Prośba o sprawdzenia LOG-a

Dla specjalistów Bezpieczeństwo
#1

Mam problemy z internetem przez router… Sprawdziłem na dwóch połączeniach z routerem, w domu i w mieszkaniu wynajmowanym i to samo. Połączenie z routerem jest ale nie ładuje stron, gg się wyłącza… Kiedy dam: NAPRAW, wszystko znów działa…

ComboFix 08-07-17.4 - H.a.P.o.T.a.M 2009-12-28 20:54:54.1 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1045.18.1322 [GMT 1:00]

Running from: D:\ComboFix.exe

* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED!!

.

  • REDUCED FUNCTIONALITY MODE -

.

((((((((((((((((((((((((( Files Created from 2009-11-28 to 2009-12-28 )))))))))))))))))))))))))))))))

.

2009-12-28 01:15 . 2004-06-18 13:07 656,542 --a------ C:\271_icol.dll

2009-12-28 00:59 . 2009-12-28 00:59

2009-12-28 00:55 . 2009-12-28 00:55 150,961 --a------ C:\WINDOWS\BricoPackUninst.cmd

2009-12-28 00:53 . 2009-12-28 00:53

2009-12-28 00:53 . 2009-12-28 01:15

2009-12-28 00:52 . 2009-12-28 00:52 3,936,310 --a------ C:\WINDOWS\BricoPack Wallpaper.bmp

2009-12-28 00:50 . 2009-12-28 00:55 8,181 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd

2009-12-28 00:49 . 2009-12-28 00:49

2009-12-27 22:40 . 2009-12-27 22:40

2009-12-27 22:40 . 2009-12-27 22:40

2009-12-27 22:38 . 2009-12-27 22:38

2009-12-27 22:38 . 2009-12-28 00:01

2009-12-24 16:12 . 2009-12-24 16:12

2009-12-24 16:08 . 2009-12-24 16:08 721,904 --a------ C:\WINDOWS\system32\drivers\sptd.sys

2009-12-22 18:52 . 2009-12-24 12:42

2009-12-21 20:55 . 2008-03-05 15:56 3,786,760 --a------ C:\WINDOWS\system32\D3DX9_37.dll

2009-12-21 20:54 . 2009-12-21 20:54

2009-12-21 20:54 . 2009-12-21 20:54

2009-12-21 20:54 . 2009-12-21 20:54

2009-12-21 14:27 . 2009-12-21 14:37

2009-12-20 16:26 . 2009-12-20 16:26

2009-12-19 23:54 . 2009-12-19 23:54

2009-12-19 23:54 . 1997-12-10 14:22 302,592 --a------ C:\WINDOWS\IsUn0407.exe

2009-12-16 22:02 . 2009-12-26 21:06

2009-12-16 22:01 . 2009-12-26 20:44

2009-12-16 00:01 . 2009-12-23 11:24

2009-12-16 00:01 . 2009-12-16 00:01

2009-12-09 23:23 . 2009-12-09 23:23

2009-12-07 08:55 . 2009-12-07 08:55

2009-12-07 08:51 . 2009-12-07 08:51

2009-12-07 08:51 . 2009-10-02 05:44 92,160 -----c— C:\WINDOWS\system32\dllcache\iecompat.dll

2009-12-07 08:50 . 2009-10-29 08:43 11,069,952 -----c— C:\WINDOWS\system32\dllcache\ieframe.dll

2009-12-07 08:50 . 2009-10-29 08:43 1,985,536 -----c— C:\WINDOWS\system32\dllcache\iertutil.dll

2009-12-07 08:50 . 2009-10-29 08:43 594,432 -----c— C:\WINDOWS\system32\dllcache\msfeeds.dll

2009-12-07 08:50 . 2009-10-29 08:43 246,272 -----c— C:\WINDOWS\system32\dllcache\ieproxy.dll

2009-12-07 08:50 . 2009-10-29 08:43 55,296 -----c— C:\WINDOWS\system32\dllcache\msfeedsbs.dll

