Proszę o zapoznanie się z moimi logami , może komuś uda się mi pomoć.
Generalnie szukałem na wielu forach porad i podpowiedzi co z tym można zrobić , ale jak narazie nikt jednoznacznie nie pomógł i nie usunął przyczyny problemu , wszyscy radzą tylko format , a to mi się nie uśmiecha.
Komputer służy mi do pracy i nie chciałbym robić formatu , co gorzej problem dotyczy programu związanego z moja pracą.
Po zainstalowaniu programu programu , odpalił się i chodzi , po prau dniach ponownie go włączam i już wyskakuje taki oto komunikat :
"Microsoft Visual C++ Runtime Library Runtime Error
Program: c:\Program Files\S...
This application has requested the Runtime to terminate it in unusual way.
Please contact the application's support team for more information."
Po czym vista chce go zamknać.
Program służy do programowania paneli operatorskich w maszynach przemysłowych.
Próbował odinstalowywać , czyścic rejestry , wgrywac najróżniejsze poprawki z microsoftu i inne , które mi polecona na forach , instalowałem na nowo i ciągle to samo.
Aż trudno mi uwierzyć , że nie można tego rozwiązać.
Oto log z Combofix:
- Kod: Zaznacz wszystko
ComboFix 09-03-18.01 - Jatomatic Kurzki 2009-03-19 13:45:05.1 - NTFSx86
Microsoft® Windows Vista™ Home Basic 6.0.6000.0.1250.1.1045.18.3062.1483 [GMT 1:00]
Uruchomiony z: d:\pobrane\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090318-0] *On-access scanning disabled* (Updated)
* Utworzono nowy punkt przywracania
.
((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\x64
.
((((((((((((((((((((((((( Pliki utworzone od 2009-02-19 do 2009-03-19 )))))))))))))))))))))))))))))))
.
2009-03-19 10:49 . 2005-05-26 15:34 2,297,552 --a------ c:\windows\System32\d3dx9_26.dll
2009-03-19 10:11 . 2009-03-19 10:11 <DIR> d-------- c:\program files\Microsoft Silverlight
2009-03-19 10:11 . 2008-02-11 20:13 920,088 --a------ c:\windows\System32\igxpun.exe
2009-03-19 10:11 . 2006-11-10 16:25 319,456 --a------ c:\windows\System32\difxapi.dll
2009-03-19 10:10 . 2009-03-19 10:10 <DIR> d-------- c:\program files\Microsoft
2009-03-19 09:58 . 2009-03-19 10:02 <DIR> d-------- c:\program files\Microsoft Visual Studio 8
2009-03-19 09:58 . 2009-03-19 09:59 <DIR> d-------- c:\program files\Common Files\Merge Modules
2009-03-18 15:03 . 2008-01-10 12:01 89,600 -ra------ c:\windows\System32\Grid32.ocx
2009-03-18 08:07 . 2009-03-18 08:07 <DIR> d-------- c:\users\All Users\Autodesk
2009-03-18 08:07 . 2009-03-18 08:07 <DIR> d-------- c:\programdata\Autodesk
2009-03-17 12:24 . 2009-03-18 09:13 <DIR> d-------- c:\users\Jatomatic Kurzki\AppData\Roaming\Autodesk
2009-03-14 11:24 . 2009-03-14 11:24 <DIR> d-------- c:\users\All Users\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
2009-03-14 11:24 . 2009-03-14 11:24 <DIR> d-------- c:\programdata\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
2009-03-14 11:24 . 2009-03-14 11:24 <DIR> d-------- c:\program files\iTunes
2009-03-14 11:24 . 2009-03-14 11:24 <DIR> d-------- c:\program files\iPod
2009-03-14 11:24 . 2008-04-17 12:12 107,368 --a------ c:\windows\System32\GEARAspi.dll
2009-03-14 11:24 . 2009-01-15 12:19 23,848 --a------ c:\windows\System32\drivers\GEARAspiWDM.sys
2009-03-14 11:23 . 2009-03-14 11:23 <DIR> d-------- c:\program files\Bonjour
2009-03-14 11:22 . 2009-03-14 11:24 <DIR> d-------- c:\program files\Common Files\Apple
2009-03-14 11:22 . 2009-03-14 11:22 <DIR> d-------- c:\program files\Apple Software Update
2009-03-11 08:10 . 2008-12-16 05:00 8,147,968 --a------ c:\windows\System32\wmploc.DLL
2009-03-11 08:10 . 2008-11-27 05:42 269,824 --a------ c:\windows\System32\schannel.dll
