Problem z połączeniem (ftp, steam, itd...)

Dla specjalistów Bezpieczeństwo
#1

Witam. wczoraj bawiłem sie w o/c i niestety okazło się, że na moich pamieciach za daleko nie zajadę ^^ więc przywróciłem ustawienie domyślne biosu. i od tego momentu w połączeniu sieciowym pokazało mi sie nowe urzadzenie (1394, karta sieciowa 1394), niemoge połączyć się z serverami ftp, nie mogą się wbic na steama, nie mogą sciągać upadate dla spybota ;/

wrzucam logi:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 18:59:09, on 2007-11-15

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal


Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

C:\WINDOWS\system32\svchost.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\vsnpstd.exe

C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\VIA\RAID\raid_tool.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe

D:\Trend Micro\HijackThis\HijackThis.exe


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.bearshare.com/sidebar.html?src=ssb

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.bearshare.com/sidebar.html?src=ssb

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Idea2 SidebarBrowserMonitor Class - {45AD732C-2CE2-4666-B366-B2214AD57A49} - D:\Desktop Sidebar\sbhelp.dll

O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll

O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp

O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [NVRTCLK] C:\WINDOWS\system32\NVRTCLK\NVRTClk.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Gadu-Gadu] "D:\Program Files\Gadu-Gadu\gg.exe" /tray

O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll

O9 - Extra button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - D:\Desktop Sidebar\sbhelp.dll

O9 - Extra 'Tools' menuitem: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - D:\Desktop Sidebar\sbhelp.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://217.91.32.85:9033/activex/AMC.cab

O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe


-- 

End of file - 6398 bytes

"Silent Runners.vbs", revision 52, http://www.silentrunners.org/

Operating System: Windows XP SP2

Output limited to non-default values, except where indicated by "{++}"



Startup items buried in registry:

---------------------------------


HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}

"CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS]

"Gadu-Gadu" = ""D:\Program Files\Gadu-Gadu\gg.exe" /tray" ["Gadu-Gadu S.A."]

"SpybotSD TeaTimer" = "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" ["Safer Networking Limited"]


HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}

"avast!" = "C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" ["ALWIL Software"]

"Tweak UI" = "RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp" [MS]

"SoundMan" = "SOUNDMAN.EXE" ["Realtek Semiconductor Corp."]

"NVRTCLK" = "C:\WINDOWS\system32\NVRTCLK\NVRTClk.exe" [empty string]

"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]

"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]

"NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit" [MS]

"snpstd" = "C:\WINDOWS\vsnpstd.exe" [empty string]

"SunJavaUpdateSched" = ""C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"" ["Sun Microsystems, Inc."]

"KernelFaultCheck" = "C:\WINDOWS\system32\dumprep 0 -k"


HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)

  -> {HKLM...CLSID} = "Adobe PDF Reader Link Helper"

                   \InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]

{45AD732C-2CE2-4666-B366-B2214AD57A49}\(Default) = "Idea2 SidebarBrowserMonitor Class"

  -> {HKLM...CLSID} = "Idea2 SidebarBrowserMonitor Class"

                   \InProcServer32\(Default) = "D:\Desktop Sidebar\sbhelp.dll" ["Idea2"]

{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}\(Default) = (no title provided)

  -> {HKLM...CLSID} = "Megaupload Toolbar"

                   \InProcServer32\(Default) = "C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL" ["MEGAUPLOAD "]

{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)

  -> {HKLM...CLSID} = "Spybot-S&D IE Protection"

                   \InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)

  -> {HKLM...CLSID} = "SSVHelper Class"

                   \InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll" ["Sun Microsystems, Inc."]


HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"

  -> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"

                   \InProcServer32\(Default) = "deskpan.dll" [file not found]

"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"

  -> {HKLM...CLSID} = "HyperTerminal Icon Ext"

                   \InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]

"{472083B0-C522-11CF-8763-00608CC02F24}" = "avast"

  -> {HKLM...CLSID} = "avast"

                   \InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]

"{23170F69-40C1-278A-1000-000100020000}" = "7-Zip Shell Extension"

  -> {HKLM...CLSID} = "7-Zip Shell Extension"

                   \InProcServer32\(Default) = "D:\7-Zip\7-zip.dll" ["Igor Pavlov"]

"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"

  -> {HKLM...CLSID} = "RealOne Player Context Menu Class"

                   \InProcServer32\(Default) = "D:\ACE Mega CoDecS Pack\SystemS\RealMedia\rpshell.dll" ["RealNetworks, Inc."]

"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"

  -> {HKLM...CLSID} = "DesktopContext Class"

                   \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]

"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"

  -> {HKLM...CLSID} = "NVIDIA CPL Extension"

                   \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]

"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"

  -> {HKLM...CLSID} = "Desktop Explorer"

                   \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]

"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"

  -> {HKLM...CLSID} = (no title provided)

                   \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]

"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"

  -> {HKLM...CLSID} = "nView Desktop Context Menu"

                   \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]

"{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" = "OpenOffice.org Column Handler"

  -> {HKLM...CLSID} = (no title provided)

                   \InProcServer32\(Default) = ""C:\Program Files\OpenOffice.org 2.1\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]

"{087B3AE3-E237-4467-B8DB-5A38AB959AC9}" = "OpenOffice.org Infotip Handler"

  -> {HKLM...CLSID} = (no title provided)

                   \InProcServer32\(Default) = ""C:\Program Files\OpenOffice.org 2.1\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]

"{63542C48-9552-494A-84F7-73AA6A7C99C1}" = "OpenOffice.org Property Sheet Handler"

  -> {HKLM...CLSID} = (no title provided)

                   \InProcServer32\(Default) = ""C:\Program Files\OpenOffice.org 2.1\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]

