system
(system)
26 Maj 2007 09:49
#1
no mam od wczoraj straszne lagi i ogolnie zapchana siec -.-
moze mi pomozecie to log z fixwereout
Fixwareout Last edited 4/5/2007 Post this report in the forums please … »»»»»Prerun check »»»»» System restarted »»»»» Postrun check HKLM\SOFTWARE~\Winlogon\ “System”="" … … »»»»» Misc files. … »»»»» Checking for older varients. … Search five digit cs, dm, kd, jb, other, files. The following files NEED TO BE SUBMITTED to one of the following URL’S for further inspection. Click browse, find the file then click submit. http://www.virustotal.com/flash/index_en.html Or http://virusscan.jotti.org/ »»»»» Other »»»»» Current runs [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “NeroFilterCheck”=“C:\WINDOWS\system32\NeroCheck.exe” “SunJavaUpdateSched”=“C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe” “avast!”=“C:\Avast\ashDisp.exe” “Odkurzacz-MCD”=“C:\Downloads\Odkurzacz 10.1 Pro\odk_mcd.exe” “Disc Detector”=“C:\Program Files\Creative\ShareDLL\CtNotify.exe” “UpdReg”=“C:\WINDOWS\Updreg.exe” “CTStartup”=“C:\Program Files\Creative\SBAudigy\Program\CTEaxSpl.EXE /run” “Jet Detection”=“C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe” “QuickTime Task”="“C:\Program Files\QuickTime\qttask.exe” -atboottime" “IrXfer”=“IrXfer.exe /Q” “WinampAgent”=“C:\Program Files\Winamp\winampa.exe” “SpeedTouch USB Diagnostics”="“C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe” /icon" “TrustSoftAntiSpyware”=“C:\Program Files\TrustSoft AntiSpyware\TrustSoftAntiSpyware.exe /STARTUP” “!AVG Anti-Spyware”="“C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe” /minimized" “AtiPTA”=“atiptaxx.exe” “uosfjkgn”=“c:\windows\system32\uosfjkgn.exe uosfjkgn” [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “TaskTray”=“C:\Program Files\Creative\SBAudigy\Taskbar\CTLTray.exe” “Taskbar”=“C:\Program Files\Creative\SBAudigy\Taskbar\CTLTask.exe” “AtiTrayTools”="“C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe”" “SpySweeper”="“C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe” /0" … Hosts file was reset, If you use a custom hosts file please replace it »»»»» End report »»»»»
No i z hijjacka
Logfile of HijackThis v1.99.1 Scan saved at 11:49:26, on 2007-05-26 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Avast\aswUpdSv.exe C:\Avast\ashServ.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\CTsvcCDA.EXE C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wdfmgr.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\Avast\ashMaiSv.exe C:\Avast\ashWebSv.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\System32\alg.exe C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe C:\Avast\ashDisp.exe C:\Program Files\Creative\ShareDLL\CtNotify.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe C:\Program Files\Creative\ShareDLL\MediaDet.Exe C:\Program Files\TrustSoft AntiSpyware\TrustSoftAntiSpyware.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\Creative\SBAudigy\Taskbar\CTLTray.exe C:\Program Files\Creative\SBAudigy\Taskbar\CTLTask.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe G:\Packet\Mozilla\firefox.exe C:\Documents and Settings\Memphis\Pulpit\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/def … earch.