Sprawdzenie loga stronki sie nie wczytuja

przez **VampirLord** » 11 Wrz 2007, 21:47

[obrazek nie jest już dostępny]

LOG

Kod: Zaznacz wszystko: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:44:02, on 2007-09-11 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Kaspersky Anti-Virus 6.0\avp.exe C:\Program Files\BitSpirit\BitSpirit.exe C:\Program Files\Kalendarz XP\Kalendarz.exe C:\Program Files\Kaspersky Anti-Virus 6.0\avp.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Gadu-Gadu\gg.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Kaspersky Anti-Virus 6.0\avp.exe C:\Program Files\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/ O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Anti-Virus 6.0\avp.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [CBitSpirit] "C:\Program Files\BitSpirit\BitSpirit.exe" /start O4 - Global Startup: Kalendarz XP.lnk = C:\Program Files\Kalendarz XP\Kalendarz.exe O8 - Extra context menu item: Pobierz z &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Anti-Virus 6.0\avp.exe O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe -- End of file - 2435 bytes

czemu taki krotki bo fixnelem troche rzeczy

przez **LucaS** » 11 Wrz 2007, 22:03

log czysty

Może masz proxy ustawione ?
Tylko na FF tak masz?

przez **slake1** » 11 Wrz 2007, 22:08

Pokaż log z Silent Runners i ComboFix.

przez **pavko89** » 11 Wrz 2007, 22:09

to chyba wina tego toolbara megaupload sprobuj go odinstalowac i przeczyscic system

przez **buzu** » 11 Wrz 2007, 22:31

Jakie stronki ci się nie wczytują?Wszystkie czy tylko niektóre.
Może problem z cache.
Spróbuj Start>>uruchom..cmd>>ok .wpisz ipconfig /flushdns
Powinno wyskoczyć: Pomyśłnie opróżniono pamięć podręczną programu rozpoznawania nazw DNS.
Zobacz czy pomogło.Jak nie to będziemy myśleć dalej.
Zakładam,że przeskanowałeś kompa pod kontem syfu i z aktualizacjami i zabezpieczeniami jesteś na bieżąco.

przez **VampirLord** » 11 Wrz 2007, 22:41

tylko na FF tez tak myslalem chyba przez megauploada

Noris jak zwylke combo+silent

all prucz Norisa PLISIK

przez **buzu** » 11 Wrz 2007, 22:54

A może coś na rootkity? może Gmer :roll:

Jak iść to na całość.Silent+combo+gmer i jeszcze raz HJT.
Ale najpierw restart.(koniecznie miękki).

przez **VampirLord** » 11 Wrz 2007, 23:01

dobra bo to nie wina MEGAUPLOAD TOOLABAR

nawet w instalki forum mi to wyskakuje :((

HELP

GMER 1.0.13.12551 - http://www.gmer.net
Rootkit scan 2007-09-11 23:12:01
Windows 5.1.2600 Dodatek Service Pack 2

