Witam.Kaspersky nie pomaga,szukałem w necie co to jest Mass -mailer i dotarlem tutaj.Zeskanowałem komputer za pomoca ComboFix.Proszę o pomoc,co mam zrobic by pozbyc sie Mass-mailera? Oto log.txt po zeskanowaniu:
ComboFix 08-09-30.03 - radek 2008-10-01 11:33:09.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1250.1.1045.18.1527 [GMT 1:00]
Uruchomiony z: C:\Documents and Settings\radek\Pulpit\ComboFix.exe
* Utworzono nowy punkt przywracania
.
((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_MCHINJDRV
((((((((((((((((((((((((( Pliki utworzone od 2008-09-01 do 2008-10-01 )))))))))))))))))))))))))))))))
.
2008-09-30 12:33 . 2008-09-30 12:33
2008-09-30 03:28 . 2008-09-30 03:28
2008-09-27 15:05 . 2008-09-27 15:07
2008-09-27 15:02 . 2008-09-28 02:39
2008-09-27 14:47 . 2008-09-28 01:56
2008-09-27 14:47 . 2008-09-27 14:47
2008-09-27 02:12 . 1994-09-21 01:00 92,208 --a–c— C:\WINDOWS\system32\WING.DLL
2008-09-27 02:12 . 1994-09-21 01:00 12,800 --a–c— C:\WINDOWS\system\WING32.DLL
2008-09-26 20:12 . 2008-10-01 11:43 102,258 --a–c— C:\WINDOWS\system32\drivers\c6996ca0.sys
2008-09-24 16:50 . 2008-09-24 16:50 7,168 --ahsc— C:\WINDOWS\Thumbs.db
2008-09-14 11:50 . 2008-09-14 11:50
2008-09-14 11:50 . 2003-07-02 01:00 131,072 -ra–c— C:\WINDOWS\system32\Epcmlib.dll
2008-09-14 11:49 . 2003-09-25 09:12 76,045 --a–c— C:\WINDOWS\system32\EBPMON24.DLL
2008-09-14 11:49 . 2003-07-15 21:14 31,744 --a–c— C:\WINDOWS\system32\E_DCINST.DLL
2008-09-14 11:49 . 2001-09-03 10:04 182 --a–c— C:\WINDOWS\system32\EBPPORT4.DAT
2008-09-14 11:48 . 2008-09-30 18:25
2008-09-14 11:48 . 2008-09-14 11:48 25 --a–c— C:\WINDOWS\CDEC66SeriesEuro.ini
2008-09-14 11:44 . 2008-04-13 19:47 25,856 --a–c— C:\WINDOWS\system32\drivers\usbprint.sys
2008-09-14 11:44 . 2008-04-13 19:47 25,856 --a–c— C:\WINDOWS\system32\dllcache\usbprint.sys
2008-09-10 22:00 . 2008-09-10 22:00
2008-09-03 10:18 . 2008-09-03 15:07
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-01 10:42 404,256 -csha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-10-01 10:42 11,001,120 -csha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-10-01 10:40 42,032 -csha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-10-01 10:40 152,564 -csha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-10-01 03:34 --------- dc----w C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab
2008-10-01 01:21 --------- dc----w C:\Program Files\ZTE Mobile Connection
2008-09-30 00:20 --------- dc-h–w C:\Program Files\InstallShield Installation Information
2008-09-28 02:08 --------- dc----w C:\Program Files\Spybot - Search & Destroy
2008-09-28 01:55 --------- dc----w C:\Documents and Settings\All Users\Dane aplikacji\Spybot - Search & Destroy
2008-09-27 01:05 --------- dc----w C:\Program Files\eMule
2008-09-09 16:55 --------- dc–a-w C:\Documents and Settings\All Users\Dane aplikacji\TEMP
2008-08-17 10:35 --------- dc----w C:\Program Files\Common Files\Adobe
2008-08-17 09:26 --------- dc----w C:\Program Files\WIEM2006
2008-08-13 23:57 --------- dc----w C:\Program Files\Common Files\Symantec Shared
2008-08-13 23:57 --------- dc----w C:\Documents and Settings\All Users\Dane aplikacji\Symantec
2008-08-13 23:27 --------- dc----w C:\Program Files\Norton 360
2008-08-06 17:21 96,976 -c–a-w C:\WINDOWS\system32\drivers\klin.dat
2008-08-03 13:36 --------- dc----w C:\Program Files\Common Files\Onet.pl
2008-08-03 13:35 --------- dc----w C:\Documents and Settings\radek\Dane aplikacji\Encyklopedia2006
2008-08-03 13:35 --------- dc----w C:\Documents and Settings\radek\Dane aplikacji\AutoUpdate
2008-08-03 13:06 --------- dc----w C:\Program Files\Soulseek-Test
2008-01-10 05:49 32 -c----w C:\Documents and Settings\All Users\Dane aplikacji\ezsid.dat
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“DAEMON Tools”=“C:\Program Files\DAEMON Tools\daemon.exe” [2007-08-16 167368]
“ctfmon.exe”=“C:\WINDOWS\system32\ctfmon.exe” [2008-04-14 15360]
“BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}”=“C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe” [2005-10-28 94208]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“IgfxTray”=“C:\WINDOWS\system32\igfxtray.exe” [2007-08-24 135168]
“HotKeysCmds”=“C:\WINDOWS\system32\hkcmd.exe” [2007-08-24 159744]
“Persistence”=“C:\WINDOWS\system32\igfxpers.exe” [2007-08-24 131072]
“IAAnotif”=“C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe” [2007-10-03 178712]
“NeroCheck”=“C:\WINDOWS\system32\NeroCheck.exe” [2001-07-09 155648]
“NeroFilterCheck”=“C:\WINDOWS\system32\NeroCheck.exe” [2001-07-09 155648]
“Adobe Reader Speed Launcher”=“C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe” [2008-01-11 39792]
“AVP”=“C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe” [2008-02-08 227856]
[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE” [2008-04-14 15360]
