Problem z połączeniem sie z internetem

Dla specjalistów Bezpieczeństwo
#1

ostatnio mam problem z połączeniem się z internetem (neo), przeleciałem kompa active scanem Pandy i znalazł kilka szpiegów i narzędzi hakerskich i/lub rootkitów. daje logi do sprawdzenia:

HJT

ComboFix 07-08-04.3 - “Administrator” 2007-08-05 23:27:04.1 [GMT 2:00] - FAT32

Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.Prawda

* Created a new restore point

((((((((((((((((((((((((( Files Created from 2007-07-05 to 2007-08-05 )))))))))))))))))))))))))))))))

2007-08-05 22:45

2007-08-05 22:20

2007-08-05 22:20

2007-07-29 13:53 512,096 --a------ C:\WINDOWS\system32\drivers\amon.sys

2007-07-29 13:53 298,104 --a------ C:\WINDOWS\system32\imon.dll

2007-07-29 13:53 15,424 --a------ C:\WINDOWS\system32\drivers\nod32drv.sys

2007-07-29 13:36

2007-07-28 23:42

2007-07-28 22:49

2007-07-28 22:37 753,664 --a------ C:\WINDOWS\system32\nwiz.exe

2007-07-28 22:37 65,536 --a------ C:\WINDOWS\system32\nvrszht.dll

2007-07-28 22:37 65,536 --a------ C:\WINDOWS\system32\nvrszhc.dll

2007-07-28 22:37 450,560 --a------ C:\WINDOWS\system32\nvshell.dll

2007-07-28 22:37 397,312 --a------ C:\WINDOWS\system32\nvappbar.exe

2007-07-28 22:37 290,816 --a------ C:\WINDOWS\system32\keystone.exe

2007-07-28 22:37 262,144 --a------ C:\WINDOWS\system32\nvwrses.dll

2007-07-28 22:37 262,144 --a------ C:\WINDOWS\system32\nvwrsel.dll

2007-07-28 22:37 253,952 --a------ C:\WINDOWS\system32\nvwrspt.dll

2007-07-28 22:37 253,952 --a------ C:\WINDOWS\system32\nvwrsesm.dll

2007-07-28 22:37 249,856 --a------ C:\WINDOWS\system32\nvwrsru.dll

2007-07-28 22:37 249,856 --a------ C:\WINDOWS\system32\nvwrsptb.dll

2007-07-28 22:37 249,856 --a------ C:\WINDOWS\system32\nvwrsit.dll

2007-07-28 22:37 249,856 --a------ C:\WINDOWS\system32\nvwrsfr.dll

2007-07-28 22:37 245,760 --a------ C:\WINDOWS\system32\nvwrsnl.dll

2007-07-28 22:37 241,664 --a------ C:\WINDOWS\system32\nvwrshu.dll

2007-07-28 22:37 241,664 --a------ C:\WINDOWS\system32\nvwrsde.dll

2007-07-28 22:37 237,568 --a------ C:\WINDOWS\system32\nvwrstr.dll

2007-07-28 22:37 237,568 --a------ C:\WINDOWS\system32\nvwrsfi.dll

2007-07-28 22:37 233,472 --a------ C:\WINDOWS\system32\nvwrsno.dll

2007-07-28 22:37 229,376 --a------ C:\WINDOWS\system32\nvwrssv.dll

2007-07-28 22:37 229,376 --a------ C:\WINDOWS\system32\nvwrssl.dll

2007-07-28 22:37 229,376 --a------ C:\WINDOWS\system32\nvwrssk.dll

2007-07-28 22:37 229,376 --a------ C:\WINDOWS\system32\nvwrspl.dll

2007-07-28 22:37 229,376 --a------ C:\WINDOWS\system32\nvwrsda.dll

