Internet zaczął mulić, proszę o pomoc.

[autovidol]

Jak w temacie. Po podłączeniu mp3ki internet zaczął mulić - ściąganie małych plików zajmuje około godziny, strony ładują się w nieskończoność. Proszę uprzejmie o pomoc. Zamieszczam poniżej logi z hijacka i combo:

Kod: Zaznacz wszystko

Logfile of HijackThis v1.99.1
Scan saved at 20:16:29, on 2008-10-02
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\windows\system32\spoolsv.exe
C:\windows\RTHDCPL.EXE
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\VDOTool\TBPanel.exe
C:\windows\system32\RUNDLL32.EXE
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\windows\system32\nvsvc32.exe
C:\Program Files\Sunbelt Software\SbPFLnch.exe
C:\windows\System32\snmp.exe
C:\Program Files\Sunbelt Software\SbPFSvc.exe
C:\windows\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\windows\system32\wscntfy.exe
C:\Program Files\Sunbelt Software\SbPFCl.exe
C:\Program Files\Winamp\winamp.exe
C:\windows\system32\CF10024.exe
C:\windows\explorer.exe
C:\Documents and Settings\Administrator\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [WinSmsFi] System
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Gainward] C:\Program Files\VDOTool\TBPanel.exe /A
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
O17 - HKLM\System\CS2\Services\Tcpip\..\{3FDDFB11-11C5-4A67-911E-DE8E5A64A440}: NameServer = 217.30.129.149 217.30.137.200
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - (no file)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe
O23 - Service: L Ile Noyee Drivers Auto Removal (pr2ajbeb) (pr2ajbeb) - Micro Application - C:\windows\system32\pr2ajbeb.exe
O23 - Service: SbPF.Launcher - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\SbPFLnch.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\SbPFSvc.exe

Kod: Zaznacz wszystko

ComboFix 08-09-11.02 - Administrator 2008-10-02 20:13:06.3 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1250.1.1033.18.1524 [GMT 2:00]
Running from: C:\ComboFix.exe

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.
- REDUCED FUNCTIONALITY MODE -
.

(((((((((((((((((((((((((   Files Created from 2008-09-02 to 2008-10-02  )))))))))))))))))))))))))))))))
.

2008-10-02 18:22 . 2006-01-06 15:53   85,376   --a------   C:\WINDOWS\system32\drivers\NABTSFEC.sys
2008-10-02 18:22 . 2006-01-06 15:53   19,328   --a------   C:\WINDOWS\system32\drivers\WSTCODEC.SYS
2008-10-02 18:22 . 2006-01-06 15:53   17,024   --a------   C:\WINDOWS\system32\drivers\CCDECODE.sys
2008-10-02 18:22 . 2006-01-06 15:53   16,384   --a------   C:\WINDOWS\system32\ipsink.ax
2008-10-02 18:22 . 2006-01-06 15:53   15,360   --a------   C:\WINDOWS\system32\drivers\StreamIP.sys
2008-10-02 18:22 . 2006-01-06 15:53   11,136   --a------   C:\WINDOWS\system32\drivers\SLIP.sys
2008-10-02 18:22 . 2006-01-06 15:53   10,880   --a------   C:\WINDOWS\system32\drivers\NdisIP.sys
2008-10-02 18:22 . 2006-01-06 15:53   5,504   --a------   C:\WINDOWS\system32\drivers\MSTEE.sys
2008-10-02 18:21 . 2008-10-02 18:21   <DIR>   d--------   C:\WINDOWS\LastGood
2008-10-02 18:21 . 2006-01-06 15:53   90,624   --a------   C:\WINDOWS\system32\kswdmcap.ax
2008-10-02 18:21 . 2006-01-06 15:53   61,952   --a------   C:\WINDOWS\system32\kstvtune.ax
2008-10-02 18:21 . 2006-01-06 15:53   53,760   --a------   C:\WINDOWS\system32\vfwwdm32.dll
2008-10-02 18:21 . 2006-01-06 15:53   43,008   --a------   C:\WINDOWS\system32\ksxbar.ax
2008-10-02 18:21 . 2006-01-06 15:53   28,672   --a------   C:\WINDOWS\system32\vidcap.ax
2008-10-01 23:44 . 2007-07-23 04:34   16,176   ---------   C:\WINDOWS\system32\drivers\NVXBAR.SYS
2008-10-01 23:43 . 2007-07-23 04:34   141,246   ---------   C:\WINDOWS\system32\drivers\NVCAP.SYS
2008-10-01 23:43 . 2007-07-23 04:34   29,696   ---------   C:\WINDOWS\system32\FILTER.AX
2008-10-01 23:43 . 2008-10-02 20:09   557   --a------   C:\WINDOWS\DFC.INI
2008-10-01 23:41 . 2007-07-23 04:34   17,254   --a------   C:\WINDOWS\system32\nvwsapps.xml
2008-10-01 23:40 . 2008-10-01 23:42   <DIR>   d--------   C:\WINDOWS\NV2296284.TMP
2008-10-01 23:38 . 2008-10-01 23:38   <DIR>   d--------   C:\Program Files\VDOTool
2008-10-01 23:38 . 2007-03-16 10:11   12,256   --a------   C:\WINDOWS\system32\drivers\TBPanel.sys
2008-09-14 02:34 . 2008-09-15 20:52   <DIR>   d--------   C:\Documents and Settings\Administrator\Application Data\Winamp
2008-09-12 18:10 . 2008-09-12 02:36   <DIR>   d--------   C:\SDFix
2008-09-12 17:18 . 2008-09-12 17:18   <DIR>   d--------   C:\!FixIEDef
2008-09-12 16:48 . 2008-09-12 16:48   2,848,691   -ra------   C:\ComboFix.exe
2008-09-12 15:38 . 2008-09-12 15:38   <DIR>   d--------   C:\Program Files\Alwil Software

