CentrumXP Forum Tematyka portalu CentrumXP.pl Bezpieczeństwo problem z trzema wpisami

problem z trzema wpisami

Witam Dwa dni temu zauważyłem, że internet mi cos zwalnia dziwnie i mam zablokowany dostep do regedit. Zatem zrobiłem skana Combofixem, a następnie HijackThis. Poniżej są ich logi. ComboFix wydaje się usunął co groźniejsze ale nadal mam problem z trzema wpisami w HijackThis i przede wszystkim problem z internetem. Polega on na tym, ze przegladajac strony i scigajac cos mam predkosc lacza 512, gdzie powinienem miec 1024. Co ciekawe kiedy sciagam coz przez irca to predkosc wynosi 1024. Nie rozumiem co sie moze dziac. Wyglada to tak jakby cos zapychalo port 80 czy jakos. Naprawde prosilbym o pomoc w tej sprawie. Strona która sprawdza logi wyswietla te wpisy jako unknown, a na google cos znaleźć nic nie moge na ich temat i nie wiem czy moge je usunąć czy nie i jak sie ich już definitywnie pozbyć. Koniecznie prosze o pomoc :/ ComboFix 08-11-07.01 - Bellevar 2008-11-09 20:03:08.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.1.932.81.1045.18.646 [GMT 1:00] Running from: d:\z 40\E\Instalki\ComboFix.exe * Created a new restore point [COLOR=RED][B]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/B][/COLOR] . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\Common Files\System\svchost.exe c:\windows\Downloaded Program Files\setup.inf c:\windows\IE4 Error Log.txt c:\windows\msettings.ini c:\windows\system32\~.exe c:\windows\system32\drivers\down c:\windows\system32\mdm.exe c:\windows\system32\ps.dat . ((((((((((((((((((((((((( Files Created from 2008-10-09 to 2008-11-09 ))))))))))))))))))))))))))))))) . 2008-11-06 19:00 . 2008-11-06 19:00 d-------- c:\program files\WinImage 2008-10-17 10:29 . 2008-10-17 10:29 1,409 --a------ c:\windows\system32\tmpF1CA3.FOT 2008-10-17 10:29 . 2008-10-17 10:29 1,409 --a------ c:\windows\system32\tmp00CA3.FOT . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-11-09 18:41 --------- d-----w c:\program files\eMule 2008-11-09 12:54 --------- d-----w c:\program files\FlashGet 2008-11-09 12:25 46,592 ----a-w c:\windows\system32\uidll.dll 2008-11-08 19:20 --------- d-----w c:\program files\mIRC 2008-11-03 19:02 --------- d-----w c:\program files\Combined Community Codec Pack 2008-11-01 20:53 --------- d-----w c:\program files\Metin2_PL 2008-10-30 09:15 458,340 ----a-w c:\windows\system32\PerfStringBackup.TMP 2008-10-21 21:32 --------- d-----w c:\program files\IrfanView 2008-04-11 16:14 60,460 --sh--r c:\program files\DefWatch.exe . ((((((((((((((((((((((((((((((((((((((((((((( AWF )))))))))))))))))))))))))))))))))))))))))))))))))))))))))) . ----a-w 32,768 2004-11-02 19:24:46 c:\program files\CyberLink\PowerDVD\bak\PDVDServ.exe ----a-w 157,592 2006-09-14 20:09:07 c:\program files\DAEMON Tools\bak\daemon.exe ----a-w 157,592 2006-09-14 20:09:07 c:\program files\DAEMON Tools\daemon.exe ----a-w 49,263 2006-09-07 14:51:22 c:\program files\Java\jre1.5.0_09\bin\bak\jusched.exe ----a-w 155,648 2006-09-28 19:21:29 c:\program files\QuickTime\bak\qttask.exe ----a-w 208,953 2002-08-28 20:38:42 c:\windows\ime\imjp8_1\bak\IMJPMIG.EXE ----a-w 208,953 2002-08-28 20:38:42 c:\windows\ime\imjp8_1\imjpmig.exe ----a-w 13,312 2002-09-20 17:05:18 c:\windows\system32\bak\ctfmon.exe ----a-w 13,312 2002-09-20 17:05:18 c:\windows\system32\ctfmon.exe ----a-w 155,648 2001-07-09 09:50:42 c:\windows\system32\bak\NeroCheck.exe ----a-r 83,968 2004-06-11 03:15:18 c:\windows\system32\bak\nvraidservice.exe ----a-w 59,392 2002-08-28 20:39:06 c:\windows\system32\IME\PINTLGNT\bak\ImScInst.exe ----a-w 59,392 2002-08-28 20:39:06 c:\windows\system32\IME\PINTLGNT\imscinst.exe ----a-w 455,168 2002-08-28 20:39:50 c:\windows\system32\IME\TINTLGNT\bak\TINTSETP.EXE ----a-w 455,168 2002-08-28 20:39:50 c:\windows\system32\IME\TINTLGNT\tintsetp.