Działa nie działa

11 sierpnia 2007

Witam mam jeden mały problem a mianowicie po właczeniu komputerka internet działa...

Po okolo godzinie juz Internet Explorer wyswietla komunikat ze niemozna wyswietlic strony...

Włanczam Panel Sterowania - Połaczenia sieciowe i internetowe - Połączenia sieciowe - Połączenie lokalne i... pokazuje ze Stan: Połączono, mimo że niechce wyświetlic żadnej strony...

Gdy ściagalem Patha do Gry(byl bardzo obszerny) ukończył ściaganie do końca mimo że w połowie juz nie chciało wyswietlac stron...

11 sierpnia 2007

Może masz infekcje daj logi z Hijackthis'a i Combofix'a

11 sierpnia 2007

Logfile of HijackThis v1.99.1

Scan saved at 21:42:30, on 2007-08-11

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:

C:WINDOWSSystem32smss.exe

C:WINDOWSsystem32winlogon.exe

C:WINDOWSsystem32services.exe

C:WINDOWSsystem32lsass.exe

C:WINDOWSsystem32svchost.exe

C:WINDOWSSystem32svchost.exe

C:Documents and SettingsRomDane aplikacjisvchost.exe

C:WINDOWSExplorer.EXE

C:WINDOWSSystem32svchost.exe

C:WINDOWSsystem32spoolsv.exe

C:WINDOWSSystem32carpserv.exe

C:Program FilesSpyware TerminatorSpywareTerminatorShield.exe

C:DOCUME~1RomUSTAWI~1Tempwinlogon.exe

C:WINDOWSsystem32driversKodakCCS.exe

C:Program FilesCommon FilesMicrosoft SharedVS7Debugmdm.exe

C:WINDOWSSystem32nvsvc32.exe

C:Program FilesSpyware Terminatorsp_rsser.exe

C:Program FilesAlcohol SoftAlcohol 120StarWindStarWindService.exe

C:WINDOWSSystem32svchost.exe

C:Program FilesInternet Exploreriexplore.exe

C:DAPDAP.EXE

C:DAPdapdownloadhijackthisHijackThis.exe

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.google.pl/

R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza

F2 - REG:system.ini: UserInit=C:WINDOWSsystem32userinit.exe,C:Documents and SettingsRomDane aplikacjisvchost.exe,C:Documents and SettingsRomDane aplikacji[system Process],

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesProgramyAdobe readerActiveXAcroIEHelper.dll

O2 - BHO: (no name) - {674DDFA6-BB3D-427B-961F-E9EEEF293004} - C:WINDOWSsystem32vtuvvur.dll (file missing)

O2 - BHO: (no name) - {C6039E6C-BDE9-4de5-BB40-768CAA584FDC} - C:WINDOWSSystem32anybsbvy.dll

O2 - BHO: (no name) - {E278DB47-4F0B-4767-B1E8-8CBA67518ECB} - C:WINDOWSSystem32pmkhe.dll (file missing)

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:WINDOWSSystem32msdxm.ocx

O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSSystem32NvCpl.dll,NvStartup

O4 - HKLM..Run: [nwiz] nwiz.exe /install

O4 - HKLM..Run: [CARPService] carpserv.exe

O4 - HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSSystem32NvMcTray.dll,NvTaskbarInit

O4 - HKLM..Run: [QuickTime Task] "C:Program FilesQuickTimeqttask.exe" -atboottime

O4 - HKLM..Run: [sony Ericsson PC Suite] "C:Program FilesSony EricssonMobile2Application LauncherApplication Launcher.exe" /startoptions

O4 - HKLM..Run: [spywareTerminator] "C:Program FilesSpyware TerminatorSpywareTerminatorShield.exe"

O4 - HKLM..Run: [systemOptimizer] rundll32.exe "C:WINDOWSSystem32lcykoahl.dll",forkonce

O4 - HKCU..Run: [Firewall auto setup] C:DOCUME~1RomUSTAWI~1Tempwinlogon.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:Program FilesProgramyAdobe readerReaderreader_sl.exe

O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:Program FilesInterVideoCommonBinWinCinemaMgr.exe

O4 - Global Startup: Kodak EasyShare software.lnk = C:Program FilesKodakKodak EasyShare softwarebinEasyShare.exe

