Prosba o sprawdzenie loga oraz problem z netem wi-fi

rav130 · 27 Październik 2007 12:00

witam mam problem mianowicie wlaczam komputer i po ok 3 minutach nie mam internetu dodam ze to jest net bezprzewodowy oto log z hi jacka

Logfile of HijackThis v1.99.1 Scan saved at 13:30:39, on 2007-04-27 Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe C:\WINDOWS\system32\cisvc.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.exe G:\Winamp\winampa.exe C:\Program Files\TuneUp Utilities 2006\MemOptimizer.exe C:\Program Files\Gadu-Gadu\gg.exe C:\Program Files\RALINK\Common\RaUI.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Documents and Settings\MIREK\Pulpit\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wp.pl/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: Share Accelerator Toolbar - {f5c93451-2609-4723-a053-5c19516be1a8} - C:\Program Files\Share_Accelerator\tbShar.dll F2 - REG:system.ini: Shell=Explorer.exe %WINDIR%\VTTray.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM…\Run: [startdrv] C:\WINDOWS\Temp\startdrv.exe O4 - HKLM…\Run: [WinampAgent] G:\Winamp\winampa.exe O4 - HKCU…\Run: [TuneUp MemOptimizer] “C:\Program Files\TuneUp Utilities 2006\MemOptimizer.exe” autostart O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: Autodata Limited License Service - Unknown owner - C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe

z gory dziekuje za odp.

jessica · 27 Październik 2007 12:11

Te w/w wpisy sfiksuj w Hijacku:

>>Hijack>>scan(Do a system scan only)>>zaznacz je >> Fix checked.

Użyj dwóch narzędzi:

----------------------------------------- I

–>SDFix

Uwaga: Da się go uruchomić tylko w Trybie Awaryjnym.

Pokaż Report.txt znajdujący się w folderze SDFix.

---------------------------- II

–>ComboFix (na dole tej strony z linku) -

Log z ComboFixa wklej na http://wklej.org/, a w poście daj tylko link.(czyli skopiuj adres z paska adresów) .

jessi

rav130 · 27 Październik 2007 13:12

oto log z tego 1 programu :

SDFix: Version 1.112 Run by MIREK on 2007-04-27 at 15:06 Microsoft Windows XP [Wersja 5.1.2600] Running From: C:\SDFix Safe Mode: Checking Services: Name: runtime s3contrl (32-bit) ImagePath: ??\C:\WINDOWS\System32\drivers\runtime.sys “C:\WINDOWS\VTTray.exe” runtime - Deleted s3contrl (32-bit) - Deleted C:\WINDOWS\system32\Microsoft\backup.ftp Found C:\WINDOWS\system32\Microsoft\backup.tftp Found Checking files: Genuine: C:\WINDOWS\system32\Microsoft\backup.ftp C:\WINDOWS\system32\Microsoft\backup.tftp Dummy: C:\WINDOWS\system32\ftp.exe C:\WINDOWS\system32\tftp.exe C:\WINDOWS\system32\dllcache\ftp.exe C:\WINDOWS\system32\dllcache\tftp.exe Files copied to SDFix\Backups Restoring files if backups are found Final Check: Genuine: C:\WINDOWS\system32\Microsoft\backup.ftp C:\WINDOWS\system32\Microsoft\backup.tftp C:\WINDOWS\system32\ftp.exe C:\WINDOWS\system32\tftp.exe C:\WINDOWS\system32\dllcache\ftp.exe C:\WINDOWS\system32\dllcache\tftp.exe Dummy: Restoring Windows Registry Values Restoring Windows Default Hosts File Rebooting… Normal Mode: Checking Files: Trojan Files Found: C:\9R2H2Z~1.EXE - Deleted C:\Program Files\Common Files\Carlson\carlton - Deleted C:\WINDOWS\system32\5_exception.nls - Deleted C:\WINDOWS\system32\Microsoft\backup.ftp - Deleted C:\WINDOWS\system32\Microsoft\backup.tftp - Deleted C:\WINDOWS\VTTray.exe - Deleted Could Not Remove C:\WINDOWS\Temp\startdrv.exe Folder C:\Program Files\Common Files\Carlson - Removed Removing Temp Files… ADS Check: C:\WINDOWS No streams found. C:\WINDOWS\system32 No streams found. C:\WINDOWS\system32\svchost.exe No streams found. C:\WINDOWS\system32\ntoskrnl.exe No streams found. Final Check: Remaining Services: ------------------ Rootkit runtime2 Found, Use a Rootkit scanner ! Authorized Application Key Export: Remaining Files: --------------- C:\WINDOWS\Temp\startdrv.exe Found File Backups: - C:\SDFix\backups\backups.zip Files with Hidden Attributes: Sun 26 Nov 2006 4,348 …SH. — “C:\Documents and Settings\All Users\DRM\DRMv1.bak” Wed 6 Dec 2006 401 …SH. — “C:\Documents and Settings\All Users\DRM\DRMv15.bak” Wed 6 Dec 2006 48 …SH. — “C:\Documents and Settings\All Users\DRM\v2ks.sec.bak” Wed 6 Dec 2006 400 …SH. — “C:\Documents and Settings\All Users\DRM\v2ks.bla.bak” Mon 13 Nov 2006 319,456 A…H. — “C:\Program Files\Common Files\Motorola Shared\MotPCSDrivers\difxapi.dll” Finished!

asterisk · 27 Październik 2007 13:21

Proszę zastosować się do tego Tematu i zmienić

tytuł tematu na konkretny - inaczej KOSZ

rav130 · 27 Październik 2007 13:24

log z 2 programu:

ComboFix 07-10-23.2 - MIREK 2007-04-27 15:19:23.1 - FAT32x86 Microsoft Windows XP Professional 5.1.2600.1.1250.1.1045.18.108 [GMT 2:00] Running from: C:\Documents and Settings\MIREK\Pulpit\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\5_exception.nls C:\WINDOWS\system32\drivers\runtime2.sys C:\WINDOWS\system32\drivers\secdrv.sys . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\LEGACY_RUNTIME -------\LEGACY_RUNTIME2 -------\runtime ((((((((((((((((((((((((( Files Created from 2007-09-23 to 2007-10-23 ))))))))))))))))))))))))))))))) . 2007-10-23 15:20 575,488 -r-hs---- C:\WINDOWS\VTTray.exe 2007-10-23 15:20 575,488 --a------ C:\WINDOWS\system32\fjx.exe 2007-09-30 09:49 2007-09-27 15:18 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-10-23 13:21 42,496 ----a-w C:\WINDOWS\system32\ftp.exe 2007-10-23 13:21 42,496 ----a-w C:\WINDOWS\system32\dllcache\ftp.exe 2007-10-23 13:21 16,896 ----a-w C:\WINDOWS\system32\tftp.exe 2007-10-23 13:21 16,896 ----a-w C:\WINDOWS\system32\dllcache\tftp.exe 2007-09-14 14:51 --------- d-----w C:\Program Files\Grupa IMAGE 2007-09-03 15:58 --------- d-----w C:\Documents and Settings\MIREK\Dane aplikacji\AdobeUM 2007-09-03 15:07 --------- d-----w C:\Program Files\LiveUpdate 2007-09-03 15:06 --------- d-----w C:\Program Files\mobile PhoneTools 2007-08-31 17:50 --------- d-----w C:\Program Files\Common Files\Canon 2007-08-31 17:50 --------- d-----w C:\Program Files\Canon 2007-01-20 13:46 430 ------w C:\Program Files\errorlog.txt 2007-01-20 13:46 0 ------w C:\Program Files\stderr.txt 2003-04-01 13:53 11,951 ------w C:\Program Files\readme.txt . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “@”="" [] “WinampAgent”=“G:\Winamp\winampa.exe” [2004-12-20 20:41] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “TuneUp MemOptimizer”=“C:\Program Files\TuneUp Utilities 2006\MemOptimizer.exe” [2005-09-21 22:34] “Gadu-Gadu”=“C:\Program Files\Gadu-Gadu\gg.exe” [2005-03-31 11:18] [HKEY_USERS.default\software\microsoft\windows\currentversion\run] @= [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk] path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnk backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^DoubleDesktop.lnk] path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\DoubleDesktop.lnk backup=C:\WINDOWS\pss\DoubleDesktop.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] C:\Program Files\Winamp\winampa.exe S3 KS-959;Kingsun KS-959 USB Infrared Adapter;C:\WINDOWS\System32\DRIVERS\KS-959.sys S3 mamotou;mamotou;C:\WINDOWS\System32\DRIVERS\mamotou.sys S3 motmodem;Motorola USB CDC ACM Driver;C:\WINDOWS\System32\DRIVERS\motmodem.sys S3 perm2;perm2;C:\WINDOWS\System32\DRIVERS\perm2.sys S3 SE2Ebus;Sony Ericsson Device 046 Driver driver (WDM);C:\WINDOWS\System32\DRIVERS\SE2Ebus.sys S3 SE2Emdfl;Sony Ericsson Device 046 USB WMC Modem Filter;C:\WINDOWS\System32\DRIVERS\SE2Emdfl.sys S3 SE2Emdm;Sony Ericsson Device 046 USB WMC Modem Driver;C:\WINDOWS\System32\DRIVERS\SE2Emdm.sys . Contents of the ‘Scheduled Tasks’ folder “2007-04-20 15:15:02 C:\WINDOWS\Tasks\1-Click Maintenance.job” - C:\Program Files\TuneUp Utilities 2006\SystemOptimizer.exe “2007-10-02 14:29:16 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job” . ************************************************************************** catchme 0.3.1232 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-10-23 15:23:01 Windows 5.1.2600 Dodatek Service Pack. 1 FAT NTAPI scanning hidden processes … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-10-23 15:23:42 - machine was rebooted . — E O F —

jessica · 27 Październik 2007 13:36

Nie wiem, dlaczego w logu ComboFixa jest znów " VTTray.exe", skoro wcześniej usunął go SDFix. Czyżby powrócił?

Wklej do Notatnika :

File::

C:\WINDOWS\VTTray.exe 

C:\WINDOWS\system32\fjx.exe 

C:\FOUND.043 

C:\FOUND.042


Folder::

C:\FOUND.043 

C:\FOUND.042

C:\FOUND.* *

>>Plik>>Zapisz jako… >>> CFScript (najwygodniej będzie, jeśli zapiszesz w takiej lokalizacji, by ikonka CFScript.txt znalazła się obok ikonki ComboFix.exe )

Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe (czyli ikonkę CFScript.txt na ikonkę ComboFix.exe )

– podobnie jak na tym obrazku –>

(jeśli pojawi się pytanie " 1 or 2" - to wpisz 1 i naciśnij ENTER) Ma się rozpocząć usuwanie. (i powstanie log)

Po restarcie usuń ręcznie folder C: ** Qoobox**.

Daj ten log.

jessi