Mam problemy z internetem przez router… Sprawdziłem na dwóch połączeniach z routerem, w domu i w mieszkaniu wynajmowanym i to samo. Połączenie z routerem jest ale nie ładuje stron, gg się wyłącza… Kiedy dam: NAPRAW, wszystko znów działa…
ComboFix 08-07-17.4 - H.a.P.o.T.a.M 2009-12-28 20:54:54.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1045.18.1322 [GMT 1:00]
Running from: D:\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED
.
- REDUCED FUNCTIONALITY MODE -
.
((((((((((((((((((((((((( Files Created from 2009-11-28 to 2009-12-28 )))))))))))))))))))))))))))))))
.
2009-12-28 01:15 . 2004-06-18 13:07 656,542 --a------ C:\271_icol.dll
2009-12-28 00:59 . 2009-12-28 00:59
2009-12-28 00:55 . 2009-12-28 00:55 150,961 --a------ C:\WINDOWS\BricoPackUninst.cmd
2009-12-28 00:53 . 2009-12-28 00:53
2009-12-28 00:53 . 2009-12-28 01:15
2009-12-28 00:52 . 2009-12-28 00:52 3,936,310 --a------ C:\WINDOWS\BricoPack Wallpaper.bmp
2009-12-28 00:50 . 2009-12-28 00:55 8,181 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd
2009-12-28 00:49 . 2009-12-28 00:49
2009-12-27 22:40 . 2009-12-27 22:40
2009-12-27 22:40 . 2009-12-27 22:40
2009-12-27 22:38 . 2009-12-27 22:38
2009-12-27 22:38 . 2009-12-28 00:01
2009-12-24 16:12 . 2009-12-24 16:12
2009-12-24 16:08 . 2009-12-24 16:08 721,904 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2009-12-22 18:52 . 2009-12-24 12:42
2009-12-21 20:55 . 2008-03-05 15:56 3,786,760 --a------ C:\WINDOWS\system32\D3DX9_37.dll
2009-12-21 20:54 . 2009-12-21 20:54
2009-12-21 20:54 . 2009-12-21 20:54
2009-12-21 20:54 . 2009-12-21 20:54
2009-12-21 14:27 . 2009-12-21 14:37
2009-12-20 16:26 . 2009-12-20 16:26
2009-12-19 23:54 . 2009-12-19 23:54
2009-12-19 23:54 . 1997-12-10 14:22 302,592 --a------ C:\WINDOWS\IsUn0407.exe
2009-12-16 22:02 . 2009-12-26 21:06
2009-12-16 22:01 . 2009-12-26 20:44
2009-12-16 00:01 . 2009-12-23 11:24
2009-12-16 00:01 . 2009-12-16 00:01
2009-12-09 23:23 . 2009-12-09 23:23
2009-12-07 08:55 . 2009-12-07 08:55
2009-12-07 08:51 . 2009-12-07 08:51
2009-12-07 08:51 . 2009-10-02 05:44 92,160 -----c— C:\WINDOWS\system32\dllcache\iecompat.dll
2009-12-07 08:50 . 2009-10-29 08:43 11,069,952 -----c— C:\WINDOWS\system32\dllcache\ieframe.dll
2009-12-07 08:50 . 2009-10-29 08:43 1,985,536 -----c— C:\WINDOWS\system32\dllcache\iertutil.dll
2009-12-07 08:50 . 2009-10-29 08:43 594,432 -----c— C:\WINDOWS\system32\dllcache\msfeeds.dll
2009-12-07 08:50 . 2009-10-29 08:43 246,272 -----c— C:\WINDOWS\system32\dllcache\ieproxy.dll
2009-12-07 08:50 . 2009-10-29 08:43 55,296 -----c— C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2009-12-07 08:50 . 2009-10-29 08:43 12,800 -----c— C:\WINDOWS\system32\dllcache\xpshims.dll
2009-12-07 08:49 . 2009-12-07 08:50
2009-12-07 08:49 . 2009-12-07 08:49
2009-12-06 11:36 . 2009-12-06 11:36
2009-12-05 20:04 . 2009-12-05 20:04
2009-12-05 14:14 . 2009-12-07 18:38
2009-12-05 12:33 . 2008-06-14 19:01 273,024 --------- C:\WINDOWS\system32\drivers\bthport.sys
2009-12-05 12:33 . 2008-06-14 19:01 273,024 -----c— C:\WINDOWS\system32\dllcache\bthport.sys
2009-12-05 07:54 . 2009-08-04 18:18 2,187,264 -----c— C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2009-12-05 07:54 . 2009-08-04 18:18 2,144,256 -----c— C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2009-12-05 07:54 . 2009-08-04 18:18 2,064,256 -----c— C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2009-12-05 07:54 . 2009-08-04 18:18 2,022,400 -----c— C:\WINDOWS\system32\dllcache\ntkrpamp.exe
2009-12-05 07:54 . 2008-10-24 12:10 453,632 -----c— C:\WINDOWS\system32\dllcache\mrxsmb.sys
2009-12-03 21:01 . 2009-05-05 07:08 9,216 -ra------ C:\WINDOWS\system32\AmUStor.dll
2009-11-28 21:28 . 2009-12-24 16:05
2009-11-28 21:22 . 2009-12-26 21:39
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-28 19:46 --------- d-----w C:\Documents and Settings\H.a.P.o.T.a.M\Dane aplikacji\Microgaming
2009-12-27 23:55 219,648 ----a-w C:\WINDOWS\system32\uxtheme.dll
2009-12-26 11:22 --------- d-----w C:\Documents and Settings\H.a.P.o.T.a.M\Dane aplikacji\ipla
