Liczba postów: 3
Liczba wątków: 1
Dołączył: 23.08.2007
Reputacja:
0
Cytat: Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:00:53, on 2007-08-23
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal
Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32spoolsv.exe
C:AcerEmpowering TechnologyePowerePower_DMC.exe
Crogram FilesJavajre1.6.0_02binjusched.exe
CROGRA~1WapsterAQQAQQ.exe
C:WINDOWSsystem32ctfmon.exe
C:progra~1crawlernotescnotes.exe
Crogram FilesLaunch ManagerLManager.exe
C:WINDOWSsystem32igfxext.exe
C:WINDOWSsystem32igfxsrvc.exe
Crogram FilesLavasoftAd-Aware 2007aawservice.exe
C:AcerEmpowering TechnologyadmServ.exe
Crogram FilesAcerAcer ArcadeKernelTVCLCapSvc.exe
Crogram FilesAcerAcer ArcadeKernelCLML_NTServiceCLMLServer.exe
Crogram FilesAcerAcer ArcadeKernelCLML_NTServiceCLMLService.exe
Crogram FilesCommon FilesLightScribeLSSrvc.exe
Crogram FilesMicrosoft SQL ServerMSSQL$AUTODESKVAULTBinnsqlservr.exe
Crogram FilesCyberLinkShared FilesRichVideo.exe
C:WINDOWSsystem32svchost.exe
Crogram FilesCommon FilesSymantec SharedCCPD-LCsymlcsvc.exe
Crogram FilesAcerAcer ArcadeKernelTVCLSched.exe
C:WINDOWSsystem32wbemunsecapp.exe
C:WINDOWSSystem32svchost.exe
Crogram FilesInternet ExplorerIEXPLORE.EXE
Crogram FilesWinRARWinRAR.exe
Crogram FilesTrend MicroHijackThisHijackThis.exe
C:WINDOWSsystem32dumprep.exe
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = [Aby zobaczyć linki, zarejestruj się tutaj]
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = [Aby zobaczyć linki, zarejestruj się tutaj]
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = [Aby zobaczyć linki, zarejestruj się tutaj]
R1 - HKCUSoftwareMicrosoftInternet ExplorerSearchURL,(Default) = [Aby zobaczyć linki, zarejestruj się tutaj]
R1 - HKCUSoftwareMicrosoftInternet Connection Wizard,ShellNext = [Aby zobaczyć linki, zarejestruj się tutaj]
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Ĺącza
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - Crogram FilesIE7ProIE7Pro.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - Crogram FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - CROGRA~1MEGAUP~1MEGAUP~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - Crogram FilesSpybot - Search & DestroySDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - Crogram FilesJavajre1.6.0_02binssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:WINDOWSsystem32eDStoolbar.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - CROGRA~1MEGAUP~1MEGAUP~1.DLL
O4 - HKLM..Run: [ePower_DMC]C:AcerEmpowering TechnologyePowerePower_DMC.exe
O4 - HKLM..Run: [NeroFilterCheck]C:WINDOWSsystem32NeroCheck.exe
O4 - HKLM..Run: [SunJavaUpdateSched]"Crogram FilesJavajre1.6.0_02binjusched.exe"
O4 - HKLM..Run: [Adobe Reader Speed Launcher]"Crogram FilesAdobeReader 8.0ReaderReader_sl.exe"
O4 - HKLM..Run: [RavAV]C:WINDOWSRavMonE.exe
O4 - HKLM..RunServices: [Intel Driver]csrs.exe
O4 - HKCU..Run: [AQQ]CROGRA~1WapsterAQQAQQ.exe
O4 - HKCU..Run: [ctfmon.exe]C:WINDOWSsystem32ctfmon.exe
O4 - HKCU..Run: [CrawlerNotes]c:progra~1crawlernotescnotes.exe /notesshow
O4 - HKCU..Run: [AutoConnect]Crogram FilesAutoConnectAutoConnect.exe
O4 - HKUSS-1-5-19..Run: [CTFMON.EXE]C:WINDOWSsystem32CTFMON.EXE (User ''USĹUGA LOKALNA'')
O4 - HKUSS-1-5-20..Run: [CTFMON.EXE]C:WINDOWSsystem32CTFMON.EXE (User ''USĹUGA SIECIOWA'')
O4 - HKUSS-1-5-18..Run: [CTFMON.EXE]C:WINDOWSsystem32CTFMON.EXE (User ''SYSTEM'')
O4 - HKUS.DEFAULT..Run: [CTFMON.EXE]C:WINDOWSsystem32CTFMON.EXE (User ''Default user'')
O4 - Startup: Skrót do LManager.lnk = Crogram FilesLaunch ManagerLManager.exe
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - [Aby zobaczyć linki, zarejestruj się tutaj]
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - Crogram FilesIE7ProIE7Pro.dll
O9 - Extra ''Tools'' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - Crogram FilesIE7ProIE7Pro.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Crogram FilesJavajre1.6.0_02binssv.dll
O9 - Extra ''Tools'' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Crogram FilesJavajre1.6.0_02binssv.dll
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - [Aby zobaczyć linki, zarejestruj się tutaj]
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - [Aby zobaczyć linki, zarejestruj się tutaj]
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - [Aby zobaczyć linki, zarejestruj się tutaj]
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - [Aby zobaczyć linki, zarejestruj się tutaj]
O17 - HKLMSystemCCSServicesTcpip..{2D167C70-4369-4CCB-975F-9F195016B5DA}: NameServer = 85.255.116.18,85.255.112.185
O17 - HKLMSystemCCSServicesTcpip..{A129A8F1-B658-4F26-9BFB-03144735B66E}: NameServer = 85.255.116.18,85.255.112.185
O17 - HKLMSystemCCSServicesTcpip..{BB06B819-DAF8-4D12-B2D0-84DD4D871E64}: NameServer = 85.255.116.18,85.255.112.185
O17 - HKLMSystemCCSServicesTcpip..{CFDD7D83-8F32-4E84-809E-95C2A12565F3}: NameServer = 85.255.116.18,85.255.112.185
O17 - HKLMSystemCS1ServicesTcpipParameters: NameServer = 85.255.116.18 85.255.112.185
O17 - HKLMSystemCCSServicesTcpipParameters: NameServer = 85.255.116.18 85.255.112.185
