wolny net \\ spyware

Parę dni temu komputer zaczął świrować. Poinstalowały mi się jakieś programy informujące, że na moim komputerze jest maja wirusów, spywarów i że za opłatą usuną je. Ściągnąłem jakieś oprogramowanie, które miało poblokować dostęp robaków do kompa i problem ustąpił. Jednak po tym zdarzeniu komputer wolno chodzi. Dzisiaj grając w MMORPG zacząłem strasznie lagować, co uniemożliwiło grę. Internet zaczął strasznie wolno chodzić. Mam internet 256mb/s, jednak na stronach testujących prędkość łącza pokazuje się, że tylko 60mb/s

dam loga z HJT

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:03:36, on 2008-06-30
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
D:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = w3cache.icm.edu.pl:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [devenv] C:\WINDOWS\system\smvss.exe /w
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - D:\Krzysiek\Programy\BlueSoleil\BTNtService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 4408 bytes

mam nadzieję, że obejdzie się bez formatu

pozdrawiam

Odpal hjt wybierz opcję do a system scan only.Zrobi Ci się log i zaznacz kwadrat obok poniższego wpisu i daj fix

O4 - HKLM\..\Run: [devenv] C:\WINDOWS\system\smvss.exe /w

Po za tym czysto.Daj loga z combofixa

[quote]
ComboFix 08-06-20.4 - Korebko 2008-06-30 20:07:54.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1045.18.168 [GMT 2:00]
Running from: C:\Documents and Settings\Korebko\Pulpit\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Korebko\Ustawienia lokalne\Temporary Internet Files\ijjistarter_verinfo.dat

.
((((((((((((((((((((((((( Files Created from 2008-05-28 to 2008-06-30 )))))))))))))))))))))))))))))))
.

