Openx Xenium sprawdzenie loga

dassem · 8 Sierpień 2008 08:55

Witam, otóż od jakiegoś czasu mnie wam dziwny problem. Mianowicie pobieranie plików jest taka jak zawsze czyli dobra, ale bardzo wolno ładują mi się wszystkie strony internetowe. Skanowałem avastem, spybotem i dalej to samo. Np łącząc się z onet.pl wpierw mam łączenie z Openx.Xenium a dopiero później wchodzi na onet. Mój log

Logfile of HijackThis v1.99.1 Scan saved at 10:46:30, on 2008-08-08 Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe C:\WINDOWS\system32\Rundll32.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\K-Lite Codec Pack\QuickTime\qttask.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Vista Drive Icon\DrvIcon.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE C:\WINDOWS\system32\CTsvcCDA.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\uTorrent\uTorrent.exe C:\Program Files\Gadu-Gadu\gg.exe C:\Program Files\Mozilla Firefox\firefox.exe E:\Programy\Instalki\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM…\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM…\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM…\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r O4 - HKLM…\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM…\Run: [WinampAgent] “C:\Program Files\Winamp\winampa.exe” O4 - HKLM…\Run: [DAEMON Tools] “C:\Program Files\DAEMON Tools\daemon.exe” -lang 1045 O4 - HKLM…\Run: [GrooveMonitor] “C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe” O4 - HKLM…\Run: [sunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe” O4 - HKLM…\Run: [QuickTime Task] “C:\Program Files\K-Lite Codec Pack\QuickTime\qttask.exe” -atboottime O4 - HKLM…\Run: [TkBellExe] “C:\Program Files\Common Files\Real\Update_OB\realsched.exe” -osboot O4 - HKLM…\Run: [DrvIcon] C:\Program Files\Vista Drive Icon\DrvIcon.exe O4 - HKLM…\Run: [RemoteControl] “C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe” O4 - HKCU…\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background O4 - HKCU…\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU…\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra ‘Tools’ menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing) O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

huber2t · 8 Sierpień 2008 09:12

fix w hijackthis

Podaj log z Combofix

dassem · 8 Sierpień 2008 09:37

ComboFix 08-08-07.05 - dassem 2008-08-08 11:34:19.1 - NTFSx86

Gutek · 8 Sierpień 2008 10:11

Zmiana zasad wklejania logów na forum - viewtopic.php?f=16&t=253052

Pobierz program SDFix

dassem · 8 Sierpień 2008 18:39

Czytałem, ale moja prośba kieruje się nie (wyłącznie) do loga tylko o nie łączenie się ze stronami typu: openx.xenium, stat24, hit.stat.pl, hit.gemius.pl etc. Również wyczytałem że można to usunąć z systemu zmieniając plik, stosując wedle opisanej metody nie działa.

Log SDfix:

SDFix: Version 1.214 Run by dassem on 2008-08-08 at 20:17 Microsoft Windows XP [Wersja 5.1.2600] Running From: C:\SDFix Checking Services : Restoring Default Security Values Restoring Default Hosts File Rebooting Checking Files : No Trojan Files Found Removing Temp Files ADS Check : Final Check : catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-08 20:28:01 Windows 5.1.2600 Dodatek Service Pack 3 NTFS scanning hidden processes … scanning hidden services & system hive … [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg] “s1”=dword:3d57eeb8 “s2”=dword:cbbce973 “h0”=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] “p0”=“C:\Program Files\DAEMON Tools” “h0”=dword:00000000 “khjeh”=hex:ab,b6,de,57,14,f6,02,99,c4,35,87,78,74,3c,39,db,eb,1b,66,72,e7,… [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001] “a0”=hex:20,01,00,00,40,6a,46,93,91,d5,6e,f2,78,47,54,46,d4,1e,5c,07,96,… “khjeh”=hex:ed,3a,0b,ca,79,ba,38,53,e2,40,8e,4f,9e,1c,24,88,06,bd,33,68,43,… [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40] “khjeh”=hex:00,b4,95,30,db,3b,72,26,5e,92,6f,0e,4a,cb,d5,60,36,25,17,d7,e4,… [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41] “khjeh”=hex:36,f7,83,5f,ab,b6,99,b4,ef,14,b0,dc,f0,9b,df,61,4a,8f,bc,d5,34,… [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] “p0”=“C:\Program Files\DAEMON Tools” “h0”=dword:00000000 “khjeh”=hex:ab,b6,de,57,14,f6,02,99,c4,35,87,78,74,3c,39,db,eb,1b,66,72,e7,… [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001] “a0”=hex:20,01,00,00,40,6a,46,93,91,d5,6e,f2,78,47,54,46,d4,1e,5c,07,96,… “khjeh”=hex:ed,3a,0b,ca,79,ba,38,53,e2,40,8e,4f,9e,1c,24,88,06,bd,33,68,43,… [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40] “khjeh”=hex:00,b4,95,30,db,3b,72,26,5e,92,6f,0e,4a,cb,d5,60,36,25,17,d7,e4,… [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41] “khjeh”=hex:36,f7,83,5f,ab,b6,99,b4,ef,14,b0,dc,f0,9b,df,61,4a,8f,bc,d5,34,… scanning hidden registry entries … scanning hidden files … C:\WINDOWS\Temp_av_proI.tm~a02288 scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 1 Remaining Services : Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] “%windir%\system32\sessmgr.exe”="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" “%windir%\Network Diagnostic\xpnetdiag.exe”="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" “C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe”=“C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe” “C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe”=“C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe” “C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe”=“C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe” “C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe”=“C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe” “C:\Program Files\HP\Digital Imaging\bin\hposid01.exe”=“C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe” “C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe”=“C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe” “C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe”=“C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe” “C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe”=“C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe” “C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe”=“C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe” “C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe”=“C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe” “C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe”=“C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe” “C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe”=“C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe” “C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe”=“C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe” “C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE”=“C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook” “C:\Program Files\Microsoft Office\Office12\GROOVE.EXE”=“C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove” “C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE”=“C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote” “C:\Gry\Call of Duty 2\CoD2MP_s.exe”=“C:\Gry\Call of Duty 2\CoD2MP_s.exe:*:Enabled:CoD2MP_s” “C:\Gry\Pro Evolution Soccer 2008\PES2008.exe”=“C:\Gry\Pro Evolution Soccer 2008\PES2008.exe:*:Enabled:Pro Evolution Soccer 2008” “C:\Documents and Settings\dassem\Pulpit\PES 2008.exe”=“C:\Documents and Settings\dassem\Pulpit\PES 2008.exe:*:Enabled:Pro Evolution Soccer 2008” “C:\Program Files\Mozilla Firefox\firefox.exe”=“C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox” “C:\Program Files\uTorrent\uTorrent.exe”=“C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:uTorrent” [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] “%windir%\system32\sessmgr.exe”="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" “%windir%\Network Diagnostic\xpnetdiag.exe”="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" Remaining Files : Files with Hidden Attributes : Mon 28 Jan 2008 1,404,240 A.SHR — “C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe” Mon 28 Jan 2008 5,146,448 A.SHR — “C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe” Mon 28 Jan 2008 2,097,488 A.SHR — “C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe” Thu 1 May 2008 8 …SHR — “C:\WINDOWS\system32\20AC8F4E3A.sys” Finished!