x-kom hosting

[Rozwiązany] przerywający internet.powód?

19szymon62
utworzono
utworzono

Witam,od jakiegoś tygodnia co kilka minut przerywa mi internet,przerwa trwa pare sekund i tak wkółko.kontaktowałem się z administratorem wymienili mi karte sieciową ale nic niepomogło.

niewiem co mogę zrobić.proszę o radę.niewiem czy to coś pomoże ale wkleje skana z hijackthis(ja sie na tym kompletnie nieznam).

Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 13:58:20, on 2008-07-26 Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\QuickTime\qttask.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\wdfmgr.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\System32\WgaTray.exe C:\Program Files\Tibia\Tibia.exe C:\Program Files\TibiaBot NG\loader.exe C:\Program Files\TibiaBot NG\loader.exe C:\Program Files\Tibia\Tibia.exe C:\Program Files\TibiaBot NG\loader.exe C:\Program Files\TibiaBot NG\loader.exe C:\Program Files\Tibia\Tibia.exe C:\Program Files\TibiaBot NG\loader.exe C:\Program Files\TibiaBot NG\loader.exe C:\Program Files\Maxthon\Maxthon.exe C:\WINDOWS\System32\wbem\wmiprvse.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [http://www.google.pl/ig?hl=pl] R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = w3cache.icm.edu.pl:8080 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0 CE\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll O2 - BHO: Burn4Free Toolbar Helper - {60BF5EE3-0105-4858-AD98-17C19F86B042} - C:\Program Files\Burn4Free Toolbar\v3.3.0.1\Burn4Free_Toolbar.dll O2 - BHO: BitComet Toolbar Helper - {6A373B7E-496E-424f-A9BE-486A5E9AB018} - C:\Program Files\BitComet Toolbar\v2.0.0.1\BitComet_Toolbar.dll O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [MS-patch33] winsecurity.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [iDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA SIECIOWA') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Dane aplikacji\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - [driveragent.com/files/driveragent.cab] O17 - HKLM\System\CCS\Services\Tcpip\..\{005386D2-E286-48EC-9269-EE34CB29A9A9}: NameServer = 85.255.114.12,85.255.112.91 O17 - HKLM\System\CCS\Services\Tcpip\..\{A5BF6B5E-9790-4CE0-9BF2-D6DB9AD74750}: NameServer = 85.255.114.12,85.255.112.91 O17 - HKLM\System\CCS\Services\Tcpip\..\{DAB43E61-22B2-41DA-B3E7-0BE3E47CAF79}: NameServer = 85.255.114.12,85.255.112.91 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.12 85.255.112.91 O17 - HKLM\System\CS1\Services\Tcpip\..\{005386D2-E286-48EC-9269-EE34CB29A9A9}: NameServer = 85.255.114.12,85.255.112.91 O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.114.12 85.255.112.91 O17 - HKLM\System\CS2\Services\Tcpip\..\{005386D2-E286-48EC-9269-EE34CB29A9A9}: NameServer = 85.255.114.12,85.255.112.91 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.12 85.255.112.91 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe O24 - Desktop Component 0: (no name) - [http://www.polskie-mp3.one.pl/images/top.jpg]

Mateusz J.
komentarz
komentarz
O4 - HKLM\..\Run: [MS-patch33] winsecurity.exeO17 - HKLM\System\CCS\Services\Tcpip\..\{005386D2-E286-48EC-9269-EE34CB29A9A9}: NameServer = 85.255.114.12,85.255.112.91O17 - HKLM\System\CCS\Services\Tcpip\..\{A5BF6B5E-9790-4CE0-9BF2-D6DB9AD74750}: NameServer = 85.255.114.12,85.255.112.91O17 - HKLM\System\CCS\Services\Tcpip\..\{DAB43E61-22B2-41DA-B3E7-0BE3E47CAF79}: NameServer = 85.255.114.12,85.255.112.91O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.12 85.255.112.91O17 - HKLM\System\CS1\Services\Tcpip\..\{005386D2-E286-48EC-9269-EE34CB29A9A9}: NameServer = 85.255.114.12,85.255.112.91O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.114.12 85.255.112.91O17 - HKLM\System\CS2\Services\Tcpip\..\{005386D2-E286-48EC-9269-EE34CB29A9A9}: NameServer = 85.255.114.12,85.255.112.91O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.12 85.255.112.91

Zaznaczasz kwadraciki obok wpisów i klikasz Fix checked.

