Witam,
Od pewnego czasu zauważyłem, że mam problemy z internetem (neo). Transfer z 64kb spada czasami do 22kb. Modem to Livebox. Na drugim komputerze wszystko działa dobrze, tutaj wolno działa internet/
Logfile of Trend Micro HijackThis v2.0.0 (BETA) Scan saved at 16:50, on 2007-05-08 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe C:\Program Files\Stardock\ObjectDock\ObjectDock.exe C:\Program Files\Xfire\xfire.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\cFosSpeed\spd.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\system32\UAService7.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Konnekt\konnekt.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\WINDOWS\system32\msiexec.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe C:\DOCUME~1\Artur\USTAWI~1\Temp\Rar$EX00.766\HiJackThis_v2.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = L1cza O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: CoTGT_BHO Class - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll O2 - BHO: (no name) - {FFFFFEF0-5B30-21D4-945D-000000000000} - C:\PROGRA~1\STARDO~1\SDIEInt.dll O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll O4 - HKLM…\Run: [AtiPTA] atiptaxx.exe O4 - HKLM…\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM…\Run: [smcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui O4 - HKCU…\Run: [Konnekt] “C:\Program Files\Konnekt\konnekt.exe” /autostart O4 - HKCU…\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O22 - SharedTaskScheduler: Modu3 wstepnego 3adowania interfejsu Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll O22 - SharedTaskScheduler: Demon buforu kategorii sk3adników - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: cFosSpeed System Service (cFosSpeedS) - cFos Software GmbH - C:\Program Files\cFosSpeed\spd.exe O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe – End of file - 5099 bytes
“Artur” - 2007-05-08 16:49:06 Dodatek Service Pack 2 ComboFix 07-05.07.3.V - Running from: “C:\DOCUME~1\Artur\USTAWI~1\Temp\Rar$EX00.500” ((((((((((((((((((((((((((((((( Files Created from 2007-04-08 to 2007-05-08 )))))))))))))))))))))))))))))))))) 2007-05-08 16:43 83,096 --a------ C:\WINDOWS\system32\SSSensor.dll 2007-05-08 16:43 60,496 --a------ C:\WINDOWS\system32\drivers\Teefer.sys 2007-05-08 16:43 21,075 --a------ C:\WINDOWS\system32\drivers\wpsdrvnt.sys 2007-05-08 16:43 14,568 --a------ C:\WINDOWS\system32\drivers\wg6n.sys 2007-05-08 16:43 14,568 --a------ C:\WINDOWS\system32\drivers\wg5n.sys 2007-05-08 16:43 14,568 --a------ C:\WINDOWS\system32\drivers\wg4n.sys 2007-05-08 16:43 14,568 --a------ C:\WINDOWS\system32\drivers\wg3n.sys 2007-05-08 16:42 2007-05-07 17:02 2007-05-06 21:00 2007-05-04 13:36 2007-05-02 19:50 2007-05-02 13:07 4,212 —h----- C:\WINDOWS\system32\zllictbl.dat 2007-05-02 13:07 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll 2007-05-02 13:06 2007-05-01 21:39 2007-05-01 21:34 2007-05-01 21:01 46,892 --a------ C:\WINDOWS\system32\adadix16.dll 2007-05-01 21:01 46,167 --a------ C:\WINDOWS\system32\drivers\adildr.sys 2007-05-01 21:01 4,981 --a------ C:\WINDOWS\system32\adadix2k.dll 2007-05-01 21:01 22,395 --a------ C:\WINDOWS\system32\drivers\fpga.bin 2007-05-01 21:01 155,648 --a------ C:\WINDOWS\system32\adadix32.dll 2007-05-01 21:01 143,360 --a------ C:\WINDOWS\autoclk.exe 2007-05-01 21:01 135,168 --a------ C:\WINDOWS\system32\unaddrv.exe 2007-05-01 21:01 127,497 --a------ C:\WINDOWS\system32\drivers\adiusbaw.sys 2007-05-01 21:01 127,456 --a------ C:\WINDOWS\system32\ipdetect.exe 2007-05-01 21:01 126,976 --a------ C:\WINDOWS\system32\coclassfast.dll 2007-05-01 21:01 1,531,904 --a------ C:\WINDOWS\adiras.exe 2007-04-30 22:23 4,608 --a------ C:\WINDOWS\system32\bbchlp.dll 2007-04-30 22:23 27,776 --a------ C:\WINDOWS\system32\bbcap.dll 2007-04-30 22:23 2,944 --a------ C:\WINDOWS\system32\drivers\bbcap.sys 2007-04-30 22:23 2007-04-30 22:23 2007-04-30 22:23 2007-04-30 22:23 2007-04-30 22:23 2007-04-30 22:22 2007-04-30 20:30 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll 2007-04-25 15:17 2007-04-25 15:17 2007-04-22 14:38 2007-04-21 17:01 21,984 --ah----- C:\WINDOWS\system32\mlfcache.dat 2007-04-19 19:00 2007-04-19 18:55 2007-04-18 15:48 2007-04-18 15:47 2007-04-17 17:54 2007-04-17 17:43 2007-04-17 17:42 2007-04-17 17:19 2007-04-15 14:05 2007-04-15 14:04 2,332,368 --a------ C:\WINDOWS\system\d3dx9_29.dll 2007-04-15 13:44 2007-04-13 13:31 2007-04-13 13:28 2007-04-13 13:12 2007-04-13 13:10 2007-04-13 13:10 2007-04-13 12:38 2007-04-13 10:47 2007-04-10 13:36 31,744 --a------ C:\WINDOWS\system32\drivers\ZDPSp50a64.sys 2007-04-10 13:36 29,184 --a------ C:\WINDOWS\system32\drivers\BRGSp50a64.sys 2007-04-10 13:36 20,608 --a------ C:\WINDOWS\system32\drivers\BRGSp50.sys 2007-04-10 13:36 17,664 --a------ C:\WINDOWS\system32\drivers\ZDPSp50.sys 2007-04-10 13:36 2007-04-10 13:36 2007-04-10 13:35 493,440 --a------ C:\WINDOWS\system32\drivers\WlanBZ64.SYS 2007-04-10 13:35 402,432 --a------ C:\WINDOWS\system32\drivers\WlanBZXP.sys 2007-04-10 13:34 61,440 --a------ C:\WINDOWS\system32\W32N50.dll 2007-04-10 13:34 114,688 --a------ C:\WINDOWS\system32\WLANUTL.dll 2007-04-09 20:14 2007-04-09 18:12 (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-05-08 14:46:50 -------- d-----w C:\Program Files\cFosSpeed 2007-05-08 14:45:17 -------- d-s—w C:\Program Files\Xfire 2007-05-08 14:44:55 -------- d-----w C:\DOCUME~1\Artur\DANEAP~1.\Xfire 2007-05-07 14:57:41 82,134 ----a-w C:\WINDOWS\system32\perfc015.dat 2007-05-07 14:57:41 466,178 ----a-w C:\WINDOWS\system32\perfh015.dat 2007-05-06 18:10:30 -------- d-----w C:\DOCUME~1\Artur\DANEAP~1.\teamspeak2 2007-05-04 11:37:27 -------- d-----w C:\DOCUME~1\Artur\DANEAP~1.\OpenOffice.org2 2007-05-03 10:28:33 -------- d-----w C:\Program Files\mIRC 2007-05-01 19:01:27 -------- d–h--w C:\Program Files\InstallShield Installation Information 2007-04-30 20:28:12 -------- d-----w C:\DOCUME~1\Artur\DANEAP~1.\Blueberry 2007-04-28 08:04:37 -------- d-----w C:\Program Files\PeerGuardian2 2007-04-28 07:08:27 -------- d-----w C:\Program Files\SpeedFan 2007-04-25 18:22:35 -------- d-----w C:\DOCUME~1\Artur\DANEAP~1.\Skype 2007-04-15 12:05:30 -------- d-----w C:\DOCUME~1\Artur\DANEAP~1.\Command & Conquer 3 Tiberium Wars Demo 2007-04-13 17:06:34 -------- d-----w C:\Program Files\AV VCS 3.0 2007-04-09 16:11:58 -------- d-----w C:\Program Files\Common Files\InstallShield 2007-04-07 14:47:03 -------- d-----w C:\DOCUME~1\Artur\DANEAP~1.\Azureus 2007-04-05 14:37:13 -------- d-----w C:\Program Files\Skype 2007-04-05 14:37:13 -------- d-----w C:\Program Files\Common Files\Skype 2007-04-03 05:04:43 -------- d-----w C:\Program Files\Gimnazjum 3 - Fizyka 2007-04-02 15:56:23 -------- d-----w C:\Program Files\Teamspeak2_RC2 2007-04-01 18:45:07 -------- d-----w C:\DOCUME~1\Artur\DANEAP~1.\Hamachi 2007-04-01 18:34:22 -------- d-----w C:\Program Files\Hamachi 2007-04-01 18:34:02 17,480 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys 2007-03-31 14:22:09 715 ----a-w C:\WINDOWS\unins001.dat 2007-03-30 19:52:16 -------- d-----w C:\Program Files\Star Downloader 2007-03-30 19:40:08 -------- d-----w C:\Program Files\Mozilla Firefoxplugins 2007-03-29 15:45:33 -------- d-----w C:\Program Files\Restorator 2007 PL 2007-03-27 14:10:24 807 ----a-w C:\WINDOWS\unins000.dat 2007-03-20 19:42:22 -------- d-----w C:\Program Files\Lavalys 2007-03-20 15:44:35 -------- d-----w C:\DOCUME~1\Artur\DANEAP~1.\fretsonfire 2007-03-19 17:13:22 -------- d-----w C:\Program Files\ReadManiac 2007-03-18 11:22:59 -------- d-----w C:\Program Files\Google 2007-03-12 17:47:06 -------- d-----w C:\Program Files\ffdshow 2007-03-11 11:15:49 -------- d-----w C:\Program Files\The Sir. Community 2007-03-10 18:20:49 -------- d-----w C:\Program Files\Stardock 2007-03-10 18:20:49 -------- d-----w C:\Program Files\Common Files\Stardock 2007-03-09 20:17:44 -------- d-----w C:\Program Files\Headshot Player 2007-03-03 22:24:38 10,752 ----a-w C:\WINDOWS\system32\ff_vfw.dll 2007-02-27 17:05:38 16 ----a-w C:\WINDOWS\system32\DataRnvx.dat 2007-02-24 08:05:09 804 ----a-w C:\WINDOWS\TSCTVDIV.BIN 2007-02-18 11:24:45 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll 2007-02-18 11:24:45 221,184 ----a-w C:\WINDOWS\system32\UAService7.exe (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] “{00C6482D-C502-44C8-8409-FCE54AD9C208}”=“C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll” “{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}”=“C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll” “{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}”=“C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll” “{C333CF63-767F-4831-94AC-E683D962C63C}”=“C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll” “{FFFFFEF0-5B30-21D4-945D-000000000000}”=“C:\PROGRA~1\STARDO~1\SDIEInt.dll” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] “AtiPTA”=“atiptaxx.exe” “avast!”=“C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” “SmcService”=“C:\PROGRA~1\Sygate\SPF\smc.exe -startgui” [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] “Konnekt”="“C:\Program Files\Konnekt\konnekt.exe” /autostart" “ctfmon.exe”=“C:\WINDOWS\system32\ctfmon.exe” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] “LinkResolveIgnoreLinkInfo”=dword:00000000 “NoResolveSearch”=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run] HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages msv1_0\0\0 Security Packages kerberos\0msv1_0\0schannel\0wdigest\0\0 Notification Packages scecli\0\0 HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\c:^documents and settings^all users^menu start^programy^autostart^program sieciowy dla sagem wi-fi 11g usb adapter.lnk C:\PROGRA~1\SAGEMW~1\WLANUTL.exe HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\c:^documents and settings^all users^menu start^programy^autostart^tv scheduler.lnk C:\PROGRA~1\Prolink\PlayTV\TVSCHL.EXE HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\c:^documents and settings^all users^menu start^programy^autostart^tvr scheduler.lnk C:\PROGRA~1\HONEST~1\HONEST~1.5\SCHEDU~1.EXE HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\c:^documents and settings^artur^menu start^programy^autostart^openoffice.org 2.1.lnk C:\PROGRA~1\OPENOF~1.1\program\QUICKS~1.EXE HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\c:^documents and settings^artur^menu start^programy^autostart^pvremote.lnk C:\PROGRA~1\PLAYTV~1\PVRemote.exe HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\c:^documents and settings^artur^menu start^programy^autostart^styler.lnk C:\Documents and Settings\Artur\Dane aplikacji\Microsoft\Installer{E9ECF354-2422-4FDB-9ABF-D8ADAC0EF941}_34ac4c3c.exe HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\c:^documents and settings^artur^menu start^programy^autostart^unispiker-2.6.lnk C:\PROGRA~1\ivo\UNISPI~1.6\UNI_SP~1.EXE HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\c-media mixer Mixer.exe /startup HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cfosspeed C:\Program Files\cFosSpeed\cFosSpeed.exe HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\daemon tools “C:\Program Files\DAEMON Tools\daemon.exe” -lang 1033 HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\logmein gui “C:\Program Files\LogMeIn\LogMeInSystray.exe” HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nerofiltercheck C:\WINDOWS\system32\NeroCheck.exe HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\powers C:\WINDOWS\PowerS.exe HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\realtime audio engine mmrtkrnl.exe HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\stylexp C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sunjavaupdatesched “C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe” HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vs online “C:\Program Files\VS Online\VSOnline.exe” /tray HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wheelmouse C:\Program Files\A4Tech\Mouse\Amoumain.exe HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\xfire music “C:\Program Files\Xfire\xfiremusic.exe” HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg{0228e555-4f9c-4e35-a3ec-b109a192b4c2} C:\Program Files\Google\Gmail Notifier\gnotify.exe [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost] LocalService Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService DnsCache\0\0 rpcss RpcSs\0\0 imgsvc StiSvc\0\0 termsvcs TermService\0\0 HTTPFilter HTTPFilter\0\0 DcomLaunch DcomLaunch\0TermService\0\0 WudfServiceGroup WUDFSvc\0\0 HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_ATMARPC *newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_TEEFER *newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_WG3N *newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_WG4N *newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_WG5N *newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_WG6N *newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_WPSDRVNT ******************************************************************** catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-05-08 16:52:41 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes … scanning hidden services … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 ******************************************************************** Completion time: 2007-05-08 16:52:48 C:\ComboFix-quarantined-files.txt … 2007-05-08 16:52
“Silent Runners.vbs”, revision R50, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by “{++}” Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “Konnekt” = ““C:\Program Files\Konnekt\konnekt.exe” /autostart” [“Stamina”] “ctfmon.exe” = “C:\WINDOWS\system32\ctfmon.exe” [MS] HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “AtiPTA” = “atiptaxx.exe” [“ATI Technologies, Inc.”] “avast!” = “C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [null data] “SmcService” = “C:\PROGRA~1\Sygate\SPF\smc.exe -startgui” [“Sygate Technologies, Inc.”] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {00C6482D-C502-44C8-8409-FCE54AD9C208}(Default) = (no title provided) -> {HKLM…CLSID} = “HelperObject Class” \InProcServer32(Default) = “C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll” [“TechSmith Corporation”] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided) -> {HKLM…CLSID} = “AcroIEHlprObj Class” \InProcServer32(Default) = “C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll” [“Adobe Systems Incorporated”] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}(Default) = (no title provided) -> {HKLM…CLSID} = “SSVHelper Class” \InProcServer32(Default) = “C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll” [“Sun Microsystems, Inc.”] {C333CF63-767F-4831-94AC-E683D962C63C}(Default) = (no title provided) -> {HKLM…CLSID} = “CoTGT_BHO Class” \InProcServer32(Default) = “C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll” [null data] {FFFFFEF0-5B30-21D4-945D-000000000000}(Default) = (no title provided) -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\PROGRA~1\STARDO~1\SDIEInt.dll” [null data] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ “{42071714-76d4-11d1-8b24-00a0c9068ff3}” = “Rozszerzenie CPL kadrowania wyświetlania” -> {HKLM…CLSID} = “Rozszerzenie CPL kadrowania wyświetlania” \InProcServer32(Default) = “deskpan.dll” [file not found] “{88895560-9AA2-1069-930E-00AA0030EBC8}” = “Rozszerzenie ikony HyperTerminalu” -> {HKLM…CLSID} = “HyperTerminal