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - Crogram FilesLavasoftAd-Aware 2007aawservice.exe
O23 - Service: Autodesk Licensing Service - Autodesk - Crogram FilesCommon FilesAutodesk SharedServiceAdskScSrv.exe
O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:AcerEmpowering TechnologyadmServ.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - Crogram FilesAcerAcer ArcadeKernelTVCLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - Crogram FilesAcerAcer ArcadeKernelTVCLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - Crogram FilesAcerAcer ArcadeKernelCLML_NTServiceCLMLServer.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - Crogram FilesCommon FilesLightScribeLSSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - Crogram FilesCyberLinkShared FilesRichVideo.exe
O23 - Service: ServiceLayer - Nokia. - Crogram FilesPC Connectivity SolutionServiceLayer.exe
O23 - Service: Symantec Core LC - Symantec Corporation - Crogram FilesCommon FilesSymantec SharedCCPD-LCsymlcsvc.exe
--
End of file - 7617 bytes
Liczba postów: 850
Liczba wątków: 12
Dołączył: 15.07.2006
Reputacja:
0
Cytat: R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM..Run: [RavAV]C:WINDOWS RavMonE.exe
O4 - HKLM..RunServices: [Intel Driver] csrs.exe
O17 - HKLMSystemCCSServicesTcpip..{2D167C70-4369-4CCB-975F-9F195016B5DA}: NameServer = 85.255.116.18,85.255.112.185
O17 - HKLMSystemCCSServicesTcpip..{A129A8F1-B658-4F26-9BFB-03144735B66E}: NameServer = 85.255.116.18,85.255.112.185
O17 - HKLMSystemCCSServicesTcpip..{BB06B819-DAF8-4D12-B2D0-84DD4D871E64}: NameServer = 85.255.116.18,85.255.112.185
O17 - HKLMSystemCCSServicesTcpip..{CFDD7D83-8F32-4E84-809E-95C2A12565F3}: NameServer = 85.255.116.18,85.255.112.185
O17 - HKLMSystemCS1ServicesTcpipParameters: NameServer = 85.255.116.18 85.255.112.185
O17 - HKLMSystemCCSServicesTcpipParameters: NameServer = 85.255.116.18 85.255.112.185
Usuń pogrubione pliki w trybie awaryjnym i wyłączonym przywracaniem systemu, wpisy skasuj w hijacku.
Zastosuj [Aby zobaczyć linki, zarejestruj się tutaj]
Po zabiegach dajesz logi z hijacka, [Aby zobaczyć linki, zarejestruj się tutaj] , [Aby zobaczyć linki, zarejestruj się tutaj]
Oraz raport z Fixwareout
"Nie jestem konsumentem mieszczącym się w standardzie
Nie jestem gatunkiem skazanym na wymarcie
Nie jestem obiektem medialnego hałasu
Jestem nielegalnym zabójcą czasu"
Liczba postów: 3
Liczba wątków: 1
Dołączył: 23.08.2007
Reputacja:
0
Cytat: Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:35:59, on 2007-08-23
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal
Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32spoolsv.exe
C:AcerEmpowering TechnologyePowerePower_DMC.exe
Crogram FilesAdobeReader 8.0ReaderReader_sl.exe
CROGRA~1WapsterAQQAQQ.exe
C:progra~1crawlernotescnotes.exe
C:WINDOWSsystem32ctfmon.exe
Crogram FilesLaunch ManagerLManager.exe
C:WINDOWSsystem32igfxext.exe
C:WINDOWSsystem32igfxsrvc.exe
Crogram FilesLavasoftAd-Aware 2007aawservice.exe
C:AcerEmpowering TechnologyadmServ.exe
Crogram FilesAcerAcer ArcadeKernelTVCLCapSvc.exe
Crogram FilesAcerAcer ArcadeKernelCLML_NTServiceCLMLServer.exe
Crogram FilesAcerAcer ArcadeKernelCLML_NTServiceCLMLService.exe
Crogram FilesCommon FilesLightScribeLSSrvc.exe
Crogram FilesMicrosoft SQL ServerMSSQL$AUTODESKVAULTBinnsqlservr.exe
Crogram FilesCyberLinkShared FilesRichVideo.exe
C:WINDOWSsystem32svchost.exe
Crogram FilesCommon FilesSymantec SharedCCPD-LCsymlcsvc.exe
Crogram FilesAcerAcer ArcadeKernelTVCLSched.exe
C:WINDOWSsystem32wbemunsecapp.exe
C:WINDOWSSystem32svchost.exe
Crogram FilesInternet ExplorerIEXPLORE.EXE
C:WINDOWSsystem32wuauclt.exe
Crogram FilesTrend MicroHijackThisHijackThis.exe
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = [Aby zobaczyć linki, zarejestruj się tutaj]
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = [Aby zobaczyć linki, zarejestruj się tutaj]
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = [Aby zobaczyć linki, zarejestruj się tutaj]
R1 - HKCUSoftwareMicrosoftInternet ExplorerSearchURL,(Default) = [Aby zobaczyć linki, zarejestruj się tutaj]
R1 - HKCUSoftwareMicrosoftInternet Connection Wizard,ShellNext = [Aby zobaczyć linki, zarejestruj się tutaj]
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Ĺącza
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - Crogram FilesIE7ProIE7Pro.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - Crogram FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - CROGRA~1MEGAUP~1MEGAUP~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - Crogram FilesSpybot - Search & DestroySDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - Crogram FilesJavajre1.6.0_02binssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:WINDOWSsystem32eDStoolbar.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - CROGRA~1MEGAUP~1MEGAUP~1.DLL
O4 - HKLM..Run: [ePower_DMC]C:AcerEmpowering TechnologyePowerePower_DMC.exe
O4 - HKLM..Run: [NeroFilterCheck]C:WINDOWSsystem32NeroCheck.exe
O4 - HKLM..Run: [Adobe Reader Speed Launcher]"Crogram FilesAdobeReader 8.0ReaderReader_sl.exe"
O4 - HKCU..Run: [AQQ]CROGRA~1WapsterAQQAQQ.exe
