lucasmadi
(Lucasmadi)
13 Wrzesień 2010 21:36
#1
Witam,
Od wczoraj mam problem z internetem. Łączę się z nim przez kartę sieciową na usb (wifi). Na innym komputerze jest wszystko ok więc podejrzewam że problem tkwi w moim.
Wrzucam Wam log z combofixa. Z góry dzięki za pomoc.
ComboFix 10-09-12.04 - Piotrek 2010-09-13 23:13:47.1.2 - x86 Microsoft Windows 7 Home Premium 6.1.7600.0.1250.48.1045.18.895.341 [GMT 2:00] Uruchomiony z: c:\users\Piotrek\Desktop\ComboFix.exe * Utworzono nowy punkt przywracania . ((((((((((((((((((((((((( Pliki utworzone od 2010-08-13 do 2010-09-13 ))))))))))))))))))))))))))))))) . 2010-09-13 21:23 . 2010-09-13 21:23 -------- d-----w- c:\users\Default\AppData\Local\temp 2010-09-06 19:49 . 2010-09-06 19:49 -------- d-----w- c:\windows\Sun 2010-08-30 21:41 . 2010-08-30 21:43 -------- d-----w- C:\Hotspot Shield 2010-08-30 21:41 . 2010-08-30 21:43 -------- d-----w- c:\program files\Hotspot Shield 2010-08-26 21:34 . 2010-08-26 21:34 -------- d-----w- C:\Casino 2010-08-26 21:05 . 2010-08-26 21:05 -------- d-----w- c:\users\Piotrek\AppData\Local\ElevatedDiagnostics 2010-08-25 19:13 . 2010-09-12 20:57 -------- d-----w- c:\users\Piotrek\AppData\Roaming\ipla 2010-08-25 19:13 . 2010-08-25 19:13 -------- d-----w- c:\programdata\ipla 2010-08-25 19:13 . 2010-08-25 19:13 -------- d-----w- c:\program files\ipla 2010-08-25 19:13 . 2010-08-25 19:13 1700352 ----a-w- c:\windows\system32\gdiplus.dll 2010-08-25 19:13 . 2010-08-25 19:13 1060864 ----a-w- c:\windows\system32\mfc71.dll 2010-08-25 08:09 . 2010-04-07 07:10 571904 ----a-w- c:\windows\system32\oleaut32.dll 2010-08-24 13:33 . 2010-09-08 19:30 -------- d-----w- c:\program files\JDownloader 2010-08-21 11:34 . 2010-08-21 11:34 -------- d-----w- c:\program files\EA SPORTS 2010-08-19 18:58 . 2010-08-25 19:56 -------- d-----w- c:\programdata\Electronic Arts 2010-08-19 15:17 . 2010-08-19 15:21 -------- d-----w- c:\program files\RegCleaner 2010-08-18 13:01 . 2010-08-18 13:01 53632 ----a-w- c:\users\Default\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com \bin\airappinstaller\airappinstaller.exe 2010-08-18 13:01 . 2010-08-18 13:01 -------- d-----w- c:\program files\Common Files\Adobe AIR 2010-08-18 13:01 . 2010-08-18 13:01 -------- d-----w- c:\users\Piotrek\AppData\Local\Adobe 2010-08-18 12:48 . 2008-07-12 06:18 3851784 ----a-w- c:\windows\system32\D3DX9_39.dll 2010-08-18 12:41 . 2010-08-18 12:41 -------- d-----w- c:\users\Piotrek\AppData\Local\Symantec 2010-08-18 12:27 . 2010-08-18 12:27 -------- d-----w- c:\program files\PowerISO 2010-08-17 08:44 . 2010-08-17 08:44 -------- d-----w- c:\users\Piotrek\AppData\Roaming\VitySoft 2010-08-17 08:44 . 2010-08-17 08:44 -------- d-----w- c:\program files\Common Files\Java 2010-08-17 08:44 . 2010-08-17 08:43 423656 ----a-w- c:\windows\system32\deployJava1.dll 2010-08-17 08:43 . 2010-08-17 08:43 -------- d-----w- c:\program files\Java 2010-08-16 23:00 . 2010-08-16 23:00 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help 2010-08-16 15:02 . 2010-08-17 09:33 -------- d-----w- c:\users\Piotrek\AppData\Roaming\vlc 2010-08-16 15:01 . 2010-08-16 15:01 -------- d-----w- c:\program files\VideoLAN 2010-08-15 21:55 . 2010-09-08 12:18 -------- d-----w- c:\program files\Microsoft Silverlight 2010-08-15 20:50 . 2010-08-15 23:07 -------- d-----w- c:\users\Piotrek\AppData\Roaming\Winamp 2010-08-15 20:50 . 