problem z internetem , bardzo zamula

**Posty:** 133 · przez **Cadar** 05 Lip 2008, 18:51

Mam problem mianowicie net mi zamula mam predkosc 1,3 mb a max dochodzi do 300kb

przez co bardzo wolno mi chodza strony:/ itp.podaje logi:HijackThis:

Logfile of Trend Micro HijackThis v2.0.2Scan saved at 18:42:09, on 2008-07-05Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.20583)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\wscntfy.exeC:\WINDOWS\system32\kxmixer.exeC:\WINDOWS\PixArt\PAC207\Monitor.exeC:\Program Files\HP\HP Software Update\HPWuSchd2.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\DAEMON Tools\daemon.exeC:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exeC:\Program Files\HP\Digital Imaging\bin\hpqtra08.exeC:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exeC:\Program Files\Internet Explorer\IEXPLORE.EXEC:\Program Files\HP\Smart Web Printing\hpswp_clipbook.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeO2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dllO2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dllO4 - HKLM\..\Run: [AtiPTA] atiptaxx.exeO4 - HKLM\..\Run: [kX Mixer] C:\WINDOWS\system32\kxmixer.exe --startupO4 - HKLM\..\Run: [Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exeO4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exeO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'USŁUGA LOKALNA')O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'USŁUGA SIECIOWA')O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exeO4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exeO9 - Extra button: Kolekcja wycinków HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dllO9 - Extra button: Zaznaczanie HP Smart - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dllO17 - HKLM\System\CCS\Services\Tcpip\..\{C287274D-25AB-4BD9-8E6D-B554BCA147AE}: NameServer = 213.241.79.37 83.238.255.76O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exeO23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exeO23 - Service: Indexing Service (CiSvc) - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)--End of file - 3545 bytes

takze Combofix:

ComboFix 08-07-04.5 - Administrator 2008-07-05 18:46:03.2 - NTFSx86Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.293 [GMT 2:00]Running from: C:\Documents and Settings\Administrator\Pulpit\ComboFix.exeWARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!.((((((((((((((((((((((((( Files Created from 2008-06-05 to 2008-07-05 ))))))))))))))))))))))))))))))).2008-07-05 18:29 . 2008-07-05 18:29 <DIR> d-------- C:\WINDOWS\ERUNT2008-07-05 18:27 . 2008-07-05 18:36 <DIR> d-------- C:\SDFix2008-07-05 18:13 . 2008-07-05 18:13 <DIR> d-------- C:\WINDOWS\system32\xircom2008-07-05 18:13 . 2008-07-05 18:13 <DIR> d-------- C:\WINDOWS\system32\oobe2008-07-05 18:13 . 2008-07-05 18:13 <DIR> d-------- C:\WINDOWS\srchasst2008-07-05 18:13 . 2008-07-05 18:13 <DIR> d-------- C:\WINDOWS\msagent2008-07-05 18:13 . 2008-07-05 18:13 <DIR> d-------- C:\Program Files\microsoft frontpage2008-07-05 18:05 . 2008-07-05 18:05 <DIR> d-------- C:\Program Files\Trend Micro2008-07-05 08:34 . 2008-07-05 08:34 169 --a------ C:\WINDOWS\adidsl.ini2008-07-05 08:34 . 2008-07-05 08:34 21 --a------ C:\WINDOWS\Fast800.ini2008-07-05 08:33 . 2008-07-05 08:33 <DIR> d-------- C:\Program Files\SAGEM2008-07-05 08:32 . 2008-07-05 08:32 <DIR> d-------- C:\Documents and Settings\Administrator\Dane aplikacji\InstallShield2008-06-30 18:21 . 2008-07-05 08:44 <DIR> d-------- C:\Program Files\AutoConnect2008-06-30 18:03 . 2008-06-30 21:42 30 --a------ C:\WINDOWS\TextSpy.ini2008-06-30 17:49 . 2008-06-30 17:49 8,192 --a------ C:\WINDOWS\REGLOCS.OLD2008-06-30 17:48 . 2008-07-05 08:34 990 --a------ C:\WINDOWS\adiras.ini2008-06-15 19:22 . 2005-05-26 15:34 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll2008-06-15 19:18 . 2008-06-15 19:18 <DIR> d--h----- C:\WINDOWS\PIF2008-06-15 16:58 . 2008-06-29 14:36 304,160 --a------ C:\PA207.DAT2008-06-15 14:45 . 2008-06-15 14:45 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\AVS4YOU2008-06-15 13:24 . 2008-06-15 13:24 <DIR> d-------- C:\Documents and Settings\Administrator\Dane aplikacji\DivX.(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2008-07-05 06:34 33 ----a-w C:\WINDOWS\system32\drivers\adidsl.cfg2008-07-05 06:33 --------- d--h--w C:\Program Files\InstallShield Installation Information2008-06-22 17:24 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\HP2008-06-14 19:35 --------- d-----w C:\Program Files\DAEMON Tools2008-06-14 19:34 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys2008-06-14 19:23 --------- d-----w C:\Documents and Settings\Administrator\Dane aplikacji\Winamp2008-06-14 19:10 --------- d-----w C:\Program Files\Common Files\Adobe2008-06-14 19:07 --------- d-----w C:\Documents and Settings\Administrator\Dane aplikacji\HP2008-06-14 19:06 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\WEBREG2008-06-14 19:03 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Hewlett-Packard2008-06-14 18:59 --------- d-----w C:\Program Files\HP2008-06-14 18:59 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\HPSSUPPLY2008-06-14 18:59 --------- d-----w C:\Documents and Settings\Administrator\Dane aplikacji\HPAppData2008-06-14 18:58 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\HP Product Assistant2008-06-14 18:57 --------- d-----w C:\Program Files\Hewlett-Packard2008-06-14 18:57 --------- d-----w C:\Program Files\Common Files\HP2008-06-14 18:57 --------- d-----w C:\Program Files\Common Files\Hewlett-Packard2008-06-14 18:52 --------- d-----w C:\Documents and Settings\Administrator\Dane aplikacji\ArcSoft2008-06-14 18:44 --------- d-----w C:\Program Files\Common Files\ArcSoft2008-06-14 18:43 --------- d-----w C:\Program Files\ArcSoft2008-06-14 18:42 --------- d-----w C:\Program Files\PC Camera2008-06-14 18:42 --------- d-----w C:\Program Files\Common Files\PAC2072008-06-14 18:42 --------- d-----w C:\Program Files\Common Files\InstallShield2008-06-14 18:35 --------- d-----w C:\Program Files\kX Project2008-06-14 18:34 --------- d-----w C:\Program Files\Winamp2008-06-14 18:32 --------- d-----w C:\Program Files\Common Files\AVSMedia2008-06-14 18:32 --------- d-----w C:\Program Files\AVS4YOU2008-06-14 18:30 --------- d-----w C:\Program Files\Codec2008-06-14 18:29 --------- d-----w C:\Program Files\Real2008-06-14 18:29 --------- d-----w C:\Program Files\Common Files\xing shared2008-06-14 18:29 --------- d-----w C:\Program Files\Common Files\Real2008-06-14 18:25 --------- d-----w C:\Program Files\MultiRes2008-06-14 18:24 451,072 ----a-w C:\WINDOWS\Radeon Omega Drivers v2.6.87 Uninstall.exe2008-06-14 18:17 --------- d-----w C:\Program Files\Radeon Omega Drivers2008-06-14 18:14 --------- d-----w C:\Program Files\Intel2008-06-14 18:06 --------- d-----w C:\Program Files\Real Alternative2008-06-14 18:06 --------- d-----w C:\Program Files\QuickTime Alternative2008-06-14 18:06 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Apple Computer2008-06-14 18:05 --------- d-----w C:\Program Files\Java2008-06-14 18:05 --------- d-----w C:\Program Files\Common Files\Java2008-06-14 18:00 --------- d-----w C:\Program Files\Windows Media Connect 2.------- Sigcheck -------2007-07-10 15:06 642560 ce594e18fe0d0af804f1f3694921ce62 C:\WINDOWS\system32\user32.dll2007-07-14 00:56 814592 ce7193c5f7c01b19768e066087c1c919 C:\WINDOWS\system32\wininet.dll2007-07-28 03:15 360576 0fb6743e937c7bb248b2530a5a77abc6 C:\WINDOWS\system32\drivers\tcpip.sys2007-07-26 19:30 2067584 5362d54a6925afdcbbba53b43ee65774 C:\WINDOWS\system32\ntkrnlpa.exe2007-07-26 19:31 2190464 9899bb89856e3bd4ef13e11ccee49b71 C:\WINDOWS\system32\ntoskrnl.exe2007-07-14 00:42 974848 32f67215c57df2c401bf93b7ee65987f C:\WINDOWS\explorer.exe.((((((((((((((((((((((((((((( snapshot@2008-07-05_18.08.27,37 ))))))))))))))))))))))))))))))))))))))))).- 2008-07-05 16:04:45 2,048 --s-a-w C:\WINDOWS\bootstat.dat+ 2008-07-05 16:35:17 2,048 --s-a-w C:\WINDOWS\bootstat.dat+ 2008-07-05 00:04:55 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE+ 2008-07-05 16:29:49 2,121,728 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000001\NTUSER.DAT+ 2008-07-05 16:29:49 143,360 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat+ 2008-07-05 00:04:55 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE+ 2008-07-05 16:29:43 2,121,728 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000001\NTUSER.DAT+ 2008-07-05 16:29:43 143,360 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:44 15360]"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-08-22 14:06 167368][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"kX Mixer"="C:\WINDOWS\system32\kxmixer.exe" [2005-07-14 15:17 472576]"Monitor"="C:\WINDOWS\PixArt\PAC207\Monitor.exe" [2006-11-03 11:01 319488]"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 21:34 49152]"AtiPTA"="atiptaxx.exe" [2005-11-23 02:05 344064 C:\WINDOWS\system32\atiptaxx.exe][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 02:44 15360][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]"nltide_2"="shell32" [X]C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2008-07-05 08:33:52 1205840]HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 21:26:24 210520][HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"DisableStatusMessages"= 1 (0x1)[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]"NoSMMyPictures"= 1 (0x1)"NoSMConfigurePrograms"= 1 (0x1)"NoSMHelp"= 1 (0x1)"NoResolveTrack"= 1 (0x1)"NoResolveSearch"= 1 (0x1)[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]"NoSMMyPictures"= 1 (0x1)"NoSMConfigurePrograms"= 1 (0x1)"NoSMHelp"= 1 (0x1)"NoResolveTrack"= 1 (0x1)"NoResolveSearch"= 1 (0x1)[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]"msacm.ac3filter"= ac3filter.acm[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\system32\\sessmgr.exe"=R3 e4usbaw;USB ADSL2 WAN Adapter;C:\WINDOWS\system32\DRIVERS\e4usbaw.sys [2007-01-04 13:48]R3 kxwdmdrv;kX WDM Driver Service;C:\WINDOWS\system32\drivers\kx.sys [2005-07-14 15:17]R3 PAC207;PC Camera;C:\WINDOWS\system32\DRIVERS\PFC027.SYS [2007-05-29 13:30]S2 E4LOADER;General Purpose USB Driver (e4ldr.sys);C:\WINDOWS\system32\Drivers\e4ldr.sys [2007-01-04 13:47]S3 usbscan;Sterownik skanera USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc.**************************************************************************catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2008-07-05 18:47:19Windows 5.1.2600 Dodatek Service Pack 2 NTFSscanning hidden processes ... scanning hidden autostart entries ...scanning hidden files ... scan completed successfullyhidden files: 0**************************************************************************.Completion time: 2008-07-05 18:48:10ComboFix-quarantined-files.txt 2008-07-05 16:48:04ComboFix2.txt 2008-07-05 16:08:43Pre-Run: 1,504,022,528 bajtów wolnychPost-Run: 1,497,403,392 bajtów wolnych157