O4 - Global Startup: KODAK Software Updater.lnk = C:Program FilesKodakKODAK Software Updater7288971ProgramKodak Software Updater.exe

O4 - Global Startup: Microsoft Office.lnk = C:Program FilesMicrosoft OfficeOffice10OSA.EXE

O8 - Extra context menu item: &Clean Traces - C:DAPPrivacy Packagedapcleanerie.htm

O8 - Extra context menu item: &Download with &DAP - C:DAPdapextie.htm

O8 - Extra context menu item: Download &all with DAP - C:DAPdapextie2.htm

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:PROGRA~1MICROS~2Office10EXCEL.EXE/3000

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:WINDOWSwebrelated.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:WINDOWSwebrelated.htm

O20 - Winlogon Notify: pmkhe - C:WINDOWSSystem32pmkhe.dll (file missing)

O20 - Winlogon Notify: vtuvvur - vtuvvur.dll (file missing)

O23 - Service: ICF - Unknown owner - C:WINDOWSSystem32svchost.exe:exe.exe

O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:WINDOWSsystem32driversKodakCCS.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:WINDOWSSystem32nvsvc32.exe

O23 - Service: Spyware Terminator Clam Service (sp_clamsrv) - Crawler.com - C:Program FilesWinClamAVShieldsp_clamsrv.exe

O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:Program FilesSpyware Terminatorsp_rsser.exe

O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:Program FilesAlcohol SoftAlcohol 120StarWindStarWindService.exe

[ Dodano: 2007-08-11, 22:00 ]

ComboFix 07-08-09.3 - "Rom" 2007-08-11 21:46:33.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.0.1250.1.1045.18.63 [GMT 2:00]

* Created a new restore point

ADS removed - svchost.exe: deleted 58880 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

Infected copy of C:WINDOWSsystem32driversndis.sys was found & disinfected

C:DOCUME~1RomDANEAP~1.macromediaFlash Player#SharedObjects6Y5TSS6Uwww.broadcaster.com

C:DOCUME~1RomDANEAP~1.macromediaFlash Player#SharedObjects6Y5TSS6Uwww.broadcaster.complayed_list.sol

C:DOCUME~1RomDANEAP~1.macromediaFlash Player#SharedObjects6Y5TSS6Uwww.broadcaster.comvideo_queue.sol

C:DOCUME~1RomDANEAP~1.macromediaFlash Playermacromedia.comsupportflashplayersys#www.broadcaster.com

C:DOCUME~1RomDANEAP~1.macromediaFlash Playermacromedia.comsupportflashplayersys#www.broadcaster.comsettings.sol

