proszę o sprawdzenie loga

[chaber555]

Od około 2 dni gdy wpisuje komendę "netstat" pojawia sie kilkanaście aktywnych połączeń localhost + rożne porty. Przeskanowałem komputer przy pomocy Kaspersky Internet Security 7.0 który wykrył wirusa Heur.Trojan.Generic którego usunąłem. Dwa razy przy wpisaniu komendy netstat zdarzyło sie że aktywnych była ogromna ilosc połączeń z hostem neostrady. Wydaje mi sie również, że jest to powodem dosc wysokich pingów, ale nie jestem pewien niedawno wysokie pingi utrzymywaly sie podczas gdy TPSA modernizowala swoje linie. Wklejam screen z poleceniem "netstat" oraz logi z hijackthis.


http://winogrono.net/_up/5/1/7/a/c/6/3/17ac6305ea951fbfa777c28a74807e15.jpg

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:48:17, on 2007-08-28
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\A4Tech\Mouse\Amoumain.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\AutoConnect\AutoConnect.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\System32\taskmgr.exe
C:\WINDOWS\System32\cmd.exe
C:\Program Files\Tlen.pl\tlen.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\userinit.exe
O1 - Hosts: 72.36.235.242 l2authd.lineage2.com
O1 - Hosts: 72.36.235.242 l2testauthd.lineage2.com
O1 - Hosts: 62.1.128.123 L2authd.lineage2.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {CF021F40-3E14-23A5-CBA2-7173706D1316} - (no file)
O2 - BHO: (no name) - {CF46BFB3-2ACC-441b-B82B-36B9562C7FF1} - C:\WINDOWS\System32\numqnojg.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [WheelMouse] C:\Program Files\A4Tech\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [secures23] mssecure.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\RunServices: [SystemSAS] system32.exe
O4 - HKLM\..\RunServices: [secures23] mssecure.exe
O4 - HKCU\..\Run: [AutoConnect] C:\Program Files\AutoConnect\AutoConnect.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Dodaj do blokowanych banerów - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Statystyki dla ochrony WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O12 - Plugin for .exe: C:\Program Files\Opera\PLUGINS\NPFgc1.dll
O15 - ProtocolDefaults: 'https' protocol is in Trusted Zone, should be Internet Zone (HKLM)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.pl/resources/virusscanner/kavwebscan_unicode.cab
O16 - DPF: {5A09E43F-A0A7-4ABF-AF80-11367CF1DC8F} (MainControl Class) - http://mks.com.pl/skaner/SkanerOnline.cab
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://skaner.mks.com.pl/SkanerOnline.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2711C7D2-CF29-4B50-A627-691885D3C8EA}: NameServer = 194.204.159.1 217.98.63.164
O17 - HKLM\System\CS1\Services\Tcpip\..\{2711C7D2-CF29-4B50-A627-691885D3C8EA}: NameServer = 194.204.159.1 217.98.63.164
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O20 - Winlogon Notify: vtutu - C:\WINDOWS\
O23 - Service: ArcaBit NetMonitor (ABNetMon) - Unknown owner - C:\Program Files\MKS\Bin\NetMonSV.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: MkS_Vir Monitor (MksVirMonSvc) - Unknown owner - C:\Program Files\MKS\Bin\mksmonsv.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Kerio WinRoute Firewall (WinRoute) - Unknown owner - C:\Program Files\Kerio\WinRoute Firewall\winroute.exe (file missing)

--
End of file - 6165 bytes

[Red]

do usunięcia:

O2 - BHO: (no name) - {CF021F40-3E14-23A5-CBA2-7173706D1316} - (no file)
O2 - BHO: (no name) - {CF46BFB3-2ACC-441b-B82B-36B9562C7FF1} - C:\WINDOWS\System32\numqnojg.dll
O4 - HKLM\..\Run: [secures23] mssecure.exe

O4 - HKLM\..\RunServices: [SystemSAS] system32.exe
O4 - HKLM\..\RunServices: [secures23] mssecure.exe
O15 - ProtocolDefaults: 'https' protocol is in Trusted Zone, should be Internet Zone (HKLM)
O20 - Winlogon Notify: vtutu - C:\WINDOWS\

zastosuj dodatkowo:
http://siri.urz.free.fr/Fix/SmitfraudFix.php

odpal go z opcji 2

[chaber555]

W hijackthis usuniete a w smitfraudfix po zakonczeniu "czyszczenia" taki raport

SmitFraudFix v2.217

Scan done at 20:51:24,32, 2007-08-28
Run from C:\Program Files\Mozilla Firefox\SmitfraudFix
OS: Microsoft Windows XP [Wersja 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts


72.36.235.242 l2authd.lineage2.com
72.36.235.242 l2testauthd.lineage2.com

127.0.0.1 localhost
62.1.128.123 L2authd.lineage2.com



»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


»»»»»»»»»»»»»»»»»»»»»»»» DNS



»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End

Localhosty dalej sa w aktywnych połączeniach.

[wojtas]

a usuneles pogrubione ktore wskazal Red ??
jesli nie to zrob to i daj nowego loga z hijacka oraz z dss'a

[chaber555]

Gdzie moge znaleźć te pliki:

O4 - HKLM\..\Run: [secures23] mssecure.exe

O4 - HKLM\..\RunServices: [SystemSAS] system32.exe

Uruchomiłem wyszukiwanie ale nie znalazlem takich. Jedyne co znalazlem to 2 backupy z Regcleanera z 2006 roku

[Dzi@dek]

W opcjach folderów odchacz-ukryj chronione pliki. Oraz zaznacz: pokaz ukryte pliki i foldery.

[chaber555]

No wiec jedyne pliki jakie znalazlem to takie
http://winogrono.net/_up/5/d/e/f/6/5/0/def650fff45846a279a950b68a881976.jpg

Daje nowego loga z Hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:25:52, on 2007-08-29
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\A4Tech\Mouse\Amoumain.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\AutoConnect\AutoConnect.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\msiexec.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\userinit.exe
O1 - Hosts: 72.36.235.242 l2authd.lineage2.com
O1 - Hosts: 72.36.235.242 l2testauthd.lineage2.com
O1 - Hosts: 62.1.128.123 L2authd.lineage2.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [WheelMouse] C:\Program Files\A4Tech\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [AutoConnect] C:\Program Files\AutoConnect\AutoConnect.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-21-1801674531-57989841-725345543-1003\..\Run: [AutoConnect] C:\Program Files\AutoConnect\AutoConnect.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Statystyki dla ochrony WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O12 - Plugin for .exe: C:\Program Files\Opera\PLUGINS\NPFgc1.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.pl/resources/virusscanner/kavwebscan_unicode.cab
O16 - DPF: {5A09E43F-A0A7-4ABF-AF80-11367CF1DC8F} (MainControl Class) - http://mks.com.pl/skaner/SkanerOnline.cab
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://skaner.mks.com.pl/SkanerOnline.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2711C7D2-CF29-4B50-A627-691885D3C8EA}: NameServer = 194.204.159.1 217.98.63.164
O17 - HKLM\System\CS1\Services\Tcpip\..\{2711C7D2-CF29-4B50-A627-691885D3C8EA}: NameServer = 194.204.159.1 217.98.63.164
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O23 - Service: ArcaBit NetMonitor (ABNetMon) - Unknown owner - C:\Program Files\MKS\Bin\NetMonSV.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: MkS_Vir Monitor (MksVirMonSvc) - Unknown owner - C:\Program Files\MKS\Bin\mksmonsv.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Kerio WinRoute Firewall (WinRoute) - Unknown owner - C:\Program Files\Kerio\WinRoute Firewall\winroute.exe (file missing)

--
End of file - 5338 bytes

Z smitfraud:

SmitFraudFix v2.217

Scan done at 14:19:33,40, 2007-08-29
Run from C:\Documents and Settings\Piotr.MP\Pulpit\SmitfraudFix
OS: Microsoft Windows XP [Wersja 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts


72.36.235.242 l2authd.lineage2.com
72.36.235.242 l2testauthd.lineage2.com

127.0.0.1 localhost
62.1.128.123 L2authd.lineage2.com



»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


»»»»»»»»»»»»»»»»»»»»»»»» DNS



»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End

Oraz dss main.txt:

Deckard's System Scanner v20070826.66
Run by Piotr on 2007-08-29 14:22:15
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Failed to create restore point; unknown error code 0x00000001


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Piotr.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:23:57, on 2007-08-29
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\A4Tech\Mouse\Amoumain.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\AutoConnect\AutoConnect.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\msiexec.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Piotr.MP\Pulpit\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Piotr.exe

