Witam serdecznie Mam tak problem otóż, jak w temacie komp mi wysyła miliony pakietów. Przeskanowałem go combofixem (przed skanowaniem ad aware jaki i po) ad aware 6 free. Ad aware znalazł 8 zarazonych plikow i odrazu je usunął, ale to chyba nie wszystkie bo nadal wysyła i odbiera. Z góry dzieki za pomoc
ComboFix 11-12-06.02 - Kasia 2011-12-09 9:58.3.2 - x86
Microsoft Windows 7 Professional 6.1.7600.0.1250.48.1045.18.2940.1769 [GMT 1:00]
Uruchomiony z: F:\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Pliki utworzone od 2011-11-09 do 2011-12-09 )))))))))))))))))))))))))))))))
.
.
2011-12-09 09:03 . 2011-12-09 09:03 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-08 22:40 . 2011-12-08 22:40 100 ---ha-w- C:\aaw7boot.cmd
2011-12-08 19:41 . 2011-12-08 19:34 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-12-08 19:34 . 2011-12-08 19:34 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-12-08 19:32 . 2011-12-08 19:32 -------- d-----w- c:\users\Kasia\AppData\Local\adaware
2011-12-08 19:32 . 2011-12-08 19:45 -------- d-----w- c:\programdata\Ad-Aware Browsing Protection
2011-12-08 19:32 . 2011-12-08 19:32 -------- d-----w- c:\program files\Toolbar Cleaner
2011-12-08 19:32 . 2011-12-08 19:32 -------- d-----w- c:\program files\adawaretb
2011-12-08 19:32 . 2011-12-08 19:32 -------- dc----w- c:\windows\system32\DRVSTORE
2011-12-08 19:32 . 2011-12-02 06:49 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-12-08 19:32 . 2011-12-08 19:32 -------- d-----w- c:\programdata\Lavasoft
2011-12-07 21:56 . 2011-12-07 21:56 -------- d-----w- c:\users\Kasia\AppData\Roaming\Lavasoft
2011-12-07 21:55 . 2011-12-08 19:32 -------- d-----w- c:\program files\Lavasoft
2011-12-07 20:24 . 2011-11-28 17:51 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-12-07 20:24 . 2011-11-28 17:53 314456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-12-07 20:24 . 2011-11-28 17:52 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-12-07 20:24 . 2011-11-28 17:52 52952 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-12-07 20:24 . 2011-11-28 17:53 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-12-07 20:24 . 2011-11-28 17:52 55128 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-12-07 20:24 . 2011-11-28 18:01 41184 ----a-w- c:\windows\avastSS.scr
2011-12-07 20:24 . 2011-11-28 18:01 199816 ----a-w- c:\windows\system32\aswBoot.exe
2011-11-27 11:09 . 2011-12-02 21:45 -------- d-----w- C:\Torrent
2011-11-24 11:17 . 1998-09-02 08:28 38160 ----a-w- c:\windows\system32\LMRTREND.dll
2011-11-24 11:17 . 1998-09-02 08:28 155408 ----a-w- c:\windows\system32\LMRT.dll
2011-11-24 11:17 . 1998-08-27 04:51 182032 ----a-w- c:\windows\system32\dxtmsft3.dll
2011-11-24 11:17 . 1998-08-20 11:02 140800 ----a-w- c:\windows\system32\tm20dec.ax
2011-11-24 11:17 . 1998-09-02 08:28 63488 ----a-w- c:\windows\system32\unam4ie.exe
2011-11-24 11:17 . 1998-09-02 08:02 109840 ----a-w- c:\program files\Windows Media Player\mplayer2.exe
2011-11-24 11:17 . 1998-08-20 10:38 217984 ----a-w- c:\windows\system32\strmdll.dll
2011-11-24 11:17 . 1998-08-17 09:21 5672 ----a-w- c:\windows\system32\quartz.vxd
2011-11-24 11:17 . 1998-08-17 09:21 10240 ----a-w- c:\windows\system32\vidx16.dll
2011-11-24 11:17 . 1998-08-17 09:21 11776 ----a-w- c:\windows\system32\mciqtz.drv
2011-11-24 11:16 . 1998-09-02 08:02 194320 ----a-w- c:\windows\system32\qcut.dll
2011-11-24 11:16 . 2011-11-24 11:16 4608 ----a-w- c:\windows\system32\w95inf32.dll
2011-11-24 11:16 . 2011-11-24 11:16 2272 ----a-w- c:\windows\system32\w95inf16.dll
2011-11-24 11:16 . 2011-11-24 11:16 -------- d-----w- c:\program files\Auralog
2011-11-21 10:22 . 2011-11-21 10:22 -------- d-----w- c:\program files\Common Files\Java
2011-11-11 21:06 . 2011-12-02 13:37 -------- d-----w- c:\users\Kasia\AppData\Roaming\ipla
2011-11-11 21:06 . 2011-11-11 22:32 -------- d-----w- c:\programdata\ipla
2011-11-11 21:06 . 2011-11-11 21:07 -------- d-----w- c:\programdata\RDRM
2011-11-11 21:06 . 2011-11-11 21:06 -------- d-----w- c:\program files\ipla
2011-11-11 21:06 . 2011-11-11 21:06 1700352 ----a-w- c:\windows\system32\gdiplus.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-16 18:59 . 2011-07-13 11:27 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-10 17:26 . 2011-10-10 17:26 8192 ----a-w- c:\windows\system32\srvany.exe
2011-10-08 10:03 . 2011-10-08 10:03 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2011-10-07 08:31 . 2011-10-07 08:31 113543 ----a-w- c:\windows\system32\slmgr.vbs
2011-10-07 08:22 . 2009-07-13 23:40 410624 ----a-w- c:\windows\system32\systemcpl.dll
2011-10-07 08:22 . 2009-07-13 23:36 13824 ----a-w- c:\windows\system32\slwga.dll
2011-10-07 08:22 . 2009-07-13 23:24 811520 ----a-w- c:\windows\system32\user32.dll
2011-10-03 04:06 . 2011-08-24 11:39 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-07-13 11:34 . 2011-07-13 11:40 1093632 ----a-w- c:\program files\BESTplayer.exe
2011-07-08 07:50 . 2011-11-21 10:31 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2011-10-07 . 8626F0C30D4E3564FFDD25C90F4426F1 . 811520 . . [6.1.7600.16385] . . c:\windows\System32\user32.dll
[7] 2009-07-14 . 34B7E222E81FAFA885F0C5F2CFA56861 . 811520 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domylne, prawid³owe wpisy nie s¹ pokazane
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
" {6c97a91e-4524-4019-86af-2aa2d567bf5c} " = " c:\program files\adawaretb\adawareDx.dll " [2011-11-29 86696]
.
