Bardzo wolny internet

**Posty:** 133 · przez **Cadar** 14 Paź 2008, 15:09

Mam problem mam duże zużycie uploadu mimo ze nic nie wysylam:/ skacze również download

:

sdfix :

Kod: Zaznacz wszystko: [b]SDFix: Version 1.206 [/b] Run by Administrator on 2008-10-14 at 14:39 Microsoft Windows XP [Wersja 5.1.2600] Running From: C:\SDFix [b]Checking Services [/b]: [b]Name [/b]: tcpsr [b]Path [/b]: \??\C:\WINDOWS\System32\drivers\tcpsr.sys tcpsr - Deleted Restoring Default Security Values Restoring Default Hosts File Rebooting [b]Checking Files [/b]: No Trojan Files Found Removing Temp Files [b]ADS Check [/b]: [b]Final Check [/b]: catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-10-14 14:42:29 Windows 5.1.2600 Dodatek Service Pack 2 NTFS detected NTDLL code modification: ZwOpenFile scanning hidden processes ... scanning hidden services & system hive ... [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\pjkxzjtsbmyeun] "Type"=dword:00000001 "Start"=dword:00000002 "ErrorControl"=dword:00000000 "ImagePath"=str(2):"\??\C:\WINDOWS\system32\drivers\fvnpuedbhizu.sys" "DisplayName"="pjkxzjtsbmyeun" "RulesData"=hex:03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\pjkxzjtsbmyeun\Security] "Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg] "s1"=dword:2df9c43f "s2"=dword:110480d0 "h0"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04] "p0"="C:\Program Files\Alcohol Soft\Alcohol 120\" "h0"=dword:00000000 "ujdew"=hex:38,d0,07,ab,d6,44,57,43,81,b4,47,49,7b,fa,1e,35,d5,27,cc,a9,5f,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04] "p0"="C:\Program Files\Alcohol Soft\Alcohol 120\" "h0"=dword:00000000 "ujdew"=hex:38,d0,07,ab,d6,44,57,43,81,b4,47,49,7b,fa,1e,35,d5,27,cc,a9,5f,.. scanning hidden registry entries ... scanning hidden files ... C:\WINDOWS\system32\drivers\fvnpuedbhizu.sys 30976 bytes executable scan completed successfully hidden processes: 0 hidden services: 1 hidden files: 1 [b]Remaining Services [/b]: Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\Hamachi\\hamachi.exe"="C:\\Program Files\\Hamachi\\hamachi.exe:*:Enabled:Hamachi Client" "F:\\F1 Challenge 2008\\F1 2008\\PDK 2008\\PDK 08.exe"="F:\\F1 Challenge 2008\\F1 2008\\PDK 2008\\PDK 08.exe:*:Enabled:F1 Challenge 99-02" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" [b]Remaining Files [/b]: [b]Files with Hidden Attributes [/b]: [b]Finished![/b]

HiJackThis:

Kod: Zaznacz wszystko: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:07:15, on 2008-10-14 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Gadu-Gadu\gg.exe C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe C:\WINDOWS\TEMP\stf3.tmp C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.yahoo.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [NvSvc] C:\WINDOWS\system32\nvsvc32.exe O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKLM\..\Run: [runner1] C:\WINDOWS\faceback.exe 61A847B5BBF72813329B39577AFF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310 O4 - HKCU\..\Run: [AutoConnect] C:\Program Files\AutoConnect\AutoConnect.exe O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray O4 - HKCU\..\Run: [AtiTrayTools] "C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe" O4 - HKCU\..\Run: [Nwgolbtf] "C:\Documents and Settings\Norbert\Moje dokumenty\s?mbols\d?xplore.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{6AE21EDA-0A0A-494A-B566-72FDA2FE96CD}: NameServer = 194.204.159.1 217.98.63.164 O17 - HKLM\System\CS1\Services\Tcpip\..\{6AE21EDA-0A0A-494A-B566-72FDA2FE96CD}: NameServer = 194.204.159.1 217.98.63.164 O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe O23 - Service: Windows User Mode Driver Framework (UMWdf) - Unknown owner - C:\WINDOWS\system32\wdfmgr.exe (file missing) -- End of file - 4466 bytes

combo fix:

