Problem z procesami, internetem, Netią [log]

Dla specjalistów Bezpieczeństwo
#1

Siema,

ostatnio mam problemy z moim PC’tem. A mianowicie:

  1. Gdy włączam jakiś proces (np. gg) to nie otwiera się to okno, muszę wejść w managera i zamknąć proces i włączyć od nowa (czasami musze tę czynność powtarzać kilkakrotnie)

  2. Gdy łączę się z internetem (Netia) to rozłącza mi samoczynnie połączenia. Nagle strzałka zapala się na brązowo, a powinna na zielono… Nie jest to wina modemu (oba światełka świecą się równomiernie)

  3. Mam włączone, żeby programik netii do łączenia włączał się wraz ze startem Windows, na początku tak było, a teraz musze robić to samo co w pkt. 1

  4. Nie mogę ściągać plików, bo rozłącza, a poza tym mam wolny transfer (ok. 40 kb/s a powinno być z ok. 70) [np. rapidshare]

Oto logi:

Logfile of HijackThis v1.99.1

Scan saved at 19:37:37, on 2007-03-13

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16414)


Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe

C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe

C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe

C:\Program Files\HP\hpcoretech\hpcmpmgr.exe

C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\Winamp\winampa.exe

C:\WINDOWS\System32\Ati2evxx.exe

D:\SpeedX.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\UPHClean\uphclean.exe

C:\Program Files\Winamp\winamp.exe

C:\Program Files\Netia\Net\netianet.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\WinRAR\WinRAR.exe

C:\DOCUME~1\MATIXD~1\USTAWI~1\Temp\Rar$EX00.313\HijackThis.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"

O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon

O4 - HKLM\..\Run: [kis] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"

O4 - HKLM\..\Run: [kav] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"

O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe

O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup

O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe

O4 - HKCU\..\Run: [SpeedX] D:\SpeedX.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray

O4 - HKCU\..\Run: [NETIANET] C:\Program Files\Netia\Net\netianet.exe

O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

O9 - Extra button: Ochrona WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll

O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O11 - Options group: [INTERNATIONAL] International*

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1166955759920

O17 - HKLM\System\CCS\Services\Tcpip\..\{6BFB6EFA-2FA1-49AB-853D-EBEA8F30E09F}: NameServer = 213.241.79.37 83.238.255.76

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll

O20 - Winlogon Notify: klogon - C:\WINDOWS\System32\klogon.dll

O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware Pro\aawservice.exe

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe

"Silent Runners.vbs", revision R50, http://www.silentrunners.org/

Operating System: Windows XP SP2

Output limited to non-default values, except where indicated by "{++}"



Startup items buried in registry:

---------------------------------


HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}

"SpeedX" = "D:\SpeedX.exe" ["MyPortal.pl"]

"ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS]

"Gadu-Gadu" = ""C:\Program Files\Gadu-Gadu\gg.exe" /tray" ["Gadu-Gadu S.A."]

"NETIANET" = "C:\Program Files\Netia\Net\netianet.exe" ["OF.PL sp.z .o.o."]

"SpybotSD TeaTimer" = "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" ["Safer Networking Limited"]


HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}

"ATIPTA" = ""C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"" ["ATI Technologies, Inc."]

"SpeedTouch USB Diagnostics" = ""C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon" ["THOMSON Telecom Belgium"]

"kis" = ""C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"" ["Kaspersky Lab"]

"kav" = ""C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"" ["Kaspersky Lab"]

"SunJavaUpdateSched" = ""C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"" ["Sun Microsystems, Inc."]

"HP Component Manager" = ""C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"" ["Hewlett-Packard Company"]

"HP Software Update" = ""C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"" ["Hewlett-Packard"]

"HPDJ Taskbar Utility" = "C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" ["HP"]

"ISUSPM Startup" = ""C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup" ["Macrovision Corporation"]

"ISUSScheduler" = ""C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start" ["Macrovision Corporation"]

"WinampAgent" = "C:\Program Files\Winamp\winampa.exe" [null data]


HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{31FF080D-12A3-439A-A2EF-4BA95A3148E8}\(Default) = (no title provided)

  -> {HKLM...CLSID} = "bho2gr Class"

                   \InProcServer32\(Default) = "C:\Program Files\GetRight\xx2gr.dll" ["Headlight Software, Inc."]