O4 - HKCU..Run: [CrawlerNotes]c:progra~1crawlernotescnotes.exe /notesshow
O4 - HKCU..Run: [AutoConnect]Crogram FilesAutoConnectAutoConnect.exe
O4 - HKCU..Run: [ctfmon.exe]C:WINDOWSsystem32ctfmon.exe
O4 - HKUSS-1-5-19..Run: [CTFMON.EXE]C:WINDOWSsystem32CTFMON.EXE (User ''USĹUGA LOKALNA'')
O4 - HKUSS-1-5-20..Run: [CTFMON.EXE]C:WINDOWSsystem32CTFMON.EXE (User ''USĹUGA SIECIOWA'')
O4 - HKUSS-1-5-18..Run: [CTFMON.EXE]C:WINDOWSsystem32CTFMON.EXE (User ''SYSTEM'')
O4 - HKUS.DEFAULT..Run: [CTFMON.EXE]C:WINDOWSsystem32CTFMON.EXE (User ''Default user'')
O4 - Startup: Skrót do LManager.lnk = Crogram FilesLaunch ManagerLManager.exe
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - [Aby zobaczyć linki, zarejestruj się tutaj]
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - Crogram FilesIE7ProIE7Pro.dll
O9 - Extra ''Tools'' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - Crogram FilesIE7ProIE7Pro.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Crogram FilesJavajre1.6.0_02binssv.dll
O9 - Extra ''Tools'' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Crogram FilesJavajre1.6.0_02binssv.dll
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - [Aby zobaczyć linki, zarejestruj się tutaj]
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - [Aby zobaczyć linki, zarejestruj się tutaj]
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - [Aby zobaczyć linki, zarejestruj się tutaj]
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - [Aby zobaczyć linki, zarejestruj się tutaj]
O17 - HKLMSystemCCSServicesTcpip..{2D167C70-4369-4CCB-975F-9F195016B5DA}: NameServer = 85.255.116.18,85.255.112.185
O17 - HKLMSystemCCSServicesTcpip..{A129A8F1-B658-4F26-9BFB-03144735B66E}: NameServer = 85.255.116.18,85.255.112.185
O17 - HKLMSystemCCSServicesTcpip..{BB06B819-DAF8-4D12-B2D0-84DD4D871E64}: NameServer = 85.255.116.18,85.255.112.185
O17 - HKLMSystemCCSServicesTcpip..{CFDD7D83-8F32-4E84-809E-95C2A12565F3}: NameServer = 85.255.116.18,85.255.112.185
O17 - HKLMSystemCS1ServicesTcpipParameters: NameServer = 85.255.116.18 85.255.112.185
O17 - HKLMSystemCCSServicesTcpipParameters: NameServer = 85.255.116.18 85.255.112.185
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - Crogram FilesLavasoftAd-Aware 2007aawservice.exe
O23 - Service: Autodesk Licensing Service - Autodesk - Crogram FilesCommon FilesAutodesk SharedServiceAdskScSrv.exe
O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:AcerEmpowering TechnologyadmServ.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - Crogram FilesAcerAcer ArcadeKernelTVCLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - Crogram FilesAcerAcer ArcadeKernelTVCLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - Crogram FilesAcerAcer ArcadeKernelCLML_NTServiceCLMLServer.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - Crogram FilesCommon FilesLightScribeLSSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - Crogram FilesCyberLinkShared FilesRichVideo.exe
O23 - Service: ServiceLayer - Nokia. - Crogram FilesPC Connectivity SolutionServiceLayer.exe
O23 - Service: Symantec Core LC - Symantec Corporation - Crogram FilesCommon FilesSymantec SharedCCPD-LCsymlcsvc.exe
--
End of file - 7393 bytes
Cytat: "Silent Runners.vbs", revision 52, [Aby zobaczyć linki, zarejestruj się tutaj]
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKCUSoftwareMicrosoftWindowsCurrentVersionRun {++}
"AQQ" = "CROGRA~1WapsterAQQAQQ.exe" ["AQQ Sp. z o.o."]
"CrawlerNotes" = "c:progra~1crawlernotescnotes.exe /notesshow" ["Crawler.com"]
"AutoConnect" = "Crogram FilesAutoConnectAutoConnect.exe" [file not found]
"ctfmon.exe" = "C:WINDOWSsystem32ctfmon.exe" [MS]
HKLMSoftwareMicrosoftWindowsCurrentVersionRun {++}
"ePower_DMC" = "C:AcerEmpowering TechnologyePowerePower_DMC.exe" ["Acer Incorporated"]
"NeroFilterCheck" = "C:WINDOWSsystem32NeroCheck.exe" ["Ahead Software Gmbh"]
"Adobe Reader Speed Launcher" = ""Crogram FilesAdobeReader 8.0ReaderReader_sl.exe"" ["Adobe Systems Incorporated"]
HKLMSoftwareMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects
{00011268-E188-40DF-A514-835FCD78B1BF}(Default) = "IE7Pro"
-> {HKLM...CLSID} = "IE7Pro BHO"
InProcServer32(Default) = "Crogram FilesIE7ProIE7Pro.dll" ["IE7Pro.com"]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided)
-> {HKLM...CLSID} = "Adobe PDF Reader Link Helper"
InProcServer32(Default) = "Crogram FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll" ["Adobe Systems Incorporated"]
{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}(Default) = (no title provided)
-> {HKLM...CLSID} = "Megaupload Toolbar"
InProcServer32(Default) = "CROGRA~1MEGAUP~1MEGAUP~1.DLL" ["MEGAUPLOAD "]
{53707962-6F74-2D53-2644-206D7942484F}(Default) = (no title provided)
-> {HKLM...CLSID} = (no title provided)
InProcServer32(Default) = "Crogram FilesSpybot - Search & DestroySDHelper.dll" ["Safer Networking Limited"]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}(Default) = (no title provided)
-> {HKLM...CLSID} = "SSVHelper Class"
InProcServer32(Default) = "Crogram FilesJavajre1.6.0_02binssv.dll" ["Sun Microsystems, Inc."]
HKLMSoftwareMicrosoftWindowsCurrentVersionShell ExtensionsApproved
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"
-> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"
InProcServer32(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
InProcServer32(Default) = "C:WINDOWSsystem32hticons.dll" ["Hilgraeve, Inc."]
"{2F603045-309F-11CF-9774-0020AFD0CFF6}" = "Synaptics Control Panel"
-> {HKLM...CLSID} = (no title provided)
InProcServer32(Default) = "Crogram FilesSynapticsSynTPSynTPCpl.dll" ["Synaptics, Inc."]
"{2b45bd21-71f8-4c8c-a87a-7eeb25a1a3e0}" = "EPM-PO Shell Extension"
-> {HKLM...CLSID} = "EPM-PO Shell Extensions"
InProcServer32(Default) = "epm-po.dll" ["Acer Labs USA"]
"{AC1DB655-4F9A-4c39-8AD2-A65324A4C446}" = "Autodesk Drawing Preview"
-> {HKLM...CLSID} = "ACTHUMBNAIL"
InProcServer32(Default) = "Crogram FilesCommon FilesAutodesk SharedThumbnailAcThumbnail16.dll" ["Autodesk"]
"{36A21736-36C2-4C11-8ACB-D4136F2B57BD}" = "Uchwyt nakładania ikony podpisu cyfrowego"
-> {HKLM...CLSID} = "AcSignIcon"
InProcServer32(Default) = "C:WINDOWSsystem32AcSignIcon.dll" ["Autodesk"]
"{6DEA92E9-8682-4b6a-97DE-354772FE5727}" = "Autodesk DWF Preview"
-> {HKLM...CLSID} = "ACDWFTHMBPRXY"
InProcServer32(Default) = "Crogram FilesCommon FilesAutodesk SharedThumbnailAcDwfThmbPrxy16.dll" ["Autodesk"]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
InProcServer32(Default) = "Crogram FilesMicrosoft OfficeOffice10msohev.dll" [MS]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
InProcServer32(Default) = "Crogram FilesWinRARrarext.dll" [null data]
"{453D1B6D-BD6A-4FA1-B876-9E4DD848D434}" = "AQQ File Transfer Shell Extension"
-> {HKLM...CLSID} = "AQQ File Transfer Shell Extension"
InProcServer32(Default) = "CROGRA~1WapsterAQQSystemAQQSHE~1.DLL" [null data]
"{23170F69-40C1-278A-1000-000100020000}" = "7-Zip Shell Extension"
-> {HKLM...CLSID} = "7-Zip Shell Extension"
InProcServer32(Default) = "Crogram Files7-Zip7-zip.dll" ["Igor Pavlov"]
HKLMSoftwareMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoad
"WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
-> {HKLM...CLSID} = "WPDShServiceObj Class"
InProcServer32(Default) = "C:WINDOWSsystem32WPDShServiceObj.dll" [MS]
HKLMSoftwareMicrosoftWindows NTCurrentVersionWinlogon
<<!>> "System" = "kdfem.exe" [file not found]
HKLMSystemCurrentControlSetControlSession Manager
<<!>> "BootExecute" = "autocheck autochk *"|"lsdelete" [null data]
HKLMSoftwareMicrosoftWindows NTCurrentVersionWinlogonNotify
<<!>> igfxcuiDLLName = "igfxdev.dll" ["Intel Corporation"]
<<!>> WRNotifierDLLName = "WRLogonNTF.dll" [file not found]
HKLMSoftwareClassesFoldershellexColumnHandlers
{F9DB5320-233E-11D1-9F84-707F02C10627}(Default) = "PDF Column Info"
-> {HKLM...CLSID} = "PDF Shell Extension"
InProcServer32(Default) = "Crogram FilesCommon FilesAdobeAcrobatActiveXPDFShell.dll" ["Adobe Systems, Inc."]
HKLMSoftwareClasses*shellexContextMenuHandlers
7-Zip(Default) = "{23170F69-40C1-278A-1000-000100020000}"
-> {HKLM...CLSID} = "7-Zip Shell Extension"
InProcServer32(Default) = "Crogram Files7-Zip7-zip.dll" ["Igor Pavlov"]
AQQFileTransfer(Default) = "{453D1B6D-BD6A-4FA1-B876-9E4DD848D434}"
-> {HKLM...CLSID} = "AQQ File Transfer Shell Extension"
InProcServer32(Default) = "CROGRA~1WapsterAQQSystemAQQSHE~1.DLL" [null data]
Autodesk.DWF.ContextMenu(Default) = "{6C18531F-CA85-45F7-8278-FF33CF0A5964}"
-> {HKLM...CLSID} = "DWFShellExt Class"
InProcServer32(Default) = "Crogram FilesCommon FilesAutodesk Shareddwf CommonDWFShellExtension.dll" ["Autodesk, Inc."]