F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\userinit.exe
O1 - Hosts: 72.36.235.242 l2authd.lineage2.com
O1 - Hosts: 72.36.235.242 l2testauthd.lineage2.com
O1 - Hosts: 62.1.128.123 L2authd.lineage2.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [WheelMouse] C:\Program Files\A4Tech\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [AutoConnect] C:\Program Files\AutoConnect\AutoConnect.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-21-1801674531-57989841-725345543-1003\..\Run: [AutoConnect] C:\Program Files\AutoConnect\AutoConnect.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Statystyki dla ochrony WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O12 - Plugin for .exe: C:\Program Files\Opera\PLUGINS\NPFgc1.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.pl/resources/virusscanner/kavwebscan_unicode.cab
O16 - DPF: {5A09E43F-A0A7-4ABF-AF80-11367CF1DC8F} (MainControl Class) - http://mks.com.pl/skaner/SkanerOnline.cab
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://skaner.mks.com.pl/SkanerOnline.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2711C7D2-CF29-4B50-A627-691885D3C8EA}: NameServer = 194.204.159.1 217.98.63.164
O17 - HKLM\System\CS1\Services\Tcpip\..\{2711C7D2-CF29-4B50-A627-691885D3C8EA}: NameServer = 194.204.159.1 217.98.63.164
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O23 - Service: ArcaBit NetMonitor (ABNetMon) - Unknown owner - C:\Program Files\MKS\Bin\NetMonSV.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: MkS_Vir Monitor (MksVirMonSvc) - Unknown owner - C:\Program Files\MKS\Bin\mksmonsv.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Kerio WinRoute Firewall (WinRoute) - Unknown owner - C:\Program Files\Kerio\WinRoute Firewall\winroute.exe (file missing)

--
End of file - 5350 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20070729-223934-101 O4 - HKCU\..\Run: [Octoshape Streaming Services] "C:\Program Files\Octoshape Streaming Services\Piotr\OctoshapeClient.exe" -inv:bootrun
backup-20070729-223934-131 O8 - Extra context menu item: Pobierz z &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm
backup-20070729-223934-487 O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
backup-20070729-223934-736 O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
backup-20070729-223934-945 O23 - Service: MkS_Vir Monitor (MksVirMonSvc) - Unknown owner - C:\Program Files\MKS\Bin\mksmonsv.exe (file missing)
backup-20070729-224137-599 O16 - DPF: {CDCBE0F1-D13A-4F86-A963-3A272D3ABA7E} - http://advnt01.com/dialer/internazionale_ver15.CAB
backup-20070729-224138-183 O23 - Service: MkS_Vir Monitor (MksVirMonSvc) - Unknown owner - C:\Program Files\MKS\Bin\mksmonsv.exe (file missing)
backup-20070729-224138-190 O23 - Service: MkSUpdateInt - Unknown owner - C:\Program Files\MKS\bin\MkSUpdateInt.exe (file missing)
backup-20070729-224138-233 O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe (file missing)
backup-20070729-224138-306 O23 - Service: ArcaBit NetMonitor (ABNetMon) - Unknown owner - C:\Program Files\MKS\Bin\NetMonSV.exe (file missing)
backup-20070729-224138-322 O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (file missing)
backup-20070729-224138-481 O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
backup-20070729-224138-521 O23 - Service: DomainService - - C:\WINDOWS\System32\qwerty12.exe
backup-20070729-224138-938 O23 - Service: MkS_Scan - Unknown owner - C:\Program Files\MKS\Bin\mks_scan.exe (file missing)
backup-20070813-212729-303 R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
backup-20070813-212729-582 O23 - Service: MkS_Vir Monitor (MksVirMonSvc) - Unknown owner - C:\Program Files\MKS\Bin\mksmonsv.exe (file missing)
backup-20070813-212729-718 O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
backup-20070813-212729-938 O23 - Service: ArcaBit NetMonitor (ABNetMon) - Unknown owner - C:\Program Files\MKS\Bin\NetMonSV.exe (file missing)
backup-20070827-175929-156 O23 - Service: MkS_Vir Monitor (MksVirMonSvc) - Unknown owner - C:\Program Files\MKS\Bin\mksmonsv.exe (file missing)
backup-20070827-175929-398 O2 - BHO: (no name) - {66070EA8-35EB-4CBE-9CF7-D4906A3A00E1} - C:\WINDOWS\System32\vtutu.dll (file missing)
backup-20070827-175929-464 O23 - Service: ArcaBit NetMonitor (ABNetMon) - Unknown owner - C:\Program Files\MKS\Bin\NetMonSV.exe (file missing)
backup-20070827-175929-471 O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
backup-20070827-175929-616 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
backup-20070827-175929-665 O2 - BHO: (no name) - {9D7EF71F-92F4-4E1E-93DE-E21436E4C815} - C:\WINDOWS\System32\ddcccaa.dll (file missing)
backup-20070827-175929-802 O2 - BHO: (no name) - {FCFB4F7E-7931-43B5-9812-63595C0994F0} - C:\WINDOWS\System32\glfxyqvp.dll (file missing)
backup-20070827-175929-825 O2 - BHO: GetRight IE Download Helper - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
backup-20070827-175929-898 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP
backup-20070827-213655-176 O23 - Service: ArcaBit NetMonitor (ABNetMon) - Unknown owner - C:\Program Files\MKS\Bin\NetMonSV.exe (file missing)
backup-20070827-213655-387 O9 - Extra button: IE HTTPAnalyzer V2 - {85F4A88D-5FA7-40BB-8BD3-AF7E24C0BF4A} - C:\PROGRA~1\IEINSP~1\HTTPAN~1\IEHTTP~1.DLL
backup-20070827-213655-443 O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
backup-20070827-213655-642 O23 - Service: MkS_Vir Monitor (MksVirMonSvc) - Unknown owner - C:\Program Files\MKS\Bin\mksmonsv.exe (file missing)
backup-20070827-213655-803 O9 - Extra 'Tools' menuitem: IE HTTPAnalyzer V2 - {85F4A88D-5FA7-40BB-8BD3-AF7E24C0BF4A} - C:\PROGRA~1\IEINSP~1\HTTPAN~1\IEHTTP~1.DLL
backup-20070827-213655-822 O9 - Extra button: CarbonPoker - {6FDD5236-C9F0-49ef-935D-385F5E21991A} - C:\Program Files\CarbonPoker\Poker.exe (HKCU)
backup-20070827-213655-862 O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
backup-20070827-213718-548 O23 - Service: MkS_Vir Monitor (MksVirMonSvc) - Unknown owner - C:\Program Files\MKS\Bin\mksmonsv.exe (file missing)
backup-20070827-213718-555 O23 - Service: ArcaBit NetMonitor (ABNetMon) - Unknown owner - C:\Program Files\MKS\Bin\NetMonSV.exe (file missing)
backup-20070827-213746-655 O23 - Service: Kerio WinRoute Firewall (WinRoute) - Kerio Technologies - C:\Program Files\Kerio\WinRoute Firewall\winroute.exe
backup-20070828-162757-378 O23 - Service: Kerio WinRoute Firewall (WinRoute) - Unknown owner - C:\Program Files\Kerio\WinRoute Firewall\winroute.exe (file missing)
backup-20070828-204303-180 O4 - HKLM\..\RunServices: [SystemSAS] system32.exe
backup-20070828-204303-207 O4 - HKLM\..\RunServices: [secures23] mssecure.exe
backup-20070828-204303-400 O20 - Winlogon Notify: vtutu - C:\WINDOWS\
backup-20070828-204303-513 O2 - BHO: (no name) - {CF021F40-3E14-23A5-CBA2-7173706D1316} - (no file)
backup-20070828-204303-804 O2 - BHO: (no name) - {CF46BFB3-2ACC-441b-B82B-36B9562C7FF1} - C:\WINDOWS\System32\numqnojg.dll
backup-20070828-204303-826 O4 - HKLM\..\Run: [secures23] mssecure.exe
backup-20070828-204303-876 O15 - ProtocolDefaults: 'https' protocol is in Trusted Zone, should be Internet Zone (HKLM)
backup-20070828-224035-928 O23 - Service: Kerio WinRoute Firewall (WinRoute) - Unknown owner - C:\Program Files\Kerio\WinRoute Firewall\winroute.exe (file missing)

-- File Associations -----------------------------------------------------------

.cpl - cplfile - shell\cplopen\command - unable to read value
.js - EdHTMLFile_2 - DefaultIcon - unable to read value
.js - EdHTMLFile_2 - shell\open\command - "c:\programy\EdHTML v5.0\EdHTML.exe" "%1"
.vbs - EdHTMLFile_8 - DefaultIcon - unable to read value
.vbs - EdHTMLFile_8 - shell\open\command - "c:\programy\EdHTML v5.0\EdHTML.exe" "%1"
.vbs - EdHTMLFile_8 - shell\edit\command - unable to read value


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

All drivers whitelisted.


