Duże pingi


(system) #1

Witajcie od wczoraj mam problemy z netem... tzn. pingi powyżej 2000-3000.. mam internet kablowy i nie miałem ostatnio takich problemów. Rozmawiałem z adminem neta i mówił, że u nich wszystko jest ok kazał mi zainstalować na nowo system. Robiłem skany anty wirusami etc. ale to nie pomogło, poniżej przedstawiam logi hijackthis i silent:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)

Scan saved at 11:43:50 , on 2007-01-04

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

Boot mode: Normal


Running processes:

C:\WINX\System32\smss.exe

C:\WINX\system32\winlogon.exe

C:\WINX\system32\services.exe

C:\WINX\system32\lsass.exe

C:\WINX\system32\svchost.exe

C:\WINX\System32\svchost.exe

C:\WINX\system32\spoolsv.exe

C:\WINX\Explorer.EXE

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

C:\WINX\system32\PnkBstrA.exe

C:\WINX\system32\wscntfy.exe

C:\Program Files\Winampx\winampa.exe

C:\Program Files\Gadu-Gadu\gg.exe

C:\Program Files\HLSWvvvv\hlsw.exe

C:\Program Files\mIRC3\mirc.exe

D:\Program Files\Mozilla Firefox\firefox.exe

C:\WINX\system32\NOTEPAD.EXE

C:\WINX\system32\NOTEPAD.EXE

C:\HiJackThis_v2.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.bearshare.com/pl/

O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShxe\BearShare.exe" /pause

O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winampx\winampa.exe"

O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.pl/resources/virusscanner/kavwebscan_unicode.cab

O16 - DPF: {3D8700FB-86A4-4CB4-B738-6F0FC016AC7D} (MainControl Class) - http://arcaonline.arcabit.com/ArcaOnline.cab

O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab

O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5199/mcfscan.cab

O20 - AppInit_DLLs: C:\WINX\system32\sol629.txt

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINX\system32\PnkBstrA.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe


--

End of file - 2542 bytes

"Silent Runners.vbs", revision 55, http://www.silentrunners.org/

Operating System: Windows XP SP2

Output limited to non-default values, except where indicated by "{++}"



Startup items buried in registry:

---------------------------------


HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}

"Gadu-Gadu" = ""C:\Program Files\Gadu-Gadu\gg.exe" /tray" ["Gadu-Gadu Sp. z oo"]


HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}

"BearShare" = ""C:\Program Files\BearShxe\BearShare.exe" /pause" ["Free Peers, Inc."]

"WinampAgent" = ""C:\Program Files\Winampx\winampa.exe"" [null data]


HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"

  -> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"

                   \InProcServer32\(Default) = "deskpan.dll" [file not found]

"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"

  -> {HKLM...CLSID} = "HyperTerminal Icon Ext"

                   \InProcServer32\(Default) = "C:\WINX\system32\hticons.dll" ["Hilgraeve, Inc."]

"{3028902F-6374-48b2-8DC6-9725E775B926}" = "IE Microsoft AutoComplete"

  -> {HKLM...CLSID} = "IE Microsoft AutoComplete"

                   \InProcServer32\(Default) = "C:\WINX\system32\browseui.dll" [MS]

"{EFA24E62-B078-11d0-89E4-00C04FC9E26E}" = "History Band"

  -> {HKLM...CLSID} = "History Band"

                   \InProcServer32\(Default) = "C:\WINX\system32\shdocvw.dll" [MS]

"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Eksplorator pulpitów"

  -> {HKLM...CLSID} = "Eksplorator pulpitów"

                   \InProcServer32\(Default) = "C:\WINX\system32\nvshell.dll" ["NVIDIA Corporation"]

"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"

  -> {HKLM...CLSID} = (no title provided)

                   \InProcServer32\(Default) = "C:\WINX\system32\nvshell.dll" ["NVIDIA Corporation"]

