Gorsze polaczenie z internetem...

[raiylo]

WItam,
mialem Ubuntu i Windowa XP. Ubuntu wywalilem calkiem zas widnowsa przeinstalowalem. Po dluzszym okresie czasu pojawily sie nieoczekiwane klopoty z internetem a konkretnie jego funkcjonalnoscia. Wina nie lezy po stronie dostawcy jak mnie o tym zapewnia... Wiec zglaszam sie z prosba o rzucenie okiem na logi, moze cos sie wkradlo:

ComboFix:

Kod: Zaznacz wszystko

ComboFix 08-11-19.08 - jaki 2008-11-20 17:27:49.1 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.3.1250.1.1045.18.676 [GMT 1:00]
Uruchomiony z: d:\documents and settings\jaki\Pulpit\ComboFix.exe
* Utworzono nowy punkt przywracania
.

(((((((((((((((((((((((((   Pliki utworzone od 2008-10-20 do 2008-11-20  )))))))))))))))))))))))))))))))
.

2008-11-19 22:24 . 2008-11-19 22:24   <DIR>   d--------   d:\windows\ERUNT
2008-11-19 22:00 . 2008-11-19 22:00   25,992   --a------   d:\windows\system32\pgdfgsvc.exe
2008-11-19 20:34 . 2008-11-19 20:34   <DIR>   d--------   d:\documents and settings\jaki\Dane aplikacji\Gadu-Gadu
2008-11-19 19:43 . 2008-11-19 19:43   <DIR>   d--------   d:\program files\Common Files\Ahead
2008-11-19 19:43 . 2008-11-19 19:43   <DIR>   d--------   d:\program files\Ahead
2008-11-19 19:43 . 2004-07-26 17:16   1,568,768   ---------   d:\windows\system32\ImagX7.dll
2008-11-19 19:43 . 2004-07-26 17:16   476,320   ---------   d:\windows\system32\ImagXpr7.dll
2008-11-19 19:43 . 2004-07-26 17:16   471,040   ---------   d:\windows\system32\ImagXRA7.dll
2008-11-19 19:43 . 2004-07-09 09:43   364,544   ---------   d:\windows\system32\TwnLib4.dll
2008-11-19 19:43 . 2004-07-26 17:16   262,144   ---------   d:\windows\system32\ImagXR7.dll
2008-11-19 19:43 . 2001-07-09 11:50   155,648   --a------   d:\windows\system32\NeroCheck.exe
2008-11-19 19:43 . 2000-06-26 11:45   106,496   --a------   d:\windows\system32\TwnLib20.dll
2008-11-19 19:42 . 2008-11-19 19:42   <DIR>   d--------   d:\program files\CyberLink DVD Solution
2008-11-19 19:42 . 2004-10-01 15:00   40,960   --a------   d:\program files\Uninstall_CDS.exe
2008-11-18 21:01 . 2008-11-20 17:09   <DIR>   d--------   d:\documents and settings\jaki\Dane aplikacji\Hamachi
2008-11-18 20:09 . 2008-11-18 20:09   <DIR>   d--------   d:\documents and settings\jaki\Dane aplikacji\Thunderbird
2008-11-18 19:55 . 2008-11-18 19:55   <DIR>   d--------   d:\documents and settings\jaki\Dane aplikacji\Teeworlds
2008-11-18 19:45 . 2008-11-18 19:45   <DIR>   d--------   d:\documents and settings\jaki\Dane aplikacji\Media Player Classic
2008-11-18 19:26 . 2008-11-18 19:26   <DIR>   d--------   d:\program files\Microsoft Application Compatibility Toolkit 5
2008-11-17 22:59 . 2008-11-17 22:59   <DIR>   d--------   d:\program files\K-Lite Codec Pack
2008-11-17 21:25 . 2008-11-17 21:25   <DIR>   d--------   d:\windows\system32\QuickTime
2008-11-17 21:25 . 2008-11-17 21:25   <DIR>   d--------   d:\windows\system32\Flash
2008-11-17 21:25 . 2008-11-17 21:25   <DIR>   d--------   d:\program files\TechSmith
2008-11-17 21:25 . 2008-11-17 21:25   <DIR>   d--------   d:\program files\Common Files\TechSmith Shared
2008-11-17 21:25 . 2008-11-17 21:25   <DIR>   d--------   d:\documents and settings\All Users\Dane aplikacji\TechSmith
2008-11-17 21:25 . 2008-07-10 14:56   107,864   --a------   d:\windows\system32\tsccvid.dll
2008-11-16 22:01 . 2008-11-16 22:01   <DIR>   d--------   d:\program files\Hamachi
2008-11-16 22:01 . 2008-11-16 22:01   25,280   --a------   d:\windows\system32\drivers\hamachi.sys
2008-11-16 21:18 . 2008-11-16 21:18   <DIR>   d--------   d:\program files\Nuclear Coffee
2008-11-16 21:09 . 2008-11-16 21:09   <DIR>   d--------   d:\windows\Applian FLV Player
2008-11-16 21:09 . 2008-11-16 21:09   <DIR>   d--------   d:\program files\FLV Player
2008-11-16 21:02 . 2008-11-16 21:03   <DIR>   d--------   d:\documents and settings\jaki\dwhelper
2008-11-15 17:41 . 2008-11-15 17:41   <DIR>   d--------   d:\program files\FileZilla FTP Client
2008-11-15 17:24 . 2008-11-15 17:24   149   --a------   d:\windows\wcx_ftp.ini
2008-11-13 21:33 . 2008-11-13 21:33   <DIR>   d--------   d:\program files\QuickTime