prosze o szybka pomoc

**Posty:** 7956 · przez **Magik** 05 Lip 2008, 19:00

http://forum.programosy.pl/przeczytaj-zanim-wstawisz-logi-na-forum-vt93842.html

:!:

fix'uj

Kod: Zaznacz wszystko: O4 - HKLM\..\Run: [Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'USŁUGA SIECIOWA') O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')

**Posty:** 133 · przez **Cadar** 05 Lip 2008, 19:10

niestety to nie pomoglo

**Posty:** 8001 · przez **Okocza** 05 Lip 2008, 19:58

Wykonaj to co jest podane w tym temacie

Zastosuj SDFix . Po pobraniu uruchom go a rozpakuje się do C:\SDFix. Uruchom komputer w trybie awaryjnym (F8 przy stracie systemu). Będąc w awaryjnym uruchom plik RunThis.bat z folderu SDFixa. Zatwierdź czyszczenie przez Y. Poczekaj aż ukończy i komputer zresetuje

Potem wejdz do folderu C:\SDFix wrzuc zawartość pliku Report.txt + log z combofixa oraz daj loga z hijacka

**Posty:** 18165 · przez **wojtas** 05 Lip 2008, 20:08

zmień nazwę tematu !!

**Posty:** 133 · przez **Cadar** 05 Lip 2008, 20:14

SDFix:

SDFix: Version 1.201
Run by Administrator on 2008-07-05 at 19:47

Microsoft Windows XP [Wersja 5.1.2600]
Running From: C:\SDFix

Checking Services :

Restoring Default Security Values
Restoring Default Hosts File

Rebooting

Checking Files :

No Trojan Files Found

Removing Temp Files

ADS Check :

Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-05 19:51:10
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:84,38,9b,3f,c3,fc,09,94,66,6c,6e,f5,87,81,b2,06,d9,56,1b,d0,4e,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,4b,17,b3,fe,60,6a,42,c7,c7,44,4e,de,8d,27,42,eb,5d,..
"khjeh"=hex:e7,eb,0f,8a,df,d3,fd,7b,49,53,74,0c,16,d3,17,e5,42,61,a4,f6,c4,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:88,21,89,f2,d9,5a,58,03,45,89,ed,a1,16,64,e4,e0,c1,53,88,5a,14,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:84,38,9b,3f,c3,fc,09,94,66,6c,6e,f5,87,81,b2,06,d9,56,1b,d0,4e,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,4b,17,b3,fe,60,6a,42,c7,c7,44,4e,de,8d,27,42,eb,5d,..
"khjeh"=hex:e7,eb,0f,8a,df,d3,fd,7b,49,53,74,0c,16,d3,17,e5,42,61,a4,f6,c4,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:88,21,89,f2,d9,5a,58,03,45,89,ed,a1,16,64,e4,e0,c1,53,88,5a,14,..

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

Remaining Services :

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

Remaining Files :

Files with Hidden Attributes :

Finished!

combofix:

ComboFix 08-07-04.5 - Administrator 2008-07-05 19:54:30.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.300 [GMT 2:00]
Running from: C:\Documents and Settings\Administrator\Pulpit\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-06-05 to 2008-07-05 )))))))))))))))))))))))))))))))
.

