Spowolniony internet prosze o sprawdzenie loga

CHUDYxp · 20 Listopad 2007 21:22

Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:18:45, on 2007-11-20 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0011) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Windows Defender\MSASCui.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\RocketDock\RocketDock.exe C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe C:\WINDOWS\System32\FTRTSVC.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\neostrada tp\neostradatp.exe C:\Program Files\neostrada tp\ComComp.exe C:\PROGRA~1\NEOSTR~1\Toaster.exe C:\PROGRA~1\NEOSTR~1\Inactivity.exe C:\PROGRA~1\NEOSTR~1\PollingModule.exe C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE C:\Program Files\neostrada tp\Watch.exe C:\Program Files\Gadu-Gadu\gg.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = neostrada tp R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL O2 - BHO: My Global Search Bar BHO - {37B85A21-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL O4 - HKLM…\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM…\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM…\Run: [soundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray O4 - HKLM…\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM…\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM…\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM…\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM…\Run: [sunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe” O4 - HKLM…\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar O4 - HKLM…\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe O4 - HKLM…\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM…\Run: [TkBellExe] “C:\Program Files\Common Files\Real\Update_OB\realsched.exe” -osboot O4 - HKLM…\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,BluetoothAuthenticationAgent O4 - HKLM…\Run: [Windows Defender] “C:\Program Files\Windows Defender\MSASCui.exe” -hide O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU…\Run: [RocketDock] “C:\Program Files\RocketDock\RocketDock.exe” O4 - HKUS\S-1-5-19…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘USŁUGA LOKALNA’) O4 - HKUS\S-1-5-20…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘USŁUGA SIECIOWA’) O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’) O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’) O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows … 4818440968 O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar … /cabsa.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan … asinst.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s … wflash.cab O17 - HKLM\System\CCS\Services\Tcpip…{B8766BE6-BE18-48B9-B166-20F03628E142}: NameServer = 194.204.159.1 217.98.63.164 O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe – End of file - 6897 bytes