2010-08-15 20:52 -------- d-----w- c:\program files\Winamp 2010-08-15 20:31 . 2010-08-15 20:31 -------- d-----w- c:\users\Piotrek\WapSter 2010-08-15 20:30 . 2010-08-15 20:30 -------- d-----w- c:\program files\WapSter 2010-08-15 20:02 . 2010-08-15 20:02 -------- d-----w- c:\programdata\NVIDIA 2010-08-15 19:50 . 2010-01-20 21:03 25648 ----a-r- c:\windows\system32\drivers\SymIMV.sys 2010-08-15 19:50 . 2010-08-17 19:24 -------- d-----w- c:\program files\Symantec 2010-08-15 19:50 . 2010-08-17 19:24 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS 2010-08-15 19:50 . 2010-08-16 14:18 -------- d-----w- c:\program files\Common Files\Symantec Shared 2010-08-15 19:49 . 2010-08-15 19:51 -------- d-----w- c:\programdata\Symantec 2010-08-15 19:49 . 2010-08-18 19:06 -------- d-----w- c:\windows\system32\drivers\NIS 2010-08-15 19:49 . 2010-08-15 19:50 -------- d-----w- c:\programdata\Norton 2010-08-15 19:49 . 2010-08-15 19:49 -------- d-----w- c:\program files\Norton Internet Security 2010-08-15 19:48 . 2010-08-15 19:48 -------- d-----w- c:\programdata\NortonInstaller 2010-08-15 19:48 . 2010-08-15 19:48 -------- d-----w- c:\program files\NortonInstaller 2010-08-15 14:25 . 2010-08-15 14:25 -------- d-----w- c:\users\Piotrek\AppData\Roaming\Media Player Classic 2010-08-15 14:15 . 2009-09-27 21:12 490088 ----a-w- c:\windows\system32\NVUNINST.EXE 2010-08-15 14:14 . 2010-08-15 14:14 -------- d-----w- C:\NVIDIA 2010-08-15 13:50 . 2010-08-15 14:44 -------- d–h--w- c:\program files\InstallShield Installation Information 2010-08-15 13:47 . 2010-08-15 14:44 -------- d-----w- c:\program files\Common Files\InstallShield 2010-08-15 07:19 . 2010-08-15 07:19 -------- d-----w- c:\windows\system32\Wat 2010-08-14 22:27 . 2009-09-10 05:52 257024 ----a-w- c:\windows\system32\msv1_0.dll 2010-08-14 22:25 . 2009-11-25 10:47 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll 2010-08-14 22:25 . 2009-11-25 10:47 49472 ----a-w- c:\windows\system32\netfxperf.dll 2010-08-14 22:25 . 2009-11-25 10:47 297808 ----a-w- c:\windows\system32\mscoree.dll 2010-08-14 22:25 . 2009-11-25 10:47 295264 ----a-w- c:\windows\system32\PresentationHost.exe 2010-08-14 22:25 . 2009-11-25 10:47 1130824 ----a-w- c:\windows\system32\dfshim.dll 2010-08-14 22:21 . 2010-02-11 07:10 293376 ----a-w- c:\windows\system32\browserchoice.exe . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-09-13 21:11 . 2009-07-14 08:07 697674 ----a-w- c:\windows\system32\perfh015.dat 2010-09-13 21:11 . 2009-07-14 08:07 134784 ----a-w- c:\windows\system32\perfc015.dat 2010-09-01 15:12 . 2010-08-14 19:52 -------- d-----w- c:\program files\Microsoft.NET 2010-08-18 12:28 . 2010-08-14 19:33 -------- d-----w- c:\users\Piotrek\AppData\Roaming\uTorrent 2010-08-18 01:07 . 2010-08-14 19:49 -------- d-----w- c:\programdata\Microsoft Help 2010-08-17 19:24 . 2010-08-15 19:50 806 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF 2010-08-17 19:24 . 2010-08-15 19:50 7456 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT 2010-08-17 09:03 . 2010-08-17 09:03 0 —ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf 2010-08-17 08:32 . 2010-08-14 19:31 84120 ----a-w- c:\users\Piotrek\AppData\Local\GDIPFONTCACHEV1.DAT 2010-08-16 22:59 . 2010-08-14 19:52 -------- d-----w- c:\program files\Microsoft Works 2010-08-15 20:46 . 2010-08-14 19:38 -------- d-----w- c:\program files\Common Files\Real 2010-08-15 07:19 . 