Nie chcą wchodzić strony WWW


(Zbynek144) #1

Mam taki problem, że mimo iż internet jest włączony, nie mogę wejść na żadną stronę WWW. Proszę o pomoc...

Wykaz z HiJackThis:

Logfile of HijackThis v1.99.1

Scan saved at 13:49:40, on 2007-08-05

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\WINDOWS\System32\RunDll32.exe

C:\PROGRA~1\NEOSTR~1\CnxMon.exe

C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe

C:\Program Files\Neostrada TP\taskbaricon.exe

C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe

C:\Program Files\BullsEye Network\bin\bargains.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\programy\QuickTime\qttask.exe

C:\Program Files\Winamp\winampa.exe

C:\WINDOWS\System32\winxp_sp3.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\sxe.exe

C:\WINDOWS\System32\WUAUMQR3.EXE

C:\WINDOWS\System32\ctfmon.exe

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\System32\alg32.exe

C:\WINDOWS\msdevmgr32.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\WINDOWS\System32\msq23.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\System32\nppjou.exe

C:\Program Files\Corel\Graphics9\Register\Remind32.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\Programy\RegCleaner\RegCleanr.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Neostrada TP\NeostradaTP.exe

C:\Program Files\Neostrada TP\ComComp.exe

C:\Program Files\Neostrada TP\Watch.exe

C:\Program Files\Opera\Opera.exe

C:\Documents and Settings\Zbigniew\Pulpit\aNTIDIALER\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.openarticles.info

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

R3 - URLSearchHook: (no name) - _{08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file)

R3 - URLSearchHook: (no name) - _{00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)

R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program

Files\MyWebSearch\SrchAstt\4.bin\MWSSRCAS.DLL (file missing)

O1 - Hosts: 217.96.35.130 auto.search.msn.com

O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem220.dll (file missing)

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program

Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: My Global Search Bar BHO - {37B85A21-692B-4205-9CAD-2626E4993404} - C:\Program

Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL

O2 - BHO: RXResultTracker Class - {59879FA4-4790-461c-A1CC-4EC4DE4CA483} -

C:\PROGRA~1\RXTOOL~1\sfcont.dll (file missing)

O2 - BHO: BHObj Class - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - C:\WINDOWS\wsem303.dll (file

missing)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program

files\google\googletoolbar3.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program

Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O3 - Toolbar: ISTbar - {FAA356E4-D317-42a6-AB41-A3021C6E7D52} - C:\Program Files\ISTbar\istbarcm.dll (file

missing)

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Program

Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program

files\google\googletoolbar3.dll

O4 - HKLM..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM..\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe

O4 - HKLM..\Run: [speedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch

USB\Dragdiag.exe" /icon

O4 - HKLM..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe

O4 - HKLM..\Run: [WOOTASKBARICON] C:\Program Files\Neostrada TP\taskbaricon.exe

O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe

O4 - HKLM..\Run: [bullsEye Network] C:\Program Files\BullsEye Network\bin\bargains.exe

O4 - HKLM..\Run: [CMESys] "C:\Program Files\Common Files\CMEII\CMESys.exe"

O4 - HKLM..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM..\Run: [Media Gateway] C:\Program Files\Media Gateway\MediaGateway.exe

O4 - HKLM..\Run: [QuickTime Task] "C:\programy\QuickTime\qttask.exe" -atboottime

O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe

O4 - HKLM..\Run: [Winamp Media] C:\WINDOWS\System32\qmedia.exe

O4 - HKLM..\Run: [Windows Security Center Notification Appls] C:\WINDOWS\System32\sxe.exe

O4 - HKLM..\Run: [Windows Vista Corparation Agent Services] C:\WINDOWS\System32\winxp_sp3.exe

O4 - HKLM..\Run: [internet Security Service] msq23.exe

O4 - HKLM..\Run: [Windows Secure Update] nppjou.exe

O4 - HKLM..\Run: [Microsoft Device Manager] C:\WINDOWS\msdevmgr32.exe

O4 - HKLM..\Run: [Office Monitor] C:\WINDOWS\System32\alg32.exe

O4 - HKLM..\Run: [Winsock2 driver .] WUAUMQR3.EXE

O4 - HKLM..\Run: [Edzy AntiVirus] dyrzez.exe

O4 - HKLM..\Run: [Windows Update] dosyam

O4 - HKLM..\RunServices: [internet Security Service] msq23.exe

O4 - HKLM..\RunServices: [Windows Secure Update] nppjou.exe

O4 - HKLM..\RunServices: [Edzy AntiVirus] dyrzez.exe

O4 - HKLM..\RunServices: [Windows Update] dosyam

O4 - HKCU..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU..\Run: [Komunikator] C:\Program Files\Tlen.pl\tlen.exe