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-01 21:44   ---------   d--h--w   C:\Program Files\InstallShield Installation Information
2008-10-01 20:57   ---------   d-----w   C:\Program Files\BitComet
2008-10-01 18:49   ---------   d-----w   C:\Program Files\NAPI-PROJEKT
2008-10-01 01:07   ---------   d-----w   C:\Program Files\Soulseek
2008-09-17 12:14   ---------   d-----w   C:\Program Files\SubEdit-Player
2008-09-14 00:34   ---------   d-----w   C:\Program Files\Winamp
2008-09-12 14:31   ---------   d---a-w   C:\Documents and Settings\All Users\Application Data\TEMP
2008-09-12 14:31   ---------   d-----w   C:\Documents and Settings\Administrator\Application Data\Lavasoft
2008-09-12 13:01   ---------   d-----w   C:\Program Files\Common Files\Symantec Shared
2008-08-29 17:22   ---------   d-----w   C:\Documents and Settings\Administrator\Application Data\Skype
2008-08-27 08:28   ---------   d-----w   C:\Program Files\Sunbelt Software
2008-05-02 12:17   94,080   ----a-w   C:\Documents and Settings\Administrator\Application Data\ezplay.sys
2008-05-02 12:17   87,608   ----a-w   C:\Documents and Settings\Administrator\Application Data\ezpinst.exe
2008-05-02 12:17   47,360   ----a-w   C:\Documents and Settings\Administrator\Application Data\pcouffin.sys
.

------- Sigcheck -------

2006-01-13 04:03  360448  2a4818aea80acd2c95d7d92d2f3155f8   C:\windows\system32\drivers\tcpip.sys

