Aktualizacje na programosy.pl: NTLite Free PortableNTLite Freen-Track StudioSoftPerfect WiFi GuardVidyard GoVideoK7 UltimateSecurityChromiumKaspersky Rescue DiskVim  

  • Ogłoszenie:

Co kilkanascie minut predkosc neta spada do zera

Bezpieczeństwo systemów, usuwanie wirusów, dobieranie programów antywirusowych. Obowiązkowe logi w tym dziale: trzy z FRST + Gmer.
Wyślij odpowiedź

Co kilkanascie minut predkosc neta spada do zera

Postprzez wojtek24 30 Lis 2008, 02:15

reklama
co kilkanascie mintu predkosc internetu spada do zera, nie mozna wejsc na jakakolwiek stronke, trwa to kilka minut okolo 3, pozniej wraca wszystko do normy na jakis czas i tak w kolko, daje logi z combo i hja, jak by cos bylo w nich nie tak prore o podpowiedz co usunac, dzieki z gory pozdrawiam.
Kod: Zaznacz wszystko
ComboFix 08-11-29.03 - Woytas 2008-11-30  1:06:50.24 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1250.1.1045.18.1456 [GMT 1:00]
Uruchomiony z: e:\pobieralnia\DA plus\ComboFix.exe

[COLOR=RED][B]UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !![/B][/COLOR]
.

(((((((((((((((((((((((((   Pliki utworzone od 2008-10-28 do 2008-11-30  )))))))))))))))))))))))))))))))
.

2008-11-27 01:30 . 2008-11-28 18:50   54,156   --ah-----   c:\windows\QTFont.qfn
2008-11-27 01:30 . 2008-11-27 01:30   1,409   --a------   c:\windows\QTFont.for
2008-11-24 17:42 . 2008-11-23 20:53   733,686,634   --a------   C:\24-Redemption.HDTV.XviD-LOL.avi
2008-11-20 21:44 . 2008-11-20 21:44   <DIR>   d--------   c:\program files\Avanquest update
2008-11-20 21:43 . 2008-11-20 21:43   <DIR>   d--------   c:\program files\Common Files\Motorola Shared
2008-11-20 21:43 . 2006-11-13 15:45   1,419,232   --a------   c:\windows\system32\wdfcoinstaller01005.dll
2008-11-20 21:43 . 2007-06-18 15:18   23,680   --a------   c:\windows\system32\drivers\motmodem.sys
2008-11-20 21:43 . 2008-11-20 21:43   0   --ah-----   c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-11-20 21:43 . 2008-11-20 21:43   0   --ah-----   c:\windows\system32\drivers\Msft_Kernel_motmodem_01005.Wdf
2008-11-20 21:42 . 2008-11-20 21:44   <DIR>   d--------   c:\program files\Motorola Phone Tools
2008-11-20 21:42 . 2008-11-20 21:53   <DIR>   d--------   c:\documents and settings\All Users\Dane aplikacji\BVRP Software
2008-11-20 14:03 . 2008-11-20 14:10   <DIR>   d--------   c:\windows\NV30603064.TMP
2008-11-20 02:09 . 2008-11-20 02:09   <DIR>   d--------   c:\windows\system32\Futuremark
2008-11-20 02:09 . 2008-11-20 02:09   <DIR>   d--------   c:\program files\Futuremark
2008-11-20 02:09 . 2004-10-25 20:02   21,664   --a------   c:\windows\system32\drivers\Entech.sys
2008-11-20 02:09 . 2001-11-19 18:05   3,972   ---------   c:\windows\system32\drivers\PciBus.sys
2008-11-17 20:31 . 2008-10-07 13:33   201,157   --a------   c:\windows\system32\nvapps.nvb
2008-11-13 22:12 . 2008-11-13 22:17   <DIR>   d--------   c:\program files\mp3DirectCut
2008-11-12 21:25 . 2008-11-12 21:25   172,032   --a------   c:\windows\system32\AniGIF.ocx
2008-11-10 13:11 . 2008-11-10 13:11   <DIR>   d--------   c:\documents and settings\Woytas\Dane aplikacji\Red Alert 3
2008-10-31 22:24 . 2008-10-31 22:24   <DIR>   d--------   c:\program files\DownloadToolz
2008-10-31 19:05 . 2008-11-12 21:26   <DIR>   d--------   c:\program files\DAP
2008-10-31 14:58 . 2008-11-21 13:10   1,145,910   --a------   c:\windows\Tapeta z ACDSee.cmp
2008-10-24 16:10 . 2008-05-30 14:11   3,850,760   --a------   c:\windows\system32\D3DX9_38.dll
2008-10-24 16:10 . 2008-05-30 14:11   1,491,992   --a------   c:\windows\system32\D3DCompiler_38.dll
2008-10-24 16:10 . 2008-05-30 13:19   507,400   --a------   c:\windows\system32\XAudio2_1.dll
2008-10-24 16:10 . 2008-05-30 14:11   467,984   --a------   c:\windows\system32\d3dx10_38.dll
2008-10-24 16:10 . 2008-05-30 13:18   238,088   --a------   c:\windows\system32\xactengine3_1.dll
2008-10-24 16:10 . 2008-05-30 13:17   65,032   --a------   c:\windows\system32\XAPOFX1_0.dll
2008-10-24 16:10 . 2008-05-30 13:17   25,608   --a------   c:\windows\system32\X3DAudio1_4.dll
2008-10-24 16:09 . 2008-10-24 16:09   <DIR>   d--------   c:\windows\Logs
2008-10-21 13:02 . 2008-10-21 13:02   <DIR>   d--------   c:\documents and settings\All Users\Dane aplikacji\2DBoy
2008-10-16 18:26 . 2008-11-12 21:25   <DIR>   d--------   c:\documents and settings\All Users\Dane aplikacji\SpeedBit
2008-10-16 18:26 . 2008-10-16 18:26   479,298   --a------   c:\windows\system32\wbocx.ocx
2008-10-16 18:26 . 2008-10-16 18:26   50,688   --a------   c:\windows\system32\wbhelp2.dll
2008-10-13 19:06 . 2008-10-13 19:06   7,118   --a------   c:\windows\system32\ealregsnapshot1.reg
2008-10-13 19:05 . 2008-10-13 19:05   <DIR>   d--------   c:\documents and settings\Woytas\Dane aplikacji\Leadertech
2008-10-12 00:03 . 2008-10-12 00:03   <DIR>   d--h-----   c:\windows\PIF
2008-10-07 19:51 . 2008-10-07 19:51   <DIR>   d--------   c:\documents and settings\Woytas\Dane aplikacji\Activision
2008-10-07 19:51 . 2008-10-07 19:51   <DIR>   d--------   c:\documents and settings\All Users\Dane aplikacji\Activision
2008-10-07 13:33 . 2008-10-07 13:33   1,368,064   --a------   c:\windows\system32\nvcuda.dll

