• Ogłoszenie:

Strony internetowe nie wczytuja sie

Bezpieczeństwo systemów, usuwanie wirusów, dobieranie programów antywirusowych. Obowiązkowe logi w tym dziale: dwa z OTL + Gmer.

Strony internetowe nie wczytuja sie

Postprzez Tiempo 14 Sie 2008, 20:17

reklama
Jw. niektore strony internetowe nie chca sie wczytywac, np moge wejsc na Onet, ale nie przeczytam wszystkich newsow, poniewaz niektore strony ''nie chca wskoczyc''. Lub tez np google nic mi nie wyszukuje, wpisuje dana fraze i nic... zero jakiejkolwiek reakji.
Skanowalem juz kompa Nod'em i Avastem.

Kod: Zaznacz wszystko
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:07:02, on 2008-08-14
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
d:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
d:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Eset\nod32kui.exe
D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
d:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\WgaTray.exe
d:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
D:\Program Files\Tlen.pl\tlen.exe
D:\Program Files\Opera\opera.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.bearshare.com/pl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {109BE732-8F8C-49D4-A3F4-FEDCAC7F0A25} - C:\WINDOWS\system32\yayVmKCS.dll (file missing)
O2 - BHO: My Global Search Bar BHO - {37B85A21-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL (file missing)
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {CE00899C-9455-4F2E-8D27-F91E7A14A2BC} - C:\WINDOWS\system32\efccASih.dll (file missing)
O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL (file missing)
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [58537a64] rundll32.exe "C:\WINDOWS\system32\ycsncwxw.dll",b
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [avast!] d:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [BM5b6049f8] Rundll32.exe "C:\WINDOWS\system32\euxwyyhv.dll",s
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [AdVantage] "C:\Program Files\AdVantage\AdVantage.exe"
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [Komunikator] D:\Program Files\Tlen.pl\tlen.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {A6212120-01D4-11D5-9A39-0080C8D85044} (GameDesire Slots 70th) - http://download.gamedesire.com/g_bin/pl/slots70_2_0_0_35.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: yayVmKCS - yayVmKCS.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - d:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - d:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - d:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - d:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: NBService - Nero AG - D:\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset  - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 7226 bytes

Kod: Zaznacz wszystko
"Silent Runners.vbs", revision 58, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS]
"DAEMON Tools Lite" = ""C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun" ["DT Soft Ltd"]
"MSMSGS" = ""C:\Program Files\Messenger\msmsgs.exe" /background" [MS]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" = ""C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020" [file not found]
"AdVantage" = ""C:\Program Files\AdVantage\AdVantage.exe"" [file not found]
"Gadu-Gadu" = ""C:\Program Files\Gadu-Gadu\gg.exe" /tray" ["Gadu-Gadu S.A."]
"Komunikator" = "D:\Program Files\Tlen.pl\tlen.exe" ["o2.pl Sp. z o.o."]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"SpeedTouch USB Diagnostics" = ""C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon" ["THOMSON Telecom Belgium"]
"SoundMan" = "SOUNDMAN.EXE" ["Realtek Semiconductor Corp."]
"NBKeyScan" = ""C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"" [file not found]
"QuickTime Task" = ""D:\Program Files\qttask.exe" -atboottime" [file not found]
"SunJavaUpdateSched" = ""C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"" ["Sun Microsystems, Inc."]
"Picasa Media Detector" = "C:\Program Files\Picasa2\PicasaMediaDetector.exe" ["Google Inc."]
"NeroFilterCheck" = "C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" ["Nero AG"]
"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]
"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]
"NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit" [MS]
"58537a64" = "rundll32.exe "C:\WINDOWS\system32\ycsncwxw.dll",b" [MS]
"nod32kui" = ""C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE" ["Eset "]
"avast!" = "d:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" ["ALWIL Software"]
"BM5b6049f8" = "Rundll32.exe "C:\WINDOWS\system32\euxwyyhv.dll",s" [MS]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
  -> {HKLM...CLSID} = "AcroIEHlprObj Class"
                   \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{109BE732-8F8C-49D4-A3F4-FEDCAC7F0A25}\(Default) = (no title provided)
  -> {HKLM...CLSID} = (no title provided)
                   \InProcServer32\(Default) = "C:\WINDOWS\system32\yayVmKCS.dll" [file not found]
{37B85A21-692B-4205-9CAD-2626E4993404}\(Default) = "My Global Search Bar BHO"
  -> {HKLM...CLSID} = "My Global Search Bar BHO"
                   \InProcServer32\(Default) = "C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL" [file not found]
{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}\(Default) = "BitComet ClickCapture"
  -> {HKLM...CLSID} = "BitComet Helper"
                   \InProcServer32\(Default) = "C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll" ["BitComet"]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
  -> {HKLM...CLSID} = "SSVHelper Class"
                   \InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll" ["Sun Microsystems, Inc."]
{CE00899C-9455-4F2E-8D27-F91E7A14A2BC}\(Default) = (no title provided)
  -> {HKLM...CLSID} = (no title provided)
                   \InProcServer32\(Default) = "C:\WINDOWS\system32\efccASih.dll" [file not found]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"
  -> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"
                   \InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"
  -> {HKLM...CLSID} = "HyperTerminal Icon Ext"
                   \InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
  -> {HKLM...CLSID} = "WinRAR"
                   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
  -> {HKLM...CLSID} = "Portable Media Devices Menu"
                   \InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{B327765E-D724-4347-8B16-78AE18552FC3}" = "NeroDigitalIconHandler"
  -> {HKLM...CLSID} = "NeroDigitalIconHandler Class"
                   \InProcServer32\(Default) = "C:\Program Files\Common Files\Nero\Lib\NeroDigitalExt.dll" [file not found]
"{7F1CF152-04F8-453A-B34C-E609530A9DC8}" = "NeroDigitalPropSheetHandler"
  -> {HKLM...CLSID} = "NeroDigitalPropSheetHandler Class"
                   \InProcServer32\(Default) = "C:\Program Files\Common Files\Nero\Lib\NeroDigitalExt.dll" [file not found]
"{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"
  -> {HKLM...CLSID} = "Microsoft Office Outlook"
                   \InProcServer32\(Default) = "D:\PROGRA~1\MICROS~1\OFFICE11\MLSHEXT.DLL" [MS]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"
  -> {HKLM...CLSID} = "Rozszerzenie ikon plików programu Outlook"
                   \InProcServer32\(Default) = "D:\PROGRA~1\MICROS~1\OFFICE11\OLKFSTUB.DLL" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
  -> {HKLM...CLSID} = (no title provided)
                   \InProcServer32\(Default) = "D:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS]
"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
  -> {HKLM...CLSID} = "DesktopContext Class"
                   \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
  -> {HKLM...CLSID} = "NVIDIA CPL Extension"
                   \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
  -> {HKLM...CLSID} = "Desktop Explorer"
                   \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
  -> {HKLM...CLSID} = (no title provided)
                   \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"
  -> {HKLM...CLSID} = "nView Desktop Context Menu"
                   \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{32020A01-506E-484D-A2A8-BE3CF17601C3}" = "AlcoholShellEx"
  -> {HKLM...CLSID} = "AlcoholShellEx"
                   \InProcServer32\(Default) = "D:\PROGRA~1\ALCOHO~1\ALCOHO~1\AXShlEx.dll" ["Alcohol Soft Development Team"]
"{B089FE88-FB52-11D3-BDF1-0050DA34150D}" = "NOD32 Context Menu Shell Extension"
  -> {HKLM...CLSID} = "NOD32 Context Menu Shell Extension"
                   \InProcServer32\(Default) = "C:\Program Files\Eset\nodshex.dll" [null data]
"{472083B0-C522-11CF-8763-00608CC02F24}" = "avast"
  -> {HKLM...CLSID} = "avast"
                   \InProcServer32\(Default) = "d:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
<<!>> "{109BE732-8F8C-49D4-A3F4-FEDCAC7F0A25}" = "*g" (unwritable string)
  -> {HKLM...CLSID} = (no title provided)
                   \InProcServer32\(Default) = "C:\WINDOWS\system32\yayVmKCS.dll" [file not found]

