Internet strasznie muli

razer · 23 Maj 2007 16:14

Jak w temacie - od jakichś dwóch dni mam problem z załadowaniem jakiej kolwiek strony internetowej (zarówno w IE jak i w Mozilli). Na dolnym pasku przeglądarki pojawia się “Ustalanie adresu strony <>”, potem “zakonczono”, ale strona sięnie wyświetla (“błąd wczytywania strony”). Po kiku próbach odświeżenia strony zwykle udaje się to wczytać, ale wczytuje się bardzo powoli. Jest też problem z podłączeniem się komunikatora(gg). Niżej log z HJT:

Logfile of HijackThis v1.99.1 Scan saved at 18:13:14, on 2007-05-23 Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\java\Java.LOG\services.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\java\java.LOG\spoolsv.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\Gadu-Gadu\gg.exe C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe D:\Program Files\uTorrent\utorrent.exe C:\WINDOWS\System32\pag.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Winamp\winamp.exe D:\install\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL O4 - HKLM…\Run: [Pag Windows Monitor] pag.exe O4 - HKLM…\RunServices: [msvccc66] svcchosst.exe O4 - HKLM…\RunServices: [Pag Windows Monitor] pag.exe O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray O4 - HKCU…\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - HKCU…\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] “C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe” O4 - HKCU…\Run: [µTorrent] “D:\Program Files\uTorrent\utorrent.exe” O4 - HKCU…\Run: [Komunikator] C:\Program Files\Tlen.pl\tlen.exe O4 - HKCU…\Run: [Odkurzacz-MCD] C:\Program Files\Odkurzacz\odk_mcd.exe O4 - HKCU…\Run: [Pag Windows Monitor] pag.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000 O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: JavaLOG - Unknown owner - C:\WINDOWS\java\Java.LOG\services.exe O23 - Service: NBService - Nero AG - D:\Program Files\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: FireDaemon Service: Secure (Secure) - Unknown owner - c:\Windows\system32\Dap\mssvchost.exe (file missing) O23 - Service: FireDaemon Service: smss (smss) - Unknown owner - c:\Windows\system32\Dap\mssvchost.exe (file missing) O23 - Service: servicesnt Service: spoolnt (spoolnt) - Unknown owner - C:\WINDOWS\system32\drivers\etc\system\servicesnt.EXE (file missing) O23 - Service: servicesnt Service: svchostnt (svchostnt) - Unknown owner - C:\WINDOWS\system32\drivers\etc\system\servicesnt.EXE (file missing) O23 - Service: FireDaemon Service: WindowsUpdate (WindowsUpdate) - Unknown owner - c:\Windows\system32\Dap\mssvchost.exe (file missing) O23 - Service: FireDaemon Service: wkcnfmon (wkcnfmon) - Unknown owner - C:\WINDOWS\system32\drivers\tkr\FireDaemon.EXE (file missing) O23 - Service: FireDaemon Service: wkconipe (wkconipe) - Unknown owner - C:\WINDOWS\system32\drivers\tkr\FireDaemon.EXE (file missing)

Proszę o pomoc.

pzdr

Gutek · 23 Maj 2007 20:01

Start >>> Uruchom >>> services.msc >>> zatrzymaj i wyłącz JavaLOG, servicesnt Service spoolnt i svchostnt i FireDaemon Service: WindowsUpdate foldery i pliki usuń ręcznie, wpisy HJT. Daj log z Combofix

razer · 24 Maj 2007 09:51

Po pierwsze - dzięki za pomoc. Zrobiłem wszystko, co napisałeś i na razie jest chyba ok.