2008-06-30 10:04 . 2008-06-30 10:04 80 --ah----- C:\WINDOWS\system32\HsInfo.dat
2008-06-29 11:09 . 2006-10-04 16:06 1,197,294 -----c--- C:\WINDOWS\system32\dllcache\sysmain.sdb
2008-06-29 11:09 . 2006-10-04 16:06 764,868 -----c--- C:\WINDOWS\system32\dllcache\apph_sp.sdb
2008-06-29 11:09 . 2006-10-04 16:06 217,118 -----c--- C:\WINDOWS\system32\dllcache\apphelp.sdb
2008-06-29 11:08 . 2008-06-29 11:08 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2008-06-29 11:06 . 2008-06-29 11:06 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-06-29 11:06 . 2008-06-29 11:07 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-06-24 14:44 . 2008-06-24 14:44 2,164 --a------ C:\WINDOWS\system32\tmp.reg
2008-06-24 14:42 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-06-24 14:42 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-06-24 14:42 . 2008-05-29 09:35 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-06-24 14:42 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-06-24 14:42 . 2008-06-23 23:34 82,432 --a------ C:\WINDOWS\system32\IEDFix.C.exe
2008-06-24 14:42 . 2008-05-23 18:21 81,920 --a------ C:\WINDOWS\system32\404Fix.exe
2008-06-24 14:42 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-06-24 14:42 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-06-24 14:42 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-06-24 14:41 . 2008-06-30 20:09 <DIR> d--h----- C:\Documents and Settings\Administrator\Ustawienia lokalne
2008-06-24 14:41 . 2008-01-10 19:00 <DIR> d-------- C:\Documents and Settings\Administrator\Ulubione
2008-06-24 14:41 . 2008-01-10 19:04 <DIR> d--h----- C:\Documents and Settings\Administrator\Szablony
2008-06-24 14:41 . 2008-01-10 19:00 <DIR> d-------- C:\Documents and Settings\Administrator\Pulpit
2008-06-24 14:41 . 2008-01-10 19:00 <DIR> d-------- C:\Documents and Settings\Administrator\Moje dokumenty
2008-06-24 14:41 . 2008-01-10 19:00 <DIR> dr------- C:\Documents and Settings\Administrator\Menu Start
2008-06-24 14:41 . 2008-01-10 19:00 <DIR> dr-h----- C:\Documents and Settings\Administrator\Dane aplikacji
2008-06-24 14:41 . 2008-06-24 14:41 <DIR> d-------- C:\Documents and Settings\Administrator
2008-06-24 14:22 . 2008-06-24 14:22 30,672 --a------ C:\a
2008-06-24 14:07 . 2008-06-21 11:35 3,262 --a------ C:\WINDOWS\system32\sex2.ico
2008-06-24 14:03 . 2008-06-26 15:59 <DIR> d-------- C:\Program Files\VAV
2008-06-24 14:03 . 2008-06-24 14:09 <DIR> d-------- C:\Program Files\PCHealthCenter
2008-06-24 14:03 . 2008-06-19 18:20 117,248 --a------ C:\WINDOWS\system32\vav.cpl
2008-06-24 14:03 . 2008-06-21 11:35 32,256 --a------ C:\WINDOWS\Sys4A.exe
2008-06-24 14:03 . 2008-06-21 11:35 31,744 --a------ C:\WINDOWS\Sys4B.exe
2008-06-24 14:03 . 2008-06-21 11:35 30,720 --a------ C:\WINDOWS\Sys4D.exe
2008-06-24 14:03 . 2008-06-21 11:35 30,208 --a------ C:\WINDOWS\Sys4C.exe
2008-06-24 14:03 . 2008-06-21 11:35 3,262 --a------ C:\WINDOWS\system32\sex1.ico
2008-06-22 18:11 . 2008-06-22 18:11 1,122 --a------ C:\WINDOWS\bestplayer.ini
2008-06-22 18:11 . 2008-06-22 18:11 23 --a------ C:\WINDOWS\bestplayer.bpp
2008-06-22 18:11 . 2008-06-22 18:11 0 --a------ C:\WINDOWS\bestplayer.bbt
2008-06-11 07:01 . 2008-06-14 20:01 273,024 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-01 11:11 . 2008-06-01 11:11 <DIR> d-------- C:\Documents and Settings\LocalService\Dane aplikacji\Xfire
2008-06-01 11:01 . 2008-06-01 11:03 <DIR> d--h----- C:\Documents and Settings\Korebko\Dane aplikacji\ijjigame
2008-06-01 10:18 . 2008-06-01 10:18 <DIR> d-------- C:\Program Files\NHN USA
2008-06-01 10:18 . 2008-04-27 19:13 704,512 --a------ C:\WINDOWS\system32\ijjiSetup.exe
2008-06-01 10:18 . 2008-04-23 19:42 58,776 --a------ C:\WINDOWS\system32\ijjiPlugin2.dll
2008-06-01 10:17 . 2008-06-01 11:08 50 --a------ C:\WINDOWS\GunzLauncher.INI
2008-05-31 14:33 . 2008-05-31 14:33 <DIR> d-------- C:\Documents and Settings\NetworkService\Dane aplikacji\Xfire
2008-05-29 23:26 . 2008-06-24 14:07 1,160 --a------ C:\WINDOWS\wincmd.ini
2008-05-29 23:26 . 2008-04-22 07:03 545 --a------ C:\WINDOWS\UC.PIF
2008-05-29 23:26 . 2008-04-22 07:03 545 --a------ C:\WINDOWS\RAR.PIF
2008-05-29 23:26 . 2008-04-22 07:03 545 --a------ C:\WINDOWS\PKZIP.PIF
2008-05-29 23:26 . 2008-04-22 07:03 545 --a------ C:\WINDOWS\PKUNZIP.PIF
2008-05-29 23:26 . 2008-04-22 07:03 545 --a------ C:\WINDOWS\NOCLOSE.PIF
2008-05-29 23:26 . 2008-04-22 07:03 545 --a------ C:\WINDOWS\LHA.PIF
2008-05-29 23:26 . 2008-04-22 07:03 545 --a------ C:\WINDOWS\ARJ.PIF
2008-05-28 16:40 . 2008-05-28 16:40 <DIR> d-------- C:\Documents and Settings\Korebko\Dane aplikacji\GanymedeNet
2008-05-28 16:40 . 2008-05-28 16:40 4 --a------ C:\WINDOWS\system32\proc1395793746.bin
2008-05-25 07:28 . 2008-05-25 07:28 <DIR> d-------- C:\Documents and Settings\Korebko\Dane aplikacji\MSN6
2008-05-25 07:28 . 2008-05-25 07:28 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\MSN6
2008-05-24 11:10 . 2008-05-24 11:22 <DIR> d-------- C:\Documents and Settings\Korebko\Dane aplikacji\Hamachi
2008-05-24 11:10 . 2008-05-24 11:10 25,280 --a------ C:\WINDOWS\system32\drivers\hamachi.sys
2008-05-04 13:17 . 2005-08-13 05:06 22,486 -ra------ C:\WINDOWS\system32\UnInstall_Sample.ico
2008-05-03 10:47 . 2008-05-03 10:47 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-05-02 20:06 . 2008-05-03 11:40 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Bluetooth
2008-05-02 20:05 . 2004-08-04 08:44 91,136 --a------ C:\WINDOWS\system32\drivers\kswdmcap.ax
2008-05-02 20:05 . 2004-08-04 08:44 61,952 --a------ C:\WINDOWS\system32\drivers\kstvtune.ax
2008-05-02 20:05 . 2004-08-04 08:44 54,784 --a------ C:\WINDOWS\system32\drivers\vfwwdm32.dll
2008-05-02 20:05 . 2004-08-04 08:44 43,008 --a------ C:\WINDOWS\system32\drivers\ksxbar.ax
2008-05-02 20:05 . 2004-08-04 08:44 28,672 --a------ C:\WINDOWS\system32\drivers\vidcap.ax
2008-05-02 12:41 . 2008-05-02 12:41 <DIR> d-------- C:\WINDOWS\system32\Samsung PC Studio Codecs
2008-05-02 12:41 . 2006-03-21 15:49 2,729,472 --a------ C:\WINDOWS\system32\fun_avcodec.dll
2008-05-02 12:41 . 2006-04-18 16:32 684,032 --a------ C:\WINDOWS\system32\fun_mp4_enc.dll
2008-05-02 12:41 . 2006-04-11 16:49 671,744 --a------ C:\WINDOWS\system32\FunDecFilter.ax
2008-05-02 12:41 . 2006-04-11 13:13 532,480 --a------ C:\WINDOWS\system32\FunEncFilter.ax
2008-05-02 12:41 . 2006-04-06 11:28 77,824 --a------ C:\WINDOWS\system32\fun_mp4_dec.dll
2008-05-02 12:41 . 2005-08-28 20:51 766 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-05-02 12:40 . 2008-05-02 12:40 <DIR> d-------- C:\WINDOWS\system32\Samsung_USB_Drivers
2008-05-02 12:40 . 2008-05-02 12:40 <DIR> d-------- C:\Program Files\Samsung
2008-05-02 12:40 . 2005-08-30 01:49 94,000 --a------ C:\WINDOWS\system32\drivers\ssm_mdm.sys
2008-05-02 12:40 . 2005-08-30 01:47 58,320 --a------ C:\WINDOWS\system32\drivers\ssm_bus.sys
2008-05-02 12:40 . 2005-08-13 05:06 22,486 -ra------ C:\WINDOWS\system32\UnInstall_Driver.ico
2008-05-02 12:40 . 2005-08-30 01:49 8,336 --a------ C:\WINDOWS\system32\drivers\ssm_mdfl.sys
2008-05-02 12:40 . 2005-08-30 01:49 6,176 --a------ C:\WINDOWS\system32\drivers\ssm_cmnt.sys
2008-05-02 12:40 . 2005-08-30 01:49 6,176 --a------ C:\WINDOWS\system32\drivers\ssm_cm.sys
2008-05-02 12:40 . 2005-08-30 01:47 5,840 --a------ C:\WINDOWS\system32\drivers\ssm_whnt.sys
2008-05-02 12:40 . 2005-08-30 01:47 5,840 --a------ C:\WINDOWS\system32\drivers\ssm_wh.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))%2

