Bardzo spowolniony net

(Morfeo21) #1

Bardzo prosze o analize log.net mi od kilku dni dziala masakrycznei i to na bank nie wine sorzetu

ComboFix 08-07-05.1 - Admin 2008-07-07 22:53:19.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1250.1.1045.18.1624 [GMT 2:00]

Running from: C:\Documents and Settings\Admin\Pulpit\ComboFix.exe

* Created a new restore point

* Resident AV is active

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

((((((((((((((((((((((((( Files Created from 2008-06-07 to 2008-07-07 )))))))))))))))))))))))))))))))

.

2008-07-07 22:00 . 2008-07-07 22:00

2008-07-07 10:20 . 2008-07-07 10:20

2008-07-07 10:20 . 2008-07-07 10:20 2,560 --a------ C:\WINDOWS\system32\bitcometres.dll

2008-07-05 10:14 . 2008-07-05 10:15 5,760,054 --a------ C:\WINDOWS\IrfanView_Wallpaper.bmp

2008-07-04 20:59 . 2008-07-04 21:00

2008-07-04 20:58 . 2008-07-04 20:58

2008-07-04 19:34 . 2008-07-04 19:34

2008-07-04 19:34 . 2008-07-04 19:34

2008-07-02 22:35 . 2008-07-02 22:35

2008-07-02 22:32 . 2008-07-07 22:11 81,984 --a------ C:\WINDOWS\system32\bdod.bin

2008-07-02 22:22 . 2008-07-02 22:22

2008-07-02 22:22 . 2008-07-02 22:22

2008-07-02 22:22 . 2008-07-02 22:22

2008-07-02 22:08 . 2008-07-02 22:08

2008-07-02 22:08 . 2003-12-08 11:53 70,688 --a------ C:\WINDOWS\system32\drivers\alcaudsl.sys

2008-07-02 22:08 . 2003-12-08 11:53 53,600 --a------ C:\WINDOWS\system32\drivers\alcan5wn.sys

2008-07-02 22:08 . 2003-10-16 19:07 32,768 --a------ C:\WINDOWS\system32\WooDial2000.dll

2008-07-02 22:08 . 2003-12-08 11:53 5,606 --a------ C:\WINDOWS\system32\stci.dll

2008-07-02 22:08 . 2003-12-08 11:53 5,280 --a------ C:\WINDOWS\system32\drivers\alcawh.sys

2008-07-02 22:08 . 2003-12-08 11:53 3,968 --a------ C:\WINDOWS\system32\drivers\alcacr.sys

2008-07-02 22:07 . 2008-07-07 22:52

2008-07-02 22:06 . 2008-07-02 22:06 1,409 --a------ C:\WINDOWS\system32\tmpE0902.FOT

2008-07-02 19:01 . 2008-07-06 10:51 69 --a------ C:\WINDOWS\NeroDigital.ini

2008-07-02 19:00 . 2008-04-14 00:15 26,368 --a–c— C:\WINDOWS\system32\dllcache\usbstor.sys

2008-07-02 18:42 . 2008-01-08 19:53 159,956 --a------ C:\WINDOWS\system32\nvapps.nvb

2008-06-29 08:08 . 2008-06-29 08:09

2008-06-28 22:35 . 2008-06-28 22:35

2008-06-28 22:35 . 2008-06-28 22:35 1,160 --a------ C:\WINDOWS\mozver.dat

2008-06-28 22:33 . 2008-06-28 22:33

2008-06-28 22:33 . 2008-06-28 22:35

2008-06-28 22:33 . 2008-06-28 22:33

2008-06-28 22:31 . 2008-06-28 22:31

2008-06-28 22:31 . 2008-07-02 19:02 262,144 --a------ C:\WINDOWS\system32\wrap_oal.dll

2008-06-28 22:31 . 2008-07-02 19:02 86,016 --a------ C:\WINDOWS\system32\OpenAL32.dll

2008-06-28 22:31 . 2004-10-25 20:02 21,664 --a------ C:\WINDOWS\system32\drivers\Entech.sys

2008-06-28 22:31 . 1999-11-02 10:01 6,173 --a------ C:\WINDOWS\system32\drivers\Entech.vxd

2008-06-28 22:31 . 2004-06-22 15:44 5,632 --a------ C:\WINDOWS\system32\drivers\Entech64.sys

2008-06-28 22:31 . 2001-11-19 19:05 3,972 --a------ C:\WINDOWS\system32\drivers\PciBus.sys

