as11
(As11)
21 Listopad 2007 18:49
#1
Od kilku dni borykam się z problemem komunikatów i różnego typu alertami.W traiu pojawiła się żółta ikonka oraz informacja o tym by odwiedzić jakąś stronę .Udało mi się co prawda to zlikwidować ale komputer strasznie się muli i co jakiś czas pojawiają się nowe wirusy.Proszę o sprawdzenie loga z ComboFixa i SmitFraudFa .
ComboFix 07-11-19.3 - Administrator 2007-11-21 18:46:31.5 - FAT32x86 NETWORK Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.362 [GMT 1:00] Running from: C:\Documents and Settings\Administrator\Pulpit\ComboFix.exe . Unable to gain System Privileges ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\prstv.ini C:\WINDOWS\system32\prstv.ini2 C:\WINDOWS\system32\qqsru.ini C:\WINDOWS\system32\qqsru.ini2 C:\WINDOWS\system32\ursqq.dll . ((((((((((((((((((((((((( Files Created from 2007-10-21 to 2007-11-21 ))))))))))))))))))))))))))))))) . 2007-11-20 11:00 84,544 --a------ C:\WINDOWS\system32\qtgdbkrj.dll 2007-11-19 13:41 684,919 —hs---- C:\WINDOWS\system32\hdwfghgc.ini 2007-11-19 13:40 83,008 --a------ C:\WINDOWS\system32\ompmerio.dll 2007-11-18 17:25 512,096 --a------ C:\WINDOWS\system32\drivers\amon.sys 2007-11-18 17:25 298,104 --a------ C:\WINDOWS\system32\imon.dll 2007-11-18 17:25 15,424 --a------ C:\WINDOWS\system32\drivers\nod32drv.sys 2007-11-18 17:13 2007-11-17 20:35 2007-11-17 19:03 90,112 --a------ C:\WINDOWS\system32\RegDACL.exe 2007-11-17 19:03 8,925 --a------ C:\clean.bat 2007-11-17 11:04 36,352 --a------ C:\WINDOWS\system32\khfdedb.dll 2007-11-16 22:41 36,352 --a------ C:\WINDOWS\system32\mljhiff.dll 2007-11-16 22:34 2007-11-16 21:57 120 --a------ C:\n.bat 2007-11-16 21:55 2007-11-16 21:55 2007-11-16 21:55 2007-11-16 21:55 36,352 --a------ C:\WINDOWS\system32\vturrrr.dll 2007-11-16 21:20 36,352 --------- C:\WINDOWS\system32\nnnmkki.dll 2007-11-16 20:32 2007-11-16 20:17 2007-11-16 20:17 2007-11-16 20:08 2,912 --a------ C:\WINDOWS\system32\tmp.reg 2007-11-16 20:08 0 --a------ C:\WINDOWS\system32\tmp.txt 2007-11-16 19:46 2007-11-16 19:46 2007-11-16 19:46 2007-11-16 19:46 2007-11-16 10:01 0 --a------ C:\Documents and Settings\Administrator\z.dat 2007-11-16 10:01 0 --a------ C:\Documents and Settings\Administrator\x.dat 2007-11-15 22:07 2,377,459 —hs---- C:\WINDOWS\system32\nhbosxat.ini 2007-11-15 09:56 2007-11-15 09:56 36,352 --a------ C:\WINDOWS\system32\ssqnllm.dll 2007-11-15 09:56 36,352 --a------ C:\WINDOWS\system32\cbxxxvu.dll.vir 2007-11-14 19:01 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll 2007-11-09 19:59 2007-11-08 16:07 299,520 --a------ C:\WINDOWS\uninst.exe 2007-11-08 16:07 264,704 --a------ C:\WINDOWS\system32\MaggiUninstall60.exe 2007-11-01 16:37 2007-11-01 16:37 2007-10-31 23:30 2007-10-31 13:38 2007-10-30 13:27 624 --a------ C:\WINDOWS\eReg.dat 2007-10-30 13:21 2007-10-30 13:20 2007-10-23 18:20 5,387 --a------ C:\WINDOWS\system32\jupdate-1.6.0_03-b05.log 2007-10-21 22:52 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-11-21 12:34 80,960 ----a-w C:\WINDOWS\system32\dcrubawn.dll 2007-11-17 19:42 22 ----a-w C:\WINDOWS\Fonts\a.zip 2007-11-16 08:59 36,352 ----a-w C:\WINDOWS\system32\byxxyvv.dll 2007-11-15 21:10 79,936 ----a-w C:\WINDOWS\system32\cfubgmqy.dll 2007-10-30 12:36 28,400 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys 2007-10-20 17:41 --------- d-----w C:\Program Files\Common Files\Adobe 2007-10-20 17:40 --------- d-----w C:\Program Files\ABBYY PDF Transformer 2.0 2007-10-20 17:38 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\ABBYY 2007-10-20 13:20 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-10-20-2007_14-16-39_7546020.dnp 2007-10-20 13:20 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-10-20-2007_14-16-39_7286962.dnp 2007-10-20 13:20 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-10-20-2007_14-16-39_4819004.dnp 2007-10-20 13:20 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-10-20-2007_14-16-39_3721674.dnp 2007-10-20 13:20 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-10-20-2007_14-16-39_3289392.dnp 2007-10-20 13:20 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-10-20-2007_14-16-39_2525799.dnp 2007-10-20 13:20 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-10-20-2007_14-16-39_2108222.dnp 2007-10-20 13:19 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-10-20-2007_14-16-39_9478871.dnp 2007-10-20 13:19 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-10-20-2007_14-16-39_8695757.dnp 2007-10-20 13:19 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-10-20-2007_14-16-39_8203486.dnp 2007-10-20 13:19 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-10-20-2007_14-16-39_8053018.dnp 2007-10-20 13:19 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-10-20-2007_14-16-39_7736297.dnp 2007-10-20 13:19 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-10-20-2007_14-16-39_72736.dnp 2007-10-20 13:19 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-10-20-2007_14-16-39_3956869.dnp 2007-10-20 13:19 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-10-20-2007_14-16-39_3771221.dnp 2007-10-20 13:19 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-10-20-2007_14-16-39_3516354.dnp 2007-10-20 13:19 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-10-20-2007_14-16-39_326498.dnp 2007-10-20 13:19 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-10-20-2007_14-16-39_3255696.dnp 2007-10-20 13:19 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-10-20-2007_14-16-39_307476.dnp 2007-10-20 13:19 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-10-20-2007_14-16-39_3056610.dnp 2007-10-20 13:19 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-10-20-2007_14-16-39_2032339.dnp 2007-10-20 13:19 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-10-20-2007_14-16-39_1914156.dnp 2007-10-20 13:19 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-10-20-2007_14-16-39_1782221.dnp 2007-10-20 13:19 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-10-20-2007_14-16-39_1709038.dnp 2007-10-20 13:19 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-10-20-2007_14-16-39_1543232.dnp 2007-10-20 13:18 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-10-20-2007_14-16-39_9207595.dnp 2007-10-20 13:18 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-10-20-2007_14-16-39_8675156.dnp 2007-10-20 13:18 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-10-20-2007_14-16-39_7673386.dnp 2007-10-20 13:18 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-10-20-2007_14-16-39_7438652.dnp 2007-10-20 13:18 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-10-20-2007_14-16-39_4965460.dnp 2007-10-20 13:18 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-10-20-2007_14-16-39_4604658.dnp 2007-10-20 13:18 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-10-20-2007_14-16-39_4405024.dnp 2007-10-20 13:18 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-10-20-2007_14-16-39_4402312.dnp 2007-10-20 13:18 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-10-20-2007_14-16-39_4286194.dnp 2007-10-20 13:18 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-10-20-2007_14-16-39_3830507.dnp 2007-10-20 13:18 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-10-20-2007_14-16-39_2712960.dnp 2007-10-20 13:18 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-10-20-2007_14-16-39_1328498.dnp 2007-10-20 13:18 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-10-20-2007_14-16-39_1023430.dnp 2007-10-20 13:17 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-10-20-2007_14-16-39_9721869.dnp 2007-10-20 13:17 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-10-20-2007_14-16-39_7922986.dnp 2007-10-20 13:17 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-10-20-2007_14-16-39_6753070.dnp 2007-10-20 13:17 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-10-20-2007_14-16-39_6081782.dnp 2007-10-20 13:17 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-10-20-2007_14-16-39_5865532.dnp 2007-10-20 13:17 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-10-20-2007_14-16-39_4925858.dnp 2007-10-20 13:17 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-10-20-2007_14-16-39_4341946.dnp 2007-10-20 13:17 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-10-20-2007_14-16-39_3953186.dnp 2007-10-20 13:17 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-10-20-2007_14-16-39_3189864.dnp 2007-10-20 13:17 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-10-20-2007_14-16-39_2254765.dnp 2007-10-20 13:17 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-10-20-2007_14-16-39_1994579.dnp 2007-10-20 13:17 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-10-20-2007_14-16-39_1338379.dnp 2007-10-14 20:37 --------- d-----w C:\Program Files\Collectorz.com 2007-10-13 19:07 --------- d-----w C:\Documents and Settings\Administrator\Dane aplikacji\AltrixSoft 2007-10-13 18:11 --------- d-----w C:\Program Files\Common Files\BinarySense 2007-10-13 18:11 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\TEMP 2007-10-13 18:11 --------- d-----w C:\Documents and Settings\Administrator\Dane aplikacji\BinarySense 2007-10-10 20:19 --------- d-----w C:\Program Files\Common Files\Onet.pl 2007-10-10 20:19 --------- d-----w C:\Documents and Settings\Administrator\Dane aplikacji\Kamerzysta 2007-10-10 20:19 --------- d-----w C:\Documents and Settings\Administrator\Dane aplikacji\AutoUpdate 2007-10-01 14:40 --------- d-----w C:\Documents and Settings\Administrator\Dane aplikacji\Ulead Systems 2007-10-01 14:36 --------- d-----w C:\Program Files\SmartSound Software 2007-10-01 14:36 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\SmartSound Software Inc 2007-10-01 14:35 --------- d-----w C:\Program Files\Windows Media Components 2007-10-01 14:35 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\InstallShield 2007-10-01 14:33 --------- d-----w C:\Program Files\Ulead Systems 2007-10-01 14:33 --------- d-----w C:\Program Files\Common Files\Ulead Systems 2007-10-01 14:33 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Ulead Systems 2007-09-28 19:55 --------- d-----w C:\Documents and Settings\Administrator\Dane aplikacji\Media Player Classic 2007-09-26 16:10 --------- d-----w C:\Program Files\NAPI-PROJEKT 2007-09-23 20:00 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-9-23-2007_20-55-51_866303.dnp 2007-09-23 20:00 