Net muli + komunikat "Nie można wyświetlić strony"

El_Mariachi · 18 Listopad 2007 11:50

Od jakiegoś czasu mam problem, bo na wielu stronkach wyświetla mi się komunikat “nie można wyświetlić strony”. Miałem tak np na: YouTube. A wcześniej wszystko działało bez zarzutu. Poza tym net mi muli, zwłaszcza gdy otwieram jakaś stronkę w drugim oknie lub drugiej karcie (klikam na jakąś kartę i muszę czekać kilka sekund na reakcję). Korzystam z Mozilli Firefox, ale z tego co zauważyłem podobne problemy występują też w Internet Explorer. Wrzucam logi do sprawdzenia.

Logfile of HijackThis v1.99.1 Scan saved at 12:50:00, on 2007-11-18 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Free Download Manager\FUM\fumoei.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Executive Software\DiskeeperLite\DKService.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\Program Files\Spyware Doctor\sdhelp.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wdfmgr.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\System32\alg.exe C:\Program Files\Gadu-Gadu\gg.exe C:\WINDOWS\system32\ntvdm.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Admin\Moje dokumenty\Porządki\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wp.pl/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM…\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM…\Run: [HP Component Manager] “C:\Program Files\HP\hpcoretech\hpcmpmgr.exe” O4 - HKLM…\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM…\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup O4 - HKLM…\Run: [iSUSScheduler] “C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe” -start O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM…\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM…\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKCU…\Run: [Dzieńdobry!] C:\Program Files\VSD Software\Dzieńdobry!\dziendobry.exe /auto O4 - HKCU…\Run: [Free Uploader Oe Integration] C:\Program Files\Free Download Manager\FUM\fumoei.exe O4 - Global Startup: Logitech SetPoint.lnk = ? O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm O8 - Extra context menu item: Pobierz w Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm O8 - Extra context menu item: Pobierz wszystkie pliki w Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm O8 - Extra context menu item: Pobierz zaznaczone w Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe O9 - Extra ‘Tools’ menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: Upload - {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - C:\Program Files\Free Download Manager\FUM\fumiebtn.dll O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/sho … wflash.cab O20 - AppInit_DLLs: O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperLite\DKService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe

“Silent Runners.vbs”, revision R50, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by “{++}” Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “Dzieńdobry!” = “C:\Program Files\VSD Software\Dzieńdobry!