{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)

  -> {HKLM...CLSID} = (no title provided)

                   \InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]


HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"

  -> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"

                   \InProcServer32\(Default) = "deskpan.dll" [file not found]

"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"

  -> {HKLM...CLSID} = "HyperTerminal Icon Ext"

                   \InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]

"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

"{85E0B171-04FA-11D1-B7DA-00A0C90348D6}" = "Ochrona WWW"

  -> {HKLM...CLSID} = "Ochrona WWW"

                   \InProcServer32\(Default) = "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll" ["Kaspersky Lab"]

"{FED7043D-346A-414D-ACD7-550D052499A7}" = "dBpowerAMP Music Converter 1"

  -> {HKLM...CLSID} = "dBpShell Class"

                   \InProcServer32\(Default) = "C:\Program Files\Illustrate\dBpowerAMP\dBShell.dll" [empty string]

"{2C49B5D0-ACE7-4D17-9DF0-A254A6C5A0C5}" = "dBpowerAMP Music Converter"

  -> {HKLM...CLSID} = "dMCIShell Class"

                   \InProcServer32\(Default) = "C:\Program Files\Illustrate\dBpowerAMP\dMCShell.dll" [empty string]

"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"

  -> {HKLM...CLSID} = (no title provided)

                   \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS]

"{4858E7D9-8E12-45a3-B6A3-1CD128C9D403}" = "TuneUp Shredder Shell Extension"

  -> {HKLM...CLSID} = "TuneUp Shredder Shell Extension"

                   \InProcServer32\(Default) = "C:\Program Files\TuneUp Utilities 2007\SDShelEx-win32.dll" ["TuneUp Software GmbH"]

"{44440D00-FF19-4AFC-B765-9A0970567D97}" = "TuneUp Theme Extension"

  -> {HKLM...CLSID} = "TuneUp Theme Extension"

                   \InProcServer32\(Default) = "C:\WINDOWS\system32\uxtuneup.dll" ["TuneUp Software GmbH"]

"{B7056B8E-4F99-44f8-8CBD-282390FE5428}" = "VirtualCloneDrive"

  -> {HKLM...CLSID} = "VirtualCloneDrive Shell Extension"

                   \InProcServer32\(Default) = "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\ElbyVCDShell.dll" ["Elaborate Bytes AG"]


HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\

<> "AppInit_DLLs" = "C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll" ["Kaspersky Lab"]


HKLM\System\CurrentControlSet\Control\Session Manager\

<> "BootExecute" = "autocheck autochk *"|"SsiEfr.e" [file not found]


HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\

<> klogon\DLLName = "C:\WINDOWS\System32\klogon.dll" ["Kaspersky Lab"]

<> WRNotifier\DLLName = "WRLogonNTF.dll" [file not found]


HKLM\Software\Classes\PROTOCOLS\Filter\

<> text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"

  -> {HKLM...CLSID} = (no title provided)

                   \InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]


HKLM\Software\Classes\Folder\shellex\ColumnHandlers\

{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"

  -> {HKLM...CLSID} = "PDF Shell Extension"

                   \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]

{FED7043D-346A-414D-ACD7-550D052499A7}\(Default) = "dBpowerAMP Column Handler"

  -> {HKLM...CLSID} = "dBpShell Class"

                   \InProcServer32\(Default) = "C:\Program Files\Illustrate\dBpowerAMP\dBShell.dll" [empty string]


HKLM\Software\Classes\*\shellex\ContextMenuHandlers\

Kaspersky Anti-Virus\(Default) = "{dd230880-495a-11d1-b064-008048ec2fc5}"

  -> {HKLM...CLSID} = (no title provided)

                   \InProcServer32\(Default) = "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\shellex.dll" ["Kaspersky Lab"]

TuneUp Shredder Shell Extension\(Default) = "{4858E7D9-8E12-45a3-B6A3-1CD128C9D403}"

  -> {HKLM...CLSID} = "TuneUp Shredder Shell Extension"

                   \InProcServer32\(Default) = "C:\Program Files\TuneUp Utilities 2007\SDShelEx-win32.dll" ["TuneUp Software GmbH"]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]


HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\

TuneUp Shredder Shell Extension\(Default) = "{4858E7D9-8E12-45a3-B6A3-1CD128C9D403}"

  -> {HKLM...CLSID} = "TuneUp Shredder Shell Extension"

                   \InProcServer32\(Default) = "C:\Program Files\TuneUp Utilities 2007\SDShelEx-win32.dll" ["TuneUp Software GmbH"]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]


HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\

Kaspersky Anti-Virus\(Default) = "{dd230880-495a-11d1-b064-008048ec2fc5}"

  -> {HKLM...CLSID} = (no title provided)

                   \InProcServer32\(Default) = "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\shellex.dll" ["Kaspersky Lab"]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]



Group Policies {GPedit.msc branch and setting}:

-----------------------------------------------


Note: detected settings may not have any effect.


HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\


"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

Shutdown: Allow system to be shut down without having to log on}


"undockwithoutlogon" = (REG_DWORD) hex:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

Devices: Allow undock without having to log on}



Active Desktop and Wallpaper:

-----------------------------


Active Desktop may be disabled at this entry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState


Displayed if Active Desktop enabled and wallpaper not set by Group Policy:

HKCU\Software\Microsoft\Internet Explorer\Desktop\General\

"Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"


Displayed if Active Desktop disabled and wallpaper not set by Group Policy:

HKCU\Control Panel\Desktop\

"Wallpaper" = "C:\Documents and Settings\Mati xD\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"



Startup items in "Mati xD" & "All Users" startup folders:

---------------------------------------------------------


C:\Documents and Settings\All Users\Menu Start\Programy\Autostart

"Adobe Gamma" -> shortcut to: "C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe" ["Adobe Systems, Inc."]



Enabled Scheduled Tasks:

------------------------


"1-Click Maintenance" -> launches: "C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe /schedulestart" ["TuneUp Software GmbH"]



Winsock2 Service Provider DLLs:

-------------------------------


Namespace Service Providers


HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}

000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]

000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]


Transport Service Providers


HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}

0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:

%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 15

%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05



Toolbars, Explorer Bars, Extensions:

------------------------------------


Explorer Bars


HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\


HKLM\Software\Classes\CLSID\{85E0B171-04FA-11D1-B7DA-00A0C90348D6}\(Default) = "Ochrona WWW"

Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]

InProcServer32\(Default) = "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll" ["Kaspersky Lab"]


HKLM\Software\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Badanie"

Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]

InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL" [MS]


Extensions (Tools menu items, main toolbar menu buttons)


HKLM\Software\Microsoft\Internet Explorer\Extensions\

{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\

"MenuText" = "Sun Java Console"

"CLSIDExtension" = "{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBC}"

  -> {HKCU...CLSID} = "Java Plug-in 1.5.0_10"

                   \InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll" ["Sun Microsystems, Inc."]

  -> {HKLM...CLSID} = "Java Plug-in 1.5.0_10"

                   \InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll" ["Sun Microsystems, Inc."]


{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E}\

"ButtonText" = "Ochrona WWW"


{92780B25-18CC-41C8-B9BE-3C9C571A8263}\

"ButtonText" = "Badanie"



Miscellaneous IE Hijack Points

------------------------------


HKLM\Software\Microsoft\Internet Explorer\AboutURLs\

<> "TuneUp" = "file://C|/Documents and Settings/All Users/Dane aplikacji/TuneUp Software/Common/base.css" [file not found]



Running Services (Display Name, Service Name, Path {Service DLL}):

------------------------------------------------------------------


Ati HotKey Poller, Ati HotKey Poller, "C:\WINDOWS\System32\Ati2evxx.exe" ["ATI Technologies Inc."]

Kaspersky Internet Security 6.0, AVP, "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe -r" ["Kaspersky Lab"]

TuneUp Design Expansion, UxTuneUp, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\uxtuneup.dll" ["TuneUp Software GmbH"]}

User Profile Hive Cleanup, UPHClean, "C:\Program Files\UPHClean\uphclean.exe" [MS]

Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\System32\wdfmgr.exe" [MS]



Print Monitors:

---------------


HKLM\System\CurrentControlSet\Control\Print\Monitors\

hpzsnt09\Driver = "hpzsnt09.dll" ["HP"]

Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS]



----------

<>: Suspicious data at a malware launch point.

<>: Suspicious data at a browser hijack point.


+ This report excludes default entries except where indicated.

+ To see *everywhere* the script checks and *everything* it finds,

  launch it from a command prompt or a shortcut with the -all parameter.

+ To search all directories of local fixed drives for DESKTOP.INI

  DLL launch points, use the -supp parameter or answer "No" at the

  first message box and "Yes" at the second message box.

---------- (total run time: 49 seconds, including 13 seconds for message boxes)
#2

Zmień tytuł na konkretny używając funkcji icon_edit.gif

Inaczej temat poleci do śmietnika.

#3

Może aktywny cały czas SpybotSD TeaTimer powoduje takie problemy?

Przy wyłączonym SpybotSD TeaTimer:

Kosmetycznie możesz otworzyć Notatnik i wkleić w nim to:

Plik >>> Zapisz jako >>> Zmień rozszerzenie z TXT na Wszystkie pliki >>> Zapisz pod nazwą FIX.REG >>> kliknij dwa razy na utworzony plik FIX.REG i potwierdź dodanie do rejestru >>> restart.

Jeśli jednak nie SpybotSD TeaTimer okaże się przyczyną problemu to przeskanuj kasperskim i wklej raport i log z Comboscan.