Device \FileSystem\Ntfs \Ntfs IRP_MJ_READ 89C46F58

AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE [ABF79F80] klif.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_NAMED_PIPE [ABF79F80] klif.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE [ABF79F80] klif.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_READ [ABF79F80] klif.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE [ABF79F80] klif.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION [ABF79F80] klif.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION [ABF79F80] klif.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA [ABF79F80] klif.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA [ABF79F80] klif.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS [ABF79F80] klif.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION [ABF79F80] klif.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION [ABF79F80] klif.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL [ABF79F80] klif.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL [ABF79F80] klif.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL [ABF79F80] klif.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_INTERNAL_DEVICE_CONTROL [ABF79F80] klif.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN [ABF79F80] klif.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL [ABF79F80] klif.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP [ABF79F80] klif.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_MAILSLOT [ABF79F80] klif.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY [ABF79F80] klif.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY [ABF79F80] klif.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_POWER [ABF79D90] klif.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SYSTEM_CONTROL [ABF79F80] klif.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CHANGE [ABF79F80] klif.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA [ABF79F80] klif.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA [ABF79F80] klif.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CREATE [BA57A0F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CREATE_NAMED_PIPE [BA57A0F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CLOSE [BA57A0F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_READ [BA57A0F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_WRITE [BA57A0F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_INFORMATION [BA57A0F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_INFORMATION [BA57A0F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_EA [BA57A0F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_EA [BA57A0F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_FLUSH_BUFFERS [BA57A0F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_VOLUME_INFORMATION [BA57A0F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_VOLUME_INFORMATION [BA57A0F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_DIRECTORY_CONTROL [BA57A0F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_FILE_SYSTEM_CONTROL [BA57A0F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CONTROL [BA57A0F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_INTERNAL_DEVICE_CONTROL [BA57A0F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SHUTDOWN [BA57A0F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_LOCK_CONTROL [BA57A0F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CLEANUP [BA57A0F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CREATE_MAILSLOT [BA57A0F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_SECURITY [BA57A0F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_SECURITY [BA57A0F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_POWER [BA57A0F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SYSTEM_CONTROL [BA57A0F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CHANGE [BA57A0F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_QUOTA [BA57A0F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_QUOTA [BA57A0F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE [BA57A0F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE_NAMED_PIPE [BA57A0F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CLOSE [BA57A0F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_READ [BA57A0F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_WRITE [BA57A0F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_INFORMATION [BA57A0F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_INFORMATION [BA57A0F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_EA [BA57A0F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_EA [BA57A0F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_FLUSH_BUFFERS [BA57A0F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_VOLUME_INFORMATION [BA57A0F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_VOLUME_INFORMATION [BA57A0F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_DIRECTORY_CONTROL [BA57A0F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_FILE_SYSTEM_CONTROL [BA57A0F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CONTROL [BA57A0F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_INTERNAL_DEVICE_CONTROL [BA57A0F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SHUTDOWN [BA57A0F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_LOCK_CONTROL [BA57A0F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CLEANUP [BA57A0F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE_MAILSLOT [BA57A0F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_SECURITY [BA57A0F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_SECURITY [BA57A0F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_POWER [BA57A0F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SYSTEM_CONTROL [BA57A0F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CHANGE [BA57A0F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_QUOTA [BA57A0F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_QUOTA [BA57A0F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CREATE [BA57A0F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CREATE_NAMED_PIPE [BA57A0F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CLOSE [BA57A0F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_READ [BA57A0F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_WRITE [BA57A0F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_INFORMATION [BA57A0F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_INFORMATION [BA57A0F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_EA [BA57A0F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_EA [BA57A0F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_FLUSH_BUFFERS [BA57A0F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_VOLUME_INFORMATION [BA57A0F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_VOLUME_INFORMATION [BA57A0F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_DIRECTORY_CONTROL [BA57A0F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_FILE_SYSTEM_CONTROL [BA57A0F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_DEVICE_CONTROL [BA57A0F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_INTERNAL_DEVICE_CONTROL [BA57A0F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SHUTDOWN [BA57A0F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_LOCK_CONTROL [BA57A0F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CLEANUP [BA57A0F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CREATE_MAILSLOT [BA57A0F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_SECURITY [BA57A0F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_SECURITY [BA57A0F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_POWER [BA57A0F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SYSTEM_CONTROL [BA57A0F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_DEVICE_CHANGE [BA57A0F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_QUOTA [BA57A0F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_QUOTA [BA57A0F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE [BA57A0F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE_NAMED_PIPE [BA57A0F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CLOSE [BA57A0F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_READ [BA57A0F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_WRITE [BA57A0F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_INFORMATION [BA57A0F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_INFORMATION [BA57A0F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_EA [BA57A0F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_EA [BA57A0F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_FLUSH_BUFFERS [BA57A0F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_VOLUME_INFORMATION [BA57A0F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_VOLUME_INFORMATION [BA57A0F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_DIRECTORY_CONTROL [BA57A0F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_FILE_SYSTEM_CONTROL [BA57A0F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_DEVICE_CONTROL [BA57A0F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_INTERNAL_DEVICE_CONTROL [BA57A0F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SHUTDOWN [BA57A0F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_LOCK_CONTROL [BA57A0F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CLEANUP [BA57A0F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE_MAILSLOT [BA57A0F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_SECURITY [BA57A0F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_SECURITY [BA57A0F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_POWER [BA57A0F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SYSTEM_CONTROL [BA57A0F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_DEVICE_CHANGE [BA57A0F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_QUOTA [BA57A0F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_QUOTA [BA57A0F0] kl1.sys

