Proszę o sprawdzenie logów

[sitol]

Logfile of HijackThis v1.99.1Scan saved at 15:47:23, on 2007-06-13Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:WINDOWSSystem32smss.exeC:WINDOWSsystem32winlogon.exeC:WINDOWSsystem32services.exeC:WINDOWSsystem32lsass.exeC:WINDOWSsystem32Ati2evxx.exeC:WINDOWSsystem32svchost.exeC:WINDOWSSystem32svchost.exeC:WINDOWSsystem32Ati2evxx.exeC:WINDOWSExplorer.EXEC:WINDOWSsystem32spoolsv.exeC:OCHRONAavp.exeC:NET24+kpf4ss.exeC:OCHRONAavp.exeC:NET24+Dragdiag.exeC:Program FilesATI TechnologiesATI.ACEcli.exeC:WINDOWSsystem32ctfmon.exeC:WINDOWSSystem32spoolDRIVERSW32X863E_FATIBEE.EXEC:Program FilesAlcohol SoftAlcohol 120StarWindStarWindService.exeC:WINDOWSSystem32svchost.exeC:NET24+kpf4gui.exeC:WINDOWSsystem32wscntfy.exeC:NET24+kpf4gui.exeC:Program FilesATI TechnologiesATI.ACEcli.exeC:Program FilesATI TechnologiesATI.ACEcli.exeC:GGGadu-Gadugg.exeC:GGGadu-Gadugg.exeC:NET24_~1Mozilla Firefoxfirefox.exeC:Documents and SettingsMateusz MMSPulpitHijackThis.exeR0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://google.bearshare.com/pl/R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Local Page = R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = ŁączaO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 5.0ReaderActiveXAcroIEHelper.ocxO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre1.6.0_01binssv.dllO2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:Program FilesEPSONEPSON Web-To-PageEPSON Web-To-Page.dllO3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:Program FilesEPSONEPSON Web-To-PageEPSON Web-To-Page.dllO4 - HKLM..Run: [kis] "C:OCHRONAavp.exe"O4 - HKLM..Run: [speedTouch USB Diagnostics] "C:NET24+Dragdiag.exe" /iconO4 - HKLM..Run: [EPSON Stylus DX4000 Series] C:WINDOWSSystem32spoolDRIVERSW32X863E_FATIBEE.EXE /FU "C:WINDOWSTEMPE_SA5.tmp" /EF "HKLM"O4 - HKLM..Run: [KernelFaultCheck] %systemroot%system32dumprep 0 -kO4 - HKLM..Run: [ATICCC] "C:Program FilesATI TechnologiesATI.ACEcli.exe" runtime -DelayO4 - HKCU..Run: [CTFMON.EXE] C:WINDOWSsystem32ctfmon.exeO4 - HKCU..Run: [EPSON Stylus DX4000 Series] C:WINDOWSSystem32spoolDRIVERSW32X863E_FATIBEE.EXE /FU "C:DOCUME~1MATEUS~1USTAWI~1TempE_S33A.tmp" /EF "HKCU"O4 - Global Startup: Microsoft Office.lnk = C:Program FilesMicrosoft OfficeOffice10OSA.EXEO8 - Extra context menu item: Dodaj do Kaspersky Anti-Banner - C:OCHRONAie_banner_deny.htmO8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:PROGRA~1MICROS~2Office10EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_01binssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_01binssv.dllO9 - Extra button: Ochrona WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:OCHRONAscieplugin.dllO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exeO12 - Plugin for .spop: C:Program FilesInternet ExplorerPluginsNPDocBox.dllO17 - HKLMSystemCCSServicesTcpip..{77868943-A9C5-4E89-BF83-F63852D59118}: NameServer = 83.238.255.76 213.241.79.37O20 - AppInit_DLLs: C:OCHRONAadialhk.dllO20 - Winlogon Notify: klogon - C:WINDOWSsystem32klogon.dllO20 - Winlogon Notify: WgaLogon - C:WINDOWSO23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:WINDOWSsystem32Ati2evxx.exeO23 - Service: ATI Smart - Unknown owner - C:WINDOWSsystem32ati2sgag.exeO23 - Service: Kaspersky Internet Security 6.0 (AVP) - Kaspersky Lab - C:OCHRONAavp.exeO23 - Service: iPod Service - Apple Inc. - C:Program FilesiPodbiniPodService.exeO23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:NET24+kpf4ss.exeO23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:Program FilesAlcohol SoftAlcohol 120StarWindStarWindService.exe

[CatchMe]

Log czysty. Masz problem z wirusami? Wklej log z Silent Runners.