\dziendobry.exe /auto” [“VSD Software”] “Free Uploader Oe Integration” = “C:\Program Files\Free Download Manager\FUM\fumoei.exe” [null data] HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “avast!” = “C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [“ALWIL Software”] “HP Component Manager” = ““C:\Program Files\HP\hpcoretech\hpcmpmgr.exe”” [“Hewlett-Packard Company”] “Logitech Hardware Abstraction Layer” = “KHALMNPR.EXE” [“Logitech Inc.”] “ISUSPM Startup” = “C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup” [“InstallShield Software Corporation”] “ISUSScheduler” = ““C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe” -start” [“InstallShield Software Corporation”] “NvCplDaemon” = “RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup” [MS] “KernelFaultCheck” = “C:\WINDOWS\system32\dumprep 0 -k” “Kernel and Hardware Abstraction Layer” = “KHALMNPR.EXE” [“Logitech Inc.”] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided) -> {HKLM…CLSID} = “AcroIEHlprObj Class” \InProcServer32(Default) = “C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll” [“Adobe Systems Incorporated”] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}(Default) = (no title provided) -> {HKLM…CLSID} = “SSVHelper Class” \InProcServer32(Default) = “C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll” [“Sun Microsystems, Inc.”] {AA58ED58-01DD-4d91-8333-CF10577473F7}(Default) = (no title provided) -> {HKLM…CLSID} = “Google Toolbar Helper” \InProcServer32(Default) = “c:\program files\google\googletoolbar2.dll” [“Google Inc.”] {CC59E0F9-7E43-44FA-9FAA-8377850BF205}(Default) = (no title provided) -> {HKLM…CLSID} = “FDMIECookiesBHO Class” \InProcServer32(Default) = “C:\Program Files\Free Download Manager\iefdm2.dll” [null data] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ “{42071714-76d4-11d1-8b24-00a0c9068ff3}” = “Rozszerzenie CPL kadrowania wyświetlania” -> {HKLM…CLSID} = “Rozszerzenie CPL kadrowania wyświetlania” \InProcServer32(Default) = “deskpan.dll” [file not found] “{88895560-9AA2-1069-930E-00AA0030EBC8}” = “Rozszerzenie ikony HyperTerminalu” -> {HKLM…CLSID} = “HyperTerminal Icon Ext” \InProcServer32(Default) = “C:\WINDOWS\system32\hticons.dll” [“Hilgraeve, Inc.”] “{472083B0-C522-11CF-8763-00608CC02F24}” = “avast” -> {HKLM…CLSID} = “avast” \InProcServer32(Default) = “C:\Program Files\Alwil Software\Avast4\ashShell.dll” [“ALWIL Software”] “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” = “WinRAR shell extension” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] “{cc86590a-b60a-48e6-996b-41d25ed39a1e}” = “Portable Media Devices Menu” -> {HKLM…CLSID} = “Portable Media Devices Menu” \InProcServer32(Default) = “C:\WINDOWS\system32\Audiodev.dll” [MS] “{73B24247-042E-4EF5-ADC2-42F62E6FD654}” = “ICQ Lite Shell Extension” -> {HKLM…CLSID} = “MCLiteShellExt Class” \InProcServer32(Default) = “C:\Program Files\ICQLite\ICQLiteShell.dll” [empty string] “{A70C977A-BF00-412C-90B7-034C51DA2439}” = “NvCpl DesktopContext Class” -> {HKLM…CLSID} = “DesktopContext Class” \InProcServer32(Default) = “C:\WINDOWS\system32\nvcpl.dll” [“NVIDIA Corporation”] “{FFB699E0-306A-11d3-8BD1-00104B6F7516}” = “Play on my TV helper” -> {HKLM…CLSID} = “NVIDIA CPL Extension” \InProcServer32(Default) = “C:\WINDOWS\system32\nvcpl.dll” [“NVIDIA Corporation”] “{1CDB2949-8F65-4355-8456-263E7C208A5D}” = “Desktop Explorer” -> {HKLM…CLSID} = “Desktop Explorer” \InProcServer32(Default) = “C:\WINDOWS\system32\nvshell.dll” [“NVIDIA Corporation”] “{1E9B04FB-F9E5-4718-997B-B8DA88302A47}” = “Desktop Explorer Menu” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\WINDOWS\system32\nvshell.dll” [“NVIDIA Corporation”] “{1E9B04FB-F9E5-4718-997B-B8DA88302A48}” = “nView Desktop Context Menu” -> {HKLM…CLSID} = “nView Desktop Context Menu” \InProcServer32(Default) = “C:\WINDOWS\system32\nvshell.dll” [“NVIDIA