2009-03-11 08:10 . 2008-12-16 06:53 7,680 --a------ c:\windows\System32\spwmp.dll
2009-03-11 08:10 . 2008-12-16 06:53 4,096 --a------ c:\windows\System32\msdxm.ocx
2009-03-11 08:10 . 2008-12-16 06:53 4,096 --a------ c:\windows\System32\dxmasf.dll
2009-03-11 08:09 . 2009-02-09 02:59 2,028,032 --a------ c:\windows\System32\win32k.sys
2009-03-10 08:11 . 2009-03-10 08:11 <DIR> d-------- c:\users\Jatomatic Kurzki\.gstreamer-0.10
2009-03-10 08:08 . 2009-03-10 08:33 <DIR> d-------- c:\users\Jatomatic Kurzki\AppData\Roaming\Nowe Gadu-Gadu
2009-03-10 08:07 . 2009-03-10 08:07 <DIR> d-------- c:\program files\Nowe Gadu-Gadu
2009-03-09 08:19 . 2002-05-29 14:30 61,440 --a------ c:\windows\WDTGR2.DLL
2009-03-07 10:41 . 2008-03-27 10:17 89,896 --a------ c:\windows\System32\drivers\btwsecfl.sys
2009-03-05 23:59 . 2009-03-05 23:59 1,900,544 --a------ c:\windows\System32\usbaaplrc.dll
2009-03-05 23:59 . 2009-03-05 23:59 36,864 --a------ c:\windows\System32\drivers\usbaapl.sys
2009-03-04 14:15 . 2009-03-04 14:15 32,000 --a------ c:\windows\System32\drivers\stppp.sys
2009-03-04 12:11 . 2008-06-20 02:17 622,080 --a------ c:\windows\System32\icardagt.exe
2009-03-04 12:11 . 2008-06-20 02:18 105,016 --a------ c:\windows\System32\PresentationCFFRasterizerNative_v0300.dll
2009-03-04 12:11 . 2008-06-20 02:17 97,800 --a------ c:\windows\System32\infocardapi.dll
2009-03-04 12:11 . 2008-06-20 02:18 43,544 --a------ c:\windows\System32\PresentationHostProxy.dll
2009-03-04 12:11 . 2008-06-20 02:17 37,384 --a------ c:\windows\System32\infocardcpl.cpl
2009-03-04 12:11 . 2008-06-20 02:17 11,264 --a------ c:\windows\System32\icardres.dll
2009-03-04 12:10 . 2008-06-20 02:18 781,344 --a------ c:\windows\System32\PresentationNative_v0300.dll
2009-03-04 12:10 . 2008-06-20 02:18 326,160 --a------ c:\windows\System32\PresentationHost.exe
2009-03-04 12:08 . 2009-03-04 12:10 34,177,024 --a------ c:\windows\ocsetup_install_NetFx3.etl
2009-03-04 12:08 . 2009-03-04 12:10 49,152 --a------ c:\windows\ocsetup_cbs_install_NetFx3.perf
2009-03-04 12:08 . 2009-03-04 12:10 16,384 --a------ c:\windows\ocsetup_cbs_install_NetFx3.dpx
2009-03-04 11:58 . 2008-07-27 19:00 282,112 --a------ c:\windows\System32\mscoree.dll
2009-03-04 11:58 . 2008-07-27 19:00 158,720 --a------ c:\windows\System32\mscorier.dll
2009-03-04 11:58 . 2008-07-27 19:00 96,760 --a------ c:\windows\System32\dfshim.dll
2009-03-04 11:58 . 2008-07-27 19:00 83,968 --a------ c:\windows\System32\mscories.dll
2009-03-04 11:58 . 2008-07-27 19:00 41,984 --a------ c:\windows\System32\netfxperf.dll
2009-02-25 11:49 . 2009-02-25 11:49 410,984 --a------ c:\windows\System32\deploytk.dll
2009-02-25 11:48 . 2009-02-25 11:48 <DIR> d-------- c:\program files\Java
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-19 09:10 --------- d-----w c:\program files\CONEXANT
2009-03-19 09:02 --------- d-----w c:\programdata\Microsoft Help
2009-03-19 07:49 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-18 14:03 --------- d-----w c:\program files\Schneider Electric
2009-03-11 08:58 --------- d-----w c:\program files\Windows Mail
2009-03-10 07:10 --------- d-----w c:\program files\Gadu-Gadu
2009-03-04 13:15 --------- d-----w c:\program files\Thomson
2009-02-16 08:52 --------- d-----w c:\program files\QuickTime
2009-02-13 14:01 --------- d-----w c:\program files\English Translator 3
2009-02-13 12:53 21,840 ----atw c:\windows\System32\SIntfNT.dll
2009-02-13 12:53 17,212 ----atw c:\windows\System32\SIntf32.dll
2009-02-13 12:53 11,971 ----atw c:\windows\System32\SIntf16.dll
2009-02-10 15:01 --------- d-----w c:\program files\MoorHunt
