ADVERTISEMENT

ComboFix.txt

Jak usunąć iexplore.exe i pozbyć się wyskakujących okienek?

Dane komputera: AMD Sempron(tm) Processor 3000+ 1,81 GHz, 512 MB RAM. Oto log z Combofix:


Download file - link to post

ComboFix 08-10-24.02 - W***** 2008-10-28 11:28:08.14 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.245 [GMT 1:00]
Uruchomiony z: D:\ComboFix.exe
.

((((((((((((((((((((((((( Pliki utworzone od 2008-09-28 do 2008-10-28 )))))))))))))))))))))))))))))))
.

2008-10-26 20:53 . 2008-10-26 20:56 & lt; DIR & gt; d-------- C:\Program Files\RegCleaner
2008-10-25 11:37 . 2008-10-25 11:37 & lt; DIR & gt; d-------- C:\Program Files\Trend Micro
2008-10-21 15:19 . 2008-10-27 20:42 & lt; DIR & gt; d-------- C:\Program Files\MediaCoder
2008-10-21 14:20 . 2008-10-21 14:20 & lt; DIR & gt; d-------- C:\Program Files\GREATSOFTWARESETUP
2008-10-17 09:48 . 2008-10-17 09:49 & lt; DIR & gt; d-------- C:\Documents and Settings\W*****\Dane aplikacji\XTND_BTUIObjects
2008-10-11 11:29 . 2008-10-11 11:33 & lt; DIR & gt; d-------- C:\Program Files\UnderCoverXP
2008-10-04 18:01 . 2008-10-04 18:01 & lt; DIR & gt; d-------- C:\Program Files\Microsoft Silverlight
2008-09-30 18:17 . 2008-09-30 18:17 & lt; DIR & gt; d-------- C:\Program Files\DAEMON Tools Lite
2008-09-30 18:08 . 2008-09-30 18:08 & lt; DIR & gt; d-------- C:\Documents and Settings\W*****\Dane aplikacji\DAEMON Tools
2008-09-30 09:36 . 2008-09-30 18:42 & lt; DIR & gt; d-------- C:\WINDOWS\system32\CatRoot_bak

