Zablokowany Edytor Rejestru i Menager Zadań Przez Administra

Dla specjalistów Bezpieczeństwo
#1

Mam taki problem i nie wiem co zrobić ;/

Tu macie loga z CF :

ComboFix 10-03-27.04 - Hom 2010-03-28 18:18:49.1.1 - x86

Microsoft Windows XP Professional 5.1.2600.2.1250.48.1045.18.1535.1195 [GMT 2:00]

Uruchomiony z: c:\documents and settings\Hom\Moje dokumenty\Pobieranie\ComboFix.exe


UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA 

.


((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))

.


c:\documents and settings\All Users\Dane aplikacji\2ACA5CC3-0F83-453D-A079-1076FE1A8B65

c:\documents and settings\All Users\Dane aplikacji\HotbarSA

c:\documents and settings\All Users\Dane aplikacji\HotbarSA\HotbarSA.dat

c:\documents and settings\All Users\Dane aplikacji\HotbarSA\HotbarSA_hpk.dat

c:\documents and settings\All Users\Dane aplikacji\HotbarSA\HotbarSA_kyf.dat

c:\documents and settings\All Users\Dane aplikacji\HotbarSA\HotbarSAAbout.mht

c:\documents and settings\All Users\Dane aplikacji\HotbarSA\HotbarSAau.dat

c:\documents and settings\All Users\Dane aplikacji\HotbarSA\HotbarSAEULA.mht

c:\documents and settings\All Users\Menu Start\Programy\Hotbar

c:\documents and settings\All Users\Menu Start\Programy\Hotbar\About Hotbar.lnk

c:\documents and settings\All Users\Menu Start\Programy\Hotbar\Hotbar Customer Support Center.lnk

c:\documents and settings\All Users\Menu Start\Programy\Hotbar\Hotbar Games!.lnk

c:\documents and settings\All Users\Menu Start\Programy\Hotbar\Hotbar Videos!.lnk

c:\documents and settings\All Users\Menu Start\Programy\Hotbar\Reset Cursor.lnk

c:\documents and settings\Hom\Dane aplikacji\Hotbar

c:\documents and settings\Hom\Dane aplikacji\Hotbar\v3.5\Hotbar\static\DownLoad\buttondir.txt

c:\documents and settings\Hom\Dane aplikacji\Hotbar\v3.5\Hotbar\static\DownLoad\buttondir.xip

c:\documents and settings\Hom\Dane aplikacji\Hotbar\v3.5\Hotbar\static\DownLoad\d_icons_buttons_1000.res

c:\documents and settings\Hom\Dane aplikacji\Hotbar\v3.5\Hotbar\static\DownLoad\d_icons_buttons_1000.xip

c:\documents and settings\Hom\Dane aplikacji\Hotbar\v3.5\Hotbar\static\DownLoad\d_icons_buttons_2000.res

c:\documents and settings\Hom\Dane aplikacji\Hotbar\v3.5\Hotbar\static\DownLoad\d_icons_buttons_2000.xip

c:\documents and settings\Hom\Dane aplikacji\Hotbar\v3.5\Hotbar\static\DownLoad\d_icons_buttons_3000.res

c:\documents and settings\Hom\Dane aplikacji\Hotbar\v3.5\Hotbar\static\DownLoad\d_icons_buttons_3000.xip

c:\documents and settings\Hom\Dane aplikacji\Hotbar\v3.5\Hotbar\static\DownLoad\d_icons_buttons_logos.res

c:\documents and settings\Hom\Dane aplikacji\Hotbar\v3.5\Hotbar\static\DownLoad\d_icons_buttons_logos.xip

c:\documents and settings\Hom\Dane aplikacji\Hotbar\v3.5\Hotbar\static\DownLoad\d_icons_buttons_other.res

c:\documents and settings\Hom\Dane aplikacji\Hotbar\v3.5\Hotbar\static\DownLoad\d_icons_buttons_other.xip

c:\documents and settings\Hom\Dane aplikacji\Hotbar\v3.5\Hotbar\static\DownLoad\d_icons_weather.res

c:\documents and settings\Hom\Dane aplikacji\Hotbar\v3.5\Hotbar\static\DownLoad\d_icons_weather.xip