.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-30 00:03   ---------   d-----w   c:\documents and settings\Woytas\Dane aplikacji\MegauploadToolbar
2008-11-29 13:06   ---------   d-----w   c:\documents and settings\Woytas\Dane aplikacji\uTorrent
2008-11-28 17:46   ---------   d-----w   c:\documents and settings\Woytas\Dane aplikacji\GetRight
2008-11-20 20:44   ---------   d--h--w   c:\program files\InstallShield Installation Information
2008-11-20 13:09   ---------   d-----w   c:\program files\Common Files\Wise Installation Wizard
2008-11-20 13:08   ---------   d-----w   c:\program files\AGEIA Technologies
2008-11-13 16:05   ---------   d-----w   c:\program files\AIDA32 - Personal System Information
2008-11-12 20:26   ---------   d---a-w   c:\documents and settings\All Users\Dane aplikacji\TEMP
2008-10-16 21:14   ---------   d-----w   c:\program files\K-Lite Codec Pack
2008-10-02 09:07   453,152   ----a-w   c:\windows\system32\NVUNINST.EXE
2008-09-15 18:10   111,928   ----a-w   c:\windows\system32\PnkBstrB.exe
2008-09-04 08:31   288,024   ----a-w   c:\windows\system32\PhysXCplUI.exe
2008-08-31 18:11   107,888   ----a-w   c:\windows\system32\CmdLineExt.dll
2008-08-29 07:57   70,936   ----a-w   c:\windows\system32\PhysXLoader.dll
2008-05-25 17:31   22,328   ----a-w   c:\documents and settings\Woytas\Dane aplikacji\PnkBstrK.sys
2007-11-18 19:04   32   ----a-w   c:\documents and settings\All Users\Dane aplikacji\ezsid.dat
2008-11-12 20:25   251,392   ----a-w   c:\program files\opera\program\plugins\dapop.dll
.

(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{F4F10C1D-87C7-404A-B4B3-000000000000}"= "c:\progra~1\DAP\SBSearch.dll" [2008-11-12 38384]

[HKEY_CLASSES_ROOT\clsid\{f4f10c1d-87c7-404a-b4b3-000000000000}]
[HKEY_CLASSES_ROOT\SearchHook.SrchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{95EFB171-F3DF-4BEC-9EF7-829A800203E6}]
[HKEY_CLASSES_ROOT\SearchHook.SrchHook]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-04 1667584]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952]
"DownloadAccelerator"="c:\program files\DAP\DAP.EXE" [2008-12-16 6782976]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
"SpeedTouch USB Diagnostics"="c:\program files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 866816]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016]
"RTHDCPL"="RTHDCPL.EXE" [2006-12-19 c:\windows\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 c:\windows\SkyTel.exe]
"nwiz"="nwiz.exe" [2008-10-07 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]

c:\documents and settings\All Users\Menu Start\Programy\Autostart\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-03-07 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i263_32.drv
"VIDC.X264"= x264vfw.dll
"msacm.ac3filter"= ac3filter.acm

