zamulone łącze, wysoki ping, podejrzany netstat

**Posty:** 26 · przez **karel2** 07 Gru 2007, 11:52

Otóż mam taki problem z łączem, że od pewnego czasu (ze 2 tygodnie) męczy mnie ogromny ping w grach i generalnie zamulone łącze. Prędkości przy ściąganiu znacznie spadły itp. Po wpisaniu w linii komend komendy 'netstat' okazuje się, że na raz mam otwartych wiele połączeń. Firewall (ani ten windowsowski [vistowy dokladniej], ani też inno-frimowy) nie zabardzo pomaga, a niektóre, bo kilku próbowałem, wręcz uniemożliwiały korzystanie z internetu, gdyż blokowały większośc prób połączenia*. W każdym razie, żaden ze znanych mi sposobów nie pomógł. I tu pojawia się moje pytanie:

czy znacie jakiś sensowny sposób zbadania sprawy i ewentualnego jej zapobiegnięcia?

Z góry dziękuję.

*byc może z mojej winy - konfigurowałem na szybko

**Posty:** 3854 · przez **Dzi@dek** 07 Gru 2007, 11:54

http://forum.programosy.pl/hijackthis-amp-silent-runners-gtobsuga-i-umieszczanie-vt9452.html
daj log z hijackthis - umieść go w tagi.

**Posty:** 26 · przez **karel2** 07 Gru 2007, 12:03

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:02:15, on 2007-12-07
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16546)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\system32\taskeng.exe
C:\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\Opera\Opera.exe
C:\Nowy folder\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.rd.yahoo.com/customize/ycomp/defaults/sp/*http://uk.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://pl.intl.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://pl.intl.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://pl.intl.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/ycomp/defaults/su/*http://uk.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [eAudio] "C:\Acer\Empowering Technology\eAudio\eAudio.exe"
O4 - HKLM\..\Run: [StartCCC] c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [PLFSet] rundll32.exe C:\Windows\PLFSet.dll,PLFDefSetting
O4 - HKLM\..\Run: [SetPanel] C:\Acer\APanel\APanel.cmd
O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe"
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [] "C:\Users\Karol\AppData\Local\Temp\gg.exe" /tray
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: BOINC Manager.lnk = C:\Program Files\BOINC\boincmgr.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O20 - AppInit_DLLs: eNetHook.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Power Manager (PowerManager) - Unknown owner - C:\Windows\svchost.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 7494 bytes

Voilla

**Posty:** 3854 · przez **Dzi@dek** 07 Gru 2007, 12:31

O1 - Hosts: ::1 localhost
O23 - Service: Power Manager (PowerManager) - Unknown owner - C:\Windows\svchost.exe (file missing)

Usuń te wpisy w hijackthis a później plik pogrubiony ręczie usuń z dysku
( tylko nie pomyl lokalizacji C:\Windows\System32\svchost.exe - lokalizacja prawidłowa. C:\Windows\svchost.exe- nieprawidłowy )

Daj jeszcze log z Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

**Posty:** 26 · przez **karel2** 07 Gru 2007, 18:32

ComboFix 07-12-07.3 - Karol 2007-12-07 17:17:48.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1250.1.1045.18.311 [GMT 1:00]
Running from: C:\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2007-11-07 to 2007-12-07 )))))))))))))))))))))))))))))))
.