2009-02-10 09:12 --------- d-----w c:\program files\Zelio-Soft
2009-02-07 07:39 --------- d-----w c:\program files\Hama GmbH & Co KG
2009-02-07 07:39 --------- d-----w c:\program files\DIFX
2009-02-06 14:11 24,192 ----a-w c:\users\Jatomatic Kurzki\usbsermptxp.sys
2009-02-06 14:11 22,768 ----a-w c:\users\Jatomatic Kurzki\usbsermpt.sys
2009-02-05 21:06 51,792 ----a-w c:\windows\system32\drivers\aswMonFlt.sys
2009-01-17 12:49 697,353 ----a-w c:\windows\unins000.exe
2009-01-15 04:16 826,368 ----a-w c:\windows\System32\wininet.dll
2009-01-15 04:16 56,320 ----a-w c:\windows\System32\iesetup.dll
2009-01-15 04:16 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll
2009-01-15 04:15 26,624 ----a-w c:\windows\System32\ieUnatt.exe
2008-12-13 11:27 174 --sha-w c:\program files\desktop.ini
2008-08-22 10:21 3,772,928 ----a-w c:\program files\Common Files\WSCAD53Demo.msi
2008-11-05 10:09 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-11-05 10:09 32,768 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-11-05 10:09 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2007-12-16 1232896]
"Google Update"="c:\users\Jatomatic Kurzki\AppData\Local\Google\Update\GoogleUpdate.exe" [2008-10-25 133104]
"Nowe Gadu-Gadu"="c:\program files\Nowe Gadu-Gadu\gg.exe" [2009-02-27 9339496]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-23 815104]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdc.exe" [2007-01-24 563080]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-25 148888]
"diagnostics"="c:\program files\Thomson\ST330\diagnostics\diagnostics.exe" [2009-03-04 557149]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-03-12 342312]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-11 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-11 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-11 133656]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= ffdshow.ax
"msacm.ac3filter"= ac3filter.acm
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=c:\windows\pss\Adobe Reader Synchronizer.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-10-15 01:04 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
--a----t- 2008-10-25 18:05 133104 c:\users\Jatomatic Kurzki\AppData\Local\Google\Update\GoogleUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2008-02-28 17:07 1828136 c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2009-03-12 20:56 342312 c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
--a------ 2008-02-18 16:29 2221352 c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2009-01-05 16:18 413696 c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2008-08-04 00:02 36352 c:\program files\Winamp\winampa.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{E2683776-7AD0-41EE-B267-7DAEE42C0578}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule
"UDP Query User{06C735C3-7954-4F02-81E8-4C7666ED8B9C}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule
"{E7CA0EBD-0225-4383-8DB7-A88DCC7248CB}"= UDP:c:\users\Jatomatic Kurzki\AppData\Local\Temp\stInstall.exe:SpeedTouch Home Install Wizard
"{65AF3299-71A9-461D-8DD1-AD0DCBD3B92C}"= TCP:c:\users\Jatomatic Kurzki\AppData\Local\Temp\stInstall.exe:SpeedTouch Home Install Wizard
"TCP Query User{1BB5425D-8C11-4489-8788-3AE70816D649}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule
"UDP Query User{77BE4D32-20A1-4FC9-A422-0D11B2B22792}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule
"{8E697298-1A84-41D9-897E-F5A5F7A6ACC9}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{EFB47DCB-DBFF-48B9-AFAC-39525839E626}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{BC947E80-B2D3-444C-A8CD-045798D40BAD}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{2D83E323-8D0B-4C4D-B346-27609FFBBAE3}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{0AF7A339-27CC-42F4-8932-B88B3C31ADB6}c:\\program files\\nero\\nero8\\nero home\\nerohome.exe"= UDP:c:\program files\nero\nero8\nero home\nerohome.exe:Nero Home
"UDP Query User{62933B52-1ECD-47E8-B1C5-60B3E2FE412E}c:\\program files\\nero\\nero8\\nero home\\nerohome.exe"= TCP:c:\program files\nero\nero8\nero home\nerohome.exe:Nero Home
"TCP Query User{906751B9-67CC-4C71-A081-DAF4BB1F25D2}c:\\program files\\schneider electric\\powersuite\\atvpc.exe"= UDP:c:\program files\schneider electric\powersuite\atvpc.exe:atvpc
"UDP Query User{C3FEE07C-7C8A-4E78-81CB-66CD6D464AFE}c:\\program files\\schneider electric\\powersuite\\atvpc.exe"= TCP:c:\program files\schneider electric\powersuite\atvpc.exe:atvpc
"TCP Query User{AE20AE29-DDA3-4744-89D8-D2ADE49648A6}c:\\program files\\zelio-soft\\zeliosvr.exe"= UDP:c:\program files\zelio-soft\zeliosvr.exe:ZelioSvr Module
"UDP Query User{B4A9853D-DDE5-40AD-AFAB-9E36D18EB112}c:\\program files\\zelio-soft\\zeliosvr.exe"= TCP:c:\program files\zelio-soft\zeliosvr.exe:ZelioSvr Module
"{F58FD236-7D03-4C02-9C89-99B4E0700D70}"= UDP:e:\speedtouch330_for_vista\STHIWv\stInstall.exe:SpeedTouch Home Install Wizard
"{CE60723E-BEDB-44D0-899B-E25DD16201F3}"= TCP:e:\speedtouch330_for_vista\STHIWv\stInstall.exe:SpeedTouch Home Install Wizard
"{5B656870-3552-4E99-BBA0-4F014CF9D8B0}"= UDP:c:\program files\Thomson\ST330\service\st330service.exe:ST330 service
"{1B0ECCBD-737B-4DBA-B670-92D5CAEAF67C}"= TCP:c:\program files\Thomson\ST330\service\st330service.exe:ST330 service
"TCP Query User{B50F53A8-FE48-493E-8CF9-FCB160A89DA2}c:\\program files\\nowe gadu-gadu\\gg.exe"= UDP:c:\program files\nowe gadu-gadu\gg.exe:Nowe Gadu-Gadu
"UDP Query User{530E69E9-1708-4B38-985A-11BB70E48AE9}c:\\program files\\nowe gadu-gadu\\gg.exe"= TCP:c:\program files\nowe gadu-gadu\gg.exe:Nowe Gadu-Gadu
"{85DF11F5-5527-4BEA-A717-A93C9B7B94B6}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{52FE0F3A-2AE0-478F-B2E5-83FF15BEA6C0}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{0294203E-8093-48D6-9A36-5AED9AB1FEEB}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{77E12AED-3C29-4419-88F5-18B8DADD7343}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
R0 WPXT;WinPcap Packet Driver (WPXT);c:\windows\System32\drivers\wpxt.sys [2008-10-24 35328]
R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [2008-10-22 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [2008-10-22 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [2008-10-22 51792]
R2 NA_Service;NetAccess Service;c:\windows\System32\NA_Service.exe [2008-05-22 90112]
R2 UsbConnect;Usb PLC;c:\windows\System32\UsbConnect.exe [2008-05-23 102400]
R3 Duntlw;UNTLW device;c:\windows\System32\drivers\DuntlwNT.sys [2008-05-23 47136]
R3 ST330;ST330;c:\windows\System32\drivers\st330.sys [2008-10-24 30464]
R3 STBUS;STBUS;c:\windows\System32\drivers\stbus.sys [2008-10-24 12672]
R3 stppp;Speedtouch PPP Adapter Adapter;c:\windows\System32\drivers\stppp.sys [2009-03-04 32000]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [2006-11-02 167936]
S3 STETH;SpeedTouch Ethernet Adapter NT Driver;c:\windows\System32\drivers\steth.sys [2008-10-24 40320]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
Zawartość folderu 'Zaplanowane zadania'
2009-03-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4265993558-266009927-3991662535-1000.job
- c:\users\Jatomatic Kurzki\AppData\Local\Google\Update\GoogleUpdate.exe [2008-10-25 18:05]
.