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

All services whitelisted.


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Files created between 2007-07-29 and 2007-08-29 -----------------------------

2007-08-29 11:59:21 64 --a------ C:\WINDOWS\System32\o
2007-08-28 22:26:04 208896 -----n--- C:\WINDOWS\alcupd.exe <Not Verified; Avance Logic, Inc.; Update Application for Avance AC'97>
2007-08-28 22:26:04 135168 -----n--- C:\WINDOWS\alcrmv.exe <Not Verified; Avance Logic, Inc.; Avance AC'97 Removing Tool for INTEL, VIA, SIS ALI Chipset>
2007-08-28 10:22:33 0 --a------ C:\WINDOWS\System32\upds.exe
2007-08-27 17:53:27 0 --a------ C:\WINDOWS\System32\bling.exe
2007-08-27 15:52:26 2048 --a------ C:\WINDOWS\System32\helperymsng2.exe
2007-08-22 21:56:48 0 d-------- C:\Program Files\Google
2007-08-22 21:56:39 0 d-------- C:\Program Files\Picasa2
2007-08-21 19:21:45 0 d-------- C:\Program Files\NFS - Porsche Unleashed
2007-08-20 13:54:23 0 d-------- C:\Program Files\Real Alternative
2007-08-17 16:02:23 0 d-------- C:\Program Files\Ganymede
2007-08-09 23:04:58 0 d-------- C:\Program Files\Uplink
2007-08-09 22:58:41 229057 --a------ C:\WINDOWS\Alcohol_Toolbar_Uninstaller_2515.exe <Not Verified; Alcohol Soft; Alcohol Soft>
2007-08-09 22:58:40 0 d-------- C:\Program Files\Alcohol Toolbar
2007-08-09 22:58:37 0 d-------- C:\Program Files\Alcohol Soft
2007-08-09 16:38:11 0 d-------- C:\Program Files\Octoshape Streaming Services
2007-08-07 19:51:42 0 d-------- C:\Program Files\Sierra
2007-08-06 14:19:46 0 d-------- C:\Program Files\Ea Sports
2007-08-01 18:00:37 0 d-------- C:\Program Files\MediaCoder
2007-08-01 17:05:03 82258 --a------ C:\WINDOWS\System32\drivers\klin.dat
2007-08-01 17:05:03 82258 --a------ C:\WINDOWS\System32\drivers\klick.dat
2007-08-01 17:03:51 0 d-------- C:\Program Files\Kaspersky Lab
2007-08-01 17:03:26 181024 --ahs---- C:\WINDOWS\System32\drivers\fidbox2.dat
2007-08-01 17:03:26 6856224 --ahs---- C:\WINDOWS\System32\drivers\fidbox.dat
2007-08-01 16:12:46 125460 --a------ C:\WINDOWS\System32\cbkgdhhx.dll
2007-07-29 22:37:49 0 d-------- C:\Program Files\Trend Micro


-- Find3M Report ---------------------------------------------------------------

2007-08-29 14:19:53 2166 --a------ C:\WINDOWS\System32\tmp.reg
2007-08-29 11:52:18 0 d-------- C:\Program Files\AutoConnect
2007-08-28 22:26:03 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-08-28 15:40:15 0 d-------- C:\Program Files\GetRight
2007-08-28 15:24:18 0 d-------- C:\Program Files\Common Files\Agnitum Shared
2007-08-28 10:24:39 0 d-------- C:\Documents and Settings\Piotr.MP\Dane aplikacji\Tlen.pl
2007-08-27 23:28:01 0 d-------- C:\Documents and Settings\Piotr.MP\Dane aplikacji\foobar2000
2007-08-27 22:33:04 0 d-------- C:\Program Files\HLSW
2007-08-27 20:50:16 0 d-------- C:\Program Files\RegCleaner
2007-08-27 20:07:47 0 d-------- C:\Documents and Settings\Piotr.MP\Dane aplikacji\Kerio
2007-08-27 18:46:17 0 d-------- C:\Program Files\mIRC
2007-08-26 12:33:26 0 d-------- C:\Documents and Settings\Piotr.MP\Dane aplikacji\teamspeak2
2007-08-25 14:23:48 0 d-------- C:\Documents and Settings\Piotr.MP\Dane aplikacji\GanymedeNet
2007-08-21 23:49:12 0 d-------- C:\Documents and Settings\Piotr.MP\Dane aplikacji\uTorrent
2007-08-20 13:54:24 0 d-------- C:\Program Files\Media Player Classic
2007-08-19 15:17:52 0 d-------- C:\Program Files\TrackMania
2007-08-15 18:31:02 0 d-------- C:\Documents and Settings\Piotr.MP\Dane aplikacji\ppstream
2007-08-15 18:30:55 0 d-------- C:\Program Files\PPStream
2007-08-14 06:35:03 0 d-------- C:\Program Files\uTorrent
2007-08-13 19:46:50 0 d-------- C:\Program Files\WinAce
2007-08-13 16:54:06 0 d-------- C:\Program Files\x264
2007-08-13 16:54:04 0 d-------- C:\Program Files\Ventrilo
2007-08-13 16:53:42 0 d-------- C:\Program Files\SubEdit-Player
2007-08-13 16:53:16 0 d-------- C:\Program Files\Mozilla Thunderbird
2007-08-01 18:49:01 0 d-------- C:\Program Files\Neostrada TP
2007-08-01 17:20:14 0 d-------- C:\Program Files\Windows NT
2007-08-01 17:17:58 0 d-------- C:\Program Files\Movie Maker
2007-08-01 17:11:12 734691 ---hs---- C:\WINDOWS\System32\ututv.ini2
2007-08-01 17:09:32 736598 ---hs---- C:\WINDOWS\System32\ututv.bak2
2007-07-31 23:09:59 740816 ---hs---- C:\WINDOWS\System32\ututv.bak1
2007-07-28 16:21:12 0 d-------- C:\Program Files\Microsoft AntiSpyware
2007-07-24 19:42:03 0 d-------- C:\Program Files\Electronic Arts
2007-07-22 15:35:22 0 d-------- C:\Documents and Settings\Piotr.MP\Dane aplikacji\Adobe
2007-07-20 11:38:58 155648 --a------ C:\WINDOWS\System32\ssleay32.dll
2007-07-20 11:38:58 684032 --a------ C:\WINDOWS\System32\libeay32.dll
2007-07-17 14:59:30 0 d-------- C:\Program Files\AIDA32 - Enterprise System Information
2007-07-17 10:27:05 0 --a------ C:\WINDOWS\System32\directxclickers.exe
2007-07-15 15:53:30 0 d-------- C:\Program Files\Bus Driver
2007-07-11 23:10:31 0 d-------- C:\Program Files\Tlen.pl
2007-07-08 10:27:15 0 d-------- C:\Program Files\Headshot Player
2007-07-04 13:33:41 0 d-------- C:\Program Files\CarbonPoker
2007-07-01 12:32:34 0 d-a------ C:\Program Files\Common Files


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2002-06-18 12:44 C:\WINDOWS\soundman.exe]
"SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 12:38]
"WheelMouse"="C:\Program Files\A4Tech\Mouse\Amoumain.exe" [2005-09-29 03:49]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2006-10-22 13:22]
"nwiz"="nwiz.exe" [2006-10-22 13:22 C:\WINDOWS\system32\nwiz.exe]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-10 17:06]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2006-10-22 13:22]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AutoConnect"="C:\Program Files\AutoConnect\AutoConnect.exe" [2004-08-28 20:27]
"Steam"="" []
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-04-04 00:29]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^GetRight - Tray Icon.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\GetRight - Tray Icon.lnk
backup=C:\WINDOWS\pss\GetRight - Tray Icon.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BearShare]
"C:\Program Files\BearShare\BearShare.exe" /pause

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpyHunter]
C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"StyleXPService"=2 (0x2)
"NOD32krn"=2 (0x2)
"MksVirMonSvc"=2 (0x2)
"MkSUpdateInt"=3 (0x3)
"avast! Antivirus"=2 (0x2)
"aswUpdSv"=2 (0x2)
"ABNetMon"=2 (0x2)




-- Hosts -----------------------------------------------------------------------

72.36.235.242 l2authd.lineage2.com
72.36.235.242 l2testauthd.lineage2.com
62.1.128.123 L2authd.lineage2.com


-- End of Deckard's System Scanner: finished at 2007-08-29 14:24:28 ------------

Dss extra.txt

Deckard's System Scanner v20070826.66
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Architecture: X86; Language: Polish

Percentage of Memory in Use: 37%
Physical Memory (total/avail): 767.48 MiB / 478.05 MiB
Pagefile Memory (total/avail): 1108.18 MiB / 935.04 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1978.64 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 39.06 GiB total, 6.16 GiB free.
D: is Fixed (FAT32) - 18.2 GiB total, 2.3 GiB free.
E: is CDROM (No Media)
F: is CDROM (CDFS)
G: is CDROM (No Media)
I: is Fixed (NTFS) - 38.15 GiB total, 24.36 GiB free.