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = w3cache.icm.edu.pl:8080

Ustawiałeś takie proxy w IE? Jeśli nie również Fix.

Proszę o loga z ComboFix.

19szymon62
komentarz
komentarz

Dziękuje za sprawdzenie tamtego loga,a oto log z Combofix(jedno mnie zastanawia,po skanie tego programu na pulpicie utworzyla mi sie ikona IE):

ComboFix 08-07-29.1 - Szymon 2008-07-30  9:52:28.1 - NTFSx86Microsoft Windows XP Professional  5.1.2600.1.1250.1.1045.18.72 [GMT 2:00]Running from: C:\Documents and Settings\Szymon\Pulpit\ComboFix.exe * Created a new restore point[b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b].(((((((((((((((((((((((((((((((((((((((   Other Deletions   ))))))))))))))))))))))))))))))))))))))))))))))))).C:\Program Files\AccoonaC:\Program Files\Accoona\quiesce.exeC:\smp.batC:\WINDOWS\system32\kdigf.exe.(((((((((((((((((((((((((   Files Created from 2008-06-28 to 2008-07-30  ))))))))))))))))))))))))))))))).2008-07-26 13:55 . 2008-07-26 13:55	<DIR>	d--------	C:\Program Files\Trend Micro2008-07-25 12:41 . 2007-03-08 01:51	129,784	---------	C:\WINDOWS\system32\pxafs.dll2008-07-25 12:41 . 2007-03-08 01:51	9,464	---------	C:\WINDOWS\system32\drivers\cdralw2k.sys2008-07-25 12:41 . 2007-03-08 01:51	9,336	---------	C:\WINDOWS\system32\drivers\cdr4_xp.sys2008-07-23 10:21 . 2001-08-17 20:12	23,070	--a------	C:\WINDOWS\system32\drivers\RTL8139.sys2008-07-23 10:21 . 2001-08-17 20:12	23,070	--a--c---	C:\WINDOWS\system32\dllcache\rtl8139.sys2008-07-09 10:47 . 2008-07-09 10:47	23,600	--a------	C:\WINDOWS\system32\drivers\TVICHW32.SYS2008-07-09 10:13 . 2008-07-09 10:13	<DIR>	d--------	C:\Program Files\Lavalys2008-07-03 21:58 . 2008-07-12 21:42	<DIR>	d--------	C:\Program Files\TibiaCam TV Lite2008-07-03 17:31 . 2008-07-03 17:33	<DIR>	d--------	C:\Documents and Settings\Szymon\Dane aplikacji\Ventrilo2008-07-03 17:27 . 2008-07-03 17:27	<DIR>	d--------	C:\Program Files\Ventrilo2008-07-03 17:26 . 2008-07-03 17:26	<DIR>	d--------	C:\Program Files\Common Files\Wise Installation Wizard2008-06-24 23:53 . 2008-06-24 23:53	0	--a------	C:\WINDOWS\nsreg.dat.((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))).2008-07-30 07:48	---------	d---a-w	C:\Documents and Settings\All Users\Dane aplikacji\TEMP2008-07-29 17:08	47,104	----a-w	C:\WINDOWS\Internet Logs\xDB23.tmp2008-07-29 17:08	3,654,144	----a-w	C:\WINDOWS\Internet Logs\xDB24.tmp2008-07-29 13:28	58,368	----a-w	C:\WINDOWS\Internet Logs\xDB22.tmp2008-07-29 07:44	44,032	----a-w	C:\WINDOWS\Internet Logs\xDB21.tmp2008-07-28 22:22	3,653,632	----a-w	C:\WINDOWS\Internet Logs\xDB20.tmp2008-07-28 22:22	151,552	----a-w	C:\WINDOWS\Internet Logs\xDB1F.tmp2008-07-28 12:52	---------	d-----w	C:\Program Files\TibiaBot NG2008-07-27 19:10	37,376	----a-w	C:\WINDOWS\Internet Logs\xDB1E.tmp2008-07-27 17:03	121,344	----a-w	C:\WINDOWS\Internet Logs\xDB1D.tmp2008-07-26 17:28	65,536	----a-w	C:\WINDOWS\Internet Logs\xDB1B.tmp2008-07-26 17:27	3,650,048	----a-w	C:\WINDOWS\Internet Logs\xDB1C.tmp2008-07-26 13:01	68,608	----a-w	C:\WINDOWS\Internet Logs\xDB19.tmp2008-07-26 13:01	3,662,848	----a-w	C:\WINDOWS\Internet Logs\xDB1A.tmp2008-07-26 09:55	45,056	----a-w	C:\WINDOWS\Internet Logs\xDB18.tmp2008-07-25 22:07	69,632	----a-w	C:\WINDOWS\Internet Logs\xDB16.tmp2008-07-25 22:07	3,650,048	----a-w	C:\WINDOWS\Internet Logs\xDB17.tmp2008-07-25 16:58	62,464	----a-w	C:\WINDOWS\Internet Logs\xDB14.tmp2008-07-25 16:58	3,649,024	----a-w	C:\WINDOWS\Internet Logs\xDB15.tmp2008-07-25 12:04	87,552	----a-w	C:\WINDOWS\Internet Logs\xDB12.tmp2008-07-25 12:04	3,644,416	----a-w	C:\WINDOWS\Internet Logs\xDB13.tmp2008-07-25 10:53	---------	d-----w	C:\Program Files\Winamp2008-07-25 07:23	3,469,312	----a-w	C:\WINDOWS\Internet Logs\xDB11.tmp2008-07-25 07:23	250,368	----a-w	C:\WINDOWS\Internet Logs\xDB10.tmp2008-07-25 06:25	---------	d-----w	C:\Program Files\xchat2008-07-25 06:25	---------	d-----w	C:\Program Files\h2008-07-25 06:24	---------	d-----w	C:\Program Files\Tibia2008-07-23 18:24	73,216	----a-w	C:\WINDOWS\Internet Logs\xDBE.tmp2008-07-23 18:24	3,469,312	----a-w	C:\WINDOWS\Internet Logs\xDBF.tmp2008-07-23 13:14	86,016	----a-w	C:\WINDOWS\Internet Logs\xDBC.tmp2008-07-23 13:14	3,469,312	----a-w	C:\WINDOWS\Internet Logs\xDBD.tmp2008-07-23 08:18	39,936	----a-w	C:\WINDOWS\Internet Logs\xDBA.tmp2008-07-23 08:18	3,465,216	----a-w	C:\WINDOWS\Internet Logs\xDBB.tmp2008-07-22 22:00	3,465,216	----a-w	C:\WINDOWS\Internet