O4 - HKCU..\Run: [WhenUSave] "C:\Program Files\Save\Save.exe"

O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU..\Run: [ActiveSync] C:\WINDOWS\System32\wcescom32.exe

O4 - HKCU..\Run: [Winamp Media] C:\WINDOWS\System32\qmedia.exe

O4 - HKCU..\Run: [Windows Security Center Notification Appls] C:\WINDOWS\System32\sxe.exe

O4 - HKCU..\Run: [Windows Vista Corparation Agent Services] C:\WINDOWS\System32\winxp_sp3.exe

O4 - HKCU..\Run: [internet Security Service] msq23.exe

O4 - HKCU..\Run: [Windows Secure Update] nppjou.exe

O4 - HKCU..\Run: [Office Monitor] C:\WINDOWS\System32\alg32.exe

O4 - HKCU..\Run: [Windows Update] dosyam

O4 - HKCU..\RunServices: [Windows Update] dosyam

O4 - HKCU..\RunOnce: [Winsock2 driver .] WUAUMQR3.EXE

O4 - Startup: Rejestrowanie produktów Corela.lnk = C:\Program Files\Corel\Graphics9\Register\Remind32.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Programy\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: &Search -

http://edits.mywebsearch.com/toolbaredi ... xdm344YYPL

O8 - Extra context menu item: E&ksport do programu Microsoft Excel -

res://C:\Programy\MICROS~1\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: E&xport to Microsoft Excel -

res://C:\Programy\MICROS~1\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.5.0_04\bin\npjpi150_04.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.5.0_04\bin\npjpi150_04.dll

O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\Program

Files\SideFind\sidefind.dll (file missing)

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -

C:\Programy\MICROS~1\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} -

C:\WINDOWS\web\related.htm

O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)

O16 - DPF: {11010101-1001-1111-1000-110112345678} -

ms-its:mhtml:file://C:oo.mht! http://www.toyssex.net/web.chm::/win32.exe

O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} -

http://static.windupdates.com/cab/Media ... dge-c1.cab

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} -

http://ak.imgfarm.com/images/nocache/fu ... 0.0.15.cab

O16 - DPF: {33331111-1111-1111-1111-611111193457} - file://c:\ex.cab

O16 - DPF: {33331111-1111-1111-1111-611111193458} - file://c:\ex.cab

O16 - DPF: {33331111-1111-1111-1111-622221193458} - file://c:\ex.cab

O16 - DPF: {64311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab

O16 - DPF: {7C559105-9ECF-42B8-B3F7-832E75EDD959} (Installer Class) -

http://www.xxxtoolbar.com/ist/softwares ... cracks.cab

O16 - DPF: {99410CDE-6F16-42ce-9D49-3807F78F0287} (ClientInstaller Class) -

http://www.180searchassistant.com/180saax.cab

O17 - HKLM\System\CCS\Services\Tcpip..{79011D9B-4B36-4BA3-B8F6-1BA926D32502}: NameServer =

194.204.159.1 217.98.63.164

O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - C:\PROGRA~1\RXTOOL~1\sfcont.dll

O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34546} -

C:\WINDOWS\System32\vbsys2.dll (file missing)

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil

Software\Avast4\aswUpdSv.exe

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe"

/service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe"

/service (file missing)

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google

Updater\GoogleUpdaterService.exe

O23 - Service: Windows Installer Manager (INService) - Unknown owner - C:\WINDOWS\System32\winins.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: VideoAcceleratorEngine - Unknown owner -

C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe (file missing)

Wykaz z ComboFix:

ComboFix 07-08-04.3 - "Zbigniew" 2007-08-05 13:52:33.1 [GMT 2:00] - NTFS

Microsoft Windows XP Professional 5.1.2600.0.1250.1.1045.18.Prawda

* Created a new restore point

ADS removed - svchost.exe: deleted 68 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\Program Files\FunWebProducts