2008-06-28 22:30 . 2008-06-28 22:30

2008-06-28 22:28 . 2008-06-28 22:28

2008-06-28 22:28 . 1998-02-06 21:37 299,520 --a------ C:\WINDOWS\uninst.exe

2008-06-28 22:27 . 2008-07-02 22:53

2008-06-28 22:25 . 2008-06-28 22:25

2008-06-28 22:24 . 2008-07-04 19:46

2008-06-28 22:24 . 2008-06-28 22:24

2008-06-28 22:23 . 2008-06-28 22:23

2008-06-28 22:22 . 2008-06-28 22:23

2008-06-28 22:22 . 2008-06-28 22:22

2008-06-28 22:22 . 2008-06-28 22:22

2008-06-28 22:22 . 2008-06-28 22:22 0 --a------ C:\WINDOWS\nsreg.dat

2008-06-28 22:13 . 2008-06-28 22:13

2008-06-28 22:11 . 2006-12-29 00:31 19,569 --a------ C:\WINDOWS\002502_.tmp

2008-06-28 22:07 . 2008-03-05 15:56 3,786,760 --a------ C:\WINDOWS\system32\D3DX9_37.dll

2008-06-28 22:07 . 2008-03-05 15:56 1,420,824 --a------ C:\WINDOWS\system32\D3DCompiler_37.dll

2008-06-28 22:07 . 2008-03-05 16:03 479,752 --a------ C:\WINDOWS\system32\XAudio2_0.dll

2008-06-28 22:07 . 2008-02-05 23:07 462,864 --a------ C:\WINDOWS\system32\d3dx10_37.dll

2008-06-28 22:07 . 2008-03-05 16:03 238,088 --a------ C:\WINDOWS\system32\xactengine3_0.dll

2008-06-28 22:07 . 2008-03-05 16:00 25,608 --a------ C:\WINDOWS\system32\X3DAudio1_3.dll

2008-06-28 21:36 . 2008-06-28 21:36

2008-06-28 21:34 . 2008-06-28 21:34

2008-06-28 21:34 . 2008-06-28 21:34

2008-06-28 21:27 . 2008-06-28 21:27 0 --a------ C:\WINDOWS\winpm.INI

2008-06-28 21:26 . 2008-06-28 21:26

2008-06-28 21:26 . 2004-09-03 10:53 3,870,720 --a------ C:\WINDOWS\system32\qt-mt323.dll

2008-06-28 21:25 . 2008-06-28 21:25

2008-06-28 21:24 . 2008-06-28 21:25

2008-06-28 21:24 . 2008-06-28 21:24

2008-06-28 21:24 . 2008-06-28 21:24

2008-06-28 21:24 . 2008-06-28 21:24

2008-06-28 21:24 . 2008-06-28 21:24

2008-06-28 21:24 . 2008-01-10 15:27 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx

2008-06-28 21:24 . 2007-04-24 17:30 60,273 --a------ C:\WINDOWS\system32\pthreadGC2.dll

2008-06-28 21:24 . 2008-01-10 15:27 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts

2008-06-28 21:24 . 2008-03-28 19:41 7,680 --a------ C:\WINDOWS\system32\ff_vfw.dll

2008-06-28 21:24 . 2007-07-10 18:10 547 --a------ C:\WINDOWS\system32\ff_vfw.dll.manifest

2008-06-28 21:20 . 2008-07-02 18:45

2008-06-28 21:20 . 2008-01-09 03:11 360,448 --a------ C:\WINDOWS\system32\NVUNINST.EXE

2008-06-28 21:20 . 2008-01-08 19:53 360,448 --a------ C:\WINDOWS\system32\nvudisp.exe

2008-06-28 21:20 . 2008-07-04 19:32 164,579 --a------ C:\WINDOWS\system32\nvapps.xml

2008-06-28 21:20 . 2008-01-08 19:53 17,737 --a------ C:\WINDOWS\system32\nvdisp.nvu

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-07-04 17:34 --------- d–h--w C:\Program Files\InstallShield Installation Information

2008-06-28 19:25 --------- d-----w C:\Program Files\Common Files\InstallShield

2008-06-28 18:37 16,376 ----a-w C:\WINDOWS\gdrv.sys

2008-06-28 18:37 --------- d-----w C:\Program Files\Realtek

2008-06-28 18:37 --------- d-----w C:\Documents and Settings\Admin\Dane aplikacji\InstallShield

2008-06-28 18:36 315,392 ----a-w C:\WINDOWS\HideWin.exe

2008-06-28 18:33 --------- d-----w C:\Program Files\Yahoo!

