Nie mogę usunąć LiveSafetyCenter i OnlineSecurityGuide

szydlak · 20 Grudzień 2007 20:59

Proszę o pomoc w usunięciu tego syfu

Log z ComboFix:

ComboFix 07-12-20.1 - Toemk 2007-12-20 21:51:47.5 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.534 [GMT 1:00] Running from: C:\Documents and Settings\Toemk\Pulpit\ComboFix.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\All Users.WINDOWS\Menu Start\Live Safety Center.lnk C:\Documents and Settings\All Users.WINDOWS\Menu Start\Online Security Guide.lnk C:\Documents and Settings\Toemk\Pulpit\Live Safety Center.lnk C:\Documents and Settings\Toemk\Pulpit\Online Security Guide.lnk C:\Documents and Settings\Toemk\Ulubione\Online Security Guide.lnk C:\WINDOWS\system32\ugtpeipr.dllbox . ((((((((((((((((((((((((( Files Created from 2007-11-20 to 2007-12-20 ))))))))))))))))))))))))))))))) . 2007-12-20 21:13 . 2007-12-20 21:13 2007-12-20 21:06 . 2007-12-20 21:07 2007-12-20 20:46 . 2007-12-20 20:46 164 --a------ C:\install.dat 2007-12-20 16:15 . 2007-12-20 16:15 1,123,600 --a------ C:\WINDOWS\system32\FM20.DLL 2007-12-20 16:15 . 2007-12-20 16:15 169,984 --a------ C:\WINDOWS\system32\P2D.DLL 2007-12-20 16:15 . 2007-12-20 16:15 161,552 --a------ C:\WINDOWS\system32\ASYCPICT.DLL 2007-12-20 16:15 . 2007-12-20 16:15 127,488 --a------ C:\WINDOWS\system32\ISCTRLS.OCX 2007-12-20 16:15 . 2007-12-20 16:15 79,872 --a------ C:\WINDOWS\system32\MSNAUDIO.ACM 2007-12-20 16:15 . 2007-12-20 16:15 57,344 --a------ C:\WINDOWS\system32\COMMTB32.DLL 2007-12-20 16:15 . 2007-12-20 16:15 28,672 --a------ C:\WINDOWS\system32\HLP95EN.DLL 2007-12-20 16:15 . 2007-12-20 16:15 25,872 --a------ C:\WINDOWS\system32\FM20ENU.DLL 2007-12-20 16:14 . 2007-12-20 16:15 2007-12-15 10:13 . 2007-12-15 10:13 45 --a------ C:\TEST.XML 2007-12-10 16:40 . 2007-12-11 17:44 668,272 —hs---- C:\WINDOWS\system32\dmaedocu.ini 2007-12-09 14:33 . 2007-12-10 16:40 667,972 —hs---- C:\WINDOWS\system32\dxjrriwi.ini 2007-12-08 18:11 . 2007-12-08 18:11 2007-12-07 14:33 . 2007-12-09 11:00 667,552 —hs---- C:\WINDOWS\system32\cmlsnram.ini 2007-12-06 22:17 . 2000-07-08 15:06 87,040 --a------ C:\WINDOWS\UnGins.exe 2007-12-06 22:04 . 2007-12-06 22:04 2007-12-06 22:04 . 2003-08-29 23:51 156,160 --a------ C:\WINDOWS\system32\unrar3.dll 2007-12-06 22:04 . 2003-08-29 23:52 75,264 --a------ C:\WINDOWS\system32\unacev2.dll 2007-12-05 22:29 . 2007-12-07 14:33 868,903 —hs---- C:\WINDOWS\system32\esfkovkh.ini 2007-12-04 22:29 . 2007-12-05 20:17 805,501 —hs---- C:\WINDOWS\system32\bjoyfrsg.ini 2007-12-02 22:28 . 2007-12-03 20:16 794,204 —hs---- C:\WINDOWS\system32\dskkfqjn.ini 2007-12-02 14:46 . 2007-12-02 14:48 2007-12-02 14:46 . 2007-12-02 14:46 2007-12-01 20:37 . 2007-12-01 20:37 2007-12-01 20:27 . 2007-12-01 20:27 685,816 --a------ C:\WINDOWS\system32\drivers\sptd.sys 2007-12-01 17:04 . 2007-12-11 14:26 2007-12-01 17:04 . 2007-12-10 19:32 1,004 --a------ C:\LXCCINST.csv 2007-12-01 17:04 . 2007-12-01 17:05 1,004 --a------ C:\LXCCINST.000 2007-12-01 17:04 . 2007-12-10 19:31 0 --a------ C:\lxccfire.csv 2007-12-01 17:04 . 2007-12-01 17:04 0 --a------ C:\lxccfire.000 2007-12-01 13:47 . 2007-12-01 13:49 2007-12-01 13:38 . 2007-12-07 16:18 2007-12-01 13:38 . 2007-12-01 13:38 2007-12-01 13:37 . 2007-12-01 13:37 2007-12-01 12:02 . 2007-12-01 12:06 2007-12-01 12:02 . 2007-12-01 12:02 2007-11-30 22:27 . 2007-12-01 21:56 794,024 —hs---- C:\WINDOWS\system32\gmyknphr.ini 2007-11-30 16:01 . 2007-11-30 16:01 2007-11-30 16:01 . 2007-11-30 16:01 2007-11-29 21:06 . 2007-11-29 22:23 789,719 —hs---- C:\WINDOWS\system32\asqacnju.ini 2007-11-27 21:02 . 2007-11-28 21:03 744,066 —hs---- C:\WINDOWS\system32\adiplaok.ini 2007-11-26 21:47 . 2007-11-26 21:57 2007-11-26 21:03 . 2007-11-27 21:02 778,809 —hs---- C:\WINDOWS\system32\exddwldm.ini 2007-11-25 20:51 . 2007-11-26 21:00 776,672 —hs---- C:\WINDOWS\system32\agiqcrig.ini 2007-11-25 15:56 . 2007-11-25 15:56 2007-11-25 15:56 . 2007-11-25 15:56 2007-11-25 15:56 . 2007-11-25 15:56 0 --a------ C:\WINDOWS\nsreg.dat 2007-11-25 15:15 . 2007-11-25 15:42 2007-11-25 14:47 . 2007-11-25 14:47 2007-11-24 20:51 . 2007-11-25 20:41 776,312 —hs---- C:\WINDOWS\system32\gayxnvdi.ini 2007-11-24 20:40 . 2007-11-24 20:40 2007-11-24 14:30 . 2007-11-24 14:30 2007-11-24 14:06 . 2004-08-04 13:00 221,184 --a------ C:\WINDOWS\system32\wmpns.dll 2007-11-24 11:37 . 2007-11-24 11:37 2007-11-24 08:40 . 2007-11-24 08:40 2007-11-23 22:58 . 2007-11-23 22:58 2007-11-23 19:49 . 2007-11-23 19:49 2007-11-23 19:49 . 2007-11-23 19:49 2007-11-23 19:46 . 2007-11-23 19:49 2007-11-23 19:45 . 2007-11-24 12:08 2007-11-23 19:45 . 2007-11-23 19:45 2007-11-23 19:45 . 2007-02-22 11:15 90,624 --a------ C:\WINDOWS\system32\nmwcdcls.dll 2007-11-23 19:44 . 2007-11-23 19:44 2007-11-23 17:56 . 2007-11-23 17:56 2007-11-23 17:56 . 2007-11-23 17:56 2007-11-23 17:56 . 2007-11-23 17:59 2007-11-23 17:56 . 2007-11-23 17:56 139,008 --a------ C:\WINDOWS\system32\guard32.dll 2007-11-23 17:56 . 2007-11-23 17:56 79,096 --a------ C:\WINDOWS\system32\drivers\cmdGuard.sys 2007-11-23 17:56 . 2007-11-23 17:56 23,672 --a------ C:\WINDOWS\system32\drivers\cmdhlp.sys 2007-11-22 20:53 . 2007-11-23 20:53 724,522 —hs---- C:\WINDOWS\system32\aatyhbhq.ini 2007-11-21 19:55 . 2007-11-22 20:50 703,107 —hs---- C:\WINDOWS\system32\mjjbwoun.ini 2007-11-20 19:53 . 2007-11-21 19:04 970,228 —hs---- C:\WINDOWS\system32\solpxkmk.ini 2007-11-20 14:50 . 2007-11-20 14:50 2007-11-20 14:45 . 