2007-12-07 17:13 . 2007-12-07 17:13 1,593,002 --a------ C:\ComboFix.exe
2007-12-07 11:01 . 2007-12-07 17:11 <DIR> d-------- C:\Nowy folder
2007-12-07 10:29 . 2007-12-07 10:29 <DIR> d-------- C:\Users\Karol\AppData\Roaming\Grisoft
2007-12-07 10:28 . 2007-12-07 10:28 <DIR> d-------- C:\Users\All Users\Grisoft
2007-12-07 10:28 . 2007-12-07 10:28 <DIR> d-------- C:\ProgramData\Grisoft
2007-12-07 10:28 . 2007-05-30 13:10 10,872 --a------ C:\Windows\System32\drivers\AvgAsCln.sys
2007-12-07 10:26 . 2007-12-07 10:27 12,413,440 --a------ C:\avgas-setup-7.5.1.43.exe
2007-12-07 10:12 . 2007-12-07 10:13 255,391,995 --a------ C:\Windows\MEMORY.DMP
2007-12-06 23:27 . 2007-12-06 23:33 26,420,224 --a------ C:\kis7.0.0.125pl(dobreprogramy.pl).msi
2007-12-06 18:09 . 2007-12-06 18:10 1,786,673 --a------ C:\VistaFirewallControlPlus-Setup.exe
2007-12-06 17:30 . 2007-12-06 17:30 <DIR> d-------- C:\Users\Karol\AppData\Roaming\Kerio
2007-12-06 17:17 . 2007-12-06 17:22 32,931,912 --a------ C:\kerio-kwf-6.4.0-3176-win32.exe
2007-12-06 10:36 . 2007-12-06 10:36 1,732,834 --a------ C:\ALLPlayer_[programosy.pl].exe
2007-12-04 06:09 . 2007-12-04 06:09 8,147,968 --a------ C:\Windows\System32\wmploc.DLL
2007-12-04 06:09 . 2007-12-04 06:09 205,824 --a------ C:\Windows\System32\msoeacct.dll
2007-12-04 06:09 . 2007-12-04 06:09 87,040 --a------ C:\Windows\System32\msoert2.dll
2007-12-04 06:09 . 2007-12-04 06:09 39,424 --a------ C:\Windows\System32\ACCTRES.dll
2007-12-04 06:09 . 2007-12-04 06:09 7,680 --a------ C:\Windows\System32\spwmp.dll
2007-12-04 06:09 . 2007-12-04 06:09 4,096 --a------ C:\Windows\System32\msdxm.ocx
2007-12-04 06:09 . 2007-12-04 06:09 4,096 --a------ C:\Windows\System32\dxmasf.dll
2007-12-02 21:27 . 2007-12-06 16:41 <DIR> d-------- C:\Program Files\BOINC
2007-12-02 21:26 . 2007-12-02 21:26 <DIR> d-------- C:\Windows\Downloaded Installations
2007-12-02 21:22 . 2007-12-02 21:23 7,083,424 --a------ C:\boinc_5.10.28_windows_intelx86.exe
2007-12-02 18:21 . 2007-12-02 18:21 1,049,719 --a------ C:\wrar361pl.exe
2007-12-02 18:11 . 2007-12-07 10:14 <DIR> d-------- C:\Program Files\PeerGuardian2
2007-12-02 18:10 . 2007-12-02 18:10 1,958,450 --a------ C:\pg2-rc1-test2-2xx.exe
2007-12-02 18:07 . 2007-12-02 18:10 480,000 --a------ C:\pg2-rc1-test2-2.exe
2007-12-02 16:39 . 2007-12-02 16:39 45,548 --a------ C:\ArmyOps.rar
2007-12-02 12:47 . 2007-12-02 12:47 1,657,659 --a------ C:\ts2_server_rc2_202319.exe
2007-12-02 12:46 . 2007-12-02 12:48 5,862,994 --a------ C:\ts2_client_rc2_2032.exe
2007-12-02 12:46 . 2007-12-02 12:46 1,700,301 --a------ C:\foobar2000_0.9.4.5.exe
2007-12-02 12:03 . 2007-12-02 12:03 <DIR> d-------- C:\Program Files\Alwil Software
2007-12-02 12:03 . 2007-09-06 12:09 801,144 --a------ C:\Windows\System32\aswBoot.exe
2007-12-02 12:03 . 2004-01-09 11:13 380,928 --a------ C:\Windows\System32\actskin4.ocx
2007-12-02 12:03 . 2007-09-06 12:00 95,608 --a------ C:\Windows\System32\AvastSS.scr
2007-12-02 12:03 . 2007-09-06 12:02 45,648 --a------ C:\Windows\System32\drivers\aswMonFlt.sys
2007-12-02 12:03 . 2007-09-06 12:02 42,912 --a------ C:\Windows\System32\drivers\aswTdi.sys
2007-12-02 12:03 . 2007-09-06 12:03 23,152 --a------ C:\Windows\System32\drivers\aswRdr.sys
2007-12-02 12:00 . 2007-12-02 12:02 17,512,696 --a------ C:\setuppol.exe
2007-12-02 09:11 . 2007-12-02 11:59 <DIR> d-------- C:\Program Files\Jetico
2007-12-02 08:53 . 2007-12-02 08:53 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-12-02 08:22 . 2007-12-02 08:22 <DIR> d-------- C:\EqualizerPresets
2007-12-02 08:22 . 2007-12-02 08:22 3,633 --a------ C:\EqualizerPresets.zip
2007-11-28 17:01 . 2007-11-08 02:41 4,168,988,672 --a------ C:\htd-fepm.iso
2007-11-26 19:29 . 2007-11-26 19:29 <DIR> d-------- C:\Users\Karol\AppData\Roaming\teamspeak2
2007-11-26 19:27 . 2007-12-02 12:52 <DIR> d-------- C:\Program Files\Teamspeak2_RC2
2007-11-26 18:16 . 2007-11-26 18:17 319,456 --a------ C:\Windows\DIFxAPI.dll
2007-11-26 17:32 . 2007-12-06 19:47 <DIR> d-------- C:\Users\Karol\AppData\Roaming\foobar2000
2007-11-26 17:32 . 2007-12-02 12:47 <DIR> d-------- C:\Program Files\foobar2000
2007-11-26 14:24 . 2007-12-02 12:09 <DIR> d-------- C:\Program Files\America's Army Server Manager