2008-11-13 21:33 . 2008-11-13 21:33   <DIR>   d--------   d:\program files\Common Files\Apple
2008-11-13 21:33 . 2008-11-13 21:33   <DIR>   d--------   d:\program files\Apple Software Update
2008-11-13 21:33 . 2008-11-13 21:33   <DIR>   d--------   d:\documents and settings\All Users\Dane aplikacji\Apple Computer
2008-11-13 21:33 . 2008-11-13 21:33   <DIR>   d--------   d:\documents and settings\All Users\Dane aplikacji\Apple
2008-11-13 21:30 . 2008-11-13 21:30   <DIR>   d--------   d:\program files\BESTplayer
2008-11-13 21:13 . 2008-11-13 21:29   <DIR>   d--------   d:\program files\NAPI-PROJEKT
2008-11-13 21:12 . 2008-04-14 18:20   221,184   --a------   d:\windows\system32\wmpns.dll
2008-11-12 22:58 . 2008-10-24 12:21   455,296   -----c---   d:\windows\system32\dllcache\mrxsmb.sys
2008-11-12 22:57 . 2008-09-04 18:17   1,106,944   -----c---   d:\windows\system32\dllcache\msxml3.dll
2008-11-11 13:42 . 2008-11-11 13:42   <DIR>   d--------   d:\program files\What Is Transferring
2008-11-11 00:04 . 2008-11-11 00:04   <DIR>   d--------   d:\program files\MemTest
2008-11-11 00:04 . 2008-11-11 00:04   <DIR>   d--------   d:\program files\Everest Corporate
2008-11-11 00:03 . 2008-11-19 21:37   <DIR>   d--------   d:\program files\JkDefrag
2008-11-11 00:03 . 2008-11-17 23:36   45,574   ---h-----   D:\treeinfo.wc
2008-11-11 00:02 . 2008-11-11 00:02   <DIR>   d--------   d:\program files\Audacity 1.3 Beta (Unicode)
2008-11-10 23:48 . 2008-11-10 23:48   <DIR>   d--------   d:\program files\DAEMON Tools Lite
2008-11-10 23:45 . 2008-11-10 23:45   717,296   --a------   d:\windows\system32\drivers\sptd.sys
2008-11-10 23:41 . 2008-11-10 23:41   <DIR>   d--------   d:\program files\Putty
2008-11-10 23:34 . 2008-11-10 23:35   <DIR>   d--------   D:\xampp
2008-11-10 23:27 . 2008-11-10 23:27   <DIR>   d--------   d:\program files\Foxit Software
2008-11-10 20:02 . 2008-11-10 20:02   <DIR>   d--------   d:\documents and settings\jaki\.thumbnails
2008-11-10 20:01 . 2008-11-15 18:40   <DIR>   d--------   d:\documents and settings\jaki\.gimp-2.6
2008-11-10 20:01 . 2008-11-10 20:01   <DIR>   d--------   d:\documents and settings\jaki\.gegl-0.0
2008-11-10 20:00 . 2008-11-10 20:00   <DIR>   d--------   d:\program files\Gimp-2.0
2008-11-10 19:45 . 2008-11-10 19:45   <DIR>   d--------   d:\program files\kED
2008-11-10 19:11 . 2008-11-10 19:11   <DIR>   d--------   d:\windows\system32\Adobe
2008-11-10 17:47 . 2008-11-10 17:48   <DIR>   d--------   d:\program files\totalcmd
2008-11-10 17:47 . 2008-11-19 21:37   2,857   --a------   d:\windows\wincmd.ini
2008-11-10 17:47 . 2008-08-08 07:04   545   --a------   d:\windows\UC.PIF
2008-11-10 17:47 . 2008-08-08 07:04   545   --a------   d:\windows\RAR.PIF
2008-11-10 17:47 . 2008-08-08 07:04   545   --a------   d:\windows\PKZIP.PIF
2008-11-10 17:47 . 2008-08-08 07:04   545   --a------   d:\windows\PKUNZIP.PIF
2008-11-10 17:47 . 2008-08-08 07:04   545   --a------   d:\windows\NOCLOSE.PIF
2008-11-10 17:47 . 2008-08-08 07:04   545   --a------   d:\windows\LHA.PIF
2008-11-10 17:47 . 2008-08-08 07:04   545   --a------   d:\windows\ARJ.PIF
2008-11-07 19:53 . 2008-11-18 19:30   <DIR>   d--------   d:\program files\Championship Manager 01-02
2008-11-07 19:53 . 1998-10-29 16:45   306,688   --a------   d:\windows\IsUninst.exe
2008-11-07 19:21 . 2008-11-07 19:21   <DIR>   d--------   d:\windows\Sun
2008-11-07 19:21 . 2008-11-07 19:21   <DIR>   d--------   d:\program files\Java
2008-11-07 19:21 . 2008-11-07 19:21   410,976   --a------   d:\windows\system32\deploytk.dll
2008-11-07 19:21 . 2008-11-07 19:21   73,728   --a------   d:\windows\system32\javacpl.cpl
2008-11-07 18:46 . 2008-11-19 22:25   <DIR>   d--------   d:\program files\Cheat Engine
2008-11-07 18:46 . 2007-12-26 17:30   1,970,176   --a------   d:\windows\system32\d3dx9.dll
2008-11-07 18:46 . 2007-12-26 17:30   679,936   --a------   d:\windows\system32\D3DX81ab.dll
2008-11-07 14:17 . 2008-11-07 14:17   <DIR>   d--------   d:\program files\MSXML 4.0
2008-11-06 19:41 . 2007-04-24 11:33   100,488   -ra------   d:\windows\system32\drivers\s125mgmt.sys
2008-11-06 19:41 . 2007-04-24 11:33   98,696   -ra------   d:\windows\system32\drivers\s125obex.sys
