Witam Ostatnio zauważyłem dziwne zachowanie się systemu i próbowałem go przeskanować ( avast! ) ale skaner dyski cały czas pomijał dlatego zaczęło mi to śmierdzieć, jako że przeglądarki zaczęły mi świrować i po jakimś czasie ( najczęściej podczas streamowania youtube itd ) po prostu nie mogły nawiązać kontaktu z żadnym serwerem, choć z internetem byłem połączony cały czas i np gg chodziło gdy przeglądarki nic nie łapały. Skorzystałem z ComboFixa, w załączniku log. Jeden z plików w kwarantannie CF to wycięty klucz tcpip... Czy coś da się poratować, żeby normalnie to chodziło spowrotem? Od razu mówię - nie, nie mam kopii zapasowej systemu... Pozdrawiam i proszę o pomoc.
ComboFix 11-01-08.04 - Thorgar 2011-01-09 14:22:01.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.48.1045.18.3326.2880 [GMT 1:00]
Uruchomiony z: c:\documents and settings\Thorgar.KONRAD\Pulpit\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Usuniêto )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Thorgar.KONRAD\Recent\Thumbs.db
c:\windows\system32\ccrpTmr6.dll
D:\install.exe
.
((((((((((((((((((((((((( Pliki utworzone od 2010-12-09 do 2011-01-09 )))))))))))))))))))))))))))))))
.
2011-01-06 16:15 . 2011-01-06 16:19 -------- d-----w- c:\program files\NirSoft
2011-01-06 14:46 . 2009-01-12 18:29 18944 ----a-w- c:\windows\system32\drivers\atinrnt.sys
2011-01-06 13:46 . 2011-01-09 11:47 8114834 ----a-w- c:\windows\system32\smlcache.dll
2011-01-06 13:44 . 2011-01-06 16:48 -------- d---a-w- c:\documents and settings\All Users.WINDOWS\Dane aplikacji\TEMP
2010-12-15 19:38 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2010-12-15 19:37 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-05 02:45 . 2010-12-05 02:45 162432 ----a-w- c:\windows\system32\drivers\ithsgt.sys
2010-12-05 02:45 . 2010-12-05 02:45 12032 ----a-w- c:\windows\system32\drivers\lilsgt.sys
2010-11-26 04:17 . 2009-11-02 19:46 5555712 ----a-w- c:\windows\system32\drivers\ati2mtag.sys
2010-11-26 03:57 . 2010-02-05 15:21 16748544 ----a-w- c:\windows\system32\atioglxx.dll
2010-11-26 03:23 . 2010-02-05 15:21 471040 ----a-w- c:\windows\system32\atiok3x2.dll
2010-11-26 03:12 . 2010-02-05 15:21 311296 ----a-w- c:\windows\system32\atiiiexx.dll
2010-11-26 03:07 . 2010-02-05 15:21 57344 ----a-w- c:\windows\system32\aticalrt.dll
2010-11-26 03:07 . 2010-02-05 15:21 53248 ----a-w- c:\windows\system32\aticalcl.dll
2010-11-26 03:06 . 2010-02-05 15:21 4489216 ----a-w- c:\windows\system32\aticaldd.dll
2010-11-26 02:55 . 2010-02-05 15:21 462848 ----a-w- c:\windows\system32\ATIDEMGX.dll
2010-11-26 02:54 . 2009-08-21 02:27 302080 ----a-w- c:\windows\system32\ati2dvag.dll
2010-11-26 02:48 . 2009-08-21 01:57 3984864 ----a-w- c:\windows\system32\ati3duag.dll
2010-11-26 02:39 . 2010-02-05 15:21 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2010-11-26 02:34 . 2010-02-05 15:21 212992 ----a-w- c:\windows\system32\atipdlxx.dll
2010-11-26 02:34 . 2010-02-05 15:21 155648 ----a-w- c:\windows\system32\Oemdspif.dll
2010-11-26 02:34 . 2010-02-05 15:21 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
2010-11-26 02:34 . 2010-02-05 15:21 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2010-11-26 02:34 . 2010-02-05 15:21 159744 ----a-w- c:\windows\system32\ati2evxx.dll
2010-11-26 02:32 . 2010-02-05 15:21 614400 ----a-w- c:\windows\system32\ati2evxx.exe
2010-11-26 02:32 . 2009-08-21 01:42 2669696 ----a-w- c:\windows\system32\ativvaxx.dll
2010-11-26 02:31 . 2010-02-05 15:21 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
2010-11-26 02:30 . 2010-03-08 00:06 143360 ----a-w- c:\windows\system32\atiapfxx.exe
2010-11-26 02:26 . 2010-02-05 15:21 651264 ----a-w- c:\windows\system32\atikvmag.dll
2010-11-26 02:24 . 2010-02-05 15:21 196608 ----a-w- c:\windows\system32\atiadlxx.dll
2010-11-26 02:24 . 2010-02-05 15:21 17408 ----a-w- c:\windows\system32\atitvo32.dll