2006-01-13 03:46  1075200  2deaca71a7fd77205f59d48d76b2f565   C:\windows\explorer.exe
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccleaner"="C:\Program Files\CCleaner\CCleaner.exe" [2008-08-22 1234160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinSmsFi"="System" [X]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Program Files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]
"NvCplDaemon"="C:\windows\system32\NvCpl.dll" [2007-07-23 8466432]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-08-04 36352]
"Gainward"="C:\Program Files\VDOTool\TBPanel.exe" [2007-06-26 2165272]
"NvMediaCenter"="C:\windows\system32\NvMcTray.dll" [2007-07-23 81920]
"RTHDCPL"="RTHDCPL.EXE" [2006-07-21 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 C:\WINDOWS\SkyTel.exe]
"nwiz"="nwiz.exe" [2007-07-23 C:\WINDOWS\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnsc"="C:\WINDOWS\system32\msnsc.exe" [2006-01-13 62054]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nlsf"="move" [X]
"tscuninstall"="C:\windows\system32\tscupgrd.exe" [2006-01-13 44544]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.iac2"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\iac25_32.ax
"msacm.l3codecp"= l3codecp.acm
"msacm.sl_anet"= C:\PROGRA~1\ACEMEG~1\SystemS\sl_anet.acm
"vidc.yv12"= C:\PROGRA~1\ACEMEG~1\SystemS\ATI\atiyuv12.DLL
"vidc.divx"= C:\PROGRA~1\ACEMEG~1\SystemS\DivX\DivX520.dll
"msacm.msaudio1"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msaud32.acm

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages   REG_MULTI_SZ      msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GBB36X Configure]
-r------- 2006-07-12 11:58 356352 C:\WINDOWS\system32\JMRaidTool.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2007-07-23 04:34 8466432 C:\WINDOWS\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WireLessKeyboard ]
--a------ 2005-08-03 00:43 217088 C:\Program Files\Multimedia Keyboard\PS2USBKbdDrv.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Soulseek-Test\\slsk.exe"=
"C:\\Program Files\\BitComet\\BitComet.exe"=
"C:\\Program Files\\Tlen.pl\\tlen.exe"=
"C:\\Program Files\\Soulseek\\slsk.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"16985:TCP"= 16985:TCP:BitComet 16985 TCP
"16985:UDP"= 16985:UDP:BitComet 16985 UDP
"9225:TCP"= 9225:TCP:BitComet 9225 TCP
"9225:UDP"= 9225:UDP:BitComet 9225 UDP
"19005:TCP"= 19005:TCP:BitComet 19005 TCP
"19005:UDP"= 19005:UDP:BitComet 19005 UDP
"8485:TCP"= 8485:TCP:BitComet 8485 TCP
"8485:UDP"= 8485:UDP:BitComet 8485 UDP

R0 pe3ajbeb;L Ile Noyee Environment Driver (pe3ajbeb);C:\windows\system32\drivers\pe3ajbeb.sys [2007-08-22 64632]
R0 ps7ajbeb;L Ile Noyee Synchronization Driver (ps7ajbeb);C:\windows\system32\drivers\ps7ajbeb.sys [2007-08-22 68736]
R1 aswSP;avast! Self Protection;C:\windows\system32\drivers\aswSP.sys [2008-07-19 78416]
R1 SbFw;SbFw;C:\windows\system32\drivers\SbFw.sys [2008-07-16 269736]
R1 sbhips;Sunbelt HIPS Driver;C:\windows\system32\drivers\sbhips.sys [2008-06-21 66600]
R2 aswFsBlk;aswFsBlk;C:\windows\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 NwSapAgent;SAP Agent;C:\windows\system32\svchost.exe [2006-01-13 14336]
R2 SbPF.Launcher;SbPF.Launcher;C:\Program Files\Sunbelt Software\SbPFLnch.exe [2008-07-30 95528]
R2 SPF4;Sunbelt Personal Firewall 4;C:\Program Files\Sunbelt Software\SbPFSvc.exe [2008-07-30 1361192]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;C:\windows\system32\DRIVERS\sbfwim.sys [2008-06-21 65576]
S2 pr2ajbeb;L Ile Noyee Drivers Auto Removal (pr2ajbeb);C:\windows\system32\pr2ajbeb.exe svc [ ]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{eeb5fa59-9eb9-11dc-bafa-0060520b00b9}]
\Shell\AutoRun\command - I:\LaunchU3.exe -a
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\f8c8jg9u.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.com/
FF -: plugin - C:\Program Files\DivX\DivX Content Uploader\npUpload.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npdsplay.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npwmsdrm.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-02 20:13:36
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-10-02 20:15:30
ComboFix-quarantined-files.txt  2008-10-02 18:15:24
ComboFix2.txt  2008-09-12 16:07:08

Pre-Run: 3,232,071,680 bytes free
Post-Run: 3,225,157,632 bytes free

153

[wojtas]

skasuj:

O4 - HKLM\..\Run: [WinSmsFi] System
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - (no file)

wklej do notatnika

Windows Registry Editor Version 5.00

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnsc"=-

w notatniku u góry>>>plik zapisz jako>>>Zmien rozszerzenie z TXT na Wszystkie pliki *.* >>> Zapisz pod nazwą FIX.REG

Klikasz dwa razy na powstały plik fix i dodajesz go do rejestru....