Icon Ext” \InProcServer32(Default) = “C:\WINDOWS\System32\hticons.dll” [“Hilgraeve, Inc.”] “{472083B0-C522-11CF-8763-00608CC02F24}” = “avast” -> {HKLM…CLSID} = “avast” \InProcServer32(Default) = “C:\Program Files\Alwil Software\Avast4\ashShell.dll” [“ALWIL Software”] “{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}” = “OpenOffice.org Column Handler” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = ““C:\Program Files\OpenOffice.org 2.1\program\shlxthdl.dll”” [“Sun Microsystems, Inc.”] “{087B3AE3-E237-4467-B8DB-5A38AB959AC9}” = “OpenOffice.org Infotip Handler” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = ““C:\Program Files\OpenOffice.org 2.1\program\shlxthdl.dll”” [“Sun Microsystems, Inc.”] “{63542C48-9552-494A-84F7-73AA6A7C99C1}” = “OpenOffice.org Property Sheet Handler” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = ““C:\Program Files\OpenOffice.org 2.1\program\shlxthdl.dll”” [“Sun Microsystems, Inc.”] “{3B092F0C-7696-40E3-A80F-68D74DA84210}” = “OpenOffice.org Thumbnail Viewer” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = ““C:\Program Files\OpenOffice.org 2.1\program\shlxthdl.dll”” [“Sun Microsystems, Inc.”] “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” = “WinRAR shell extension” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] “{8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3}” = “SnagIt” -> {HKLM…CLSID} = “SnagIt” \InProcServer32(Default) = “C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll” [“TechSmith Corporation”] “{CF74B903-3389-469c-B3B6-0204D204FCBD}” = “SnagIt Shell Extension” -> {HKLM…CLSID} = “SnagItShellExt Class” \InProcServer32(Default) = “C:\Program Files\TechSmith\SnagIt 7\SnagItShellExt.dll” [“TechSmith Corporation”] “{e57ce731-33e8-4c51-8354-bb4de9d215d1}” = “Uniwersalne urządzenia Plug and Play” -> {HKLM…CLSID} = “Uniwersalne urządzenia Plug and Play” \InProcServer32(Default) = “C:\WINDOWS\system32\upnpui.dll” [MS] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\ “AppInit_DLLs” = (value not set) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ <> AtiExtEvent\DLLName = “Ati2evxx.dll” [“ATI Technologies Inc.”] HKLM\Software\Classes\Folder\shellex\ColumnHandlers\ {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}(Default) = “OpenOffice.org Column Handler” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = ““C:\Program Files\OpenOffice.org 2.1\program\shlxthdl.dll”” [“Sun Microsystems, Inc.”] HKLM\Software\Classes*\shellex\ContextMenuHandlers\ avast(Default) = “{472083B0-C522-11CF-8763-00608CC02F24}” -> {HKLM…CLSID} = “avast” \InProcServer32(Default) = “C:\Program Files\Alwil Software\Avast4\ashShell.dll” [“ALWIL Software”] SnagItMainShellExt(Default) = “{CF74B903-3389-469c-B3B6-0204D204FCBD}” -> {HKLM…CLSID} = “SnagItShellExt Class” \InProcServer32(Default) = “C:\Program Files\TechSmith\SnagIt 7\SnagItShellExt.dll” [“TechSmith Corporation”] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ SnagItMainShellExt(Default) = “{CF74B903-3389-469c-B3B6-0204D204FCBD}” -> {HKLM…CLSID} = “SnagItShellExt Class” \InProcServer32(Default) = “C:\Program Files\TechSmith\SnagIt 7\SnagItShellExt.dll” [“TechSmith Corporation”] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ avast(Default) = “{472083B0-C522-11CF-8763-00608CC02F24}” -> {HKLM…CLSID} = “avast” \InProcServer32(Default) = “C:\Program Files\Alwil Software\Avast4\ashShell.dll” [“ALWIL Software”] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\ “LinkResolveIgnoreLinkInfo” = (REG_DWORD) hex:0x00000000 {unrecognized setting} “NoResolveSearch” = (REG_DWORD) hex:0x00000001 {unrecognized setting} HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\ “shutdownwithoutlogon” = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Shutdown: Allow system to be shut down without having to log