Prosze O Sprawdzenie Loga

[emolans]

Dziwnie tnie mi kompa i rozne gry... Mysle ze to wina jakiegos robactwa ktore sie wkradlo.

Probowalem uruchomic ComboFix ale nici... pokazuje ze wersja wygasla

» Naciśnij aby pokazać/ukryć tekst oznaczony jako spoiler « - "Hijackthis"

Scan saved at 14:10:47, on 2009-01-31

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Ahead\InCD\InCDsrv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\windows\Desktop\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = >>> 'Full Speed' Enabled <<<

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (file missing)

O3 - Toolbar: (no name) - {37B85A29-692B-4205-9CAD-2626E4993404} - (no file)

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [c0.exe] "C:\aidualc3\c0.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {5D2CF9D0-113A-476B-986F-288B54571614} - http://www.devalvr.com/instalacion/plugin/devalvrplugin.php

O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe

O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe

O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe

 

--

End of file - 4068 bytes

Edytowane 30 Stycznia 2009 przez Kolobos

[Kolobos]

Zle wstawiles spojler, wkleiles tylko kawalek log'a, brakuje log'a z combofix (ustaw poprawna date i sciagnij najnowsza wersje ze strony autora).

 

Jednak zanim to zrobisz to wykonaj skan przy pomocy Dr.Web CureIt oraz Malwarebytes Anti-Malware.

 

Wysil sie tez i napisz co DOKLADNIE sie dzieje i kiedy. Nie zaszkodza tez screeny z HdTune.

[emolans]

Przeskanowalem tymi programami co powiedziales... Dr nie znalazl nic ale malware znalazl 13 wiruchow i usunal a oto log z hjt. Mam nadal problemy z combo fixem usunalem go poprzez ComboFix /a sciagalem najnowsze wersje i nadal pisze ze wygasa.

 

 

» Naciśnij aby pokazać/ukryć tekst oznaczony jako spoiler « - "HJT"

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 20:48:50, on 2008-01-31

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Ahead\InCD\InCDsrv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\windows\Desktop\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = >>> 'Full Speed' Enabled <<<

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (file missing)

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [c0.exe] "C:\aidualc3\c0.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {5D2CF9D0-113A-476B-986F-288B54571614} - http://www.devalvr.com/instalacion/plugin/devalvrplugin.php

O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe

 

--

End of file - 3824 bytes

[Kolobos]

Masz ustawiona zla date: Scan saved at 20:48:50, on 2008-01-31

 

Sciagales z tych linkow?

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

http://www.forospyware.com/sUBs/ComboFix.exe

http://subs.geekstogo.com/ComboFix.exe

 

Jezeli dalej nie bedzie dzialac to uzyj: http://www.techsupportforum.com/sectools/sUBs/dds/ i daj dds.txt

[emolans]

Ustawilem date sciagnalem z tych linkow i dalej nie dziala ... oto logi z DDS

 

 

» Naciśnij aby pokazać/ukryć tekst oznaczony jako spoiler « - "DDS.txt"

DDS (Ver_09-01-07.01) - NTFSx86

Run by windows at 14:45:45,57 on 2009-01-31

Internet Explorer: 7.0.5730.13

Microsoft Windows XP Professional 5.1.2600.2.1250.48.1033.18.511.337 [GMT 1:00]

 

AV: iolo AntiVirus® *On-access scanning disabled* (Updated)

 

============== Running Processes ===============

 

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\Program Files\Ahead\InCD\InCDsrv.exe

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Documents and Settings\windows\Desktop\dds.com

 

============== Pseudo HJT Report ===============

 

uWindow Title = >>> 'Full Speed' Enabled <<<

uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe

mRun: [c0.exe] "c:\aidualc3\c0.exe"

dRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uPolicies-explorer: MemCheckBoxInRunDlg = 0 (0x0)

uPolicies-explorer: NoStrCmpLogical = 0 (0x0)

uPolicies-system: DisableRegedit = 0 (0x0)

mPolicies-explorer: NoChangeAnimation = 0 (0x0)

mPolicies-explorer: NoStrCmpLogical = 0 (0x0)

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: AtiExtEvent - Ati2evxx.dll

