x-kom hosting

Brak internetu - banalnie brzmi Logi

topker
utworzono
utworzono (edytowane)

Witam serdecznie po raz pierwszy!! :)

Problem mój polega na braku możliwości połączeni się z jakąkolwiek stroną www.

Używam Laptopa Compaq nx6110 XP Home SP2 wszystkie uaktualnienia. Korzystam z Firefoxa oraz opcjonalnie z IE7. Sieć Lan ale tam (u Admina) na pewno jest wszystko OK. Mam dodatkowo Iplusa.

No i teraz ... czy skorzystam z Foxa czy IE nie może się połączyć z serwerem (DNSy sprawdzone -ok) i co ciekawe ani na sieci ani na iPlusie, IE podaje w teście że najprawdopodobniej są zablokowane porty HTTP, FTP, HTTPS-jeśli dobrze zapamiętałem. internet jest na trybie awaryjnym. sprawdzałem ipcofig wszystkie parametry są OK, ale netstat nie pokazuje już w/w portów jako otwartych. Aha poczta działa. nie uzywam żadnych p2p. Zapora tylko Windows ale wyłączona, antywirus jest ale został zmieniony bo myślałem, że kasperski (wersja 60dniowa) jak się wyłączył to zablokował. Odinstalowanie nie pomogło. W menadżerze zadań też chyba nie mam nic nadzwyczajnego

A wszystko to stało się po zainstalowaniu (uaktualnieniu) Firefoxa do 3ki ale też go wyrzuciłem i nic, zresztą wszyscy w koło już dawno używali i nic

Pomocy!!!

NowakoV
komentarz
komentarz

A nie masz przypadkiem jakiegoś firewalla? Albo może router blokuje porty?

topker
komentarz
komentarz

wydaje mi się że ruter raczej nie bo iPlus by chodził , a firewall tylko XP i to wyłączony, włączonego też próbowałem z dopisanymi portami.

Tomek
komentarz
komentarz

start uruchom cmd wpisz

ping forumpc.pl

Sprawdź czy jest poprawny wynik pingu.

Może to być infekcja

przeskanuj jakimś antywirusem oraz daj logi http://www.forumpc.pl/index.php?showtopic=11017#

topker
komentarz
komentarz

avir nic nie wykrył, ping zależy... onet.pl + kilka innych nie działa 100% strat, ale np allegro.pl, wp.pl, czy forumpc.pl jest ok, ale wejść na te strony się nie da.

oto logi:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 10:01:21, on 2008-09-03

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Boot mode: Normal

Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\D-Tools\daemon.exeC:\Program Files\PC Tools AntiVirus\PCTAV.exeC:\Program Files\Desktop Architect\datray.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\PC Tools AntiVirus\PCTAVSvc.exeC:\WINDOWS\system32\HPZipm12.exeC:\Program Files\Analog Devices\SoundMAX\SMAgent.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Microsoft Office\Office10\WINWORD.EXEC:\WINDOWS\system32\wuauclt.exeC:\Documents and Settings\My\Pulpit\HiJackThis\HiJackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = ŁączaO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dllO2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dllO2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dllO3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dllO3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1045O4 - HKLM\..\Run: [PCTAVApp] "C:\Program Files\PC Tools AntiVirus\PCTAV.exe" /MONITORSCANO4 - HKCU\..\Run: [Desktop Architect] "C:\Program Files\Desktop Architect\datray.exe" -SO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dllO9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exeO9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exeO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO14 - IERESET.INF: START_PAGE_URL=http://www.hp.comO16 - DPF: {631FF594-EC25-4CFF-B869-402DF294E1D6} (Instalator oprogramowania Onet.pl) - http://slimak.onet.pl/_m/kamerzysta/OnetInstalator012s.ocxO17 - HKLM\System\CCS\Services\Tcpip\..\{06B9ADFB-0D85-4CB2-B8FB-15132B2F4E0A}: NameServer = 10.0.12.1,194.204.169.1O17 - HKLM\System\CS1\Services\Tcpip\..\{06B9ADFB-0D85-4CB2-B8FB-15132B2F4E0A}: NameServer = 10.0.12.1,194.204.169.1O17 - HKLM\System\CS2\Services\Tcpip\..\{06B9ADFB-0D85-4CB2-B8FB-15132B2F4E0A}: NameServer = 10.0.12.1,194.204.169.1O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLLO23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exeO23 - Service: PC Tools AntiVirus Engine (PCTAVSvc) - PC Tools Research Pty Ltd - C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exeO23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exeO23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe--End of file - 5583 bytes

"Silent Runners.vbs", revision 58, http://www.silentrunners.org/

Operating System: Windows XP SP2

Output limited to non-default values, except where indicated by "{++}"

Startup items buried in registry:

---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}"Desktop Architect" = ""C:\Program Files\Desktop Architect\datray.exe" -S" ["Ken Foster"]"ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS]HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}"DAEMON Tools-1033" = ""C:\Program Files\D-Tools\daemon.exe" -lang 1045" ["DAEMON'S HOME"]"PCTAVApp" = ""C:\Program Files\PC Tools AntiVirus\PCTAV.exe" /MONITORSCAN" ["PC Tools Research Pty Ltd"]HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)  -> {HKLM...CLSID} = "AcroIEHlprObj Class"				   \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]{5CA3D70E-1895-11CF-8E15-001234567890}\(Default) = "*_" (unwritable string)  -> {HKLM...CLSID} = "DriveLetterAccess"				   \InProcServer32\(Default) = "C:\WINDOWS\system32\dla\tfswshx.dll" ["Sonic Solutions"]{A5366673-E8CA-11D3-9CD9-0090271D075B}\(Default) = (no title provided)  -> {HKLM...CLSID} = "IeCatch2 Class"				   \InProcServer32\(Default) = "C:\PROGRA~1\FlashGet\jccatch.dll" ["Amaze Soft"]{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\(Default) = (no title provided)  -> {HKLM...CLSID} = "Google Toolbar Notifier BHO"				   \InProcServer32\(Default) = "C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll" ["Google Inc."]HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"  -> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"				   \InProcServer32\(Default) = "deskpan.dll" [file not found]"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"  -> {HKLM...CLSID} = "HyperTerminal Icon Ext"				   \InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]"{DEE12703-6333-4D4E-8F34-738C4DCC2E04}" = "RecordNow! SendToExt"  -> {HKLM...CLSID} = "RecordNow! SendToExt"				   \InProcServer32\(Default) = "C:\Program Files\Sonic\RecordNow!\shlext.dll" [null data]"{5CA3D70E-1895-11CF-8E15-001234567890}" = "DriveLetterAccess"  -> {HKLM...CLSID} = "DriveLetterAccess"				   \InProcServer32\(Default) = "C:\WINDOWS\system32\dla\tfswshx.dll" ["Sonic Solutions"]"{2F603045-309F-11CF-9774-0020AFD0CFF6}" = "Synaptics Control Panel"  -> {HKLM...CLSID} = (no title provided)				   \InProcServer32\(Default) = "C:\Program Files\Synaptics\SynTP\SynTPCpl.dll" ["Synaptics, Inc."]"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"  -> {HKLM...CLSID} = "Portable Media Devices Menu"				   \InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"  -> {HKLM...CLSID} = (no title provided)				   \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\msohev.dll" [MS]"{e57ce731-33e8-4c51-8354-bb4de9d215d1}" = "Uniwersalne urządzenia Plug and Play"  -> {HKLM...CLSID} = "Uniwersalne urządzenia Plug and Play"				   \InProcServer32\(Default) = "C:\WINDOWS\system32\upnpui.dll" [MS]"{08267B21-223F-11d3-ACD4-004F4902B913}" = "Desktop Architect"  -> {HKLM...CLSID} = "Desktop Architect"				   \InProcServer32\(Default) = "C:\Program Files\Desktop Architect\dadesk.dll" ["Ken Foster"]"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"  -> {HKLM...CLSID} = "RealOne Player Context Menu Class"				   \InProcServer32\(Default) = "C:\Program Files\Real Alternative\rpshell.dll" ["RealNetworks, Inc."]HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\<<!>> igfxcui\DLLName = "igfxdev.dll" ["Intel Corporation"]HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"  -> {HKLM...CLSID} = "PDF Shell Extension"				   \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\PCTAVShellExtension\(Default) = "{AEEAEC2D-7EE9-4C66-937C-80BF8B03FD54}"  -> {HKLM...CLSID} = "PCTAVShlExt Class"				   \InProcServer32\(Default) = "C:\Program Files\PC Tools AntiVirus\PCTAVShellExtension.dll" ["PC Tools Research Pty Ltd"]PowerArchiver\(Default) = "{d03d3e68-0c44-3d45-b15f-bcfd8a8b4c7e}"  -> {HKLM...CLSID} = "PowerArchiver Shell Extensions"				   \InProcServer32\(Default) = "C:\Program Files\PowerArchiver\PASHLEXT.DLL" ["ConeXware, Inc."]HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\PCTAVShellExtension\(Default) = "{AEEAEC2D-7EE9-4C66-937C-80BF8B03FD54}"  -> {HKLM...CLSID} = "PCTAVShlExt Class"				   \InProcServer32\(Default) = "C:\Program Files\PC Tools AntiVirus\PCTAVShellExtension.dll" ["PC Tools Research Pty Ltd"]HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\PowerArchiver\(Default) = "{d03d3e68-0c44-3d45-b15f-bcfd8a8b4c7e}"  -> {HKLM...CLSID} = "PowerArchiver Shell Extensions"				   \InProcServer32\(Default) = "C:\Program Files\PowerArchiver\PASHLEXT.DLL" ["ConeXware, Inc."]Group Policies {policy setting}:--------------------------------Note: detected settings may not have any effect.HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\"shutdownwithoutlogon" = (REG_DWORD) dword:0x00000001{Shutdown: Allow system to be shut down without having to log on}"undockwithoutlogon" = (REG_DWORD) dword:0x00000001{Devices: Allow undock without having to log on}Active Desktop and Wallpaper:-----------------------------Active