Problem z internetem

(Fran) #1

witam,jestem nowa i zielona na forum, wiec prosze o wyrozumialosc…

Mam polaczenie o predkosci 5mbs, ale od kilku dni internet w zasadzie przestal mi dzialac. Teoretycznie jest polaczenie, kiedy pinguje google.com czas wynosi 130ms srednio, a strata pakietow 8%, ale nie jestem w stanie nic otworzyc, dodam, ze w sieci sa jeszcze 2 kompy, ktorych palaczenie dziala bez zarzutu (odbieraja bezprzewodowy sygnal z routera, moj desktop jest podlaczony kablem).

Czy to wina sprzetu-karty sieciowej (VIA Rhine II Fast Ethernet)? czy moze jakiegos virusa? Na wszelki wypadek wklejam Logfile of Trend Micro HijackThis v2.0.2

HELP! HELP! HELP!

Scan saved at 11:12:06, on 2008-07-11

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Spyware Doctor\pctsAuxs.exe

C:\Program Files\Spyware Doctor\pctsSvc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\alg.exe

C:\Program Files\Spyware Doctor\pctsTray.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe

C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Lexmark 2200 Series\lxbvbmon.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe

C:\Program Files\MagicDisc\MagicDisc.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\The Bat!\thebat.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = ��cza

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll

O4 - HKLM…\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM…\Run: [RemoteControl] “C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe”

O4 - HKLM…\Run: [Lexmark 2200 Series] “C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe”

O4 - HKLM…\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM…\Run: [QuickTime Task] “C:\Program Files\QuickTime\QTTask.exe” -atboottime

O4 - HKLM…\Run: [iTunesHelper] “C:\Program Files\iTunes\iTunesHelper.exe”

O4 - HKLM…\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM…\Run: [Adobe Reader Speed Launcher] “C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe”

O4 - HKLM…\Run: [TkBellExe] “C:\Program Files\Common Files\Real\Update_OB\realsched.exe” -osboot

O4 - HKLM…\Run: [iSTray] “C:\Program Files\Spyware Doctor\pctsTray.exe”

O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘US�UGA LOKALNA’)

O4 - HKUS\S-1-5-20…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘US�UGA SIECIOWA’)

O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’)

O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’)

O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe

O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Urz�dzenie mobilne Apple (Apple Mobile Device) - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Us�uga iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

(Dmirecki) #2

Log czysty :slight_smile:

(huber2t) #3

Pokaż log z Combofix

(Fran) #4

dzieki za szybkie odpowiedzi, jesli log jest czysty, czy to moze byc wina sprzetu?

(huber2t) #5

Napewno tak bedzie, a kiedy dostane log?

(Fran) #6

juz sie robi…

ComboFix 08-07-02.5 - katkapc 2008-07-11 19:51:49.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.608 [GMT 1:00]

Running from: F:\download-rapidshare\ComboFix.exe

* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED!!

.

((((((((((((((((((((((((( Files Created from 2008-06-11 to 2008-07-11 )))))))))))))))))))))))))))))))

.

2008-07-10 11:39 . 2008-07-10 11:39

2008-07-06 20:30 . 2008-07-06 20:30

2008-07-03 16:56 . 2008-07-03 16:56

2008-07-03 14:31 . 2008-07-03 14:31

2008-07-03 13:58 . 2008-07-10 08:36

2008-07-03 13:58 . 2008-07-03 13:58

2008-07-03 13:58 . 2007-12-10 14:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys

2008-07-03 13:58 . 2007-12-10 14:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys

2008-07-03 13:58 . 2008-02-01 12:55 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys

2008-07-03 13:58 . 2007-12-10 14:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys

2008-07-03 13:38 . 2008-07-11 19:41

2008-07-02 18:12 . 2008-07-02 18:12

2008-07-02 18:12 . 2008-05-27 12:11 96,896 --a------ C:\WINDOWS\system32\drivers\mcdbus.sys

2008-07-02 10:23 . 2008-07-02 10:23

2008-07-02 10:22 . 2008-07-07 16:43

2008-06-11 15:16 . 2008-06-14 19:01 273,024 --------- C:\WINDOWS\system32\drivers\bthport.sys

2008-06-11 15:16 . 2008-06-14 19:01 273,024 -----c— C:\WINDOWS\system32\dllcache\bthport.sys

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-07-11 14:32 --------- d-----w C:\Documents and Settings\katkapc\Dane aplikacji\Skype