C:\Program Files\FunWebProducts\PopSwatr\History\allowed

C:\Program Files\FunWebProducts\PopSwatr\History\notallow

C:\Program Files\FunWebProducts\ScreenSaver\Cache\001560B7.swf

C:\Program Files\FunWebProducts\ScreenSaver\Cache\0023112C

C:\Program Files\FunWebProducts\ScreenSaver\Cache\0038B257.jpg

C:\Program Files\FunWebProducts\ScreenSaver\Cache\files.ini

C:\Program Files\FunWebProducts\ScreenSaver\Images\00156839.dat

C:\Program Files\FunWebProducts\ScreenSaver\Images\002243F9.urr

C:\Program Files\FunWebProducts\ScreenSaver\Images\00230247.urr

C:\Program Files\FunWebProducts\ScreenSaver\Images\00234D0C.dat

C:\Program Files\FunWebProducts\ScreenSaver\Images\0038BCE7.dat

C:\Program Files\FunWebProducts\ScreenSaver\Images\003F848F.dat

C:\Program Files\FunWebProducts\ScreenSaver\Images\wrkparam.lst

C:\Program Files\FunWebProducts\Shared\001A1975.dat

C:\Program Files\FunWebProducts\Shared\Cache\CursorManiaBtn.html

C:\Program Files\FunWebProducts\Shared\Cache\MailStampBtn.html

C:\Program Files\FunWebProducts\Shared\Cache\MyStationeryBtn.html

C:\Program Files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html

C:\Program Files\internet optimizer

C:\Program Files\ISTsvc

C:\Program Files\myglobalsearch

C:\Program Files\myglobalsearch\bar\1.bin\M9FFXTBR.JAR

C:\Program Files\myglobalsearch\bar\1.bin\M9FFXTBR.MANIFEST

C:\Program Files\myglobalsearch\bar\1.bin\M9NTSTBR.JAR

C:\Program Files\myglobalsearch\bar\1.bin\M9NTSTBR.MANIFEST

C:\Program Files\myglobalsearch\bar\1.bin\M9PLUGIN.DLL

C:\Program Files\myglobalsearch\bar\1.bin\MGSBAR.DLL

C:\Program Files\myglobalsearch\bar\1.bin\NPMYGLSH.DLL

C:\Program Files\myglobalsearch\bar\Cache\00897804.bin

C:\Program Files\myglobalsearch\bar\Cache\00897D44.bin

C:\Program Files\myglobalsearch\bar\Cache\00898B6D.bin

C:\Program Files\myglobalsearch\bar\Cache\files.ini

C:\Program Files\myglobalsearch\bar\History\search

C:\Program Files\myglobalsearch\bar\Settings\prevcfg.htm

C:\Program Files\MyWebSearch

C:\Program Files\MyWebSearch\bar\2.bin\F3BKGERR.JPG

C:\Program Files\MyWebSearch\bar\2.bin\F3CJPEG.DLL

C:\Program Files\MyWebSearch\bar\2.bin\F3DTACTL.DLL

C:\Program Files\MyWebSearch\bar\2.bin\F3HISTSW.DLL

C:\Program Files\MyWebSearch\bar\2.bin\F3HTMLMU.DLL

C:\Program Files\MyWebSearch\bar\2.bin\F3IMSTUB.DLL

C:\Program Files\MyWebSearch\bar\2.bin\F3POPSWT.DLL

C:\Program Files\MyWebSearch\bar\2.bin\F3PSSAVR.SCR

C:\Program Files\MyWebSearch\bar\2.bin\F3REPROX.DLL

C:\Program Files\MyWebSearch\bar\2.bin\F3RESTUB.DLL