C:DOCUME~1RomDANEAP~1..err.log

C:WINDOWSreginid_pt.exe

C:WINDOWSsmsys.dat

C:WINDOWSsystem32a.dll

C:WINDOWSsystem32abjlxawb.dll

C:WINDOWSsystem32anybsbvy.dll

C:WINDOWSsystem32appjqtja.dll

C:WINDOWSsystem32aserjfew.dll

C:WINDOWSsystem32awlqybyu.ini

C:WINDOWSsystem32bermwvhs.ini

C:WINDOWSsystem32betmengs.dll

C:WINDOWSsystem32bgqncfio.dll

C:WINDOWSsystem32bijaufxo.dll

C:WINDOWSsystem32bkikbror.dll

C:WINDOWSsystem32bmmkckul.dll

C:WINDOWSsystem32buhmmwco.dll

C:WINDOWSsystem32bwaxljba.ini

C:WINDOWSsystem32bwgbuoox.ini

C:WINDOWSsystem32bwhtuurh.ini

C:WINDOWSsystem32ccbakndr.ini

C:WINDOWSsystem32cjphvbtp.ini

C:WINDOWSsystem32cowfuoss.dll

C:WINDOWSsystem32cqdupavx.dll

C:WINDOWSsystem32cvkkpurk.dll

C:WINDOWSsystem32DefLib.sys

C:WINDOWSsystem32djbmymun.dll

C:WINDOWSsystem32dmvtxsyk.ini

C:WINDOWSsystem32dutteboq.dll

C:WINDOWSsystem32eckvvesu.dll

C:WINDOWSsystem32edhcdvwh.dll

C:WINDOWSsystem32ehkmp.bak1

C:WINDOWSsystem32ehkmp.bak2

C:WINDOWSsystem32ehkmp.ini

C:WINDOWSsystem32ehkmp.ini2

C:WINDOWSsystem32ehkmp.tmp

C:WINDOWSsystem32fblceqqv.dll

C:WINDOWSsystem32frksenav.dll

C:WINDOWSsystem32gaabdmma.dll

C:WINDOWSsystem32grwnqcch.dll

C:WINDOWSsystem32hkybmhyk.ini

C:WINDOWSsystem32hruuthwb.dll

C:WINDOWSsystem32innofmeu.dll

C:WINDOWSsystem32ivwhoscv.ini

C:WINDOWSsystem32jdddlosr.dll

C:WINDOWSsystem32jfkxmrst.dll

C:WINDOWSsystem32jopfinrq.ini

C:WINDOWSsystem32jrjdteye.dll

C:WINDOWSsystem32kjgqgovk.dll

C:WINDOWSsystem32krxwagcv.dll

C:WINDOWSsystem32kvogqgjk.ini

C:WINDOWSsystem32kxmkhgit.dll

C:WINDOWSsystem32kyhmbykh.dll

C:WINDOWSsystem32kysxtvmd.dll

C:WINDOWSsystem32lcdcgdik.dll

C:WINDOWSsystem32lcykoahl.dll

C:WINDOWSsystem32lhaokycl.ini

C:WINDOWSsystem32lksllkxo.dll

C:WINDOWSsystem32lukckmmb.ini

C:WINDOWSsystem32netdinqo.dll

C:WINDOWSsystem32nfeoylss.dll

C:WINDOWSsystem32nhjhfsfx.dll

C:WINDOWSsystem32nkpbdrxj.dll

C:WINDOWSsystem32nxsdtqfj.dll

C:WINDOWSsystem32nxulcdsg.dll

C:WINDOWSsystem32oqnidten.ini

C:WINDOWSsystem32ovfpunxa.dll

C:WINDOWSsystem32oxfuajib.ini

C:WINDOWSsystem32oxkllskl.ini

C:WINDOWSsystem32paadwjhl.dll

C:WINDOWSsystem32ptbvhpjc.dll

C:WINDOWSsystem32pwfyhhgu.dll

C:WINDOWSsystem32qobettud.ini

C:WINDOWSsystem32qqxlyomx.dll

C:WINDOWSsystem32qrnifpoj.dll

C:WINDOWSsystem32qwnpycrm.dll

C:WINDOWSsystem32rcgpntgo.dll

C:WINDOWSsystem32rdnkabcc.dll

C:WINDOWSsystem32reginia_pt.exe

C:WINDOWSsystem32reginib_pt.exe

C:WINDOWSsystem32reginid_pt.exe

C:WINDOWSsystem32reginix86b.dll

C:WINDOWSsystem32reginix86d.dll

C:WINDOWSsystem32reginix86d.exe

C:WINDOWSsystem32rnpcdokr.dll

C:WINDOWSsystem32romfdvrh.dll

C:WINDOWSsystem32rtffebjt.dll

C:WINDOWSsystem32rytewtox.dll

C:WINDOWSsystem32scoasjyi.dll

C:WINDOWSsystem32sgnemteb.ini

C:WINDOWSsystem32shvwmreb.dll

C:WINDOWSsystem32siqprijt.dll

C:WINDOWSsystem32sslyoefn.ini

C:WINDOWSsystem32tjirpqis.ini

C:WINDOWSsystem32tnykdcaw.dll

C:WINDOWSsystem32totour.exe

C:WINDOWSsystem32uemfonni.ini

C:WINDOWSsystem32ughhyfwp.ini

C:WINDOWSsystem32usevvkce.ini

C:WINDOWSsystem32uybyqlwa.dll

C:WINDOWSsystem32vcgawxrk.ini

C:WINDOWSsystem32vcsohwvi.dll