"{3B092F0C-7696-40E3-A80F-68D74DA84210}" = "OpenOffice.org Thumbnail Viewer"

  -> {HKLM...CLSID} = (no title provided)

                   \InProcServer32\(Default) = ""C:\Program Files\OpenOffice.org 2.1\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]

"{F2185E5D-720E-4956-90D9-75F6AC141575}" = "Idea2 SidebarIconHandler Class"

  -> {HKLM...CLSID} = "SidebarIconHandler Class"

                   \InProcServer32\(Default) = "D:\Desktop Sidebar\sbhelp.dll" ["Idea2"]

"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

"{fc181130-05a0-11d6-8140-000102e745a6}" = "Mój P910i"

  -> {HKLM...CLSID} = "Mój P910i"

                   \InProcServer32\(Default) = "C:\Program Files\Sony Ericsson\Mobile\auexpext.dll" ["Teleca Software Solutions AB"]

"{967B2D40-8B7D-4127-9049-61EA0C2C6DCE}" = "PowerISO"

  -> {HKLM...CLSID} = "PowerISO"

                   \InProcServer32\(Default) = "C:\Program Files\PowerISO\PWRISOSH.DLL" ["PowerISO Computing, Inc."]


HKLM\Software\Classes\Folder\shellex\ColumnHandlers\

{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\(Default) = "OpenOffice.org Column Handler"

  -> {HKLM...CLSID} = (no title provided)

                   \InProcServer32\(Default) = ""C:\Program Files\OpenOffice.org 2.1\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]

{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"

  -> {HKLM...CLSID} = "PDF Shell Extension"

                   \InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]


HKLM\Software\Classes\*\shellex\ContextMenuHandlers\

7-Zip\(Default) = "{23170F69-40C1-278A-1000-000100020000}"

  -> {HKLM...CLSID} = "7-Zip Shell Extension"

                   \InProcServer32\(Default) = "D:\7-Zip\7-zip.dll" ["Igor Pavlov"]

avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"

  -> {HKLM...CLSID} = "avast"

                   \InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]

PowerISO\(Default) = "{967B2D40-8B7D-4127-9049-61EA0C2C6DCE}"

  -> {HKLM...CLSID} = "PowerISO"

                   \InProcServer32\(Default) = "C:\Program Files\PowerISO\PWRISOSH.DLL" ["PowerISO Computing, Inc."]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]


HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\

7-Zip\(Default) = "{23170F69-40C1-278A-1000-000100020000}"

  -> {HKLM...CLSID} = "7-Zip Shell Extension"

                   \InProcServer32\(Default) = "D:\7-Zip\7-zip.dll" ["Igor Pavlov"]

PowerISO\(Default) = "{967B2D40-8B7D-4127-9049-61EA0C2C6DCE}"

  -> {HKLM...CLSID} = "PowerISO"

                   \InProcServer32\(Default) = "C:\Program Files\PowerISO\PWRISOSH.DLL" ["PowerISO Computing, Inc."]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]


HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\

avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"

  -> {HKLM...CLSID} = "avast"

                   \InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]

PowerISO\(Default) = "{967B2D40-8B7D-4127-9049-61EA0C2C6DCE}"

  -> {HKLM...CLSID} = "PowerISO"

                   \InProcServer32\(Default) = "C:\Program Files\PowerISO\PWRISOSH.DLL" ["PowerISO Computing, Inc."]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]



Group Policies {GPedit.msc branch and setting}:

-----------------------------------------------


Note: detected settings may not have any effect.


HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\


"NoLowDiskSpaceChecks" = (REG_DWORD) hex:0x00000001

{unrecognized setting}


HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\


"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

Shutdown: Allow system to be shut down without having to log on}


"undockwithoutlogon" = (REG_DWORD) hex:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

Devices: Allow undock without having to log on}



Active Desktop and Wallpaper:

-----------------------------


Active Desktop may be disabled at this entry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState


Displayed if Active Desktop enabled and wallpaper not set by Group Policy:

HKCU\Software\Microsoft\Internet Explorer\Desktop\General\

"Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"


Displayed if Active Desktop disabled and wallpaper not set by Group Policy:

HKCU\Control Panel\Desktop\

"Wallpaper" = "C:\Documents and Settings\Paweł\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"



Enabled Screen Saver:

---------------------


HKCU\Control Panel\Desktop\

"SCRNSAVE.EXE" = "C:\WINDOWS\system32\ssstars.scr" [MS]



Startup items in "Paweł" & "All Users" startup folders:

-------------------------------------------------------


C:\Documents and Settings\All Users\Menu Start\Programy\Autostart

"Adobe Gamma Loader" -> shortcut to: "C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe" ["Adobe Systems, Inc."]

"Adobe Reader Speed Launch" -> shortcut to: "C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe" ["Adobe Systems Incorporated"]

"VIA RAID TOOL" -> shortcut to: "C:\Program Files\VIA\RAID\raid_tool.exe" ["VIA"]



Winsock2 Service Provider DLLs:

-------------------------------


Namespace Service Providers


HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}

000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]

000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]


Transport Service Providers


HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}

0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:

%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 17

%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05



Toolbars, Explorer Bars, Extensions:

------------------------------------


Toolbars


HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\

"{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}"

  -> {HKLM...CLSID} = "Megaupload Toolbar"

                   \InProcServer32\(Default) = "C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL" ["MEGAUPLOAD "]


HKLM\Software\Microsoft\Internet Explorer\Toolbar\

"{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}" = (no title provided)

  -> {HKLM...CLSID} = "Megaupload Toolbar"

                   \InProcServer32\(Default) = "C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL" ["MEGAUPLOAD "]


Extensions (Tools menu items, main toolbar menu buttons)


HKLM\Software\Microsoft\Internet Explorer\Extensions\

{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\

"MenuText" = "Sun Java Console"

"CLSIDExtension" = "{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBC}"

  -> {HKCU...CLSID} = "Java Plug-in 1.5.0_11"

                   \InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll" ["Sun Microsystems, Inc."]