HKLM\SYSTEM\CurrentControlSet\Control\Lsa\
<<!>> "Authentication Packages" = "msv1_0"|"C:\WINDOWS\system32\efccASih"

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
<<!>> yayVmKCS\DLLName = "yayVmKCS.dll" [file not found]

HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\
<<!>> text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"
  -> {HKLM...CLSID} = (no title provided)
                   \InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]

HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\
{7D4D6379-F301-4311-BEBA-E26EB0561882}\(Default) = "NeroDigitalExt.NeroDigitalColumnHandler"
  -> {HKLM...CLSID} = "NeroDigitalColumnHandler Class"
                   \InProcServer32\(Default) = "C:\Program Files\Common Files\Nero\Lib\NeroDigitalExt.dll" [file not found]

HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\
avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
  -> {HKLM...CLSID} = "avast"
                   \InProcServer32\(Default) = "d:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
NOD32 Context Menu Shell Extension\(Default) = "{B089FE88-FB52-11D3-BDF1-0050DA34150D}"
  -> {HKLM...CLSID} = "NOD32 Context Menu Shell Extension"
                   \InProcServer32\(Default) = "C:\Program Files\Eset\nodshex.dll" [null data]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
  -> {HKLM...CLSID} = "WinRAR"
                   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
  -> {HKLM...CLSID} = "WinRAR"
                   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\
avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
  -> {HKLM...CLSID} = "avast"
                   \InProcServer32\(Default) = "d:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
NOD32 Context Menu Shell Extension\(Default) = "{B089FE88-FB52-11D3-BDF1-0050DA34150D}"
  -> {HKLM...CLSID} = "NOD32 Context Menu Shell Extension"
                   \InProcServer32\(Default) = "C:\Program Files\Eset\nodshex.dll" [null data]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
  -> {HKLM...CLSID} = "WinRAR"
                   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]


Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------

Note: detected settings may not have any effect.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\

"shutdownwithoutlogon" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}

"undockwithoutlogon" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}


Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be enabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "%APPDATA%\Opera\Opera\profile\skin\e8cb3be6d234fd11.bmp"

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\Maciek\Dane aplikacji\Opera\Opera\profile\skin\e8cb3be6d234fd11.bmp"


Enabled Screen Saver:
---------------------

HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\system32\logon.scr" [MS]


