Spowolniony system..raporty AVG + log Hijack

angellON · 2 Grudzień 2007 20:23

Prosze o sprawdzenie tego loga. Niedawno mialem problemy z wirusem win32:adware-gen [Adw], którego udalo sie usunać (przynajmniej tak mi sie wydaje :)… zainstalowalem system od nowa jednak nie jest tak jak byc powinno…komp jest przymulony a po przescanowaniu systemu AVGSpyware wykrywa jakies pliki ktore usuwa…problem w tym ze po jakims czasie pojawia sie ponownie… zauwazam jedynie mala poprawe po tym jak je usuwa…jakos szybciej kreci… chcialbym jednak pozbyc sie tego raz a dobrze… zamieszczam raporty po scanie AVG i log z Hijacka…

Gutek · 2 Grudzień 2007 21:32

HJT Ok, a AVG pokazuje ciasteczka

Daj log z ComboFix

angellON · 3 Grudzień 2007 15:07

Leci Combofix

Gutek · 3 Grudzień 2007 17:01

Wklej do Notatnika:

>>Plik>>Zapisz jako… >>> CFScript (najwygodniej będzie, jeśli zapiszesz w takiej lokalizacji, by ikonka CFScript.txt znalazła się obok ikonki ComboFix.exe )

Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe (czyli ikonkę CFScript.txt na ikonkę ComboFix.exe )

– podobnie jak na tym obrazku –>

(jeśli pojawi się pytanie " 1 or 2" - to wpisz 1 i naciśnij ENTER) Ma się rozpocząć usuwanie. (i powstanie log)

Po restarcie usuń ręcznie folder C: ** Qoobox**.