Logs\xDB9.tmp2008-07-22 22:00	123,392	----a-w	C:\WINDOWS\Internet Logs\xDB8.tmp2008-07-21 21:39	45,056	----a-w	C:\WINDOWS\Internet Logs\xDB6.tmp2008-07-21 21:39	3,463,168	----a-w	C:\WINDOWS\Internet Logs\xDB7.tmp2008-07-21 18:32	92,672	----a-w	C:\WINDOWS\Internet Logs\xDB4.tmp2008-07-21 18:32	3,463,168	----a-w	C:\WINDOWS\Internet Logs\xDB5.tmp2008-07-20 22:03	68,608	----a-w	C:\WINDOWS\Internet Logs\xDB3.tmp2008-07-20 17:00	3,462,144	----a-w	C:\WINDOWS\Internet Logs\xDB2.tmp2008-07-20 17:00	148,992	----a-w	C:\WINDOWS\Internet Logs\xDB1.tmp2008-07-20 15:24	---------	d-----w	C:\Program Files\eMule2008-07-16 07:44	---------	d-----w	C:\Documents and Settings\Szymon\Dane aplikacji\Tibia2008-07-15 20:26	---------	d-----w	C:\Program Files\Wapster2008-06-29 16:53	---------	d-----w	C:\Program Files\Burn4Free2008-06-01 12:55	---------	d-----w	C:\Program Files\SkanerOnline2008-05-09 10:05	356,352	-c--a-w	C:\WINDOWS\eSellerateEngine.dll2005-12-12 18:45	15,877,515	-c--a-w	C:\Program Files\Tibia.spr2001-11-23 04:08	712,704	-c--a-r	C:\WINDOWS\inf\OTHER\AUDIO3D.DLL2007-08-08 10:54	56	-csh--r	C:\WINDOWS\system32\E4F1761B75.sys.(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Zone Labs Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2005-07-18 00:21 980752]"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-01 16:57 282624][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2002-09-20 18:05 13312][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]"vidc.DIV3"= DivXc32.dll"msacm.divxa32"= DivXa32.acm"VIDC.SP54"= SP5X_32.DLL"VIDC.SP55"= SP5X_32.DLL"VIDC.SP56"= SP5X_32.DLL"VIDC.SP57"= SP5X_32.DLL"VIDC.SP58"= SP5X_32.DLL"VIDC.SP50"= SP5X_32.DLL"VIDC.SP51"= SP5X_32.DLL"VIDC.SP52"= SP5X_32.DLL"VIDC.SP53"= SP5X_32.DLL[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"C:\\Program Files\\Wapster\\AQQ\\AQQ.exe"=R1 aswSP;avast! Self Protection;C:\WINDOWS\System32\drivers\aswSP.sys [2008-07-19 16:35]S3 CA504AV;Mega Camera, WDM Video Capture;C:\WINDOWS\System32\Drivers\CA504AV.SYS [2002-01-30 23:02]S3 k510bus;Sony Ericsson K510 Driver driver (WDM);C:\WINDOWS\System32\DRIVERS\k510bus.sys [2006-02-17 21:34]S3 Sunplus;Mega Camera Still Image Capture, Sunplus Version 1.00;C:\WINDOWS\System32\Drivers\Bulk504.sys [2001-10-05 16:33].Contents of the 'Scheduled Tasks' folder2007-03-14 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2006-10-10 17:13].- - - - ORPHANS REMOVED - - - -HKCU-Run-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exeHKCU-Run-IDMan - C:\Program Files\Internet Download Manager\IDMan.exeHKLM-Run-Cmaudio - cmicnfg.cpl.------- Supplementary Scan -------.R0 -: HKCU-Main,Start Page = hxxp://www.google.pl/ig?hl=plR1 -: HKCU-Internet Connection Wizard,ShellNext = iexploreR1 -: HKCU-Internet Settings,ProxyOverride = <local>O16 -: DirectAnimation Java Classes - file://C:\WINDOWS\Java\classes\dajava.cabC:\WINDOWS\Downloaded Program Files\DirectAnimation Java Classes.osdO16 -: Microsoft XML Parser for Java - file://C:\WINDOWS\Java\classes\xmldso.cabC:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd**************************************************************************catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2008-07-30 09:59:07Windows 5.1.2600 Dodatek Service Pack. 1 NTFSscanning hidden processes ... scanning hidden autostart entries ...scanning hidden files ... scan completed successfullyhidden files: 0**************************************************************************.--------------------- DLLs Loaded Under Running Processes ---------------------PROCESS: C:\WINDOWS\system32\lsass.exe-> C:\Program Files\NetLimiter\nl_lsp.dll-> C:\WINDOWS\system32\nl_msgc.dll.------------------------ Other Running Processes ------------------------.C:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Alwil Software\Avast4\ashServ.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\LEXPPS.EXEC:\WINDOWS\system32\wdfmgr.exeC:\WINDOWS\system32\ZoneLabs\vsmon.exeC:\Program Files\Alwil Software\Avast4\ashMaiSv.exeC:\Program Files\Alwil Software\Avast4\ashWebSv.exeC:\WINDOWS\system32\imapi.exe.**************************************************************************.Completion time: 2008-07-30 10:04:01 - machine was rebooted [szymon]ComboFix-quarantined-files.txt  2008-07-30 08:03:43Pre-Run: 1,629,208,576 bajtów wolnychPost-Run: 1,640,480,768 bajt˘w wolnych165
Mateusz J.
komentarz
komentarz

