Wirusy i internet przerywa. log

pawcio151 · 18 Listopad 2006 22:18

Od kilku skanowan kaspeski wykrywa mi wirusa niepamietam dokladnej nazwy jego ale wszystkie mialy w sobie slowo “steam”. Troche dziewnie mi internet muli i przerywa od czasu do czasu.

Logfile of HijackThis v1.99.1 Scan saved at 23:18, on 06-11-18 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\system32\nvraidservice.exe C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\system32\wbem\unsecapp.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE D:\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O4 - HKLM…\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM…\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM…\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe O4 - HKLM…\Run: [nwiz] nwiz.exe /install O4 - HKLM…\Run: [sunJavaUpdateSched] “C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe” O4 - HKLM…\Run: [kav] “C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe” O4 - HKLM…\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra button: Ochrona WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O15 - Trusted Zone: http://*.mks.com.pl O16 - DPF: {3D8700FB-86A4-4CB4-B738-6F0FC016AC7D} (MainControl Class) - http://bezpieczenstwo.onet.pl/skaner/ArcaOnline.cab O16 - DPF: {5A09E43F-A0A7-4ABF-AF80-11367CF1DC8F} (MainControl Class) - http://mks.com.pl/skaner/SkanerOnline.cab O17 - HKLM\System\CCS\Services\Tcpip…{C2101948-8947-414B-80CB-D2E91754B42F}: NameServer = 192.168.10.1,194.204.159.1 O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing) O23 - Service: Bezpieczne GG - tymczasowa usluga (RPC) (bgg) - Unknown owner - (no file) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

siljenta niepodam poniewaz niemoge go wlaczyc.