LSA: Authentication Packages = msv1_0 nwprovau

 

================= FIREFOX ===================

 

FF - ProfilePath - c:\docume~1\windows\applic~1\mozilla\firefox\profiles\tdwtydbn.default\

FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official

 

============= SERVICES / DRIVERS ===============

 

R3 hidusbf;USB Mouse Rate Adjuster Lower Filter by SweetLow;c:\windows\system32\drivers\hidusbf.sys [2009-1-27 4544]

 

============== File Associations ===============

 

JSEFile=NOTEPAD.EXE %1

VBEFile=NOTEPAD.EXE %1

VBSFile=NOTEPAD.EXE %1

 

=============== Created Last 30 ================

 

2009-01-31 14:16 74,703 a------- c:\windows\system32\mfc45.dll

2009-01-31 12:41 388,608 a------- c:\windows\system32\CF27986.exe

2009-01-31 10:27 <DIR> --d----- c:\docume~1\windows\applic~1\MozillaControl

2009-01-31 10:26 <DIR> --d----- c:\program files\'Full Speed' Internet Booster + Performance Tests

2009-01-30 15:08 <DIR> --d----- c:\program files\Avira

2009-01-29 15:37 <DIR> --d----- c:\windows\'Full Speed' Internet Booster + Performance Tests

2009-01-29 15:37 <DIR> --d----- C:\aidualc3

2009-01-29 14:38 388,608 a------- c:\windows\system32\CF10912.exe

2009-01-29 14:38 388,608 a------- c:\windows\system32\CF10837.exe

2009-01-28 16:59 <DIR> --d----- c:\program files\Valve

2009-01-27 16:19 4,544 a------- c:\windows\system32\drivers\hidusbf.sys

2009-01-22 21:19 432 a------- c:\windows\system32\iolo.ini

2009-01-22 21:15 118,784 a------- c:\windows\system32\iavlsp.dll

2009-01-21 12:15 406 a------- c:\windows\system32\ioloBootDefrag.cfg

2009-01-21 12:13 <DIR> --d----- c:\docume~1\windows\applic~1\iolo

2009-01-21 12:13 <DIR> --d----- c:\docume~1\alluse~1\applic~1\iolo

2009-01-20 12:45 765,952 a------- c:\windows\system32\xvidcore.dll

2009-01-20 12:45 180,224 a------- c:\windows\system32\xvidvfw.dll

2009-01-20 12:45 77,824 a------- c:\windows\system32\xvid.ax

2009-01-20 12:45 <DIR> --d----- c:\program files\Xvid

2009-01-19 14:23 <DIR> --d----- c:\program files\CCleaner

2009-01-19 14:04 237,568 a------- c:\windows\system32\mcstabs.ocx

2009-01-19 14:04 89,360 a------- c:\windows\system32\VB5DB.DLL

2009-01-19 14:04 115,920 a------- c:\windows\system32\msinet.ocx

2009-01-19 12:06 410,984 a------- c:\windows\system32\deploytk.dll

2009-01-18 22:43 <DIR> --d----- c:\docume~1\windows\applic~1\Thinstall

2009-01-14 16:32 79 a------- c:\windows\xptools.ini

2009-01-14 16:15 510 a------- c:\windows\system32\xtupdate.zip

2009-01-14 16:15 510 a------- c:\windows\system32\xtupdate.dat

2009-01-14 16:15 259,584 a------- c:\windows\system32\xtbaksm.dat

2009-01-14 15:00 <DIR> --d----- c:\program files\mIRC

2009-01-11 16:50 <DIR> --d----- c:\program files\Panda Security

2009-01-11 11:30 142,976 ac------ c:\windows\system32\dllcache\usbport.sys

2009-01-10 13:07 <DIR> --d----- C:\PacSteamT

2009-01-09 18:25 174 a------- c:\windows\wcx_ftp.ini

2009-01-09 17:19 545 a------- c:\windows\UC.PIF

2009-01-09 17:19 545 a------- c:\windows\RAR.PIF

2009-01-09 17:19 545 a------- c:\windows\PKZIP.PIF

2009-01-09 17:19 545 a------- c:\windows\PKUNZIP.PIF

2009-01-09 17:19 545 a------- c:\windows\NOCLOSE.PIF

2009-01-09 17:19 545 a------- c:\windows\LHA.PIF

2009-01-09 17:19 545 a------- c:\windows\ARJ.PIF

2009-01-09 17:19 815 a------- c:\windows\wincmd.ini

2009-01-09 17:19 <DIR> --d----- C:\totalcmd

2009-01-03 21:46 <DIR> --d----- c:\program files\Media Player Classic

 