Desktop may be disabled at this entry:HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellStateDisplayed if Active Desktop enabled and wallpaper not set by Group Policy:HKCU\Software\Microsoft\Internet Explorer\Desktop\General\"Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"Displayed if Active Desktop disabled and wallpaper not set by Group Policy:HKCU\Control Panel\Desktop\"Wallpaper" = "C:\Documents and Settings\My\Dane aplikacji\IrfanView\IrfanView_Wallpaper.bmp"Enabled Screen Saver:---------------------HKCU\Control Panel\Desktop\"SCRNSAVE.EXE" = "C:\WINDOWS\system32\logon.scr" [MS]Windows Portable Device AutoPlay Handlers-----------------------------------------HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\FunMultiMediaHandler\"Provider" = "MultiMedia Manager""ProgID" = "FUNBOX.Autoplay"HKLM\SOFTWARE\Classes\FUNBOX.Autoplay\CLSID\(Default) = "{DF866F1F-10DF-4694-94A9-7F526FC8800A}"  -> {HKLM...CLSID} = "FUNBOX Autoplay Sample 2"				   \LocalServer32\(Default) = "C:\Program Files\Samsung\Samsung PC Studio 3\Share_autoplay.exe" ["TODO: <** **>" (unwritable string)]IviDVDEventHandler\"Provider" = "InterVideo WinDVD""InvokeProgID" = "Ivi.MediaFile""InvokeVerb" = "play"HKLM\SOFTWARE\Classes\Ivi.MediaFile\shell\play\command\(Default) = ""C:\Program Files\InterVideo\WinDVD\WinDVD.exe" %1" ["InterVideo Inc."]IviVideoCDHandler\"Provider" = "InterVideo WinDVD""InvokeProgID" = "Ivi.MediaFile""InvokeVerb" = "play"HKLM\SOFTWARE\Classes\Ivi.MediaFile\shell\play\command\(Default) = ""C:\Program Files\InterVideo\WinDVD\WinDVD.exe" %1" ["InterVideo Inc."]NeroAutoPlay2AudioToNeroDigital\"Provider" = "Nero Burning ROM""InvokeProgID" = "Nero.AutoPlay2""InvokeVerb" = "PlayCDAudioOnArrival_AudioToNeroDigital"HKLM\SOFTWARE\Classes\Nero.AutoPlay2\shell\PlayCDAudioOnArrival_AudioToNeroDigital\command\(Default) = "C:\Program Files\Ahead\nero\nero.exe /Dialog:SaveTracksND  /Drive:%L" ["Ahead Software AG"]NeroAutoPlay2CDAudio\"Provider" = "Nero Express""InvokeProgID" = "Nero.AutoPlay2""InvokeVerb" = "HandleCDBurningOnArrival_CDAudio"HKLM\SOFTWARE\Classes\Nero.AutoPlay2\shell\HandleCDBurningOnArrival_CDAudio\command\(Default) = "C:\Program Files\Ahead\nero\nero.exe /w /New:AudioCD /Drive:%L" ["Ahead Software AG"]NeroAutoPlay2CopyCD\"Provider" = "Nero Express""InvokeProgID" = "Nero.AutoPlay2""InvokeVerb" = "PlayCDAudioOnArrival_CopyCD"HKLM\SOFTWARE\Classes\Nero.AutoPlay2\shell\PlayCDAudioOnArrival_CopyCD\command\(Default) = "C:\Program Files\Ahead\nero\nero.exe /w /Dialog:DiscCopy /Drive:%L" ["Ahead Software AG"]NeroAutoPlay2DataDisc\"Provider" = "Nero Express""InvokeProgID" = "Nero.AutoPlay2""InvokeVerb" = "HandleCDBurningOnArrival_DataDisc"HKLM\SOFTWARE\Classes\Nero.AutoPlay2\shell\HandleCDBurningOnArrival_DataDisc\command\(Default) = "C:\Program Files\Ahead\nero\nero.exe /w /New:ISODisc /Drive:%L" ["Ahead Software AG"]NeroAutoPlay2DVDVideoToNeroDigital\"Provider" = "Nero Recode""InvokeProgID" = "Nero.AutoPlay2""InvokeVerb" = "PlayDVDMovieOnArrival_DVDVideoToNeroDigital"HKLM\SOFTWARE\Classes\Nero.AutoPlay2\shell\PlayDVDMovieOnArrival_DVDVideoToNeroDigital\command\(Default) = "C:\Program Files\Ahead\Nero Recode\Recode.exe /New:ReAuthorNeroDigital /Drive:%L" ["Ahead Software AG"]NeroAutoPlay2LaunchNeroStartSmart\"Provider" = "Nero StartSmart""InvokeProgID" = "Nero.AutoPlay2""InvokeVerb" = "HandleCDBurningOnArrival_LaunchNeroStartSmart"HKLM\SOFTWARE\Classes\Nero.AutoPlay2\shell\HandleCDBurningOnArrival_LaunchNeroStartSmart\command\(Default) = "C:\Program Files\Ahead\Nero StartSmart\NeroStartSmart.exe /AutoPlay /Drive:%L" ["Ahead Software AG"]NeroAutoPlay2PlayDVD\"Provider" = "Nero ShowTime""InvokeProgID" = "Nero.AutoPlay2""InvokeVerb" = "PlayVideoFilesOnArrival_PlayDVD"HKLM\SOFTWARE\Classes\Nero.AutoPlay2\shell\PlayVideoFilesOnArrival_PlayDVD\command\(Default) = "C:\Program Files\Ahead\Nero ShowTime\ShowTime.exe /Play %L" ["Nero AG"]NeroAutoPlay2RipCD\"Provider" = "Nero Burning ROM""InvokeProgID" = "Nero.AutoPlay2""InvokeVerb" = "PlayCDAudioOnArrival_RipCD"HKLM\SOFTWARE\Classes\Nero.AutoPlay2\shell\PlayCDAudioOnArrival_RipCD\command\(Default) = "C:\Program Files\Ahead\nero\nero.exe /Dialog:SaveTracks  /Drive:%L" ["Ahead Software AG"]NeroAutoPlay2TranscodeVideo\"Provider" = "Nero Recode""InvokeProgID" = "Nero.AutoPlay2""InvokeVerb" = "PlayDVDMovieOnArrival_TranscodeVideo"HKLM\SOFTWARE\Classes\Nero.AutoPlay2\shell\PlayDVDMovieOnArrival_TranscodeVideo\command\(Default) = "C:\Program Files\Ahead\Nero Recode\Recode.exe /New:CopyDVDVideo /Drive:%L" ["Ahead Software AG"]NeroAutoPlay2VideoCapture\"Provider" = "NeroVision Express""ProgID" = "Shell.HWEventHandlerShellExecute""InitCmdLine" = ""C:\Program Files\Ahead\NeroVision\NeroVision.exe" /New:VideoCapture"HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = "{FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}"  -> {HKLM...CLSID} = "ShellExecute HW Event Handler"				   \LocalServer32\(Default) = "rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" [MS]NeroAutoPlay2ViewPhotos\"Provider" = "Nero PhotoSnap Viewer""InvokeProgID" = "Nero.AutoPlay2""InvokeVerb" = "ShowPicturesOnArrival_ViewPhotos"HKLM\SOFTWARE\Classes\Nero.AutoPlay2\shell\ShowPicturesOnArrival_ViewPhotos\command\(Default) = "C:\Program Files\Ahead\Nero PhotoSnap\PhotoSnapViewer.exe  /Drive:%L" ["Ahead Software AG"]SonicRnAudioCD\"Provider" = "Sonic RecordNow!""InvokeProgID" = "Sonic.RecordNow""InvokeVerb" = "AudioCDJob"HKLM\SOFTWARE\Classes\Sonic.RecordNow\shell\AudioCDJob\Command\(Default) = ""C:\Program Files\Sonic\RecordNow!