Do notatnika wklej:

File::::C:\WINDOWS\Internet Logs\xDB23.tmpC:\WINDOWS\Internet Logs\xDB24.tmpC:\WINDOWS\Internet Logs\xDB22.tmpC:\WINDOWS\Internet Logs\xDB21.tmpC:\WINDOWS\Internet Logs\xDB20.tmpC:\WINDOWS\Internet Logs\xDB1F.tmpC:\WINDOWS\Internet Logs\xDB1E.tmpC:\WINDOWS\Internet Logs\xDB1D.tmpC:\WINDOWS\Internet Logs\xDB1B.tmpC:\WINDOWS\Internet Logs\xDB1C.tmpC:\WINDOWS\Internet Logs\xDB19.tmpC:\WINDOWS\Internet Logs\xDB1A.tmpC:\WINDOWS\Internet Logs\xDB18.tmpC:\WINDOWS\Internet Logs\xDB16.tmpC:\WINDOWS\Internet Logs\xDB17.tmpC:\WINDOWS\Internet Logs\xDB14.tmpC:\WINDOWS\Internet Logs\xDB15.tmpC:\WINDOWS\Internet Logs\xDB12.tmpC:\WINDOWS\Internet Logs\xDB13.tmpC:\WINDOWS\Internet Logs\xDB11.tmpC:\WINDOWS\Internet Logs\xDB10.tmpC:\WINDOWS\Internet Logs\xDBE.tmpC:\WINDOWS\Internet Logs\xDBF.tmpC:\WINDOWS\Internet Logs\xDBC.tmpC:\WINDOWS\Internet Logs\xDBD.tmpC:\WINDOWS\Internet Logs\xDBA.tmpC:\WINDOWS\Internet Logs\xDBB.tmpC:\WINDOWS\Internet Logs\xDB9.tmpC:\WINDOWS\Internet Logs\xDB8.tmpC:\WINDOWS\system32\winsecurity.exeC:\WINDOWS\Internet Logs\xDB6.tmpC:\WINDOWS\Internet Logs\xDB7.tmpC:\WINDOWS\Internet Logs\xDB4.tmpC:\WINDOWS\Internet Logs\xDB5.tmpC:\WINDOWS\Internet Logs\xDB3.tmpC:\WINDOWS\eSellerateEngine.dllC:\WINDOWS\Internet Logs\xDB2.tmpC:\WINDOWS\Internet Logs\xDB1.tmp

W notatniku zakladka Plik ==> Zapisz jako ==> zapisz pod nazwą CFScript.txt i zapisz go w tym katalogu co ściągnięty i zapisany został combofix

wystartuj do trybu awaryjny. Na ikonę ComboFix przeciągasz zrobiony plik CFScript.txt Tak jak na obrazku:

82650GIF.gif

Rozpocznie się usuwanie i powstanie log , który pokazujesz na forum.

Do tego pokazujesz nowy log z HijackThis + log z Silent Runners(opis pod HijackThis)

Małe pytańko, czy nie jesteś czasem z Jastrzębia? :)

19szymon62
komentarz
komentarz
Mateusz J.
komentarz
komentarz
2008-07-30 08:36 3,712,000 ----a-w C:\WINDOWS\Internet Logs\xDB26.tmp2008-07-30 08:36 168,448 ----a-w C:\WINDOWS\Internet Logs\xDB25.tmp

Pliki nie są szkodliwe, ale zajmują nie potrzebnie miejsce na dysku, możesz je usunąć ręcznie.

Logi z HijackThis i ComboFix są czyste.

Silent Runners jest ucięty, musisz poczekać aż pojawi się:

ced21506f687a3d8.jpg

Tak jestem z Jastrzębia

Ja też :)

