Regulamin forum
1. Każdy temat powinien odzwierciedlać treść wątku.2. W przypadku wklejania logów; należy je wykonać od razu przynajmniej z dwóch narzędzi: FRST oraz z GMER
3. Wszelkie logi proszę publikować na przeznaczonych do tego stronach a w poście wklejać tylko link.
4. Nie wskazane jest skracanie logów, należy wkleić cały - od początku, do końca.
5. Nie wskazane jest podczepianie się do tematów innych użytkowników - proszę założyć nowy temat w dziale Bezpieczeństwo, ułatwi to pomoc sprawdzającemu.
6. Osoby nie posiadające odpowiedniej wiedzy, nie powinny sprawdzać logów, ponieważ grozi to poważnym uszkodzeniem systemu lub aplikacji zainstalowanych na komputerze.
7. Należy dokładnie opisać problem, występujące objawy oraz wszelkie podjęte działania.
8. Każdy skrypt jest unikatowy, napisany dla każdego przypadku z osobna, więc nie może być stosowany przez innych.
9. W przypadku zamieszczenia zrzutu ekranu (screenshot'a) proszę korzystać z zewnętrznego serwisu oferującego hosting zdjęć.
bardzo prosze o sprawdzenie logow combofix + hijackthis
02 Lip 2008, 10:38
witam. moj problem wynika nastepujaco: komp nie laczy mi sie z siecia. tzn laczy sie w trybie awaryjnym, ewentualnie. wtedy pingi wracaja bardzo ladnie. lacze sie z lokalnym serwerem, i z innymi uzytkownikami sieci. tylko ze swiatem nie.
uzylam combofixa zgodnie z rada doswiadczonej kolezanki, ie za bardzo wiedzac, co robie, i w jakim celu. wolalabym uniknac formatowania dysku, a opcja ta zbliza sie nieuchronnie.
ComboFix 08-06-30.2 - Administrator 2008-07-02 10:04:31.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.447 [GMT 2:00]
Running from: F:\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2008-06-02 to 2008-07-02 )))))))))))))))))))))))))))))))
.
2008-07-02 06:23 . 2008-07-02 06:23 <DIR> d--h----- C:\$AVG8.VAULT$
2008-06-20 08:31 . 2008-06-20 08:31 <DIR> d-------- C:\Program Files\PDFCreator Toolbar
2008-06-20 08:31 . 2008-06-20 08:31 253,116 --a------ C:\WINDOWS\PDFCreator_Toolbar_Uninstaller_5953.exe
2008-06-20 08:31 . 2008-06-20 08:31 14,290 --a------ C:\Program Files\settings.dat
2008-06-20 08:30 . 2008-06-20 08:31 <DIR> d-------- C:\Program Files\PDFCreator
2008-06-20 08:30 . 2005-10-15 12:32 196,608 --a------ C:\WINDOWS\system32\pdfcmnnt.dll
2008-06-20 08:30 . 1998-06-24 00:00 137,000 --a------ C:\WINDOWS\system32\MSMAPI32.OCX
2008-06-20 08:30 . 1998-07-06 00:00 23,552 --a------ C:\WINDOWS\system32\MSMPIDE.DLL
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-01 17:06 --------- d-----w C:\Documents and Settings\Administrator\Dane aplikacji\The Bat!
2008-06-29 08:57 --------- d-----w C:\Documents and Settings\Administrator\Dane aplikacji\uTorrent
2008-06-28 19:49 --------- d-----w C:\Documents and Settings\Administrator\Dane aplikacji\Tlen.pl
2008-06-22 12:03 --------- d-----w C:\Documents and Settings\Administrator\Dane aplikacji\foobar2000
2008-05-28 08:10 --------- d-----w C:\Program Files\Soulseek
2008-05-26 09:00 96,520 ----a-w C:\WINDOWS\system32\drivers\avgldx86.sys
2008-05-26 09:00 75,272 ----a-w C:\WINDOWS\system32\drivers\avgtdix.sys
2008-05-26 09:00 10,520 ----a-w C:\WINDOWS\system32\avgrsstx.dll
2008-05-26 09:00 --------- d-----w C:\Program Files\AVG
2008-05-26 09:00 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\avg8
2008-05-21 13:36 --------- d-----w C:\Program Files\Java
2008-05-21 13:35 --------- d-----w C:\Program Files\e-PDF Converter and Creator v2.1
2008-05-18 20:46 --------- d-----w C:\Program Files\uTorrent
2008-05-18 20:16 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-18 20:16 --------- d-----w C:\Program Files\LizardTech
2008-05-05 17:57 --------- d-----w C:\Program Files\Google
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:44 15360]
"Komunikator"="C:\Program Files\Tlen.pl\tlen.exe" [2008-01-15 17:09 6290944]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-03 22:32 208952]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 22:32 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 22:32 455168]
