Spowalniajacy internet - ktory znika


(Seba Scz) #1

a wiec witam wszystkich :slight_smile:

moj problem wyglada tak ze w sieci domowej po wlaczeniu komputera jedynie przez kilka chwil net ~chodzi, a pozniej juz jedynie strona orange.pl wchodzi a to jedynie sam czysty tekst bez grafiki

mam dobrego laptopa, na innych komputerach w sieci net smiga, sprawdzalem po wifi i lanie ten sam efekt, dns wszyscy mamy przyznawane przez router, filtrowanie po mac'u, na stale mam avasta i adaware

a oto log:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 22:08:51, on 2007-10-30

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\WLTRYSVC.EXE

C:\WINDOWS\System32\bcmwltry.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\WLTRAY.exe

C:\WINDOWS\stsystra.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE

C:\Program Files\uTorrent\uTorrent.exe

C:\Program Files\I8kfanGUI\I8kfanGUI.exe

C:\Program Files\Gadu-Gadu\gg.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\DAEMON Tools Pro\DTProAgent.exe

C:\WINDOWS\system32\spools.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files\OpenOffice.org 2.3\program\soffice.exe

C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE

C:\WINDOWS\System32\svchost.exe

H:\HiJackThis(2).exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://travian.interia.pl/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O4 - HKLM..\Run: [broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe

O4 - HKLM..\Run: [sigmatelSysTrayApp] stsystra.exe

O4 - HKLM..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"

O4 - HKLM..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM..\Run: [Windows Service Agent] spools.exe

O4 - HKLM..\RunServices: [Windows Service Agent] spools.exe

O4 - HKCU..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"

O4 - HKCU..\Run: [kindbore] C:\DOCUME~1\Esper\APPLIC~1\INTRAS~1\PlatformProgram.exe

O4 - HKCU..\Run: [i8kfangui] C:\Program Files\I8kfanGUI\I8kfanGUI.exe /startup

O4 - HKCU..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray

O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount

O4 - HKCU..\Run: [Windows Service Agent] spools.exe

O4 - HKCU..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"

O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: BTTray.lnk = ?

O8 - Extra context menu item: Wyślij do urządzenia &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O15 - Trusted Zone: http://s1.travian.interia.pl

O15 - Trusted Zone: http://s8.travian.interia.pl

O15 - Trusted Zone: http://travian.interia.pl

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 1904403984

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--

End of file - 6576 bytes


(Czarnuleczka174) #2

skanowales jakims skenerem online?polecam mks.zmien antywira bo to lipa.przegladarke polecam firefox.pozdro


(Arekmalek) #3

Zafixuj wpisy. Pliki zaznaczone na czarno wywal w awaryjnym.

Daj log z combofix


(Seba Scz) #4

w koncu jak nalezy:

ComboFix 07-11-01.1 - Administrator 2007-11-03 20:16:53.4 - NTFSx86 MINIMAL

Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.828 [GMT 1:00]

Running from: H:\ComboFix.exe

.

((((((((((((((((((((((((( Files Created from 2007-10-03 to 2007-11-03 )))))))))))))))))))))))))))))))

.

2007-11-03 19:29 664 --a------ C:\WINDOWS\system32\d3d9caps.dat

2007-11-03 19:28 51,200 --a------ C:\WINDOWS\NirCmd.exe

2007-11-03 19:25

2007-10-30 17:48

2007-10-30 17:37

2007-10-30 17:33

2007-10-30 17:33

2007-10-27 15:24

2007-10-27 15:18

2007-10-21 21:56

2007-10-21 13:29 122,884 --a------ C:\WINDOWS\UnGins.exe

2007-10-21 11:54

2007-10-19 13:11

2007-10-19 13:10

2007-10-18 16:11

2007-10-18 16:11

2007-10-18 16:10

2007-10-18 06:49 1 --a------ C:\WINDOWS\system32\SI.bin

2007-10-17 15:44

2007-10-17 15:44 1,009,152 --a------ C:\WINDOWS\system32\Ltwvc13n.dll

2007-10-17 15:44 785,920 --a------ C:\WINDOWS\system32\ltann13n.dll

2007-10-17 15:44 445,952 --a------ C:\WINDOWS\system32\ltkrn13n.dll

2007-10-17 15:44 266,240 --a------ C:\WINDOWS\system32\LTDIS13n.dll

2007-10-17 15:44 139,776 --a------ C:\WINDOWS\system32\ltfil13n.DLL

2007-10-15 03:59

2007-10-15 03:59

2007-10-13 02:38

2007-10-13 02:24 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll

2007-10-13 02:24 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll

2007-10-13 02:24 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll

2007-10-13 02:23 6,058,496 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll

2007-10-13 02:23 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat

2007-10-13 02:23 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll

2007-10-13 02:23 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll

2007-10-13 02:23 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe

2007-10-12 17:50

2007-10-11 06:37

2007-10-11 06:36

2007-10-11 06:24

2007-10-11 06:23

2007-10-11 06:22

2007-10-11 06:22

2007-10-11 06:11

2007-10-11 06:11 801,144 --a------ C:\WINDOWS\system32\aswBoot.exe

2007-10-11 06:11 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr

2007-10-11 06:11 94,416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys

2007-10-11 06:11 92,848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys

2007-10-11 06:11 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys

2007-10-11 06:11 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys

2007-10-11 06:11 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys

2007-10-11 05:55

2007-10-11 05:55

2007-10-11 05:54

2007-10-11 05:54

2007-10-11 05:54

2007-10-11 05:51

2007-10-11 05:50

2007-10-10 06:14

2007-10-10 06:14 545 --a------ C:\WINDOWS\UC.PIF

2007-10-10 06:14 545 --a------ C:\WINDOWS\RAR.PIF

2007-10-10 06:14 545 --a------ C:\WINDOWS\PKZIP.PIF

2007-10-10 06:14 545 --a------ C:\WINDOWS\PKUNZIP.PIF

2007-10-10 06:14 545 --a------ C:\WINDOWS\NOCLOSE.PIF

2007-10-10 06:14 545 --a------ C:\WINDOWS\LHA.PIF

2007-10-10 06:14 545 --a------ C:\WINDOWS\ARJ.PIF

2007-10-10 04:40

2007-10-10 04:40

2007-10-10 04:36 593,920 --------- C:\WINDOWS\system32\ati2sgag.exe

2007-10-10 04:32

2007-10-10 01:10

2007-10-10 01:08

2007-10-10 01:07

2007-10-10 01:07 188,416 --a------ C:\WINDOWS\system32\Pdrvinst.dll

2007-10-10 01:07 86,016 --a------ C:\WINDOWS\system32\BrWebIns.dll

2007-10-10 01:07 65,536 --------- C:\WINDOWS\system32\BRWEBUP.EXE

2007-10-10 01:04

2007-10-09 06:48

2007-10-09 06:46

2007-10-09 06:45

2007-10-09 06:39

2007-10-09 06:18

2007-10-09 06:16 685,816 --------- C:\WINDOWS\system32\drivers\sptd.sys

2007-10-09 06:06

2007-10-09 06:03

2007-10-09 06:02 1,156 --a------ C:\WINDOWS\mozver.dat

2007-10-09 05:39 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe

2007-10-09 05:36

2007-10-09 05:36 14,464 --------- C:\WINDOWS\system32\drivers\fanio.sys

2007-10-09 05:34 43,352 --a------ C:\WINDOWS\system32\wups2.dll

2007-10-09 05:32

2007-10-09 05:18

2007-10-09 04:48

2007-10-09 04:47

2007-10-09 04:30

2007-10-09 04:29

2007-10-09 04:25 6,400 --------- C:\WINDOWS\system32\drivers\splitter.sys

2007-10-09 04:25 6,400 -----c--- C:\WINDOWS\system32\dllcache\splitter.sys

2007-10-09 04:23

2007-10-09 04:23 1,156,648 --------- C:\WINDOWS\system32\drivers\sthda.sys

2007-10-09 04:23 208,896 --a------ C:\WINDOWS\system32\stacapi.dll

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2007-10-30 16:14 278,984 ----a-w C:\WINDOWS\system32\drivers\atksgt.sys

2007-10-30 16:14 25,416 ----a-w C:\WINDOWS\system32\drivers\lirsgt.sys

2007-10-04 20:34 --------- d-----w C:\Program Files\microsoft frontpage

2007-08-22 02:09 352,256 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll

2007-08-22 02:07 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll

2007-08-22 02:07 268,800 ----a-w C:\WINDOWS\system32\ati2dvag.dll

2007-08-22 01:59 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe

2007-08-22 01:59 143,360 ----a-w C:\WINDOWS\system32\atipdlxx.dll

2007-08-22 01:58 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll

2007-08-22 01:58 122,880 ----a-w C:\WINDOWS\system32\ati2evxx.dll

2007-08-22 01:57 487,424 ----a-w C:\WINDOWS\system32\ati2evxx.exe

2007-08-22 01:56 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL

2007-08-22 01:48 8,306,688 ----a-w C:\WINDOWS\system32\atioglx2.dll

2007-08-22 01:47 3,091,392 ----a-w C:\WINDOWS\system32\ati3duag.dll

2007-08-22 01:35 1,586,816 ----a-w C:\WINDOWS\system32\ativvaxx.dll

2007-08-22 01:21 5,435,392 ----a-w C:\WINDOWS\system32\atioglxx.dll

2007-08-22 01:19 266,240 ----a-w C:\WINDOWS\system32\atikvmag.dll

2007-08-22 01:17 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll

2007-08-22 01:15 172,032 ----a-w C:\WINDOWS\system32\atiok3x2.dll

2007-08-22 01:11 450,560 ----a-w C:\WINDOWS\system32\ati2cqag.dll

2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll

2007-08-14 01:54 413,696 ----a-w C:\WINDOWS\system32\vbscript.dll

2007-08-14 01:54 156,160 ----a-w C:\WINDOWS\system32\msls31.dll

2007-08-14 01:45 78,336 ----a-w C:\WINDOWS\system32\ieencode.dll

2007-08-14 01:44 40,960 ----a-w C:\WINDOWS\system32\licmgr10.dll

2007-08-14 01:39 71,680 ----a-w C:\WINDOWS\system32\admparse.dll

2007-08-14 01:39 55,296 ----a-w C:\WINDOWS\system32\iesetup.dll

2007-08-14 01:36 36,352 ----a-w C:\WINDOWS\system32\imgutil.dll

2007-08-14 01:32 45,568 ----a-w C:\WINDOWS\system32\mshta.exe

2007-08-14 01:01 48,128 ----a-w C:\WINDOWS\system32\mshtmler.dll

.

