prosze o sprawdzenie loga

**Posty:** 23 · przez **wujakasha** 24 Lip 2007, 15:34

Od paru dni widze znaczacy wzrost latency w gierkach, z okolo 150 do 600-700, przeskanowlalem kompa nodem, ewido i spybotem. Usunelo mi pare rzeczy ale problem nie zniknal.

Hijack:

Kod: Zaznacz wszystko: Logfile of HijackThis v1.99.1 Scan saved at 15:24:14, on 2007-07-24 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\cFosSpeed\spd.exe C:\Program Files\Eset\nod32krn.exe C:\Program Files\Prevx Pro\PXAgent.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe C:\Program Files\cFosSpeed\cFosSpeed.exe C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\Program Files\Eset\nod32kui.exe C:\Program Files\Labtec\Keyboard\V5.1\kbdap32a.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\Mozilla Firefox\firefox.exe D:\Nowy folder\hijackthis_199\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [cFosSpeed] C:\Program Files\cFosSpeed\cFosSpeed.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [SoundMan] soundman.exe O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [OFFICEKB] C:\Program Files\Labtec\Keyboard\V5.1\kbdap32a.exe O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O10 - Broken Internet access because of LSP provider 'c:\program files\bonjour\mdnsnsp.dll' missing O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1178207714451 O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1178207703561 O17 - HKLM\System\CCS\Services\Tcpip\..\{28FE4DA2-44A0-4D19-84E7-9368B38D57B6}: NameServer = 194.204.152.34 217.98.63.164 O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing) O23 - Service: cFosSpeed System Service (cFosSpeedS) - Unknown owner - C:\Program Files\cFosSpeed\spd.exe" -service (file missing) O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: Prevx Agent (PrevxAgent) - Unknown owner - C:\Program Files\Prevx Pro\PXAgent.exe" -f (file missing) O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe

Silent runners:

Kod: Zaznacz wszystko: "Silent Runners.vbs", revision R50, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} "CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS] "DAEMON Tools" = ""C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033" ["DT Soft Ltd."] HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++} "cFosSpeed" = "C:\Program Files\cFosSpeed\cFosSpeed.exe" ["cFos Software GmbH"] "SunJavaUpdateSched" = ""C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"" ["Sun Microsystems, Inc."] "SoundMan" = "soundman.exe" ["Avance Logic, Inc."] "nod32kui" = ""C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE" ["Eset "] "KernelFaultCheck" = "C:\WINDOWS\system32\dumprep 0 -k" "OFFICEKB" = "C:\Program Files\Labtec\Keyboard\V5.1\kbdap32a.exe" [empty string] "!AVG Anti-Spyware" = ""C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized" ["GRISOFT s.r.o."] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided) -> {HKLM...CLSID} = "Adobe PDF Reader Link Helper" \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"] {53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided) -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided) -> {HKLM...CLSID} = "SSVHelper Class" \InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll" ["Sun Microsystems, Inc."] {AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = (no title provided) -> {HKLM...CLSID} = "Google Toolbar Helper" \InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" ["Google Inc."] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania" -> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania" \InProcServer32\(Default) = "deskpan.dll" [file not found] "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu" -> {HKLM...CLSID} = "HyperTerminal Icon Ext" \InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."] "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] "{B089FE88-FB52-11D3-BDF1-0050DA34150D}" = "NOD32 Context Menu Shell Extension" -> {HKLM...CLSID} = "NOD32 Context Menu Shell Extension" \InProcServer32\(Default) = "C:\Program Files\Eset\nodshex.dll" [null data] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\ <<!>> "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}" = "AVG Anti-Spyware 7.5" -> {HKLM...CLSID} = "CShellExecuteHookImpl Object" \InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" ["GRISOFT s.r.o."] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ <<!>> AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."] HKLM\Software\Classes\Folder\shellex\ColumnHandlers\ {F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info" -> {HKLM...CLSID} = "PDF Shell Extension" \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."] HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ AVG Anti-Spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}" -> {HKLM...CLSID} = "CContextScan Object" \InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll" ["GRISOFT s.r.o."] NOD32 Context Menu Shell Extension\(Default) = "{B089FE88-FB52-11D3-BDF1-0050DA34150D}" -> {HKLM...CLSID} = "NOD32 Context Menu Shell Extension" \InProcServer32\(Default) = "C:\Program Files\Eset\nodshex.dll" [null data] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ AVG Anti-Spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}" -> {HKLM...CLSID} = "CContextScan Object" \InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll" ["GRISOFT s.r.o."] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ NOD32 Context Menu Shell Extension\(Default) = "{B089FE88-FB52-11D3-BDF1-0050DA34150D}" -> {HKLM...CLSID} = "NOD32 Context Menu Shell Extension" \InProcServer32\(Default) = "C:\Program Files\Eset\nodshex.dll" [null data] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\ "ClearRecentDocsOnExit" = (REG_DWORD) hex:0x00000001 {unrecognized setting} HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\ "LinkResolveIgnoreLinkInfo" = (REG_DWORD) hex:0x00000000 {unrecognized setting} "NoResolveSearch" = (REG_DWORD) hex:0x00000001 {unrecognized setting} HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\ "DisableRegistryTools" = (REG_DWORD) hex:0x00000000 {User Configuration|Administrative Templates|System| Prevent access to registry editing tools} HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\ "shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Shutdown: Allow system to be shut down without having to log on} "undockwithoutlogon" = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Devices: Allow undock without having to log on} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ "Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp" Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ "Wallpaper" = "C:\Documents and Settings\Wujas\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp" Enabled Screen Saver: --------------------- HKCU\Control Panel\Desktop\ "SCRNSAVE.EXE" = "C:\WINDOWS\System32\logon.scr" [MS] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS] 000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000004\LibraryPath = "C:\Program Files\Bonjour\mdnsNSP.dll" [file not found] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: C:\WINDOWS\system32\imon.dll ["Eset "], 01 - 05, 23 %SystemRoot%\system32\mswsock.dll [MS], 06 - 08, 11 - 22 %SystemRoot%\system32\rsvpsp.dll [MS], 09 - 10 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ "{2318C2B1-4965-11D4-9B18-009027A5CD4F}" -> {HKLM...CLSID} = "&Google" \InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" ["Google Inc."] HKLM\Software\Microsoft\Internet Explorer\Toolbar\ "{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = (no title provided) -> {HKLM...CLSID} = "&Google" \InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" ["Google Inc."] Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ "MenuText" = "Sun Java Console" "CLSIDExtension" = "{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC}" -> {HKCU...CLSID} = "Java Plug-in 1.6.0_01" \InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll" ["Sun Microsystems, Inc."] -> {HKLM...CLSID} = "Java Plug-in 1.6.0_01" \InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll" ["Sun Microsystems, Inc."] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ Ati HotKey Poller, Ati HotKey Poller, "C:\WINDOWS\System32\Ati2evxx.exe" ["ATI Technologies Inc."] AVG Anti-Spyware Guard, AVG Anti-Spyware Guard, "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe" ["GRISOFT s.r.o."] cFosSpeed System Service, cFosSpeedS, ""C:\Program Files\cFosSpeed\spd.exe" -service" ["cFos Software GmbH"] NOD32 Kernel Service, NOD32krn, ""C:\Program Files\Eset\nod32krn.exe"" ["Eset "] Prevx Agent, PrevxAgent, ""C:\Program Files\Prevx Pro\PXAgent.exe" -f" ["Prevx Ltd."] SoundMAX Agent Service, SoundMAX Agent Service (default), "C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe" ["Analog Devices, Inc."] Sunbelt Personal Firewall 4, SPF4, ""C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe"" ["Sunbelt Software"] ---------- <<!>>: Suspicious data at a malware launch point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + The search for DESKTOP.INI DLL launch points on all local fixed drives took 110 seconds. ---------- (total run time: 172 seconds)