==================== Find3M ====================

 

2009-01-14 16:11 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys

2009-01-14 16:11 15,504 a------- c:\windows\system32\drivers\mbam.sys

2008-12-31 16:20 249,856 -------- c:\windows\Setup1.exe

2008-12-31 16:20 73,216 a------- c:\windows\ST6UNST.EXE

2008-11-12 20:52 87,263 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat

2008-08-03 16:40 0 a------- c:\program files\AstonWriteTest.txt

2004-03-11 12:27 40,960 a------- c:\program files\Uninstall_CDS.exe

 

============= FINISH: 14:46:09,63 ===============

 

» Naciśnij aby pokazać/ukryć tekst oznaczony jako spoiler « - "Attach.txt"

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

 

DDS (Ver_09-01-07.01)

 

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 2008-04-14 06:35:06

System Uptime: 2009-01-31 14:36:16 (0 hours ago)

 

Motherboard: Dell Computer Corporation | | Latitude C610

Processor: Intel® Pentium® III Mobile CPU 1000MHz | Microprocessor | 730/133mhz

 

==== Disk Partitions =========================

 

C: is FIXED (NTFS) - 28 GiB total, 4,393 GiB free.

D: is CDROM ()

 

==== Disabled Device Manager Items =============

 

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}

Description: PCI Modem

Device ID: PCI\VEN_8086&DEV_2486&SUBSYS_4C21134D&REV_01\3&61AAA01&0&FE

Manufacturer:

Name: PCI Modem

PNP Device ID: PCI\VEN_8086&DEV_2486&SUBSYS_4C21134D&REV_01\3&61AAA01&0&FE

Service:

 

==== System Restore Points ===================

 

RP1: 2009-01-22 21:14:38 - Installed Windows Installer KB893803v2.

RP2: 2009-01-22 21:36:51 - Installed ESET NOD32 Antivirus

RP3: 2009-01-23 12:49:10 - Removed Microsoft .NET Framework 3.0 Service Pack 1

RP4: 2009-01-23 12:52:49 - Removed ESET NOD32 Antivirus

RP5: 2009-01-23 13:06:24 - ComboFix created restore point

RP6: 2009-01-23 20:27:14 - Removed Java 6 Update 11

RP7: 2009-01-24 10:49:58 - ComboFix created restore point

RP8: 2009-01-24 12:15:10 - ComboFix created restore point

RP9: 2009-01-24 14:45:25 - ComboFix created restore point

RP10: 2009-01-24 15:05:07 - ComboFix created restore point

RP11: 2009-01-24 20:43:40 - ComboFix created restore point

RP12: 2009-01-27 15:34:00 - System Checkpoint

RP13: 2009-01-27 16:16:03 - Restore Operation

RP14: 2009-01-28 16:55:52 - ????????? Counter-Strike 1.6

RP15: 2009-01-28 16:57:05 - ??????? Counter-Strike 1.6

RP16: 2009-01-28 16:59:23 - ??????????? Counter-Strike 1.6

RP17: 2009-01-29 14:39:09 - ComboFix created restore point

RP18: 2009-01-30 15:07:33 - Avira AntiVir Personal - 2009-01-30 15:07

RP19: 2009-01-30 20:15:37 - Avira AntiVir Personal - 2009-01-30 20:15

 

==== Installed Programs ======================

 

'Full Speed' Internet Booster + Performance Tests

(DNA 2.7.4.7)

Adobe Acrobat 5.0 CE

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Reader 6.0.1

Adobe Shockwave Player

Archiwizator WinRAR

ATI - Software Uninstall Utility

ATI Control Panel

µTorrent

CCleaner (remove only)

