Nie otwierają się strony - logi

r2911 · 5 Październik 2007 16:11

Czasami strony internetowe się nie otwierają np. onet, miniclip, peb.pl

w/w strony się w ogóle nie otwerają

Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:09:29, on 2007-10-05 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\SOUNDMAN.EXE C:\PROGRA~1\NEOSTR~1\CnxMon.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\VM305_STI.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe C:\WINDOWS\system32\taskmgr.exe C:\Program Files\ESET\nod32kui.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Alcohol Toolbar Helper - {8126A4A5-BFD3-46FE-BBDF-BFB5CF78E489} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll O3 - Toolbar: &Tłumaczenie - {0D704FAD-66E9-4F0A-BFED-4F665770DDB3} - C:\Program Files\Techland\Common\InternetTranslator\InternetTranslator.dll O3 - Toolbar: Alcohol Toolbar - {ED4BD629-C1B6-4399-8A34-02CCAA921DC9} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll O4 - HKLM…\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe O4 - HKLM…\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM…\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe O4 - HKLM…\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe O4 - HKLM…\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe O4 - HKLM…\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM…\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM…\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM…\Run: [bigDog305] C:\WINDOWS\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305) O4 - HKLM…\Run: [WinampAgent] E:\Winamp\winampa.exe O4 - HKLM…\Run: [WireLessKeyboard] C:\Program Files\Multimedia Keyboard Driver\StartAutorun.exe PS2USBKbdDrv.exe O4 - HKLM…\Run: [svchost] C:\Program Files\Internet Explorer\Setup\svchost.exe O4 - HKLM…\Run: [LClock] C:\Program Files\LClock\LClock.exe O4 - HKLM…\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime O4 - HKLM…\Run: [bearShare] “E:\muzyka\BearShare.exe” /pause O4 - HKLM…\Run: [nod32kui] “C:\Program Files\Eset\nod32kui.exe” /WAITSERVICE O4 - HKLM…\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU…\Run: [Gadu-Gadu] “D:\programy\Gadu gadu\Gadu-Gadu\gg.exe” /tray O4 - HKUS\S-1-5-19…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘USŁUGA LOKALNA’) O4 - HKUS\S-1-5-20…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘USŁUGA SIECIOWA’) O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’) O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’) O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\programy\adobe acrobat\Reader\reader_sl.exe O4 - Global Startup: Adobe Reader Synchronizer.lnk = D:\programy\adobe acrobat\Reader\AdobeCollabSync.exe O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {B46B0919-62BA-4D99-A5C4-916B57A6805C} - C:\Program Files\Techland\Common\InternetTranslator\InternetTranslator.dll O9 - Extra ‘Tools’ menuitem: @C:\Program Files\Techland\Common\InternetTranslator\InternetTranslator.dll,-103 - {B46B0919-62BA-4D99-A5C4-916B57A6805C} - C:\Program Files\Techland\Common\InternetTranslator\InternetTranslator.dll O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200 … plugin.cab O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.eu/buxus/docs/programs/ … canner.cab O17 - HKLM\System\CCS\Services\Tcpip…{36D320FD-E89D-4058-B684-DB8386923BB7}: NameServer = 194.204.159.1 217.98.63.164 O17 - HKLM\System\CS1\Services\Tcpip…{36D320FD-E89D-4058-B684-DB8386923BB7}: NameServer = 194.204.159.1 217.98.63.164 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing) O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe – End of file - 6507 bytes

adam9870 · 5 Październik 2007 17:02

Użyj Windows Worms Doors Cleanera zmień znaczki z disable na enable (wszystkie znaczki maja być na zielono, jeżeli któryś z nich będzie na żółto to go zostaw). Po użyciu narzędzia wymagany jest restart.

Folder zaznaczony na czerwono usuń ręcznie z dysku w trybie awaryjnym natomiast wpis HijackThis.