C:\Program Files\MyWebSearch\bar\2.bin\F3SCHMON.EXE

C:\Program Files\MyWebSearch\bar\2.bin\F3SCRCTR.DLL

C:\Program Files\MyWebSearch\bar\2.bin\F3SHLLVW.DLL

C:\Program Files\MyWebSearch\bar\2.bin\F3SPACER.WMV

C:\Program Files\MyWebSearch\bar\2.bin\F3WALLPP.DAT

C:\Program Files\MyWebSearch\bar\2.bin\F3WPHOOK.DLL

C:\Program Files\MyWebSearch\bar\2.bin\M3FFXTBR.JAR

C:\Program Files\MyWebSearch\bar\2.bin\M3FFXTBR.MANIFEST

C:\Program Files\MyWebSearch\bar\2.bin\M3IDLE.DLL

C:\Program Files\MyWebSearch\bar\2.bin\M3NTSTBR.JAR

C:\Program Files\MyWebSearch\bar\2.bin\M3NTSTBR.MANIFEST

C:\Program Files\MyWebSearch\bar\2.bin\M3OUTLCN.DLL

C:\Program Files\MyWebSearch\bar\2.bin\M3PLUGIN.DLL

C:\Program Files\MyWebSearch\bar\2.bin\M3SKIN.DLL

C:\Program Files\MyWebSearch\bar\2.bin\M3SKPLAY.EXE

C:\Program Files\MyWebSearch\bar\2.bin\MWSOEMON.EXE

C:\Program Files\MyWebSearch\bar\2.bin\NPMYWEBS.DLL

C:\Program Files\MyWebSearch\bar\3.bin\MWSOEMON.EXE

C:\Program Files\MyWebSearch\bar\Cache\00BBC9AB

C:\Program Files\MyWebSearch\bar\Cache\00BBD757.bin

C:\Program Files\MyWebSearch\bar\Cache\00BBDBBC.bin

C:\Program Files\MyWebSearch\bar\Cache\00BBDE8B.bin

C:\Program Files\MyWebSearch\bar\Cache\00E58FA3.bin

C:\Program Files\MyWebSearch\bar\Cache\00E593F9.bin

C:\Program Files\MyWebSearch\bar\Cache\00E5985E.bin

C:\Program Files\MyWebSearch\bar\Cache\00E59DEB.bin

C:\Program Files\MyWebSearch\bar\Cache\0188B35F

C:\Program Files\MyWebSearch\bar\Cache\files.ini

C:\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S

C:\Program Files\MyWebSearch\bar\Game\CHESS.F3S

C:\Program Files\MyWebSearch\bar\Game\REVERSI.F3S

C:\Program Files\MyWebSearch\bar\History\search

C:\Program Files\MyWebSearch\bar\History\search2

C:\Program Files\MyWebSearch\bar\Settings\prevcfg.htm

C:\Program Files\MyWebSearch\bar\Settings\prevcfg2.htm

C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat

C:\Program Files\MyWebSearch\bar\Settings\settings.dat

C:\Program Files\MyWebSearch\bar\Settings\settings.dat.bak

C:\Program Files\MyWebSearch\bar\Settings\settings.htm

C:\Program Files\MyWebSearch\bar\Settings\settings.htm.bak

C:\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL

C:\Program Files\SideFind

C:\Program Files\SideFind\sfexd001

C:\Program Files\SurfAccuracy

C:\Program Files\SurfAccuracy\SAcc.cfg

C:\WINDOWS\system32\a.exe

C:\WINDOWS\system32\f3PSSavr.scr

((((((((((((((((((((((((( Files Created from 2007-07-05 to 2007-08-05 )))))))))))))))))))))))))))))))

