Wadliwe działanie internetu - wina komputera ?

[Devilek]

Ostatnimi czasy internet strasznie mi zwolnil zrobienie czegokolwiek mija sie praktycznie z celem. Pytajac sie dostawcy internetu powiedzial mi ze u nich wszystko gra a wina lezy po stronie mojego rzekomo zasyfionego kompa. Takze zamieszczam logi i prosze o pomoc.


Wykonałem:

wykonaj optymalizację windowsa

Czysto, wykonaj:

Kod: Zaznacz wszystko

Wykonaj to co jest podane w tym temacie

1. tym programem przejdź komputer)
2. wykonaj optymalizację windowsa
3.sciagnij ATF_Cleaner
zaznacz
Windows Temp
All users Temp
Temporary internet files
Recycle Bin
i wcisnij EMPTY SELECTED
4.Wyłącz przywracanie systemu ( właściwości mój komputer-zakładka przywracanie - wyłącz przywracanie na wszystkich dyskach). Po chwili włącz je powrotem
5. Przeskanuj komputer pod względem Trojanów tym programem
6. Wstaw na forum screen z zakładki uruchamianie (start – uruchom – msconfig – uruchamianie) może uda się cos wyrzucic stamtąd.
7. Przeskanuj obszar mojego komputera http://www.kaspersky.pl/virusscanner.html (uruchom przez IE) Daj raport z niego na forum.

A teraz czas na logi/skany

Kod: Zaznacz wszystko

********************************************************************************
*                                                                              *
*                                 FixIEDef Log                                 *
*                              Version 1.7.22.7514                             *
*                                                                              *
********************************************************************************

Created at 01:29:21 on Monday, July 20, 2009

Time Zone            :

Logged On User       : Welcome

Operating System     : Microsoft Windows XP Professional Dodatek Service Pack 3
OS Architecture      : X86
System Langauge      : Polish
Keyboard Layout      : Polish
Processor            : X64 Intel(R) Core(TM)2 Duo CPU     E4500  @ 2.20GHz

System Drive         : C:\
Windows Directory    : C:\WINDOWS
System Directory     : C:\WINDOWS\system32

System Drive Type    : Fixed
System Drive Status  : READY
System Drive Label   : WIN
System Drive Size    : 150 GB
System Drive Free    : 20.99 GB

Total Physical Memory: 2046 MB
Free Physical Memory : 1622 MB
Total Page File      : 2046 MB
Free Page File       : 3709 MB
Total Virtual Memory : 2048 MB
Free Virtual Memory  : 1963 MB

Boot State           : Normal boot

--------------------------------------------------------------------------------

!!! userinit.exe is Clean !!!

--------------------------------------------------------------------------------

!!! Files that have been deleted !!!

C:\autorun.inf
C:\WINDOWS\svchost.exe

--------------------------------------------------------------------------------

!!! Directories that have been removed !!!

No malicious directories to be removed

--------------------------------------------------------------------------------

!!! Registry entries that have been removed !!!

No malicious Registry entries found

================================================================================

All Done :)

ShadowPuterDude

Safe Surfing!!!

