Czy ktoś mógłby mi pomóc korzystam z IE Windows XP podczas przeglądania internetu wyskakują mi co kilka minut strony internetowe z różnymi grami, Avast nie wykrył żadnych zagrożeń, podczas skanowania ComboFix pokazał log o następującej treści:
ComboFix 12-12-20.02 - DOROTA 2012-12-21 14:29:39.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.48.1045.18.894.355 [GMT 1:00]
Uruchomiony z: c:\documents and settings\DOROTA\Pulpit\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\drivers\etc\hosts.ics
.
.
((((((((((((((((((((((((( Pliki utworzone od 2012-11-21 do 2012-12-21 )))))))))))))))))))))))))))))))
.
.
2012-12-21 10:00 . 2012-12-21 10:00 -------- d-----w- c:\documents and settings\DOROTA\Dane aplikacji\Softonic
2012-12-20 15:08 . 2012-12-21 07:39 -------- d-----w- c:\documents and settings\DOROTA\Doctor Web
2012-12-17 19:56 . 2012-12-17 19:56 -------- d-----w- c:\documents and settings\LocalService\Ustawienia lokalne\Dane aplikacji\supt4pc_pl_1
2012-12-17 19:56 . 2012-12-17 19:56 -------- d-----w- c:\documents and settings\DOROTA\Ustawienia lokalne\Dane aplikacji\supt4pc_pl_1
2012-12-17 19:56 . 2012-12-17 19:56 -------- d-----w- c:\documents and settings\DOROTA\Ustawienia lokalne\Dane aplikacji\tuto4pc_pl_1
2012-12-17 19:56 . 2012-12-17 19:56 -------- d-----w- c:\program files\TUTO4PC
2012-12-17 19:56 . 2012-12-17 19:56 -------- d-----w- c:\program files\Softonic
2012-12-11 14:22 . 2009-03-18 15:35 26176 —ha-w- c:\windows\system32\hamachi.sys
2012-12-11 14:21 . 2012-12-11 14:21 -------- d-----w- c:\program files\LogMeIn Hamachi
2012-12-09 19:50 . 2012-12-21 13:36 -------- d-----w- c:\documents and settings\DOROTA\Ustawienia lokalne\Dane aplikacji\LogMeIn Hamachi
2012-12-09 19:49 . 2012-12-21 13:33 -------- d-----w- c:\documents and settings\LocalService\Ustawienia lokalne\Dane aplikacji\LogMeIn Hamachi
2012-12-06 08:44 . 2012-12-06 08:44 22 --sha-w- c:\windows\90C7D912BE2316.sys
2012-12-06 08:44 . 2012-12-06 08:44 22 --sha-w- c:\documents and settings\DOROTA\Dane aplikacji\Windows1569_SettingsRepository.bin
2012-12-06 08:44 . 2012-12-18 07:25 -------- d-----w- c:\program files\jv16 PowerTools 2012
2012-12-03 10:54 . 2012-12-03 10:54 -------- d-----w- c:\program files\Common Files\Skype
2012-11-27 20:19 . 2012-11-27 20:19 20608 ----a-w- c:\windows\system32\drivers\BRGSp50.sys
2012-11-27 20:19 . 2012-11-27 20:19 17664 ----a-w- c:\windows\system32\drivers\ZDPSp50.sys
2012-11-27 20:19 . 2008-09-23 10:13 735232 ----a-w- c:\windows\system32\drivers\ZD1211BU.SYS
2012-11-27 20:19 . 2012-11-27 20:19 -------- d-----w- c:\program files\WLAN_Software
2012-11-27 20:18 . 2012-11-27 20:18 -------- d-----w- c:\program files\AutoInstall
.
.