.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-28 10:21 --------- d-----w C:\Program Files\Neostrada TP
2008-10-27 13:38 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-10-26 19:57 --------- d-----w C:\Program Files\ToonCar
2008-10-22 15:23 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Spybot - Search & Destroy
2008-10-21 14:33 0 ----a-w C:\Program Files\path6.ini
2008-10-21 13:22 --------- d-----w C:\Documents and Settings\Wziêch\Dane aplikacji\GREATSOFTWARESETUP
2008-10-21 13:20 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Readme Live Axis Tons
2008-10-21 11:25 --------- d-----w C:\Program Files\SopCast
2008-10-17 08:44 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-10-10 17:19 --------- d-----w C:\Program Files\Winamp
2008-09-30 17:08 717,296 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-09-30 16:03 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\DVD Shrink
2008-09-30 15:49 47,360 ----a-w C:\Documents and Settings\Wziêch\Dane aplikacji\pcouffin.sys
2008-09-30 15:49 --------- d-----w C:\Program Files\Elaborate Bytes
2008-09-30 15:49 --------- d-----w C:\Documents and Settings\Wziêch\Dane aplikacji\Vso
2008-09-30 11:23 47,360 ----a-w C:\WINDOWS\system32\drivers\pcouffin.sys
2008-09-26 20:27 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Microsoft Help
2008-09-15 15:40 1,846,272 ----a-w C:\WINDOWS\system32\win32k.sys
2008-09-06 19:48 --------- d-----w C:\Documents and Settings\Wziêch\Dane aplikacji\dvdcss
2008-08-31 17:22 --------- d-----w C:\Program Files\djDecks
2008-08-28 10:04 333,056 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-08-26 08:27 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-08-14 13:46 2,181,632 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-08-14 13:46 2,059,008 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2008-01-03 14:57 81,920 ----a-w C:\Documents and Settings\Wziêch\Dane aplikacji\ezpinst.exe
2007-10-31 11:52 642,796 ----a-w C:\Program Files\XviD-1.1.3-28062007.exe
2007-10-31 11:43 1,732,834 ----a-w C:\Program Files\ALLPlayer(dobreprogramy.pl).exe
2007-10-30 11:56 7,467,056 ----a-w C:\Program Files\spybotsd15.exe
2007-10-30 09:46 212,843 ----a-w C:\Program Files\hijackthis.zip
2007-10-29 22:13 1,341,173 ----a-w C:\Program Files\pqremove.zip
2007-10-29 21:30 242,894 ----a-w C:\Program Files\odk_update.exe
2007-10-28 17:05 686 ----a-w C:\Program Files\sygn.dll
2007-10-28 17:05 405 ----a-w C:\Program Files\sygn_info.dat
2007-08-03 12:42 3,456,433 ----a-w C:\Program Files\pgcedit.exe
2007-08-01 00:48 7,638,928 ----a-w C:\Program Files\NMP-1.4.0.35b_(www.programs.pl).exe
2007-07-24 08:22 3,858,985 ----a-w C:\Program Files\eMule0.48a-Installer.exe
2007-05-22 13:31 4,987,800 ----a-w C:\Program Files\SetupCloneDVD2.exe
2007-05-22 12:51 606,022 ----a-w C:\Program Files\DVD-RBv096FreeUO.zip
2007-05-22 11:45 7,087,488 ----a-w C:\Program Files\Alcohol120_trial_1.9.6.4719(dobreprogramy.pl).exe
2007-01-01 21:50 1,087,682 ----a-w C:\Program Files\subtitleworkshop251.zip
2007-01-01 21:49 89,937 ----a-w C:\Program Files\vobedit06.zip
2007-01-01 21:41 1,354,388 ----a-w C:\Program Files\subedit_install.exe
2006-12-30 16:54 255 ----a-w C:\Program Files\dvdremake.log
2006-12-30 14:47 1,484,780 ----a-w C:\Program Files\DvdReMake Pro_3[1].5.3_D.zip
2006-12-26 02:37 3,534,076 ----a-w C:\Program Files\eMule0.47c-Installer.exe
2006-12-25 12:57 1,094,021 ----a-w C:\Program Files\dvdshrink32setup.zip
2006-12-25 12:56 899,414 ----a-w C:\Program Files\SetupDVDDecrypter_3.5.4.0.exe
2006-12-24 00:31 13,356,136 ----a-w C:\Program Files\antivir_workstation_win7u_en_h.exe
2006-12-23 21:46 6,469,352 ----a-w C:\Program Files\avgas-setup-7.5.0.50.exe
2006-12-19 23:13 44,870 ----a-w C:\Program Files\PageDefrag.zip
2006-12-19 23:06 6,457,048 ----a-w C:\Program Files\odk10.2.0806.1080setup.exe
2006-12-19 22:17 1,923,581 ----a-w C:\Program Files\winamp278_full.exe
2006-12-19 22:01 1,633,992 ----a-w C:\Program Files\RCSammsoftTrial.exe
2006-12-18 16:27 22,907,904 ----a-w C:\Program Files\titan6shgr.exe
2006-12-18 10:02 1,047,270 ----a-w C:\Program Files\wrar360pl.exe
2006-12-18 00:44 3,498,312 ----a-w C:\Program Files\BSLITEINSTALL.exe
2006-12-16 13:18 526,018 ----a-w C:\Program Files\DVD43_3-9-0_Setup.exe
2004-10-01 13:00 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe
2004-06-18 09:05 45,056 ----a-w C:\WINDOWS\inf\Slntinst.exe
2003-08-22 09:09 45,056 ----a-w C:\WINDOWS\inf\slntinst_staticW2k.exe
.