Corporation”] “{F49C55B9-D417-45A1-A6E7-D6E057946280}” = “FdmUplShlExt” -> {HKLM…CLSID} = “FdmUplShlExt Class” \InProcServer32(Default) = “C:\Program Files\Free Download Manager\FUM\fumshext.dll” [null data] “{B9B9F083-2B04-452A-8691-83694AC1037B}” = “Logitech Setpoint Extension” -> {HKLM…CLSID} = “LogiExt Class” \InProcServer32(Default) = “C:\Program Files\Logitech\SetPoint\mcplext.dll” [“Logitech Inc.”] “{DC70C4A5-2044-4c59-B806-DEFB9AE0DF7C}” = “Logitech Setpoint Extension” -> {HKLM…CLSID} = “KbLogiExt Class” \InProcServer32(Default) = “C:\Program Files\Logitech\SetPoint\kbcplext.dll” [“Logitech Inc.”] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\ <> “{57B86673-276A-48B2-BAE7-C6DBB3020EB8}” = “AVG Anti-Spyware 7.5” -> {HKLM…CLSID} = “CShellExecuteHookImpl Object” \InProcServer32(Default) = “C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll” [“Anti-Malware Development a.s.”] HKLM\Software\Classes\Folder\shellex\ColumnHandlers\ {F9DB5320-233E-11D1-9F84-707F02C10627}(Default) = “PDF Column Info” -> {HKLM…CLSID} = “PDF Shell Extension” \InProcServer32(Default) = “C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll” [“Adobe Systems, Inc.”] HKLM\Software\Classes*\shellex\ContextMenuHandlers\ avast(Default) = “{472083B0-C522-11CF-8763-00608CC02F24}” -> {HKLM…CLSID} = “avast” \InProcServer32(Default) = “C:\Program Files\Alwil Software\Avast4\ashShell.dll” [“ALWIL Software”] AVG Anti-Spyware(Default) = “{8934FCEF-F5B8-468f-951F-78A921CD3920}” -> {HKLM…CLSID} = “CContextScan Object” \InProcServer32(Default) = “C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll” [“Anti-Malware Development a.s.”] ICQLiteMenu(Default) = “{73B24247-042E-4EF5-ADC2-42F62E6FD654}” -> {HKLM…CLSID} = “MCLiteShellExt Class” \InProcServer32(Default) = “C:\Program Files\ICQLite\ICQLiteShell.dll” [empty string] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ AVG Anti-Spyware(Default) = “{8934FCEF-F5B8-468f-951F-78A921CD3920}” -> {HKLM…CLSID} = “CContextScan Object” \InProcServer32(Default) = “C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll” [“Anti-Malware Development a.s.”] ICQLiteMenu(Default) = “{73B24247-042E-4EF5-ADC2-42F62E6FD654}” -> {HKLM…CLSID} = “MCLiteShellExt Class” \InProcServer32(Default) = “C:\Program Files\ICQLite\ICQLiteShell.dll” [empty string] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ avast(Default) = “{472083B0-C522-11CF-8763-00608CC02F24}” -> {HKLM…CLSID} = “avast” \InProcServer32(Default) = “C:\Program Files\Alwil Software\Avast4\ashShell.dll” [“ALWIL Software”] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] HKLM\Software\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\ FdmUplShlExt(Default) = “{F49C55B9-D417-45A1-A6E7-D6E057946280}” -> {HKLM…CLSID} = “FdmUplShlExt Class” \InProcServer32(Default) = “C:\Program Files\Free Download Manager\FUM\fumshext.dll” [null data] Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\ “shutdownwithoutlogon” = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Shutdown: Allow system to be shut down without having to log on} “undockwithoutlogon” = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Devices: Allow undock without having to log on} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ “Wallpaper” = “C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp” Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ “Wallpaper” = “C:\Documents and Settings\Admin\Dane aplikacji\IrfanView\IrfanView_Wallpaper.bmp” Startup items in “Admin” & “All Users” startup folders: ------------------------------------------------------- C:\Documents and Settings\All Users\Menu Start\Programy\Autostart “Logitech SetPoint” -> shortcut to: “C:\Program Files\Logitech\SetPoint\SetPoint.exe” [“Logitech Inc.”] Enabled Scheduled Tasks: ------------------------ “AppleSoftwareUpdate” -> launches: “C:\Program Files\Apple Software Update\SoftwareUpdate.exe -Task” [“Apple Computer, Inc.”] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] 000000000002\LibraryPath = “%SystemRoot%\System32\winrnr.dll” [MS] 000000000003\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 11 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ “{2318C2B1-4965-11D4-9B18-009027A5CD4F}” -> {HKLM…CLSID} = “&Google” \InProcServer32(Default) = “c:\program files\google\googletoolbar2.dll” [“Google Inc.”] HKLM\Software\Microsoft\Internet Explorer\Toolbar\ “{2318C2B1-4965-11D4-9B18-009027A5CD4F}” = (no title provided) -> {HKLM…CLSID} = “&Google” \InProcServer32(Default) = “c:\program files\google\googletoolbar2.dll” [“Google Inc.”] Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ “MenuText” = “Sun Java Console” “CLSIDExtension” = “{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC}” -> {HKCU…CLSID} = “Java Plug-in 1.6.0_01” \InProcServer32(Default) = “C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll” [“Sun Microsystems, Inc.”] -> {HKLM…CLSID} = “Java Plug-in 1.6.0_01” \InProcServer32(Default) = “C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll” [“Sun Microsystems, Inc.”] {B863453A-26C3-4E1F-A54D-A2CD196348E9}\ “ButtonText” = “ICQ Lite” “MenuText” = “ICQ Lite” “Exec” = “C:\Program Files\ICQLite\ICQLite.exe” [“ICQ Ltd.”] {FB5F1910-F110-11D2-BB9E-00C04F795683}\ “ButtonText” = “Messenger” “MenuText” = “Windows Messenger” “Exec” = “C:\Program Files\Messenger\msmsgs.exe” [MS] {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1}\ “ButtonText” = “Upload” “CLSIDExtension” = “{FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1}” -> {HKLM…CLSID} = “FDMUploadBtnForIe Class” \InProcServer32(Default) = “C:\Program Files\Free Download Manager\FUM\fumiebtn.dll” [null data] Miscellaneous IE Hijack Points ------------------------------ HKLM\Software\Microsoft\Internet Explorer\AboutURLs\ <> “Tabs” = “res://ieframe.dll/tabswelcome.htm” [file not found] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ avast! Antivirus, avast! Antivirus, ““C:\Program Files\Alwil Software\Avast4\ashServ.exe”” [“ALWIL Software”] avast! iAVS4 Control Service, aswUpdSv, ““C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe”” [“ALWIL Software”] avast! Mail Scanner, avast! Mail Scanner, ““C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe” /service” [“ALWIL Software”] avast! Web Scanner, avast! Web Scanner, ““C:\Program Files\Alwil Software\Avast4\ashWebSv.exe” /service” [“ALWIL Software”] AVG Anti-Spyware Guard, AVG Anti-Spyware Guard, “C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe” [“Anti-Malware Development a.s.”] Diskeeper, Diskeeper, ““C:\Program Files\Executive Software\DiskeeperLite\DKService.exe”” [“Executive Software International, Inc.”] NVIDIA Display Driver Service, NVSvc, “C:\WINDOWS\system32\nvsvc32.exe” [“NVIDIA Corporation”] PC Tools Spyware Doctor, SDhelper, “C:\Program Files\Spyware Doctor\sdhelp.exe” [“PC Tools Research Pty Ltd”] PnkBstrA, PnkBstrA, “C:\WINDOWS\system32\PnkBstrA.exe” [null data] Windows User Mode Driver Framework, UMWdf, “C:\WINDOWS\system32\wdfmgr.exe” [MS] Print