EDSshellExt(Default) = "{29FF7AB0-BE34-4992-A30B-53A9D86EE239}"
-> {HKLM...CLSID} = "eDSshlExt Class"
InProcServer32(Default) = "C:WINDOWSsystem32eDSshellExt.dll" ["HiTRUST"]
WinRAR(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
InProcServer32(Default) = "Crogram FilesWinRARrarext.dll" [null data]
HKLMSoftwareClassesDirectoryshellexContextMenuHandlers
7-Zip(Default) = "{23170F69-40C1-278A-1000-000100020000}"
-> {HKLM...CLSID} = "7-Zip Shell Extension"
InProcServer32(Default) = "Crogram Files7-Zip7-zip.dll" ["Igor Pavlov"]
EDSshellExt(Default) = "{29FF7AB0-BE34-4992-A30B-53A9D86EE239}"
-> {HKLM...CLSID} = "eDSshlExt Class"
InProcServer32(Default) = "C:WINDOWSsystem32eDSshellExt.dll" ["HiTRUST"]
WinRAR(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
InProcServer32(Default) = "Crogram FilesWinRARrarext.dll" [null data]
HKLMSoftwareClassesFoldershellexContextMenuHandlers
InventorMenu(Default) = "{6FDE7A70-351B-11d6-988B-0010B57A8BB7}"
-> {HKLM...CLSID} = "Autodesk Inventor® Part Document"
InProcServer32(Default) = "Crogram FilesAutodeskInventor 11BinDT.dll" ["Autodesk, Inc."]
WinRAR(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
InProcServer32(Default) = "Crogram FilesWinRARrarext.dll" [null data]
Default executables:
--------------------
HKCUSoftwareClasses.scr(Default) = "AutoCADScriptFile"
<<!>> HKCUSoftwareClassesAutoCADScriptFileshellopencommand(Default) = ""C:WINDOWSsystem32notepad.exe" "%1"" [MS]
Group Policies {policy setting}:
--------------------------------
Note: detected settings may not have any effect.
HKLMSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem
"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001
{Shutdown: Allow system to be shut down without having to log on}
"undockwithoutlogon" = (REG_DWORD) hex:0x00000001
{Devices: Allow undock without having to log on}
Active Desktop and Wallpaper:
-----------------------------
Active Desktop may be disabled at this entry:
HKCUSoftwareMicrosoftWindowsCurrentVersionExplorerShellState
Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCUSoftwareMicrosoftInternet ExplorerDesktopGeneral
"Wallpaper" = "C:WINDOWSsystem32configsystemprofileUstawienia lokalneDane aplikacjiMicrosoftWallpaper1.bmp"
Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCUControl PanelDesktop
"Wallpaper" = "Cocuments and SettingsdomUstawienia lokalneDane aplikacjiMicrosoftWallpaper1.bmp"
Startup items in "dom" & "All Users" startup folders:
-----------------------------------------------------
Cocuments and SettingsdomMenu StartProgramyAutostart
"Skrót do LManager" -> shortcut to: "Crogram FilesLaunch ManagerLManager.exe" ["Dritek System Inc."]
Winsock2 Service Provider DLLs:
-------------------------------
Namespace Service Providers
HKLMSystemCurrentControlSetServicesWinsock2ParametersNameSpace_Catalog5Catalog_Entries {++}
000000000001LibraryPath = "%SystemRoot%system32wshbth.dll" [MS]
000000000002LibraryPath = "%SystemRoot%System32mswsock.dll" [MS]
000000000003LibraryPath = "%SystemRoot%System32winrnr.dll" [MS]
000000000004LibraryPath = "%SystemRoot%System32mswsock.dll" [MS]
Transport Service Providers
HKLMSystemCurrentControlSetServicesWinsock2ParametersProtocol_Catalog9Catalog_Entries {++}
0000000000##PackedCatalogItem (contains) DLL [Company Name] , (at) ## range:
%SystemRoot%system32mswsock.dll [MS] , 01 - 05, 08 - 19
%SystemRoot%system32rsvpsp.dll [MS] , 06 - 07
Toolbars, Explorer Bars, Extensions:
------------------------------------
Toolbars
HKCUSoftwareMicrosoftInternet ExplorerToolbarWebBrowser
"{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}"
-> {HKLM...CLSID} = "Megaupload Toolbar"
InProcServer32(Default) = "CROGRA~1MEGAUP~1MEGAUP~1.DLL" ["MEGAUPLOAD "]
HKLMSoftwareMicrosoftInternet ExplorerToolbar
"{5CBE3B7C-1E47-477E-A7DD-396DB0476E29}" = (no title provided)
-> {HKLM...CLSID} = "Acer eDataSecurity Management"
InProcServer32(Default) = "C:WINDOWSsystem32eDStoolbar.dll" ["HiTRUST"]
"{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}" = (no title provided)
-> {HKLM...CLSID} = "Megaupload Toolbar"
InProcServer32(Default) = "CROGRA~1MEGAUP~1MEGAUP~1.DLL" ["MEGAUPLOAD "]
Extensions (Tools menu items, main toolbar menu buttons)
HKLMSoftwareMicrosoftInternet ExplorerExtensions
{0026439F-A980-4F18-8C95-4F1CBBF9C1D8}
"ButtonText" = "IE7Pro Preferences"
"MenuText" = "IE7Pro Preferences"
"CLSIDExtension" = "{B119EB0C-C021-46CF-85B0-34A760E0D5FE}"
-> {HKLM...CLSID} = "IE7Pro ToolsExt"
InProcServer32(Default) = "Crogram FilesIE7ProIE7Pro.dll" ["IE7Pro.com"]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC}"
-> {HKCU...CLSID} = "Java Plug-in 1.6.0_02"
InProcServer32(Default) = "Crogram FilesJavajre1.6.0_02binssv.dll" ["Sun Microsystems, Inc."]