"HControl"="C:\WINDOWS\ATK0100\HControl.exe" [2006-08-10 17:10 110592]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-05-11 22:03 708697]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-07-19 12:09 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-07-19 12:06 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-07-19 12:10 114688]
"Power_Gear"="C:\Program Files\Generic\Power4 Gear\BatteryLife.exe" [2004-09-21 17:55 81920]
"SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [2004-08-13 20:05 2532576]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-05-26 11:00 1177368]
"Skrót do strony właściwości High Definition Audio"="HDAShCut.exe" [2005-01-07 18:07 61952 C:\WINDOWS\system32\HdAShCut.exe]
"SoundMan"="SOUNDMAN.EXE" [2005-06-21 16:09 90112 C:\WINDOWS\SOUNDMAN.EXE]
"AlcWzrd"="ALCWZRD.EXE" [2005-07-13 16:47 2806272 C:\WINDOWS\ALCWZRD.EXE]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-05-11 14:06 40048 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
--a------ 2008-05-05 19:57 29744 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless]
--a------ 2006-08-02 01:32 696320 C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelZeroConfig]
--a------ 2006-08-02 01:38 802816 C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Komunikator]
--a------ 2008-01-15 17:09 6290944 C:\Program Files\Tlen.pl\tlen.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 12:50 155648 C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-02-22 05:25 144784 C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
--a------ 2005-05-03 19:43 69632 C:\WINDOWS\ALCMTR.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Soulseek\\slsk.exe"=
"C:\\Program Files\\Tlen.pl\\tlen.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-05-26 11:00]
R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-05-26 11:00]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-05-26 11:00]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-05-26 11:00]
R3 SynMini;USB2.0 1.3M Web Cam;C:\WINDOWS\system32\Drivers\SynMini.sys [2005-04-22 17:34]
R3 SynScan;USB2.0 1.3M Web Cam Still Image;C:\WINDOWS\system32\Drivers\SynScan.sys [2005-04-19 16:16]
S3 GoogleDesktopManager-022208-143751;Menedżer Google Desktop 5.7.802.22438;"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-05-05 19:57]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b023fa44-3c61-11dd-b173-0013d4bf9716}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe pagefile.sys.vbs
*Newly Created Service* - CATCHME
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-02 10:05:58
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\vsdatant]
"ImagePath"=""
.
Completion time: 2008-07-02 10:06:44
ComboFix-quarantined-files.txt 2008-07-02 08:06:40
Pre-Run: 7,419,789,312 bajtów wolnych
Post-Run: 7,484,289,024 bajtów wolnych
117
uzylam combofixa zgodnie z rada doswiadczonej kolezanki, ie za bardzo wiedzac, co robie, i w jakim celu. wolalabym uniknac formatowania dysku, a opcja ta zbliza sie nieuchronnie.
ComboFix 08-06-30.2 - Administrator 2008-07-02 10:04:31.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.447 [GMT 2:00]
Running from: F:\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2008-06-02 to 2008-07-02 )))))))))))))))))))))))))))))))
.
2008-07-02 06:23 . 2008-07-02 06:23 <DIR> d--h----- C:\$AVG8.VAULT$
2008-06-20 08:31 . 2008-06-20 08:31 <DIR> d-------- C:\Program Files\PDFCreator Toolbar
2008-06-20 08:31 . 2008-06-20 08:31 253,116 --a------ C:\WINDOWS\PDFCreator_Toolbar_Uninstaller_5953.exe
2008-06-20 08:31 . 2008-06-20 08:31 14,290 --a------ C:\Program Files\settings.dat
2008-06-20 08:30 . 2008-06-20 08:31 <DIR> d-------- C:\Program Files\PDFCreator
2008-06-20 08:30 . 2005-10-15 12:32 196,608 --a------ C:\WINDOWS\system32\pdfcmnnt.dll
2008-06-20 08:30 . 1998-06-24 00:00 137,000 --a------ C:\WINDOWS\system32\MSMAPI32.OCX
2008-06-20 08:30 . 1998-07-06 00:00 23,552 --a------ C:\WINDOWS\system32\MSMPIDE.DLL
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-01 17:06 --------- d-----w C:\Documents and Settings\Administrator\Dane aplikacji\The Bat!