Counter-Strike 1.6

DivX Web Player

DVD Solution

ExpertTool

FMS

Gadu-Gadu 7.7

HijackThis 2.0.2

Hotfix for Windows XP (KB914440)

Hotfix for Windows XP (KB915865)

Hotfix for Windows XP (KB952287)

InCD

Malwarebytes' Anti-Malware

Microsoft .NET Framework 2.0 Service Pack 1

Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - PLK

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft National Language Support Downlevel APIs

Mirar

mIRC

Mozilla Firefox (3.0.5)

MSN

MUI Help Package - PLK

Multimedia Launcher

NAPIPROJEKT 1.0.6.2

Octoshape add-in for Adobe Flash Player

PowerDVD

PowerProducer

Real Alternative 1.51

Security Update for Windows Internet Explorer 7 (KB938127-v2)

Security Update for Windows Internet Explorer 7 (KB938127)

Security Update for Windows Internet Explorer 7 (KB956390)

Security Update for Windows Internet Explorer 7 (KB958215)

Security Update for Windows Internet Explorer 7 (KB960714)

Security Update for Windows Media Player (KB952069)

Security Update for Windows XP (KB917344)

Security Update for Windows XP (KB923689)

Security Update for Windows XP (KB938464)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB944338-v2)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950749)

Security Update for Windows XP (KB950759)

Security Update for Windows XP (KB950760)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951698)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB953838)

Security Update for Windows XP (KB953839)

Security Update for Windows XP (KB954211)

Security Update for Windows XP (KB954600)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956390)

Security Update for Windows XP (KB956391)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956841)

Security Update for Windows XP (KB957095)

Security Update for Windows XP (KB957097)

Security Update for Windows XP (KB958644)

Skype™ 3.8

Spybot - Search & Destroy

Steam

TeamSpeak 2 RC2

Total Commander (Remove or Repair)

Update for Windows XP (KB898461)

Update for Windows XP (KB904942)

Update for Windows XP (KB925720)

Update for Windows XP (KB942763)

Update for Windows XP (KB942840)

Update for Windows XP (KB951072-v2)

Update for Windows XP (KB951978)

Update for Windows XP (KB955839)

Ventrilo

Vplayer

WebFldrs XP

Winamp

Windows Genuine Advantage Notifications (KB905474)

Windows Installer 3.1 (KB893803)

Windows Internet Explorer 7

Windows Media Format Runtime

XML Paper Specification Shared Components Language Pack 1.0

XML Paper Specification Shared Components Pack 1.0

Xvid 1.1.3 final uninstall

 

==== Event Viewer Messages From Past Week ========

 

2009-01-24 10:55:32, error: Service Control Manager [7000] - The Upload Manager service failed to start due to the following error: The account specified for this service is different from the account specified for other services running in the same process.

2009-01-24 10:54:51, error: NETLOGON [3095] - This computer is configured as a member of a workgroup, not as a member of a domain. The Netlogon service does not need to run in this configuration.

2009-01-24 14:45:44, error: Service Control Manager [7034] - The Windows User Mode Driver Framework service terminated unexpectedly. It has done this 1 time(s).

2009-01-24 14:45:44, error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

2009-01-24 14:45:44, error: Service Control Manager [7034] - The Application Layer Gateway Service service terminated unexpectedly. It has done this 1 time(s).

2009-01-24 14:45:45, error: Service Control Manager [7034] - The InCD Helper service terminated unexpectedly. It has done this 1 time(s).

2009-01-26 16:46:46, error: Service Control Manager [7034] - The iolo System Service service terminated unexpectedly. It has done this 1 time(s).

2009-01-26 16:46:46, error: Service Control Manager [7034] - The iolo FileInfoList Service service terminated unexpectedly. It has done this 1 time(s).

2009-01-26 17:03:19, error: Service Control Manager [7034] - The iolo System Service service terminated unexpectedly. It has done this 2 time(s).

2009-01-26 17:03:19, error: Service Control Manager [7034] - The iolo FileInfoList Service service terminated unexpectedly. It has done this 2 time(s).

2009-01-26 20:11:20, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the iolo FileInfoList Service service to connect.