2007-07-28 22:37 221,184 --a------ C:\WINDOWS\system32\nvwrseng.dll

2007-07-28 22:37 221,184 --a------ C:\WINDOWS\system32\nvwrsar.dll

2007-07-28 22:37 217,088 --a------ C:\WINDOWS\system32\nvwrshe.dll

2007-07-28 22:37 217,088 --a------ C:\WINDOWS\system32\nvwrscs.dll

2007-07-28 22:37 172,032 --a------ C:\WINDOWS\system32\nvrsar.dll

2007-07-28 22:37 163,840 --a------ C:\WINDOWS\system32\nvwrsja.dll

2007-07-28 22:37 163,840 --a------ C:\WINDOWS\system32\nvrshe.dll

2007-07-28 22:37 151,552 --a------ C:\WINDOWS\system32\nvwrsko.dll

2007-07-28 22:37 143,360 --a------ C:\WINDOWS\system32\nvrsko.dll

2007-07-28 22:37 143,360 --a------ C:\WINDOWS\system32\nvrsja.dll

2007-07-28 22:37 139,264 --a------ C:\WINDOWS\system32\nvrsesm.dll

2007-07-28 22:37 135,168 --a------ C:\WINDOWS\system32\nvrsit.dll

2007-07-28 22:37 135,168 --a------ C:\WINDOWS\system32\nvrsfr.dll

2007-07-28 22:37 131,072 --a------ C:\WINDOWS\system32\nvwrszht.dll

2007-07-28 22:37 131,072 --a------ C:\WINDOWS\system32\nvrsptb.dll

2007-07-28 22:37 131,072 --a------ C:\WINDOWS\system32\nvrsnl.dll

2007-07-28 22:37 131,072 --a------ C:\WINDOWS\system32\nvrses.dll

2007-07-28 22:37 131,072 --a------ C:\WINDOWS\system32\nvrsel.dll

2007-07-28 22:37 131,072 --a------ C:\WINDOWS\system32\nvrsde.dll

2007-07-28 22:37 126,976 --a------ C:\WINDOWS\system32\nvwrszhc.dll

2007-07-28 22:37 126,976 --a------ C:\WINDOWS\system32\nvrssl.dll

2007-07-28 22:37 126,976 --a------ C:\WINDOWS\system32\nvrsru.dll

2007-07-28 22:37 126,976 --a------ C:\WINDOWS\system32\nvrspt.dll

2007-07-28 22:37 122,880 --a------ C:\WINDOWS\system32\nvrstr.dll

2007-07-28 22:37 122,880 --a------ C:\WINDOWS\system32\nvrshu.dll

2007-07-28 22:37 122,880 --a------ C:\WINDOWS\system32\nvrsda.dll

2007-07-28 22:37 118,784 --a------ C:\WINDOWS\system32\nvrssv.dll

2007-07-28 22:37 118,784 --a------ C:\WINDOWS\system32\nvrssk.dll

2007-07-28 22:37 118,784 --a------ C:\WINDOWS\system32\nvrspl.dll

2007-07-28 22:37 118,784 --a------ C:\WINDOWS\system32\nvrsno.dll

2007-07-28 22:37 118,784 --a------ C:\WINDOWS\system32\nvrseng.dll

2007-07-28 22:37 114,688 --a------ C:\WINDOWS\system32\nvrsfi.dll

2007-07-28 22:37 114,688 --a------ C:\WINDOWS\system32\nvrscs.dll

2007-07-28 22:37 110,592 --a------ C:\WINDOWS\system32\nvudisp.exe

2007-07-28 22:37 1,175,552 --a------ C:\WINDOWS\system32\nview.dll

2007-07-28 22:37 1,007,616 --a------ C:\WINDOWS\system32\nviewimg.dll

2007-07-27 21:11

2007-07-27 18:49

2007-07-27 18:47

2007-07-27 18:46

2007-07-26 11:58

2007-07-26 11:58

2007-07-25 16:53

2007-07-25 15:47

2007-07-25 15:44

2007-07-19 19:21

2007-07-19 15:57

2007-07-18 18:50 167,936 --a------ C:\WINDOWS\system32\SpoonUninstall.exe

2007-07-17 18:01

2007-07-17 17:57 41,984 --------- C:\WINDOWS\Ctregrun.exe

2007-07-17 17:55 24,576 --------- C:\WINDOWS\system32\msxml3a.dll

2007-07-17 17:55 1,060,864 --------- C:\WINDOWS\system32\mfc71.dll

2007-07-17 17:55

2007-07-17 17:54 221,184 --a------ C:\WINDOWS\system32\wmpns.dll

2007-07-17 17:54 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe

2007-07-17 17:48

2007-07-17 17:45

2007-07-17 17:42

2007-07-15 22:51

2007-07-15 22:50 81,768 --a------ C:\WINDOWS\system32\xinput1_3.dll

2007-07-15 22:50 62,744 --a------ C:\WINDOWS\system32\xinput1_2.dll

2007-07-15 22:50 443,752 --a------ C:\WINDOWS\system32\d3dx10_34.dll

2007-07-15 22:50 443,752 --a------ C:\WINDOWS\system32\d3dx10_33.dll

2007-07-15 22:50 3,497,832 --a------ C:\WINDOWS\system32\d3dx9_34.dll

2007-07-15 22:50 3,495,784 --a------ C:\WINDOWS\system32\d3dx9_33.dll

2007-07-15 22:50 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-28 22:08 1632 --a------ C:\WINDOWS\system32\d3d8caps.dat

2007-07-16 16:52 1744 --a------ C:\WINDOWS\system32\d3d9caps.dat

2007-07-02 18:51 --------- d-------- C:\Program Files\eMule

2007-07-02 18:34 --------- d-------- C:\Program Files\Gry

2007-06-29 11:14 90112 --a------ C:\WINDOWS\system32\CmdLineExt.dll

2007-06-29 11:14 126976 --a------ C:\WINDOWS\system32\UAService7.exe

2007-06-29 11:14 --------- d-------- C:\DOCUME~1\ADMINI~1\DANEAP~1\SecuROM

2007-06-28 01:38 --------- d-------- C:\Program Files\Common Files\xing shared

2007-06-28 01:37 --------- d-------- C:\Program Files\Real

2007-06-28 01:37 --------- d-------- C:\Program Files\Common Files\Real

2007-06-28 01:37 --------- d-------- C:\DOCUME~1\ADMINI~1\DANEAP~1\Real

2007-06-28 01:24 --------- d-------- C:\Program Files\Winamp

2007-06-28 01:18 --------- d-------- C:\DOCUME~1\ADMINI~1\DANEAP~1\Gadu-Gadu

2007-06-28 01:15 --------- d-------- C:\Program Files\Gadu-Gadu

2007-06-28 00:30 --------- d-------- C:\Program Files\Alcohol Soft

2007-06-28 00:28 685816 --a------ C:\WINDOWS\system32\drivers\sptd.sys

2007-06-28 00:22 --------- d-------- C:\Program Files\ACDSee32

2007-06-28 00:16 --------- d-------- C:\Program Files\Ahead

2007-06-28 00:08 --------- d-------- C:\DOCUME~1\ADMINI~1\DANEAP~1\HP

2007-06-28 00:03 1156 --a------ C:\WINDOWS\mozver.dat

2007-06-28 00:02 0 --a------ C:\WINDOWS\nsreg.dat

2007-06-27 23:25 --------- d-------- C:\DOCUME~1\ADMINI~1\DANEAP~1\Help

2007-06-27 23:24 --------- d–h----- C:\Program Files\InstallShield Installation Information