  -> {HKLM...CLSID} = "Java Plug-in 1.5.0_11"

                   \InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_11\bin\npjpi150_11.dll" ["Sun Microsystems, Inc."]


{09FE188B-6E85-479E-9411-51FB2220DF80}\

"ButtonText" = "Subscribe in Desktop Sidebar"

"MenuText" = "Subscribe in Desktop Sidebar"

"CLSIDExtension" = "{45AD732C-2CE2-4666-B366-B2214AD57A49}"

  -> {HKLM...CLSID} = "Idea2 SidebarBrowserMonitor Class"

                   \InProcServer32\(Default) = "D:\Desktop Sidebar\sbhelp.dll" ["Idea2"]


{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}\

"MenuText" = "Spybot - Search & Destroy Configuration"

"CLSIDExtension" = "{53707962-6F74-2D53-2644-206D7942484F}"

  -> {HKLM...CLSID} = "Spybot-S&D IE Protection"

                   \InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]



Miscellaneous IE Hijack Points

------------------------------


HKLM\Software\Microsoft\Internet Explorer\AboutURLs\

<> "Tabs" = "C:\Documents and Settings\Paweł\Dane aplikacji\MEGAUPLOADTOOLBAR\tabwelcome.html" [null data]



Running Services (Display Name, Service Name, Path {Service DLL}):

------------------------------------------------------------------


avast! Antivirus, avast! Antivirus, ""C:\Program Files\Alwil Software\Avast4\ashServ.exe"" ["ALWIL Software"]

avast! iAVS4 Control Service, aswUpdSv, ""C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"" ["ALWIL Software"]

avast! Mail Scanner, avast! Mail Scanner, ""C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service" ["ALWIL Software"]

avast! Web Scanner, avast! Web Scanner, ""C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service" ["ALWIL Software"]

NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"]

StarWind AE Service, StarWindServiceAE, "C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe" ["Rocket Division Software"]

TrueVector Internet Monitor, vsmon, "C:\WINDOWS\system32\ZoneLabs\vsmon.exe -service" ["Zone Labs, LLC"]

Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]



---------- (launch time: 2007-11-15 19:01:14)

<>: Suspicious data at a browser hijack point.


+ This report excludes default entries except where indicated.

+ To see *everywhere* the script checks and *everything* it finds,

  launch it from a command prompt or a shortcut with the -all parameter.

+ To search all directories of local fixed drives for DESKTOP.INI

  DLL launch points, use the -supp parameter or answer "No" at the

  first message box and "Yes" at the second message box.

---------- (total run time: 122 seconds, including 3 seconds for message boxes)
#2

usuń wpisy HJT

Daj log z ComboFix

Zastosuj się do tego Tematu i zmień tytuł tematu na konkretny inaczej KOSZ

Pozdrawiam Gutek2222

#3 
ComboFix 07-11-08.1 - Paweł 2007-11-15 20:16:06.1 - NTFSx86
#4

Log ok, na koniec jeszcze:

Pobierz program SDFix

#5 
System Report

*************


Run on 2007-11-15 at 21:21


Microsoft Windows XP [Wersja 5.1.2600]


Current user is an administrator


Running Processes:


\SystemRoot\System32\smss.exe [536]

\??\C:\WINDOWS\system32\csrss.exe [608]

\??\C:\WINDOWS\system32\winlogon.exe [636]

C:\WINDOWS\system32\services.exe [680]

C:\WINDOWS\system32\lsass.exe [692]

C:\WINDOWS\system32\svchost.exe [844]

C:\WINDOWS\system32\svchost.exe [900]

C:\WINDOWS\System32\svchost.exe [964]

C:\WINDOWS\system32\svchost.exe [1008]

C:\WINDOWS\system32\svchost.exe [1052]

C:\WINDOWS\system32\ZoneLabs\vsmon.exe [1088]

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [1296]

C:\Program Files\Alwil Software\Avast4\ashServ.exe [1356]

C:\WINDOWS\system32\spoolsv.exe [1520]

C:\WINDOWS\system32\nvsvc32.exe [1724]

C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [1860]

C:\WINDOWS\system32\svchost.exe [1872]

C:\WINDOWS\system32\wdfmgr.exe [1904]

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [852]

C:\WINDOWS\Explorer.EXE [952]

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [1000]

C:\WINDOWS\System32\alg.exe [2024]

C:\WINDOWS\system32\wscntfy.exe [2092]

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2560]

C:\WINDOWS\SOUNDMAN.EXE [2576]

C:\WINDOWS\vsnpstd.exe [2796]

C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe [2832]

C:\WINDOWS\system32\ctfmon.exe [2840]

D:\Program Files\Gadu-Gadu\gg.exe [2852]

C:\WINDOWS\system32\rundll32.exe [2860]

C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [2880]

C:\Program Files\VIA\RAID\raid_tool.exe [2912]

C:\WINDOWS\system32\wuauclt.exe [2952]

C:\WINDOWS\system32\wbem\wmiprvse.exe [3100]

C:\WINDOWS\system32\wuauclt.exe [3216]



Files Created/Modified - 60 Days :



C:\


R´eŠÂ»˙˙ą ş˙˙Í!ZYX.‹].ŽECC,€&×_[ĂP.€Ő“€.€&Ő“ý.Š<+t

<-u - 1250,

 2007-11-15 21:09:52 354 ..SH. "C:\boot.ini"

 2007-11-15 20:22:00 7 556 A.... "C:\ComboFix.txt"

 2007-11-15 21:18:50 536 399 872 A.SH. "C:\hiberfil.sys"

 2007-11-15 21:18:50 805 306 368 A.SH. "C:\pagefile.sys"



C:\WINDOWS\


 2007-11-15 21:19:16 0 A.... "C:\WINDOWS\0.log"

 2007-11-15 21:18:52 2 048 A.S.. "C:\WINDOWS\bootstat.dat"

 2007-10-29 18:56:20 136 192 A.... "C:\WINDOWS\catchme.exe"

 2007-11-01 13:25:46 39 152 A.... "C:\WINDOWS\cFosSpeed_Setup_Log.txt"

 2007-10-06 14:16:18 7 492 A.... "C:\WINDOWS\DirectX.log"

 2007-11-15 21:05:52 1 817 A.... "C:\WINDOWS\KB933360.log"

 2007-11-15 21:21:02 2 762 A.... "C:\WINDOWS\KB938127.log"

 2007-11-15 21:21:24 2 631 A.... "C:\WINDOWS\KB941202.log"

 2007-10-14 19:31:38 364 A.... "C:\WINDOWS\mplaynow.log"

 2007-10-27 17:31:42 49 A.... "C:\WINDOWS\NeroDigital.ini"

 2007-11-15 19:49:06 262 A.... "C:\WINDOWS\nsw.log"

 2007-11-15 21:13:02 421 322 A.... "C:\WINDOWS\ntbtlog.txt"

 2007-10-18 18:52:52 1 409 A.... "C:\WINDOWS\QTFont.for"

 2007-10-23 19:36:00 54 156 A..H. "C:\WINDOWS\QTFont.qfn"

 2007-09-30 12:16:26 27 997 A.... "C:\WINDOWS\scunin.dat"

 2007-09-30 12:16:24 94 208 A.... "C:\WINDOWS\ScUnin.exe"

 2007-09-30 12:16:24 967 A.... "C:\WINDOWS\ScUnin.pif"

 2007-11-15 21:05:52 657 454 A.... "C:\WINDOWS\setupapi.log"

 2007-11-15 21:09:52 1 427 A.... "C:\WINDOWS\system.ini"

 2007-11-15 21:19:12 159 A.... "C:\WINDOWS\wiadebug.log"

 2007-11-15 21:19:08 50 A.... "C:\WINDOWS\wiaservc.log"

 2007-11-15 21:09:52 498 A.... "C:\WINDOWS\win.ini"

 2007-11-15 21:21:22 1 065 046 A.... "C:\WINDOWS\WindowsUpdate.log"



C:\WINDOWS\system\




C:\WINDOWS\system32\




C:\WINDOWS\system32\drivers\


 2007-10-04 20:16:46 25 544 A.... "C:\WINDOWS\system32\drivers\hamachi.sys"

 2007-09-26 20:45:16 685 816 A.... "C:\WINDOWS\system32\drivers\sptd.sys"



C:\WINDOWS\system32\dllcache\




C:\Program Files\


 2007-09-23 19:07:12 78 506 A.... "C:\Program Files\BitComet\uninst.exe"

 2007-10-26 7:55:30 13 688 A.... "C:\Program Files\Mozilla Firefox\AccessibleMarshal.dll"

 2007-10-26 7:55:30 7 649 128 A.... "C:\Program Files\Mozilla Firefox\firefox.exe"

 2007-10-26 2:09:56 200 829 A.... "C:\Program Files\Mozilla Firefox\freebl3.dll"

 2007-10-26 7:55:30 456 032 A.... "C:\Program Files\Mozilla Firefox\js3250.dll"

 2007-10-26 7:55:30 161 128 A.... "C:\Program Files\Mozilla Firefox\nspr4.dll"

 2007-10-26 7:55:32 378 208 A.... "C:\Program Files\Mozilla Firefox\nss3.dll"

 2007-10-26 7:55:32 271 720 A.... "C:\Program Files\Mozilla Firefox\nssckbi.dll"

 2007-10-26 7:55:32 34 160 A.... "C:\Program Files\Mozilla Firefox\plc4.dll"

 2007-10-26 7:55:32 30 056 A.... "C:\Program Files\Mozilla Firefox\plds4.dll"

 2007-10-26 7:55:32 111 968 A.... "C:\Program Files\Mozilla Firefox\smime3.dll"

 2007-10-26 2:09:56 254 060 A.... "C:\Program Files\Mozilla Firefox\softokn3.dll"

 2007-10-26 7:55:32 132 448 A.... "C:\Program Files\Mozilla Firefox\ssl3.dll"

 2007-10-26 7:55:32 131 968 A.... "C:\Program Files\Mozilla Firefox\updater.exe"

 2007-10-26 5:01:20 725 A.... "C:\Program Files\Mozilla Firefox\updater.ini"

 2007-10-26 7:55:32 13 152 A.... "C:\Program Files\Mozilla Firefox\xpcom.dll"

 2007-10-26 7:55:32 73 584 A.... "C:\Program Files\Mozilla Firefox\xpcom_compat.dll"

 2007-10-26 7:55:32 421 736 A.... "C:\Program Files\Mozilla Firefox\xpcom_core.dll"

 2007-10-26 7:55:32 73 072 A.... "C:\Program Files\Mozilla Firefox\xpicleanup.exe"

 2007-10-26 7:55:32 12 136 A.... "C:\Program Files\Mozilla Firefox\xpistub.dll"

 2007-09-29 10:48:12 39 895 A.... "C:\Program Files\PowerISO\uninstall.exe"

 2007-11-14 15:00:40 176 A.... "C:\Program Files\Prime95\local.ini"

 2007-11-14 15:19:40 93 A.... "C:\Program Files\Prime95\prime.ini"

 2007-11-15 18:58:56 19 995 A.... "C:\Program Files\Spybot - Search & Destroy\unins000.dat"

 2007-11-15 18:57:40 691 623 A.... "C:\Program Files\Spybot - Search & Destroy\unins000.exe"

 2007-09-23 20:21:14 92 149 A.... "C:\Program Files\TVTool\uninstall.exe"

 2007-09-26 20:52:50 186 993 A.... "C:\Program Files\Alcohol Soft\Alcohol 120\uninst.exe"

 2007-09-29 10:55:30 39 564 A.... "C:\Program Files\BitComet\rules\dhtnodes.dat"

 2007-10-05 16:53:52 107 512 A.... "C:\Program Files\InstallShield Installation Information\{2987EE84-C4EE-4FF5-8160-32DE00D6ABC6}\setup.exe"

 2007-10-05 16:54:26 482 A.... "C:\Program Files\InstallShield Installation Information\{2987EE84-C4EE-4FF5-8160-32DE00D6ABC6}\setup.ini"

 2007-10-05 16:53:54 147 456 A.... "C:\Program Files\InstallShield Installation Information\{2987EE84-C4EE-4FF5-8160-32DE00D6ABC6}\_setup.dll"

 2007-11-15 19:27:12 638 A.... "C:\Program Files\InstallShield Installation Information\{94FB906A-CF42-4128-A509-D353026A607E}\Setup.ini"

 2007-10-06 14:12:52 496 A.... "C:\Program Files\InstallShield Installation Information\{BEC72604-5B27-4C6B-B136-F98EF4C46F5B}\setup.ini"

 2007-10-06 14:12:08 344 064 A.... "C:\Program Files\InstallShield Installation Information\{BEC72604-5B27-4C6B-B136-F98EF4C46F5B}\_setup.dll"

 2007-10-26 7:55:32 66 408 A.... "C:\Program Files\Mozilla Firefox\components\jar50.dll"

 2007-10-26 7:55:32 54 112 A.... "C:\Program Files\Mozilla Firefox\components\jsd3250.dll"

 2007-10-26 7:55:32 34 688 A.... "C:\Program Files\Mozilla Firefox\components\myspell.dll"

 2007-10-26 7:55:32 46 456 A.... "C:\Program Files\Mozilla Firefox\components\spellchk.dll"

 2007-10-26 7:55:32 171 880 A.... "C:\Program Files\Mozilla Firefox\components\xpinstal.dll"

 2007-10-26 7:55:32 22 400 A.... "C:\Program Files\Mozilla Firefox\plugins\npnul32.dll"

 2007-10-26 7:55:30 451 208 A.... "C:\Program Files\Mozilla Firefox\uninstall\helper.exe"

 2008-12-24 18:23:20 121 344 A.... "C:\Program Files\Spybot - Search & Destroy\Plugins\TCPIPAddress.dll"

 2007-11-15 18:58:56 2 019 A.... "C:\Program Files\Spybot - Search & Destroy\Updates\downloaded.ini"

 2007-11-15 21:01:40 0 A.... "C:\Program Files\Spybot - Search & Destroy\Updates\online.ini"

 2007-11-15 21:19:46 10 360 A.... "C:\Program Files\Alwil Software\Avast4\DATA\avast4.ini"

 2007-11-15 21:19:00 391 216 A.... "C:\Program Files\Alwil Software\Avast4\DATA\clnr0.dll"

 2007-11-15 21:19:00 236 856 A.... "C:\Program Files\Alwil Software\Avast4\DATA\dllcc0.dat"

 2007-11-15 21:19:00 9 080 A.... "C:\Program Files\Alwil Software\Avast4\DATA\exts0.dll"

 2007-09-23 12:51:40 90 160 A.... "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll"

 2007-11-15 21:19:06 1 305 A.... "C:\Program Files\Alwil Software\Avast4\Setup\setup.ini"

 2007-09-23 19:11:40 1 130 673 A.... "C:\Program Files\BitComet\Downloads\TVTool.v9.6.4.Incl.Keygen-ORiON\o-tvt964.zip"

 2007-09-30 18:02:54 3 132 A.... "C:\Program Files\Common Files\DirectX\DirectInput\User Maps\PAWEX0142X_KLAWIATURAX_0.INI"

 2007-09-30 18:02:54 692 A.... "C:\Program Files\Common Files\DirectX\DirectInput\User Maps\PAWEX0142X_MYSZX_0.INI"

 2007-09-30 18:03:04 5 517 A.... "C:\Program Files\Common Files\DirectX\DirectInput\User Maps\X_KLAWIATURAX_0.INI"

 2007-09-30 18:03:04 715 A.... "C:\Program Files\Common Files\DirectX\DirectInput\User Maps\X_MYSZX_0.INI"

 2007-10-26 7:55:32 99 576 A.... "C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org\components\BrandRes.dll"

 2007-10-26 7:55:32 156 280 A.... "C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org\components\fullsoft.dll"

 2007-10-26 2:09:56 3 323 A.... "C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org\components\master.ini"

 2007-10-26 7:55:32 14 192 A.... "C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org\components\qfaservices.dll"

 2007-10-26 7:55:32 406 776 A.... "C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org\components\talkback.exe"

 2007-10-26 2:09:56 14 826 A.... "C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org\components\talkback-l10n.ini"



Files with hidden attributes:


Mon 18 Jun 2007 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"

Sat 15 Sep 2007 0 A..H. --- "C:\Documents and Settings\Pawe\Pulpit\tibiatestserver8.exe"

Thu 15 Nov 2007 15,394,248 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\14de9ff37c6b4e4eea2b0481a107ae59\BIT16.tmp"

Thu 15 Nov 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\1679cd06c3d72c42ad169baedad676c9\BIT1E.tmp"