Zamiast niego podaje log z combofix

Administrator - 06-11-18 23:13:51,65 Dodatek Service Pack 2 ComboFix 06.10.19 - Running from: “D:\instalki” ((((((((((((((((((((((((((((((( Files Created from 2006-10-18 to 2006-11-18 )))))))))))))))))))))))))))))))))) 2006-10-27 19:49 516,096 --------- C:\WINDOWS\system32\ati2sgag.exe 2006-10-27 19:49 294,912 -ra------ C:\WINDOWS\system32\atiiiexx.dll 2006-10-27 19:49 151,552 -ra------ C:\WINDOWS\system32\ATIDEMGR.dll 2006-10-24 16:51 5,632 --a------ C:\WINDOWS\system32\write.exe 2006-10-24 16:50 80,896 --a------ C:\WINDOWS\system32\charmap.exe 2006-10-24 16:50 605,696 --a------ C:\WINDOWS\system32\getuname.dll 2006-10-24 16:50 57,344 --a------ C:\WINDOWS\system32\sol.exe 2006-10-24 16:50 55,808 --a------ C:\WINDOWS\system32\freecell.exe 2006-10-24 16:50 128,000 --a------ C:\WINDOWS\system32\mshearts.exe 2006-10-24 16:50 119,808 --a------ C:\WINDOWS\system32\winmine.exe 2006-10-24 16:50 115,200 --a------ C:\WINDOWS\system32\calc.exe (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2006-11-05 19:21 -------- d-------- C:\Program Files\SkanerOnline 2006-10-28 16:12 -------- d-------- C:\Program Files\Google 2006-10-28 16:12 -------- d-------- C:\Documents and Settings\Administrator\Dane aplikacji\Google 2006-10-27 21:38 -------- d-------- C:\Program Files\Skype 2006-10-27 19:59 -------- d-------- C:\Documents and Settings\Administrator\Dane aplikacji\Mikrotik 2006-10-27 19:49 -------- d-------- C:\Program Files\ATI Technologies 2006-10-14 14:14 -------- d-------- C:\Program Files\Wolfenstein - Enemy Territory 2006-10-13 18:57 61072 --a------ C:\WINDOWS\system32\drivers\klick.sys 2006-10-13 18:57 59536 --a------ C:\WINDOWS\system32\drivers\klin.sys 2006-10-13 18:45 -------- d-------- C:\Program Files\Kaspersky Lab 2006-10-03 16:48 -------- d-------- C:\Program Files\Gadu-Gadu 2006-09-24 13:05 -------- d-------- C:\Program Files\Mozilla Firefox 2006-09-24 13:05 -------- d-------- C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla 2006-09-15 08:03 645893 --a------ C:\WINDOWS\enbgg.exe 2006-09-13 07:07 1084416 --a------ C:\WINDOWS\system32\msxml3.dll 2006-08-25 17:51 617472 --a------ C:\WINDOWS\system32\comctl32.dll 2006-08-21 14:28 16896 --a------ C:\WINDOWS\system32\fltlib.dll 2006-08-21 11:14 23040 --a------ C:\WINDOWS\system32\fltMc.exe (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries are not shown [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] “NeroFilterCheck”=“C:\WINDOWS\system32\NeroCheck.exe” “SoundMan”=“SOUNDMAN.EXE” “NVRaidService”=“C:\WINDOWS\system32\nvraidservice.exe” “nwiz”=“nwiz.exe /install” “SunJavaUpdateSched”="“C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe”" “kav”="“C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe”" “ATIPTA”=“C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL] “Installed”=“1” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI] “Installed”=“1” “NoChange”=“1” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS] “Installed”=“1” [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components] “DeskHtmlVersion”=dword:00000110 “DeskHtmlMinorVersion”=dword:00000005 “Settings”=dword:00000001 “GeneralFlags”=dword:00000005 [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0] “Source”=“About:Home” “SubscribedURL”=“About:Home” “FriendlyName”=“Moja bieżąca strona główna” “Flags”=dword:00000002 “Position”=hex:2c,00,00,00,a0,00,00,00,00,00,00,00,80,02,00,00,3a,02,00,00,00,\ 00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00 “CurrentState”=hex:04,00,00,40 “OriginalStateInfo”=hex:18,00,00,00,a0,00,00,00,00,00,00,00,80,02,00,00,3a,02,\ 00,00,04,00,00,40 “RestoredStateInfo”=hex:18,00,00,00,a0,00,00,00,00,00,00,00,80,02,00,00,3a,02,\ 00,00,01,00,00,00 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler] “{438755C2-A8BA-11D1-B96B-00A0C90312E1}”=“Moduł wstępnego ładowania interfejsu Browseui” “{8C7461EF-2B13-11d2-BE35-3078302C2030}”=“Demon buforu kategorii składników” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks] “{AEB6717E-7E19-11d0-97EE-00C04FD91972}”="" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] “NoDriveTypeAutoRun”=dword:00000091 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] “dontdisplaylastusername”=dword:00000000 “legalnoticecaption”="" “legalnoticetext”="" “shutdownwithoutlogon”=dword:00000001 “undockwithoutlogon”=dword:00000001 [HKEY_USERS.default\software\microsoft\windows\currentversion\policies\explorer] “NoDriveTypeAutoRun”=dword:00000091 [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer] “NoDriveTypeAutoRun”=dword:00000091 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload] “PostBootReminder”="{7849596a-48ea-486e-8937-a2a3009f31a9}" “CDBurn”="{fbeb8a05-beee-4442-804e-409d6c4515e9}" “WebCheck”="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" “SysTray”="{35CEC8A3-2BE6-11D2-8773-92E220524153}" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] “SecurityProviders”=“msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll” ~ ~ ~ ~ ~ ~ ~ ~ Hijackthis Backups ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ backup-20061019-235851-331 O20 - Winlogon Notify: WgaLogon - WgaLogon.dll (file missing) backup-20061019-235806-419 O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\2.bin\MGSBAR.DLL (file missing) backup-20061019-235750-921 O2 - BHO: My Global Search Bar BHO - {37B85A21-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\2.bin\MGSBAR.DLL backup-20060404-234719-763 O20 - Winlogon Notify: WgaLogon - WgaLogon.dll (file missing) Completion time: 06-11-18 23:15:16.18 C:\ComboFix.txt … 06-11-18 23:15

Z góry wielkie dzieki

Bieniol · 18 Listopad 2006 22:28

Logi są czyste

Zrób skan EWIDO po update

Przeskanuj komputer programami Ad-aware SE Personal 1.06 oraz Spybot Search & Destroy 1.4