Kod: Zaznacz wszystko: ComboFix 08-10-12.01 - Norbert 2008-10-14 15:00:39.4 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.1669 [GMT 2:00] Uruchomiony z: D:\ComboFix.exe [COLOR=RED][B]UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !![/B][/COLOR] . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\faceback.exe C:\WINDOWS\system32\drivers\str.sys . . . . nie udało się usunąć . ((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_SYNSEND -------\Service_synsend ((((((((((((((((((((((((( Pliki utworzone od 2008-09-14 do 2008-10-14 ))))))))))))))))))))))))))))))) . 2008-10-14 14:51 . 2008-10-14 14:51 <DIR> d-------- C:\Program Files\RegCleaner 2008-10-14 14:49 . 2008-10-14 14:49 <DIR> d-------- C:\Program Files\Trend Micro 2008-10-14 14:47 . 2008-10-14 15:02 0 --------- C:\WINDOWS\system32\drivers\str.sys 2008-10-14 14:37 . 2008-10-14 14:37 <DIR> d-------- C:\WINDOWS\ERUNT 2008-10-14 14:36 . 2008-10-14 14:43 <DIR> d-------- C:\SDFix 2008-10-14 14:35 . 2008-10-14 14:36 <DIR> d-------- C:\Documents and Settings\Administrator 2008-10-14 14:26 . 2008-10-14 14:26 <DIR> d-------- C:\!FixIEDef 2008-10-14 08:46 . 2008-10-14 08:46 29 --a------ C:\WINDOWS\system32\sarawqpq.tmp 2008-10-14 08:45 . 2008-10-14 08:45 67,072 --a------ C:\WINDOWS\system32\nvsvc32.exe 2008-10-14 08:45 . 2008-10-14 14:56 32,256 --a------ C:\WINDOWS\system32\drivers\ati3poxx.sys 2008-10-14 08:45 . 2008-10-14 14:17 100 --a------ C:\WINDOWS\adobe.bat 2008-10-13 22:09 . 2008-10-13 22:09 <DIR> d-------- C:\Program Files\OINAnalytics 2008-10-13 19:13 . 2008-10-14 09:42 <DIR> d-------- C:\Documents and Settings\Konrad\Dane aplikacji\Hamachi 2008-10-13 19:12 . 2008-10-13 19:13 <DIR> d-------- C:\Program Files\Hamachi 2008-10-13 19:12 . 2008-10-13 19:12 25,280 --a------ C:\WINDOWS\system32\drivers\hamachi.sys 2008-10-13 18:48 . 2008-10-13 20:37 <DIR> d-------- C:\Documents and Settings\Konrad\Dane aplikacji\Winamp 2008-10-12 21:57 . 2008-10-12 21:57 <DIR> d-------- C:\Program Files\Ray Adams 2008-10-12 21:57 . 2008-10-12 21:57 <DIR> d-------- C:\Documents and Settings\Norbert\Dane aplikacji\atitray 2008-10-12 21:56 . 2008-10-12 21:56 <DIR> d-------- C:\Program Files\Common Files\DirectX 2008-10-12 14:31 . 2008-10-12 14:31 <DIR> d-------- C:\Program Files\free-downloads.net 2008-10-12 14:31 . 2008-10-12 14:31 <DIR> d-------- C:\Program Files\Alcohol Soft 2008-10-12 14:29 . 2008-10-12 14:29 685,816 --a------ C:\WINDOWS\system32\drivers\sptd.sys 2008-10-12 11:59 . 2008-10-12 12:02 <DIR> d-------- C:\Program Files\Winamp 2008-10-12 11:59 . 2008-10-12 12:04 <DIR> d-------- C:\Documents and Settings\Norbert\Dane aplikacji\Winamp 2008-10-12 11:53 . 2008-10-12 11:53 <DIR> d-------- C:\Documents and Settings\Norbert\Dane aplikacji\DivX 2008-10-12 11:21 . 2008-10-12 11:21 <DIR> d-------- C:\Documents and Settings\Konrad\Dane aplikacji\DivX 2008-10-11 20:25 . 2008-10-11 20:25 <DIR> d-------- C:\Documents and Settings\Konrad\Dane aplikacji\Gadu-Gadu 2008-10-11 20:01 . 