-> {HKLM...CLSID} = "Java Plug-in 1.6.0_02"
InProcServer32(Default) = "Crogram FilesJavajre1.6.0_02binnpjpi160_02.dll" ["Sun Microsystems, Inc."]
Miscellaneous IE Hijack Points
------------------------------
HKLMSoftwareMicrosoftInternet ExplorerAboutURLs
<<H>> "Tabs" = "Cocuments and SettingsdomDane aplikacjiMEGAUPLOADTOOLBARtabwelcome.html" [null data]
Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------
Ad-Aware 2007 Service, aawservice, ""Crogram FilesLavasoftAd-Aware 2007aawservice.exe"" ["Lavasoft AB"]
AdminWorks Agent X6, AWService, ""C:AcerEmpowering TechnologyadmServ.exe"" ["Avocent Inc."]
Bluetooth Support Service, BthServ, "C:WINDOWSsystem32svchost.exe -k bthsvcs" {"C:WINDOWSSystem32bthserv.dll" [MS] }
CyberLink Background Capture Service (CBCS), CLCapSvc, ""Crogram FilesAcerAcer ArcadeKernelTVCLCapSvc.exe"" [empty string]
CyberLink Media Library Service, CyberLink Media Library Service, ""Crogram FilesAcerAcer ArcadeKernelCLML_NTServiceCLMLServer.exe"" ["Cyberlink"]
Cyberlink RichVideo Service(CRVS), RichVideo, ""Crogram FilesCyberLinkShared FilesRichVideo.exe"" [empty string]
CyberLink Task Scheduler (CTS), CLSched, ""Crogram FilesAcerAcer ArcadeKernelTVCLSched.exe"" [empty string]
LightScribeService Direct Disc Labeling Service, LightScribeService, ""Crogram FilesCommon FilesLightScribeLSSrvc.exe"" ["Hewlett-Packard Company"]
MSSQL$AUTODESKVAULT, MSSQL$AUTODESKVAULT, ""Crogram FilesMicrosoft SQL ServerMSSQL$AUTODESKVAULTBinnsqlservr.exe" -sAUTODESKVAULT" [MS]
Symantec Core LC, Symantec Core LC, ""Crogram FilesCommon FilesSymantec SharedCCPD-LCsymlcsvc.exe"" ["Symantec Corporation"]
Windows Driver Foundation - User-mode Driver Framework, WudfSvc, "C:WINDOWSsystem32svchost.exe -k WudfServiceGroup" {"C:WINDOWSSystem32WUDFSvc.dll" [MS] }
Print Monitors:
---------------
HKLMSystemCurrentControlSetControlPrintMonitors
Microsoft Shared Fax MonitorDriver = "FXSMON.DLL" [MS]
---------- (launch time: 2007-08-23 16:38:14)
<<!>>: Suspicious data at a malware launch point.
<<H>>: Suspicious data at a browser hijack point.
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
took 58 seconds.
---------- (total run time: 110 seconds)
Cytat: Username "dom" - 2007-08-23 16:41:55 [Fixwareout edited 2007/07/05]
»»»»»Prerun check
HKLMSOFTWARE~Winlogon "System"="kdfem.exe"
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParameters
"nameserver"="85.255.116.18 85.255.112.185" <Value cleared.
HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicestcpipparametersinterfaces{2D167C70-4369-4CCB-975F-9F195016B5DA}
"nameserver"="85.255.116.18,85.255.112.185" <Value cleared.
HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicestcpipparametersinterfaces{A129A8F1-B658-4F26-9BFB-03144735B66E}
"nameserver"="85.255.116.18,85.255.112.185" <Value cleared.
HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicestcpipparametersinterfaces{BB06B819-DAF8-4D12-B2D0-84DD4D871E64}
"nameserver"="85.255.116.18,85.255.112.185" <Value cleared.
HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicestcpipparametersinterfaces{CFDD7D83-8F32-4E84-809E-95C2A12565F3}
"nameserver"="85.255.116.18,85.255.112.185" <Value cleared.
HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicestcpipparametersinterfaces{18647E97-125C-4B1D-A4F9-B8B7751E72BD}
"DhcpNameServer"="85.255.116.18,85.255.112.185" <Value cleared.
HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicestcpipparametersinterfaces{A129A8F1-B658-4F26-9BFB-03144735B66E}
"DhcpNameServer"="85.255.116.18,85.255.112.185" <Value cleared.
HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicestcpipparametersinterfaces{CFDD7D83-8F32-4E84-809E-95C2A12565F3}
"DhcpNameServer"="85.255.116.18,85.255.112.185" <Value cleared.
Pomyślnie opróżniono pamięć podręczną programu rozpoznawania nazw DNS.
System was rebooted successfully.
»»»»» Postrun check
HKLMSOFTWARE~Winlogon "system"=""
....
....
»»»»» Misc files.
....
»»»»» Checking for older varients.
....
»»»»» Current runs (hklm hkcu "run" Keys Only)
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
"ePower_DMC"="C:\Acer\Empowering Technology\ePower\ePower_DMC.exe"
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe"
"Adobe Reader Speed Launcher"=""C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe""
[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
"AQQ"="C:\PROGRA~1\Wapster\AQQ\AQQ.exe"
"CrawlerNotes"="c:\progra~1\crawler\notes\cnotes.exe /notesshow"
"AutoConnect"="C:\Program Files\AutoConnect\AutoConnect.exe"
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe"
....