Po wykonaniu wykonaj i wklej log z ComboFix.

r2911 · 5 Październik 2007 17:25

zrobiłem

niem ma tam folderu setup ani svchost.exe

Złączono Posta : 05.10.2007 (Pią) 19:28

ale strony już się otwierają dzięki wielkie

adam9870 · 5 Październik 2007 17:35

Proszę wykonać i wkleić log z ComboFix.

r2911 · 5 Październik 2007 17:49

ComboFix 07-10-05.3 - Robert 2007-10-05 19:45:01.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.159 [GMT 2:00] Running from: C:\Documents and Settings\Robert.59128A9CD8A44F1.000\Pulpit\ComboFix.exe . ((((((((((((((((((((((((( Files Created from 2007-09-05 to 2007-10-05 ))))))))))))))))))))))))))))))) . 2007-10-04 19:51 512,096 --a------ C:\WINDOWS\system32\drivers\amon.sys 2007-10-04 19:51 298,104 --a------ C:\WINDOWS\system32\imon.dll 2007-10-04 19:51 15,424 --a------ C:\WINDOWS\system32\drivers\nod32drv.sys 2007-10-03 21:22 2007-10-03 21:22 2007-10-01 20:00 2007-09-29 21:00 2007-09-29 20:59 2007-09-29 20:24 2007-09-28 15:39 229,057 --a------ C:\WINDOWS\Alcohol_Toolbar_Uninstaller_1531.exe 2007-09-28 15:39 2007-09-24 20:43 22,016 --a–c— C:\WINDOWS\system32\dllcache\msircomm.sys 2007-09-24 20:43 22,016 --a------ C:\WINDOWS\system32\drivers\MSIRCOMM.sys 2007-09-24 20:12 27,136 -ra------ C:\WINDOWS\system32\drivers\MA-620.sys 2007-09-22 20:52 2007-09-22 18:39 2007-09-20 20:23 2007-09-20 20:23 2007-09-19 18:00 2007-09-16 20:06 2007-09-16 19:51 2007-09-16 19:51 2007-09-16 19:15 2007-09-16 19:12 2007-09-16 19:12 2007-09-16 15:20 2007-09-16 15:20 2007-09-14 16:47 24,072 --a------ C:\WINDOWS\system32\uxtuneup.dll 2007-09-14 16:19 2007-09-12 18:34 2007-09-12 17:29 2007-09-07 15:46 2007-09-06 19:17 14,048 --------- C:\WINDOWS\system32\spmsg2.dll 2007-09-05 17:16 2007-09-05 17:16 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-10-04 19:46 --------- d-------- C:\Program Files\Kaspersky Lab 2007-10-03 21:22 --------- d-------- C:\Program Files\HP 2007-10-03 21:22 --------- d-------- C:\Program Files\Common Files\HP 2007-10-01 20:40 --------- d-------- C:\Documents and Settings\All Users\Dane aplikacji\Microsoft Help 2007-09-20 19:18 --------- d-------- C:\Documents and Settings\Robert.59128A9CD8A44F1.000\Dane aplikacji\Skype 2007-09-18 18:20 --------- d-------- C:\Program Files\Common Files\Wise Installation Wizard 2007-09-16 15:20 --------- d–h----- C:\Program Files\InstallShield Installation Information 2007-09-04 17:14 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf 2007-09-04 17:14 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_ggsemc_01005.Wdf 2007-09-04 17:10 19424 --a------ C:\WINDOWS\system32\drivers\ggsemc.sys 2007-09-04 17:10 1419232 --a------ C:\WINDOWS\system32\wdfcoinstaller01005.dll 2007-09-04 16:24 --------- d-------- C:\Program Files\Common Files\Skype 2007-09-04 16:18 --------- d-------- C:\Program Files\Skype 2007-09-03 14:02 --------- d-------- C:\Documents and Settings\Robert.59128A9CD8A44F1.000\Dane aplikacji\Gadu-Gadu 2007-09-02 19:41 --------- d-------- C:\Documents and Settings\Robert.59128A9CD8A44F1.000\Dane aplikacji\Media Player Classic 2007-09-02 17:28 --------- d-------- C:\Documents and Settings\Robert.59128A9CD8A44F1.000\Dane aplikacji\TuneUp Software 2007-09-02 17:22 --------- d-------- C:\Documents and Settings\Robert.59128A9CD8A44F1.000\Dane aplikacji\Lavasoft 2007-08-30 12:40 60416 --a------ C:\WINDOWS\system32\drivers\kebghtfx.sys 2007-08-30 12:40 1080 --a------ C:\skfoxqyq.bat 2007-08-29 20:11 60416 --a------ C:\WINDOWS\system32\drivers\glwltlkx.sys 2007-08-29 20:11 1080 --a------ C:\pgnrbymx.bat 2007-08-29 19:04 60416 --a------ C:\WINDOWS\system32\drivers\arqdtfyo.sys 2007-08-29 19:04 126976 --a------ C:\zip.exe 2007-08-29 19:04 1080 --a------ C:\buqqucgn.bat 2007-08-29 15:44 --------- d-------- C:\Program Files\Trend Micro 2007-08-26 17:18 --------- d-------- C:\Program Files\Disc2Phone 2007-08-26 16:16 --------- d-------- C:\Documents and Settings\All Users\Dane aplikacji\TuneUp Software 2007-08-19 12:23 --------- d-------- C:\Program Files\eMule 2007-08-16 15:09 --------- d-------- C:\Program Files\Stardock 2007-08-15 16:57 --------- d-------- C:\Program Files\MSXML 6.0 2007-08-12 16:15 5400 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd 2007-08-12 16:15 49715 --a------ C:\WINDOWS\BricoPackUninst.cmd 2007-08-11 18:42 685816 --a------ C:\WINDOWS\system32\drivers\sptd.sys 2007-08-09 15:24 --------- d-------- C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files 2007-07-31 14:05 1311335 --a------ C:\WINDOWS\system32\aquarium.scr 2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll 2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll 2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe 2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll 2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll 2007-07-30 19:19 271224 --a------ C:\WINDOWS\system32\mucltui.dll 2007-07-30 19:19 207736 --a------ C:\WINDOWS\system32\muweb.dll 2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll 2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll 2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll 2007-07-28 09:56 7680 --a------ C:\WINDOWS\system32\ff_vfw.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “PRONoMgr.exe”=“C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe” [2003-03-11 16:24] “SoundMan”=“SOUNDMAN.EXE” [2005-12-14 18:06 C:\WINDOWS\soundman.exe] “WooCnxMon”=“C:\PROGRA~1\NEOSTR~1\CnxMon.exe” [2003-10-16 18:07] “WOOWATCH”=“C:\PROGRA~1\NEOSTR~1\Watch.exe” [2003-10-16 18:07] “WOOTASKBARICON”=“C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe” [2003-10-16 18:07] “HP Software Update”=“C:\Program Files\HP\HP Software Update\HPWuSchd2.exe” [2006-02-19 02:41] “IgfxTray”=“C:\WINDOWS\system32\igfxtray.exe” [2004-10-08 02:31] “HotKeysCmds”=“C:\WINDOWS\system32\hkcmd.exe” [2004-10-08 02:27] “BigDog305”=“C:\WINDOWS\VM305_STI.exe” [2005-08-05 09:15] “WinampAgent”=“E:\Winamp\winampa.exe” [] “WireLessKeyboard”=“C:\Program Files\Multimedia Keyboard Driver\StartAutorun.exe” [] “LClock”=“C:\Program Files\LClock\LClock.exe” [] “QuickTime Task”=“C:\Program Files\QuickTime\qttask.exe” [2007-09-22 20:52] “BearShare”=“E:\muzyka\BearShare.exe” [] “nod32kui”=“C:\Program Files\Eset\nod32kui.exe” [2007-10-04 19:51] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“C:\WINDOWS\system32\ctfmon.exe” [2002-12-31 14:00] “Gadu-Gadu”=“D:\programy\Gadu gadu\Gadu-Gadu\gg.exe” [2007-04-19 17:43] C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\ Adobe Reader Speed Launch.lnk - D:\programy\adobe acrobat\Reader\reader_sl.exe [2006-10-23 01:48:20] Adobe Reader Synchronizer.lnk - D:\programy\adobe acrobat\Reader\AdobeCollabSync.exe [2006-10-23 00:01:50] DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2007-07-19 14:49:56] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^HP Digital Imaging Monitor.lnk] path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\HP Digital Imaging Monitor.lnk backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AAWTray] D:\programy\ad aware se\AAWTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount] “D:\programy\Alcohol 120\axcmd.exe” /automount [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EVEREST AutoStart] D:\programy\ Everest Ultimate Edition 2007 v4.00.1027\everest.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadu-Gadu] “D:\programy\Gadu gadu\Gadu-Gadu\gg.exe” /tray [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Glass2k] C:\Documents and Settings\Robert.59128A9CD8A44F1.000\Pulpit\Glass2k.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] “C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViStart] C:\Documents and Settings\Robert.59128A9CD8A44F1.000\Pulpit\vistart_polish_skin_default\ViStart R1 cpuidlep;CpuIdle Pro System Driver;C:\WINDOWS\system32\drivers\cpuidlep.sys R2 UxTuneUp;TuneUp Design Expansion;C:\WINDOWS\System32\svchost.exe -k netsvcs R3 ZSMC0305;A4 Tech PC Camera V;C:\WINDOWS\system32\Drivers\usbVM305.sys S3 AvFlt;Antivirus Filter Driver;C:\WINDOWS\system32\drivers\av5flt.sys HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . Contents of the ‘Scheduled Tasks’ folder “2007-10-05 15:15:00 C:\WINDOWS\Tasks\1-Click Maintenance.job” . ************************************************************************** catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-10-05 19:47:01 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes … scanning hidden autostart entries … HKLM\Software\Microsoft\Windows\CurrentVersion\Run BigDog305 = C:\WINDOWS\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)???0???@??? scanning hidden files … scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-10-05 19:48:19 C:\ComboFix-quarantined-files.txt … 2007-10-05 19:47 . — E O F —