Windows Portable Device AutoPlay Handlers
-----------------------------------------

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\

AlcoholAutoPlayV2.BurnDisc\
"Provider" = "Alcohol 120%"
"InvokeProgID" = "AlcoholAutoPlayV2"
"InvokeVerb" = "BurnDisc"
HKLM\SOFTWARE\Classes\AlcoholAutoPlayV2\shell\BurnDisc\command\(Default) = ""D:\Program Files\Alcohol Soft\Alcohol 120\Alcohol.exe" %1" ["Alcohol Soft Development Team"]

AlcoholAutoPlayV2.ReadDisc\
"Provider" = "Alcohol 120%"
"InvokeProgID" = "AlcoholAutoPlayV2"
"InvokeVerb" = "ReadDisc"
HKLM\SOFTWARE\Classes\AlcoholAutoPlayV2\shell\ReadDisc\command\(Default) = ""D:\Program Files\Alcohol Soft\Alcohol 120\Alcohol.exe" %1" ["Alcohol Soft Development Team"]

FunMultiMediaHandler\
"Provider" = "MultiMedia Manager"
"ProgID" = "FUNBOX.Autoplay"
HKLM\SOFTWARE\Classes\FUNBOX.Autoplay\CLSID\(Default) = "{DF866F1F-10DF-4694-94A9-7F526FC8800A}"
  -> {HKLM...CLSID} = "FUNBOX Autoplay Sample 2"
                   \LocalServer32\(Default) = "C:\Program Files\Samsung\Samsung PC Studio 3\Share_autoplay.exe" ["TODO: <** **>" (unwritable string)]

MPCPlayCDAudioOnArrival\
"Provider" = "Media Player Classic"
"InvokeProgID" = "MediaPlayerClassic.Autorun"
"InvokeVerb" = "PlayCDAudio"
HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayCDAudio\command\(Default) = ""C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe" %1 /cd" ["Gabest"]

MPCPlayDVDMovieOnArrival\
"Provider" = "Media Player Classic"
"InvokeProgID" = "MediaPlayerClassic.Autorun"
"InvokeVerb" = "PlayDVDMovie"
HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayDVDMovie\command\(Default) = ""C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe" %1 /dvd" ["Gabest"]

MPCPlayMusicFilesOnArrival\
"Provider" = "Media Player Classic"
"InvokeProgID" = "MediaPlayerClassic.Autorun"
"InvokeVerb" = "PlayMusicFiles"
HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayMusicFiles\command\(Default) = ""C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe" %1" ["Gabest"]

MPCPlayVideoFilesOnArrival\
"Provider" = "Media Player Classic"
"InvokeProgID" = "MediaPlayerClassic.Autorun"
"InvokeVerb" = "PlayVideoFiles"
HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayVideoFiles\command\(Default) = ""C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe" %1" ["Gabest"]

Picasa2ImportPicturesOnArrival\
"Provider" = "Picasa2"
"InvokeProgID" = "picasa2.autoplay"
"InvokeVerb" = "import"
HKLM\SOFTWARE\Classes\picasa2.autoplay\shell\import\command\(Default) = "C:\Program Files\Picasa2\Picasa2.exe "%1"" ["Google Inc."]


Enabled Scheduled Tasks:
------------------------

"AppleSoftwareUpdate" -> launches: "C:\Program Files\Apple Software Update\SoftwareUpdate.exe -task" ["Apple Inc."]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
C:\WINDOWS\system32\imon.dll ["Eset "], 01 - 05, 23
%SystemRoot%\system32\mswsock.dll [MS], 06 - 08, 11 - 22
%SystemRoot%\system32\rsvpsp.dll [MS], 09 - 10


Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\
"{37B85A29-692B-4205-9CAD-2626E4993404}"
  -> {HKLM...CLSID} = "My Global Search Bar"
                   \InProcServer32\(Default) = "C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL" [file not found]

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{37B85A29-692B-4205-9CAD-2626E4993404}"
  -> {HKLM...CLSID} = "My Global Search Bar"
                   \InProcServer32\(Default) = "C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL" [file not found]

HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\
"{37B85A29-692B-4205-9CAD-2626E4993404}" = (no title provided)
  -> {HKLM...CLSID} = "My Global Search Bar"
                   \InProcServer32\(Default) = "C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL" [file not found]

Explorer Bars

HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\

HKLM\SOFTWARE\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Badanie"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL" [MS]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC}"
  -> {HKCU...CLSID} = "Java Plug-in 1.6.0_07"
                   \InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll" ["Sun Microsystems, Inc."]
  -> {HKLM...CLSID} = "Java Plug-in 1.6.0_07"
                   \InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll" ["Sun Microsystems, Inc."]