2007-08-05 13:51 51,200 --a------ C:\WINDOWS\nircmd.exe

2007-08-05 13:35 53,248 --a------ C:\WINDOWS\system32\Process.exe

2007-08-05 13:35 51,200 --a------ C:\WINDOWS\system32\dumphive.exe

2007-08-05 13:35 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe

2007-08-05 13:33

2007-08-04 11:36 19,456 --a--c--- C:\frize.exe

2007-08-02 22:46 19,456 --a------ C:\WINDOWS\fpixel.exe

2007-08-02 16:17 174,592 --a--c--- C:\dfps.exe

2007-08-02 15:18 285,696 --a------ C:\WINDOWS\yuahdjs.exe

2007-07-31 23:24 131,072 ---h----- C:\WINDOWS\system32\ohgjowtt.exe

2007-07-30 12:49 131,072 ---h----- C:\WINDOWS\system32\pmpeusth.exe

2007-07-29 21:46 131,072 ---h----- C:\WINDOWS\system32\gssqsniz.exe

2007-07-29 21:38 131,072 ---h----- C:\WINDOWS\system32\uxcavgrh.exe

2007-07-29 19:15 131,072 ---h----- C:\WINDOWS\system32\wuaumqr3.exe

2007-07-29 19:15

2007-07-29 17:39 6,479 --a--c--- C:\a.bat

2007-07-28 10:32 129,522 --a------ C:\WINDOWS\ajrhse.exe

2007-07-25 16:43 51,200 --a------ C:\WINDOWS\jasyhrtghsa.exe

2007-07-23 09:34 66,048 --a------ C:\WINDOWS\qwhtlsj.exe

2007-07-23 08:33 66,048 --a------ C:\WINDOWS\system32\alg32.exe

2007-07-21 10:38 51,200 --a------ C:\WINDOWS\jshthsx.exe

2007-07-21 10:38 51,200 ---h----- C:\WINDOWS\msdevmgr32.exe

2007-07-20 13:44 79,282 --a------ C:\WINDOWS\system32\aopjch.exe

2007-07-19 19:08 103,210 --a------ C:\WINDOWS\rkhase.exe

2007-07-19 11:20 103,210 --a------ C:\WINDOWS\jrhasghx.exe

2007-07-18 19:29 103,210 --a------ C:\WINDOWS\system32\hrhhxj.exe

2007-07-18 11:16 250,368 --a------ C:\WINDOWS\system32\rkljsxh.exe

2007-07-18 11:14 103,210 --a------ C:\WINDOWS\urj32.exe

2007-07-18 11:12 79,282 --a------ C:\WINDOWS\system32\dslmmp.exe

2007-07-18 11:00 53,523 --a------ C:\WINDOWS\gsc.exe

2007-07-17 17:45 250,368 --a------ C:\WINDOWS\ge.exe

2007-07-17 12:18 103,210 --a------ C:\WINDOWS\pekjx.exe

2007-07-15 21:36 103,210 --a------ C:\WINDOWS\system32\pwjsahxk.exe

2007-07-15 21:30 250,368 --a------ C:\WINDOWS\yoasxhk.exe

2007-07-15 13:16 53,523 --a------ C:\WINDOWS\ahsgryh.exe

2007-07-15 13:13 250,368 --a------ C:\WINDOWS\system32\hagxuh.exe

2007-07-15 12:33 79,282 --a------ C:\WINDOWS\rkhsaxgh.exe

2007-07-15 12:23 27 --a------ C:\WINDOWS\tamer.bat

2007-07-15 12:23 250,368 --a------ C:\WINDOWS\tyjkasxh.exe

2007-07-14 20:56 250,368 --a------ C:\WINDOWS\system32\kfpsajxh.exe

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2060-08-18 19:02 1496064 --a--c--- C:\WINDOWS\system32\CC3250MT.DLL

2060-08-18 18:40 909824 --a--c--- C:\WINDOWS\system32\cp3245mt.dll

2060-08-18 18:40 24064 --a--c--- C:\WINDOWS\system32\borlndmm.dll

2007-08-05 13:44 --------- d----c--- C:\Program Files\BullsEye Network

2007-08-05 13:43 --------- d----c--- C:\Program Files\Neostrada TP

2007-08-05 13:34 --------- d----c--- C:\DOCUME~1\Zbigniew\DANEAP~1\Opera

2007-07-28 15:49 42496 --a--c--- C:\WINDOWS\system32\ftp.exe

2007-07-28 15:49 42496 --a--c--- C:\WINDOWS\system32\dllcache\ftp.exe

2007-07-28 15:49 16896 --a--c--- C:\WINDOWS\system32\tftp.exe

2007-07-28 15:49 16896 --a--c--- C:\WINDOWS\system32\dllcache\tftp.exe

2007-07-28 00:07 783224 --a------ C:\WINDOWS\system32\aswBoot.exe

2007-07-28 00:02 94416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys

2007-07-28 00:02 92848 --a--c--- C:\WINDOWS\system32\drivers\aswmon.sys

2007-07-28 00:00 23152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys

2007-07-27 23:59 42912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys

2007-07-27 23:58 26624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys

2007-07-27 23:57 95608 --a--c--- C:\WINDOWS\system32\AVASTSS.scr

2007-07-25 15:04 --------- d--h----- C:\Program Files\InstallShield Installation Information