Po tym nowy log z Combo

angellON · 3 Grudzień 2007 19:20

ComboFix 07-12-02.7 - angello 2007-12-03 20:12:42.3 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.561 [GMT 1:00] Running from: C:\Documents and Settings\angello\Pulpit\ComboFix.exe . ((((((((((((((((((((((((( Files Created from 2007-11-03 to 2007-12-03 ))))))))))))))))))))))))))))))) . 2007-12-02 22:15 . 2007-12-02 22:15 2007-12-02 22:15 . 2007-12-02 22:15 2007-12-02 22:15 . 2007-12-02 22:15 2007-12-02 22:15 . 2007-12-02 22:15 2007-12-02 22:15 . 2007-12-02 22:15 2007-12-02 22:15 . 2001-07-31 08:17 727,718 --a------ C:\WINDOWS\Uninstaller.exe 2007-12-02 22:15 . 2001-07-31 08:17 727,718 --a------ C:\WINDOWS\EMUninstaller.exe 2007-12-02 22:15 . 1997-05-30 11:25 314,880 --a------ C:\WINDOWS\IsUn0415.exe 2007-12-02 22:15 . 1999-06-07 11:32 81,920 --a------ C:\WINDOWS\asr3232.dll 2007-12-02 19:29 . 2007-12-02 19:29 2007-11-30 19:39 . 2007-11-30 19:39 0 --a------ C:\WINDOWS\DVEdit.INI 2007-11-30 19:30 . 2007-11-30 19:31 2007-11-30 13:18 . 2007-11-30 13:19 25,992 --a------ C:\WINDOWS\system32\pgdfgsvc.exe 2007-11-30 13:00 . 2007-11-30 13:01 2007-11-30 12:58 . 2007-03-08 06:11 1,036,288 -----c— C:\WINDOWS\system32\dllcache\ieframe.dll.mui 2007-11-30 12:58 . 2007-08-20 11:01 383,488 -----c— C:\WINDOWS\system32\dllcache\ieapfltr.dll 2007-11-30 12:58 . 2007-08-20 11:01 267,776 -----c— C:\WINDOWS\system32\dllcache\iertutil.dll 2007-11-30 12:58 . 2007-08-17 11:20 13,824 -----c— C:\WINDOWS\system32\dllcache\ieudinit.exe 2007-11-30 12:57 . 2007-08-20 11:01 6,058,496 -----c— C:\WINDOWS\system32\dllcache\ieframe.dll 2007-11-30 12:57 . 2007-04-17 10:32 2,455,488 -----c— C:\WINDOWS\system32\dllcache\ieapfltr.dat 2007-11-30 12:57 . 2007-08-20 11:01 459,264 -----c— C:\WINDOWS\system32\dllcache\msfeeds.dll 2007-11-30 12:57 . 2007-08-20 11:01 63,488 -----c— C:\WINDOWS\system32\dllcache\icardie.dll 2007-11-30 12:57 . 2007-08-20 11:01 52,224 -----c— C:\WINDOWS\system32\dllcache\msfeedsbs.dll 2007-11-30 11:26 . 2007-11-30 12:39 2007-11-30 00:01 . 2007-11-30 12:16 2007-11-29 23:56 . 2007-11-29 23:56 2007-11-29 23:51 . 2007-11-29 23:51 2007-11-29 23:51 . 2007-11-29 23:51 2007-11-29 23:51 . 2007-11-29 23:51 2007-11-29 23:51 . 2007-11-29 23:51 2007-11-29 23:50 . 2007-11-29 23:50 2007-11-28 12:56 . 2007-11-28 12:56 2007-11-28 12:20 . 2007-11-28 12:20 2007-11-28 12:20 . 1998-10-29 16:45 306,688 --a------ C:\WINDOWS\IsUninst.exe 2007-11-28 12:20 . 2002-06-06 14:38 139,264 --a------ C:\WINDOWS\system32\eax.dll 2007-11-28 12:16 . 1857-01-01 02:00 319,488 -ra------ C:\WINDOWS\system32\MafiaSetup.exe 2007-11-27 23:03 . 2007-11-27 23:03 2007-11-27 19:15 . 2007-11-27 19:15 2007-11-27 16:09 . 2005-06-24 16:24 438,272 -ra------ C:\WINDOWS\system32\vp6vfw.dll 2007-11-27 16:09 . 2004-12-10 09:06 327,680 --a------ C:\WINDOWS\system32\vp6dec.ax 2007-11-26 20:09 . 2007-11-26 20:09 2007-11-26 20:08 . 2004-08-04 00:44 221,184 --a------ C:\WINDOWS\system32\wmpns.dll 2007-11-26 20:04 . 2007-11-26 20:04 2007-11-26 19:56 . 2004-08-04 00:44 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll 2007-11-26 19:56 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys 2007-11-26 19:56 . 2004-08-03 22:58 15,104 --a–c— C:\WINDOWS\system32\dllcache\usbscan.sys 2007-11-26 19:56 . 2001-10-26 17:29 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll 2007-11-26 18:27 . 2007-11-26 18:30 2007-11-26 16:55 . 2007-11-26 16:55 2007-11-26 16:55 . 2007-04-24 16:30 60,273 --a------ C:\WINDOWS\system32\pthreadGC2.dll 2007-11-26 16:55 . 2007-07-29 16:51 7,680 --a------ C:\WINDOWS\system32\ff_vfw.dll 2007-11-26 16:55 . 2007-07-10 17:10 547 --a------ C:\WINDOWS\system32\ff_vfw.dll.manifest 2007-11-26 16:18 . 2007-11-26 16:18 2007-11-26 16:18 . 2007-11-26 16:18 2007-11-26 16:18 . 2007-11-26 16:18 2007-11-26 16:18 . 2007-11-26 16:18 2007-11-26 16:18 . 2004-09-23 18:57 6,676,480 --a------ C:\WINDOWS\system32\QuickTime.qts 2007-11-26 16:18 . 2004-09-23 18:57 747,008 --a------ C:\WINDOWS\system32\Indeo4.qtx 2007-11-26 16:18 . 2004-09-23 18:57 430,592 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx 2007-11-26 16:18 . 2005-06-10 17:40 360,504 --a------ C:\WINDOWS\system32\QTPlugin.ocx 2007-11-26 16:18 . 2004-09-23 18:57 323,072 --a------ C:\WINDOWS\system32\QuickTime.cpl 2007-11-26 16:18 . 2002-11-08 20:04 225,280 --a------ C:\WINDOWS\system32\qtmlClient.dll 2007-11-26 16:18 . 2004-09-23 18:57 70,144 --a------ C:\WINDOWS\system32\QuickTimeCheck.ocx 2007-11-26 16:08 . 2007-11-26 16:08 2007-11-26 14:54 . 2007-11-26 14:54 2007-11-26 14:49 . 2007-11-26 14:49 30,835 --a------ C:\WINDOWS\Ascd_tmp.ini 2007-11-26 14:30 . 2007-11-26 14:30 2007-11-26 14:20 . 2006-10-26 08:01 157,352 --------- C:\WINDOWS\system32\pxwma.dll 2007-11-26 14:00 . 2007-11-26 16:48 2007-11-26 14:00 . 2007-11-26 14:15 2007-11-26 13:26 . 2007-11-26 13:26 2007-11-26 13:25 . 2007-11-26 13:25 2007-11-26 13:25 . 2006-05-10 11:33 43,520 --a------ C:\WINDOWS\system32\drivers\AmdK8.sys 2007-11-26 13:24 . 2007-11-26 13:24 2007-11-26 13:24 . 2007-11-26 13:24 1,024 --a------ C:.rnd 2007-11-26 13:24 . 2007-11-26 13:24 22 --a------ C:\WINDOWS\FileName 2007-11-26 13:23 . 2006-03-23 19:53 442,368 --a------ C:\WINDOWS\system32\CapabilityTable.exe 2007-11-26 13:17 . 2005-01-11 19:56 78,336 -ra------ C:\WINDOWS\system32\SilSupp.cpl 2007-11-26 13:17 . 2005-01-19 23:30 67,200 -ra------ C:\WINDOWS\system32\drivers\SI3132.sys 2007-11-26 13:17 . 2004-11-01 20:21 10,368 -ra------ C:\WINDOWS\system32\drivers\SiWinAcc.sys 2007-11-26 01:28 . 2007-11-26 01:28 2007-11-26 01:23 . 2007-11-26 01:23 2007-11-26 00:59 . 2007-11-26 16:48 2007-11-26 00:59 . 2007-11-26 16:48 2007-11-26 00:59 . 2007-11-26 00:59 47,360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys 2007-11-26 00:59 . 2007-11-26 16:47 47,360 --a------ C:\Documents and Settings\angello\Dane aplikacji\pcouffin.sys 2007-11-26 00:26 . 2002-07-09 22:42 140,288 --a------ C:\WINDOWS\system32\Comdlg32.ocx 2007-11-26 00:17 . 2007-11-26 01:22 2007-11-25 23:31 . 2006-03-17 01:38 28,672 --------- C:\WINDOWS\system32\verclsid.exe 2007-11-25 23:26 . 2007-12-03 15:52 2007-11-25 23:20 . 2007-12-03 18:02 107,832 --a------ C:\WINDOWS\system32\PnkBstrB.exe 2007-11-25 23:20 . 2007-12-03 18:02 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys 2007-11-25 23:19 . 2007-11-30 11:41 2007-11-25 23:19 . 2007-11-25 23:19 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe 2007-11-25 22:53 . 2002-12-11 20:11 35,822 --a------ C:\WINDOWS\WMPrfPlk.prx 2007-11-25 22:39 . 2007-11-25 22:39 2007-11-25 20:11 . 2007-11-25 22:25 2007-11-25 20:07 . 2007-11-25 20:07 287 --a------ C:\WINDOWS\game.ini 2007-11-25 20:04 . 2007-11-25 20:04 2007-11-25 19:56 . 