2008-10-11 20:01 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\AVS4YOU 2008-10-11 20:00 . 2008-10-11 20:01 <DIR> d-------- C:\Program Files\Common Files\AVSMedia 2008-10-11 20:00 . 2008-10-11 20:01 <DIR> d-------- C:\Program Files\AVS4YOU 2008-10-11 20:00 . 2003-05-21 23:50 1,700,352 --a------ C:\WINDOWS\system32\GdiPlus.dll 2008-10-11 19:58 . 2008-10-11 19:58 <DIR> d-------- C:\Program Files\Codec 2008-10-11 19:58 . 2007-07-05 01:33 892,928 --a------ C:\WINDOWS\system32\iconv.dll 2008-10-11 19:58 . 2007-12-04 01:33 682,496 --a------ C:\WINDOWS\system32\divx.dll 2008-10-11 19:58 . 2007-08-09 11:27 380,928 --a------ C:\WINDOWS\system32\ac3filter.acm 2008-10-11 19:58 . 2007-11-28 21:53 352,401 --a------ C:\WINDOWS\system32\divxmedia.ax 2008-10-11 19:58 . 2006-08-16 14:53 319,488 --a------ C:\WINDOWS\system32\coreaac.ax 2008-10-11 19:58 . 2007-11-29 22:28 196,608 --a------ C:\WINDOWS\system32\dtu100.dll 2008-10-11 19:58 . 2007-10-29 16:12 187,392 --a------ C:\WINDOWS\system32\coreavcdecoder.ax 2008-10-11 19:58 . 2007-09-27 14:22 139,264 --a------ C:\WINDOWS\system32\xvidvfw.dll 2008-10-11 19:58 . 2007-11-29 22:28 81,920 --a------ C:\WINDOWS\system32\dpl100.dll 2008-10-11 16:05 . 2008-10-11 16:05 <DIR> d-------- C:\Program Files\Codec Pack - All In 1 2008-10-11 16:05 . 2008-10-11 16:04 749,568 --a------ C:\WINDOWS\iun6002.exe 2008-10-11 16:03 . 2008-10-11 16:03 0 --a------ C:\WINDOWS\nsreg.dat 2008-10-11 15:59 . 2008-10-11 15:59 <DIR> d-------- C:\Documents and Settings\Konrad\Gadu-Gadu 2008-10-11 15:55 . 2008-10-14 14:48 <DIR> d--h----- C:\Documents and Settings\Konrad\Ustawienia lokalne 2008-10-11 15:55 . 2008-10-11 15:55 <DIR> dr------- C:\Documents and Settings\Konrad\Ulubione 2008-10-11 15:55 . 2008-10-11 10:43 <DIR> d--h----- C:\Documents and Settings\Konrad\Szablony 2008-10-11 15:55 . 2008-10-13 19:52 <DIR> d-------- C:\Documents and Settings\Konrad\Pulpit 2008-10-11 15:55 . 2008-10-11 15:55 <DIR> dr------- C:\Documents and Settings\Konrad\Moje dokumenty 2008-10-11 15:55 . 2008-10-11 12:39 <DIR> dr------- C:\Documents and Settings\Konrad\Menu Start 2008-10-11 15:55 . 2008-10-13 19:13 <DIR> dr-h----- C:\Documents and Settings\Konrad\Dane aplikacji 2008-10-11 15:55 . 2008-10-11 15:59 <DIR> d-------- C:\Documents and Settings\Konrad 2008-10-11 15:54 . 2008-10-11 15:54 <DIR> d-------- C:\Documents and Settings\Norbert\Dane aplikacji\Gadu-Gadu 2008-10-11 11:11 . 2008-10-11 11:11 <DIR> d-------- C:\Documents and Settings\Norbert\Dane aplikacji\ESET . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-10-14 13:03 --------- d-----w C:\Program Files\AutoConnect 2008-10-11 10:26 --------- d-----w C:\Program Files\Gadu-Gadu 2008-10-11 09:11 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\ESET 2008-10-11 09:07 --------- d-----w C:\Program Files\Lavasoft 2008-10-11 09:01 23 ----a-w C:\WINDOWS\system32\drivers\adidsl.cfg 2008-10-11 09:01 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-10-11 09:01 --------- d-----w C:\Program Files\SAGEM 2008-10-11 09:01 --------- d-----w C:\Program Files\Common Files\InstallShield 2008-10-11 08:55 --------- d-----w C:\Program Files\Realtek 2008-10-11 08:54 360,448 ----a-w C:\WINDOWS\HideWin.exe 2008-10-11 08:54 15,600 ----a-w C:\WINDOWS\gdrv.sys 2008-10-11 08:54 --------- d-----w C:\Documents and Settings\Norbert\Dane aplikacji\InstallShield 2008-10-11 08:51 --------- d-----w C:\Program Files\Yahoo! 