2008-07-05 19:10 . 2008-07-05 19:10 <DIR> d-------- C:\Program Files\Common Files\DirectX
2008-07-05 18:29 . 2008-07-05 18:29 <DIR> d-------- C:\WINDOWS\ERUNT
2008-07-05 18:27 . 2008-07-05 19:52 <DIR> d-------- C:\SDFix
2008-07-05 18:13 . 2008-07-05 18:13 <DIR> d-------- C:\WINDOWS\system32\xircom
2008-07-05 18:13 . 2008-07-05 18:13 <DIR> d-------- C:\WINDOWS\system32\oobe
2008-07-05 18:13 . 2008-07-05 18:13 <DIR> d-------- C:\WINDOWS\srchasst
2008-07-05 18:13 . 2008-07-05 18:13 <DIR> d-------- C:\WINDOWS\msagent
2008-07-05 18:13 . 2008-07-05 18:13 <DIR> d-------- C:\Program Files\microsoft frontpage
2008-07-05 18:05 . 2008-07-05 18:05 <DIR> d-------- C:\Program Files\Trend Micro
2008-07-05 08:34 . 2008-07-05 08:34 169 --a------ C:\WINDOWS\adidsl.ini
2008-07-05 08:34 . 2008-07-05 08:34 21 --a------ C:\WINDOWS\Fast800.ini
2008-07-05 08:33 . 2008-07-05 08:33 <DIR> d-------- C:\Program Files\SAGEM
2008-07-05 08:32 . 2008-07-05 08:32 <DIR> d-------- C:\Documents and Settings\Administrator\Dane aplikacji\InstallShield
2008-06-30 18:21 . 2008-07-05 08:44 <DIR> d-------- C:\Program Files\AutoConnect
2008-06-30 18:03 . 2008-06-30 21:42 30 --a------ C:\WINDOWS\TextSpy.ini
2008-06-30 17:49 . 2008-06-30 17:49 8,192 --a------ C:\WINDOWS\REGLOCS.OLD
2008-06-30 17:48 . 2008-07-05 08:34 990 --a------ C:\WINDOWS\adiras.ini
2008-06-15 19:22 . 2005-05-26 15:34 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2008-06-15 19:18 . 2008-06-15 19:18 <DIR> d--h----- C:\WINDOWS\PIF
2008-06-15 16:58 . 2008-06-29 14:36 304,160 --a------ C:\PA207.DAT
2008-06-15 14:45 . 2008-06-15 14:45 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\AVS4YOU
2008-06-15 13:24 . 2008-06-15 13:24 <DIR> d-------- C:\Documents and Settings\Administrator\Dane aplikacji\DivX

