Witam mam od paru dni na moim komputerze nie dziala dzwiek w zadnej z przegladarek (w ie, mozilli i operze probowalem). Dzwieku nie ma tylko w przegladarkach. Znalazlem na tym forum podobny temat ale podane tam rozwiazanie u mnie nie dziala (http://forum.infojama.pl/default.aspx?g=posts&t=86651). Zrobilem skana htj i combo fixem ale ja sie na tym zabardzo nie znam
htj:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:08:39, on 2008-12-08
Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O1 - Hosts: 87.229.102.30 l2authd.lineage2.com
O1 - Hosts: 87.229.102.30 l2testauthd.lineage2.com
O1 - Hosts: 216.107.250.194 nprotect.lineage2.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM…\Run: [kav] “C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe”
O4 - HKLM…\Run: [sunJavaUpdateSched] “C:\Program Files\Java\jre6\bin\jusched.exe”
O4 - HKCU…\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray
O4 - HKCU…\Run: [H/PC Connection Agent] “C:\Program Files\Microsoft ActiveSync\wcescomm.exe”
O9 - Extra button: Ochrona WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll/206 (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s … wflash.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
–
End of file - 4141 bytes
combofix:
ComboFix 08-12-07.01 - My 2008-12-08 20:03:41.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1250.1.1045.18.1580 [GMT 1:00]
Uruchomiony z: e:\programy\combofix\ComboFix.exe
* Utworzono nowy punkt przywracania
.
((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\Readme.txt
.
((((((((((((((((((((((((( Pliki utworzone od 2008-11-08 do 2008-12-08 )))))))))))))))))))))))))))))))
.
2008-12-07 23:30 . 2008-12-07 23:30
2008-12-07 23:30 . 2007-09-04 17:56 164,352 --a------ c:\windows\system32\unrar.dll
2008-12-07 23:30 . 2008-07-30 20:09 38 --a------ c:\windows\avisplitter.ini
2008-12-07 22:54 . 2008-12-07 22:54 0 --a------ c:\windows\nsreg.dat
2008-12-06 23:59 . 2008-12-06 23:59
2008-12-06 22:42 . 2008-12-06 22:42 1,340 --a------ C:\fix.reg
2008-12-06 22:31 . 2008-12-06 22:31 16,244 --a------ c:\windows\system32\rrt_is.wav
2008-12-06 22:31 . 2008-12-06 22:31 7,302 --a------ c:\windows\system32\rrt_vf.wav
2008-12-06 22:31 . 2008-12-06 22:31 7,148 --a------ c:\windows\system32\rrt_tv.wav
2008-12-06 22:31 . 2008-12-06 22:31 6,282 --a------ c:\windows\system32\rrt_tn.wav
2008-12-06 14:51 . 2008-12-06 14:51 169 --a------ c:\windows\RtlRack.ini
2008-12-06 14:48 . 2008-12-06 14:48
2008-12-06 14:48 . 2008-12-08 09:02
2008-12-06 14:48 . 2001-07-06 00:19 164 --a------ c:\windows\avrack.ini
2008-12-02 12:43 . 2008-12-02 12:43
2008-12-02 12:40 . 2008-12-02 12:41
2008-11-27 08:49 . 2008-10-07 08:47 490,012 —h----- c:\windows\system\winupdate.exe
2008-11-25 18:26 . 2008-11-25 18:26
2008-11-25 18:25 . 2008-11-25 18:25
2008-11-25 18:25 . 2007-05-30 13:10 10,872 --a------ c:\windows\system32\drivers\AvgAsCln.sys
2008-11-25 18:08 . 2008-11-25 18:08
2008-11-25 17:52 . 2008-11-25 17:52
2008-11-25 17:52 . 2008-11-25 17:52
2008-11-25 17:52 . 2008-11-25 17:52
2008-11-24 13:22 . 2008-11-24 13:22
2008-11-24 09:12 . 2006-02-04 03:50 5,174 --a------ c:\windows\system32\nppt9x.vxd
2008-11-24 09:12 . 2006-02-04 03:50 4,682 --a------ c:\windows\system32\npptNT2.sys
2008-11-23 15:33 . 2008-11-23 15:33
2008-11-23 15:25 . 2008-11-23 16:20
2008-11-23 15:22 . 2006-11-06 18:04 28,672 --a------ c:\windows\system32\drivers\wceusbsh.sys
2008-11-23 15:22 . 2006-11-06 18:04 28,672 --a------ c:\windows\system32\dllcache\wceusbsh.sys
2008-11-22 14:20 . 2008-11-22 14:12 933,908 --a------ c:\windows\system32\Core.dll
2008-11-22 14:13 . 2008-11-22 14:13
2008-11-20 12:09 . 2008-12-05 18:21
2008-11-14 16:33 . 2008-11-14 16:33
2008-11-13 16:33 . 2008-11-17 23:49
2008-11-11 11:28 . 2008-11-11 11:28
2008-11-08 17:31 . 2008-11-08 17:31
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-08 19:06 13,040,416 --sha-w c:\windows\system32\drivers\fidbox.dat
2008-12-08 19:05 263,200 --sha-w c:\windows\system32\drivers\fidbox2.dat
2008-12-08 13:35 40,616 --sha-w c:\windows\system32\drivers\fidbox2.idx
2008-12-08 13:35 182,120 --sha-w c:\windows\system32\drivers\fidbox.idx
2008-12-06 22:49 --------- d-----w c:\program files\Java
2008-11-27 08:05 149,504 ----a-w c:\windows\system32\dllcache\regedit.exe
2008-11-27 08:05 149,504 ----a-w c:\windows\regedit.exe
2008-11-21 17:47 --------- d-----w c:\program files\MoorHunt
2008-11-21 17:44 --------- d–h--w c:\program files\InstallShield Installation Information
2008-11-21 17:42 --------- d-----w c:\program files\BitComet
2008-11-10 21:00 --------- d-----w c:\program files\Tibia Mc
2008-11-10 12:39 --------- d-----w c:\program files\Tibia
2008-11-10 04:43 410,984 ----a-w c:\windows\system32\deploytk.dll
2008-11-09 21:09 --------- d-----w c:\program files\HTV
2008-11-06 15:04 --------- d-----w c:\program files\DirectX Happy Uninstall
2008-11-05 22:36 --------- d-----w c:\program files\ToniArts
2008-11-04 20:04 --------- d-----w c:\program files\Malwarebytes’ Anti-Malware
2008-11-04 20:04 --------- d-----w c:\documents and settings\My\Dane aplikacji\Malwarebytes
2008-11-04 20:04 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Malwarebytes
2008-11-04 19:25 --------- d-----w c:\program files\Kaspersky Lab
2008-11-04 19:25 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab
2008-11-03 07:12 --------- d-----w c:\program files\Microangelo
2008-11-02 22:31 --------- d-----w c:\program files\microsoft frontpage
2008-11-02 12:13 86,016 ----a-w c:\windows\system32\OpenAL32.dll
2008-11-02 12:13 262,144 ----a-w c:\windows\system32\wrap_oal.dll
2008-11-01 21:56 --------- d-----w c:\program files\MadOnion.com
2008-11-01 15:33 --------- d-----w c:\program files\FreshDevices
2008-10-31 12:40 --------- d-----w c:\documents and settings\My\Dane aplikacji\Ringtone
2008-10-29 18:51 --------- d-----w c:\program files\Joy RingTone Converter Evaluation Edition
2008-10-27 20:02 --------- d-----w c:\documents and settings\My\Dane aplikacji\Tibia
2008-10-22 20:45 --------- d-----w c:\program files\Opera
2008-10-22 15:10 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2008-10-22 15:10 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2008-10-17 22:21 --------- d-----w c:\program files\Tibia Auto
2008-10-16 07:21 --------- d-----w c:\program files\TibiaBot NG
2008-10-15 16:36 337,408 ------w c:\windows\system32\dllcache\netapi32.dll
2008-10-12 16:32 --------- d-----w c:\documents and settings\My\Dane aplikacji\Ahead
2008-10-12 16:31 --------- d-----w c:\program files\Ahead
2008-10-12 16:30 --------- d-----w c:\program files\Common Files\Ahead
2008-10-12 16:30 --------- d-----w c:\documents and settings\My\Dane aplikacji\NeroVision
2008-10-08 06:03 --------- d-----w c:\program files\Alcohol Soft
2008-10-05 09:54 2,084 ----a-w c:\windows\system32\ealregsnapshot1.reg
2008-10-03 17:26 6,066,176 ------w c:\windows\system32\dllcache\ieframe.dll
2008-09-22 17:00 737,280 ----a-w c:\windows\iun6002.exe
2008-09-22 16:32 472,576 ----a-w c:\windows\Radeon Omega Drivers v4.8.442 Uninstall.exe
2008-09-22 15:02 495,458 ----a-w c:\windows\system32\opengl95.exe
2008-09-22 15:02 495,458 ----a-w c:\windows\opengl95.exe
2008-09-21 16:31 60,416 ----a-w c:\windows\ALCFDRTM.EXE
2008-09-15 15:27 1,846,656 ----a-w c:\windows\system32\win32k.sys
2008-09-15 15:27 1,846,656 ------w c:\windows\system32\dllcache\win32k.sys
2008-09-08 10:41 333,824 ------w c:\windows\system32\dllcache\srv.sys
1996-07-29 10:11 733,296 ----a-w c:\documents and settings\My\OPENGL32.DLL
1996-07-29 10:09 139,712 ----a-w c:\documents and settings\My\GLU32.DLL
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“ctfmon.exe”=“c:\windows\system32\ctfmon.exe” [2008-04-14 15360]
“Gadu-Gadu”=“c:\program files\Gadu-Gadu\gg.exe” [2008-03-20 2127296]
“H/PC Connection Agent”=“c:\program files\Microsoft ActiveSync\wcescomm.exe” [2006-11-13 1289000]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“kav”=“c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe” [2006-03-24 139367]
“SunJavaUpdateSched”=“c:\program files\Java\jre6\bin\jusched.exe” [2008-11-10 136600]
[HKLM~\startupfolder\C:^Documents and Settings^My^Menu Start^Programy^Autostart^Alaplaya Launcher.lnk]
path=c:\documents and settings\My\Menu Start\Programy\Autostart\Alaplaya Launcher.lnk
backup=c:\windows\pss\Alaplaya Launcher.lnkStartup
[HKLM~\startupfolder\C:^Documents and Settings^My^Menu Start^Programy^Autostart^lsass.exe]
path=c:\documents and settings\My\Menu Start\Programy\Autostart\lsass.exe
backup=c:\windows\pss\lsass.exeStartup
[HKLM~\startupfolder\C:^Documents and Settings^My^Menu Start^Programy^Autostart^OpenOffice.org 3.0.lnk]
path=c:\documents and settings\My\Menu Start\Programy\Autostart\OpenOffice.org 3.0.lnk
backup=c:\windows\pss\OpenOffice.org 3.0.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg!AVG Anti-Spyware]
–a------ 2007-06-11 10:25 6731312 c:\program files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
–a------ 2008-07-24 16:02 490952 c:\program files\DAEMON Tools Lite\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadu-Gadu]
–a------ 2008-03-20 11:04 2127296 c:\program files\Gadu-Gadu\gg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
–a------ 2006-11-13 15:57 1289000 c:\program files\Microsoft ActiveSync\wcescomm.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HTV Agent]
–a------ 2008-01-13 21:31 525312 c:\program files\HTV\HTV.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
-ra------ 2001-07-09 10:50 155648 c:\windows\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Orb]
–a------ 2008-04-01 02:54 507904 c:\program files\Winamp Remote\bin\OrbTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sunjavaupdatesched]
–a------ 2008-11-10 05:43 136600 c:\program files\Java\jre6\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
–a------ 2008-04-01 19:49 36352 c:\program files\Winamp\winampa.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WINDOWS]
—h----- 2008-10-07 08:47 490012 c:\windows\system\winupdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
“WMPNetworkSvc”=3 (0x3)
“msupdate”=2 (0x2)
“idsvc”=3 (0x3)
“IDriverT”=3 (0x3)
“gusvc”=3 (0x3)
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
“DisableMonitoring”=dword:00000001
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
“%windir%\Network Diagnostic\xpnetdiag.exe”=
“%windir%\system32\sessmgr.exe”=
“c:\Program Files\Winamp Remote\bin\Orb.exe”=
“c:\Program Files\Winamp Remote\bin\OrbTray.exe”=
“c:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe”=
“c:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe”=
“e:\GrY\Steam\SteamApps\wolffik\counter-strike\hl.exe”=
“c:\Program Files\Gadu-Gadu\gg.exe”=
“c:\Program Files\Opera\opera.exe”=
“d:\Counter-Strike Source\hl2.exe”=
“c:\program files\Microsoft ActiveSync\rapimgr.exe”= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
“c:\program files\Microsoft ActiveSync\wcescomm.exe”= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
“c:\program files\Microsoft ActiveSync\WCESMgr.exe”= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
“7249:TCP”= 7249:TCP:BitComet 7249 TCP
“7249:UDP”= 7249:UDP:BitComet 7249 UDP
“26675:TCP”= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
S3 npkycryp;npkycryp;??\e:\gry\Lineage II\system\npkycryp.sys []
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{91eac7b5-8804-11dd-a504-806d6172696f}]
\Shell\AutoRun\command - F:\ASUSACPI.exe
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www.google.pl/
FireFox -: Profile - c:\documents and settings\My\Dane aplikacji\Mozilla\Firefox\Profiles\zhkvgmd6.default\
FF -: plugin - c:\program files\Adobe\Acrobat 6.0 CE\Reader\browser\nppdf32.dll
FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npdeploytk.dll
FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npjp2.dll
FF -: plugin - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-08 20:05:58
Windows 5.1.2600 Dodatek Service Pack 3 NTFS
skanowanie ukrytych procesów …
skanowanie ukrytych wpisów autostartu …
skanowanie ukrytych plików …
skanowanie pomyślnie ukończone
ukryte pliki: 0
**************************************************************************
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------
-
-
-
-
-
-
- > ‘winlogon.exe’(780)
-
-
-
-
-
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\klogon.dll
.
Czas ukończenia: 2008-12-08 20:07:13
ComboFix-quarantined-files.txt 2008-12-08 19:06:54
ComboFix2.txt 2008-11-04 20:00:56
ComboFix3.txt 2008-11-04 19:08:03
Przed: 625 795 072 bajtów wolnych
Po: 781,484,032 bajtów wolnych
WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT=“Microsoft Windows Recovery Console” /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS=“Microsoft Windows XP Professional” /noexecute=optin /fastdetect
216 — E O F — 2008-10-24 12:17:36
mam nadzieje ze ktos pomoze mi rozgrysc ten pomysl i z gory dziekuje