.
------- Skan uzupełniający -------
.
uStart Page = about:blank
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{94C70A96-012C-4171-98FC-C1971511F20D} - {94C70A96-012C-4171-98FC-C1971511F20D} - c:\program files\Russkij Translator\InternetTranslatorRusPol.dll
Trusted Zone: mks.com.pl\www
TCP: {7F43DA11-CAC0-4DB6-A3AC-3D0E5A1785A8} = 192.168.0.1
TCP: {955E4C25-F0AD-4BF5-BB1D-24AD91A4FE8F} = 194.204.159.1 217.98.63.164
DPF: {68282C51-9459-467B-95BF-3C0E89627E55} - hxxp://www.mks.com.pl/skaner/SkanerOnline.cab
DPF: {E0511BF1-B5C0-4F1A-BB3D-036F6DE51C5C} - hxxp://195.117.127.37:83/WebCamX.cab
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-19 13:48:04
Windows 6.0.6000 NTFS
skanowanie ukrytych procesów ...
skanowanie ukrytych wpisów autostartu ...
skanowanie ukrytych plików ...
skanowanie pomyślnie ukończone
ukryte pliki: 0
**************************************************************************
.
Czas ukończenia: 2009-03-19 13:50:16
ComboFix-quarantined-files.txt 2009-03-19 12:50:12
Przed: 3 379 703 808 bajtów wolnych
Po: 3,326,107,648 bajtów wolnych
226 --- E O F --- 2009-03-19 09:12:01
A teraz log z HijackThis :
- Kod: Zaznacz wszystko
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:59:48, on 2009-03-19
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16809)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Thomson\ST330\diagnostics\diagnostics.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\Jatomatic Kurzki\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Nowe Gadu-Gadu\gg.exe
C:\Program Files\Nowe Gadu-Gadu\spellchecker_gg.exe
C:\Windows\system32\MODBUSDRV.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\totalcmd\TOTALCMD.EXE
C:\Windows\system32\conime.exe
C:\Windows\Explorer.exe
C:\Windows\system32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Program Files\Schneider Electric\Vijeo-Designer Lite\VijeoDesignerLite.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Pomocnik rejestracji usługi Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: &Tłumaczenie - {2F7DB8D7-9BE7-4666-901E-F380555BCAC7} - C:\Program Files\Russkij Translator\InternetTranslatorRusPol.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [diagnostics] "C:\Program Files\Thomson\ST330\diagnostics\diagnostics.exe" /icon -l:pl
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Google Update] "C:\Users\Jatomatic Kurzki\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Nowe Gadu-Gadu] "C:\Program Files\Nowe Gadu-Gadu\gg.exe"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {94C70A96-012C-4171-98FC-C1971511F20D} - C:\Program Files\Russkij Translator\InternetTranslatorRusPol.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Russkij Translator\InternetTranslatorRusPol.dll,-103 - {94C70A96-012C-4171-98FC-C1971511F20D} - C:\Program Files\Russkij Translator\InternetTranslatorRusPol.dll
O13 - Gopher Prefix:
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E0511BF1-B5C0-4F1A-BB3D-036F6DE51C5C} (WebCamX Control) - http://195.117.127.37:83/WebCamX.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7F43DA11-CAC0-4DB6-A3AC-3D0E5A1785A8}: NameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{955E4C25-F0AD-4BF5-BB1D-24AD91A4FE8F}: NameServer = 194.204.159.1 217.98.63.164
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Usługa iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NetAccess Service (NA_Service) - Unknown owner - C:\Windows\system32\NA_Service.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: SpeedTouch 330 Manager (st330service) - THOMSON Telecom Belgium - C:\Program Files/Thomson/ST330/service/st330service.exe
O23 - Service: Usb PLC (UsbConnect) - Schneider Electric Industries SAS - C:\Windows\system32\UsbConnect.exe
--
End of file - 7065 bytes