Z gory dzieki za pomoc

**Posty:** 18165 · przez **wojtas** 24 Lip 2007, 17:45

logi masz czyste

**Posty:** 23 · przez **wujakasha** 24 Lip 2007, 18:02

hmmm, dzis lagi mam jeszcze wieksze, siagajace 900 ms. Kerio pokazuje mi 20 polaczen naslu**ujacych (cenzura lol), nie pamietm ile mialem przedtem, ale napewno mniej. Dorzuce loga z combofixa dla pewnosci

Kod: Zaznacz wszystko: "Wujas" - 2007-07-24 17:40:26 - ComboFix 07-07-23.6 - Dodatek Service Pack 2 NTFS ((((((((((((((((((((((((( Files Created from 2007-06-24 to 2007-07-24 ))))))))))))))))))))))))))))))) 2007-07-24 17:34 51,200 --a------ C:\WINDOWS\nircmd.exe 2007-07-23 18:39 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DANEAP~1\Spybot - Search & Destroy 2007-07-23 18:07 <DIR> d-------- C:\!KillBox 2007-07-23 17:15 <DIR> d-------- C:\Program Files\SkanerOnline 2007-07-23 14:18 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2007-07-23 13:15 <DIR> d-------- C:\DOCUME~1\Wujas\DANEAP~1\Prevx 2007-07-10 17:26 98,304 --a------ C:\WINDOWS\system32CmdLineExt.dll 2007-07-10 17:26 <DIR> dr-h----- C:\DOCUME~1\Wujas\DANEAP~1\SecuROM 2007-07-08 16:34 <DIR> d-------- C:\DOCUME~1\Wujas\DANEAP~1\InstallShield 2007-07-06 19:24 <DIR> d-------- C:\Program Files\YourWare Solutions 2007-07-06 17:55 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DANEAP~1\FLEXnet 2007-07-06 17:46 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-07-24 15:39:44 -------- d-----w C:\Program Files\cFosSpeed 2007-07-24 15:17:03 -------- d-----w C:\DOCUME~1\Wujas\DANEAP~1\foobar2000 2007-07-24 00:43:25 -------- d-----w C:\Program Files\eMule 2007-07-23 17:18:15 991 ----a-w C:\WINDOWS\system32\drivers\fwdrv.err 2007-07-23 12:55:37 -------- d-----w C:\DOCUME~1\Wujas\DANEAP~1\Azureus 2007-07-23 01:21:36 77,312 ----a-w C:\WINDOWS\ua2.dll 2007-07-19 13:37:59 -------- d-----w C:\Program Files\UI Central 2007-07-15 17:38:57 44 ----a-w C:\WINDOWS\system32\msssc.dll 2007-07-08 14:40:46 -------- d--h--w C:\Program Files\InstallShield Installation Information 2007-06-23 21:39:58 -------- d-----w C:\DOCUME~1\Wujas\DANEAP~1\gtk-2.0 2007-06-22 02:42:16 -------- d-----w C:\Program Files\Azureus 2007-06-17 23:27:14 -------- d-----w C:\Program Files\OpenOffice.ux.pl 2.2.0 2007-06-09 19:43:00 -------- d-----w C:\DOCUME~1\Wujas\DANEAP~1\Talkback 2007-06-09 07:27:36 -------- d-----w C:\Program Files\DivX 2007-06-04 13:17:41 -------- d-----w C:\Program Files\Labtec 2007-05-31 17:43:17 -------- d-----w C:\Program Files\HydraIRC 2007-05-31 17:40:51 335 ----a-w C:\WINDOWS\nsreg.dat 2007-05-31 17:40:39 7,703 ----a-w C:\WINDOWS\mozver.dat 2007-05-31 17:40:39 118,784 ----a-w C:\WINDOWS\SeaMonkeyUninstall.exe 2007-05-31 17:40:27 118,784 ----a-w C:\WINDOWS\GREUninstall.exe 2007-05-31 17:40:16 -------- d-----w C:\Program Files\Common Files\mozilla.org 2007-05-31 17:40:03 -------- d-----w C:\Program Files\mozilla.org 2007-05-31 17:21:38 -------- d-----w C:\Program Files\mIRC 2007-05-31 14:22:51 -------- d-----w C:\Program Files\GIMP-2.0 2007-05-31 14:21:44 -------- d-----w C:\Program Files\Common Files\GTK 2007-05-30 20:02:11 -------- d-----w