------- Sigcheck -------

2008-04-14 18:21 14336 8607d35d92528e2df386f19a960d23ce C:\WINDOWS\SoftwareDistribution\Download\dd64aa87403cfac627c6c8f37d245aa4\svchost.exe
2004-08-03 23:44 14336 ba98327e90022dbd6ee76490e0622e2e C:\WINDOWS\system32\svchost.exe
2004-08-03 23:44 14336 ba98327e90022dbd6ee76490e0622e2e C:\WINDOWS\system32\dllcache\svchost.exe

2008-04-14 18:20 82432 c0aa2ab856680c44739b41e01f5bd4e9 C:\WINDOWS\SoftwareDistribution\Download\dd64aa87403cfac627c6c8f37d245aa4\ws2_32.dll
2004-08-03 23:44 82944 ab82237486b727dd7dab36a76f38a3a2 C:\WINDOWS\system32\ws2_32.dll
2004-08-03 23:44 82944 ab82237486b727dd7dab36a76f38a3a2 C:\WINDOWS\system32\dllcache\ws2_32.dll

2008-04-14 18:21 510464 51fd2e13d723857b9ca239ae77150f48 C:\WINDOWS\SoftwareDistribution\Download\dd64aa87403cfac627c6c8f37d245aa4\winlogon.exe
2004-08-03 23:44 504832 0344407089b08548d4feba62bb0f32d0 C:\WINDOWS\system32\winlogon.exe
2004-08-03 23:44 504832 0344407089b08548d4feba62bb0f32d0 C:\WINDOWS\system32\dllcache\winlogon.exe

2008-04-13 20:20 182656 1df7f42665c94b825322fae71721130d C:\WINDOWS\SoftwareDistribution\Download\dd64aa87403cfac627c6c8f37d245aa4\ndis.sys
2004-08-03 22:14 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\system32\dllcache\ndis.sys
2004-08-03 22:14 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\system32\drivers\ndis.sys

2008-04-13 19:53 36608 3bb22519a194418d5fec05d800a19ad0 C:\WINDOWS\SoftwareDistribution\Download\dd64aa87403cfac627c6c8f37d245aa4\ip6fw.sys
2004-08-03 22:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\system32\dllcache\ip6fw.sys
2004-08-03 22:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\system32\drivers\ip6fw.sys

2008-04-14 18:21 109056 3e3ae424e27c4cefe4cab368c7b570ea C:\WINDOWS\SoftwareDistribution\Download\dd64aa87403cfac627c6c8f37d245aa4\services.exe
2004-08-03 23:44 108544 3da8d964d2cc12ef8e8c342471a37917 C:\WINDOWS\system32\services.exe
2004-08-03 23:44 108544 3da8d964d2cc12ef8e8c342471a37917 C:\WINDOWS\system32\dllcache\services.exe

2008-04-14 18:21 13312 88296f7943f30a1ee3af735440b92268 C:\WINDOWS\SoftwareDistribution\Download\dd64aa87403cfac627c6c8f37d245aa4\lsass.exe
2004-08-03 23:44 13312 f485fefc8cc4fd29243d800be5d275d1 C:\WINDOWS\system32\lsass.exe
2004-08-03 23:44 13312 f485fefc8cc4fd29243d800be5d275d1 C:\WINDOWS\system32\dllcache\lsass.exe

2008-04-14 18:21 15360 1bd41eda5b869afc99895c39a8de36e1 C:\WINDOWS\SoftwareDistribution\Download\dd64aa87403cfac627c6c8f37d245aa4\ctfmon.exe
2004-08-03 23:44 15360 cbfa30492d70ce3938d8a7783d0c0436 C:\WINDOWS\system32\ctfmon.exe
2004-08-03 23:44 15360 cbfa30492d70ce3938d8a7783d0c0436 C:\WINDOWS\system32\dllcache\ctfmon.exe

2008-04-14 18:21 26624 2a5b37d520508be6570a3ea79695f5b5 C:\WINDOWS\SoftwareDistribution\Download\dd64aa87403cfac627c6c8f37d245aa4\userinit.exe
2004-08-03 23:44 25088 bd768099b4c44aa631728cb74eb54396 C:\WINDOWS\system32\userinit.exe
2004-08-03 23:44 25088 bd768099b4c44aa631728cb74eb54396 C:\WINDOWS\system32\dllcache\userinit.exe