19szymon62
komentarz
komentarz

Tym razem juz raczej cały;p

"Silent Runners.vbs", revision 58, http://www.silentrunners.org/Operating System: Windows XPOutput limited to non-default values, except where indicated by "{++}"Startup items buried in registry:---------------------------------HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}"Zone Labs Client" = "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" ["Zone Labs, LLC"]"NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]"QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}\(Default) = "Windows Messenger 4.7"                                       \StubPath   = "rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.Remove.PerUser" [MS]HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)  -> {HKLM...CLSID} = "AcroIEHlprObj Class"                   \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 5.0 CE\Reader\ActiveX\AcroIEHelper.ocx" [empty string]{60BF5EE3-0105-4858-AD98-17C19F86B042}\(Default) = (no title provided)  -> {HKLM...CLSID} = "Burn4Free Toolbar Helper"                   \InProcServer32\(Default) = "C:\Program Files\Burn4Free Toolbar\v3.3.0.1\Burn4Free_Toolbar.dll" [null data]{6A373B7E-496E-424f-A9BE-486A5E9AB018}\(Default) = (no title provided)  -> {HKLM...CLSID} = "BitComet Toolbar Helper"                   \InProcServer32\(Default) = "C:\Program Files\BitComet Toolbar\v2.0.0.1\BitComet_Toolbar.dll" [null data]HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"  -> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"                   \InProcServer32\(Default) = "deskpan.dll" [file not found]"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"  -> {HKLM...CLSID} = "HyperTerminal Icon Ext"                   \InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"  -> {HKLM...CLSID} = "Rozszerzenie ikon plików programu Outlook"                   \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office\OLKFSTUB.DLL" [MS]"{ED65AC21-B24F-11d3-BA80-00C0CA16AA37}" = "Siemens Device"  -> {HKLM...CLSID} = "Siemens Device"                   \InProcServer32\(Default) = "C:\Program Files\Mobile Phone Manager\DES\DESShellExt.dll" ["Siemens AG"]"{ED65AC22-B24F-11d3-BA80-00C0CA16AA37}" = "Siemens Device ContextMenuHandler"  -> {HKLM...CLSID} = "Siemens Device ContextMenuHandler"                   \InProcServer32\(Default) = "C:\Program Files\Mobile Phone Manager\DES\DESShellExt.dll" ["Siemens AG"]"{ED65AC23-B24F-11d3-BA80-00C0CA16AA37}" = "Siemens SX1 PropertySheetHandler"  -> {HKLM...CLSID} = "Siemens Device PropertySheetHandler"                   \InProcServer32\(Default) = "C:\Program Files\Mobile Phone Manager\DES\DESShellExt.dll" ["Siemens AG"]"{ED65AB21-B24F-11d3-BA80-00C0CA16AA37}" = "Mobile"  -> {HKLM...CLSID} = "Mobile"                   \InProcServer32\(Default) = "C:\Program Files\Siemens Data Suite\DES\DESShellExt.dll" [file not found]"{ED65AB22-B24F-11d3-BA80-00C0CA16AA37}" = "Mobile ContextMenuHandler"  -> {HKLM...CLSID} = "Mobile ContextMenuHandler"                   \InProcServer32\(Default) = "C:\Program Files\Siemens Data Suite\DES\DESShellExt.dll" [file not found]"{ED65AB23-B24F-11d3-BA80-00C0CA16AA37}" = "Mobile PropertySheetHandler"  -> {HKLM...CLSID} = "Mobile PropertySheetHandler"                   \InProcServer32\(Default) = "C:\Program Files\Siemens Data Suite\DES\DESShellExt.dll" [file not found]"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"  -> {HKLM...CLSID} = "WinRAR"                   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]"{453D1B6D-BD6A-4FA1-B876-9E4DD848D434}" = "AQQ File Transfer Shell Extension"  -> {HKLM...CLSID} = "AQQ File Transfer Shell Extension"                   \InProcServer32\(Default) = "C:\PROGRA~1\Wapster\AQQ\System\AQQSHE~1.DLL" [null data]"{40950107-FEA6-4d53-A65F-B2DCBA57DD58}" = "Nokia Phone Browser"  -> {HKLM...CLSID} = "Nokia Phone Browser"                   \InProcServer32\(Default) = "C:\Program Files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll" [file not found]"{FBFE7864-D495-41f0-B7DC-4BB601CC295E}" = "Contact View"  -> {HKLM...CLSID} = "Contact View"                   \InProcServer32\(Default) = "C:\Program Files\Nokia\Nokia PC Suite 6\ContactView.dll" [file not found]"{C0C4375A-5B72-4efe-929D-3B848C3A1E91}" = "Message View"  -> {HKLM...CLSID} = "Message View"                   \InProcServer32\(Default) = "C:\Program Files\Nokia\Nokia PC Suite 6\MessageView.dll" [file not found]"{950FF917-7A57-46BC-8017-59D9BF474000}" = "Shell Extension for CDRW"  -> {HKLM...CLSID} = "Shell Extension for CDRW"                   \InProcServer32\(Default) = "C:\Program Files\Ahead\InCD\incdshx.dll" [file not found]"{472083B0-C522-11CF-8763-00608CC02F24}" = "avast"  -> {HKLM...CLSID} = "avast"                   \InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]"{10677009-C23C-4FC2-A62C-29323A2201F0}" = "AQQ File Transfer Shell Extension"  -> {HKLM...CLSID} = "AQQ File Transfer Shell Extension"                   \InProcServer32\(Default) = "C:\PROGRA~1\Wapster\WAPSTE~1\System\AQQSHE~1.DLL" [null data]HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"  -> {HKLM...CLSID} = "PDF Shell Extension"                   \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\AQQFileTransfer\(Default) = "{10677009-C23C-4FC2-A62C-29323A2201F0}"  -> {HKLM...CLSID} = "AQQ File Transfer Shell Extension"                   \InProcServer32\(Default) = "C:\PROGRA~1\Wapster\WAPSTE~1\System\AQQSHE~1.DLL" [null data]avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"  -> {HKLM...CLSID} = "avast"                   \InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"  -> {HKLM...CLSID} = "WinRAR"                   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"  -> {HKLM...CLSID} = "WinRAR"                   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"  -> {HKLM...CLSID} = "avast"                   \InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"  -> {HKLM...CLSID} = "WinRAR"                   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]Default executables:--------------------<<!>> HKLM\SOFTWARE\Classes\.com\(Default) = "ComFile"Group Policies {GPedit.msc branch and setting}:-----------------------------------------------Note: detected settings may not have any effect.HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\"ClearRecentDocsOnExit" = (REG_DWORD) dword:0x00000001{unrecognized setting}"NoDrives" = (REG_DWORD) dword:0x00000000{unrecognized setting}HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\"NoDrives" = (REG_DWORD) dword:0x00000000{unrecognized setting}HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\"HideLegacyLogonScripts" = (REG_DWORD) dword:0x00000000{unrecognized setting}"HideLogoffScripts" = (REG_DWORD) dword:0x00000000{unrecognized setting}"RunLogonScriptSync" = (REG_DWORD) dword:0x00000001{unrecognized setting}"RunStartupScriptSync" = (REG_DWORD) dword:0x00000000{unrecognized setting}"HideStartupScripts" = (REG_DWORD) dword:0x00000000{unrecognized setting}HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\"shutdownwithoutlogon" = (REG_DWORD) dword:0x00000001{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|Shutdown: Allow system to be shut down without having to log on}"undockwithoutlogon" = (REG_DWORD) dword:0x00000001{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|Devices: Allow undock without having to log on}"DisableRegistryTools" = (REG_DWORD) dword:0x00000000{unrecognized setting}"HideLegacyLogonScripts" = (REG_DWORD) dword:0x00000000{unrecognized setting}"HideLogoffScripts" = (REG_DWORD) dword:0x00000000{unrecognized setting}"RunLogonScriptSync" = (REG_DWORD) dword:0x00000001{unrecognized setting}"RunStartupScriptSync" = (REG_DWORD) dword:0x00000000{unrecognized setting}"HideStartupScripts" = (REG_DWORD) dword:0x00000000{unrecognized setting}Active Desktop and Wallpaper:-----------------------------Active Desktop may be disabled at this entry:HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellStateDisplayed if Active Desktop enabled and wallpaper not set by Group Policy:HKCU\Software\Microsoft\Internet Explorer\Desktop\General\"Wallpaper" = "C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"Displayed