C:WINDOWSsystem32wefjresa.ini

C:WINDOWSsystem32wlrvgqqu.dll

C:WINDOWSsystem32xfsfhjhn.ini

C:WINDOWSsystem32xmoylxqq.ini

C:WINDOWSsystem32xooubgwb.dll

C:WINDOWSsystem32xoufvrvy.dll

C:WINDOWSsystem32xvapudqc.ini

C:WINDOWSsystem32ydaldhny.ini

C:WINDOWSsystem32ynhdlady.dll

C:WINDOWSsystem32yvrvfuox.ini

C:WINDOWSWebAssist.dll

C:WINDOWSxhelper.dll

Restored copy from - C:WINDOWSsystem32dllcachendis.sys

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

-------LEGACY_DOMAINSERVICE

-------LEGACY_FWDRV.SYS

-------LEGACY_ICF

-------LEGACY_SYSLIBRARY

-------asc3550u

-------fwdrv.sys

-------ICF

-------qqd.sys

-------SysLibrary

((((((((((((((((((((((((( Files Created from 2007-07-11 to 2007-08-11 )))))))))))))))))))))))))))))))

2007-08-30 16:53 126,016 --a------ C:WINDOWSsystem32siujbtds.dll

2007-08-30 11:42 126,016 --a------ C:WINDOWSsystem32trohivwy.dll

2007-08-30 10:05 126,016 --a------ C:WINDOWSsystem32juirpvvy.dll

2007-08-29 20:28 126,016 --a------ C:WINDOWSsystem32rfpnipud.dll

2007-08-29 10:32 126,016 --a------ C:WINDOWSsystem32vxsyqmvk.dll

2007-08-28 17:03 <DIR> d-------- C:DOCUME~1RomDANEAP~1Gadu-Gadu

2007-08-11 21:45 51,200 --a------ C:WINDOWSnircmd.exe

2007-08-11 14:48 0 --a------ C:WINDOWSnsreg.dat

2007-08-11 12:17 4,682 --a------ C:WINDOWSsystem32npptNT2.sys

2007-08-09 09:40 <DIR> d-------- C:Program FilesWinClamAVShield

2007-07-25 18:33 126,016 --a------ C:WINDOWSsystem32smwvtrcd.dll

2007-07-25 14:40 126,016 --a------ C:WINDOWSsystem32rrsyccip.dll

2007-07-25 08:30 126,016 --a------ C:WINDOWSsystem32kalglhhf.dll

2007-07-24 20:07 126,016 --a------ C:WINDOWSsystem32dhwxdxuk.dll

2007-07-20 11:39 <DIR> d-------- C:Program FilesCommon FilesVivendi Universal Games

2007-07-20 11:39 <DIR> d-------- C:Program FilesBarbie

2007-07-20 11:39 <DIR> d-------- C:DOCUME~1ALLUSE~1DANEAP~1Vivendi Universal Games

2007-07-17 18:15 <DIR> d-------- C:UnrealTournament

2007-07-12 13:17 <DIR> d-------- C:Program FilesTacmi

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-09-05 17:36 65536 --a------ C:DOCUME~1RomDANEAP~1svchost.exe

2007-09-05 17:36 12800 --a--c--- C:WINDOWSsystem32dllcachesvchost.exe

2007-09-05 17:36 12800 --a------ C:WINDOWSsystem32svchost.exe

2007-08-29 11:51 --------- d-------- C:DOCUME~1RomDANEAP~1BearShare

2007-08-28 15:19 --------- d-------- C:Program FilesProgramy

2007-08-10 12:44 --------- d-------- C:Program FilesSpyware Terminator

2007-07-26 08:41 --------- d--h----- C:Program FilesInstallShield Installation Information

2007-07-25 15:40 163644 --a------ C:WINDOWSsystem32driverssecdrv.sys

2007-07-25 15:22 --------- d-------- C:Program FilesJoWooD

2007-07-06 14:41 --------- d-------- C:Program FilesBurn4Free

2007-07-03 12:49 138368 --a------ C:WINDOWSsystem32driverssp_rsdrv2.sys

2007-07-03 12:47 --------- d-------- C:Program FilesCrawler

2007-07-02 21:51 --------- d-------- C:Program FilesXP Codec Pack

2007-07-02 21:48 --------- d-------- C:Program FilesKC Softwares

2007-07-02 21:47 --------- d-------- C:Program FilesDivX

2007-07-02 21:43 --------- d-------- C:Program FilesCommon FilesWise Installation Wizard