2008-06-26 18:38 --------- d-----w C:\Documents and Settings\Korebko\Dane aplikacji\Skype
2008-06-26 15:27 --------- d-----w C:\Documents and Settings\Korebko\Dane aplikacji\skypePM
2008-06-20 10:04 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-18 20:17 --------- d-----w C:\Program Files\Nokia
2008-06-14 18:01 273,024 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:16 1,291,264 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-23 07:20 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-03-25 04:52 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:52 178,976 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-20 08:09 1,845,504 ----a-w C:\WINDOWS\system32\win32k.sys
2008-01-12 21:20 32 ----a-w C:\Documents and Settings\All Users\Dane aplikacji\ezsid.dat
2008-01-10 20:32 24,192 ----a-w C:\Documents and Settings\Korebko\usbsermptxp.sys
2008-01-10 20:32 22,768 ----a-w C:\Documents and Settings\Korebko\usbsermpt.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:44 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2006-06-01 11:22 7618560]
"nwiz"="nwiz.exe" [2006-06-01 18:22 1519616 C:\WINDOWS\system32\nwiz.exe]
"SoundMan"="SOUNDMAN.EXE" [2004-12-22 11:09 77824 C:\WINDOWS\SOUNDMAN.EXE]
"avast!"="D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 19:37 79224]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe" [2005-06-03 04:52 36975]
"NvMediaCenter"="NvMCTray.dll" [2006-06-01 11:22 86016 C:\WINDOWS\system32\nvmctray.dll]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 09:44 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.X264"= x264vfw.dll
"VIDC.3iv2"= 3ivxVfWCodec.dll
"msacm.l3fhg"= mp3fhg.acm

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="C:\Program Files\Messenger\MSMSGS.EXE" /background

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
"PCSuiteTrayApplication"=C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
"WinampAgent"="D:\Program Files\Winamp\winampa.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"D:\\Program Files\\Gadu-Gadu\\gg.exe"=
"D:\\Krzysiek\\Programy\\AQQ\\AQQ.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"D:\\Krzysiek\\Gry\\KartRider\\NMService.exe"=
"D:\\Program Files\\eMule\\emule.exe"=
"D:\\Krzysiek\\Programy\\Azureus\\Azureus.exe"=
"D:\\Krzysiek\\Programy\\BlueSoleil\\BlueSoleil.exe"=
"D:\\Krzysiek\\Gry\\KartRider\\KartRider.exe"=
"D:\\Krzysiek\\Programy\\Hamachi\\hamachi.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 pxark;pxark;C:\WINDOWS\system32\drivers\pxark.sys [2008-04-15 07:14]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
R3 R5BaseSmc;USB Token Holder Service;C:\WINDOWS\system32\DRIVERS\smccard.sys [2008-01-11 16:19]
S3 dump_wmimmc;dump_wmimmc;D:\Krzysiek\Gry\Nexon\MapleStory\GameGuard\dump_wmimmc.sys []
S3 token;USB Token Service;C:\WINDOWS\system32\DRIVERS\eps2kt1.sys [2008-01-11 16:19]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c3ae5cad-ec63-11dc-81ef-001485cb8862}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
\Shell\Open(&0)\command - Recycled\ctfmon.exe

*Newly Created Service* - CATCHME
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-30 20:09:55
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-06-30 20:10:40
ComboFix-quarantined-files.txt 2008-06-30 18:10:36

Pre-Run: 34,341,605,376 bajtów wolnych
Post-Run: 35,448,721,408 bajtów wolnych

180 --- E O F --- 2008-06-30 15:44:20

Wklej do Notatnika:

File::
C:\WINDOWS\system32\sex2.ico
C:\WINDOWS\system32\vav.cpl
C:\WINDOWS\Sys4A.exe
C:\WINDOWS\Sys4B.exe
C:\WINDOWS\Sys4D.exe
C:\WINDOWS\Sys4C.exe
C:\WINDOWS\system32\sex1.ico

Folder::
C:\Program Files\VAV
C:\Program Files\PCHealthCenter

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c3ae5cad-ec63-11dc-81ef-001485cb8862}]

>>Plik>>Zapisz jako... >>> CFScript
Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe
-->
Ma się rozpocząć usuwanie. (i powstanie log). Daj ten log, który powstanie w trakcie usuwania.
Po restarcie usuń ręcznie folder C:\Qoobox.

ordynat

ComboFix 08-06-20.4 - Korebko 2008-06-30 22:51:48.2 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.2.1250.1.1045.18.226 [GMT 2:00]
Running from: C:\Documents and Settings\Korebko\Pulpit\ComboFix.exe
Command switches used :: C:\Documents and Settings\Korebko\Pulpit\CFScript.txt
 * Created a new restore point

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED [img]http://www.forum.tweaks.pl/public/style_emoticons/default/excl.gif[/img][/b][/color]

FILE ::
C:\WINDOWS\Sys4A.exe
C:\WINDOWS\Sys4B.exe
C:\WINDOWS\Sys4C.exe
C:\WINDOWS\Sys4D.exe
C:\WINDOWS\system32\sex1.ico
C:\WINDOWS\system32\sex2.ico
C:\WINDOWS\system32\vav.cpl
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\PCHealthCenter
C:\Program Files\PCHealthCenter\[u]0[/u].exe
C:\Program Files\PCHealthCenter\[u]0[/u].gif
C:\Program Files\PCHealthCenter\1.exe
C:\Program Files\PCHealthCenter\1.gif
C:\Program Files\PCHealthCenter\2.exe
C:\Program Files\PCHealthCenter\2.gif
C:\Program Files\PCHealthCenter\3.exe
C:\Program Files\PCHealthCenter\3.gif
C:\Program Files\PCHealthCenter\4.exe
C:\Program Files\PCHealthCenter\5.exe
C:\Program Files\PCHealthCenter\sex1.ico
C:\Program Files\PCHealthCenter\sex2.ico
C:\Program Files\VAV
C:\Program Files\VAV\vav.cpl
C:\Program Files\VAV\vav0.dat
C:\Program Files\VAV\vav1.dat
C:\WINDOWS\Sys4A.exe
C:\WINDOWS\Sys4B.exe
C:\WINDOWS\Sys4C.exe
C:\WINDOWS\Sys4D.exe
C:\WINDOWS\system32\sex1.ico
C:\WINDOWS\system32\sex2.ico
C:\WINDOWS\system32\vav.cpl

.
(((((((((((((((((((((((((   Files Created from 2008-05-28 to 2008-06-30  )))))))))))))))))))))))))))))))
.