2008-07-07 17:08 --------- d-----w C:\Program Files\Google

2008-07-07 17:08 --------- d-----w C:\Program Files\Common Files\Adobe

2008-07-07 17:02 --------- d-----w C:\Program Files\SuperMemo UX

2008-07-03 10:15 --------- d-----w C:\Program Files\SkanerOnline

2008-06-20 17:42 246,784 ----a-w C:\WINDOWS\system32\mswsock.dll

2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys

2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys

2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys

2008-06-18 13:20 --------- d-----w C:\Program Files\Last.fm

2008-06-03 22:13 --------- d-----w C:\Documents and Settings\katkapc\Dane aplikacji\vlc

2008-06-03 13:42 --------- d-----w C:\Program Files\VideoLAN

2008-05-26 18:14 --------- d-----w C:\Documents and Settings\katkapc\Dane aplikacji\Softplicity

2008-05-26 17:44 74,752 ----a-w C:\WINDOWS\cadkasdeinst01e.exe

2008-05-07 05:16 1,291,264 ----a-w C:\WINDOWS\system32\quartz.dll

2008-04-21 07:03 662,016 ----a-w C:\WINDOWS\system32\wininet.dll

2001-11-23 04:08 712,704 ----a-w C:\WINDOWS\inf\OTHER\AUDIO3D.DLL

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“CTFMON.EXE”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-04 01:44 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“ATIPTA”=“C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe” [2004-03-23 17:15 335872]

“RemoteControl”=“C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe” [2003-10-31 19:42 32768]

“Lexmark 2200 Series”=“C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe” [2004-02-13 14:34 57344]

“SunJavaUpdateSched”=“C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe” [2005-11-10 13:03 36975]

“QuickTime Task”=“C:\Program Files\QuickTime\QTTask.exe” [2008-02-01 00:13 385024]

“iTunesHelper”=“C:\Program Files\iTunes\iTunesHelper.exe” [2008-02-19 14:10 267048]

“NeroFilterCheck”=“C:\WINDOWS\system32\NeroCheck.exe” [2001-07-09 11:50 155648]

“Adobe Reader Speed Launcher”=“C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe” [2008-01-11 22:16 39792]

“TkBellExe”=“C:\Program Files\Common Files\Real\Update_OB\realsched.exe” [2008-01-04 17:38 185896]

“ISTray”=“C:\Program Files\Spyware Doctor\pctsTray.exe” [2008-07-03 14:00 1107848]

[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

“CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE” [2004-08-04 01:44 15360]

C:\Documents and Settings\katkapc\Menu Start\Programy\Autostart\

Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50 113664]

MagicDisc.lnk - C:\Program Files\MagicDisc\MagicDisc.exe [2008-07-02 18:12:50 547840]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\

Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-05-15 01:19:50 217193]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

“msacm.divxa32”= DivXa32.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

“AntiVirusOverride”=dword:00000001

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

“%windir%\system32\sessmgr.exe”=

“C:\Program Files\Gadu-Gadu\gg.exe”=

“C:\Program Files\uTorrent\uTorrent.exe”=

“C:\Program Files\Bonjour\mDNSResponder.exe”=

“C:\Program Files\iTunes\iTunes.exe”=

“C:\Program Files\Mozilla Firefox\firefox.exe”=

“C:\Program Files\Messenger\msmsgs.exe”=

“C:\Program Files\Skype\Phone\Skype.exe”=

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{89b4087d-c2d3-11dc-b403-000b6a6f70b1}]

\Shell\AutoRun\command - H:\LaunchU3.exe -a

*Newly Created Service* - CATCHME

.

Contents of the ‘Scheduled Tasks’ folder

“2008-06-17 19:43:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job”

  • C:\Program Files\Apple Software Update\SoftwareUpdate.exe

.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-07-11 19:55:14

Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes …

scanning hidden autostart entries …

scanning hidden files …

C:\Documents and Settings\katkapc\Ustawienia lokalne\Dane aplikacji\Last.fm\Client\infinita1_submissions.xml

**************************************************************************

.

Completion time: 2008-07-11 19:56:13

ComboFix-quarantined-files.txt 2008-07-11 18:56:04

ComboFix2.txt 2008-07-03 19:33:53

Pre-Run: 26,160,693,248 bajtůw wolnych

Post-Run: 27,211,894,784 bajtůw wolnych

107 — E O F — 2008-07-10 09:25:50

(huber2t) #7

W logu syfu nie widać