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-13 11:55 . 2007-11-02 18:56 1866624 ----a-w- c:\windows\system32\win32k.sys
2012-11-06 00:41 . 2007-11-02 18:58 290560 ----a-w- c:\windows\system32\atmfd.dll
2012-11-02 02:03 . 2007-11-02 19:00 375296 ----a-w- c:\windows\system32\dpnet.dll
2012-11-01 12:13 . 2007-11-02 19:02 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-11-01 12:13 . 2007-11-02 19:01 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-11-01 12:13 . 2007-11-02 18:56 916992 ----a-w- c:\windows\system32\wininet.dll
2012-11-01 00:35 . 2007-11-02 19:01 385024 ----a-w- c:\windows\system32\html.iec
2012-10-02 18:04 . 2007-11-02 19:06 58368 ----a-w- c:\windows\system32\synceng.dll
.
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
.
[HKEY_LOCAL_MACHINE~\Browser Helper Objects{E87806B5-E908-45FD-AF5E-957D83E58E68}]
2012-08-02 10:13 248936 ----a-w- c:\program files\Softonic\Softonic\1.6.7.4\bh\Softonic.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
“{5018CFD2-804D-4C99-9F81-25EAEA2769DE}”= “c:\program files\Softonic\Softonic\1.6.7.4\SoftonicTlbr.dll” [2012-08-02 274536]
.
[HKEY_CLASSES_ROOT\clsid{5018cfd2-804d-4c99-9f81-25eaea2769de}]
[HKEY_CLASSES_ROOT\Softonic.dskBnd.1]
[HKEY_CLASSES_ROOT\TypeLib{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}]
[HKEY_CLASSES_ROOT\Softonic.dskBnd]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“RemoteControl”=“c:\program files\CyberLink\PowerDVD\PDVDServ.exe” [2006-11-23 56928]
“LanguageShortcut”=“c:\program files\CyberLink\PowerDVD\Language\Language.exe” [2006-12-05 54832]
“Q-MediaBar”=“c:\program files\BenQ\Q-MediaBar\QBar.exe” [2007-01-26 159744]
“RTHDCPL”=“RTHDCPL.EXE” [2007-02-26 16125440]
“SkyTel”=“SkyTel.EXE” [2006-05-16 2879488]
“AGRSMMSG”=“AGRSMMSG.exe” [2004-10-08 88363]
“Apoint”=“c:\program files\Apoint2K\Apoint.exe” [2003-12-05 159744]
“ATICCC”=“c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe” [2006-09-25 90112]
“QuickTime Task”=“c:\windows\system32\qttask.exe” [2008-06-16 98304]
“StormCodec_Helper”=“c:\program files\Ringz Studio\Storm Codec\StormSet.exe” [2005-03-24 94770]
“GrooveMonitor”=“c:\program files\Microsoft Office\Office12\GrooveMonitor.exe” [2009-02-26 30040]
“Adobe Reader Speed Launcher”=“c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe” [2008-06-12 34672]
“SunJavaUpdateSched”=“c:\program files\Common Files\Java\Java Update\jusched.exe” [2012-07-03 252848]
“SSBkgdUpdate”=“c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe” [2006-10-25 210472]
“PaperPort PTD”=“c:\program files\ScanSoft\PaperPort\pptd40nt.exe” [2008-07-09 29984]
“IndexSearch”=“c:\program files\ScanSoft\PaperPort\IndexSearch.exe” [2008-07-09 46368]
“PPort11reminder”=“c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe” [2007-08-31 328992]
“BrMfcWnd”=“c:\program files\Brother\Brmfcmon\BrMfcWnd.exe” [2009-01-19 1150976]
“ControlCenter3”=“c:\program files\Brother\ControlCenter3\brctrcen.exe” [2009-01-09 114688]
“ZDWLan_Utility”=“c:\program files\WLAN_Software\ZD1211B\ZDWLan.EXE” [2008-08-21 487424]
“AutoEJCD_0ACE20FF”=“c:\program files\AutoInstall\ZD1211B_Auto_Install_CD_Only_Gen_0ACE20FF\AutoEJCD.EXE” [2012-11-27 40960]
“LogMeIn Hamachi Ui”=“c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe” [2012-12-10 2254768]
“Tutorials”=“c:\program files\TUTO4PC\tuto4pc_pl_1.exe” [2012-11-05 3854696]
.