if Active Desktop disabled and wallpaper not set by Group Policy:HKCU\Control Panel\Desktop\"Wallpaper" = "C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"Windows Portable Device AutoPlay Handlers-----------------------------------------HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\AVSTVVideoCameraArrival\"Provider" = "AVS TV Box""ProgID" = "Shell.HWEventHandlerShellExecute""InitCmdLine" = "C:\Program Files\AVSMedia\TV Box\AVSTVBox.exe"HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = "{FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}"  -> {HKLM...CLSID} = "ShellExecute HW Event Handler"                   \LocalServer32\(Default) = "rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" [MS]MSPlayCDAudioOnArrival\"Provider" = "ALLPlayer""InvokeProgID" = "AllPlayerFile""InvokeVerb" = "play"HKLM\SOFTWARE\Classes\AllPlayerFile\shell\play\command\(Default) = ""C:\Program Files\MarBit\ALLPlayer\ALLPlayer.exe" "%1"" ["MarBit"]NeroAutoPlayEmptyCD\"Provider" = "Nero StartSmart""InvokeProgID" = "Nero.AutoPlay""InvokeVerb" = "EmptyCD"HKLM\SOFTWARE\Classes\Nero.AutoPlay\shell\EmptyCD\command\(Default) = ""C:\Program Files\Ahead\nero startsmart\nerostartsmart.exe" /Drive:%L" [file not found]NeroAutoPlayInCDAutorunEmptyCD\"Provider" = "InCD""InvokeProgID" = "Nero.AutoPlay""InvokeVerb" = "InCDAutorunEmptyCD"HKLM\SOFTWARE\Classes\Nero.AutoPlay\shell\InCDAutorunEmptyCD\command\(Default) = "C:\Program Files\Ahead\InCD\InCDL.exe" [file not found]Enabled Scheduled Tasks:------------------------"AppleSoftwareUpdate" -> launches: "C:\Program Files\Apple Software Update\SoftwareUpdate.exe -Task" ["Apple Computer, Inc."]Winsock2 Service Provider DLLs:-------------------------------Namespace Service ProvidersHKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]Transport Service ProvidersHKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:C:\Program Files\NetLimiter\nl_lsp.dll [null data], 01 - 05, 11%SystemRoot%\system32\mswsock.dll [MS], 06 - 08, 12 - 25%SystemRoot%\system32\rsvpsp.dll [MS], 09 - 10Toolbars, Explorer Bars, Extensions:------------------------------------ToolbarsHKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\"{2E608F70-C430-4BC5-96F6-608E02EBA5B2}"  -> {HKLM...CLSID} = "BitComet Toolbar"                   \InProcServer32\(Default) = "C:\Program Files\BitComet Toolbar\v2.0.0.1\BitComet_Toolbar.dll" [null data]"{55FAF0F2-44D4-425F-B5F5-6B275B621EAB}"  -> {HKLM...CLSID} = "Burn4Free Toolbar"                   \InProcServer32\(Default) = "C:\Program Files\Burn4Free Toolbar\v3.3.0.1\Burn4Free_Toolbar.dll" [null data]Running Services (Display Name, Service Name, Path {Service DLL}):------------------------------------------------------------------avast! Antivirus, avast! Antivirus, ""C:\Program Files\Alwil Software\Avast4\ashServ.exe"" ["ALWIL Software"]avast! iAVS4 Control Service, aswUpdSv, ""C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"" ["ALWIL Software"]avast! Mail Scanner, avast! Mail Scanner, ""C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service" ["ALWIL Software"]avast! Web Scanner, avast! Web Scanner, ""C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service" ["ALWIL Software"]LexBce Server, LexBceS, "C:\WINDOWS\system32\LEXBCES.EXE" ["Lexmark International, Inc."]TrueVector Internet Monitor, vsmon, "C:\WINDOWS\system32\ZoneLabs\vsmon.exe -service" ["Zone Labs, LLC"]Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\System32\wdfmgr.exe" [MS]Print Monitors:---------------HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\Lexmark Network Port\Driver = "LEXLMPM.DLL" ["Lexmark International, Inc."]---------- (launch time: 2008-07-30 14:21:34)+ This report excludes default entries except where indicated.+ To see *everywhere* the script checks and *everything* it finds,  launch it from a command prompt or a shortcut with the -all parameter.+ The search for DESKTOP.INI DLL launch points on all local fixed drives  took 130 seconds.---------- (total run time: 583 seconds)
Mateusz J.
komentarz
komentarz

