Komp cały czas coś pobiera z netu


(Jantar Meble) #1

Mam problem.

Mój komp cały czas coś pobiera z netu i strasznie zwolnił.

Pomocy !!

Załączam log z hijacka


(Gutek) #2

Gdzie ten log? Daj log z ComboFix


(Jantar Meble) #3

Załączam log z combofixa.

proszę o uwagi !!

ComboFix 08-06-20.4 - BIURO 2008-07-01 13:43:20.1 - NTFSx86

Running from: D:\ANTYWIRUSY I ŁATY\combofix\ComboFix.exe

* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED!!

.

((((((((((((((((((((((((( Files Created from 2008-06-01 to 2008-07-01 )))))))))))))))))))))))))))))))

.

2008-07-01 10:28 . 2008-07-01 10:28

2008-07-01 10:27 . 2008-07-01 10:27

2008-07-01 10:27 . 2007-05-30 14:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys

2008-06-30 14:02 . 2008-07-01 11:06 12 --a------ C:\WINDOWS\system32\mapisvc.inf

2008-06-30 14:01 . 2008-07-01 11:06

2008-06-11 14:13 . 2008-06-14 20:01 273,024 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-07-01 11:12 --------- d-----w C:\Program Files\neostrada tp

2008-06-14 18:01 273,024 ------w C:\WINDOWS\system32\drivers\bthport.sys

2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys

2008-05-08 10:02 --------- d-----w C:\Program Files\Opera

2008-05-07 05:16 1,291,264 ----a-w C:\WINDOWS\system32\quartz.dll

2008-04-23 07:20 826,368 ----a-w C:\WINDOWS\system32\wininet.dll

2001-11-23 10:08 712,704 ----a-w C:\WINDOWS\inf\OTHER\AUDIO3D.DLL

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:44 15360]

"Zinio DLM"="C:\Program Files\Zinio\ZinioDeliveryManager.exe" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"autoclk"="autoclk.exe" []

"adiras"="adiras.exe" []

"WOOWATCH"="C:\PROGRA~1\NEOSTR~1\Watch.exe" [2004-08-23 13:49 20480]

"WOOTASKBARICON"="C:\PROGRA~1\NEOSTR~1\GestMaj.exe" [2004-10-14 15:55 32768]

"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 01:19 79224]

"C-Media Mixer"="Mixer.exe" [2003-03-20 14:21 1855488 C:\WINDOWS\mixer.exe]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]

"!AVG Anti-Spyware"="D:\ANTYWIRUSY I ŁATY\AVG-antyspywar\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312]

[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 00:44 15360]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\

DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2007-09-04 14:07:20 839680]

Microsoft Office.lnk - D:\OFFICE\Office\OSA9.EXE [1999-02-17 21:05:56 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

--------- 2004-10-13 18:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\system32\sessmgr.exe"=

"%windir%\Network Diagnostic\xpnetdiag.exe"=

*Newly Created Service* - AVG_ANTI-SPYWARE_DRIVER

*Newly Created Service* - AVG_ANTI-SPYWARE_GUARD

*Newly Created Service* - CATCHME

.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-07-01 13:53:10

Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

Completion time: 2008-07-01 13:58:11

ComboFix-quarantined-files.txt 2008-07-01 11:57:38

Pre-Run: 4,950,044,672 bajtów wolnych

Post-Run: 5,040,992,256 bajtów wolnych

70 --- E O F --- 2008-06-21 10:59:37


(Gutek) #4

Otwórz Notatnik i wklej w nim to:

Windows Registry Editor Version 5.00 


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Zinio DLM"=-


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"autoclk"=-

"adiras"=-

Plik >>> Zapisz jako >>> Zmień rozszerzenie z TXT na Wszystkie pliki >>> Zapisz pod nazwą FIX.REG >>> kliknij dwa razy na utworzony plik FIX.REG i potwierdź dodanie do rejestru >>> restart.

Zmiana zasad wklejania logów na forum - viewtopic.php?f=16&t=253052

Po tym skan + raport http://www.kaspersky.pl/virusscanner.html