Problem z usunięciem Adware.Win32.BHO.awz

Proszę o pomoc w usunięciu Adware.Win32.BHO.awz, niestety po każdym skanowaniu A-Squared Anti-malware pojawia się ponownie i prawdopodobnie powoduje wyświetlenie komuniaktu Windows Defender oraz kieruje na stronę http://antispyspider.us/130. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14:31:07, on 2008-06-12 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\a-squared Anti-Malware\a2service.exe C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe C:\WINDOWS\System32\FTRTSVC.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Moon Secure Antivirus\msavcore.exe C:\WINDOWS\system32\PDFCreatorMessages.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\Program Files\Apoint2K\Apoint.exe C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\Apoint2K\Apntex.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe C:\Program Files\TOSHIBA\TouchPad\TPTray.exe C:\WINDOWS\system32\TCtrlIOHook.exe C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE C:\WINDOWS\system32\ZoomingHook.exe C:\Program Files\TOSHIBA\TME3\TMEEJME.EXE C:\Program Files\TOSHIBA\Program narzędziowy TOSHIBA Zooming Utility\SmoothView.exe C:\Program Files\TOSHIBA\Accessibility\FnKeyHook.exe C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe C:\Program Files\Sony Ericsson\Wireless Manager\GCXXManager.exe C:\Program Files\Moon Secure Antivirus\moontray.exe C:\Program Files\Global Graphics\Jaws PDF Creator 5\PDFClient.exe C:\Program Files\a-squared Anti-Malware\a2guard.exe C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\TOSHIBA\ConfigFree\CFXFER.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe C:\PROGRAM FILES\A-SQUARED ANTI-MALWARE\a2scan.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://c:/windows/homepage.html R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file://c:/windows/homepage.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://c:/windows/homepage.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = file://c:/windows/homepage.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://c:/windows/homepage.html R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = file://c:/windows/homepage.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = file://c:/windows/homepage.html R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe O4 - HKLM\..\Run: [TPSMain] TPSMain.exe O4 - HKLM\..\Run: [TCtryIOHook] TCtrlIOHook.exe O4 - HKLM\..\Run: [TFncKy] TFncKy.exe O4 - HKLM\..\Run: [TMESRV.EXE] C:\Program Files\TOSHIBA\TME3\TMESRV31.EXE /Logon O4 - HKLM\..\Run: [TMERzCtl.EXE] C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE /Service O4 - HKLM\..\Run: [Zooming] ZoomingHook.exe O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\Program narzędziowy TOSHIBA Zooming Utility\SmoothView.exe O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP O4 - HKLM\..\Run: [TOSHIBA Accessibility] C:\Program Files\TOSHIBA\Accessibility\FnKeyHook.exe O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient O4 - HKLM\..\Run: [OBSWATCH] C:\PROGRA~1\OrangeBs\Watch.exe O4 - HKLM\..\Run: [NSLauncher] C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe /startup O4 - HKLM\..\Run: [GCXX-Manager-Class] "C:\Program Files\Sony Ericsson\Wireless Manager\GCXXManager.exe" -startup O4 - HKLM\..\Run: [Moon Secure Antivirus] "C:\Program Files\Moon Secure Antivirus\moontray.exe" O4 - HKLM\..\Run: [PDFCreatorClient] "C:\Program Files\Global Graphics\Jaws PDF Creator 5\PDFClient.exe" O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe" /d=60 O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" /NoDialog O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Bluetooth Manager.lnk = ? O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe O23 - Service: Moon Secure Antivirus Core (msav) - Unknown owner - C:\Program Files\Moon Secure Antivirus\msavcore.exe O23 - Service: PDFCreatorMessages - Global Graphics Software Ltd. - C:\WINDOWS\system32\PDFCreatorMessages.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Tmesrv3 (Tmesrv) - TOSHIBA - C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe -- End of file - 8847 bytes pozdrawiam

Combofix pokasował troche. W logu juz nie widać nic specjalnie. Poprawiło się ??

Żółty

Dodano: 12.06.2008 22:13:01

petrus 12.06.2008 22:31:59

Tak, poprawiło się i to znacznie, serdeczne dzięki za pomoc :lol: pozdrawiam.

Zrób loga Combofixa i pokaż go.