C:\DOCUME~1\Wujas\DANEAP~1\.BitTornado 2007-05-30 20:02:04 -------- d-----w C:\Program Files\BitTornado 2007-05-13 17:24:29 40,825,130 ----a-w C:\BackupRegistry(20070513).reg 2007-05-13 11:56:37 74,230 ----a-w C:\WINDOWS\system32\perfc015.dat 2007-05-13 11:56:37 448,004 ----a-w C:\WINDOWS\system32\perfh015.dat 2007-05-04 00:55:06 31 ----a-w C:\Program Files\error_sm.txt 2007-05-03 20:17:52 298,104 ----a-w C:\WINDOWS\system32\imon.dll 2007-05-03 14:55:04 0 --sha-r C:\MSDOS.SYS 2007-05-03 14:55:04 0 --sha-r C:\IO.SYS 2007-05-03 14:55:04 0 ----a-w C:\CONFIG.SYS 2007-05-03 14:55:04 0 ----a-w C:\AUTOEXEC.BAT 2007-05-03 14:52:17 21,856 ----a-w C:\WINDOWS\system32\emptyregdb.dat ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "cFosSpeed"="C:\Program Files\cFosSpeed\cFosSpeed.exe" [2005-12-09 18:22] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43] "SoundMan"="soundman.exe" [2001-05-29 01:02 C:\WINDOWS\soundman.exe] "nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-05-03 22:17] "OFFICEKB"="C:\Program Files\Labtec\Keyboard\V5.1\kbdap32a.exe" [2007-06-04 15:17] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:44] "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-04-04 00:29] [HKEY_USERS\.default\software\microsoft\windows\currentversion\runservices] "Microsoft Directx push"=directxpushup.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "LinkResolveIgnoreLinkInfo"=0 (0x0) "NoResolveSearch"=1 (0x1) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "ClearRecentDocsOnExit"=1 (0x1) [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Driver] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Guard] R0 sfvfs02;StarForce Protection VFS Driver (version 2.x);C:\WINDOWS\system32\drivers\sfvfs02.sys R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys R1 nod32drv;nod32drv;C:\WINDOWS\system32\drivers\nod32drv.sys R2 cFosSpeedS;cFosSpeed System Service;"C:\Program Files\cFosSpeed\spd.exe" -service R2 SoundMAX Agent Service (default);SoundMAX Agent Service;C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe R2 SPF4;Sunbelt Personal Firewall 4;"C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe" R3 cFosSpeed;cFosSpeed Miniport;C:\WINDOWS\system32\DRIVERS\cfosspeed.sys R4 PREVXDriver;Prevx Driver;C:\WINDOWS\system32\drivers\pxfsf.sys S3 ctljystk;Port gier dla karty Creative SB Live!;C:\WINDOWS\system32\DRIVERS\ctljystk.sys S3 FETNDIS;Sterownik NT karty VIA PCI 10/100Mb Fast Ethernet;C:\WINDOWS\system32\DRIVERS\fetnd5.sys S3 msdirectxpushup;msdirectxpushup;\??\C:\WINDOWS\system32\msdirectxpush.sys ************************************************************************** catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-07-24 17:43:20 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes ... C:\WINDOWS\system32\cmd.exe [824] 0x8178B020 scanning hidden registry entries ... [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\A\1\5\1c] "Order"=hex:08,00,00,00,02,00,00,00,b8,01,00,00,01,00,00,00,04,00,00,00,8c,.. scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** Completion time: 2007-07-24 17:45:18 --- E O F ---