2008-11-06 19:39 . 2007-04-24 11:33   108,680   -ra------   d:\windows\system32\drivers\s125mdm.sys
2008-11-06 19:39 . 2007-04-24 11:33   83,336   -ra------   d:\windows\system32\drivers\s125bus.sys
2008-11-06 19:39 . 2008-04-13 19:45   32,128   --a------   d:\windows\system32\drivers\usbccgp.sys
2008-11-06 19:39 . 2008-04-13 19:45   32,128   --a--c---   d:\windows\system32\dllcache\usbccgp.sys
2008-11-06 19:39 . 2008-04-13 19:45   26,368   --a--c---   d:\windows\system32\dllcache\usbstor.sys
2008-11-06 19:39 . 2007-04-24 11:33   15,112   -ra------   d:\windows\system32\drivers\s125mdfl.sys
2008-11-06 19:39 . 2007-04-24 11:33   12,424   -ra------   d:\windows\system32\drivers\s125whnt.sys
2008-11-06 19:39 . 2007-04-24 11:33   12,424   -ra------   d:\windows\system32\drivers\s125wh.sys
2008-11-06 19:39 . 2007-04-24 11:33   12,424   -ra------   d:\windows\system32\drivers\s125cmnt.sys
2008-11-06 19:39 . 2007-04-24 11:33   12,424   -ra------   d:\windows\system32\drivers\s125cm.sys
2008-11-06 19:24 . 2008-11-06 19:24   <DIR>   d--------   d:\windows\Downloaded Installations
2008-11-06 19:24 . 2008-11-06 19:35   <DIR>   d--------   d:\program files\Sony Ericsson
2008-11-06 19:24 . 2008-11-06 19:25   <DIR>   d--------   d:\program files\Common Files\Teleca Shared
2008-11-06 19:24 . 2008-11-06 19:24   <DIR>   d--------   d:\program files\Common Files\Sony Ericsson Shared
2008-11-06 19:23 . 2008-11-06 19:24   <DIR>   d--------   d:\documents and settings\All Users\Dane aplikacji\Teleca
2008-11-06 19:23 . 2008-11-06 19:35   <DIR>   d--------   d:\documents and settings\All Users\Dane aplikacji\Sony Ericsson
2008-11-05 18:28 . 2008-11-20 16:30   <DIR>   d--------   d:\documents and settings\jaki\Dane aplikacji\X-Chat 2
2008-11-05 18:27 . 2008-11-05 18:28   <DIR>   d--------   d:\program files\xchat
2008-11-04 21:41 . 2008-11-04 21:41   <DIR>   d--------   d:\program files\VS Revo Group
2008-11-02 19:28 . 2008-11-20 16:39   <DIR>   d--------   d:\program files\Mozilla Thunderbird
2008-11-02 16:45 . 2008-11-02 16:45   427   --a------   d:\windows\ODBC.INI
2008-11-02 16:42 . 2008-11-02 16:42   <DIR>   d--------   d:\windows\ShellNew
2008-11-02 09:49 . 2007-07-30 19:19   271,224   --a------   d:\windows\system32\mucltui.dll
2008-11-02 09:49 . 2007-07-30 19:18   30,072   --a------   d:\windows\system32\mucltui.dll.mui
2008-11-02 00:56 . 2008-05-08 02:03   453,632   --a------   d:\windows\system32\SetACL.ocx
2008-11-01 23:48 . 2008-11-01 23:48   <DIR>   d--------   d:\program files\Teeworlds
2008-11-01 23:38 . 2008-04-14 18:20   219,648   --a------   d:\windows\system32\uxtheme.uxtender
2008-11-01 23:28 . 2008-11-01 23:28   <DIR>   d--------   d:\windows\system32\pl
2008-11-01 23:28 . 2008-11-01 23:28   <DIR>   d--------   d:\windows\system32\bits
2008-11-01 23:28 . 2008-11-01 23:28   <DIR>   d--------   d:\windows\l2schemas
2008-11-01 23:27 . 2008-11-01 23:29   <DIR>   d--------   d:\windows\ServicePackFiles
2008-11-01 23:17 . 2008-11-14 20:33   <DIR>   d--------   d:\program files\Spybot - Search & Destroy
2008-11-01 23:17 . 2008-11-19 22:34   <DIR>   d--------   d:\documents and settings\All Users\Dane aplikacji\Spybot - Search & Destroy
2008-11-01 23:16 . 2008-11-01 23:16   <DIR>   d--------   d:\program files\CCleaner
2008-11-01 23:15 . 2008-11-01 23:15   <DIR>   d--------   d:\program files\ToniArts
2008-11-01 23:15 . 2004-08-03 22:41   1,309,184   ---------   d:\windows\system32\drivers\mtlstrm.sys
2008-11-01 23:14 . 2004-08-04 00:35   701,440   ---------   d:\windows\system32\drivers\ati2mtag.sys
2008-11-01 22:39 . 2008-06-14 18:36   273,024   ---------   d:\windows\system32\drivers\bthport.sys
2008-11-01 22:39 . 2008-06-14 18:36   273,024   -----c---   d:\windows\system32\dllcache\bthport.sys
2008-11-01 22:38 . 2008-08-14 14:26   2,190,464   -----c---   d:\windows\system32\dllcache\ntoskrnl.exe
2008-11-01 22:38 . 2008-08-14 14:26   2,146,816   -----c---   d:\windows\system32\dllcache\ntkrnlmp.exe
2008-11-01 22:38 . 2008-08-14 14:26   2,067,328   -----c---   d:\windows\system32\dllcache\ntkrnlpa.exe
2008-11-01 22:38 . 2008-08-14 14:26   2,025,472   -----c---   d:\windows\system32\dllcache\ntkrpamp.exe

