Cyberlog-X

[mixo1]

Proszę o pomoc Wyskakuje komunikat Critcial System Warning i nazwa podana w temacie oraz komunikat o pobraniu darowego programu. Następnie zmienia się główna strona przeglądarki z adresem C:\WINDOWS\system32\spywarewarning.mht a na stronie jest napisane

Attention! Your system is currently vulnerable to computer attacks. Remote intruders can gain access to following files and folders on your PC:
- \Windows\System32
- \Program Files\Internet Explorer
- \My Documents
- Drive C:\ files
To enhance the security on your PC Download and run Intrusion Detection System (IDS software)

Kod: Zaznacz wszystko

ComboFix 07-10-29.1 - admin 2007-10-30 13:44:02.1 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1250.1.1045.18.140 [GMT 1:00]
Running from: C:\ComboFix.exe
 * Created a new restore point
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\admin\~tmp1174.exe
C:\Documents and Settings\admin\Dane aplikacji\install.dat
C:\Documents and Settings\admin\Dane aplikacji\install_en[1].exe
C:\Program Files\Microsoft Security Adviser
C:\WINDOWS\hosts
C:\WINDOWS\msavsc.dll
C:\WINDOWS\msctrl.dll
C:\WINDOWS\msfw.dll
C:\WINDOWS\msiemon.dll
C:\WINDOWS\mssadv.dll
C:\WINDOWS\msscan.dll
C:\WINDOWS\system32\kernel32.exe
C:\WINDOWS\system32\pthreadVC.dll

.
(((((((((((((((((((((((((   Files Created from 2007-09-28 to 2007-10-30  )))))))))))))))))))))))))))))))
.

2007-10-30 13:42   1,529,995   --a------   C:\ComboFix.exe
2007-10-30 13:36   51,200   --a------   C:\WINDOWS\NirCmd.exe
2007-10-30 12:30   <DIR>   d--------   C:\WINDOWS\Your Memory! Część 1
2007-10-30 10:48   59,904   -r-hs----   C:\WINDOWS\system32\acctresb.exe
2007-10-30 10:48   23,040   -r-hs----   C:\WINDOWS\system32\algj.exe
2007-10-30 10:46   7,168   --a------   C:\Documents and Settings\admin\1.exe
2007-10-24 12:33   <DIR>   d--------   C:\Program Files\Winamp
2007-10-24 12:33   <DIR>   d--------   C:\Documents and Settings\admin\Dane aplikacji\Winamp
2007-10-24 11:34   <DIR>   d--------   C:\Documents and Settings\All Users\Dane aplikacji\Winamp Toolbar
2007-10-24 11:17   8,725,912   --a------   C:\Program Files\winamp55_full_emusic-7plus_pl-pl.exe
2007-10-21 12:23   <DIR>   d--------   C:\Program Files\directx
2007-10-16 10:35   60,416   -r-hs----   C:\WINDOWS\system32\actxprxyd.exe
2007-10-16 10:35   144   --ahs----   C:\WINDOWS\system32\413792453.dat
2007-10-01 13:09   121,856   --a------   C:\WINDOWS\system32\madCHook.dll
2007-09-28 15:26   <DIR>   d--------   C:\Documents and Settings\admin\Dane aplikacji\Nokia
2007-09-26 14:19   <DIR>   d--------   C:\Program Files\Windows Media Components
2007-09-26 14:17   <DIR>   d--h-----   C:\WINDOWS\msdownld.tmp
2007-09-26 14:16   236,032   --a------   C:\WINDOWS\system32\devil.dll
2007-09-26 14:16   159,744   --a------   C:\WINDOWS\system32\DartSock.dll
2007-09-26 14:16   106,496   --a------   C:\WINDOWS\system32\DartWeb.dll
2007-09-26 14:16   97,280   --a------   C:\WINDOWS\system32\ccrpbds5.dll
2007-09-26 14:16   77,824   --a------   C:\WINDOWS\system32\eJ_Enumerator.dll
2007-09-26 14:16   36,864   --a------   C:\WINDOWS\system32\eJayWMExport.dll
2007-09-26 14:16   29,696   --a------   C:\WINDOWS\system32\pthread.dll
2007-09-25 17:48   <DIR>   d--------   C:\Program Files\Common Files\DirectX
2007-09-25 08:26   <DIR>   d--------   C:\Program Files\Odkurzacz
2007-09-24 14:05   <DIR>   d--------   C:\WINDOWS\speech
2007-09-24 14:03   <DIR>   d--------   C:\Documents and Settings\admin\Dane aplikacji\LEGO Company
2007-09-19 13:32   <DIR>   d--------   C:\WINDOWS\USB Vibration
2007-09-09 17:19   <DIR>   d--------   C:\Program Files\sXe Injected
2007-09-03 16:36   <DIR>   d--------   C:\Program Files\USB Vibration