((((((((((((((((((((((((((((( snapshot@2007-11-03_19.31.10,64 )))))))))))))))))))))))))))))))))))))))))

.

  • 2007-11-03 18:24:36 70,066 ----a-w C:\WINDOWS\system32\perfc009.dat

  • 2007-11-03 19:03:36 70,066 ----a-w C:\WINDOWS\system32\perfc009.dat

  • 2007-11-03 18:24:36 435,920 ----a-w C:\WINDOWS\system32\perfh009.dat

  • 2007-11-03 19:03:36 435,920 ----a-w C:\WINDOWS\system32\perfh009.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [2007-03-17 02:10]

"SigmatelSysTrayApp"="stsystra.exe" [2006-03-25 01:30 C:\WINDOWS\stsystra.exe]

"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 20:35]

"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 11:06]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]

"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-04 11:00]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 11:00]

C:\Documents and Settings\Esper\Start Menu\Programs\Startup\

OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-18 06:57:56]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Service Agent]

S1 fanio;FanIO driver;\??\C:\WINDOWS\system32\drivers\fanio.sys

.

**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-11-03 20:17:28

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

Completion time: 2007-11-03 20:18:09

C:\ComboFix2.txt ... 2007-11-03 20:06

C:\ComboFix3.txt ... 2007-11-03 19:42

.

--- E O F ---


(jessica) #5

>>Hijack>>scan(Do a system scan only)>>zaznacz (V) >> Fix checked.

Chyba sam ściągnąłeś sobie te szkodliwe kodeki,+ "LOP"

Wklej do Notatnika :

Folder::

C:\Program Files\Intra Sign Bird

C:\Program Files\DivoCodec

C:\Program Files\3wPlayer

C:\Documents and Settings\Esper\Application Data\Intra Sign Bird

C:\Documents and Settings\All Users\Application Data\Mfcd upload army browse

>>Plik>>Zapisz jako... >>> CFScript (najwygodniej będzie, jeśli zapiszesz w takiej lokalizacji, by ikonka CFScript.txt znalazła się obok ikonki ComboFix.exe )

Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe (czyli ikonkę CFScript.txt na ikonkę ComboFix.exe )

– podobnie jak na tym obrazku -->88953CFScript-createdbyMiekiemoes.gif

(jeśli pojawi się pytanie " 1 or 2" - to wpisz 1 i naciśnij ENTER) Ma się rozpocząć usuwanie. (i powstanie log)

Po restarcie usuń ręcznie folder C: **** Qoobox.

Daj ten log z ComboFixa.

jessi


(Seba Scz) #6

tamta operacja z tym spools.exe pomogla tylko ze

tylko ze przy okazji usunalem/ odznaczylem cos podobnie brzmiacego odpowiedzialnego za drukarke.

ktos wie jak to naprawic?


(jessica) #7

Jeśli nie miałeś wyłączonego "Przywracania Systemu", to przywróć do daty z września.

jessi


(Gutek) #8

Uwaga: Jak wklejasz loga to obejmuj go znacznikiem (tagiem) CODE lub QUOTE

Pozdrawiam Gutek2222


(Seba Scz) #9

jessi o ten log chodzi?

a jak inaczej moge naprawic ten numer z drukarka?

ComboFix 07-11-01.1 - Esper 2007-11-06 19:56:34.5 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.500 [GMT 1:00]

Running from: H:\ComboFix.exe

Command switches used :: H:\CFScript.txt

* Created a new restore point

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Documents and Settings\All Users\Application Data\Mfcd upload army browse

C:\Documents and Settings\Esper\Application Data\Intra Sign Bird

C:\Documents and Settings\Esper\Application Data\Intra Sign Bird\0

C:\Documents and Settings\Esper\Application Data\Intra Sign Bird\wwmxgwfs.exe

C:\Program Files\3wPlayer

C:\Program Files\DivoCodec

C:\Program Files\DivoCodec\unins000.dat

C:\Program Files\DivoCodec\unins000.exe

C:\Program Files\DivoCodec\WakeSplitter.ax

C:\Program Files\Intra Sign Bird

.

((((((((((((((((((((((((( Files Created from 2007-10-06 to 2007-11-06 )))))))))))))))))))))))))))))))

.