c:\documents and settings\Hom\Dane aplikacji\Hotbar\v3.5\Hotbar\static\DownLoad\layout.cdf

c:\documents and settings\Hom\Dane aplikacji\Hotbar\v3.5\Hotbar\static\DownLoad\layout.xip

c:\documents and settings\Hom\Dane aplikacji\Hotbar\v3.5\Hotbar\static\DownLoad\linkpathlegal.txt

c:\documents and settings\Hom\Dane aplikacji\Hotbar\v3.5\Hotbar\static\DownLoad\linkpathlegal.xip

c:\documents and settings\Hom\Dane aplikacji\Hotbar\v3.5\Hotbar\static\DownLoad\samplegroups2.txt

c:\documents and settings\Hom\Dane aplikacji\Hotbar\v3.5\Hotbar\static\DownLoad\samplegroups2.xip

c:\documents and settings\Hom\Dane aplikacji\Hotbar\v3.5\Hotbar\static\DownLoad\tsd_bg.res

c:\documents and settings\Hom\Dane aplikacji\Hotbar\v3.5\Hotbar\static\DownLoad\tsd_bg.xip

c:\documents and settings\Hom\Dane aplikacji\Hotbar\Weather\history

c:\documents and settings\Hom\Dane aplikacji\Hotbar\Weather\Weather_XML\Default

c:\documents and settings\Hom\Dane aplikacji\Hotbar\Weather\Weather_XML\Genera1

c:\documents and settings\Hom\Dane aplikacji\Hotbar\Weather\Weather_XML\General

c:\documents and settings\Hom\Dane aplikacji\Hotbar\Weather\WeatherDPA\Links

c:\documents and settings\Hom\Dane aplikacji\Hotbar\Weather\WeatherDPA\Weather_XML\Display

c:\documents and settings\Hom\Dane aplikacji\Hotbar\Weather\WeatherDPA\Weather_XML\Loading

c:\documents and settings\Hom\Dane aplikacji\Hotbar\Weather\WeatherDPA\Weather_XML\screen2

c:\documents and settings\Hom\Dane aplikacji\Hotbar\Weather\WeatherDPA\WeatherPreferences

c:\documents and settings\Hom\Dane aplikacji\Hotbar\Weather\WeatherStartup.xml

c:\documents and settings\Hom\Dane aplikacji\WeatherDPA

c:\program files\Mozilla Firefox\plugins\npclntax_HotbarSA.dll

c:\program files\MyWebSearch

c:\program files\MyWebSearch\bar\Settings\s_pid.dat

c:\windows\Alcmtr.exe

c:\windows\system32\ieuinit.inf


.

((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi )))))))))))))))))))))))))))))))))))))))))))))))))

.


-------\Legacy_ABP470N5

-------\Service_abp470n5



((((((((((((((((((((((((( Pliki utworzone od 2010-02-28 do 2010-03-28 )))))))))))))))))))))))))))))))

.


2010-03-28 15:42 . 2010-03-28 15:42	--------	d--h--w-	c:\windows\system32\GroupPolicy

2010-03-28 15:11 . 2010-03-28 15:11	--------	d-----w-	c:\program files\counter-strike

2010-03-28 14:11 . 2010-03-28 14:35	--------	d-----w-	c:\program files\Valve

2010-03-27 11:49 . 2010-03-27 11:49	--------	d-----w-	c:\documents and settings\Hom\Dane aplikacji\Media Player Classic

2010-03-27 11:49 . 2010-03-28 10:56	--------	d-----w-	c:\program files\Real Alternative

2010-03-27 11:48 . 2008-12-07 19:08	795648	----a-w-	c:\windows\system32\xvidcore.dll

2010-03-27 11:48 . 2007-07-05 03:33	892928	----a-w-	c:\windows\system32\iconv.dll

2010-03-27 11:48 . 2010-03-27 11:48	--------	d-----w-	c:\program files\NAPI-PROJEKT

2010-03-27 11:48 . 2010-03-27 11:48	--------	d-----w-	c:\program files\ALLPlayer

2010-03-26 19:06 . 2010-03-27 08:34	--------	d-----w-	c:\program files\BarDiscover