Kod: Zaznacz wszystko

Logfile of random's system information tool 1.06 (written by random/random)
Run by Welcome at 2009-07-20 12:06:24
Microsoft Windows XP Professional Dodatek Service Pack 3
System drive C: has 21 GB (14%) free of 150 GB
Total RAM: 2046 MB (82% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:06:26, on 2009-07-20
Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Konnekt\konnekt.exe
C:\Program Files\Ventrilo\Ventrilo.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Welcome\Pulpit\CLEAN UP\RSIT.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\Programy\Bezpieczenstwo\Welcome.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.nvidia.com/content/drivers/redirect.asp?language=PLK&page=sysutility
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Hacked by Godzilla
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
F3 - REG:win.ini: load=C:\WINDOWS\svchost.exe
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MSRegInfo] C:\WINDOWS\pagefile.sys.vbs
O4 - HKLM\..\Run: [MS32DLL] C:\WINDOWS\MS32DLL.dll.vbs
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Konnekt] "C:\Program Files\Konnekt\konnekt.exe" /autostart
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D677C574-B488-4858-A185-B350FDA7399A}: NameServer = 80.51.68.242
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 5340 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}]
FGCatchUrl - C:\Program Files\FlashGet\jccatch.dll [2007-09-11 94308]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F156768E-81EF-470C-9057-481BA8380DBA}]
FlashGet GetFlash Class - C:\Program Files\FlashGet\getflash.dll [2007-09-11 163840]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe [2004-04-17 196608]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2004-04-13 69632]
"MSConfig"=C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE [2008-09-20 171520]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-11-19 86016]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-11-19 13680640]
"MSRegInfo"=C:\WINDOWS\pagefile.sys.vbs [2009-07-20 3478]
"MS32DLL"=C:\WINDOWS\MS32DLL.dll.vbs [2009-07-20 3754]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-09-20 15360]
"Konnekt"=C:\Program Files\Konnekt\konnekt.exe [2005-05-24 503808]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe [2007-09-20 202024]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CurseClient]
C:\Program Files\Curse\CurseClient.exe [2009-07-07 1966592]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-08-08 490952]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Flashget]
C:\Program Files\FlashGet\flashget.exe [2007-09-25 2007088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [2007-03-01 153136]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
C:\WINDOWS\RTHDCPL.EXE [2008-04-10 16861184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe [2009-03-11 24095528]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll [2008-09-20 133632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableStatusMessages"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDrives"=0
"NoDriveAutoRun"=67108863

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Gadu-Gadu\gg.exe"="C:\Program Files\Gadu-Gadu\gg.exe:*:Enabled:Gadu-Gadu - program glowny"
"C:\Program Files\mIRC\mirc.exe"="C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC"
"C:\Gry\EVE\bin\ExeFile.exe"="C:\Gry\EVE\bin\ExeFile.exe:*:Enabled:CCP ExeFile"
"C:\Program Files\FlashGet\flashget.exe"="C:\Program Files\FlashGet\flashget.exe:*:Enabled:Flashget"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Gry\Heroes of Might and Magic V - Dzikie Hordy\bin\H5_Game.exe"="C:\Gry\Heroes of Might and Magic V - Dzikie Hordy\bin\H5_Game.exe:*:Enabled:Heroes of Might and Magic V - Dzikie Hordy"
"C:\Program Files\Hamachi\hamachi.exe"="C:\Program Files\Hamachi\hamachi.exe:*:Enabled:Hamachi"
"C:\Gry\Spring\SpringDownloader.exe"="C:\Gry\Spring\SpringDownloader.exe:*:Enabled:SpringDownloader"
"C:\Program Files\NX Client for Windows\nxclient.exe"="C:\Program Files\NX Client for Windows\nxclient.exe:*:Enabled:nxclient"
"C:\Program Files\NX Client for Windows\bin\nxssh.exe"="C:\Program Files\NX Client for Windows\bin\nxssh.exe:*:Enabled:nxssh"
"C:\Program Files\Ventrilo\Ventrilo.exe"="C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe"
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\Gry\Władca Pierścieni® - Podbój™\Conquest.exe"="C:\Gry\Władca Pierścieni® - Podbój™\Conquest.exe:*:Enabled:Game"
"C:\Gry\World of Warcraft\WoW-3.0.8.9464-to-3.0.8.9506-enGB-downloader.exe"="C:\Gry\World of Warcraft\WoW-3.0.8.9464-to-3.0.8.9506-enGB-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\Konnekt\konnekt.exe"="C:\Program Files\Konnekt\konnekt.exe:*:Enabled:Konnekt - Core"
"C:\Program Files\Curse\CurseClient.exe"="C:\Program Files\Curse\CurseClient.exe:*:Enabled:Curse Client"
"C:\Program Files\Ubisoft\Heroes of Might and Magic V\bina1\H5_Game.exe"="C:\Program Files\Ubisoft\Heroes of Might and Magic V\bina1\H5_Game.exe:*:Enabled:Heroes of Might and Magic V: Hammers of Fate"
"C:\Gry\World of Warcraft\BackgroundDownloader.exe"="C:\Gry\World of Warcraft\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader"
"C:\Gry\World of Warcraft\Launcher.exe"="C:\Gry\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher"
"C:\Documents and Settings\Welcome\Dane aplikacji\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe"="C:\Documents and Settings\Welcome\Dane aplikacji\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe:*:Enabled:Main program for Octoshape client"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{87cbe02f-9bc9-11dd-a20e-00508db0b0b2}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe


======List of files/folders created in the last 1 months======

2009-07-20 12:06:24 ----D---- C:\rsit
2009-07-12 22:49:53 ----A---- C:\WINDOWS\NeroDigital.ini
2009-07-12 21:50:37 ----D---- C:\Documents and Settings\Welcome\Dane aplikacji\Ahead
2009-07-12 21:50:00 ----N---- C:\WINDOWS\system32\msxml3a.dll
2009-07-12 21:49:50 ----D---- C:\Program Files\Common Files\Ahead
2009-07-12 21:49:50 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Ahead

======List of files/folders modified in the last 1 months======

2009-07-20 12:06:05 ----D---- C:\WINDOWS\Prefetch
2009-07-20 12:06:03 ----D---- C:\Program Files\Mozilla Firefox
2009-07-20 12:00:25 ----D---- C:\WINDOWS\system32\inetsrv
2009-07-20 11:58:52 ----SH---- C:\boot.ini
2009-07-20 11:58:52 ----AC---- C:\WINDOWS\win.ini
2009-07-20 11:58:52 ----AC---- C:\WINDOWS\system.ini
2009-07-20 11:58:35 ----RASHC---- C:\WINDOWS\pagefile.sys.vbs
2009-07-20 11:58:35 ----RASHC---- C:\WINDOWS\MS32DLL.dll.vbs
2009-07-20 11:58:35 ----RASH---- C:\pagefile.sys.vbs
2009-07-20 11:58:35 ----A---- C:\MS32DLL.dll.vbs
2009-07-20 11:58:30 ----D---- C:\WINDOWS\temp
2009-07-20 11:55:06 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-07-20 01:29:06 ----D---- C:\WINDOWS
2009-07-20 01:24:26 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-07-20 01:23:59 ----D---- C:\WINDOWS\system32\CatRoot2
2009-07-19 15:52:49 ----D---- C:\Program Files\mIRC
2009-07-19 09:53:23 ----D---- C:\Documents and Settings\Welcome\Dane aplikacji\Skype
2009-07-19 09:52:55 ----A---- C:\WINDOWS\system32\temp2.exe
2009-07-19 09:52:55 ----A---- C:\WINDOWS\system32\temp1.exe
2009-07-19 00:53:12 ----D---- C:\Program Files\oDC
2009-07-18 21:53:41 ----D---- C:\WINDOWS\system32
2009-07-18 10:46:29 ----D---- C:\Documents and Settings\Welcome\Dane aplikacji\uTorrent
2009-07-17 12:06:44 ----D---- C:\Documents and Settings\Welcome\Dane aplikacji\mIRC
2009-07-16 22:04:51 ----RD---- C:\Program Files
2009-07-16 22:04:14 ----D---- C:\Gry
2009-07-15 22:34:56 ----SHD---- C:\WINDOWS\CSC
2009-07-12 21:49:50 ----D---- C:\Program Files\Common Files

