ComboFix 08-07-31.01 - Przemek 2008-07-31 19:56:11.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.652 [GMT 2:00]

Running from: C:\Documents and Settings\Przemek\Pulpit\ComboFix.exe

* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\WINDOWS\system32\bund1

C:\WINDOWS\system32\bund1\temp.txt

C:\WINDOWS\system32\tmp24.tmp

.

((((((((((((((((((((((((( Files Created from 2008-06-28 to 2008-07-31 )))))))))))))))))))))))))))))))

.

2008-07-31 15:57 . 2008-07-31 15:57

2008-07-31 15:57 . 2007-10-12 16:14 3,734,536 --a------ C:\WINDOWS\system32\d3dx9_36.dll

2008-07-31 15:56 . 2005-05-26 16:34 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll

2008-07-27 01:14 . 2008-07-27 01:14

2008-07-25 04:11 . 2008-07-25 04:11

2008-07-25 04:11 . 2008-07-25 04:11 409,600 --a------ C:\WINDOWS\system32\wrap_oal.dll

2008-07-25 04:11 . 2008-07-25 04:11 114,688 --a------ C:\WINDOWS\system32\OpenAL32.dll

2008-07-24 13:48 . 2008-07-24 13:48

2008-07-24 13:46 . 2008-07-24 13:46

2008-07-19 12:32 . 2008-07-19 12:32

2008-07-18 14:39 . 2008-07-18 14:39

2008-07-18 14:26 . 2008-07-18 14:43

2008-06-22 21:13 . 2008-06-22 21:13

2008-06-22 21:00 . 2008-06-22 21:00

2008-06-08 20:26 . 2008-06-16 21:59

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-07-26 22:52 --------- d-----w C:\Documents and Settings\Przemek\Dane aplikacji\Skype

2008-07-24 11:40 --------- d-----w C:\Program Files\SubEdit-Player

2008-07-20 01:26 --------- d-----w C:\Documents and Settings\Przemek\Dane aplikacji\OpenOffice.org2

2008-07-19 10:34 --------- d–h--w C:\Program Files\InstallShield Installation Information

2008-06-12 18:36 7,680 ----a-w C:\WINDOWS\system32\ff_vfw.dll

2008-06-08 18:44 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Microsoft Help

2008-05-30 23:22 683,520 ----a-w C:\WINDOWS\system32\divx.dll

2008-05-30 22:33 --------- d-----w C:\Program Files\Apple Software Update

2008-05-30 22:33 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Apple

2008-05-22 22:22 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll

2008-05-22 22:19 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll

2008-05-10 17:51 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll

2008-01-25 22:49 16,384 --sha-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat

2008-01-25 22:49 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\index.dat

2008-01-25 22:47 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\MSHist012008012520080126\index.dat

2008-01-25 22:49 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Temporary Internet Files\Content.IE5\index.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“BitComet”=“C:\Program Files\BitComet\BitComet.exe” [2008-02-01 09:20 2194744]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“Outpost Firewall”=“C:\Program Files\Agnitum\Outpost Firewall\outpost.exe” [2006-12-18 13:39 94720]

“OutpostFeedBack”=“C:\Program Files\Agnitum\Outpost Firewall\feedback.exe” [2006-12-29 15:06 335872]

[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

“CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE” [2004-08-04 01:44 15360]

[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

“nltide_2”=“shell32” [X]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

“VIDC.YV12”= yv12vfw.dll

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

“ctfmon.exe”=C:\WINDOWS\system32\ctfmon.exe

“BitComet”=“C:\Program Files\BitComet\BitComet.exe” /tray

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

“Smapp”=C:\Program Files\Analog Devices\SoundMAX\SMTray.exe

“Easy-PrintToolBox”=C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon

“Adobe Reader Speed Launcher”=“C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe”

“SunJavaUpdateSched”=C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe

“GrooveMonitor”=“C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe”

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

“EnableFirewall”= 0 (0x0)

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

“%windir%\system32\sessmgr.exe”=

“C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe”=

“C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE”=

“C:\Program Files\Microsoft Office\Office12\GROOVE.EXE”=

“C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE”=

“C:\Program Files\Skype\Phone\Skype.exe”=

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

“20302:TCP”= 20302:TCP:BitComet 20302 TCP

“20302:UDP”= 20302:UDP:BitComet 20302 UDP

R0 AFPAnsi;G-DATA Ukrywacz Ansi;C:\WINDOWS\system32\Drivers\AFPAnsi.sys [2002-10-09 14:53]

R0 FO_PAnt;FotoOffice VirtualDisc Driver;C:\WINDOWS\system32\Drivers\FO_PAnt.sys [2003-07-17 13:56]

R1 SandBox;Outpost Firewall Sandbox Driver;C:\Program Files\Agnitum\Outpost Firewall\kernel\Sandbox.SYS [2006-12-13 15:23]

R1 VFILT;Outpost Firewall Kernel Driver;C:\Program Files\Agnitum\Outpost Firewall\kernel\FILTNT.SYS [2006-12-18 13:39]

R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2004-08-04 01:44]

R3 ADBLOCK.DLL;Outpost Firewall PlugIn (ADBLOCK.DLL);C:\Program Files\Agnitum\Outpost Firewall\kernel\ADBLOCK.DLL [2006-12-18 13:40]