.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-19 18:41   ---------   d-----w   d:\program files\Common Files\InstallShield
2008-11-02 15:40   ---------   d-----w   d:\program files\microsoft frontpage
2008-11-02 14:02   7,680   ----a-w   d:\windows\system32\ff_vfw.dll
2008-11-01 18:17   ---------   d-----w   d:\program files\Usługi online
2008-10-28 22:35   684,032   ----a-w   d:\windows\system32\divx.dll
2008-10-24 11:21   455,296   ----a-w   d:\windows\system32\drivers\mrxsmb.sys
2008-10-16 13:13   202,776   ----a-w   d:\windows\system32\wuweb.dll
2008-10-16 13:13   1,809,944   ----a-w   d:\windows\system32\wuaueng.dll
2008-10-16 13:12   561,688   ----a-w   d:\windows\system32\wuapi.dll
2008-10-16 13:12   323,608   ----a-w   d:\windows\system32\wucltui.dll
2008-10-16 13:09   92,696   ----a-w   d:\windows\system32\cdm.dll
2008-10-16 13:09   51,224   ----a-w   d:\windows\system32\wuauclt.exe
2008-10-16 13:09   43,544   ----a-w   d:\windows\system32\wups2.dll
2008-10-16 13:08   34,328   ----a-w   d:\windows\system32\wups.dll
2008-09-30 15:43   1,286,152   ----a-w   d:\windows\system32\msxml4.dll
2008-09-25 08:03   81,920   ----a-w   d:\windows\system32\dpl100.dll
2008-09-19 21:57   3,596,288   ----a-w   d:\windows\system32\qt-dx331.dll
2008-09-15 15:27   1,846,656   ----a-w   d:\windows\system32\win32k.sys
2008-09-10 01:15   1,307,648   ----a-w   d:\windows\system32\msxml6.dll
2008-09-04 17:17   1,106,944   ----a-w   d:\windows\system32\msxml3.dll
2008-08-28 16:40   172,088   ----a-w   d:\windows\system32\vfLuaPriv2.dll
2008-08-26 08:27   826,368   ----a-w   d:\windows\system32\wininet.dll
.