2009-12-07 08:50 . 2009-10-29 08:43 12,800 -----c— C:\WINDOWS\system32\dllcache\xpshims.dll

2009-12-07 08:49 . 2009-12-07 08:50

2009-12-07 08:49 . 2009-12-07 08:49

2009-12-06 11:36 . 2009-12-06 11:36

2009-12-05 20:04 . 2009-12-05 20:04

2009-12-05 14:14 . 2009-12-07 18:38

2009-12-05 12:33 . 2008-06-14 19:01 273,024 --------- C:\WINDOWS\system32\drivers\bthport.sys

2009-12-05 12:33 . 2008-06-14 19:01 273,024 -----c— C:\WINDOWS\system32\dllcache\bthport.sys

2009-12-05 07:54 . 2009-08-04 18:18 2,187,264 -----c— C:\WINDOWS\system32\dllcache\ntoskrnl.exe

2009-12-05 07:54 . 2009-08-04 18:18 2,144,256 -----c— C:\WINDOWS\system32\dllcache\ntkrnlmp.exe

2009-12-05 07:54 . 2009-08-04 18:18 2,064,256 -----c— C:\WINDOWS\system32\dllcache\ntkrnlpa.exe

2009-12-05 07:54 . 2009-08-04 18:18 2,022,400 -----c— C:\WINDOWS\system32\dllcache\ntkrpamp.exe

2009-12-05 07:54 . 2008-10-24 12:10 453,632 -----c— C:\WINDOWS\system32\dllcache\mrxsmb.sys

2009-12-03 21:01 . 2009-05-05 07:08 9,216 -ra------ C:\WINDOWS\system32\AmUStor.dll

2009-11-28 21:28 . 2009-12-24 16:05

2009-11-28 21:22 . 2009-12-26 21:39

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-12-28 19:46 --------- d-----w C:\Documents and Settings\H.a.P.o.T.a.M\Dane aplikacji\Microgaming

2009-12-27 23:55 219,648 ----a-w C:\WINDOWS\system32\uxtheme.dll

2009-12-26 11:22 --------- d-----w C:\Documents and Settings\H.a.P.o.T.a.M\Dane aplikacji\ipla

2009-12-23 19:06 --------- d-----w C:\Documents and Settings\H.a.P.o.T.a.M\Dane aplikacji\Skype

2009-12-23 18:07 --------- d-----w C:\Documents and Settings\H.a.P.o.T.a.M\Dane aplikacji\skypePM

2009-12-22 18:24 --------- d-----w C:\Program Files\ipla

2009-12-22 18:24 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\ipla

2009-11-25 20:07 --------- d-----w C:\Program Files\Common Files\Adobe AIR

2009-11-25 20:02 --------- d-----w C:\Documents and Settings\H.a.P.o.T.a.M\Dane aplikacji\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

2009-11-18 22:21 --------- d-----w C:\Program Files\SkanerOnline

2009-11-18 16:24 --------- d-----w C:\Program Files\PLAY ONLINE

2009-11-15 00:18 --------- d-----w C:\Program Files\Common Files\Adobe

2009-11-07 15:50 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\McAfee

2009-11-07 08:26 --------- d-----w C:\Program Files\McAfee Security Scan

2009-11-07 08:26 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\McAfee Security Scan

2009-10-29 19:10 --------- d-----w C:\Program Files\Midas

2009-10-29 07:43 916,480 ----a-w C:\WINDOWS\system32\Wininet.dll

2009-10-21 06:03 75,776 ----a-w C:\WINDOWS\system32\strmfilt.dll

2009-10-21 06:03 25,088 ----a-w C:\WINDOWS\system32\httpapi.dll

2009-10-19 18:13 411,368 ----a-w C:\WINDOWS\system32\deploytk.dll

2009-10-18 20:00 1,700,352 ----a-w C:\WINDOWS\system32\gdiplus.dll

2009-10-17 14:50 520,192 ----a-w C:\WINDOWS\system32\Asus_Camera_ScreenSaver.scr

2009-10-17 14:50 47,672 ----a-w C:\WINDOWS\AsScrProlog.exe

2009-10-17 14:50 4,814,371 ----a-w C:\WINDOWS\ASUS Camera ScreenSaver.exe

2009-10-17 14:50 3,054,136 ----a-w C:\WINDOWS\AsScrPro.exe

2009-10-17 14:50 281,144 ----a-w C:\WINDOWS\ASUS Camera ScreenSaver Uninstaller.exe