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/def … .yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/def … .yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/def … .yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/def … .yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O4 - HKLM…\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM…\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe O4 - HKLM…\Run: [avast!] C:\Avast\ashDisp.exe O4 - HKLM…\Run: [Odkurzacz-MCD] C:\Downloads\Odkurzacz 10.1 Pro\odk_mcd.exe O4 - HKLM…\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe O4 - HKLM…\Run: [updReg] C:\WINDOWS\Updreg.exe O4 - HKLM…\Run: [CTStartup] C:\Program Files\Creative\SBAudigy\Program\CTEaxSpl.EXE /run O4 - HKLM…\Run: [Jet Detection] C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe O4 - HKLM…\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime O4 - HKLM…\Run: [irXfer] IrXfer.exe /Q O4 - HKLM…\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM…\Run: [speedTouch USB Diagnostics] “C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe” /icon O4 - HKLM…\Run: [TrustSoftAntiSpyware] C:\Program Files\TrustSoft AntiSpyware\TrustSoftAntiSpyware.exe /STARTUP O4 - HKLM…\Run: [!AVG Anti-Spyware] “C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe” /minimized O4 - HKLM…\Run: [AtiPTA] atiptaxx.exe O4 - HKCU…\Run: [TaskTray] C:\Program Files\Creative\SBAudigy\Taskbar\CTLTray.exe O4 - HKCU…\Run: [Taskbar] C:\Program Files\Creative\SBAudigy\Taskbar\CTLTask.exe O4 - HKCU…\Run: [AtiTrayTools] “C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe” O4 - HKCU…\Run: [spySweeper] “C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe” /0 O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O8 - Extra context menu item: Download with GetRight - C:\Net Programs\GetRight\GRdownload.htm O8 - Extra context menu item: Open with GetRight Browser - C:\Net Programs\GetRight\GRbrowse.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .htm: C:\Program Files\Netscape\Netscape Browser\PLUGINS\npTrident.dll O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O17 - HKLM\System\CCS\Services\Tcpip…{6848A48D-6781-4319-8479-A17F3AA0E18E}: NameServer = 194.204.159.1 217.98.63.164 O17 - HKLM\System\CCS\Services\Tcpip…{E582AC7C-D1A2-46B6-94D0-EB03A9B25D05}: NameServer = 194.204.159.1,194.204.152.34 O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Avast\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Avast\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Avast\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Avast\ashWebSv.exe" /service (file missing) O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
adam9870
(adam9870)
26 Maj 2007 09:57
#2
Log czysty.
Pobierz program HoverIP i na zakładce Traceroute po zaznaczeniu opcji Perform reverse lookup sprawdź czy na którymś etapie występują tzw. lagi.
system
(system)
26 Maj 2007 10:11
#3
hmm to tak na zakladce pojawia mi sie cos takiego robie printa ci to sam zobaczysz :
Nadal jedank wystepuja lagi internet obnizyl wydajnosc z 80Kb/s na 20 kb/s -.- nie jest to zaden rustock a log’a mam czystego dlatego dam z silent runners moze on cos wyjasni -.-
