Czy ktoś pomoże Jak w temacie i do tego jeszcze nie mogę uruchomić menedzera zadań i nie moge wejsc w rejestr… Logi HiJack i Combofix
HIJACK
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\dwwin.exe
C:\WINDOWS\system32\dwwin.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O4 - HKLM…\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM…\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM…\Run: [sigmaTel StacMon] C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe
O4 - HKLM…\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM…\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM…\Run: [TFncKy] TFncKy.exe
O4 - HKLM…\Run: [Adobe Reader Speed Launcher] “C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe”
O4 - HKLM…\Run: [WinampAgent] “C:\Program Files\Winamp\winampa.exe”
O4 - HKCU…\Run: [ALLUpdate] “C:\Program Files\ALLPlayer\ALLUpdate.exe” “sleep”
O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’)
O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’)
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Statystyki ochrony WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip…{D2FA82AD-1DCE-490C-A1CC-26B8C41B6BE9}: NameServer = 194.204.152.34,194.204.159.1
–
End of file - 3491 bytes
COMBOFIX
ComboFix 09-10-08.04 - Ventix 2009-10-10 15:27.1.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.48.1045.18.239.91 [GMT 2:00]
Uruchomiony z: c:\documents and settings\Ventix\Moje dokumenty\Pobieranie\ComboFix.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Outdated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.
((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\ieuinit.inf
.
((((((((((((((((((((((((( Pliki utworzone od 2009-09-10 do 2009-10-10 )))))))))))))))))))))))))))))))
.
2009-10-10 13:06 . 2009-10-10 13:06 -------- d-----w- c:\program files\Uniblue
2009-10-10 13:02 . 2006-06-27 03:40 3584 -c----w- c:\windows\system32\dllcache\WgaLogon.dll
2009-10-10 13:02 . 2006-06-27 03:40 12800 -c----w- c:\windows\system32\dllcache\WgaTray.exe
2009-10-10 12:59 . 2009-10-10 13:06 -------- dc-h–w- c:\documents and settings\All Users\Dane aplikacji{2840BBCB-9BEC-47F6-BA0F-10D3C34BF151}
2009-10-10 12:57 . 2009-10-10 12:57 -------- d-----w- c:\windows\Downloaded Installations
2009-10-10 12:48 . 2009-10-10 12:48 -------- d-----w- c:\documents and settings\Ventix\Dane aplikacji\Uniblue
2009-10-09 20:25 . 2008-12-07 18:08 795648 ----a-w- c:\windows\system32\xvidcore.dll
2009-10-09 20:25 . 2007-07-05 02:33 892928 ----a-w- c:\windows\system32\iconv.dll
2009-10-09 20:25 . 2009-10-09 20:30 -------- d-----w- c:\program files\ALLPlayer
2009-10-09 20:19 . 2004-08-03 22:44 221184 ----a-w- c:\windows\system32\wmpns.dll
2009-10-09 16:19 . 2009-10-09 16:19 -------- d-----w- c:\documents and settings\Ventix\Dane aplikacji\ipla
2009-10-09 16:19 . 2009-10-09 16:19 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\ipla
2009-10-09 16:19 . 2009-10-09 16:19 -------- d-----w- c:\program files\ipla
2009-10-09 16:18 . 2009-10-09 16:18 348160 ----a-w- c:\windows\system32\Msvcr71.dll
2009-10-09 16:18 . 2009-10-09 16:18 1700352 ----a-w- c:\windows\system32\gdiplus.dll
2009-10-09 16:18 . 2009-10-09 16:18 1060864 ----a-w- c:\windows\system32\mfc71.dll
2009-10-08 21:58 . 2009-10-09 20:25 -------- d-----w- c:\program files\NAPI-PROJEKT
2009-10-08 21:57 . 2009-10-09 20:23 -------- d-----w- c:\program files\SubEdit-Player
2009-10-08 20:50 . 2009-10-08 20:50 -------- d-----w- c:\program files\7-Zip
2009-10-08 20:05 . 2009-10-08 20:05 96976 ----a-w- c:\windows\system32\drivers\klin.dat
2009-10-08 20:05 . 2009-10-08 20:05 87855 ----a-w- c:\windows\system32\drivers\klick.dat