2008-10-11 08:51 --------- d-----w C:\Program Files\Intel 2008-10-11 08:47 --------- d-----w C:\Program Files\microsoft frontpage 2008-10-11 08:46 --------- d-----w C:\Program Files\Usługi online . ------- Sigcheck ------- 2004-08-04 00:44 58368 a1224d0fb78750c87bf2b5935ea8b923 C:\WINDOWS\system32\svchost.exe 2004-08-04 00:44 91136 d90386dcc34202960de96631afb20e24 C:\WINDOWS\system32\dllcache\svchost.exe 2004-08-04 00:44 1111040 3d9fb4df0ead4e7fc443058adc99a7f1 C:\WINDOWS\explorer.exe 2004-08-04 00:44 1143808 37fff5986f3617a5626b42ed4e77f0ba C:\WINDOWS\system32\dllcache\explorer.exe 2004-08-04 00:44 26624 d831dc07943137eb379cb67a437ce592 C:\WINDOWS\system32\ctfmon.exe 2004-08-04 00:44 59904 73608d566970d1a3e4edbaf34e3e3002 C:\WINDOWS\system32\dllcache\ctfmon.exe 2004-08-04 00:44 69120 c84bbf709cb39028ec7018111adb65a7 C:\WINDOWS\system32\spoolsv.exe 2004-08-04 00:44 135168 3b31550a1aed0d3cc9cd8f4582f77c89 C:\WINDOWS\system32\dllcache\spoolsv.exe 2007-07-30 19:19 53080 5042abb5ddccf2c9afc51b690901a59f C:\WINDOWS\SoftwareDistribution\SelfUpdate\wuauclt.exe 2004-08-04 00:44 188928 08d882ea46f66271f8b6cb1b19a6f0ab C:\WINDOWS\system32\wuauclt.exe 2004-08-04 00:44 123392 d2132ebbc43fb3747dad8b907471b163 C:\WINDOWS\system32\dllcache\wuauclt.exe 2004-08-04 00:44 36352 ce1bcb000968d59b345416357ce71816 C:\WINDOWS\system32\userinit.exe 2004-08-04 00:44 36352 7a04f45f4b966420ab3c08bf4faee238 C:\WINDOWS\system32\dllcache\userinit.exe . ((((((((((((((((((((((((((((( snapshot_2008-10-14_14.48.15.14 ))))))))))))))))))))))))))))))))))))))))) . - 2008-10-14 12:47:50 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat + 2008-10-14 13:02:55 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat - 2008-10-14 12:47:50 49,152 ----a-w C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\index.dat + 2008-10-14 13:02:55 49,152 ----a-w C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\index.dat - 2008-10-14 12:32:39 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\MSHist012008101420081015\index.dat + 2008-10-14 12:57:45 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\MSHist012008101420081015\index.dat - 2008-10-14 12:47:50 163,840 ----a-w C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Temporary Internet Files\Content.IE5\index.dat + 2008-10-14 13:02:55 180,224 ----a-w C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Temporary Internet Files\Content.IE5\index.dat . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ecdee021-0d17-467f-a1ff-c7a115230949}] 2007-12-04 13:53 1502232 --a------ C:\Program Files\free-downloads.net\tbfree.