[HKEY_CLASSES_ROOT\clsid\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
2011-11-29 19:15 86696 ----a-w- c:\program files\adawaretb\adawareDx.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
" {6c97a91e-4524-4019-86af-2aa2d567bf5c} " = " c:\program files\adawaretb\adawareDx.dll " [2011-11-29 86696]
.
[HKEY_CLASSES_ROOT\clsid\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@= " {472083B0-C522-11CF-8763-00608CC02F24} "
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
" DAEMON Tools Lite " = " c:\program files\DAEMON Tools Lite\DTLite.exe " [2010-04-01 357696]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
" IgfxTray " = " c:\windows\system32\igfxtray.exe " [2009-09-02 141848]
" HotKeysCmds " = " c:\windows\system32\hkcmd.exe " [2009-09-02 174104]
" Persistence " = " c:\windows\system32\igfxpers.exe " [2009-09-02 151064]
" RtHDVCpl " = " c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe " [2009-07-28 7625248]
" SynTPEnh " = " c:\program files\Synaptics\SynTP\SynTPEnh.exe " [2009-07-20 1545512]
" TWebCamera " = " c:\program files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe " [2009-08-11 2446648]
" BCSSync " = " c:\program files\Microsoft Office\Office14\BCSSync.exe " [2010-03-13 91520]
" NBAgent " = " c:\program files\Nero\Nero 10\Nero BackItUp\NBAgent.exe " [2010-04-02 1234216]
" SunJavaUpdateSched " = " c:\program files\Common Files\Java\Java Update\jusched.exe " [2011-06-09 254696]
" avast " = " c:\program files\AVAST Software\Avast\avastUI.exe " [2011-11-28 3744552]
" Ad-Aware Browsing Protection " = " c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe " [2011-11-14 197288]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
" adaware " = " reg.exe delete HKCU\Software\AppDataLow\Software\adaware " [X]
" adaware_XP " = " reg.exe delete HKCU\Software\adaware " [X]
.
c:\users\Kasia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
" ConsentPromptBehaviorAdmin " = 5 (0x5)
" ConsentPromptBehaviorUser " = 3 (0x3)
" EnableUIADesktopToggle " = 0 (0x0)
" EnableLinkedConnections " = 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@= " Service "
.
R2 KMService;KMService;c:\windows\system32\srvany.exe [2011-10-10 8192]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2011-12-08 2152152]
R2 PCSpeedUpService;PCSpeedUp Service;c:\program files\Przyspiesz Komputer\PCSpeedUpService.exe [2011-05-17 37600]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
R3 WatAdminSvc;WatAdminSvc;c:\windows\system32\Wat\WatAdminSvc.exe [2011-09-03 1343400]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2011-12-02 64512]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2011-10-08 691696]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-11-28 55128]
S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [2010-03-25 490280]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2009-07-07 7680]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2009-06-22 24064]
S3 RTL8167;Sterownik Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
.
--- Inne Us³ugi/Sterowniki w Pamiêci ---
.
*Deregistered* - Lavasoft Kernexplorer
.
Zawartoæ folderu 'Zaplanowane zadania'
.
2011-12-09 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-12-02 19:34]
.
.
------- Skan uzupe³niaj¹cy -------
.
uStart Page = hxxp://www.google.com/?rlz=1V1IPYX
IE: E & ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Kasia\AppData\Roaming\Mozilla\Firefox\Profiles\exxdgm4t.default\
FF - prefs.js: browser.search.selectedEngine - Search the Web
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/?rlz=1V1IPYX
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=utf-8 & rlz=1V2IPYX & q=
.
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
" BlindDial " =dword:00000000
" MSCurrentCountry " =dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
" BlindDial " =dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
" BlindDial " =dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Czas ukoñczenia: 2011-12-09 10:05:14
ComboFix-quarantined-files.txt 2011-12-09 09:05
ComboFix2.txt 2011-12-07 21:16
.
Przed: 54 982 836 224 bajtów wolnych
Po: 54 948 618 240 bajtów wolnych
.
- - End Of File - - D9DF31483D29DB047058F9F05BACEAFD