(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gadu-Gadu"="d:\program files\Gadu-Gadu\gg.exe" [2008-11-07 2127296]
"ctfmon.exe"="d:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="d:\windows\system32\NvCpl.dll" [2006-07-13 7626752]
"NvMediaCenter"="d:\windows\system32\NvMcTray.dll" [2006-07-13 86016]
"avast!"="d:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-12 81000]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 d:\windows\system32\HdAShCut.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="d:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

d:\documents and settings\jaki\Menu Start\Programy\Autostart\
Hamachi.lnk - d:\program files\Hamachi\hamachi.exe [2008-11-16 625952]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
--a------ 2005-09-07 15:35 716800 d:\program files\Analog Devices\SoundMAX\SMax4.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
-ra------ 2005-05-21 10:11 925696 d:\program files\Analog Devices\Core\smax4pnp.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Program Files\\BitComet\\BitComet.exe"=
"d:\\Program Files\\xchat\\xchat.exe"=
"d:\\Program Files\\Sony Ericsson\\Update Service\\Update Service.exe"=
"d:\\xampp\\apache\\bin\\apache.exe"=
"d:\\xampp\\mysql\\bin\\mysqld.exe"=
"d:\\Program Files\\totalcmd\\TOTALCMD.EXE"=
"d:\\Program Files\\Championship Manager 01-02\\cm0102.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"13316:TCP"= 13316:TCP:BitComet 13316 TCP
"13316:UDP"= 13316:UDP:BitComet 13316 UDP