2007-07-25 15:04 --------- d-------- C:\Program Files\Common Files\GraphBoard 1.00

2007-07-25 14:53 --------- d-------- C:\Program Files\PWN

2007-06-23 20:57 107008 --a------ C:\WINDOWS\system32\winxp_sp3.exe

2007-06-18 14:26 --------- d----c--- C:\Program Files\Save

2007-06-15 12:37 64512 --a------ C:\WINDOWS\system32\sxe.exe

2007-06-08 13:23 --------- d----c--- C:\DOCUME~1\Zbigniew\DANEAP~1\DivX

2007-06-07 16:55 51991 --a------ C:\WINDOWS\vmrtkjh.exe

2007-06-07 16:55 51984 --a------ C:\WINDOWS\wqptklj.exe

2007-06-07 16:52 51991 --a------ C:\WINDOWS\system32\krarjh.exe

2007-06-07 16:44 51984 --a------ C:\WINDOWS\ptksth.exe

2007-06-07 16:44 101148 --a------ C:\WINDOWS\prurjxh.exe

2007-05-11 19:54 524288 --a------ C:\WINDOWS\system32\DivXsm.exe

2007-05-11 06:37 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll

2007-05-11 06:37 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll

2007-05-11 06:37 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll

2007-05-11 06:37 740442 --a------ C:\WINDOWS\system32\DivX.dll

2007-05-10 16:21 133120 --a------ C:\WINDOWS\system32\sfc_os.dll

2004-05-05 20:02 20896 --a--c--- C:\DOCUME~1\Zbigniew\DANEAP~1\GDIPFONTCACHEV1.DAT

2003-11-21 18:32 900 --a--c--- C:\Program Files\INSTALL.LOG

1998-04-30 15:56 129024 --a--c--- C:\Program Files\UNWISE.EXE

2001-10-26 17:29:52 372,310 --sh--r C:\WINDOWS\system32\msq23.exe

2001-10-26 17:29:52 250,368 --sh--r C:\WINDOWS\system32\nppjou.exe

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects{00000010-6F7D-442C-93E3-4A4827C2E4C8}]

C:\WINDOWS\nem220.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects{59879FA4-4790-461c-A1CC-4EC4DE4CA483}]

C:\PROGRA~1\RXTOOL~1\sfcont.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects{8F4E5661-F99E-4B3E-8D85-0EA71C0748E4}]

C:\WINDOWS\wsem303.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{FAA356E4-D317-42A6-AB41-A3021C6E7D52}"= C:\Program Files\ISTbar\istbarcm.dll []

[HKEY_CLASSES_ROOT\CLSID{FAA356E4-D317-42A6-AB41-A3021C6E7D52}]

[HKEY_CLASSES_ROOT\ISTbar.BarObj]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-06-25 16:30]

"Cmaudio"="cmicnfg.cpl" []

"WooCnxMon"="C:\PROGRA~1\NEOSTR~1\CnxMon.exe" [2003-10-16 19:07]

"SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 11:38]

"WOOWATCH"="C:\PROGRA~1\NEOSTR~1\Watch.exe" [2003-10-16 19:07]

"WOOTASKBARICON"="C:\Program Files\Neostrada TP\taskbaricon.exe" [2003-10-16 19:07]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe" [2005-06-03 03:52]

"BullsEye Network"="C:\Program Files\BullsEye Network\bin\bargains.exe" [2005-10-24 21:33]

"CMESys"="C:\Program Files\Common Files\CMEII\CMESys.exe" []

"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-07-28 00:03]

"Media Gateway"="C:\Program Files\Media Gateway\MediaGateway.exe" []

"QuickTime Task"="C:\programy\QuickTime\qttask.exe" [2003-11-14 17:44]

"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-02-13 20:29]

"Winamp Media"="C:\WINDOWS\System32\qmedia.exe" []

"Windows Security Center Notification Appls"="C:\WINDOWS\System32\sxe.exe" [2007-06-15 12:37]

"Windows Vista Corparation Agent Services"="C:\WINDOWS\System32\winxp_sp3.exe" [2007-06-23 20:57]