---- Modules - GMER 1.0.13 ----

Module _________ BA6E3000-BA6FB000 (98304 bytes)

---- Threads - GMER 1.0.13 ----

Thread 4:144 899C9B40
Thread 4:148 899C9B40
Thread 4:152 8991F0A0
Thread 4:156 8991F0A0
Thread 4:160 8991F0A0
Thread 4:456 899C9B40
Thread 4:600 899C9B40

---- EOF - GMER 1.0.13 ----

silent i combo nie moge dac jakies bledy mi wyskakuja

przez **buzu** » 11 Wrz 2007, 23:22

buzu napisał(a):Jakie stronki ci się nie wczytują?Wszystkie czy tylko niektóre.
Może problem z cache.
Spróbuj Start>>uruchom..cmd>>ok .wpisz ipconfig /flushdns
Powinno wyskoczyć: Pomyśłnie opróżniono pamięć podręczną programu rozpoznawania nazw DNS.
Zobacz czy pomogło.Jak nie to będziemy myśleć dalej.
Zakładam,że przeskanowałeś kompa pod kontem syfu i z aktualizacjami i zabezpieczeniami jesteś na bieżąco.

Próbowałeś??

przez **VampirLord** » 11 Wrz 2007, 23:27

aktaulizacja na bierzaco ORYGINALNY XP SP2 professional

spayware

skanowanie w trakcie SPY BOT SERACH AND DESTROY

czysto

wczesniej mailem ad aware 2007

kaspersky skanowanei calego kompa czysto

mks skaner online caly komp czysto

"Silent Runners.vbs", revision 52, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"

Startup items buried in registry:
---------------------------------

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"AVP" = ""C:\Program Files\Kaspersky Anti-Virus 6.0\avp.exe"" ["Kaspersky Lab"]
"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]
"CBitSpirit" = ""C:\Program Files\BitSpirit\BitSpirit.exe" /start" ["LANSPIRIT.NET"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"

{HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"

{HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"

{HKLM...CLSID} = "DesktopContext Class"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"

{HKLM...CLSID} = "NVIDIA CPL Extension"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"

{HKLM...CLSID} = "Desktop Explorer"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"

{HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"

{HKLM...CLSID} = "nView Desktop Context Menu"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{85E0B171-04FA-11D1-B7DA-00A0C90348D6}" = "Statystyki ochrony WWW"

{HKLM...CLSID} = "Statystyki ochrony WWW"
\InProcServer32\(Default) = "C:\Program Files\Kaspersky Anti-Virus 6.0\scieplugin.dll" ["Kaspersky Lab"]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"

{HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
"{4858E7D9-8E12-45a3-B6A3-1CD128C9D403}" = "TuneUp Shredder Shell Extension"

{HKLM...CLSID} = "TuneUp Shredder Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\TuneUp Utilities 2007\SDShelEx-win32.dll" ["TuneUp Software GmbH"]
"{44440D00-FF19-4AFC-B765-9A0970567D97}" = "TuneUp Theme Extension"

{HKLM...CLSID} = "TuneUp Theme Extension"
\InProcServer32\(Default) = "C:\WINDOWS\System32\uxtuneup.dll" ["TuneUp Software GmbH"]
"{32020A01-506E-484D-A2A8-BE3CF17601C3}" = "AlcoholShellEx"