-- Security Center -------------------------------------------------------------

AUOptions is disabled.
AUState says computer has updates disabled.


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Piotr.MP\Dane aplikacji
ArmServerInfo=099A0154
CancelDNS=Configuration canceled. Check your network settings.
ChoixMenu=2
ChoixRegistre=y
CleanDNS=Do you want to set your network to dynamic -DHCP- Server ?
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=MP
ComSpec=C:\WINDOWS\system32\cmd.exe
CurDir=C:\Documents and Settings\Piotr.MP\Pulpit\SmitfraudFix
DNSHJ=Your computer may be victim of a DNS Hijack
DoReboot=0
DoRestart=0
fixname=SmitFraudFix
fixvers=v2.217
FSType=NTFS
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Piotr.MP
huy32Mess=huy32 detected, use a Rootkit scanner
KDMess=detected !
lang=int
LOGONSERVER=\\MP
lzx32Mess=lzx32 detected, use a Rootkit scanner
msguardMess=msguard detected, use a Rootkit scanner
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\SYSTEM32;C:\WINDOWS;C:\WINDOWS\SYSTEM32\WBEM;C:\PROGRAM FILES\COMMON FILES\GTK\2.0\BIN
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
pe386Mess=pe386 detected, use a Rootkit scanner
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 6 Stepping 2, AuthenticAMD
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0602
ProgramFiles=C:\Program Files
PROMPT=$P$G
RKScan=use a Rootkit scanner
SafeMDisp=Fix run in safe mode
SafeMWarn=Fix run in normal mode
sChoice=Enter your choice
sDel=Deleted
sEnd=End
sError=Problem while deleting
SESSIONNAME=Console
sFound=FOUND !
sFSType=The filesystem type is
sfxname=C:\Documents and Settings\Piotr.MP\Pulpit\SmitfraudFix.exe
sHOSTS=hosts file corrupted !
sInfect=infected !
sInfect2=infected !
sNotFound=not found
sProcess=Killing process
sRegClean=Registry Cleaning
sRegCleanQ=Do you want to clean the registry ? (y/n)
sRen=Please, Reboot and Run SmitfraudFix option 2 once again.
sRunFrom=Run from
sScanDate=Scan done at
sSearch=Scanning
sTempFolder=Deleting Temp Files
sTrustBackUp=Saving BackUp
sTrustDone=Trusted Zone deleted.
sTrustError=*** Error : zone.reg not found ***
sTrustQ=Restore Trusted Zone ? (y/n)
sWininetQ=Replace infected file ? (y/n)
sWiniSearch=Scanning for wininet.dll backup
syspath=C:\WINDOWS\system32
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Piotr.MP\USTAWI~1\Temp
TMP=C:\DOCUME~1\Piotr.MP\USTAWI~1\Temp
USERDOMAIN=MP
USERNAME=Piotr
USERPROFILE=C:\Documents and Settings\Piotr.MP
Version=Microsoft Windows XP [Wersja 5.1.2600]
windir=C:\WINDOWS
xpdtMess=xpdt detected, use a Rootkit scanner
xpdxMess=xpdx detected, use a Rootkit scanner