2007-07-02 21:40 --------- d-------- C:Program FilesMarBit

2007-06-30 21:55 --------- d-------- C:Program FilesBearShare Applications

2007-06-29 16:41 --------- d-------- C:Program FilesSymantec

2007-06-29 09:02 --------- d-------- C:Program FilesCommon FilesSymantec Shared

2007-06-29 09:01 --------- d-------- C:Program Filesivo

2007-06-29 08:56 --------- d-------- C:Program FilesNorton SystemWorks

2007-06-28 21:21 --------- d-------- C:Program FilesCommon FilesInterVideo

2007-06-28 21:19 --------- d-------- C:Program FilesInterVideo

2007-06-28 21:19 --------- d-------- C:Program FilesInterActual

2007-06-28 21:17 --------- d-------- C:Program FilesCreative

2007-06-27 15:37 737280 --a------ C:WINDOWSiun6002.exe

2007-06-23 13:24 956677 ---hs---- C:WINDOWSsystem32yycdd.bak2

2007-06-21 20:15 --------- d-------- C:Program Files3do

2007-06-21 17:49 81920 --a------ C:DOCUME~1RomDANEAP~1ezpinst.exe

2007-06-21 17:49 47360 --a------ C:DOCUME~1RomDANEAP~1pcouffin.sys

2007-06-21 17:49 --------- d-------- C:DOCUME~1RomDANEAP~1Vso

2007-06-21 17:46 14 --a------ C:WINDOWSsystem32systeminfo3.dll

2007-06-21 17:45 47360 --a------ C:WINDOWSsystem32driverspcouffin.sys

2007-06-21 17:32 --------- d-------- C:Program FilesAlcohol Soft

2007-06-21 17:27 639224 --a------ C:WINDOWSsystem32driverssptd.sys

2007-06-21 17:24 6570 ---hs---- C:WINDOWSsystem32yycdd.bak1

2007-06-21 17:13 --------- d-------- C:DOCUME~1RomDANEAP~1Ahead

2007-06-15 09:32 --------- d-------- C:DOCUME~1RomDANEAP~1Samsung

2007-06-15 09:31 --------- d-------- C:Program FilesSamsung

2007-06-12 09:13 0 --a------ C:WINDOWSPowerReg.dat

2007-06-07 21:10 20480 --a------ C:WINDOWSsystem32ac3config.exe

2007-05-24 18:43 23488 --a------ C:DOCUME~1RomDANEAP~1GDIPFONTCACHEV1.DAT

2007-05-23 15:59 4096 --a------ C:WINDOWSd3dx.dat

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE~Browser Helper Objects{E278DB47-4F0B-4767-B1E8-8CBA67518ECB}]

C:WINDOWSSystem32pmkhe.dll

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]

"NvCplDaemon"="C:WINDOWSSystem32NvCpl.dll" [2006-10-22 12:22]

"nwiz"="nwiz.exe" [2006-10-22 12:22 C:WINDOWSsystem32nwiz.exe]

"CARPService"="carpserv.exe" [2002-11-19 13:17 C:WINDOWSsystem32carpserv.exe]

"NvMediaCenter"="C:WINDOWSSystem32NvMcTray.dll" [2006-10-22 12:22]

"QuickTime Task"="C:Program FilesQuickTimeqttask.exe" [2007-05-04 15:54]

"Sony Ericsson PC Suite"="C:Program FilesSony EricssonMobile2Application LauncherApplication Launcher.exe" [2005-10-26 16:17]

"SpywareTerminator"="C:Program FilesSpyware TerminatorSpywareTerminatorShield.exe" [2007-07-03 12:48]

C:Documents and SettingsAll UsersMenu StartProgramyAutostart

Adobe Reader Speed Launch.lnk - C:Program FilesProgramyAdobe readerReaderreader_sl.exe [2005-09-24 07:05:26]

InterVideo WinCinema Manager.lnk - C:Program FilesInterVideoCommonBinWinCinemaMgr.exe [2007-06-28 21:19:53]

Kodak EasyShare software.lnk - C:Program FilesKodakKodak EasyShare softwarebinEasyShare.exe [2004-08-11 02:22:40]