{HKLM...CLSID} = "AlcoholShellEx"
\InProcServer32\(Default) = "C:\PROGRA~1\ALCOHO~1\ALCOHO~1\AXShlEx.dll" ["Alcohol Soft Development Team"]

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
<<!>> klogon\DLLName = "C:\WINDOWS\system32\klogon.dll" ["Kaspersky Lab"]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
Kaspersky Anti-Virus\(Default) = "{dd230880-495a-11d1-b064-008048ec2fc5}"

{HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Kaspersky Anti-Virus 6.0\ShellEx.dll" ["Kaspersky Lab"]
MagicISO\(Default) = "{DB85C504-C730-49DD-BEC1-7B39C6103B7A}"

{HKLM...CLSID} = "MShellExtMenu Class"
\InProcServer32\(Default) = "C:\Program Files\MagicISO\misosh.dll" ["MagicISO, Inc."]
TuneUp Shredder Shell Extension\(Default) = "{4858E7D9-8E12-45a3-B6A3-1CD128C9D403}"

{HKLM...CLSID} = "TuneUp Shredder Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\TuneUp Utilities 2007\SDShelEx-win32.dll" ["TuneUp Software GmbH"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

{HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
MagicISO\(Default) = "{DB85C504-C730-49DD-BEC1-7B39C6103B7A}"

{HKLM...CLSID} = "MShellExtMenu Class"
\InProcServer32\(Default) = "C:\Program Files\MagicISO\misosh.dll" ["MagicISO, Inc."]
TuneUp Shredder Shell Extension\(Default) = "{4858E7D9-8E12-45a3-B6A3-1CD128C9D403}"

{HKLM...CLSID} = "TuneUp Shredder Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\TuneUp Utilities 2007\SDShelEx-win32.dll" ["TuneUp Software GmbH"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

{HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
Kaspersky Anti-Virus\(Default) = "{dd230880-495a-11d1-b064-008048ec2fc5}"

{HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Kaspersky Anti-Virus 6.0\ShellEx.dll" ["Kaspersky Lab"]
MagicISO\(Default) = "{DB85C504-C730-49DD-BEC1-7B39C6103B7A}"

{HKLM...CLSID} = "MShellExtMenu Class"
\InProcServer32\(Default) = "C:\Program Files\MagicISO\misosh.dll" ["MagicISO, Inc."]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

{HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------

Note: detected settings may not have any effect.

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\

"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}

"undockwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}

Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\VampirLord\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"

Startup items in "VampirLord" & "All Users" startup folders:
------------------------------------------------------------

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart
"Kalendarz XP"

shortcut to: "C:\Program Files\Kalendarz XP\Kalendarz.exe" [null data]

Enabled Scheduled Tasks:
------------------------

"1-Click Maintenance"

launches: "C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe /schedulestart" ["TuneUp Software GmbH"]

Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 04, 07 - 18
%SystemRoot%\system32\rsvpsp.dll [MS], 05 - 06

Toolbars, Explorer Bars, Extensions:
------------------------------------

Explorer Bars

HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\

HKLM\Software\Classes\CLSID\{03C1C47F-0538-4645-8372-D3109B9FC636}\(Default) = "Easy-WebPrint"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\Program Files\Canon\Easy-WebPrint\Toolband.dll" [null data]

HKLM\Software\Classes\CLSID\{85E0B171-04FA-11D1-B7DA-00A0C90348D6}\(Default) = "Statystyki ochrony WWW"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\Program Files\Kaspersky Anti-Virus 6.0\scieplugin.dll" ["Kaspersky Lab"]

Miscellaneous IE Hijack Points
------------------------------

HKLM\Software\Microsoft\Internet Explorer\AboutURLs\
<<H>> "TuneUp" = "file://C|/Documents and Settings/All Users/Dane aplikacji/TuneUp Software/Common/base.css" [file not found]
<<H>> "Tabs" = "res://ieframe.dll/tabswelcome.htm" [file not found]

Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

Kaspersky Anti-Virus 6.0, AVP, ""C:\Program Files\Kaspersky Anti-Virus 6.0\avp.exe" -r" ["Kaspersky Lab"]
Logitech Process Monitor, LVPrcSrv, "c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe" ["Logitech Inc."]
NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"]
StarWind iSCSI Service, StarWindService, "C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe" ["Rocket Division Software"]
TuneUp Theme Extension, UxTuneUp, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\uxtuneup.dll" ["TuneUp Software GmbH"]}

Print Monitors:
---------------

HKLM\System\CurrentControlSet\Control\Print\Monitors\
Canon BJ Language Monitor MP510\Driver = "CNMLM85.DLL" ["CANON INC."]

---------- (launch time: 2007-09-12 01:03:22)
<<!>>: Suspicious data at a malware launch point.
<<H>>: Suspicious data at a browser hijack point.

+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
took 12 seconds.
---------- (total run time: 38 seconds)

Combo Fix dam narazie nei moge bo jakies bledy :((

przez **slake1** » 12 Wrz 2007, 07:09

W logach nic takiego złego nie widzę.

Pokaż log z ComboFix, a jeżeli pojawi się jakiś błąd, podaj jego treść.

VampirLord napisał(a):Noris jak zwylke combo+silent

Jak nie, to walę z pół obrotu

przez **VampirLord** » 12 Wrz 2007, 20:49

[obrazek nie jest już dostępny]
[obrazek nie jest już dostępny]
[obrazek nie jest już dostępny]

po probie skaun ComboFixem

komputer sie zamulil

zresertowalem i po resecie kompletyny DEAD nie dziala komputer nic nie moge robic muszka sie nie rusza nie reaguje na zadne komendy

a mowilem ze ComboFix jest BE

ktos pomoze daje duzo plusow !!

nie moge backupowac bo mam na c 40GB filmow

przez **buzu** » 12 Wrz 2007, 21:57

Wywal dziada .Chodzi o drwtsn32.
HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows NT/Current Version/Ae Debug.
edycja>>usuń
Ale wpierw spróbuj Start>>uruchom>>drwtsn32>>ok poodhaczaj zaptaszenia może wystarczy.Jak nie wywal klucz.

Updejt :wink:

Proponuję jeszcze sprawdzić ilość wolnego miejsca na dysku,plik wymiany,wyłączyć zbędne/niepotrzebne usługi,automatyczne aktualizacje,harmonogramy itd.
Najlepiej zrób screna okna z usługami i zarzuć powiemy co wyłączyć ,co ew.włączyć a co olać.O ustawianiu priorytetów procesów nie wspomnę.
No i czyszczenie rejestru .Ja używam RegSupreme od lat i jest ok.
Co tu jeszcze :roll:

jak masz jakieś optymalizatory systemu / RAM to zapakuj to wszystko i wyślij w kosmos.

przez **VampirLord** » 12 Wrz 2007, 23:51

buzu wez na gg do mnie lepiej

zrobie z tym dr jak mowiles

co do rejestru uzywam regsupreme and SPy Bot Edrwtsn32Searh and Destroy

co do procesow hmm mozesz cos doradzic zawsze sie to przyda noi nagrodze pochwalka

2 sprawa zrobilem z tymi stronkami cos sie popsulow w firefoxie wywalilem calego

i stronki dzialaja juz GOOD

a co do systemu to buzu ten trick z Dr podzialal komp sprawny w 100%

danke

jak mogla byc przyczyna takich bledow ???

bo virow zero nie chodze po stronach typu ero czyli duzo hackerow/virow

przez **slake1** » 13 Wrz 2007, 14:15

VampirLord napisał(a):a mowilem ze ComboFix jest BE

Zapewne użyłeś jego poprzedniej wersji, w której były poważne błędy w kodzie i mogło dojść do uszkodzenia systemu. Jednak ComboFix został poprawiony i można już z niego śmiało korzystać

ComboFix

Sprawdzenie loga stronki sie nie wczytuja

Sprawdzenie loga stronki sie nie wczytuja

Kto jest na forum