R1 aswSP;avast! Self Protection;d:\windows\system32\drivers\aswSP.sys [2008-11-01 110160]
R2 aswFsBlk;aswFsBlk;d:\windows\system32\DRIVERS\aswFsBlk.sys [2008-11-01 20560]
S3 s125bus;Sony Ericsson Device 125 driver (WDM);d:\windows\system32\DRIVERS\s125bus.sys [2008-11-06 83336]
S3 s125mdfl;Sony Ericsson Device 125 USB WMC Modem Filter;d:\windows\system32\DRIVERS\s125mdfl.sys [2008-11-06 15112]
S3 s125mdm;Sony Ericsson Device 125 USB WMC Modem Driver;d:\windows\system32\DRIVERS\s125mdm.sys [2008-11-06 108680]
S3 s125mgmt;Sony Ericsson Device 125 USB WMC Device Management Drivers (WDM);d:\windows\system32\DRIVERS\s125mgmt.sys [2008-11-06 100488]
S3 s125obex;Sony Ericsson Device 125 USB WMC OBEX Interface;d:\windows\system32\DRIVERS\s125obex.sys [2008-11-06 98696]

*Newly Created Service* - IPFILTERDRIVER
*Newly Created Service* - PGFILTER
*Newly Created Service* - PROCEXP90
.
Zawartość folderu 'Zaplanowane zadania'

2008-11-20 d:\windows\Tasks\AppleSoftwareUpdate.job
- d:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
.
- - - - USUNIĘTO PUSTE WPISY - - - -

HKLM-Run-WebAccelerator - (no file)


.
------- Skan uzupełniający -------
.
FireFox -: Profile - d:\documents and settings\jaki\Dane aplikacji\Mozilla\Firefox\Profiles\nitltl29.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.pl
FF -: plugin - d:\program files\Java\jre6\bin\new_plugin\npdeploytk.dll
FF -: plugin - d:\program files\Java\jre6\bin\new_plugin\npjp2.dll
FF -: plugin - d:\program files\Mozilla Firefox\plugins\npdeploytk.dll
FF -: plugin - d:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-20 17:28:55
Windows 5.1.2600 Dodatek Service Pack 3 NTFS

skanowanie ukrytych procesów ...

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ...