2009-10-17 12:18 36,864 ----a-w C:\WINDOWS\uinst001.exe

2009-10-13 18:00 85,504 ----a-w C:\WINDOWS\system32\ff_vfw.dll

2009-10-13 10:53 267,776 ----a-w C:\WINDOWS\system32\oakley.dll

2009-10-12 13:54 69,632 ----a-w C:\WINDOWS\system32\raschap.dll

2009-10-12 13:54 112,640 ----a-w C:\WINDOWS\system32\rastls.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE~\Browser Helper Objects{F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D}]

2009-12-02 18:52 37376 --a------ C:\Documents and Settings\H.a.P.o.T.a.M\Dane aplikacji\Gadu-Gadu 10_userdata\ggbho.2.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“CTFMON.EXE”=“C:\WINDOWS\system32\ctfmon.exe” [2006-03-02 13:00 15360]

“MSMSGS”=“C:\Program Files\Messenger\msmsgs.exe” [2004-08-03 23:55 1667584]

“Gadu-Gadu”=“C:\Program Files\Gadu-Gadu\gg.exe” [2008-03-20 11:04 2127296]

“Gadu-Gadu 10”=“C:\Program Files\Gadu-Gadu 10\gg.exe” [2009-12-21 14:49 11850344]

“swg”=“C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe” [2009-12-27 22:38 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“UpdateLBPShortCut”=“C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe” [2008-02-21 20:04 222504]

“CLMLServer”=“C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe” [2008-07-18 18:52 104936]

“UpdateP2GoShortCut”=“C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe” [2008-09-24 10:06 210216]

“RemoteControl”=“C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe” [2008-04-02 18:09 87336]

“LanguageShortcut”=“C:\Program Files\CyberLink\PowerDVD\Language\Language.exe” [2008-02-22 10:19 62760]

“UpdatePPShortCut”=“C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe” [2008-01-04 10:02 222504]

“UpdatePSTShortCut”=“C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe” [2008-10-22 14:49 210216]

“HControlUser”=“C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe” [2009-04-01 20:05 98304]

“ATKHOTKEY”=“C:\Program Files\ASUS\ATK Hotkey\HControl.exe” [2009-04-23 20:24 178744]

“ATKMEDIA”=“C:\Program Files\ASUS\ATK Media\DMedia.exe” [2009-04-20 10:09 159744]

“AmIcoSinglun”=“C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe” [2009-04-09 14:17 237568]

“Power4Gear”=“C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe” [2009-03-03 14:32 92728]

“ASUS Screen Saver Protector”=“C:\WINDOWS\AsScrPro.exe” [2009-10-17 15:50 3054136]

“ASUS Camera ScreenSaver”=“C:\WINDOWS\AsScrProlog.exe” [2009-10-17 15:50 47672]

“ACMON”=“C:\Program Files\ASUS\Splendid\ACMON.exe” [2008-09-30 22:02 851968]

“SunJavaUpdateSched”=“C:\Program Files\Java\jre6\bin\jusched.exe” [2009-10-19 19:13 149280]

“NeroFilterCheck”=“C:\WINDOWS\system32\NeroCheck.exe” [2001-07-09 09:50 155648]

“Adobe Reader Speed Launcher”=“C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe” [2009-10-03 04:08 35696]

“Adobe ARM”=“C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe” [2009-09-04 12:08 935288]

“Google Updater”=“C:\Program Files\Google\Google Updater\GoogleUpdater.exe” [2009-12-27 22:38 160752]

“avast5”=“C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe” [2009-11-30 21:26 2654512]

“SiSPower”=“SiSPower.dll” [2009-04-01 04:32 53248 C:\WINDOWS\system32\SiSPower.dll]