2007-11-20 14:48 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-12-20 19:27 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2007-12-20 16:48 --------- d-----w C:\Program Files\BearShare 2007-12-20 15:13 --------- d-----w C:\Documents and Settings\Toemk\Dane aplikacji\foobar2000 2007-12-19 13:17 --------- d-----w C:\Program Files\Tlen.pl 2007-12-16 15:14 --------- d-----w C:\Documents and Settings\Toemk\Dane aplikacji\OpenOffice.org2 2007-12-14 22:55 --------- d-----w C:\Program Files\PowerArchiver 2007-12-14 12:53 --------- d–h--w C:\Program Files\InstallShield Installation Information 2007-12-08 08:08 --------- d-----w C:\Program Files\Konnekt 2007-12-02 16:39 --------- d-----w C:\Documents and Settings\Pitor\Dane aplikacji\foobar2000 2007-12-02 14:24 --------- d-----w C:\Documents and Settings\Przemo\Dane aplikacji\foobar2000 2007-11-30 18:45 --------- d-----w C:\Program Files\Mozilla Thunderbird 2007-11-26 20:48 --------- d-----w C:\Program Files\Winamp 2007-11-19 22:18 --------- d-----w C:\Program Files\DeskSpace 2007-11-19 11:01 --------- d-----w C:\Program Files\coolpro2 2007-11-18 18:19 --------- d-----w C:\Program Files\Common Files\Adobe 2007-11-18 18:17 --------- d-----w C:\Program Files\Common Files\Adobe Systems Shared 2007-11-18 18:17 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\Adobe Systems 2007-11-18 15:37 --------- d-----w C:\Documents and Settings\Przemo\Dane aplikacji\Tlen.pl 2007-11-18 13:27 126,976 ----a-w C:\WINDOWS\War3Unin.exe 2007-11-16 16:09 --------- d-----w C:\Documents and Settings\Toemk\Dane aplikacji\BitSpirit 2007-11-16 14:35 --------- d-----w C:\Documents and Settings\Przemo\Dane aplikacji\BitSpirit 2007-11-15 16:00 --------- d-----w C:\Documents and Settings\Pitor\Dane aplikacji\Tlen.pl 2007-11-13 14:20 --------- d-----w C:\Program Files\directx 2007-11-13 13:08 --------- d-----w C:\Program Files\Ahead 2007-11-11 18:38 --------- d-----w C:\Documents and Settings\Pitor\Dane aplikacji\TrojanHunter 2007-11-11 13:56 --------- d-----w C:\Documents and Settings\Przemo\Dane aplikacji\TrojanHunter 2007-11-11 10:22 152,672 ----a-w C:\WINDOWS\system32\ugtpeipr.dll 2007-11-11 10:22 152,672 ----a-w C:\WINDOWS\system32\lyjcgsay.dll 2007-11-10 12:20 --------- d-----w C:\Documents and Settings\Pitor\Dane aplikacji\AdobeUM 2007-11-10 12:17 147,456 ----a-w C:\WINDOWS\system32\vbzip10.dll 2007-11-09 18:25 --------- d-----w C:\Documents and Settings\Pitor\Dane aplikacji\Ashampoo Photo Commander 4 2007-11-09 15:05 --------- d-----w C:\Documents and Settings\Pitor\Dane aplikacji\BitSpirit 2007-11-06 12:05 --------- d-----w C:\Program Files\Ashampoo 2007-11-06 12:05 --------- d-----w C:\Documents and Settings\Toemk\Dane aplikacji\Ashampoo Photo Commander 4 2007-11-06 12:05 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\ashampoo 2007-11-05 16:59 --------- d-----w C:\Documents and Settings\Toemk\Dane aplikacji\OtakuSoftware 2007-11-05 14:04 --------- d-----w C:\Program Files\Java 2007-11-04 15:19 --------- d-----w C:\Documents and Settings\Przemo\Dane aplikacji\OtakuSoftware 2007-11-03 13:37 --------- d-----w C:\Documents and Settings\Przemo\Dane aplikacji\AdobeUM 2007-11-03 11:31 --------- d-----w C:\Program Files\Guitar Pro 5 2007-11-03 10:14 --------- d-----w C:\Documents and Settings\Toemk\Dane aplikacji\Tlen.pl 2007-11-03 10:02 --------- d-----w C:\Documents and Settings\Toemk\Dane aplikacji\stamina 2007-11-02 13:58 --------- d-----w C:\Program Files\MultiRes 2007-11-02 13:57 451,072 ----a-w C:\WINDOWS\Radeon Omega Drivers v3.8.252 Uninstall.exe 2007-11-02 13:26 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\ConeXware 2007-11-02 00:09 --------- d-----w C:\Program Files\ATI Technologies 2007-11-02 00:00 --------- d-----w C:\Program Files\XviD 2007-11-01 23:59 --------- d-----w C:\Program Files\ffdshow 2007-11-01 23:59 --------- d-----w C:\Program Files\DivX 2007-11-01 21:00 --------- d-----w C:\Program Files\foobar2000 2007-11-01 20:08 --------- d-----w C:\Program Files\AvRack 2007-11-01 19:41 --------- d-----w C:\Program Files\Usługi online 2007-10-31 23:42 --------- d-----w C:\Program Files\Seagate 2007-10-31 23:10 --------- d-----w C:\Program Files\Western Digital 2007-10-29 08:54 --------- d-----w C:\Program Files\Common Files\InstallShield 2007-10-20 08:18 --------- d-----w C:\Program Files\Opera . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE~\Browser Helper Objects{A95B2816-1D7E-4561-A202-68C0DE02353A}] 2007-11-11 11:22 152672 --a------ C:\WINDOWS\system32\ugtpeipr.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {11A69AE4-FBED-4832-A2BF-45AF82825583} [HKEY_CLASSES_ROOT\clsid{11a69ae4-fbed-4832-a2bf-45af82825583}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “STYLEXP”=“C:\Program Files\TGTSoft\StyleXP\StyleXP.exe” [2006-05-24 19:31] “ctfmon.exe”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-03 23:44] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “SoundMan”=“SOUNDMAN.EXE” [2003-06-10 12:12 C:\WINDOWS\SOUNDMAN.EXE] “ATIPTA”=“atiptaxx.exe” [2007-08-09 10:28 C:\WINDOWS\system32\atiptaxx.exe] “COMODO Firewall Pro”=“C:\Program Files\COMODO\Firewall\cfp.exe” [2007-11-23 17:56] [HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE” [2004-08-03 23:44] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ugtpeipr] ugtpeipr.dll 2007-11-11 11:22 152672 C:\WINDOWS\system32\ugtpeipr.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk] path=C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnk backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Przemo^Menu Start^Programy^Autostart^Adobe Gamma.lnk] path=C:\Documents and Settings\Przemo\Menu Start\Programy\Autostart\Adobe Gamma.lnk backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] 2004-08-03 23:44 15360 --a------ C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeskSpace] C:\Program Files\DeskSpace\deskspace.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\f835b8e3] rundll32.exe C:\WINDOWS\system32\pugwmxws.dll,b [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] C:\Program Files\Messenger\msmsgs.exe /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2007-09-25 01:11 132496 --a------ C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Trickler] c:\documents and settings\przemo\ustawienia lokalne\temp~vis0000\gain_3202.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] “ServiceLayer”=3 (0x3) “lxcc_device”=3 (0x3) “ATI Smart”=2 (0x2) “Ati HotKey Poller”=2 (0x2) “Adobe LM Service”=3 (0x3) “aawservice”=2 (0x2) R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;C:\WINDOWS\system32\DRIVERS\cmdguard.sys [2007-11-23 17:56] R1 cmdHlp;COMODO Firewall Pro Helper Driver;C:\WINDOWS\system32\DRIVERS\cmdhlp.sys [2007-11-23 17:56] R3 usbscan;Sterownik skanera USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58] S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08] . ************************************************************************** catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-12-20 21:54:24 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\system32\winlogon.exe -> C:\WINDOWS\system32\ugtpeipr.dll . Completion time: 2007-12-20 21:55:16 C:\ComboFix2.txt … 2007-12-20 20:43 C:\ComboFix3.txt … 2007-12-20 20:33