Gutek · 20 Listopad 2007 22:10

usuń wpisy HJT

Daj log z ComboFix

CHUDYxp · 21 Listopad 2007 00:13

ComboFix 07-11-08.3 - CHUDY 2007-08-21 0:56:39.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1045.18.218 [GMT 2:00] Running from: D:\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Program Files\myglobalsearch C:\Program Files\myglobalsearch\bar\1.bin\M9FFXTBR.JAR C:\Program Files\myglobalsearch\bar\1.bin\M9FFXTBR.MANIFEST C:\Program Files\myglobalsearch\bar\1.bin\M9NTSTBR.JAR C:\Program Files\myglobalsearch\bar\1.bin\M9NTSTBR.MANIFEST C:\Program Files\myglobalsearch\bar\1.bin\M9PLUGIN.DLL C:\Program Files\myglobalsearch\bar\1.bin\NPMYGLSH.DLL C:\Program Files\myglobalsearch\bar\Cache\00430960 C:\Program Files\myglobalsearch\bar\Cache\00430BE1 C:\Program Files\myglobalsearch\bar\Cache\00430D58.bin C:\Program Files\myglobalsearch\bar\Cache\00430F3C.bin C:\Program Files\myglobalsearch\bar\Cache\004310C3.bin C:\Program Files\myglobalsearch\bar\Cache\files.ini C:\Program Files\myglobalsearch\bar\History\search C:\Program Files\myglobalsearch\bar\Settings\prevcfg.htm . ((((((((((((((((((((((((( Files Created from 2007-10-07 to 2007-11-07 ))))))))))))))))))))))))))))))) . 2007-11-21 00:13 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-11-20 01:26 2007-11-20 01:26 2007-11-18 14:46 2007-11-17 01:29 1,156 --a------ C:\WINDOWS\mozver.dat 2007-11-17 01:23 2007-11-16 23:40 0 --a------ C:\WINDOWS\nsreg.dat 2007-11-16 21:14 2007-11-16 18:26 2007-11-14 16:54 2007-11-14 10:33 2007-11-14 10:25 2007-11-14 07:16 2007-11-14 02:25 2007-11-14 01:19 2007-11-13 23:09 262,144 --a------ C:\WINDOWS\system32\wrap_oal.dll 2007-11-13 23:09 86,016 --a------ C:\WINDOWS\system32\OpenAL32.dll 2007-11-13 02:50 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys 2007-11-13 02:50 14,848 --a–c— C:\WINDOWS\system32\dllcache\kbdhid.sys 2007-11-12 19:35 2007-11-12 17:08 1,415,680 --a------ C:\WINDOWS\system32\WMV9VCM.dll 2007-11-12 17:08 892,928 --a------ C:\WINDOWS\system32\iconv.dll 2007-11-12 17:08 245,760 --a------ C:\WINDOWS\system32\mplvpx.dll 2007-11-12 17:08 9,216 --a------ C:\WINDOWS\system32\cpuinf32.dll 2007-11-12 01:44 2007-11-12 01:41 2007-11-12 01:40 2007-11-12 01:39 2007-11-12 01:38 2007-11-12 01:37 685,816 --a------ C:\WINDOWS\system32\drivers\sptd.sys 2007-11-12 01:34 2007-11-12 00:24 2007-11-12 00:23 2007-11-12 00:23 2007-11-12 00:11 2007-11-12 00:11 2007-11-12 00:11 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll 2007-11-12 00:11 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll 2007-11-12 00:11 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll 2007-11-12 00:11 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll 2007-11-12 00:11 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe 2007-11-12 00:11 125,184 --------- C:\WINDOWS\system32\drivers\imagesrv.sys 2007-11-12 00:11 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll 2007-11-12 00:11 5,504 --------- C:\WINDOWS\system32\drivers\imagedrv.sys 2007-11-12 00:06 2007-11-12 00:05 2007-11-12 00:02 2007-11-12 00:01 2007-11-11 23:59 2007-11-11 23:56 2007-11-11 23:56 737,280 --a------ C:\WINDOWS\iun6002.exe 2007-11-11 23:55 2007-11-11 23:54 2007-11-11 23:39 2007-11-11 23:38 2007-11-11 23:36 2007-11-11 23:35 2007-11-11 23:32 2007-11-11 23:31 2007-11-11 23:31 1,703,936 --a------ C:\WINDOWS\system32\gdiplus.dll 2007-11-11 23:31 110,592 --a------ C:\WINDOWS\system32\ccrpbds6.dll 2007-11-11 23:27 2007-11-11 23:03 2007-11-11 23:02 2007-11-11 23:01 2007-11-11 23:01 43,352 --a------ C:\WINDOWS\system32\wups2.dll 2007-10-20 01:56 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll 2007-10-20 01:56 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll 2007-10-20 01:56 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe 2007-10-20 01:56 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll 2007-10-20 01:54 823,296 --a------ C:\WINDOWS\system32\divx_xx0c.dll 2007-10-20 01:54 823,296 --a------ C:\WINDOWS\system32\divx_xx07.dll 2007-10-20 01:54 802,816 --a------ C:\WINDOWS\system32\divx_xx11.dll 2007-10-20 01:54 739,840 --a------ C:\WINDOWS\system32\DivX.dll 2007-10-20 01:54 196,608 --a------ C:\WINDOWS\system32\dtu100.dll 2007-10-20 01:54 81,920 --a------ C:\WINDOWS\system32\dpl100.dll 2007-10-18 10:06 156,992 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe 2007-10-18 10:03 593,920 --a------ C:\WINDOWS\system32\dpuGUI11.dll 2007-10-18 10:03 344,064 --a------ C:\WINDOWS\system32\dpus11.dll 2007-10-18 10:03 294,912 --a------ C:\WINDOWS\system32\dpu11.dll 2007-10-18 10:03 294,912 --a------ C:\WINDOWS\system32\dpu10.dll 2007-10-18 10:03 57,344 --a------ C:\WINDOWS\system32\dpv11.dll 2007-10-18 10:03 53,248 --a------ C:\WINDOWS\system32\dpuGUI10.dll 2007-10-18 10:02 12,288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-11-12 16:08 1,559,040 ----a-w C:\WINDOWS\system32\xvidcore.dll 2007-11-11 22:32 --------- d–h--w C:\Program Files\InstallShield Installation Information 2007-11-11 22:20 --------- d–h--w C:\Program Files\Java 2007-11-11 21:34 --------- d-----w C:\Program Files\ZTE ZXDSL 852 2007-11-11 21:32 --------- d-----w C:\Program Files\Winamp 2007-11-11 21:32 --------- d-----w C:\Documents and Settings\CHUDY\Dane aplikacji\Winamp 2007-11-11 21:23 --------- d–h--w C:\Program Files\Intel 2007-11-11 21:21 --------- d–h--w C:\Program Files\Sierra Wireless 2007-11-11 21:21 --------- d-----w C:\Program Files\Common Files\Java 2007-11-11 21:20 --------- d–h--w C:\Program Files\Broadcom 2007-11-11 21:18 --------- d–h--w C:\Program Files\Synaptics 2007-11-11 21:18 --------- d-----w C:\Program Files\Common Files\InstallShield 2007-11-11 21:10 --------- d–h--w C:\Program Files\Analog Devices 2007-11-11 21:08 --------- d–h--w C:\Program Files\HPQ 2007-11-11 20:54 --------- d–h--w C:\Program Files\Alwil Software 2007-11-11 20:46 --------- d–h--w C:\Program Files\microsoft frontpage 2007-11-11 20:45 --------- d–h--w C:\Program Files\Usługi online 2007-11-07 23:58 --------- d-----w C:\Program Files\neostrada tp 2007-09-06 11:09 801,144 ----a-w C:\WINDOWS\system32\aswBoot.exe 2007-09-06 11:00 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “avast!”=“C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [2007-09-06 12:06] “SoundMAXPnP”=“C:\Program Files\Analog Devices\Core\smax4pnp.exe” [2005-05-20 09:11] “SoundMAX”=“C:\Program Files\Analog Devices\SoundMAX\Smax4.exe” [2005-05-06 14:06] “SynTPEnh”=“C:\Program Files\Synaptics\SynTP\SynTPEnh.exe” [2006-03-03 17:46] “igfxtray”=“C:\WINDOWS\system32\igfxtray.exe” [2006-03-23 13:17] “igfxhkcmd”=“C:\WINDOWS\system32\hkcmd.exe” [2006-03-23 13:13] “igfxpers”=“C:\WINDOWS\system32\igfxpers.exe” [2006-03-23 13:17] “SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe” [2007-09-25 01:11] “AdslTaskBar”=“stmctrl.dll” [2006-06-02 10:01 C:\WINDOWS\system32\stmctrl.dll] “WOOWATCH”=“C:\PROGRA~1\NEOSTR~1\Watch.exe” [2004-08-23 14:49] “NeroFilterCheck”=“C:\WINDOWS\system32\NeroCheck.exe” [2001-07-09 10:50] “TkBellExe”=“C:\Program Files\Common Files\Real\Update_OB\realsched.exe” [2007-11-12 00:23] “BluetoothAuthenticationAgent”=“bthprops.cpl” [2006-03-02 13:00 C:\WINDOWS\system32\bthprops.cpl] “Windows Defender”=“C:\Program Files\Windows Defender\MSASCui.exe” [2006-11-03 19:20] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“C:\WINDOWS\system32\ctfmon.exe” [2006-03-02 13:00] “RocketDock”=“C:\Program Files\RocketDock\RocketDock.exe” [2007-09-02 13:58] R3 AEAudioService;AEAudio Service;C:\WINDOWS\system32\drivers\AEAudio.sys . Contents of the ‘Scheduled Tasks’ folder “2007-11-12 01:07:14 C:\WINDOWS\Tasks\Critical Battery Alarm Program.job” “2007-11-20 23:10:11 C:\WINDOWS\Tasks\MP Scheduled Scan.job” - C:\Program Files\Windows Defender\MpCmdRun.exe . ************************************************************************** catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-11-08 00:58:51 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-11-08 0:59:26 - machine was rebooted . — E O F —

Gutek · 21 Listopad 2007 22:02

Powinno być Ok

CHUDYxp · 22 Listopad 2007 09:40

pomogło dzięki