KODAK Software Updater.lnk - C:Program FilesKodakKODAK Software Updater7288971ProgramKodak Software Updater.exe [2004-02-13 14:12:08]

Microsoft Office.lnk - C:Program FilesMicrosoft OfficeOffice10OSA.EXE [2001-02-13 10:01:04]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwinlogonnotifypmkhe]

C:WINDOWSSystem32pmkhe.dll

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwinlogonnotifyvtuvvur]

vtuvvur.dll

R1 DcCam;Kodak Camera Proxy;C:WINDOWSSystem32DRIVERSDcCam.sys

R1 sp_rsdrv2;Spyware Terminator Driver 2;??C:WINDOWSSystem32driverssp_rsdrv2.sys

R2 DCFS2K;Kodak DCFS2K Driver;C:WINDOWSSystem32driversdcfs2k.sys

R2 StreamDispatcher;StreamDispatcher;C:WINDOWSSystem32DRIVERSstrmdisp.sys

S1 Exportit;Exportit;C:WINDOWSSystem32DRIVERSexportit.sys

S3 DcFpoint;DcFpoint;C:WINDOWSSystem32DRIVERSDcFpoint.sys

S3 DcLps;Legacy Polling Service;C:WINDOWSSystem32DRIVERSDcLps.sys

S3 DcPTP;dcptp;C:WINDOWSSystem32DRIVERSDcPTP.sys

S3 k750bus;Sony Ericsson 750 driver (WDM);C:WINDOWSSystem32DRIVERSk750bus.sys

S3 k750mdfl;Sony Ericsson 750 USB WMC Modem Filter;C:WINDOWSSystem32DRIVERSk750mdfl.sys

S3 k750mdm;Sony Ericsson 750 USB WMC Modem Drivers;C:WINDOWSSystem32DRIVERSk750mdm.sys

S3 k750mgmt;Sony Ericsson 750 USB WMC Device Management Drivers;C:WINDOWSSystem32DRIVERSk750mgmt.sys

S3 k750obex;Sony Ericsson 750 USB WMC OBEX Interface Drivers;C:WINDOWSSystem32DRIVERSk750obex.sys

S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:WINDOWSSystem32DRIVERSss_bus.sys

S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:WINDOWSSystem32DRIVERSss_mdfl.sys

S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:WINDOWSSystem32DRIVERSss_mdm.sys