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-9-23-2007_20-55-51_7352828.dnp 2007-09-23 20:00 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-9-23-2007_20-55-51_7253734.dnp 2007-09-23 20:00 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-9-23-2007_20-55-51_598415.dnp 2007-09-23 20:00 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-9-23-2007_20-55-51_5963708.dnp 2007-09-23 20:00 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-9-23-2007_20-55-51_4775500.dnp 2007-09-23 20:00 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-9-23-2007_20-55-51_4738868.dnp 2007-09-23 20:00 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-9-23-2007_20-55-51_4369228.dnp 2007-09-23 20:00 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-9-23-2007_20-55-51_3944316.dnp 2007-09-23 20:00 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-9-23-2007_20-55-51_3754260.dnp 2007-09-23 20:00 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-9-23-2007_20-55-51_2733401.dnp 2007-09-23 20:00 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-9-23-2007_20-55-51_2705598.dnp 2007-09-23 20:00 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-9-23-2007_20-55-51_1511182.dnp 2007-09-23 19:59 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-9-23-2007_20-55-51_9666913.dnp 2007-09-23 19:59 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-9-23-2007_20-55-51_9586226.dnp 2007-09-23 19:59 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-9-23-2007_20-55-51_9540862.dnp 2007-09-23 19:59 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-9-23-2007_20-55-51_9153629.dnp 2007-09-23 19:59 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-9-23-2007_20-55-51_911417.dnp 2007-09-23 19:59 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-9-23-2007_20-55-51_7844100.dnp 2007-09-23 19:59 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-9-23-2007_20-55-51_7078581.dnp 2007-09-23 19:59 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-9-23-2007_20-55-51_6507018.dnp 2007-09-23 19:59 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-9-23-2007_20-55-51_5058442.dnp 2007-09-23 19:59 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-9-23-2007_20-55-51_5045296.dnp 2007-09-23 19:59 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-9-23-2007_20-55-51_4911177.dnp . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE~\Browser Helper Objects{952af04d-0af4-4008-b78a-9b4e7d9ef704}] 2007-11-21 13:34 80960 --a------ C:\WINDOWS\system32\dcrubawn.dll [HKEY_LOCAL_MACHINE~\Browser Helper Objects{A14F4792-EF65-4BA3-AA7C-36BBFA4262F2}] C:\Program Files\Windows Media Player\hokerC:\WINDOWS\system32\x24\jumper83122.exe.dll [HKEY_LOCAL_MACHINE~\Browser Helper Objects{BBB05D9E-0297-404D-A6BF-D8F2876B84A6}] 2007-11-16 21:20 36352 --------- C:\WINDOWS\system32\nnnmkki.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “ctfmon.exe”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-04 00:44] “BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}”=“C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe” [] “Uniblue RegistryBooster 2”=“C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe” [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “WINDVDPatch”=“CTHELPER.EXE” [2002-02-07 20:01 C:\WINDOWS\system32\CTHELPER.EXE] “UpdReg”=“C:\WINDOWS\UpdReg.EXE” [2000-05-11 01:00] “Jet Detection”=“C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe” [2001-10-04 01:00] “CTStartup”=“C:\Program Files\Creative\Splash Screen\CTEaxSpl.exe” [2001-12-20 01:00] “Outpost Firewall”=“C:\Program Files\Agnitum\Outpost Firewall\outpost.exe” [2007-01-19 14:46] “OutpostFeedBack”=“C:\Program Files\Agnitum\Outpost Firewall\feedback.exe” [2007-01-23 13:54] “NBKeyScan”=“C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe” [] “UVS10 Preload”=“C:\Program Files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe” [2006-05-17 14:23] “Onet.pl AutoUpdate”=“C:\Program Files\Common Files\Onet.pl\NewAutoUpdate.exe” [] “SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe” [2007-09-25 01:11] “NWEReboot”="" [] “a4ed6b13”=“C:\WINDOWS\system32\cghgfwdh.dll” [] “nod32kui”=“C:\Program Files\Eset\nod32kui.exe” [2007-11-18 17:23] [HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE” [2004-08-04 00:44] [HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] “nltide_2”=“regsvr32 /s /n /i:U shell32” [] “nltide_3”=“advpack.dll” [2007-07-27 19:31 C:\WINDOWS\system32\advpack.dll] C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\ Reboot.exe [2001-03-15 12:07:50] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] “DisableStatusMessages”= 1 (0x1) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] “NoSMMyPictures”= 1 (0x1) “NoSMConfigurePrograms”= 1 (0x1) “NoSMHelp”= 1 (0x1) “NoRecentDocsMenu”= 1 (0x1) “NoRecentDocsHistory”= 1 (0x1) “NoResolveTrack”= 1 (0x1) “NoResolveSearch”= 1 (0x1) [HKEY_USERS.default\software\microsoft\windows\currentversion\policies\explorer] “NoSMMyPictures”= 1 (0x1) “NoSMConfigurePrograms”= 1 (0x1) “NoSMHelp”= 1 (0x1) “NoRecentDocsMenu”= 1 (0x1) “NoRecentDocsHistory”= 1 (0x1) “NoResolveTrack”= 1 (0x1) “NoResolveSearch”= 1 (0x1) [hklm\software\microsoft\windows\currentversion\explorer\shellexecutehooks] “{BBB05D9E-0297-404D-A6BF-D8F2876B84A6}”= C:\WINDOWS\system32\nnnmkki.dll [2007-11-16 21:20 36352] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnmkki] nnnmkki.dll 2007-11-16 21:20 36352 C:\WINDOWS\system32\nnnmkki.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] “Authentication Packages”= msv1_0 C:\WINDOWS\system32\ursqq.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Samsung Internet Keyboard.lnk] path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Samsung Internet Keyboard.lnk backup=C:\WINDOWS\pss\Samsung Internet Keyboard.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Colibri] 2006-11-24 01:00 778240 --a------ C:\Program Files\Colibri\Colibri.exe R0 Si3112;Si3112;C:\WINDOWS\system32\drivers\Si3112.sys R1 SandBox;Outpost Firewall Sandbox Driver;??\C:\Program Files\Agnitum\Outpost Firewall\kernel\Sandbox.SYS R1 VFILT;Outpost Firewall Kernel Driver;??\C:\Program Files\Agnitum\Outpost Firewall\kernel\FILTNT.SYS R3 ADBLOCK.DLL;Outpost Firewall PlugIn (ADBLOCK.DLL);??\C:\Program Files\Agnitum\Outpost Firewall\kernel\ADBLOCK.DLL R3 ARP.DLL;Outpost Firewall PlugIn (ARP.DLL);??\C:\Program Files\Agnitum\Outpost Firewall\kernel\ARP.DLL R3 CONTENT.DLL;Outpost Firewall PlugIn (CONTENT.DLL);??\C:\Program Files\Agnitum\Outpost Firewall\kernel\CONTENT.DLL R3 DNSCACHE.DLL;Outpost Firewall PlugIn (DNSCACHE.DLL);??\C:\Program Files\Agnitum\Outpost Firewall\kernel\DNSCACHE.DLL R3 FTPFILT.DLL;Outpost Firewall PlugIn (FTPFILT.DLL);??\C:\Program Files\Agnitum\Outpost Firewall\kernel\FTPFILT.DLL R3 HTMLFILT.DLL;Outpost Firewall PlugIn (HTMLFILT.DLL);??\C:\Program Files\Agnitum\Outpost Firewall\kernel\HTMLFILT.DLL R3 HTTPFILT.DLL;Outpost Firewall PlugIn (HTTPFILT.DLL);??\C:\Program Files\Agnitum\Outpost Firewall\kernel\HTTPFILT.DLL R3 IMAPFILT.DLL;Outpost Firewall PlugIn (IMAPFILT.DLL);??\C:\Program Files\Agnitum\Outpost Firewall\kernel\IMAPFILT.DLL R3 MAILFILT.DLL;Outpost Firewall PlugIn (MAILFILT.DLL);??\C:\Program Files\Agnitum\Outpost Firewall\kernel\MAILFILT.DLL R3 NNTPFILT.DLL;Outpost Firewall PlugIn (NNTPFILT.DLL);??\C:\Program Files\Agnitum\Outpost Firewall\kernel\NNTPFILT.DLL R3 POP3FILT.DLL;Outpost Firewall PlugIn (POP3FILT.DLL);??\C:\Program Files\Agnitum\Outpost Firewall\kernel\POP3FILT.DLL R3 PROTECT.DLL;Outpost Firewall PlugIn (PROTECT.DLL);??\C:\Program Files\Agnitum\Outpost Firewall\kernel\PROTECT.DLL R3 SECRET.DLL;Outpost Firewall PlugIn (SECRET.DLL);??\C:\Program Files\Agnitum\Outpost Firewall\kernel\SECRET.DLL S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalService WebClient LmHosts upnphost SSDPSRV . ************************************************************************** catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-11-21 18:54:19 Windows 5.1.2600 Dodatek Service Pack 2 FAT NTAPI scanning hidden processes …
drugi log--------------------------------------------------------------
SmitFraudFix v2.253 Scan done at 18:33:38,68, 2007-11-21 Run from C:\Documents and Settings\Administrator\Pulpit\SmitfraudFix OS: Microsoft Windows XP [Wersja 5.1.2600] - Windows_NT The filesystem type is FAT32 Fix run in safe mode »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix !Attention, following keys are not inevitably infected! SrchSTS.exe by S!Ri Search SharedTaskScheduler’s .dll »»»»»»»»»»»»»»»»»»»»»»»» Killing process »»»»»»»»»»»»»»»»»»»»»»»» hosts 127.0.0.1 localhost »»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix S!Ri’s WS2Fix: LSP not Found. »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files »»»»»»»»»»»»»»»»»»»»»»»» DNS Description: Karta Realtek RTL8139 Family PCI Fast Ethernet NIC - Sterownik miniport Harmonogramu pakietów DNS Server Search Order: 193.110.120.5 DNS Server Search Order: 10.0.3.254 HKLM\SYSTEM\CCS\Services\Tcpip…{96FE47CB-B26E-4A05-B8A3-40868188F78A}: NameServer=193.110.120.5,10.0.3.254 HKLM\SYSTEM\CS1\Services\Tcpip…{96FE47CB-B26E-4A05-B8A3-40868188F78A}: NameServer=193.110.120.5,10.0.3.254 HKLM\SYSTEM\CS2\Services\Tcpip…{96FE47CB-B26E-4A05-B8A3-40868188F78A}: NameServer=193.110.120.5,10.0.3.254 »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !Attention, following keys are not inevitably infected! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] “System”="" »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning Registry Cleaning done. »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix !Attention, following keys are not inevitably infected! SrchSTS.exe by S!Ri Search SharedTaskScheduler’s .dll »»»»»»»»»»»»»»»»»»»»»»»» End
Gutek
(Gutek)
21 Listopad 2007 22:35
#2
as11
(As11)
22 Listopad 2007 18:39
#3
Zrobiłem jak radziłeś . Podaje log z ComboFixa
Gutek
(Gutek)
22 Listopad 2007 21:40
#4
Wklej do Notatnika:
>>Plik>>Zapisz jako… >>> CFScript (najwygodniej będzie, jeśli zapiszesz w takiej lokalizacji, by ikonka CFScript.txt znalazła się obok ikonki ComboFix.exe )
Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe (czyli ikonkę CFScript.txt na ikonkę ComboFix.exe )
– podobnie jak na tym obrazku –>
(jeśli pojawi się pytanie " 1 or 2 " - to wpisz 1 i naciśnij ENTER) Ma się rozpocząć usuwanie. (i powstanie log)
Po restarcie usuń ręcznie folder C: * * Qoobox**.