A to log z combofix:

“Z©goty” - 2007-05-24 11:35:12 Dodatek Service Pack. 1 ComboFix 07-05.24.4.V - Running from: “C:\Documents and Settings\Z©goty” ((((((((((((((((((((((((((((((( Files Created from 2007-04-05 to 2007-05-24 )))))))))))))))))))))))))))))))))) 2007-05-23 19:17 2007-05-18 19:16 2007-05-18 18:56 346 --a------ C:\WINDOWS\system32\tmp.reg 2007-05-18 18:54 53,248 --a------ C:\WINDOWS\system32\Process.exe 2007-05-18 18:54 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe 2007-05-18 18:45 2007-05-11 16:42 1,435,878 --a------ C:\WINDOWS\cook.exe 2007-05-11 12:26 259,072 --a------ C:\DOCUME~1\ZGOTY~1\fas.exe 2007-05-10 13:54 603,955 --a------ C:\WINDOWS\hells.exe 2007-05-10 13:54 2007-05-07 02:43 1,505,572 --a------ C:\WINDOWS\freaky.exe 2007-05-02 21:44 23,552 --a------ C:\WINDOWS\system32\MSMPIDE.DLL 2007-05-02 21:44 116,224 --a------ C:\WINDOWS\system32\pdfcmnnt.dll 2007-05-02 21:44 2007-05-02 11:32 2007-05-02 11:28 2007-05-02 11:27 24,192 --a------ C:\DOCUME~1\ZGOTY~1\usbsermptxp.sys 2007-05-02 11:27 22,768 --a------ C:\WINDOWS\system32\drivers\usbsermpt.sys 2007-05-02 11:27 22,768 --a------ C:\DOCUME~1\ZGOTY~1\usbsermpt.sys 2007-05-02 11:27 2007-05-02 11:27 (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-05-24 09:35:24 -------- d-----w C:\DOCUME~1\ZGOTY~1\DANEAP~1\uTorrent 2007-05-23 17:11:19 -------- d-----w C:\Program Files\Gadu-Gadu 2007-05-21 17:51:00 -------- d-----w C:\DOCUME~1\ZGOTY~1\DANEAP~1\BSplayer Pro 2007-05-18 21:12:06 -------- d-----w C:\Program Files\Odkurzacz 2007-05-02 09:28:59 -------- d–h--w C:\Program Files\InstallShield Installation Information 2007-04-25 08:27:33 -------- d-----w C:\DOCUME~1\ZGOTY~1\DANEAP~1\Tlen.pl 2007-04-17 09:59:01 -------- d-----w C:\Program Files\vanBasco’s Karaoke Player 2007-04-13 01:48:21 1,095,903 ----a-w C:\WINDOWS\tmz.exe 2007-04-11 09:06:11 -------- d-----w C:\DOCUME~1\ZGOTY~1\DANEAP~1\Ahead 2007-04-09 19:21:42 783,409 ----a-w C:\WINDOWS\zcool.exe 2007-04-03 17:26:58 17,144 ----a-w C:\DOCUME~1\ZGOTY~1\DANEAP~1\GDIPFONTCACHEV1.DAT 2007-04-01 14:34:54 -------- d-----w C:\Program Files\Tlen.pl 2007-04-01 06:12:26 -------- d-----w C:\Program Files\Terayon 2007-04-01 06:12:16 -------- d-----w C:\Program Files\Common Files\InstallShield 2007-03-31 07:19:13 -------- d-----w C:\DOCUME~1\ZGOTY~1\DANEAP~1\Skype 2007-03-27 23:46:15 8,188 ----a-w C:\WINDOWS\winnt.exe 2007-03-26 09:54:13 -------- d-----w C:\Program Files\Common Files\Ahead 2007-03-26 08:07:59 -------- d-----w C:\Program Files\AskTBar 2007-03-26 08:00:17 -------- d-----w C:\Program Files\D-Tools 2007-03-25 18:36:01 49,492 ----a-w C:\WINDOWS\system32\perfc015.dat 2007-03-25 18:36:01 355,486 ----a-w C:\WINDOWS\system32\perfh015.dat 2007-03-20 15:18:11 -------- d-----w C:\Program Files\Winamp 2007-03-20 15:11:45 -------- d-----w C:\Program Files\Movie Maker 2007-03-19 16:39:53 -------- d-----w C:\DOCUME~1\ZGOTY~1\DANEAP~1\HP 2007-03-19 16:38:51 113,547 ----a-w C:\WINDOWS\hpoins07.dat 2007-03-19 16:34:26 -------- d-----w C:\Program Files\Common Files\HP 2007-03-19 16:33:02 -------- d-----w C:\Program Files\Hewlett-Packard 2007-03-19 16:31:55 -------- d-----w C:\Program Files\Common Files\Hewlett-Packard 2007-03-19 16:31:11 -------- d-----w C:\Program Files\HP 2007-03-19 13:02:20 3,067 ----a-w C:\WINDOWS\mozver.dat 2007-03-19 12:59:14 -------- d-----w