2009-12-23 19:06 --------- d-----w C:\Documents and Settings\H.a.P.o.T.a.M\Dane aplikacji\Skype
2009-12-23 18:07 --------- d-----w C:\Documents and Settings\H.a.P.o.T.a.M\Dane aplikacji\skypePM
2009-12-22 18:24 --------- d-----w C:\Program Files\ipla
2009-12-22 18:24 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\ipla
2009-11-25 20:07 --------- d-----w C:\Program Files\Common Files\Adobe AIR
2009-11-25 20:02 --------- d-----w C:\Documents and Settings\H.a.P.o.T.a.M\Dane aplikacji\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2009-11-18 22:21 --------- d-----w C:\Program Files\SkanerOnline
2009-11-18 16:24 --------- d-----w C:\Program Files\PLAY ONLINE
2009-11-15 00:18 --------- d-----w C:\Program Files\Common Files\Adobe
2009-11-07 15:50 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\McAfee
2009-11-07 08:26 --------- d-----w C:\Program Files\McAfee Security Scan
2009-11-07 08:26 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\McAfee Security Scan
2009-10-29 19:10 --------- d-----w C:\Program Files\Midas
2009-10-29 07:43 916,480 ----a-w C:\WINDOWS\system32\Wininet.dll
2009-10-21 06:03 75,776 ----a-w C:\WINDOWS\system32\strmfilt.dll
2009-10-21 06:03 25,088 ----a-w C:\WINDOWS\system32\httpapi.dll
2009-10-19 18:13 411,368 ----a-w C:\WINDOWS\system32\deploytk.dll
2009-10-18 20:00 1,700,352 ----a-w C:\WINDOWS\system32\gdiplus.dll
2009-10-17 14:50 520,192 ----a-w C:\WINDOWS\system32\Asus_Camera_ScreenSaver.scr
2009-10-17 14:50 47,672 ----a-w C:\WINDOWS\AsScrProlog.exe
2009-10-17 14:50 4,814,371 ----a-w C:\WINDOWS\ASUS Camera ScreenSaver.exe
2009-10-17 14:50 3,054,136 ----a-w C:\WINDOWS\AsScrPro.exe
2009-10-17 14:50 281,144 ----a-w C:\WINDOWS\ASUS Camera ScreenSaver Uninstaller.exe
2009-10-17 12:18 36,864 ----a-w C:\WINDOWS\uinst001.exe
2009-10-13 18:00 85,504 ----a-w C:\WINDOWS\system32\ff_vfw.dll
2009-10-13 10:53 267,776 ----a-w C:\WINDOWS\system32\oakley.dll
2009-10-12 13:54 69,632 ----a-w C:\WINDOWS\system32\raschap.dll
2009-10-12 13:54 112,640 ----a-w C:\WINDOWS\system32\rastls.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE~\Browser Helper Objects{F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D}]
2009-12-02 18:52 37376 --a------ C:\Documents and Settings\H.a.P.o.T.a.M\Dane aplikacji\Gadu-Gadu 10_userdata\ggbho.2.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“C:\WINDOWS\system32\ctfmon.exe” [2006-03-02 13:00 15360]
“MSMSGS”=“C:\Program Files\Messenger\msmsgs.exe” [2004-08-03 23:55 1667584]
“Gadu-Gadu”=“C:\Program Files\Gadu-Gadu\gg.exe” [2008-03-20 11:04 2127296]
“Gadu-Gadu 10”=“C:\Program Files\Gadu-Gadu 10\gg.exe” [2009-12-21 14:49 11850344]
“swg”=“C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe” [2009-12-27 22:38 39408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“UpdateLBPShortCut”=“C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe” [2008-02-21 20:04 222504]
“CLMLServer”=“C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe” [2008-07-18 18:52 104936]
“UpdateP2GoShortCut”=“C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe” [2008-09-24 10:06 210216]
“RemoteControl”=“C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe” [2008-04-02 18:09 87336]
“LanguageShortcut”=“C:\Program Files\CyberLink\PowerDVD\Language\Language.exe” [2008-02-22 10:19 62760]
“UpdatePPShortCut”=“C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe” [2008-01-04 10:02 222504]
“UpdatePSTShortCut”=“C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe” [2008-10-22 14:49 210216]
“HControlUser”=“C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe” [2009-04-01 20:05 98304]
“ATKHOTKEY”=“C:\Program Files\ASUS\ATK Hotkey\HControl.exe” [2009-04-23 20:24 178744]
“ATKMEDIA”=“C:\Program Files\ASUS\ATK Media\DMedia.exe” [2009-04-20 10:09 159744]
“AmIcoSinglun”=“C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe” [2009-04-09 14:17 237568]
“Power4Gear”=“C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe” [2009-03-03 14:32 92728]