Po tym nowy log z Combo, lecz przed logiem:
Wklej do Notatnika:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Authentication Packages"=-
"Authentication Packages"=hex(7):6d,00,73,00,76,00,31,00,5f,00,30,00,00,00,00,\
00
Z menu Notatnika Plik Zapisz jako Ustaw rozszerzenie na “Wszystkie pliki” Zapisz jako FIX.REG uruchom ten plik (dwuklik) .
as11
(As11)
24 Listopad 2007 17:01
#5
Wszystko wykonałem według instrukcji a oto log
ComboFix 07-11-19.3 - Administrator 2007-11-24 17:50:34.8 - FAT32x86 MINIMAL Running from: C:\Documents and Settings\Administrator\Pulpit\ComboFix.exe . ((((((((((((((((((((((((( Files Created from 2007-10-24 to 2007-11-24 ))))))))))))))))))))))))))))))) . 2007-11-22 20:02 2007-11-22 18:38 2007-11-18 17:25 512,096 --a------ C:\WINDOWS\system32\drivers\amon.sys 2007-11-18 17:25 298,104 --a------ C:\WINDOWS\system32\imon.dll 2007-11-18 17:25 15,424 --a------ C:\WINDOWS\system32\drivers\nod32drv.sys 2007-11-18 17:13 2007-11-17 20:35 2007-11-17 19:03 90,112 --a------ C:\WINDOWS\system32\RegDACL.exe 2007-11-17 19:03 8,925 --a------ C:\clean.bat 2007-11-17 19:03 4,096 --a------ C:\WINDOWS\system32\reboot.exe 2007-11-16 22:34 2007-11-16 21:57 120 --a------ C:\n.bat 2007-11-16 21:55 2007-11-16 20:32 2007-11-16 20:17 2007-11-16 20:17 2007-11-16 20:08 2,912 --a------ C:\WINDOWS\system32\tmp.reg 2007-11-16 20:08 0 --a------ C:\WINDOWS\system32\tmp.txt 2007-11-16 19:46 2007-11-16 19:46 2007-11-16 19:46 2007-11-16 19:46 2007-11-16 13:34 89,088 --a------ C:\WINDOWS\system32\atl71.dll 2007-11-16 13:34 24,064 --a------ C:\WINDOWS\system32\msxml3a.dll 2007-11-16 10:01 0 --a------ C:\Documents and Settings\Administrator\z.dat 2007-11-16 10:01 0 --a------ C:\Documents and Settings\Administrator\x.dat 2007-11-14 19:01 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll 2007-11-09 19:59 2007-11-08 16:07 299,520 --a------ C:\WINDOWS\uninst.exe 2007-11-08 16:07 264,704 --a------ C:\WINDOWS\system32\MaggiUninstall60.exe 2007-11-01 16:37 2007-11-01 16:37 2007-10-31 23:30 2007-10-31 13:38 2007-10-30 13:27 624 --a------ C:\WINDOWS\eReg.dat 2007-10-30 13:21 2007-10-30 13:20 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-11-17 19:42 22 ----a-w C:\WINDOWS\Fonts\a.zip 2007-10-20 17:41 --------- d-----w C:\Program Files\Common Files\Adobe 2007-10-20 17:40 --------- d-----w C:\Program Files\ABBYY PDF Transformer 2.0 2007-10-20 17:38 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\ABBYY 2007-10-20 13:20 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-10-20-2007_14-16-39_7546020.dnp 2007-10-20 13:20 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-10-20-2007_14-16-39_7286962.dnp 2007-10-20 13:20 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-10-20-2007_14-16-39_4819004.dnp 2007-10-20 13:20 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-10-20-2007_14-16-39_3721674.dnp 2007-10-20 13:20 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-10-20-2007_14-16-39_3289392.dnp 2007-10-20 13:20 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-10-20-2007_14-16-39_2525799.dnp 2007-10-20 13:20 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-10-20-2007_14-16-39_2108222.dnp 2007-10-20 13:19 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-10-20-2007_14-16-39_9478871.dnp 2007-10-20 13:19 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-10-20-2007_14-16-39_8695757.dnp 2007-10-20 13:19 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-10-20-2007_14-16-39_8203486.dnp 2007-10-20 13:19 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-10-20-2007_14-16-39_8053018.dnp 2007-10-20 13:19 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-10-20-2007_14-16-39_7736297.dnp 2007-10-20 13:19 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-10-20-2007_14-16-39_72736.dnp 2007-10-20 13:19 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-10-20-2007_14-16-39_3956869.dnp 2007-10-20 13:19 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-10-20-2007_14-16-39_3771221.dnp 2007-10-20 13:19 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-10-20-2007_14-16-39_3516354.dnp 2007-10-20 13:19 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-10-20-2007_14-16-39_326498.dnp 2007-10-20 13:19 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-10-20-2007_14-16-39_3255696.dnp 2007-10-20 13:19 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-10-20-2007_14-16-39_307476.dnp 2007-10-20 13:19 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-10-20-2007_14-16-39_3056610.dnp 2007-10-20 13:19 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-10-20-2007_14-16-39_2032339.dnp 2007-10-20 13:19 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-10-20-2007_14-16-39_1914156.dnp 2007-10-20 13:19 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-10-20-2007_14-16-39_1782221.dnp 2007-10-20 13:19 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-10-20-2007_14-16-39_1709038.dnp 2007-10-20 13:19 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-10-20-2007_14-16-39_1543232.dnp 2007-10-20 13:18 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-10-20-2007_14-16-39_9207595.dnp 2007-10-20 13:18 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-10-20-2007_14-16-39_8675156.dnp 2007-10-20 13:18 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-10-20-2007_14-16-39_7673386.dnp 2007-10-20 13:18 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-10-20-2007_14-16-39_7438652.dnp 2007-10-20 13:18 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-10-20-2007_14-16-39_4965460.dnp 2007-10-20 13:18 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-10-20-2007_14-16-39_4604658.dnp 2007-10-20 13:18 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-10-20-2007_14-16-39_4405024.dnp 2007-10-20 13:18 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-10-20-2007_14-16-39_4402312.dnp 2007-10-20 13:18 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-10-20-2007_14-16-39_4286194.dnp 2007-10-20 13:18 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-10-20-2007_14-16-39_3830507.dnp 2007-10-20 13:18 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-10-20-2007_14-16-39_2712960.dnp 2007-10-20 13:18 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-10-20-2007_14-16-39_1328498.dnp 2007-10-20 13:18 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-10-20-2007_14-16-39_1023430.dnp 2007-10-20 13:17 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-10-20-2007_14-16-39_9721869.dnp 2007-10-20 13:17 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-10-20-2007_14-16-39_7922986.dnp 2007-10-20 13:17 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-10-20-2007_14-16-39_6753070.dnp 2007-10-20 13:17 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-10-20-2007_14-16-39_6081782.dnp 2007-10-20 13:17 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-10-20-2007_14-16-39_5865532.dnp 2007-10-20 13:17 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-10-20-2007_14-16-39_4925858.dnp 2007-10-20 13:17 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-10-20-2007_14-16-39_4341946.dnp 2007-10-20 13:17 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-10-20-2007_14-16-39_3953186.dnp 2007-10-20 13:17 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-10-20-2007_14-16-39_3189864.dnp 2007-10-20 13:17 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-10-20-2007_14-16-39_2254765.dnp 2007-10-20 13:17 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-10-20-2007_14-16-39_1994579.dnp 2007-10-20 13:17 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-10-20-2007_14-16-39_1338379.dnp 2007-10-14 20:37 --------- d-----w C:\Program Files\Collectorz.com 2007-10-13 19:07 --------- d-----w C:\Documents and Settings\Administrator\Dane aplikacji\AltrixSoft 2007-10-13 18:11 --------- d-----w C:\Program Files\Common Files\BinarySense 2007-10-13 18:11 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\TEMP 2007-10-13 18:11 --------- d-----w C:\Documents and Settings\Administrator\Dane aplikacji\BinarySense 2007-10-10 20:19 --------- d-----w C:\Program Files\Common Files\Onet.pl 2007-10-10 20:19 --------- d-----w C:\Documents and Settings\Administrator\Dane aplikacji\Kamerzysta 2007-10-10 20:19 --------- d-----w C:\Documents and Settings\Administrator\Dane aplikacji\AutoUpdate 2007-10-01 14:40 --------- d-----w C:\Documents and Settings\Administrator\Dane aplikacji\Ulead Systems 2007-10-01 14:36 --------- d-----w C:\Program Files\SmartSound Software 2007-10-01 14:36 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\SmartSound Software Inc 2007-10-01 14:35 --------- d-----w C:\Program Files\Windows Media Components 2007-10-01 14:35 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\InstallShield 2007-10-01 14:33 --------- d-----w C:\Program Files\Ulead Systems 2007-10-01 14:33 --------- d-----w C:\Program Files\Common Files\Ulead Systems 2007-10-01 14:33 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Ulead Systems 2007-09-28 19:55 --------- d-----w C:\Documents and Settings\Administrator\Dane aplikacji\Media Player Classic 2007-09-26 16:10 --------- d-----w C:\Program Files\NAPI-PROJEKT 2007-09-23 20:00 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-9-23-2007_20-55-51_866303.dnp 2007-09-23 20:00 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-9-23-2007_20-55-51_7352828.dnp 2007-09-23 20:00 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-9-23-2007_20-55-51_7253734.dnp 2007-09-23 20:00 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-9-23-2007_20-55-51_598415.dnp 2007-09-23 20:00 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-9-23-2007_20-55-51_5963708.dnp 2007-09-23 20:00 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-9-23-2007_20-55-51_4775500.dnp 2007-09-23 20:00 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-9-23-2007_20-55-51_4738868.dnp 2007-09-23 20:00 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-9-23-2007_20-55-51_4369228.dnp 2007-09-23 20:00 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-9-23-2007_20-55-51_3944316.dnp 2007-09-23 20:00 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-9-23-2007_20-55-51_3754260.dnp 2007-09-23 20:00 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-9-23-2007_20-55-51_2733401.dnp 2007-09-23 20:00 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-9-23-2007_20-55-51_2705598.dnp 2007-09-23 20:00 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-9-23-2007_20-55-51_1511182.dnp 