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{88183238-8805-4074-6430-5599ca323026}] 2008-11-04 13:04 53248 -rahs---- c:\program files\Common Files\System\admin help.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\ctfmon.exe" [2002-09-20 13312] "DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTProAgent.exe" [2007-09-06 136136] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2006-09-14 157592] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 79224] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496] "SmcService"="c:\progra~1\Sygate\SPF\smc.exe" [2004-08-13 2532576] "NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2005-06-15 6803456] "lxdnmon.exe"="c:\program files\Lexmark 2600 Series\lxdnmon.exe" [2008-03-27 660136] "lxdnamon"="c:\program files\Lexmark 2600 Series\lxdnamon.exe" [2008-03-27 16040] "SoundMan"="SOUNDMAN.EXE" [2005-06-20 c:\windows\SOUNDMAN.EXE] "nwiz"="nwiz.exe" [2005-06-15 c:\windows\system32\nwiz.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2002-09-20 13312] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "RunNarrator"="Narrator.exe" [2001-10-26 c:\windows\system32\narrator.exe] c:\documents and settings\Bellevar\Menu Start\Programy\AutostartIPod Desktop Load.exe [2008-11-04 29696] c:\documents and settings\All Users\Menu Start\Programy\AutostartAdobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696] Google Try Icon Load.exe [2008-11-04 29696] Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-02-17 65588] [HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\windowsupdate\au] "NoAutoUpdate"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.ffds"= c:\progra~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll [HKLM\~\startupfolder\C:^Documents and Settings^Bellevar^Menu Start^Programy^Autostart^WinMySQLadmin.lnk] path=c:\documents and settings\Bellevar\Menu Start\Programy\Autostart\WinMySQLadmin.lnk backup=c:\windows\pss\WinMySQLadmin.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UpdatesDisableNotify"=dword:00000001 "AntiVirusDisableNotify"=dword:00000001 R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [2008-03-29 75856] R2 BT848;BtCap, WDM Video Capture;c:\windows\System32\drivers\BT848.SYS [2001-06-08 291648] R2 BTTUNER;BtTuner, WDM TV Tuner;c:\windows\System32\drivers\BTTUNER.SYS [2002-02-22 21824] R2 BTXBAR;BtXBar, WDM Crossbar;c:\windows\System32\drivers\BTXBAR.SYS [2002-02-22 12796] R2 lxdn_device;lxdn_device;c:\windows\System32\lxdncoms.exe [2008-02-28 594600] S2 lxdnCATSCustConnectService;lxdnCATSCustConnectService;c:\windows\System32\spool\DRIVERS\W32X86\3\\lxdnserv.exe [2008-02-28 98984] S2 Uiserver;Uiserver;c:\program files\DefWatch.exe [2008-04-11 60460] S3 k510bus;Sony Ericsson K510 Driver driver (WDM);c:\windows\System32\DRIVERS\k510bus.sys [2006-02-17 58288] S3 k510mdfl;Sony Ericsson K510 USB WMC Modem Filter;c:\windows\System32\DRIVERS\k510mdfl.sys [2006-02-17 8336] S3 k510mdm;Sony Ericsson K510 USB WMC Modem Driver;c:\windows\System32\DRIVERS\k510mdm.sys [2006-02-17 94064] S3 k510mgmt;Sony Ericsson K510 USB WMC Device Management Drivers (WDM);c:\windows\System32\DRIVERS\k510mgmt.sys [2006-02-17 85408] S3 k510obex;Sony Ericsson K510 USB WMC OBEX Interface;c:\windows\System32\DRIVERS\k510obex.sys [2006-02-17 83344] S3 ss_bus;Samsung Mobile USB Device 1.0 driver (WDM);c:\windows\System32\DRIVERS\ss_bus.sys [2005-01-24 52384] S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;c:\windows\System32\DRIVERS\ss_mdfl.sys [2005-01-24 6064] S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;c:\windows\System32\DRIVERS\ss_mdm.sys [2005-01-24 84512] . - - - - ORPHANS REMOVED - - - - ShellExecuteHooks-{E60A0B68-353A-81DD-ED09-2A8101A6DFBA} - (no file) . ------- Supplementary Scan ------- . R0 -: HKCU-Main,Start