“Silent Runners.vbs”, revision R50, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by “{++}” Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “TaskTray” = “C:\Program Files\Creative\SBAudigy\Taskbar\CTLTray.exe” [“Creative Technology Ltd.”] “Taskbar” = “C:\Program Files\Creative\SBAudigy\Taskbar\CTLTask.exe” [“Creative Technology Ltd”] “AtiTrayTools” = ““C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe”” [file not found] “SpySweeper” = ““C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe” /0” [“Webroot Software, Inc.”] HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “NeroFilterCheck” = “C:\WINDOWS\system32\NeroCheck.exe” [“Ahead Software Gmbh”] “SunJavaUpdateSched” = “C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe” [null data] “avast!” = “C:\Avast\ashDisp.exe” [null data] “Odkurzacz-MCD” = “C:\Downloads\Odkurzacz 10.1 Pro\odk_mcd.exe” [“FranmoSoft”] “Disc Detector” = “C:\Program Files\Creative\ShareDLL\CtNotify.exe” [“Creative Technology Ltd.”] “UpdReg” = “C:\WINDOWS\Updreg.exe” [“Creative Technology Ltd.”] “CTStartup” = “C:\Program Files\Creative\SBAudigy\Program\CTEaxSpl.EXE /run” [“Creative Technology Ltd.”] “Jet Detection” = “C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe” [empty string] “QuickTime Task” = ““C:\Program Files\QuickTime\qttask.exe” -atboottime” [file not found] “IrXfer” = “IrXfer.exe /Q” [null data] “WinampAgent” = “C:\Program Files\Winamp\winampa.exe” [null data] “SpeedTouch USB Diagnostics” = ““C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe” /icon” [“THOMSON Telecom Belgium”] “TrustSoftAntiSpyware” = “C:\Program Files\TrustSoft AntiSpyware\TrustSoftAntiSpyware.exe /STARTUP” [“TrustSoft, Inc”] “!AVG Anti-Spyware” = ““C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe” /minimized” [“Anti-Malware Development a.s.”] “AtiPTA” = “atiptaxx.exe” [“ATI Technologies, Inc.”] “(Default)” = (unknown data type) HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx\CTStartup\ {++} “CTStartup” = ““C:\Program Files\Creative\SBAudigy\Program\CTEaxSpl.EXE” EAX.AVI” [“Creative Technology Ltd.”] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided) - {HKLM…CLSID} = “AcroIEHlprObj Class” \InProcServer32(Default) = “C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll” [“Adobe Systems Incorporated”] {53707962-6F74-2D53-2644-206D7942484F}(Default) = (no title provided) - {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\PROGRA~1\SPYBOT~1\SDHelper.dll” [“Safer Networking Limited”] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ “{42071714-76d4-11d1-8b24-00a0c9068ff3}” = “Rozszerzenie CPL kadrowania wyświetlania” - {HKLM…CLSID} = “Rozszerzenie CPL kadrowania wyświetlania” \InProcServer32(Default) = “deskpan.dll” [file not found] “{88895560-9AA2-1069-930E-00AA0030EBC8}” = “Rozszerzenie ikony HyperTerminalu” - {HKLM…CLSID} = “HyperTerminal Icon Ext” \InProcServer32(Default) = “C:\WINDOWS\system32\hticons.dll” [“Hilgraeve, Inc.”] “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” = “WinRAR shell extension” - {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] “{0006F045-0000-0000-C000-000000000046}” = “Microsoft Outlook Custom Icon Handler” - {HKLM…CLSID} = “Rozszerzenie ikon plików programu Outlook” \InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\Office\OLKFSTUB.DLL” [MS] “{7C9D5882-CB4A-4090-96C8-430BFE8B795B}” = “Webroot Spy Sweeper Context Menu Integration” - {HKLM…CLSID} = “Webroot Spy Sweeper Context Menu Integration” \InProcServer32(Default) = “C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll” [“Webroot Software, Inc.”] “{1CE8B2C9-EAEF-43fc-8218-F092E4F94A47}” = “Notepad++ Shell Extension” - {HKLM…CLSID} = “Notepad++ Shell Extension” \InProcServer32(Default) = “C:\Net Programs\Notepad++\nppshellext.dll” [“Notepad++ team”] “{cc86590a-b60a-48e6-996b-41d25ed39a1e}” = “Portable Media Devices Menu” - {HKLM…CLSID} = “Portable