Monitors: --------------- HKLM\System\CurrentControlSet\Control\Print\Monitors\ hpzsnt10\Driver = “hpzsnt10.dll” [“HP”] ---------- <>: Suspicious data at a malware launch point. <>: Suspicious data at a browser hijack point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + To search all directories of local fixed drives for DESKTOP.INI DLL launch points, use the -supp parameter or answer “No” at the first message box and “Yes” at the second message box. ---------- (total run time: 49 seconds, including 18 seconds for message boxes)

Gutek · 18 Listopad 2007 20:43

Daj log z ComboFix

El_Mariachi · 20 Listopad 2007 22:10

“Admin” - 2007-11-20 23:09:06 Dodatek Service Pack 2 ComboFix 07-05.27.BV - Running from: “C:\Documents and Settings\Admin\Moje dokumenty\PorzĄdki” ((((((((((((((((((((((((((((((( Files Created from 2007-10-20 to 2007-11-20 )))))))))))))))))))))))))))))))))) 2007-11-18 17:13 356,352 --a------ C:\WINDOWS\system32\nvudisp.exe 2007-11-18 17:13 2007-11-18 17:12 2007-11-18 17:11 356,352 --a------ C:\WINDOWS\system32\NVUNINST.EXE 2007-11-18 13:11 32 --a------ C:\DOCUME~1\ALLUSE~1\DANEAP~1\ezsid.dat 2007-11-18 13:11 2007-11-18 13:07 2007-11-18 13:04 2007-11-18 13:04 2007-11-18 13:04 2007-11-17 21:38 669,184 --a------ C:\WINDOWS\system32\pbsvc.exe 2007-11-17 21:38 22,328 --a------ C:\DOCUME~1\Admin\DANEAP~1\PnkBstrK.sys 2007-11-16 13:25 34,576 --a------ C:\WINDOWS\system32\drivers\LHidFilt.Sys 2007-11-16 13:25 33,296 --a------ C:\WINDOWS\system32\drivers\LMouFilt.Sys 2007-11-16 13:25 28,176 --a------ C:\WINDOWS\system32\drivers\LUsbFilt.sys 2007-11-16 13:25 1,419,024 --a------ C:\WINDOWS\system32\WdfCoInstaller01005.dll 2007-11-16 13:25 2007-11-07 22:16 2007-11-07 22:15 2007-11-07 22:15 2007-10-30 18:31 2007-10-28 11:23 444,776 --a------ C:\WINDOWS\system32\d3dx10_35.dll 2007-10-28 11:23 3,727,720 --a------ C:\WINDOWS\system32\d3dx9_35.dll 2007-10-28 11:23 1,358,192 --a------ C:\WINDOWS\system32\D3DCompiler_35.dll 2007-10-27 13:05 2007-10-27 13:05 2007-10-26 11:05 443,752 --a------ C:\WINDOWS\system32\d3dx10_34.dll 2007-10-26 11:05 443,752 --a------ C:\WINDOWS\system32\d3dx10_33.dll 2007-10-26 11:05 3,497,832 --a------ C:\WINDOWS\system32\d3dx9_34.dll 2007-10-26 11:05 3,495,784 --a------ C:\WINDOWS\system32\d3dx9_33.dll 2007-10-26 11:05 266,088 --a------ C:\WINDOWS\system32\xactengine2_8.dll 2007-10-26 11:05 261,480 --a------ C:\WINDOWS\system32\xactengine2_7.dll 2007-10-26 11:05 255,848 --a------ C:\WINDOWS\system32\xactengine2_6.dll 2007-10-26 11:05 251,672 --a------ C:\WINDOWS\system32\xactengine2_5.dll 2007-10-26 11:05 237,848 --a------ C:\WINDOWS\system32\xactengine2_4.dll 2007-10-26 11:05 18,280 --a------ C:\WINDOWS\system32\x3daudio1_2.dll 2007-10-26 11:05 15,128 --a------ C:\WINDOWS\system32\x3daudio1_1.dll 2007-10-26 11:05 1,124,720 --a------ C:\WINDOWS\system32\D3DCompiler_34.dll 2007-10-26 11:05 1,123,696 --a------ C:\WINDOWS\system32\D3DCompiler_33.dll (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-11-19 21:59:54 -------- d-----w C:\DOCUME~1\Admin\DANEAP~1\Free Download Manager 2007-11-17 20:38:31 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys 2007-11-17 20:38:21 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe 2007-11-16 22:28:57 -------- d-----w C:\Program Files\e-Kiosk Reader 2007-11-16 22:28:17 -------- d-----w C:\Program Files\ASUS 2007-11-16 12:25:45 -------- d-----w C:\Program Files\Common Files\Logitech 2007-11-07 21:21:57 -------- d-----w