2008-04-14 18:20 296448 52e0505408edd4ab5ccc7f83b67b4299 C:\WINDOWS\SoftwareDistribution\Download\dd64aa87403cfac627c6c8f37d245aa4\termsrv.dll
2004-08-03 23:44 296448 2c28157229925280916b3041ccc5fe4b C:\WINDOWS\system32\termsrv.dll
2004-08-03 23:44 296448 2c28157229925280916b3041ccc5fe4b C:\WINDOWS\system32\dllcache\termsrv.dll
.
((((((((((((((((((((((((((((( snapshot_2008-10-21_13.27.53.70 )))))))))))))))))))))))))))))))))))))))))
.
- 2005-10-20 18:02:28 163,328 ----a-w C:\WINDOWS\erdnt\Hiv-backup\ERDNT.EXE
+ 2005-10-20 19:02:28 163,328 ----a-w C:\WINDOWS\erdnt\Hiv-backup\ERDNT.EXE
- 2000-08-31 06:00:00 28,672 ----a-w C:\WINDOWS\Nircmd.exe
+ 2000-08-31 07:00:00 28,672 ----a-w C:\WINDOWS\NIRCMD.exe
- 2000-08-31 06:00:00 161,792 ----a-w C:\WINDOWS\SWREG.exe
+ 2000-08-31 07:00:00 161,792 ----a-w C:\WINDOWS\SWREG.exe
- 2006-08-17 12:30:06 332,288 -c--a-w C:\WINDOWS\system32\dllcache\netapi32.dll
+ 2008-10-15 17:00:47 332,800 -c--a-w C:\WINDOWS\system32\dllcache\netapi32.dll
- 2006-08-17 12:30:06 332,288 ----a-w C:\WINDOWS\system32\netapi32.dll
+ 2008-10-15 17:00:47 332,800 ----a-w C:\WINDOWS\system32\netapi32.dll
- 2008-03-30 05:06:42 40,128 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-10-26 08:19:50 40,128 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-03-30 05:06:42 49,712 ----a-w C:\WINDOWS\system32\perfc015.dat
+ 2008-10-26 08:19:50 49,712 ----a-w C:\WINDOWS\system32\perfc015.dat
- 2008-03-30 05:06:42 311,740 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-10-26 08:19:50 311,740 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2008-03-30 05:06:42 355,830 ----a-w C:\WINDOWS\system32\perfh015.dat
+ 2008-10-26 08:19:50 355,830 ----a-w C:\WINDOWS\system32\perfh015.dat
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyœlne, prawid³owe wpisy nie s¹ pokazane
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
" Jessops Insert Detect " = " C:\Program Files\Jessops\Picture Suite\InsDetect.exe " [2003-02-17 262144]
" ctfmon.exe " = " C:\WINDOWS\system32\ctfmon.exe " [2004-08-03 15360]
" 16 Third " = " C:\DOCUME~1\WZICH~1\DANEAP~1\GREATS~1\Ball real.exe " [2008-10-21 462336]
" Picasa Media Detector " = " C:\Program Files\Picasa2\PicasaMediaDetector.exe " [2008-02-26 443968]
" DAEMON Tools Lite " = " C:\Program Files\DAEMON Tools Lite\daemon.exe " [2008-07-24 490952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
" WOOWATCH " = " C:\PROGRA~1\NEOSTR~1\Watch.exe " [2005-07-21 20480]
" WOOTASKBARICON " = " C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe " [2005-07-21 53248]
" CnxDslTaskBar " = " C:\Program Files\ZTE Corporation\ZXDSL852\CnxDslTb.exe " [2005-07-21 278528]
" ATIPTA " = " C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe " [2005-05-03 344064]
" GrooveMonitor " = " C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe " [2006-10-26 31016]
" SSBkgdUpdate " = " C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe " [2003-10-14 155648]
" PaperPort PTD " = " C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe " [2005-03-17 57393]
" IndexSearch " = " C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe " [2005-03-17 40960]
" SetDefPrt " = " C:\Program Files\Brother\Brmfl05a\BrStDvPt.exe " [2005-01-26 49152]
" ControlCenter2.0 " = " C:\Program Files\Brother\ControlCenter2\brctrcen.exe " [2005-05-17 933888]
" AXIS TONS THE MP3 " = " C:\Documents and Settings\All Users\Dane aplikacji\Readme Live Axis Tons\Dead bend.exe " [2008-10-28 3600896]
" BTUSRBDG " = " BtUsrBdg.exe " [2003-11-05 C:\WINDOWS\system32\BtUsrBdg.exe]
" BTSETBOOTKEY " = " BTSetBootKey.exe " [2003-04-15 C:\WINDOWS\system32\BTSetBootKey.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
" CTFMON.EXE " = " C:\WINDOWS\system32\CTFMON.EXE " [2004-08-03 15360]