2010-03-26 19:06 . 2010-03-26 19:08	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\BarDiscover

2010-03-26 16:39 . 2010-03-26 16:40	--------	d-----w-	c:\program files\TP

2010-03-26 16:39 . 1999-03-23 08:12	299520	----a-w-	c:\windows\uninst.exe

2010-03-26 16:39 . 2010-03-26 16:39	--------	d-----w-	c:\documents and settings\Hom\WINDOWS

2010-03-26 15:17 . 2010-03-26 15:17	--------	d-----w-	c:\documents and settings\Hom\Ustawienia lokalne\Dane aplikacji\Stardock

2010-03-26 14:54 . 2010-03-26 14:54	--------	d-----w-	c:\program files\CursorXP

2010-03-26 14:46 . 2010-03-26 14:46	--------	d-----w-	c:\program files\Mintra Systems

2010-03-24 15:06 . 2010-03-24 15:06	--------	d-----w-	c:\program files\Common Files\Spolszczenie do Lineage II

2010-03-24 14:56 . 2009-04-06 08:08	4682	----a-w-	c:\windows\system32\npptNT2.sys

2010-03-21 16:02 . 2010-03-21 16:02	--------	d-----w-	c:\windows\Logs

2010-03-15 12:31 . 2010-03-15 12:31	--------	d-----w-	c:\documents and settings\Hom\Dane aplikacji\TeamViewer

2010-03-15 12:31 . 2010-03-15 12:31	--------	d-----w-	c:\program files\TeamViewer

2010-03-10 16:28 . 2010-03-10 16:32	--------	d-----w-	c:\documents and settings\Hom\Ustawienia lokalne\Dane aplikacji\LogMeIn Hamachi

2010-03-10 16:28 . 2010-03-28 16:24	--------	d-----w-	c:\documents and settings\LocalService\Ustawienia lokalne\Dane aplikacji\LogMeIn Hamachi

2010-03-10 16:28 . 2010-03-10 16:28	--------	d-----w-	c:\program files\LogMeIn Hamachi

2010-03-08 06:57 . 2010-03-08 06:57	--------	d-----w-	c:\documents and settings\Hom\Dane aplikacji\Juce VST Host

2010-02-28 20:49 . 2010-02-28 21:02	--------	d-----w-	c:\program files\18 Wheels of Steel Across America

2010-02-28 14:08 . 2010-02-28 14:08	--------	d-----w-	c:\program files\[UnFair-Games] M2 Multi Hack v7.0.exe

2010-02-27 10:44 . 2010-02-27 10:44	--------	d-----w-	c:\documents and settings\Hom\Dane aplikacji\Nvu

2010-02-27 10:44 . 2010-02-27 10:44	--------	d-----w-	c:\program files\Nvu


.

(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-03-28 16:24 . 2009-12-29 12:37	--------	d-----w-	c:\program files\Common Files\Akamai

2010-03-28 16:00 . 2010-01-23 10:09	--------	d-----w-	c:\program files\Spyware Terminator

2010-03-28 15:51 . 2009-11-20 13:56	--------	d-----w-	c:\documents and settings\Hom\Dane aplikacji\foobar2000

2010-03-28 15:35 . 2010-01-23 10:09	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\Spyware Terminator

2010-03-27 11:42 . 2009-12-13 14:18	--------	d-----w-	c:\program files\McFunSoft Video Solution

2010-03-26 17:54 . 2009-12-28 15:40	--------	d-----w-	c:\documents and settings\Hom\Dane aplikacji\uTorrent

2010-03-24 14:39 . 2009-11-20 13:13	--------	d--h--w-	c:\program files\InstallShield Installation Information

2010-03-23 15:46 . 2010-03-26 19:08	61712	----a-w-	c:\documents and settings\All Users\Dane aplikacji\BarDiscover\bardiscover117.exe

2010-03-18 17:21 . 2009-12-02 14:19	--------	d---a-w-	c:\documents and settings\All Users\Dane aplikacji\TEMP

2010-03-08 14:46 . 2009-11-20 12:30	42632	----a-w-	c:\documents and settings\Hom\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT

2010-03-08 06:59 . 2009-12-28 15:07	--------	d-----w-	c:\program files\Gravity

2010-03-06 07:10 . 2010-01-21 09:34	--------	d-----w-	c:\program files\BearShare

2010-03-03 15:11 . 2010-02-01 17:26	--------	d-----w-	c:\documents and settings\Hom\Dane aplikacji\dvdcss

2010-02-19 07:35 . 2010-02-19 07:21	--------	d-----w-	c:\program files\MTA San Andreas

2010-02-15 18:00 . 2010-03-27 11:49	94208	----a-w-	c:\documents and settings\Hom\Dane aplikacji\Gadu-Gadu 10\_userdata\nprpjplug.dll

2010-02-15 18:00 . 2010-03-27 11:49	140864	----a-w-	c:\documents and settings\Hom\Dane aplikacji\Gadu-Gadu 10\_userdata\nppl3260.dll

2010-02-10 17:39 . 2010-02-10 17:39	--------	d-----w-	c:\program files\The Logo Creator v5

2010-02-04 18:31 . 2010-02-04 18:31	--------	d-----w-	c:\documents and settings\Hom\Dane aplikacji\Nokia Multimedia Player

2010-01-31 15:36 . 2010-01-31 15:36	221184	----a-w-	c:\windows\system32\UAService7.exe

2010-01-31 15:36 . 2010-01-31 15:36	--------	d--h--r-	c:\documents and settings\All Users\Dane aplikacji\SecuROM

2010-01-31 15:27 . 2010-01-31 15:27	--------	d-----w-	c:\program files\Atari

2010-01-31 14:23 . 2010-01-31 14:23	4096	----a-w-	c:\windows\d3dx.dat

2010-01-31 14:13 . 2010-01-31 14:13	--------	d-----w-	c:\program files\Piranha Bytes

2010-01-23 12:38 . 2010-01-23 12:38	271360	----a-w-	c:\windows\system32\drivers\atksgt.sys

2010-01-23 12:38 . 2010-01-23 12:38	18048	----a-w-	c:\windows\system32\drivers\lirsgt.sys

2010-01-23 10:13 . 2010-01-23 10:13	135936	----a-w-	c:\windows\system32\drivers\sp_rsdrv2.sys

2010-01-23 10:09 . 2010-01-23 10:09	5632	----a-w-	c:\documents and settings\All Users\Dane aplikacji\Spyware Terminator\sp_rsdel.exe

2010-01-23 10:09 . 2010-01-23 10:09	5632	----a-w-	c:\documents and settings\All Users\Dane aplikacji\Spyware Terminator\fileobjinfo.sys

2010-01-14 20:13 . 2010-01-14 20:13	411368	----a-w-	c:\windows\system32\deploytk.dll

2010-01-14 20:13 . 2010-01-14 20:13	152576	----a-w-	c:\documents and settings\Hom\Dane aplikacji\Sun\Java\jre1.6.0_17\lzma.dll

2010-01-14 20:09 . 2010-01-14 20:09	79488	----a-w-	c:\documents and settings\Hom\Dane aplikacji\Sun\Java\jre1.6.0_17\gtapi.dll

2010-01-11 18:10 . 2009-12-13 14:18	47360	----a-w-	c:\windows\system32\drivers\pcouffin.sys

2010-01-11 18:10 . 2009-12-13 14:18	47360	----a-w-	c:\documents and settings\Hom\Dane aplikacji\pcouffin.sys

2010-01-11 18:10 . 2009-12-13 14:18	47360	----a-w-	c:\documents and settings\Hom\Dane aplikacji\pcouffin.sys

2010-01-11 18:10 . 2009-12-13 14:18	151552	----a-w-	c:\documents and settings\Hom\Dane aplikacji\ezpinst.exe

2010-01-11 18:10 . 2009-12-13 14:18	151552	----a-w-	c:\documents and settings\Hom\Dane aplikacji\ezpinst.exe

2010-01-10 15:56 . 2009-12-04 08:57	50	----a-w-	c:\windows\system32\bridf08b.dat

2010-01-01 14:09 . 2001-10-26 17:15	77684	----a-w-	c:\windows\system32\perfc015.dat

2010-01-01 14:09 . 2001-10-26 17:15	457738	----a-w-	c:\windows\system32\perfh015.dat

.