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
--a------ 2007-06-11 10:25 6731312 c:\program files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2005-05-11 23:12 49152 c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 11:50 155648 c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2007-11-12 15:48 21760296 c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
-ra------ 2005-10-26 16:17 159744 c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"d:\\e\\utorrent.exe"=
"c:\\Program Files\\Gadu-Gadu\\gg.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\Ares\\Ares.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Documents and Settings\\All Users\\Dane aplikacji\\NexonUS\\NGM\\NGM.exe"=
"c:\\Program Files\\DAP\\DAP.exe"=
"e:\\Gry\\Call of Duty - World at War\\CoDWaW.exe"=
"e:\\Gry\\Left 4 Dead\\left4dead.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3478:UDP"= 3478:UDP:stun
"3479:UDP"= 3479:UDP:stun 2
"6112:UDP"= 6112:UDP:stun 3
"5730:UDP"= 5730:UDP:game
"5739:UDP"= 5739:UDP:game 1
"9001:TCP"= 9001:TCP:game 2
"11881:TCP"= 11881:TCP:game 3
"8461:TCP"= 8461:TCP:GoD High Port
"8462:TCP"= 8462:TCP:GoD Low Port

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-09-04 78416]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-09-04 20560]
S3 k510bus;Sony Ericsson K510 Driver driver (WDM);c:\windows\system32\DRIVERS\k510bus.sys [2008-01-20 58288]
S3 k510mdfl;Sony Ericsson K510 USB WMC Modem Filter;c:\windows\system32\DRIVERS\k510mdfl.sys [2008-01-20 8336]
S3 k510mdm;Sony Ericsson K510 USB WMC Modem Driver;c:\windows\system32\DRIVERS\k510mdm.sys [2008-01-20 94064]
S3 k510mgmt;Sony Ericsson K510 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\k510mgmt.sys [2008-01-20 85408]
S3 k510obex;Sony Ericsson K510 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\k510obex.sys [2008-01-20 83344]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{253f67fa-799f-11dd-a9ad-000e50f4bcb8}]
\Shell\AutoRun\command - I:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fdaac578-e913-11dc-a865-000e50f4bcb8}]
\Shell\AutoRun\command - F:\Autorun.exe /run
\Shell\Shell00\Command - F:\Autorun.exe /run
\Shell\Shell01\Command - F:\Autorun.exe /action
\Shell\Shell02\Command - F:\Autorun.exe /uninstall
.
.
------- Skan uzupełniający -------
.
FireFox -: Profile - c:\documents and settings\Woytas\Dane aplikacji\Mozilla\Firefox\Profiles\hiagxd7g.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://search.speedbit.com/
FF -: plugin - c:\program files\Adobe\Acrobat 6.0 CE\Reader\browser\nppdf32.dll
FF -: plugin - c:\program files\Java\j2re1.4.0_03\bin\NPJava11.dll
FF -: plugin - c:\program files\Java\j2re1.4.0_03\bin\NPJava12.dll
FF -: plugin - c:\program files\Java\j2re1.4.0_03\bin\NPJava13.dll
FF -: plugin - c:\program files\Java\j2re1.4.0_03\bin\NPJava32.dll
FF -: plugin - c:\program files\Java\j2re1.4.0_03\bin\NPJPI140_03.dll
FF -: plugin - c:\program files\Java\j2re1.4.0_03\bin\NPOJI610.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-30 01:08:33
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

skanowanie ukrytych procesów ...

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ...


**************************************************************************
.
Czas ukończenia: 2008-11-30  1:10:16
ComboFix-quarantined-files.txt  2008-11-30 00:08:59

Przed: 59 584 512 bajtów wolnych
Po: 527,593,472 bajtów wolnych

186

Kod: Zaznacz wszystko
Logfile of HijackThis v1.99.1
Scan saved at 01:10:58, on 2008-11-30
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\DAP\DAP.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\totalcmd\TOTALCMD.EXE
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
D:\e\Programy\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.speedbit.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: SrchHook Class - {F4F10C1D-87C7-404A-B4B3-000000000000} - C:\PROGRA~1\DAP\SBSearch.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: IE to GetRight Helper - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\prxernsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\prxerdrv.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\prxerdrv.dll
O16 - DPF: {070CA17A-4BD2-4612-83B4-32B1B9159B47} (ULiveCtrl Control) - http://uc.sina.com.cn/download/live/weblive2.4.0.0.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.pl/resources/virusscanner/kavwebscan_unicode.cab
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab
O16 - DPF: {DB7BF79A-FC51-4B5A-92BC-A65731174380} (InstantAction Game Launcher) - http://www.instantaction.com/download/iaplayer.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{38FBEEF6-FD6D-44EE-BD2C-9DE546F7D68F}: NameServer = 194.204.159.1 217.98.63.164
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