1. Ściągnij OTMoveIt i go włacz i odpal go z opcji CleanUp
2. wykonaj optymalizację windowsa
3.sciagnij ATF_Cleaner
zaznacz
Windows Temp
All users Temp
Temporary internet files
Recycle Bin
i wcisnij EMPTY SELECTED
4.Wyłącz przywracanie systemu ( właściwości mój komputer-zakładka przywracanie - wyłącz przywracanie na wszystkich dyskach). Po chwili włącz je powrotem
5.Przeskanuj obszar mojego komputera http://www.kaspersky.pl/virusscanner.html (uruchom przez IE) Daj raport z niego na forum.

i tym:

FixIEDef.

[autovidol]

Dzięki - wykonałem wszystko wg instrukcji.
Zamieszczam logi z fixiedef i kasperskyego:

Kod: Zaznacz wszystko

********************************************************************************
*                                                                              *
*                                 FixIEDef Log                                 *
*                              Version 1.6.9.6104                              *
*                                                                              *
********************************************************************************

Created at 13:16:56 on Friday, October 03, 2008

Time Zone         : (GMT+01:00) Sarajevo, Skopje, Warsaw, Zagreb

Logged On User    : Administrator

Operating System  : Microsoft Windows XP Professional Service Pack 2
OS Version        : 5.1.2600
System Langauge   : English (United States)
Keyboard Layout   : English (United States)
Processor         : X86 Intel(R) Core(TM)2 CPU          6300  @ 1.86GHz

System Drive      : C:\
Windows Directory : C:\windows
System Directory  : C:\windows\system32

Total Physical Memory : 2095532 KB
Free Physical Memory  : 1534096 KB
Total Virtual Memory  : 2097024 KB
Free Virtual Memory   : 2017084 KB

Boot State        : Normal boot

--------------------------------------------------------------------------------

!!! Files that have been deleted !!!

No malicious files found

--------------------------------------------------------------------------------

!!! Directories that have been removed !!!

No malicious directories to be removed

--------------------------------------------------------------------------------

!!! Registry entries that have been removed !!!

No malicious Registry entries found

================================================================================

All Done :)

ShadowPuterDude

Safe Surfing!!!

fixi nic nie znalazł, ale kaspersky znalazł dwie infekcje:

Kod: Zaznacz wszystko

C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\f8c8jg9u.default\cert8.db     Object is locked     pominięty
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\f8c8jg9u.default\content-prefs.sqlite    Object is locked    pominięty
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\f8c8jg9u.default\cookies.sqlite    Object is locked    pominięty
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\f8c8jg9u.default\downloads.sqlite    Object is locked    pominięty
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\f8c8jg9u.default\formhistory.sqlite    Object is locked    pominięty
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\f8c8jg9u.default\key3.db    Object is locked    pominięty
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\f8c8jg9u.default\parent.lock    Object is locked    pominięty
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\f8c8jg9u.default\permissions.sqlite    Object is locked    pominięty
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\f8c8jg9u.default\places.sqlite    Object is locked    pominięty
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\f8c8jg9u.default\places.sqlite-journal    Object is locked    pominięty
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\f8c8jg9u.default\search.sqlite    Object is locked    pominięty
C:\Documents and Settings\Administrator\Cookies\index.dat    Object is locked    pominięty
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat    Object is locked    pominięty
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG    Object is locked    pominięty
C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\f8c8jg9u.default\Cache\_CACHE_001_    Object is locked    pominięty
C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\f8c8jg9u.default\Cache\_CACHE_002_    Object is locked    pominięty
C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\f8c8jg9u.default\Cache\_CACHE_003_    Object is locked    pominięty
C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\f8c8jg9u.default\Cache\_CACHE_MAP_    Object is locked    pominięty
C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\f8c8jg9u.default\urlclassifier3.sqlite    Object is locked    pominięty
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat    Object is locked    pominięty
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\MSHist012008100320081004\index.dat    Object is locked    pominięty
C:\Documents and Settings\Administrator\Local Settings\temp\AVP1653.tmp    Object is locked    pominięty
C:\Documents and Settings\Administrator\Local Settings\temp\AVP1654.tmp    Object is locked    pominięty
C:\Documents and Settings\Administrator\Local Settings\temp\etilqs_kUMIRmILougnhcGViWMI    Object is locked    pominięty
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat    Object is locked    pominięty
C:\Documents and Settings\Administrator\NTUSER.DAT    Object is locked    pominięty
C:\Documents and Settings\Administrator\ntuser.dat.LOG    Object is locked    pominięty
C:\Documents and Settings\LocalService\Cookies\index.dat    Object is locked    pominięty
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat    Object is locked    pominięty
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG    Object is locked    pominięty
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat    Object is locked    pominięty
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat    Object is locked    pominięty
C:\Documents and Settings\LocalService\NTUSER.DAT    Object is locked    pominięty
C:\Documents and Settings\LocalService\ntuser.dat.LOG    Object is locked    pominięty
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat    Object is locked    pominięty
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG    Object is locked    pominięty
C:\Documents and Settings\NetworkService\NTUSER.DAT    Object is locked    pominięty
C:\Documents and Settings\NetworkService\ntuser.dat.LOG    Object is locked    pominięty
C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat    Object is locked    pominięty
C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db    Object is locked    pominięty
C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws    Object is locked    pominięty
C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log    Object is locked    pominięty
C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log    Object is locked    pominięty
C:\Program Files\Alwil Software\Avast4\DATA\log\selfdef.log    Object is locked    pominięty
C:\Program Files\Alwil Software\Avast4\DATA\report\Osłona rezydentna.txt    Object is locked    pominięty
C:\Program Files\Sunbelt Software\Logs\debug.log    Object is locked    pominięty
C:\Program Files\Sunbelt Software\Logs\debug.log.idx    Object is locked    pominięty
C:\Program Files\Sunbelt Software\Logs\error.log    Object is locked    pominięty
C:\Program Files\Sunbelt Software\Logs\error.log.idx    Object is locked    pominięty
C:\Program Files\Sunbelt Software\Logs\hips.log    Object is locked    pominięty
C:\Program Files\Sunbelt Software\Logs\hips.log.idx    Object is locked    pominięty