"{4858E7D9-8E12-45a3-B6A3-1CD128C9D403}" = "TuneUp Shredder Shell Extension"

  -> {HKLM...CLSID} = "TuneUp Shredder Shell Extension"

                   \InProcServer32\(Default) = "C:\Program Files\TuneUp Utilities 2007\SDShelEx-win32.dll" ["TuneUp Software GmbH"]

"{44440D00-FF19-4AFC-B765-9A0970567D97}" = "TuneUp Theme Extension"

  -> {HKLM...CLSID} = "TuneUp Theme Extension"

                   \InProcServer32\(Default) = "C:\WINX\System32\uxtuneup.dll" ["TuneUp Software GmbH"]

"{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Shell Extension"

  -> {HKLM...CLSID} = "AVG7 Shell Extension Class"

                   \InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG7\avgse.dll" ["GRISOFT, s.r.o."]

"{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Find Extension"

  -> {HKLM...CLSID} = "AVG7 Find Extension Class"

                   \InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG7\avgse.dll" ["GRISOFT, s.r.o."]

"{453D1B6D-BD6A-4FA1-B876-9E4DD848D434}" = "AQQ File Transfer Shell Extension"

  -> {HKLM...CLSID} = "AQQ File Transfer Shell Extension"

                   \InProcServer32\(Default) = "C:\PROGRA~1\WapSter\AQQ\System\AQQSHE~1.DLL" [null data]

"{46E22146-59C0-4136-9233-FB7720E777B2}" = "EzCddax extension"

  -> {HKLM...CLSID} = "EzCddax Class"

                   \InProcServer32\(Default) = "C:\Program Files\Easy CD-DA Extractor 10\ezcddax10.dll" [null data]

"{fc181130-05a0-11d6-8140-000102e745a6}" = "Mój P910i"

  -> {HKLM...CLSID} = "Mój P910i"

                   \InProcServer32\(Default) = "C:\Program Files\Sony Ericsson\Mobile\auexpext.dll" ["Teleca Software Solutions AB"]

"{967B2D40-8B7D-4127-9049-61EA0C2C6DCE}" = "PowerISO"

  -> {HKLM...CLSID} = "PowerISO"

                   \InProcServer32\(Default) = "C:\Program Files\PowerISO\PWRISOSH.DLL" ["PowerISO Computing, Inc."]

"{CA5FEE26-14C1-4B5A-86E9-233FC0EE2682}" = "IZArc DragDrop Menu"

  -> {HKLM...CLSID} = "IZArc DragDrop Menu"

                   \InProcServer32\(Default) = "C:\PROGRA~1\IZArc\IZArcCM.dll" [null data]

"{8D9D4D0D-FDDD-44CB-AAB2-6161FA0757C5}" = "IZArc Shell Context Menu"

  -> {HKLM...CLSID} = "IZArc Shell Context Menu"

                   \InProcServer32\(Default) = "C:\PROGRA~1\IZArc\IZArcCM.dll" [null data]

"{B28C18DB-6816-4F31-9630-397683E3C2C3}" = "Filzip Shell Extension"

  -> {HKLM...CLSID} = "Filzip Shell Extension"

                   \InProcServer32\(Default) = "C:\PROGRA~1\Filzip\fzshext.dll" [empty string]

"{C78B6135-F3EA-11D2-94A1-00E0292A01E3}" = "Shell Extension for Altap Salamander 2.5"

  -> {HKLM...CLSID} = "Shell Extension for Altap Salamander 2.5"

                   \InProcServer32\(Default) = "C:\Program Files\Altap Salamander 2.5\plugins\salamext.dll" ["ALTAP"]

"{8FF88D21-7BD0-11D1-BFB7-00AA00262A11}" = "WinAce Archiver 2.11 Context Menu Shell Extension"

  -> {HKLM...CLSID} = "WinAceContext Menu Extension"