wojtek24
~user
 
Posty: 94
Dołączenie: 14 Cze 2007, 15:07


Góra

Co kilkanascie minut predkosc neta spada do zera

Postprzez Okocza 30 Lis 2008, 12:54

Wykonaj to co jest podane w tym temacie

Zastosuj SDFix . Po pobraniu uruchom go a rozpakuje się do C:\SDFix. Uruchom komputer w trybie awaryjnym (F8 przy stracie systemu). Będąc w awaryjnym uruchom plik RunThis.bat z folderu SDFixa. Zatwierdź czyszczenie przez Y. Poczekaj aż ukończy i komputer zresetuje

Potem wejdz do folderu C:\SDFix wrzuc zawartość pliku Report.txt + log z combofixa oraz daj loga z hijacka
eMachines E730G - Core i5-430M, 2GiB RAM, ATI Mobility Radeon HD5470, WD 320GiB; Cort Z-44,DR 0.09-0.42, Peavey Backstage
Mac OS X 10.7.4 Lion // Windows 7 Professional x64 // NIE POMAGAM NA PW/GG/E-MAIL
Image
"Moje Ego i Anima spotykają się i wymieniają przepisami na ciasteczka" - Maynard James Keenan
Awatar użytkownika
Okocza
~user
 
Posty: 8001
Dołączenie: 19 Mar 2006, 11:53
Pochwały: 406

Góra

Co kilkanascie minut predkosc neta spada do zera

Postprzez wojtek24 30 Lis 2008, 15:06

zrobilem wszystko z poprzedniego postu oto logi:
Kod: Zaznacz wszystko
ComboFix 08-11-29.03 - Woytas 2008-11-30 13:58:51.25 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1250.1.1045.18.1615 [GMT 1:00]
Uruchomiony z: e:\pobieralnia\DA plus\ComboFix.exe

[COLOR=RED][B]UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !![/B][/COLOR]
.

(((((((((((((((((((((((((   Pliki utworzone od 2008-10-28 do 2008-11-30  )))))))))))))))))))))))))))))))
.