2007-11-06 19:44 57,856 --a------ C:\WINDOWS\system32\spoolsv.exe

2007-11-06 19:44 57,856 --a--c--- C:\WINDOWS\system32\dllcache\spoolsv.exe

2007-11-04 21:30

2007-11-04 21:29

2007-11-03 20:42

2007-11-03 20:26

2007-11-03 19:29 664 --a------ C:\WINDOWS\system32\d3d9caps.dat

2007-11-03 19:28 51,200 --a------ C:\WINDOWS\NirCmd.exe

2007-11-03 19:25

2007-10-30 17:48

2007-10-30 17:37

2007-10-30 17:33

2007-10-30 17:33

2007-10-27 15:24

2007-10-27 15:18

2007-10-21 21:56

2007-10-21 13:29 122,884 --a------ C:\WINDOWS\UnGins.exe

2007-10-21 11:54

2007-10-18 16:11

2007-10-18 16:11

2007-10-18 16:10

2007-10-18 06:49 1 --a------ C:\WINDOWS\system32\SI.bin

2007-10-17 15:44

2007-10-17 15:44 1,009,152 --a------ C:\WINDOWS\system32\Ltwvc13n.dll

2007-10-17 15:44 785,920 --a------ C:\WINDOWS\system32\ltann13n.dll

2007-10-17 15:44 445,952 --a------ C:\WINDOWS\system32\ltkrn13n.dll

2007-10-17 15:44 266,240 --a------ C:\WINDOWS\system32\LTDIS13n.dll

2007-10-17 15:44 139,776 --a------ C:\WINDOWS\system32\ltfil13n.DLL

2007-10-15 03:59

2007-10-15 03:59

2007-10-13 02:38

2007-10-13 02:24 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll

2007-10-13 02:24 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll

2007-10-13 02:24 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll

2007-10-13 02:23 6,058,496 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll

2007-10-13 02:23 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat

2007-10-13 02:23 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll

2007-10-13 02:23 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll

2007-10-13 02:23 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe

2007-10-12 17:50

2007-10-11 06:37

2007-10-11 06:36

2007-10-11 06:24

2007-10-11 06:23

2007-10-11 06:22

2007-10-11 06:22

2007-10-11 06:11

2007-10-11 06:11 801,144 --a------ C:\WINDOWS\system32\aswBoot.exe

2007-10-11 06:11 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr

2007-10-11 06:11 94,416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys

2007-10-11 06:11 92,848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys

2007-10-11 06:11 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys

2007-10-11 06:11 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys

2007-10-11 06:11 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys

2007-10-11 05:51

2007-10-11 05:50

2007-10-10 06:14

2007-10-10 06:14 545 --a------ C:\WINDOWS\UC.PIF

2007-10-10 06:14 545 --a------ C:\WINDOWS\RAR.PIF

2007-10-10 06:14 545 --a------ C:\WINDOWS\PKZIP.PIF

2007-10-10 06:14 545 --a------ C:\WINDOWS\PKUNZIP.PIF

2007-10-10 06:14 545 --a------ C:\WINDOWS\NOCLOSE.PIF

2007-10-10 06:14 545 --a------ C:\WINDOWS\LHA.PIF

2007-10-10 06:14 545 --a------ C:\WINDOWS\ARJ.PIF

2007-10-10 04:40

2007-10-10 04:40

2007-10-10 04:36 593,920 --------- C:\WINDOWS\system32\ati2sgag.exe

2007-10-10 04:32

2007-10-10 01:10

2007-10-10 01:08

2007-10-10 01:07

2007-10-10 01:07 188,416 --a------ C:\WINDOWS\system32\Pdrvinst.dll

2007-10-10 01:07 86,016 --a------ C:\WINDOWS\system32\BrWebIns.dll

2007-10-10 01:07 65,536 --------- C:\WINDOWS\system32\BRWEBUP.EXE

2007-10-10 01:04

2007-10-09 06:48

2007-10-09 06:46

2007-10-09 06:45

2007-10-09 06:39

2007-10-09 06:18

2007-10-09 06:16 685,816 --------- C:\WINDOWS\system32\drivers\sptd.sys

2007-10-09 06:06

2007-10-09 06:03

2007-10-09 06:02 1,156 --a------ C:\WINDOWS\mozver.dat

2007-10-09 05:39 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe

2007-10-09 05:36

2007-10-09 05:36 14,464 --------- C:\WINDOWS\system32\drivers\fanio.sys

2007-10-09 05:34 43,352 --a------ C:\WINDOWS\system32\wups2.dll

2007-10-09 05:32

2007-10-09 05:18

2007-10-09 04:48

2007-10-09 04:47

2007-10-09 04:30

2007-10-09 04:29

2007-10-09 04:25 6,400 --------- C:\WINDOWS\system32\drivers\splitter.sys

2007-10-09 04:25 6,400 -----c--- C:\WINDOWS\system32\dllcache\splitter.sys

2007-10-09 04:23

2007-10-09 04:23 1,156,648 --------- C:\WINDOWS\system32\drivers\sthda.sys

2007-10-09 04:23 208,896 --a------ C:\WINDOWS\system32\stacapi.dll

2007-10-09 04:15

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2007-10-30 16:14 278,984 ----a-w C:\WINDOWS\system32\drivers\atksgt.sys