                   \InProcServer32\(Default) = "C:\Program Files\WinAce\arcext.dll" ["e-merge GmbH"]

"{8FF88D25-7BD0-11D1-BFB7-00AA00262A11}" = "WinAce Archiver 2.11 DragDrop Shell Extension"

  -> {HKLM...CLSID} = "WinAceDrag-Drop Extension"

                   \InProcServer32\(Default) = "C:\Program Files\WinAce\arcext.dll" ["e-merge GmbH"]

"{8FF88D27-7BD0-11D1-BFB7-00AA00262A11}" = "WinAce Archiver 2.11 Context Menu Shell Extension"

  -> {HKLM...CLSID} = "WinAceContext Menu (Add) Extension"

                   \InProcServer32\(Default) = "C:\Program Files\WinAce\arcext.dll" ["e-merge GmbH"]

"{8FF88D23-7BD0-11D1-BFB7-00AA00262A11}" = "WinAce Archiver 2.11 Property Sheet Shell Extension"

  -> {HKLM...CLSID} = "WinAceProperty Sheet Extension"

                   \InProcServer32\(Default) = "C:\Program Files\WinAce\arcext.dll" ["e-merge GmbH"]

"{C91DBB77-D23C-4EC3-91B7-4E7FF914B194}" = "Windows CE Cabinet Extensions"

  -> {HKLM...CLSID} = "Windows CE Cabinet Shell Extension"

                   \InProcServer32\(Default) = "C:\Program Files\Common Files\OCP Software\CeCabShellExt.dll" ["OCP Software, Inc."]

"{709C6E11-538F-4759-86AC-6ACB302AA0DE}" = "Desktop Manager"

  -> {HKLM...CLSID} = "Desktop Manager"

                   \InProcServer32\(Default) = "C:\WINX\system32\msvdm.dll" [null data]

"{472083B0-C522-11CF-8763-00608CC02F24}" = "avast"

  -> {HKLM...CLSID} = "avast"

                   \InProcServer32\(Default) = "d:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]


HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\

<> "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}" = "ewido anti-spyware 4.0"

  -> {HKLM...CLSID} = "CShellExecuteHookImpl Object"

                   \InProcServer32\(Default) = "C:\Program Files\ewido anti-spyware 4.0\shellexecutehook.dll" ["Anti-Malware Development a.s."]


HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\

"WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

  -> {HKLM...CLSID} = "WPDShServiceObj Class"

                   \InProcServer32\(Default) = "C:\WINX\system32\WPDShServiceObj.dll" [MS]


HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Aedebug\

<> "Debugger" = ""C:\WINX\system32\vsjitdebugger.exe" -p %ld -e %ld" [MS]

"Auto" = "1"


HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\

<> "AppInit_DLLs" = "C:\WINX\system32\sol629.txt" [file not found]


HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\

<> "BootExecute" = "autocheck autochk *"|"lsdelete" [null data]


HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\

{C91DBB77-D23C-4EC3-91B7-4E7FF914B194}\(Default) = "CAB file column extension"

  -> {HKLM...CLSID} = "Windows CE Cabinet Shell Extension"

                   \InProcServer32\(Default) = "C:\Program Files\Common Files\OCP Software\CeCabShellExt.dll" ["OCP Software, Inc."]

{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"

  -> {HKLM...CLSID} = "PDF Shell Extension"

                   \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]


HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\

AQQFileTransfer\(Default) = "{453D1B6D-BD6A-4FA1-B876-9E4DD848D434}"

  -> {HKLM...CLSID} = "AQQ File Transfer Shell Extension"

                   \InProcServer32\(Default) = "C:\PROGRA~1\WapSter\AQQ\System\AQQSHE~1.DLL" [null data]

avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"

  -> {HKLM...CLSID} = "avast"

                   \InProcServer32\(Default) = "d:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]

AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"

  -> {HKLM...CLSID} = "AVG7 Shell Extension Class"

                   \InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG7\avgse.dll" ["GRISOFT, s.r.o."]

ewido anti-spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"

  -> {HKLM...CLSID} = "CContextScan Object"

                   \InProcServer32\(Default) = "C:\Program Files\ewido anti-spyware 4.0\context.dll" ["Anti-Malware Development a.s."]