Hosts file was reset, If you use a custom hosts file please replace it
»»»»» End report »»»»»
Cytat: ComboFix 07-08-17.2 - "dom" 2007-08-23 16:45:10.2 - FAT32 x86
Microsoft Windows XP Home Edition5.1.2600.2.1250.1.1045.18.118 [GMT 2:00]
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
COCUME~1domDANEAP~1..ravmonlog
f:autorun.inf
((((((((((((((((((((((((( Files Created from 2007-07-23 to 2007-08-23)))))))))))))))))))))))))))))))
2007-08-23 16:41 8,810 --a------ C:dnsbak.reg
2007-08-23 16:40 51,200 --a------ C:WINDOWSnircmd.exe
2007-08-23 12:56 <DIR> d-------- C:WINDOWSpss
2007-08-23 12:00 <DIR> d-------- Crogram FilesTrend Micro
2007-08-23 11:17 <DIR> d-------- Crogram FilesAutoConnect
2007-08-23 10:47 <DIR> d-------- Crogram FilesMegauploadToolbar
2007-08-23 10:47 <DIR> d-------- COCUME~1domDANEAP~1MegauploadToolbar
2007-08-22 15:06 <DIR> d-------- Crogram FilesReal Alternative
2007-08-22 15:06 <DIR> d-------- COCUME~1domDANEAP~1Real
2007-08-22 15:06 <DIR> d-------- COCUME~1domDANEAP~1Media Player Classic
2007-08-22 15:06 <DIR> d-------- COCUME~1ALLUSE~1DANEAP~1Real
2007-08-21 20:27 <DIR> d-------- Crogram FilesIE7Pro
2007-08-21 20:27 <DIR> d-------- COCUME~1domDANEAP~1IE7Pro
2007-08-21 18:40 <DIR> d-------- COCUME~1ALLUSE~1DANEAP~1Spybot - Search & Destroy
2007-08-20 18:01 221,184 --a------ C:WINDOWSsystem32wmpns.dll
2007-08-07 20:42 <DIR> d-------- Crogram Files7-Zip
2007-08-07 09:36 <DIR> d-------- COCUME~1domDANEAP~1vlc
2007-07-23 20:57 <DIR> d-------- Crogram FilesAxis Communications
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-08-20 21:14 9344 --a------ C:WINDOWSsystem32driversNSDriver.sys
2007-08-20 21:14 8320 --a------ C:WINDOWSsystem32driversAWRTRD.sys
2007-07-22 16:20 --------- d-------- Crogram FilesAudacity
2007-07-19 08:58 3583488 --a------ C:WINDOWSsystem32dllcachemshtml.dll
2007-07-13 01:32 765952 --a------ C:WINDOWSsystem32dllcachevgx.dll
2007-07-07 17:54 --------- d-------- Crogram FilesLavasoft
2007-07-07 17:53 --------- d-------- Crogram FilesCommon FilesWise Installation Wizard
2007-07-03 12:42 --------- d-------- Crogram FilesMap24
2007-07-03 12:42 --------- d-------- COCUME~1domDANEAP~1Map24
2007-06-29 12:38 --------- d-------- Crogram Filesmp3DirectCut
2007-06-27 16:09 823808 --a------ C:WINDOWSsystem32dllcachewininet.dll
2007-06-27 16:09 671232 --a------ C:WINDOWSsystem32dllcachemstime.dll
2007-06-27 16:09 6058496 --------- C:WINDOWSsystem32dllcacheieframe.dll
2007-06-27 16:09 52224 --------- C:WINDOWSsystem32dllcachemsfeedsbs.dll
2007-06-27 16:09 477696 --a------ C:WINDOWSsystem32dllcachemshtmled.dll
2007-06-27 16:09 459264 --------- C:WINDOWSsystem32dllcachemsfeeds.dll
2007-06-27 16:09 44544 --a------ C:WINDOWSsystem32dllcacheiernonce.dll
2007-06-27 16:09 27648 --a------ C:WINDOWSsystem32dllcachejsproxy.dll
2007-06-27 16:09 267776 --------- C:WINDOWSsystem32dllcacheiertutil.dll
2007-06-27 16:09 232960 --a------ C:WINDOWSsystem32dllcachewebcheck.dll
2007-06-27 16:09 193024 --a------ C:WINDOWSsystem32dllcachemsrating.dll
2007-06-27 16:09 1152000 --a------ C:WINDOWSsystem32dllcacheurlmon.dll
2007-06-27 16:09 105984 --a------ C:WINDOWSsystem32dllcacheurl.dll
2007-06-27 16:09 102400 --a------ C:WINDOWSsystem32dllcacheoccache.dll
2007-06-27 16:08 384512 --a------ C:WINDOWSsystem32dllcacheiedkcs32.dll
2007-06-27 16:08 383488 --------- C:WINDOWSsystem32dllcacheieapfltr.dll
2007-06-27 16:08 230400 --a------ C:WINDOWSsystem32dllcacheieaksie.dll
2007-06-27 16:08 153088 --a------ C:WINDOWSsystem32dllcacheieakeng.dll
2007-06-27 16:08 132608 --a------ C:WINDOWSsystem32dllcacheextmgr.dll
2007-06-27 16:08 124928 --a------ C:WINDOWSsystem32dllcacheadvpack.dll
2007-06-27 10:30 625152 --a------ C:WINDOWSsystem32dllcacheiexplore.exe
2007-06-27 10:27 63488 --a------ C:WINDOWSsystem32dllcacheie4uinit.exe
2007-06-27 10:27 13824 --------- C:WINDOWSsystem32dllcacheieudinit.exe
2007-06-27 09:00 161792 --a------ C:WINDOWSsystem32dllcacheieakui.dll
2007-06-26 08:10 1104896 --a------ C:WINDOWSsystem32msxml3.dll
2007-06-26 08:10 1104896 --a------ C:WINDOWSsystem32dllcachemsxml3.dll
2007-06-19 15:32 282112 --a------ C:WINDOWSsystem32gdi32.dll