((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  

REGEDIT4


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Gadu-Gadu"="c:\program files\Gadu-Gadu\gg.exe" [2008-03-20 2127296]

"Gadu-Gadu 10"="d:\program files\Gadu-Gadu 10\gg.exe" [2010-01-20 12137064]

"Odkurzacz-MCD"="c:\program files\Odkurzacz\odk_mcd.exe" [2007-03-02 255488]

"ALLUpdate"="c:\program files\ALLPlayer\ALLUpdate.exe" [2009-06-04 869888]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-06-01 7618560]

"nwiz"="nwiz.exe" [2006-06-01 1589248]

"NvMediaCenter"="NvMCTray.dll" [2006-06-01 86016]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 104304]

"RTHDCPL"="RTHDCPL.EXE" [2006-05-27 16208384]

"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 284200]

"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-10-11 29984]

"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-10-11 124192]

"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 406816]

"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2008-02-19 1089536]

"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-12-21 163840]

"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-01-14 149280]

"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2010-01-23 2900992]


[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]


c:\documents and settings\Hom\Menu Start\Programy\Autostart\

spoolsvcs.exe [2010-2-28 566045]


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLUA"= 0 (0x0)


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]

"DisableTaskMgr"= 1 (0x1)

"DisableRegistryTools"= 1 (0x1)


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"


[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001


[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]

"AntiVirusOverride"=dword:00000001

"AntiVirusDisableNotify"=dword:00000001

"FirewallDisableNotify"=dword:00000001

"FirewallOverride"=dword:00000001

"UpdatesDisableNotify"=dword:00000001

"UacDisableNotify"=dword:00000001


[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)


[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"e:\\M2\\metin2.bin"=

"e:\\M2\\metin2client.bin"=

"e:\\Program Files\\Atari\\Test Drive Unlimited\\TestDriveUnlimited.exe"=

"d:\\Nowy folder\\metin2.bin"=

"d:\\Nowy folder\\metin2client.bin"=

"c:\\Program Files\\Gadu-Gadu\\gg.exe"=

"d:\\Program Files\\Gadu-Gadu 10\\gg.exe"=

"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=

"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=

"c:\\Program Files\\Opera\\opera.exe"=

"c:\\Program Files\\uTorrent\\uTorrent.exe"=

"e:\\m22\\XLasT.exe"=

"e:\\xworld\\X-World.exe"=

"e:\\avalon\\Metin2Mod.bin"=

"d:\\Nowy folder\\Metin2Mod.bin"=

"d:\\Nowy folder\\metin2modpl.bin"=

"e:\\m22\\Metin2Mod.bin"=

"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=

"e:\\metek\\matieedit\\Luncher xLasT.exe"=

"c:\\windows\\system32\\nwiz.exe"=

"c:\\Program Files\\ScanSoft\\PaperPort\\pptd40nt.exe"=

"c:\\Program Files\\Spyware Terminator\\SpywareTerminator.exe"=

"c:\\Program Files\\Adobe\\Reader 9.0\\Reader\\Reader_sl.exe"=

"c:\\DOCUME~1\\Hom\\USTAWI~1\\Temp\\pvpv.exe"=

"c:\\DOCUME~1\\Hom\\USTAWI~1\\Temp\\winavssj.exe"=


[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"1036:TCP"= 1036:TCP:Akamai NetSession Interface

"5000:UDP"= 5000:UDP:Akamai NetSession Interface


R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2009-11-28 717296]

R1 nltdi;nltdi;c:\windows\system32\drivers\nltdi.sys [2007-04-23 81688]

R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2010-01-23 135936]

R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [2004-08-04 14336]

R2 BarDiscover Service;BarDiscover Service;c:\documents and settings\All Users\Dane aplikacji\BarDiscover\bardiscover117.exe [2010-03-26 61712]

R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [2009-10-29 1074568]

S3 FileObjInfo;STFileDriver;c:\documents and settings\All Users\Dane aplikacji\Spyware Terminator\fileobjinfo.sys [2010-01-23 5632]

S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2009-12-13 136704]

S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2009-12-13 8320]

S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]


--- Inne Usługi/Sterowniki w Pamięci ---


*NewlyCreated* - ABP470N5


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

Akamai	REG_MULTI_SZ Akamai

.

.

------- Skan uzupełniający -------

.

uStart Page = hxxp://www.entretieneteds.vze.com

mStart Page = hxxp://www.yahoo.com

uInternet Connection Wizard,ShellNext = iexplore

IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

FF - ProfilePath - c:\documents and settings\Hom\Dane aplikacji\Mozilla\Firefox\Profiles\lvsh30pf.default\

FF - prefs.js: browser.startup.homepage - google.pl

FF - plugin: c:\documents and settings\Hom\Dane aplikacji\Gadu-Gadu 10\_userdata\npgg.2.dll

FF - plugin: c:\documents and settings\Hom\Dane aplikacji\Gadu-Gadu 10\_userdata\nppl3260.dll

FF - plugin: c:\documents and settings\Hom\Dane aplikacji\Gadu-Gadu 10\_userdata\npqtplugin.dll

FF - plugin: c:\documents and settings\Hom\Dane aplikacji\Gadu-Gadu 10\_userdata\npqtplugin2.dll

FF - plugin: c:\documents and settings\Hom\Dane aplikacji\Gadu-Gadu 10\_userdata\npqtplugin3.dll

FF - plugin: c:\documents and settings\Hom\Dane aplikacji\Gadu-Gadu 10\_userdata\npqtplugin4.dll

FF - plugin: c:\documents and settings\Hom\Dane aplikacji\Gadu-Gadu 10\_userdata\npqtplugin5.dll

FF - plugin: c:\documents and settings\Hom\Dane aplikacji\Gadu-Gadu 10\_userdata\nprpjplug.dll

FF - plugin: c:\program files\Opera\program\plugins\nppl3260.dll

FF - plugin: c:\program files\Opera\program\plugins\nprpjplug.dll

.

- - - - USUNIĘTO PUSTE WPISY - - - -


AddRemove-Gothic : Negreth (prolog) - c:\program files\Gothic II\Uninstal.exe




**************************************************************************


catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-03-28 18:24

Windows 5.1.2600 Dodatek Service Pack 2 NTFS


skanowanie ukrytych procesów ...  


skanowanie ukrytych wpisów autostartu ... 


skanowanie ukrytych plików ...  


skanowanie pomyślnie ukończone

ukryte pliki: 0


**************************************************************************


Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net


device: opened successfully

user: MBR read successfully

called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x898DB1F8]<< 

kernel: MBR read successfully

detected MBR rootkit hooks:

\Driver\Disk -> CLASSPNP.SYS @ 0xba90cfc3

\Driver\ACPI -> ACPI.sys @ 0xba666cb8

\Driver\atapi -> 0x8986b1f8

IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x80577d44

 ParseProcedure -> ntkrnlpa.exe @ 0x80576964

\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x80577d44

 ParseProcedure -> ntkrnlpa.exe @ 0x80576964

NDIS: NVIDIA nForce Networking Controller -> SendCompleteHandler -> NDIS.sys @ 0xba4ecba0

 PacketIndicateHandler -> NDIS.sys @ 0xba4f9b21

 SendHandler -> NDIS.sys @ 0xba4d787b

Warning: possible MBR rootkit infection !

user & kernel MBR OK 


**************************************************************************


[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]

"ImagePath"="c:\windows\system32\GameMon.des -service"

.

--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------


[HKEY_USERS\S-1-5-21-2000478354-329068152-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

"??"=hex:03,f5,8f,bd,d0,33,2a,ca,72,4c,3b,db,3a,9d,9c,40,d4,f1,d9,98,e6,41,97,

   1a,d0,41,1e,29,30,87,7b,1f,e6,1a,0a,33,31,40,99,54,5a,fd,d7,44,ab,50,83,1f,\

"??"=hex:69,3e,43,58,9f,64,ba,75,fe,6b,77,07,2a,78,dd,74


[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]

@Denied: (Full) (Everyone)