EzCddax\(Default) = "{46E22146-59C0-4136-9233-FB7720E777B2}"

  -> {HKLM...CLSID} = "EzCddax Class"

                   \InProcServer32\(Default) = "C:\Program Files\Easy CD-DA Extractor 10\ezcddax10.dll" [null data]

Filzip\(Default) = "{B28C18DB-6816-4F31-9630-397683E3C2C3}"

  -> {HKLM...CLSID} = "Filzip Shell Extension"

                   \InProcServer32\(Default) = "C:\PROGRA~1\Filzip\fzshext.dll" [empty string]

IZArcCM\(Default) = "{8D9D4D0D-FDDD-44CB-AAB2-6161FA0757C5}"

  -> {HKLM...CLSID} = "IZArc Shell Context Menu"

                   \InProcServer32\(Default) = "C:\PROGRA~1\IZArc\IZArcCM.dll" [null data]

MyPhoneExplorer\(Default) = "{6863F1C7-E13A-481E-BF9C-5C8F01AF74E5}"

  -> {HKLM...CLSID} = "MyPhoneExplorer_ShellEx.ShellExt"

                   \InProcServer32\(Default) = "C:\Program Files\MyPhoneExplorer\DLL\ShellMgr.dll" ["F.J. Wechselberger"]

PCTAVShellExtension\(Default) = "{AEEAEC2D-7EE9-4C66-937C-80BF8B03FD54}"

  -> {HKLM...CLSID} = "PCTAVShlExt Class"

                   \InProcServer32\(Default) = "C:\Program Files\PC Tools AntiVirus\PCTAVShellExtension.dll" ["PC Tools Research Pty Ltd"]

PowerISO\(Default) = "{967B2D40-8B7D-4127-9049-61EA0C2C6DCE}"

  -> {HKLM...CLSID} = "PowerISO"

                   \InProcServer32\(Default) = "C:\Program Files\PowerISO\PWRISOSH.DLL" ["PowerISO Computing, Inc."]

TuneUp Shredder Shell Extension\(Default) = "{4858E7D9-8E12-45a3-B6A3-1CD128C9D403}"

  -> {HKLM...CLSID} = "TuneUp Shredder Shell Extension"

                   \InProcServer32\(Default) = "C:\Program Files\TuneUp Utilities 2007\SDShelEx-win32.dll" ["TuneUp Software GmbH"]

TurboZIP5\(Default) = "{F3802420-0C3F-11d2-961D-00600895E4DF}"

  -> {HKLM...CLSID} = "TurboZIP5 Shell Extension"

                   \InProcServer32\(Default) = "C:\Program Files\TurboZIP\tzipext.dll" ["FileStream, Inc.®"]

ZFAdd\(Default) = "{8FF88D27-7BD0-11D1-BFB7-00AA00262A11}"

  -> {HKLM...CLSID} = "WinAceContext Menu (Add) Extension"

                   \InProcServer32\(Default) = "C:\Program Files\WinAce\arcext.dll" ["e-merge GmbH"]


HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\

ewido anti-spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"

  -> {HKLM...CLSID} = "CContextScan Object"

                   \InProcServer32\(Default) = "C:\Program Files\ewido anti-spyware 4.0\context.dll" ["Anti-Malware Development a.s."]