-- User Profiles ---------------------------------------------------------------

Piotr.MP (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
"SubEdit-Player + CodecPack" --> C:\Program Files\SubEdit-Player\Odinstaluj.exe
"SubEdit-Player" --> C:\Program Files\SubEdit-Player\Odinstaluj.exe
7-Zip 4.23 --> "C:\Program Files\7-Zip\Uninstall.exe"
Actual Drawing --> "C:\Program Files\Actual Drawing\PY_UNINSTAL.EXE" SOFTWARE\PySoft\HTML_Edit
Ad-Aware SE Personal --> C:\PROGRA~1\Lavasoft\AD-AWA~2\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~2\INSTALL.LOG
Adobe Photoshop CS --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFB21DE7-8C19-4A88-BB28-A766E16493BC}\setup.exe" -l0x15
Adobe Reader 6.0.2 CE --> MsiExec.exe /I{AC76BA86-7AD7-1038-7B44-CEA000000001}
AIDA32 v3.93 --> "C:\Program Files\AIDA32 - Enterprise System Information\unins000.exe"
Aktualizacja dla systemu Windows XP (KB894391) --> "C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB921883) --> "C:\WINDOWS\$NtUninstallKB921883$\spuninst\spuninst.exe"
Alcohol Toolbar --> "C:\WINDOWS\Alcohol_Toolbar_Uninstaller_2515.exe" _?=C:\Program Files\Alcohol Toolbar
ALLPlayer V2.1 --> C:\Program Files\MarBit\ALLPlayer\UnGins.exe "C:\Program Files\MarBit\ALLPlayer\install.log"
ALLPlayer V2.3.0 --> "C:\Program Files\MarBit\ALLPlayer\unins000.exe"
ALLPlayer V2.4 --> "C:\Program Files\MarBit\ALLPlayer\unins001.exe"
Anti-Blaxx 1.17 --> "C:\Program Files\Anti-Blaxx\unins000.exe"
Asterisk Key 8.0 --> C:\Program Files\Passware\un-ariskkey.exe
µTorrent --> "C:\Program Files\uTorrent\uninstall.exe"
AutoConnect v0.1.2.5 --> C:\Program Files\AutoConnect\uninst.exe
AV Voice Changer Software GOLD 4.0 --> C:\PROGRA~1\AVVCS4~1.0GO\UNWISE.EXE C:\PROGRA~1\AVVCS4~1.0GO\INSTALL.LOG
Avance AC'97 Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
AVOne 3GP Video Converter --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{774C9799-1FD5-4BB2-925D-54B97AE6A908}\Setup.exe"
Azureus --> C:\Program Files\Azureus\Uninstall.exe
BitSpirit v3.1.0.077 Stable Release --> "C:\Program Files\BitSpirit\unins000.exe"
BitTornado 0.3.17 --> C:\Program Files\BitTornado\uninst.exe
BitTorrent 4.26.0 --> "C:\Program Files\BitTorrent\uninstall.exe"
BitTorrent++ 0.5.4 --> "C:\Program Files\BitTorrent++\Uninstall.exe"
Biznes filmowy --> C:\Program Files\Biznes filmowy\uninstall.exe
Biznes filmowy 2 --> MsiExec.exe /I{8E9CE660-0BC6-4453-AC6E-9BAF356558A3}
Biznes filmowy 2 --> MsiExec.exe /I{9D8CFE67-0A9E-473B-BB2D-C995F715C75F}
Biznes filmowy 2 --> MsiExec.exe /I{D62D05B8-6F9F-4D2F-B861-0C9339AB2E1C}
BS Hacker (remove only) --> "C:\BSHackerReplayUnlimited\uninstall.exe"
Bus Driver --> "C:\Program Files\Bus Driver\unins000.exe"
BVE 4 --> MsiExec.exe /I{E52382DC-2E7A-439D-8ECE-A27D8B816645}
Camera Driver --> "C:\Program Files\Common Files\Logitech\QCDRV\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPT
CloneCD --> "C:\Program Files\SlySoft\CloneCD\ccd-uninst.exe" /D="C:\Program Files\SlySoft\CloneCD"
Collab --> C:\programy\collab\uninstall.exe
Content Library --> MsiExec.exe /I{585D181E-B318-4B06-A7E6-92AC6139BA54}
CoreEditor v1.0 --> "C:\Program Files\CoreEditor\unins000.exe"
Counter-Strike 1.6 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9ABFB92D-93DA-49EE-8ABF-F8195DE45CA9}\Setup.exe" -l0x19
Counter-Strike(TM) --> MsiExec.exe /I{DF5A03CC-D5AA-43D8-B948-D9903F2AF94A}
CSE Demoplayer --> MsiExec.exe /I{9741E6CB-CB8A-4E45-89A9-0F95E073980C}
Dżony Łoker 5.0 --> C:\PROGRAM FILES\MIRC\Uninstal.exe
EA SPORTS online 2007 --> I:\fifa\EASOUNInstaller.exe
EasyCleaner --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F5346614-B7C4-4E94-826A-E2363155233D}\setup.exe" -l0x9
EdHTML v5.0 --> C:\WINDOWS\unvise32.exe c:\programy\EdHTML v5.0\uninstal.log
eMule --> "C:\Program Files\eMule\Uninstall.exe"
Enable S3 for USB Device --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Gigabyte\Enable S3 for USB Device\Uninst.isu"
EVEREST Home Edition v2.20 --> "C:\Program Files\Lavalys\EVEREST Home Edition\unins000.exe"
Extra Page 2.1 --> "C:\Program Files\Extra Page 2.1\unins000.exe"
EZ Backup Firefox Basic --> C:\WINDOWS\rapidui.exe -ui ezbackupfirefoxbasic.exe
F1 Challenge 2007 Full version --> MsiExec.exe /I{C6E3F362-AAF3-48CF-B8C4-B3EBC2F2E832}
FIFA 07 --> I:\fifa\EAUninstall.exe
FileZilla (remove only) --> "C:\Program Files\FileZilla\uninstall.exe"
FlashGet(JetCar) --> C:\PROGRA~1\FlashGet\UNWISE.EXE C:\PROGRA~1\FlashGet\INSTALL.LOG
foobar2000 v0.9.4.1 --> "C:\Program Files\foobar2000\uninstall.exe"
FoxServ --> C:\WINDOWS\unvise32.exe C:\FoxServ\uninstal.log
FPSStrat --> MsiExec.exe /I{E0D86F19-EFE2-4668-A8F6-14B018CFC17B}
Gadu-Gadu 7.6 --> C:\Program Files\Gadu-Gadu\Setup.exe
GameDesire-Pool & Snooker --> C:\Program Files\Ganymede\billiards_uninstall.exe
GetRight --> C:\Program Files\GetRight\GETRIGHT.EXE /UNINSTALL
Google Earth --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x9 -removeonly
Google Video Player --> "C:\Program Files\Google\Google Video Player\Uninstall.exe"
Gothic --> C:\WINDOWS\IsUn0415.exe -f"C:\Program Files\Piranha Bytes\Gothic\Uninst.isu"
GTAIII --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{92B94569-6683-4617-8C54-EB27A1B51B30}\Setup.exe" -l0x15
GTK+ Runtime 2.6.2 rev a (wykasuj) --> C:\Program Files\Common Files\GTK\2.0\uninst.exe
Half-Life 2: Deathmatch --> "C:\Program Files\Valve\Steam\steam.exe" steam://uninstall/320
Half-Life Model Viewer 1.25 --> C:\Program Files\Half-Life Model Viewer\Uninstal.exe
Hard Truck 18 Wheels of Steel --> C:\PROGRA~1\HARDTR~1\UNWISE.EXE C:\PROGRA~1\HARDTR~1\INSTALL.LOG
Harry Potter i Zakon Feniksa™ --> C:\Program Files\Electronic Arts\Harry Potter i Zakon Feniksa\EAUninstall.exe
HDX4 MPEG-4 Codec --> C:\WINDOWS\System32\rundll32.exe setupapi,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\hdx4_dshow.inf
HDX4 Player --> MsiExec.exe /X{288F9827-B2B7-4126-A3FB-9CF7BF29932C}
Headshot Player --> C:\Program Files\Headshot Player\uninstall.exe
HEXelon 5.00 --> "C:\programy\HEXelon 5\unins000.exe"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HLSW v1.0.0.48 --> "C:\Program Files\HLSW\unins000.exe"
HLTooLz --> C:\WINDOWS\st6unst.exe -n "C:\Program Files\HLTooLz\ST6UNST.LOG"
HLTooLz (C:\Program Files\HLTooLz\) --> C:\WINDOWS\st6unst.exe -n "C:\Program Files\HLTooLz\ST6UNST.000"
HTTP Analyzer V2.2.2 --> "C:\Program Files\IEInspector\HTTPAnalyzerFullV2\unins000.exe"
IMG Tool (remove only) --> "C:\Program Files\GTA3Mods\IMG Tool\Uninstall.exe"
InterVideo WinDVD 4 --> "C:\Program Files\InstallShield Installation Information\{98E8A2EF-4EAE-43B8-A172-74842B764777}\setup.exe" REMOVEALL
IrfanView (remove only) --> C:\Program Files\IrfanView\iv_uninstall.exe
J2SE Runtime Environment 5.0 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150010}
J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
jetAudio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DF8195AF-8E6F-4487-A0EE-196F7E3F4B8A}\setup.exe" -l0x9 -removeonly
K-Lite Codec Pack 2.84 Full --> "C:\Program Files\K-Lite Codec Pack\unins000.exe"
Kaspersky Internet Security 7.0 --> MsiExec.exe /I{C774410D-3EF9-4DE7-AC01-332613163ECF}
Kaspersky Internet Security 7.0 --> MsiExec.exe /I{C774410D-3EF9-4DE7-AC01-332613163ECF}
Kaspersky Online Scanner --> C:\WINDOWS\System32\KASPER~1\KASPER~1\kavuninstall.exe
KGB Archiver 1.2.0.23 --> "C:\Program Files\KGB Archiver\unins000.exe"
Konnekt --> C:\Program Files\Konnekt\Uninst.exe
LA Street Racing --> C:\Program Files\Groove Games\LASR\uninstall.exe
Language Pack for Ad-aware 6 --> C:\PROGRA~1\Lavasoft\AD-AWA~1\Lang\LANGUA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\Lang\LANGUA~1\INSTALL.LOG
Lexmark Supplies Monitor --> C:\WINDOWS\System32\LXSMUNIN.EXE
Lexmark Z65 --> C:\WINDOWS\System32\spool\drivers\w32x86\3\LXALUN5C.EXE -dLexmark Z65
Lineage II --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{076A6FD8-EE45-4A83-B3C9-C7C34E7CAFDD}\setup.exe" -l0x9 -removeonly