Media Devices Menu” \InProcServer32(Default) = “C:\WINDOWS\system32\Audiodev.dll” [MS] “{472083B0-C522-11CF-8763-00608CC02F24}” = “avast” - {HKLM…CLSID} = “avast” \InProcServer32(Default) = “C:\Avast\ashShell.dll” [“ALWIL Software”] “{EBDF1F20-C829-11D1-8233-0020AF3E97A6}” = “ATS Context Menu Shell Extension” - {HKLM…CLSID} = “ATS Context Menu Shell Extension” \InProcServer32(Default) = “C:\PROGRA~1\ATS\contmenu.dll” [null data] “{EBDF1F20-C829-11D1-8233-FF20AF3E97A9}” = “TrojanHunter Menu Shell Extension” - {HKLM…CLSID} = “TrojanHunter Menu Shell Extension” \InProcServer32(Default) = “C:\PROGRA~1\TROJAN~1.5\contmenu.dll” [null data] “{52B87208-9CCF-42C9-B88E-069281105805}” = “Trojan Remover Shell Extension” - {HKLM…CLSID} = “Trojan Remover Shell Extension” \InProcServer32(Default) = “C:\PROGRA~1\TROJAN~1\Trshlex.dll” [file not found] “{B8323370-FF27-11D2-97B6-204C4F4F5020}” = “SmartFTP Shell Extension DLL” - {HKLM…CLSID} = “SmartFTP Shell Extension DLL” \InProcServer32(Default) = “C:\Program Files\SmartFTP Client 2.0\smarthook.dll” [“SmartFTP”] “{32020A01-506E-484D-A2A8-BE3CF17601C3}” = “AlcoholShellEx” - {HKLM…CLSID} = “AlcoholShellEx” \InProcServer32(Default) = “C:\PROGRA~1\ALCOHO~1\ALCOHO~1\axshlex.dll” [“Alcohol Soft Development Team”] “{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}” = “Shell Extensions for RealOne Player” - {HKLM…CLSID} = “RealOne Player Context Menu Class” \InProcServer32(Default) = “C:\Program Files\Real\RealPlayer\rpshell.dll” [“RealNetworks, Inc.”] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\ “{57B86673-276A-48B2-BAE7-C6DBB3020EB8}” = “AVG Anti-Spyware 7.5” - {HKLM…CLSID} = “CShellExecuteHookImpl Object” \InProcServer32(Default) = “C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll” [“Anti-Malware Development a.s.”] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ AtiExtEvent\DLLName = “Ati2evxx.dll” [“ATI Technologies Inc.”] HKLM\Software\Classes*\shellex\ContextMenuHandlers\ avast(Default) = “{472083B0-C522-11CF-8763-00608CC02F24}” - {HKLM…CLSID} = “avast” \InProcServer32(Default) = “C:\Avast\ashShell.dll” [“ALWIL Software”] AVG Anti-Spyware(Default) = “{8934FCEF-F5B8-468f-951F-78A921CD3920}” - {HKLM…CLSID} = “CContextScan Object” \InProcServer32(Default) = “C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll” [“Anti-Malware Development a.s.”] ContMenu(Default) = “{EBDF1F20-C829-11D1-8233-0020AF3E97A6}” - {HKLM…CLSID} = “ATS Context Menu Shell Extension” \InProcServer32(Default) = “C:\PROGRA~1\ATS\contmenu.dll” [null data] NppShellExt(Default) = “{1CE8B2C9-EAEF-43fc-8218-F092E4F94A47}” - {HKLM…CLSID} = “Notepad++ Shell Extension” \InProcServer32(Default) = “C:\Net Programs\Notepad++\nppshellext.dll” [“Notepad++ team”] Trojan Remover(Default) = “{52B87208-9CCF-42C9-B88E-069281105805}” - {HKLM…CLSID} = “Trojan Remover Shell Extension” \InProcServer32(Default) = “C:\PROGRA~1\TROJAN~1\Trshlex.dll” [file not found] TrojanHunter(Default) = “{EBDF1F20-C829-11D1-8233-FF20AF3E97A9}” - {HKLM…CLSID} = “TrojanHunter Menu Shell Extension” \InProcServer32(Default) = “C:\PROGRA~1\TROJAN~1.5\contmenu.dll” [null data] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” - {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ AVG Anti-Spyware(Default) = “{8934FCEF-F5B8-468f-951F-78A921CD3920}” - {HKLM…CLSID} = “CContextScan Object” \InProcServer32(Default) = “C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll” [“Anti-Malware