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{ecdee021-0d17-467f-a1ff-c7a115230949}"= "C:\Program Files\free-downloads.net\tbfree.dll" [2007-12-04 1502232] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Nwgolbtf"="C:\Documents and Settings\Norbert\Moje dokumenty\s?mbols\d?xplore.exe" [?] "AutoConnect"="C:\Program Files\AutoConnect\AutoConnect.exe" [2006-12-03 322560] "Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2008-03-20 2127296] "AtiTrayTools"="C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe" [2007-05-22 521128] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-04 1744896] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvSvc"="C:\WINDOWS\system32\nvsvc32.exe" [2008-10-14 67072] "RTHDCPL"="RTHDCPL.EXE" [2007-04-12 C:\WINDOWS\RTHDCPL.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 26624] C:\Documents and Settings\Konrad\Menu Start\Programy\Autostart\ hamachi.lnk - C:\Program Files\Hamachi\hamachi.exe [2008-10-13 624416] C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\ DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2008-10-11 974949] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.ac3filter"= ac3filter.acm [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati3poxx.sys] @="Driver" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Hamachi\\hamachi.exe"= "F:\\F1 Challenge 2008\\F1 2008\\PDK 2008\\PDK 08.exe"= R0 ati3poxx;ati3poxx;C:\WINDOWS\system32\Drivers\ati3poxx.sys [2008-10-14 32256] R1 atitray;atitray;C:\Program Files\Ray Adams\ATI Tray Tools\atitray.sys [2007-05-22 18088] R1 synsend;synsend;C:\WINDOWS\system32\drivers\synsenddrv.sys [ ] *Newly Created Service* - SYNSEND . . ------- Skan uzupełniający ------- . FireFox -: Profile - C:\Documents and Settings\Norbert\Dane aplikacji\Mozilla\Firefox\Profiles\xjvgxqrw.default\ . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-10-14 15:03:10 Windows 5.1.2600 Dodatek Service Pack 2 NTFS detected NTDLL code modification: ZwOpenFile skanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ... C:\WINDOWS\system32\drivers\fvnpuedbhizu.sys 30976 bytes executable skanowanie pomyślnie ukończone ukryte pliki: 1 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\pjkxzjtsbmyeun] "ImagePath"="\??\C:\WINDOWS\system32\drivers\fvnpuedbhizu.sys" . --------------------- Pliki DLL ładowane pod uruchomionymi procesami --------------------- PROCES: C:\WINDOWS\explorer.exe -> C:\Program Files\Ray Adams\ATI Tray Tools\raphook.dll . ------------------------ Pozostałe uruchomione procesy ------------------------ . C:\WINDOWS\system32\ati2evxx.exe C:\WINDOWS\system32\ati2evxx.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\temp\stf3.tmp C:\Program Files\Internet Explorer\IEXPLORE.EXE . ************************************************************************** . Czas ukończenia: 2008-10-14 15:03:44 - komputer został uruchomiony ponownie ComboFix-quarantined-files.txt 2008-10-14 13:03:40 ComboFix2.txt 2008-10-14 12:48:30 ComboFix3.txt 2008-10-14 12:32:55 ComboFix4.txt 2008-10-14 12:26:09 Przed: 47 188 668 416 bajtów wolnych Po: 47,154,774,016 bajtów wolnych 197