2008-11-30 13:45 . 2008-11-30 13:56   <DIR>   d--------   C:\SDFix
2008-11-30 13:45 . 2008-11-30 13:45   1,529,241   --a------   C:\SDFix.exe
2008-11-30 01:55 . 2008-11-30 01:56   5,936,220   --a------   C:\sample_1.avi
2008-11-27 01:30 . 2008-11-28 18:50   54,156   --ah-----   c:\windows\QTFont.qfn
2008-11-27 01:30 . 2008-11-27 01:30   1,409   --a------   c:\windows\QTFont.for
2008-11-24 17:42 . 2008-11-23 20:53   733,686,634   --a------   C:\24-Redemption.HDTV.XviD-LOL.avi
2008-11-20 21:44 . 2008-11-20 21:44   <DIR>   d--------   c:\program files\Avanquest update
2008-11-20 21:43 . 2008-11-20 21:43   <DIR>   d--------   c:\program files\Common Files\Motorola Shared
2008-11-20 21:43 . 2006-11-13 15:45   1,419,232   --a------   c:\windows\system32\wdfcoinstaller01005.dll
2008-11-20 21:43 . 2007-06-18 15:18   23,680   --a------   c:\windows\system32\drivers\motmodem.sys
2008-11-20 21:43 . 2008-11-20 21:43   0   --ah-----   c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-11-20 21:43 . 2008-11-20 21:43   0   --ah-----   c:\windows\system32\drivers\Msft_Kernel_motmodem_01005.Wdf
2008-11-20 21:42 . 2008-11-20 21:44   <DIR>   d--------   c:\program files\Motorola Phone Tools
2008-11-20 21:42 . 2008-11-20 21:53   <DIR>   d--------   c:\documents and settings\All Users\Dane aplikacji\BVRP Software
2008-11-20 14:03 . 2008-11-20 14:10   <DIR>   d--------   c:\windows\NV30603064.TMP
2008-11-20 02:09 . 2008-11-20 02:09   <DIR>   d--------   c:\windows\system32\Futuremark
2008-11-20 02:09 . 2008-11-20 02:09   <DIR>   d--------   c:\program files\Futuremark
2008-11-20 02:09 . 2004-10-25 20:02   21,664   --a------   c:\windows\system32\drivers\Entech.sys
2008-11-20 02:09 . 2001-11-19 18:05   3,972   ---------   c:\windows\system32\drivers\PciBus.sys
2008-11-17 20:31 . 2008-10-07 13:33   201,157   --a------   c:\windows\system32\nvapps.nvb
2008-11-13 22:12 . 2008-11-13 22:17   <DIR>   d--------   c:\program files\mp3DirectCut
2008-11-12 21:25 . 2008-11-12 21:25   172,032   --a------   c:\windows\system32\AniGIF.ocx
2008-11-10 13:11 . 2008-11-10 13:11   <DIR>   d--------   c:\documents and settings\Woytas\Dane aplikacji\Red Alert 3
2008-10-31 22:24 . 2008-10-31 22:24   <DIR>   d--------   c:\program files\DownloadToolz
2008-10-31 19:05 . 2008-11-12 21:26   <DIR>   d--------   c:\program files\DAP
2008-10-31 14:58 . 2008-11-21 13:10   1,145,910   --a------   c:\windows\Tapeta z ACDSee.cmp
2008-10-24 16:10 . 2008-05-30 14:11   3,850,760   --a------   c:\windows\system32\D3DX9_38.dll
2008-10-24 16:10 . 2008-05-30 14:11   1,491,992   --a------   c:\windows\system32\D3DCompiler_38.dll
2008-10-24 16:10 . 2008-05-30 13:19   507,400   --a------   c:\windows\system32\XAudio2_1.dll
2008-10-24 16:10 . 2008-05-30 14:11   467,984   --a------   c:\windows\system32\d3dx10_38.dll
2008-10-24 16:10 . 2008-05-30 13:18   238,088   --a------   c:\windows\system32\xactengine3_1.dll
2008-10-24 16:10 . 2008-05-30 13:17   65,032   --a------   c:\windows\system32\XAPOFX1_0.dll
2008-10-24 16:10 . 2008-05-30 13:17   25,608   --a------   c:\windows\system32\X3DAudio1_4.dll
2008-10-24 16:09 . 2008-10-24 16:09   <DIR>   d--------   c:\windows\Logs
2008-10-21 13:02 . 2008-10-21 13:02   <DIR>   d--------   c:\documents and settings\All Users\Dane aplikacji\2DBoy
2008-10-16 18:26 . 2008-11-12 21:25   <DIR>   d--------   c:\documents and settings\All Users\Dane aplikacji\SpeedBit
2008-10-16 18:26 . 2008-10-16 18:26   479,298   --a------   c:\windows\system32\wbocx.ocx
2008-10-16 18:26 . 2008-10-16 18:26   50,688   --a------   c:\windows\system32\wbhelp2.dll
2008-10-13 19:06 . 2008-10-13 19:06   7,118   --a------   c:\windows\system32\ealregsnapshot1.reg
2008-10-13 19:05 . 2008-10-13 19:05   <DIR>   d--------   c:\documents and settings\Woytas\Dane aplikacji\Leadertech
2008-10-12 00:03 . 2008-10-12 00:03   <DIR>   d--h-----   c:\windows\PIF
2008-10-07 19:51 . 2008-10-07 19:51   <DIR>   d--------   c:\documents and settings\Woytas\Dane aplikacji\Activision
2008-10-07 19:51 . 2008-10-07 19:51   <DIR>   d--------   c:\documents and settings\All Users\Dane aplikacji\Activision
2008-10-07 13:33 . 2008-10-07 13:33   1,368,064   --a------   c:\windows\system32\nvcuda.dll

.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-30 12:26   ---------   d-----w   c:\documents and settings\Woytas\Dane aplikacji\MegauploadToolbar
2008-11-29 13:06   ---------   d-----w   c:\documents and settings\Woytas\Dane aplikacji\uTorrent
2008-11-28 17:46   ---------   d-----w   c:\documents and settings\Woytas\Dane aplikacji\GetRight
2008-11-20 20:44   ---------   d--h--w   c:\program files\InstallShield Installation Information
2008-11-20 13:09   ---------   d-----w   c:\program files\Common Files\Wise Installation Wizard
2008-11-20 13:08   ---------   d-----w   c:\program files\AGEIA Technologies
2008-11-13 16:05   ---------   d-----w   c:\program files\AIDA32 - Personal System Information
2008-11-12 20:26   ---------   d---a-w   c:\documents and settings\All Users\Dane aplikacji\TEMP
2008-10-16 21:14   ---------   d-----w   c:\program files\K-Lite Codec Pack
2008-10-02 09:07   453,152   ----a-w   c:\windows\system32\NVUNINST.EXE
2008-09-15 18:10   111,928   ----a-w   c:\windows\system32\PnkBstrB.exe
2008-09-04 08:31   288,024   ----a-w   c:\windows\system32\PhysXCplUI.exe
2008-08-31 18:11   107,888   ----a-w   c:\windows\system32\CmdLineExt.dll
2008-08-29 07:57   70,936   ----a-w   c:\windows\system32\PhysXLoader.dll
2008-05-25 17:31   22,328   ----a-w   c:\documents and settings\Woytas\Dane aplikacji\PnkBstrK.sys
2007-11-18 19:04   32   ----a-w   c:\documents and settings\All Users\Dane aplikacji\ezsid.dat
2008-11-12 20:25   251,392   ----a-w   c:\program files\opera\program\plugins\dapop.dll
.