2007-06-27 23:24 --------- d-------- C:\Program Files\ZTE ZXDSL 852

2007-06-27 23:24 --------- d-------- C:\Program Files\Common Files\InstallShield

2007-06-27 23:23 --------- d-------- C:\Program Files\neostrada tp

2007-06-27 23:10 44230 --a------ C:\WINDOWS\system32\perfc015.dat

2007-06-27 23:10 338072 --a------ C:\WINDOWS\system32\perfh015.dat

2007-06-27 23:04 0 -rahs---- C:\MSDOS.SYS

2007-06-27 23:04 0 -rahs---- C:\IO.SYS

2007-06-27 23:04 0 --a------ C:\CONFIG.SYS

2007-06-27 23:04 0 --a------ C:\AUTOEXEC.BAT

2007-06-27 23:01 --------- d-------- C:\Program Files\Common Files\MSSoap

2007-06-27 23:00 21856 --a------ C:\WINDOWS\system32\emptyregdb.dat

2007-06-27 22:58 --------- d-------- C:\Program Files\Windows NT

2007-06-27 22:52 --------- d-------- C:\Program Files\Common Files\ODBC

2007-06-17 00:11 51200 --a------ C:\WINDOWS\nircmd.exe

--------- C:\Program Files\Usługi online

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“AdslTaskBar”=“stmctrl.dll” [2006-06-02 11:01 C:\WINDOWS\system32\stmctrl.dll]

“NeroCheck”=“C:\WINDOWS\system32\NeroCheck.exe” [2001-07-09 12:50]

“WinampAgent”=“C:\Program Files\Winamp\winampa.exe” [2007-05-15 00:22]

“TkBellExe”=“C:\Program Files\Common Files\Real\Update_OB\realsched.exe” [2007-06-28 01:37]

“NvCplDaemon”=“C:\WINDOWS\system32\NvCpl.dll” [2003-11-17 10:33]

“nwiz”=“nwiz.exe” [2003-11-17 10:33 C:\WINDOWS\system32\nwiz.exe]

“nod32kui”=“C:\Program Files\Eset\nod32kui.exe” [2007-07-29 13:52]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“CTFMON.EXE”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-03 22:44]

“BitTorrent”=“C:\Program Files\BitTorrent\bittorrent.exe” [2007-06-20 05:28]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\

Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]

R0 a347bus;a347bus;C:\WINDOWS\system32\DRIVERS\a347bus.sys

R0 a347scsi;a347scsi;C:\WINDOWS\system32\Drivers\a347scsi.sys

R1 nod32drv;nod32drv;C:\WINDOWS\system32\drivers\nod32drv.sys

R3 ms_mpu401;Sterownik portu MIDI UART Microsoft MPU-401;C:\WINDOWS\system32\drivers\msmpu401.sys

R3 ROOTMODEM;Microsoft Legacy Modem Driver;C:\WINDOWS\system32\Drivers\RootMdm.sys

R3 Stmatm;ATM/ADSL miniport;C:\WINDOWS\system32\DRIVERS\stmatm.sys

R3 TaurusUsb;ADSL Modem USB Service;C:\WINDOWS\system32\DRIVERS\torususb.sys

S3 PCAMPR5;PCAMPR5 NDIS Protocol Driver;??\C:\WINDOWS\system32\PCAMPR5.SYS

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalService LmHosts upnphost SSDPSRV

DcomLaunch DcomLaunch

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-08-05 23:28:57

Windows 5.1.2600 Dodatek Service Pack 2 FAT NTAPI

scanning hidden processes …

scanning hidden autostart entries …

scanning hidden files …

scan completed successfully

hidden files: 0

**************************************************************************

Completion time: 2007-08-05 23:29:58

— E O F —

na wszelki wypadek jeszcze raport Pandy

Złączono Posta : 05.08.2007 (Nie) 23:53

sorki ze mi troche nie wyszlo z tym wklejaniem, mam nadzieje ze sie polapiecie

#2

Usuń folder.

http://www.searchengines.pl/Cand092WINDOWSand092system32and092actskn45ocx-t68758.html

To od combofix’a.

Pierdoły. Przeskanuj > AVG AntySpyware 7.5 po update i usuń co znajdzie.

W logach nic nie ma. Coś pewnie znowu neo mieli.

Poczytaj > Optymalizacja i odchudzanie Windows XP