C:\DOCUME~1\Admin\DANEAP~1\Sports Interactive 2007-11-07 19:15:35 -------- d-----w C:\Program Files\Gadu-Gadu 2007-11-01 11:26:42 -------- d–h--w C:\Program Files\InstallShield Installation Information 2007-10-28 08:16:58 74,786 ----a-w C:\WINDOWS\system32\perfc015.dat 2007-10-28 08:16:58 449,026 ----a-w C:\WINDOWS\system32\perfh015.dat 2007-10-17 20:15:36 -------- d-----w C:\DOCUME~1\Admin\DANEAP~1\InstallShield 2007-10-17 20:10:35 -------- d-----w C:\Program Files\jv16 PowerTools 2007-10-04 20:18:13 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll 2007-10-04 16:14:00 81,920 ----a-w C:\WINDOWS\system32\nvwddi.dll 2007-10-04 16:14:00 81,920 ----a-w C:\WINDOWS\system32\nvmctray.dll 2007-10-04 16:14:00 8,491,008 ----a-w C:\WINDOWS\system32\nvcpl.dll 2007-10-04 16:14:00 753,664 ----a-w C:\WINDOWS\system32\nvcplui.exe 2007-10-04 16:14:00 6,854,464 ----a-w C:\WINDOWS\system32\drivers\nv4_mini.sys 2007-10-04 16:14:00 6,750,208 ----a-w C:\WINDOWS\system32\nvoglnt.dll 2007-10-04 16:14:00 6,344,704 ----a-w C:\WINDOWS\system32\nvdisps.dll 2007-10-04 16:14:00 5,783,424 ----a-w C:\WINDOWS\system32\nv4_disp.dll 2007-10-04 16:14:00 5,509,120 ----a-w C:\WINDOWS\system32\nvdispsr.dll 2007-10-04 16:14:00 466,944 ----a-w C:\WINDOWS\system32\nvshell.dll 2007-10-04 16:14:00 458,752 ----a-w C:\WINDOWS\system32\nvmccssr.dll 2007-10-04 16:14:00 45,056 ----a-w C:\WINDOWS\system32\nvmccsrs.dll 2007-10-04 16:14:00 442,368 ----a-w C:\WINDOWS\system32\nvappbar.exe 2007-10-04 16:14:00 425,984 ----a-w C:\WINDOWS\system32\keystone.exe 2007-10-04 16:14:00 364,544 ----a-w C:\WINDOWS\system32\nvapi.dll 2007-10-04 16:14:00 36,864 ----a-w C:\WINDOWS\system32\nvcodins.dll 2007-10-04 16:14:00 36,864 ----a-w C:\WINDOWS\system32\nvcod.dll 2007-10-04 16:14:00 335,872 ----a-w C:\WINDOWS\system32\nvwrses.dll 2007-10-04 16:14:00 335,872 ----a-w C:\WINDOWS\system32\nvwrsel.dll 2007-10-04 16:14:00 327,680 ----a-w C:\WINDOWS\system32\nvwrsfr.dll 2007-10-04 16:14:00 327,680 ----a-w C:\WINDOWS\system32\nvwrsesm.dll 2007-10-04 16:14:00 327,680 ----a-w C:\WINDOWS\system32\nvrshe.dll 2007-10-04 16:14:00 327,680 ----a-w C:\WINDOWS\system32\nvrsar.dll 2007-10-04 16:14:00 323,584 ----a-w C:\WINDOWS\system32\nvwrspt.dll 2007-10-04 16:14:00 323,584 ----a-w C:\WINDOWS\system32\nvwrsit.dll 2007-10-04 16:14:00 319,488 ----a-w C:\WINDOWS\system32\nvwrsptb.dll 2007-10-04 16:14:00 319,488 ----a-w C:\WINDOWS\system32\nvwrsnl.dll 2007-10-04 16:14:00 315,392 ----a-w C:\WINDOWS\system32\nvwrsru.dll 2007-10-04 16:14:00 315,392 ----a-w C:\WINDOWS\system32\nvwrshu.dll 2007-10-04 16:14:00 311,296 ----a-w C:\WINDOWS\system32\nvwrsde.dll 2007-10-04 16:14:00 307,200 ----a-w C:\WINDOWS\system32\nvexpbar.dll 2007-10-04 16:14:00 303,104 ----a-w C:\WINDOWS\system32\nvwrstr.dll 2007-10-04 16:14:00 303,104 ----a-w C:\WINDOWS\system32\nvwrssl.dll 2007-10-04 16:14:00 303,104 ----a-w C:\WINDOWS\system32\nvwrsfi.dll 2007-10-04 16:14:00 3,629,056 ----a-w C:\WINDOWS\system32\nvvitvsr.dll 2007-10-04 16:14:00 3,551,232 ----a-w C:\WINDOWS\system32\nvvitvs.dll 2007-10-04 16:14:00 3,334,144 ----a-w C:\WINDOWS\system32\nvgames.dll 2007-10-04 16:14:00 3,166,208 ----a-w C:\WINDOWS\system32\nvgamesr.dll 2007-10-04 16:14:00 299,008 ----a-w C:\WINDOWS\system32\nvwrssk.dll 2007-10-04 16:14:00 299,008 ----a-w C:\WINDOWS\system32\nvwrsno.dll 2007-10-04 16:14:00 294,912 ----a-w C:\WINDOWS\system32\nvwrssv.dll 2007-10-04 16:14:00 294,912 ----a-w C:\WINDOWS\system32\nvwrspl.dll 2007-10-04 16:14:00 