R3 ARP.DLL;Outpost Firewall PlugIn (ARP.DLL);C:\Program Files\Agnitum\Outpost Firewall\kernel\ARP.DLL [2006-12-18 13:40]

R3 CONTENT.DLL;Outpost Firewall PlugIn (CONTENT.DLL);C:\Program Files\Agnitum\Outpost Firewall\kernel\CONTENT.DLL [2006-12-18 13:40]

R3 DNSCACHE.DLL;Outpost Firewall PlugIn (DNSCACHE.DLL);C:\Program Files\Agnitum\Outpost Firewall\kernel\DNSCACHE.DLL [2006-12-18 13:39]

R3 FTPFILT.DLL;Outpost Firewall PlugIn (FTPFILT.DLL);C:\Program Files\Agnitum\Outpost Firewall\kernel\FTPFILT.DLL [2006-12-18 13:40]

R3 HTMLFILT.DLL;Outpost Firewall PlugIn (HTMLFILT.DLL);C:\Program Files\Agnitum\Outpost Firewall\kernel\HTMLFILT.DLL [2006-12-18 13:39]

R3 HTTPFILT.DLL;Outpost Firewall PlugIn (HTTPFILT.DLL);C:\Program Files\Agnitum\Outpost Firewall\kernel\HTTPFILT.DLL [2006-12-18 13:39]

R3 IMAPFILT.DLL;Outpost Firewall PlugIn (IMAPFILT.DLL);C:\Program Files\Agnitum\Outpost Firewall\kernel\IMAPFILT.DLL [2006-12-18 13:40]

R3 MAILFILT.DLL;Outpost Firewall PlugIn (MAILFILT.DLL);C:\Program Files\Agnitum\Outpost Firewall\kernel\MAILFILT.DLL [2006-12-18 13:40]

R3 NNTPFILT.DLL;Outpost Firewall PlugIn (NNTPFILT.DLL);C:\Program Files\Agnitum\Outpost Firewall\kernel\NNTPFILT.DLL [2006-12-18 13:40]

R3 POP3FILT.DLL;Outpost Firewall PlugIn (POP3FILT.DLL);C:\Program Files\Agnitum\Outpost Firewall\kernel\POP3FILT.DLL [2006-12-18 13:40]

R3 PROTECT.DLL;Outpost Firewall PlugIn (PROTECT.DLL);C:\Program Files\Agnitum\Outpost Firewall\kernel\PROTECT.DLL [2006-12-18 13:40]

R3 SECRET.DLL;Outpost Firewall PlugIn (SECRET.DLL);C:\Program Files\Agnitum\Outpost Firewall\kernel\SECRET.DLL [2006-12-18 13:40]

S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-01-26 17:51]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

UxTuneUp

*Newly Created Service* - CATCHME

*Newly Created Service* - PROCEXP90

.

Contents of the ‘Scheduled Tasks’ folder

2008-06-06 C:\WINDOWS\Tasks\1-Click Maintenance.job

• C:\Program Files\TuneUp Utilities 2008\OneClick.exe [2007-12-21 16:17]

2008-05-30 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job

• C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 14:57]

.

• • • • ORPHANS REMOVED - - - -

Notify-WgaLogon - (no file)

.

------- Supplementary Scan -------

.

FireFox -: Profile - C:\Documents and Settings\Przemek\Dane aplikacji\Mozilla\Firefox\Profiles\d9n5027h.default\

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-07-31 20:01:52

Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes …

scanning hidden autostart entries …

scanning hidden files …

scan completed successfully

hidden files: 0

**************************************************************************

.

Completion time: 2008-07-31 20:03:11

ComboFix-quarantined-files.txt 2008-07-31 18:02:57

Pre-Run: 23,777,931,264 bajtów wolnych

Post-Run: 24,065,318,912 bajtów wolnych

137 — E O F — 2008-01-26 14:11:10

Jakby ktoś rzucił okiem byłoby ok.Komp jest znajomego i uparł się na formata.

Czysto!

Usuń ręcznie folder C:** Qoobox**,

Usuń instalkę ComboFix z dysku.

Wykonaj optymalizację autostartu

Przeczyść komputer Ccleanerem

Wyłącz i włącz przywracanie systemu na wszystkich dyskach. Instrukcja

Przeskanuj obszar mojego komputera http://www.kaspersky.pl/virusscanner.html (uruchom przez IE) Daj raport z niego na forum

lub

Dr.WEB CureIt!.

Otwórz notatnik i wklej

zapisz jako plik.reg >> wszystkie pliki >> scal z rejestrem >> restart

powstanie plik o takiej ikonie

w który dwa razy klikniesz potwierdzisz chęć dodania do rejestru potem restart

Log wygląda na czysty

zrób optymalizacje uruchamiania

http://cybertrash.netarteria.pl/cyber/i … 378.0.html

usuń ręcznie folder C: \Qoobox usuń instalkę Combofix z dysku.

Wyłącz I włącz przywracanie systemu na wszystkich dyskach.http://support.microsoft.com/kb/310405/pl

przeskanuj obszar Mój komputer http://www.kaspersky.pl/virusscanner.html pokaż raport stronę uruchomić przez IE

Czy system był stawiany z płyty przygotowanej przez nLite?

Dzięki o to mi chodziło dalej dam radę.