#4 
ComboScan v20070306.20 run by Mati xD on 2007-03-13 at 20:58:19

Computer is in Normal Mode.

--------------------------------------------------------------------------------


-- System Restore --------------------------------------------------------------


Successfully created ComboScan Restore Point.



-- Last 5 Restore Point(s) --

52: 2007-03-13 19:58:23 UTC - RP93 - ComboScan Restore Point

51: 2007-03-13 19:41:08 UTC - RP92 - Zainstalowano Windows XP KB921883.

50: 2007-03-11 21:57:20 UTC - RP91 - Install Virtual CloneDrive

49: 2007-03-10 14:16:45 UTC - RP90 - Installed Ad-Aware 2007 Beta

48: 2007-03-04 12:36:42 UTC - RP89 - Punkt kontrolny systemu



-- First Restore Point -- 

1: 2007-01-03 21:37:43 UTC - RP42 - Punkt kontrolny systemu



Performed disk cleanup.



-- HijackThis (run as Mati xD.exe) ---------------------------------------------


Logfile of HijackThis v1.99.1

Scan saved at 20:58:49, on 2007-03-13

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16414)


Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe

C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe

C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe

C:\Program Files\HP\hpcoretech\hpcmpmgr.exe

C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\Winamp\winampa.exe

C:\WINDOWS\System32\Ati2evxx.exe

D:\SpeedX.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe

C:\Program Files\UPHClean\uphclean.exe

C:\Program Files\Winamp\winamp.exe

C:\Program Files\Gadu-Gadu\gg.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Program Files\Netia\Net\netianet.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Mati xD\Pulpit\comboscan.exe

C:\PROGRA~1\HIJACK~1\Mati xD.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll

O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"

O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon

O4 - HKLM\..\Run: [kis] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"

O4 - HKLM\..\Run: [kav] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"

O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe

O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup

O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe

O4 - HKCU\..\Run: [SpeedX] D:\SpeedX.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray

O4 - HKCU\..\Run: [NETIANET] C:\Program Files\Netia\Net\netianet.exe

O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

O9 - Extra button: Ochrona WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll

O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O11 - Options group: [INTERNATIONAL] International*

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1166955759920

O17 - HKLM\System\CCS\Services\Tcpip\..\{6BFB6EFA-2FA1-49AB-853D-EBEA8F30E09F}: NameServer = 213.241.79.37 83.238.255.76

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll

O20 - Winlogon Notify: klogon - C:\WINDOWS\System32\klogon.dll

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware Pro\aawservice.exe

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe



-- File Associations -----------------------------------------------------------


.bat - batfile - "%1" %*

.chm - chm.file - "C:\WINDOWS\hh.exe" %1

.cmd - cmdfile - "%1" %*

.com - comfile - "%1" %*

.exe - exefile - "%1" %*

.hlp - hlpfile - %SystemRoot%\System32\winhlp32.exe %1

.inf - inffile - %SystemRoot%\System32\NOTEPAD.EXE %1

.ini - inifile - %SystemRoot%\System32\NOTEPAD.EXE %1

.js - JSFile - %SystemRoot%\System32\WScript.exe "%1" %*

.lnk - lnkfile - {00021401-0000-0000-C000-000000000046}

.pif - piffile - "%1" %*

.reg - regfile - regedit.exe "%1"

.scr - scrfile - "%1" /S

.txt - txtfile - %SystemRoot%\system32\NOTEPAD.EXE %1

.vbs - VBSFile - %SystemRoot%\System32\WScript.exe "%1" %*



-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------


3S AdWatchDrv (AW Realtime Driver) - C:\WINDOWS\system32\drivers\AWRTPD.sys

3R alcan5wn (SpeedTouch USB ADSL PPP Networking Driver (NDISWAN)) - C:\WINDOWS\system32\drivers\alcan5wn.sys

3R alcaudsl (SpeedTouch ADSL Modem ATM Transport) - C:\WINDOWS\system32\drivers\alcaudsl.sys

1R AmdK7 (Sterownik procesora AMD K7) - C:\WINDOWS\system32\drivers\amdk7.sys

3R ati2mtag - C:\WINDOWS\system32\drivers\ati2mtag.sys

3R ElbyCDFL - C:\WINDOWS\system32\drivers\ElbyCDFL.sys

2R ElbyCDIO (ElbyCDIO Driver) - C:\WINDOWS\system32\drivers\ElbyCDIO.sys

3R ElbyDelay - C:\WINDOWS\system32\drivers\ElbyDelay.sys

0R giveio - C:\WINDOWS\system32\giveio.sys

3S GMSIPCI - E:\INSTALL\GMSIPCI.SYS (not found)