Log czysty.

Jeśli nadal masz problemy z internetem, to nie są one związane z wirusami.

19szymon62
komentarz
komentarz

Dziękuje bardzo,jeszcze jedno pytanie, po tym wszystkim avast nieuruchamia mi się koło zegarka razem z windowsem jak zawsze,wogóle niema tej ikonki.Od nowa zainstalować go?

Mateusz J.
komentarz
komentarz

Ostatnio ComboFix lubi robić taki psikus

Start => Uruchom => wpisz: regedit => kliknij ok.

Przejdź do klucza:

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

PPM na Run => Nowy => Wartość ciągu => nowa wartość nazwij: "avast!"

PPM na tę wartość (avast!) => Modyfikuj => w polu dane wartości wpisz: C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

Kliknij ok, a następnie uruchom ponownie komputer.

Jeśli ikonka się nie pojawi w zasobniku systemowym pozostaje przeinstalować Avasta.

19szymon62
komentarz
komentarz

Dzięki działa wszystko prócze tego internetu.Dalej przerywa ale dużo rzadziej.Dziś niby mają przyjść "technicy od internetu" po raz kolejny.. Dzięki za wszystko

Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!

Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.

×
×
  • Dodaj nową pozycję...

Powiadomienie o plikach cookie

Strona wykorzystuje pliki cookies w celu prawidłowego świadczenia usług i wygody użytkowników. Warunki przechowywania i dostępu do plików cookies możesz zmienić w ustawieniach przeglądarki.