Żółty

Dodano: 12.06.2008 17:51:36

petrus 12.06.2008 20:01:59

ComboFix 08-06-10.5 - Robert Janus 2008-06-12 17:24:55.1 - NTFSx86 Running from: C:\Documents and Settings\Robert Janus\Pulpit\ComboFix.exe * Created a new restore point [color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color] . [color=purple]The following files were disabled during the run:[/color] C:\Program Files\Moon Secure Antivirus\MoonSysH.dll ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows Media\10.0\WMSDKNSD.XML C:\Program Files\BulletProofSoft.com C:\WINDOWS\g32.txt C:\WINDOWS\homepage.html C:\WINDOWS\promo1.html C:\WINDOWS\promo2.html C:\WINDOWS\promo3.html C:\WINDOWS\promo4.html C:\WINDOWS\promo5.html C:\WINDOWS\promo6.html C:\WINDOWS\promogif1.gif C:\WINDOWS\promogif2.gif C:\WINDOWS\promogif3.gif C:\WINDOWS\s32.txt C:\WINDOWS\system32\adult.txt C:\WINDOWS\system32\finance.txt C:\WINDOWS\system32\lt.res C:\WINDOWS\system32\other.txt C:\WINDOWS\system32\pharma.txt C:\WINDOWS\system32\sft.res C:\WINDOWS\system32\sn.txt C:\WINDOWS\system32\sockins32.dll C:\WINDOWS\ws386.ini . ((((((((((((((((((((((((( Files Created from 2008-05-12 to 2008-06-12 ))))))))))))))))))))))))))))))) . 2008-06-12 13:11 . 2008-06-12 13:11 <DIR> d-------- C:\Documents and Settings\Administrator\Dane aplikacji\Talkback 2008-06-11 21:00 . 2008-06-12 13:57 <DIR> d-------- C:\Program Files\a-squared Anti-Malware 2008-06-11 20:23 . 2008-06-11 20:23 <DIR> d-------- C:\Program Files\Trend Micro 2008-06-11 19:10 . 2008-06-11 19:10 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy 2008-06-11 18:21 . 2008-06-11 18:21 <DIR> d-------- C:\Program Files\Lavasoft 2008-06-11 18:21 . 2008-06-11 18:21 <DIR> d-------- C:\Documents and Settings\Robert Janus\Dane aplikacji\Lavasoft 2008-06-11 00:17 . 2008-06-11 23:50 <DIR> d-------- C:\Program Files\Anti-Spyware Blocker 2008-06-10 22:52 . 2008-06-10 23:05 <DIR> d-------- C:\Program Files\SkanerOnline 2008-06-10 22:30 . 2008-04-14 17:53 273,024 --------- C:\WINDOWS\system32\drivers\bthport.sys 2008-06-10 22:30 . 2008-04-14 17:53 273,024 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys 2008-05-12 12:58 . 2008-05-12 12:58 <DIR> d-------- C:\Documents and Settings\Robert Janus\Dane aplikacji\Nokia Multimedia Player 2008-05-12 12:51 . 2008-05-29 08:03 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-05-12 12:51 . 2008-05-12 12:51 1,409 --a------ C:\WINDOWS\QTFont.for . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-06-12 15:22 --------- d-----w C:\Program Files\Moon Secure Antivirus 2008-06-09 08:48 --------- d-----w C:\Program Files\SimpleCenter 2008-06-09 08:48 --------- d-----w C:\Program Files\QuickTime 2008-06-09 08:48 --------- d-----w C:\Program Files\PDFCreator 2008-06-09 08:47 --------- d-----w C:\Program Files\OrangeBs 2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys 2008-05-07 09:39 0 ---ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf 2008-05-07 09:39 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf 2008-05-07 09:37 --------- d-----w C:\Documents and Settings\Robert Janus\Dane aplikacji\Nokia 2008-05-07 09:28 --------- d-----w C:\Program Files\Nokia 2008-05-07 09:28 --------- d-----w C:\Program Files\Common Files\PCSuite 2008-05-07 09:28 --------- d-----w C:\Program Files\Common Files\Nokia 2008-05-07 09:28 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Downloaded Installations 2008-05-07 09:25 --------- d-----w C:\Program Files\PC Connectivity Solution 2008-05-07 09:25 --------- d-----w C:\Program Files\DIFX 2008-05-07 09:20 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Installations 2008-05-07 05:16 1,291,264 ----a-w C:\WINDOWS\system32\quartz.dll 2008-04-21 07:03 662,016 ----a-w C:\WINDOWS\system32\wininet.dll 2008-03-25 04:52 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll 2008-03-25 04:52 178,976 ----a-w C:\WINDOWS\system32\msjint40.dll 2008-03-20 08:09 1,845,504 ----a-w C:\WINDOWS\system32\win32k.sys 2008-03-17 13:42 253,116 ----a-w C:\WINDOWS\PDFCreator_Toolbar_Uninstaller_1171.exe 2008-03-17 13:42 14,290 ----a-w C:\Program Files\settings.