2007-11-25 13:48 . 2007-12-02 12:17 <DIR> d-------- C:\Users\Karol\StarFuck
2007-11-25 13:18 . 2007-12-07 07:18 <DIR> d-------- C:\muzyka
2007-11-25 10:03 . 2007-12-06 10:47 <DIR> d-------- C:\Program Files\uTorrent
2007-11-25 10:02 . 2007-12-07 07:17 <DIR> d-------- C:\Users\Karol\AppData\Roaming\uTorrent
2007-11-24 22:29 . 2007-11-24 22:29 <DIR> d-------- C:\Program Files\MarBit
2007-11-24 17:25 . 2007-11-24 17:25 <DIR> d-------- C:\Program Files\Lavalys
2007-11-24 17:16 . 2007-11-24 17:16 <DIR> d-------- C:\Users\Karol\AppData\Roaming\Media Player Classic
2007-11-24 12:22 . 2007-11-25 13:21 <DIR> d-------- C:\Users\All Users\Ubisoft
2007-11-24 12:22 . 2007-11-25 13:21 <DIR> d-------- C:\ProgramData\Ubisoft
2007-11-24 12:21 . 2007-11-24 12:21 34,064 --a------ C:\Windows\System32\lhacm.acm
2007-11-24 12:12 . 2007-12-02 12:12 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
2007-11-24 12:12 . 2007-07-29 16:51 7,680 --a------ C:\Windows\System32\ff_vfw.dll
2007-11-24 09:45 . 2007-12-07 01:44 <DIR> d-------- C:\Emule
2007-11-24 09:43 . 2007-11-24 09:43 <DIR> d-------- C:\Users\Karol\AppData\Roaming\eMule
2007-11-24 09:43 . 2007-11-24 09:43 <DIR> d-------- C:\Users\All Users\eMule
2007-11-24 09:43 . 2007-11-24 09:43 <DIR> d-------- C:\ProgramData\eMule
2007-11-24 09:43 . 2007-12-02 12:11 <DIR> d-------- C:\Program Files\eMule
2007-11-23 03:04 . 2007-11-23 03:04 376,320 --a------ C:\Windows\System32\winsrv.dll
2007-11-23 03:04 . 2007-11-23 03:04 49,664 --a------ C:\Windows\System32\csrsrv.dll
2007-11-23 03:04 . 2007-11-23 03:04 20,647 --a------ C:\Windows\System32\MRT.INI
2007-11-23 03:01 . 2007-11-23 03:01 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-11-23 03:01 . 2007-11-23 03:01 2,026,496 --a------ C:\Windows\System32\win32k.sys
2007-11-23 03:01 . 2007-11-23 03:01 750,080 --a------ C:\Windows\System32\qmgr.dll
2007-11-23 03:01 . 2007-11-23 03:01 633,856 --a------ C:\Windows\System32\user32.dll
2007-11-22 22:04 . 2007-11-24 21:00 <DIR> d-------- C:\Users\Karol\AppData\Roaming\Azureus
2007-11-22 20:35 . 2007-11-22 20:35 <DIR> d-------- C:\Program Files\Java
2007-11-22 20:35 . 2007-09-24 23:31 69,632 --a------ C:\Windows\System32\javacpl.cpl
2007-11-22 20:20 . 2007-11-22 20:20 <DIR> d-------- C:\Program Files\Common Files\Java
2007-11-22 20:17 . 2007-12-02 12:10 <DIR> d-------- C:\Program Files\Azureus
2007-11-22 18:14 . 2007-11-22 18:14 <DIR> d-------- C:\Users\Karol\AppData\Roaming\backup
2007-11-22 18:05 . 2007-11-22 18:05 1,712,984 --a------ C:\Windows\System32\wuaueng.dll
2007-11-22 18:05 . 2007-11-22 18:05 1,524,224 --a------ C:\Windows\System32\wucltux.dll
2007-11-22 18:05 . 2007-11-22 18:05 549,720 --a------ C:\Windows\System32\wuapi.dll
2007-11-22 18:05 . 2007-11-22 18:05 80,896 --a------ C:\Windows\System32\wudriver.dll
2007-11-22 18:05 . 2007-11-22 18:05 53,080 --a------ C:\Windows\System32\wuauclt.exe
2007-11-22 18:05 . 2007-11-22 18:05 43,352 --a------ C:\Windows\System32\wups2.dll
2007-11-22 18:05 . 2007-11-22 18:05 33,624 --a------ C:\Windows\System32\wups.dll
2007-11-22 18:04 . 2007-11-22 18:04 163,000 --a------ C:\Windows\System32\wuwebv.dll
2007-11-22 18:04 . 2007-11-22 18:04 31,232 --a------ C:\Windows\System32\wuapp.exe
2007-11-22 17:46 . 2007-11-22 17:46 66,872 --a------ C:\Windows\System32\PnkBstrA.exe
2007-11-22 17:46 . 2007-12-02 19:14 22,328 --a------ C:\Windows\System32\drivers\PnkBstrK.sys
2007-11-22 17:45 . 2007-12-02 19:14 103,736 --a------ C:\Windows\System32\PnkBstrB.exe
2007-11-22 17:33 . 2007-06-20 20:46 266,088 --a------ C:\Windows\System32\xactengine2_8.dll
2007-11-22 17:33 . 2007-06-20 20:45 18,280 --a------ C:\Windows\System32\x3daudio1_2.dll
2007-11-22 15:37 . 2007-11-22 15:37 <DIR> d-------- C:\Users\Karol\AppData\Roaming\Gadu-Gadu
2007-11-22 14:59 . 2007-12-05 21:55 <DIR> d-------- C:\Users\Karol\Gadu-Gadu
2007-11-22 14:59 . 2007-12-02 12:11 <DIR> d-------- C:\Program Files\Gadu-Gadu
2007-11-22 14:54 . 2007-11-22 14:54 <DIR> d-------- C:\Program Files\Opera
2007-11-22 09:31 . 2007-12-02 12:11 <DIR> d-------- C:\Program Files\DAEMON Tools