2008-06-30 10:04 . 2008-06-30 10:04	80	--ah-----	C:\WINDOWS\system32\HsInfo.dat
2008-06-29 11:09 . 2006-10-04 16:06	1,197,294	-----c---	C:\WINDOWS\system32\dllcache\sysmain.sdb
2008-06-29 11:09 . 2006-10-04 16:06	764,868	-----c---	C:\WINDOWS\system32\dllcache\apph_sp.sdb
2008-06-29 11:09 . 2006-10-04 16:06	217,118	-----c---	C:\WINDOWS\system32\dllcache\apphelp.sdb
2008-06-29 11:08 . 2008-06-29 11:08	<DIR>	d--------	C:\Program Files\Windows Media Connect 2
2008-06-29 11:06 . 2008-06-29 11:06	<DIR>	d--------	C:\WINDOWS\system32\LogFiles
2008-06-29 11:06 . 2008-06-29 11:07	<DIR>	d--------	C:\WINDOWS\system32\drivers\UMDF
2008-06-24 14:44 . 2008-06-24 14:44	2,164	--a------	C:\WINDOWS\system32\tmp.reg
2008-06-24 14:42 . 2007-09-06 00:22	289,144	--a------	C:\WINDOWS\system32\VCCLSID.exe
2008-06-24 14:42 . 2006-04-27 17:49	288,417	--a------	C:\WINDOWS\system32\SrchSTS.exe
2008-06-24 14:42 . 2008-05-29 09:35	86,528	--a------	C:\WINDOWS\system32\VACFix.exe
2008-06-24 14:42 . 2008-05-18 21:40	82,944	--a------	C:\WINDOWS\system32\IEDFix.exe
2008-06-24 14:42 . 2008-06-23 23:34	82,432	--a------	C:\WINDOWS\system32\IEDFix.C.exe
2008-06-24 14:42 . 2008-05-23 18:21	81,920	--a------	C:\WINDOWS\system32\404Fix.exe
2008-06-24 14:42 . 2003-06-05 21:13	53,248	--a------	C:\WINDOWS\system32\Process.exe
2008-06-24 14:42 . 2004-07-31 18:50	51,200	--a------	C:\WINDOWS\system32\dumphive.exe
2008-06-24 14:42 . 2007-10-04 00:36	25,600	--a------	C:\WINDOWS\system32\WS2Fix.exe
2008-06-24 14:41 . 2008-06-30 22:53	<DIR>	d--h-----	C:\Documents and Settings\Administrator\Ustawienia lokalne
2008-06-24 14:41 . 2008-01-10 19:00	<DIR>	d--------	C:\Documents and Settings\Administrator\Ulubione
2008-06-24 14:41 . 2008-01-10 19:04	<DIR>	d--h-----	C:\Documents and Settings\Administrator\Szablony
2008-06-24 14:41 . 2008-01-10 19:00	<DIR>	d--------	C:\Documents and Settings\Administrator\Pulpit
2008-06-24 14:41 . 2008-01-10 19:00	<DIR>	d--------	C:\Documents and Settings\Administrator\Moje dokumenty
2008-06-24 14:41 . 2008-01-10 19:00	<DIR>	dr-------	C:\Documents and Settings\Administrator\Menu Start
2008-06-24 14:41 . 2008-01-10 19:00	<DIR>	dr-h-----	C:\Documents and Settings\Administrator\Dane aplikacji
2008-06-24 14:41 . 2008-06-24 14:41	<DIR>	d--------	C:\Documents and Settings\Administrator
2008-06-24 14:22 . 2008-06-24 14:22	30,672	--a------	C:\a
2008-06-22 18:11 . 2008-06-22 18:11	1,122	--a------	C:\WINDOWS\bestplayer.ini
2008-06-22 18:11 . 2008-06-22 18:11	23	--a------	C:\WINDOWS\bestplayer.bpp
2008-06-22 18:11 . 2008-06-22 18:11	0	--a------	C:\WINDOWS\bestplayer.bbt
2008-06-11 07:01 . 2008-06-14 20:01	273,024	-----c---	C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-01 11:11 . 2008-06-01 11:11	<DIR>	d--------	C:\Documents and Settings\LocalService\Dane aplikacji\Xfire
2008-06-01 11:01 . 2008-06-01 11:03	<DIR>	d--h-----	C:\Documents and Settings\Korebko\Dane aplikacji\ijjigame
2008-06-01 10:18 . 2008-06-01 10:18	<DIR>	d--------	C:\Program Files\NHN USA
2008-06-01 10:18 . 2008-04-27 19:13	704,512	--a------	C:\WINDOWS\system32\ijjiSetup.exe
2008-06-01 10:18 . 2008-04-23 19:42	58,776	--a------	C:\WINDOWS\system32\ijjiPlugin2.dll
2008-06-01 10:17 . 2008-06-01 11:08	50	--a------	C:\WINDOWS\GunzLauncher.INI
2008-05-31 14:33 . 2008-05-31 14:33	<DIR>	d--------	C:\Documents and Settings\NetworkService\Dane aplikacji\Xfire
2008-05-29 23:26 . 2008-06-24 14:07	1,160	--a------	C:\WINDOWS\wincmd.ini
2008-05-29 23:26 . 2008-04-22 07:03	545	--a------	C:\WINDOWS\UC.PIF
2008-05-29 23:26 . 2008-04-22 07:03	545	--a------	C:\WINDOWS\RAR.PIF
2008-05-29 23:26 . 2008-04-22 07:03	545	--a------	C:\WINDOWS\PKZIP.PIF
2008-05-29 23:26 . 2008-04-22 07:03	545	--a------	C:\WINDOWS\PKUNZIP.PIF
2008-05-29 23:26 . 2008-04-22 07:03	545	--a------	C:\WINDOWS\NOCLOSE.PIF
2008-05-29 23:26 . 2008-04-22 07:03	545	--a------	C:\WINDOWS\LHA.PIF
2008-05-29 23:26 . 2008-04-22 07:03	545	--a------	C:\WINDOWS\ARJ.PIF
2008-05-28 16:40 . 2008-05-28 16:40	<DIR>	d--------	C:\Documents and Settings\Korebko\Dane aplikacji\GanymedeNet
2008-05-28 16:40 . 2008-05-28 16:40	4	--a------	C:\WINDOWS\system32\proc1395793746.bin
2008-05-25 07:28 . 2008-05-25 07:28	<DIR>	d--------	C:\Documents and Settings\Korebko\Dane aplikacji\MSN6
2008-05-25 07:28 . 2008-05-25 07:28	<DIR>	d--------	C:\Documents and Settings\All Users\Dane aplikacji\MSN6
2008-05-24 11:10 . 2008-05-24 11:22	<DIR>	d--------	C:\Documents and Settings\Korebko\Dane aplikacji\Hamachi
2008-05-24 11:10 . 2008-05-24 11:10	25,280	--a------	C:\WINDOWS\system32\drivers\hamachi.sys
2008-05-04 13:17 . 2005-08-13 05:06	22,486	-ra------	C:\WINDOWS\system32\UnInstall_Sample.ico
2008-05-03 10:47 . 2008-05-03 10:47	<DIR>	d--------	C:\Program Files\MSXML 4.0
2008-05-02 20:06 . 2008-05-03 11:40	<DIR>	d--------	C:\Documents and Settings\All Users\Dane aplikacji\Bluetooth
2008-05-02 20:05 . 2004-08-04 08:44	91,136	--a------	C:\WINDOWS\system32\drivers\kswdmcap.ax
2008-05-02 20:05 . 2004-08-04 08:44	61,952	--a------	C:\WINDOWS\system32\drivers\kstvtune.ax
2008-05-02 20:05 . 2004-08-04 08:44	54,784	--a------	C:\WINDOWS\system32\drivers\vfwwdm32.dll
2008-05-02 20:05 . 2004-08-04 08:44	43,008	--a------	C:\WINDOWS\system32\drivers\ksxbar.ax
2008-05-02 20:05 . 2004-08-04 08:44	28,672	--a------	C:\WINDOWS\system32\drivers\vidcap.ax
2008-05-02 12:41 . 2008-05-02 12:41	<DIR>	d--------	C:\WINDOWS\system32\Samsung PC Studio Codecs
2008-05-02 12:41 . 2006-03-21 15:49	2,729,472	--a------	C:\WINDOWS\system32\fun_avcodec.dll
2008-05-02 12:41 . 2006-04-18 16:32	684,032	--a------	C:\WINDOWS\system32\fun_mp4_enc.dll
2008-05-02 12:41 . 2006-04-11 16:49	671,744	--a------	C:\WINDOWS\system32\FunDecFilter.ax
2008-05-02 12:41 . 2006-04-11 13:13	532,480	--a------	C:\WINDOWS\system32\FunEncFilter.ax
2008-05-02 12:41 . 2006-04-06 11:28	77,824	--a------	C:\WINDOWS\system32\fun_mp4_dec.dll
2008-05-02 12:41 . 2005-08-28 20:51	766	--a------	C:\WINDOWS\system32\Uninstall.ico
2008-05-02 12:40 . 2008-05-02 12:40	<DIR>	d--------	C:\WINDOWS\system32\Samsung_USB_Drivers
2008-05-02 12:40 . 2008-05-02 12:40	<DIR>	d--------	C:\Program Files\Samsung
2008-05-02 12:40 . 2005-08-30 01:49	94,000	--a------	C:\WINDOWS\system32\drivers\ssm_mdm.sys
2008-05-02 12:40 . 2005-08-30 01:47	58,320	--a------	C:\WINDOWS\system32\drivers\ssm_bus.sys
2008-05-02 12:40 . 2005-08-13 05:06	22,486	-ra------	C:\WINDOWS\system32\UnInstall_Driver.ico
2008-05-02 12:40 . 2005-08-30 01:49	8,336	--a------	C:\WINDOWS\system32\drivers\ssm_mdfl.sys
2008-05-02 12:40 . 2005-08-30 01:49	6,176	--a------	C:\WINDOWS\system32\drivers\ssm_cmnt.sys
2008-05-02 12:40 . 2005-08-30 01:49	6,176	--a------	C:\WINDOWS\system32\drivers\ssm_cm.sys
2008-05-02 12:40 . 2005-08-30 01:47	5,840	--a------	C:\WINDOWS\system32\drivers\ssm_whnt.sys
2008-05-02 12:40 . 2005-08-30 01:47	5,840	--a------	C:\WINDOWS\system32\drivers\ssm_wh.sys

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-26 18:38	---------	d-----w	C:\Documents and Settings\Korebko\Dane aplikacji\Skype
2008-06-26 15:27	---------	d-----w	C:\Documents and Settings\Korebko\Dane aplikacji\skypePM
2008-06-20 10:04	---------	d--h--w	C:\Program Files\InstallShield Installation Information
2008-06-18 20:17	---------	d-----w	C:\Program Files\Nokia
2008-06-14 18:01	273,024	------w	C:\WINDOWS\system32\drivers\bthport.sys
2008-05-08 12:28	202,752	----a-w	C:\WINDOWS\system32\drivers\rmcast.sys
2008-01-12 21:20	32	----a-w	C:\Documents and Settings\All Users\Dane aplikacji\ezsid.dat
2008-01-10 20:32	24,192	----a-w	C:\Documents and Settings\Korebko\usbsermptxp.sys
2008-01-10 20:32	22,768	----a-w	C:\Documents and Settings\Korebko\usbsermpt.sys
.

(((((((((((((((((((((((((((((   snapshot@2008-06-30_20.10.29,01   )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-30 16:26:33	2,048	--s-a-w	C:\WINDOWS\bootstat.dat
+ 2008-06-30 20:54:44	2,048	--s-a-w	C:\WINDOWS\bootstat.dat
+ 2008-06-30 20:54:56	16,384	----atw	C:\WINDOWS\Temp\Perflib_Perfdata_21c.dat
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:44 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2006-06-01 11:22 7618560]
"nwiz"="nwiz.exe" [2006-06-01 18:22 1519616 C:\WINDOWS\system32\nwiz.exe]
"SoundMan"="SOUNDMAN.EXE" [2004-12-22 11:09 77824 C:\WINDOWS\SOUNDMAN.EXE]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe" [2005-06-03 04:52 36975]
"NvMediaCenter"="NvMCTray.dll" [2006-06-01 11:22 86016 C:\WINDOWS\system32\nvmctray.dll]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 09:44 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.X264"= x264vfw.dll
"VIDC.3iv2"= 3ivxVfWCodec.dll
"msacm.l3fhg"= mp3fhg.acm

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="C:\Program Files\Messenger\MSMSGS.EXE" /background