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360] "TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2003-09-15 17:52 65536] "Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" [2008-03-26 18:41 1232896] "PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" [2008-04-16 12:53 1079808] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-11-02 18:03 155648] "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-11-02 17:59 126976] "Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2004-03-24 07:40 196608] "PadTouch"="C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe" [2004-06-29 19:04 1077326] "AGRSMMSG"="AGRSMMSG.exe" [2004-10-28 23:37 88363 C:\WINDOWS\agrsmmsg.exe] "CeEKEY"="C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe" [2004-11-29 10:10 667648] "TPNF"="C:\Program Files\TOSHIBA\TouchPad\TPTray.exe" [2004-11-29 22:06 53248] "TPSMain"="TPSMain.exe" [2004-12-17 16:29 266240 C:\WINDOWS\system32\TPSMain.exe] "TCtryIOHook"="TCtrlIOHook.exe" [2005-01-03 18:37 28672 C:\WINDOWS\system32\TCtrlIOHook.exe] "TFncKy"="TFncKy.exe" [] "TMESRV.EXE"="C:\Program Files\TOSHIBA\TME3\TMESRV31.exe" [2004-11-22 16:43 126976] "TMERzCtl.EXE"="C:\Program Files\TOSHIBA\TME3\TMERzCtl.exe" [2004-12-17 15:11 86016] "Zooming"="ZoomingHook.exe" [2004-07-14 17:07 24576 C:\WINDOWS\system32\ZoomingHook.exe] "SmoothView"="C:\Program Files\TOSHIBA\Program narzędziowy TOSHIBA Zooming Utility\SmoothView.exe" [2004-12-21 16:48 118784] "HWSetup"="C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe" [2004-12-23 19:07 28672] "TOSHIBA Accessibility"="C:\Program Files\TOSHIBA\Accessibility\FnKeyHook.exe" [2005-01-14 14:40 24576] "SVPWUTIL"="C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe" [2004-12-27 11:26 61440] "NDSTray.exe"="NDSTray.exe" [] "dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-08-03 02:05 122939] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-12-18 14:43 98304] "NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648] "CFSServ.exe"="CFSServ.exe" [] "OBSWATCH"="C:\PROGRA~1\OrangeBs\Watch.exe" [2005-09-07 10:26 20480] "NSLauncher"="C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe" [2006-11-28 02:12 2658304] "GCXX-Manager-Class"="C:\Program Files\Sony Ericsson\Wireless Manager\GCXXManager.exe" [2004-11-24 12:06 802921] "Moon Secure Antivirus"="C:\Program Files\Moon Secure Antivirus\moontray.exe" [2007-10-13 12:12 1642496] "PDFCreatorClient"="C:\Program Files\Global Graphics\Jaws PDF Creator 5\PDFClient.exe" [2008-02-01 20:37 471040] "a-squared"="C:\Program Files\a-squared Anti-Malware\a2guard.exe" [2008-06-11 22:09 2131600] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360] C:\Documents and Settings\All Users\Menu Start\Programy\AutostartBluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2004-09-04 00:41:44 385024] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Moon Secure AntivirusFrontEnd GUI] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Mozilla Firefox\\firefox.exe"= "C:\\Program Files\\TOSHIBA\\ConfigFree\\CFXFER.exe"= "C:\\Program Files\\SimpleCenter\\Home Media Server.exe"= R1 TMEI3E;TMEI3E;C:\WINDOWS\system32\Drivers\TMEI3E.SYS [2004-06-16 12:08] R2 msav;Moon Secure Antivirus Core;C:\Program Files\Moon Secure Antivirus\msavcore.exe [2007-10-16 12:30] R3 tosrfec;Bluetooth ACPI from TOSHIBA;C:\WINDOWS\system32\DRIVERS\tosrfec.sys [2004-05-18 16:18] S3 GTF32BUS;GT F32 BUS;C:\WINDOWS\system32\DRIVERS\gtf32bus.sys [2006-04-25 10:39] S3 GTPTSER;GT PT SER;C:\WINDOWS\system32\DRIVERS\gtptser.sys [2006-04-25 10:39] S3 GTSCSER;GT SC SER;C:\WINDOWS\system32\DRIVERS\gtscser.sys [2006-04-25 10:39] S3 SEMWModem;Sony Ericsson SEMWModem;C:\WINDOWS\system32\DRIVERS\GCXX.sys [2004-11-05 20:08] S3 SEMWWNIC;Sony Ericsson SEMWWNIC;C:\WINDOWS\system32\DRIVERS\GCXXNet.sys [2004-11-05 20:08] *Newly Created Service* - CATCHME . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-06-12 17:36:46 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mchInjDrv] "ImagePath"="\??\C:\WINDOWS\TEMP\mc27.tmp" . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\system32\winlogon.exe -> C:\Program Files\Moon Secure Antivirus\MoonSysH.dll PROCESS: C:\WINDOWS\system32\lsass.exe -> C:\Program Files\Moon Secure Antivirus\MoonSysH.dll PROCESS: C:\WINDOWS\system32\csrss.exe -> C:\Program Files\Moon Secure Antivirus\MoonSysH.dll . Completion time: 2008-06-12 17:40:58 ComboFix-quarantined-files.txt 2008-06-12 15:40:53 Pre-Run: 23,884,242,944 bajtów wolnych Post-Run: 24,124,354,560 bajtów wolnych 159 --- E O F --- 2008-06-11 23:11:22

Problem z usunięciem Adware.Win32.BHO.awz - Pomocy !

Odpowiedzi: 2