2007-10-30 16:14 25,416 ----a-w C:\WINDOWS\system32\drivers\lirsgt.sys

2007-10-04 20:34 --------- d-----w C:\Program Files\microsoft frontpage

2007-08-22 02:09 352,256 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll

2007-08-22 02:07 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll

2007-08-22 02:07 268,800 ----a-w C:\WINDOWS\system32\ati2dvag.dll

2007-08-22 01:59 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe

2007-08-22 01:59 143,360 ----a-w C:\WINDOWS\system32\atipdlxx.dll

2007-08-22 01:58 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll

2007-08-22 01:58 122,880 ----a-w C:\WINDOWS\system32\ati2evxx.dll

2007-08-22 01:57 487,424 ----a-w C:\WINDOWS\system32\ati2evxx.exe

2007-08-22 01:56 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL

2007-08-22 01:48 8,306,688 ----a-w C:\WINDOWS\system32\atioglx2.dll

2007-08-22 01:47 3,091,392 ----a-w C:\WINDOWS\system32\ati3duag.dll

2007-08-22 01:35 1,586,816 ----a-w C:\WINDOWS\system32\ativvaxx.dll

2007-08-22 01:21 5,435,392 ----a-w C:\WINDOWS\system32\atioglxx.dll

2007-08-22 01:19 266,240 ----a-w C:\WINDOWS\system32\atikvmag.dll

2007-08-22 01:17 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll

2007-08-22 01:15 172,032 ----a-w C:\WINDOWS\system32\atiok3x2.dll

2007-08-22 01:11 450,560 ----a-w C:\WINDOWS\system32\ati2cqag.dll

2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll

2007-08-14 01:54 413,696 ----a-w C:\WINDOWS\system32\vbscript.dll

2007-08-14 01:54 156,160 ----a-w C:\WINDOWS\system32\msls31.dll

2007-08-14 01:45 78,336 ----a-w C:\WINDOWS\system32\ieencode.dll

2007-08-14 01:44 40,960 ----a-w C:\WINDOWS\system32\licmgr10.dll

2007-08-14 01:39 71,680 ----a-w C:\WINDOWS\system32\admparse.dll

2007-08-14 01:39 55,296 ----a-w C:\WINDOWS\system32\iesetup.dll

2007-08-14 01:36 36,352 ----a-w C:\WINDOWS\system32\imgutil.dll

2007-08-14 01:32 45,568 ----a-w C:\WINDOWS\system32\mshta.exe

2007-08-14 01:01 48,128 ----a-w C:\WINDOWS\system32\mshtmler.dll

.

((((((((((((((((((((((((((((( snapshot@2007-11-03_19.31.10,64 )))))))))))))))))))))))))))))))))))))))))

.