“ASUS Screen Saver Protector”=“C:\WINDOWS\AsScrPro.exe” [2009-10-17 15:50 3054136]
“ASUS Camera ScreenSaver”=“C:\WINDOWS\AsScrProlog.exe” [2009-10-17 15:50 47672]
“ACMON”=“C:\Program Files\ASUS\Splendid\ACMON.exe” [2008-09-30 22:02 851968]
“SunJavaUpdateSched”=“C:\Program Files\Java\jre6\bin\jusched.exe” [2009-10-19 19:13 149280]
“NeroFilterCheck”=“C:\WINDOWS\system32\NeroCheck.exe” [2001-07-09 09:50 155648]
“Adobe Reader Speed Launcher”=“C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe” [2009-10-03 04:08 35696]
“Adobe ARM”=“C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe” [2009-09-04 12:08 935288]
“Google Updater”=“C:\Program Files\Google\Google Updater\GoogleUpdater.exe” [2009-12-27 22:38 160752]
“avast5”=“C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe” [2009-11-30 21:26 2654512]
“SiSPower”=“SiSPower.dll” [2009-04-01 04:32 53248 C:\WINDOWS\system32\SiSPower.dll]
[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE” [2006-03-02 13:00 15360]
C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
FancyStart daemon.lnk - C:\WINDOWS\Installer{60D6618B-153F-4353-8185-908E676E5888}_DCE9A4DB2A5F2786140FA3.exe [2009-10-17 15:52:33 12862]
McAfee Security Scan.lnk - C:\Program Files\McAfee Security Scan\1.0.150\SSScheduler.exe [2009-07-28 01:19:10 199184]
Utility Tray.lnk - C:\WINDOWS\system32\sistray.exe [2009-10-17 15:36:26 262144]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
“HonorAutoRunSetting”= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
“VIDC.YV12”= yv12vfw.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
“FirewallOverride”=dword:00000001
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
“%windir%\system32\sessmgr.exe”=
“C:\Program Files\CyberLink\PowerDirector\PDR.exe”=
“C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe”=
“C:\WINDOWS\system32\usmt\migwiz.exe”=
“C:\Program Files\Skype\Plugin Manager\skypePM.exe”=
“C:\Program Files\Gadu-Gadu\gg.exe”=
“C:\Program Files\Skype\Phone\Skype.exe”=
“C:\Program Files\Gadu-Gadu 10\gg.exe”=
R1 aswSP;aswSP;C:\WINDOWS\system32\drivers\aswSP.sys [2009-11-30 21:14]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\drivers\aswFsBlk.sys [2009-11-30 21:11]
R2 JavaQuickStarterService;Java Quick Starter;C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-19 19:13]
R3 ASNDIS5;ASNDIS5 Protocol Driver;C:\PROGRA~1\ASUS\ATKHOT~1\ASNDIS5.SYS [2004-05-27 17:13]
R3 GUCI_AVS;ASUS USB2.0 UVC VGA WebCam;C:\WINDOWS\system32\DRIVERS\GUCI_AVS.sys [2009-02-27 07:34]
S3 Ambfilt;Ambfilt;C:\WINDOWS\system32\drivers\Ambfilt.sys [2008-08-05 13:10]
S3 AmUStor;AM USB Stroage Driver;C:\WINDOWS\system32\drivers\AmUStor.SYS [2009-05-08 11:15]
S3 ASUSProcObsrv;ASUS Process Creation/Termination Observer;D:\I386\AsProcOb.sys []
S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 22:08]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{4a77a364-d45e-11de-beab-0025d381b24a}]
\Shell\AutoRun\command - F:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{4a77a367-d45e-11de-beab-0025d381b24a}]
\Shell\AutoRun\command - F:\AutoRun.exe
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
“C:\WINDOWS\system32\rundll32.exe” “C:\WINDOWS\system32\iedkcs32.dll”,BrandIEActiveSetup SIGNUP
.
Contents of the ‘Scheduled Tasks’ folder
“2009-12-25 23:11:00 C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job”
- C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
“2009-12-28 16:57:07 C:\WINDOWS\Tasks\Google Software Updater.job”
- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
.
-
-
-
- ORPHANS REMOVED - - - -
-
-
HKLM-Run-RTHDCPL - RTHDCPL.EXE
HKLM-Run-SkyTel - SkyTel.EXE
HKLM-Run-SoundMan - SOUNDMAN.EXE
HKLM-Run-AlcWzrd - ALCWZRD.EXE
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-28 20:55:47
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2009-12-28 20:57:53
ComboFix-quarantined-files.txt 2009-12-28 19:57:19
Pre-Run: 57,460,842,496 bajtów wolnych
Post-Run: 57,918,754,816 bajtów wolnych
196 — E O F — 2009-12-09 22:42:53