(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{F4F10C1D-87C7-404A-B4B3-000000000000}"= "c:\progra~1\DAP\SBSearch.dll" [2008-11-12 38384]

[HKEY_CLASSES_ROOT\clsid\{f4f10c1d-87c7-404a-b4b3-000000000000}]
[HKEY_CLASSES_ROOT\SearchHook.SrchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{95EFB171-F3DF-4BEC-9EF7-829A800203E6}]
[HKEY_CLASSES_ROOT\SearchHook.SrchHook]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-04 1667584]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952]
"DownloadAccelerator"="c:\program files\DAP\DAP.EXE" [2008-12-16 6782976]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
"SpeedTouch USB Diagnostics"="c:\program files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 866816]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016]
"RTHDCPL"="RTHDCPL.EXE" [2006-12-19 c:\windows\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 c:\windows\SkyTel.exe]
"nwiz"="nwiz.exe" [2008-10-07 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]

c:\documents and settings\All Users\Menu Start\Programy\Autostart\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-03-07 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i263_32.drv
"VIDC.X264"= x264vfw.dll
"msacm.ac3filter"= ac3filter.acm

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
--a------ 2007-06-11 10:25 6731312 c:\program files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2005-05-11 23:12 49152 c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 11:50 155648 c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2007-11-12 15:48 21760296 c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
-ra------ 2005-10-26 16:17 159744 c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"d:\\e\\utorrent.exe"=
"c:\\Program Files\\Gadu-Gadu\\gg.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\Ares\\Ares.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Documents and Settings\\All Users\\Dane aplikacji\\NexonUS\\NGM\\NGM.exe"=
"c:\\Program Files\\DAP\\DAP.exe"=
"e:\\Gry\\Call of Duty - World at War\\CoDWaW.exe"=
"e:\\Gry\\Left 4 Dead\\left4dead.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3478:UDP"= 3478:UDP:stun
"3479:UDP"= 3479:UDP:stun 2
"6112:UDP"= 6112:UDP:stun 3
"5730:UDP"= 5730:UDP:game
"5739:UDP"= 5739:UDP:game 1
"9001:TCP"= 9001:TCP:game 2
"11881:TCP"= 11881:TCP:game 3
"8461:TCP"= 8461:TCP:GoD High Port
"8462:TCP"= 8462:TCP:GoD Low Port

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-09-04 78416]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-09-04 20560]
S3 k510bus;Sony Ericsson K510 Driver driver (WDM);c:\windows\system32\DRIVERS\k510bus.sys [2008-01-20 58288]
S3 k510mdfl;Sony Ericsson K510 USB WMC Modem Filter;c:\windows\system32\DRIVERS\k510mdfl.sys [2008-01-20 8336]
S3 k510mdm;Sony Ericsson K510 USB WMC Modem Driver;c:\windows\system32\DRIVERS\k510mdm.sys [2008-01-20 94064]
S3 k510mgmt;Sony Ericsson K510 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\k510mgmt.sys [2008-01-20 85408]
S3 k510obex;Sony Ericsson K510 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\k510obex.sys [2008-01-20 83344]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{253f67fa-799f-11dd-a9ad-000e50f4bcb8}]
\Shell\AutoRun\command - I:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fdaac578-e913-11dc-a865-000e50f4bcb8}]
\Shell\AutoRun\command - F:\Autorun.exe /run
\Shell\Shell00\Command - F:\Autorun.exe /run
\Shell\Shell01\Command - F:\Autorun.exe /action
\Shell\Shell02\Command - F:\Autorun.exe /uninstall
.
.
------- Skan uzupełniający -------
.
FireFox -: Profile - c:\documents and settings\Woytas\Dane aplikacji\Mozilla\Firefox\Profiles\hiagxd7g.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://search.speedbit.com/
FF -: plugin - c:\program files\Adobe\Acrobat 6.0 CE\Reader\browser\nppdf32.dll
FF -: plugin - c:\program files\Java\j2re1.4.0_03\bin\NPJava11.dll
FF -: plugin - c:\program files\Java\j2re1.4.0_03\bin\NPJava12.dll
FF -: plugin - c:\program files\Java\j2re1.4.0_03\bin\NPJava13.dll
FF -: plugin - c:\program files\Java\j2re1.4.0_03\bin\NPJava32.dll
FF -: plugin - c:\program files\Java\j2re1.4.0_03\bin\NPJPI140_03.dll
FF -: plugin - c:\program files\Java\j2re1.4.0_03\bin\NPOJI610.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-30 13:59:41
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

skanowanie ukrytych procesów ...

