Mam problem z Mass-mailer software Uru-tak to sie nazywa

Radek_m81 · 1 Październik 2008 11:36

Witam.Kaspersky nie pomaga,szukałem w necie co to jest Mass -mailer i dotarlem tutaj.Zeskanowałem komputer za pomoca ComboFix.Proszę o pomoc,co mam zrobic by pozbyc sie Mass-mailera? Oto log.txt po zeskanowaniu:

ComboFix 08-09-30.03 - radek 2008-10-01 11:33:09.4 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1250.1.1045.18.1527 [GMT 1:00]

Uruchomiony z: C:\Documents and Settings\radek\Pulpit\ComboFix.exe

* Utworzono nowy punkt przywracania

.

((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))

.

((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_MCHINJDRV

((((((((((((((((((((((((( Pliki utworzone od 2008-09-01 do 2008-10-01 )))))))))))))))))))))))))))))))

.

2008-09-30 12:33 . 2008-09-30 12:33

2008-09-30 03:28 . 2008-09-30 03:28

2008-09-27 15:05 . 2008-09-27 15:07

2008-09-27 15:02 . 2008-09-28 02:39

2008-09-27 14:47 . 2008-09-28 01:56

2008-09-27 14:47 . 2008-09-27 14:47

2008-09-27 02:12 . 1994-09-21 01:00 92,208 --a–c— C:\WINDOWS\system32\WING.DLL

2008-09-27 02:12 . 1994-09-21 01:00 12,800 --a–c— C:\WINDOWS\system\WING32.DLL

2008-09-26 20:12 . 2008-10-01 11:43 102,258 --a–c— C:\WINDOWS\system32\drivers\c6996ca0.sys

2008-09-24 16:50 . 2008-09-24 16:50 7,168 --ahsc— C:\WINDOWS\Thumbs.db

2008-09-14 11:50 . 2008-09-14 11:50

2008-09-14 11:50 . 2003-07-02 01:00 131,072 -ra–c— C:\WINDOWS\system32\Epcmlib.dll

2008-09-14 11:49 . 2003-09-25 09:12 76,045 --a–c— C:\WINDOWS\system32\EBPMON24.DLL

2008-09-14 11:49 . 2003-07-15 21:14 31,744 --a–c— C:\WINDOWS\system32\E_DCINST.DLL

2008-09-14 11:49 . 2001-09-03 10:04 182 --a–c— C:\WINDOWS\system32\EBPPORT4.DAT

2008-09-14 11:48 . 2008-09-30 18:25

2008-09-14 11:48 . 2008-09-14 11:48 25 --a–c— C:\WINDOWS\CDEC66SeriesEuro.ini

2008-09-14 11:44 . 2008-04-13 19:47 25,856 --a–c— C:\WINDOWS\system32\drivers\usbprint.sys

2008-09-14 11:44 . 2008-04-13 19:47 25,856 --a–c— C:\WINDOWS\system32\dllcache\usbprint.sys

2008-09-10 22:00 . 2008-09-10 22:00

2008-09-03 10:18 . 2008-09-03 15:07

.

(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-10-01 10:42 404,256 -csha-w C:\WINDOWS\system32\drivers\fidbox2.dat

2008-10-01 10:42 11,001,120 -csha-w C:\WINDOWS\system32\drivers\fidbox.dat

2008-10-01 10:40 42,032 -csha-w C:\WINDOWS\system32\drivers\fidbox2.idx

2008-10-01 10:40 152,564 -csha-w C:\WINDOWS\system32\drivers\fidbox.idx

2008-10-01 03:34 --------- dc----w C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab

2008-10-01 01:21 --------- dc----w C:\Program Files\ZTE Mobile Connection

2008-09-30 00:20 --------- dc-h–w C:\Program Files\InstallShield Installation Information

2008-09-28 02:08 --------- dc----w C:\Program Files\Spybot - Search & Destroy

2008-09-28 01:55 --------- dc----w C:\Documents and Settings\All Users\Dane aplikacji\Spybot - Search & Destroy

2008-09-27 01:05 --------- dc----w C:\Program Files\eMule

2008-09-09 16:55 --------- dc–a-w C:\Documents and Settings\All Users\Dane aplikacji\TEMP