Development a.s.”] ContMenu(Default) = “{EBDF1F20-C829-11D1-8233-0020AF3E97A6}” - {HKLM…CLSID} = “ATS Context Menu Shell Extension” \InProcServer32(Default) = “C:\PROGRA~1\ATS\contmenu.dll” [null data] NppShellExt(Default) = “{1CE8B2C9-EAEF-43fc-8218-F092E4F94A47}” - {HKLM…CLSID} = “Notepad++ Shell Extension” \InProcServer32(Default) = “C:\Net Programs\Notepad++\nppshellext.dll” [“Notepad++ team”] TrojanHunter(Default) = “{EBDF1F20-C829-11D1-8233-FF20AF3E97A9}” - {HKLM…CLSID} = “TrojanHunter Menu Shell Extension” \InProcServer32(Default) = “C:\PROGRA~1\TROJAN~1.5\contmenu.dll” [null data] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” - {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ avast(Default) = “{472083B0-C522-11CF-8763-00608CC02F24}” - {HKLM…CLSID} = “avast” \InProcServer32(Default) = “C:\Avast\ashShell.dll” [“ALWIL Software”] ContMenu(Default) = “{EBDF1F20-C829-11D1-8233-0020AF3E97A6}” - {HKLM…CLSID} = “ATS Context Menu Shell Extension” \InProcServer32(Default) = “C:\PROGRA~1\ATS\contmenu.dll” [null data] SpySweeper(Default) = “{7C9D5882-CB4A-4090-96C8-430BFE8B795B}” - {HKLM…CLSID} = “Webroot Spy Sweeper Context Menu Integration” \InProcServer32(Default) = “C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll” [“Webroot Software, Inc.”] Trojan Remover(Default) = “{52B87208-9CCF-42C9-B88E-069281105805}” - {HKLM…CLSID} = “Trojan Remover Shell Extension” \InProcServer32(Default) = “C:\PROGRA~1\TROJAN~1\Trshlex.dll” [file not found] TrojanHunter(Default) = “{EBDF1F20-C829-11D1-8233-FF20AF3E97A9}” - {HKLM…CLSID} = “TrojanHunter Menu Shell Extension” \InProcServer32(Default) = “C:\PROGRA~1\TROJAN~1.5\contmenu.dll” [null data] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” - {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\ “DisableRegistryTools” = (REG_DWORD) hex:0x00000000 {User Configuration|Administrative Templates|System| Prevent access to registry editing tools} HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\ “shutdownwithoutlogon” = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Shutdown: Allow system to be shut down without having to log on} “undockwithoutlogon” = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Devices: Allow undock without having to log on} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ “Wallpaper” = “C:\WINDOWS\ACD Wallpaper.bmp” Startup items in “Memphis” “All Users” startup folders: --------------------------------------------------------- C:\Documents and Settings\All Users\Menu Start\Programy\Autostart “Adobe Gamma Loader.exe” - shortcut to: “C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe” [“Adobe Systems, Inc.”] “Microsoft Office” - shortcut to: “C:\Program Files\Microsoft Office\Office\OSA9.EXE -b -l” [MS] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] 000000000002\LibraryPath = “%SystemRoot%\System32\winrnr.dll” [MS] 000000000003\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: C:\Program Files\NetLimiter\nl_lsp.dll [null data], 01 - 05, 11 %SystemRoot%\system32\mswsock.dll [MS], 06 - 08, 12 - 25 %SystemRoot%\system32\rsvpsp.dll [MS], 09 - 10 Toolbars, Explorer Bars, Extensions: ------------------------------------ Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ “MenuText” = “Sun Java Console” “CLSIDExtension” = “{08B0E5C0-4FCB-11CF-AAA5-00401C608501}” {FB5F1910-F110-11D2-BB9E-00C04F795683}\ “ButtonText” = “Messenger” “MenuText” = “Windows Messenger” “Exec” = “C:\Program Files\Messenger\msmsgs.exe” [MS] Miscellaneous IE Hijack Points ------------------------------ C:\WINDOWS\INF\IERESET.INF (used to “Reset Web Settings”) Added lines (compared with English-language version): [strings]: START_PAGE_URL=http://www.microsoft.com/isapi/redir.dll?prd=iepver=6ar=msnhome Missing lines (compared with English-language version): [strings]: 1 line Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ Ati HotKey Poller, Ati HotKey Poller, “C:\WINDOWS\system32\Ati2evxx.exe” [“ATI Technologies Inc.”] avast! Antivirus, avast! Antivirus, ““C:\Avast\ashServ.exe”” [null data] avast! iAVS4 Control Service, aswUpdSv, ““C:\Avast\aswUpdSv.exe”” [null data] avast! Mail Scanner, avast! Mail Scanner, ““C:\Avast\ashMaiSv.exe” /service” [“ALWIL Software”] avast! Web Scanner, avast! Web Scanner, ““C:\Avast\ashWebSv.exe” /service” [“ALWIL Software”] AVG Anti-Spyware Guard, AVG Anti-Spyware Guard, “C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe” [“Anti-Malware Development a.s.”] Creative Service for CDROM Access, Creative Service for CDROM Access, “C:\WINDOWS\system32\CTsvcCDA.EXE” [“Creative Technology Ltd”] StarWind iSCSI Service, StarWindService, “C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe” [“Rocket Division Software”] Windows User Mode Driver Framework, UMWdf, “C:\WINDOWS\system32\wdfmgr.exe” [MS] WMDM PMSP Service, WMDM PMSP Service, “C:\WINDOWS\system32\MsPMSPSv.exe” [MS] ---------- : Suspicious data at a malware launch point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + To search all directories of local fixed drives for DESKTOP.INI DLL launch points, use the -supp parameter or answer “No” at the first message box and “Yes” at the second message box. ---------- (total run time: 109 seconds, including 24 seconds for message boxes)
Monczkin
(Monczkin)
26 Maj 2007 10:12
#4
Popraw tytuł na konkretny i błędy - na forum używamy polskiej pisowni.
system
(system)
26 Maj 2007 10:36
#5
Wszytstko poprawione a co z logiem z silent runners predkosc neta jest taka sama 20kb/s :o nic nie uleglo zmianie.Choc pszeczyscilem kompa avg anty -spyware po upadate podato cw shradderem nic to nie dalo.
Logo z ComboFix
“Memphis” - 2007-05-26 12:41:45 Dodatek Service Pack 2 ComboFix 07-05.26.3.V - Running from: “C:\Documents and Settings\Memphis\Pulpit” (((((((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) “C:\WINDOWS\system32\uosfjkgn.exe” “C:\WINDOWS\system32\uosfjkgn.dat” “C:\WINDOWS\system32\uosfjkgn_nav.dat” “C:\WINDOWS\system32\uosfjkgn_navps.dat” “C:\WINDOWS\system32\nvs2.inf” ((((((((((((((((((((((((((((((( Files Created from 2007-04-26 to 2007-05-26 )))))))))))))))))))))))))))))))))) 2007-05-26 12:06 2007-05-26 11:55 106 --a------ C:\delete.bat 2007-05-06 22:36 2007-05-02 12:17 43,520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll 2007-04-30 12:03 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys 2007-04-29 23:11 2007-04-28 20:44 2007-04-28 19:26 2007-04-28 19:25 451,072 --a------ C:\WINDOWS\Radeon Omega Drivers v3.8.330 Uninstall.exe 2007-04-28 19:25 2007-04-27 20:41 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2007-04-27 20:12 (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-05-26 09:39:10 24 ----a-w C:\WINDOWS\system32\DVCStateBkp-{00000000-00000000-00000009-00001102-00000004-00511102}.dat 2007-05-26 09:39:10 24 ----a-w C:\WINDOWS\system32\DVCState-{00000000-00000000-00000009-00001102-00000004-00511102}.dat 