0R kl1 - C:\WINDOWS\system32\drivers\kl1.sys

1R klif - C:\WINDOWS\system32\drivers\klif.sys

3R nvax (Service for NVIDIA(R) nForce(TM) Audio Enumerator) - C:\WINDOWS\system32\drivers\nvax.sys

3R NVENET (NVIDIA nForce MCP Networking Controller Driver) - C:\WINDOWS\system32\drivers\NVENET.sys

3R nvnforce (Service for NVIDIA(R) nForce(TM) Audio) - C:\WINDOWS\system32\drivers\nvapu.sys

0R nv_agp (NVIDIA nForce AGP Bus Filter) - C:\WINDOWS\system32\drivers\nv_agp.SYS

0R speedfan - C:\WINDOWS\system32\speedfan.sys

2S SVKP - C:\WINDOWS\System32\SVKP.sys

 (not found)

3R usbohci (Sterownik Miniport otwartego kontrolera hosta USB Microsoft) - C:\WINDOWS\system32\drivers\usbohci.sys

3S usbprint (Klasa PRINTER USB Microsoft) - C:\WINDOWS\system32\drivers\usbprint.sys

3S USBSTOR (Sterownik magazynu masowego USB) - C:\WINDOWS\system32\drivers\USBSTOR.SYS

0R VClone - C:\WINDOWS\system32\drivers\VClone.sys



-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------


2S aawservice (Ad-Aware 2007 Service) - "C:\Program Files\Lavasoft\Ad-Aware Pro\aawservice.exe"

3S Adobe LM Service - "C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe"

2R Ati HotKey Poller - C:\WINDOWS\System32\Ati2evxx.exe

2S ATI Smart - C:\WINDOWS\system32\ati2sgag.exe

2R AVP (Kaspersky Internet Security 6.0) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe -r

3S ose (Office Source Engine) - "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"

2R UMWdf (Windows User Mode Driver Framework) - C:\WINDOWS\System32\wdfmgr.exe

2R UPHClean (User Profile Hive Cleanup) - C:\Program Files\UPHClean\uphclean.exe

2R UxTuneUp (TuneUp Design Expansion) - C:\WINDOWS\System32\svchost.exe -k netsvcs



-- Scheduled Tasks -------------------------------------------------------------


2007-03-09 17:16:25 394 --a------ C:\WINDOWS\Tasks\1-Click Maintenance.job<1-CLIC~1.JOB>



-- Files created between 2007-02-13 and 2007-03-13 -----------------------------


2007-03-13 20:41:00 0 d--h----- C:\WINDOWS\$hf_mig$

2007-03-13 20:40:59 0 d-------- C:\WINDOWS\LastGood

2007-03-13 20:20:18 0 d-------- C:\Program Files\Passware

2007-03-11 13:37:01 0 d-------- C:\Program Files\xp-AntiSpy

2007-03-09 23:36:19 0 d-------- C:\Program Files\Kwyshell

2007-03-09 21:43:48 0 d-------- C:\games

2007-03-09 21:18:23 304128 --a------ C:\WINDOWS\IsUninst.exe

2007-03-09 18:57:33 0 d--h----- C:\WINDOWS\PIF

2007-03-05 22:38:54 5632 --a------ C:\WINDOWS\system32\drivers\AWRTPD.sys

2007-03-04 20:30:25 364544 --a------ C:\WINDOWS\system32\TwnLib4.dll

2007-03-04 20:30:24 471040 --a------ C:\WINDOWS\system32\imagXRA7.dll

2007-03-04 20:30:24 262144 --a------ C:\WINDOWS\system32\imagXR7.dll

2007-03-04 20:30:24 476320 --a------ C:\WINDOWS\system32\imagXpr7.dll

2007-03-04 20:30:23 1568768 --a------ C:\WINDOWS\system32\imagX7.dll

2007-03-04 20:30:23 0 d-------- C:\Program Files\Nero

2007-03-02 17:20:10 0 d-------- C:\Program Files\Common Files\Adobe Systems Shared

2007-02-23 16:47:22 0 d-------- C:\Program Files\MOV to AVI MPEG WMV Converter

2007-02-17 23:31:07 0 d-------- C:\WINDOWS\ie7updates



-- Find3M Report ---------------------------------------------------------------


2007-03-12 23:20:26 0 d-------- C:\Documents and Settings\Mati xD\Dane aplikacji\Adobe