C:\Documents and Settings\Wzi©ch\Menu Start\Programy\Autostart\
Rejestrowanie produkt¢w Corela.lnk - C:\Program Files\Corel\Graphics9\Register\Remind32.exe [2006-07-24 67584]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-10-30 113664]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 65588]
Status Monitor.lnk - C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [2007-12-27 802816]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadu-Gadu]
--a------ 2005-08-30 19:51 1708032 C:\Program Files\Gadu-Gadu 7.0\gg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 09:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Odkurzacz-MCD]
--a------ 2006-08-02 23:46 249856 C:\Program Files\Odkurzacz\odk_mcd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2001-10-02 01:42 10752 C:\Program Files\Winamp\winampa.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
" C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE " =
" C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE " =
" C:\\Program Files\\SopCast\\SopCast.exe " =
" C:\\Program Files\\SopCast\\adv\\SopAdver.exe " =

R3 BTCOMM;BTCOMM;C:\WINDOWS\system32\drivers\Btcomm.sys [2004-09-28 57512]
R3 BTKRNBDG;Bluetooth COM Bridge;C:\WINDOWS\system32\DRIVERS\btkrnbdg.sys [2003-03-18 15876]
R3 CnxEtP;ZTE ZXDSL852 Adapter Filter Driver;C:\WINDOWS\system32\DRIVERS\CnxEtP.sys [2005-05-20 131072]
R3 CnxEtU;ZTE ZXDSL852 Interface Device Driver;C:\WINDOWS\system32\DRIVERS\CnxEtU.sys [2005-05-20 618112]
R3 CnxTgNW;ZTE ZXDSL852 WAN PPPoA Adapter Driver;C:\WINDOWS\system32\DRIVERS\CnxTgNW.sys [2005-05-20 52736]
R3 vad_multi;Windigo Virtual Audio Device (WDM);C:\WINDOWS\system32\drivers\vadmulti.sys [2005-06-30 17792]
S3 CSRBC01;%CSRBC01.SvcDesc%;C:\WINDOWS\system32\Drivers\csrbc01.sys [2005-06-28 24859]
S3 PavSRK.sys;PavSRK.sys;C:\WINDOWS\system32\PavSRK.sys [ ]
.
ZawartoϾ folderu 'Zaplanowane zadania'

2008-10-28 C:\WINDOWS\Tasks\ACF1AAC9918A5D35.job
- c:\docume~1\wzich~1\daneap~1\greats~1\Ooze city loud.exe [2008-10-21 14:22]
.
.
------- Skan uzupe³niaj¹cy -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.neostrada.pl
R0 -: HKCU-Main,Default_Search_URL = hxxp://www.google.com/ie
R1 -: HKCU-Internet Connection Wizard,ShellNext = iexplore
R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s
O8 -: E & ksportuj do programu Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 -: { - C:\Program Files\Messenger\msmsgs.exe
O9 -: {C:\Program Files\Messenger\msmsgs.exe - -
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-28 11:29:36
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

skanowanie ukrytych procesów ...

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ...

skanowanie pomyœlnie ukoñczone
ukryte pliki: 0

**************************************************************************
.
Czas ukoñczenia: 2008-10-28 11:30:26
ComboFix-quarantined-files.txt 2008-10-28 10:30:15
ComboFix2.txt 2008-10-27 13:35:19
ComboFix3.txt 2008-10-26 20:01:42
ComboFix4.txt 2008-10-25 19:56:06
ComboFix5.txt 2008-10-28 10:27:52

Przed: 1 546 866 688 bajtów wolnych
Po: 1,712,599,040 bajtów wolnych

222 --- E O F --- 2008-10-24 10:40:24