2007-05-26 09:26:52 -------- d-----w C:\DOCUME~1\Memphis\DANEAP~1\Xfire 2007-05-25 22:18:44 -------- d-----w C:\DOCUME~1\Memphis\DANEAP~1\Azureus 2007-05-25 20:18:13 -------- d-----w C:\Program Files\TrustSoft AntiSpyware 2007-05-25 13:51:18 -------- d-----w C:\DOCUME~1\Memphis\DANEAP~1\teamspeak2 2007-05-23 14:46:24 -------- d–h--w C:\Program Files\InstallShield Installation Information 2007-05-23 14:29:22 -------- d-----w C:\Program Files\eMule 2007-04-29 21:09:11 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll 2007-04-28 17:10:44 -------- d-----w C:\DOCUME~1\Memphis\DANEAP~1\ATI 2007-04-23 14:28:54 3,212 ----a-w C:\WINDOWS\system32\tmp.reg 2007-04-22 21:13:32 107,132 ----a-w C:\WINDOWS\UninstallFirefox.exe 2007-04-22 21:13:07 6,789 ----a-w C:\WINDOWS\mozver.dat 2007-04-21 21:23:54 -------- d-----w C:\Program Files\Opera 2007-04-20 22:47:40 -------- d-----w C:\DOCUME~1\Memphis\DANEAP~1\Real 2007-04-20 22:45:07 -------- d-----w C:\Program Files\Common Files\xing shared 2007-04-20 22:44:57 -------- d-----w C:\Program Files\Common Files\Real 2007-04-19 16:27:23 1,040,384 ----a-w C:\WINDOWS\system32\libeay32.dll 2007-04-19 16:27:06 196,608 ----a-w C:\WINDOWS\system32\ssleay32.dll 2007-04-19 15:49:00 223,128 ----a-w C:\WINDOWS\system32\drivers\vaxscsi.sys 2007-04-19 15:44:34 96,256 ----a-w C:\WINDOWS\system32\drivers\sptd2861.sys 2007-04-19 15:44:34 643,072 ----a-w C:\WINDOWS\system32\drivers\sptd.sys 2007-04-14 19:13:45 -------- d-----w C:\Program Files\GameSpy Arcade 2007-04-05 17:39:51 -------- d-----w C:\Program Files\Common Files\ATI Technologies 2007-04-05 17:37:17 74,346 ----a-w C:\WINDOWS\system32\perfc015.dat 2007-04-05 17:37:17 448,338 ----a-w C:\WINDOWS\system32\perfh015.dat 2007-04-04 10:51:10 241,066 ----a-w C:\WINDOWS\system32\mglidewjp_navtmp.dat 2007-04-04 10:33:50 -------- d-----w C:\Program Files\Windows Live Safety Center 2007-04-04 10:31:20 4,614 ----a-w C:\WINDOWS\system32\ynzoruj.dat 2007-04-03 08:02:53 241,066 ----a-w C:\WINDOWS\system32\ynzoruj_nav.dat 2007-04-02 09:18:31 -------- d-----w C:\DOCUME~1\Memphis\DANEAP~1\PC Tools 2007-03-26 15:12:26 -------- d-----w C:\Program Files\Creative 2007-03-22 20:47:35 46,344 ----a-w C:\WINDOWS\NSSetDefaultBrowser.EXE 2007-03-11 18:49:31 3,688 ----a-w C:\WINDOWS\system32\d3d9caps.dat (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll [2003-11-04 00:17] {53707962-6F74-2D53-2644-206D7942484F}=C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2004-05-12 01:03] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “NeroFilterCheck”=“C:\WINDOWS\system32\NeroCheck.exe” [2001-07-09 11:50] “SunJavaUpdateSched”=“C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe” [2004-09-28 20:26] “avast!”=“C:\Avast\ashDisp.exe” [2007-01-15 19:28] “Odkurzacz-MCD”=“C:\Downloads\Odkurzacz 10.1 Pro\odk_mcd.exe” [2005-12-28 11:09] “Disc Detector”=“C:\Program Files\Creative\ShareDLL\CtNotify.exe” [2001-04-02 02:00] “UpdReg”=“C:\WINDOWS\Updreg.exe” [2000-05-11 01:00] “CTStartup”=“C:\Program Files\Creative\SBAudigy\Program\CTEaxSpl.exe” [2001-06-04 01:00] “Jet Detection”=“C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe” [2001-04-20 14:52] “QuickTime Task”=“C:\Program Files\QuickTime\qttask.exe” [] “IrXfer”=“IrXfer.exe” [] “WinampAgent”=“C:\Program Files\Winamp\winampa.exe” [2006-11-21 19:38] “SpeedTouch USB Diagnostics”=“C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe” [2004-01-26 