  • 2004-08-04 10:00:00 452,096 ----a-w C:\WINDOWS\system32\fxsapi.dll

  • 2004-08-04 10:00:00 111,104 ----a-w C:\WINDOWS\system32\fxscfgwz.dll

  • 2004-08-04 10:00:00 143,360 ----a-w C:\WINDOWS\system32\fxsclnt.exe

  • 2004-08-04 10:00:00 132,608 ----a-w C:\WINDOWS\system32\fxsclntR.dll

  • 2004-08-04 10:00:00 72,192 ----a-w C:\WINDOWS\system32\fxscom.dll

  • 2004-08-04 10:00:00 285,184 ----a-w C:\WINDOWS\system32\fxscomex.dll

  • 2004-08-04 10:00:00 229,376 ----a-w C:\WINDOWS\system32\fxscover.exe

  • 2004-08-04 10:00:00 27,136 ----a-w C:\WINDOWS\system32\fxsdrv.dll

  • 2004-08-04 10:00:00 55,296 ----a-w C:\WINDOWS\system32\fxsevent.dll

  • 2004-08-04 10:00:00 23,552 ----a-w C:\WINDOWS\system32\fxsext32.dll

  • 2004-08-04 10:00:00 23,552 ----a-w C:\WINDOWS\system32\fxsmon.dll

  • 2004-08-04 10:00:00 8,704 ----a-w C:\WINDOWS\system32\fxsperf.dll

  • 2004-08-04 10:00:00 6,656 ----a-w C:\WINDOWS\system32\fxsres.dll

  • 2004-08-04 10:00:00 31,744 ----a-w C:\WINDOWS\system32\fxsroute.dll

  • 2004-08-04 10:00:00 11,264 ----a-w C:\WINDOWS\system32\fxssend.exe

  • 2004-08-04 10:00:00 562,176 ----a-w C:\WINDOWS\system32\fxsst.dll

  • 2004-08-04 10:00:00 267,776 ----a-w C:\WINDOWS\system32\fxssvc.exe

  • 2004-08-04 10:00:00 246,272 ----a-w C:\WINDOWS\system32\fxst30.dll

  • 2004-08-04 10:00:00 397,312 ----a-w C:\WINDOWS\system32\fxstiff.dll

  • 2004-08-04 10:00:00 154,112 ----a-w C:\WINDOWS\system32\fxsui.dll

  • 2004-08-04 10:00:00 192,512 ----a-w C:\WINDOWS\system32\fxswzrd.dll

  • 2004-08-04 10:00:00 400,384 ----a-w C:\WINDOWS\system32\fxsxp32.dll

  • 2007-09-24 20:30:28 135,168 ----a-w C:\WINDOWS\system32\java.exe

  • 2007-09-24 21:30:28 135,168 ----a-w C:\WINDOWS\system32\java.exe

  • 2007-09-24 20:30:30 135,168 ----a-w C:\WINDOWS\system32\javaw.exe

  • 2007-09-24 21:30:30 135,168 ----a-w C:\WINDOWS\system32\javaw.exe

  • 2007-09-24 21:31:42 139,264 ----a-w C:\WINDOWS\system32\javaws.exe

  • 2007-09-24 22:31:42 139,264 ----a-w C:\WINDOWS\system32\javaws.exe

  • 2004-08-04 10:00:00 22,528 ----a-w C:\WINDOWS\system32\lpdsvc.dll

  • 2004-08-04 10:00:00 18,944 ----a-w C:\WINDOWS\system32\lprmon.dll

  • 2007-11-03 18:24:36 70,066 ----a-w C:\WINDOWS\system32\perfc009.dat

  • 2007-11-06 15:51:24 70,400 ----a-w C:\WINDOWS\system32\perfc009.dat

  • 2007-11-03 18:24:36 435,920 ----a-w C:\WINDOWS\system32\perfh009.dat

  • 2007-11-06 15:51:24 436,254 ----a-w C:\WINDOWS\system32\perfh009.dat

  • 2007-03-15 11:00:36 466,432 ----a-w C:\WINDOWS\system32\SkanerOnline.dll

  • 2007-01-19 08:40:42 89,088 ----a-w C:\WINDOWS\system32\SkanerOnlineUninstall.exe

  • 2004-08-04 10:00:00 74,752 ----a-w C:\WINDOWS\system32\spoolss.dll

  • 2007-11-06 15:47:18 16,384 ----atw C:\WINDOWS\TEMP\Perflib_Perfdata_710.dat

.

-- Snapshot reset to current date --

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [2007-03-17 02:10]

"SigmatelSysTrayApp"="stsystra.exe" [2006-03-25 01:30 C:\WINDOWS\stsystra.exe]

"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 20:35]

"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 11:06]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"uTorrent"="C:\Program Files\uTorrent\uTorrent.exe" [2007-10-09 04:31]

"i8kfangui"="C:\Program Files\I8kfanGUI\I8kfanGUI.exe" [2007-02-16 17:58]

"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2007-10-09 04:50]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 11:00]

"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-07-02 11:27]

"Windows Service Agent"="spools.exe" []

"DAEMON Tools Pro Agent"="C:\Program Files\DAEMON Tools Pro\DTProAgent.exe" [2007-09-06 14:08]

C:\Documents and Settings\Esper\Start Menu\Programs\Startup\

OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-18 06:57:56]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Service Agent]

R1 fanio;FanIO driver;\??\C:\WINDOWS\system32\drivers\fanio.sys

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{153e85ae-7561-11dc-aa10-fd76fdaf55e2}]

\Shell\AutoRun\command - H:\SSVICHOSST.exe

\Shell\Open\command - H:\SSVICHOSST.exe

.

**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-11-06 19:57:24

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

Completion time: 2007-11-06 19:57:49

C:\ComboFix2.txt ... 2007-11-03 20:18

C:\ComboFix3.txt ... 2007-11-03 20:06

.

--- E O F ---


(jessica) #10

Czy to te pliki omyłkowo usuwałeś?

Bo widzę, że w logu są , a więc powinno być już dobrze...

Log jest czysty, z wyjątkiem infekcji na pendrive.

Wklej do Notatnika :

File::

H:\SSVICHOSST.exe


Registry::

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Service Agent]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{153e85ae-7561-11dc-aa10-fd76fdaf55e2}]

>>Plik>>Zapisz jako... >>> CFScript (najwygodniej będzie, jeśli zapiszesz w takiej lokalizacji, by ikonka CFScript.txt znalazła się obok ikonki ComboFix.exe )

Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe (czyli ikonkę CFScript.txt na ikonkę ComboFix.exe )

– podobnie jak na tym obrazku -->88953CFScript-createdbyMiekiemoes.gif

(jeśli pojawi się pytanie " 1 or 2" - to wpisz 1 i naciśnij ENTER) Ma się rozpocząć usuwanie. (i powstanie log)

Po restarcie usuń ręcznie folder C: **** Qoobox.

Daj ten log.

jessi


(Seba Scz) #11

tak to je usunalem, ale przynioslem z innego xp'ka jak zwykle zadzialalo, a co do pendriva sam sie zdziwilem ale wczoraj jak wrocilem z uczelni avast usunal z 50 zainfekowanych plikow

oby to juz byl ostatni log :slight_smile:

ComboFix 07-11-01.1 - Esper 2007-11-07 9:04:08.6 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.503 [GMT 1:00]

Running from: H:\ComboFix.exe

Command switches used :: H:\CFScript.txt

* Created a new restore point

FILE::

H:\SSVICHOSST.exe

.

((((((((((((((((((((((((( Files Created from 2007-10-07 to 2007-11-07 )))))))))))))))))))))))))))))))

.