Thu 15 Nov 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\20a4a6e3d70f3001229eaa8cf46f9b6e\BIT1B.tmp"

Thu 15 Nov 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\24823ed08383f02a4a29c3ae029f9c14\BIT1D.tmp"

Thu 15 Nov 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\67c8fc01100a7555e3d40c5e21ad4a52\BIT17.tmp"

Thu 15 Nov 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\8b0720d229b505788fc5c09af3f8c479\BIT19.tmp"

Thu 15 Nov 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\abf37927fe96bc682b342849c5743771\BIT1C.tmp"

Thu 15 Nov 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\c7ca82c6527101a1221a39f48bd67bac\BIT1A.tmp"

Thu 15 Nov 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\ce6ce445a88a6f40117b1bf83ba65bc4\BIT20.tmp"

Thu 15 Nov 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\d24445e8cd369b6927c4ffb132d21fca\BIT18.tmp"

Thu 15 Nov 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\8c0a744aa1b9e906a1121808c059800c\download\BIT4.tmp"

Thu 15 Nov 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\9e6443517b40ee6dc8c01624ff3d2084\download\BIT3.tmp"



Program Folders:


C:\Program Files\


Adobe

Ahead

Alcohol Soft

Alwil Software

AvRack

Axis Communications

BearShare Applications

BitComet

Burn4Free Toolbar

Common Files

ComPlus Applications

DIFX

directx

EA SPORTS

Electronic Arts

Futuremark

Gigabyte

Google

InstallShield Installation Information

Internet Explorer

Intuwave Ltd

Java

MegauploadToolbar

Messenger

microsoft frontpage

Movie Maker

Mozilla Firefox

MSN Gaming Zone

NetMeeting

Nokia

OpenOffice.org 2.1

Outlook Express

PC Connectivity Solution

Pinnacle

PowerISO

Prime95

Realtek Sound Manager

Skype

Sony Ericsson

Spybot - Search & Destroy

TVTool

Uninstall Information

Usługi online

VIA

VideoCAM Eye

Winamp

Windows Media Player

Windows NT

WindowsUpdate

WinRAR

xerox

Zone Labs


C:\Program Files\Common Files\


Adobe

Ahead

DirectX

InstallShield

Java

Microsoft Shared

MSSoap

NSV

Nullsoft

ODBC

Services

Skype

SpeechEngines

System

VCAMEye



Add/Remove Programs:


Pakiet sterowników systemu Windows - Nokia Modem (02/15/2007 3.1)

Pakiet sterowników systemu Windows - Nokia (WUDFRd) WPD (06/01/2007 6.84.33.0)

7-Zip 4.42

Adobe Photoshop 7.0 CE

Adobe Shockwave Player

ALLPlayer V2.4

avast! Antivirus

AXIS Media Control Embedded

Pakiet sterowników systemu Windows - Nokia Modem (02/15/2007 3.1)

BitComet 0.59

CWK (Czasowy Wyłącznik Komputera)

The Neverhood

Enable S3 for USB Device

EVEREST Home Edition v2.20

FIFA 2000

SEMC DSS SyncStation Driver

Gadu-Gadu 7.7

GTA2 Game Hunter

Hamachi 1.0.2.2

Heroes of Might and Magic(TM) III Armageddon's Blade

HijackThis 2.0.2

Pinnacle Hollywood FX 4.6

VIA Integrated Setup Wizard

Poprawka systemu Windows XP - KB873339

Poprawka systemu Windows XP - KB885835

Poprawka systemu Windows XP - KB885836

Poprawka systemu Windows XP - KB886185

Poprawka systemu Windows XP - KB887472

Poprawka systemu Windows XP - KB888302

Poprawka systemu Windows XP - KB890859

Poprawka systemu Windows XP - KB891781

Aktualizacja zabezpieczeń dla systemu Windows XP (KB893756)

Windows Installer 3.1 (KB893803)

Aktualizacja dla systemu Windows XP (KB894391)

Aktualizacja zabezpieczeń dla systemu Windows XP (KB896358)

Aktualizacja zabezpieczeń dla systemu Windows XP (KB896423)

Aktualizacja zabezpieczeń dla systemu Windows XP (KB896424)

Aktualizacja zabezpieczeń dla systemu Windows XP (KB896428)

Aktualizacja dla systemu Windows XP (KB898461)

Aktualizacja zabezpieczeń dla systemu Windows XP (KB899587)

Aktualizacja zabezpieczeń dla systemu Windows XP (KB899591)

Aktualizacja dla systemu Windows XP (KB900485)

Aktualizacja zabezpieczeń dla systemu Windows XP (KB900725)

Aktualizacja zabezpieczeń dla systemu Windows XP (KB901017)

Aktualizacja zabezpieczeń dla systemu Windows XP (KB901214)

Aktualizacja zabezpieczeń dla systemu Windows XP (KB902400)

Aktualizacja zabezpieczeń dla systemu Windows XP (KB904706)

Aktualizacja zabezpieczeń dla systemu Windows XP (KB905414)

Aktualizacja zabezpieczeń dla systemu Windows XP (KB905749)

Aktualizacja zabezpieczeń dla systemu Windows XP (KB908519)

Aktualizacja dla systemu Windows XP (KB908531)

Aktualizacja dla systemu Windows XP (KB910437)

Aktualizacja dla systemu Windows XP (KB911280)

Aktualizacja zabezpieczeń dla systemu Windows XP (KB911562)

Aktualizacja zabezpieczeń dla programu Windows Media Player (KB911564)

Aktualizacja zabezpieczeń dla systemu Windows XP (KB911927)

Aktualizacja zabezpieczeń dla systemu Windows XP (KB912919)

Aktualizacja zabezpieczeń dla systemu Windows XP (KB913580)

Aktualizacja zabezpieczeń dla systemu Windows XP (KB914388)