2008-06-29 08:57 --------- d-----w C:\Documents and Settings\Administrator\Dane aplikacji\uTorrent
2008-06-28 19:49 --------- d-----w C:\Documents and Settings\Administrator\Dane aplikacji\Tlen.pl
2008-06-22 12:03 --------- d-----w C:\Documents and Settings\Administrator\Dane aplikacji\foobar2000
2008-05-28 08:10 --------- d-----w C:\Program Files\Soulseek
2008-05-26 09:00 96,520 ----a-w C:\WINDOWS\system32\drivers\avgldx86.sys
2008-05-26 09:00 75,272 ----a-w C:\WINDOWS\system32\drivers\avgtdix.sys
2008-05-26 09:00 10,520 ----a-w C:\WINDOWS\system32\avgrsstx.dll
2008-05-26 09:00 --------- d-----w C:\Program Files\AVG
2008-05-26 09:00 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\avg8
2008-05-21 13:36 --------- d-----w C:\Program Files\Java
2008-05-21 13:35 --------- d-----w C:\Program Files\e-PDF Converter and Creator v2.1
2008-05-18 20:46 --------- d-----w C:\Program Files\uTorrent
2008-05-18 20:16 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-18 20:16 --------- d-----w C:\Program Files\LizardTech
2008-05-05 17:57 --------- d-----w C:\Program Files\Google
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:44 15360]
"Komunikator"="C:\Program Files\Tlen.pl\tlen.exe" [2008-01-15 17:09 6290944]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-03 22:32 208952]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 22:32 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 22:32 455168]
"HControl"="C:\WINDOWS\ATK0100\HControl.exe" [2006-08-10 17:10 110592]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-05-11 22:03 708697]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-07-19 12:09 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-07-19 12:06 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-07-19 12:10 114688]
"Power_Gear"="C:\Program Files\Generic\Power4 Gear\BatteryLife.exe" [2004-09-21 17:55 81920]
"SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [2004-08-13 20:05 2532576]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-05-26 11:00 1177368]
"Skrót do strony właściwości High Definition Audio"="HDAShCut.exe" [2005-01-07 18:07 61952 C:\WINDOWS\system32\HdAShCut.exe]
"SoundMan"="SOUNDMAN.EXE" [2005-06-21 16:09 90112 C:\WINDOWS\SOUNDMAN.EXE]
"AlcWzrd"="ALCWZRD.EXE" [2005-07-13 16:47 2806272 C:\WINDOWS\ALCWZRD.EXE]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-05-11 14:06 40048 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
--a------ 2008-05-05 19:57 29744 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless]
--a------ 2006-08-02 01:32 696320 C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelZeroConfig]
--a------ 2006-08-02 01:38 802816 C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Komunikator]
--a------ 2008-01-15 17:09 6290944 C:\Program Files\Tlen.pl\tlen.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 12:50 155648 C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-02-22 05:25 144784 C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
--a------ 2005-05-03 19:43 69632 C:\WINDOWS\ALCMTR.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Soulseek\\slsk.exe"=
"C:\\Program Files\\Tlen.pl\\tlen.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-05-26 11:00]
R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-05-26 11:00]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-05-26 11:00]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-05-26 11:00]
R3 SynMini;USB2.0 1.3M Web Cam;C:\WINDOWS\system32\Drivers\SynMini.sys [2005-04-22 17:34]
R3 SynScan;USB2.0 1.3M Web Cam Still Image;C:\WINDOWS\system32\Drivers\SynScan.sys [2005-04-19 16:16]
S3 GoogleDesktopManager-022208-143751;Menedżer Google Desktop 5.7.802.22438;"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-05-05 19:57]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b023fa44-3c61-11dd-b173-0013d4bf9716}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe pagefile.sys.vbs
*Newly Created Service* - CATCHME
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-02 10:05:58
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\vsdatant]
"ImagePath"=""
.
Completion time: 2008-07-02 10:06:44
ComboFix-quarantined-files.txt 2008-07-02 08:06:40
Pre-Run: 7,419,789,312 bajtów wolnych
Post-Run: 7,484,289,024 bajtów wolnych
117
Ostatnio edytowany przez veebee, 03 Lip 2008, 09:34, edytowano w sumie 1 raz
02 Lip 2008, 11:57
otwórz notatnik i wklej
Z menu Notatnika
Plik Zapisz jako Zmień rozszerzenie z .txt na wszystkie pliki zapisz pod nazwą Fix.reg
Uruchom ten plik, uruchom ponownie komputer
Pokaż log z HijackThis
Windows Registry Editor Version 5.00
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b023fa44-3c61-11dd-b173-0013d4bf9716}]
Z menu Notatnika
Plik Zapisz jako Zmień rozszerzenie z .txt na wszystkie pliki zapisz pod nazwą Fix.reg Uruchom ten plik, uruchom ponownie komputer
Pokaż log z HijackThis
03 Lip 2008, 09:20
bardzo dziekuje za pomoc 
zrobilam tak. zadnych zauwazalnych zmian w dzialaniu kompa nie odnotowalam.
log z hijackthis :
zrobilam tak. zadnych zauwazalnych zmian w dzialaniu kompa nie odnotowalam.
log z hijackthis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:14, on 08-07-03
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Generic\Power4 Gear\BatteryLife.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Documents and Settings\Administrator\Pulpit\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\Generic\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [Skrót do strony właściwości High Definition Audio] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Komunikator] C:\Program Files\Tlen.pl\tlen.exe
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{D4D77CA1-3D7D-4E91-87E2-7F193B72F28D}: NameServer = 217.98.63.164,194.204.152.34
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,avgrsstx.dll
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Menedżer Google Desktop 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
--
End of file - 5496 bytes
03 Lip 2008, 11:03
W logu nic nie widze
03 Lip 2008, 13:06
dziekuje bardzo
format nadchodzi
format nadchodzi