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-30 12:21   ---------   d-----w   C:\Program Files\komunikatory
2007-10-26 12:58   ---------   d-----w   C:\Documents and Settings\admin\Dane aplikacji\Skype
2007-10-20 09:57   ---------   d--h--w   C:\Program Files\InstallShield Installation Information
2007-10-19 11:38   ---------   d-----w   C:\Program Files\Java
2007-10-08 09:19   ---------   d-----w   C:\Program Files\eMule
2007-10-04 13:29   ---------   d-----w   C:\Documents and Settings\admin\Dane aplikacji\U3
2007-09-25 08:23   ---------   d-----w   C:\Documents and Settings\All Users\Dane aplikacji\Microsoft Help
2007-09-25 07:36   ---------   d-----w   C:\Program Files\XviD
2007-09-25 07:36   ---------   d-----w   C:\Program Files\USB Disk Win98 Driver
2007-09-25 07:36   ---------   d-----w   C:\Program Files\Steganos Security Suite 7 SE
2007-09-25 07:36   ---------   d-----w   C:\Program Files\QuickTime
2007-09-25 07:36   ---------   d-----w   C:\Documents and Settings\admin\Dane aplikacji\BitTorrent
2007-09-06 10:05   94,416   ----a-w   C:\WINDOWS\system32\drivers\aswmon2.sys
2007-09-06 10:05   92,848   ----a-w   C:\WINDOWS\system32\drivers\aswmon.sys
2007-09-06 10:03   23,152   ----a-w   C:\WINDOWS\system32\drivers\aswRdr.sys
2007-09-06 10:02   42,912   ----a-w   C:\WINDOWS\system32\drivers\aswTdi.sys
2007-09-06 10:00   26,624   ----a-w   C:\WINDOWS\system32\drivers\aavmker4.sys
2007-09-01 09:10   ---------   d-----w   C:\Program Files\Google
2007-08-20 19:40   6,498,440   ----a-w   C:\Program Files\Opera_9.23_International_Setup.exe
2007-08-09 14:48   14,850,864   ----a-w   C:\Program Files\IE7-WindowsXP-x86-plk.exe
2007-07-31 14:57   18,164,640   ----a-w   C:\Program Files\aaw2007(pobieralnia.pl).exe
2007-07-12 12:25   15,324,000   ----a-w   C:\Program Files\setuppol.exe
2007-07-12 11:17   880   ------w   C:\Program Files\uDigestV2.vib
2007-07-12 11:17   8,186   ------w   C:\Program Files\sys32init.clx
2007-07-12 11:17   8,186   ------w   C:\Program Files\clogo2.bmp
2007-07-12 11:17   400   ------w   C:\Program Files\uDigestV1.via
2007-07-12 11:17   3,760   ------w   C:\Program Files\uDigestV4.vid
2007-07-12 11:17   21,538   ------w   C:\Program Files\dll32sys.clx
2007-07-12 11:17   21,538   ------w   C:\Program Files\clogo1.bmp
2007-07-12 11:17   160   ------w   C:\Program Files\i32verx.dll
2007-07-12 11:17   1,840   ------w   C:\Program Files\uDigestV3.vic
2007-05-02 10:51   21,822,168   ------w   C:\Program Files\AdbeRdr80_en_US.exe
2007-05-02 10:48   7,050,552   ------w   C:\Program Files\psa30se_en_us.exe
2007-04-21 13:12   12   ----a-w   C:\Documents and Settings\admin\USERDATA.DAT
2007-03-29 08:04   332,883   ------w   C:\Program Files\przypom.zip
2007-02-22 20:05   22,144   ----a-w   C:\Documents and Settings\admin\Dane aplikacji\GDIPFONTCACHEV1.DAT
2006-11-28 16:52   403,072   ------w   C:\Program Files\aswclnr.exe
2006-11-27 19:40   3,534,076   ------w   C:\Program Files\eMule0.47c-Installer.exe
2006-10-29 17:37   899,414   ------w   C:\Program Files\SetupDVDDecrypter_3.5.4.0.exe
2006-08-24 10:04   36   ----a-w   C:\Documents and Settings\admin\klextlock.dat
2006-08-23 07:15   11,682,968   ------w   C:\Program Files\setupeng.exe
1999-02-11 09:49   40,274   ------w   C:\Program Files\halas.wav
2006-10-29 20:31:03   952   --sha-w   C:\WINDOWS\system32\KGyGaAvL.sys
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
         C:\Program Files\Winamp Toolbar\winamptb.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EBF2BA02-9094-4c5a-858B-BB198F3D8DE2}"= C:\Program Files\Winamp Toolbar\winamptb.dll [ ]