2007-06-19 15:32 282112 --a------ C:WINDOWSsystem32dllcachegdi32.dll
2007-06-13 15:23 1034752 --a------ C:WINDOWSsystem32dllcacheexplorer.exe
2007-06-13 15:23 1034752 --a------ C:WINDOWSexplorer.exe
2007-06-11 23:51 10834944 --a------ C:WINDOWSsystem32dllcachewmp.dll
2007-03-08 19:17:40 56 --sh--r C:WINDOWSsystem3248A1109D8D.sys
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
"ePower_DMC"="C:AcerEmpowering TechnologyePowerePower_DMC.exe" [2006-08-10 19:29]
"NeroFilterCheck"="C:WINDOWSsystem32NeroCheck.exe" [2001-07-09 10:50]
"Adobe Reader Speed Launcher"="Crogram FilesAdobeReader 8.0ReaderReader_sl.exe" [2007-05-11 03:06]
[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
"AQQ"="CROGRA~1WapsterAQQAQQ.exe" [2007-02-28 13:18]
"CrawlerNotes"="c:progra~1crawlernotescnotes.exe" [2007-04-11 07:25]
"AutoConnect"="Crogram FilesAutoConnectAutoConnect.exe" []
"ctfmon.exe"="C:WINDOWSsystem32ctfmon.exe" [2004-08-04 20:00]
Cocuments and SettingsdomMenu StartProgramyAutostart
SkrËt do LManager.lnk - Crogram FilesLaunch ManagerLManager.exe [2007-01-08 09:06:10]
R1 OsaFsLoc;OsaFsLoc;??C:WINDOWSsystem32driversOsaFsLoc.sys
R2 MSSQL$AUTODESKVAULT;MSSQL$AUTODESKVAULT;"Crogram FilesMicrosoft SQL ServerMSSQL$AUTODESKVAULTBinnsqlservr.exe" -sAUTODESKVAULT
R2 osaio;osaio;??C:WINDOWSsystem32driversosaio.sys
R2 osanbm;osanbm;??C:WINDOWSsystem32driversosanbm.sys
R3 Cam5603D;Acer OrbiCam;C:WINDOWSsystem32DriversBisonCam.sys
R3 DKbFltr;Dritek Keyboard Filter Driver;C:WINDOWSsystem32DRIVERSDKbFltr.sys
R3 EMSCR;EMSCR;C:WINDOWSsystem32DRIVERSEMS7SK.sys
R3 ESDCR;ESDCR;C:WINDOWSsystem32DRIVERSESD7SK.sys
R3 ESMCR;ESMCR;C:WINDOWSsystem32DRIVERSESM7SK.sys
R3 USBSTOR;Sterownik magazynu masowego USB;C:WINDOWSsystem32DRIVERSUSBSTOR.SYS
S3 MSIRCOMM;Microsoft IR Communications Driver;C:WINDOWSsystem32DRIVERSMSIRCOMM.sys
S3 NdisFilt;OSA NdisFilter Protocol;C:WINDOWSsystem32DriversNdisFilt.sys
S3 SQLAgent$AUTODESKVAULT;SQLAgent$AUTODESKVAULT;"Crogram FilesMicrosoft SQL ServerMSSQL$AUTODESKVAULTBinnsqlagent.EXE" -i AUTODESKVAULT
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Aby zobaczyć linki, zarejestruj się tutaj]
Rootkit scan 2007-08-23 16:47:23
Windows 5.1.2600 Dodatek Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2007-08-23 16:47:57
C:ComboFix-quarantined-files.txt ... 2007-08-23 16:47
--- E O F ---
Liczba postów: 850
Liczba wątków: 12
Dołączył: 15.07.2006
Reputacja:
0
Cytat: R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O17 - HKLMSystemCCSServicesTcpip..{2D167C70-4369-4CCB-975F-9F195016B5DA}: NameServer = 85.255.116.18,85.255.112.185
O17 - HKLMSystemCCSServicesTcpip..{A129A8F1-B658-4F26-9BFB-03144735B66E}: NameServer = 85.255.116.18,85.255.112.185
O17 - HKLMSystemCCSServicesTcpip..{BB06B819-DAF8-4D12-B2D0-84DD4D871E64}: NameServer = 85.255.116.18,85.255.112.185
O17 - HKLMSystemCCSServicesTcpip..{CFDD7D83-8F32-4E84-809E-95C2A12565F3}: NameServer = 85.255.116.18,85.255.112.185
O17 - HKLMSystemCS1ServicesTcpipParameters: NameServer = 85.255.116.18 85.255.112.185
O17 - HKLMSystemCCSServicesTcpipParameters: NameServer = 85.255.116.18 85.255.112.185
Skasuj w hijacku. czy "problemy" ustąpiły :?:
"Nie jestem konsumentem mieszczącym się w standardzie
Nie jestem gatunkiem skazanym na wymarcie
Nie jestem obiektem medialnego hałasu
Jestem nielegalnym zabójcą czasu"
Liczba postów: 3
Liczba wątków: 1
Dołączył: 23.08.2007
Reputacja:
0
Dziekuje bardzo za pomoc problemy ustapily
Liczba postów: 8
Liczba wątków: 0
Dołączył: 06.11.2006
Reputacja:
0
Jedną chwileczkę...
Do Notatnika :
Kod: Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINESoftwareMicrosoftWindows NTCurrentVersionWinlogon]
"System"=""
[-HKLMSoftwareMicrosoftWindows NTCurrentVersionWinlogonNotifyWRNotifier]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSession Manager]
"BootExecute"=hex(7):61,00,75,00,74,00,6f,00,63,00,68,00,65,00,63,00,6b,00,20,
00,61,00,75,00,74,00,6f,00,63,00,68,00,6b,00,20,00,2a,00,00,00,00,00
Plik => Zapisz jako => Zmień rozszerzenie z .txtna Wszystkie pliki=> Następnie zapisz pod nazwą FIX.REG
Uruchom utworzony plik FIX.REG , a później potwierdź dodanie do Rejestrui zresetuj komputer.
Później pokaż nowy log z Silent Runners .
|