2007-11-25 19:56 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-12-03 14:50 --------- d-----w C:\Documents and Settings\angello\Dane aplikacji\AVG7 2007-12-02 21:16 155,995 ----a-w C:\WINDOWS\java\Packages\DZXNBD3P.ZIP 2007-11-30 18:31 --------- d–h--w C:\Program Files\InstallShield Installation Information 2007-11-26 18:46 163,644 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys 2007-11-25 21:52 --------- d-----w C:\Program Files\CyberLink 2007-11-25 18:56 --------- d-----w C:\Program Files\Common Files\InstallShield 2007-11-25 17:29 --------- d-----w C:\Program Files\Winamp 2007-11-25 16:32 --------- d-----w C:\Program Files\VideoLAN 2007-11-25 16:19 --------- d-----w C:\Program Files\WinISO 2007-11-25 16:17 223,128 ----a-w C:\WINDOWS\system32\drivers\dtscsi.sys 2007-11-25 16:17 --------- d-----w C:\Program Files\DAEMON Tools 2007-11-25 16:16 96,256 ----a-w C:\WINDOWS\system32\drivers\sptd1085.sys 2007-11-25 16:16 664,064 ----a-w C:\WINDOWS\system32\drivers\sptd.sys 2007-11-25 16:15 98,512 ----a-w C:\WINDOWS\GREUninstall.exe 2007-11-25 16:15 --------- d-----w C:\Documents and Settings\angello\Dane aplikacji\Talkback 2007-11-25 16:14 --------- d-----w C:\Program Files\mozilla.org 2007-11-25 16:14 --------- d-----w C:\Program Files\Common Files\mozilla.org 2007-11-25 16:00 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\avg7 2007-11-25 15:59 --------- d-----w C:\Program Files\AirLive WL-5480USB WLAN USB 2007-11-25 15:54 --------- d-----w C:\Documents and Settings\angello\Dane aplikacji\Grisoft 2007-11-25 15:53 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Grisoft 2007-11-25 15:44 --------- d-----w C:\Documents and Settings\LocalService\Dane aplikacji\AVG7 2007-11-25 15:29 --------- d-----w C:\Program Files\Common Files\Agnitum Shared 2007-11-25 15:29 --------- d-----w C:\Program Files\Agnitum 2007-11-25 15:18 --------- d-----w C:\Program Files\microsoft frontpage 2007-11-25 15:17 --------- d-----w C:\Program Files\Usługi online 2007-10-22 02:39 267,272 ----a-w C:\WINDOWS\system32\xactengine2_10.dll 2007-10-22 02:37 17,928 ----a-w C:\WINDOWS\system32\X3DAudio1_2.dll 2007-10-12 14:14 3,734,536 ----a-w C:\WINDOWS\system32\d3dx9_36.dll 2007-10-12 14:14 1,374,232 ----a-w C:\WINDOWS\system32\D3DCompiler_36.dll 2007-10-02 08:56 444,776 ----a-w C:\WINDOWS\system32\d3dx10_36.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}”=“C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe” [2007-05-08 19:47] “CTFMON.EXE”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-04 00:44] “LogitechSoftwareUpdate”=“C:\Program Files\Logitech\Video\ManifestEngine.exe” [2005-01-18 17:07] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “!AVG Anti-Spyware”=“C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe” [2007-06-11 10:25] “SoundMAXPnP”=“C:\Program Files\Analog Devices\Core\smax4pnp.exe” [2006-09-26 22:29] “LVCOMSX”=“C:\WINDOWS\system32\LVCOMSX.EXE” [2004-10-08 11:52] “SunJavaUpdateSched”=“C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe” [2005-11-10 13:03] “AVG7_CC”=“C:\PROGRA~1\Grisoft\AVG7\avgcc.exe” [2007-11-25 16:44] “NvMediaCenter”=“RUNDLL32.exe” [2004-08-04 00:44 C:\WINDOWS\system32\rundll32.exe] “WinSys2”=“C:\WINDOWS\system32\winsys2.exe” [2006-04-29 11:36] “nwiz”=“nwiz.exe” [2007-06-29 00:43 C:\WINDOWS\system32\nwiz.exe] “NvCplDaemon”=“RUNDLL32.exe” [2004-08-04 00:44 C:\WINDOWS\system32\rundll32.exe] “NeroFilterCheck”=“C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe” [2007-03-01 15:57] “WinampAgent”=“C:\Program Files\Winamp\winampa.exe” [2005-12-09 07:30] “SoundMAX”=“C:\Program Files\Analog Devices\SoundMAX\Smax4.exe” [2006-07-13 08:12] “SecurDisc”=“C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe” [2007-05-15 15:55] “RemoteControl”=“C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe” [2006-11-23 15:10] “LogitechVideoTray”=“C:\Program Files\Logitech\Video\LogiTray.exe” [2005-01-18 