2010-11-26 02:18 . 2009-08-21 01:11 765952 ----a-w- c:\windows\system32\ati2cqag.dll
2010-11-26 02:16 . 2010-02-05 15:21 64512 ----a-w- c:\windows\system32\atimpc32.dll
2010-11-26 02:16 . 2010-02-05 15:21 64512 ----a-w- c:\windows\system32\amdpcom32.dll
2010-11-18 18:15 . 2009-10-25 15:55 86016 ----a-w- c:\windows\system32\isign32.dll
2010-11-05 05:02 . 2009-11-02 19:46 81920 ------w- c:\windows\system32\ieencode.dll
2010-11-05 05:02 . 2003-04-16 12:00 669696 ----a-w- c:\windows\system32\wininet.dll
2010-11-05 05:02 . 2003-04-16 12:00 61952 ----a-w- c:\windows\system32\tdc.ocx
2010-11-05 04:59 . 2009-11-02 19:46 370688 ------w- c:\windows\system32\html.iec
2010-11-02 15:17 . 2003-04-16 12:00 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2010-10-28 13:08 . 2003-04-16 12:00 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 13:58 . 2003-04-16 12:00 1853568 ----a-w- c:\windows\system32\win32k.sys
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domylne, prawid³owe wpisy nie s¹ pokazane
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
" BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} " = " c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe " [2006-12-23 143360]
" DAEMON Tools Lite " = " c:\program files\DAEMON Tools Lite\daemon.exe " [2008-07-24 490952]
" CTSyncU.exe " = " c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe " [2006-08-07 700416]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
" NeroFilterCheck " = " c:\program files\Common Files\Ahead\Lib\NeroCheck.exe " [2006-01-12 155648]
" SoundMAXPnP " = " c:\program files\Analog Devices\Core\smax4pnp.exe " [2006-12-18 868352]
" StartCCC " = " c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe " [2009-08-26 98304]
" ATICustomerCare " = " c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe " [2009-06-14 307200]
" Lycosa " = " c:\program files\Razer\Lycosa\razerhid.exe " [2008-10-16 147456]
" TkBellExe " = " c:\program files\Common Files\Real\Update_OB\realsched.exe " [2010-03-17 202256]
" SunJavaUpdateSched " = " c:\program files\Common Files\Java\Java Update\jusched.exe " [2010-05-14 248552]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
" CTFMON.EXE " = " c:\windows\System32\CTFMON.EXE " [2008-04-14 15360]
c:\documents and settings\All Users.WINDOWS\Menu Start\Programy\Autostart\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
" %windir%\\system32\\sessmgr.exe " =
" c:\\Program Files\\uTorrent\\uTorrent.exe " =
" c:\\Program Files\\Ventrilo\\Ventrilo.exe " =
" c:\\Program Files\\VentSrv\\ventrilo_srv.exe " =
" %windir%\\Network Diagnostic\\xpnetdiag.exe " =
" c:\\Program Files\\Mass Effect\\MassEffectLauncher.exe " =
" c:\\Program Files\\Mass Effect 2\\MassEffect2Launcher.exe " =
" c:\\Program Files\\Gadu-Gadu 10\\gg.exe " =
" c:\\Program Files\\Xfire\\Xfire.exe " =
" c:\\Program Files\\Mass Effect 2\\Binaries\\UT3.exe " =
" d:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2main.exe " =
" d:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2main_amdxp.exe " =
" d:\\Program Files\\Atari\\Neverwinter Nights 2\\nwupdate.exe " =
" d:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2server.exe " =
" d:\\Program Files\\Steam\\SteamApps\\resheph606\\day of defeat source\\hl2.exe " =
" d:\\Program Files\\Microsoft Games\\Freelancer\\EXE\\Freelancer.exe " =
" d:\\Program Files\\GSC World Publishing\\S.T.A.L.K.E.R. - Zew Prypeci\\bin\\xrEngine.exe " =
" d:\\Program Files\\GSC World Publishing\\S.T.A.L.K.E.R. - Zew Prypeci\\bin\\dedicated\\xrEngine.exe " =
" c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe " =
" c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe " =
" c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe " =
" c:\\Program Files\\ICQ7.2\\ICQ.exe " =
" c:\\Program Files\\ICQ7.2\\aolload.exe " =