294,912 ----a-w C:\WINDOWS\system32\nvwrsda.dll 2007-10-04 16:14:00 290,816 ----a-w C:\WINDOWS\system32\nvwrsth.dll 2007-10-04 16:14:00 286,720 ----a-w C:\WINDOWS\system32\nvwrseng.dll 2007-10-04 16:14:00 286,720 ----a-w C:\WINDOWS\system32\nvwrscs.dll 2007-10-04 16:14:00 286,720 ----a-w C:\WINDOWS\system32\nvnt4cpl.dll 2007-10-04 16:14:00 282,624 ----a-w C:\WINDOWS\system32\nvwrsar.dll 2007-10-04 16:14:00 282,624 ----a-w C:\WINDOWS\system32\nvrsfr.dll 2007-10-04 16:14:00 282,624 ----a-w C:\WINDOWS\system32\nvrses.dll 2007-10-04 16:14:00 282,624 ----a-w C:\WINDOWS\system32\nvrsel.dll 2007-10-04 16:14:00 278,528 ----a-w C:\WINDOWS\system32\nvwrshe.dll 2007-10-04 16:14:00 278,528 ----a-w C:\WINDOWS\system32\nvrsit.dll 2007-10-04 16:14:00 278,528 ----a-w C:\WINDOWS\system32\nvrsde.dll 2007-10-04 16:14:00 274,432 ----a-w C:\WINDOWS\system32\nvrspt.dll 2007-10-04 16:14:00 274,432 ----a-w C:\WINDOWS\system32\nvrsnl.dll 2007-10-04 16:14:00 274,432 ----a-w C:\WINDOWS\system32\nvrsesm.dll 2007-10-04 16:14:00 270,336 ----a-w C:\WINDOWS\system32\nvrsru.dll 2007-10-04 16:14:00 266,240 ----a-w C:\WINDOWS\system32\nvrsptb.dll 2007-10-04 16:14:00 266,240 ----a-w C:\WINDOWS\system32\nvrsja.dll 2007-10-04 16:14:00 258,048 ----a-w C:\WINDOWS\system32\nvrstr.dll 2007-10-04 16:14:00 258,048 ----a-w C:\WINDOWS\system32\nvrssl.dll 2007-10-04 16:14:00 258,048 ----a-w C:\WINDOWS\system32\nvrssk.dll 2007-10-04 16:14:00 258,048 ----a-w C:\WINDOWS\system32\nvrsko.dll 2007-10-04 16:14:00 258,048 ----a-w C:\WINDOWS\system32\nvrshu.dll 2007-10-04 16:14:00 253,952 ----a-w C:\WINDOWS\system32\nvrsth.dll 2007-10-04 16:14:00 253,952 ----a-w C:\WINDOWS\system32\nvrssv.dll 2007-10-04 16:14:00 253,952 ----a-w C:\WINDOWS\system32\nvrspl.dll 2007-10-04 16:14:00 253,952 ----a-w C:\WINDOWS\system32\nvrsno.dll 2007-10-04 16:14:00 253,952 ----a-w C:\WINDOWS\system32\nvrsda.dll 2007-10-04 16:14:00 249,856 ----a-w C:\WINDOWS\system32\nvrsfi.dll 2007-10-04 16:14:00 249,856 ----a-w C:\WINDOWS\system32\nvrscs.dll 2007-10-04 16:14:00 245,760 ----a-w C:\WINDOWS\system32\nvrseng.dll 2007-10-04 16:14:00 229,376 ----a-w C:\WINDOWS\system32\nvmccs.dll 2007-10-04 16:14:00 225,280 ----a-w C:\WINDOWS\system32\nvrszhc.dll 2007-10-04 16:14:00 212,992 ----a-w C:\WINDOWS\system32\nvwrsja.dll 2007-10-04 16:14:00 2,854,912 ----a-w C:\WINDOWS\system32\nvmoblsr.dll 2007-10-04 16:14:00 2,441,216 ----a-w C:\WINDOWS\system32\nvwssr.dll 2007-10-04 16:14:00 2,371,584 ----a-w C:\WINDOWS\system32\nvwss.dll 2007-10-04 16:14:00 196,608 ----a-w C:\WINDOWS\system32\nvwrsko.dll 2007-10-04 16:14:00 188,416 ----a-w C:\WINDOWS\system32\nvmccss.dll 2007-10-04 16:14:00 167,936 ----a-w C:\WINDOWS\system32\nvwrszht.dll 2007-10-04 16:14:00 163,840 ----a-w C:\WINDOWS\system32\nvwrszhc.dll 2007-10-04 16:14:00 155,716 ----a-w C:\WINDOWS\system32\nvsvc32.exe 2007-10-04 16:14:00 147,456 ----a-w C:\WINDOWS\system32\nvcolor.exe 2007-10-04 16:14:00 126,976 ----a-w C:\WINDOWS\system32\nvrszht.dll 2007-10-04 16:14:00 1,703,936 ----a-w C:\WINDOWS\system32\nvwdmcpl.dll 2007-10-04 16:14:00 1,626,112 ----a-w C:\WINDOWS\system32\nwiz.exe 2007-10-04 16:14:00 1,478,656 ----a-w C:\WINDOWS\system32\nview.dll 2007-10-04 16:14:00 1,339,392 ----a-w C:\WINDOWS\system32\nvdspsch.exe 2007-10-04 16:14:00 1,150,976 ----a-w C:\WINDOWS\system32\nvmobls.dll 2007-10-04 16:14:00 1,073,152 ----a-w C:\WINDOWS\system32\nvcpluir.dll 2007-10-04 16:14:00 1,019,904 ----a-w C:\WINDOWS\system32\nvwimg.dll 2007-10-03 15:38:00 -------- d-----w C:\Program Files\SopCast 2007-10-02 19:02:24 -------- d-----w C:\Program Files\TVUPlayer 2007-10-02 18:11:21 -------- d-----w C:\DOCUME~1\Admin\DANEAP~1\ppStream 2007-10-02 17:54:57 -------- d-----w C:\Program Files\Common Files\Real 2007-10-02 17:54:57 -------- d-----w C:\DOCUME~1\Admin\DANEAP~1\Real 2007-10-02 17:48:52 -------- d-----w C:\Program Files\Real 2007-10-02 17:18:03 -------- d-----w C:\Program Files\PPMate 2007-10-02 17:04:31 -------- d-----w C:\DOCUME~1\Admin\DANEAP~1\PPMate 2007-10-02 17:04:28 -------- d-----w C:\Program Files\Common Files\Synacast 2007-10-02 09:04:05 -------- d-----w C:\Program Files\AC3Filter 2007-09-22 19:09:45 -------- d-----w C:\Program Files\QuickTime 2007-09-22 14:19:14 -------- d-----w C:\DOCUME~1\Admin\DANEAP~1\Teleca 2007-09-22 14:16:20 -------- d-----w C:\DOCUME~1\Admin\DANEAP~1\Sony Ericsson 2007-09-15 17:14:49 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe 2007-09-06 10:09:49 801,144 ----a-w C:\WINDOWS\system32\aswBoot.exe 2007-09-06 10:00:07 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr 2007-09-02 12:52:45 1,876 -c–a-w C:\WINDOWS\mozver.dat 2007-08-26 11:30:10 23 --sha-w C:\WINDOWS\system32\cedcdcb5_r.dll (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 00:56] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 02:43] {AA58ED58-01DD-4d91-8333-CF10577473F7}=c:\program files\google\googletoolbar2.dll [2006-10-17 15:04] {CC59E0F9-7E43-44FA-9FAA-8377850BF205}=C:\Program Files\Free Download Manager\iefdm2.dll [2007-08-21 22:44] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “avast!”=“C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [2007-09-06 11:06] “HP Component Manager”=“C:\Program Files\HP\hpcoretech\hpcmpmgr.exe” [2003-12-22 07:38] “Logitech Hardware Abstraction Layer”=“KHALMNPR.EXE” [] “ISUSPM Startup”=“C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe” [2004-06-16 05:03] “ISUSScheduler”=“C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe” [2004-06-16 05:03] “Kernel and Hardware Abstraction Layer”=“KHALMNPR.EXE” [] “nwiz”=“nwiz.exe” [2007-10-04 17:14 C:\WINDOWS\system32\nwiz.exe] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “Dzieńdobry!”=“C:\Program Files\VSD Software\Dzieńdobry!\dziendobry.exe” [] “Free Uploader Oe Integration”=“C:\Program Files\Free Download Manager\FUM\fumoei.exe” [2007-06-10 18:02] [HKEY_USERS.default\software\microsoft\windows\currentversion\run] “Spyware Doctor”= [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] “{57B86673-276A-48B2-BAE7-C6DBB3020EB8}”=“C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll” [2006-09-28 15:13] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] “appinit_dlls”= [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\WdfLoadGroup] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs* Contents of the ‘Scheduled Tasks’ folder 2007-11-18 18:04:09 C:\WINDOWS\tasks\AppleSoftwareUpdate.job ******************************************************************** catchme 0.3.692 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-11-20 23:10:16 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden files: 0 ******************************************************************** Completion time: 2007-11-20 23:10:46 C:\ComboFix-quarantined-files.txt … 2007-11-20 23:10 — E O F —

Gutek · 20 Listopad 2007 22:16

To nie jest wina syfu

El_Mariachi · 20 Listopad 2007 22:20

No nic, w takim razie zrobię reinstalkę Mozilli. Może to coś da.