Zamulenie komputera

Dla specjalistów Bezpieczeństwo
#1

Mam strasznie zamulony komputer. zrobiłem loga z combofixa i nie wiem czy wszystko jest ok. Czyszczenie komputera nic nie pomaga.daje loga i dzięki z pomoc.

ComboFix 08-10-17.01 - Blemer 2008-10-18 14:18:30.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1250.1.1045.18.238 [GMT 2:00]

Uruchomiony z: C:\Documents and Settings\Blemer\Pulpit\ComboFix.exe

* Utworzono nowy punkt przywracania

UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA!!

.

/wow section nieukończony

((((((((((((((((((((((((( Pliki utworzone od 2008-09-18 do 2008-10-18 )))))))))))))))))))))))))))))))

.

2008-10-18 14:10 . 2008-10-18 14:12

2008-10-15 22:09 . 2008-10-15 22:10 1,393 --a------ C:\WINDOWS\imsins.BAK

2008-10-15 22:05 . 2008-08-14 15:26 2,190,464 -----c— C:\WINDOWS\system32\dllcache\ntoskrnl.exe

2008-10-15 22:05 . 2008-08-14 15:26 2,146,816 -----c— C:\WINDOWS\system32\dllcache\ntkrnlmp.exe

2008-10-15 22:05 . 2008-08-14 15:26 2,067,328 -----c— C:\WINDOWS\system32\dllcache\ntkrnlpa.exe

2008-10-15 22:05 . 2008-08-14 15:26 2,025,472 -----c— C:\WINDOWS\system32\dllcache\ntkrpamp.exe

2008-10-15 22:05 . 2008-09-15 17:27 1,846,656 -----c— C:\WINDOWS\system32\dllcache\win32k.sys

2008-10-15 22:05 . 2008-09-08 12:41 333,824 -----c— C:\WINDOWS\system32\dllcache\srv.sys

2008-10-04 14:57 . 2008-10-04 14:59

2008-10-04 14:57 . 2008-10-04 14:57

2008-09-30 11:44 . 2008-09-30 11:46

2008-09-30 10:37 . 2008-04-11 21:06 691,712 -----c— C:\WINDOWS\system32\dllcache\inetcomm.dll

2008-09-30 10:37 . 2008-06-14 19:36 273,024 -----c— C:\WINDOWS\system32\dllcache\bthport.sys

2008-09-30 10:18 . 2008-04-14 19:20 221,184 --a------ C:\WINDOWS\system32\wmpns.dll

2008-09-30 10:10 . 2008-09-30 10:10

2008-09-30 10:10 . 2008-09-30 10:10

2008-09-30 10:10 . 2008-09-30 10:10

2008-09-30 10:07 . 2008-09-30 10:07

2008-09-30 09:46 . 2004-08-04 00:35 327,040 --------- C:\WINDOWS\system32\drivers\ati2mtaa.sys

.

(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-10-18 06:28 --------- d—a-w C:\Documents and Settings\All Users\Dane aplikacji\TEMP

2008-10-18 06:04 --------- d-----w C:\Documents and Settings\Blemer\Dane aplikacji\AVG7

2008-10-16 06:08 --------- d-----w C:\Program Files\eMule

2008-10-14 10:26 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Spybot - Search Destroy

2008-10-14 07:15 --------- d-----w C:\Program Files\Spybot - Search Destroy

2008-10-02 20:27 --------- d-----w C:\Program Files\Malwarebytes’ Anti-Malware

2008-09-15 15:27 1,846,656 ----a-w C:\WINDOWS\system32\win32k.sys

2008-09-15 07:40 --------- d-----w C:\Program Files\Common Files\Symantec Shared

2008-09-15 07:36 --------- d-----w C:\Program Files\Norton Security Scan

2008-09-14 13:33 --------- d-----w C:\Program Files\NAPI-PROJEKT

2008-09-14 10:17 --------- d-----w C:\Program Files\Spyware Doctor

2008-09-09 22:04 38,528 ----a-w C:\WINDOWS\system32\drivers\mbamswissarmy.sys

2008-09-09 22:03 17,200 ----a-w C:\WINDOWS\system32\drivers\mbam.sys

2008-09-08 10:41 333,824 ----a-w C:\WINDOWS\system32\drivers\srv.sys

2008-08-29 13:11 --------- d-----w C:\Program Files\Anti Trojan Elite

2008-08-26 21:39 --------- d-----w C:\Documents and Settings\Blemer\Dane aplikacji\Malwarebytes

2008-08-26 21:39 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Malwarebytes

2008-08-26 21:20 449,846 ----a-w C:\HaxFix.exe

2008-08-26 08:27 826,368 ----a-w C:\WINDOWS\system32\wininet.dll

2008-08-20 13:08 --------- d-----w C:\Program Files\Gadu-Gadu

2008-08-19 23:36 737,280 ----a-w C:\WINDOWS\iun6002.exe

2008-08-14 13:26 2,190,464 ----a-w C:\WINDOWS\system32\ntoskrnl.exe

2008-08-14 13:26 2,067,328 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe

2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll

2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe

2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll

2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll

2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll

2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll

2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll

2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll

.