on} “undockwithoutlogon” = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Devices: Allow undock without having to log on} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ “Wallpaper” = “C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp” Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ “Wallpaper” = “C:\Documents and Settings\Artur\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp” Startup items in “Artur” & “All Users” startup folders: ------------------------------------------------------- C:\Documents and Settings\Artur\Menu Start\Programy\Autostart “Stardock ObjectDock” -> shortcut to: “C:\Program Files\Stardock\ObjectDock\ObjectDock.exe” [“Stardock”] “Xfire” -> shortcut to: “C:\Program Files\Xfire\xfire.exe” [“Xfire Inc.”] C:\Documents and Settings\All Users\Menu Start\Programy\Autostart “Adobe Gamma Loader” -> shortcut to: “C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe” [“Adobe Systems, Inc.”] “DSLMON” -> shortcut to: “C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe” [empty string] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] 000000000002\LibraryPath = “%SystemRoot%\System32\winrnr.dll” [MS] 000000000003\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 23 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKLM\Software\Microsoft\Internet Explorer\Toolbar\ “{8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3}” = (no title provided) -> {HKLM…CLSID} = “SnagIt” \InProcServer32(Default) = “C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll” [“TechSmith Corporation”] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ Ati HotKey Poller, Ati HotKey Poller, “C:\WINDOWS\System32\Ati2evxx.exe” [“ATI Technologies Inc.”] avast! Antivirus, avast! Antivirus, ““C:\Program Files\Alwil Software\Avast4\ashServ.exe”” [null data] avast! iAVS4 Control Service, aswUpdSv, ““C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe”” [null data] avast! Mail Scanner, avast! Mail Scanner, ““C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe” /service” [“ALWIL Software”] avast! Web Scanner, avast! Web Scanner, ““C:\Program Files\Alwil Software\Avast4\ashWebSv.exe” /service” [“ALWIL Software”] cFosSpeed System Service, cFosSpeedS, ““C:\Program Files\cFosSpeed\spd.exe” -service” [“cFos Software GmbH”] SecuROM User Access Service (V7), UserAccess7, “C:\WINDOWS\system32\UAService7.exe” [“Sony DADC Austria AG.”] StarWind iSCSI Service, StarWindService, “C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe” [“Rocket Division Software”] StyleXPService, StyleXPService, ““C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe”” [empty string] Print Monitors: --------------- HKLM\System\CurrentControlSet\Control\Print\Monitors\ LogMeIn Printer Port Monitor\Driver = “LMIport.dll” [“3am Labs, Inc.”] ---------- <>: Suspicious data at a malware launch point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + To search all directories of local fixed drives for DESKTOP.INI DLL launch points, use the -supp parameter or answer “No” at the first message box and “Yes” at the second message box. ---------- (total run time: 78 seconds, including 7 seconds for message boxes)
Gutek
(Gutek)
8 Maj 2007 17:04
#2
to mnie tylko zastanawia?
Skan AVG Anti-Spyware 7.5 po update
To są resztki instalatora po instalacji FlashBack Express.
edit. Może livebox pada?
Gutek
(Gutek)
8 Maj 2007 17:30
#4
No to do wywalenia Skan AVG Anti-Spyware 7.5 i wklej raport
Może trochę tak upierdliwie się pytam, ale jakie wybrać skanowanie?
Możesz przeskanować system skanerem on-line dostępnym na stronie http://www.ewido.net/en/onlinescan/ lub pobrać program AVG Anti-Spyware na dysk, zainstalować go i przeskanować nim. Program AVG Anti-Spyware możesz pobrać stąd:
http://dobreprogramy.pl/index.php?dz=2&t=82&id=1805
P.s Sprawdzałem neo na modemie i… też to samo. Na drugim kompie na górze internet śmiga.