C:\Program Files\Sunbelt Software\Logs\ids.log    Object is locked    pominięty
C:\Program Files\Sunbelt Software\Logs\ids.log.idx    Object is locked    pominięty
C:\Program Files\Sunbelt Software\Logs\network.log    Object is locked    pominięty
C:\Program Files\Sunbelt Software\Logs\network.log.idx    Object is locked    pominięty
C:\Program Files\Sunbelt Software\Logs\SbFw.etl    Object is locked    pominięty
C:\Program Files\Sunbelt Software\Logs\SbFwIm.etl    Object is locked    pominięty
C:\Program Files\Sunbelt Software\Logs\system.log    Object is locked    pominięty
C:\Program Files\Sunbelt Software\Logs\system.log.idx    Object is locked    pominięty
C:\Program Files\Sunbelt Software\Logs\warning.log    Object is locked    pominięty
C:\Program Files\Sunbelt Software\Logs\warning.log.idx    Object is locked    pominięty
C:\Program Files\Sunbelt Software\Logs\web.log    Object is locked    pominięty
C:\Program Files\Sunbelt Software\Logs\web.log.idx    Object is locked    pominięty
C:\System Volume Information\MountPointManagerRemoteDatabase    Object is locked    pominięty
C:\System Volume Information\_restore{01436238-F78E-4115-A113-3488DD57FD5F}\RP493\change.log    Object is locked    pominięty
C:\WINDOWS\Debug\PASSWD.LOG    Object is locked    pominięty
C:\WINDOWS\psshutdown.exe    Zainfekowanych: not-a-virus:RiskTool.Win32.PsKill.au    pominięty
C:\WINDOWS\SchedLgU.Txt    Object is locked    pominięty
C:\WINDOWS\ServicePackFiles\i386\System    Zainfekowanych: not-a-virus:Client-IRC.Win32.mIRC.603    pominięty
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log    Object is locked    pominięty
C:\WINDOWS\Sti_Trace.log    Object is locked    pominięty
C:\WINDOWS\system32\CatRoot2\edb.log    Object is locked    pominięty
C:\WINDOWS\system32\CatRoot2\tmp.edb    Object is locked    pominięty
C:\WINDOWS\system32\config\Antivirus.Evt    Object is locked    pominięty
C:\WINDOWS\system32\config\AppEvent.Evt    Object is locked    pominięty
C:\WINDOWS\system32\config\default    Object is locked    pominięty
C:\WINDOWS\system32\config\default.LOG    Object is locked    pominięty
C:\WINDOWS\system32\config\SAM    Object is locked    pominięty
C:\WINDOWS\system32\config\SAM.LOG    Object is locked    pominięty
C:\WINDOWS\system32\config\SecEvent.Evt    Object is locked    pominięty
C:\WINDOWS\system32\config\SECURITY    Object is locked    pominięty
C:\WINDOWS\system32\config\SECURITY.LOG    Object is locked    pominięty
C:\WINDOWS\system32\config\software    Object is locked    pominięty
C:\WINDOWS\system32\config\software.LOG    Object is locked    pominięty
C:\WINDOWS\system32\config\SysEvent.Evt    Object is locked    pominięty
C:\WINDOWS\system32\config\system    Object is locked    pominięty
C:\WINDOWS\system32\config\system.LOG    Object is locked    pominięty
C:\WINDOWS\system32\drivers\sptd.sys    Object is locked    pominięty
C:\WINDOWS\system32\h323log.txt    Object is locked    pominięty
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR    Object is locked    pominięty
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP    Object is locked    pominięty
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER    Object is locked    pominięty
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP    Object is locked    pominięty
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP    Object is locked    pominięty
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA    Object is locked    pominięty
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP    Object is locked    pominięty
C:\WINDOWS\Temp\Perflib_Perfdata_58c.dat    Object is locked    pominięty
C:\WINDOWS\Temp\Perflib_Perfdata_9c.dat    Object is locked    pominięty
C:\WINDOWS\Temp\_avast4_\Webshlock.txt    Object is locked    pominięty
C:\WINDOWS\wiadebug.log    Object is locked    pominięty
C:\WINDOWS\wiaservc.log    Object is locked    pominięty
C:\WINDOWS\WindowsUpdate.log    Object is locked    pominięty
E:\System Volume Information\MountPointManagerRemoteDatabase    Object is locked    pominięty
E:\System Volume Information\_restore{01436238-F78E-4115-A113-3488DD57FD5F}\RP493\change.log

edit: internet ciągle muli

[djarta]

Pobierz ---> The Avenger

Wklej do niego ten tekst:

Kod: Zaznacz wszystko

Files to delete:
C:\WINDOWS\psshutdown.exe

Folders to delete:
C:\WINDOWS\ServicePackFiles\i386


Kopiujesz - Klikasz na Paste Script from Clipboard - Execute - Potwierdzasz i zgadzasz się na restart klikając OK.
Po wykonaniu skasuj z dysku plik: C:\Avenger\backup.zip i wklej raport na forum C:\avenger.txt


===============================
K.

[autovidol]

Dziękuję za pomoc. Wciąż jest duży problem z internetem. Przeciętna prędkość ściągania jakiegokolwiek pliku: 14 kb/s. Jakieś pomysły?

[wojtas]

skad masz neta ? moze zadzwon do swojego dostawcy ? zapytaj sie powiedz ze nie masz wirusow moze on CI pomoze. pozdro

[autovidol]

Dostawca dialog. Mam net z niezahasłowanego routera, może ktoś mi podkrada. Jutro go zahasłuję, a niedługo format i zmiana na vistę. Pozdrawiam i dziękuję za wsparcie.