**Posty:** 18165 · przez **wojtas** 24 Lip 2007, 18:11

sciagnij killbox’a

Odpalasz Killboxa zaznacz opcję Delete on Reboot następnie w polu Full Path of File to Delete wklej ścieżkę

C:\WINDOWS\system32\msssc.dll

i nacisnij x
Program będzie pytał o restart (oczywiście zgadzasz się)

potem wklej do notatnika:

Windows Registry Editor Version 5.00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runservices]
"Microsoft Directx push"=-

w notatniku u góry>>>plik zapisz jako>>>Zmien rozszerzenie z TXT na Wszystkie pliki *.* >>> Zapisz pod nazwą FIX.REG

Klikasz dwa razy na powstały plik fix i dodajesz go do rejestru

**Posty:** 23 · przez **wujakasha** 24 Lip 2007, 21:39

zrobilem co mi kazales, dodalem wpis resnalem kompa jeszcze raz. Zaczely wyskakiwac mi niebiesike ekrany. Nie wiem czy ma to zwiazek, mam problemy z dyskiem od dluzszego czasu. Zrobilem scandiska. Po zaladowniu systemu wyskoczyl mi blad

Lagi nie zniknely, zrobily sie jeszcze wieksze, siegajace 7000.
Dorzucam log z combofixa:

Kod: Zaznacz wszystko: "Wujas" - 2007-07-24 21:39:14 - ComboFix 07-07-23.6 - Dodatek Service Pack 2 NTFS ((((((((((((((((((((((((( Files Created from 2007-06-24 to 2007-07-24 ))))))))))))))))))))))))))))))) 2007-07-24 18:05 <DIR> d-------- C:\Deckard 2007-07-24 17:34 51,200 --a------ C:\WINDOWS\nircmd.exe 2007-07-23 18:39 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DANEAP~1\Spybot - Search & Destroy 2007-07-23 18:07 <DIR> d-------- C:\!KillBox 2007-07-23 17:15 <DIR> d-------- C:\Program Files\SkanerOnline 2007-07-23 14:18 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2007-07-23 13:15 <DIR> d-------- C:\DOCUME~1\Wujas\DANEAP~1\Prevx 2007-07-10 17:26 98,304 --a------ C:\WINDOWS\system32CmdLineExt.dll 2007-07-10 17:26 <DIR> dr-h----- C:\DOCUME~1\Wujas\DANEAP~1\SecuROM 2007-07-08 16:34 <DIR> d-------- C:\DOCUME~1\Wujas\DANEAP~1\InstallShield 2007-07-06 19:24 <DIR> d-------- C:\Program Files\YourWare Solutions 2007-07-06 17:55 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DANEAP~1\FLEXnet 2007-07-06 17:46 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-07-24 19:34:44 -------- d-----w C:\Program Files\cFosSpeed 2007-07-24 16:38:44 1,057 ----a-w C:\WINDOWS\system32\drivers\fwdrv.err 2007-07-24 15:17:03 -------- d-----w C:\DOCUME~1\Wujas\DANEAP~1\foobar2000 2007-07-24 00:43:25 -------- d-----w C:\Program Files\eMule 2007-07-23 12:55:37 -------- d-----w C:\DOCUME~1\Wujas\DANEAP~1\Azureus 2007-07-23 01:21:36 77,312 ----a-w C:\WINDOWS\ua2.dll 2007-07-19 13:37:59 -------- d-----w C:\Program Files\UI Central 2007-07-08 14:40:46 -------- d--h--w C:\Program Files\InstallShield Installation Information 2007-06-23 21:39:58 -------- d-----w C:\DOCUME~1\Wujas\DANEAP~1\gtk-2.0 2007-06-22 02:42:16 -------- d-----w C:\Program Files\Azureus 2007-06-17 23:27:14 -------- d-----w C:\Program Files\OpenOffice.ux.pl 2.2.0 2007-06-09 19:43:00 -------- d-----w C:\DOCUME~1\Wujas\DANEAP~1\Talkback 2007-06-09 07:27:36 -------- d-----w C:\Program Files\DivX 2007-06-04 13:17:41 -------- d-----w C:\Program Files\Labtec 2007-05-31 17:43:17 -------- d-----w C:\Program Files\HydraIRC 2007-05-31 17:40:51 335 ----a-w C:\WINDOWS\nsreg.dat 2007-05-31 17:40:39 7,703 ----a-w C:\WINDOWS\mozver.dat 2007-05-31 17:40:39 118,784 ----a-w C:\WINDOWS\SeaMonkeyUninstall.exe 2007-05-31 17:40:27 118,784 ----a-w C:\WINDOWS\GREUninstall.exe 2007-05-31 17:40:16 -------- d-----w C:\Program Files\Common Files\mozilla.org 2007-05-31 17:40:03 -------- d-----w C:\Program Files\mozilla.org 2007-05-31 17:21:38 -------- d-----w C:\Program Files\mIRC 2007-05-31 14:22:51 -------- d-----w C:\Program Files\GIMP-2.0 2007-05-31 14:21:44 -------- d-----w C:\Program Files\Common Files\GTK 2007-05-30 20:02:11 -------- d-----w C:\DOCUME~1\Wujas\DANEAP~1\.BitTornado 2007-05-30 20:02:04 -------- d-----w C:\Program Files\BitTornado 2007-05-13 17:24:29 40,825,130 ----a-w C:\BackupRegistry(20070513).reg 2007-05-13 11:56:37 74,230 ----a-w C:\WINDOWS\system32\perfc015.dat 2007-05-13 11:56:37 448,004 ----a-w C:\WINDOWS\system32\perfh015.dat 2007-05-04 00:55:06 31 ----a-w C:\Program Files\error_sm.txt 2007-05-03 20:17:52 298,104 ----a-w C:\WINDOWS\system32\imon.dll 2007-05-03 14:55:04 0 --sha-r C:\MSDOS.SYS 2007-05-03 14:55:04 0 --sha-r C:\IO.SYS 2007-05-03 14:55:04 0 ----a-w C:\CONFIG.SYS 2007-05-03 14:55:04 0 ----a-w C:\AUTOEXEC.BAT 2007-05-03 14:52:17 21,856 ----a-w C:\WINDOWS\system32\emptyregdb.dat ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "cFosSpeed"="C:\Program Files\cFosSpeed\cFosSpeed.exe" [2005-12-09 18:22] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43] "SoundMan"="soundman.exe" [2001-05-29 01:02 C:\WINDOWS\soundman.exe] "nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-05-03 22:17] "OFFICEKB"="C:\Program Files\Labtec\Keyboard\V5.1\kbdap32a.exe" [2007-06-04 15:17] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:44] "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-04-04 00:29] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "LinkResolveIgnoreLinkInfo"=0 (0x0) "NoResolveSearch"=1 (0x1) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "ClearRecentDocsOnExit"=1 (0x1) [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Driver] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Guard] R0 sfvfs02;StarForce Protection VFS Driver (version 2.x);C:\WINDOWS\system32\drivers\sfvfs02.sys R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys R1 nod32drv;nod32drv;C:\WINDOWS\system32\drivers\nod32drv.sys R2 cFosSpeedS;cFosSpeed System Service;"C:\Program Files\cFosSpeed\spd.exe" -service R2 SoundMAX Agent Service (default);SoundMAX Agent Service;C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe R2 SPF4;Sunbelt Personal Firewall 4;"C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe" R3 cFosSpeed;cFosSpeed Miniport;C:\WINDOWS\system32\DRIVERS\cfosspeed.sys S3 ctljystk;Port gier dla karty Creative SB Live!;C:\WINDOWS\system32\DRIVERS\ctljystk.sys S3 FETNDIS;Sterownik NT karty VIA PCI 10/100Mb Fast Ethernet;C:\WINDOWS\system32\DRIVERS\fetnd5.sys S3 msdirectxpushup;msdirectxpushup;\??\C:\WINDOWS\system32\msdirectxpush.sys ************************************************************************** catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-07-24 21:42:14 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes ... C:\WINDOWS\system32\cmd.exe [3032] 0x8168C020 scanning hidden registry entries ... [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\A\1\5\1c] "Order"=hex:08,00,00,00,02,00,00,00,b8,01,00,00,01,00,00,00,04,00,00,00,8c,.. scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** Completion time: 2007-07-24 21:44:14 C:\ComboFix2.txt ... 2007-07-24 17:45 --- E O F ---

**Posty:** 18165 · przez **wojtas** 24 Lip 2007, 22:40

Prawym na ,,Mój komputer">właściwości>Zakładka "Zaawansowane" -> Uruchamianie i odzyskiwanie i klikamy "ustawienia">
w części "Awaria systemu" odznaczamy pole "Automatycznie uruchom ponownie"

wyskoczy Ci niebieski ekren przepisz z niego kod bledu i daj na forum

**Posty:** 23 · przez **wujakasha** 24 Lip 2007, 22:47

po scandisku bledy nie wyskakuja mi przez jakis czas. Nie zapisalem tego ktorego mialem, ale zaczynal sie chyba na FTL_ ... Bledy dysku pojawiaja sie i znikaja od jakichs 2 miesiecy, lagi mam od dwoch dni. Jest coraz gorzej -_-

**Posty:** 18165 · przez **wojtas** 24 Lip 2007, 22:55

mamy chyba cos jeszcze:

S3

msdirectxpushup;msdirectxpushup;\??\C:\WINDOWS\system32\msdirectxpush.sys

sciagnij gmera:

http://gmer.net/gmer.zip

1. Zakładka Rootkit >>> zaznaczone wszystko oprócz Pokazuj wszystko >>> kliknij Szukaj >>> czekaj cierpliwie aż skończy >>> Kopiuj >>> wklej do posta
2. Zakładka Rootkit >>> zaznaczone tylko Usługi i Pokazuj wszystko >>> kliknij Szukaj >>> czekaj cierpliwie aż skończy >>> Kopiuj >>> wklej do posta

**Posty:** 23 · przez **wujakasha** 24 Lip 2007, 23:25

erm chwila

**Posty:** 18165 · przez **wojtas** 24 Lip 2007, 23:26

logi sie nie mieszcza wrzuc na www.rapidshare.com 2 logi

**Posty:** 23 · przez **wujakasha** 24 Lip 2007, 23:58

http://rapidshare.com/files/44830841/log1.log.html
http://rapidshare.com/files/44830980/log2.log.html

**Posty:** 18165 · przez **wojtas** 25 Lip 2007, 10:22

nie masz czasem 2 antywirusow w kompie??

jak masz to jeden odinstaluj

Pobierz i uruchom narzędzie
The Avenger
Zaznacz opcję Input script manually i kliknij na Lupkę z prawej strony. W okienku, które się otworzy wklejasz:

Drivers to unload:
msdirectxpushup

Files to delete:
C:\WINDOWS\system32\msdirectxpush.sys

Klikasz Done, a następnie zielone światełko i zgadzasz się na restart klikając OK.

potem nowy log z gmera i combofixa na rapidzie

**Posty:** 23 · przez **wujakasha** 25 Lip 2007, 12:39

Tak przez pewien czas mialem 2 antywiry

Kod: Zaznacz wszystko: Logfile of The Avenger version 1, by Swandog46 Running from registry key: \Registry\Machine\System\CurrentControlSet\Services\pcxaomty ******************* Script file located at: \??\C:\WINDOWS\nfhavoso.txt Script file opened successfully. Script file read successfully Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: Driver msdirectxpushup unloaded successfully. File C:\WINDOWS\system32\msdirectxpush.sys not found! Deletion of file C:\WINDOWS\system32\msdirectxpush.sys failed! Could not process line: C:\WINDOWS\system32\msdirectxpush.sys Status: 0xc0000034 Completed script processing. ******************* Finished! Terminate.

http://rapidshare.com/files/44920788/combolog.txt.html
http://rapidshare.com/files/44920924/gmer1.log.html
http://rapidshare.com/files/44921021/gmer2.log.html

Lagi sa takie same

**Posty:** 18165 · przez **wojtas** 25 Lip 2007, 15:36

logi masz czyste wiec nie masz wirusow

**Posty:** 23 · przez **wujakasha** 25 Lip 2007, 21:31

hmmm. No nic dzieki za pomoc. Sprobuje formata, juz od jakiegos czasu szukalem pretekstu, zeby go zrobic ;]

prosze o sprawdzenie loga

Prosze o sprawdzenie loga

Kto jest na forum