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 EIO_XP;EIO_XP; \??\C:\WINDOWS\system32\drivers\EIO_XP.sys []
R1 intelppm;Sterownik procesora Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-09-20 40448]
R3 Arp1394;Protokół klienta 1394 ARP; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-09-20 60800]
R3 HDAudBus;Sterownik magistrali Microsoft UAA dla High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-09-20 144384]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-04-17 4707328]
R3 NIC1394;Sterownik sieci 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-09-20 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-11-19 6204032]
R3 usbehci;Sterownik Miniport rozszerzonego kontrolera hosta USB 2.0 Microsoft; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;Koncentrator z obsługą USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbuhci;Sterownik Miniport uniwersalnego kontrolera hosta USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-09-20 20608]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2008-04-29 288896]
S3 asusgsb;ASUS Virtual Video Capture Device Driver; C:\WINDOWS\system32\drivers\asusgsb.sys [2007-10-23 12416]
S3 autzf9hr;autzf9hr; C:\WINDOWS\system32\drivers\autzf9hr.sys []
S3 CCDECODE;Dekoder napisów; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys []
S3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2008-12-03 17480]
S3 HidUsb;Sterownik Microsoft klasy HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
S3 MSTEE;Konwerter strumieni Tee/Sink-to-Sink Microsoft Streaming; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;Koder-dekoder NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Połączenie TV/wideo firmy Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 se45bus;Sony Ericsson Device 069 driver (WDM); C:\WINDOWS\system32\DRIVERS\se45bus.sys [2006-11-30 61536]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 usbccgp;Rodzajowy sterownik nadrzędny USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 usbscan;Sterownik skanera USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 USBSTOR;Sterownik magazynu masowego USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 Video3D;ASUS Video3D Service; C:\WINDOWS\System32\Drivers\Video3D32.sys []
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2008-09-20 38528]
S3 WSTCODEC;Kodery-dekodery teletekstu w standardzie światowym; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2008-09-20 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 IISADMIN;Administrator programu IIS; C:\WINDOWS\system32\inetsrv\inetinfo.exe [2008-09-20 15872]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-09-20 14336]
S2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-11-19 163908]
S2 W3SVC;Publikowanie w sieci World Wide Web; C:\WINDOWS\system32\inetsrv\inetinfo.exe [2008-09-20 15872]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2007-09-20 382248]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;Usługa udostępniania w sieci programu Windows Media Player; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-12-01 918016]

-----------------EOF-----------------

Kod: Zaznacz wszystko

Ustawienia skanowania
Typ bazy danych użytej do skanowania    rozszerzona
Skanuj archiwa    tak
Skanuj pocztowe bazy danych    tak
Obszar skanowania    Folder
C:\
Statystyki skanowania
Przeskanowanych plików    67919
Nazwa zagrożenia    6
Zainfekowanych obiektów    11
Podejrzanych obiektów    0
Czas skanowania    01:16:54

Nazwa pliku    Nazwa zagrożenia    Liczba zagrożeń
C:\copy.exe   Zainfekowany: Worm.Win32.Perlovga.a   1   
C:\host.exe   Zainfekowany: Trojan-Dropper.Win32.Small.apl   1   
C:\MS32DLL.dll.vbs   Zainfekowany: Worm.VBS.Solow.b   1   
C:\pagefile.sys.vbs   Zainfekowany: Worm.VBS.Solow.b   1   
C:\Program Files\mIRC\mirc.exe   Zainfekowany: not-a-virus:Client-IRC.Win32.mIRC.g   1   
C:\Program Files\mIRC\mirc.exe.BAK   Zainfekowany: not-a-virus:Client-IRC.Win32.mIRC.g   1   
C:\WINDOWS\MS32DLL.dll.vbs   Zainfekowany: Worm.VBS.Solow.b   1   
C:\WINDOWS\pagefile.sys.vbs   Zainfekowany: Worm.VBS.Solow.b   1   
C:\WINDOWS\system32\temp1.exe   Zainfekowany: Worm.Win32.Perlovga.f   1   
C:\WINDOWS\system32\temp2.exe   Zainfekowany: Backdoor.Win32.Small.lo   1   
C:\WINDOWS\xcopy.exe   Zainfekowany: Worm.Win32.Perlovga.a   1   
Wybrany obszar został przeskanowany.

[Okocza]

Devilek, wrzuć log z combofixa, zainstaluj wraz z nim konsolę odzyskiwania

[Devilek]

Prosze

Kod: Zaznacz wszystko

dComboFix 09-07-20.05 - Welcome 2009-07-20 13:14.10.2 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.3.1250.48.1045.18.2046.1697 [GMT 2:00]
Uruchomiony z: c:\documents and settings\Welcome\Pulpit\ComboFix.exe
.