2007-09-23 19:59 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-9-23-2007_20-55-51_9666913.dnp 2007-09-23 19:59 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-9-23-2007_20-55-51_9586226.dnp 2007-09-23 19:59 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-9-23-2007_20-55-51_9540862.dnp 2007-09-23 19:59 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-9-23-2007_20-55-51_9153629.dnp 2007-09-23 19:59 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-9-23-2007_20-55-51_911417.dnp 2007-09-23 19:59 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-9-23-2007_20-55-51_7844100.dnp 2007-09-23 19:59 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-9-23-2007_20-55-51_7078581.dnp 2007-09-23 19:59 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-9-23-2007_20-55-51_6507018.dnp 2007-09-23 19:59 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-9-23-2007_20-55-51_5058442.dnp 2007-09-23 19:59 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-9-23-2007_20-55-51_5045296.dnp 2007-09-23 19:59 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-9-23-2007_20-55-51_4911177.dnp 2007-09-23 19:59 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-9-23-2007_20-55-51_2611017.dnp 2007-09-23 19:58 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-9-23-2007_20-55-51_8696388.dnp 2007-09-23 19:58 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-9-23-2007_20-55-51_8484836.dnp 2007-09-23 19:58 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-9-23-2007_20-55-51_8307056.dnp . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE~\Browser Helper Objects{A14F4792-EF65-4BA3-AA7C-36BBFA4262F2}] C:\Program Files\Windows Media Player\hokerC:\WINDOWS\system32\x24\jumper83122.exe.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “ctfmon.exe”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-04 00:44] “BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}”=“C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe” [] “Uniblue RegistryBooster 2”=“C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe” [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “WINDVDPatch”=“CTHELPER.EXE” [2002-02-07 20:01 C:\WINDOWS\system32\CTHELPER.EXE] “UpdReg”=“C:\WINDOWS\UpdReg.EXE” [2000-05-11 01:00] “Jet Detection”=“C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe” [2001-10-04 01:00] “CTStartup”=“C:\Program Files\Creative\Splash Screen\CTEaxSpl.exe” [2001-12-20 01:00] “Outpost Firewall”=“C:\Program Files\Agnitum\Outpost Firewall\outpost.exe” [2007-01-19 14:46] “OutpostFeedBack”=“C:\Program Files\Agnitum\Outpost Firewall\feedback.exe” [2007-01-23 13:54] “NBKeyScan”=“C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe” [] “UVS10 Preload”=“C:\Program Files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe” [2006-05-17 14:23] “Onet.pl AutoUpdate”=“C:\Program Files\Common Files\Onet.pl\NewAutoUpdate.exe” [] “SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe” [2007-09-25 01:11] “NWEReboot”="" [] “a4ed6b13”=“C:\WINDOWS\system32\cghgfwdh.dll” [] “nod32kui”=“C:\Program Files\Eset\nod32kui.exe” [2007-11-18 17:23] [HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE” [2004-08-04 00:44] [HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] “nltide_2”=“regsvr32 /s /n /i:U shell32” [] “nltide_3”=“advpack.dll” [2007-07-27 19:31 C:\WINDOWS\system32\advpack.dll] C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\ Reboot.exe [2001-03-15 12:07:50] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] “DisableStatusMessages”= 1 (0x1) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] “NoSMMyPictures”= 1 (0x1) “NoSMConfigurePrograms”= 1 (0x1) “NoSMHelp”= 1 (0x1) “NoRecentDocsMenu”= 1 (0x1) “NoRecentDocsHistory”= 1 (0x1) “NoResolveTrack”= 1 (0x1) “NoResolveSearch”= 1 (0x1) [HKEY_USERS.default\software\microsoft\windows\currentversion\policies\explorer] “NoSMMyPictures”= 1 (0x1) “NoSMConfigurePrograms”= 1 (0x1) “NoSMHelp”= 1 (0x1) “NoRecentDocsMenu”= 1 (0x1) “NoRecentDocsHistory”= 1 (0x1) “NoResolveTrack”= 1 (0x1) “NoResolveSearch”= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Samsung Internet Keyboard.lnk] path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Samsung Internet Keyboard.lnk backup=C:\WINDOWS\pss\Samsung Internet Keyboard.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Colibri] 2006-11-24 01:00 778240 --a------ C:\Program Files\Colibri\Colibri.exe R0 Si3112;Si3112;C:\WINDOWS\system32\drivers\Si3112.sys S1 SandBox;Outpost Firewall Sandbox Driver;??\C:\Program Files\Agnitum\Outpost Firewall\kernel\Sandbox.SYS S1 VFILT;Outpost Firewall Kernel Driver;??\C:\Program Files\Agnitum\Outpost Firewall\kernel\FILTNT.SYS S3 ADBLOCK.DLL;Outpost Firewall PlugIn (ADBLOCK.DLL);??\C:\Program Files\Agnitum\Outpost Firewall\kernel\ADBLOCK.DLL S3 ARP.DLL;Outpost Firewall PlugIn (ARP.DLL);??\C:\Program Files\Agnitum\Outpost Firewall\kernel\ARP.DLL S3 CONTENT.DLL;Outpost Firewall PlugIn (CONTENT.DLL);??\C:\Program Files\Agnitum\Outpost Firewall\kernel\CONTENT.DLL S3 DNSCACHE.DLL;Outpost Firewall PlugIn (DNSCACHE.DLL);??\C:\Program Files\Agnitum\Outpost Firewall\kernel\DNSCACHE.DLL S3 FTPFILT.DLL;Outpost Firewall PlugIn (FTPFILT.DLL);??\C:\Program Files\Agnitum\Outpost Firewall\kernel\FTPFILT.DLL S3 HTMLFILT.DLL;Outpost Firewall PlugIn (HTMLFILT.DLL);??\C:\Program Files\Agnitum\Outpost Firewall\kernel\HTMLFILT.DLL S3 HTTPFILT.DLL;Outpost Firewall PlugIn (HTTPFILT.DLL);??\C:\Program Files\Agnitum\Outpost Firewall\kernel\HTTPFILT.DLL S3 IMAPFILT.DLL;Outpost Firewall PlugIn (IMAPFILT.DLL);??\C:\Program Files\Agnitum\Outpost Firewall\kernel\IMAPFILT.DLL S3 MAILFILT.DLL;Outpost Firewall PlugIn (MAILFILT.DLL);??\C:\Program Files\Agnitum\Outpost Firewall\kernel\MAILFILT.DLL S3 NNTPFILT.DLL;Outpost Firewall PlugIn (NNTPFILT.DLL);??\C:\Program Files\Agnitum\Outpost Firewall\kernel\NNTPFILT.DLL S3 POP3FILT.DLL;Outpost Firewall PlugIn (POP3FILT.DLL);??\C:\Program Files\Agnitum\Outpost Firewall\kernel\POP3FILT.DLL S3 PROTECT.DLL;Outpost Firewall PlugIn (PROTECT.DLL);??\C:\Program Files\Agnitum\Outpost Firewall\kernel\PROTECT.DLL S3 SECRET.DLL;Outpost Firewall PlugIn (SECRET.DLL);??\C:\Program Files\Agnitum\Outpost Firewall\kernel\SECRET.DLL S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalService WebClient LmHosts upnphost SSDPSRV . ************************************************************************** catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-11-24 17:52:13 Windows 5.1.2600 Dodatek Service Pack 2 FAT NTAPI scanning hidden processes … scanning hidden autostart entries … HKLM\Software\Microsoft\Windows\CurrentVersion\Run CTStartup = C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run???h???s???w? ?w???w???w4???.??w4???4???TA?s4???&9??? ??? ???E?6~u?6~???8?a???C@???s???s???&9?A??s?&9??C@?x???`|?w???@ scanning hidden files … scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-11-24 17:52:54 . — E O F —
Złączono Posta : 24.11.2007 (Sob) 18:17
Przepraszm bardzo ale zapomniałem o Fix.reg .Już dodany do rejestru i oczywiście nowy log
ComboFix 07-11-19.3 - Administrator 2007-11-24 18:09:11.9 - FAT32x86 MINIMAL Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.387 [GMT 1:00] Running from: C:\Documents and Settings\Administrator\Pulpit\ComboFix.exe . ((((((((((((((((((((((((( Files Created from 2007-10-24 to 2007-11-24 ))))))))))))))))))))))))))))))) . 2007-11-22 20:02 2007-11-22 18:38 2007-11-18 17:25 512,096 --a------ C:\WINDOWS\system32\drivers\amon.sys 2007-11-18 17:25 298,104 --a------ C:\WINDOWS\system32\imon.dll 2007-11-18 17:25 15,424 --a------ C:\WINDOWS\system32\drivers\nod32drv.sys 2007-11-18 17:13 2007-11-17 20:35 2007-11-17 19:03 90,112 --a------ C:\WINDOWS\system32\RegDACL.exe 2007-11-17 19:03 8,925 --a------ C:\clean.bat 2007-11-17 19:03 4,096 --a------ C:\WINDOWS\system32\reboot.exe 2007-11-16 22:34 2007-11-16 21:57 120 --a------ C:\n.bat 2007-11-16 21:55 2007-11-16 20:32 2007-11-16 20:17 2007-11-16 20:17 2007-11-16 20:08 2,912 --a------ C:\WINDOWS\system32\tmp.reg 2007-11-16 20:08 0 --a------ C:\WINDOWS\system32\tmp.txt 2007-11-16 19:46 2007-11-16 19:46 2007-11-16 19:46 2007-11-16 19:46 2007-11-16 13:34 89,088 --a------ C:\WINDOWS\system32\atl71.dll 2007-11-16 13:34 24,064 --a------ C:\WINDOWS\system32\msxml3a.dll 2007-11-16 10:01 0 --a------ C:\Documents and Settings\Administrator\z.dat 2007-11-16 10:01 0 --a------ C:\Documents and Settings\Administrator\x.dat 2007-11-14 19:01 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll 2007-11-09 19:59 2007-11-08 16:07 299,520 --a------ C:\WINDOWS\uninst.exe 2007-11-08 16:07 264,704 --a------ C:\WINDOWS\system32\MaggiUninstall60.exe 2007-11-01 16:37 2007-11-01 16:37 2007-10-31 23:30 2007-10-31 13:38 2007-10-30 13:27 624 --a------ C:\WINDOWS\eReg.dat 2007-10-30 13:21 2007-10-30 13:20 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-11-17 19:42 22 ----a-w C:\WINDOWS\Fonts\a.zip 2007-10-20 17:41 --------- d-----w C:\Program Files\Common Files\Adobe 2007-10-20 17:40 --------- d-----w C:\Program Files\ABBYY PDF Transformer 2.0 2007-10-20 17:38 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\ABBYY 2007-10-20 13:20 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-10-20-2007_14-16-39_7546020.dnp 2007-10-20 13:20 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-10-20-2007_14-16-39_7286962.dnp 2007-10-20 13:20 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-10-20-2007_14-16-39_4819004.dnp 2007-10-20 13:20 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-10-20-2007_14-16-39_3721674.dnp 2007-10-20 13:20 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-10-20-2007_14-16-39_3289392.dnp 2007-10-20 13:20 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-10-20-2007_14-16-39_2525799.dnp 2007-10-20 13:20 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-10-20-2007_14-16-39_2108222.dnp 2007-10-20 13:19 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-10-20-2007_14-16-39_9478871.dnp 2007-10-20 13:19 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-10-20-2007_14-16-39_8695757.dnp 2007-10-20 13:19 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-10-20-2007_14-16-39_8203486.dnp 2007-10-20 13:19 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-10-20-2007_14-16-39_8053018.dnp 2007-10-20 13:19 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-10-20-2007_14-16-39_7736297.dnp 2007-10-20 13:19 