[HKEY_CLASSES_ROOT\CLSID\{EBF2BA02-9094-4c5a-858B-BB198F3D8DE2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:\Program Files\Winamp Toolbar\winamptb.dll [ ]

[HKEY_CLASSES_ROOT\CLSID\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2004-10-08 10:52]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-01-18 16:47]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-01-18 16:37]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40]
"Anti Trojan Elite"="C:\Program Files\Anti Trojan Elite\TJEnder.exe" []
"USB Storage Toolbox"="C:\Program Files\USB Disk Win98 Driver\Res.EXE" [2005-09-14 19:44]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 23:47]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 02:06]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2006-06-15 11:36]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 11:06]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 05:24]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-07-10 08:18]
"netc"="C:\WINDOWS\svc.exe" []
"netzip"="C:\WINDOWS\svzip.exe" []
"net64"="C:\WINDOWS\svhoster.exe" []
"netsv32"="C:\WINDOWS\sv.exe" []
"runsql"="C:\WINDOWS\runsql.exe" []
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-10-10 06:28]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]
"IEUpdate"="C:\WINDOWS\system32\algj.exe" [2007-10-30 10:48]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 22:44]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 16:24]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2006-08-30 12:28]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-01-18 16:07]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe" []
"BitTorrent"="D:\totet\bittorrent.exe" []
"AQQ"="C:\PROGRA~1\WapSter\AQQ\AQQ.exe" []
"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-06-27 15:21]
"Odkurzacz-MCD"="C:\Program Files\Odkurzacz\odk_mcd.exe" [2007-05-03 09:02]
"IEUpdate"="C:\WINDOWS\system32\algj.exe" [2007-10-30 10:48]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runservices]
"IEUpdate"=C:\WINDOWS\system32\algj.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"IEUpdate"=C:\WINDOWS\system32\algj.exe

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"nlsf"=cmd.exe /C move /Y "%SystemRoot%\System32\syssetupo.dll" "%SystemRoot%\System32\syssetup.dll"
"tscuninstall"=%systemroot%\system32\tscupgrd.exe
"SSSSE7"="C:\Program Files\Steganos Security Suite 7 SE\sssse7.exe" -firstboot
"IETI"=C:\Program Files\Skype\Phone\IEPlugin\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART

C:\Documents and Settings\admin\Menu Start\Programy\Autostart\
PowerReg Scheduler.exe [2007-03-11 14:47:02]
Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 19:24:54]
ubisoft register.lnk - D:\Program Files\Ubisoft\Eagle Dynamics\Lock On\Register\schedule.exe [2007-10-20 12:00:00]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-05-01 17:36:30]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2006-08-30 12:28:06]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 09:01:04]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"=1 (0x1)
"NoResolveSearch"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"System"="lsass.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"IEUpdate"= C:\WINDOWS\system32\algj.exe


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7703d086-74e5-11dc-9d10-000c7694d839}]
Auto\command - H:\sxs2.exe
AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sxs2.exe

.
Contents of the 'Scheduled Tasks' folder
"2007-10-24 16:00:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
.
**************************************************************************

catchme 0.3.1239 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-30 13:46:54
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-30 13:47:57 - machine was rebooted
.
   --- E O F ---

[pp3088]

http://instalki.pl/forum/templates/subS ... nipost.gif

[Arexe]

Przeczysc na poczatek kompa np. tymi programami:
Spybot
F-Secure
i skanerem internetowym Mksvir

Pokaz tez loga z HijackThis