2009-01-26 20:11:20, error: Service Control Manager [7000] - The iolo FileInfoList Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

2009-01-27 15:48:49, error: Service Control Manager [7022] - The iolo FileInfoList Service service hung on starting.

2009-01-31 14:17:49, error: Service Control Manager [7034] - The iolo FileInfoList Service service terminated unexpectedly. It has done this 3 time(s).

2009-01-31 14:17:49, error: Service Control Manager [7034] - The iolo System Service service terminated unexpectedly. It has done this 3 time(s).

2009-01-27 15:43:31, information: Windows File Protection [64004] - The protected system file usbport.sys could not be restored to its original, valid version. The file version of the bad file is 5.1.2600.2180 The specific error code is 0x800b0100 [No signature was present in the subject. ].

2009-01-31 14:37:44, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\windows\system32\ctfmon.exe. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.2180.

 

==== End Of File ===========================

[Kolobos]

Odinstaluj: 'Full Speed' Internet Booster + Performance Tests

 

Usun z dysku:

c:\windows\'Full Speed' Internet Booster + Performance Tests

C:\aidualc3

 

W hjt usun:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = >>> 'Full Speed' Enabled <<<

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: Java™ Plug-In 2 SSV Helper - {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (file missing)

O4 - HKLM\..\Run: [c0.exe] "C:\aidualc3\c0.exe"

 

Odinstaluj wszystkie wersje javy i zainstaluj najnowsza wersje z www.java.com

 

Uruchom: combofix /u

Uzyj http://download.bleepingcomputer.com/oldtimer/OTMoveIt3.exe i wybierz CleanUp, nastepnie sprobuj ponownie uruchomic combofix.

Edytowane 1 Lutego 2009 przez Kolobos

[emolans]

» Naciśnij aby pokazać/ukryć tekst oznaczony jako spoiler « - "ComboFix.txt"

ComboFix 09-01-31.01 - windows 2009-02-01 10:19:55.11 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.511.364 [GMT 1:00]
Uruchomiony z: c:\documents and settings\windows\Desktop\ComboFix.exe
AV: iolo AntiVirus® *On-access scanning disabled* (Updated)
.

((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\autorun.inf
c:\program files\Mozilla Firefox\components\iamfamous.dll
c:\recycler\S-2-1-68-100010678-100019888-100017040-6125.com
c:\windows\system32\drivers\gaopdxxdqvnfcn.sys
c:\windows\system32\gaopdxsegmntid.dll
c:\windows\system32\mfc45.dll

.
((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_gaopdxserv.sys


((((((((((((((((((((((((( Pliki utworzone od 2009-01-01 do 2009-02-01 )))))))))))))))))))))))))))))))
.