2007-11-22 09:26 . 2007-11-22 09:26 685,816 --a------ C:\Windows\System32\drivers\sptd.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-06 16:44 3,740 ----a-w C:\Windows\system32\drivers\kwfupper.log
2007-12-06 16:44 18,762 ----a-w C:\Windows\system32\drivers\kwflower.log
2007-12-04 16:11 --------- d-----w C:\Program Files\Windows Mail
2007-12-04 05:07 56,320 ----a-w C:\Windows\System32\iesetup.dll
2007-12-04 05:07 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2007-12-02 20:44 --------- d-----w C:\ProgramData\Microsoft Help
2007-12-02 11:13 --------- d-----w C:\Program Files\Microsoft Works
2007-12-02 11:10 --------- d-----w C:\Program Files\Common Files\LightScribe
2007-11-26 17:17 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-23 02:03 86,016 ----a-w C:\Windows\System32\icfupgd.dll
2007-11-23 02:03 63,488 ----a-w C:\Windows\system32\drivers\mpsdrv.sys
2007-11-23 02:03 61,952 ----a-w C:\Windows\System32\cmifw.dll
2007-11-23 02:03 396,800 ----a-w C:\Windows\System32\MPSSVC.dll
2007-11-23 02:03 392,192 ----a-w C:\Windows\System32\FirewallAPI.dll
2007-11-23 02:03 374,456 ----a-w C:\Windows\System32\mcupdate_GenuineIntel.dll
2007-11-23 02:03 23,040 ----a-w C:\Windows\system32\drivers\tunnel.sys
2007-11-23 02:03 178,688 ----a-w C:\Windows\System32\iphlpsvc.dll
2007-11-23 02:03 16,896 ----a-w C:\Windows\System32\wfapigp.dll
2007-11-23 02:03 15,360 ----a-w C:\Windows\system32\drivers\TUNMP.SYS
2007-11-23 02:03 1,191,936 ----a-w C:\Windows\System32\msxml3.dll
2007-11-23 02:02 84,480 ----a-w C:\Windows\System32\INETRES.dll
2007-11-23 02:02 788,992 ----a-w C:\Windows\System32\rpcrt4.dll
2007-11-23 02:02 737,792 ----a-w C:\Windows\System32\inetcomm.dll
2007-11-23 02:02 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2007-11-23 02:02 5,120 ----a-w C:\Windows\System32\wmi.dll
2007-11-23 02:02 152,576 ----a-w C:\Windows\System32\imagehlp.dll
2007-11-23 02:02 12,800 ----a-w C:\Windows\system32\drivers\fs_rec.sys
2007-11-23 02:02 1,335,296 ----a-w C:\Windows\System32\msxml6.dll
2007-11-21 15:09 --------- d-----w C:\ProgramData\Symantec
2007-11-21 15:09 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-11-21 15:04 --------- d-----w C:\ProgramData\CyberLink
2007-11-21 14:53 --------- d-----w C:\Program Files\Acer Arcade Deluxe
2007-11-21 14:48 --------- d-----w C:\Program Files\Acer Inc
2007-11-21 14:40 --------- d-sh--w C:\ProgramData\Ulubione
2007-11-21 14:40 --------- d-sh--w C:\ProgramData\Szablony
2007-11-21 14:40 --------- d-sh--w C:\ProgramData\Pulpit
2007-11-21 14:40 --------- d-sh--w C:\ProgramData\Menu Start
2007-11-21 14:40 --------- d-sh--w C:\ProgramData\Dokumenty
2007-11-21 14:40 --------- d-sh--w C:\ProgramData\Dane aplikacji
2007-10-29 15:16 811,776 ----a-w C:\Windows\boinc.scr
2007-09-28 16:07 3,596,288 ----a-w C:\Windows\System32\qt-dx331.dll
2007-09-28 16:05 81,920 ----a-w C:\Windows\System32\dpl100.dll
2007-09-28 16:05 739,840 ----a-w C:\Windows\System32\divx.dll
2006-11-02 12:50 174 --sha-w C:\Program Files\desktop.ini
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" []
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 13:35]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2007-07-09 08:39]
"PeerGuardian"="C:\Program Files\PeerGuardian2\pg2.exe" [2007-06-02 15:59]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 13:36]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-02 13:34]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 12:00]
"LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [2007-04-10 09:07]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" []
"eAudio"="C:\Acer\Empowering Technology\eAudio\eAudio.exe" [2007-05-09 09:36]
"StartCCC"="c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2006-11-07 13:57]
"PLFSet"="C:\Windows\PLFSet.dll" [2007-04-24 11:49]
"SetPanel"="C:\Acer\APanel\APanel.cmd" []
"PlayMovie"="C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe" [2007-05-03 11:16]
"WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 21:48]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" []
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 12:06]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=eNetHook.dll