proszę o pomoc a również o podanie jakiegoś antywirusa który by to jakoś blokował bo dosyć często mi się to zdarza:/

**Posty:** 7956 · przez **Magik** 14 Paź 2008, 15:22

w HJT na fix w trybie awaryjnym

Kod: Zaznacz wszystko: C:\WINDOWS\TEMP\stf3.tmp O4 - HKLM\..\Run: [NvSvc] C:\WINDOWS\system32\nvsvc32.exe O4 - HKLM\..\Run: [runner1] C:\WINDOWS\faceback.exe 61A847B5BBF72813329B39577AFF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310 O4 - HKCU\..\Run: [Nwgolbtf] "C:\Documents and Settings\Norbert\Moje dokumenty\s?mbols\d?xplore.exe"

Cadar napisał(a):proszę o pomoc a również o podanie jakiegoś antywirusa który by to jakoś blokował bo dosyć często mi się to zdarza:/

antywirus: NOD lub Kaspersky
firewall: Kerio lub Comodo

wklej do notatnika

Kod: Zaznacz wszystko: FILE:: C:\WINDOWS\system32\sarawqpq.tmp FOLDER:: C:\Program Files\free-downloads.net

Zapisz jako CFScript.txt. Przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe

Plik przeskanuj na http://virustotal.com i podaj wyniki skanowania

Kod: Zaznacz wszystko: C:\WINDOWS\adobe.bat

**Posty:** 133 · przez **Cadar** 14 Paź 2008, 15:39

wynik skanowania pliku adobe.bat:

Kod: Zaznacz wszystko: Plik adobe.bat otrzymany 2008.10.02 17:27:23 (CET) Obecny status: zakończono Wynik: 4/36 (11.11%) Zwięzły Zwięzły Drukuj wyniki Drukuj wyniki Antywirus Wersja Ostatnia aktualizacja Wynik AhnLab-V3 2008.10.2.0 2008.10.02 - AntiVir 7.8.1.34 2008.10.02 - Authentium 5.1.0.4 2008.10.02 - Avast 4.8.1248.0 2008.10.02 - AVG 8.0.0.161 2008.10.02 BAT/Agent.AI BitDefender 7.2 2008.10.02 - CAT-QuickHeal 9.50 2008.10.01 - ClamAV 0.93.1 2008.10.02 - DrWeb 4.44.0.09170 2008.10.02 - eSafe 7.0.17.0 2008.10.01 - eTrust-Vet 31.6.6121 2008.10.02 - Ewido 4.0 2008.10.02 - F-Prot 4.4.4.56 2008.10.02 - F-Secure 8.0.14332.0 2008.10.02 Email-Worm.Win32.Joleee.ai Fortinet 3.113.0.0 2008.10.02 - GData 19 2008.10.02 - Ikarus T3.1.1.34.0 2008.10.02 - K7AntiVirus 7.10.481 2008.10.02 - Kaspersky 7.0.0.125 2008.10.02 Email-Worm.Win32.Joleee.ai McAfee 5396 2008.10.02 - Microsoft 1.4005 2008.10.02 - NOD32 3489 2008.10.02 Win32/Joleee.T Norman 5.80.02 2008.10.02 - Panda 9.0.0.4 2008.10.02 - PCTools 4.4.2.0 2008.10.02 - Prevx1 V2 2008.10.02 - Rising 20.63.62.00 2008.09.28 - SecureWeb-Gateway 6.7.6 2008.10.02 - Sophos 4.34.0 2008.10.02 - Sunbelt 3.1.1668.1 2008.09.24 - Symantec 10 2008.10.02 - TheHacker 6.3.0.9.098 2008.10.01 - TrendMicro 8.700.0.1004 2008.10.02 - VBA32 3.12.8.6 2008.10.02 - ViRobot 2008.10.2.1403 2008.10.02 - VirusBuster 4.5.11.0 2008.10.02 - Dodatkowe informacje File size: 100 bytes MD5...: 745a8191461946d9fe2cfe99f7e92fb0 SHA1..: e61b22c82530a5f27dbf691c7ed35855bb533f40 SHA256: 763d5b2ebc1ddeb394156d4dd5f0adef38b496097593f55f6d79d46129be2e1b SHA512: 95cd2870fd8eb4f3e1acd64ba6a73d8d0ec01fd90be9de6ceda4c5aa63a3e591 3726a221eb2fb2974f6ca80e3909058bea6c51a7338553eb3a4759a8221e122d PEiD..: - TrID..: File type identification Unknown! PEInfo: -

jest mała poprawa ale ciągle skacze upload

download jest już ok

**Posty:** 18165 · przez **wojtas** 14 Paź 2008, 19:12

Otworz notatnik i wklej w nim to:

File::
C:\WINDOWS\system32\drivers\str.sys
C:\WINDOWS\system32\sarawqpq.tmp
C:\WINDOWS\system32\drivers\ati3poxx.sys

Folder::
C:\Program Files\OINAnalytics
C:\WINDOWS\temp

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ecdee021-0d17-467f-a1ff-c7a115230949}]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati3poxx.sys]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\pjkxzjtsbmyeun]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ecdee021-0d17-467f-a1ff-c7a115230949}"=-
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Nwgolbtf"=-
"WinAVX"=-

Driver::
ati3poxx

>>Plik>>Zapisz jako... >>> CFScript
Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe
-->

Ma się rozpocząć usuwanie. (i powstanie log).Daj ten log, który powstanie w trakcie usuwania.