2009-01-31 19:35 . 2009-01-31 19:35 <DIR> d-------- c:\documents and settings\windows\Application Data\Malwarebytes
2009-01-31 19:34 . 2009-01-31 19:35 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-31 19:34 . 2009-01-31 19:34 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-31 19:34 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-31 19:34 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-01-31 17:58 . 2009-02-01 10:12 4 --a------ c:\windows\system32\gaopdxcounter
2009-01-31 10:27 . 2009-01-31 10:27 <DIR> d-------- c:\documents and settings\windows\Application Data\MozillaControl
2009-01-28 16:59 . 2009-01-29 14:36 <DIR> d-------- c:\program files\Valve
2009-01-27 16:19 . 2006-11-08 21:19 4,544 --a------ c:\windows\system32\drivers\hidusbf.sys
2009-01-22 21:19 . 2009-01-22 21:19 432 --a------ c:\windows\system32\iolo.ini
2009-01-22 21:15 . 2008-11-12 16:05 118,784 --a------ c:\windows\system32\iavlsp.dll
2009-01-21 12:15 . 2009-01-21 12:15 406 --a------ c:\windows\system32\ioloBootDefrag.cfg
2009-01-21 12:14 . 2009-01-21 12:14 <DIR> d-------- c:\documents and settings\LocalService\Application Data\iolo
2009-01-21 12:13 . 2009-01-31 13:34 <DIR> d-------- c:\documents and settings\windows\Application Data\iolo
2009-01-21 12:13 . 2009-01-22 21:28 <DIR> d-------- c:\documents and settings\All Users\Application Data\iolo
2009-01-20 12:45 . 2009-01-20 12:46 <DIR> d-------- c:\program files\Xvid
2009-01-20 12:45 . 2007-06-28 18:52 765,952 --a------ c:\windows\system32\xvidcore.dll
2009-01-20 12:45 . 2007-06-28 18:54 180,224 --a------ c:\windows\system32\xvidvfw.dll
2009-01-20 12:45 . 2007-06-28 18:55 77,824 --a------ c:\windows\system32\xvid.ax
2009-01-19 21:42 . 2009-01-19 21:42 <DIR> d-------- c:\windows\Sun
2009-01-19 14:23 . 2009-01-19 14:23 <DIR> d-------- c:\program files\CCleaner
2009-01-19 14:04 . 2005-12-14 22:16 237,568 --a------ c:\windows\system32\mcstabs.ocx
2009-01-19 14:04 . 2000-05-22 17:58 115,920 --a------ c:\windows\system32\msinet.ocx
2009-01-19 14:04 . 1998-06-18 00:00 89,360 --a------ c:\windows\system32\VB5DB.DLL
2009-01-19 12:06 . 2009-01-19 12:05 410,984 --a------ c:\windows\system32\deploytk.dll
2009-01-18 22:43 . 2009-01-18 22:43 <DIR> d-------- c:\documents and settings\windows\Application Data\Thinstall
2009-01-14 16:32 . 2009-01-19 12:42 79 --a------ c:\windows\xptools.ini
2009-01-14 16:15 . 2009-01-14 16:15 259,584 --a------ c:\windows\system32\xtbaksm.dat
2009-01-14 16:15 . 2009-01-14 16:15 510 --a------ c:\windows\system32\xtupdate.zip
2009-01-14 16:15 . 2009-01-14 16:15 510 --a------ c:\windows\system32\xtupdate.dat
2009-01-14 15:00 . 2009-01-31 10:29 <DIR> d-------- c:\program files\mIRC
2009-01-11 16:50 . 2009-01-23 12:49 <DIR> d-------- c:\program files\Panda Security
2009-01-11 11:30 . 2004-08-12 14:31 142,976 --a--c--- c:\windows\system32\dllcache\usbport.sys
2009-01-10 13:07 . 2009-01-30 19:58 <DIR> d-------- C:\PacSteamT
2009-01-09 18:25 . 2009-01-29 19:29 174 --a------ c:\windows\wcx_ftp.ini
2009-01-09 17:19 . 2009-01-09 17:19 <DIR> d-------- C:\totalcmd
2009-01-09 17:19 . 2009-01-29 19:32 815 --a------ c:\windows\wincmd.ini
2009-01-09 17:19 . 2008-08-08 07:04 545 --a------ c:\windows\UC.PIF
2009-01-09 17:19 . 2008-08-08 07:04 545 --a------ c:\windows\RAR.PIF
2009-01-09 17:19 . 2008-08-08 07:04 545 --a------ c:\windows\PKZIP.PIF
2009-01-09 17:19 . 2008-08-08 07:04 545 --a------ c:\windows\PKUNZIP.PIF
2009-01-09 17:19 . 2008-08-08 07:04 545 --a------ c:\windows\NOCLOSE.PIF
2009-01-09 17:19 . 2008-08-08 07:04 545 --a------ c:\windows\LHA.PIF
2009-01-09 17:19 . 2008-08-08 07:04 545 --a------ c:\windows\ARJ.PIF
2009-01-03 21:46 . 2009-01-03 21:46 <DIR> d-------- c:\program files\Media Player Classic
2009-01-03 21:39 . 2009-01-03 21:39 <DIR> d-------- c:\documents and settings\windows\Application Data\Media Player Classic