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-10-20-2007_14-16-39_72736.dnp 2007-10-20 13:19 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-10-20-2007_14-16-39_3956869.dnp 2007-10-20 13:19 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-10-20-2007_14-16-39_3771221.dnp 2007-10-20 13:19 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-10-20-2007_14-16-39_3516354.dnp 2007-10-20 13:19 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-10-20-2007_14-16-39_326498.dnp 2007-10-20 13:19 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-10-20-2007_14-16-39_3255696.dnp 2007-10-20 13:19 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-10-20-2007_14-16-39_307476.dnp 2007-10-20 13:19 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-10-20-2007_14-16-39_3056610.dnp 2007-10-20 13:19 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-10-20-2007_14-16-39_2032339.dnp 2007-10-20 13:19 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-10-20-2007_14-16-39_1914156.dnp 2007-10-20 13:19 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-10-20-2007_14-16-39_1782221.dnp 2007-10-20 13:19 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-10-20-2007_14-16-39_1709038.dnp 2007-10-20 13:19 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-10-20-2007_14-16-39_1543232.dnp 2007-10-20 13:18 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-10-20-2007_14-16-39_9207595.dnp 2007-10-20 13:18 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-10-20-2007_14-16-39_8675156.dnp 2007-10-20 13:18 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-10-20-2007_14-16-39_7673386.dnp 2007-10-20 13:18 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-10-20-2007_14-16-39_7438652.dnp 2007-10-20 13:18 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-10-20-2007_14-16-39_4965460.dnp 2007-10-20 13:18 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-10-20-2007_14-16-39_4604658.dnp 2007-10-20 13:18 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-10-20-2007_14-16-39_4405024.dnp 2007-10-20 13:18 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-10-20-2007_14-16-39_4402312.dnp 2007-10-20 13:18 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-10-20-2007_14-16-39_4286194.dnp 2007-10-20 13:18 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-10-20-2007_14-16-39_3830507.dnp 2007-10-20 13:18 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-10-20-2007_14-16-39_2712960.dnp 2007-10-20 13:18 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-10-20-2007_14-16-39_1328498.dnp 2007-10-20 13:18 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-10-20-2007_14-16-39_1023430.dnp 2007-10-20 13:17 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-10-20-2007_14-16-39_9721869.dnp 2007-10-20 13:17 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-10-20-2007_14-16-39_7922986.dnp 2007-10-20 13:17 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-10-20-2007_14-16-39_6753070.dnp 2007-10-20 13:17 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-10-20-2007_14-16-39_6081782.dnp 2007-10-20 13:17 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-10-20-2007_14-16-39_5865532.dnp 2007-10-20 13:17 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-10-20-2007_14-16-39_4925858.dnp 2007-10-20 13:17 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-10-20-2007_14-16-39_4341946.dnp 2007-10-20 13:17 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-10-20-2007_14-16-39_3953186.dnp 2007-10-20 13:17 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-10-20-2007_14-16-39_3189864.dnp 2007-10-20 13:17 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-10-20-2007_14-16-39_2254765.dnp 2007-10-20 13:17 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-10-20-2007_14-16-39_1994579.dnp 2007-10-20 13:17 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-10-20-2007_14-16-39_1338379.dnp 2007-10-14 20:37 --------- d-----w C:\Program Files\Collectorz.com 2007-10-13 19:07 --------- d-----w C:\Documents and Settings\Administrator\Dane aplikacji\AltrixSoft 2007-10-13 18:11 --------- d-----w C:\Program Files\Common Files\BinarySense 2007-10-13 18:11 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\TEMP 2007-10-13 18:11 --------- d-----w C:\Documents and Settings\Administrator\Dane aplikacji\BinarySense 2007-10-10 20:19 --------- d-----w C:\Program Files\Common Files\Onet.pl 2007-10-10 20:19 --------- d-----w C:\Documents and Settings\Administrator\Dane aplikacji\AutoUpdate 2007-10-01 14:40 --------- d-----w C:\Documents and Settings\Administrator\Dane aplikacji\Ulead Systems 2007-10-01 14:36 --------- d-----w C:\Program Files\SmartSound Software 2007-10-01 14:36 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\SmartSound Software Inc 2007-10-01 14:35 --------- d-----w C:\Program Files\Windows Media Components 2007-10-01 14:35 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\InstallShield 2007-10-01 14:33 --------- d-----w C:\Program Files\Ulead Systems 2007-10-01 14:33 --------- d-----w C:\Program Files\Common Files\Ulead Systems 2007-10-01 14:33 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Ulead Systems 2007-09-28 19:55 --------- d-----w C:\Documents and Settings\Administrator\Dane aplikacji\Media Player Classic 2007-09-26 16:10 --------- d-----w C:\Program Files\NAPI-PROJEKT 2007-09-23 20:00 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-9-23-2007_20-55-51_866303.dnp 2007-09-23 20:00 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-9-23-2007_20-55-51_7352828.dnp 2007-09-23 20:00 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-9-23-2007_20-55-51_7253734.dnp 2007-09-23 20:00 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-9-23-2007_20-55-51_598415.dnp 2007-09-23 20:00 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-9-23-2007_20-55-51_5963708.dnp 2007-09-23 20:00 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-9-23-2007_20-55-51_4775500.dnp 2007-09-23 20:00 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-9-23-2007_20-55-51_4738868.dnp 2007-09-23 20:00 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-9-23-2007_20-55-51_4369228.dnp 2007-09-23 20:00 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-9-23-2007_20-55-51_3944316.dnp 2007-09-23 20:00 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-9-23-2007_20-55-51_3754260.dnp 2007-09-23 20:00 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-9-23-2007_20-55-51_2733401.dnp 2007-09-23 20:00 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-9-23-2007_20-55-51_2705598.dnp 2007-09-23 20:00 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-9-23-2007_20-55-51_1511182.dnp 2007-09-23 19:59 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-9-23-2007_20-55-51_9666913.dnp 2007-09-23 19:59 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-9-23-2007_20-55-51_9586226.dnp 2007-09-23 19:59 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-9-23-2007_20-55-51_9540862.dnp 2007-09-23 19:59 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-9-23-2007_20-55-51_9153629.dnp 2007-09-23 19:59 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-9-23-2007_20-55-51_911417.dnp 2007-09-23 19:59 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-9-23-2007_20-55-51_7844100.dnp 2007-09-23 19:59 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-9-23-2007_20-55-51_7078581.dnp 2007-09-23 19:59 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-9-23-2007_20-55-51_6507018.dnp 2007-09-23 19:59 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-9-23-2007_20-55-51_5058442.dnp 2007-09-23 19:59 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-9-23-2007_20-55-51_5045296.dnp 2007-09-23 19:59 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-9-23-2007_20-55-51_4911177.dnp 2007-09-23 19:59 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-9-23-2007_20-55-51_2611017.dnp 2007-09-23 19:58 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-9-23-2007_20-55-51_8696388.dnp 2007-09-23 19:58 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-9-23-2007_20-55-51_8484836.dnp 2007-09-23 19:58 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-9-23-2007_20-55-51_8307056.dnp 2007-09-23 19:58 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-9-23-2007_20-55-51_7659620.dnp . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE~\Browser Helper Objects{A14F4792-EF65-4BA3-AA7C-36BBFA4262F2}] C:\Program Files\Windows Media Player\hokerC:\WINDOWS\system32\x24\jumper83122.exe.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “ctfmon.exe”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-04 00:44] “BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}”=“C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe” [] “Uniblue RegistryBooster 2”=“C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe” [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “WINDVDPatch”=“CTHELPER.EXE” [2002-02-07 20:01 C:\WINDOWS\system32\CTHELPER.EXE] “UpdReg”=“C:\WINDOWS\UpdReg.EXE” [2000-05-11 01:00] “Jet Detection”=“C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe” [2001-10-04 01:00] “CTStartup”=“C:\Program Files\Creative\Splash Screen\CTEaxSpl.exe” [2001-12-20 01:00] “Outpost Firewall”=“C:\Program Files\Agnitum\Outpost Firewall\outpost.exe” [2007-01-19 14:46] “OutpostFeedBack”=“C:\Program Files\Agnitum\Outpost Firewall\feedback.exe” [2007-01-23 13:54] “NBKeyScan”=“C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe” [] “UVS10 Preload”=“C:\Program Files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe” [2006-05-17 14:23] “Onet.pl AutoUpdate”=“C:\Program Files\Common Files\Onet.pl\NewAutoUpdate.exe” [] “SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe” [2007-09-25 01:11] “NWEReboot”="" [] “a4ed6b13”=“C:\WINDOWS\system32\cghgfwdh.dll” [] “nod32kui”=“C:\Program Files\Eset\nod32kui.exe” [2007-11-18 17:23] [HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE” [2004-08-04 00:44] [HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] “nltide_2”=“regsvr32 /s /n /i:U shell32” [] “nltide_3”=“advpack.dll” [2007-07-27 19:31 C:\WINDOWS\system32\advpack.dll] C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\ Reboot.exe [2001-03-15 12:07:50] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] “DisableStatusMessages”= 1 (0x1) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] “NoSMMyPictures”= 1 (0x1) “NoSMConfigurePrograms”= 1 (0x1) “NoSMHelp”= 1 (0x1) “NoRecentDocsMenu”= 1 (0x1) “NoRecentDocsHistory”= 1 (0x1) “NoResolveTrack”= 1 (0x1) “NoResolveSearch”= 1 (0x1) [HKEY_USERS.default\software\microsoft\windows\currentversion\policies\explorer] “NoSMMyPictures”= 1 (0x1) “NoSMConfigurePrograms”= 1 (0x1) “NoSMHelp”= 1 (0x1) “NoRecentDocsMenu”= 1 (0x1) “NoRecentDocsHistory”= 1 (0x1) “NoResolveTrack”= 1 (0x1) “NoResolveSearch”= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Samsung Internet Keyboard.lnk] path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Samsung Internet Keyboard.lnk backup=C:\WINDOWS\pss\Samsung Internet Keyboard.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Colibri] 2006-11-24 01:00 778240 --a------ C:\Program Files\Colibri\Colibri.exe R0 Si3112;Si3112;C:\WINDOWS\system32\drivers\Si3112.sys S1 SandBox;Outpost Firewall Sandbox Driver;??\C:\Program Files\Agnitum\Outpost Firewall\kernel\Sandbox.SYS S1 VFILT;Outpost Firewall Kernel Driver;??\C:\Program Files\Agnitum\Outpost Firewall\kernel\FILTNT.SYS S3 ADBLOCK.DLL;Outpost Firewall PlugIn (ADBLOCK.DLL);??\C:\Program Files\Agnitum\Outpost Firewall\kernel\ADBLOCK.DLL S3 ARP.DLL;Outpost Firewall PlugIn (ARP.DLL);??\C:\Program Files\Agnitum\Outpost Firewall\kernel\ARP.DLL S3 CONTENT.DLL;Outpost Firewall PlugIn (CONTENT.DLL);??\C:\Program Files\Agnitum\Outpost Firewall\kernel\CONTENT.DLL S3 DNSCACHE.DLL;Outpost Firewall PlugIn (DNSCACHE.DLL);??\C:\Program Files\Agnitum\Outpost Firewall\kernel\DNSCACHE.DLL S3 FTPFILT.DLL;Outpost Firewall PlugIn (FTPFILT.DLL);??\C:\Program Files\Agnitum\Outpost Firewall\kernel\FTPFILT.DLL S3 HTMLFILT.DLL;Outpost Firewall PlugIn (HTMLFILT.DLL);??\C:\Program Files\Agnitum\Outpost Firewall\kernel\HTMLFILT.DLL S3 HTTPFILT.DLL;Outpost Firewall PlugIn (HTTPFILT.DLL);??\C:\Program Files\Agnitum\Outpost Firewall\kernel\HTTPFILT.DLL S3 IMAPFILT.DLL;Outpost Firewall PlugIn (IMAPFILT.DLL);??\C:\Program Files\Agnitum\Outpost Firewall\kernel\IMAPFILT.DLL S3 MAILFILT.DLL;Outpost Firewall PlugIn (MAILFILT.DLL);??\C:\Program Files\Agnitum\Outpost Firewall\kernel\MAILFILT.DLL S3 NNTPFILT.DLL;Outpost Firewall PlugIn (NNTPFILT.DLL);??\C:\Program Files\Agnitum\Outpost Firewall\kernel\NNTPFILT.DLL S3 POP3FILT.DLL;Outpost Firewall PlugIn (POP3FILT.DLL);??\C:\Program Files\Agnitum\Outpost Firewall\kernel\POP3FILT.DLL S3 PROTECT.DLL;Outpost Firewall PlugIn (PROTECT.DLL);??\C:\Program Files\Agnitum\Outpost Firewall\kernel\PROTECT.DLL S3 SECRET.DLL;Outpost Firewall PlugIn (SECRET.DLL);??\C:\Program Files\Agnitum\Outpost Firewall\kernel\SECRET.DLL S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalService WebClient LmHosts upnphost SSDPSRV . ************************************************************************** catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-11-24 18:10:57 Windows 5.1.2600 Dodatek Service Pack 2 FAT NTAPI scanning hidden processes … scanning hidden autostart entries … HKLM\Software\Microsoft\Windows\CurrentVersion\Run CTStartup = C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run???h???s???w? ?w???w???w4???.??w4???4???TA?s4???&9??? ??? ???E?6~u?6~???Hf??????C@?\???\??????s????\??????s\????&9?A??s?&9??C@?x???
|?w???@ scanning hidden files … scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-11-24 18:11:37 . — E O F —
Gutek
(Gutek)
24 Listopad 2007 17:19
#6
Otwórz Notatnik i wklej w nim to:
Plik >>> Zapisz jako >>> Zmień rozszerzenie z TXT na Wszystkie pliki >>> Zapisz pod nazwą FIX.REG >>> kliknij dwa razy na utworzony plik FIX.REG i potwierdź dodanie do rejestru >>> restart.
as11
(As11)
24 Listopad 2007 19:37
#7
Zrobione , podaje nowy log
ComboFix 07-11-19.3 - Administrator 2007-11-24 20:26:41.10 - FAT32x86 MINIMAL Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.378 [GMT 1:00] Running from: C:\Documents and Settings\Administrator\Pulpit\ComboFix.exe . ((((((((((((((((((((((((( Files Created from 2007-10-24 to 2007-11-24 ))))))))))))))))))))))))))))))) . 2007-11-22 20:02 2007-11-18 17:25 512,096 --a------ C:\WINDOWS\system32\drivers\amon.sys 2007-11-18 17:25 298,104 --a------ C:\WINDOWS\system32\imon.dll 2007-11-18 17:25 15,424 --a------ C:\WINDOWS\system32\drivers\nod32drv.sys 2007-11-18 17:13 2007-11-17 20:35 2007-11-17 19:03 90,112 --a------ C:\WINDOWS\system32\RegDACL.exe 2007-11-17 19:03 8,925 --a------ C:\clean.bat 2007-11-17 19:03 4,096 --a------ C:\WINDOWS\system32\reboot.exe 2007-11-16 22:34 2007-11-16 21:57 120 --a------ C:\n.bat 2007-11-16 20:32 2007-11-16 20:17 2007-11-16 20:17 2007-11-16 20:08 2,912 --a------ C:\WINDOWS\system32\tmp.reg 2007-11-16 20:08 0 --a------ C:\WINDOWS\system32\tmp.txt 2007-11-16 19:46 2007-11-16 19:46 2007-11-16 19:46 2007-11-16 19:46 2007-11-16 13:34 89,088 --a------ C:\WINDOWS\system32\atl71.dll 2007-11-16 13:34 24,064 --a------ C:\WINDOWS\system32\msxml3a.dll 2007-11-16 10:01 0 --a------ C:\Documents and Settings\Administrator\z.dat 2007-11-16 10:01 0 --a------ C:\Documents and Settings\Administrator\x.dat 2007-11-14 19:01 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll 2007-11-09 19:59 2007-11-08 16:07 299,520 --a------ C:\WINDOWS\uninst.exe 2007-11-08 16:07 264,704 --a------ C:\WINDOWS\system32\MaggiUninstall60.exe 2007-11-01 16:37 2007-11-01 16:37 2007-10-31 23:30 2007-10-31 13:38 2007-10-30 13:27 624 --a------ C:\WINDOWS\eReg.dat 2007-10-30 13:21 2007-10-30 13:20 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-11-17 19:42 22 ----a-w C:\WINDOWS\Fonts\a.zip 2007-10-20 17:41 --------- d-----w C:\Program Files\Common Files\Adobe 2007-10-20 17:40 --------- d-----w C:\Program Files\ABBYY PDF Transformer 2.0 2007-10-20 17:38 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\ABBYY 2007-10-20 13:20 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-10-20-2007_14-16-39_7546020.dnp 2007-10-20 13:20 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-10-20-2007_14-16-39_7286962.dnp 2007-10-20 13:20 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-10-20-2007_14-16-39_4819004.dnp 2007-10-20 13:20 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-10-20-2007_14-16-39_3721674.dnp 2007-10-20 13:20 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-10-20-2007_14-16-39_3289392.dnp 2007-10-20 13:20 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-10-20-2007_14-16-39_2525799.dnp 2007-10-20 13:20 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-10-20-2007_14-16-39_2108222.dnp 2007-10-20 13:19 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-10-20-2007_14-16-39_9478871.dnp 2007-10-20 13:19 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-10-20-2007_14-16-39_8695757.dnp 2007-10-20 13:19 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-10-20-2007_14-16-39_8203486.dnp 2007-10-20 13:19 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-10-20-2007_14-16-39_8053018.dnp 2007-10-20 13:19 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-10-20-2007_14-16-39_7736297.dnp 2007-10-20 13:19 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-10-20-2007_14-16-39_72736.dnp 2007-10-20 13:19 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-10-20-2007_14-16-39_3956869.dnp 2007-10-20 13:19 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-10-20-2007_14-16-39_3771221.dnp 2007-10-20 13:19 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-10-20-2007_14-16-39_3516354.dnp 2007-10-20 13:19 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-10-20-2007_14-16-39_326498.dnp 2007-10-20 13:19 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-10-20-2007_14-16-39_3255696.dnp 2007-10-20 13:19 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-10-20-2007_14-16-39_307476.dnp 2007-10-20 13:19 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-10-20-2007_14-16-39_3056610.dnp 2007-10-20 13:19 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-10-20-2007_14-16-39_2032339.dnp 2007-10-20 13:19 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-10-20-2007_14-16-39_1914156.dnp 2007-10-20 13:19 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-10-20-2007_14-16-39_1782221.dnp 2007-10-20 13:19 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-10-20-2007_14-16-39_1709038.dnp 2007-10-20 13:19 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-10-20-2007_14-16-39_1543232.dnp 2007-10-20 13:18 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-10-20-2007_14-16-39_9207595.dnp 2007-10-20 13:18 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-10-20-2007_14-16-39_8675156.dnp 2007-10-20 13:18 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-10-20-2007_14-16-39_7673386.dnp 2007-10-20 13:18 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-10-20-2007_14-16-39_7438652.dnp 2007-10-20 13:18 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-10-20-2007_14-16-39_4965460.dnp 2007-10-20 13:18 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-10-20-2007_14-16-39_4604658.dnp 2007-10-20 13:18 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-10-20-2007_14-16-39_4405024.dnp 2007-10-20 13:18 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-10-20-2007_14-16-39_4402312.dnp 2007-10-20 13:18 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-10-20-2007_14-16-39_4286194.dnp 2007-10-20 13:18 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-10-20-2007_14-16-39_3830507.dnp 2007-10-20 13:18 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-10-20-2007_14-16-39_2712960.dnp 2007-10-20 13:18 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-10-20-2007_14-16-39_1328498.dnp 2007-10-20 13:18 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-10-20-2007_14-16-39_1023430.dnp 2007-10-20 13:17 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-10-20-2007_14-16-39_9721869.dnp 2007-10-20 13:17 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-10-20-2007_14-16-39_7922986.dnp 2007-10-20 13:17 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-10-20-2007_14-16-39_6753070.dnp 2007-10-20 13:17 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-10-20-2007_14-16-39_6081782.dnp 2007-10-20 13:17 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-10-20-2007_14-16-39_5865532.dnp 2007-10-20 13:17 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-10-20-2007_14-16-39_4925858.dnp 2007-10-20 13:17 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-10-20-2007_14-16-39_4341946.dnp 2007-10-20 13:17 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-10-20-2007_14-16-39_3953186.dnp 2007-10-20 13:17 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-10-20-2007_14-16-39_3189864.dnp 