2007-11-06 19:44 57,856 --a------ C:\WINDOWS\system32\spoolsv.exe

2007-11-06 19:44 57,856 --a--c--- C:\WINDOWS\system32\dllcache\spoolsv.exe

2007-11-04 21:30

2007-11-04 21:29

2007-11-03 20:42

2007-11-03 20:26

2007-11-03 19:29 664 --a------ C:\WINDOWS\system32\d3d9caps.dat

2007-11-03 19:28 51,200 --a------ C:\WINDOWS\NirCmd.exe

2007-11-03 19:25

2007-10-30 17:48

2007-10-30 17:37

2007-10-30 17:33

2007-10-30 17:33

2007-10-27 15:24

2007-10-27 15:18

2007-10-21 21:56

2007-10-21 13:29 122,884 --a------ C:\WINDOWS\UnGins.exe

2007-10-21 11:54

2007-10-18 16:11

2007-10-18 16:11

2007-10-18 16:10

2007-10-18 06:49 1 --a------ C:\WINDOWS\system32\SI.bin

2007-10-17 15:44

2007-10-17 15:44 1,009,152 --a------ C:\WINDOWS\system32\Ltwvc13n.dll

2007-10-17 15:44 785,920 --a------ C:\WINDOWS\system32\ltann13n.dll

2007-10-17 15:44 445,952 --a------ C:\WINDOWS\system32\ltkrn13n.dll

2007-10-17 15:44 266,240 --a------ C:\WINDOWS\system32\LTDIS13n.dll

2007-10-17 15:44 139,776 --a------ C:\WINDOWS\system32\ltfil13n.DLL

2007-10-15 03:59

2007-10-15 03:59

2007-10-13 02:38

2007-10-13 02:24 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll

2007-10-13 02:24 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll

2007-10-13 02:24 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll

2007-10-13 02:23 6,058,496 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll

2007-10-13 02:23 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat

2007-10-13 02:23 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll

2007-10-13 02:23 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll

2007-10-13 02:23 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe

2007-10-12 17:50

2007-10-11 06:37

2007-10-11 06:36

2007-10-11 06:24

2007-10-11 06:23

2007-10-11 06:22

2007-10-11 06:22

2007-10-11 06:11

2007-10-11 06:11 801,144 --a------ C:\WINDOWS\system32\aswBoot.exe

2007-10-11 06:11 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr

2007-10-11 06:11 94,416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys

2007-10-11 06:11 92,848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys

2007-10-11 06:11 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys

2007-10-11 06:11 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys

2007-10-11 06:11 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys

2007-10-11 05:51

2007-10-11 05:50

2007-10-10 06:14

2007-10-10 06:14 545 --a------ C:\WINDOWS\UC.PIF

2007-10-10 06:14 545 --a------ C:\WINDOWS\RAR.PIF

2007-10-10 06:14 545 --a------ C:\WINDOWS\PKZIP.PIF

2007-10-10 06:14 545 --a------ C:\WINDOWS\PKUNZIP.PIF

2007-10-10 06:14 545 --a------ C:\WINDOWS\NOCLOSE.PIF

2007-10-10 06:14 545 --a------ C:\WINDOWS\LHA.PIF

2007-10-10 06:14 545 --a------ C:\WINDOWS\ARJ.PIF

2007-10-10 04:40

2007-10-10 04:40

2007-10-10 04:36 593,920 --------- C:\WINDOWS\system32\ati2sgag.exe

2007-10-10 04:32

2007-10-10 01:10

2007-10-10 01:08

2007-10-10 01:07

2007-10-10 01:07 188,416 --a------ C:\WINDOWS\system32\Pdrvinst.dll

2007-10-10 01:07 86,016 --a------ C:\WINDOWS\system32\BrWebIns.dll

2007-10-10 01:07 65,536 --------- C:\WINDOWS\system32\BRWEBUP.EXE

2007-10-10 01:04

2007-10-09 06:48

2007-10-09 06:46

2007-10-09 06:45

2007-10-09 06:39

2007-10-09 06:18

2007-10-09 06:16 685,816 --------- C:\WINDOWS\system32\drivers\sptd.sys

2007-10-09 06:06

2007-10-09 06:03

2007-10-09 06:02 1,156 --a------ C:\WINDOWS\mozver.dat

2007-10-09 05:39 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe

2007-10-09 05:36

2007-10-09 05:36 14,464 --------- C:\WINDOWS\system32\drivers\fanio.sys

2007-10-09 05:34 43,352 --a------ C:\WINDOWS\system32\wups2.dll

2007-10-09 05:32

2007-10-09 05:18

2007-10-09 04:48

2007-10-09 04:47

2007-10-09 04:30

2007-10-09 04:29

2007-10-09 04:25 6,400 --------- C:\WINDOWS\system32\drivers\splitter.sys

2007-10-09 04:25 6,400 -----c--- C:\WINDOWS\system32\dllcache\splitter.sys

2007-10-09 04:23

2007-10-09 04:23 1,156,648 --------- C:\WINDOWS\system32\drivers\sthda.sys

2007-10-09 04:23 208,896 --a------ C:\WINDOWS\system32\stacapi.dll

2007-10-09 04:15

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2007-10-30 16:14 278,984 ----a-w C:\WINDOWS\system32\drivers\atksgt.sys