2007-03-11 23:14:13 0 d-------- C:\Program Files\Mozilla Firefox

2007-03-11 19:03:01 0 d-------- C:\Program Files\Winamp

2007-03-11 13:44:27 0 d-------- C:\Program Files\messenger

2007-03-10 15:16:49 0 d-------- C:\Program Files\Lavasoft

2007-03-09 21:09:32 0 d-------- C:\Program Files\GetRight

2007-03-04 20:30:37 0 d-------- C:\Program Files\Common Files\Ahead

2007-03-02 17:34:03 0 d--h----- C:\Program Files\InstallShield Installation Information

2007-03-02 17:22:17 0 d-------- C:\Program Files\Common Files\Adobe

2007-03-02 17:15:20 0 d-------- C:\Program Files\Elaborate Bytes

2007-03-01 20:56:58 0 d-------- C:\Program Files\Neostrada TP

2007-02-27 20:52:13 0 d-------- C:\Program Files\SpeedFan

2007-02-26 19:33:09 0 d-------- C:\Program Files\Gadu-Gadu

2007-02-25 21:41:33 0 d-------- C:\Documents and Settings\Mati xD\Dane aplikacji\Skype

2007-02-18 20:36:51 0 d-------- C:\Program Files\Corel

2007-02-18 20:33:30 2516 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys

2007-02-18 00:25:06 0 d-------- C:\Documents and Settings\Mati xD\Dane aplikacji\Winamp

2007-02-17 14:11:52 0 d-------- C:\Program Files\TuneUp Utilities 2007

2007-02-11 20:40:34 8 -r-hs---- C:\WINDOWS\system32\5FC8431A3C.sys<5FC843~1.SYS>

2007-02-11 20:40:23 0 d-------- C:\Documents and Settings\Mati xD\Dane aplikacji\Corel

2007-02-11 20:39:05 0 d-------- C:\Program Files\Common Files\InstallShield

2007-02-10 21:30:20 0 d-------- C:\Program Files\GTA VC - NFS Undeground

2007-02-10 19:34:18 0 d---s---- C:\Documents and Settings\Mati xD\Dane aplikacji\Microsoft

2007-02-09 12:54:00 0 d-------- C:\Program Files\Netia

2007-02-09 11:58:14 0 d-------- C:\Documents and Settings\Mati xD\Dane aplikacji\CTdeveloping

2007-02-04 20:47:22 0 d-------- C:\Program Files\Skype

2007-02-04 20:47:22 0 d-------- C:\Program Files\Common Files\Skype

2007-02-02 22:40:51 0 d-------- C:\Program Files\Common Files\AOL

2007-02-02 22:29:03 0 d-------- C:\Documents and Settings\Mati xD\Dane aplikacji\acccore

2007-02-02 22:22:06 0 d-------- C:\Program Files\Common Files\Nullsoft

2007-02-01 20:36:46 0 d-------- C:\Program Files\ffdshow

2007-02-01 14:45:01 0 d-------- C:\Program Files\Kaspersky Lab

2007-02-01 14:41:06 0 d-------- C:\Documents and Settings\Mati xD\Dane aplikacji\TuneUp Software

2007-02-01 14:40:46 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard

2007-01-31 20:41:53 13824 --a------ C:\WINDOWS\_g6uninst.exe<_G6UNI~1.EXE>

2007-01-31 19:36:27 903138 --a------ C:\WINDOWS\IVO Glossary Uninstaller.exe

2007-01-29 09:58:06 60416 -----n--- C:\WINDOWS\system32\tzchange.exe

2007-01-27 13:58:05 0 d-------- C:\Program Files\DFX

2007-01-23 15:18:41 0 d-------- C:\Program Files\Odkurzacz

2007-01-21 22:11:35 0 d-------- C:\Program Files\BearShare Acceleration Patch

2007-01-16 20:44:35 0 d-------- C:\Documents and Settings\Mati xD\Dane aplikacji\Lavasoft