Aktualizacja zabezpieczeń dla systemu Windows XP (KB914389)

Aktualizacja dla systemu Windows XP (KB916595)

Aktualizacja zabezpieczeń dla systemu Windows XP (KB917344)

Aktualizacja zabezpieczeń dla systemu Windows XP (KB917422)

Aktualizacja zabezpieczeń dla programu Windows Media Player 9 (KB917734)

Aktualizacja zabezpieczeń dla systemu Windows XP (KB917953)

Aktualizacja zabezpieczeń dla systemu Windows XP (KB918118)

Aktualizacja zabezpieczeń dla systemu Windows XP (KB918439)

Aktualizacja zabezpieczeń dla systemu Windows XP (KB919007)

Aktualizacja zabezpieczeń dla systemu Windows XP (KB920213)

Aktualizacja zabezpieczeń dla systemu Windows XP (KB920670)

Aktualizacja zabezpieczeń dla systemu Windows XP (KB920683)

Aktualizacja zabezpieczeń dla systemu Windows XP (KB920685)

Aktualizacja dla systemu Windows XP (KB920872)

Aktualizacja zabezpieczeń dla systemu Windows XP (KB921398)

Aktualizacja dla systemu Windows XP (KB922582)

Aktualizacja zabezpieczeń dla systemu Windows XP (KB922616)

Aktualizacja zabezpieczeń dla systemu Windows XP (KB922819)

Aktualizacja zabezpieczeń dla systemu Windows XP (KB923191)

Aktualizacja zabezpieczeń dla systemu Windows XP (KB923414)

Aktualizacja zabezpieczeń dla Windows XP (KB923689)

Aktualizacja zabezpieczeń dla systemu Windows XP (KB923694)

Aktualizacja zabezpieczeń dla systemu Windows XP (KB923980)

Aktualizacja zabezpieczeń dla systemu Windows XP (KB924191)

Aktualizacja zabezpieczeń dla systemu Windows XP (KB924270)

Aktualizacja zabezpieczeń dla systemu Windows XP (KB924496)

Aktualizacja zabezpieczeń dla systemu Windows XP (KB924667)

Aktualizacja zabezpieczeń dla programu Windows Media Player 6.4 (KB925398)

Aktualizacja zabezpieczeń dla systemu Windows XP (KB925454)

Aktualizacja zabezpieczeń dla systemu Windows XP (KB925902)

Aktualizacja zabezpieczeń dla systemu Windows XP (KB926255)

Aktualizacja zabezpieczeń dla systemu Windows XP (KB926436)

Aktualizacja zabezpieczeń dla systemu Windows XP (KB927779)

Aktualizacja zabezpieczeń dla systemu Windows XP (KB927802)

Aktualizacja dla systemu Windows XP (KB927891)

Aktualizacja zabezpieczeń dla systemu Windows XP (KB928090)

Aktualizacja zabezpieczeń dla systemu Windows XP (KB928255)

Aktualizacja zabezpieczeń dla systemu Windows XP (KB928843)

Aktualizacja dla systemu Windows XP (KB929338)

Aktualizacja zabezpieczeń dla systemu Windows XP (KB929969)

Aktualizacja zabezpieczeń dla systemu Windows XP (KB930178)

Aktualizacja dla systemu Windows XP (KB930916)

Aktualizacja zabezpieczeń dla systemu Windows XP (KB931261)

Aktualizacja zabezpieczeń dla systemu Windows XP (KB931768)

Aktualizacja zabezpieczeń dla systemu Windows XP (KB931784)

Aktualizacja dla systemu Windows XP (KB931836)

Aktualizacja zabezpieczeń dla systemu Windows XP (KB932168)

Aktualizacja zabezpieczeń dla systemu Windows XP (KB933566)

Aktualizacja zabezpieczeń dla systemu Windows XP (KB935839)

Aktualizacja zabezpieczeń dla systemu Windows XP (KB935840)

L2eXtreme Auto Updater 2.9b

Megaupload Toolbar

Microsoft .NET Framework 2.0

MoorHunt 0.3.7.1

Mozilla Firefox (2.0.0.9)

Nero OEM

Nero Media Player

Pinnacle Hollywood FX Pack0 - Extra FX

PowerISO

Ram Cleaner 1.40 XP

RonOTS Client 7.5

San Andreas Mod Installer

Adobe Flash Player 9 ActiveX

Onet.pl - Skype 3.0

Solitaire Maniac 1.5

Starcraft

TeamSpeak 2 RC2

TibiaCam TV Lite 1.4

Tibia 7.5

Tibia MULTI-ip changer

TVTool

Windows Genuine Advantage Notifications (KB905474)

Winamp (remove only)

Windows Media Format Runtime

Windsurfing 2007 Final Version

Archiwizator WinRAR

ZoneAlarm

Steam(TM)

Heroes of Might and Magic V

Nokia Connectivity Cable Driver

OpenOffice.org 2.1

Google Earth

GTA2

VideoCAM Eye

J2SE Runtime Environment 5.0 Update 11

Skype Plugin Manager

Studio 8

Medal of Honor Pacific Assault(tm)

PCMark05

Prime95

Microsoft .NET Framework 2.0

VIA Integrated Setup Wizard

REALTEK Gigabit and Fast Ethernet NIC Driver

Counter-Strike: Source

PC Connectivity Solution

Counter-Strike 1.6

Microsoft Visual C++ 2005 Redistributable

Desktop Sidebar

Adobe Reader 8 - Polish

Spybot - Search & Destroy

Heroes of Might and Magic® III

Microsoft .NET Framework 1.1

GTA San Andreas

Nokia Connectivity Adapter Cable DKU-5

Realtek AC'97 Audio

Sony Ericsson PC Suite 3.2.0

ACE Mega CoDecS Pack

Half-Life 2

Day of Defeat: Source



Run Values:


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]

"avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"

"Tweak UI"="RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp"

"SoundMan"="SOUNDMAN.EXE"

"NVRTCLK"="C:\\WINDOWS\\system32\\NVRTCLK\\NVRTClk.exe"

"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"

"nwiz"="nwiz.exe /install"

"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"

"snpstd"="C:\\WINDOWS\\vsnpstd.exe"

"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_11\\bin\\jusched.exe\""


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]

"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"

"Gadu-Gadu"="\"D:\\Program Files\\Gadu-Gadu\\gg.exe\" /tray"



Bot Check:


SERVICE_NAME: wscsvc

        DISPLAY_NAME : Centrum zabezpiecze  

        START_TYPE : 2 AUTO_START


SERVICE_NAME: sharedaccess

        DISPLAY_NAME : Zapora systemu Windows/Udost  

        START_TYPE : 2 AUTO_START


SERVICE_NAME: wuauserv

        DISPLAY_NAME : Aktualizacje automatyczne  

        START_TYPE : 2 AUTO_START


SERVICE_NAME: srservice

        DISPLAY_NAME : Us  

        START_TYPE : 2 AUTO_START


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole]

"EnableDCOM"="Y"


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]

"restrictanonymous"=dword:00000000


[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update]

"AUOptions"=dword:00000002


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"AntiVirusDisableNotify"=dword:00000000

"FirewallDisableNotify"=dword:00000000

"UpdatesDisableNotify"=dword:00000000

"AntiVirusOverride"=dword:00000000

"FirewallOverride"=dword:00000000


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control]

"WaitToKillServiceTimeout"="20000"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

"SFCDisable"=dword:00000000

"Shell"="Explorer.exe"

"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shell extensions]




[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters]

"TransportBindName"="\\Device\\"



ShellExecuteHooks:


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""




Environment:



HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\environment

   ComSpec	REG_EXPAND_SZ %SystemRoot%\system32\cmd.exe

   Path	REG_EXPAND_SZ %systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\PC Connectivity Solution"

   windir	REG_EXPAND_SZ %SystemRoot%

   OS	REG_SZ Windows_NT

   PATHEXT	REG_SZ .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH

   TEMP	REG_EXPAND_SZ %SystemRoot%\TEMP

   TMP	REG_EXPAND_SZ %SystemRoot%\TEMP

   tvdumpflags	REG_SZ 8


SecurityProviders:


HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders

   SecurityProviders	REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll



Authentication Packages:


HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa

   Authentication Packages	REG_MULTI_SZ msv1_0\0\0



Non-Default IFEO Debugger:



Non-Default Installed Components:



Non-Default Safeboot Minimal:



File Associations:



[HKEY_CLASSES_ROOT\batfile\shell\open\command]

@="\"%1\" %*"


[HKEY_CLASSES_ROOT\cmdfile\shell\open\command]

@="\"%1\" %*"


[HKEY_CLASSES_ROOT\comfile\shell\open\command]

@="\"%1\" %*"


[HKEY_CLASSES_ROOT\exefile\shell\open\command]

@="\"%1\" %*"


[HKEY_CLASSES_ROOT\htafile\shell\open\command]

@="C:\\WINDOWS\\system32\\mshta.exe \"%1\" %*"


[HKEY_CLASSES_ROOT\http\shell\open\command]

@="C:\\PROGRA~1\\MOZILL~1\\FIREFOX.EXE -requestPending -osint -url \"%1\""


[HKEY_CLASSES_ROOT\https\shell\open\command]

@="C:\\PROGRA~1\\MOZILL~1\\FIREFOX.EXE -requestPending -osint -url \"%1\""


[HKEY_CLASSES_ROOT\htmlfile\shell\open\command]

@="\"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE\" -nohome"


[HKEY_CLASSES_ROOT\regedit\shell\open\command]

@="regedit.exe %1"


[HKEY_CLASSES_ROOT\regfile\shell\open\command]

@="regedit.exe \"%1\""


[HKEY_CLASSES_ROOT\scrfile\shell\open\command]

@="\"%1\" /S"


[HKEY_CLASSES_ROOT\txtfile\shell\open\command]

@="%SystemRoot%\system32\NOTEPAD.EXE %1"



Finished!
#6

Coś dał za log, daj teraz z Combo

#7

zrobiłem tak:

Dwuklik na SDFix.exe następnie program wypakuje się na dysk systemowy (standardowo C:\SDFix)

Zrestartuj komputer i wejdź do trybu awaryjnego (klawisz F8 przed bootem Windowsa)

Wejdź do folderu z SDFix kliknij dwa razy na plik RunThis.bat

Wciśnij Y nastąpi proces usuwania.

Kiedy usuwanie się ukończy wciśnij dowolny klawisz (Any Key). Nastąpi restart komputera.

tylko niestety program nie uruchomił sie ponownie ;/

ps; ten drugi raz tez w awaryjny wejść?

report.txt

SDFix: Version 1.114


Run by Paweł on 2007-11-15 at 21:14


Microsoft Windows XP [Wersja 5.1.2600]


Running From: D:\sdfix\SDFix


Safe Mode:

Checking Services: 



Restoring Windows Registry Values

Restoring Windows Default Hosts File
#8

No Ok już powinno być

#9

ok dzięki, ale jeszcze problem nie zniknął, pojawia sie za każdym razem gdy chę sie połączyć z jakimś serverem aktualizacji (mozilla, avast, ad-adware SE, spybot itd) wyskakuje mi informacja, ze jest problem z połączeniem (działa przeglądarka, komunikatory) i jak wyłączę ochrone dostępową avasta to przestają działać przeglądarki ;/