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-05 06:34 33 ----a-w C:\WINDOWS\system32\drivers\adidsl.cfg
2008-07-05 06:33 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-22 17:24 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\HP
2008-06-14 19:35 --------- d-----w C:\Program Files\DAEMON Tools
2008-06-14 19:34 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-06-14 19:23 --------- d-----w C:\Documents and Settings\Administrator\Dane aplikacji\Winamp
2008-06-14 19:10 --------- d-----w C:\Program Files\Common Files\Adobe
2008-06-14 19:07 --------- d-----w C:\Documents and Settings\Administrator\Dane aplikacji\HP
2008-06-14 19:06 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\WEBREG
2008-06-14 19:03 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Hewlett-Packard
2008-06-14 18:59 --------- d-----w C:\Program Files\HP
2008-06-14 18:59 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\HPSSUPPLY
2008-06-14 18:59 --------- d-----w C:\Documents and Settings\Administrator\Dane aplikacji\HPAppData
2008-06-14 18:58 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\HP Product Assistant
2008-06-14 18:57 --------- d-----w C:\Program Files\Hewlett-Packard
2008-06-14 18:57 --------- d-----w C:\Program Files\Common Files\HP
2008-06-14 18:57 --------- d-----w C:\Program Files\Common Files\Hewlett-Packard
2008-06-14 18:52 --------- d-----w C:\Documents and Settings\Administrator\Dane aplikacji\ArcSoft
2008-06-14 18:44 --------- d-----w C:\Program Files\Common Files\ArcSoft
2008-06-14 18:43 --------- d-----w C:\Program Files\ArcSoft
2008-06-14 18:42 --------- d-----w C:\Program Files\PC Camera
2008-06-14 18:42 --------- d-----w C:\Program Files\Common Files\PAC207
2008-06-14 18:42 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-06-14 18:35 --------- d-----w C:\Program Files\kX Project
2008-06-14 18:34 --------- d-----w C:\Program Files\Winamp
2008-06-14 18:32 --------- d-----w C:\Program Files\Common Files\AVSMedia
2008-06-14 18:32 --------- d-----w C:\Program Files\AVS4YOU
2008-06-14 18:30 --------- d-----w C:\Program Files\Codec
2008-06-14 18:29 --------- d-----w C:\Program Files\Real
2008-06-14 18:29 --------- d-----w C:\Program Files\Common Files\xing shared
2008-06-14 18:29 --------- d-----w C:\Program Files\Common Files\Real
2008-06-14 18:25 --------- d-----w C:\Program Files\MultiRes
2008-06-14 18:24 451,072 ----a-w C:\WINDOWS\Radeon Omega Drivers v2.6.87 Uninstall.exe
2008-06-14 18:17 --------- d-----w C:\Program Files\Radeon Omega Drivers
2008-06-14 18:14 --------- d-----w C:\Program Files\Intel
2008-06-14 18:06 --------- d-----w C:\Program Files\Real Alternative
2008-06-14 18:06 --------- d-----w C:\Program Files\QuickTime Alternative
2008-06-14 18:06 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Apple Computer
2008-06-14 18:05 --------- d-----w C:\Program Files\Java
2008-06-14 18:05 --------- d-----w C:\Program Files\Common Files\Java
2008-06-14 18:00 --------- d-----w C:\Program Files\Windows Media Connect 2
.

------- Sigcheck -------

2007-07-10 15:06 642560 ce594e18fe0d0af804f1f3694921ce62 C:\WINDOWS\system32\user32.dll

2007-07-14 00:56 814592 ce7193c5f7c01b19768e066087c1c919 C:\WINDOWS\system32\wininet.dll

2007-07-28 03:15 360576 0fb6743e937c7bb248b2530a5a77abc6 C:\WINDOWS\system32\drivers\tcpip.sys

2007-07-26 19:30 2067584 5362d54a6925afdcbbba53b43ee65774 C:\WINDOWS\system32\ntkrnlpa.exe

2007-07-26 19:31 2190464 9899bb89856e3bd4ef13e11ccee49b71 C:\WINDOWS\system32\ntoskrnl.exe

2007-07-14 00:42 974848 32f67215c57df2c401bf93b7ee65987f C:\WINDOWS\explorer.exe
.
((((((((((((((((((((((((((((( snapshot@2008-07-05_18.08.27,37 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-07-05 16:04:45 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-07-05 17:50:32 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-07-05 00:04:55 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
+ 2008-07-05 17:45:12 2,121,728 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000001\NTUSER.DAT
+ 2008-07-05 17:45:12 143,360 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat
+ 2008-07-05 00:04:55 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2008-07-05 16:29:43 2,121,728 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000001\NTUSER.DAT
+ 2008-07-05 16:29:43 143,360 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-08-22 14:06 167368]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:44 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"kX Mixer"="C:\WINDOWS\system32\kxmixer.exe" [2005-07-14 15:17 472576]
"AtiPTA"="atiptaxx.exe" [2005-11-23 02:05 344064 C:\WINDOWS\system32\atiptaxx.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 02:44 15360]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2008-07-05 08:33:52 1205840]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 21:26:24 210520]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableStatusMessages"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMMyPictures"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"NoSMHelp"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoResolveSearch"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMMyPictures"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"NoSMHelp"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoResolveSearch"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ac3filter"= ac3filter.acm