\RecordNow.exe" /AudioCDJob %L" [null data]SonicRnBurnAudioCD\"Provider" = "Sonic RecordNow!""InvokeProgID" = "Sonic.RecordNow""InvokeVerb" = "AudioCDTarget"HKLM\SOFTWARE\Classes\Sonic.RecordNow\shell\AudioCDTarget\Command\(Default) = ""C:\Program Files\Sonic\RecordNow!\RecordNow.exe" /AudioCDTarget %L" [null data]SonicRnBurnDataDisc\"Provider" = "Sonic RecordNow!""InvokeProgID" = "Sonic.RecordNow""InvokeVerb" = "DataDiscTarget"HKLM\SOFTWARE\Classes\Sonic.RecordNow\shell\DataDiscTarget\Command\(Default) = ""C:\Program Files\Sonic\RecordNow!\RecordNow.exe" /DataDiscTarget %L" [null data]SonicRnCopyCD\"Provider" = "Sonic RecordNow!""InvokeProgID" = "Sonic.RecordNow""InvokeVerb" = "CopyDiscJob"HKLM\SOFTWARE\Classes\Sonic.RecordNow\shell\CopyDiscJob\Command\(Default) = ""C:\Program Files\Sonic\RecordNow!\RecordNow.exe" /CopyDiscJob %L" [null data]SonicRnCopyDisc\"Provider" = "Sonic RecordNow!""InvokeProgID" = "Sonic.RecordNow""InvokeVerb" = "CopyDiscJob"HKLM\SOFTWARE\Classes\Sonic.RecordNow\shell\CopyDiscJob\Command\(Default) = ""C:\Program Files\Sonic\RecordNow!\RecordNow.exe" /CopyDiscJob %L" [null data]Winsock2 Service Provider DLLs:-------------------------------Namespace Service ProvidersHKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]Transport Service ProvidersHKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll ["PC Tools Research Pty Ltd."], 01 - 03, 26%SystemRoot%\system32\mswsock.dll [MS], 04 - 06, 09 - 25%SystemRoot%\system32\rsvpsp.dll [MS], 07 - 08Toolbars, Explorer Bars, Extensions:------------------------------------ToolbarsHKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\"{E0E899AB-F487-11D5-8D29-0050BA6940E3}" = "FlashGet Bar"  -> {HKLM...CLSID} = "FlashGet Bar"				   \InProcServer32\(Default) = "C:\PROGRA~1\FlashGet\fgiebar.dll" ["Amaze Soft"]Extensions (Tools menu items, main toolbar menu buttons)HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\"MenuText" = "Sun Java Console""CLSIDExtension" = "{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBC}"  -> {HKLM...CLSID} = "Java Plug-in 1.5.0"				   \InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll" ["Sun Microsystems, Inc."]{D6E814A0-E0C5-11D4-8D29-0050BA6940E3}\"ButtonText" = "FlashGet""MenuText" = "&FlashGet""Exec" = "C:\PROGRA~1\FlashGet\flashget.exe" ["Amaze Soft"]{E2E2DD38-D088-4134-82B7-F2BA38496583}\"MenuText" = "@xpsp3res.dll,-20001""Exec" = "%windir%\Network Diagnostic\xpnetdiag.exe" [MS]{FB5F1910-F110-11D2-BB9E-00C04F795683}\"ButtonText" = "Messenger""MenuText" = "Windows Messenger""Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]Running Services (Display Name, Service Name, Path {Service DLL}):------------------------------------------------------------------PC Tools AntiVirus Engine, PCTAVSvc, ""C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe"" ["PC Tools Research Pty Ltd"]Pml Driver HPZ12, Pml Driver HPZ12, "C:\WINDOWS\system32\HPZipm12.exe" ["HP"]SoundMAX Agent Service, SoundMAX Agent Service (default), "C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe" ["Analog Devices, Inc."]Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]Print Monitors:---------------HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\HP Master Monitor\Driver = "HPBMMON.DLL" ["Hewlett-Packard"]HP Mobile Printing Monitor\Driver = "HPMPMW.DLL" ["Hewlett-Packard"]PCL hpz3l054\Driver = "hpz3l054.dll" ["Hewlett-Packard Company"]---------- (launch time: 2008-09-03 10:09:52)<<!>>: Suspicious data at a malware launch point.+ This report excludes default entries except where indicated.+ To see *everywhere* the script checks and *everything* it finds,  launch it from a command prompt or a shortcut with the -all parameter.+ To search all directories of local fixed drives for DESKTOP.INI  DLL launch points, use the -supp parameter or answer "No" at the  first message box and "Yes" at the second message box.---------- (total run time: 65 seconds, including 28 seconds for message boxes)
wojtek-pl1
komentarz
komentarz
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)O16 - DPF: {631FF594-EC25-4CFF-B869-402DF294E1D6} (Instalator oprogramowania Onet.pl) - http://slimak. onet.pl/_m/kamerzysta/OnetInstalator012s.ocx