((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“ares”=“C:\Program Files\Ares\Ares.exe” [2008-02-20 963072]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“Ashampoo FireWall”=“C:\Program Files\Ashampoo\Ashampoo FireWall\FireWall.exe” [2007-04-05 3251800]

“AVG7_CC”=“C:\PROGRA~1\Grisoft\AVG7\avgcc.exe” [2008-07-22 579584]

“ISTray”=“C:\Program Files\Spyware Doctor\pctsTray.exe” [2008-04-10 1107848]

“Anti Trojan Elite”=“C:\Program Files\Anti Trojan Elite\TJEnder.exe” [2008-06-09 3579904]

[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

“AVG7_Run”=“C:\PROGRA~1\Grisoft\AVG7\avgw.exe” [2008-07-21 219136]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

“msacm.divxa32”= msaud32_divx.acm

[HKLM~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk]

path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnk

backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Synchronizer.lnk]

path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Synchronizer.lnk

backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKLM~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^ATI CATALYST – pasek zadań.lnk]

path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\ATI CATALYST – pasek zadań.lnk

backup=C:\WINDOWS\pss\ATI CATALYST – pasek zadań.lnkCommon Startup

[HKLM~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^DSLMON.lnk]

path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\DSLMON.lnk

backup=C:\WINDOWS\pss\DSLMON.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Anti Trojan Elite]

–a------ 2008-06-09 20:17 3579904 C:\Program Files\Anti Trojan Elite\TJEnder.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]

–a------ 2008-02-20 16:33 963072 C:\Program Files\Ares\Ares.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]

–a------ 2005-08-06 01:07 61440 C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

–a------ 2008-04-14 19:21 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISTray]

–a------ 2008-04-10 15:14 1107848 C:\Program Files\Spyware Doctor\pctsTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

–a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Odkurzacz-MCD]

–a------ 2008-03-03 14:44 266240 C:\Program Files\Odkurzacz\odk_mcd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

–a------ 2003-10-31 19:42 32768 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]

-ra------ 2005-10-26 16:17 159744 C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]

-rahs---- 2008-09-16 12:16 1833296 C:\Program Files\Spybot - Search Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

–a------ 2008-02-22 04:25 144784 C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]

–a------ 2008-07-09 23:33 36352 C:\Program Files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]

–a------ 2004-12-22 11:09 77824 C:\WINDOWS\SOUNDMAN.EXE

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

“%windir%\system32\sessmgr.exe”=

“C:\Program Files\eMule\emule.exe”=

“C:\Program Files\Grisoft\AVG7\avginet.exe”=

“C:\Program Files\Grisoft\AVG7\avgamsvr.exe”=

“C:\Program Files\Grisoft\AVG7\avgcc.exe”=

“C:\Program Files\Grisoft\AVG7\avgemc.exe”=

“%windir%\Network Diagnostic\xpnetdiag.exe”=

“C:\Program Files\Gadu-Gadu\gg.exe”=

“C:\Program Files\Ares\Ares.exe”=

R0 uliagpkx;ULi AGP Bus Filter Driver;C:\WINDOWS\system32\DRIVERS\agpkx.sys [2005-05-03 45056]

R3 ATE_PROCMON;ATE_PROCMON;C:\Program Files\Anti Trojan Elite\ATEPMon.sys [2004-09-10 5969]

R3 e4usbaw;USB ADSL2 WAN Adapter;C:\WINDOWS\system32\DRIVERS\e4usbaw.sys [2007-01-04 104344]

S2 E4LOADER;General Purpose USB Driver (e4ldr.sys);C:\WINDOWS\system32\Drivers\e4ldr.sys [2007-01-04 69656]

*Newly Created Service* - CATCHME

.

Zawartość folderu ‘Zaplanowane zadania’

2008-08-23 C:\WINDOWS\Tasks\Norton Security Scan.job

  • C:\Program Files\Norton Security Scan\Nss.exe [2008-01-09 04:08]

.

.

------- Skan uzupełniający -------

.

FireFox -: Profile - C:\Documents and Settings\Blemer\Dane aplikacji\Mozilla\Firefox\Profiles\46wk9cz2.default\

FF -: plugin - C:\Program Files\DivX\DivX Content Uploader\npUpload.dll

.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-10-18 14:19:03

Windows 5.1.2600 Dodatek Service Pack 3 NTFS

detected NTDLL code modification:

ZwClose

skanowanie ukrytych procesów …

skanowanie ukrytych wpisów autostartu …

skanowanie ukrytych plików …

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ASFWHide]

“ImagePath”="??\C:\DOCUME~1\Blemer\USTAWI~1\Temp\ASFWHide"

.

Czas ukończenia: 2008-10-18 14:21:17

ComboFix-quarantined-files.txt 2008-10-18 12:21:11

Przed: 8 916 918 272 bajtów wolnych

Po: 8,907,288,576 bajtów wolnych

160 — E O F — 2008-10-15 20:10:52

#2

Czysto.

Usuń ręcznie folder C:** Qoobox**,

Usuń instalkę ComboFix z dysku.

Wykonaj optymalizację autostartu

Przeczyść komputer Ccleanerem

Wyłącz i włącz przywracanie systemu na wszystkich dyskach.Instrukcja

Przeskanuj tym: Dr.WEB CureIt! .

=================

K.