2009-07-14 02:37 -------- d-----w- c:\program files\Windows Mail 2010-08-14 19:38 . 2010-08-14 19:38 -------- d-----w- c:\program files\Common Files\xing shared 2010-08-14 19:38 . 2010-08-14 19:38 499712 ----a-w- c:\windows\system32\msvcp71.dll 2010-08-14 19:38 . 2010-08-14 19:38 348160 ----a-w- c:\windows\system32\msvcr71.dll 2010-08-14 19:38 . 2010-08-14 19:38 -------- d-----w- c:\program files\Real 2010-08-14 19:37 . 2010-08-14 19:37 -------- d-----w- c:\program files\Foxit Software 2010-08-05 16:40 . 2010-08-05 16:40 -------- d-sh–we c:\programdata\Ulubione 2010-08-05 16:40 . 2010-08-05 16:40 -------- d-sh–we c:\programdata\Szablony 2010-08-05 16:40 . 2010-08-05 16:40 -------- d-sh–we c:\programdata\Pulpit 2010-08-05 16:40 . 2010-08-05 16:40 -------- d-sh–we c:\programdata\Menu Start 2010-08-05 16:40 . 2010-08-05 16:40 -------- d-sh–we c:\programdata\Dokumenty 2010-08-05 16:40 . 2010-08-05 16:40 -------- d-sh–we c:\programdata\Dane aplikacji 2010-07-29 06:30 . 2010-08-14 19:55 197632 ----a-w- c:\windows\system32\ir32_32.dll 2010-07-29 06:30 . 2010-08-14 19:55 82944 ----a-w- c:\windows\system32\iccvid.dll 2010-06-30 06:25 . 2010-08-14 19:54 978432 ----a-w- c:\windows\system32\wininet.dll 2010-06-23 02:47 . 2010-06-23 02:47 32768 ----a-w- c:\windows\system32\drivers\taphss.sys 2010-06-22 02:47 . 2010-08-14 19:55 310784 ----a-w- c:\windows\system32\drivers\srv.sys 2010-06-22 02:47 . 2010-08-14 19:55 307200 ----a-w- c:\windows\system32\drivers\srv2.sys 2010-06-22 02:47 . 2010-08-14 19:55 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys 2010-06-19 06:33 . 2010-08-14 19:54 3955080 ----a-w- c:\windows\system32\ntkrnlpa.exe 2010-06-19 06:33 . 2010-08-14 19:54 3899784 ----a-w- c:\windows\system32\ntoskrnl.exe 2010-06-19 06:23 . 2010-08-14 19:55 37376 ----a-w- c:\windows\system32\rtutils.dll 2010-06-19 04:07 . 2010-08-14 19:54 2326016 ----a-w- c:\windows\system32\win32k.sys 2010-06-16 05:48 . 2010-08-14 19:54 224256 ----a-w- c:\windows\system32\schannel.dll 2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat 2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe . ------- Sigcheck ------- [-] 2009-07-14 . 8626F0C30D4E3564FFDD25C90F4426F1 . 811520 . . [6.1.7600.16385] . . c:\windows\System32\user32.dll . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “Google Update”=“c:\users\Piotrek\AppData\Local\Google\Update\GoogleUpdate.exe” [2010-08-14 136176] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “WinampAgent”=“c:\program files\Winamp\winampa.exe” [2010-07-12 74752] “SunJavaUpdateSched”=“c:\program files\Common Files\Java\Java Update\jusched.exe” [2010-05-14 248552] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] “ConsentPromptBehaviorAdmin”= 0 (0x0) “ConsentPromptBehaviorUser”= 3 (0x3) “EnableLUA”= 0 (0x0) “EnableUIADesktopToggle”= 0 (0x0) “PromptOnSecureDesktop”= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] “mixer1”=wdmaud.drv [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys] @=“FSFilter Activity Monitor” R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET \Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R3 netr73;Sterownik karty RT73 USB Wireless LAN dla systemu Vista;c:\windows\system32\DRIVERS\netr73.sys [2009-07-13 545792] R3 WatAdminSvc;Usługa Technologie aktywacji systemu Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-08-15 