2007-01-12 09:27:42 232960 --a------ C:\WINDOWS\system32\webcheck.dll

2007-01-12 09:27:42 51712 -----n--- C:\WINDOWS\system32\msfeedsbs.dll

2007-01-12 09:27:42 458752 -----n--- C:\WINDOWS\system32\msfeeds.dll

2007-01-12 09:27:42 6054400 --a------ C:\WINDOWS\system32\ieframe.dll

2007-01-09 18:46:02 10752 --a------ C:\WINDOWS\system32\ff_vfw.dll

2007-01-08 19:04:54 105984 --a------ C:\WINDOWS\system32\url.dll

2007-01-08 19:04:08 102400 --a------ C:\WINDOWS\system32\occache.dll

2007-01-08 19:02:04 266752 --a------ C:\WINDOWS\system32\iertutil.dll

2007-01-08 19:02:04 44544 --a------ C:\WINDOWS\system32\iernonce.dll

2007-01-08 19:02:02 384000 --a------ C:\WINDOWS\system32\iedkcs32.dll

2007-01-08 19:02:02 383488 -----n--- C:\WINDOWS\system32\ieapfltr.dll

2007-01-08 19:02:02 161792 --a------ C:\WINDOWS\system32\ieakui.dll

2007-01-08 19:02:02 230400 --a------ C:\WINDOWS\system32\ieaksie.dll

2007-01-08 19:02:02 153088 --a------ C:\WINDOWS\system32\ieakeng.dll

2007-01-08 19:01:14 17408 --a------ C:\WINDOWS\system32\corpol.dll

2007-01-08 19:00:48 124928 --a------ C:\WINDOWS\system32\advpack.dll

2007-01-08 18:08:14 56832 --a------ C:\WINDOWS\system32\ie4uinit.exe

2007-01-08 18:08:10 13824 --a------ C:\WINDOWS\system32\ieudinit.exe

2007-01-05 22:01:45 20 --a------ C:\WINDOWS\system32\remstats32.dll

2006-12-28 23:41:52 219648 --a------ C:\WINDOWS\system32\uxtheme.dll

2006-12-27 18:14:14 355486 --a------ C:\WINDOWS\system32\perfh015.dat

2006-12-27 18:14:14 49492 --a------ C:\WINDOWS\system32\perfc015.dat

2006-12-26 11:42:34 262144 --a------ C:\WINDOWS\system32\default_user_class.dat

2006-12-24 16:06:17 36441 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpowerAMP Music Converter.dat

2006-12-24 16:06:17 131072 --a------ C:\WINDOWS\system32\SpoonUninstall.exe

2006-12-23 21:39:39 2368 --a------ C:\WINDOWS\system32\SVKP.sys

2006-12-23 21:35:19 25992 --a------ C:\WINDOWS\system32\pgdfgsvc.exe

2006-12-23 21:09:51 443 --a------ C:\WINDOWS\pcwKmm.BAT

2006-12-23 21:03:39 1340 --a------ C:\WINDOWS\pcwKoe.BAT

2006-12-19 22:51:04 135168 --a------ C:\WINDOWS\system32\shsvcs.dll

2006-12-19 19:18:25 334336 --a------ C:\WINDOWS\system32\wiaservc.dll

2006-12-19 16:53:46 24072 --a------ C:\WINDOWS\system32\uxtuneup.dll

2006-12-16 20:26:36 1289 --a------ C:\WINDOWS\mozver.dat

2006-12-14 20:31:00 0 --a------ C:\WINDOWS\nsreg.dat

2006-12-14 20:03:34 0 -rahs--c- C:\MSDOS.SYS

2006-12-14 20:03:34 0 -rahs--c- C:\IO.SYS

2006-12-14 20:03:34 0 --a----c- C:\CONFIG.SYS

2006-12-14 20:03:34 0 --a----c- C:\AUTOEXEC.BAT

2006-12-14 20:00:33 21856 --a------ C:\WINDOWS\system32\emptyregdb.dat

2006-12-14 19:55:39 62 --ahs---- C:\Documents and Settings\Mati xD\Dane aplikacji\desktop.ini

2006-12-13 21:24:42 89296 --a------ C:\WINDOWS\system32\ElbyCDIO.dll



-- Registry Dump ---------------------------------------------------------------



[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]

"SpeedX"="D:\\SpeedX.exe"

"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

"Gadu-Gadu"="\"C:\\Program Files\\Gadu-Gadu\\gg.exe\" /tray"

"NETIANET"="C:\\Program Files\\Netia\\Net\\netianet.exe"


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]

"ATIPTA"="\"C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe\""

"SpeedTouch USB Diagnostics"="\"C:\\Program Files\\Thomson\\SpeedTouch USB\\Dragdiag.exe\" /icon"

"kis"="\"C:\\Program Files\\Kaspersky Lab\\Kaspersky Internet Security 6.0\\avp.exe\""

"kav"="\"C:\\Program Files\\Kaspersky Lab\\Kaspersky Internet Security 6.0\\avp.exe\""

"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_10\\bin\\jusched.exe\""

"HP Component Manager"="\"C:\\Program Files\\HP\\hpcoretech\\hpcmpmgr.exe\""

"HP Software Update"="\"C:\\Program Files\\Hewlett-Packard\\HP Software Update\\HPWuSchd.exe\""

"HPDJ Taskbar Utility"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\hpztsb09.exe"

"ISUSPM Startup"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\isuspm.exe\" -startup"

"ISUSScheduler"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start"

"WinampAgent"="C:\\Program Files\\Winamp\\winampa.exe"


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]

"Installed"="1"


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]

"Installed"="1"