[sitol]

"Silent Runners.vbs", revision R50, http://www.silentrunners.org/Operating System: Windows XP SP2Output limited to non-default values, except where indicated by "{++}"Startup items buried in registry:---------------------------------HKCUSoftwareMicrosoftWindowsCurrentVersionRun {++}"CTFMON.EXE" = "C:WINDOWSsystem32ctfmon.exe" [MS]"EPSON Stylus DX4000 Series" = "C:WINDOWSSystem32spoolDRIVERSW32X863E_FATIBEE.EXE /FU "C:DOCUME~1MATEUS~1USTAWI~1TempE_S33A.tmp" /EF "HKCU"" ["SEIKO EPSON CORPORATION"]HKLMSoftwareMicrosoftWindowsCurrentVersionRun {++}"kis" = ""C:OCHRONAavp.exe"" ["Kaspersky Lab"]"(Default)" = "(empty string)" [file not found]"SpeedTouch USB Diagnostics" = ""C:NET24+Dragdiag.exe" /icon" ["THOMSON Telecom Belgium"]"EPSON Stylus DX4000 Series" = "C:WINDOWSSystem32spoolDRIVERSW32X863E_FATIBEE.EXE /FU "C:WINDOWSTEMPE_SA5.tmp" /EF "HKLM"" ["SEIKO EPSON CORPORATION"]"KernelFaultCheck" = "C:WINDOWSsystem32dumprep 0 -k""ATICCC" = ""C:Program FilesATI TechnologiesATI.ACEcli.exe" runtime -Delay" [null data]HKLMSoftwareMicrosoftActive SetupInstalled Components>{26923b43-4d38-484f-9b9e-de460746276c}(Default) = "Internet Explorer"										StubPath   = "C:WINDOWSsystem32shmgrate.exe OCInstallUserConfigIE" [MS]HKLMSoftwareMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided)  -> {HKLM...CLSID} = "AcroIEHlprObj Class"				   InProcServer32(Default) = "C:Program FilesAdobeAcrobat 5.0ReaderActiveXAcroIEHelper.ocx" [empty string]{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}(Default) = (no title provided)  -> {HKLM...CLSID} = "SSVHelper Class"				   InProcServer32(Default) = "C:Program FilesJavajre1.6.0_01binssv.dll" ["Sun Microsystems, Inc."]{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}(Default) = (no title provided)  -> {HKLM...CLSID} = "EpsonToolBandKicker Class"				   InProcServer32(Default) = "C:Program FilesEPSONEPSON Web-To-PageEPSON Web-To-Page.dll" ["SEIKO EPSON CORPORATION"]HKLMSoftwareMicrosoftWindowsCurrentVersionShell ExtensionsApproved"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"  -> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"				   InProcServer32(Default) = "deskpan.dll" [file not found]"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"  -> {HKLM...CLSID} = "HyperTerminal Icon Ext"				   InProcServer32(Default) = "C:WINDOWSSystem32hticons.dll" ["Hilgraeve, Inc."]"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"  -> {HKLM...CLSID} = "WinRAR"				   InProcServer32(Default) = "C:Program FilesWinRARrarext.dll" [null data]"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}" = "iTunes"  -> {HKLM...CLSID} = "iTunes"				   InProcServer32(Default) = "C:iTunesiTunesMiniPlayer.dll" ["Apple Inc."]"{85E0B171-04FA-11D1-B7DA-00A0C90348D6}" = "Ochrona WWW"  -> {HKLM...CLSID} = "Ochrona WWW"				   InProcServer32(Default) = "C:OCHRONAscieplugin.dll" ["Kaspersky Lab"]"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"  -> {HKLM...CLSID} = (no title provided)				   InProcServer32(Default) = "C:Program FilesMicrosoft OfficeOffice10msohev.dll" [MS]"{AD392E40-428C-459F-961E-9B147782D099}" = "UltraISO"  -> {HKLM...CLSID} = "UIContextMenu Class"				   InProcServer32(Default) = "C:Program FilesUltraISOisoshell.dll" ["EZB Systems, Inc."]"{5E2121EE-0300-11D4-8D3B-444553540000}" = "Catalyst Context Menu extension"  -> {HKLM...CLSID} = "SimpleShlExt Class"				   InProcServer32(Default) = "C:Program FilesATI TechnologiesATI.ACEatiacmxx.dll" [empty string]HKLMSoftwareMicrosoftWindows NTCurrentVersionWindows<<!>> "AppInit_DLLs" = "C:OCHRONAadialhk.dll" ["Kaspersky Lab"]HKLMSoftwareMicrosoftWindows NTCurrentVersionWinlogonNotify<<!>> AtiExtEventDLLName = "Ati2evxx.dll" ["ATI Technologies Inc."]<<!