Złączono Posta : 05.10.2007 (Pią) 19:49

ComboFix 07-10-05.3 - Robert 2007-10-05 19:45:01.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.159 [GMT 2:00] Running from: C:\Documents and Settings\Robert.59128A9CD8A44F1.000\Pulpit\ComboFix.exe . ((((((((((((((((((((((((( Files Created from 2007-09-05 to 2007-10-05 ))))))))))))))))))))))))))))))) . 2007-10-04 19:51 512,096 --a------ C:\WINDOWS\system32\drivers\amon.sys 2007-10-04 19:51 298,104 --a------ C:\WINDOWS\system32\imon.dll 2007-10-04 19:51 15,424 --a------ C:\WINDOWS\system32\drivers\nod32drv.sys 2007-10-03 21:22 2007-10-03 21:22 2007-10-01 20:00 2007-09-29 21:00 2007-09-29 20:59 2007-09-29 20:24 2007-09-28 15:39 229,057 --a------ C:\WINDOWS\Alcohol_Toolbar_Uninstaller_1531.exe 2007-09-28 15:39 2007-09-24 20:43 22,016 --a–c— C:\WINDOWS\system32\dllcache\msircomm.sys 2007-09-24 20:43 22,016 --a------ C:\WINDOWS\system32\drivers\MSIRCOMM.sys 2007-09-24 20:12 27,136 -ra------ C:\WINDOWS\system32\drivers\MA-620.sys 2007-09-22 20:52 2007-09-22 18:39 2007-09-20 20:23 2007-09-20 20:23 2007-09-19 18:00 2007-09-16 20:06 2007-09-16 19:51 2007-09-16 19:51 2007-09-16 19:15 2007-09-16 19:12 2007-09-16 19:12 2007-09-16 15:20 2007-09-16 15:20 2007-09-14 16:47 24,072 --a------ C:\WINDOWS\system32\uxtuneup.dll 2007-09-14 16:19 2007-09-12 18:34 2007-09-12 17:29 2007-09-07 15:46 2007-09-06 19:17 14,048 --------- C:\WINDOWS\system32\spmsg2.dll 2007-09-05 17:16 2007-09-05 17:16 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-10-04 19:46 --------- d-------- C:\Program Files\Kaspersky Lab 2007-10-03 21:22 --------- d-------- C:\Program Files\HP 2007-10-03 21:22 --------- d-------- C:\Program Files\Common Files\HP 2007-10-01 20:40 --------- d-------- C:\Documents and Settings\All Users\Dane aplikacji\Microsoft Help 2007-09-20 19:18 --------- d-------- C:\Documents and Settings\Robert.59128A9CD8A44F1.000\Dane aplikacji\Skype 2007-09-18 18:20 --------- d-------- C:\Program Files\Common Files\Wise Installation Wizard 2007-09-16 15:20 --------- d–h----- C:\Program Files\InstallShield Installation Information 2007-09-04 17:14 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf 2007-09-04 17:14 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_ggsemc_01005.Wdf 2007-09-04 17:10 19424 --a------ C:\WINDOWS\system32\drivers\ggsemc.sys 2007-09-04 17:10 1419232 --a------ C:\WINDOWS\system32\wdfcoinstaller01005.dll 2007-09-04 16:24 --------- d-------- C:\Program Files\Common Files\Skype 2007-09-04 16:18 --------- d-------- C:\Program Files\Skype 2007-09-03 14:02 --------- d-------- C:\Documents and Settings\Robert.59128A9CD8A44F1.000\Dane aplikacji\Gadu-Gadu 2007-09-02 19:41 --------- d-------- C:\Documents and Settings\Robert.59128A9CD8A44F1.000\Dane aplikacji\Media Player Classic 2007-09-02 17:28 --------- d-------- C:\Documents and Settings\Robert.59128A9CD8A44F1.000\Dane aplikacji\TuneUp Software 2007-09-02 17:22 --------- d-------- C:\Documents and Settings\Robert.59128A9CD8A44F1.000\Dane aplikacji\Lavasoft 2007-08-30 12:40 60416 --a------ C:\WINDOWS\system32\drivers\kebghtfx.sys 2007-08-30 12:40 1080 --a------ C:\skfoxqyq.bat 2007-08-29 20:11 60416 --a------ C:\WINDOWS\system32\drivers\glwltlkx.sys 2007-08-29 20:11 1080 --a------ C:\pgnrbymx.bat 2007-08-29 19:04 60416 --a------ C:\WINDOWS\system32\drivers\arqdtfyo.sys 2007-08-29 19:04 126976 --a------ C:\zip.exe 2007-08-29 19:04 1080 --a------ C:\buqqucgn.bat 2007-08-29 15:44 --------- d-------- C:\Program Files\Trend Micro 2007-08-26 17:18 --------- d-------- C:\Program Files\Disc2Phone 2007-08-26 16:16 --------- d-------- C:\Documents and Settings\All Users\Dane aplikacji\TuneUp Software 2007-08-19 12:23 --------- d-------- C:\Program Files\eMule 2007-08-16 15:09 --------- d-------- C:\Program Files\Stardock 2007-08-15 16:57 --------- d-------- C:\Program Files\MSXML 6.0 2007-08-12 16:15 5400 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd 2007-08-12 16:15 49715 --a------ C:\WINDOWS\BricoPackUninst.cmd 2007-08-11 18:42 685816 --a------ C:\WINDOWS\system32\drivers\sptd.sys 2007-08-09 15:24 --------- d-------- C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files 2007-07-31 14:05 1311335 --a------ C:\WINDOWS\system32\aquarium.scr 