"Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 19:58:38, on 2008-04-19

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\CTFMON.EXE

C:\Program Files\Winamp\winampa.exe

C:\Program Files\Gadu-Gadu\gg.exe

C:\WINDOWS\System32\FTRTSVC.exe

C:\PROGRA~1\OrangeBs\TaskbarIcon.exe

C:\PROGRA~1\OrangeBs\BusinessEverywhere.exe

C:\PROGRA~1\OrangeBs\ComComp.exe

C:\PROGRA~1\OrangeBs\Watch.exe

C:\WINDOWS\System32\FTCOMM~1\FTCOMM~1.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\Dead\Pulpit\fwinstall.exe

C:\DOCUME~1\Dead\USTAWI~1\Temp\is-D0CS9.tmp\fwinstall.tmp

C:\Program Files\Alwil Software\Avast4\ashSimpl.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\Program Files\Alwil Software\Avast4\setup\avast.setup

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O4 - HKLM…\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe

O4 - HKLM…\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe

O4 - HKLM…\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM…\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM…\Run: [OBSWATCH] C:\PROGRA~1\OrangeBs\Watch.exe

O4 - HKLM…\RunOnce: [GrpConv] grpconv -o

O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray

O4 - HKUS\S-1-5-19…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘USŁUGA LOKALNA’)

O4 - HKUS\S-1-5-20…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘USŁUGA SIECIOWA’)

O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’)

O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’)

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll

O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O17 - HKLM\System\CCS\Services\Tcpip…{E06AFA80-4A29-44AE-BFA0-B3C76DF7437F}: NameServer = 217.116.100.66 217.116.100.65

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe

–

End of file - 3409 bytes"

To moj log po formacie… Mam avasta i firewalla - PC Tolls FireWall Plus? Czy cos takiego

Otóz komp mi powolnie chodzi zwłaszcza gry o nizszych wymaganiach niz standardy mojego komputera… Czym to spowodowane? Mam jakieś wiry?

Btw: Druga sprawa… Chodzi o gre Commandos II. Korzystam z orange - buisness everywhere (radiówka) Z limitem transferu danych 5 gb (albo 4)…

Otóz jesli chodzi o jakiekolwiek gry typu Commandos, Age of Empires II To albo po wpisaniu ip mam oczekiwanie na graczy… albo nie pokazuje serwerów? Koledzy mowia iz to z powodu zablokowanych portów, przyblizy mnie ktos z tym bardziej o co chodzi? Z góry dziekuje, licze na wyrozumialosc, POZDRAWiAM!

fix

Pokaż log z Combofix

"ComboFix 08-04-18.3 - Dead 2008-04-19 20:14:17.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.311 [GMT 2:00]

Running from: C:\Documents and Settings\Dead\Pulpit\ComboFix.exe

* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED

.

((((((((((((((((((((((((( Files Created from 2008-03-19 to 2008-04-19 )))))))))))))))))))))))))))))))

.

2008-04-19 20:03 . 2008-04-19 20:09

2008-04-19 20:03 . 2008-03-12 09:30 159,896 --a------ C:\WINDOWS\system32\drivers\pctfw2.sys

2008-04-19 20:03 . 2008-02-25 16:38 93,440 --a------ C:\WINDOWS\system32\drivers\pctfw.sys

2008-04-19 20:03 . 2008-02-21 08:56 40,856 --a------ C:\WINDOWS\system32\drivers\pctmp.sys

2008-04-19 20:03 . 2008-02-21 08:56 18,328 --a------ C:\WINDOWS\system32\drivers\pctssipc.sys

2008-04-19 20:02 . 2008-04-19 20:06

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-04-19 18:09 --------- d—a-w C:\Documents and Settings\All Users\Dane aplikacji\TEMP

2008-04-19 17:58 --------- d-----w C:\Program Files\Trend Micro

2008-04-19 17:48 --------- d-----w C:\Program Files\OrangeBs

2008-04-19 17:46 --------- d-----w C:\Program Files\FranceTelecomUninstall

2008-04-19 17:42 --------- d–h--w C:\Program Files\InstallShield Installation Information

2008-04-19 17:42 --------- d-----w C:\Program Files\Realtek Sound Manager

2008-04-19 17:42 --------- d-----w C:\Program Files\Common Files\InstallShield

2008-04-19 17:42 --------- d-----w C:\Program Files\AvRack

2008-04-19 17:40 --------- d-----w C:\Program Files\Java

2008-04-19 17:39 --------- d-----w C:\Program Files\Gadu-Gadu

2008-04-19 17:39 --------- d-----w C:\Program Files\Alwil Software

2008-04-19 17:39 --------- d-----w C:\Program Files\AC3Filter

2008-04-19 17:38 --------- d-----w C:\Program Files\Common Files\Java

2008-04-19 17:37 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Locktime

2008-04-19 17:36 --------- d-----w C:\Program Files\Winamp

2008-04-19 17:35 --------- d-----w C:\Program Files\XviD

2008-04-19 17:27 --------- d-----w C:\Program Files\microsoft frontpage

2008-04-19 17:24 --------- d-----w C:\Program Files\Usługi online

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“CTFMON.EXE”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-04 00:44 15360]