Page = hxxp://www.google.pl/ R0 -: HKLM-Main,Start Page = about:blank O8 -: Download All by FlashGet - c:\program files\FlashGet\jc_all.htm O8 -: Download using FlashGet - c:\program files\FlashGet\jc_link.htm O16 -: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab c:\windows\Downloaded Program Files\DirectAnimation Java Classes.osd O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd O16 -: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game01.zylom.com/activex/zylomgamesplayer.cab c:\windows\Downloaded Program Files\ZylomGamesPlayer.inf c:\windows\Downloaded Program Files\zylomgamesplayer.dll O16 -: {E0BE586C-7C66-4909-94D6-D18BBBDD6373} - hxxp://app.filebank.co.jp/setup/win/fbx2.cab c:\windows\Downloaded Program Files\fbx2.inf c:\windows\Downloaded Program Files\fbx2.ocx . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-11-09 20:11:25 Windows 5.1.2600 Dodatek Service Pack. 1 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\vsdatant] "ImagePath"="" . Completion time: 2008-11-09 20:16:02 ComboFix-quarantined-files.txt 2008-11-09 19:15:59 ComboFix2.txt 2008-05-06 11:30:24 Pre-Run: 526?462?976 bajtow wolnych Post-Run: 3,975,380,992 bajtow wolnych 147 ----------------------------------------------- Logfile of HijackThis v1.99.1 Scan saved at 18:19:22, on 2008-11-12 Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Sygate\SPF\smc.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\SOUNDMAN.EXE C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\Lexmark 2600 Series\lxdnMsdMon.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\WINDOWS\System32\lxdncoms.exe C:\xampp\mysql\bin\mysqld-nt.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe D:\z 40\E\Instalki\hijackthis\HijackThis.exe O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll [b]O2 - BHO: (no name) - {88183238-8805-4074-6430-5599ca323026} - C:\Program Files\Common Files\System\admin help.dll[/b]O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [lxdnmon.exe] "C:\Program Files\Lexmark 2600 Series\lxdnmon.exe" O4 - HKLM\..\Run: [lxdnamon] "C:\Program Files\Lexmark 2600 Series\lxdnamon.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe" [b]O4 - Startup: IPod Desktop Load.exe[/b] O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [b]O4 - Global Startup: Google Try Icon Load.exe[/b] O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun ? Java ????E - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game01.zylom.com/activex/zylomgamesplayer.cab O16 - DPF: {E0BE586C-7C66-4909-94D6-D18BBBDD6373} (????????????E) - http://app.filebank.co.jp/setup/win/fbx2.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: lxdnCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdnserv.exe O23 - Service: lxdn_device - - C:\WINDOWS\System32\lxdncoms.exe O23 - Service: mysql - Unknown owner - C:\xampp\mysql\bin\mysqld-nt.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe O23 - Service: Uiserver - Unknown owner - C:\Program Files\DefWatch.exe

Odpowiedzi: 2

cFos Traffic Shaping to program do modelowania ruchu, jeśli ktoś wykorzystuje Twoje pozostałe 512kb to można będzie to zobaczyć (zielona skala), jeśli (tak jak ja) nie wiesz jakie wpisy można usunąć użyj programu, który zrobi to za ciebie bezpiecznie, np: jv16 PowerTools lub Ashampoo UnInstaller Platinum 2, zanim coś usuną potrafią zrobić kopię wpisu z rejestru lub pliku i są po polsku, to tak na początek.
deezoo68
Dodano
21.11.2008 01:03:57
Mogłbym naprawde prosić o pomoc? Głównie chodzi mi o to czy moge na pewno usunąć te 3 wpisy i jak to dokładnie mam zrobić znaczy czy Killbox wystarczy do tego? Wtedy zoabcze jak to będzie po ich usunięciu czy coś sie poprawi czy nie za bardzo.
Bellevar
Dodano
13.11.2008 16:44:32
Bellevar
Dodano:
12.11.2008 20:05:09
Komentarzy:
2
Strona 1 / 1