2007-10-30 16:14 25,416 ----a-w C:\WINDOWS\system32\drivers\lirsgt.sys

2007-10-04 20:34 --------- d-----w C:\Program Files\microsoft frontpage

2007-08-22 02:09 352,256 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll

2007-08-22 02:07 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll

2007-08-22 02:07 268,800 ----a-w C:\WINDOWS\system32\ati2dvag.dll

2007-08-22 01:59 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe

2007-08-22 01:59 143,360 ----a-w C:\WINDOWS\system32\atipdlxx.dll

2007-08-22 01:58 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll

2007-08-22 01:58 122,880 ----a-w C:\WINDOWS\system32\ati2evxx.dll

2007-08-22 01:57 487,424 ----a-w C:\WINDOWS\system32\ati2evxx.exe

2007-08-22 01:56 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL

2007-08-22 01:48 8,306,688 ----a-w C:\WINDOWS\system32\atioglx2.dll

2007-08-22 01:47 3,091,392 ----a-w C:\WINDOWS\system32\ati3duag.dll

2007-08-22 01:35 1,586,816 ----a-w C:\WINDOWS\system32\ativvaxx.dll

2007-08-22 01:21 5,435,392 ----a-w C:\WINDOWS\system32\atioglxx.dll

2007-08-22 01:19 266,240 ----a-w C:\WINDOWS\system32\atikvmag.dll

2007-08-22 01:17 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll

2007-08-22 01:15 172,032 ----a-w C:\WINDOWS\system32\atiok3x2.dll

2007-08-22 01:11 450,560 ----a-w C:\WINDOWS\system32\ati2cqag.dll

2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll

2007-08-14 01:54 413,696 ----a-w C:\WINDOWS\system32\vbscript.dll

2007-08-14 01:54 156,160 ----a-w C:\WINDOWS\system32\msls31.dll

2007-08-14 01:45 78,336 ----a-w C:\WINDOWS\system32\ieencode.dll

2007-08-14 01:44 40,960 ----a-w C:\WINDOWS\system32\licmgr10.dll

2007-08-14 01:39 71,680 ----a-w C:\WINDOWS\system32\admparse.dll

2007-08-14 01:39 55,296 ----a-w C:\WINDOWS\system32\iesetup.dll

2007-08-14 01:36 36,352 ----a-w C:\WINDOWS\system32\imgutil.dll

2007-08-14 01:32 45,568 ----a-w C:\WINDOWS\system32\mshta.exe

2007-08-14 01:01 48,128 ----a-w C:\WINDOWS\system32\mshtmler.dll

.

((((((((((((((((((((((((((((( snapshot_2007-11-06_19.57.29,84 )))))))))))))))))))))))))))))))))))))))))

.

  • 2007-11-06 15:51:24 70,400 ----a-w C:\WINDOWS\system32\perfc009.dat

  • 2007-11-07 06:29:39 70,400 ----a-w C:\WINDOWS\system32\perfc009.dat

  • 2007-11-06 15:51:24 436,254 ----a-w C:\WINDOWS\system32\perfh009.dat

  • 2007-11-07 06:29:39 436,254 ----a-w C:\WINDOWS\system32\perfh009.dat

  • 2007-11-07 06:25:27 16,384 ----atw C:\WINDOWS\TEMP\Perflib_Perfdata_708.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [2007-03-17 02:10]

"SigmatelSysTrayApp"="stsystra.exe" [2006-03-25 01:30 C:\WINDOWS\stsystra.exe]

"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 20:35]

"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 11:06]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"uTorrent"="C:\Program Files\uTorrent\uTorrent.exe" [2007-10-09 04:31]

"i8kfangui"="C:\Program Files\I8kfanGUI\I8kfanGUI.exe" [2007-02-16 17:58]

"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2007-10-09 04:50]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 11:00]

"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-07-02 11:27]

"Windows Service Agent"="spools.exe" []

"DAEMON Tools Pro Agent"="C:\Program Files\DAEMON Tools Pro\DTProAgent.exe" [2007-09-06 14:08]

C:\Documents and Settings\Esper\Start Menu\Programs\Startup\

OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-18 06:57:56]

R1 fanio;FanIO driver;\??\C:\WINDOWS\system32\drivers\fanio.sys

.

**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-11-07 09:04:56

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

Completion time: 2007-11-07 9:05:20

C:\ComboFix2.txt ... 2007-11-06 19:57

C:\ComboFix3.txt ... 2007-11-03 20:18

.

--- E O F ---


(jessica) #12

Log jest czysty.

Troszeczkę zaniepokoiło mnie to, że Avast wykrył ok. 50 obiektów.

Pamiętasz może nazwy tych szkodników? Chodzi mi o to, że może chodzi o jakiegoś wirusa zarażającego wszystkie *.exe i stąd taka liczba wykrytych obiektów.

jessi


(Seba Scz) #13

to byl raczej jakis niegrozny wirus, on nie zarazal exe tylko je sobie tworzyl np nowy folder.exe i tak mi zamienil wiekszosc plikow na pamieci, ale to musialem przyniesc z punktu ksero no i teraz juz jest czysto :slight_smile:

w logach avasta mam ze to Win32:Sohanad-O [Wrm] czyli wynikaloby ze niegrozny robaczek

a co do tego ze sam zainstalowalem tamte kodeki masz zupelna racje dziewczyna chciala jakis nowy film a w paczce byly te kodeki jako niby wymagane... teraz juz wiem ze cccp i nic wicej :slight_smile:


(Gutek) #14

ostatni raz proszę