[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“c:\windows\system32\CTFMON.EXE” [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@=“Driver”
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
“AntiVirusOverride”=dword:00000001
.
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
“DisableNotifications”= 1 (0x1)
.
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
“%windir%\system32\sessmgr.exe”=
“%windir%\Network Diagnostic\xpnetdiag.exe”=
“c:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE”=
“c:\Program Files\Microsoft Office\Office12\GROOVE.EXE”=
“c:\Program Files\Microsoft Office\Office12\ONENOTE.EXE”=
“c:\KPIR2010\SPRUR.EXE”=
“c:\Program Files\Skype\Phone\Skype.exe”=
.
R0 WPXT;WinPcap Packet Driver (WPXT);c:\windows\system32\drivers\wpxt.sys [2008-07-21 35328]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [2012-12-10 1435568]
S2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Dane aplikacji\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-10-02 3064000]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2012-11-09 160944]
S2 TF0806;HAMA X-Style Pad;c:\windows\system32\drivers\TF0806.sys [2009-09-20 6016]
S3 tj2knd5;Terayon Cable Modem (NDIS);c:\windows\system32\drivers\tj2knd5.sys [2008-05-23 17616]
S3 tj2kunic;Terayon Cable Modem (WDM);c:\windows\system32\drivers\tj2kunic.sys [2008-05-23 69680]
S3 ZD1211BU(Atheros);Atheros ZD1211B IEEE 802.11 Wireless LAN Driver (USB)(Atheros);c:\windows\system32\drivers\ZD1211BU.SYS [2012-11-27 735232]
.
Zawartość folderu ‘Zaplanowane zadania’
.
2012-12-21 c:\windows\Tasks\Sprawdź aktualizacje paska narzędzi Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 10:20]
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www.interia.pl/
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://start.funmoods.com/?f=1&a=ironpu … 1288719746
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to AMV Converter… - c:\program files\MP3 Player Utilities 4.13\AMVConverter\grab.html
IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: MediaManager tool grab multimedia file - c:\program files\MP3 Player Utilities 4.13\MediaManager\grab.html
TCP: DhcpNameServer = 62.179.1.63 62.179.1.62
DPF: {1E53EA77-34F2-474E-9046-B2B0C86F1821} - hxxp://www.eska.pl/streamplayers/OggX.ocx
DPF: {4F29DE54-5EB7-4D76-B610-A86B5CD2A234} - hxxp://archives.gametap.com/static/cab_ … Player.cab
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-12-21 14:36
Windows 5.1.2600 Dodatek Service Pack 3 NTFS
.
skanowanie ukrytych procesów …
.
skanowanie ukrytych wpisów autostartu …
.
skanowanie ukrytych plików …
.
skanowanie pomyślnie ukończone
ukryte pliki: 0
.
**************************************************************************
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
.
[HKEY_USERS\S-1-5-21-2237029002-4179051517-1260927497-1008\Software\SecuROM\License information*]
“datasecu”=hex:31,a9,27,18,39,a6,a1,3a,26,2d,66,f6,58,cf,e4,c2,84,c3,5a,6c,78,
c5,43,85,73,97,8e,d7,d1,a1,77,f2,9c,6c,2b,27,61,ac,bf,d6,e2,43,83,7d,cc,da,\
“rkeysecu”=hex:bb,43,05,60,5e,63,c4,02,1b,84,9c,0d,7d,14,0e,90
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------
.
-
-
-
-
-
-
- > ‘winlogon.exe’(460)
-
-
-
-
-
c:\windows\system32\Ati2evxx.dll
.
Czas ukończenia: 2012-12-21 14:37:53
ComboFix-quarantined-files.txt 2012-12-21 13:37
ComboFix2.txt 2012-12-21 11:36
.
Przed: 2 773 995 520 bajtów wolnych
Po: 3 115 073 536 bajtów wolnych
.
-
- End Of File - - 6CD486CA76F3C9144AF94BFF24998841