S3 XDva009;XDva009;??C:WINDOWSSystem32XDva009.sys

S3 XDva010;XDva010;??C:WINDOWSSystem32XDva010.sys

*Newly Created Service* - ALG

*Newly Created Service* - IPNAT

Contents of the 'Scheduled Tasks' folder

2007-08-11 07:00:00 C:WINDOWSTasksAt10.job

2007-08-11 08:00:02 C:WINDOWSTasksAt11.job

2007-08-11 09:00:02 C:WINDOWSTasksAt12.job

2007-08-11 10:00:02 C:WINDOWSTasksAt13.job

2007-08-11 11:00:01 C:WINDOWSTasksAt14.job

2007-08-11 12:00:00 C:WINDOWSTasksAt15.job - C:WINDOWSSystem323sQ40Nek.exe

2007-08-11 13:00:02 C:WINDOWSTasksAt16.job

2007-08-11 14:00:01 C:WINDOWSTasksAt17.job

2007-08-11 15:00:00 C:WINDOWSTasksAt18.job - C:WINDOWSSystem323sQ40Nek.exe

2007-08-11 16:00:04 C:WINDOWSTasksAt19.job

2007-07-01 08:07:17 C:WINDOWSTasksAt2.job - C:WINDOWSSystem323sQ40Nek.exe

2007-08-10 17:00:02 C:WINDOWSTasksAt20.job

2007-08-11 18:00:03 C:WINDOWSTasksAt21.job

2007-08-11 19:00:02 C:WINDOWSTasksAt22.job

2007-08-09 20:00:00 C:WINDOWSTasksAt23.job

2007-08-28 21:00:00 C:WINDOWSTasksAt24.job - C:WINDOWSSystem323sQ40Nek.exe

2007-07-01 08:07:17 C:WINDOWSTasksAt3.job - C:WINDOWSSystem323sQ40Nek.exe

2007-07-01 08:07:17 C:WINDOWSTasksAt4.job - C:WINDOWSSystem323sQ40Nek.exe

2007-07-01 08:07:17 C:WINDOWSTasksAt5.job

2007-07-01 08:07:17 C:WINDOWSTasksAt6.job - C:WINDOWSSystem323sQ40Nek.exe

2007-07-01 08:07:17 C:WINDOWSTasksAt7.job - C:WINDOWSSystem323sQ40Nek.exe

2007-07-01 08:07:17 C:WINDOWSTasksAt8.job - C:WINDOWSSystem323sQ40Nek.exe

2007-08-06 06:00:00 C:WINDOWSTasksAt9.job

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-08-11 21:53:25

Windows 5.1.2600 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionPrefetcher]

"TracesProcessed"=dword:000001a0

[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExplorerMenuOrderFavorit

sA151c]

"Order"=hex:08,00,00,00,02,00,00,00,66,02,00,00,01,00,00,00,05,00,00,00,8c,..

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

Completion time: 2007-08-11 21:57:05 - machine was rebooted

C:ComboFix-quarantined-files.txt ... 2007-08-11 21:56

--- E O F ---

11 sierpnia 2007

nie znam się na logach ale może porozmawiaj z operatorem bo może jest jakaś awaria czy co.

Ps.Ja mam tak co tydzień a nieraz co 2-3 dni ;( ale na szczęście zmieniam neta

11 sierpnia 2007

nie to nie od operatora bo gdy sie internet wyłączy to wystarczy zrestartować kąpa dziwne to ale tak jest choć zaczyna mnie to już irytowac bo ile mozna restartowac kąpa xD

11 sierpnia 2007

Zablokuj porty programami WWDC i Seconfig XP

Hijackthis: Skauj wpisy i pliki zaznaczone na czarno

C:Documents and SettingsRomDane aplikacjisvchost.exe
C:DOCUME~1RomUSTAWI~1Tempwinlogon.exe

O2 - BHO: (no name) - {674DDFA6-BB3D-427B-961F-E9EEEF293004} - C:WINDOWSsystem32vtuvvur.dll

O2 - BHO: (no name) - {E278DB47-4F0B-4767-B1E8-8CBA67518ECB} - C:WINDOWSSystem32pmkhe.dll

O4 - HKCU..Run: [Firewall auto setup] C:DOCUME~1RomUSTAWI~1Tempwinlogon.exe

O20 - Winlogon Notify: pmkhe - C:WINDOWSSystem32pmkhe.dll

O20 - Winlogon Notify: vtuvvur - vtuvvur.dll

O23 - Service: ICF - Unknown owner - C:WINDOWSSystem32svchost.exe:exe.exe

Te pliki: C:WINDOWSSystem32lcykoahl.dll

C:WINDOWSSystem32anybsbvy.dll

- Przeskanuj na http://www.virustotal.com/

- Następnie wygeneruj nowe logi zobaczymy czy zrobiłęs wszystko ok.

Co do logów z ComboFix'a się nie dotykam, musisz poczekać na CatchMe

12 sierpnia 2007

Logfile of HijackThis v1.99.1

Scan saved at 09:54:13, on 2007-08-12

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:

C:WINDOWSSystem32smss.exe

C:WINDOWSsystem32winlogon.exe

C:WINDOWSsystem32services.exe

C:WINDOWSsystem32lsass.exe

C:WINDOWSsystem32svchost.exe

C:WINDOWSSystem32svchost.exe

C:WINDOWSExplorer.EXE

C:WINDOWSsystem32spoolsv.exe

C:WINDOWSSystem32carpserv.exe

C:WINDOWSsystem32driversKodakCCS.exe

C:Program FilesCommon FilesMicrosoft SharedVS7Debugmdm.exe

C:Program FilesKodakKODAK Software Updater7288971ProgramKodak Software Updater.exe

C:WINDOWSSystem32nvsvc32.exe

C:Program FilesCommon FilesTeleca SharedCapabilityManager.exe

C:Program FilesSpyware Terminatorsp_rsser.exe

C:Program FilesAlcohol SoftAlcohol 120StarWindStarWindService.exe

C:WINDOWSSystem32svchost.exe

C:Program Filesinternet exploreriexplore.exe