Live for Speed S2 0.5Q --> C:\Program Files\Live for Speed S2\Uninstall Live for Speed S2.exe
Live for Speed S2 Car Skin --> C:\Program Files\Live for Speed S2\Uninstall Skin.exe
Logitech Print Service --> C:\PROGRA~1\Logitech\PRINTS~1\UNWISE.EXE C:\PROGRA~1\Logitech\PRINTS~1\INSTALL.LOG
Logitech QuickCam Software --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C43048A9-742C-4DAD-90D2-E3B53C9DB825}\setup.exe" -l0x9
Macromedia Flash Player 8 --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\swflash.inf,DefaultUninstall,5
Macromedia Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
MadOnion.com/3DMark2001 SE --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{91B323B5-A79C-4D23-BD6D-046C565F9BCF}\Setup.exe" -l0x9 uninstall -uninst
Magic ISO Maker v5.2 (build 0190) --> C:\PROGRA~1\MagicISO\UNWISE.EXE C:\PROGRA~1\MagicISO\INSTALL.LOG
Mario Forever --> C:\Buziol Games\Mario Forever\Odinstaluj.exe
Maxthon Browser (remove only) --> C:\Program Files\Maxthon\MaxthonUINST.exe
MediaCoder 0.6.0 --> C:\Program Files\MediaCoder\uninst.exe
MetaProducts Mass Downloader --> C:\Program Files\Mass Downloader\massdown.exe /UnInstall
Microsoft AntiSpyware --> MsiExec.exe /I{536F7C74-844B-4683-B0C5-EA39E19A6FE3}
Microsoft Office 2000 Premium --> MsiExec.exe /I{00000415-78E1-11D2-B60F-006097C998E7}
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110415-6000-11D3-8CFE-0150048383C9}
Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR) --> MsiExec.exe /X{E09B48B5-E141-427A-AB0C-D3605127224A}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Miranda IM-PL (odinstaluj) --> "C:\Program Files\Miranda IM\uninstall.exe"
mIRC --> "C:\Program Files\mIRC\mirc.exe" -uninstall
MotoGP URT 3 --> "C:\Program Files\THQ\MotoGP URT 3\unins000.exe"
Mozilla Firefox (2.0.0.6) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mozilla Thunderbird (1.5) --> C:\Program Files\Mozilla Thunderbird\uninstall\uninstall.exe /ua "1.5 (pl)"
Mp3tag --> C:\Program Files\Mp3tag\Mp3tagUninstall.EXE
MSXML4 Parser --> MsiExec.exe /I{01501EBA-EC35-4F9F-8889-3BE346E5DA13}
MultiRes (remove only) --> C:\Program Files\MultiRes\uninstal.exe
Need For Speed Hot Pursuit 2 --> C:\Program Files\EA Games\Need For Speed Hot Pursuit 2\EAUninstall.exe
Neostrada TP --> C:\PROGRA~1\NEOSTR~1\SondageDesinstallation.exe
Nero 6 Ultra Edition --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
NFS - Porsche Unleashed (RE) --> MsiExec.exe /I{28960126-2AFA-4D1A-A22A-6F7C1360B186}
Niezbędnik CD --> C:\WINDOWS\unins000.exe
NokiaFREE Unlock Codes Calculator --> "C:\Program Files\NokiaFREE Unlock Codes Calculator\uninst.exe"
NVIDIA Drivers --> C:\WINDOWS\System32\nvudisp.exe UninstallGUI
Nvidia Omega Drivers Setup Files --> C:\WINDOWS\iun6002.exe "C:\Program Files\Nvidia Omega Drivers\v1.6693\Omega.ini"
Octoshape Streaming Services --> C:\Program Files\Octoshape Streaming Services\Piotr\uninst.exe
Onet.pl - Skype (BETA) --> "C:\Program Files\Skype\Phone\unins000.exe"
Opera --> C:\PROGRA~1\Opera\UnInst\UNWISE.EXE C:\PROGRA~1\Opera\UnInst\Install.log
Opera 9.02 --> MsiExec.exe /X{738179D8-3D76-4AFF-A7BE-AEF3B4370CB4}
Opera 9.10 --> MsiExec.exe /X{750B9AD1-4C63-4143-94C5-6FB304199BAD}
Opera 9.21 --> MsiExec.exe /X{39619863-8A11-4B60-A166-E6747C986EBE}
Opera Plug-in for FlashGet --> C:\PROGRA~1\Opera\Plugins\FlashGet\UNWISE.EXE C:\PROGRA~1\Opera\Plugins\FlashGet\INSTALL.LOG
PhotoFiltre --> "C:\Program Files\PhotoFiltre\Uninst.exe"
Picasa 2 --> "C:\Program Files\Picasa2\Uninstall.exe"
Pontifex 10.19.01 --> C:\gry\Pontifex\unins000.exe
Poprawka systemu Windows XP - KB824146 --> C:\WINDOWS\$NtUninstallKB824146$\spuninst\spuninst.exe
Poprawka systemu Windows XP - KB841533 --> C:\WINDOWS\$NtUninstallKB841533$\spuninst\spuninst.exe
PowerGG --> C:\Program Files\Gadu-Gadu\Usun-PGG.exe
PowerQuest PartitionMagic 8.0 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}
PowerStrip 3 (remove only) --> C:\Program Files\PowerStrip\uninstal.exe
PPStream --> "C:\Program Files\PPStream\unins000.exe"
Prawo Jazdy 2006 1.0 --> "C:\Program Files\Prawo Jazdy 2006\unins000.exe"
Pro Evolution Soccer 6 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{EBB794ED-D282-4334-92FB-254481EFF514} /l1033
Quake III Arena --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Quake III Arena\QIII.isu"
QuickTime --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{3868A8EE-5051-4DB0-8DF6-4F4B8A98D083} /l1033
Rally Championship Xtreme --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DFF29C16-11B8-4AD2-AC1A-2841DA197982}\Setup.exe"
Real Alternative 1.52 --> "C:\Program Files\Real Alternative\unins000.exe"
Return to Castle Wolfenstein --> C:\gry\RETURN~1\Uninstall\Unwise.exe /u C:\gry\RETURN~1\Uninstall\Install.log
RivaTuner v2.0 RC 15.4 --> "C:\Program Files\RivaTuner v2.0 RC 15.4\uninstall.exe"
RTP for RM2K (Png, Wav, Midi, Fonts) --> C:\WINDOWS\UnGins.exe "C:\programy\rpg\RTP\install.log"
RzE's CS Helper --> "C:\Program Files\Valve\Steam\SteamApps\silverilio\counter-strike\cstrike\uninst-rzes_cs_helper.exe"
SaTstrat (remove only) --> "C:\Program Files\S2SaTstrat\s2uninst.exe"
Screamer 4x4 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Virgin Interactive\Screamer 4x4\Uninst.isu"
SHOUTcast DNAS (remove only) --> "C:\Program Files\SHOUTcast\uninst-dnas.exe"
SHOUTcast Source DSP 1.8.2 (remove only) --> C:\Program Files\Winamp\uninst-dsp.exe
Skaner on-line mks_vir --> C:\WINDOWS\System32\SkanerOnlineUninstall.exe
Smart-X7 7.68 --> C:\Program Files\A4Tech\Mouse\Uninst32.exe
Smart Explorer 6.1 --> "C:\Program Files\Smart Explorer\unins000.exe"
Snikers4 --> "C:\Program Files\Snikers\uninstall.exe"
Sony Media Manager 2.2 --> MsiExec.exe /X{C9E129BC-27D3-436E-BAAC-4CE81E0962F1}
Sony Vegas 6.0d --> MsiExec.exe /X{4F68B605-2F2B-42A8-8689-0CA7E67797B0}
Sony Vegas 7.0 --> MsiExec.exe /X{96965E6C-41DB-4E0A-BC65-D92381D51D2A}
SopCast 1.0.1 --> C:\Program Files\SopCast\uninst.exe
Spolszczenie do gry Deus Ex v1.12 --> I:\deusex\Odinstaluj_spolszczenie.exe
Spybot - Search & Destroy 1.3 (RC 5) --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SpyHunter --> "C:\Program Files\Enigma Software Group\SpyHunter\Uninstall.exe" "C:\Program Files\Enigma Software Group\SpyHunter\install.log"
Star Wars®: Knights of the Old Republic (TM) --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2A9A40C7-6670-4D5F-8F41-D12E2E08B48B}\setup.exe" -l0x9
Steam(TM) --> MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
SubEdit-Player --> "C:\Program Files\SubEdit-Player\unins000.exe"
TeamSpeak 2 RC2 --> "C:\Program Files\Teamspeak2_RC2\unins000.exe"
Tlen Music Control 0.1.1.10 --> "C:\Program Files\Tlen.pl\unins000.exe"
Tlen.pl --> "C:\Program Files\Tlen.pl\uninstall.exe"
Tony Hawks Pro Skater 4 --> MsiExec.exe /X{E0F07676-2C60-4465-A727-20DE3BFCABAC}
TrackMania Nations ESWC 0.1.7.9 --> "C:\Program Files\TrackMania\unins000.exe"
UControl Scan and Remove --> C:\PROGRA~1\COMMON~1\UControl\UCONTR~1\UNWISE.EXE C:\PROGRA~1\COMMON~1\UControl\UCONTR~1\INSTALL.LOG
Uplink --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Uplink\Uninst.isu"
Valve Hammer Editor --> C:\PROGRA~1\VALVEH~1\UNWISE.EXE C:\PROGRA~1\VALVEH~1\INSTALL.LOG
Ventrilo --> C:\PROGRA~1\Ventrilo\UNWISE.EXE C:\PROGRA~1\Ventrilo\INSTALL.LOG
Ventrilo Client --> MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
VentriloMIX --> C:\Program Files\VentriloMIX\Uninstal.exe
Video Converter 3 --> C:\Program Files\Xilisoft\Video Converter 3\Uninstall.exe
VideoLAN VLC media player 0.8.6a --> C:\Program Files\VideoLAN\VLC\uninstall.exe
VideoMach 3.5.2 --> C:\Program Files\VideoMach-3.5.2\uninstall.exe
Whois-IP 1.0.6 --> C:\PROGRA~1\Whois-IP\UNWISE.EXE C:\PROGRA~1\Whois-IP\INSTALL.LOG
WinAce Archiver --> C:\Program Files\WinAce\SXUNINST.EXE C:\Program Files\WinAce\SXUNINST.INI
Winamp (remove only) --> "C:\Program Files\Winamp\UninstWA.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
x264 Revision 525 x264.nl (remove only) --> "C:\Program Files\x264\x264-uninstall.exe"