{92780B25-18CC-41C8-B9BE-3C9C571A8263}\
"ButtonText" = "Badanie"

{D18A0B52-D63C-4ED0-AFC6-C1E3DC1AF43A}\
"ButtonText" = "BitComet"
"Script" = "res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206" ["BitComet"]

{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]


Miscellaneous IE Hijack Points
------------------------------

HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\
<<H>> "{08C06D61-F1F3-4799-86F8-BE1A89362C85}" = (no title provided)
  -> {HKLM...CLSID} = "Search Class"
                   \InProcServer32\(Default) = "C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL" [file not found]


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

avast! Antivirus, avast! Antivirus, ""d:\Program Files\Alwil Software\Avast4\ashServ.exe"" ["ALWIL Software"]
avast! iAVS4 Control Service, aswUpdSv, ""d:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"" ["ALWIL Software"]
avast! Mail Scanner, avast! Mail Scanner, ""d:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service" ["ALWIL Software"]
avast! Web Scanner, avast! Web Scanner, ""d:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service" ["ALWIL Software"]
NOD32 Kernel Service, NOD32krn, ""C:\Program Files\Eset\nod32krn.exe"" ["Eset "]
NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"]
Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]


Print Monitors:
---------------

HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\
Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS]


---------- (launch time: 2008-08-14 20:14:05)
<<!>>: Suspicious data at a malware launch point.
<<H>>: Suspicious data at a browser hijack point.

+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
  launch it from a command prompt or a shortcut with the -all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
  took 72 seconds.
---------- (total run time: 143 seconds)
Awatar użytkownika
Tiempo
~user
 
Posty: 624
Dołączenie: 10 Lip 2006, 20:19
Miejscowość: Czestochowa
Pochwały: 7



Strony internetowe nie wczytuja sie

Postprzez djarta 14 Sie 2008, 20:25

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.bearshare.com/pl
O2 - BHO: (no name) - {109BE732-8F8C-49D4-A3F4-FEDCAC7F0A25} - C:\WINDOWS\system32\yayVmKCS.dll (file missing)
O2 - BHO: My Global Search Bar BHO - {37B85A21-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL (file missing)
O2 - BHO: (no name) - {CE00899C-9455-4F2E-8D27-F91E7A14A2BC} - C:\WINDOWS\system32\efccASih.dll (file missing)
O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL (file missing)
O4 - HKLM\..\Run: [58537a64] rundll32.exe "C:\WINDOWS\system32\ycsncwxw.dll",b
O4 - HKLM\..\Run: [BM5b6049f8] Rundll32.exe "C:\WINDOWS\system32\euxwyyhv.dll",s
O4 - HKCU\..\Run: [AdVantage] "C:\Program Files\AdVantage\AdVantage.exe"
O20 - Winlogon Notify: yayVmKCS - yayVmKCS.dll (file missing)

Te w/w wpisy sfiksuj w Hijacku:
>>Hijack>>scan(Do a system scan only)>>zaznacz je >>Fix checked

Wykonaj to co jest podane w tym temacie.

Użyj--->SDFix.(niżej na stronie linku).
Uruchom go w trybie awaryjnym
Pokaż Report.txt znajdujący się w folderze SDFix.

Ściągnij -----> ComboFixa,przeskanuj daj log.

=========================================
K .
Pozdrawiam djarta. :)
djarta
~user
 
Posty: 684
Dołączenie: 31 Lip 2008, 10:49
Pochwały: 55



Strony internetowe nie wczytuja sie

Postprzez Tiempo 15 Sie 2008, 12:04

Kod: Zaznacz wszystko
[b]SDFix: Version 1.216 [/b]
Run by Maciek on 2008-08-15 at 11:53

Microsoft Windows XP [Wersja 5.1.2600]
Running From: C:\SDFix

[b]Checking Services [/b]:


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


[b]Checking Files [/b]:

Trojan Files Found:

C:\Documents and Settings\Maciek\Dane aplikacji\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.redtube.com\settings.sol - Deleted



Folder C:\Documents and Settings\Maciek\Dane aplikacji\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.redtube.com - Removed


Removing Temp Files

[b]ADS Check [/b]:



                                 [b]Final Check [/b]:

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-15 11:58:12
Windows 5.1.2600 Dodatek Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


[b]Remaining Services [/b]:




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Gadu-Gadu\\gg.exe"="C:\\Program Files\\Gadu-Gadu\\gg.exe:*:Enabled:Gadu-Gadu - program gˆ˘wny"
"D:\\LFS_Y\\LFS.exe"="D:\\LFS_Y\\LFS.exe:*:Enabled:LFS"
"D:\\LFS_Y\\LFStat_v0.3.1.27.exe"="D:\\LFS_Y\\LFStat_v0.3.1.27.exe:*:Enabled:LFStat_v0.3.1.27"
"C:\\Program Files\\BitComet\\BitComet.exe"="C:\\Program Files\\BitComet\\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"
"D:\\FIFA_08\\FIFA08.exe"="D:\\FIFA_08\\FIFA08.exe:*:Enabled:FIFA08"
"C:\\Program Files\\BearShare\\BearShare.exe"="C:\\Program Files\\BearShare\\BearShare.exe:*:Enabled:BearShare"
"C:\\Program Files\\FlashGet\\flashget.exe"="C:\\Program Files\\FlashGet\\flashget.exe:*:Enabled:Flashget"
"D:\\racer057\\racer\\racer.exe"="D:\\racer057\\racer\\racer.exe:*:Enabled:racer"
"D:\\euro\\EURO08.exe"="D:\\euro\\EURO08.exe:*:Enabled:EURO08"
"C:\\Program Files\\SopCast\\adv\\SopAdver.exe"="C:\\Program Files\\SopCast\\adv\\SopAdver.exe:*:Enabled:SopCast Adver"
"C:\\Program Files\\SopCast\\SopCast.exe"="C:\\Program Files\\SopCast\\SopCast.exe:*:Enabled:SopCast Main Application"
"C:\\Program Files\\TVAnts\\Tvants.exe"="C:\\Program Files\\TVAnts\\Tvants.exe:*:Enabled:TVAnts"
"C:\\craczek\\LFS.exe"="C:\\craczek\\LFS.exe:*:Enabled:LFS"
"C:\\lfs\\LFS.exe"="C:\\lfs\\LFS.exe:*:Enabled:LFS"
"C:\\lfs_2\\LFS.exe"="C:\\lfs_2\\LFS.exe:*:Enabled:LFS"
"C:\\lfs_\\LFS.exe"="C:\\lfs_\\LFS.exe:*:Enabled:LFS"
"C:\\Program Files\\Java\\jre1.6.0_06\\launch4j-tmp\\JDownloader.exe"="C:\\Program Files\\Java\\jre1.6.0_06\\launch4j-tmp\\JDownloader.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\\WINDOWS\\System32\\java.exe"="C:\\WINDOWS\\System32\\java.exe:*:Enabled:Java(TM) Platform SE binary"
"D:\\racer057\\racer\\tracked.exe"="D:\\racer057\\racer\\tracked.exe:*:Enabled:tracked"
"D:\\racer\\racer.exe"="D:\\racer\\racer.exe:*:Enabled:racer"
"C:\\racer\\racer.exe"="C:\\racer\\racer.exe:*:Enabled:racer"
"C:\\racer\\racer\\racer.exe"="C:\\racer\\racer\\racer.exe:*:Enabled:racer"
"D:\\Program Files\\Gadu-Gadu\\gg.exe"="D:\\Program Files\\Gadu-Gadu\\gg.exe:*:Enabled:Gadu-Gadu - program gˆ˘wny"
"D:\\Program Files\\Atari\\BOILING POINT\\Xenus.exe"="D:\\Program Files\\Atari\\BOILING POINT\\Xenus.exe:*:Enabled:Xenus"
"C:\\racer057\\racer\\racer.exe"="C:\\racer057\\racer\\racer.exe:*:Enabled:racer"
"C:\\Kopia lfs_\\LFS.exe"="C:\\Kopia lfs_\\LFS.exe:*:Enabled:LFS"
"D:\\Downloads\\[PC] Pro Evolution Soccer 2008 [ENG] [dopeman]\\Pro Evolution Soccer 2008\\PES2008.exe"="D:\\Downloads\\[PC] Pro Evolution Soccer 2008 [ENG] [dopeman]\\Pro Evolution Soccer 2008\\PES2008.exe:*:Enabled:Pro Evolution Soccer 2008"
"C:\\Program Files\\Nowe Gadu-Gadu\\gg.exe"="C:\\Program Files\\Nowe Gadu-Gadu\\gg.exe:*:Enabled:Nowe Gadu-Gadu beta"
"D:\\Downloads\\[PC] Pro Evolution Soccer 2008 [ENG] [dopeman]\\PES08\\Pro Evolution Soccer 2008\\PES2008.exe"="D:\\Downloads\\[PC] Pro Evolution Soccer 2008 [ENG] [dopeman]\\PES08\\Pro Evolution Soccer 2008\\PES2008.exe:*:Enabled:Pro Evolution Soccer 2008"
"D:\\Program Files\\Tlen.pl\\tlen.exe"="D:\\Program Files\\Tlen.pl\\tlen.exe:*:Enabled:Komunikator Tlen.pl"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Onet.pl - Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[b]Remaining Files [/b]:


File Backups: - C:\SDFix\backups\backups.zip

[b]Files with Hidden Attributes [/b]:

Thu 12 Jun 2008     4,909,064 ...H. --- "C:\Program Files\Picasa2\setup.exe"
Wed  7 May 2008             0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\05030212059e1b9876d47b8cf2fa5e95\BIT13.tmp"

[b]Finished![/b]



Dodano 15.08.2008 11:14:36:
Kod: Zaznacz wszystko
ComboFix 08-08-14.02 - Maciek 2008-08-15 12:04:41.1 - [color=red][b]FAT32[/b][/color]x86
Microsoft Windows XP Professional  5.1.2600.2.1250.1.1045.18.215 [GMT 2:00]
Running from: C:\ComboFix.exe
* Created a new restore point
* Resident AV is active