"NoChange"="1"


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]

"Installed"="1"


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

"BearShare Acceleration Patch"="C:\\Documents and Settings\\All Users\\Menu Start\\Programy\\BearShare Acceleration Patch\\BearShare Acceleration Patch.lnk"

"Skype"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"BearShare"="\"C:\\Program Files\\BearShare\\BearShare.exe\" /pause"


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Gamma Loader.lnk]

"path"="C:\\Documents and Settings\\All Users\\Menu Start\\Programy\\Autostart\\Adobe Gamma Loader.lnk"

"backup"="C:\\WINDOWS\\pss\\Adobe Gamma Loader.lnkCommon Startup"

"location"="Common Startup"

"command"="C:\\PROGRA~1\\COMMON~1\\Adobe\\CALIBR~1\\ADOBEG~1.EXE "

"item"="Adobe Gamma Loader"


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk]

"path"="C:\\Documents and Settings\\All Users\\Menu Start\\Programy\\Autostart\\Adobe Reader Speed Launch.lnk"

"backup"="C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup"

"location"="Common Startup"

"command"="C:\\PROGRA~1\\Adobe\\ACROBA~1.0\\Reader\\READER~1.EXE "

"item"="Adobe Reader Speed Launch"


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^GetRight - Tray Icon.lnk]

"path"="C:\\Documents and Settings\\All Users\\Menu Start\\Programy\\Autostart\\GetRight - Tray Icon.lnk"

"backup"="C:\\WINDOWS\\pss\\GetRight - Tray Icon.lnkCommon Startup"

"location"="Common Startup"

"command"="C:\\PROGRA~1\\GetRight\\getright.exe "

"item"="GetRight - Tray Icon"


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="CloneCDTray"

"hkey"="HKLM"

"command"="\"C:\\Program Files\\SlySoft\\CloneCD\\CloneCDTray.exe\" /s"

"inimapping"="0"


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Odkurzacz-MCD]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="odk_mcd"

"hkey"="HKCU"

"command"="\"C:\\Program Files\\Odkurzacz\\odk_mcd.exe\""

"inimapping"="0"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"appinit_dlls"="C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll"



[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]

"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"


[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]

"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"


[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]

LocalService	REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0

NetworkService	REG_MULTI_SZ DnsCache\0\0

rpcss	REG_MULTI_SZ RpcSs\0\0

imgsvc	REG_MULTI_SZ StiSvc\0\0

termsvcs	REG_MULTI_SZ TermService\0\0

HTTPFilter	REG_MULTI_SZ HTTPFilter\0\0

DcomLaunch	REG_MULTI_SZ DcomLaunch\0TermService\0\0


HKLM\software\Microsoft\Windows NT\CurrentVersion\Svchost *netsvcs*

UxTuneUp




-- End of ComboScan: finished at 2007-03-13 at 20:59:27 ------------------------

Proszę x)

#5

Hm… jest Ok

#6 
Logfile of HijackThis v1.99.1

Scan saved at 14:15:35, on 2007-03-17

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)


Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe

C:\Program Files\Winamp\winampa.exe

C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe

C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe

C:\Program Files\MultiMedia Keyboard Drv\kb_2k.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\Program Files\Netia\Net\netianet.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Winamp\winamp.exe

C:\WINDOWS\SoftwareDistribution\Download\34998dee4c383d58fc376f1625448dba\update\update.exe

C:\Program Files\HijackThis\HijackThis.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay

O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon

O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe

O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"

O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s

O4 - HKLM\..\Run: [MP10_EnsureFileVer] C:\WINDOWS\inf\unregmp2.exe /EnsureFileVersions

O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray

O4 - HKCU\..\Run: [Odkurzacz-MCD] C:\Program Files\Odkurzacz\odk_mcd.exe

O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [NETIANET] C:\Program Files\Netia\Net\netianet.exe

O4 - Global Startup: Multimedia Keyboard Driver.lnk = C:\Program Files\MultiMedia Keyboard Drv\kb_2k.exe

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Statystyki ochrony WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll

O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O17 - HKLM\System\CCS\Services\Tcpip\..\{74B12BB3-63E4-40DB-95C7-1C42DA71F300}: NameServer = 213.241.79.37 83.238.255.76

O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)

a teraz mi w tescie wyswietla ze mam neta 256 a tak naprawde mam 512 ;/

#7

Log Ok.

Czy podczas robienia testu przypadkiem nie pracował w tle ten proces odpowiedzialny za aktualizacje automatyczne Windows? Być może właśnie on spowodował pokazanie takiego właśnie wyniku?

#8

wyłączyłem aktualizacje i tak nadal predkosc jest niska ;(