Log z HijackThis:

Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:58:06, on 2007-12-20 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0013) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\COMODO\Firewall\cfp.exe C:\Program Files\TGTSoft\StyleXP\StyleXP.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\COMODO\Firewall\cmdagent.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Opera\Opera.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\ugtpeipr.dll O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\ugtpeipr.dll O4 - HKLM…\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM…\Run: [ATIPTA] atiptaxx.exe O4 - HKLM…\Run: [COMODO Firewall Pro] “C:\Program Files\COMODO\Firewall\cfp.exe” -s O4 - HKCU…\Run: [sTYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide O4 - HKCU…\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘USŁUGA LOKALNA’) O4 - HKUS\S-1-5-20…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘USŁUGA SIECIOWA’) O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’) O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’) O8 - Extra context menu item: Pobierz z &BitSpirit - D:\Tomek\Programy\BitSpirit\bsurl.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip…{A26AF03C-2443-4C04-B9D5-ABBC5E1DDEAA}: NameServer = 192.168.251.254 O17 - HKLM\System\CS1\Services\Tcpip…{A26AF03C-2443-4C04-B9D5-ABBC5E1DDEAA}: NameServer = 192.168.251.254 O17 - HKLM\System\CS2\Services\Tcpip…{A26AF03C-2443-4C04-B9D5-ABBC5E1DDEAA}: NameServer = 192.168.251.254 O20 - Winlogon Notify: ugtpeipr - C:\WINDOWS\SYSTEM32\ugtpeipr.dll O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\Firewall\cmdagent.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe – End of file - 4126 bytes

Gutek · 20 Grudzień 2007 21:21

Użyj SmitFraudFix wybierz opcji nr 2 , oczywiście w trybie awaryjnym i po tym - Daj log z ComboFix

szydlak · 20 Grudzień 2007 21:53

Zrobione tylko, że to nic nie pomogło

Log z ComboFix:

ComboFix 07-12-20.1 - Toemk 2007-12-20 22:44:45.7 - NTFSx86 MINIMAL Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.635 [GMT 1:00] Running from: C:\Documents and Settings\Toemk\Pulpit\ComboFix.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\ugtpeipr.dllbox . ((((((((((((((((((((((((( Files Created from 2007-11-20 to 2007-12-20 ))))))))))))))))))))))))))))))) . 2007-12-20 22:29 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe 2007-12-20 22:29 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe 2007-12-20 22:29 . 2007-12-19 22:57 81,920 --a------ C:\WINDOWS\system32\IEDFix.exe 2007-12-20 22:29 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe 2007-12-20 22:29 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe 2007-12-20 22:29 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe 2007-12-20 22:29 . 2007-12-20 22:41 472 --a------ C:\WINDOWS\system32\tmp.reg 2007-12-20 21:13 . 2007-12-20 21:13 2007-12-20 21:06 . 2007-12-20 21:07 2007-12-20 20:46 . 2007-12-20 20:46 164 --a------ C:\install.dat 2007-12-20 16:15 . 2007-12-20 16:15 1,123,600 --a------ C:\WINDOWS\system32\FM20.DLL 2007-12-20 16:15 . 2007-12-20 16:15 169,984 --a------ C:\WINDOWS\system32\P2D.DLL 2007-12-20 16:15 . 2007-12-20 16:15 161,552 --a------ C:\WINDOWS\system32\ASYCPICT.DLL 2007-12-20 16:15 . 2007-12-20 16:15 127,488 --a------ C:\WINDOWS\system32\ISCTRLS.OCX 2007-12-20 16:15 . 2007-12-20 16:15 79,872 --a------ C:\WINDOWS\system32\MSNAUDIO.ACM 2007-12-20 16:15 . 2007-12-20 16:15 57,344 --a------ C:\WINDOWS\system32\COMMTB32.DLL 2007-12-20 16:15 . 2007-12-20 16:15 28,672 --a------ C:\WINDOWS\system32\HLP95EN.DLL 2007-12-20 16:15 . 2007-12-20 16:15 25,872 --a------ C:\WINDOWS\system32\FM20ENU.DLL 2007-12-20 16:14 . 2007-12-20 16:15 2007-12-15 10:13 . 2007-12-15 10:13 45 --a------ C:\TEST.XML 2007-12-10 16:40 . 2007-12-11 17:44 668,272 —hs---- C:\WINDOWS\system32\dmaedocu.ini 2007-12-09 14:33 . 2007-12-10 16:40 667,972 —hs---- C:\WINDOWS\system32\dxjrriwi.ini 2007-12-08 18:11 . 2007-12-08 18:11 2007-12-07 14:33 . 2007-12-09 11:00 667,552 —hs---- C:\WINDOWS\system32\cmlsnram.ini 2007-12-06 22:17 . 2000-07-08 15:06 87,040 --a------ C:\WINDOWS\UnGins.exe 2007-12-06 22:04 . 2007-12-06 22:04 2007-12-06 22:04 . 2003-08-29 23:51 156,160 --a------ C:\WINDOWS\system32\unrar3.dll 2007-12-06 22:04 . 2003-08-29 23:52 75,264 --a------ C:\WINDOWS\system32\unacev2.dll 2007-12-05 22:29 . 2007-12-07 14:33 868,903 —hs---- C:\WINDOWS\system32\esfkovkh.ini 2007-12-04 22:29 . 2007-12-05 20:17 805,501 —hs---- C:\WINDOWS\system32\bjoyfrsg.ini 2007-12-02 22:28 . 2007-12-03 20:16 794,204 —hs---- C:\WINDOWS\system32\dskkfqjn.ini 2007-12-02 14:46 . 2007-12-02 14:48 2007-12-02 14:46 . 2007-12-02 14:46 2007-12-01 20:37 . 2007-12-01 20:37 2007-12-01 20:27 . 2007-12-01 20:27 685,816 --a------ C:\WINDOWS\system32\drivers\sptd.sys 2007-12-01 17:04 . 2007-12-11 14:26 2007-12-01 17:04 . 2007-12-10 19:32 1,004 --a------ C:\LXCCINST.csv 2007-12-01 17:04 . 2007-12-01 17:05 1,004 --a------ C:\LXCCINST.000 2007-12-01 17:04 . 2007-12-10 19:31 0 --a------ C:\lxccfire.csv 2007-12-01 17:04 . 2007-12-01 17:04 0 --a------ C:\lxccfire.000 2007-12-01 13:47 . 2007-12-01 13:49 2007-12-01 13:38 . 2007-12-07 16:18 2007-12-01 13:38 . 2007-12-01 13:38 2007-12-01 13:37 . 2007-12-01 13:37 2007-12-01 12:02 . 2007-12-01 12:06 2007-12-01 12:02 . 2007-12-01 12:02 2007-11-30 22:27 . 2007-12-01 21:56 794,024 —hs---- C:\WINDOWS\system32\gmyknphr.ini 2007-11-30 16:01 . 2007-11-30 16:01 2007-11-30 16:01 . 2007-11-30 16:01 2007-11-29 21:06 . 2007-11-29 22:23 789,719 —hs---- C:\WINDOWS\system32\asqacnju.ini 2007-11-27 21:02 . 2007-11-28 21:03 744,066 —hs---- C:\WINDOWS\system32\adiplaok.ini 2007-11-26 21:47 . 2007-11-26 21:57 2007-11-26 21:03 . 2007-11-27 21:02 778,809 —hs---- C:\WINDOWS\system32\exddwldm.ini 2007-11-25 20:51 . 2007-11-26 21:00 776,672 —hs---- C:\WINDOWS\system32\agiqcrig.ini 2007-11-25 15:56 . 2007-11-25 15:56 2007-11-25 15:56 . 2007-11-25 15:56 2007-11-25 15:56 . 2007-11-25 15:56 0 --a------ C:\WINDOWS\nsreg.dat 2007-11-25 15:15 . 2007-11-25 15:42 2007-11-25 14:47 . 2007-11-25 14:47 2007-11-24 20:51 . 2007-11-25 20:41 776,312 —hs---- C:\WINDOWS\system32\gayxnvdi.ini 2007-11-24 20:40 . 2007-11-24 20:40 2007-11-24 14:30 . 2007-11-24 14:30 2007-11-24 14:06 . 2004-08-04 13:00 221,184 --a------ C:\WINDOWS\system32\wmpns.dll 2007-11-24 11:37 . 2007-11-24 11:37 2007-11-24 08:40 . 2007-11-24 08:40 2007-11-23 22:58 . 2007-11-23 22:58 2007-11-23 19:49 . 2007-11-23 19:49 2007-11-23 19:49 . 2007-11-23 19:49 2007-11-23 19:46 . 2007-11-23 19:49 2007-11-23 19:45 . 2007-11-24 12:08 2007-11-23 19:45 . 2007-11-23 19:45 2007-11-23 19:45 . 2007-02-22 11:15 90,624 --a------ C:\WINDOWS\system32\nmwcdcls.dll 2007-11-23 19:44 . 2007-11-23 19:44 2007-11-23 17:56 . 2007-11-23 17:56 2007-11-23 17:56 . 2007-11-23 17:56 2007-11-23 17:56 . 2007-11-23 17:59 2007-11-23 17:56 . 2007-11-23 17:56 139,008 --a------ C:\WINDOWS\system32\guard32.dll 2007-11-23 17:56 . 2007-11-23 17:56 79,096 --a------ C:\WINDOWS\system32\drivers\cmdGuard.sys 2007-11-23 17:56 . 2007-11-23 17:56 23,672 --a------ C:\WINDOWS\system32\drivers\cmdhlp.sys 2007-11-22 20:53 . 2007-11-23 20:53 724,522 —hs---- C:\WINDOWS\system32\aatyhbhq.ini 2007-11-21 19:55 . 2007-11-22 20:50 703,107 —hs---- C:\WINDOWS\system32\mjjbwoun.ini 2007-11-20 19:53 . 2007-11-21 19:04 970,228 —hs---- C:\WINDOWS\system32\solpxkmk.ini 2007-11-20 14:50 . 2007-11-20 14:50 2007-11-20 14:45 . 