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ...

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************
.
Czas ukończenia: 2008-11-30 14:01:21
ComboFix-quarantined-files.txt  2008-11-30 13:00:06

Przed: 467 677 184 bajtów wolnych
Po: 516,481,024 bajtów wolnych

191

Kod: Zaznacz wszystko
[b]SDFix: Version 1.240 [/b]
Run by Administrator on 2008-11-30 at 13:49

Microsoft Windows XP [Wersja 5.1.2600]
Running From: C:\SDFix

[b]Checking Services [/b]:


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


[b]Checking Files [/b]:

No Trojan Files Found






Removing Temp Files

[b]ADS Check [/b]:



                                 [b]Final Check [/b]:

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-30 13:53:17
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:ed08b3aa
"s2"=dword:294d7a17
"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:e7,ef,4a,82,e0,50,c3,2b,6e,81,dd,f2,5c,58,e8,0d,52,16,ae,f1,b0,..
"p0"="C:\Program Files\DAEMON Tools Lite\"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"khjeh"=hex:7a,c1,1e,cd,b8,11,81,5b,b6,8a,ee,b3,e9,d8,57,e6,30,55,ad,d5,f1,..
"a0"=hex:20,01,00,00,ac,00,2c,82,5c,59,4c,f7,c4,99,c4,41,70,a1,5a,74,e2,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:49,7d,17,05,10,f2,d2,49,c6,80,1d,58,7a,1e,85,f6,ea,b8,5e,71,e1,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:f5,9c,a9,77,e8,75,11,cb,81,7b,a5,7f,73,a6,c3,a2,9a,cd,1c,23,62,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:e7,ef,4a,82,e0,50,c3,2b,6e,81,dd,f2,5c,58,e8,0d,52,16,ae,f1,b0,..
"p0"="C:\Program Files\DAEMON Tools Lite\"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"khjeh"=hex:7a,c1,1e,cd,b8,11,81,5b,b6,8a,ee,b3,e9,d8,57,e6,30,55,ad,d5,f1,..
"a0"=hex:20,01,00,00,ac,00,2c,82,5c,59,4c,f7,c4,99,c4,41,70,a1,5a,74,e2,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:49,7d,17,05,10,f2,d2,49,c6,80,1d,58,7a,1e,85,f6,ea,b8,5e,71,e1,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:f5,9c,a9,77,e8,75,11,cb,81,7b,a5,7f,73,a6,c3,a2,9a,cd,1c,23,62,..

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


[b]Remaining Services [/b]:




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"D:\\e\\utorrent.exe"="D:\\e\\utorrent.exe:*:Enabled:µTorrent"
"C:\\Program Files\\Gadu-Gadu\\gg.exe"="C:\\Program Files\\Gadu-Gadu\\gg.exe:*:Enabled:Gadu-Gadu - program główny"
"C:\\Program Files\\SopCast\\SopCast.exe"="C:\\Program Files\\SopCast\\SopCast.exe:*:Enabled:SopCast Main Application"
"C:\\Program Files\\Ares\\Ares.exe"="C:\\Program Files\\Ares\\Ares.exe:*:Enabled:Ares p2p for windows"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe:*:Enabled:hposid01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\\Program Files\\SopCast\\adv\\SopAdver.exe"="C:\\Program Files\\SopCast\\adv\\SopAdver.exe:*:Enabled:SopCast Adver"
"C:\\WINDOWS\\system32\\PnkBstrA.exe"="C:\\WINDOWS\\system32\\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\\WINDOWS\\system32\\PnkBstrB.exe"="C:\\WINDOWS\\system32\\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\\Documents and Settings\\All Users\\Dane aplikacji\\NexonUS\\NGM\\NGM.exe"="C:\\Documents and Settings\\All Users\\Dane aplikacji\\NexonUS\\NGM\\NGM.exe:*:Enabled:Nexon Game Manager"
"C:\\Program Files\\DAP\\DAP.exe"="C:\\Program Files\\DAP\\DAP.exe:*:Enabled:Download Accelerator Plus (DAP)"
"E:\\Gry\\Call of Duty - World at War\\CoDWaW.exe"="E:\\Gry\\Call of Duty - World at War\\CoDWaW.exe:*:Enabled:Call of Duty(R): World at War Campaign/Coop"
"E:\\Gry\\Left 4 Dead\\left4dead.exe"="E:\\Gry\\Left 4 Dead\\left4dead.exe:*:Enabled:left4dead"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"E:\\Gry\\Combat Arms\\CombatArms.exe"="E:\\Gry\\Combat Arms\\CombatArms.exe:*Enabled:CombatArms.exe"
"E:\\Gry\\Combat Arms\\Engine.exe"="E:\\Gry\\Combat Arms\\Engine.exe:*Enabled:Engine.exe"