2009-10-08 20:04 . 2009-10-08 20:15 32 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2009-10-08 20:04 . 2009-10-08 20:15 32 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-10-08 20:04 . 2009-10-08 20:04 -------- d-----w- c:\program files\Kaspersky Lab
2009-10-08 20:04 . 2009-10-08 20:04 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab
2009-10-08 19:58 . 2009-10-08 19:58 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files
2009-10-08 10:20 . 2009-10-08 10:20 0 ----a-w- c:\windows\nsreg.dat
2009-10-08 10:20 . 2009-10-08 10:20 -------- d-----w- c:\documents and settings\Ventix\Ustawienia lokalne\Dane aplikacji\Mozilla
2009-10-08 10:18 . 2004-08-03 21:08 26496 -c–a-w- c:\windows\system32\dllcache\usbstor.sys
2009-10-08 07:23 . 2009-10-08 07:23 -------- d-s—w- c:\documents and settings\Ventix\UserData
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-10 12:53 . 2009-10-07 21:34 -------- d–h--w- c:\program files\InstallShield Installation Information
2009-10-08 20:15 . 2009-10-08 20:04 32 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2009-10-08 20:15 . 2009-10-08 20:04 32 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-10-08 09:35 . 2009-10-08 09:34 -------- d-----w- c:\documents and settings\Ventix\Dane aplikacji\Winamp
2009-10-08 09:35 . 2009-10-08 09:34 -------- d-----w- c:\program files\Winamp
2009-10-07 22:03 . 2009-10-07 22:03 12328 ----a-w- c:\documents and settings\Ventix\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
2009-10-07 21:52 . 2009-10-07 21:52 -------- d-----w- c:\program files\Common Files\Adobe
2009-10-07 21:45 . 2009-10-07 21:38 -------- d-----w- c:\program files\Toshiba
2009-10-07 21:44 . 2001-10-26 16:15 49690 ----a-w- c:\windows\system32\perfc015.dat
2009-10-07 21:44 . 2001-10-26 16:15 355724 ----a-w- c:\windows\system32\perfh015.dat
2009-10-07 21:43 . 2009-10-07 21:43 -------- d-----w- c:\program files\ltmoh
2009-10-07 21:42 . 2009-10-07 21:42 -------- d-----w- c:\program files\Apoint2K
2009-10-07 21:41 . 2009-10-07 21:41 -------- d-----w- c:\program files\SigmaTel
2009-10-07 21:41 . 2009-10-07 21:34 -------- d-----w- c:\program files\Common Files\InstallShield
2009-10-07 21:36 . 2009-10-07 21:36 -------- d-----w- c:\program files\Java
2009-10-07 21:36 . 2009-10-07 21:36 -------- d-----w- c:\program files\Common Files\Java
2009-10-07 21:35 . 2009-10-07 21:35 -------- d-----w- c:\program files\Intel
2009-10-07 20:25 . 2009-10-07 20:25 -------- d-----w- c:\program files\microsoft frontpage
2009-10-07 20:22 . 2009-10-07 20:22 -------- d-----w- c:\program files\Usługi online
2009-10-07 20:20 . 2009-10-07 20:20 21856 ----a-w- c:\windows\system32\emptyregdb.dat
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“ALLUpdate”=“c:\program files\ALLPlayer\ALLUpdate.exe” [2009-06-04 939520]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“IgfxTray”=“c:\windows\system32\igfxtray.exe” [2004-01-26 237568]
“HotKeysCmds”=“c:\windows\system32\hkcmd.exe” [2004-01-26 192512]
“SigmaTel StacMon”=“c:\program files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe” [2003-08-03 159801]
“Apoint”=“c:\program files\Apoint2K\Apoint.exe” [2003-10-30 266240]
“Adobe Reader Speed Launcher”=“c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe” [2009-02-27 113520]
“WinampAgent”=“c:\program files\Winamp\winampa.exe” [2008-04-01 110080]
“AGRSMMSG”=“AGRSMMSG.exe” - c:\windows\agrsmmsg.exe [2004-02-20 157995]
“TFncKy”=“TFncKy.exe” [bU]
[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“c:\windows\system32\CTFMON.EXE” [2004-08-03 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
“EnableLUA”= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
“DisableTaskMgr”= 1 (0x1)
“DisableRegistryTools”= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