2007-11-20 14:48 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-12-20 21:26 --------- d-----w C:\Documents and Settings\Toemk\Dane aplikacji\foobar2000 2007-12-20 19:27 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2007-12-20 16:48 --------- d-----w C:\Program Files\BearShare 2007-12-19 13:17 --------- d-----w C:\Program Files\Tlen.pl 2007-12-16 15:14 --------- d-----w C:\Documents and Settings\Toemk\Dane aplikacji\OpenOffice.org2 2007-12-14 22:55 --------- d-----w C:\Program Files\PowerArchiver 2007-12-14 12:53 --------- d–h--w C:\Program Files\InstallShield Installation Information 2007-12-08 08:08 --------- d-----w C:\Program Files\Konnekt 2007-12-02 16:39 --------- d-----w C:\Documents and Settings\Pitor\Dane aplikacji\foobar2000 2007-12-02 14:24 --------- d-----w C:\Documents and Settings\Przemo\Dane aplikacji\foobar2000 2007-11-30 18:45 --------- d-----w C:\Program Files\Mozilla Thunderbird 2007-11-26 20:48 --------- d-----w C:\Program Files\Winamp 2007-11-19 22:18 --------- d-----w C:\Program Files\DeskSpace 2007-11-19 11:01 --------- d-----w C:\Program Files\coolpro2 2007-11-18 18:19 --------- d-----w C:\Program Files\Common Files\Adobe 2007-11-18 18:17 --------- d-----w C:\Program Files\Common Files\Adobe Systems Shared 2007-11-18 18:17 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\Adobe Systems 2007-11-18 15:37 --------- d-----w C:\Documents and Settings\Przemo\Dane aplikacji\Tlen.pl 2007-11-18 13:27 126,976 ----a-w C:\WINDOWS\War3Unin.exe 2007-11-16 16:09 --------- d-----w C:\Documents and Settings\Toemk\Dane aplikacji\BitSpirit 2007-11-16 14:35 --------- d-----w C:\Documents and Settings\Przemo\Dane aplikacji\BitSpirit 2007-11-15 16:00 --------- d-----w C:\Documents and Settings\Pitor\Dane aplikacji\Tlen.pl 2007-11-13 14:20 --------- d-----w C:\Program Files\directx 2007-11-13 13:08 --------- d-----w C:\Program Files\Ahead 2007-11-11 18:38 --------- d-----w C:\Documents and Settings\Pitor\Dane aplikacji\TrojanHunter 2007-11-11 13:56 --------- d-----w C:\Documents and Settings\Przemo\Dane aplikacji\TrojanHunter 2007-11-11 10:22 152,672 ----a-w C:\WINDOWS\system32\ugtpeipr.dll 2007-11-11 10:22 152,672 ----a-w C:\WINDOWS\system32\lyjcgsay.dll 2007-11-10 12:20 --------- d-----w C:\Documents and Settings\Pitor\Dane aplikacji\AdobeUM 2007-11-10 12:17 147,456 ----a-w C:\WINDOWS\system32\vbzip10.dll 2007-11-09 18:25 --------- d-----w C:\Documents and Settings\Pitor\Dane aplikacji\Ashampoo Photo Commander 4 2007-11-09 15:05 --------- d-----w C:\Documents and Settings\Pitor\Dane aplikacji\BitSpirit 2007-11-06 12:05 --------- d-----w C:\Program Files\Ashampoo 2007-11-06 12:05 --------- d-----w C:\Documents and Settings\Toemk\Dane aplikacji\Ashampoo Photo Commander 4 2007-11-06 12:05 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\ashampoo 2007-11-05 16:59 --------- d-----w C:\Documents and Settings\Toemk\Dane aplikacji\OtakuSoftware 2007-11-05 14:04 --------- d-----w C:\Program Files\Java 2007-11-04 15:19 --------- d-----w C:\Documents and Settings\Przemo\Dane aplikacji\OtakuSoftware 2007-11-03 13:37 --------- d-----w C:\Documents and Settings\Przemo\Dane aplikacji\AdobeUM 2007-11-03 11:31 --------- d-----w C:\Program Files\Guitar Pro 5 2007-11-03 10:14 --------- d-----w C:\Documents and Settings\Toemk\Dane aplikacji\Tlen.pl 2007-11-03 10:02 --------- d-----w C:\Documents and Settings\Toemk\Dane aplikacji\stamina 2007-11-02 13:58 --------- d-----w C:\Program Files\MultiRes 2007-11-02 13:57 451,072 ----a-w C:\WINDOWS\Radeon Omega Drivers v3.8.252 Uninstall.exe 2007-11-02 13:26 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\ConeXware 2007-11-02 00:09 --------- d-----w C:\Program Files\ATI Technologies 2007-11-02 00:00 --------- d-----w C:\Program Files\XviD 2007-11-01 23:59 --------- d-----w C:\Program Files\ffdshow 2007-11-01 23:59 --------- d-----w C:\Program Files\DivX 2007-11-01 21:00 --------- d-----w C:\Program Files\foobar2000 2007-11-01 20:08 --------- d-----w C:\Program Files\AvRack 2007-11-01 19:41 --------- d-----w C:\Program Files\Usługi online 2007-10-31 23:42 --------- d-----w C:\Program Files\Seagate 2007-10-31 23:10 --------- d-----w C:\Program Files\Western Digital 2007-10-29 08:54 --------- d-----w C:\Program Files\Common Files\InstallShield 2007-10-20 08:18 --------- d-----w C:\Program Files\Opera . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE~\Browser Helper Objects{A95B2816-1D7E-4561-A202-68C0DE02353A}] 2007-11-11 11:22 152672 --a------ C:\WINDOWS\system32\ugtpeipr.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {11A69AE4-FBED-4832-A2BF-45AF82825583} [HKEY_CLASSES_ROOT\clsid{11a69ae4-fbed-4832-a2bf-45af82825583}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “STYLEXP”=“C:\Program Files\TGTSoft\StyleXP\StyleXP.exe” [2006-05-24 19:31] “ctfmon.exe”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-03 23:44] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “SoundMan”=“SOUNDMAN.EXE” [2003-06-10 12:12 C:\WINDOWS\SOUNDMAN.EXE] “ATIPTA”=“atiptaxx.exe” [2007-08-09 10:28 C:\WINDOWS\system32\atiptaxx.exe] “COMODO Firewall Pro”=“C:\Program Files\COMODO\Firewall\cfp.exe” [2007-11-23 17:56] [HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE” [2004-08-03 23:44] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ugtpeipr] ugtpeipr.dll 2007-11-11 11:22 152672 C:\WINDOWS\system32\ugtpeipr.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk] path=C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnk backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Przemo^Menu Start^Programy^Autostart^Adobe Gamma.lnk] path=C:\Documents and Settings\Przemo\Menu Start\Programy\Autostart\Adobe Gamma.lnk backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] 2004-08-03 23:44 15360 --a------ C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeskSpace] C:\Program Files\DeskSpace\deskspace.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\f835b8e3] rundll32.exe C:\WINDOWS\system32\pugwmxws.dll,b [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] C:\Program Files\Messenger\msmsgs.exe /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2007-09-25 01:11 132496 --a------ C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Trickler] c:\documents and settings\przemo\ustawienia lokalne\temp~vis0000\gain_3202.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] “ServiceLayer”=3 (0x3) “lxcc_device”=3 (0x3) “ATI Smart”=2 (0x2) “Ati HotKey Poller”=2 (0x2) “Adobe LM Service”=3 (0x3) “aawservice”=2 (0x2) S1 cmdGuard;COMODO Firewall Pro Sandbox Driver;C:\WINDOWS\system32\DRIVERS\cmdguard.sys [2007-11-23 17:56] S1 cmdHlp;COMODO Firewall Pro Helper Driver;C:\WINDOWS\system32\DRIVERS\cmdhlp.sys [2007-11-23 17:56] S3 usbscan;Sterownik skanera USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58] S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08] . ************************************************************************** catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-12-20 22:47:18 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\system32\winlogon.exe -> C:\WINDOWS\system32\ugtpeipr.dll . Completion time: 2007-12-20 22:48:22 C:\ComboFix2.txt … 2007-12-20 22:38 C:\ComboFix3.txt … 2007-12-20 21:55