-- Application Event Log -------------------------------------------------------

Event Record #/Type106 / Error
Event Submitted/Written: 08/29/2007 02:21:24 PM
Event ID/Source: 10005 / MsiInstaller
Event Description:
Produkt: Microsoft Office Professional Edition 2003 -- Błąd 25090. Instalator pakietu Office napotkał problem związany z aparatem źródłowym pakietu Office, błąd systemu: -2147023836. Otwórz folder C:\Program Files\Microsoft Office\OFFICE11\1045\SETUP.CHM i znajdź tekst "Office Source Engine", aby uzyskać informacje dotyczące sposobu rozwiązania tego problemu.

Event Record #/Type105 / Warning
Event Submitted/Written: 08/29/2007 02:19:58 PM
Event ID/Source: 1004 / MsiInstaller
Event Description:
Wykrycie produktu „{90110415-6000-11D3-8CFE-0150048383C9}”, funkcja „OfficeUserData”, składnik „{4A31E933-6F67-11D2-AAA2-00A0C90F57B0}” nie powiodło się. Zasób „HKEY_CURRENT_USER\Software\ODBC\ODBC.INI\MS Access Database\” nie istnieje.

Event Record #/Type101 / Warning
Event Submitted/Written: 08/28/2007 08:52:20 PM
Event ID/Source: 1004 / MsiInstaller
Event Description:
Wykrycie produktu „{90110415-6000-11D3-8CFE-0150048383C9}”, funkcja „OfficeUserData”, składnik „{4A31E933-6F67-11D2-AAA2-00A0C90F57B0}” nie powiodło się. Zasób „HKEY_CURRENT_USER\Software\ODBC\ODBC.INI\MS Access Database\” nie istnieje.

Event Record #/Type100 / Error
Event Submitted/Written: 08/28/2007 03:51:06 PM
Event ID/Source: 1000 / Application Error
Event Description:
Aplikacja powodująca błąd tlen.exe, wersja 6.0.2.46, moduł powodujący błąd tlen.exe, wersja 6.0.2.46, adres błędu 0x00125906.

Event Record #/Type99 / Error
Event Submitted/Written: 08/28/2007 03:50:34 PM
Event ID/Source: 1000 / Application Error
Event Description:
Aplikacja powodująca błąd tlen.exe, wersja 6.0.2.46, moduł powodujący błąd tlen.exe, wersja 6.0.2.46, adres błędu 0x00125906.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type2013 / Error
Event Submitted/Written: 08/29/2007 01:32:04 PM
Event ID/Source: 4322 / NetBT
Event Description:
Nie powiodło się przetworzenie żądania przez usługę NetBT, ponieważ w ciągu
ostatniej godziny napotkała ona wyjątek (wyjątki) OutOfResources (brak zasobów).

Event Record #/Type2012 / Error
Event Submitted/Written: 08/29/2007 11:59:20 AM
Event ID/Source: 5000 / LsaSrv
Event Description:
Pakiet zabezpieczeń Negotiate wygenerował wyjątek. Pakiet został wyłączony.
Informacje o wyjątku znajdują się w danych.

Event Record #/Type1997 / Error
Event Submitted/Written: 08/29/2007 11:51:11 AM
Event ID/Source: 7026 / Service Control Manager
Event Description:
Nie można załadować następujących sterowników startu rozruchowego lub systemowego:
ABTDI
d346bus

Event Record #/Type1996 / Error
Event Submitted/Written: 08/29/2007 11:51:11 AM
Event ID/Source: 7000 / Service Control Manager
Event Description:
Nie można uruchomić usługi Kerio WinRoute Firewall z powodu następującego błędu:
%%3

Event Record #/Type1995 / Error
Event Submitted/Written: 08/29/2007 11:51:11 AM
Event ID/Source: 7000 / Service Control Manager
Event Description:
Nie można uruchomić usługi MkS_Vir Monitor z powodu następującego błędu:
%%2



-- End of Deckard's System Scanner: finished at 2007-08-29 14:24:28 ------------

[wojtas]

sciagnij dafta i go zastosuj

skasuj:

F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\userinit.exe
O2 - BHO: (no name) - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - (no file)

czy ty nie masz 2 antywirusow?

O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: MkS_Vir Monitor (MksVirMonSvc) - Unknown owner - C:\Program Files\MKS\Bin\mksmonsv.exe (file missing)

skasuj jeden

sciagnij gmera:

http://gmer.net/gmer.zip

Wklej do notatnika

gmer -del file C:\WINDOWS\System32\o
gmer -del file C:\WINDOWS\System32\cbkgdhhx.dll
gmer -del file C:\WINDOWS\System32\upds.exe
gmer -del file C:\WINDOWS\System32\bling.exe
gmer -del file C:\WINDOWS\System32\helperymsng2.exe
gmer -del file C:\WINDOWS\System32\ututv.bak2
gmer -del file C:\WINDOWS\System32\ututv.bak1
gmer -del file C:\WINDOWS\System32\directxclickers.exe
gmer -del file C:\WINDOWS\System32\ututv.ini2
gmer –reboot

Plik >>> zapisz jako >>> zmien rozszerzenie z TXT na wszystkie typy plików >>> zapisz pod nazwa FIX.BAT


Uruchamiasz Gmera, w zakładce Procesy wybierasz opcje Gmer Awaryjny. Komputer się zresetuje i uruchomi się Gmer. Wybierasz znów zakładke Procesy i na dole w poleceniu przez trzy kropki wskaz plik FIX.BAT i go uruchom.

potem nowe logi

[chaber555]

Zrobiłem tak jak napisałeś ale gdy wybralem fix.bat w gmer i dałem uruchom przy kazdym poleceniu wyskakiwał bład ktory zapisalem na karteczce:P :

Gmer.exe - zły obraz
Aplikacja lub biblioteki DLL c:\progra~1\KASPER~1\KASPER~1.0\adialhk.dll nie jest poprawnym obrazem systemu windows NT. Sprawdź to z dyskeitka instalacyjna.

Czy to normalne? bo nie wiem czy mam juz dawac logi czy jeszcze raz użyć gmera.

[wojtas]

daj nowy log

[chaber555]

HJ

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:42:02, on 2007-08-29
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\A4Tech\Mouse\Amoumain.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\AutoConnect\AutoConnect.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O1 - Hosts: 72.36.235.242 l2authd.lineage2.com
O1 - Hosts: 72.36.235.242 l2testauthd.lineage2.com
O1 - Hosts: 62.1.128.123 L2authd.lineage2.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [WheelMouse] C:\Program Files\A4Tech\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKCU\..\Run: [AutoConnect] C:\Program Files\AutoConnect\AutoConnect.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Dodaj do blokowanych banerów - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Statystyki dla ochrony WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O12 - Plugin for .exe: C:\Program Files\Opera\PLUGINS\NPFgc1.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.pl/resources/virusscanner/kavwebscan_unicode.cab
O16 - DPF: {5A09E43F-A0A7-4ABF-AF80-11367CF1DC8F} (MainControl Class) - http://mks.com.pl/skaner/SkanerOnline.cab
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://skaner.mks.com.pl/SkanerOnline.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2711C7D2-CF29-4B50-A627-691885D3C8EA}: NameServer = 194.204.159.1 217.98.63.164
O17 - HKLM\System\CS1\Services\Tcpip\..\{2711C7D2-CF29-4B50-A627-691885D3C8EA}: NameServer = 194.204.159.1 217.98.63.164
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O23 - Service: ArcaBit NetMonitor (ABNetMon) - Unknown owner - C:\Program Files\MKS\Bin\NetMonSV.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: MkS_Vir Monitor (MksVirMonSvc) - Unknown owner - C:\Program Files\MKS\Bin\mksmonsv.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Kerio WinRoute Firewall (WinRoute) - Unknown owner - C:\Program Files\Kerio\WinRoute Firewall\winroute.exe (file missing)

--
End of file - 5467 bytes

DSS

Deckard's System Scanner v20070826.66
Run by Piotr on 2007-08-29 18:42:36
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Piotr.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:42:38, on 2007-08-29
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\A4Tech\Mouse\Amoumain.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\AutoConnect\AutoConnect.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Documents and Settings\Piotr.MP\Pulpit\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Piotr.exe

O1 - Hosts: 72.36.235.242 l2authd.lineage2.com
O1 - Hosts: 72.36.235.242 l2testauthd.lineage2.com
O1 - Hosts: 62.1.128.123 L2authd.lineage2.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [WheelMouse] C:\Program Files\A4Tech\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKCU\..\Run: [AutoConnect] C:\Program Files\AutoConnect\AutoConnect.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Dodaj do blokowanych banerów - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Statystyki dla ochrony WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O12 - Plugin for .exe: C:\Program Files\Opera\PLUGINS\NPFgc1.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.pl/resources/virusscanner/kavwebscan_unicode.cab
O16 - DPF: {5A09E43F-A0A7-4ABF-AF80-11367CF1DC8F} (MainControl Class) - http://mks.com.pl/skaner/SkanerOnline.cab
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://skaner.mks.com.pl/SkanerOnline.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2711C7D2-CF29-4B50-A627-691885D3C8EA}: NameServer = 194.204.159.1 217.98.63.164
O17 - HKLM\System\CS1\Services\Tcpip\..\{2711C7D2-CF29-4B50-A627-691885D3C8EA}: NameServer = 194.204.159.1 217.98.63.164
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O23 - Service: ArcaBit NetMonitor (ABNetMon) - Unknown owner - C:\Program Files\MKS\Bin\NetMonSV.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: MkS_Vir Monitor (MksVirMonSvc) - Unknown owner - C:\Program Files\MKS\Bin\mksmonsv.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Kerio WinRoute Firewall (WinRoute) - Unknown owner - C:\Program Files\Kerio\WinRoute Firewall\winroute.exe (file missing)

--
End of file - 5503 bytes

-- Files created between 2007-07-29 and 2007-08-29 -----------------------------

2007-08-29 16:11:46 49152 --a------ C:\WINDOWS\System32\ChCfg.exe
2007-08-29 16:11:01 0 d-------- C:\Program Files\Realtek AC97
2007-08-28 22:26:04 315392 --a------ C:\WINDOWS\alcupd.exe <Not Verified; Realtek Semiconductor Corp.; Realtek AC'97 Update driver Tool>
2007-08-22 21:56:48 0 d-------- C:\Program Files\Google
2007-08-22 21:56:39 0 d-------- C:\Program Files\Picasa2
2007-08-21 19:21:45 0 d-------- C:\Program Files\NFS - Porsche Unleashed
2007-08-20 13:54:23 0 d-------- C:\Program Files\Real Alternative
2007-08-17 16:02:23 0 d-------- C:\Program Files\Ganymede
2007-08-09 23:04:58 0 d-------- C:\Program Files\Uplink
2007-08-09 22:58:41 229057 --a------ C:\WINDOWS\Alcohol_Toolbar_Uninstaller_2515.exe <Not Verified; Alcohol Soft; Alcohol Soft>
2007-08-09 22:58:40 0 d-------- C:\Program Files\Alcohol Toolbar
2007-08-09 22:58:37 0 d-------- C:\Program Files\Alcohol Soft
2007-08-09 16:38:11 0 d-------- C:\Program Files\Octoshape Streaming Services
2007-08-07 19:51:42 0 d-------- C:\Program Files\Sierra
2007-08-06 14:19:46 0 d-------- C:\Program Files\Ea Sports
2007-08-01 18:00:37 0 d-------- C:\Program Files\MediaCoder
2007-08-01 17:05:03 82258 --a------ C:\WINDOWS\System32\drivers\klin.dat
2007-08-01 17:05:03 82258 --a------ C:\WINDOWS\System32\drivers\klick.dat
2007-08-01 17:03:51 0 d-------- C:\Program Files\Kaspersky Lab
2007-08-01 17:03:26 191008 --ahs---- C:\WINDOWS\System32\drivers\fidbox2.dat
2007-08-01 17:03:26 6961952 --ahs---- C:\WINDOWS\System32\drivers\fidbox.dat
2007-07-29 22:37:49 0 d-------- C:\Program Files\Trend Micro


-- Find3M Report ---------------------------------------------------------------

2007-08-29 16:36:12 0 d-------- C:\Program Files\mIRC
2007-08-29 16:27:32 0 d-------- C:\Documents and Settings\Piotr.MP\Dane aplikacji\teamspeak2
2007-08-29 16:23:11 0 d-------- C:\Documents and Settings\Piotr.MP\Dane aplikacji\Tlen.pl
2007-08-29 16:17:36 0 d-------- C:\Program Files\AutoConnect
2007-08-29 16:09:38 0 d-------- C:\Program Files\GetRight
2007-08-29 14:19:53 2166 --a------ C:\WINDOWS\System32\tmp.reg
2007-08-28 22:26:03 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-08-28 15:24:18 0 d-------- C:\Program Files\Common Files\Agnitum Shared
2007-08-27 23:28:01 0 d-------- C:\Documents and Settings\Piotr.MP\Dane aplikacji\foobar2000
2007-08-27 22:33:04 0 d-------- C:\Program Files\HLSW
2007-08-27 20:50:16 0 d-------- C:\Program Files\RegCleaner
2007-08-27 20:07:47 0 d-------- C:\Documents and Settings\Piotr.MP\Dane aplikacji\Kerio
2007-08-25 14:23:48 0 d-------- C:\Documents and Settings\Piotr.MP\Dane aplikacji\GanymedeNet
2007-08-21 23:49:12 0 d-------- C:\Documents and Settings\Piotr.MP\Dane aplikacji\uTorrent
2007-08-20 13:54:24 0 d-------- C:\Program Files\Media Player Classic
2007-08-19 15:17:52 0 d-------- C:\Program Files\TrackMania
2007-08-15 18:31:02 0 d-------- C:\Documents and Settings\Piotr.MP\Dane aplikacji\ppstream
2007-08-15 18:30:55 0 d-------- C:\Program Files\PPStream
2007-08-14 06:35:03 0 d-------- C:\Program Files\uTorrent
2007-08-13 19:46:50 0 d-------- C:\Program Files\WinAce
2007-08-13 16:54:06 0 d-------- C:\Program Files\x264
2007-08-13 16:54:04 0 d-------- C:\Program Files\Ventrilo
2007-08-13 16:53:42 0 d-------- C:\Program Files\SubEdit-Player
2007-08-13 16:53:16 0 d-------- C:\Program Files\Mozilla Thunderbird
2007-08-01 18:49:01 0 d-------- C:\Program Files\Neostrada TP
2007-08-01 17:20:14 0 d-------- C:\Program Files\Windows NT
2007-08-01 17:17:58 0 d-------- C:\Program Files\Movie Maker
2007-07-28 16:21:12 0 d-------- C:\Program Files\Microsoft AntiSpyware
2007-07-24 19:42:03 0 d-------- C:\Program Files\Electronic Arts
2007-07-22 15:35:22 0 d-------- C:\Documents and Settings\Piotr.MP\Dane aplikacji\Adobe
2007-07-20 11:38:58 155648 --a------ C:\WINDOWS\System32\ssleay32.dll
2007-07-20 11:38:58 684032 --a------ C:\WINDOWS\System32\libeay32.dll
2007-07-17 14:59:30 0 d-------- C:\Program Files\AIDA32 - Enterprise System Information
2007-07-15 15:53:30 0 d-------- C:\Program Files\Bus Driver
2007-07-11 23:10:31 0 d-------- C:\Program Files\Tlen.pl
2007-07-08 10:27:15 0 d-------- C:\Program Files\Headshot Player
2007-07-04 13:33:41 0 d-------- C:\Program Files\CarbonPoker
2007-07-01 12:32:34 0 d-a------ C:\Program Files\Common Files


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 12:38]
"WheelMouse"="C:\Program Files\A4Tech\Mouse\Amoumain.exe" [2005-09-29 03:49]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2006-10-22 13:22]
"nwiz"="nwiz.exe" [2006-10-22 13:22 C:\WINDOWS\system32\nwiz.exe]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-10 17:06]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2006-10-22 13:22]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [2007-06-28 12:51]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 15:28 C:\WINDOWS\soundman.exe]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AutoConnect"="C:\Program Files\AutoConnect\AutoConnect.exe" [2004-08-28 20:27]
"Steam"="" []
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-04-04 00:29]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^GetRight - Tray Icon.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\GetRight - Tray Icon.lnk
backup=C:\WINDOWS\pss\GetRight - Tray Icon.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BearShare]
"C:\Program Files\BearShare\BearShare.exe" /pause

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpyHunter]
C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"StyleXPService"=2 (0x2)
"NOD32krn"=2 (0x2)
"MksVirMonSvc"=2 (0x2)
"MkSUpdateInt"=3 (0x3)
"avast! Antivirus"=2 (0x2)
"aswUpdSv"=2 (0x2)
"ABNetMon"=2 (0x2)




-- End of Deckard's System Scanner: finished at 2007-08-29 18:43:34 ------------

[wojtas]

ktory antuwirus uzywasz kaspersky czy MKS?

[chaber555]

Hmm MKS chyba 2 dni po instalacji usunąłem i od tego czasu uzywam Kasperskyego, widocznie musial zostac jakis syf w rejestrze badz cos czego zapomnialem usunac.

[wojtas]

nawet nie zauwazylem masz 3 antywirusy... usun:

start>urchom>cmd>wpisz:

sc stop MksVirMonSvc

enter

sc delete MksVirMonSvc

enter

sc stop aswUpdSv

enter

sc delete aswUpdSv

enter

sc stop ABNetMon

enter

sc delete ABNetMon

enter

na koniec ususn pogrubione do kosza

C:\Program Files\MKS\Bin\NetMonSV.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

[chaber555]

avast usuniety, a tego folderu nie ma

O23 - Service: ArcaBit NetMonitor (ABNetMon) - Unknown owner - C:\Program Files\MKS\Bin\NetMonSV.exe (file missing)

[wojtas]

ok juz powinno byc czysto

Autor postu otrzymał pochwałę

[chaber555]

A te localhosty dalej sa przy wpisaniu komendy netstat:/ zauwazyłem ze pojawiaja sei wtedy gdy właczony jest tlen lub firefox. Czy to zle że one sa czy sa dopuszczalne?

[wojtas]

Użyj WWDC :
http://www.firewallleaktester.com/wwdc.htm
Zmień opcje z disable na enable. Uruchom ponownie komputer.
Tak powinny wyglądać porty (NetBIOS może być żółty) :
http://www.firewallleaktester.com/images_site/wwdc.jpg


o musi juz tak zostac jak masz