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
"PCSuiteTrayApplication"=C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
"WinampAgent"="D:\Program Files\Winamp\winampa.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"D:\\Program Files\\Gadu-Gadu\\gg.exe"=
"D:\\Krzysiek\\Programy\\AQQ\\AQQ.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"D:\\Krzysiek\\Gry\\KartRider\\NMService.exe"=
"D:\\Program Files\\eMule\\emule.exe"=
"D:\\Krzysiek\\Programy\\Azureus\\Azureus.exe"=
"D:\\Krzysiek\\Programy\\BlueSoleil\\BlueSoleil.exe"=
"D:\\Krzysiek\\Gry\\KartRider\\KartRider.exe"=
"D:\\Krzysiek\\Programy\\Hamachi\\hamachi.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 pxark;pxark;C:\WINDOWS\system32\drivers\pxark.sys [2008-04-15 07:14]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
R3 R5BaseSmc;USB Token Holder Service;C:\WINDOWS\system32\DRIVERS\smccard.sys [2008-01-11 16:19]
S3 token;USB Token Service;C:\WINDOWS\system32\DRIVERS\eps2kt1.sys [2008-01-11 16:19]

.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-30 22:55:21
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
D:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\scardsvr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\rundll32.exe
.
**************************************************************************
.
Completion time: 2008-06-30 22:57:30 - machine was rebooted
ComboFix-quarantined-files.txt  2008-06-30 20:57:27
ComboFix2.txt  2008-06-30 18:10:41

Pre-Run: 35,415,715,840 bajtów wolnych
Post-Run: 35,427,966,976 bajt˘w wolnych

212	--- E O F ---	2008-06-30 15:44:20

internet dalej muli

czy przyczyną tego są jakieś wirusy? Czy może po prostu dostawca (Multimedia) ma jakieś problemy? zazwyczaj jak takie występowały, to komputer nie łączył się z internetem w ogóle. Zauważyłem, że ta łączność maleje i rośnie. Są momenty, gdy strony ładują się szybko, a zaraz potem wolno.


[code=auto:0]
ComboFix 08-06-20.4 - Korebko 2008-06-30 22:51:48.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1045.18.226 [GMT 2:00]
Running from: C:\Documents and Settings\Korebko\Pulpit\ComboFix.exe
Command switches used :: C:\Documents and Settings\Korebko\Pulpit\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED

FILE ::
C:\WINDOWS\Sys4A.exe
C:\WINDOWS\Sys4B.exe
C:\WINDOWS\Sys4C.exe
C:\WINDOWS\Sys4D.exe
C:\WINDOWS\system32\sex1.ico
C:\WINDOWS\system32\sex2.ico
C:\WINDOWS\system32\vav.cpl
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\PCHealthCenter
C:\Program Files\PCHealthCenter\0.exe
C:\Program Files\PCHealthCenter\0.gif
C:\Program Files\PCHealthCenter\1.exe
C:\Program Files\PCHealthCenter\1.gif
C:\Program Files\PCHealthCenter\2.exe
C:\Program Files\PCHealthCenter\2.gif
C:\Program Files\PCHealthCenter\3.exe
C:\Program Files\PCHealthCenter\3.gif
C:\Program Files\PCHealthCenter\4.exe
C:\Program Files\PCHealthCenter\5.exe
C:\Program Files\PCHealthCenter\sex1.ico
C:\Program Files\PCHealthCenter\sex2.ico
C:\Program Files\VAV
C:\Program Files\VAV\vav.cpl
C:\Program Files\VAV\vav0.dat
C:\Program Files\VAV\vav1.dat
C:\WINDOWS\Sys4A.exe
C:\WINDOWS\Sys4B.exe
C:\WINDOWS\Sys4C.exe
C:\WINDOWS\Sys4D.exe
C:\WINDOWS\system32\sex1.ico
C:\WINDOWS\system32\sex2.ico
C:\WINDOWS\system32\vav.cpl

.
((((((((((((((((((((((((( Files Created from 2008-05-28 to 2008-06-30 )))))))))))))))))))))))))))))))
.

2008-06-30 10:04 . 2008-06-30 10:04 80 --ah----- C:\WINDOWS\system32\HsInfo.dat
2008-06-29 11:09 . 2006-10-04 16:06 1,197,294 -----c--- C:\WINDOWS\system32\dllcache\sysmain.sdb
2008-06-29 11:09 . 2006-10-04 16:06 764,868 -----c--- C:\WINDOWS\system32\dllcache\apph_sp.sdb
2008-06-29 11:09 . 2006-10-04 16:06 217,118 -----c--- C:\WINDOWS\system32\dllcache\apphelp.sdb
2008-06-29 11:08 . 2008-06-29 11:08 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2008-06-29 11:06 . 2008-06-29 11:06 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-06-29 11:06 . 2008-06-29 11:07 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-06-24 14:44 . 2008-06-24 14:44 2,164 --a------ C:\WINDOWS\system32\tmp.reg
2008-06-24 14:42 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-06-24 14:42 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-06-24 14:42 . 2008-05-29 09:35 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-06-24 14:42 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-06-24 14:42 . 2008-06-23 23:34 82,432 --a------ C:\WINDOWS\system32\IEDFix.C.exe
2008-06-24 14:42 . 2008-05-23 18:21 81,920 --a------ C:\WINDOWS\system32\404Fix.exe
2008-06-24 14:42 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-06-24 14:42 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-06-24 14:42 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-06-24 14:41 . 2008-06-30 22:53 <DIR> d--h----- C:\Documents and Settings\Administrator\Ustawienia lokalne
2008-06-24 14:41 . 2008-01-10 19:00 <DIR> d-------- C:\Documents and Settings\Administrator\Ulubione
2008-06-24 14:41 . 2008-01-10 19:04 <DIR> d--h----- C:\Documents and Settings\Administrator\Szablony
2008-06-24 14:41 . 2008-01-10 19:00 <DIR> d-------- C:\Documents and Settings\Administrator\Pulpit
2008-06-24 14:41 . 2008-01-10 19:00 <DIR> d-------- C:\Documents and Settings\Administrator\Moje dokumenty
2008-06-24 14:41 . 2008-01-10 19:00 <DIR> dr------- C:\Documents and Settings\Administrator\Menu Start
2008-06-24 14:41 . 2008-01-10 19:00 <DIR> dr-h----- C:\Documents and Settings\Administrator\Dane aplikacji
2008-06-24 14:41 . 2008-06-24 14:41 <DIR> d-------- C:\Documents and Settings\Administrator
2008-06-24 14:22 . 2008-06-24 14:22 30,672 --a------ C:\a
2008-06-22 18:11 . 2008-06-22 18:11 1,122 --a------ C:\WINDOWS\bestplayer.ini
2008-06-22 18:11 . 2008-06-22 18:11 23 --a------ C:\WINDOWS\bestplayer.bpp
2008-06-22 18:11 . 2008-06-22 18:11 0 --a------ C:\WINDOWS\bestplayer.bbt
2008-06-11 07:01 . 2008-06-14 20:01 273,024 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-01 11:11 . 2008-06-01 11:11 <DIR> d-------- C:\Documents and Settings\LocalService\Dane aplikacji\Xfire
2008-06-01 11:01 . 2008-06-01 11:03 <DIR> d--h----- C:\Documents and Settings\Korebko\Dane aplikacji\ijjigame
2008-06-01 10:18 . 2008-06-01 10:18 <DIR> d-------- C:\Program Files\NHN USA
2008-06-01 10:18 . 2008-04-27 19:13 704,512 --a------ C:\WINDOWS\system32\ijjiSetup.exe
2008-06-01 10:18 . 2008-04-23 19:42 58,776 --a------ C:\WINDOWS\system32\ijjiPlugin2.dll
2008-06-01 10:17 . 2008-06-01 11:08 50 --a------ C:\WINDOWS\GunzLauncher.INI
2008-05-31 14:33 . 2008-05-31 14:33 <DIR> d-------- C:\Documents and Settings\NetworkService\Dane aplikacji\Xfire
2008-05-29 23:26 . 2008-06-24 14:07 1,160 --a------ C:\WINDOWS\wincmd.ini
2008-05-29 23:26 . 2008-04-22 07:03 545 --a------ C:\WINDOWS\UC.PIF
2008-05-29 23:26 . 2008-04-22 07:03 545 --a------ C:\WINDOWS\RAR.PIF
2008-05-29 23:26 . 2008-04-22 07:03 545 --a------ C:\WINDOWS\PKZIP.PIF
2008-05-29 23:26 . 2008-04-22 07:03 545 --a------ C:\WINDOWS\PKUNZIP.PIF
2008-05-29 23:26 . 2008-04-22 07:03 545 --a------ C:\WINDOWS\NOCLOSE.PIF
2008-05-29 23:26 . 2008-04-22 07:03 545 --a------ C:\WINDOWS\LHA.PIF
2008-05-29 23:26 . 2008-04-22 07:03 545 --a------ C:\WINDOWS\ARJ.PIF
2008-05-28 16:40 . 2008-05-28 16:40 <DIR> d-------- C:\Documents and Settings\Korebko\Dane aplikacji\GanymedeNet
2008-05-28 16:

Log czysty.

[code=auto:0]
ComboFix 08-06-20.4 - Korebko 2008-06-30 22:51:48.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1045.18.226 [GMT 2:00]
Running from: C:\Documents and Settings\Korebko\Pulpit\ComboFix.exe
Command switches used :: C:\Documents and Settings\Korebko\Pulpit\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\Sys4A.exe
C:\WINDOWS\Sys4B.exe
C:\WINDOWS\Sys4C.exe
C:\WINDOWS\Sys4D.exe
C:\WINDOWS\system32\sex1.ico
C:\WINDOWS\system32\sex2.ico
C:\WINDOWS\system32\vav.cpl
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\PCHealthCenter
C:\Program Files\PCHealthCenter\0.exe
C:\Program Files\PCHealthCenter\0.gif
C:\Program Files\PCHealthCenter\1.exe
C:\Program Files\PCHealthCenter\1.gif
C:\Program Files\PCHealthCenter\2.exe
C:\Program Files\PCHealthCenter\2.gif
C:\Program Files\PCHealthCenter\3.exe
C:\Program Files\PCHealthCenter\3.gif
C:\Program Files\PCHealthCenter\4.exe
C:\Program Files\PCHealthCenter\5.exe
C:\Program Files\PCHealthCenter\sex1.ico
C:\Program Files\PCHealthCenter\sex2.ico
C:\Program Files\VAV
C:\Program Files\VAV\vav.cpl
C:\Program Files\VAV\vav0.dat
C:\Program Files\VAV\vav1.dat
C:\WINDOWS\Sys4A.exe
C:\WINDOWS\Sys4B.exe
C:\WINDOWS\Sys4C.exe
C:\WINDOWS\Sys4D.exe
C:\WINDOWS\system32\sex1.ico
C:\WINDOWS\system32\sex2.ico
C:\WINDOWS\system32\vav.cpl

.
((((((((((((((((((((((((( Files Created from 2008-05-28 to 2008-06-30 )))))))))))))))))))))))))))))))
.