C:\DOCUME~1\ZGOTY~1\DANEAP~1\Google 2007-03-18 18:08:24 -------- d-----w C:\Program Files\Neostrada TP 2007-03-18 17:55:29 -------- d-----w C:\Program Files\Google 2007-03-18 13:48:53 -------- d-----w C:\DOCUME~1\ZGOTY~1\DANEAP~1\AdobeUM 2007-03-18 13:34:10 0 ----a-w C:\WINDOWS\nsreg.dat 2007-03-18 13:00:03 -------- d-----w C:\Program Files\Skype 2007-03-18 13:00:02 -------- d-----w C:\Program Files\Common Files\Skype 2007-03-18 12:32:50 -------- d-----w C:\DOCUME~1\ZGOTY~1\DANEAP~1\Media Player Classic 2007-03-18 12:21:22 134,144 ----a-r C:\WINDOWS\system32\mssmpp.exe 2007-03-18 12:15:43 118,272 --sh–r C:\WINDOWS\system32\FrameWork.exe 2007-03-18 12:05:29 -------- d-----w C:\DOCUME~1\ZGOTY~1\DANEAP~1\Real 2007-03-18 11:49:09 -------- d-----w C:\Program Files\K-Lite Codec Pack 2007-03-18 11:35:53 -------- d-----w C:\Program Files\microsoft frontpage 2007-03-18 11:35:32 0 --sha-r C:\MSDOS.SYS 2007-03-18 11:35:32 0 --sha-r C:\IO.SYS 2007-03-18 11:35:32 0 ----a-w C:\CONFIG.SYS 2007-03-18 11:35:32 0 ----a-w C:\AUTOEXEC.BAT 2007-03-18 11:34:15 -------- d-----w C:\Program Files\Usługi online 2007-03-18 11:33:27 -------- d-----w C:\Program Files\Common Files\MSSoap 2007-03-18 11:32:42 21,856 ----a-w C:\WINDOWS\system32\emptyregdb.dat 2007-03-18 11:32:24 -------- d–h--w C:\Program Files\WindowsUpdate 2007-03-18 11:32:19 -------- d-----w C:\Program Files\Messenger 2007-03-18 11:32:15 -------- d-----w C:\Program Files\MSN Gaming Zone 2007-03-18 11:32:12 -------- d-----w C:\Program Files\Windows NT 2007-03-18 11:26:42 -------- d-----w C:\Program Files\Common Files\ODBC 2007-03-18 11:26:39 -------- d-----w C:\Program Files\Common Files\SpeechEngines 2007-03-12 11:51:08 972,336 ----a-w C:\WINDOWS\UNNeroMediaHome.exe 2007-02-28 18:53:50 972,336 ----a-w C:\WINDOWS\UNNeroVision.exe 2007-02-28 13:41:02 972,336 ----a-w C:\WINDOWS\UNNeroShowTime.exe 2007-02-21 20:00:28 10,752 ----a-w C:\WINDOWS\system32\ff_vfw.dll 2002-09-20 16:05:24 -------- --sh–r C:\WINDOWS\system32\svcchosst.exe (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2005-09-24 07:12] {22BF413B-C6D2-4d91-82A9-A0F997BA588C}=C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL [2007-01-29 16:34] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll [2006-12-15 04:23] {AA58ED58-01DD-4d91-8333-CF10577473F7}=c:\program files\google\googletoolbar2.dll [2007-01-20 00:55] {FE063DB1-4EC0-403e-8DD8-394C54984B2C}=C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL [2007-03-26 10:07] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“C:\WINDOWS\System32\ctfmon.exe” [2002-09-20 18:05] “swg”=“C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe” [2007-03-18 15:35] “BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}”=“C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe” [2007-03-12 13:49] “µTorrent”=“D:\Program Files\uTorrent\utorrent.exe” [2006-07-02 18:29] “Komunikator”=“C:\Program Files\Tlen.pl\tlen.exe” [2007-02-12 12:01] “Odkurzacz-MCD”=“C:\Program Files\Odkurzacz\odk_mcd.exe” [2007-03-02 22:38] “Gadu-Gadu”=“C:\Program Files\Gadu-Gadu\gg.exe” [2007-05-10 16:36] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^HP Digital Imaging Monitor.lnk] path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\HP Digital Imaging Monitor.lnk backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033] “C:\Program Files\D-Tools\daemon.exe” -lang 1033 [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] D:\Program Files\HP\HP Software Update\HPWuSchd2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] “C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WatchDog] d:\Program Files\mobile PhoneTools\WatchDog.exe *Newly Created Service* -PROCEXP90 ~ ~ ~ ~ ~ ~ ~ ~ Hijackthis Backups ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ backup-20070524-113119-532 O23 - Service: FireDaemon Service: Secure (Secure) - Unknown owner - c:\Windows\system32\Dap\mssvchost.exe (file missing) backup-20070524-113119-836 O23 - Service: FireDaemon Service: smss (smss) - Unknown owner - c:\Windows\system32\Dap\mssvchost.exe (file missing) backup-20070524-113018-788 O23 - Service: FireDaemon Service: wkcnfmon (wkcnfmon) - Unknown owner - C:\WINDOWS\system32\drivers\tkr\FireDaemon.EXE (file missing) backup-20070524-113018-635 O23 - Service: servicesnt Service: spoolnt (spoolnt) - Unknown owner - C:\WINDOWS\system32\drivers\etc\system\servicesnt.EXE (file missing) backup-20070524-113018-436 O23 - Service: FireDaemon Service: smss (smss) - Unknown owner - c:\Windows\system32\Dap\mssvchost.exe (file missing) backup-20070524-113018-312 O23 - Service: FireDaemon Service: wkconipe (wkconipe) - Unknown owner - C:\WINDOWS\system32\drivers\tkr\FireDaemon.EXE (file missing) backup-20070524-113018-303 O23 - Service: servicesnt Service: svchostnt (svchostnt) - Unknown owner - C:\WINDOWS\system32\drivers\etc\system\servicesnt.EXE (file missing) backup-20070524-113018-297 O23 - Service: FireDaemon Service: WindowsUpdate (WindowsUpdate) - Unknown owner - c:\Windows\system32\Dap\mssvchost.exe (file missing) backup-20070524-113018-106 O23 - Service: FireDaemon Service: Secure (Secure) - Unknown owner - c:\Windows\system32\Dap\mssvchost.exe (file missing) backup-20070524-112731-695 O23 - Service: servicesnt Service: svchostnt (svchostnt) - Unknown owner - C:\WINDOWS\system32\drivers\etc\system\servicesnt.EXE (file missing) backup-20070524-112731-509 O23 - Service: FireDaemon Service: WindowsUpdate (WindowsUpdate) - Unknown owner - c:\Windows\system32\Dap\mssvchost.exe (file missing) backup-20070524-112731-458 O23 - Service: FireDaemon Service: smss (smss) - Unknown owner - c:\Windows\system32\Dap\mssvchost.exe (file missing) backup-20070524-112731-300 O23 - Service: servicesnt Service: spoolnt (spoolnt) - Unknown owner - C:\WINDOWS\system32\drivers\etc\system\servicesnt.EXE (file missing) backup-20070524-112731-416 O23 - Service: FireDaemon Service: Secure (Secure) - Unknown owner - c:\Windows\system32\Dap\mssvchost.exe (file missing) backup-20070524-111557-544 O23 - Service: servicesnt Service: svchostnt (svchostnt) - Unknown owner - C:\WINDOWS\system32\drivers\etc\system\servicesnt.EXE (file missing) backup-20070524-111557-517 O23 - Service: FireDaemon Service: smss (smss) - Unknown owner - c:\Windows\system32\Dap\mssvchost.exe (file missing) backup-20070524-111557-277 O23 - Service: servicesnt Service: spoolnt (spoolnt) - Unknown owner - C:\WINDOWS\system32\drivers\etc\system\servicesnt.EXE (file missing) backup-20070524-111557-702 O23 - Service: JavaLOG - Unknown owner - C:\WINDOWS\java\Java.LOG\services.exe (file missing) backup-20070524-111247-474 O4 - HKLM…\RunServices: [Pag Windows Monitor] pag.exe backup-20070524-111247-254 O4 - HKCU…\Run: [Pag Windows Monitor] pag.exe backup-20070524-111247-744 O4 - HKLM…\Run: [Pag Windows Monitor] pag.exe backup-20070523-230517-342 O4 - HKLM…\RunServices: [msvccc66] svcchosst.exe backup-20070523-225750-375 O23 - Service: servicesnt Service: spoolnt (spoolnt) - Unknown owner - C:\WINDOWS\system32\drivers\etc\system\servicesnt.EXE (file missing) backup-20070523-225750-533 O4 - HKLM…\Run: [Pag Windows Monitor] pag.exe backup-20070523-152233-880 O23 - Service: servicesnt Service: spoolnt (spoolnt) - Unknown owner - C:\WINDOWS\system32\drivers\etc\system\servicesnt.EXE (file missing) backup-20070523-152233-763 O23 - Service: FireDaemon Service: wkcnfmon (wkcnfmon) - Unknown owner - C:\WINDOWS\system32\drivers\tkr\FireDaemon.EXE (file missing) backup-20070523-152233-500 O23 - Service: FireDaemon Service: wkconipe (wkconipe) - Unknown owner - C:\WINDOWS\system32\drivers\tkr\FireDaemon.EXE (file missing) backup-20070523-152233-248 O23 - Service: FireDaemon Service: smss (smss) - Unknown owner - c:\Windows\system32\Dap\mssvchost.exe (file missing) backup-20070523-152233-346 O23 - Service: FireDaemon Service: WindowsUpdate (WindowsUpdate) - Unknown owner - c:\Windows\system32\Dap\mssvchost.exe (file missing) backup-20070523-152233-147 O23 - Service: servicesnt Service: svchostnt (svchostnt) - Unknown owner - C:\WINDOWS\system32\drivers\etc\system\servicesnt.EXE (file missing) backup-20070523-152233-433 O23 - Service: FireDaemon Service: Secure (Secure) - Unknown owner - c:\Windows\system32\Dap\mssvchost.exe (file missing) backup-20070523-152149-710 O4 - HKLM…\RunServices: [FrameWork 2.5] FrameWork.exe backup-20070523-152149-930 O4 - HKLM…\Run: [FrameWork 2.5] FrameWork.exe backup-20070523-152017-407 O23 - Service: FireDaemon Service: WindowsUpdate (WindowsUpdate) - Unknown owner - c:\Windows\system32\Dap\mssvchost.exe (file missing) backup-20070523-152017-873 O23 - Service: FireDaemon Service: wkconipe (wkconipe) - Unknown owner - C:\WINDOWS\system32\drivers\tkr\FireDaemon.EXE (file missing) backup-20070523-152017-585 O23 - Service: servicesnt Service: svchostnt (svchostnt) - Unknown owner - C:\WINDOWS\system32\drivers\etc\system\servicesnt.EXE (file missing) backup-20070523-152017-674 O23 - Service: FireDaemon Service: wkcnfmon (wkcnfmon) - Unknown owner - C:\WINDOWS\system32\drivers\tkr\FireDaemon.EXE (file missing) backup-20070523-152017-832 O23 - Service: servicesnt Service: spoolnt (spoolnt) - Unknown owner - C:\WINDOWS\system32\drivers\etc\system\servicesnt.EXE (file missing) backup-20070523-152017-749 O23 - Service: FireDaemon Service: smss (smss) - Unknown owner - c:\Windows\system32\Dap\mssvchost.exe (file missing) backup-20070523-152017-969 O23 - Service: FireDaemon Service: Secure (Secure) - Unknown owner - c:\Windows\system32\Dap\mssvchost.exe (file missing) backup-20070523-114658-399 O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL (file missing) backup-20070522-210835-287 R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL (file missing) backup-20070522-204824-190 R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL backup-20070522-180121-708 R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL backup-20070518-190348-136 O23 - Service: FireDaemon Service: WindowsUpdate (WindowsUpdate) - Unknown owner - c:\Windows\system32\Dap\mssvchost.exe (file missing) backup-20070518-190348-226 O23 - Service: FireDaemon Service: wkconipe (wkconipe) - Unknown owner - C:\WINDOWS\system32\drivers\tkr\FireDaemon.EXE (file missing) backup-20070518-190348-458 O23 - Service: servicesnt Service: spoolnt (spoolnt) - Unknown owner - C:\WINDOWS\system32\drivers\etc\system\servicesnt.EXE (file missing) backup-20070518-190348-322 O23 - Service: servicesnt Service: svchostnt (svchostnt) - Unknown owner - C:\WINDOWS\system32\drivers\etc\system\servicesnt.EXE (file missing) backup-20070518-190348-959 O23 - Service: FireDaemon Service: wkcnfmon (wkcnfmon) - Unknown owner - C:\WINDOWS\system32\drivers\tkr\FireDaemon.EXE (file missing) backup-20070518-190348-678 O23 - Service: FireDaemon Service: smss (smss) - Unknown owner - c:\Windows\system32\Dap\mssvchost.exe (file missing) backup-20070518-190348-823 O23 - Service: FireDaemon Service: Secure (Secure) - Unknown owner - c:\Windows\system32\Dap\mssvchost.exe (file missing) backup-20070518-185931-832 O23 - Service: servicesnt Service: svchostnt (svchostnt) - Unknown owner - C:\WINDOWS\system32\drivers\etc\system\servicesnt.EXE (file missing) backup-20070518-185931-736 O23 - Service: FireDaemon Service: wkconipe (wkconipe) - Unknown owner - C:\WINDOWS\system32\drivers\tkr\FireDaemon.EXE (file missing) backup-20070518-185931-647 O23 - Service: FireDaemon Service: WindowsUpdate (WindowsUpdate) - Unknown owner - c:\Windows\system32\Dap\mssvchost.exe backup-20070518-185931-469 O23 - Service: FireDaemon Service: wkcnfmon (wkcnfmon) - Unknown owner - C:\WINDOWS\system32\drivers\tkr\FireDaemon.EXE (file missing) backup-20070518-185931-437 O23 - Service: servicesnt Service: spoolnt (spoolnt) - Unknown owner - C:\WINDOWS\system32\drivers\etc\system\servicesnt.EXE (file missing) backup-20070518-185931-251 O23 - Service: FireDaemon Service: smss (smss) - Unknown owner - c:\Windows\system32\Dap\mssvchost.exe backup-20070518-185931-334 O23 - Service: FireDaemon Service: Secure (Secure) - Unknown owner - c:\Windows\system32\Dap\mssvchost.exe backup-20070518-185051-217 O23 - Service: FireDaemon Service: wkcnfmon (wkcnfmon) - Unknown owner - C:\WINDOWS\system32\drivers\tkr\FireDaemon.EXE (file missing) backup-20070518-185051-612 O23 - Service: FireDaemon Service: wkconipe (wkconipe) - Unknown owner - C:\WINDOWS\system32\drivers\tkr\FireDaemon.EXE (file missing) backup-20070518-185031-696 O23 - Service: FireDaemon Service: wkconipe (wkconipe) - Unknown owner - C:\WINDOWS\system32\drivers\tkr\FireDaemon.EXE (file missing) backup-20070518-185031-592 O23 - Service: FireDaemon Service: wkcnfmon (wkcnfmon) - Unknown owner - C:\WINDOWS\system32\drivers\tkr\FireDaemon.EXE (file missing) backup-20070518-184706-811 R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL backup-20070516-011114-899 O23 - Service: svchostIO - Unknown owner - C:\WINDOWS\system32\drivers\upload\ComServ.exe backup-20070516-011114-166 O23 - Service: servicesnt Service: svchostnt (svchostnt) - Unknown owner - C:\WINDOWS\system32\drivers\etc\system\servicesnt.EXE backup-20070516-011114-782 O23 - Service: FireDaemon Service: wkcnfmon (wkcnfmon) - Unknown owner - C:\WINDOWS\system32\drivers\tkr\FireDaemon.EXE backup-20070516-011114-634 O23 - Service: FireDaemon Service: smss (smss) - Unknown owner - c:\Windows\system32\Dap\mssvchost.exe backup-20070516-011114-519 O23 - Service: FireDaemon Service: wkconipe (wkconipe) - Unknown owner - C:\WINDOWS\system32\drivers\tkr\FireDaemon.EXE backup-20070516-011114-365 O23 - Service: FireDaemon Service: WindowsUpdate (WindowsUpdate) - Unknown owner - c:\Windows\system32\Dap\mssvchost.exe backup-20070516-011114-262 O23 - Service: servicesnt Service: spoolnt (spoolnt) - Unknown owner - C:\WINDOWS\system32\drivers\etc\system\servicesnt.EXE backup-20070516-011114-854 O23 - Service: FireDaemon Service: Secure (Secure) - Unknown owner - c:\Windows\system32\Dap\mssvchost.exe backup-20070516-010855-998 O23 - Service: FireDaemon Service: wkcnfmon (wkcnfmon) - Unknown owner - C:\WINDOWS\system32\drivers\tkr\FireDaemon.EXE backup-20070516-010855-895 O23 - Service: CA Personal Firewall ASEM - Unknown owner - C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe (file missing) backup-20070516-010855-799 O23 - Service: FireDaemon Service: WindowsUpdate (WindowsUpdate) - Unknown owner - c:\Windows\system32\Dap\mssvchost.exe backup-20070516-010855-710 O23 - Service: servicesnt Service: spoolnt (spoolnt) - Unknown owner - C:\WINDOWS\system32\drivers\etc\system\servicesnt.EXE backup-20070516-010855-667 O23 - Service: FireDaemon Service: wkconipe (wkconipe) - Unknown owner - C:\WINDOWS\system32\drivers\tkr\FireDaemon.EXE backup-20070516-010855-487 O4 - HKLM…\Run: [Windows Driver] %SYSTEMROOT%\system32\drivers\etc\system\spool.exe %SYSTEMROOT%\system32\drivers\etc\system\ServUDaemon.ini backup-20070516-010855-532 O23 - Service: servicesnt Service: svchostnt (svchostnt) - Unknown owner - C:\WINDOWS\system32\drivers\etc\system\servicesnt.EXE backup-20070516-010855-500 O4 - HKLM…\Run: [system Driver] %SYSTEMROOT%\system32\drivers\etc\system\svchost.exe %SYSTEMROOT%\system32\drivers\etc\system\1.dll backup-20070516-010855-570 R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL backup-20070331-092243-202 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll ???4??? ??? ??? backup-20070331-092243-423 R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL backup-20070331-092243-443 R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file) backup-20070318-153249-591 O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm ???4??? ???† ???† ???:?? backup-20070318-132509-860 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.adobe.com/pub/shockwa … wflash.cab ??? ??? ??? ??? ??? ??6??? ??? ??? ??? ??? ??? ??? ??? ??? ??? ??? ??? ******************************************************************** catchme 0.3.681 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-05-24 11:35:48 Windows 5.1.2600 Dodatek Service Pack. 1 NTFS scanning hidden processes … scanning hidden autostart entries … scanning hidden files … ******************************************************************** Completion time: 2007-05-24 11:36:02 — E O F —

Gutek · 24 Maj 2007 15:01

Pobierz The Avenger. Wypakuj => uruchom => zaznacz opcję Input script manually => kliknij w taką lupkę => w okienku, które się otworzy wklej:

kliknij klawisz Done => teraz kliknij na zielone światełko => powinna pojawić się pewna informacja i kliknij OK (teraz restart).

razer · 24 Maj 2007 17:03

Zrobione. “Deleted successfuly”… a co to były w ogóle za pliki/folder?? :mrgreen:

pzdr

Gutek · 24 Maj 2007 17:28

Jak myślisz? Pewnie, że od syfu