Net laguje - Kiedyś było dobrze- sprawdźcie loga

Dla specjalistów Bezpieczeństwo
#1

Coś mi net laguje a kiedyś tak nie było…

Sprawdźcie:

ComboFix 07-11-19.3 - Ramelek 2007-11-24 18:35:38.1 - NTFSx86 

Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.1569 [GMT 1:00] 

Running from: C:\Documents and Settings\Ramelek\Pulpit\ComboFix.exe 

 * Created a new restore point 

. 


   Unable to gain System Privileges 


((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) 

. 


C:\Program Files\myglobalsearch 

C:\WINDOWS\bxsbang.dll 

C:\WINDOWS\kthemup.exe 

C:\WINDOWS\rs.txt 

C:\WINDOWS\system32\ddcyy.dll 

C:\WINDOWS\system32\wineil32.dll 

C:\WINDOWS\system32\yycdd.bak1 

C:\WINDOWS\system32\yycdd.bak2 

C:\WINDOWS\system32\yycdd.ini 


. 

((((((((((((((((((((((((( Files Created from 2007-10-24 to 2007-11-24 ))))))))))))))))))))))))))))))) 

. 


2007-11-22 17:02   
[/code]
#2

Wklej do Notatnika:

>>Plik>>Zapisz jako… >>> CFScript (najwygodniej będzie, jeśli zapiszesz w takiej lokalizacji, by ikonka CFScript.txt znalazła się obok ikonki ComboFix.exe )

Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe (czyli ikonkę CFScript.txt na ikonkę ComboFix.exe )

– podobnie jak na tym obrazku –>88953CFScript-createdbyMiekiemoes.gif

(jeśli pojawi się pytanie " 1 or 2" - to wpisz 1 i naciśnij ENTER) Ma się rozpocząć usuwanie. (i powstanie log)

Po restarcie usuń ręcznie folder C: ** Qoobox**.

Po tym nowy log z Combo, ale przed tym:

Wklej do Notatnika:

Windows Registry Editor Version 5.00


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]

"Authentication Packages"=-

"Authentication Packages"=hex(7):6d,00,73,00,76,00,31,00,5f,00,30,00,00,00,00,\

  00

Z menu Notatnika Plik Zapisz jako Ustaw rozszerzenie na “Wszystkie pliki” Zapisz jako FIX.REG uruchom ten plik (dwuklik).

#3

Nowy log:

ComboFix 07-11-19.4 - Ramelek 2007-11-26 20:52:17.3 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.1632 [GMT 1:00]

Running from: C:\Documents and Settings\Ramelek\Pulpit\ComboFix.exe

.

((((((((((((((((((((((((( Files Created from 2007-10-26 to 2007-11-26 )))))))))))))))))))))))))))))))

.

2007-11-26 19:04

2007-11-23 17:20 130,048 --a------ C:\WINDOWS\system32\SpoonUninstall.exe

2007-11-22 17:02

2007-11-22 17:02

2007-11-22 17:02

2007-11-22 15:13

2007-11-22 15:13 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll

2007-11-19 16:59

2007-11-19 16:57

2007-11-19 16:57

2007-11-19 16:57

2007-11-19 15:30

2007-11-19 14:44 120,056 --------- C:\WINDOWS\system32\pxcpyi64.exe

2007-11-19 14:44 118,520 --------- C:\WINDOWS\system32\pxinsi64.exe

2007-11-12 19:14

2007-11-12 14:21

2007-11-08 21:04 90,112 --a------ C:\WINDOWS\unvise32.exe

2007-11-06 18:58

2007-11-06 16:00

2007-11-06 15:49

2007-11-02 17:48

2007-10-28 13:19

2007-10-27 17:17

2007-10-27 17:15

2007-10-27 17:10 5,374 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd

2007-10-27 10:07 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll

2007-10-27 09:28

2007-10-27 09:23

2007-10-27 09:06 72,234 --a------ C:\WINDOWS\BricoPackUninst.cmd

2007-10-27 09:04

2007-10-26 18:28

2007-10-26 18:28 107,832 --a------ C:\WINDOWS\system32\PnkBstrB.exe

2007-10-26 18:28 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe

2007-10-26 18:28 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2007-11-26 19:43 --------- d-----w C:\Documents and Settings\Ramelek\Dane aplikacji\Winamp

2007-11-26 19:43 --------- d-----w C:\Documents and Settings\Ramelek\Dane aplikacji\uTorrent

2007-11-26 18:04 --------- d-----w C:\Documents and Settings\Ramelek\Dane aplikacji\teamspeak2

2007-11-21 17:24 --------- d-----w C:\Documents and Settings\Ramelek\Dane aplikacji\OpenOfficeT72

2007-11-12 14:58 --------- d–h--w C:\Program Files\InstallShield Installation Information

2007-11-08 18:26 --------- d-----w C:\Program Files\Common Files\InstallShield

2007-11-05 20:45 --------- d—a-w C:\Documents and Settings\All Users\Dane aplikacji\TEMP

2007-10-27 08:06 219,648 ----a-w C:\WINDOWS\system32\uxtheme.dll

2007-10-26 11:42 163,644 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys

2007-10-25 17:05 94,416 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys

2007-10-25 17:05 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys

2007-10-25 17:03 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys

2007-10-25 17:01 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys

2007-10-25 16:58 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys

2007-10-25 16:24 815,480 ----a-w C:\WINDOWS\system32\aswBoot.exe

2007-10-25 16:14 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr

2007-10-25 14:01 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys

2007-10-25 10:56 --------- d-----w C:\Program Files\DIFX

2007-10-23 16:35 --------- d-----w C:\Documents and Settings\Ramelek\Dane aplikacji\Hewlett-Packard