Fix w HijackThis

//jeśli nie potrafisz nie sprawdzaj logów

//automaty są zabronione, następnym razem dostaniesz +10%

//jesiona

Mateusz J.
komentarz
komentarz

Jeśli usunąłeś wpis O16 podany przez Wojtka zostanie usunięta Kontrolka ActiveX

Jednak ona i tak się zainstaluje, także nie będziesz miał przez, to problemów.

Ogólnie logi są czyste.

Pokaż log z ComboFix.

topker
komentarz
komentarz

Oto log z ComboFixa

ComboFix 08-09-03.06 - My 2008-09-04 22:21:02.1 - NTFSx86Microsoft Windows XP Home Edition  5.1.2600.2.1250.48.1045.18.281 [GMT 2:00]Running from: C:\Documents and Settings\My\Pulpit\Combo\ComboFix.exe * Created a new restore point[b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b].(((((((((((((((((((((((((((((((((((((((   Other Deletions   ))))))))))))))))))))))))))))))))))))))))))))))))).C:\WINDOWS\system32\AdCacheC:\WINDOWS\system32\xtbn.dll.(((((((((((((((((((((((((   Files Created from 2008-08-04 to 2008-09-04  ))))))))))))))))))))))))))))))).2008-09-04 12:10 . 2008-09-04 22:23	<DIR>	d--h-----	C:\Documents and Settings\nowe\Ustawienia lokalne2008-09-04 12:10 . 2008-09-04 12:10	<DIR>	dr-------	C:\Documents and Settings\nowe\Ulubione2008-09-04 12:10 . 2006-03-04 03:58	<DIR>	d--h-----	C:\Documents and Settings\nowe\Szablony2008-09-04 12:10 . 2006-03-04 03:58	<DIR>	d--------	C:\Documents and Settings\nowe\Pulpit2008-09-04 12:10 . 2008-09-04 12:10	<DIR>	dr-------	C:\Documents and Settings\nowe\Moje dokumenty2008-09-04 12:10 . 2006-03-04 03:58	<DIR>	dr-------	C:\Documents and Settings\nowe\Menu Start2008-09-04 12:10 . 2006-03-04 03:58	<DIR>	d--------	C:\Documents and Settings\nowe\Dane aplikacji\Symantec2008-09-04 12:10 . 2006-03-04 03:58	<DIR>	d--------	C:\Documents and Settings\nowe\Dane aplikacji\Sonic2008-09-04 12:10 . 2008-09-04 12:11	<DIR>	dr-h-----	C:\Documents and Settings\nowe\Dane aplikacji2008-09-04 12:10 . 2008-09-04 12:10	<DIR>	d--------	C:\Documents and Settings\nowe2008-09-03 22:55 . 2008-09-03 22:55	<DIR>	d--------	C:\Program Files\Avira2008-09-03 22:55 . 2008-09-03 22:55	<DIR>	d--------	C:\Documents and Settings\All Users\Dane aplikacji\Avira2008-09-03 09:51 . 2008-09-03 10:08	1,453,568	--a------	C:\hijack.doc2008-09-03 09:47 . 2008-09-03 09:47	16,176	--a------	C:\Documents and Settings\Administrator\Dane aplikacji\GDIPFONTCACHEV1.DAT2008-09-02 13:20 . 2008-09-02 13:20	<DIR>	d--------	C:\Documents and Settings\Administrator\Dane aplikacji\PC Tools2008-09-02 12:17 . 2008-09-02 15:19	<DIR>	d--------	C:\Program Files\Webroot2008-09-02 12:17 . 2001-10-05 22:14	398,336	--a------	C:\WINDOWS\unflash.exe2008-09-02 12:17 . 1999-07-11 00:00	25,440	--a------	C:\WINDOWS\system32\cabsec.dll2008-09-02 12:13 . 2008-09-02 13:09	<DIR>	d--------	C:\Nowy folder2008-09-02 10:45 . 2008-09-04 21:33	1,440,054	--a------	C:\bez tytułu.bmp2008-09-01 15:56 . 2008-09-04 22:23	<DIR>	d--h-----	C:\Documents and Settings\Administrator\Ustawienia lokalne2008-09-01 15:56 . 2006-03-04 03:58	<DIR>	dr-------	C:\Documents and Settings\Administrator\Ulubione2008-09-01 15:56 . 2006-03-04 03:58	<DIR>	d--h-----	C:\Documents and Settings\Administrator\Szablony2008-09-01 15:56 . 2008-09-04 22:19	<DIR>	d--------	C:\Documents and Settings\Administrator\Pulpit2008-09-01 15:56 . 2006-03-04 03:58	<DIR>	dr-------	C:\Documents and Settings\Administrator\Moje dokumenty2008-09-01 15:56 . 2006-03-04 03:58	<DIR>	dr-------	C:\Documents and Settings\Administrator\Menu Start2008-09-01 15:56 . 2006-03-04 03:58	<DIR>	d--------	C:\Documents and Settings\Administrator\Dane aplikacji\Symantec2008-09-01 15:56 . 2006-03-04 03:58	<DIR>	d--------	C:\Documents and Settings\Administrator\Dane aplikacji\Sonic2008-09-01 15:56 . 2008-09-03 09:47	<DIR>	dr-h-----	C:\Documents and Settings\Administrator\Dane aplikacji2008-09-01 15:56 . 2008-09-01 15:56	<DIR>	d--------	C:\Documents and Settings\Administrator2008-08-29 19:17 . 2008-09-03 22:46	<DIR>	d-a------	C:\Documents and Settings\All Users\Dane aplikacji\TEMP2008-08-29 19:16 . 2008-08-29 19:16	<DIR>	d--------	C:\Program Files\Common Files\PC Tools2008-08-29 18:48 . 