12:38] “TrustSoftAntiSpyware”=“C:\Program Files\TrustSoft AntiSpyware\TrustSoftAntiSpyware.exe” [2006-05-27 01:35] “!AVG Anti-Spyware”=“C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe” [2006-10-07 14:20] “AtiPTA”=“atiptaxx.exe” [2006-02-22 02:05 C:\WINDOWS\system32\atiptaxx.exe] “uosfjkgn”=“c:\windows\system32\uosfjkgn.exe” [] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “TaskTray”=“C:\Program Files\Creative\SBAudigy\Taskbar\CTLTray.exe” [2001-06-29 01:00] “Taskbar”=“C:\Program Files\Creative\SBAudigy\Taskbar\CTLTask.exe” [2001-07-26 01:00] “AtiTrayTools”=“C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe” [] “SpySweeper”=“C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe” [2004-07-20 13:48] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] @= [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] “{57B86673-276A-48B2-BAE7-C6DBB3020EB8}”=“C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll” [2006-09-28 16:13] *Newly Created Service* -PROCEXP90 ******************************************************************** catchme 0.3.681 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-05-26 12:47:27 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes … scanning hidden autostart entries … HKLM\Software\Microsoft\Windows\CurrentVersion\Run Disc Detector = C:\Program Files\Creative\ShareDLL\CtNotify.exe?X???V??? C???Disc Detector?B???A???A?? ???B???@?$?@?? C???U?@???@?B???A???A???B???@???P???$?@?? ???w???@?E???B???B CTStartup = C:\Program Files\Creative\SBAudigy\Program\CTEaxSpl.EXE /run???x???s$???w? ?w???w???w4???.??w4???4???TA?s4???&7???w???w???$???U??w???w???a???w???s???s???&7?A??s?&7???w??? scanning hidden files … scan completed successfully hidden files: 0 ******************************************************************** Completion time: 2007-05-26 12:48:42 C:\ComboFix-quarantined-files.txt … 2007-05-26 12:48 — E O F —
2006-12-29 21:58 22 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\nvs2.inf.vir
2007-05-22 19:59 363520 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\uosfjkgn.exe.vir
2007-05-24 20:00 262293 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\uosfjkgn_nav.dat.vir
2007-05-26 12:44 9099 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\uosfjkgn.dat.vir
2007-05-26 12:45 641 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\uosfjkgn_navps.dat.vir
Zmienna PATH folderu dla woluminu Acid
Numer seryjny woluminu: 7C36-269E
C:\QOOBOX
\---Quarantine
+---C
| \---WINDOWS
| \---system32
| nvs2.inf.vir
| uosfjkgn.dat.vir
| uosfjkgn.exe.vir
| uosfjkgn_nav.dat.vir
| uosfjkgn_navps.dat.vir
|
\---Registry_backups
I co z logami ?
Gutek
(Gutek)
26 Maj 2007 13:28
#6
usuń jeszcze pliki i dokończyć skanerami online - Skanery do wyboru
system
(system)
26 Maj 2007 14:20
#7
Jakim program. usunać te o to wpisy :
C:\WINDOWS\system32\DVCStateBkp-{00000000-00000000-00000009-00001102-00000004-00511102}.dat
C:\WINDOWS\system32\DVCState-{00000000-00000000-00000009-00001102-00000004-00511102}.dat
Ok Pliki usunięte poprawnie programem killbox z dysku usuniety takze zostal folder !killbox na partycji windowsa … ale problem nadal wystepuje pOmocy bo nie moge wrzucic pracy na ftp
Złączono Posta : 26.05.2007 (Sob) 19:38
o K wszytko jest juz dobrze kwestja ustawienia ktore zmienilem kiedy internet zamulal dzieki gutek i adam poraz kolejny mnie ratujecie :> Wrazie czegos jeszcze napisze :]
Pozdrawiam lowiie `