Na poczatku problem ten wystepowal przy co 6 laczeniu, w tej chwili praktycznie za kazdym razem.
Log z Hjacka
- Kod: Zaznacz wszystko
Logfile of HijackThis v1.99.1
Scan saved at 11:05:59, on 2008-10-18
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\PROGRA~1\NEOSTR~1\TaskBarIcon.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\neostrada tp\neostradatp.exe
C:\Program Files\neostrada tp\ComComp.exe
C:\PROGRA~1\NEOSTR~1\Toaster.exe
C:\PROGRA~1\NEOSTR~1\Inactivity.exe
C:\PROGRA~1\NEOSTR~1\PollingModule.exe
C:\Program Files\neostrada tp\Watch.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\dwwin.exe
C:\WINDOWS\system32\NOTEPAD.EXE
D:\Antyviry\Hijack\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9415C92C-E4BC-4200-8C58-F9879F70A361}: NameServer = 194.204.159.1 217.98.63.164
O17 - HKLM\System\CS1\Services\Tcpip\..\{9415C92C-E4BC-4200-8C58-F9879F70A361}: NameServer = 194.204.159.1 217.98.63.164
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
Log z Combofixa
- Kod: Zaznacz wszystko
ComboFix 08-10-17.01 - Karol 2008-10-18 11:02:13.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.670 [GMT 2:00]
Uruchomiony z: D:\Antyviry\ComboFix.exe
* Utworzono nowy punkt przywracania
* Resident AV is active
[COLOR=RED][B]UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !![/B][/COLOR]
.
((((((((((((((((((((((((( Pliki utworzone od 2008-09-18 do 2008-10-18 )))))))))))))))))))))))))))))))
.
2008-10-17 00:16 . 2008-10-17 00:21 <DIR> d-------- C:\My Downloads
2008-10-16 21:24 . 2008-10-16 21:24 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Wru
2008-10-16 21:22 . 2008-10-16 21:24 <DIR> d-------- C:\Program Files\Wru
2008-10-16 21:22 . 2004-04-09 18:12 1,040,384 --a------ C:\WINDOWS\system32\GnucDNA.dll
2008-10-16 21:13 . 2008-10-16 21:13 <DIR> d-------- C:\Documents and Settings\Karol\Dane aplikacji\ESET
2008-10-16 21:12 . 2008-10-16 21:12 <DIR> d-------- C:\Program Files\ESET
2008-10-16 21:12 . 2008-10-16 21:12 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\ESET
2008-10-16 20:47 . 2008-10-16 20:47 <DIR> d-------- C:\!FixIEDef
2008-10-15 21:45 . 2008-10-15 21:45 <DIR> d-------- C:\kav
2008-10-15 21:34 . 2008-10-15 22:42 <DIR> d-------- C:\Program Files\AIDA32 - Enterprise System Information
2008-10-15 16:05 . 2008-10-15 16:05 <DIR> d-------- C:\Program Files\Common Files\xing shared
2008-10-15 16:04 . 2008-10-15 16:04 <DIR> d-------- C:\Program Files\Real
2008-10-15 16:04 . 2008-10-15 16:05 <DIR> d-------- C:\Program Files\Common Files\Real
2008-10-15 11:56 . 2008-10-15 22:44 <DIR> d-------- C:\Program Files\Odkurzacz
2008-10-07 18:12 . 2008-10-07 18:12 <DIR> d-------- C:\WINDOWS\system32\Adobe
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-18 08:52 --------- d-----w C:\Program Files\neostrada tp
2008-10-17 18:12 --------- d-----w C:\Documents and Settings\Karol\Dane aplikacji\OpenOffice.org2
2008-10-16 22:21 --------- d-----w C:\Program Files\BearShare
2008-10-16 19:07 --------- d-----w C:\Program Files\eMule
2008-10-16 18:06 --------- d-----w C:\Documents and Settings\Karol\Dane aplikacji\Skype
2008-10-15 09:50 --------- d-----w C:\Program Files\Ganymede
2008-10-14 19:18 --------- d-----w C:\Documents and Settings\Karol\Dane aplikacji\GanymedeNet
2008-09-16 13:44 --------- d-----w C:\Program Files\activePDF
2008-09-12 16:39 --------- d-----w C:\Program Files\PKR
2008-09-11 10:43 --------- d-----w C:\Program Files\Skype
2008-09-11 10:43 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Skype
2008-09-10 18:14 --------- d-----w C:\Program Files\Common Files\Adobe
2008-08-19 18:16 --------- d-----w C:\Program Files\CDBurnerXP
2008-08-19 18:16 --------- d-----w C:\Documents and Settings\Karol\Dane aplikacji\Canneverbe_Limited
2008-07-22 22:49 294,912 ----a-w C:\WINDOWS\HideWin.exe
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2006-02-17 2396160]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 866816]
"WOOWATCH"="C:\PROGRA~1\NEOSTR~1\Watch.exe" [2004-08-23 20480]
"WOOTASKBARICON"="C:\PROGRA~1\NEOSTR~1\GestMaj.exe" [2004-10-14 32768]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-16 13529088]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-05-16 86016]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-10-15 185872]
"egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [2008-06-10 1447168]
"RTHDCPL"="RTHDCPL.EXE" [2005-07-13 C:\WINDOWS\RTHDCPL.EXE]
"nwiz"="nwiz.exe" [2008-05-16 C:\WINDOWS\system32\nwiz.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Odkurzacz-MCD]
--a------ 2008-08-16 16:01 264704 C:\Program Files\Odkurzacz\odk_mcd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
--a------ 2006-06-12 17:33 20002856 C:\Program Files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Gadu-Gadu\\gg.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
R2 NMSAccessU;NMSAccessU;C:\Program Files\CDBurnerXP\NMSAccessU.exe [2008-04-15 71096]
.
.
------- Skan uzupełniający -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.pl/
O17 -: HKLM\CCS\Interface\{9415C92C-E4BC-4200-8C58-F9879F70A361}: NameServer = 194.204.159.1 217.98.63.164
O16 -: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
C:\WINDOWS\Downloaded Program Files\SysReqLab3.osd
C:\WINDOWS\Downloaded Program Files\sysreqlab3.dll
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-18 11:03:36
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
skanowanie ukrytych procesów ...
skanowanie ukrytych wpisów autostartu ...
skanowanie ukrytych plików ...
skanowanie pomyślnie ukończone
ukryte pliki: 0
**************************************************************************
.
Czas ukończenia: 2008-10-18 11:04:08
ComboFix-quarantined-files.txt 2008-10-18 09:04:06
Przed: 18 798 383 104 bajtów wolnych
Po: 19,626,053,632 bajtów wolnych
101