17:37] “LogitechVideoRepair”=“C:\Program Files\Logitech\Video\ISStart.exe” [2005-01-18 17:47] “LanguageShortcut”=“C:\Program Files\CyberLink\PowerDVD\Language\Language.exe” [2006-12-05 22:55] “InCD”=“C:\Program Files\Nero\Nero 7\InCD\InCD.exe” [2007-05-15 15:55] “DAEMON Tools”=“C:\Program Files\DAEMON Tools\daemon.exe” [2005-11-08 23:00] [HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE” [2004-08-04 00:44] “AVG7_Run”=“C:\PROGRA~1\Grisoft\AVG7\avgw.exe” [2007-11-25 16:44] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AQQ] 2007-02-28 13:18 2351864 --a------ C:\PROGRA~1\WapSter\AQQ\AQQ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Outpost Firewall] C:\Program Files\Agnitum\Outpost Firewall\outpost.exe /waitservice [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OutpostFeedBack] C:\Program Files\Agnitum\Outpost Firewall\feedback.exe /dump:os_startup R1 SandBox;Outpost Firewall Sandbox Driver;??\C:\Program Files\Agnitum\Outpost Firewall\kernel\Sandbox.SYS R1 VFILT;Outpost Firewall Kernel Driver;??\C:\Program Files\Agnitum\Outpost Firewall\kernel\FILTNT.SYS R3 ADBLOCK.DLL;Outpost Firewall PlugIn (ADBLOCK.DLL);??\C:\Program Files\Agnitum\Outpost Firewall\kernel\ADBLOCK.DLL R3 ARP.DLL;Outpost Firewall PlugIn (ARP.DLL);??\C:\Program Files\Agnitum\Outpost Firewall\kernel\ARP.DLL R3 CONTENT.DLL;Outpost Firewall PlugIn (CONTENT.DLL);??\C:\Program Files\Agnitum\Outpost Firewall\kernel\CONTENT.DLL R3 DNSCACHE.DLL;Outpost Firewall PlugIn (DNSCACHE.DLL);??\C:\Program Files\Agnitum\Outpost Firewall\kernel\DNSCACHE.DLL R3 FTPFILT.DLL;Outpost Firewall PlugIn (FTPFILT.DLL);??\C:\Program Files\Agnitum\Outpost Firewall\kernel\FTPFILT.DLL R3 HTMLFILT.DLL;Outpost Firewall PlugIn (HTMLFILT.DLL);??\C:\Program Files\Agnitum\Outpost Firewall\kernel\HTMLFILT.DLL R3 HTTPFILT.DLL;Outpost Firewall PlugIn (HTTPFILT.DLL);??\C:\Program Files\Agnitum\Outpost Firewall\kernel\HTTPFILT.DLL R3 IMAPFILT.DLL;Outpost Firewall PlugIn (IMAPFILT.DLL);??\C:\Program Files\Agnitum\Outpost Firewall\kernel\IMAPFILT.DLL R3 MAILFILT.DLL;Outpost Firewall PlugIn (MAILFILT.DLL);??\C:\Program Files\Agnitum\Outpost Firewall\kernel\MAILFILT.DLL R3 NNTPFILT.DLL;Outpost Firewall PlugIn (NNTPFILT.DLL);??\C:\Program Files\Agnitum\Outpost Firewall\kernel\NNTPFILT.DLL R3 POP3FILT.DLL;Outpost Firewall PlugIn (POP3FILT.DLL);??\C:\Program Files\Agnitum\Outpost Firewall\kernel\POP3FILT.DLL R3 PROTECT.DLL;Outpost Firewall PlugIn (PROTECT.DLL);??\C:\Program Files\Agnitum\Outpost Firewall\kernel\PROTECT.DLL R3 SECRET.DLL;Outpost Firewall PlugIn (SECRET.DLL);??\C:\Program Files\Agnitum\Outpost Firewall\kernel\SECRET.DLL R3 ZD1211BU(AirLive);AirLive WL-5480USB WLAN USB Driver(AirLive);C:\WINDOWS\system32\DRIVERS\zd1211Bu.sys S3 ICDUSB2;Sony IC Recorder §;C:\WINDOWS\system32\Drivers\ICDUSB2.sys . ************************************************************************** catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-12-03 20:13:56 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-12-03 20:14:19 C:\ComboFix2.txt … 2007-12-03 20:05 C:\ComboFix3.txt … 2007-12-03 15:58 . — E O F —

Złączono Posta : 03.12.2007 (Pon) 20:38

Jest juz jeden plus System uruchamia sie zdecydowanie szybciej. Wczesniej mial zawiechy zanim zaladowal wszystkie urzadzenia i uslugi. Tylko co z tymi ciasteczkami?? wiem ze groźne to one nie sa, wiec dlaczego AVGSpyware ciągle je usuwa?? Moze zmienic przegladarke??

Gutek · 3 Grudzień 2007 19:58

usuń pliki ręcznie

angellON · 3 Grudzień 2007 21:14

Dzieki Znacznie lepiej…