Kuba13
5 Kwiecień 2008 18:34
#1
Co chwilę odcina mnie od internetu Więc proszę mądrzejszych o pomoc
Logfile of HijackThis v1.99.1
Scan saved at 20:29:29, on 2008-04-05
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
F:\Program Files\Alwil Software\Avast4\ashServ.exe
F:\WINDOWS\Explorer.EXE
F:\WINDOWS\system32\spoolsv.exe
F:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
F:\PROGRA~1\Wanadoo\TaskbarIcon.exe
G:\NOKIAP~1\LAUNCH~1.EXE
G:\Nokia PC Suite 6\PcSync2.exe
F:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
F:\WINDOWS\system32\CTsvcCDA.exe
F:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
F:\WINDOWS\system32\nvsvc32.exe
F:\WINDOWS\system32\MsPMSPSv.exe
F:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
F:\Program Files\Alwil Software\Avast4\ashWebSv.exe
F:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
F:\PROGRA~1\Wanadoo\EspaceWanadoo.exe
F:\PROGRA~1\Wanadoo\ComComp.exe
F:\PROGRA~1\Wanadoo\Watch.exe
F:\Program Files\Mozilla Firefox\firefox.exe
D:\eMule\emule.exe
F:\Program Files\PowerArchiver\POWERARC.EXE
F:\DOCUME~1\Kuba\USTAWI~1\Temp\_PA673\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.pl
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada Plus wita Cie w Internecie
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [avast!] F:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Jet Detection] "F:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [CTStartup] F:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [WOOWATCH] F:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] F:\PROGRA~1\Wanadoo\TaskbarIcon.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] G:\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [Onet.pl AutoUpdate] "F:\Program Files\Common Files\Onet.pl\NewAutoUpdate.exe" /updateexetsr
O4 - HKCU\..\Run: [PcSync] G:\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - Global Startup: DSLMON.lnk = F:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://F:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - F:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - F:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - F:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - F:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - F:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - F:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - F:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - F:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
Kuba13
5 Kwiecień 2008 18:41
#3
Hmm, wolałbym żeby nie był bo teraz nie wiem co robić
Franc
5 Kwiecień 2008 18:49
#5
Nie wyłączałeś jakiś istotnych usług? Zobacz: start/uruchom/services.msc
Mozliwe ze masz jakies zwarcie w kabelkach, tzn. od skrzynki do kompa
Zobacz też czy na modemie (jak rozumiem to neostrada) cały czas świeci sie dioda ADSL jeśli tak to do modemu sygnal jest dobrze doprowadzony
Kuba13
5 Kwiecień 2008 18:55
#6
Nie tak dawno miałem format i było wszystko o.k. od tygodnia wyrzuca mnie z sieci a diody palą się obie.Przy próbie ponownego połączenia dioda ADSL zaczyna mrugać.Połączenie uzyskuję po 2-3 min. tylko że coraz częściej mnie rozłącza
ComboFix 08-04-04.1 - Kuba 2008-04-05 20:46:52.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.322 [GMT 2:00] Running from: F:\Documents and Settings\Kuba\Pulpit\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . F:\Documents and Settings\Kuba\Dane aplikacji\inst.exe . ((((((((((((((((((((((((( Files Created from 2008-03-05 to 2008-04-05 ))))))))))))))))))))))))))))))) . 2008-03-28 22:51 . 2008-03-28 22:51 2008-03-28 22:51 . 2008-03-28 22:51 2008-03-28 22:45 . 2008-03-28 22:45 177 --a------ F:\ioSpecial.ini 2008-03-24 12:51 . 2008-03-24 12:51 2008-03-24 12:50 . 2008-03-24 12:50 2008-03-24 12:48 . 2008-03-24 12:52 1,220 --a------ F:\WINDOWS\disney.ini 2008-03-14 22:04 . 2008-03-14 22:04 54,156 --ah----- F:\WINDOWS\QTFont.qfn 2008-03-14 22:04 . 2008-03-14 22:04 1,409 --a------ F:\WINDOWS\QTFont.for 2008-03-14 21:58 . 2008-03-14 21:58 2008-03-14 21:56 . 2008-03-14 21:56 2008-03-14 21:54 . 2008-03-14 21:54 2008-03-14 21:54 . 2002-12-05 17:58 239,488 --a------ F:\WINDOWS\system32\drivers\snpp106.sys 2008-03-14 21:54 . 2002-11-25 18:35 61,440 --a------ F:\WINDOWS\system32\dsnpp106.dll 2008-03-14 21:54 . 2002-11-25 18:40 49,152 --a------ F:\WINDOWS\system32\vsnpp106.dll 2008-03-14 21:54 . 2002-11-25 19:10 28,672 --a------ F:\WINDOWS\vsnpp106.exe 2008-03-14 21:54 . 2002-11-25 18:43 28,672 --a------ F:\WINDOWS\system32\dsnpp106.ax 2008-03-14 21:54 . 2002-07-11 15:20 20,480 --a------ F:\WINDOWS\dsnpp106.exe 2008-03-14 21:54 . 2002-07-08 15:08 15,494 --a------ F:\WINDOWS\snpp106.ini 2008-03-14 21:54 . 2002-11-26 12:41 12,827 --a------ F:\WINDOWS\snpp106.src . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-04-05 18:45 --------- d-----w F:\Program Files\Wanadoo 2008-04-05 18:29 --------- d-----w F:\Program Files\PowerArchiver 2008-04-04 23:10 --------- d-----w F:\Program Files\English Translator 3 2008-03-28 20:51 --------- d-----w F:\Program Files\Common Files\Onet.pl 2008-03-24 10:52 --------- d–h--w F:\Program Files\InstallShield Installation Information 2008-03-17 23:01 --------- d-----w F:\Program Files\Deutsch Translator 2 2008-03-14 19:56 4,608 ----a-w F:\WINDOWS\system32\w95inf32.dll 2008-03-02 17:37 --------- d-----w F:\Documents and Settings\Kuba\Dane aplikacji\Vso 2008-02-29 22:19 --------- d-----w F:\Documents and Settings\Kuba\Dane aplikacji\Kamerzysta 2008-02-29 22:19 --------- d-----w F:\Documents and Settings\Kuba\Dane aplikacji\AutoUpdate 2008-02-23 20:59 --------- d-----w F:\Documents and Settings\Kuba\Dane aplikacji\Skype 2008-02-23 20:46 --------- d-----w F:\Documents and Settings\Kuba\Dane aplikacji\skypePM 2008-02-07 17:06 691,545 ----a-w F:\WINDOWS\unins000.exe 2008-01-17 19:12 32 ----a-w F:\Documents and Settings\All Users\Dane aplikacji\ezsid.dat 2008-01-15 20:20 47,360 ----a-w F:\Documents and Settings\Kuba\Dane aplikacji\pcouffin.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “PcSync”=“G:\Nokia PC Suite 6\PcSync2.exe” [2006-06-27 17:21 1449984] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “avast!”=“F:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [2007-12-04 15:00 79224] “Jet Detection”=“F:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe” [2001-11-29 02:00 28672] “CTStartup”=“F:\Program Files\Creative\Splash Screen\CTEaxSpl.exe” [2001-12-20 02:00 28672] “WOOWATCH”=“F:\PROGRA~1\Wanadoo\Watch.exe” [2002-12-09 19:24 20480] “WOOTASKBARICON”=“F:\PROGRA~1\Wanadoo\TaskbarIcon.exe” [2002-12-09 19:24 45056] “PCSuiteTrayApplication”=“G:\NOKIAP~1\LAUNCH~1.exe” [2006-06-15 13:36 229376] “Onet.pl AutoUpdate”=“F:\Program Files\Common Files\Onet.pl\NewAutoUpdate.exe” [] F:\Documents and Settings\All Users\Menu Start\Programy\Autostart\ DSLMON.lnk - F:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2008-01-16 22:47:34 962667] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] “msacm.ctmp3”= F:\WINDOWS\system32\ctmp3.acm [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] --a------ 2007-10-10 20:51 39792 F:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup] --a------ 2005-08-11 17:30 249856 F:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler] --a------ 2005-08-11 17:30 81920 F:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut] --------- 2007-03-14 22:01 54832 F:\Program Files\CyberLink\PowerDVD\Language\Language.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan] --a------ 2007-09-20 10:51 1836328 F:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2007-03-01 16:57 153136 F:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] --a------ 2006-10-22 13:22 7700480 F:\WINDOWS\system32\NvCpl.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] --a------ 2006-10-22 13:22 86016 F:\WINDOWS\system32\NvMcTray.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] --a------ 2006-10-22 13:22 1622016 F:\WINDOWS\system32\nwiz.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] --------- 2007-03-14 22:01 71216 F:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan] -ra------ 2002-09-11 04:57 46592 F:\WINDOWS\SOUNDMAN.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a–c— 2007-09-25 02:11 132496 F:\Program Files\Java\jre1.6.0_03\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg] --------- 2000-05-11 02:00 90112 F:\WINDOWS\UpdReg.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] --a------ 2007-12-20 17:16 37376 F:\Program Files\Winamp\winampa.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WINDVDPatch] --a------ 2002-07-02 11:56 24576 F:\WINDOWS\system32\CTHELPER.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] “WMPNetworkSvc”=3 (0x3) “idsvc”=3 (0x3) “RichVideo”=2 (0x2) “NMIndexingService”=3 (0x3) “Nero BackItUp Scheduler 3”=2 (0x2) [HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] “%windir%\system32\sessmgr.exe”= “%windir%\Network Diagnostic\xpnetdiag.exe”= “F:\Program Files\CyberLink\PowerDVD\PowerDVD.exe”= “D:\eMule\emule.exe”= “F:\Program Files\Gadu-Gadu\gg.exe”= “F:\Program Files\Skype\Phone\Skype.exe”= R0 WDMCAPI;ISDN PCI CAPI;F:\WINDOWS\system32\DRIVERS\WDMCAPI.sys [2002-05-22 07:26] R2 {95808DC4-FA4A-4C74-92FE-5B863F82066B};{95808DC4-FA4A-4C74-92FE-5B863F82066B};F:\Program Files\CyberLink\PowerDVD\000.fcl [2007-09-19 22:37] R3 WDMWANMP;NDIS WAN miniport;F:\WINDOWS\system32\DRIVERS\wdmwanmp.sys [2002-05-22 07:29] S3 USBSTOR;Sterownik magazynu masowego USB;F:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 00:08] . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-04-05 20:48:21 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes … scanning hidden autostart entries … HKLM\Software\Microsoft\Windows\CurrentVersion\Run CTStartup = F:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run???h???s???w? ?w???w???w4???.??w4???4???TA?s4???$:8???6~??6~???U?6~??6~???X???????C@?\???\??????s????\??????s\????:8?A??s?:8??C@?x???|?w???@ scanning hidden files … scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\system\ControlSet001\Services{95808DC4-FA4A-4C74-92FE-5B863F82066B}] “ImagePath”="??\F:\Program Files\CyberLink\PowerDVD\000.fcl" . Completion time: 2008-04-05 20:48:49 ComboFix-quarantined-files.txt 2008-04-05 18:48:40 Pre-Run: 38,380,978,176 bajtów wolnych Post-Run: 38,370,217,984 bajtów wolnych . 2008-03-11 23:05:09 — E O F —
Kuba13
5 Kwiecień 2008 20:09
#7