2007-10-20 13:17 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-10-20-2007_14-16-39_2254765.dnp 2007-10-20 13:17 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-10-20-2007_14-16-39_1994579.dnp 2007-10-20 13:17 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-10-20-2007_14-16-39_1338379.dnp 2007-10-14 20:37 --------- d-----w C:\Program Files\Collectorz.com 2007-10-13 19:07 --------- d-----w C:\Documents and Settings\Administrator\Dane aplikacji\AltrixSoft 2007-10-13 18:11 --------- d-----w C:\Program Files\Common Files\BinarySense 2007-10-13 18:11 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\TEMP 2007-10-13 18:11 --------- d-----w C:\Documents and Settings\Administrator\Dane aplikacji\BinarySense 2007-10-10 20:19 --------- d-----w C:\Program Files\Common Files\Onet.pl 2007-10-10 20:19 --------- d-----w C:\Documents and Settings\Administrator\Dane aplikacji\AutoUpdate 2007-10-01 14:40 --------- d-----w C:\Documents and Settings\Administrator\Dane aplikacji\Ulead Systems 2007-10-01 14:36 --------- d-----w C:\Program Files\SmartSound Software 2007-10-01 14:36 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\SmartSound Software Inc 2007-10-01 14:35 --------- d-----w C:\Program Files\Windows Media Components 2007-10-01 14:35 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\InstallShield 2007-10-01 14:33 --------- d-----w C:\Program Files\Ulead Systems 2007-10-01 14:33 --------- d-----w C:\Program Files\Common Files\Ulead Systems 2007-10-01 14:33 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Ulead Systems 2007-09-28 19:55 --------- d-----w C:\Documents and Settings\Administrator\Dane aplikacji\Media Player Classic 2007-09-26 16:10 --------- d-----w C:\Program Files\NAPI-PROJEKT 2007-09-23 20:00 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-9-23-2007_20-55-51_866303.dnp 2007-09-23 20:00 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-9-23-2007_20-55-51_7352828.dnp 2007-09-23 20:00 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-9-23-2007_20-55-51_7253734.dnp 2007-09-23 20:00 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-9-23-2007_20-55-51_598415.dnp 2007-09-23 20:00 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-9-23-2007_20-55-51_5963708.dnp 2007-09-23 20:00 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-9-23-2007_20-55-51_4775500.dnp 2007-09-23 20:00 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-9-23-2007_20-55-51_4738868.dnp 2007-09-23 20:00 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-9-23-2007_20-55-51_4369228.dnp 2007-09-23 20:00 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-9-23-2007_20-55-51_3944316.dnp 2007-09-23 20:00 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-9-23-2007_20-55-51_3754260.dnp 2007-09-23 20:00 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-9-23-2007_20-55-51_2733401.dnp 2007-09-23 20:00 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-9-23-2007_20-55-51_2705598.dnp 2007-09-23 20:00 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-9-23-2007_20-55-51_1511182.dnp 2007-09-23 19:59 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-9-23-2007_20-55-51_9666913.dnp 2007-09-23 19:59 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-9-23-2007_20-55-51_9586226.dnp 2007-09-23 19:59 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-9-23-2007_20-55-51_9540862.dnp 2007-09-23 19:59 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-9-23-2007_20-55-51_9153629.dnp 2007-09-23 19:59 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-9-23-2007_20-55-51_911417.dnp 2007-09-23 19:59 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-9-23-2007_20-55-51_7844100.dnp 2007-09-23 19:59 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-9-23-2007_20-55-51_7078581.dnp 2007-09-23 19:59 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-9-23-2007_20-55-51_6507018.dnp 2007-09-23 19:59 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-9-23-2007_20-55-51_5058442.dnp 2007-09-23 19:59 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-9-23-2007_20-55-51_5045296.dnp 2007-09-23 19:59 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-9-23-2007_20-55-51_4911177.dnp 2007-09-23 19:59 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-9-23-2007_20-55-51_2611017.dnp 2007-09-23 19:58 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-9-23-2007_20-55-51_8696388.dnp 2007-09-23 19:58 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-9-23-2007_20-55-51_8484836.dnp 2007-09-23 19:58 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-9-23-2007_20-55-51_8307056.dnp 2007-09-23 19:58 18 ----a-w C:\Program Files\XP Repair Pro 2007ERR_Item0-9-23-2007_20-55-51_7659620.dnp . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE~\Browser Helper Objects{A14F4792-EF65-4BA3-AA7C-36BBFA4262F2}] C:\Program Files\Windows Media Player\hokerC:\WINDOWS\system32\x24\jumper83122.exe.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “ctfmon.exe”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-04 00:44] “BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}”=“C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe” [] “Uniblue RegistryBooster 2”=“C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe” [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “WINDVDPatch”=“CTHELPER.EXE” [2002-02-07 20:01 C:\WINDOWS\system32\CTHELPER.EXE] “UpdReg”=“C:\WINDOWS\UpdReg.EXE” [2000-05-11 01:00] “Jet Detection”=“C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe” [2001-10-04 01:00] “CTStartup”=“C:\Program Files\Creative\Splash Screen\CTEaxSpl.exe” [2001-12-20 01:00] “Outpost Firewall”=“C:\Program Files\Agnitum\Outpost Firewall\outpost.exe” [2007-01-19 14:46] “OutpostFeedBack”=“C:\Program Files\Agnitum\Outpost Firewall\feedback.exe” [2007-01-23 13:54] “NBKeyScan”=“C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe” [] “UVS10 Preload”=“C:\Program Files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe” [2006-05-17 14:23] “Onet.pl AutoUpdate”=“C:\Program Files\Common Files\Onet.pl\NewAutoUpdate.exe” [] “SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe” [2007-09-25 01:11] “a4ed6b13”=“C:\WINDOWS\system32\cghgfwdh.dll” [] “nod32kui”=“C:\Program Files\Eset\nod32kui.exe” [2007-11-18 17:23] [HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE” [2004-08-04 00:44] [HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] “nltide_2”=“regsvr32 /s /n /i:U shell32” [] “nltide_3”=“advpack.dll” [2007-07-27 19:31 C:\WINDOWS\system32\advpack.dll] C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\ Reboot.exe [2001-03-15 12:07:50] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] “DisableStatusMessages”= 1 (0x1) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] “NoSMMyPictures”= 1 (0x1) “NoSMConfigurePrograms”= 1 (0x1) “NoSMHelp”= 1 (0x1) “NoRecentDocsMenu”= 1 (0x1) “NoRecentDocsHistory”= 1 (0x1) “NoResolveTrack”= 1 (0x1) “NoResolveSearch”= 1 (0x1) [HKEY_USERS.default\software\microsoft\windows\currentversion\policies\explorer] “NoSMMyPictures”= 1 (0x1) “NoSMConfigurePrograms”= 1 (0x1) “NoSMHelp”= 1 (0x1) “NoRecentDocsMenu”= 1 (0x1) “NoRecentDocsHistory”= 1 (0x1) “NoResolveTrack”= 1 (0x1) “NoResolveSearch”= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Samsung Internet Keyboard.lnk] path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Samsung Internet Keyboard.lnk backup=C:\WINDOWS\pss\Samsung Internet Keyboard.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Colibri] 2006-11-24 01:00 778240 --a------ C:\Program Files\Colibri\Colibri.exe R0 Si3112;Si3112;C:\WINDOWS\system32\drivers\Si3112.sys S1 SandBox;Outpost Firewall Sandbox Driver;??\C:\Program Files\Agnitum\Outpost Firewall\kernel\Sandbox.SYS S1 VFILT;Outpost Firewall Kernel Driver;??\C:\Program Files\Agnitum\Outpost Firewall\kernel\FILTNT.SYS S3 ADBLOCK.DLL;Outpost Firewall PlugIn (ADBLOCK.DLL);??\C:\Program Files\Agnitum\Outpost Firewall\kernel\ADBLOCK.DLL S3 ARP.DLL;Outpost Firewall PlugIn (ARP.DLL);??\C:\Program Files\Agnitum\Outpost Firewall\kernel\ARP.DLL S3 CONTENT.DLL;Outpost Firewall PlugIn (CONTENT.DLL);??\C:\Program Files\Agnitum\Outpost Firewall\kernel\CONTENT.DLL S3 DNSCACHE.DLL;Outpost Firewall PlugIn (DNSCACHE.DLL);??\C:\Program Files\Agnitum\Outpost Firewall\kernel\DNSCACHE.DLL S3 FTPFILT.DLL;Outpost Firewall PlugIn (FTPFILT.DLL);??\C:\Program Files\Agnitum\Outpost Firewall\kernel\FTPFILT.DLL S3 HTMLFILT.DLL;Outpost Firewall PlugIn (HTMLFILT.DLL);??\C:\Program Files\Agnitum\Outpost Firewall\kernel\HTMLFILT.DLL S3 HTTPFILT.DLL;Outpost Firewall PlugIn (HTTPFILT.DLL);??\C:\Program Files\Agnitum\Outpost Firewall\kernel\HTTPFILT.DLL S3 IMAPFILT.DLL;Outpost Firewall PlugIn (IMAPFILT.DLL);??\C:\Program Files\Agnitum\Outpost Firewall\kernel\IMAPFILT.DLL S3 MAILFILT.DLL;Outpost Firewall PlugIn (MAILFILT.DLL);??\C:\Program Files\Agnitum\Outpost Firewall\kernel\MAILFILT.DLL S3 NNTPFILT.DLL;Outpost Firewall PlugIn (NNTPFILT.DLL);??\C:\Program Files\Agnitum\Outpost Firewall\kernel\NNTPFILT.DLL S3 POP3FILT.DLL;Outpost Firewall PlugIn (POP3FILT.DLL);??\C:\Program Files\Agnitum\Outpost Firewall\kernel\POP3FILT.DLL S3 PROTECT.DLL;Outpost Firewall PlugIn (PROTECT.DLL);??\C:\Program Files\Agnitum\Outpost Firewall\kernel\PROTECT.DLL S3 SECRET.DLL;Outpost Firewall PlugIn (SECRET.DLL);??\C:\Program Files\Agnitum\Outpost Firewall\kernel\SECRET.DLL S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalService WebClient LmHosts upnphost SSDPSRV . ************************************************************************** catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-11-24 20:28:20 Windows 5.1.2600 Dodatek Service Pack 2 FAT NTAPI scanning hidden processes … scanning hidden autostart entries … HKLM\Software\Microsoft\Windows\CurrentVersion\Run CTStartup = C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run???h???s???w? ?w???w???w4???.??w4???4???TA?s4???&9??? ??? ???E?6~u?6~???_???C@???s???s???&9?A??s?&9??C@?x???`|?w???@ scanning hidden files … scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-11-24 20:28:56 . — E O F —
Złączono Posta : 24.11.2007 (Sob) 20:44
PS.Zapomniałem zapytać o komunikat który pojawia się od pewnego czasu tjs. od momentu infekcji.System po uruchomieniu wyświetla komunikat o braku biblioteki , najpierw - taxsobhm.dll - a po tych zabiegach - cghgfwdn.dll . Niestety nie znalazlem takowej w internecie.Czy to nie efekt dzialań wirusa?