(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Autorun.inf
C:\copy.exe
c:\documents and settings\All Users\Dane aplikacji\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Dane aplikacji\Microsoft\Network\Downloader\qmgr1.dat
C:\host.exe
C:\MS32DLL.dll.vbs
C:\pagefile.sys.vbs
c:\windows\autorun.inf
c:\windows\Installer\13ded568.msi
c:\windows\MS32DLL.dll.vbs
c:\windows\pagefile.sys.vbs
c:\windows\system32\temp1.exe
c:\windows\system32\temp2.exe
c:\windows\xcopy.exe
D:\Autorun.inf
D:\copy.exe
D:\host.exe
D:\MS32DLL.dll.vbs
D:\opgde.exe
D:\pagefile.sys.vbs
E:\autorun.inf
E:\copy.exe
E:\host.exe
E:\MS32DLL.dll.vbs
E:\opgde.exe
E:\pagefile.sys.vbs

----- BITS: Możliwe zainfekowane strony -----

hxxp://ccp.vo.llnwd.net
.
(((((((((((((((((((((((((   Pliki utworzone od 2009-06-20 do 2009-07-20  )))))))))))))))))))))))))))))))
.

2009-07-20 10:06 . 2009-07-20 10:06   --------   d-----w-   C:\rsit
2009-07-12 19:50 . 2009-07-12 19:50   --------   d-----w-   c:\documents and settings\Welcome\Dane aplikacji\Ahead
2009-07-12 19:50 . 2001-03-08 16:30   24064   ------w-   c:\windows\system32\msxml3a.dll
2009-07-12 19:49 . 2009-07-12 20:22   --------   d-----w-   c:\program files\Common Files\Ahead
2009-07-12 19:49 . 2009-07-12 19:49   --------   d-----w-   c:\documents and settings\All Users\Dane aplikacji\Ahead

.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-19 13:52 . 2008-10-12 18:23   --------   d-----w-   c:\program files\mIRC
2009-07-19 07:53 . 2009-03-25 19:51   --------   d-----w-   c:\documents and settings\Welcome\Dane aplikacji\Skype
2009-07-18 22:53 . 2008-10-25 18:28   --------   d-----w-   c:\program files\oDC
2009-07-18 08:46 . 2008-10-14 16:03   --------   d-----w-   c:\documents and settings\Welcome\Dane aplikacji\uTorrent
2009-07-17 10:06 . 2008-10-12 18:23   --------   d-----w-   c:\documents and settings\Welcome\Dane aplikacji\mIRC
2009-06-17 22:39 . 2008-10-14 07:33   --------   d-----w-   c:\program files\FlashGet
2009-06-06 09:34 . 2009-06-06 09:34   --------   d-----w-   c:\documents and settings\Welcome\Dane aplikacji\Octoshape
2008-12-20 09:01 . 2008-10-12 18:12   67688   ----a-w-   c:\program files\mozilla firefox\components\jar50.dll
2008-12-20 09:01 . 2008-10-12 18:12   54368   ----a-w-   c:\program files\mozilla firefox\components\jsd3250.dll
2008-12-20 09:01 . 2008-10-12 18:12   34944   ----a-w-   c:\program files\mozilla firefox\components\myspell.dll
2008-12-20 09:01 . 2008-10-12 18:12   46712   ----a-w-   c:\program files\mozilla firefox\components\spellchk.dll
2008-12-20 09:01 . 2008-10-12 18:12   172136   ----a-w-   c:\program files\mozilla firefox\components\xpinstal.dll
.