.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-01 09:52 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-01-31 19:43 --------- d-----w c:\documents and settings\windows\Application Data\Skype
2009-01-31 19:41 --------- d-----w c:\documents and settings\windows\Application Data\skypePM
2009-01-31 09:42 --------- d-----w c:\documents and settings\windows\Application Data\mIRC
2009-01-28 15:59 --------- d-----w c:\program files\Common Files\InstallShield
2009-01-27 21:07 --------- d-----w c:\documents and settings\windows\Application Data\uTorrent
2009-01-23 10:24 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-01-22 17:23 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-01-20 14:05 --------- d-----w c:\program files\NAPI-PROJEKT
2009-01-20 11:59 --------- d-----w c:\program files\Gadu-Gadu
2009-01-08 16:47 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-03 20:46 --------- d-----w c:\program files\Real Alternative
2008-12-31 15:20 73,216 ----a-w c:\windows\ST6UNST.EXE
2008-12-31 15:20 249,856 ------w c:\windows\Setup1.exe
2008-12-28 11:20 --------- d-----w c:\program files\Common Files\PC Tools
2008-12-28 09:28 --------- d-----w c:\program files\DevaluateVR
2008-12-28 09:27 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-12-28 09:18 --------- d-----w c:\program files\ACE Mega CoDecS Pack
2008-12-28 09:13 --------- d-----w c:\program files\TweakNow RegCleaner Std
2008-12-19 19:58 --------- d-----w c:\program files\Skype
2008-12-19 19:58 --------- d-----w c:\program files\Common Files\Skype
2008-12-19 19:58 --------- d-----w c:\documents and settings\All Users\Application Data\Skype
2008-12-07 18:32 --------- d-----w c:\program files\GRETECH
2008-12-03 12:51 --------- d-----w c:\documents and settings\windows\Application Data\teamspeak2
2008-08-03 15:40 0 ----a-w c:\program files\AstonWriteTest.txt
2004-03-11 11:27 40,960 ----a-w c:\program files\Uninstall_CDS.exe
.

((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-12 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-06-10 339968]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-12 15360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegedit"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoChangeAnimation"= 0 (0x0)
"NoStrCmpLogical"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"MemCheckBoxInRunDlg"= 0 (0x0)
"NoStrCmpLogical"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
--------- 2004-09-07 14:25 1400944 c:\program files\Ahead\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-08-04 09:06 1667584 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 2003-12-08 16:35 32768 c:\program files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2008-11-18 16:31 21633320 c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2008-07-09 22:33 36352 c:\program files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"330:TCP"= 330:TCP:t
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017

R3 hidusbf;USB Mouse Rate Adjuster Lower Filter by SweetLow;c:\windows\system32\drivers\hidusbf.sys [2009-01-27 4544]
.
.
------- Skan uzupełniający -------
.
DPF: {5D2CF9D0-113A-476B-986F-288B54571614} - hxxp://www.devaluatevr.com/instalacion/plugin/devaluatevrplugin.php
DPF: {68282C51-9459-467B-95BF-3C0E89627E55} - hxxp://www.mks.com.pl/skaner/SkanerOnline.cab
FF - ProfilePath - c:\documents and settings\windows\Application Data\Mozilla\Firefox\Profiles\tdwtydbn.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
.
.
------- Skojarzenia plików -------
.
JSEFile=NOTEPAD.EXE %1
VBEFile=NOTEPAD.EXE %1
VBSFile=NOTEPAD.EXE %1
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-01 10:25:18
Windows 5.1.2600 Service Pack 2 NTFS

skanowanie ukrytych procesów ...

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ...

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
c:\program files\Ahead\InCD\InCDsrv.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Czas ukończenia: 2009-02-01 10:29:53 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt 2009-02-01 09:29:47

Przed: 5,007,290,368 bytes free
Po: 4,998,750,208 bytes free

Current=2 Default=2 Failed=1 LastKnownGood=3 Sets=,1,2,3
187 --- E O F --- 2008-12-19 13:04:02

taki maly OT zeby nie zakladac tematu.Po tych wszystkich zabiegach jaki antyvirus bedzie odpowiednio chronil moj komputer, potrzebuje tego "lekkiego" poniewaz mam slabego kompa.

[Kolobos]

Wystarczy Avira, do tego zamknij porty przy pomocy wwdc.exe, zainstaluj aktualizacje z www.windowsupdate.com

 

Uruchom regedit, przejdz do [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] kliknij na BootExecute i wpisz tam:

autocheck autochk *

 

Usun jeszcze z dysku:

c:\windows\system32\gaopdxcounter