>> klogonDLLName = "C:WINDOWSsystem32klogon.dll" ["Kaspersky Lab"]HKLMSoftwareClasses*shellexContextMenuHandlersEPPShellEx(Default) = "{509FE1AF-ADD5-49EC-BC55-7CF81FD16E78}"  -> {HKLM...CLSID} = (no title provided)				   InProcServer32(Default) = "C:Program FilesEPSONCreativity SuiteEasy Photo PrintEPPShell.dll" ["SEIKO EPSON CORPORATION"]Kaspersky Anti-Virus(Default) = "{dd230880-495a-11d1-b064-008048ec2fc5}"  -> {HKLM...CLSID} = (no title provided)				   InProcServer32(Default) = "C:OCHRONAshellex.dll" ["Kaspersky Lab"]WinRAR(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"  -> {HKLM...CLSID} = "WinRAR"				   InProcServer32(Default) = "C:Program FilesWinRARrarext.dll" [null data]HKLMSoftwareClassesDirectoryshellexContextMenuHandlersUltraISO(Default) = "{AD392E40-428C-459F-961E-9B147782D099}"  -> {HKLM...CLSID} = "UIContextMenu Class"				   InProcServer32(Default) = "C:Program FilesUltraISOisoshell.dll" ["EZB Systems, Inc."]WinRAR(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"  -> {HKLM...CLSID} = "WinRAR"				   InProcServer32(Default) = "C:Program FilesWinRARrarext.dll" [null data]HKLMSoftwareClassesFoldershellexContextMenuHandlersKaspersky Anti-Virus(Default) = "{dd230880-495a-11d1-b064-008048ec2fc5}"  -> {HKLM...CLSID} = (no title provided)				   InProcServer32(Default) = "C:OCHRONAshellex.dll" ["Kaspersky Lab"]UltraISO(Default) = "{AD392E40-428C-459F-961E-9B147782D099}"  -> {HKLM...CLSID} = "UIContextMenu Class"				   InProcServer32(Default) = "C:Program FilesUltraISOisoshell.dll" ["EZB Systems, Inc."]WinRAR(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"  -> {HKLM...CLSID} = "WinRAR"				   InProcServer32(Default) = "C:Program FilesWinRARrarext.dll" [null data]Group Policies {GPedit.msc branch and setting}:-----------------------------------------------Note: detected settings may not have any effect.HKLMSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|Shutdown: Allow system to be shut down without having to log on}"undockwithoutlogon" = (REG_DWORD) hex:0x00000001{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|Devices: Allow undock without having to log on}Active Desktop and Wallpaper:-----------------------------Active Desktop may be enabled at this entry:HKCUSoftwareMicrosoftWindowsCurrentVersionExplorerShellStateDisplayed if Active Desktop enabled and wallpaper not set by Group Policy:HKCUSoftwareMicrosoftInternet ExplorerDesktopGeneral"Wallpaper" = "C:WINDOWSsystem32configsystemprofilePulpitporsche1024x76846ha.jpg"Displayed if Active Desktop disabled and wallpaper not set by Group Policy:HKCUControl PanelDesktop"Wallpaper" = "C:Documents and SettingsMateusz MMSUstawienia lokalneDane aplikacjiMicrosoftWallpaper1.bmp"Enabled Screen Saver:---------------------HKCUControl PanelDesktop"SCRNSAVE.EXE" = "C:WINDOWSSystem32logon.scr" [MS]Startup items in "Mateusz MMS" & "All Users" startup folders:-------------------------------------------------------------C:Documents and SettingsAll UsersMenu StartProgramyAutostart"Microsoft Office" -> shortcut to: "C:Program FilesMicrosoft OfficeOffice10OSA.EXE -b -l" [MS]Enabled Scheduled Tasks:------------------------"AppleSoftwareUpdate" -> launches: "C:Program FilesApple Software UpdateSoftwareUpdate.exe -Task" ["Apple Computer, Inc."]Winsock2 Service Provider DLLs:-------------------------------Namespace Service ProvidersHKLMSystemCurrentControlSetServicesWinsock2ParametersNameSpace_Catalog5Catalog_Etries {++}000000000001LibraryPath = "%SystemRoot%System32mswsock.dll" [MS]000000000002LibraryPath = "%SystemRoot%System32winrnr.dll" [MS]000000000003LibraryPath = "%SystemRoot%System32mswsock.dll" [MS]Transport Service ProvidersHKLMSystemCurrentControlSetServicesWinsock2ParametersProtocol_Catalog9Catalog_Enries {++}0000000000##PackedCatalogItem (contains) DLL [Company Name], (at) ## range:%SystemRoot%system32mswsock.dll [MS], 01 - 03, 06 - 15%SystemRoot%system32rsvpsp.dll [MS], 04 - 05Toolbars, Explorer Bars, Extensions:------------------------------------ToolbarsHKCUSoftwareMicrosoftInternet ExplorerToolbarWebBrowser"{EE5D279F-081B-4404-994D-C6B60AAEBA6D}"  -> {HKLM...CLSID} = "EPSON Web-To-Page"				   InProcServer32(Default) = "C:Program FilesEPSONEPSON Web-To-PageEPSON Web-To-Page.dll" ["SEIKO EPSON CORPORATION"]HKLMSoftwareMicrosoftInternet ExplorerToolbar"{EE5D279F-081B-4404-994D-C6B60AAEBA6D}" = (no title provided)  -> {HKLM...CLSID} = "EPSON Web-To-Page"				   InProcServer32(Default) = "C:Program FilesEPSONEPSON Web-To-PageEPSON Web-To-Page.dll" ["SEIKO EPSON CORPORATION"]Explorer BarsHKLMSoftwareMicrosoftInternet ExplorerExplorer BarsHKLMSoftwareClassesCLSID{85E0B171-04FA-11D1-B7DA-00A0C90348D6}(Default) = "Ochrona WWW"Implemented Categories{00021493-0000-0000-C000-000000000046} [vertical bar]InProcServer32(Default) = "C:OCHRONAscieplugin.dll" ["Kaspersky Lab"]Extensions (Tools menu items, main toolbar menu buttons)HKLMSoftwareMicrosoftInternet ExplorerExtensions{08B0E5C0-4FCB-11CF-AAA5-00401C608501}"MenuText" = "Sun Java Console""CLSIDExtension" = "{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC}"  -> {HKCU...CLSID} = "Java Plug-in 1.6.0_01"				   InProcServer32(Default) = "C:Program FilesJavajre1.6.0_01binssv.dll" ["Sun Microsystems, Inc."]  -> {HKLM...CLSID} = "Java Plug-in 1.6.0_01"				   InProcServer32(Default) = "C:Program FilesJavajre1.6.0_01binnpjpi160_01.dll" ["Sun Microsystems, Inc."]{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E}"ButtonText" = "Ochrona WWW"{FB5F1910-F110-11D2-BB9E-00C04F795683}"ButtonText" = "Messenger""MenuText" = "Windows Messenger""Exec" = "C:Program FilesMessengermsmsgs.exe" [MS]Running Services (Display Name, Service Name, Path {Service DLL}):------------------------------------------------------------------Ati HotKey Poller, Ati HotKey Poller, "C:WINDOWSsystem32Ati2evxx.exe" ["ATI Technologies Inc."]Kaspersky Internet Security 6.0, AVP, "C:OCHRONAavp.exe -r" ["Kaspersky Lab"]StarWind iSCSI Service, StarWindService, "C:Program FilesAlcohol SoftAlcohol 120StarWindStarWindService.exe" ["Rocket Division Software"]Sunbelt Kerio Personal Firewall 4, KPF4, "C:NET24+kpf4ss.exe" ["Sunbelt Software"]Windows User Mode Driver Framework, UMWdf, "C:WINDOWSsystem32wdfmgr.exe" [MS]Print Monitors:---------------HKLMSystemCurrentControlSetControlPrintMonitorsEPSON Stylus DX4000 Series 32MonitorBEDriver = "E_FLBBEE.DLL" ["SEIKO EPSON CORPORATION"]----------<<!>>: Suspicious data at a malware launch point.+ This report excludes default entries except where indicated.+ To see *everywhere* the script checks and *everything* it finds,  launch it from a command prompt or a shortcut with the -all parameter.+ To search all directories of local fixed drives for DESKTOP.INI  DLL launch points, use the -supp parameter or answer "No" at the  first message box and "Yes" at the second message box.---------- (total run time: 47 seconds, including 4 seconds for message boxes)

[CatchMe]

Czysty. Ponownie pytam czy masz problem z systemem? Jeżeli tak to log z ComboFix`a poproszę.

[sitol]

znaczy nie wiem czemu niby net mam zawsze połączony ale czasem od niedawna nie ładuja się stronki i gg się nie ładuje.. :/ nigdy czegos takiego niemialem więc sie ciut zaniepokoiłem bo mam kasperskiego KIS6 i od dzisiaj KPF 4

[CatchMe]

Żeby wykluczyć możliwość infekcji wklej logi:

- ComboFix

- Gmer (z 2 opcji)

Logi wklej na www.wklej.org

ps. KIS ma firewall... po co Tobie KPF? To będzie się gryzło.