Gutek · 20 Grudzień 2007 22:10

Wklej do Notatnika:

File:: C:\WINDOWS\system32\ugtpeipr.dll C:\WINDOWS\system32\lyjcgsay.dll C:\WINDOWS\system32\dmaedocu.ini C:\WINDOWS\system32\dxjrriwi.ini C:\WINDOWS\system32\cmlsnram.ini C:\WINDOWS\system32\esfkovkh.ini C:\WINDOWS\system32\bjoyfrsg.ini C:\WINDOWS\system32\dskkfqjn.ini C:\WINDOWS\system32\gmyknphr.ini C:\WINDOWS\system32\asqacnju.ini C:\WINDOWS\system32\adiplaok.ini C:\WINDOWS\system32\exddwldm.ini C:\WINDOWS\system32\agiqcrig.ini C:\WINDOWS\system32\gayxnvdi.ini C:\WINDOWS\system32\aatyhbhq.ini C:\WINDOWS\system32\mjjbwoun.ini C:\WINDOWS\system32\solpxkmk.ini C:\WINDOWS\system32\pugwmxws.dll c:\documents and settings\przemo\ustawienia lokalne\temp~vis0000\gain_3202.exe Registry:: [-HKEY_LOCAL_MACHINE~\Browser Helper Objects{A95B2816-1D7E-4561-A202-68C0DE02353A}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {11A69AE4-FBED-4832-A2BF-45AF82825583}=- [-HKEY_CLASSES_ROOT\clsid{11a69ae4-fbed-4832-a2bf-45af82825583}] [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ugtpeipr] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\f835b8e3] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Trickler]

>>Plik>>Zapisz jako… >>> CFScript (najwygodniej będzie, jeśli zapiszesz w takiej lokalizacji, by ikonka CFScript.txt znalazła się obok ikonki ComboFix.exe )

Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe (czyli ikonkę CFScript.txt na ikonkę ComboFix.exe )

– podobnie jak na tym obrazku –>

(jeśli pojawi się pytanie " 1 or 2" - to wpisz 1 i naciśnij ENTER) Ma się rozpocząć usuwanie. (i powstanie log)

Po restarcie usuń ręcznie folder C: ** Qoobox**.

Po tym nowy log z Combo

szydlak · 20 Grudzień 2007 22:28

już nie wyskakuje

Log:

ComboFix 07-12-20.1 - Toemk 2007-12-20 23:17:21.8 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.542 [GMT 1:00] Running from: C:\Documents and Settings\Toemk\Pulpit\ComboFix.exe Command switches used :: C:\Documents and Settings\Toemk\Pulpit\CFScript.txt * Created a new restore point FILE c:\documents and settings\przemo\ustawienia lokalne\temp~vis0000\gain_3202.exe C:\WINDOWS\system32\aatyhbhq.ini C:\WINDOWS\system32\adiplaok.ini C:\WINDOWS\system32\agiqcrig.ini C:\WINDOWS\system32\asqacnju.ini C:\WINDOWS\system32\bjoyfrsg.ini C:\WINDOWS\system32\cmlsnram.ini C:\WINDOWS\system32\dmaedocu.ini C:\WINDOWS\system32\dskkfqjn.ini C:\WINDOWS\system32\dxjrriwi.ini C:\WINDOWS\system32\esfkovkh.ini C:\WINDOWS\system32\exddwldm.ini C:\WINDOWS\system32\gayxnvdi.ini C:\WINDOWS\system32\gmyknphr.ini C:\WINDOWS\system32\lyjcgsay.dll C:\WINDOWS\system32\mjjbwoun.ini C:\WINDOWS\system32\pugwmxws.dll C:\WINDOWS\system32\solpxkmk.ini C:\WINDOWS\system32\ugtpeipr.dll . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\All Users.WINDOWS\Menu Start\Live Safety Center.lnk C:\Documents and Settings\All Users.WINDOWS\Menu Start\Online Security Guide.lnk C:\Documents and Settings\Toemk\Pulpit\Live Safety Center.lnk C:\Documents and Settings\Toemk\Pulpit\Online Security Guide.lnk C:\Documents and Settings\Toemk\Ulubione\Online Security Guide.lnk C:\WINDOWS\system32\aatyhbhq.ini C:\WINDOWS\system32\adiplaok.ini C:\WINDOWS\system32\agiqcrig.ini C:\WINDOWS\system32\asqacnju.ini C:\WINDOWS\system32\bjoyfrsg.ini C:\WINDOWS\system32\cmlsnram.ini C:\WINDOWS\system32\dmaedocu.ini C:\WINDOWS\system32\dskkfqjn.ini C:\WINDOWS\system32\dxjrriwi.ini C:\WINDOWS\system32\esfkovkh.ini C:\WINDOWS\system32\exddwldm.ini C:\WINDOWS\system32\gayxnvdi.ini C:\WINDOWS\system32\gmyknphr.ini C:\WINDOWS\system32\lyjcgsay.dll C:\WINDOWS\system32\mjjbwoun.ini C:\WINDOWS\system32\solpxkmk.ini C:\WINDOWS\system32\ugtpeipr.dll C:\WINDOWS\system32\ugtpeipr.dllbox . ((((((((((((((((((((((((( Files Created from 2007-11-20 to 2007-12-20 ))))))))))))))))))))))))))))))) . 2007-12-20 22:29 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe 2007-12-20 22:29 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe 2007-12-20 22:29 . 2007-12-19 22:57 81,920 --a------ C:\WINDOWS\system32\IEDFix.exe 2007-12-20 22:29 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe 2007-12-20 22:29 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe 2007-12-20 22:29 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe 2007-12-20 22:29 . 2007-12-20 22:41 472 --a------ C:\WINDOWS\system32\tmp.reg 2007-12-20 21:13 . 2007-12-20 21:13 2007-12-20 21:06 . 2007-12-20 21:07 2007-12-20 20:46 . 2007-12-20 20:46 164 --a------ C:\install.dat 2007-12-20 16:15 . 2007-12-20 16:15 1,123,600 --a------ C:\WINDOWS\system32\FM20.DLL 2007-12-20 16:15 . 2007-12-20 16:15 169,984 --a------ C:\WINDOWS\system32\P2D.DLL 2007-12-20 16:15 . 2007-12-20 16:15 161,552 --a------ C:\WINDOWS\system32\ASYCPICT.DLL 2007-12-20 16:15 . 2007-12-20 16:15 127,488 --a------ C:\WINDOWS\system32\ISCTRLS.OCX 2007-12-20 16:15 . 2007-12-20 16:15 79,872 --a------ C:\WINDOWS\system32\MSNAUDIO.ACM 2007-12-20 16:15 . 2007-12-20 16:15 57,344 --a------ C:\WINDOWS\system32\COMMTB32.DLL 2007-12-20 16:15 . 2007-12-20 16:15 28,672 --a------ C:\WINDOWS\system32\HLP95EN.DLL 2007-12-20 16:15 . 2007-12-20 16:15 25,872 --a------ C:\WINDOWS\system32\FM20ENU.DLL 2007-12-20 16:14 . 2007-12-20 16:15 2007-12-15 10:13 . 2007-12-15 10:13 45 --a------ C:\TEST.XML 2007-12-08 18:11 . 2007-12-08 18:11 2007-12-06 22:17 . 2000-07-08 15:06 87,040 --a------ C:\WINDOWS\UnGins.exe 2007-12-06 22:04 . 2007-12-06 22:04 2007-12-06 22:04 . 2003-08-29 23:51 156,160 --a------ C:\WINDOWS\system32\unrar3.dll 2007-12-06 22:04 . 2003-08-29 23:52 75,264 --a------ C:\WINDOWS\system32\unacev2.dll 2007-12-02 14:46 . 2007-12-02 14:48 2007-12-02 14:46 . 2007-12-02 14:46 2007-12-01 20:37 . 2007-12-01 20:37 2007-12-01 20:27 . 2007-12-01 20:27 685,816 --a------ C:\WINDOWS\system32\drivers\sptd.sys 2007-12-01 17:04 . 2007-12-11 14:26 2007-12-01 17:04 . 2007-12-10 19:32 1,004 --a------ C:\LXCCINST.csv 2007-12-01 17:04 . 2007-12-01 17:05 1,004 --a------ C:\LXCCINST.000 2007-12-01 17:04 . 2007-12-10 19:31 0 --a------ C:\lxccfire.csv 2007-12-01 17:04 . 2007-12-01 17:04 0 --a------ C:\lxccfire.000 2007-12-01 13:47 . 2007-12-01 13:49 2007-12-01 13:38 . 2007-12-07 16:18 2007-12-01 13:38 . 2007-12-01 13:38 2007-12-01 13:37 . 2007-12-01 13:37 2007-12-01 12:02 . 2007-12-01 12:06 2007-12-01 12:02 . 2007-12-01 12:02 2007-11-30 16:01 . 2007-11-30 16:01 2007-11-30 16:01 . 2007-11-30 16:01 2007-11-26 21:47 . 2007-11-26 21:57 2007-11-25 15:56 . 2007-11-25 15:56 2007-11-25 15:56 . 2007-11-25 15:56 2007-11-25 15:56 . 2007-11-25 15:56 0 --a------ C:\WINDOWS\nsreg.dat 2007-11-25 15:15 . 2007-11-25 15:42 2007-11-25 14:47 . 2007-11-25 14:47 2007-11-24 20:40 . 2007-11-24 20:40 2007-11-24 14:30 . 2007-11-24 14:30 2007-11-24 14:06 . 2004-08-04 13:00 221,184 --a------ C:\WINDOWS\system32\wmpns.dll 2007-11-24 11:37 . 2007-11-24 11:37 2007-11-24 08:40 . 2007-11-24 08:40 2007-11-23 22:58 . 2007-11-23 22:58 2007-11-23 19:49 . 2007-11-23 19:49 2007-11-23 19:49 . 2007-11-23 19:49 2007-11-23 19:46 . 2007-11-23 19:49 2007-11-23 19:45 . 2007-11-24 12:08 2007-11-23 19:45 . 2007-11-23 19:45 2007-11-23 19:45 . 2007-02-22 11:15 90,624 --a------ C:\WINDOWS\system32\nmwcdcls.dll 2007-11-23 19:44 . 2007-11-23 19:44 2007-11-23 17:56 . 2007-11-23 17:56 2007-11-23 17:56 . 2007-11-23 17:56 2007-11-23 17:56 . 2007-11-23 17:59 2007-11-23 17:56 . 2007-11-23 17:56 139,008 --a------ C:\WINDOWS\system32\guard32.dll 2007-11-23 17:56 . 2007-11-23 17:56 79,096 --a------ C:\WINDOWS\system32\drivers\cmdGuard.sys 2007-11-23 17:56 . 2007-11-23 17:56 23,672 --a------ C:\WINDOWS\system32\drivers\cmdhlp.sys 2007-11-20 14:50 . 2007-11-20 14:50 2007-11-20 14:45 . 