Wolno chodzi internet - LOG

wojtas91 · 11 Październik 2007 11:29

Ostatnim czasem coś mi zwolnił mocno internet. Możecie sprawdzić loga?

Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 13:16:41, on 2007-10-11 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\kxmixer.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Logitech\iTouch\iTouch.exe C:\Program Files\AutoConnect\AutoConnect.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Gadu-Gadu\gg.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.pl R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL (file missing) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Program Files\Dealio\kb106\Dealio.dll (file missing) O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb106\Dealio.dll (file missing) O4 - HKLM…\Run: [kX Mixer] C:\WINDOWS\system32\kxmixer.exe --startup O4 - HKLM…\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM…\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe O4 - HKLM…\Run: [NVRTCLK] C:\WINDOWS\system32\NVRTCLK\NVRTClk.exe O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM…\Run: [nwiz] nwiz.exe /install O4 - HKLM…\Run: [rfagent] “C:\Program Files\RFA\rfagent.exe” O4 - HKLM…\Run: [C] C:\WINDOWS\winlogon.exe O4 - HKCU…\Run: [AutoConnect] C:\Program Files\AutoConnect\AutoConnect.exe O4 - HKCU…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit O4 - HKCU…\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU…\Run: [bitComet] “C:\Program Files\BitComet\BitComet.exe” /tray O4 - HKCU…\Run: [update Service] C:\PROGRA~1\COMMON~1\TEKNUM~1\update.exe /startup O4 - HKUS\S-1-5-19…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘USŁUGA LOKALNA’) O4 - HKUS\S-1-5-20…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘USŁUGA SIECIOWA’) O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’) O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’) O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb106\Dealio.dll (file missing) O17 - HKLM\System\CCS\Services\Tcpip…{3A678A33-D7F4-4174-9F01-66ABE7FA3010}: NameServer = 194.204.159.1 217.98.63.164 O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe – End of file - 5688 bytes

jessica · 11 Październik 2007 12:19

Te w/w wpisy sfiksuj w Hijacku:

>>Hijack>>scan(Do a system scan only)>>zaznacz je >> Fix checked.

Ściągnij -->ComboFix (na dole tej strony z linku).

Wklej do Notatnika :

File::

C:\WINDOWS\winlogon.exe

C:\Program Files\Dealio\kb106\Dealio.dll


Folder::

C:\Program Files\Dealio\kb106

C:\Program Files\Dealio

>>Plik>>Zapisz jako… >>> CFScript (najwygodniej będzie, jeśli zapiszesz w takiej lokalizacji, by ikonka CFScript.txt znalazła się obok ikonki ComboFix.exe )

Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe (czyli ikonkę CFScript.txt na ikonkę ComboFix.exe )

– podobnie jak na tym obrazku –>

(jeśli pojawi się pytanie " 1 or 2" - to wpisz 1 i naciśnij ENTER) Ma się rozpocząć usuwanie. (i powstanie log)

Po restarcie usuń ręcznie folder C: ** Qoobox**.

Daj ten log z ComboFixa.

jessi

wojtas91 · 11 Październik 2007 16:50

ComboFix 07-10-11.1 - WoJtAs 2007-10-11 18:45:38.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.179 [GMT 2:00] Running from: C:\Documents and Settings\WoJtAs\Pulpit\ComboFix.exe Command switches used :: C:\Documents and Settings\WoJtAs\Pulpit\CFScript.txt * Created a new restore point FILE:: C:\Program Files\Dealio\kb106\Dealio.dll C:\WINDOWS\winlogon.exe . ((((((((((((((((((((((((( Files Created from 2007-09-11 to 2007-10-11 ))))))))))))))))))))))))))))))) . 2007-10-11 18:44 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-10-11 13:12 2007-10-09 15:37 2007-10-09 15:16 2007-10-08 19:46 2007-09-30 22:21 2007-09-30 22:21 2007-09-30 21:43 360,576 --a–c— C:\WINDOWS\system32\dllcache\TCPIP.SYS 2007-09-30 18:06 2007-09-30 18:04 2007-09-28 13:26 2007-09-28 13:25 2007-09-26 23:10 2007-09-26 20:02 2007-09-26 20:02 2007-09-26 20:02 1,700,352 --a------ C:\WINDOWS\system32\GdiPlus.dll 2007-09-26 20:02 974,848 --a------ C:\WINDOWS\system32\mfc70.dll 2007-09-26 20:02 487,424 --a------ C:\WINDOWS\system32\msvcp70.dll 2007-09-26 20:02 413,760 --a------ C:\WINDOWS\system32\mpg4c32.dll 2007-09-26 20:02 344,064 --a------ C:\WINDOWS\system32\msvcr70.dll 2007-09-26 20:02 261,632 --a------ C:\WINDOWS\system32\mcdvd_32.dll 2007-09-26 20:02 24,576 --a------ C:\WINDOWS\system32\msxml3a.dll 2007-09-26 19:21 221,184 --a------ C:\WINDOWS\system32\wmpns.dll 2007-09-25 21:17 2007-09-25 11:10 2007-09-24 18:53 2007-09-24 18:53 7,864,320 --a------ C:\WINDOWS\system32\VTunner.exe 2007-09-24 18:53 544,768 --a------ C:\WINDOWS\system32\G-vga.exe 2007-09-24 18:53 155,648 --a------ C:\WINDOWS\system32\GVTunner.dll 2007-09-24 18:53 122,880 --a------ C:\WINDOWS\system32\Nvflashl.dll 2007-09-24 18:53 36,864 --a------ C:\WINDOWS\system32\NVAPI9X.DLL 2007-09-24 18:53 32,768 --a------ C:\WINDOWS\system32\Guninst.exe 2007-09-24 18:49 2007-09-24 18:49 40,960 --a------ C:\WINDOWS\system32\NVGPIO.DLL 2007-09-24 18:49 24,576 -ra------ C:\WINDOWS\system32\NVRTClk.exe 2007-09-24 18:49 22,880 -ra------ C:\WINDOWS\system32\drivers\Gvcpldrv.sys 2007-09-23 12:19 2007-09-23 11:39 2007-09-23 11:17 2007-09-23 11:09 2,560 --a------ C:\WINDOWS\system32\bitcometres.dll 2007-09-22 22:14 2007-09-22 22:01 155,648 --a------ C:\WINDOWS\system32\adadix32.dll 2007-09-22 22:01 135,168 --a------ C:\WINDOWS\system32\unaddrv.exe 2007-09-22 22:01 127,497 --a------ C:\WINDOWS\system32\drivers\adiusbaw.sys 2007-09-22 22:01 127,456 --a------ C:\WINDOWS\system32\ipdetect.exe 2007-09-22 22:01 126,976 --a------ C:\WINDOWS\system32\coclassfast.dll 2007-09-22 22:01 46,892 --a------ C:\WINDOWS\system32\adadix16.dll 2007-09-22 22:01 46,167 --a------ C:\WINDOWS\system32\drivers\adildr.sys 2007-09-22 22:01 22,395 --a------ C:\WINDOWS\system32\drivers\fpga.bin 2007-09-22 22:01 4,981 --a------ C:\WINDOWS\system32\adadix2k.dll 2007-09-22 21:47 2007-09-22 21:27 28,672 --a------ C:\WINDOWS\system32\adinst32.dll 2007-09-21 20:27 2007-09-20 20:08 383,238 --a------ C:\WINDOWS\system32\libmp3lame-0.dll 2007-09-20 19:36 17,264 --a------ C:\WINDOWS\system32\drivers\hfxp2.sys 2007-09-20 19:22 2007-09-20 19:02 2007-09-20 18:56 212,992 --a------ C:\WINDOWS\system32\wodShellMenu.dll 2007-09-20 18:40 2007-09-20 17:30 3,982 --a------ C:\WINDOWS\kj01d.sys 2007-09-20 17:21 518 --a------ C:\WINDOWS\MD_Settings.dat 2007-09-20 15:57 2007-09-20 15:49 1,572 --a------ C:\WINDOWS\system32\tsdigsgn.dat 2007-09-20 15:49 36 --a------ C:\WINDOWS\TSNPL.dat 2007-09-20 15:48 2007-09-20 15:48 26,624 --a------ C:\WINDOWS\system32\ssmenu.dll 2007-09-15 14:22 2007-09-15 13:38 2007-09-14 16:52 2007-09-14 16:52 2007-09-14 16:52 2007-09-13 14:56 2007-09-13 14:56 2007-09-13 14:54 2007-09-13 14:54 2007-09-13 14:52 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll 2007-09-13 14:52 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll 2007-09-13 14:52 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll 2007-09-13 14:52 364,544 --------- C:\WINDOWS\system32\TwnLib4.dll 2007-09-13 14:52 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll 2007-09-13 14:52 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe 2007-09-13 14:52 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll 2007-09-13 14:51 2007-09-13 14:51 2007-09-13 13:22 2007-09-13 13:22 2007-09-11 18:15 2007-09-11 18:13 85,376 --a------ C:\WINDOWS\system32\drivers\NABTSFEC.sys 2007-09-11 18:13 54,784 --a------ C:\WINDOWS\system32\drivers\vfwwdm32.dll 2007-09-11 18:13 19,328 --a------ C:\WINDOWS\system32\drivers\WSTCODEC.SYS 2007-09-11 18:13 17,024 --a------ C:\WINDOWS\system32\drivers\CCDECODE.sys 2007-09-11 18:13 15,360 --a------ C:\WINDOWS\system32\drivers\StreamIP.sys 2007-09-11 18:13 11,136 --a------ C:\WINDOWS\system32\drivers\SLIP.sys 2007-09-11 18:13 10,880 --a------ C:\WINDOWS\system32\drivers\NdisIP.sys 2007-09-11 18:13 5,504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys 2007-09-11 18:12 2007-09-11 15:58 801,144 --a------ C:\WINDOWS\system32\aswBoot.exe 2007-09-11 15:58 95,608 --a------ C:\WINDOWS\system32\AVASTSS.scr 2007-09-11 15:58 94,416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys 2007-09-11 15:58 92,848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-10-08 18:28 --------- d-----w C:\Program Files\Common Files\InstallShield 2007-09-30 19:43 360,576 ----a-w C:\WINDOWS\system32\drivers\TCPIP.SYS.ORIGINAL 2007-09-30 19:43 360,576 ----a-w C:\WINDOWS\system32\drivers\TCPIP.SYS 2007-09-28 11:25 --------- d-----w C:\Program Files\BearShare 2007-09-23 10:20 --------- d–h--w C:\Program Files\InstallShield Installation Information 2007-09-22 20:01 23 ----a-w C:\WINDOWS\system32\drivers\adidsl.cfg 2007-09-15 12:21 89,872 ----a-w C:\WINDOWS\system32\drivers\k750mdm.sys 2007-09-15 12:21 81,728 ----a-w C:\WINDOWS\system32\drivers\k750mgmt.sys 2007-09-15 12:21 79,488 ----a-w C:\WINDOWS\system32\drivers\k750obex.sys 2007-09-15 12:21 6,576 ----a-w C:\WINDOWS\system32\drivers\k750mdfl.sys 2007-09-15 12:21 6,144 ----a-w C:\WINDOWS\system32\drivers\k750cmnt.sys 2007-09-15 12:21 6,144 ----a-w C:\WINDOWS\system32\drivers\k750cm.sys 2007-09-15 12:21 55,216 ----a-w C:\WINDOWS\system32\drivers\k750bus.sys 2007-09-15 12:21 5,744 ----a-w C:\WINDOWS\system32\drivers\k750whnt.sys 2007-09-15 12:21 5,744 ----a-w C:\WINDOWS\system32\drivers\k750wh.sys 2007-09-10 20:38 --------- d-----w C:\Program Files\Common Files\Hewlett-Packard 2007-09-10 20:36 --------- d-----w C:\Program Files\HP 2007-09-10 15:25 --------- d-----w C:\Program Files\Microsoft.NET 2007-09-10 15:24 --------- d-----w C:\Program Files\Microsoft Works 2007-09-10 13:33 --------- d-----w C:\Program Files\Webteh 2007-09-10 13:32 --------- d-----w C:\Program Files\K-Lite Codec Pack 2007-09-09 18:42 --------- d-----w C:\Program Files\kX Audio Driver 2007-09-09 18:41 --------- d-----w C:\Program Files\foobar2000 2007-09-09 18:32 --------- d-----w C:\Documents and Settings\WoJtAs\Dane aplikacji\Gadu-Gadu 2007-09-09 18:06 --------- d-----w C:\Program Files\Java Web Start 2007-09-09 18:06 --------- d-----w C:\Program Files\Java 2007-09-09 17:55 --------- d-----w C:\Program Files\Alwil Software 2007-09-09 17:21 --------- d-----w C:\Program Files\Usługi online . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “kX Mixer”=“C:\WINDOWS\system32\kxmixer.exe” [2006-09-18 02:56] “avast!”=“C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [2007-09-06 12:06] “zBrowser Launcher”=“C:\Program Files\Logitech\iTouch\iTouch.exe” [2003-04-07 02:16] “NVRTCLK”=“C:\WINDOWS\system32\NVRTCLK\NVRTClk.exe” [2003-12-30 11:44] “NvCplDaemon”=“C:\WINDOWS\system32\NvCpl.dll” [2003-11-17 04:33] “nwiz”=“nwiz.exe” [2003-11-17 04:33 C:\WINDOWS\system32\nwiz.exe] “rfagent”=“C:\Program Files\RFA\rfagent.exe” [] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “AutoConnect”=“C:\Program Files\AutoConnect\AutoConnect.exe” [2004-08-28 20:27] “NvMediaCenter”=“C:\WINDOWS\system32\NVMCTRAY.DLL” [2003-11-17 04:33] “ctfmon.exe”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-04 01:44] “BitComet”=“C:\Program Files\BitComet\BitComet.exe” [2007-09-10 14:33] “Update Service”=“C:\PROGRA~1\COMMON~1\TEKNUM~1\update.exe” [2007-09-20 15:48] C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\ DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2007-09-22 22:01:24] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitComet] “C:\Program Files\BitComet\BitComet.exe” /tray [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Utility] Logi_MwX.Exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VGAUtil] C:\WINDOWS\system32\G-VGA.exe R0 HFXP2;HFXP2;C:\WINDOWS\system32\DRIVERS\HFXP2.SYS R3 GVCplDrv;GVCplDrv;C:\WINDOWS\system32\drivers\GVCplDrv.sys R3 kxwdmdrv;kX WDM Driver Service;C:\WINDOWS\system32\drivers\kx.sys S3 usbscan;Sterownik skanera USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS *Newly Created Service* - CATCHME . ************************************************************************** catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-10-11 18:47:41 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes … scanning hidden autostart entries … scanning hidden files … C:\WINDOWS\system32\drivers\MFX.sys scan completed successfully hidden files: 1 ************************************************************************** . Completion time: 2007-10-11 18:48:57 . — E O F —

I jak mistrze ? :lol: :lol: :lol:

jessica · 11 Październik 2007 17:15

Wg mnie: jest czysto.

Kosmetyka: sfiksuj ten bezplikowy wpis:

>>Hijack>>scan(Do a system scan only)>>zaznacz go >> Fix checked.

jessi

wojtas91 · 11 Październik 2007 18:30

OkEj