2008-08-29 18:48	<DIR>	d--------	C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files2008-08-25 11:17 . 2008-08-25 11:17	<DIR>	d--------	C:\Program Files\DVDVideoSoft2008-08-25 11:17 . 2008-08-25 11:21	<DIR>	d--------	C:\Program Files\Common Files\DVDVideoSoft2008-08-25 11:17 . 2008-08-25 11:17	<DIR>	d--------	C:\DVDVideoSoft2008-08-25 11:17 . 2002-01-05 15:37	344,064	--a------	C:\WINDOWS\system32\msvcr70.dll2008-08-25 10:41 . 2008-08-25 11:16	<DIR>	d--------	C:\Program Files\YouTube Video Downloader2008-08-25 10:13 . 2008-08-25 10:14	<DIR>	d--------	C:\VDownloader2008-08-25 08:51 . 2008-08-25 11:22	<DIR>	d--------	C:\Program Files\eMule2008-08-18 20:02 . 2008-08-18 20:05	<DIR>	d--------	C:\Program Files\Blobby Volley2008-08-18 16:15 . 2008-08-18 16:15	<DIR>	d--------	C:\Program Files\Simple Sudoku2008-08-18 16:15 . 2008-08-18 16:18	<DIR>	d--------	C:\Documents and Settings\My\Dane aplikacji\Simple Sudoku2008-08-15 13:58 . 2008-08-18 15:17	<DIR>	d--------	C:\Program Files\Sweet Home 3D2008-08-13 12:06 . 2008-05-01 16:33	331,776	---------	C:\WINDOWS\system32\dllcache\msadce.dll2008-08-10 14:51 . 2008-08-25 14:03	<DIR>	d--------	C:\Documents and Settings\My\Dane aplikacji\skypePM2008-08-10 14:51 . 2008-08-10 14:51	56	--ah-----	C:\WINDOWS\system32\ezsidmv.dat2008-08-10 14:40 . 2008-08-25 14:05	<DIR>	d--------	C:\Documents and Settings\My\Dane aplikacji\Skype2008-08-10 14:39 . 2008-08-10 14:39	<DIR>	d--------	C:\Program Files\Skype2008-08-10 14:39 . 2008-08-10 14:39	<DIR>	d--------	C:\Program Files\Common Files\Skype2008-08-10 14:38 . 2008-08-10 14:39	<DIR>	d--------	C:\Documents and Settings\All Users\Dane aplikacji\Skype.((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))).2008-09-02 13:15	---------	d--h--w	C:\Program Files\InstallShield Installation Information2008-09-02 12:47	---------	d-----w	C:\Program Files\Windows Media Connect2008-09-01 14:15	---------	d-----w	C:\Program Files\Google2008-09-01 14:14	---------	d-----w	C:\Program Files\DicomWorks2008-08-17 12:53	---------	d-----w	C:\Program Files\Common Files\Symantec Shared2008-08-17 12:51	---------	d-----w	C:\Documents and Settings\All Users\Dane aplikacji\Symantec2008-08-11 09:31	---------	d-----w	C:\Program Files\Instalki na Star2008-08-09 08:37	---------	d-----w	C:\Program Files\KnightsAndMerchants2008-07-29 05:49	---------	d-----w	C:\Documents and Settings\My\Dane aplikacji\iPlus2008-07-29 05:42	---------	d-----w	C:\Program Files\iPlus2008-07-18 20:10	94,920	----a-w	C:\WINDOWS\system32\dllcache\cdm.dll2008-07-18 20:10	94,920	----a-w	C:\WINDOWS\system32\cdm.dll2008-07-18 20:10	53,448	----a-w	C:\WINDOWS\system32\wuauclt.exe2008-07-18 20:10	53,448	----a-w	C:\WINDOWS\system32\dllcache\wuauclt.exe2008-07-18 20:10	45,768	----a-w	C:\WINDOWS\system32\wups2.dll2008-07-18 20:10	36,552	----a-w	C:\WINDOWS\system32\wups.dll2008-07-18 20:10	36,552	----a-w	C:\WINDOWS\system32\dllcache\wups.dll2008-07-18 20:09	563,912	----a-w	C:\WINDOWS\system32\wuapi.dll2008-07-18 20:09	563,912	----a-w	C:\WINDOWS\system32\dllcache\wuapi.dll2008-07-18 20:09	325,832	----a-w	C:\WINDOWS\system32\wucltui.dll2008-07-18 20:09	325,832	----a-w	C:\WINDOWS\system32\dllcache\wucltui.dll2008-07-18 20:09	205,000	----a-w	C:\WINDOWS\system32\wuweb.dll2008-07-18 20:09	205,000	----a-w	C:\WINDOWS\system32\dllcache\wuweb.dll2008-07-18 20:09	1,811,656	----a-w	C:\WINDOWS\system32\wuaueng.dll2008-07-18 20:09	1,811,656	----a-w	C:\WINDOWS\system32\dllcache\wuaueng.dll2008-07-12 22:56	---------	d-----w	C:\Program Files\Media Player Classic2008-07-12 22:55	---------	d-----w	C:\Program Files\Real Alternative2008-07-09 17:40	---------	d-----w	C:\Program Files\IrfanView2008-07-07 20:33	253,952	----a-w	C:\WINDOWS\system32\es.dll2008-07-07 20:33	253,952	------w	C:\WINDOWS\system32\dllcache\es.dll2008-07-05 16:23	805	----a-w	C:\WINDOWS\system32\drivers\SYMEVENT.INF2008-07-05 16:23	60,800	----a-w	C:\WINDOWS\system32\S32EVNT1.DLL2008-07-05 16:23	123,952	----a-w	C:\WINDOWS\system32\drivers\SYMEVENT.SYS2008-07-05 16:23	10,671	----a-w	C:\WINDOWS\system32\drivers\SYMEVENT.CAT2008-07-01 10:24	259,584	----a-w	C:\WINDOWS\system32\xtbaksm.dll2008-06-29 20:38	2,459,476	----a-w	