R1 DritekPortIO;Dritek General Port I/O;\??\C:\PROGRA~1\LAUNCH~1\DPortIO.sys
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys
R2 int15;int15;\??\C:\Windows\system32\drivers\int15.sys
R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\b57nd60x.sys
R3 DKbFltr;Dritek Keyboard Filter Driver;C:\Windows\system32\DRIVERS\DKbFltr.sys
R3 EMSCR;EMSCR;C:\Windows\system32\DRIVERS\EMS7SK.sys
R3 ESDCR;ESDCR;C:\Windows\system32\DRIVERS\ESD7SK.sys
R3 ESMCR;ESMCR;C:\Windows\system32\DRIVERS\ESM7SK.sys
R3 NETw4v32;Sterownik karty Intel(R) Wireless WiFi Link dla systemu Windows Vista 32 Bit;C:\Windows\system32\DRIVERS\NETw4v32.sys
S3 kvpndev;Kerio VPN adapter;C:\Windows\system32\DRIVERS\kvpndrv.sys
S3 NETw3v32;Sterownik karty Intel(R) PRO/Wireless 3945BG dla 32-bitowej wersji systemu Windows Vista;C:\Windows\system32\DRIVERS\NETw3v32.sys

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted REG_MULTI_SZ hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{deb0e6fa-98d4-11dc-9230-001b382436f8}]
\shell\AutoRun\command - F:\scct_launcher.exe

*Newly Created Service* - AVGASCLN
.
**************************************************************************

catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-07 17:25:28
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-07 17:27:27 - machine was rebooted
.
--- E O F ---

**Posty:** 18165 · przez **wojtas** 07 Gru 2007, 19:32

daj loga z hijacka jeszcze

zamulone łącze, wysoki ping, podejrzany netstat

Zamulone łącze, wysoki ping, podejrzany netstat

Kto jest na forum