kwaite09
(Kwaite09)
23 Grudzień 2008 19:16
#1
Witam. Mam Neo 512 [s@GEM 800-840] , co jakiś czas rozłącza sie, t.zn. diody na chwile gasną [jakbym odłaczył modem z USB] po czym następuje synchronizacja i połączenie znów jest możliwe. Zdarza się to co pare minut, czasem co kilkanaście.
Próbowałem, przeinstalowywać sterowniki, wywaliłem je i wgrałem stery od SAGEM, w końcu wywaliłem również je i zainstalowałem Autoconnect
Log z HijackThis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:59:59, on 2008-12-23
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
D:\Programy\AutoConnect\AutoConnect.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\Programy\Unlocker\UnlockerAssistant.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.pl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Resume copy] copyfstq.exe /startup
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [Odkurzacz-MCD] D:\Programy\Odkurzacz\odk_mcd.exe
O4 - HKCU\..\Run: [AutoConnect] D:\Programy\AutoConnect\AutoConnect.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: SysInfoMyWork.lnk = D:\Programy\SysInfoMyWork\SysInfoMyWork.exe
O4 - Global Startup: Kalendarz XP.lnk = D:\Programy\Kalendarz XP\Kalendarz.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3FD8665F-2D3F-437B-A31A-8E53CF3BEB78}: NameServer = 194.204.159.1 217.98.63.164
O17 - HKLM\System\CS1\Services\Tcpip\..\{3FD8665F-2D3F-437B-A31A-8E53CF3BEB78}: NameServer = 194.204.159.1 217.98.63.164
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: cFosSpeed System Service (cFosSpeedS) - Unknown owner - C:\Program Files\cFosSpeed\spd.exe (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
--
End of file - 6714 bytes
Podczas pisania tego postu rozłączyło mnie dwukrotnie :-x
Pomóżcie!
MichaelP
(MichaelP)
23 Grudzień 2008 19:24
#2
O4 - HKLM…\Run: [Resume copy] copyfstq.exe /startup O4 - HKLM…\Run: [updReg] C:\WINDOWS\Updreg.exe O4 - HKLM…\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe O4 - HKLM…\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM…\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - Startup: SysInfoMyWork.lnk = D:\Programy\SysInfoMyWork\SysInfoMyWork.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s … wflash.cab O17 - HKLM\System\CCS\Services\Tcpip…{3FD8665F-2D3F-437B-A31A-8E53CF3BEB78}: NameServer = 194.204.159.1 217.98.63.164 O17 - HKLM\System\CS1\Services\Tcpip…{3FD8665F-2D3F-437B-A31A-8E53CF3BEB78}: NameServer = 194.204.159.1 217.98.63.164
Fix w HijackThis. Instrukcja viewtopic.php?f=16&t=36654
Podaj log z Combofix . Instrukcja viewtopic.php?f=16&t=36654
Olcia
(Olixxx94)
23 Grudzień 2008 20:38
#3
kwaite09 , nawet jeśli masz AutoConnect, to sterowniki tez muszą być…
kwaite09
(Kwaite09)
23 Grudzień 2008 20:43
#4
log Combofix:
ComboFix 08-12-23.01 - KW!AT 2008-12-23 21:11:35.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.511.278 [GMT 1:00] Uruchomiony z: c:\documents and settings\KW!AT\Pulpit\ComboFix.exe . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\KW!AT\Dane aplikacji\EurekaLog c:\documents and settings\KW!AT\Dane aplikacji\EurekaLog\EurekaLog.ini c:\windows\system32\Cache c:\windows\system32\dumphive.exe c:\windows\system32\Process.exe c:\windows\system32\SrchSTS.exe c:\windows\system32\tmp.reg c:\windows\system32\VCCLSID.exe c:\windows\system32\WS2Fix.exe D:\Autorun.inf . ((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_ISODRIVE -------\Service_ISODrive ((((((((((((((((((((((((( Pliki utworzone od 2008-11-23 do 2008-12-23 ))))))))))))))))))))))))))))))) . 2008-12-23 20:26 . 2008-12-23 20:26 2008-12-23 19:38 . 2008-12-23 19:38 2008-12-23 16:10 . 2008-12-23 16:10 2008-12-18 22:19 . 2008-12-18 22:19 169 --a–c— c:\windows\adidsl.ini 2008-12-18 22:19 . 2008-12-18 22:19 21 --a–c— c:\windows\Fast800.ini 2008-12-17 18:26 . 2006-12-22 13:18 316,416 --a–c— c:\windows\system32\unaddrv.x64.exe 2008-12-17 18:26 . 2007-02-13 16:20 253,008 --a–c— c:\windows\adirasx64.exe 2008-12-17 18:26 . 2007-02-07 16:51 169,496 --a–c— c:\windows\system32\drivers\adiusbawx64.sys 2008-12-17 18:26 . 2007-01-04 13:46 146,968 --a–c— c:\windows\system32\drivers\e4usbawx64.sys 2008-12-17 18:26 . 2007-01-04 13:47 71,832 --a–c— c:\windows\system32\drivers\e4ldrx64.sys 2008-12-17 18:26 . 2007-02-07 16:50 58,264 --a–c— c:\windows\system32\drivers\adildrx64.sys 2008-12-17 18:26 . 2007-02-16 23:19 16,254 --a–c— c:\windows\system32\drivers\adiusbawx64.cat 2008-12-17 18:26 . 2007-02-16 23:37 13,981 --a–c— c:\windows\system32\drivers\e4usbawx64.cat 2008-12-17 18:26 . 2007-02-16 23:19 12,403 --a–c— c:\windows\system32\drivers\adildrx64.cat 2008-12-17 18:26 . 2007-02-16 23:37 11,399 --a–c— c:\windows\system32\drivers\e4ldrx64.cat 2008-12-17 18:25 . 2008-12-23 18:06 2008-12-16 22:37 . 2008-12-18 22:19 990 --a–c— c:\windows\adiras.ini 2008-12-08 22:05 . 2008-12-08 22:06 . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-12-23 18:44 --------- dc----w c:\documents and settings\KW!AT\Dane aplikacji\Azureus 2008-12-23 15:18 --------- dc----w c:\documents and settings\All Users\Dane aplikacji\Spybot - Search & Destroy 2008-12-22 23:55 --------- dc–a-w c:\documents and settings\All Users\Dane aplikacji\TEMP 2008-12-18 21:19 32 -c–a-w c:\windows\system32\drivers\adidsl.cfg 2008-12-17 17:26 --------- dc-h–w c:\program files\InstallShield Installation Information 2008-12-16 19:53 --------- dc----w c:\documents and settings\KW!AT\Dane aplikacji\Corel 2008-11-19 22:41 --------- dc----w c:\program files\VoipCheapCom 2008-11-19 21:53 --------- dc----w c:\program files\DAP 2008-11-14 21:31 --------- dc----w c:\program files\MSXML 4.0 2008-11-03 17:17 --------- dc----w c:\documents and settings\KW!AT\Dane aplikacji\iMesh 2008-10-27 17:13 --------- dc----w c:\program files\EASEUS 2008-10-24 11:10 453,632 -c–a-w c:\windows\system32\drivers\mrxsmb.sys 2007-12-09 12:49 88 -csh–r c:\windows\system32\A43DA5B4F6.sys . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “Odkurzacz-MCD”=“d:\programy\Odkurzacz\odk_mcd.exe” [2007-05-03 264704] “AutoConnect”=“d:\programy\AutoConnect\AutoConnect.exe” [2006-12-03 310784] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “avast!”=“c:\progra~1\ALWILS~1\Avast4\ashDisp.exe” [2008-11-26 81000] “UpdReg”=“c:\windows\Updreg.exe” [2000-05-11 90112] “AHQInit”=“c:\program files\Creative\SBLive\Program\AHQInit.exe” [2001-05-10 102400] “QuickTime Task”=“c:\program files\QuickTime\qttask.exe” [2007-06-29 286720] “SunJavaUpdateSched”=“c:\program files\Java\jre1.6.0_05\bin\jusched.exe” [2008-02-22 144784] “NvCplDaemon”=“c:\windows\system32\NvCpl.dll” [2008-05-03 13529088] “NvMediaCenter”=“c:\windows\system32\NvMcTray.dll” [2008-05-03 86016] “Resume copy”=“copyfstq.exe” [2002-03-24 c:\windows\COPYFSTQ.EXE] “Logitech Hardware Abstraction Layer”=“KHALMNPR.EXE” [2007-01-23 c:\windows\KHALMNPR.Exe] “nwiz”=“nwiz.exe” [2008-05-03 c:\windows\system32\nwiz.exe] [HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“c:\windows\System32\CTFMON.EXE” [2004-08-04 15360] c:\documents and settings\KW!AT\Menu Start\Programy\Autostart\ SysInfoMyWork.lnk - d:\programy\SysInfoMyWork\SysInfoMyWork.exe [2005-08-09 100352] c:\documents and settings\All Users\Menu Start\Programy\Autostart\ Kalendarz XP.lnk - d:\programy\Kalendarz XP\Kalendarz.exe [2007-02-27 882176] Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-12-24 67128] Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2007-12-24 784912] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] “{93994DE8-8239-4655-B1D1-5F4E91300429}”= “c:\program files\DVDIdle Pro\DVDShell.dll” [2004-10-09 49152] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] “aux”= ctwdm32.dll “aux1”= ctwdm32.dll “msacm.ctmp3”= c:\windows\system32\ctmp3.acm “msacm.ac3filter”= ac3filter.acm “vidc.hfyu”= huffyuv.dll “msacm.divxa32”= DivXa32.acm [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" [HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] “c:\Program Files\Gadu-Gadu\gg.exe”= “c:\Program Files\iMesh Applications\iMesh\iMesh.exe”= “c:\Program Files\DAP\DAP.exe”= “d:\Programy\Azureus\Azureus.exe”= “c:\Program Files\VoipCheapCom\VoipCheapCom.exe”= “c:\Program Files\Mozilla Firefox\firefox.exe”= “d:\Gry\counter 1.6\hl.exe”= “d:\Programy\bear\BearShare.exe”= “d:\Gry\counter 1.6\hlds.exe”= “d:\Programy\DC++\DCPlusPlus.exe”= “c:\WINDOWS\system32\sessmgr.exe”= “d:\Programy\eMule\emule.exe”= “c:\Program Files\Nero\Nero 7\Nero Home\NeroHome.exe”= “c:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe”= “c:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe”= “d:\Gry\fifka\fifa07.exe”= “c:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe”= “c:\Program Files\Bonjour\mDNSResponder.exe”= “c:\WINDOWS\system32\dpvsetup.exe”= “d:\Programy\konnekt\konnekt.exe”= [HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] “8461:TCP”= 8461:TCP:GoD High Port “8462:TCP”= 8462:TCP:GoD Low Port R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);c:\windows\system32\drivers\sfsync03.sys [2005-10-13 35328] R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-04-05 111184] R1 hwinterface;hwinterface;c:\windows\system32\Drivers\hwinterface.sys [2007-04-01 3026] R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-04-05 20560] R2 NwSapAgent;Agent SAP;c:\windows\system32\svchost.exe -k netsvcs [2001-10-26 14336] R2 PStrip;PStrip;c:\windows\system32\drivers\pstrip.sys [2007-07-15 27992] R3 e4usbaw;USB ADSL2 WAN Adapter;c:\windows\system32\DRIVERS\e4usbaw.sys [2008-12-18 104344] R3 NtApm;Sterownik interfejsu NT Apm/Legacy;c:\windows\system32\DRIVERS\NtApm.sys [2001-01-01 9600] S2 E4LOADER;General Purpose USB Driver (e4ldr.sys);c:\windows\system32\Drivers\e4ldr.sys [2008-12-18 69656] S3 epmntdrv;epmntdrv;??\c:\windows\system32\epmntdrv.sys [2008-10-27 8704] S3 EuGdiDrv;EuGdiDrv;??\c:\windows\system32\EuGdiDrv.sys [2008-10-27 3072] S3 Fadpu16E;Fadpu16E; [] S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2008-09-01 138112] S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2008-09-01 8320] S3 PAC207;PC Camera;c:\windows\system32\DRIVERS\PFC027.SYS [2007-05-29 508160] S3 PhTVTune;Philips WDM TVTuner;c:\windows\system32\DRIVERS\PhTVTune.sys [2007-06-11 17632] S3 PRODIGY;PRODIGY;c:\windows\system32\Drivers\PRODIGY.SYS [2008-03-26 32377] S3 S6U12AScanner;MUSTEK 1200 CU PLUS Still Image Device Service;c:\windows\system32\drivers\usbscan.sys [2007-03-09 15104] S3 sdAuxService;PC Tools Auxiliary Service; [] . . ------- Skan uzupełniający ------- . uStart Page = hxxp://www.neostrada.pl uInternet Connection Wizard,ShellNext = iexplore TCP: {3FD8665F-2D3F-437B-A31A-8E53CF3BEB78} = 194.204.159.1 217.98.63.164 O16 -: DirectAnimation Java Classes - c:\windows\Downloaded Program Files\DirectAnimation Java Classes.osd O16 -: Microsoft XML Parser for Java - c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd FF - ProfilePath - c:\documents and settings\KW!AT\Dane aplikacji\Mozilla\Firefox\Profiles\0o5st641.default\ FF - prefs.js: browser.startup.homepage - http://www.google.pl FF - plugin: c:\windows\system32\C2MP\npdivx32.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-12-23 21:22:24 Windows 5.1.2600 Dodatek Service Pack 2 NTFS skanowanie ukrytych procesów … skanowanie ukrytych wpisów autostartu … skanowanie ukrytych plików … skanowanie pomyślnie ukończone ukryte pliki: 0 ************************************************************************** . ------------------------ Pozostałe uruchomione procesy ------------------------ . c:\windows\system32\devldr32.exe c:\program files\Alwil Software\Avast4\aswUpdSv.exe c:\program files\Alwil Software\Avast4\ashServ.exe c:\program files\Bonjour\mDNSResponder.exe c:\windows\system32\CTSVCCDA.EXE c:\windows\system32\inetsrv\inetinfo.exe c:\windows\system32\nvsvc32.exe c:\windows\system32\snmp.exe c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe c:\windows\system32\MsPMSPSv.exe c:\program files\Alwil Software\Avast4\ashMaiSv.exe c:\program files\Alwil Software\Avast4\ashWebSv.exe c:\windows\system32\rundll32.exe . ************************************************************************** . Czas ukończenia: 2008-12-23 21:28:43 - komputer został uruchomiony ponownie ComboFix-quarantined-files.txt 2008-12-23 20:28:36 ComboFix2.txt 2007-11-01 17:46:07 Przed: 487 567 360 bajtów wolnych Po: 440,807,424 bajtów wolnych WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe [boot Loader] Timeout=2 Default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [Operating Systems] c:\cmdcons\BOOTSECT.DAT=“Microsoft Windows Recovery Console” /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS=“Microsoft Windows XP Professional” /fastdetect /NoExecute=OptIn /numproc=1 c:$win_nt$.~bt\BOOTSECT.DAT=“Microsoft Windows XP Professional Setup” 194 — E O F — 2008-12-19 08:55:17
i jeszcze raz HijackThis:
Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:36:48, on 2008-12-23 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\CTsvcCDA.EXE C:\WINDOWS\system32\inetsrv\inetinfo.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\snmp.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\WINDOWS\system32\RUNDLL32.EXE D:\Programy\AutoConnect\AutoConnect.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.pl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O4 - HKLM…\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM…\Run: [Resume copy] copyfstq.exe /startup O4 - HKLM…\Run: [updReg] C:\WINDOWS\Updreg.exe O4 - HKLM…\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe O4 - HKLM…\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime O4 - HKLM…\Run: [sunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe” O4 - HKLM…\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM…\Run: [nwiz] nwiz.exe /install O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKCU…\Run: [Odkurzacz-MCD] D:\Programy\Odkurzacz\odk_mcd.exe O4 - HKCU…\Run: [AutoConnect] D:\Programy\AutoConnect\AutoConnect.exe O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘SYSTEM’) O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘Default user’) O4 - Startup: SysInfoMyWork.lnk = D:\Programy\SysInfoMyWork\SysInfoMyWork.exe O4 - Global Startup: Kalendarz XP.lnk = D:\Programy\Kalendarz XP\Kalendarz.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s … wflash.cab O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: ##Id_String1 .6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: cFosSpeed System Service (cFosSpeedS) - Unknown owner - C:\Program Files\cFosSpeed\spd.exe (file missing) O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
Coś to zmienia??
Olcia
(Olixxx94)
23 Grudzień 2008 20:49
#5
Podejrzane są te wpisy w Hijacku.
kwaite09
(Kwaite09)
23 Grudzień 2008 21:14
#6
Olcia , Oczywiście że nowy
Zrobiłem tak, jak mówiliście, niestety, wciąż Neostrada się rozłącza ;/
Olcia
(Olixxx94)
24 Grudzień 2008 21:04
#7
kwaite09 , wszystkie kabelki dobrze podłączone?
Być może któryś jest uszkodzony.
sebos_krk
(Sebos99)
25 Grudzień 2008 10:02
#8
Problem może leżeć po stronie Telekomunikacji. Proponuję zadzwonić na infolinię techniczną i opisać co się dzieje. Nie wiem czy mieszkasz w domu czy w bloku, ale może być również sytuacja, że kable z słupa dochodzące do twojego domu lub w którejś skrzynce zawilgły- również się będzie rozłączać. Ale tego problemu już Ci tutaj nikt nie zdiagnozuje.
MrAsusrp6
(MrAsusrp6)
25 Grudzień 2008 10:36
#9
Problem leży napewno leży po stronie TP
Zadzwoń do pom.tech niech sprawdza zdalnie linie i ustawią lepsze parametry