2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll 2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll 2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe 2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll 2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll 2007-07-30 19:19 271224 --a------ C:\WINDOWS\system32\mucltui.dll 2007-07-30 19:19 207736 --a------ C:\WINDOWS\system32\muweb.dll 2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll 2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll 2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll 2007-07-28 09:56 7680 --a------ C:\WINDOWS\system32\ff_vfw.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “PRONoMgr.exe”=“C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe” [2003-03-11 16:24] “SoundMan”=“SOUNDMAN.EXE” [2005-12-14 18:06 C:\WINDOWS\soundman.exe] “WooCnxMon”=“C:\PROGRA~1\NEOSTR~1\CnxMon.exe” [2003-10-16 18:07] “WOOWATCH”=“C:\PROGRA~1\NEOSTR~1\Watch.exe” [2003-10-16 18:07] “WOOTASKBARICON”=“C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe” [2003-10-16 18:07] “HP Software Update”=“C:\Program Files\HP\HP Software Update\HPWuSchd2.exe” [2006-02-19 02:41] “IgfxTray”=“C:\WINDOWS\system32\igfxtray.exe” [2004-10-08 02:31] “HotKeysCmds”=“C:\WINDOWS\system32\hkcmd.exe” [2004-10-08 02:27] “BigDog305”=“C:\WINDOWS\VM305_STI.exe” [2005-08-05 09:15] “WinampAgent”=“E:\Winamp\winampa.exe” [] “WireLessKeyboard”=“C:\Program Files\Multimedia Keyboard Driver\StartAutorun.exe” [] “LClock”=“C:\Program Files\LClock\LClock.exe” [] “QuickTime Task”=“C:\Program Files\QuickTime\qttask.exe” [2007-09-22 20:52] “BearShare”=“E:\muzyka\BearShare.exe” [] “nod32kui”=“C:\Program Files\Eset\nod32kui.exe” [2007-10-04 19:51] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“C:\WINDOWS\system32\ctfmon.exe” [2002-12-31 14:00] “Gadu-Gadu”=“D:\programy\Gadu gadu\Gadu-Gadu\gg.exe” [2007-04-19 17:43] C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\ Adobe Reader Speed Launch.lnk - D:\programy\adobe acrobat\Reader\reader_sl.exe [2006-10-23 01:48:20] Adobe Reader Synchronizer.lnk - D:\programy\adobe acrobat\Reader\AdobeCollabSync.exe [2006-10-23 00:01:50] DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2007-07-19 14:49:56] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^HP Digital Imaging Monitor.lnk] path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\HP Digital Imaging Monitor.lnk backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AAWTray] D:\programy\ad aware se\AAWTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount] “D:\programy\Alcohol 120\axcmd.exe” /automount [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EVEREST AutoStart] D:\programy\ Everest Ultimate Edition 2007 v4.00.1027\everest.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadu-Gadu] “D:\programy\Gadu gadu\Gadu-Gadu\gg.exe” /tray [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Glass2k] C:\Documents and Settings\Robert.59128A9CD8A44F1.000\Pulpit\Glass2k.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] “C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViStart] C:\Documents and Settings\Robert.59128A9CD8A44F1.000\Pulpit\vistart_polish_skin_default\ViStart R1 cpuidlep;CpuIdle Pro System Driver;C:\WINDOWS\system32\drivers\cpuidlep.sys R2 UxTuneUp;TuneUp Design Expansion;C:\WINDOWS\System32\svchost.exe -k netsvcs R3 ZSMC0305;A4 Tech PC Camera V;C:\WINDOWS\system32\Drivers\usbVM305.sys S3 AvFlt;Antivirus Filter Driver;C:\WINDOWS\system32\drivers\av5flt.sys HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . Contents of the ‘Scheduled Tasks’ folder “2007-10-05 15:15:00 C:\WINDOWS\Tasks\1-Click Maintenance.job” . ************************************************************************** catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-10-05 19:47:01 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes … scanning hidden autostart entries … HKLM\Software\Microsoft\Windows\CurrentVersion\Run BigDog305 = C:\WINDOWS\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)???0???@??? scanning hidden files … scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-10-05 19:48:19 C:\ComboFix-quarantined-files.txt … 2007-10-05 19:47 . — E O F —