[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Maciek\Cookies\maciek@a.nvidia[2].txt
C:\Documents and Settings\Maciek\Cookies\maciek@ad.yieldmanager[3].txt
C:\Documents and Settings\Maciek\Cookies\maciek@oczyszczaczkomputerza[1].txt
C:\Documents and Settings\Maciek\Cookies\maciek@tradedoubler[2].txt
C:\Program Files\myglobalsearch
C:\Program Files\myglobalsearch\bar\1.bin\M9FFXTBR.JAR
C:\Program Files\myglobalsearch\bar\1.bin\M9FFXTBR.MANIFEST
C:\Program Files\myglobalsearch\bar\1.bin\M9NTSTBR.JAR
C:\Program Files\myglobalsearch\bar\1.bin\M9NTSTBR.MANIFEST
C:\Program Files\myglobalsearch\bar\1.bin\NPMYGLSH.DLL
C:\Program Files\myglobalsearch\bar\Cache\[u]0[/u]019A956
C:\Program Files\myglobalsearch\bar\Cache\[u]0[/u]501C935.bin
C:\Program Files\myglobalsearch\bar\Cache\[u]0[/u]501CCBF.bin
C:\Program Files\myglobalsearch\bar\Cache\[u]0[/u]501CE84.bin
C:\Program Files\myglobalsearch\bar\Cache\files.ini
C:\Program Files\myglobalsearch\bar\History\search
C:\Program Files\myglobalsearch\bar\Settings\prevcfg.htm
C:\WINDOWS\BM5b6049f8.txt
C:\WINDOWS\BM5b6049f8.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\awtqqpOF.dll
C:\WINDOWS\system32\dllcache\npptools.dll
C:\WINDOWS\system32\efcARJca.dll
C:\WINDOWS\system32\euxwyyhv.dll
C:\WINDOWS\system32\hiSAccfe.ini
C:\WINDOWS\system32\hiSAccfe.ini2
C:\WINDOWS\system32\hpfeujvc.dll
C:\WINDOWS\system32\lvjqdene.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\npptools.dll
C:\WINDOWS\system32\opnOHbbx.dll
C:\WINDOWS\system32\pmnNhhFv.dll
C:\WINDOWS\system32\pmnOHBTL.dll
C:\WINDOWS\system32\pmnomjHW.dll
C:\WINDOWS\system32\qoMeDTMd.dll
C:\WINDOWS\system32\qphisqsb.dll
C:\WINDOWS\system32\tuvtQIcc.dll
C:\WINDOWS\system32\urqRHWmL.dll
C:\WINDOWS\system32\wxwcnscy.ini
C:\WINDOWS\system32\ycsncwxw.dll
C:\WINDOWS\system32\yqpnytak.ini

.
(((((((((((((((((((((((((   Files Created from 2008-07-15 to 2008-08-15  )))))))))))))))))))))))))))))))
.

2008-08-15 12:02 . 2008-08-15 11:38   2,715,872   -ra------   C:\ComboFix.exe
2008-08-15 11:52 . 2008-08-15 11:52   <DIR>   d--------   C:\WINDOWS\ERUNT
2008-08-15 11:41 . 2008-08-14 01:54   <DIR>   d--------   C:\SDFix
2008-08-15 11:37 . 2008-08-15 11:37   <DIR>   d--------   C:\Downloads
2008-08-14 14:00 . 2008-08-14 14:00   <DIR>   d--hs----   C:\FOUND.000
2008-08-14 10:50 . 2008-08-14 10:50   15,424   --a------   C:\WINDOWS\system32\drivers\nod32drv.sys
2008-08-14 10:02 . 2008-08-14 10:02   <DIR>   d--------   C:\Program Files\Eset
2008-08-14 10:02 . 2008-08-14 10:50   512,096   --a------   C:\WINDOWS\system32\drivers\amon.sys
2008-08-14 10:02 . 2008-08-14 10:50   298,104   --a------   C:\WINDOWS\system32\imon.dll
2008-08-14 10:02 . 2008-08-14 10:02   0   --a------   C:\WINDOWS\system32\mapisvc.inf
2008-08-14 10:01 . 2008-08-14 10:01   <DIR>   d--------   C:\Nod32
2008-08-13 16:54 . 2008-08-13 16:54   <DIR>   d--------   C:\Documents and Settings\Maciek\Dane aplikacji\Tlen.pl
2008-08-13 16:52 . 2004-04-30 09:37   160,640   --a------   C:\WINDOWS\system32\drivers\a347bus.sys
2008-08-13 16:52 . 2004-04-30 09:33   5,248   --a------   C:\WINDOWS\system32\drivers\a347scsi.sys
2008-08-13 13:42 . 2008-08-13 13:42   <DIR>   d--------   C:\WINDOWS\nview
2008-08-13 13:42 . 2008-08-13 13:42   <DIR>   d--------   C:\NVIDIA
2008-08-13 13:42 . 2004-10-29 16:50   172,032   --a------   C:\WINDOWS\system32\nvudisp.exe
2008-08-13 13:42 . 2004-10-29 16:50   13,653   --a------   C:\WINDOWS\system32\nvdisp.nvu
2008-08-13 12:27 . 2008-08-13 12:27   <DIR>   d--------   C:\Program Files\Managed DirectX (0901)
2008-08-13 10:27 . 2008-08-13 10:27   43,520   --a------   C:\WINDOWS\system32\CmdLineExt03.dll
2008-08-12 08:04 . 2008-08-12 08:04   <DIR>   d--------   C:\Program Files\Common Files\HHD Software
2008-08-09 21:35 . 2008-08-09 21:35   4   --a------   C:\WINDOWS\system32\proc-1605931354.bin
2008-08-08 12:33 . 2008-08-04 22:02   18,112   --a------   C:\16391312_2.jpg
2008-08-08 12:01 . 2008-08-08 12:01   56,931   --a------   C:\16391312_4.jpg
2008-08-08 11:32 . 2008-08-08 11:32   1,021,724   --a------   C:\LYTe0505.zip
2008-08-07 10:17 . 2008-08-07 10:17   <DIR>   d--------   C:\Program Files\Phun
2008-08-05 16:50 . 2008-08-05 16:51   <DIR>   d--------   C:\Documents and Settings\Maciek\Dane aplikacji\Nowe Gadu-Gadu
2008-08-05 16:49 . 2008-08-05 16:50   <DIR>   d--------   C:\Program Files\Nowe Gadu-Gadu
2008-08-05 16:43 . 2008-08-05 16:43   <DIR>   d--------   C:\Nowy folder
2008-08-05 16:43 . 2008-08-05 16:40   5,337,280   --a------   C:\Documents and Settings\Maciek\archives.dat
2008-08-03 00:43 . 2008-08-03 00:43   <DIR>   d--------   C:\Documents and Settings\Maciek\Dane aplikacji\GanymedeNet
2008-08-03 00:37 . 2008-08-03 00:37   <DIR>   d--------   C:\Program Files\Ganymede
2008-07-30 11:05 . 2008-07-30 11:05   <DIR>   d--------   C:\Documents and Settings\Maciek\Dane aplikacji\GetRightToGo
2008-07-26 17:30 . 2008-07-26 17:30   <DIR>   d--------   C:\Documents and Settings\Maciek\Dane aplikacji\gtk-2.0
2008-07-26 17:29 . 2008-07-26 17:30   <DIR>   d--------   C:\Documents and Settings\Maciek\.thumbnails
2008-07-26 17:21 . 2008-07-26 17:21   <DIR>   d--------   C:\Documents and Settings\Maciek\.gimp-2.4
2008-07-25 20:14 . 2007-12-29 17:56   78,848   --a------   C:\unlocker.dll
2008-07-25 14:46 . 2008-07-25 14:46   54,156   --ah-----   C:\WINDOWS\QTFont.qfn
2008-07-25 14:46 . 2008-07-25 14:46   1,409   --a------   C:\WINDOWS\QTFont.for
2008-07-23 23:55 . 2008-07-23 23:55   112,742   --a------   C:\dsada.JPG
2008-07-23 21:48 . 2008-07-23 21:48   4,204   --a------   C:\foczka.PNG
2008-07-23 21:31 . 2008-07-23 21:31   58,165   --a------   C:\poldek.JPG
2008-07-21 18:46 . 2008-07-21 18:46   <DIR>   d--------   C:\Documents and Settings\Maciek\Dane aplikacji\teamspeak2
2008-07-21 18:46 . 2008-07-21 18:46   34,064   --a------   C:\WINDOWS\system32\lhacm.acm
2008-07-19 16:20 . 2008-07-19 16:20   113,430   --a------   C:\tata.JPG

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-06 16:05   ---------   d-----w   C:\Documents and Settings\Maciek\Dane aplikacji\Ahead
2008-07-06 16:00   ---------   d-----w   C:\Documents and Settings\All Users\Dane aplikacji\Ahead
2008-07-02 17:04   ---------   d-----w   C:\Program Files\Common Files\Ahead
2008-07-02 17:04   ---------   d-----w   C:\Program Files\Ahead
2008-06-26 22:26   ---------   d-----w   C:\Documents and Settings\Maciek\Dane aplikacji\BSplayer Pro
2008-06-26 22:26   ---------   d-----w   C:\Documents and Settings\Maciek\Dane aplikacji\BSplayer
2008-06-20 17:42   246,784   ----a-w   C:\WINDOWS\system32\mswsock.dll
2008-06-20 17:42   246,784   ----a-w   C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 17:42   148,992   ----a-w   C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 10:45   360,320   ----a-w   C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:45   360,320   ----a-w   C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 10:44   138,368   ----a-w   C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 10:44   138,368   ----a-w   C:\WINDOWS\system32\dllcache\afd.sys
2008-06-20 09:52   225,920   ----a-w   C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-20 09:52   225,920   ----a-w   C:\WINDOWS\system32\dllcache\tcpip6.sys
2008-06-18 19:31   ---------   d-----w   C:\Documents and Settings\Maciek\Dane aplikacji\Ventrilo
2008-06-14 18:01   273,024   ------w   C:\WINDOWS\system32\dllcache\bthport.sys
2008-05-31 09:54   434,688   ----a-w   C:\WINDOWS\system32\ss2uinst.exe
2008-04-09 17:39   32   ----a-w   C:\Documents and Settings\All Users\Dane aplikacji\ezsid.dat
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 22:44 15360]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-03-14 13:55 486856]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2007-11-14 11:54 2131392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 11:38 866816]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2006-04-20 01:17 421888]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-10-29 16:50 4620288]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2004-10-29 16:50 86016]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2008-08-14 10:50 949376]
"SoundMan"="SOUNDMAN.EXE" [2004-02-09 09:54 65024 C:\WINDOWS\SOUNDMAN.EXE]
"nwiz"="nwiz.exe" [2004-10-29 16:50 921600 C:\WINDOWS\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 22:44 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3fhg"= mp3fhg.acm
"msacm.divxa32"= divxa32.acm
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Gadu-Gadu\\gg.exe"=
"C:\\Program Files\\BitComet\\BitComet.exe"=
"C:\\Program Files\\BearShare\\BearShare.exe"=
"D:\\racer057\\racer\\racer.exe"=
"C:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"C:\\Program Files\\SopCast\\SopCast.exe"=
"C:\\Program Files\\Java\\jre1.6.0_06\\launch4j-tmp\\JDownloader.exe"=
"C:\\WINDOWS\\System32\\java.exe"=
"D:\\racer057\\racer\\tracked.exe"=
"D:\\Program Files\\Gadu-Gadu\\gg.exe"=
"C:\\Kopia lfs_\\LFS.exe"=
"C:\\Program Files\\Nowe Gadu-Gadu\\gg.exe"=
"D:\\Downloads\\[PC] Pro Evolution Soccer 2008 [ENG] [dopeman]\\PES08\\Pro Evolution Soccer 2008\\PES2008.exe"=
"D:\\Program Files\\Tlen.pl\\tlen.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"11727:TCP"= 11727:TCP:BitComet 11727 TCP
"11727:UDP"= 11727:UDP:BitComet 11727 UDP
"3478:UDP"= 3478:UDP:stun
"3479:UDP"= 3479:UDP:stun 2
"6112:UDP"= 6112:UDP:stun 3
"5730:UDP"= 5730:UDP:game
"5739:UDP"= 5739:UDP:game 1
"9001:TCP"= 9001:TCP:game 2
"11881:TCP"= 11881:TCP:game 3