C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
Przyspieszenie uruchomienia programu AutoCAD.lnk - C:\Program Files\Common Files\Autodesk Shared\acstart17.exe [2006-03-05 11000]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
“vidc.iv41”= ir41_32.dll
“VIDC.YV12”= yv12vfw.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
“SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe”
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
“FirewallOverride”=dword:00000001
“AntiVirusOverride”=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
“DisableMonitoring”=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
“DisableMonitoring”=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
“DisableMonitoring”=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
“DisableMonitoring”=dword:00000001
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
“%windir%\system32\sessmgr.exe”=
“C:\Program Files\Common Files\Ahead\Nero Web\SetupX.exe”=
“C:\Program Files\Firaxis Games\Sid Meier’s Civilization 4\Civilization4.exe”=
“C:\Program Files\Gadu-Gadu\gg.exe”=
“C:\Program Files\HEROES3\BLADE\h3blade.exe”=
“C:\WINDOWS\system32\dplaysvr.exe”=
“C:\Program Files\HEROES3\Death\Heroes3.exe”=
“C:\Program Files\Skype\Phone\Skype.exe”=
“%windir%\Network Diagnostic\xpnetdiag.exe”=
“C:\Program Files\eMule\emule.exe”=
“C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe”=
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
“1723:TCP”= 1723:TCP:@xpsp2res.dll,-22015
“1701:UDP”= 1701:UDP:@xpsp2res.dll,-22016
“500:UDP”= 500:UDP:@xpsp2res.dll,-22017
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-12-13 24592]
R3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 gUSBSTOi;gUSBSTOi;C:\DOCUME~1\radek\USTAWI~1\Temp\gUSBSTOi.sys []
S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\NSNDIS5.SYS [2004-03-24 17280]
S3 SkLaggProtocol;Marvell Link Aggregation Protocol (LAGG) Support;C:\WINDOWS\system32\DRIVERS\yk51lagg.sys []
S3 SkVlanProtocol;Marvell Virtual LAN (VLAN) Support;C:\WINDOWS\system32\DRIVERS\skvlan.sys [2006-05-17 19328]
S3 usbscan;Sterownik skanera USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I]
\Shell\AutoRun\command - I:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{4ccc4721-a08c-11dc-9feb-001dd9ddb2d6}]
\Shell\AutoRun\command - E:\AutoRunMorrowind.exe
\Shell\install\command - E:\Setup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{681f427a-1158-11dd-b7ec-001dd9ddb2d6}]
\Shell\AutoRun\command - I:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{681f427b-1158-11dd-b7ec-001dd9ddb2d6}]
\Shell\AutoRun\command - I:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{6a17dded-9e18-11dc-9fe3-88637aeb3039}]
\Shell\AutoRun\command - C:\windows\explorer.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{6a17ddee-9e18-11dc-9fe3-88637aeb3039}]
\Shell\AutoRun\command - J:\USBNB.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{a6352dfa-2e09-11dd-b811-001a801f8c01}]
\Shell\AutoRun\command - I:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{a6352e02-2e09-11dd-b811-001a801f8c01}]
\Shell\AutoRun\command - I:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{bae474c8-0ebd-11dd-b7e7-001dd9ddb2d6}]
\Shell\AutoRun\command - I:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{bae474cc-0ebd-11dd-b7e7-001dd9ddb2d6}]
\Shell\AutoRun\command - I:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{bae474cd-0ebd-11dd-b7e7-001dd9ddb2d6}]
\Shell\AutoRun\command - I:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{bae474ce-0ebd-11dd-b7e7-001dd9ddb2d6}]
\Shell\AutoRun\command - I:\AutoRun.exe
.
Zawartość folderu ‘Zaplanowane zadania’
.
.
------- Skan uzupełniający -------
.
FireFox -: Profile - C:\Documents and Settings\radek\Dane aplikacji\Mozilla\Firefox\Profiles\iyhq1jkk.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - GOOGLE.CO.UK
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-01 11:42:23
Windows 5.1.2600 Dodatek Service Pack 3 NTFS
skanowanie ukrytych procesów …
skanowanie ukrytych wpisów autostartu …
skanowanie ukrytych plików …
skanowanie pomyślnie ukończone
ukryte pliki: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\c6996ca0]
“ImagePath”="\SystemRoot\System32\drivers\c6996ca0.sys"
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
C:\WINDOWS\system32\CTSVCCDA.EXE
C:\Program Files\Creative\Shared Files\CTDevSrv.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
C:\WINDOWS\system32\verclsid.exe
.
**************************************************************************
.
Czas ukończenia: 2008-10-01 11:51:56 - komputer został uruchomiony ponownie [radek]
ComboFix-quarantined-files.txt 2008-10-01 10:51:48
Przed: 11˙056˙517˙120 bajt˘w wolnych
Po: 11,051,524,096 bajt˘w wolnych
185 — E O F — 2008-10-01 02:00:36
Zrobiłem jeszcze skan w Trend Micro HijackThis v2.0.2 to jest wynik: