Dziwne powtarzające się zjawisko-syndrom blokady iexplore


(Arkadi) #1

Od paru dni mam problem z dziwnym zjawiskiem. :frowning: :frowning: :frowning:

Mianowicie pracuje na komputerze od 8:00 do 15:00, jest on podłączony do internetu poprzez router DSL.

W popołudniowych godzinach tak po 13, komputer nagle ma problem z połączeniem do internetu. Sieć działa, na innych komputerach wyjście na internet jest, połączenie z routerem przez admin także, nie mogę połączyć się z internetem poprzez iexplore czy firefox, z jakąkolwiek witryną np. google, nawet outlook nie chce się łączyć. Gdy robie restart wszystko wraca do normy. Scan antywirem nic nie wskazauje, Ad-adware także nic nie wykrywa. Każdego dnia prawie o tej samej porze to się powtarza, połączenie z internetem zamiera.

Zamieszczam log.

Logfile of HijackThis v1.99.1

Scan saved at 13:28:34, on 2007-06-13

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Ahead\InCD\InCDsrv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\ULi5287\ULi5287.exe

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\Program Files\Analog Devices\SoundMAX\Smax4.exe

C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe

C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe

C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

C:\Program Files\lg_fwupdate\fwupdate.exe

C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

C:\Program Files\Ahead\InCD\InCD.exe

C:\PROGRA~1\Grisoft\AVG7\avgcc.exe

C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

C:\Program Files\Picasa2\PicasaMediaDetector.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Unlocker\UnlockerAssistant.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\OpenOfficePL Home 2006\program\soffice.exe

C:\Program Files\OpenOfficePL Home 2006\program\soffice.BIN

C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe

C:\Program Files\Microsoft SQL Server\MSSQL$BESTIASQL\Binn\sqlservr.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\System32\snmp.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Documents and Settings\Serwer\Pulpit\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll

O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll

O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O4 - HKLM..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"

O4 - HKLM..\Run: [uLiRaid] C:\Program Files\ULi5287\ULi5287.exe

O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe

O4 - HKLM..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe

O4 - HKLM..\Run: [soundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray

O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe

O4 - HKLM..\Run: [statusClient 2.6] C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe /auto

O4 - HKLM..\Run: [TomcatStartup 2.5] C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe

O4 - HKLM..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"

O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

O4 - HKLM..\Run: [LGODDFU] "C:\Program Files\lg_fwupdate\fwupdate.exe"

O4 - HKLM..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"

O4 - HKLM..\Run: [inCD] C:\Program Files\Ahead\InCD\InCD.exe

O4 - HKLM..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

O4 - HKLM..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe

O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM..\Run: [unlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"

O4 - HKCU..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU..\Run: [EdHTML] C:\Program Files\Binboy\EdHTMLv5.0\EdHTML.exe /none

O4 - Startup: OpenOfficePL Home 2006.lnk = C:\Program Files\OpenOfficePL Home 2006\program\quickstart.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

O8 - Extra context menu item: Download All Files by HiDownload - C:\Program Files\HiDownload\HDGetAll.htm

O8 - Extra context menu item: Download by HiDownload - C:\Program Files\HiDownload\HDGet.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O9 - Extra button: HiDownload - {F4FBA929-A891-492C-A0F6-5C79CC4F1742} - C:\Program Files\HiDownload\hidownload.exe

O11 - Options group: [iNTERNATIONAL] International*

O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://212.51.106.202/activex/AMC.cab

O16 - DPF: {92ECE6FA-AC2E-4042-BFAE-0C8608E52A43} (SignActivX Control) - https://www.bph.pl/sezam/components/SignActivX.cab

O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://195.136.36.165/activex/AMC.cab

O17 - HKLM\System\CCS\Services\Tcpip..{E7DC6EAF-2C19-4C3E-8B5D-D657976B536A}: NameServer = 194.204.152.34,194.204.159.1

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: DirectX Service (DirectCydd) - Unknown owner - c:\windows\system32\directx.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

nie mogę znaleść źródła przyczyny.

liczę na pomoc, dzięki z góry :smiley: :smiley: :smiley:


(adam9870) #2

Użyj Windows Worms Doors Cleanera zmień znaczki z disable na enable (wszystkie znaczki maja być na zielono, jeżeli któryś z nich będzie na żółto to go zostaw). Po użyciu narzędzia wymagany jest restart.

Otwórz Notatnik i wklej w nim to:

Plik >>> Zapisz jako >>> Zmień rozszerzenie z TXT na Wszystkie pliki >>> Zapisz pod nazwą FIX.BAT i uruchom go w trybie awaryjnym.

Usuń wpisy korzystając z HijackThis.

Po wykonaniu pokaż nowy log z HijackThis plus z ComboFix. Aby zrobić w nim log należy go uruchomić => nacisnąć klawisz Y => czekać cierpliwie i log powinien być w formie pliku .txt o nazwie combofix na partycji C.


(Arkadi) #3

Okey wykonałem oto logi:

Logfile of HijackThis v1.99.1

Scan saved at 15:57:45, on 2007-06-13

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Ahead\InCD\InCDsrv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

C:\Program Files\Microsoft SQL Server\MSSQL$BESTIASQL\Binn\sqlservr.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\System32\snmp.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\ULi5287\ULi5287.exe

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\Program Files\Analog Devices\SoundMAX\Smax4.exe

C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe

C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe

C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

C:\Program Files\lg_fwupdate\fwupdate.exe

C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

C:\Program Files\Ahead\InCD\InCD.exe

C:\PROGRA~1\Grisoft\AVG7\avgcc.exe

C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

C:\Program Files\Picasa2\PicasaMediaDetector.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Unlocker\UnlockerAssistant.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\OpenOfficePL Home 2006\program\soffice.exe

C:\Program Files\OpenOfficePL Home 2006\program\soffice.BIN

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\Serwer\Pulpit\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll

O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll

O4 - HKLM..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"

O4 - HKLM..\Run: [uLiRaid] C:\Program Files\ULi5287\ULi5287.exe

O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe

O4 - HKLM..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe

O4 - HKLM..\Run: [soundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray

O4 - HKLM..\Run: [statusClient 2.6] C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe /auto

O4 - HKLM..\Run: [TomcatStartup 2.5] C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe

O4 - HKLM..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"

O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

O4 - HKLM..\Run: [LGODDFU] "C:\Program Files\lg_fwupdate\fwupdate.exe"

O4 - HKLM..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"

O4 - HKLM..\Run: [inCD] C:\Program Files\Ahead\InCD\InCD.exe

O4 - HKLM..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

O4 - HKLM..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe

O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM..\Run: [unlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"

O4 - HKCU..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU..\Run: [EdHTML] C:\Program Files\Binboy\EdHTMLv5.0\EdHTML.exe /none

O4 - Startup: OpenOfficePL Home 2006.lnk = C:\Program Files\OpenOfficePL Home 2006\program\quickstart.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

O8 - Extra context menu item: Download All Files by HiDownload - C:\Program Files\HiDownload\HDGetAll.htm

O8 - Extra context menu item: Download by HiDownload - C:\Program Files\HiDownload\HDGet.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O9 - Extra button: HiDownload - {F4FBA929-A891-492C-A0F6-5C79CC4F1742} - C:\Program Files\HiDownload\hidownload.exe

O11 - Options group: [iNTERNATIONAL] International*

O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://212.51.106.202/activex/AMC.cab

O16 - DPF: {92ECE6FA-AC2E-4042-BFAE-0C8608E52A43} (SignActivX Control) - https://www.bph.pl/sezam/components/SignActivX.cab

O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://195.136.36.165/activex/AMC.cab

O17 - HKLM\System\CCS\Services\Tcpip..{E7DC6EAF-2C19-4C3E-8B5D-D657976B536A}: NameServer = 194.204.152.34,194.204.159.1

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

oraz z Combofix

ComboFix 07-06-13.3 - BĄd wejcia: Brak aparatu skrypt˘w dla plik˘w o rozszerzeniu ".vbs".

"UM-ST03" - 2007-06-13 15:48:31 - Dodatek Service Pack 2 NTFS [sAFE MODE]

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

-------\LEGACY_NM

-------\nm

((((((((((((((((((((((((( Files Created from 2007-05-13 to 2007-06-13 )))))))))))))))))))))))))))))))

2007-06-13 15:48 49,152 --a------ C:\WINDOWS\nircmd.exe

2007-06-13 14:51 44,544 --a------ C:\WINDOWS\User32.dll

2007-06-13 14:40

2007-06-12 14:24 7,168 --a------ C:\WINDOWS\lq.dll

2007-06-12 14:24 468,480 --a------ C:\WINDOWS\system32\NMDll.dll

2007-06-12 14:24 208,896 --a------ C:\WINDOWS\system32\HDBHO.dll

2007-06-12 14:24 20,480 --a------ C:\WINDOWS\yhl.dll

2007-06-12 14:24

2007-06-12 14:24

2007-06-12 14:15

2007-06-12 13:47

2007-06-12 13:10 46 --a------ C:\WINDOWS\system32\DonationCoder_urlsnooper_InstallInfo.dat

2007-06-12 13:09

2007-06-12 13:09

2007-06-06 12:34 5,837 --a------ C:\dnsbak.reg

2007-05-25 11:48

2007-05-23 09:59

2007-05-22 14:53

2007-05-22 14:53

2007-05-22 14:51

2007-05-17 13:30

2007-05-15 15:08

2007-05-15 15:08

2007-05-15 14:54

2007-05-15 13:00 921,600 --a------ C:\WINDOWS\system32\vorbisenc.dll

2007-05-15 13:00 9,216 --a------ C:\WINDOWS\system32\cpuinf32.dll

2007-05-15 13:00 45,056 --a------ C:\WINDOWS\system32\ogg.dll

2007-05-15 13:00 245,760 --a------ C:\WINDOWS\system32\mplvpx.dll

2007-05-15 13:00 237,568 --a------ C:\WINDOWS\system32\OggDS.dll

2007-05-15 13:00 188,416 --a------ C:\WINDOWS\system32\vorbis.dll

2007-05-15 12:59

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-13 13:51:57 -------- d-----w C:\Program Files\lg_fwupdate

2007-06-13 13:43:59 95,506 ----a-w C:\WINDOWS\system32\perfc015.dat

2007-06-13 13:43:59 496,554 ----a-w C:\WINDOWS\system32\perfh015.dat

2007-06-13 13:39:50 -------- d-----w C:\DOCUME~1\Serwer\DANEAP~1\OpenOfficePLHome2

2007-06-13 12:28:30 -------- d-----w C:\Program Files\Mozilla Thunderbird Beta 1

2007-06-13 06:44:36 -------- d-----w C:\Program Files\eMule

2007-06-08 12:13:54 5,904 ----a-w C:\WINDOWS\mozver.dat

2007-06-06 12:56:27 -------- d-----w C:\Program Files\Bestia

2007-05-22 12:56:35 -------- d-----w C:\Program Files\Eusing Free Registry Cleaner

2007-05-15 13:28:06 -------- d-----w C:\Program Files\BDE

2007-05-15 13:20:39 -------- d-----w C:\Program Files\Winamp

2007-05-15 13:13:34 -------- d-----w C:\Program Files\Microsoft SQL Server

2007-05-15 11:15:38 -------- d-----w C:\Program Files\IVT Corporation

2007-05-15 11:15:37 -------- d--h--w C:\Program Files\InstallShield Installation Information

2007-05-15 11:00:32 639,066 ----a-w C:\WINDOWS\system32\DivX.dll

2007-05-15 11:00:29 765,952 ----a-w C:\WINDOWS\system32\xvidcore.dll

2007-05-09 09:28:47 -------- d-----w C:\DOCUME~1\Serwer\DANEAP~1\MusicIP

2007-04-26 09:35:12 -------- d-----w C:\Program Files\SanDisk

2007-04-26 09:34:51 -------- d-----w C:\DOCUME~1\Serwer\DANEAP~1\InstallShield

2007-04-25 09:26:53 9,216 ----a-w C:\WINDOWS\nvapi.dll

2007-04-25 09:26:52 -------- d-----w C:\Program Files\KillSoft

2007-04-24 13:04:31 -------- d-----w C:\Program Files\AIDA32 - Personal System Information

2007-04-24 09:12:24 -------- d-----w C:\Program Files\Avery Dennison

2007-04-20 10:20:26 -------- d-----w C:\Program Files\Ufasoft

2007-04-20 07:39:54 -------- d-----w C:\DOCUME~1\Serwer\DANEAP~1\Ufasoft

2007-04-18 16:14:32 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll

2007-04-16 20:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll

2007-04-16 20:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll

2007-04-16 20:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll

2007-04-16 20:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll

2007-04-16 20:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll

2007-04-16 20:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll

2007-04-16 20:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe

2007-04-16 20:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll

2007-04-16 08:40:08 -------- d-----w C:\Program Files\Visual MP3 To Wav Converter

2007-04-16 08:32:52 1,264 ----a-w C:\WINDOWS\system32\affnow-item7041-1.sys

2007-03-29 11:17:58 2 ----a-w C:\WINDOWS\system32\scgsmsesbase.dll

2007-03-26 09:08:56 3,984 ----a-w C:\WINDOWS\desctemp.dat

2007-03-17 13:45:36 293,376 ----a-w C:\WINDOWS\system32\winsrv.dll

2006-06-12 11:23:18 403,456 --sha-w C:\WINDOWS\BricoPacks\Vista Inspirat\ResFiles\44_shell32.dll\Thumbs.db

2006-06-30 12:58:24 10,240 --sha-w C:\WINDOWS\BricoPacks\Vista Inspirat\ResFiles\65_zipfldr.dll\Thumbs.db

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]

{C451C08A-EC37-45DF-AAAD-18B51AB5E837}=C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll [2006-09-25 12:19]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-06-28 21:05]

"ULiRaid"="C:\Program Files\ULi5287\ULi5287.exe" [2005-08-23 20:59]

"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 15:21 C:\WINDOWS\system32\HdAShCut.exe]

"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 03:11]

"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2005-09-07 15:35]

"StatusClient 2.6"="C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe" [2004-02-27 19:29]

"TomcatStartup 2.5"="C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe" [2004-05-20 18:40]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]

"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11]

"LGODDFU"="C:\Program Files\lg_fwupdate\fwupdate.exe" [2005-04-12 10:11]

"RemoteControl"="C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2003-12-08 17:35]

"InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2005-07-08 16:25]

"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-04-18 08:43]

"AVG7_EMC"="C:\PROGRA~1\Grisoft\AVG7\avgemc.exe" [2007-04-18 08:43]

"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2006-12-12 02:36]

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-12 08:22]

"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2006-09-07 19:19]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00]

"EdHTML"="C:\Program Files\Binboy\EdHTMLv5.0\EdHTML.exe" [2003-03-24 18:38]

Contents of the 'Scheduled Tasks' folder

2007-06-12 17:00:02 C:\WINDOWS\tasks\zamykanie.job

**************************************************************************

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net

Rootkit scan 2007-06-13 15:51:42

Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

Completion time: 2007-06-13 15:53:33 - machine was rebooted

C:\ComboFix-quarantined-files.txt ... 2007-06-13 15:53

--- E O F ---

Usunęło directx.exe

To wszystko? Jutro zobacze czy o tej samej porze mi zerwie internet.

:smiley: :smiley: :smiley: