_0 C:\WINDOWS\System32\wvurq.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares] “C:\Program Files\Ares\Ares.exe” -h [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eMuleAutoStart] C:\Program Files\eMule1\emule.exe -AutoStart [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Free Uploader Oe Integration] C:\Program Files\Free Download Manager\FUM\fumoei.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe” . Contents of the ‘Scheduled Tasks’ folder “2007-11-06 12:21:26 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job” - C:\Program Files\Apple Software Update\SoftwareUpdate.exe . ************************************************************************** catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-11-14 00:10:54 Windows 5.1.2600 Dodatek Service Pack. 1 NTFS scanning hidden processes … scanning hidden autostart entries … scanning hidden files … ************************************************************************** . Completion time: 2007-11-14 0:13:10 - machine was rebooted . — E O F —

Gutek · 13 Listopad 2007 23:32

Wklej do Notatnika:

File:: C:\WINDOWS\system32\ybdhjbjp.dll C:\WINDOWS\system32\pbeuzddv.dll C:\WINDOWS\system32\vlytljvh.dll C:\WINDOWS\system32\rhkncdgs.dll C:\WINDOWS\system32\vsrxtxym.exe C:\WINDOWS\system32\dhkahmcb.dll C:\WINDOWS\system32\idolmejq.exe C:\WINDOWS\system32\pykrtffi.dll C:\WINDOWS\system32\qomlkkl.dll C:\WINDOWS\system32\proc1935282620.bin C:\WINDOWS\system32\winskfr.dll C:\WINDOWS\system32\vb6fr.dll Registry:: [-HKEY_LOCAL_MACHINE~\Browser Helper Objects{01CD0B31-9154-45F2-9414-F5D64B74EAF6}] [-HKEY_LOCAL_MACHINE~\Browser Helper Objects{13224cde-8039-4817-8ba3-23dc92badeb9}] [-HKEY_LOCAL_MACHINE~\Browser Helper Objects{A95B2816-1D7E-4561-A202-68C0DE02353A}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] “{11A69AE4-FBED-4832-A2BF-45AF82825583}”=- [-HKEY_CLASSES_ROOT\CLSID{11A69AE4-FBED-4832-A2BF-45AF82825583}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] “{01CD0B31-9154-45F2-9414-F5D64B74EAF6}”=- [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pbeuzddv] [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\qomlkkl]

>>Plik>>Zapisz jako… >>> CFScript (najwygodniej będzie, jeśli zapiszesz w takiej lokalizacji, by ikonka CFScript.txt znalazła się obok ikonki ComboFix.exe )

Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe (czyli ikonkę CFScript.txt na ikonkę ComboFix.exe )

– podobnie jak na tym obrazku –>

(jeśli pojawi się pytanie " 1 or 2" - to wpisz 1 i naciśnij ENTER) Ma się rozpocząć usuwanie. (i powstanie log)

Po restarcie usuń ręcznie folder C: ** Qoobox**.

Po tym nowy log z Combo, lecz przed logiem zrób tak:

Wklej do Notatnika:

Windows Registry Editor Version 5.00


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]

"Authentication Packages"=-

"Authentication Packages"=hex(7):6d,00,73,00,76,00,31,00,5f,00,30,00,00,00,00,\

  00

Z menu Notatnika Plik Zapisz jako Ustaw rozszerzenie na “Wszystkie pliki” Zapisz jako FIX.REG uruchom ten plik (dwuklik).