"Internet Security Service "="msq23.exe" [2001-10-26 19:29 C:\WINDOWS\system32\msq23.exe]

"Windows Secure Update "="nppjou.exe" [2001-10-26 19:29 C:\WINDOWS\system32\nppjou.exe]

"Microsoft Device Manager"="C:\WINDOWS\msdevmgr32.exe" [2007-07-21 10:38]

"Office Monitor"="C:\WINDOWS\System32\alg32.exe" [2007-07-23 08:33]

"Winsock2 driver ."="WUAUMQR3.EXE" [2007-07-29 19:15 C:\WINDOWS\system32\wuaumqr3.exe]

"Edzy AntiVirus"="dyrzez.exe" []

"Windows Update"="dosyam" [2001-10-26 19:29 C:\WINDOWS\system32\dosyam]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2001-10-26 19:29]

"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2001-08-02 08:14]

"Komunikator"="C:\Program Files\Tlen.pl\tlen.exe" []

"WhenUSave"="C:\Program Files\Save\Save.exe" []

"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-13 21:41]

"ActiveSync"="C:\WINDOWS\System32\wcescom32.exe" []

"Winamp Media"="C:\WINDOWS\System32\qmedia.exe" []

"Windows Security Center Notification Appls"="C:\WINDOWS\System32\sxe.exe" [2007-06-15 12:37]

"Windows Vista Corparation Agent Services"="C:\WINDOWS\System32\winxp_sp3.exe" [2007-06-23 20:57]

"Internet Security Service "="msq23.exe" [2001-10-26 19:29 C:\WINDOWS\system32\msq23.exe]

"Windows Secure Update "="nppjou.exe" [2001-10-26 19:29 C:\WINDOWS\system32\nppjou.exe]

"Office Monitor"="C:\WINDOWS\System32\alg32.exe" [2007-07-23 08:33]

"Windows Update"="dosyam" [2001-10-26 19:29 C:\WINDOWS\system32\dosyam]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]

"Winsock2 driver ."=WUAUMQR3.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runservices]

"Windows Update"=dosyam

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]

"Internet Security Service "=msq23.exe

"Windows Secure Update "=nppjou.exe

"Edzy AntiVirus"=dyrzez.exe

"Windows Update"=dosyam

[HKEY_USERS.default\software\microsoft\windows\currentversion\run]

"Windows Security Center Notification Appls"=C:\WINDOWS\System32\sxe.exe

"Windows Vista Corparation Agent Services"=C:\WINDOWS\System32\winxp_sp3.exe

C:\Documents and Settings\Zbigniew\Menu Start\Programy\Autostart\

Rejestrowanie produkt˘w Corela.lnk - C:\Program Files\Corel\Graphics9\Register\Remind32.exe [2005-03-27 12:34:37]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\

Microsoft Office.lnk - C:\Programy\Microsoft Office\Office10\OSA.EXE [2001-02-13 11:01:04]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

"SystemCheck2"= {54645654-2225-4455-44A1-9F4543D34546} - C:\WINDOWS\System32\vbsys2.dll []

R2 atksgt;atksgt;C:\WINDOWS\System32\DRIVERS\atksgt.sys

R2 INService;Windows Installer Manager;C:\WINDOWS\System32\winins.exe

R2 lirsgt;lirsgt;C:\WINDOWS\System32\DRIVERS\lirsgt.sys

R3 alcan5wn;SpeedTouch USB ADSL PPP Networking Driver (NDISWAN);C:\WINDOWS\System32\DRIVERS\alcan5wn.sys

R3 cmuda;C-Media WDM Audio Interface;C:\WINDOWS\System32\drivers\cmuda.sys

R3 ms_mpu401;Sterownik portu MIDI UART Microsoft MPU-401;C:\WINDOWS\System32\drivers\msmpu401.sys

R3 msloop;Sterownik karty Microsoft Loopback;C:\WINDOWS\System32\DRIVERS\loop.sys

S3 TSP;TSP;\??\C:\WINDOWS\system32\drivers\klif.sys

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-08-05 13:57:24

Windows 5.1.2600 NTFS

scanning hidden processes ...