[b]Remaining Files [/b]:



[b]Files with Hidden Attributes [/b]:

Mon  3 Dec 2007            48 A.SH. --- "C:\WINDOWS\S8DCD8417.tmp"
Wed 13 Feb 2008            79 A..H. --- "C:\WINDOWS\system32\repapllaw1.dll"
Mon 13 Nov 2006       319,456 A..H. --- "C:\Program Files\Common Files\Motorola Shared\MotPCSDrivers\difxapi.dll"
Mon 31 Mar 2008     1,249,280 ...H. --- "C:\Documents and Settings\Woytas\Dane aplikacji\Microsoft\Word\~WRL1620.tmp"
Mon 31 Mar 2008     1,247,744 ...H. --- "C:\Documents and Settings\Woytas\Dane aplikacji\Microsoft\Word\~WRL1765.tmp"
Mon 31 Mar 2008     1,255,936 ...H. --- "C:\Documents and Settings\Woytas\Dane aplikacji\Microsoft\Word\~WRL2442.tmp"
Mon 31 Mar 2008     1,252,864 ...H. --- "C:\Documents and Settings\Woytas\Dane aplikacji\Microsoft\Word\~WRL3049.tmp"
Mon 31 Mar 2008     1,258,496 ...H. --- "C:\Documents and Settings\Woytas\Dane aplikacji\Microsoft\Word\~WRL3296.tmp"
Mon 31 Mar 2008     1,250,816 ...H. --- "C:\Documents and Settings\Woytas\Dane aplikacji\Microsoft\Word\~WRL3837.tmp"
Thu 30 Oct 2008         7,949 ...HR --- "C:\Documents and Settings\Woytas\Dane aplikacji\SecuROM\UserData\securom_v7_01.bak"

[b]Finished![/b]


Kod: Zaznacz wszystko
Logfile of HijackThis v1.99.1
Scan saved at 14:05:51, on 2008-11-30
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\totalcmd\TOTALCMD.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Opera\Opera.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
D:\e\Programy\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.speedbit.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: SrchHook Class - {F4F10C1D-87C7-404A-B4B3-000000000000} - C:\PROGRA~1\DAP\SBSearch.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: IE to GetRight Helper - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\prxernsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\prxerdrv.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\prxerdrv.dll
O16 - DPF: {070CA17A-4BD2-4612-83B4-32B1B9159B47} (ULiveCtrl Control) - http://uc.sina.com.cn/download/live/weblive2.4.0.0.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.pl/resources/virusscanner/kavwebscan_unicode.cab
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab
O16 - DPF: {DB7BF79A-FC51-4B5A-92BC-A65731174380} (InstantAction Game Launcher) - http://www.instantaction.com/download/iaplayer.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{38FBEEF6-FD6D-44EE-BD2C-9DE546F7D68F}: NameServer = 194.204.159.1 217.98.63.164
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

wojtek24
~user
 
Posty: 94
Dołączenie: 14 Cze 2007, 15:07


Góra

Co kilkanascie minut predkosc neta spada do zera

Postprzez wojtas 30 Lis 2008, 15:14

wykonaj:

1. Ściągnij OTMoveIt i go włacz i odpal go z opcji CleanUp :) oraz skasuj folder C:\Qoobox
2. wykonaj optymalizację windowsa
3.sciagnij ATF_Cleaner
zaznacz
Windows Temp
All users Temp
Temporary internet files
Recycle Bin
i wcisnij EMPTY SELECTED
4.Wyłącz przywracanie systemu ( właściwości mój komputer-zakładka przywracanie - wyłącz przywracanie na wszystkich dyskach). Po chwili włącz je powrotem
5.Przeskanuj obszar mojego komputera http://www.kaspersky.pl/virusscanner.html (uruchom przez IE) Daj raport z niego na forum.

i tym:

FixIEDef.
Image
Awatar użytkownika
wojtas
*mod
 
Posty: 18165
Dołączenie: 13 Sty 2006, 16:00
Miejscowość: Krzeszyce
Pochwały: 1656


Góra

Re: co kilkanascie minut predkosc neta spada do zera

Postprzez wojtek24 30 Lis 2008, 15:46

gdy aktualizuje tego skanera wyskakuje takie cos Image
wojtek24
~user
 
Posty: 94
Dołączenie: 14 Cze 2007, 15:07


Góra
Wyślij odpowiedź

Powróć do Bezpieczeństwo

Kto jest na forum

Użytkownicy przeglądający to forum: Brak zarejestrowanych użytkowników oraz 27 gości

Powered by phpBB © Group
Forum Programosy.pl