C:\WINDOWS\Diablo3.scr2008-06-24 16:24	74,240	----a-w	C:\WINDOWS\system32\mscms.dll2008-06-24 16:24	74,240	------w	C:\WINDOWS\system32\dllcache\mscms.dll2008-06-24 08:42	3,592,192	----a-w	C:\WINDOWS\system32\dllcache\mshtml.dll2008-06-23 09:23	70,656	------w	C:\WINDOWS\system32\dllcache\ie4uinit.exe2008-06-23 09:23	625,664	------w	C:\WINDOWS\system32\dllcache\iexplore.exe2008-06-23 09:20	13,824	------w	C:\WINDOWS\system32\dllcache\ieudinit.exe2008-06-21 05:23	161,792	------w	C:\WINDOWS\system32\dllcache\ieakui.dll2008-06-20 17:42	246,784	----a-w	C:\WINDOWS\system32\mswsock.dll2008-06-20 17:42	246,784	------w	C:\WINDOWS\system32\dllcache\mswsock.dll2008-06-20 17:42	148,992	----a-w	C:\WINDOWS\system32\dllcache\dnsapi.dll2008-06-20 10:45	360,320	----a-w	C:\WINDOWS\system32\dllcache\tcpip.sys2008-06-20 10:44	138,368	------w	C:\WINDOWS\system32\dllcache\afd.sys2008-06-20 09:52	225,920	----a-w	C:\WINDOWS\system32\dllcache\tcpip6.sys2008-06-14 18:01	273,024	------w	C:\WINDOWS\system32\dllcache\bthport.sys2008-06-13 12:45	579,464	----a-w	C:\WINDOWS\system32\SymNeti.dll2008-06-13 12:45	207,240	----a-w	C:\WINDOWS\system32\SymRedir.dll2008-05-26 10:52	16,176	----a-w	C:\Documents and Settings\My\Dane aplikacji\GDIPFONTCACHEV1.DAT.(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Desktop Architect"="C:\Program Files\Desktop Architect\datray.exe" [2001-05-07 53248]"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2004-08-22 81920]"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 15360][HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]"DisableMonitoring"=dword:00000001[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]"DisableMonitoring"=dword:00000001[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]"DisableMonitoring"=dword:00000001[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\mmc.exe"=[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]"80:TCP"= 80:TCP:80S3 GTIPCI21;GTIPCI21;C:\WINDOWS\system32\DRIVERS\gtipci21.sys [2004-05-03 80384]S3 SEM43XX;Sony Ericsson 802.11 sterownik sieciowego adaptera SEM43XX;C:\WINDOWS\system32\DRIVERS\semwl5.sys [2008-06-06 368896]S3 SEMWModem;Sony Ericsson SEMWModem;C:\WINDOWS\system32\DRIVERS\GCXX.sys [2008-06-06 114944]S3 SEMWWNIC;Sony Ericsson SEMWWNIC;C:\WINDOWS\system32\DRIVERS\GCXXNet.sys [2008-06-06 53248]S3 Sony_EricssonWWSC;Sony Ericsson SIM Card Reader;C:\WINDOWS\system32\DRIVERS\GCXXSC.sys [2008-06-06 21888]S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2005-08-30 58320]S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2005-08-30 8304]S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2005-08-30 94000]S3 Usblink;Usblink Driver;C:\WINDOWS\system32\Drivers\ulink.sys [ ]*Newly Created Service* - CATCHME*Newly Created Service* - PROCEXP90..------- Supplementary Scan -------.FireFox -: Profile - C:\Documents and Settings\My\Dane aplikacji\Mozilla\Firefox\Profiles\k21ubmgs.default\FireFox -: prefs.js - STARTUP.HOMEPAGE - www.onet.plFF -: plugin - C:\Program Files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dllFF -: plugin - C:\Program Files\Java\jre1.5.0\bin\NPJava11.dllFF -: plugin - C:\Program Files\Java\jre1.5.0\bin\NPJava12.dllFF -: plugin - C:\Program Files\Java\jre1.5.0\bin\NPJava13.dllFF -: plugin - C:\Program Files\Java\jre1.5.0\bin\NPJava14.dllFF -: plugin - C:\Program Files\Java\jre1.5.0\bin\NPJava32.dllFF -: plugin - C:\Program Files\Java\jre1.5.0\bin\NPJPI150.dllFF -: plugin - C:\Program Files\Java\jre1.5.0\bin\NPOJI610.dll.**************************************************************************catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2008-09-04 22:24:14Windows 5.1.2600 Dodatek Service Pack 2 NTFSscanning hidden processes ... scanning hidden autostart entries ...scanning hidden files ... scan completed successfullyhidden files: 0**************************************************************************.Completion time: 2008-09-04 22:25:58ComboFix-quarantined-files.txt  2008-09-04 20:25:55Pre-Run: 11,869,007,872 bajtów wolnychPost-Run: 12,254,887,936 bajtów wolnych186	--- E O F ---	2008-08-16 17:38:49
Mateusz J.
komentarz
komentarz