[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

“CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE” [2006-03-02 13:00 15360]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\

FancyStart daemon.lnk - C:\WINDOWS\Installer{60D6618B-153F-4353-8185-908E676E5888}_DCE9A4DB2A5F2786140FA3.exe [2009-10-17 15:52:33 12862]

McAfee Security Scan.lnk - C:\Program Files\McAfee Security Scan\1.0.150\SSScheduler.exe [2009-07-28 01:19:10 199184]

Utility Tray.lnk - C:\WINDOWS\system32\sistray.exe [2009-10-17 15:36:26 262144]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

“HonorAutoRunSetting”= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

“VIDC.YV12”= yv12vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

“FirewallOverride”=dword:00000001

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

“%windir%\system32\sessmgr.exe”=

“C:\Program Files\CyberLink\PowerDirector\PDR.exe”=

“C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe”=

“C:\WINDOWS\system32\usmt\migwiz.exe”=

“C:\Program Files\Skype\Plugin Manager\skypePM.exe”=

“C:\Program Files\Gadu-Gadu\gg.exe”=

“C:\Program Files\Skype\Phone\Skype.exe”=

“C:\Program Files\Gadu-Gadu 10\gg.exe”=

R1 aswSP;aswSP;C:\WINDOWS\system32\drivers\aswSP.sys [2009-11-30 21:14]

R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\drivers\aswFsBlk.sys [2009-11-30 21:11]

R2 JavaQuickStarterService;Java Quick Starter;C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-19 19:13]

R3 ASNDIS5;ASNDIS5 Protocol Driver;C:\PROGRA~1\ASUS\ATKHOT~1\ASNDIS5.SYS [2004-05-27 17:13]

R3 GUCI_AVS;ASUS USB2.0 UVC VGA WebCam;C:\WINDOWS\system32\DRIVERS\GUCI_AVS.sys [2009-02-27 07:34]

S3 Ambfilt;Ambfilt;C:\WINDOWS\system32\drivers\Ambfilt.sys [2008-08-05 13:10]

S3 AmUStor;AM USB Stroage Driver;C:\WINDOWS\system32\drivers\AmUStor.SYS [2009-05-08 11:15]

S3 ASUSProcObsrv;ASUS Process Creation/Termination Observer;D:\I386\AsProcOb.sys []

S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 22:08]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{4a77a364-d45e-11de-beab-0025d381b24a}]

\Shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{4a77a367-d45e-11de-beab-0025d381b24a}]

\Shell\AutoRun\command - F:\AutoRun.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components{60B49E34-C7CC-11D0-8953-00A0C90347FF}]

“C:\WINDOWS\system32\rundll32.exe” “C:\WINDOWS\system32\iedkcs32.dll”,BrandIEActiveSetup SIGNUP

.

Contents of the ‘Scheduled Tasks’ folder

“2009-12-25 23:11:00 C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job”

  • C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe

“2009-12-28 16:57:07 C:\WINDOWS\Tasks\Google Software Updater.job”

  • C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

.

        • ORPHANS REMOVED - - - -

HKLM-Run-RTHDCPL - RTHDCPL.EXE

HKLM-Run-SkyTel - SkyTel.EXE

HKLM-Run-SoundMan - SOUNDMAN.EXE

HKLM-Run-AlcWzrd - ALCWZRD.EXE

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-12-28 20:55:47

Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes …

scanning hidden autostart entries …

scanning hidden files …

scan completed successfully

hidden files: 0

**************************************************************************

.

Completion time: 2009-12-28 20:57:53

ComboFix-quarantined-files.txt 2009-12-28 19:57:19

Pre-Run: 57,460,842,496 bajtów wolnych

Post-Run: 57,918,754,816 bajtów wolnych

196 — E O F — 2009-12-09 22:42:53

#2

Po pierwsze logi daj według regulaminu czyli np. na wklej.to

Po drugie nie uzywaj combofixa jak się na tym nie znasz bo możesz cos spieprzy*

Daj logi z OTL.

#3

Proszę, będę wdzięczny za pomoc…

http://wklej.to/dCRb