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=

R3 e4usbaw;USB ADSL2 WAN Adapter;C:\WINDOWS\system32\DRIVERS\e4usbaw.sys [2007-01-04 13:48]
R3 kxwdmdrv;kX WDM Driver Service;C:\WINDOWS\system32\drivers\kx.sys [2005-07-14 15:17]
R3 PAC207;PC Camera;C:\WINDOWS\system32\DRIVERS\PFC027.SYS [2007-05-29 13:30]
S2 E4LOADER;General Purpose USB Driver (e4ldr.sys);C:\WINDOWS\system32\Drivers\e4ldr.sys [2007-01-04 13:47]
S3 usbscan;Sterownik skanera USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-05 19:55:47
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-07-05 19:56:37
ComboFix-quarantined-files.txt 2008-07-05 17:56:32
ComboFix2.txt 2008-07-05 16:48:11
ComboFix3.txt 2008-07-05 16:08:43

Pre-Run: 1,496,928,256 bajtów wolnych
Post-Run: 1,493,327,872 bajtów wolnych

155

hijackThis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:13:51, on 2008-07-05
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20583)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\kxmixer.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Smart Web Printing\hpswp_clipbook.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [kX Mixer] C:\WINDOWS\system32\kxmixer.exe --startup
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: Kolekcja wycinków HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Zaznaczanie HP Smart - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{C287274D-25AB-4BD9-8E6D-B554BCA147AE}: NameServer = 213.241.79.37 83.238.255.76
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Indexing Service (CiSvc) - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)

--
End of file - 3744 bytes

ciągle jest to samo

mam jeszcze takie pytanie czy w netii lub tp po ok 10 minutach moze byc ponad 2000 pakietów wyslanych a ponad 5000 pobranych??

**Posty:** 8001 · przez **Okocza** 05 Lip 2008, 20:18

troche malo, chyba ze nic nie pobierasz.

hmmm...

w logaach nic nie widac, przeskanuj kompa tym http://www.forum.programosy.pl/program-szukajacy-trojanow-i-malware-vt97108.html

**Posty:** 133 · przez **Cadar** 05 Lip 2008, 20:31

oto ten log:

********************************************************************************
* *
* FixIEDef Log *
* Version 1.4.20.5916 *
* *
********************************************************************************

Created at 20:29:40 on Saturday, July 05, 2008

Time Zone :

Logged On User : Administrator

Operating System : Microsoft Windows XP Professional Dodatek Service Pack 2
OS Version : 5.1.2600
System Langauge : Polish
Keyboard Layout : Polish
Processor : X86 Intel(R) Celeron(R) CPU 2.00GHz

System Drive : C:\
Windows Directory : C:\WINDOWS
System Directory : C:\WINDOWS\system32

Total Physical Memory : 536330240 bytes
Free Physical Memory : 261880 bytes
Total Virtual Memory : 2097024 bytes
Free Virtual Memory : 2049004 bytes

Boot State : Normal boot

--------------------------------------------------------------------------------

!!! Files that have been deleted !!!

No malicious files found

--------------------------------------------------------------------------------

!!! Directories that have been removed !!!

No malicious directories to be removed

--------------------------------------------------------------------------------

!!! Registry entries that have been removed !!!

No malicious Registry entries found

================================================================================

All Done

ShadowPuterDude

Safe Surfing!!!

a niesciagam nic

**Posty:** 8001 · przez **Okocza** 05 Lip 2008, 20:35

no to jest możliwe. w logach nic nie ma, może to wina NETII :?:

zadzwoń do nich i powiedz że strasznie zamulony jest internet, czy to nie jest u nich wina.

**Posty:** 133 · przez **Cadar** 05 Lip 2008, 20:50

aha ok dzieki

problem z internetem , bardzo zamula

problem z internetem , bardzo zamula

Kto jest na forum