C:\WINDOWS\system32\winins.exe [2000] 0x810AB3F8

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]

"TracesProcessed"=dword:00000557

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\A\1\5\1c]

"Order"=hex:08,00,00,00,02,00,00,00,b8,01,00,00,01,00,00,00,04,00,00,00,8c,..

scanning hidden files ...

**************************************************************************

Completion time: 2007-08-05 13:59:26

C:\ComboFix-quarantined-files.txt ... 2007-08-05 13:58

--- E O F ---


(jessica) #2

Ale kolekcja!

Te w/w wpisy sfiksuj w Hijacku:

>>Hijack>>scan(Do a system scan only)>>zaznacz je >> Fix checked.

pobierz Windows Worms Doors Cleaner

ustaw znaczki na zielono, Netbios może być na żółto.

Po użyciu narzędzia wymagany jest restart.

Wklej do Notatnika :

File::

C:\WINDOWS\nem220.dll

C:\Program Files\BullsEye Network\bin\bargains.exe

C:\Program Files\Common Files\CMEII\CMESys.exe"

C:\Program Files\Media Gateway\MediaGateway.exe

C:\PROGRA~1\RXTOOL~1\sfcont.dll

C:\WINDOWS\System32\qmedia.exe

C:\WINDOWS\System32\sxe.exe 

C:\WINDOWS\System32\winxp_sp3.exe

C:\WINDOWS\System32\msq23.exe

C:\WINDOWS\System32\nppjou.exe

C:\WINDOWS\msdevmgr32.exe

C:\WINDOWS\System32\WUAUMQR3.EXE

C:\WINDOWS\system32\dosyam

C:\Program Files\Save\Save.exe

C:\WINDOWS\System32\vbsys2.dll

C:\WINDOWS\system32\kfpsajxh.exe

C:\WINDOWS\tyjkasxh.exe

C:\WINDOWS\tamer.bat

C:\WINDOWS\rkhsaxgh.exe

C:\WINDOWS\system32\hagxuh.exe

C:\WINDOWS\ahsgryh.exe

C:\WINDOWS\yoasxhk.exe

C:\WINDOWS\system32\pwjsahxk.exe

C:\WINDOWS\pekjx.exe

C:\WINDOWS\ge.exe

C:\WINDOWS\gsc.exe

C:\WINDOWS\system32\dslmmp.exe

C:\WINDOWS\yuahdjs.exe 

C:\WINDOWS\system32\ohgjowtt.exe 

C:\WINDOWS\system32\pmpeusth.exe 

C:\WINDOWS\system32\gssqsniz.exe 

C:\WINDOWS\system32\uxcavgrh.exe

C:\WINDOWS\ajrhse.exe 

C:\WINDOWS\jasyhrtghsa.exe 

C:\WINDOWS\qwhtlsj.exe

C:\frize.exe 

C:\WINDOWS\fpixel.exe

C:\WINDOWS\system32\kazaabackupfiles

C:\a.bat

C:\WINDOWS\jshthsx.exe

C:\WINDOWS\msdevmgr32.exe

C:\WINDOWS\system32\aopjch.exe

C:\WINDOWS\rkhase.exe

C:\WINDOWS\jrhasghx.exe

C:\WINDOWS\system32\hrhhxj.exe

C:\WINDOWS\system32\rkljsxh.exe

C:\WINDOWS\urj32.exe


Folder::

C:\Program Files\BullsEye Network 

C:\Program Files\Common Files\CMEII

C:\Program Files\Media Gateway

C:\PROGRA~1\RXTOOL~1

C:\Program Files\Save

>>Plik>>Zapisz jako... >>> ComboFix-Do (najwygodniej będzie,

jeśli zapiszesz w takiej lokalizacji, by ikonka ComboFix-Do znalazła się obok ikonki ComboFix.exe )

Przeciągnij i upuść plik ComboFix-Do.txt na plik ComboFix.exe

(czyli ikonkę ComboFix-Do.txt na ikonkę ComboFix.exe )

– tak jak na tym obrazku -->

(jeśli pojawi się pytanie " 1 or 2" - to wpisz 1 i naciśnij ENTER)

Po restarcie usuń ręcznie folder C: **** Qoobox.

Potem daj nowe logi, bo to nie koniec usuwania - jeszcze nie przejrzałam wszystkich plików - jest ich zbyt dużo tych podejrzanych.

.