2007-11-20 14:48 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-12-20 22:21 262,144 —ha-w C:\Documents and Settings\NetworkService.ZARZąDZANIE NT\NTUSER.DAT 2007-12-20 22:21 262,144 —ha-w C:\Documents and Settings\NetworkService.ZARZąDZANIE NT\NTUSER.DAT 2007-12-20 22:21 262,144 —ha-w C:\Documents and Settings\LocalService.ZARZąDZANIE NT\NTUSER.DAT 2007-12-20 22:21 262,144 —ha-w C:\Documents and Settings\LocalService.ZARZąDZANIE NT\NTUSER.DAT 2007-12-20 21:26 --------- d-----w C:\Documents and Settings\Toemk\Dane aplikacji\foobar2000 2007-12-20 19:27 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2007-12-20 16:48 --------- d-----w C:\Program Files\BearShare 2007-12-19 13:17 --------- d-----w C:\Program Files\Tlen.pl 2007-12-16 15:14 --------- d-----w C:\Documents and Settings\Toemk\Dane aplikacji\OpenOffice.org2 2007-12-14 22:55 --------- d-----w C:\Program Files\PowerArchiver 2007-12-14 12:53 --------- d–h--w C:\Program Files\InstallShield Installation Information 2007-12-08 08:08 --------- d-----w C:\Program Files\Konnekt 2007-12-02 16:39 --------- d-----w C:\Documents and Settings\Pitor\Dane aplikacji\foobar2000 2007-12-02 14:24 --------- d-----w C:\Documents and Settings\Przemo\Dane aplikacji\foobar2000 2007-11-30 18:45 --------- d-----w C:\Program Files\Mozilla Thunderbird 2007-11-26 20:48 --------- d-----w C:\Program Files\Winamp 2007-11-19 22:18 --------- d-----w C:\Program Files\DeskSpace 2007-11-19 11:01 --------- d-----w C:\Program Files\coolpro2 2007-11-18 18:19 --------- d-----w C:\Program Files\Common Files\Adobe 2007-11-18 18:17 --------- d-----w C:\Program Files\Common Files\Adobe Systems Shared 2007-11-18 18:17 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\Adobe Systems 2007-11-18 15:37 --------- d-----w C:\Documents and Settings\Przemo\Dane aplikacji\Tlen.pl 2007-11-18 13:27 126,976 ----a-w C:\WINDOWS\War3Unin.exe 2007-11-16 16:09 --------- d-----w C:\Documents and Settings\Toemk\Dane aplikacji\BitSpirit 2007-11-16 14:35 --------- d-----w C:\Documents and Settings\Przemo\Dane aplikacji\BitSpirit 2007-11-15 16:00 --------- d-----w C:\Documents and Settings\Pitor\Dane aplikacji\Tlen.pl 2007-11-13 14:20 --------- d-----w C:\Program Files\directx 2007-11-13 13:08 --------- d-----w C:\Program Files\Ahead 2007-11-11 18:38 --------- d-----w C:\Documents and Settings\Pitor\Dane aplikacji\TrojanHunter 2007-11-11 13:56 --------- d-----w C:\Documents and Settings\Przemo\Dane aplikacji\TrojanHunter 2007-11-10 12:20 --------- d-----w C:\Documents and Settings\Pitor\Dane aplikacji\AdobeUM 2007-11-10 12:17 147,456 ----a-w C:\WINDOWS\system32\vbzip10.dll 2007-11-09 18:25 --------- d-----w C:\Documents and Settings\Pitor\Dane aplikacji\Ashampoo Photo Commander 4 2007-11-09 15:05 --------- d-----w C:\Documents and Settings\Pitor\Dane aplikacji\BitSpirit 2007-11-06 12:05 --------- d-----w C:\Program Files\Ashampoo 2007-11-06 12:05 --------- d-----w C:\Documents and Settings\Toemk\Dane aplikacji\Ashampoo Photo Commander 4 2007-11-06 12:05 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\ashampoo 2007-11-05 16:59 --------- d-----w C:\Documents and Settings\Toemk\Dane aplikacji\OtakuSoftware 2007-11-05 14:04 --------- d-----w C:\Program Files\Java 2007-11-04 15:19 --------- d-----w C:\Documents and Settings\Przemo\Dane aplikacji\OtakuSoftware 2007-11-03 13:37 --------- d-----w C:\Documents and Settings\Przemo\Dane aplikacji\AdobeUM 2007-11-03 11:31 --------- d-----w C:\Program Files\Guitar Pro 5 2007-11-03 10:14 --------- d-----w C:\Documents and Settings\Toemk\Dane aplikacji\Tlen.pl 2007-11-03 10:02 --------- d-----w C:\Documents and Settings\Toemk\Dane aplikacji\stamina 2007-11-02 13:58 --------- d-----w C:\Program Files\MultiRes 2007-11-02 13:57 451,072 ----a-w C:\WINDOWS\Radeon Omega Drivers v3.8.252 Uninstall.exe 2007-11-02 13:26 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\ConeXware 2007-11-02 00:09 --------- d-----w C:\Program Files\ATI Technologies 2007-11-02 00:00 --------- d-----w C:\Program Files\XviD 2007-11-01 23:59 --------- d-----w C:\Program Files\ffdshow 2007-11-01 23:59 --------- d-----w C:\Program Files\DivX 2007-11-01 21:00 --------- d-----w C:\Program Files\foobar2000 2007-11-01 20:08 --------- d-----w C:\Program Files\AvRack 2007-11-01 19:43 --------- d-s—w C:\Documents and Settings\NetworkService.ZARZąDZANIE NT\Dane aplikacji\Microsoft 2007-11-01 19:43 --------- d-s—w C:\Documents and Settings\LocalService.ZARZąDZANIE NT\Dane aplikacji\Microsoft 2007-11-01 19:43 --------- d-s—w C:\Documents and Settings\LocalService.ZARZąDZANIE NT\Dane aplikacji\Microsoft 2007-11-01 19:43 --------- d-s—w C:\Documents and Settings\LocalService.ZARZąDZANIE NT\Dane aplikacji\Microsoft 2007-11-01 19:41 --------- d-----w C:\Program Files\Usługi online 2007-10-31 23:42 --------- d-----w C:\Program Files\Seagate 2007-10-31 23:10 --------- d-----w C:\Program Files\Western Digital 2007-10-29 08:54 --------- d-----w C:\Program Files\Common Files\InstallShield 2007-10-20 08:18 --------- d-----w C:\Program Files\Opera . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “STYLEXP”=“C:\Program Files\TGTSoft\StyleXP\StyleXP.exe” [2006-05-24 19:31] “ctfmon.exe”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-03 23:44] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “SoundMan”=“SOUNDMAN.EXE” [2003-06-10 12:12 C:\WINDOWS\SOUNDMAN.EXE] “ATIPTA”=“atiptaxx.exe” [2007-08-09 10:28 C:\WINDOWS\system32\atiptaxx.exe] “COMODO Firewall Pro”=“C:\Program Files\COMODO\Firewall\cfp.exe” [2007-11-23 17:56] [HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE” [2004-08-03 23:44] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk] path=C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnk backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Przemo^Menu Start^Programy^Autostart^Adobe Gamma.lnk] path=C:\Documents and Settings\Przemo\Menu Start\Programy\Autostart\Adobe Gamma.lnk backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] 2004-08-03 23:44 15360 --a------ C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeskSpace] C:\Program Files\DeskSpace\deskspace.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] C:\Program Files\Messenger\msmsgs.exe /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2007-09-25 01:11 132496 --a------ C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] “ServiceLayer”=3 (0x3) “lxcc_device”=3 (0x3) “ATI Smart”=2 (0x2) “Ati HotKey Poller”=2 (0x2) “Adobe LM Service”=3 (0x3) “aawservice”=2 (0x2) R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;C:\WINDOWS\system32\DRIVERS\cmdguard.sys [2007-11-23 17:56] R1 cmdHlp;COMODO Firewall Pro Helper Driver;C:\WINDOWS\system32\DRIVERS\cmdhlp.sys [2007-11-23 17:56] R3 usbscan;Sterownik skanera USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58] S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08] . ************************************************************************** catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-12-20 23:22:50 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-12-20 23:23:45 - machine was rebooted C:\ComboFix2.txt … 2007-12-20 22:48 C:\ComboFix3.txt … 2007-12-20 22:38

Gutek · 21 Grudzień 2007 23:18

Ja już nic nie wiedzę