" c:\\Program Files\\Skype\\Phone\\Skype.exe " =
" c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe " =
" d:\\Program Files\\Steam\\SteamApps\\resheph606\\counter-strike source\\hl2.exe " =
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2009-11-02 717296]
R1 atinrnt;atinrnt;c:\windows\system32\drivers\atinrnt.sys [2011-01-06 18944]
R2 NIHardwareService;NIHardwareService;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [2009-07-17 3576320]
R3 LycoFltr;Lycosa Keyboard;c:\windows\system32\drivers\Lycosa.sys [2010-02-05 16896]
S2 gupdate;Us³uga Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-04-02 136176]
S3 MA763010;M-Audio Fast Track;c:\windows\system32\drivers\MA763010.sys [2009-11-07 30848]
.
Zawartoæ folderu 'Zaplanowane zadania'
2011-01-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-02 19:55]
2011-01-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-02 19:55]
2011-01-09 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1614895754-1229272821-839522115-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 21:09]
2011-01-03 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1614895754-1229272821-839522115-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 21:09]
.
.
------- Skan uzupe³niaj¹cy -------
.
IE: E & ksport do programu Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Thorgar.KONRAD\Dane aplikacji\Mozilla\Firefox\Profiles\cnqbhbh2.default\
FF - Ext: Kaspersky URL Advisor: linkfilter@kaspersky.ru - c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Personas: personas@christopher.beard - %profile%\extensions\personas@christopher.beard
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - %profile%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
.
- - - - USUNIÊTO PUSTE WPISY - - - -
HKCU-Run-AtiTrayTools - c:\program files\Ray Adams\ATI Tray Tools\atitray.exe
AddRemove-Blood Omen 2 - d:\program files\Eidos Interactive\Blood Omen 2\uninstbo2.exe
AddRemove-{EE74D039-45D7-44E9-BF95-B9CFB015964F_PL_P1}_is1 - d:\program files\JoWooD Entertainment AG\ArcaniA - Gothic 4\unins000.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-09 14:25
Windows 5.1.2600 Dodatek Service Pack 3 NTFS
skanowanie ukrytych procesów ...
skanowanie ukrytych wpisów autostartu ...
skanowanie ukrytych plików ...
skanowanie pomylnie ukoñczone
ukryte pliki: 0
**************************************************************************
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@= " FlashBroker "
" LocalizedString " = " @c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101 "
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
" Enabled " =dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@= " c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe "
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@= " {FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@= " IFlashBroker4 "
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@= " {00020424-0000-0000-C000-000000000046} "
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@= " {FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
" Version " = " 1.0 "
.
--------------------- Pliki DLL ³adowane pod uruchomionymi procesami ---------------------
- - - - - - - & gt; 'winlogon.exe'(860)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
Czas ukoñczenia: 2011-01-09 14:26:50
ComboFix-quarantined-files.txt 2011-01-09 13:26
Przed: 15 982 628 864 bajtów wolnych
Po: 27 516 080 128 bajtów wolnych
WindowsXP-KB310994-SP2-Home-BootDisk-PLK.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT= " Microsoft Windows Recovery Console " /cmdcons
UnsupportedDebug= " do not select this " /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS= " Microsoft Windows XP Home Edition " /fastdetect /NoExecute=OptIn
- - End Of File - - C3B12A829939D583CF04282FAE66330D