"scansk"=hex(0):66,8f,53,b8,eb,04,2b,26,2d,14,ad,ba,10,ce,32,c5,f6,ef,db,a8,c0,

   53,ab,5d,b9,12,78,22,f4,1b,7c,63,23,0b,3a,42,e6,6f,7a,a5,00,00,00,00,00,00,\


[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7ab8eff4-b6f4-4260-9d44-cdfc1946e6ca}]

@Denied: (Full) (Everyone)

"Model"=dword:00000168

"Therad"=dword:0000001e

"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,

   38,95,44,85,b1,12,f9,90,dd,23,a1,49,8c,bf,1a,9d,fe,41,71,cb,3f,46,a4,7c,ab,\


[HKEY_LOCAL_MACHINE\software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

"??"=hex:73,02,83,28,a5,e9,6c,4e,bb,77,b8,b8,60,ba,22,8f,4f,c3,c5,71,9b,26,4f,

   5f,9d,4b,1e,f7,3a,60,2c,00,42,8d,da,3a,ee,4c,43,9d,07,f6,35,31,2e,aa,e0,22,\

"??"=hex:09,73,f3,ad,82,e7,3b,29,4f,02,aa,d9,82,d7,18,09

.

--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------


- - - - - - - > 'explorer.exe'(3376)

c:\windows\system32\nview.dll

c:\windows\system32\NVWRSPL.DLL

c:\program files\BarDiscover\bardiscover.dll

c:\windows\system32\nvwddi.dll

.

------------------------ Pozostałe uruchomione procesy ------------------------

.

c:\windows\system32\RunDLL32.exe

c:\windows\RTHDCPL.EXE

c:\progra~1\Nokia\NOKIAP~1\LAUNCH~1.EXE

c:\windows\system32\rundll32.exe

c:\documents and settings\Hom\Menu Start\Programy\Autostart\spoolsvcs.exe

c:\program files\Brother\ControlCenter3\brccMCtl.exe

c:\program files\Brother\Brmfcmon\BrMfcmon.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\NetLimiter 2 Monitor\nlsvc.exe

c:\windows\system32\nvsvc32.exe

c:\program files\Spyware Terminator\sp_rsser.exe

c:\windows\system32\wdfmgr.exe

c:\windows\system32\UAService7.exe

c:\program files\NetLimiter 2 Monitor\NLClient.exe

c:\program files\Common Files\PCSuite\Services\ServiceLayer.exe

c:\windows\system32\wbem\wmiapsrv.exe

c:\program files\BarDiscover\bardiscover.exe

c:\docume~1\Hom\USTAWI~1\Temp\pvpv.exe

c:\docume~1\Hom\USTAWI~1\Temp\winavssj.exe

.

**************************************************************************

.

Czas ukończenia: 2010-03-28 18:29:14 - komputer został uruchomiony ponownie

ComboFix-quarantined-files.txt 2010-03-28 16:29


Przed: 3 850 829 824 bajtów wolnych

Po: 3 759 362 048 bajtów wolnych


- - End Of File - - 00F1E48D1305CA1C642B24CEF953A661

[/code]

Da sie to jakoś naprawić ? ;/

#2

Wirus SALITY/SECTOR, zarażający wszystkie pliki .exe.

Opis usuwania:

usuwanie-znanych-wirusow-sality-jeefo-parite-virut-itp-t370365.html

Dr.WebCureIt -

Linki zapasowe (już ze zmienioną nazwą), jeśli oficjalna strona będzie zablokowana przez wirusa >

>http://www.load.to/NgQs8AtlkG/launch.com

>http://www.zshare.net/download/7343719520109dad/

>http://www.sendspace.pl/file/423882c759f3af5052baabe

>http://www.turboupload.com/5vxbyx3nwqky/launch.com.html

Rózne skanowania powtarzaj dotąd, aż nie będzie wykrywany żaden plik zarażony, bo jeśli zostanie choćby tylko jeden, to infekcja się odnowi!

Potem dasz log z Combo, bo oprócz SALITY/SECTOR jest także inna infekcja.

Log wklej na http://wklejto.pl/, a w poście daj tylko link.(czyli skopiuj adres z paska adresów)

jessi

#3

Neakles , proponuje na przyszłość wklejać logi zgodnie z zasadami.