“Gadu-Gadu”=“C:\Program Files\Gadu-Gadu\gg.exe” [2007-05-10 16:36 2111176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“WinampAgent”=“C:\Program Files\Winamp\winampa.exe” [2005-12-09 08:30 35328]

“SunJavaUpdateSched”=“C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe” [2005-03-04 03:36 36975]

“avast!”=“C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [2007-04-30 17:42 75392]

“SoundMan”=“SOUNDMAN.EXE” [2003-07-16 16:50 55296 C:\WINDOWS\SOUNDMAN.EXE]

“OBSWATCH”=“C:\PROGRA~1\OrangeBs\Watch.exe” [2005-09-07 10:26 20480]

“00PCTFW”=“C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe” [2008-03-28 14:37 2598808]

[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

“CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE” [2004-08-04 00:44 15360]

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

“%windir%\system32\sessmgr.exe”=

“C:\Program Files\Gadu-Gadu\gg.exe”=

R1 pctmp;PC Tools Firewall Memory Protection Driver;C:\WINDOWS\system32\drivers\pctmp.sys [2008-02-21 08:56]

R1 pctssipc;PC Tools Security Suite IPC Driver;C:\WINDOWS\system32\drivers\pctssipc.sys [2008-02-21 08:56]

R3 GTFFBUS;GT FF BUS;C:\WINDOWS\system32\DRIVERS\gtffbus.sys [2006-05-29 10:52]

R3 GTMMDMUSB;GT M 3G+ USB MDM;C:\WINDOWS\system32\DRIVERS\gtmmdmusb.sys [2006-05-29 10:52]

R3 GTMNDISIRPXP;GT M 3G+ IRP NDIS;C:\WINDOWS\system32\DRIVERS\Gtm51Irp.sys [2006-05-29 10:52]

R3 GTMSERUSB;GT M 3G+ USB SER;C:\WINDOWS\system32\DRIVERS\gtmserusb.sys [2006-05-29 10:52]

R3 GTPTSER;GT PT SER;C:\WINDOWS\system32\DRIVERS\gtptser.sys [2006-05-29 10:52]

R3 GTSCSER;GT SC SER;C:\WINDOWS\system32\DRIVERS\gtscser.sys [2006-05-29 10:52]

S1 pctfw2;pctfw2;C:\WINDOWS\system32\drivers\pctfw2.sys [2008-03-12 09:30]

S3 GtVUsb;GlobeTrotter 3G+ Viper Filter Service;C:\WINDOWS\system32\DRIVERS\GtVUsb.sys [2006-05-29 10:52]

*Newly Created Service* - BROWSER

*Newly Created Service* - CATCHME

*Newly Created Service* - FASTUSERSWITCHINGCOMPATIBILITY

*Newly Created Service* - FLTMGR

*Newly Created Service* - FTRTSVC

*Newly Created Service* - HELPSVC

*Newly Created Service* - IKFILESEC

*Newly Created Service* - IKSYSFLT

*Newly Created Service* - IKSYSSEC

*Newly Created Service* - IMAPISERVICE

*Newly Created Service* - LANMANSERVER

*Newly Created Service* - MCHINJDRV

*Newly Created Service* - MSISERVER

*Newly Created Service* - NDISUIO

*Newly Created Service* - PCANDIS5

*Newly Created Service* - PCTMP

*Newly Created Service* - PCTSSIPC

*Newly Created Service* - POLICYAGENT

*Newly Created Service* - RASACD

*Newly Created Service* - RASAUTO

*Newly Created Service* - RASMAN

*Newly Created Service* - RDPCDD

*Newly Created Service* - RDPNP

*Newly Created Service* - SCARDSVR

*Newly Created Service* - SCHEDULE

*Newly Created Service* - SENS

*Newly Created Service* - SHELLHWDETECTION

*Newly Created Service* - SR

*Newly Created Service* - SRSERVICE

*Newly Created Service* - SRV

*Newly Created Service* - SSDPSRV

*Newly Created Service* - TERMSERVICE

*Newly Created Service* - THEMES

*Newly Created Service* - WUAUSERV

*Newly Created Service* - WZCSVC

.

**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-04-19 20:15:54

Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes …

scanning hidden autostart entries …

scanning hidden files …

scan completed successfully

hidden files: 0

**************************************************************************

.

Completion time: 2008-04-19 20:17:05

ComboFix-quarantined-files.txt 2008-04-19 18:16:59

Pre-Run: 7,355,953,152 bajtów wolnych

Post-Run: 7,386,009,600 bajtów wolnych

117"

O to skan… Btw: Prosiłbym o polecenie mi jakiegos dobrego firewalla nie szarpiacego systemu… najlepiej freeware.

Zastosuj się do tego Tematu i zmień tytuł tematu na konkretny inaczej KOSZ

Pozdrawiam Gutek2222

Zmiana zasad wklejania logów na forum - viewtopic.php?f=16&t=213350

W Combo nic nie widzę