Gutek · 5 Październik 2007 23:38

nie znam plików, skan plików na http://virusscan.jotti.org/ albo http://www.virustotal.com/en/indexf.html

Pobierz program SDFix

r2911 · 6 Październik 2007 13:04

wczoraj zainstalowałem outposta firewalla i wykrył 2 spyware i usunąłem je może dlatego

wynik 0/32 ( 0% )

Złączono Posta : 06.10.2007 (Sob) 15:11

wynik 0/32 ( 0% )

Złączono Posta : 06.10.2007 (Sob) 15:55

SDFix: Version 1.107 Run by Administrator on 2007-10-06 at 15:48 Microsoft Windows XP [Wersja 5.1.2600] Running From: C:\SDFix Safe Mode: Checking Services: Restoring Windows Registry Values Restoring Windows Default Hosts File Rebooting… Normal Mode: Checking Files: No Trojan Files Found Removing Temp Files… ADS Check: C:\WINDOWS No streams found. C:\WINDOWS\system32 No streams found. C:\WINDOWS\system32\svchost.exe No streams found. C:\WINDOWS\system32\ntoskrnl.exe No streams found. Final Check: Remaining Services: ------------------ Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] “D:\programy\Gadu gadu\Gadu-Gadu\gg.exe”=“D:\programy\Gadu gadu\Gadu-Gadu\gg.exe:*:Enabled:Gadu-Gadu - program g˘wny” [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] Remaining Files: --------------- Files with Hidden Attributes: Fri 27 Jul 2007 23 A.SH. — “C:\WINDOWS\system32\dbfdbffa5_r.dll” Finished!

Złączono Posta : 06.10.2007 (Sob) 16:35

wynik 0/32 ( 0% )

Złączono Posta : 06.10.2007 (Sob) 16:39

wynik 0/32 ( 0% )

Gutek · 6 Październik 2007 23:47

To Ok już powinno być

r2911 · 7 Październik 2007 14:45

już wszystko jest OK :lol: dziex