------- Sigcheck -------

[-] 2008-10-11 15:58   1571840   C8BDAD4065118558B3DC360FC96D81DB   c:\windows\system32\sfcfiles.dll
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-09-20 15360]
"Konnekt"="c:\program files\Konnekt\konnekt.exe" [2005-05-24 503808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-04-17 196608]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-04-13 69632]
"MSConfig"="c:\windows\pchealth\helpctr\Binaries\MSCONFIG.EXE" [2008-09-20 171520]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-11-19 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-11-19 13680640]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
"_nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2008-09-20 123904]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableStatusMessages"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Gadu-Gadu\\gg.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Gry\\EVE\\bin\\ExeFile.exe"=
"c:\\Program Files\\FlashGet\\flashget.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Gry\\Heroes of Might and Magic V - Dzikie Hordy\\bin\\H5_Game.exe"=
"c:\\Program Files\\Hamachi\\hamachi.exe"=
"c:\\Gry\\Spring\\SpringDownloader.exe"=
"c:\\Program Files\\NX Client for Windows\\nxclient.exe"=
"c:\\Program Files\\NX Client for Windows\\bin\\nxssh.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Gry\\Władca Pierścieni® - Podbój™\\Conquest.exe"=
"c:\\Gry\\World of Warcraft\\WoW-3.0.8.9464-to-3.0.8.9506-enGB-downloader.exe"=
"c:\\Program Files\\Konnekt\\konnekt.exe"=
"c:\\Program Files\\Curse\\CurseClient.exe"=
"c:\\Gry\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\Gry\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

.
- - - - USUNIĘTO PUSTE WPISY - - - -

HKLM-Run-MSRegInfo - c:\windows\pagefile.sys.vbs


.
------- Skan uzupełniający -------
.
uInternet Connection Wizard,ShellNext = hxxp://www.nvidia.com/content/drivers/redirect.asp?language=PLK&page=sysutility
IE: &Download All with FlashGet - c:\program files\FlashGet\jc_all.htm
IE: &Download with FlashGet - c:\program files\FlashGet\jc_link.htm
IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {D677C574-B488-4858-A185-B350FDA7399A} = 80.51.68.242
FF - ProfilePath - c:\documents and settings\Welcome\Dane aplikacji\Mozilla\Firefox\Profiles\ocbmo63o.default\
FF - prefs.js: browser.search.selectedEngine - Allegro
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-20 13:16
Windows 5.1.2600 Dodatek Service Pack 3 NTFS

skanowanie ukrytych procesów ... 

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ... 

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************
.
Czas ukończenia: 2009-07-20 13:16
ComboFix-quarantined-files.txt  2009-07-20 11:16
ComboFix2.txt  2009-03-06 05:25

Przed: 21 951 344 640 bajtów wolnych
Po: 22 003 298 304 bajtów wolnych

WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

143   --- E O F ---   2009-02-11 23:28

[Okocza]

Devilek, wykonaj 'modlitwę'

zhakowane-konto-wow-a-logi-po-czyszczeniu-vt111408.html#p844321 z tego linku

[Devilek]

Modlitwa odmowiona, przepraszam ze tyle trwalo ale przy ostatnim natloku pracy nie mialem praktycznie czasu aby wszystko zrobic..

Kod: Zaznacz wszystko

Ustawienia skanowania
Typ bazy danych użytej do skanowania    rozszerzona
Skanuj archiwa    tak
Skanuj pocztowe bazy danych    tak
Obszar skanowania    Folder
C:\
Statystyki skanowania
Przeskanowanych plików    68615
Nazwa zagrożenia    1
Zainfekowanych obiektów    2
Podejrzanych obiektów    0
Czas skanowania    00:52:32

Nazwa pliku    Nazwa zagrożenia    Liczba zagrożeń
C:\Program Files\mIRC\mirc.exe   Zainfekowany: not-a-virus:Client-IRC.Win32.mIRC.g   1   
C:\Program Files\mIRC\mirc.exe.BAK   Zainfekowany: not-a-virus:Client-IRC.Win32.mIRC.g   1   
Wybrany obszar został przeskanowany.

[Okocza]

Devilek, jest czysto

Autor postu otrzymał pochwałę

[Devilek]

no to ja juz nie wiem co jest nie halo.. rzekomo admin stwierdzil ze "wysylam w swiat pelno jakiegos syfu" -_-.