2007-10-23 16:32 --------- d-----w C:\Program Files\Common Files\Hewlett-Packard

2007-10-23 13:20 972,072 ----a-w C:\WINDOWS\UNNeroMediaHome.exe

2007-10-22 07:51 972,072 ----a-w C:\WINDOWS\UNRecode.exe

2007-10-21 19:24 --------- d-----w C:\Program Files\uTorrent

2007-10-20 00:56 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe

2007-10-20 00:56 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll

2007-10-20 00:56 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll

2007-10-20 00:56 129,784 ------w C:\WINDOWS\system32\pxafs.dll

2007-10-20 00:56 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll

2007-10-20 00:54 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll

2007-10-20 00:54 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll

2007-10-20 00:54 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll

2007-10-20 00:54 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll

2007-10-20 00:54 739,840 ----a-w C:\WINDOWS\system32\DivX.dll

2007-10-20 00:54 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll

2007-10-19 18:29 315,392 ----a-w C:\WINDOWS\HideWin.exe

2007-10-19 18:29 --------- d-----w C:\Program Files\Realtek

2007-10-19 18:14 --------- d-----w C:\Program Files\microsoft frontpage

2007-10-19 18:12 --------- d-----w C:\Program Files\Usługi online

2007-10-19 15:39 --------- d-----w C:\Documents and Settings\Ramelek\Dane aplikacji\Gadu-Gadu

2007-10-19 13:56 --------- d-----w C:\Program Files\OpenOfficeT7 2.3

2007-10-19 13:55 --------- d-----w C:\Program Files\Open Office

2007-10-19 12:50 --------- d-----w C:\Program Files\Alwil Software

2007-10-18 09:06 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe

2007-10-18 09:03 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll

2007-10-18 09:03 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll

2007-10-18 09:03 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll

2007-10-18 09:03 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll

2007-10-18 09:03 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll

2007-10-18 09:03 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll

2007-10-18 09:02 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll

2007-09-20 07:55 95,600 ----a-w C:\WINDOWS\system32\NeroCo.dll

2007-09-11 09:17 81,920 ----a-w C:\WINDOWS\system32\frapsvid.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“AQQ”=“E:\WapSter\AQQ\AQQ.exe” [2007-02-28 13:18]

“RocketDock”=“C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe” [2007-03-18 23:05]

“BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}”=“C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe” [2007-10-23 14:18]

“Odkurzacz-MCD”=“E:\Programy\Odkurzacz\odk_mcd.exe” [2007-05-03 10:02]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“NvCplDaemon”=“RUNDLL32.exe” [2004-08-03 23:44 C:\WINDOWS\system32\rundll32.exe]

“nwiz”=“nwiz.exe” [2007-05-10 23:03 C:\WINDOWS\system32\nwiz.exe]

“NeroFilterCheck”=“C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe” [2007-03-01 14:57]

“NBKeyScan”=“C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe” [2007-09-20 08:51]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\opnmlml]

opnmlml.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^hp psc 1000 series.lnk]

path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\hp psc 1000 series.lnk

backup=C:\WINDOWS\pss\hp psc 1000 series.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^hpoddt01.exe.lnk]

path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\hpoddt01.exe.lnk

backup=C:\WINDOWS\pss\hpoddt01.exe.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Ramelek^Menu Start^Programy^Autostart^RocketDock.lnk]

path=C:\Documents and Settings\Ramelek\Menu Start\Programy\Autostart\RocketDock.lnk

backup=C:\WINDOWS\pss\RocketDock.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Ramelek^Menu Start^Programy^Autostart^TransBar.lnk]

path=C:\Documents and Settings\Ramelek\Menu Start\Programy\Autostart\TransBar.lnk

backup=C:\WINDOWS\pss\TransBar.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Ramelek^Menu Start^Programy^Autostart^UberIcon.lnk]

path=C:\Documents and Settings\Ramelek\Menu Start\Programy\Autostart\UberIcon.lnk

backup=C:\WINDOWS\pss\UberIcon.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Ramelek^Menu Start^Programy^Autostart^Y’z Shadow.lnk]

path=C:\Documents and Settings\Ramelek\Menu Start\Programy\Autostart\Y’z Shadow.lnk

backup=C:\WINDOWS\pss\Y’z Shadow.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!]

2007-10-25 17:20 79224 --a------ C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InternetCalls]

E:\Programy\InternetCalls.com\InternetCalls\InternetCalls.exe -nosplash -minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]

RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RocketDock]

2007-03-18 23:05 630784 --a------ C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]

RTHDCPL.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]

f:\steam\steam.exe -silent

R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3;C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

S3 usbscan;Sterownik skanera USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys

S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

.

Contents of the ‘Scheduled Tasks’ folder

“2007-11-23 17:35:01 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1193157329.job”

  • E:\Programy\Drukarka HP Printer\Digital Imaging\Bin\hpqfrucl.exe4-I

“2007-10-23 16:35:56 C:\WINDOWS\Tasks\WebReg 20071023183556.job”

  • E:\Programy\Drukarka HP Printer\Digital Imaging\Bin\hpqwrg.exe[/TaskName 20071023183556 /N

.

**************************************************************************

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http]

#4

Otwórz Notatnik i wklej w nim to:

Plik >>> Zapisz jako >>> Zmień rozszerzenie z TXT na Wszystkie pliki >>> Zapisz pod nazwą FIX.REG >>> kliknij dwa razy na utworzony plik FIX.REG i potwierdź dodanie do rejestru >>> restart.