“UpdatesDisableNotify”=dword:00000001
“AntiVirusOverride”=dword:00000001
“FirewallOverride”=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
“DisableMonitoring”=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
“AntiVirusOverride”=dword:00000001
“AntiVirusDisableNotify”=dword:00000001
“FirewallDisableNotify”=dword:00000001
“FirewallOverride”=dword:00000001
“UpdatesDisableNotify”=dword:00000001
“UacDisableNotify”=dword:00000001
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
“EnableFirewall”= 0 (0x0)
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
“%windir%\system32\sessmgr.exe”=
“d:\Ventyl\Instalki\winamp553_full_emusic-7plus_pl-pl.exe”=
“c:\WINDOWS\AGRSMMSG.exe”=
“c:\Program Files\Winamp\winampa.exe”=
“c:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe”=
“c:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe”=
“c:\WINDOWS\system32\hkcmd.exe”=
“c:\Program Files\Apoint2K\Apntex.exe”=
“c:\WINDOWS\system32\igfxtray.exe”=
“c:\Program Files\Mozilla Firefox\firefox.exe”=
“c:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe”=
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-01-29 32784]
R3 abp470n5;abp470n5;??\c:\windows\system32\drivers\lenmnn.sys --> c:\windows\system32\drivers\lenmnn.sys [?]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [2008-03-13 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2008-04-30 24592]
.
.
------- Skan uzupełniający -------
.
TCP: {D2FA82AD-1DCE-490C-A1CC-26B8C41B6BE9} = 194.204.152.34,194.204.159.1
FF - ProfilePath - c:\documents and settings\Ventix\Dane aplikacji\Mozilla\Firefox\Profiles\rk8ja9dw.default\
FF - plugin: c:\program files\Java\j2re1.4.2_05\bin\NPJava11.dll
FF - plugin: c:\program files\Java\j2re1.4.2_05\bin\NPJava12.dll
FF - plugin: c:\program files\Java\j2re1.4.2_05\bin\NPJava13.dll
FF - plugin: c:\program files\Java\j2re1.4.2_05\bin\NPJava14.dll
FF - plugin: c:\program files\Java\j2re1.4.2_05\bin\NPJava32.dll
FF - plugin: c:\program files\Java\j2re1.4.2_05\bin\NPJPI142_05.dll
FF - plugin: c:\program files\Java\j2re1.4.2_05\bin\NPOJI610.dll
.
-
-
-
- USUNIĘTO PUSTE WPISY - - - -
-
-
HKCU-Run-Uniblue RegistryBooster 2 - c:\program files\Uniblue\RegistryBooster 2\RegistryBooster.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-10 15:32
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
skanowanie ukrytych procesów …
skanowanie ukrytych wpisów autostartu …
skanowanie ukrytych plików …
skanowanie pomyślnie ukończone
ukryte pliki: 0
**************************************************************************
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\Interface{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@=“IFlashBroker3”
[HKEY_LOCAL_MACHINE\software\Classes\Interface{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
“Version”=“1.0”
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------
-
-
-
-
-
-
- > ‘explorer.exe’(3900)
-
-
-
-
-
c:\windows\system32\msi.dll
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
c:\windows\system32\wdfmgr.exe
c:\program files\Toshiba\TOSHIBA Controls\TFncKy.exe
c:\windows\system32\dwwin.exe
c:\program files\Apoint2K\ApntEx.exe
.
**************************************************************************
.
Czas ukończenia: 2009-10-10 15:34 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt 2009-10-10 13:34
Przed: 11 424 825 344 bajtów wolnych
Po: 11 496 337 408 bajtów wolnych
WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT=“Microsoft Windows Recovery Console” /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS=“Microsoft Windows XP Professional” /noexecute=optin /fastdetect
181
Do tego jpg jak to wygląda
Prosze o pomoc