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************
.
Czas ukończenia: 2008-11-20 17:29:24
ComboFix-quarantined-files.txt  2008-11-20 16:29:22

Przed: 7 563 993 088 bajtów wolnych
Po: 7,573,135,360 bajtów wolnych

WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer

243   --- E O F ---   2008-11-12 22:01:12


HijackThis:

Kod: Zaznacz wszystko

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:29:45, on 2008-11-20
Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
D:\Program Files\Alwil Software\Avast4\ashServ.exe
D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\Program Files\Gadu-Gadu\gg.exe
D:\WINDOWS\system32\ctfmon.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Java\jre6\bin\jqs.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
D:\WINDOWS\system32\wbem\wmiapsrv.exe
D:\WINDOWS\explorer.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "D:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Hamachi.lnk = D:\Program Files\Hamachi\hamachi.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://D:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1225573078546
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe

--
End of file - 4784 bytes


[wojtas]

1. Ściągnij OTMoveIt i go włacz i odpal go z opcji CleanUp oraz skasuj folder C:\Qoobox
2. wykonaj optymalizację windowsa
3.sciagnij ATF_Cleaner
zaznacz
Windows Temp
All users Temp
Temporary internet files
Recycle Bin
i wcisnij EMPTY SELECTED
4.Wyłącz przywracanie systemu ( właściwości mój komputer-zakładka przywracanie - wyłącz przywracanie na wszystkich dyskach). Po chwili włącz je powrotem
5.Przeskanuj obszar mojego komputera http://www.kaspersky.pl/virusscanner.html (uruchom przez IE) Daj raport z niego na forum.

i tym:

FixIEDef.

[raiylo]

FixIEDef:

Kod: Zaznacz wszystko

********************************************************************************
*                                                                              *
*                                 FixIEDef Log                                 *
*                              Version 1.7.20.6773                             *
*                                                                              *
********************************************************************************

Created at 11:12:40 on Friday, November 21, 2008

Time Zone            :

Logged On User       : jaki

Operating System     : Microsoft Windows XP Professional Dodatek Service Pack 3
OS Version           : 5.1.2600
System Langauge      : Polish
Keyboard Layout      : Polish
Processor            : X86 AMD Athlon(tm) 64 X2 Dual Core Processor 3600+

System Drive         : D:\
Windows Directory    : D:\WINDOWS
System Directory     : D:\WINDOWS\system32

System Drive Type    : Fixed
System Drive Status  : READY
System Drive Label   : windows
System Drive Size    : 15.26 GB
System Drive Free    : 8.38 GB

Total Physical Memory: 1023 MB
Free Physical Memory : 683 MB
Total Page File      : 1023 MB
Free Page File       : 2161 MB
Total Virtual Memory : 2048 MB
Free Virtual Memory  : 1972 MB

Boot State           : Normal boot

--------------------------------------------------------------------------------

!!! userinit.exe is Clean !!!

--------------------------------------------------------------------------------

!!! Files that have been deleted !!!

No malicious files found

--------------------------------------------------------------------------------

!!! Directories that have been removed !!!

No malicious directories to be removed

--------------------------------------------------------------------------------

!!! Registry entries that have been removed !!!

No malicious Registry entries found

================================================================================

All Done :)

ShadowPuterDude

Safe Surfing!!!

Raport ze skanera online:

Kod: Zaznacz wszystko

piątek, 21 listopad 2008
System operacyjny: Microsoft Windows XP Professional Dodatek Service Pack 3 (build 2600)
Wersja Kaspersky Online Scanner: 7.0.26.12
Data ostatniej aktualizacji bazy danych: Friday, November 21, 2008 07:56:33
Liczba wpisów: 1399165
Ustawienia skanowania
Typ bazy danych użytej do skanowania    rozszerzona
Skanuj archiwa    tak
Skanuj pocztowe bazy danych    tak
Obszar skanowania    Mój komputer
A:\
C:\
D:\
E:\
F:\
Statystyki skanowania
Przeskanowanych plików    38684
Nazwa zagrożenia    0
Zainfekowanych obiektów    0
Podejrzanych obiektów    0
Czas skanowania    00:37:54

Nie wykryto zagrożeń. Obszar skanowania jest czysty.
Wybrany obszar został przeskanowany.

[Okocza]

jest okej

[raiylo]

A wiec wina lezy po stronie dostawcy, za sumienne wplaty xd 2x wieksza predkosc miala byc i moze w zwiazku z tym cos nie idzie. Tak czy siak dziekuje za pomoc

Pozdrawiam