2008-08-17 10:35 --------- dc----w C:\Program Files\Common Files\Adobe

2008-08-17 09:26 --------- dc----w C:\Program Files\WIEM2006

2008-08-13 23:57 --------- dc----w C:\Program Files\Common Files\Symantec Shared

2008-08-13 23:57 --------- dc----w C:\Documents and Settings\All Users\Dane aplikacji\Symantec

2008-08-13 23:27 --------- dc----w C:\Program Files\Norton 360

2008-08-06 17:21 96,976 -c–a-w C:\WINDOWS\system32\drivers\klin.dat

2008-08-03 13:36 --------- dc----w C:\Program Files\Common Files\Onet.pl

2008-08-03 13:35 --------- dc----w C:\Documents and Settings\radek\Dane aplikacji\Encyklopedia2006

2008-08-03 13:35 --------- dc----w C:\Documents and Settings\radek\Dane aplikacji\AutoUpdate

2008-08-03 13:06 --------- dc----w C:\Program Files\Soulseek-Test

2008-01-10 05:49 32 -c----w C:\Documents and Settings\All Users\Dane aplikacji\ezsid.dat

.

((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“DAEMON Tools”=“C:\Program Files\DAEMON Tools\daemon.exe” [2007-08-16 167368]

“ctfmon.exe”=“C:\WINDOWS\system32\ctfmon.exe” [2008-04-14 15360]

“BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}”=“C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe” [2005-10-28 94208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“IgfxTray”=“C:\WINDOWS\system32\igfxtray.exe” [2007-08-24 135168]

“HotKeysCmds”=“C:\WINDOWS\system32\hkcmd.exe” [2007-08-24 159744]

“Persistence”=“C:\WINDOWS\system32\igfxpers.exe” [2007-08-24 131072]

“IAAnotif”=“C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe” [2007-10-03 178712]

“NeroCheck”=“C:\WINDOWS\system32\NeroCheck.exe” [2001-07-09 155648]

“NeroFilterCheck”=“C:\WINDOWS\system32\NeroCheck.exe” [2001-07-09 155648]

“Adobe Reader Speed Launcher”=“C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe” [2008-01-11 39792]

“AVP”=“C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe” [2008-02-08 227856]

[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

“CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE” [2008-04-14 15360]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\

Przyspieszenie uruchomienia programu AutoCAD.lnk - C:\Program Files\Common Files\Autodesk Shared\acstart17.exe [2006-03-05 11000]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

“vidc.iv41”= ir41_32.dll

“VIDC.YV12”= yv12vfw.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]

“SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe”

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

“FirewallOverride”=dword:00000001

“AntiVirusOverride”=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

“DisableMonitoring”=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]

“DisableMonitoring”=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

“DisableMonitoring”=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

“DisableMonitoring”=dword:00000001

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

“%windir%\system32\sessmgr.exe”=

“C:\Program Files\Common Files\Ahead\Nero Web\SetupX.exe”=

“C:\Program Files\Firaxis Games\Sid Meier’s Civilization 4\Civilization4.exe”=

“C:\Program Files\Gadu-Gadu\gg.exe”=

“C:\Program Files\HEROES3\BLADE\h3blade.exe”=

“C:\WINDOWS\system32\dplaysvr.exe”=

“C:\Program Files\HEROES3\Death\Heroes3.exe”=

“C:\Program Files\Skype\Phone\Skype.exe”=

“%windir%\Network Diagnostic\xpnetdiag.exe”=

“C:\Program Files\eMule\emule.exe”=

“C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe”=

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

“1723:TCP”= 1723:TCP:@xpsp2res.dll,-22015

“1701:UDP”= 1701:UDP:@xpsp2res.dll,-22016

“500:UDP”= 500:UDP:@xpsp2res.dll,-22017

R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-12-13 24592]

R3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]

S3 gUSBSTOi;gUSBSTOi;C:\DOCUME~1\radek\USTAWI~1\Temp\gUSBSTOi.sys []

S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\NSNDIS5.SYS [2004-03-24 17280]

S3 SkLaggProtocol;Marvell Link Aggregation Protocol (LAGG) Support;C:\WINDOWS\system32\DRIVERS\yk51lagg.sys []

S3 SkVlanProtocol;Marvell Virtual LAN (VLAN) Support;C:\WINDOWS\system32\DRIVERS\skvlan.sys [2006-05-17 19328]

S3 usbscan;Sterownik skanera USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I]