lolaf84 · 13 Listopad 2007 23:55

No problem chyba rozwiązany. DZIĘKI ale wklejam jeszcze loga

ComboFix 07-11-08.1 - jo 2007-11-14 0:52:04.5 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.1.1250.1.1045.18.48 [GMT 1:00] Running from: C:\Documents and Settings\jo\Pulpit\ComboFix.exe . ((((((((((((((((((((((((( Files Created from 2007-10-13 to 2007-11-13 ))))))))))))))))))))))))))))))) . 2007-11-13 23:26 2007-11-13 19:14 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-11-13 18:53 2007-11-13 18:19 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe 2007-11-13 18:19 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe 2007-11-13 18:19 53,248 --a------ C:\WINDOWS\system32\Process.exe 2007-11-13 18:19 51,200 --a------ C:\WINDOWS\system32\dumphive.exe 2007-11-13 18:19 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe 2007-11-13 18:19 1,332 --a------ C:\WINDOWS\system32\tmp.reg 2007-11-13 18:17 2007-11-13 18:17 2007-11-13 18:17 2007-11-13 18:17 2007-11-13 18:17 2007-11-13 18:17 2007-11-13 18:17 2007-11-13 18:14 2007-11-13 17:59 2007-11-12 20:29 2007-11-11 13:50 2007-11-10 16:43 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr 2007-11-10 16:43 94,416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys 2007-11-10 16:43 92,848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys 2007-11-10 16:43 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys 2007-11-10 16:43 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys 2007-11-10 16:43 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys 2007-11-10 16:42 2007-11-10 16:42 801,144 --a------ C:\WINDOWS\system32\aswBoot.exe 2007-11-06 13:22 2007-11-06 13:21 2007-11-06 13:21 2007-11-06 13:14 2007-10-25 16:10 2007-10-23 14:20 24,960 --a------ C:\WINDOWS\system32\drivers\usbprint.sys 2007-10-23 14:19 376 --a------ C:\WINDOWS\mozregistry.dat 2007-10-23 14:18 2007-10-23 14:17 2007-10-22 11:45 2007-10-18 14:56 2007-10-18 14:55 2007-10-18 14:29 2007-10-15 18:25 2007-10-15 18:22 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll 2007-10-15 18:22 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll 2007-10-15 18:22 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll 2007-10-15 18:22 364,544 --------- C:\WINDOWS\system32\TwnLib4.dll 2007-10-15 18:22 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll 2007-10-15 18:22 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll 2007-10-15 18:21 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe 2007-10-15 18:19 2007-10-15 18:19 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-11-13 23:00 --------- d-----w C:\Documents and Settings\jo\Dane aplikacji\Free Download Manager 2007-11-13 16:52 --------- d-----w C:\Program Files\Nokia 2007-11-12 15:14 --------- d-----w C:\Documents and Settings\jo\Dane aplikacji\GanymedeNet 2007-11-10 15:19 --------- d-----w C:\Program Files\Winamp 2007-11-10 11:30 --------- d-----w C:\Program Files\Ganymede 2007-11-02 13:37 --------- d-----w C:\Program Files\C-Media Audio 2007-10-18 13:28 --------- d-----w C:\Program Files\Common Files\Nokia 2007-10-10 04:33 --------- d-----w C:\Program Files\Shut Down-O-Matic 2007-10-07 19:25 --------- d-----w C:\Program Files\Zylom Games 2007-10-07 19:25 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Zylom 2007-10-01 20:51 --------- d-----w C:\Documents and Settings\LocalService\Dane aplikacji\PC Suite 2007-10-01 20:05 --------- d-----w C:\Documents and Settings\jo\Dane aplikacji\PC Suite 2007-10-01 19:27 --------- d-----w C:\Program Files\Common Files\InstallShield 2007-09-28 19:58 --------- d-----w C:\Program Files\eMule 2007-09-27 18:31 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Nokia 2007-09-27 17:54 --------- d-----w C:\Documents and Settings\jo\Dane aplikacji\Nokia 2007-09-27 17:22 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\PC Suite 2007-09-27 17:19 --------- d-----w C:\Program Files\PC Connectivity Solution 2007-09-27 17:19 --------- d-----w C:\Program Files\DIFX 2007-09-27 17:17 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Installations 2007-09-19 16:57 --------- d-----w C:\Documents and Settings\jo\Dane aplikacji\foobar2000 2007-09-18 19:07 --------- d-----w C:\Documents and Settings\jo\Dane aplikacji\uTorrent . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “QuickTime Task”=“C:\Program Files\QuickTime\qttask.exe” [2007-11-06 13:14] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “AQQ”=“C:\PROGRA~1\WapSter\AQQ\AQQ.exe” [2007-02-28 13:18] [HKEY_USERS.default\software\microsoft\windows\currentversion\run] “Nokia.PCSync”=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog C:\Documents and Settings\jo\Menu Start\Programy\Autostart\ Eurobarre.lnk - C:\Program Files\Eurobarre\eb.exe [2007-09-09 19:45:15] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares] “C:\Program Files\Ares\Ares.exe” -h [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eMuleAutoStart] C:\Program Files\eMule1\emule.exe -AutoStart [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Free Uploader Oe Integration] C:\Program Files\Free Download Manager\FUM\fumoei.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe” . Contents of the ‘Scheduled Tasks’ folder “2007-11-06 12:21:26 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job” - C:\Program Files\Apple Software Update\SoftwareUpdate.exe . ************************************************************************** catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-11-14 00:53:15 Windows 5.1.2600 Dodatek Service Pack. 1 NTFS scanning hidden processes … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-11-14 0:54:12 C:\ComboFix2.txt … 2007-11-14 00:49 C:\ComboFix3.txt … 2007-11-14 00:13 . — E O F —

Gutek · 14 Listopad 2007 17:23

Już jest Ok