IZArcCM\(Default) = "{8D9D4D0D-FDDD-44CB-AAB2-6161FA0757C5}"

  -> {HKLM...CLSID} = "IZArc Shell Context Menu"

                   \InProcServer32\(Default) = "C:\PROGRA~1\IZArc\IZArcCM.dll" [null data]

PCTAVShellExtension\(Default) = "{AEEAEC2D-7EE9-4C66-937C-80BF8B03FD54}"

  -> {HKLM...CLSID} = "PCTAVShlExt Class"

                   \InProcServer32\(Default) = "C:\Program Files\PC Tools AntiVirus\PCTAVShellExtension.dll" ["PC Tools Research Pty Ltd"]

PowerISO\(Default) = "{967B2D40-8B7D-4127-9049-61EA0C2C6DCE}"

  -> {HKLM...CLSID} = "PowerISO"

                   \InProcServer32\(Default) = "C:\Program Files\PowerISO\PWRISOSH.DLL" ["PowerISO Computing, Inc."]

TuneUp Shredder Shell Extension\(Default) = "{4858E7D9-8E12-45a3-B6A3-1CD128C9D403}"

  -> {HKLM...CLSID} = "TuneUp Shredder Shell Extension"

                   \InProcServer32\(Default) = "C:\Program Files\TuneUp Utilities 2007\SDShelEx-win32.dll" ["TuneUp Software GmbH"]

TurboZIP5\(Default) = "{F3802420-0C3F-11d2-961D-00600895E4DF}"

  -> {HKLM...CLSID} = "TurboZIP5 Shell Extension"

                   \InProcServer32\(Default) = "C:\Program Files\TurboZIP\tzipext.dll" ["FileStream, Inc.®"]

ZFAdd\(Default) = "{8FF88D27-7BD0-11D1-BFB7-00AA00262A11}"

  -> {HKLM...CLSID} = "WinAceContext Menu (Add) Extension"

                   \InProcServer32\(Default) = "C:\Program Files\WinAce\arcext.dll" ["e-merge GmbH"]


HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\

avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"

  -> {HKLM...CLSID} = "avast"

                   \InProcServer32\(Default) = "d:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]

AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"

  -> {HKLM...CLSID} = "AVG7 Shell Extension Class"

                   \InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG7\avgse.dll" ["GRISOFT, s.r.o."]

Filzip\(Default) = "{B28C18DB-6816-4F31-9630-397683E3C2C3}"

  -> {HKLM...CLSID} = "Filzip Shell Extension"

                   \InProcServer32\(Default) = "C:\PROGRA~1\Filzip\fzshext.dll" [empty string]

PowerISO\(Default) = "{967B2D40-8B7D-4127-9049-61EA0C2C6DCE}"

  -> {HKLM...CLSID} = "PowerISO"

                   \InProcServer32\(Default) = "C:\Program Files\PowerISO\PWRISOSH.DLL" ["PowerISO Computing, Inc."]

TurboZIP5\(Default) = "{F3802420-0C3F-11d2-961D-00600895E4DF}"

  -> {HKLM...CLSID} = "TurboZIP5 Shell Extension"

                   \InProcServer32\(Default) = "C:\Program Files\TurboZIP\tzipext.dll" ["FileStream, Inc.®"]



Group Policies {GPedit.msc branch and setting}:

-----------------------------------------------


Note: detected settings may not have any effect.


HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\


"NoWindowsUpdate" = (REG_DWORD) dword:0x00000001

{User Configuration|Administrative Templates|Start Menu and Taskbar|

Remove links and access to Windows Update}


HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\


"DisableRegistryTools" = (REG_DWORD) dword:0x00000000

{User Configuration|Administrative Templates|System|

Prevent access to registry editing tools}


"DisableTaskMgr" = (REG_DWORD) dword:0x00000000

{User Configuration|Administrative Templates|System|Ctrl+Alt+Del Options|

Remove Task Manager}


HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\


"shutdownwithoutlogon" = (REG_DWORD) dword:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

Shutdown: Allow system to be shut down without having to log on}


"undockwithoutlogon" = (REG_DWORD) dword:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

Devices: Allow undock without having to log on}



Active Desktop and Wallpaper:

-----------------------------


Active Desktop may be disabled at this entry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState


Displayed if Active Desktop enabled and wallpaper not set by Group Policy:

HKCU\Software\Microsoft\Internet Explorer\Desktop\General\

"Wallpaper" = "C:\WINX\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"


Displayed if Active Desktop disabled and wallpaper not set by Group Policy:

HKCU\Control Panel\Desktop\

"Wallpaper" = "C:\Documents and Settings\mariusz\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"



Enabled Screen Saver:

---------------------


HKCU\Control Panel\Desktop\

"SCRNSAVE.EXE" = "C:\WINX\system32\logon.scr" [MS]



Enabled Scheduled Tasks:

------------------------


"1-Click Maintenance" -> launches: "C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe /schedulestart" ["TuneUp Software GmbH"]



Winsock2 Service Provider DLLs:

-------------------------------


Namespace Service Providers


HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}

000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]

000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]


Transport Service Providers


HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}

0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:

%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 15

%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05



Toolbars, Explorer Bars, Extensions:

------------------------------------


Toolbars


HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\

"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"

  -> {HKLM...CLSID} = "&Google"

                   \InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" [file not found]

"{4C4E7CDB-5BFC-4D74-83E2-8AE659B7EDA2}"

  -> {HKLM...CLSID} = "Alcohol Toolbar"

                   \InProcServer32\(Default) = "C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll" [null data]

"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"

  -> {HKLM...CLSID} = "Yahoo! Toolbar"

                   \InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll" [file not found]

"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"

  -> {HKLM...CLSID} = "Winamp Toolbar"

                   \InProcServer32\(Default) = "C:\Program Files\Winamp Toolbar\winamptb.dll" [file not found]



Miscellaneous IE Hijack Points

------------------------------


HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\

<> "TuneUp" = "file://C|/Documents and Settings/All Users.WINX/Dane aplikacji/TuneUp Software/Common/base.css" [file not found]



Running Services (Display Name, Service Name, Path {Service DLL}):

------------------------------------------------------------------


AVG E-mail Scanner, AVGEMS, "C:\PROGRA~1\Grisoft\AVG7\avgemc.exe" ["GRISOFT, s.r.o."]

AVG7 Alert Manager Server, Avg7Alrt, "C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe" ["GRISOFT, s.r.o."]

AVG7 Update Service, Avg7UpdSvc, "C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe" ["GRISOFT, s.r.o."]

PnkBstrA, PnkBstrA, "C:\WINX\system32\PnkBstrA.exe" [null data]

TuneUp Theme Extension, UxTuneUp, "C:\WINX\System32\svchost.exe -k netsvcs" {"C:\WINX\System32\uxtuneup.dll" ["TuneUp Software GmbH"]}



---------- (launch time: 2007-01-04 23:34:30)

<>: Suspicious data at a malware launch point.

<>: Suspicious data at a browser hijack point.


+ This report excludes default entries except where indicated.

+ To see *everywhere* the script checks and *everything* it finds,

  launch it from a command prompt or a shortcut with the -all parameter.

+ The search for DESKTOP.INI DLL launch points on all local fixed drives

  took 279 seconds.

---------- (total run time: 421 seconds)

Czekam na szybką odpowiedź.


(Gutek) #2
O20 - AppInit_DLLs: C:\WINX\system32\sol629.txt

usuń wpis HJT

Daj log z ComboFix

Zmiana zasad wklejania logów na forum - viewtopic.php?f=16&t=213350


(system) #3

Usunełem wpis, a oto log z combo http://wklej.org/id/22068b4f17


(Gutek) #4

Combo usunął co miał usunąć - jest lepiej?


(system) #5

Było do wczoraj. Dziś włączam kompa i wróciło jak było:/. Chciałbym dodać, że koledzy którzy mają ten sam net maja wszystko dobrze i dobre pingi.


(Gutek) #6

Pobierz program SDFix

-