poradził sobie z IE - można zmienic juz strone domową
ale bład przy FF został....
niewiem czy to potrzebne ale po zaończeniu działania cobofixa pojawił się log:
ComboFix 07-11-08.1 - Właściciel 2007-11-14 12:21:31.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1045.18.2778 [GMT 1:00]
Running from: C:\Documents and Settings\Właściciel\Pulpit\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Autorun.inf
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_ODBCASVC
((((((((((((((((((((((((( Files Created from 2007-10-14 to 2007-11-14 )))))))))))))))))))))))))))))))
.
2007-11-14 12:21 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-13 20:47 82,432 --a------ C:\WINDOWS\system32\CNBJMON2.DLL
2007-11-13 20:22 <DIR> d-------- C:\Program Files\Kaspersky Lab
2007-11-13 20:22 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab
2007-11-13 20:22 2,342,176 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-11-13 20:22 12,064 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2007-11-08 15:45 <DIR> dr------- C:\Documents and Settings\LocalService\Ulubione
2007-11-08 00:25 306,688 --a------ C:\WINDOWS\IsUninst.exe
2007-11-08 00:23 116,736 --a------ C:\WINDOWS\system32\CNMLM61.DLL
2007-11-08 00:23 7,680 --a------ C:\WINDOWS\system32\CNMVS61.DLL
2007-11-08 00:22 <DIR> d-------- C:\Program Files\Canon
2007-11-07 23:39 75,264 --a------ C:\WINDOWS\system32\E_FLBBNE.DLL
2007-11-07 23:39 62,976 --a------ C:\WINDOWS\system32\E_FD4BBNE.DLL
2007-11-07 23:39 49,152 --a------ C:\WINDOWS\system32\E_DCINST.DLL
2007-11-07 23:38 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\EPSON
2007-11-07 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2007-11-07 23:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2007-11-07 22:26 1,056,768 --------- C:\WINDOWS\system32\ROBOEX32.DLL
2007-11-07 22:24 <DIR> d-------- C:\Program Files\EasySIGN
2007-10-25 20:35 <DIR> d-------- C:\Program Files\Winamp Toolbar
2007-10-25 20:35 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Winamp Toolbar
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-14 11:23 37,616 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2007-11-14 11:23 3,200 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2007-11-13 12:57 --------- d-----w C:\Program Files\NAPI-PROJEKT
2007-11-08 22:18 --------- d-----w C:\Program Files\Winamp
2007-11-08 22:15 --------- d-----w C:\Program Files\EPSON
2007-10-09 20:56 --------- d-----w C:\Program Files\Mistral 12
2007-10-08 13:05 --------- d-----w C:\Program Files\Gadu-Gadu
2007-10-06 17:13 --------- d-----w C:\Program Files\FlashGet
2007-10-04 06:58 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Trymedia
2007-10-02 12:25 921,600 ----a-w C:\WINDOWS\system32\vorbisenc.dll
2007-10-02 12:25 237,568 ----a-w C:\WINDOWS\system32\OggDS.dll
2007-10-02 12:24 45,056 ----a-w C:\WINDOWS\system32\ogg.dll
2007-10-02 12:24 188,416 ----a-w C:\WINDOWS\system32\vorbis.dll
2007-10-02 12:24 1,415,680 ----a-w C:\WINDOWS\system32\WMV9VCM.dll
2007-10-02 12:23 9,216 ----a-w C:\WINDOWS\system32\cpuinf32.dll
2007-10-02 12:23 245,760 ----a-w C:\WINDOWS\system32\mplvpx.dll
2007-10-02 12:22 740,442 ----a-w C:\WINDOWS\system32\DivX.dll
2007-10-02 12:21 1,559,040 ----a-w C:\WINDOWS\system32\xvidcore.dll
2007-10-02 12:17 --------- d-----w C:\Program Files\Real Alternative
2007-10-02 12:16 --------- d-----w C:\Program Files\MarBit
2007-09-20 14:30 453,632 ------w C:\WINDOWS\comdll.dll
2007-08-31 21:34 111,104 ----a-w C:\WINDOWS\system32\uha.exe
2007-08-24 12:00 191,488 ----a-w C:\WINDOWS\system32\hlvdd.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
2007-10-04 21:06 1135968 --a------ C:\Program Files\Winamp Toolbar\winamptb.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EBF2BA02-9094-4c5a-858B-BB198F3D8DE2}"= C:\Program Files\Winamp Toolbar\winamptb.dll [2007-10-04 21:06 1135968]
[HKEY_CLASSES_ROOT\CLSID\{EBF2BA02-9094-4c5a-858B-BB198F3D8DE2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:\Program Files\Winamp Toolbar\winamptb.dll [2007-10-04 21:06 1135968]
[HKEY_CLASSES_ROOT\CLSID\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-03-22 03:50]
"kis"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" [2006-03-24 19:09]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-03 23:55]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Właściciel^Menu Start^Programy^Autostart^ctfmon.exe]
path=C:\Documents and Settings\Właściciel\Menu Start\Programy\Autostart\ctfmon.exe
backup=C:\WINDOWS\pss\ctfmon.exeStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
ALCMTR.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gainward]
C:\Program Files\VDOTool\TBPanel.exe /A
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
%systemroot%\system32\dumprep 0 -k
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
RTHDCPL.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
SkyTel.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
R3 akshasp;Aladdin HASP Key;C:\WINDOWS\system32\DRIVERS\akshasp.sys
S3 FWPort;Printer Port;C:\WINDOWS\system32\DRIVERS\FWPort.sys
S3 SetupNTGLM7X;SetupNTGLM7X;\??\F:\NTGLM7X.sys
S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
.
**************************************************************************
catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-14 12:23:59
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-11-14 12:25:50 - machine was rebooted
.
--- E O F ---
a później :
więc restartuje ....