1343400] S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1008000.029\SYMEFA.SYS [2010-01-20 310320] S1 BHDrvx86;Symantec Heuristics Driver;c:\windows\System32\Drivers\NIS\1008000.029\BHDrvx86.sys [2010-01-20 259632] S1 ccHP;Symantec Hash Provider;c:\windows\System32\Drivers\NIS\1008000.029\ccHPx86.sys [2010-08-17 482432] S1 IDSVix86;IDSVix86;c:\programdata\Norton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20100909.001\IDSvix86.sys [2010-08-09 344112] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128] S2 HssWd;Hotspot Shield Monitoring Service;c:\program files\Hotspot Shield\bin\hsswd.exe [2010-06-23 322608] S2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe [2010-01-20 117640] S3 3xHybrid;SAA713x TV Card Service;c:\windows\system32\DRIVERS\3xHybrid.sys [2007-07-06 906368] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-08-14 102448] S3 SYMNDISV;Symantec Network Filter Driver;c:\windows\System32\Drivers\NIS\1008000.029\SYMNDISV.SYS [2010-01-20 48688] . Zawartość folderu ‘Zaplanowane zadania’ 2010-09-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-438545062-2299704227-2473801353-1000Core.job - c:\users\Piotrek\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-14 19:57] 2010-09-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-438545062-2299704227-2473801353-1000UA.job - c:\users\Piotrek\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-14 19:57] . . ------- Skan uzupełniający ------- . uStart Page = hxxp://search.hotspotshield.com/g/?c=h uInternet Settings,ProxyOverride = localhost; 127.0.0.1; IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 . - - - - USUNIĘTO PUSTE WPISY - - - - HKCU-Run-EA Core - d:\program files\Electronic Arts\EADM\Core.exe HKLM-Run-TkBellExe - c:\program files\K-Lite Codec Pack\Real\Update_OB\realsched.exe AddRemove-Polish Ekstraklasa Stadium 3D - d:\program files\EA SPORTS\FIFA MANAGER 10\Uninstal.exe [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Norton Internet Security] “ImagePath”="“c:\program files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe” /s “Norton Internet Security” /m “c:\program files\Norton Internet Security\Engine\16.8.0.41\diMaster.dll” /prefetch:1" . --------------------- ZABLOKOWANE KLUCZE REJESTRU --------------------- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied : (A 2) (Everyone) @=“FlashBroker” “LocalizedString”="@c :\Windows\system32\Macromed\Flash\FlashUtil10i_ActiveX.exe,-101" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] “Enabled”=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @=“c:\Windows\system32\Macromed\Flash\FlashUtil10i_ActiveX.exe” [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied : (A 2) (Everyone) @=“IFlashBroker4” [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" “Version”=“1.0” [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied : (Full) (Everyone) . Czas ukończenia: 2010-09-13 23:28:01 ComboFix-quarantined-files.txt 2010-09-13 21:28 Przed: 36 221 071 360 bajtów wolnych Po: 35 956 178 944 bajtów wolnych - - End Of File - - 089DCCA91E3B16846C686E37B0C6A70F
Log wklejamy na np. wklejto.pl . daj log z OTL i wcześniej zainstaluj MBAM zrób update i PEŁNY skan i daj też jego log.
lucasmadi , proszę o zapoznanie się z tematem zasady-wklejania-logow-forum-t253052.html i dostosowanie się do niego. W przeciwnym wypadku temat poleci do kosza.