Log czysty.

Usuń c:\QooBox

Przeskanuj komputer skanerem online (np.Kaspersky)

topker
komentarz
komentarz

Kasper znalazł NetTool.win32.scan.g

- usunąć plik zainfekowany?

(C:\System Volume Information\_restore{BB8C678F-EB43-45F5-84EE-5DEF188F2BDA}\RP2.a0000071.exe)

- co do winsockfix'a to tylko mi zresetował ustawienia :blink: i narobił problemu bo ich zapomniałem i musiałem kombinować jakie to były... :D

//nie używaj kolorów, są one zarezerwowane dla rangistów

//zamiast koloru wstawiam tag code

//jesiona

Gość
komentarz
komentarz

Usuń.

topker
komentarz
komentarz

I....

Nic... - nie pomogło!!

Czy tego nie da się zrobić?

nie da się sprawdzić czy te porty są faktycznie zablokowane, a jeśli tak to nie można ręcznie (albo jakimś programem) tego zmienić - odblokować.

///dzięki Jesiona///

///to moje pierwsze forum...///

Gość
komentarz
komentarz

Zobacz czy masz zamknięte porty za pomocą --> Windows Worms Doors Cleaner (niżej na stronie linku)..

Ustaw znaczki na zielono, Netbios może być na żółto.

Po użyciu narzędzia wymagany jest restart.

Przeskanuj obszar swojego komputera http://www.kaspersky.pl/virusscanner.html (uruchom przez IE) Daj raport z niego na forum.

topker
komentarz
komentarz

Ale ulga!!

Zrobilem... Dzięki za wszystkie podpowiedzi i porady. Co prawda nic konkretnego nie pomogło, choć może wszystko po trochu też :lol:

Robiłem porządek regcleanerem i wpadł mi w oczy pewien wpis ...Symantec... Norton internet security

Po prostu wszedłem w rejestr( stwierdziłem, że musi być to jakiś program który instalowałem lub odinstalowywałem) i wywaliłem wszystko co miało jakąś wartość Symantec.

Może naraże się fachowcom albo "wielkim" tego świata ale już kilka krotnie programy
z grupy norton pokopały mi coś w komputerze - nawet po dezinstalacji zostaje pełno
tego g... jedyny norton jaki był bezproblemowy to Norton Commander pod DOSa
:D

Zresetowałem i ... jak niby nigdy nic internet hula!!!

Dzięki wszystkim za zaangażowanie !!!

Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!

Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.

×
×
  • Dodaj nową pozycję...

Powiadomienie o plikach cookie

Strona wykorzystuje pliki cookies w celu prawidłowego świadczenia usług i wygody użytkowników. Warunki przechowywania i dostępu do plików cookies możesz zmienić w ustawieniach przeglądarki.