2008-06-28 18:33 --------- d-----w C:\Program Files\Intel

2008-06-28 18:29 --------- d-----w C:\Program Files\microsoft frontpage

2008-06-28 18:28 --------- d-----w C:\Program Files\Usługi online

2008-04-14 21:16 1,804 ----a-w C:\WINDOWS\system32\dcache.bin

2008-04-14 20:56 332,288 ----a-w C:\WINDOWS\system32\netsetup.exe

2008-04-14 20:52 92,424 ----a-w C:\WINDOWS\system32\rdpdd.dll

2008-04-14 20:52 87,176 ----a-w C:\WINDOWS\system32\rdpwsx.dll

2008-04-14 20:52 299,520 ----a-w C:\WINDOWS\system32\drmclien.dll

2008-04-14 20:52 12,168 ----a-w C:\WINDOWS\system32\tsddd.dll

2008-04-14 20:50 999,936 ----a-w C:\WINDOWS\system32\syssetup.dll

2008-04-14 20:49 98,304 ----a-w C:\WINDOWS\system32\actxprxy.dll

2008-04-14 20:48 5,632 ----a-w C:\WINDOWS\system32\wmi.dll

2008-04-14 20:48 1,449,472 ----a-w C:\WINDOWS\system32\winntbbu.dll

2008-04-14 20:47 57,375 ----a-w C:\WINDOWS\system32\odbcji32.dll

2008-04-14 20:47 103,424 ----a-w C:\WINDOWS\system32\dpcdll.dll

2008-04-14 20:43 4,126 ----a-w C:\WINDOWS\system32\msdxmlc.dll

2008-04-14 20:42 3,584 ----a-w C:\WINDOWS\system32\msafd.dll

2008-04-14 20:36 3,584 ----a-w C:\WINDOWS\system32\icmp.dll

2008-04-14 20:35 9,344 ----a-w C:\WINDOWS\system32\framebuf.dll

2008-04-14 20:35 569,856 ----a-w C:\WINDOWS\system32\gpedit.dll

2008-04-14 20:33 3,072 ----a-w C:\WINDOWS\system32\dpnlobby.dll

2008-04-14 20:33 3,072 ----a-w C:\WINDOWS\system32\dpnaddr.dll

2008-04-14 20:33 24,064 ----a-w C:\WINDOWS\system32\pidgen.dll

2008-04-14 20:31 16,896 ----a-w C:\WINDOWS\system32\cfgmgr32.dll

2008-04-14 20:30 285,696 ----a-w C:\WINDOWS\system32\atmfd.dll

2008-04-14 19:59 2,146,816 ----a-w C:\WINDOWS\system32\ntoskrnl.exe

2008-04-14 19:59 2,025,472 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe

2008-04-14 19:55 4,096 ----a-w C:\WINDOWS\system32\dsprpres.dll

2008-04-14 19:52 89,600 ------w C:\WINDOWS\system32\msxml6r.dll

2008-04-14 19:50 80,896 ------w C:\WINDOWS\system32\msshavmsg.dll

2008-04-14 19:45 49,664 ----a-w C:\WINDOWS\system32\inetres.dll

2008-04-14 19:43 563,200 ----a-w C:\WINDOWS\system32\shdoclc.dll

2008-04-14 19:37 10,240 ----a-w C:\WINDOWS\system32\gpkrsrc.dll

2008-04-14 19:35 67,584 ----a-w C:\WINDOWS\system32\browselc.dll

2008-04-14 19:35 1,845,888 ----a-w C:\WINDOWS\system32\win32k.sys

2008-04-14 19:32 57,344 ----a-w C:\WINDOWS\system32\mshtmler.dll

2008-04-13 22:15 17,664 ----a-w C:\WINDOWS\system32\watchdog.sys

2008-04-13 22:13 9,728 ------w C:\WINDOWS\system32\comsdupd.exe

2008-04-13 22:13 12,800 ----a-w C:\WINDOWS\system32\spiisupd.exe

2008-04-13 22:10 427,008 ----a-w C:\WINDOWS\system32\xpob2res.dll

2008-04-13 22:08 2,953,216 ----a-w C:\WINDOWS\system32\xpsp2res.dll

2008-04-13 22:05 194,560 ----a-w C:\WINDOWS\system32\xpsp1res.dll

2008-04-13 22:01 7,424 ----a-w C:\WINDOWS\system32\kd1394.dll

2008-04-13 22:00 61,440 ----a-w C:\WINDOWS\system32\msvcrt40.dll

2008-04-13 21:07 208,384 ----a-w C:\WINDOWS\system32\rsaenh.dll

2008-04-13 21:07 138,752 ----a-w C:\WINDOWS\system32\dssenh.dll

2008-04-13 20:56 12,288 ----a-w C:\WINDOWS\system32\odbcp32r.dll

2008-04-13 20:56 12,288 ----a-w C:\WINDOWS\system32\mscpx32r.dll

2008-04-13 20:51 733,696 ----a-w C:\WINDOWS\system32\qedwipes.dll

2008-04-13 20:18 1,647,616 ----a-w C:\WINDOWS\system32\winbrand.dll

2008-04-13 20:15 216,064 ----a-w C:\WINDOWS\system32\moricons.dll

2008-04-13 19:53 48,128 ----a-w C:\WINDOWS\system32\msprivs.dll

2008-04-13 19:09 884,736 ----a-w C:\WINDOWS\system32\msimsg.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“NvCplDaemon”=“C:\WINDOWS\system32\NvCpl.dll” [2008-01-08 19:53 8523776]

“RemoteControl”=“C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe” [2003-10-31 19:42 32768]

“NeroFilterCheck”=“C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe” [2007-03-01 15:57 153136]

“NvMediaCenter”=“C:\WINDOWS\system32\NvMcTray.dll” [2008-01-08 19:53 81920]

“WooCnxMon”=“C:\PROGRA~1\NEOSTR~1\CnxMon.exe” [2003-10-16 19:07 24576]

“SpeedTouch USB Diagnostics”=“C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe” [2004-01-26 11:38 866816]

“WOOWATCH”=“C:\PROGRA~1\NEOSTR~1\Watch.exe” [2003-10-16 19:07 20480]

“WOOTASKBARICON”=“C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe” [2003-10-16 19:07 53248]

“BDMCon”=“C:\Program Files\Softwin\BitDefender10\bdmcon.exe” [2006-11-21 15:58 286720]

“BDAgent”=“C:\Program Files\Softwin\BitDefender10\bdagent.exe” [2006-10-11 17:22 49152]

“RTHDCPL”=“RTHDCPL.EXE” [2007-09-19 12:14 16844800 C:\WINDOWS\RTHDCPL.exe]

“nwiz”=“nwiz.exe” [2008-01-08 19:53 1626112 C:\WINDOWS\system32\nwiz.exe]

[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

“CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE” [2008-04-14 22:51 15360]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\

Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 02:48:00 40048]

Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 01:01:00 734872]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

“AppInit_DLLs”=sockspy.dll

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

“%windir%\system32\sessmgr.exe”=

“%windir%\Network Diagnostic\xpnetdiag.exe”=

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

“21343:TCP”= 21343:TCP:BitComet 21343 TCP

“21343:UDP”= 21343:UDP:BitComet 21343 UDP

R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;C:\WINDOWS\system32\DRIVERS\bdfndisf.sys [2007-02-02 16:40]

*Newly Created Service* - CATCHME

.

        • ORPHANS REMOVED - - - -

HKCU-Run-WITaj! - C:\Program Files\WITaj!\Wit2000.exe

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-07-07 22:54:47

Windows 5.1.2600 Dodatek Service Pack 3 NTFS

scanning hidden processes …

scanning hidden autostart entries …

scanning hidden files …

scan completed successfully

hidden files: 0

(Gutek) #2

Zastosuj się do tego Tematu i zmień tytuł tematu na konkretny inaczej KOSZ

Pozdrawiam Gutek2222

Optymalizacja XP: viewtopic.php?t=76580

Optymalizacja autostartu: http://www.bezpieczenstwosystemow.pl/in … opic=116.0

Czyszczenie rejestru:

RegCleaner - http://www.dobreprogramy.pl/index.php?dz=2&t=29&id=177

możesz rejestr przelecieć albo

jv16 PowerTools - http://www.dobreprogramy.pl/index.php?dz=2&t=29&id=509

Opis RegCleaner - http://www.agavk.p9.pl/strony/progra_regcleaner.php

Zobacz - Obsługa jv16 PowerTools