Gutek
(Gutek)
24 Listopad 2007 23:21
#8
Wklej do Notatnika:
>>Plik>>Zapisz jako… >>> CFScript (najwygodniej będzie, jeśli zapiszesz w takiej lokalizacji, by ikonka CFScript.txt znalazła się obok ikonki ComboFix.exe )
Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe (czyli ikonkę CFScript.txt na ikonkę ComboFix.exe )
– podobnie jak na tym obrazku –>
(jeśli pojawi się pytanie " 1 or 2 " - to wpisz 1 i naciśnij ENTER) Ma się rozpocząć usuwanie. (i powstanie log)
Po restarcie usuń ręcznie folder C: * * Qoobox**.
Pobierz program SDFix
as11
(As11)
25 Listopad 2007 17:54
#9
Wszystko zrobione i nowy log z SDFixa
SDFix: Version 1.115 Run by Administrator on 2007-11-25 at 18:39 Microsoft Windows XP [Wersja 5.1.2600] Running From: C:\SDFix Safe Mode: Checking Services: Restoring Windows Registry Values Restoring Windows Default Hosts File Rebooting… Normal Mode: Checking Files: Trojan Files Found: C:\Documents and Settings\Administrator\x.dat - Deleted C:\Documents and Settings\Administrator\z.dat - Deleted C:\n.bat - Deleted Folder C:\WINDOWS\Fonts’ - Removed Removing Temp Files… ADS Check: C:\WINDOWS No streams found. C:\WINDOWS\system32 No streams found. C:\WINDOWS\system32\svchost.exe No streams found. C:\WINDOWS\system32\ntoskrnl.exe No streams found. Final Check: catchme 0.3.1262.1 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-11-25 18:46:08 Windows 5.1.2600 Dodatek Service Pack 2 FAT NTAPI scanning hidden processes … scanning hidden services … scanning hidden autostart entries … HKLM\Software\Microsoft\Windows\CurrentVersion\Run CTStartup = C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run???h???s???w? ?w???w???w4???.??w4???4???TA?s4???&9??? ??? ???E?6~u?6~???x?_???C@???s???s???&9?A??s?&9??C@?x???`|?w???@ scanning hidden files … scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 Remaining Services: ------------------ Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] Remaining Files: --------------- File Backups: - C:\SDFix\backups\backups.zip Files with Hidden Attributes: Fri 14 Sep 2007 0 A.SH. — “C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp” Sat 17 Nov 2007 954,368 A…H. — “C:\Documents and Settings\Administrator\Pulpit\ArcaMicroScan\abmaster.dll” Sat 17 Nov 2007 516,096 A…H. — “C:\Documents and Settings\Administrator\Pulpit\ArcaMicroScan\avarchob.dll” Sat 17 Nov 2007 733,184 A…H. — “C:\Documents and Settings\Administrator\Pulpit\ArcaMicroScan\avconvob.dll” Sat 17 Nov 2007 65,536 A…H. — “C:\Documents and Settings\Administrator\Pulpit\ArcaMicroScan\avobject.dll” Sat 17 Nov 2007 229,376 A…H. — “C:\Documents and Settings\Administrator\Pulpit\ArcaMicroScan\avquar.dll” Sat 17 Nov 2007 98,304 A…H. — “C:\Documents and Settings\Administrator\Pulpit\ArcaMicroScan\AVScan.dll” Sat 17 Nov 2007 159,744 A…H. — “C:\Documents and Settings\Administrator\Pulpit\ArcaMicroScan\avtransl.dll” Sat 17 Nov 2007 13,824 A…H. — “C:\Documents and Settings\Administrator\Pulpit\ArcaMicroScan\av_engine.dll” Sat 17 Nov 2007 18,432 A…H. — “C:\Documents and Settings\Administrator\Pulpit\ArcaMicroScan\basemanager.dll” Sat 17 Nov 2007 12,800 A…H. — “C:\Documents and Settings\Administrator\Pulpit\ArcaMicroScan\curemain.dll” Sat 17 Nov 2007 118,784 A…H. — “C:\Documents and Settings\Administrator\Pulpit\ArcaMicroScan\decrypt.dll” Sat 17 Nov 2007 20,480 A…H. — “C:\Documents and Settings\Administrator\Pulpit\ArcaMicroScan\diskcheck.dll” Sat 17 Nov 2007 9,728 A…H. — “C:\Documents and Settings\Administrator\Pulpit\ArcaMicroScan\eicartestplugin.dll” Sat 17 Nov 2007 32,256 A…H. — “C:\Documents and Settings\Administrator\Pulpit\ArcaMicroScan\exemainscan.dll” Sat 17 Nov 2007 10,240 A…H. — “C:\Documents and Settings\Administrator\Pulpit\ArcaMicroScan\falsecheck.dll” Sat 17 Nov 2007 11,776 A…H. — “C:\Documents and Settings\Administrator\Pulpit\ArcaMicroScan\fhelf32.dll” Sat 17 Nov 2007 15,872 A…H. — “C:\Documents and Settings\Administrator\Pulpit\ArcaMicroScan\fhpe32.dll” Sat 17 Nov 2007 15,872 A…H. — “C:\Documents and Settings\Administrator\Pulpit\ArcaMicroScan\fhpe32plus.dll” Sat 17 Nov 2007 147,456 A…H. — “C:\Documents and Settings\Administrator\Pulpit\ArcaMicroScan\filesbrowser.dll” Sat 17 Nov 2007 53,248 A…H. — “C:\Documents and Settings\Administrator\Pulpit\ArcaMicroScan\findmeta.dll” Sat 17 Nov 2007 26,624 A…H. — “C:\Documents and Settings\Administrator\Pulpit\ArcaMicroScan\metaproc.dll” Sat 17 Nov 2007 17,408 A…H. — “C:\Documents and Settings\Administrator\Pulpit\ArcaMicroScan\pedatamheuristic.dll” Sat 17 Nov 2007 22,016 A…H. — “C:\Documents and Settings\Administrator\Pulpit\ArcaMicroScan\pedynamicheuristic.dll” Sat 17 Nov 2007 28,672 A…H. — “C:\Documents and Settings\Administrator\Pulpit\ArcaMicroScan\pestaticheuristic.dll” Sat 17 Nov 2007 14,336 A…H. — “C:\Documents and Settings\Administrator\Pulpit\ArcaMicroScan\scandialer.dll” Sat 17 Nov 2007 81,920 A…H. — “C:\Documents and Settings\Administrator\Pulpit\ArcaMicroScan\scanolefile.dll” Sat 17 Nov 2007 15,872 A…H. — “C:\Documents and Settings\Administrator\Pulpit\ArcaMicroScan\scansimpletext.dll” Sat 17 Nov 2007 11,776 A…H. — “C:\Documents and Settings\Administrator\Pulpit\ArcaMicroScan\scanstrings.dll” Sat 17 Nov 2007 12,800 A…H. — “C:\Documents and Settings\Administrator\Pulpit\ArcaMicroScan\scan_com.dll” Sat 17 Nov 2007 11,264 A…H. — “C:\Documents and Settings\Administrator\Pulpit\ArcaMicroScan\scan_exploit.dll” Sat 17 Nov 2007 12,800 A…H. — “C:\Documents and Settings\Administrator\Pulpit\ArcaMicroScan\scan_hlp.dll” Sat 17 Nov 2007 22,528 A…H. — “C:\Documents and Settings\Administrator\Pulpit\ArcaMicroScan\scan_mlw.dll” Sat 17 Nov 2007 73,728 A…H. — “C:\Documents and Settings\Administrator\Pulpit\ArcaMicroScan\scan_newtrojan.dll” Sat 17 Nov 2007 9,728 A…H. — “C:\Documents and Settings\Administrator\Pulpit\ArcaMicroScan\auxplugin.dll” Sat 17 Nov 2007 26,624 A…H. — “C:\Documents and Settings\Administrator\Pulpit\ArcaMicroScan\scriptscanner.dll” Sat 17 Nov 2007 10,240 A…H. — “C:\Documents and Settings\Administrator\Pulpit\ArcaMicroScan\utils.dll” Sat 17 Nov 2007 403,456 A…H. — “C:\Documents and Settings\Administrator\Pulpit\ArcaMicroScan\ArcaMicroScan.exe” Sat 17 Nov 2007 177,720 A…H. — “C:\Documents and Settings\Administrator\Pulpit\ArcaMicroScan\ArcaCoolka.exe” Sat 17 Nov 2007 32,768 A…H. — “C:\Documents and Settings\Administrator\Pulpit\ArcaMicroScan\avstat.dll” Sat 17 Nov 2007 767,280 A…H. — “C:\Documents and Settings\Administrator\Pulpit\ArcaMicroScan\ArcaMicroScanUpdater.exe” Sat 20 Oct 2007 4,608 A…HR — “C:\Program Files\ABBYY PDF Transformer 2.0\PDF X-Change\pdfSaver\PDFTLicensing.dll” Finished!
as11
(As11)
27 Listopad 2007 16:37
#11
Nie wiem jak wyrazić swoją wdzięczność .Naprawdę bardzo dziękuje za okazaną pomoc i poświęcony czas .To wspaniale że są tacy jak ty ludzie i zupełnie bezinteresownie pomagają innym .Naprawdę bardzo ,bardzo dziękuje i życzę powodzenia w dalszej pracy .
Z wyrazami szacunku As11.