2008-06-30 10:04 . 2008-06-30 10:04 80 --ah----- C:\WINDOWS\system32\HsInfo.dat
2008-06-29 11:09 . 2006-10-04 16:06 1,197,294 -----c--- C:\WINDOWS\system32\dllcache\sysmain.sdb
2008-06-29 11:09 . 2006-10-04 16:06 764,868 -----c--- C:\WINDOWS\system32\dllcache\apph_sp.sdb
2008-06-29 11:09 . 2006-10-04 16:06 217,118 -----c--- C:\WINDOWS\system32\dllcache\apphelp.sdb
2008-06-29 11:08 . 2008-06-29 11:08 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2008-06-29 11:06 . 2008-06-29 11:06 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-06-29 11:06 . 2008-06-29 11:07 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-06-24 14:44 . 2008-06-24 14:44 2,164 --a------ C:\WINDOWS\system32\tmp.reg
2008-06-24 14:42 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-06-24 14:42 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-06-24 14:42 . 2008-05-29 09:35 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-06-24 14:42 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-06-24 14:42 . 2008-06-23 23:34 82,432 --a------ C:\WINDOWS\system32\IEDFix.C.exe
2008-06-24 14:42 . 2008-05-23 18:21 81,920 --a------ C:\WINDOWS\system32\404Fix.exe
2008-06-24 14:42 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-06-24 14:42 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-06-24 14:42 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-06-24 14:41 . 2008-06-30 22:53 <DIR> d--h----- C:\Documents and Settings\Administrator\Ustawienia lokalne
2008-06-24 14:41 . 2008-01-10 19:00 <DIR> d-------- C:\Documents and Settings\Administrator\Ulubione
2008-06-24 14:41 . 2008-01-10 19:04 <DIR> d--h----- C:\Documents and Settings\Administrator\Szablony
2008-06-24 14:41 . 2008-01-10 19:00 <DIR> d-------- C:\Documents and Settings\Administrator\Pulpit
2008-06-24 14:41 . 2008-01-10 19:00 <DIR> d-------- C:\Documents and Settings\Administrator\Moje dokumenty
2008-06-24 14:41 . 2008-01-10 19:00 <DIR> dr------- C:\Documents and Settings\Administrator\Menu Start
2008-06-24 14:41 . 2008-01-10 19:00 <DIR> dr-h----- C:\Documents and Settings\Administrator\Dane aplikacji
2008-06-24 14:41 . 2008-06-24 14:41 <DIR> d-------- C:\Documents and Settings\Administrator
2008-06-24 14:22 . 2008-06-24 14:22 30,672 --a------ C:\a
2008-06-22 18:11 . 2008-06-22 18:11 1,122 --a------ C:\WINDOWS\bestplayer.ini
2008-06-22 18:11 . 2008-06-22 18:11 23 --a------ C:\WINDOWS\bestplayer.bpp
2008-06-22 18:11 . 2008-06-22 18:11 0 --a------ C:\WINDOWS\bestplayer.bbt
2008-06-11 07:01 . 2008-06-14 20:01 273,024 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-01 11:11 . 2008-06-01 11:11 <DIR> d-------- C:\Documents and Settings\LocalService\Dane aplikacji\Xfire
2008-06-01 11:01 . 2008-06-01 11:03 <DIR> d--h----- C:\Documents and Settings\Korebko\Dane aplikacji\ijjigame
2008-06-01 10:18 . 2008-06-01 10:18 <DIR> d-------- C:\Program Files\NHN USA
2008-06-01 10:18 . 2008-04-27 19:13 704,512 --a------ C:\WINDOWS\system32\ijjiSetup.exe
2008-06-01 10:18 . 2008-04-23 19:42 58,776 --a------ C:\WINDOWS\system32\ijjiPlugin2.dll
2008-06-01 10:17 . 2008-06-01 11:08 50 --a------ C:\WINDOWS\GunzLauncher.INI
2008-05-31 14:33 . 2008-05-31 14:33 <DIR> d-------- C:\Documents and Settings\NetworkService\Dane aplikacji\Xfire
2008-05-29 23:26 . 2008-06-24 14:07 1,160 --a------ C:\WINDOWS\wincmd.ini
2008-05-29 23:26 . 2008-04-22 07:03 545 --a------ C:\WINDOWS\UC.PIF
2008-05-29 23:26 . 2008-04-22 07:03 545 --a------ C:\WINDOWS\RAR.PIF
2008-05-29 23:26 . 2008-04-22 07:03 545 --a------ C:\WINDOWS\PKZIP.PIF
2008-05-29 23:26 . 2008-04-22 07:03 545 --a------ C:\WINDOWS\PKUNZIP.PIF
2008-05-29 23:26 . 2008-04-22 07:03 545 --a------ C:\WINDOWS\NOCLOSE.PIF
2008-05-29 23:26 . 2008-04-22 07:03 545 --a------ C:\WINDOWS\LHA.PIF
2008-05-29 23:26 . 2008-04-22 07:03 545 --a------ C:\WINDOWS\ARJ.PIF
2008-05-28 16:40 . 2008-05-28 16:40 <DIR> d-------- C:\Documents and Settings\Korebko\Dane aplikacji\GanymedeNet
2008-05-28 16:

dzwoniłem do operatora. On powiedział mi, że połączenie jest blokowane. Nie jest to żaden antywirus, więc podejrzewam, że to jakiś robak. Wklejam najnowszy log z HJT, nie wiem czy w nim można znaleźć co blokuje mój dostęp do internetu, więc proszę mi powiedzieć jakim programem to wykryję i usunę. Czy Kaspersky pomoże?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:28:29, on 2008-07-01
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
D:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = w3cache.icm.edu.pl:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - D:\Krzysiek\Programy\BlueSoleil\BTNtService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 4482 bytes

Log czysty.Więc nie wydaje mi się żeby to był problem związany z wirusem.Sprawdź tu jaki masz szybki net.

oh świetnie! 43kb/s wczoraj był 'aż' 64. powinno być 256

"Ściągnąłem jakieś oprogramowanie"-co to dokładnie było za oprogramowanie?.Podaj nazwę.

nie pamiętam. usunąłem go zaraz po tym, jak przestały mnie nękać informacje o tym, że mam zainfekowany komputer. Mógłbym znaleźć, tylko trochę to zajmie, bo strony się włączają godzinami. Wiem, że miał on na celu blokowanie reklamówek dostających się do mojego komputera wysyłane przez robaki. Wiem że w nazwie miał "vav". zaraz dokładniej poszukam.

przykro mi nie zajdę. historia wyczyszczona. ale wątpię żeby to była wina tego programu. Usunąłem go jakieś półtora tygodnia temu, a problemy z internetem zaczęły się wczoraj.

zaraz coś mam! wprawdzie to nie ten sam program, ale wyglądał podobnie. Windows Worms Cleaner. poblokowałem jakieś porty
- DCOM RPC (nasłuch na porcie 135)
- RPC Locator (port 445)
- NetBIOS (porty 137/138/139)
- UPNP (port 5000)
- Usługa komunikatora (wykorzystuje porty RPC/NetBIOS)

nie zaraz! to był ten program. teraz dopiero rozpoznałem po ikonce. odblokowałem je. teraz rebot i się zaraz okaże czy to pomoże

@edit
kurde. internet niby chodzi szybciej, ale to też różnie. gry przez internet mają takie lagi, że szok, cały czas mnie wykopuje. Nie wiem o co chodzi. odblokowałem przecież te porty. Jest jakis program, żebym sprawdził czy czegoś jeszcze nie mam poblokowanego?

mam zablokowany port 80 :\
jak go odblokować?