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\instaluj.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{825ef549-692e-11dd-b423-000e501347a3}]
\Shell\AutoRun\command - G:\Autorun.exe
.
Contents of the 'Scheduled Tasks' folder

2008-08-13 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 14:57]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
HKLM-Run-NBKeyScan - C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
HKLM-Run-QuickTime Task - D:\Program Files\qttask.exe
HKLM-Run-BM5b6049f8 - C:\WINDOWS\system32\euxwyyhv.dll


.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Default_Search_URL = hxxp://www.google.com/ie
R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s
O8 -: &D&ownload &with BitComet - C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 -: &D&ownload all video with BitComet - C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 -: &D&ownload all with BitComet - C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 -: E&ksport do programu Microsoft Excel - D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 -: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206

O16 -: {A6212120-01D4-11D5-9A39-0080C8D85044} - hxxp://download.gamedesire.com/g_bin/pl/slots70_2_0_0_35.cab
C:\WINDOWS\Downloaded Program Files\Slots70.inf
C:\WINDOWS\Downloaded Program Files\Slots70.dll


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-15 12:09:39
Windows 5.1.2600 Dodatek Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\Program Files\Eset\pr_imon.dll
.
------------------------ Other Running Processes ------------------------
.
D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
D:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\PROGRAM FILES\ESET\NOD32KRN.EXE
C:\WINDOWS\SYSTEM32\NVSVC32.EXE
C:\WINDOWS\SYSTEM32\WDFMGR.EXE
D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\SYSTEM32\RUNDLL32.EXE
D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\SYSTEM32\WGATRAY.EXE
.
**************************************************************************
.
Completion time: 2008-08-15 12:12:12 - machine was rebooted
ComboFix-quarantined-files.txt  2008-08-15 10:12:06

Pre-Run: 2,004,344,832 bajtów wolnych
Post-Run: 1,975,672,832 bajt˘w wolnych

239   --- E O F ---   2008-07-09 18:58:49
Awatar użytkownika
Tiempo
~user
 
Posty: 624
Dołączenie: 10 Lip 2006, 20:19
Miejscowość: Czestochowa
Pochwały: 7



Strony internetowe nie wczytuja sie

Postprzez Okocza 15 Sie 2008, 12:27

otwórz notatnik i wklej:

Kod: Zaznacz wszystko
Windows Registry Editor Version 5.00

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{825ef549-692e-11dd-b423-000e501347a3}]


zapisz jako fix.reg i odpal


Wykonaj to co jest podane w tym temacie

1. Ściągnij OTMoveIt i go włacz i odpal go z opcji CleanUp :)
2. wykonaj optymalizację windowsa
3.sciagnij ATF_Cleaner
zaznacz
Windows Temp
All users Temp
Temporary internet files
Recycle Bin
i wcisnij EMPTY SELECTED
4.Wyłącz przywracanie systemu ( właściwości mój komputer-zakładka przywracanie - wyłącz przywracanie na wszystkich dyskach). Po chwili włącz je powrotem
5. Przeskanuj komputer pod względem Trojanów tym programem
6. Wstaw na forum screen z zakładki uruchamianie (start – uruchom – msconfig – uruchamianie) może uda się cos wyrzucic stamtąd
eMachines E730G - Core i5-430M, 2GiB RAM, ATI Mobility Radeon HD5470, WD 320GiB; Cort Z-44,DR 0.09-0.42, Peavey Backstage
Mac OS X 10.7.4 Lion // Windows 7 Professional x64 // NIE POMAGAM NA PW/GG/E-MAIL
Image
"Moje Ego i Anima spotykają się i wymieniają przepisami na ciasteczka" - Maynard James Keenan
Awatar użytkownika
Okocza
~user
 
Posty: 7993
Dołączenie: 19 Mar 2006, 11:53
Pochwały: 406




Powróć do Bezpieczeństwo

Kto jest na forum

Użytkownicy przeglądający to forum: Control K. oraz 6 gości