andromeda utworzono 5 listopada 2008 utworzono 5 listopada 2008 Logi z Hijackthis, z góry dziękuję za sprawdzenie, Logfile of Trend Micro HijackThis v2.0.2Scan saved at 11:01:40, on 2008-11-05Platform: Windows Vista SP1 (WinNT 6.00.1905)MSIE: Internet Explorer v7.00 (7.00.6001.18000)Boot mode: NormalRunning processes:C:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files\Windows Defender\MSASCui.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\TOSHIBA\Utilities\VolControl.exeC:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exeC:\Program Files\Alwil Software\Avast4\ashDisp.exeC:\Program Files\Java\jre1.6.0_07\bin\jusched.exeC:\Program Files\ScanSoft\PaperPort\pptd40nt.exeC:\Program Files\Brother\Brmfcmon\BrMfcWnd.exeC:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exeC:\Program Files\Skype\Phone\Skype.exeC:\Program Files\Gadu-Gadu\gg.exeC:\Program Files\Brother\ControlCenter3\brccMCtl.exeC:\Windows\system32\taskeng.exeC:\Program Files\Synaptics\SynTP\SynToshiba.exeC:\Program Files\Brother\Brmfcmon\BrMfcmon.exeC:\Program Files\Skype\Plugin Manager\skypePM.exeC:\Program Files\Windows Media Player\wmpnscfg.exeC:\Program Files\Internet Explorer\IEUser.exeC:\Windows\system32\conime.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeC:\Windows\system32\SearchFilterHost.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://o2.pl/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.comR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.comR0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhostO2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dllO2 - BHO: My Global Search Bar BHO - {37B85A21-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLLO2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\BitComet\tools\BitCometBHO_1.2.2.28.dll (file missing)O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dllO3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLLO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dllO4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hideO4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exeO4 - HKLM\..\Run: [TOSHIBA Volume Indicator] "C:\Program Files\Toshiba\Utilities\VolControl.exe"O4 - HKLM\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALuNotify.exeO4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeO4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"O4 - HKLM\..\Run: [NeroCheck] C:\Windows\system32\NeroCheck.exeO4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -bootO4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"O4 - HKLM\..\Run: [indexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.iniO4 - HKLM\..\Run: [brMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUNO4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorunO4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exeO4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimizedO4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -hO4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /trayO4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'USŁUGA LOKALNA')O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'USŁUGA LOKALNA')O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'USŁUGA SIECIOWA')O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] D:\Moje dokumenty\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] D:\Moje dokumenty\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXEO4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1045\OLFSNT40.EXEO8 - Extra context menu item: &D&ownload &with BitComet - res://D:\BitComet\BitComet.exe/AddLink.htmO8 - Extra context menu item: &D&ownload all video with BitComet - res://D:\BitComet\BitComet.exe/AddVideo.htmO8 - Extra context menu item: &D&ownload all with BitComet - res://D:\BitComet\BitComet.exe/AddAllLink.htmO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dllO9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dllO9 - Extra button: eBay - {C08CAF1D-C0A3-40D5-9970-06D067EAC017} - http://www.webtip.ch/cgi-bin/toshiba/tracker_url.pl?PL (file missing)O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://D:\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)O13 - Gopher Prefix: O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLLO23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exeO23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exeO23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exeO23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exeO23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exeO23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exeO23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exeO23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exeO23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: Harmonogram automatycznej usługi LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exeO23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXEO23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exeO23 - Service: ServiceLayer - Unknown owner - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (file missing)O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exeO23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe--End of file - 9347 bytes[u][b]Logi z Silent runners[/b][/u]"Silent Runners.vbs", revision 58, http://www.silentrunners.org/Operating System: Windows VistaOutput limited to non-default values, except where indicated by "{++}"Startup items buried in registry:---------------------------------HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}"swg" = "C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" ["Google Inc."]"Skype" = ""C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized" ["Skype Technologies S.A."]"ares" = ""C:\Program Files\Ares\Ares.exe" -h" ["Ares Development Group"]"Gadu-Gadu" = ""C:\Program Files\Gadu-Gadu\gg.exe" /tray" ["Gadu-Gadu S.A."]HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}"Windows Defender" = "C:\Program Files\Windows Defender\MSASCui.exe -hide""SynTPEnh" = "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" ["Synaptics, Inc."]"TOSHIBA Volume Indicator" = ""C:\Program Files\Toshiba\Utilities\VolControl.exe"" ["TOSHIBA Inc."]"ALUAlert" = "C:\Program Files\Symantec\LiveUpdate\ALuNotify.exe" ["Symantec Corporation"]"Symantec PIF AlertEng" = ""C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"" ["Symantec Corporation"]"avast!" = "C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" ["ALWIL Software"]"NBKeyScan" = ""C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"" [file not found]"SunJavaUpdateSched" = ""C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"" ["Sun Microsystems, Inc."]"NeroCheck" = "C:\Windows\system32\NeroCheck.exe" ["Ahead Software Gmbh"]"SSBkgdUpdate" = ""C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot" ["Nuance Communications, Inc."]"PaperPort PTD" = ""C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"" ["Nuance Communications, Inc."]"IndexSearch" = ""C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"" ["Nuance Communications, Inc."]"PPort11reminder" = ""C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini" ["Nuance Communications, Inc."]"BrMfcWnd" = "C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN" ["Brother Industries, Ltd."]"ControlCenter3" = "C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun" ["Brother Industries, Ltd."]HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided) -> {HKLM...CLSID} = "AcroIEHlprObj Class" \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]{22BF413B-C6D2-4d91-82A9-A0F997BA588C}\(Default) = "Skype add-on (mastermind)" -> {HKLM...CLSID} = "Skype add-on (mastermind)" \InProcServer32\(Default) = "C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll" ["Skype Technologies S.A."]{37B85A21-692B-4205-9CAD-2626E4993404}\(Default) = "My Global Search Bar BHO" -> {HKLM...CLSID} = "My Global Search Bar BHO" \InProcServer32\(Default) = "C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL" ["My Global Search"]{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}\(Default) = "BitComet ClickCapture" -> {HKLM...CLSID} = "BitComet Helper" \InProcServer32\(Default) = "D:\BitComet\tools\BitCometBHO_1.2.2.28.dll" [file not found]{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided) -> {HKLM...CLSID} = "SSVHelper Class" \InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll" ["Sun Microsystems, Inc."]{AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = (no title provided) -> {HKLM...CLSID} = "Google Toolbar Helper" \InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" ["Google Inc."]HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\"{00020d75-0000-0000-c000-000000000046}" = "lnkfile" -> {HKLM...CLSID} = "Microsoft Outlook" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office\MLSHEXT.DLL" [MS]"{2F603045-309F-11CF-9774-0020AFD0CFF6}" = "Synaptics Control Panel" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Synaptics\SynTP\SynTPCpl.dll" ["Synaptics, Inc."]"{59850401-6664-101B-B21C-00AA004BA90B}" = "Microsoft Office Binder Unbind" -> {HKLM...CLSID} = "Microsoft Office Binder Unbind" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office\1045\UNBIND.DLL" [MS]"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler" -> {HKLM...CLSID} = "Rozszerzenie ikon plików programu Outlook" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office\OLKFSTUB.DLL" [MS]"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]"{472083B0-C522-11CF-8763-00608CC02F24}" = "avast" -> {HKLM...CLSID} = "avast" \InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]"{416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A}" = "Nokia Phone Browser" -> {HKLM...CLSID} = "Nokia Phone Browser" \InProcServer32\(Default) = "D:\Moje dokumenty\Nokia PC Suite 6\PhoneBrowser.dll" ["Nokia"]"{B327765E-D724-4347-8B16-78AE18552FC3}" = "NeroDigitalIconHandler" -> {HKLM...CLSID} = "NeroDigitalIconHandler Class" \InProcServer32\(Default) = "C:\Program Files\Common Files\Nero\Lib\NeroDigitalExt.dll" [file not found]"{7F1CF152-04F8-453A-B34C-E609530A9DC8}" = "NeroDigitalPropSheetHandler" -> {HKLM...CLSID} = "NeroDigitalPropSheetHandler Class" \InProcServer32\(Default) = "C:\Program Files\Common Files\Nero\Lib\NeroDigitalExt.dll" [file not found]HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{7D4D6379-F301-4311-BEBA-E26EB0561882}\(Default) = "NeroDigitalExt.NeroDigitalColumnHandler" -> {HKLM...CLSID} = "NeroDigitalColumnHandler Class" \InProcServer32\(Default) = "C:\Program Files\Common Files\Nero\Lib\NeroDigitalExt.dll" [file not found]{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info" -> {HKLM...CLSID} = "PDF Shell Extension" \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}" -> {HKLM...CLSID} = "avast" \InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}" -> {HKLM...CLSID} = "avast" \InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]Group Policies {GPedit.msc branch and setting}:-----------------------------------------------Note: detected settings may not have any effect.HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\"DisableRegistryTools" = (REG_DWORD) dword:0x00000000{User Configuration|Administrative Templates|System|Prevent access to registry editing tools}HKCU\Software\Policies\Microsoft\Windows\System\"DisableCMD" = (REG_DWORD) dword:0x00000000{User Configuration|Administrative Templates|System|Prevent access to the command prompt}HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\"ConsentPromptBehaviorAdmin" = (REG_DWORD) dword:0x00000002{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|User Account Control: Behavior Of The Elevation Prompt For Administrators In Admin Approval Mode}"ConsentPromptBehaviorUser" = (REG_DWORD) dword:0x00000001{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|User Account Control: Behavior Of The Elevation Prompt For Standard Users}"EnableInstallerDetection" = (REG_DWORD) dword:0x00000001{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|User Account Control: Detect Application Installations And Prompt For Elevation}"EnableLUA" = (REG_DWORD) dword:0x00000001{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|User Account Control: Run All Administrators In Admin Approval Mode}"EnableSecureUIAPaths" = (REG_DWORD) dword:0x00000001{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|User Account Control: Only elevate UIAccess applications that are installed in secure locations}"EnableVirtualization" = (REG_DWORD) dword:0x00000001{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|User Account Control: Virtualize file and registry write failures to per-user locations}"PromptOnSecureDesktop" = (REG_DWORD) dword:0x00000001{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|User Account Control: Switch to the secure desktop when prompting for elevation}"shutdownwithoutlogon" = (REG_DWORD) dword:0x00000001{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|Shutdown: Allow system to be shut down without having to log on}"undockwithoutlogon" = (REG_DWORD) dword:0x00000001{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|Devices: Allow undock without having to log on}"FilterAdministratorToken" = (REG_DWORD) dword:0x00000000{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|User Account Control: Admin Approval Mode for the Built-in Administrator Account}"EnableUIADesktopToggle" = (REG_DWORD) dword:0x00000000{unrecognized setting}Active Desktop and Wallpaper:-----------------------------Active Desktop may be disabled at this entry:HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellStateDisplayed if Active Desktop enabled and wallpaper not set by Group Policy:HKCU\Software\Microsoft\Internet Explorer\Desktop\General\"Wallpaper" = "C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows Photo Gallery\Tapeta z Galerii fotografii systemu Windows.jpg"Displayed if Active Desktop disabled and wallpaper not set by Group Policy:HKCU\Control Panel\Desktop\"Wallpaper" = "C:\Users\Krysiaczek\AppData\Roaming\Microsoft\Windows Photo Gallery\Tapeta z Galerii fotografii systemu Windows.jpg"Enabled Screen Saver:---------------------HKCU\Control Panel\Desktop\"SCRNSAVE.EXE" = "C:\Windows\system32\ssBranded.scr" [MS]Windows Portable Device AutoPlay Handlers-----------------------------------------HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\MSPlayCDAudioOnArrival\"Provider" = "ALLPlayer""InvokeProgID" = "AllPlayerFile""InvokeVerb" = "play"HKLM\SOFTWARE\Classes\AllPlayerFile\shell\play\command\(Default) = ""D:\Filmy\All Player\ALLPlayer.exe" "%1"" [file not found]MSWMEncVCArrival\"Provider" = "Windows Media Encoder 9 Series""ProgID" = "Shell.HWEventHandlerShellExecute""InitCmdLine" = "C:\Program Files\Windows Media Components\Encoder\WMEnc.exe"HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = "{FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" -> {HKLM...CLSID} = "Shell Execute Hardware Event Handler" \LocalServer32\(Default) = "C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" [MS]NMMPlayCDAudioOnArrival\"Provider" = "Nokia Music Manager""InvokeProgID" = "NokiaMusicManager""InvokeVerb" = "NMMPlayCD"HKLM\SOFTWARE\Classes\NokiaMusicManager\shell\NMMPlayCD\command\(Default) = "D:\Moje dokumenty\Nokia PC Suite 6\MusicManager.exe /playCD "%L"" ["Nokia"]NMMRipCDAudioOnArrival\"Provider" = "Nokia Music Manager""InvokeProgID" = "NokiaMusicManager""InvokeVerb" = "NMMRipCD"HKLM\SOFTWARE\Classes\NokiaMusicManager\shell\NMMRipCD\command\(Default) = "D:\Moje dokumenty\Nokia PC Suite 6\MusicManager.exe /ripCD "%L"" ["Nokia"]PaperPort11AutoPlay\"Provider" = "PaperPort 11""InvokeProgID" = "PaperPort.AutoplayHandler""InvokeVerb" = "open"HKLM\SOFTWARE\Classes\PaperPort.AutoplayHandler\shell\open\command\(Default) = "C:\Program Files\ScanSoft\PaperPort\PaprPort.exe /folder %L" ["Nuance Communications, Inc."]WIA_{5C364B60-8965-4B3A-8F44-F8ABDA03B562}\"Provider" = "ControlCenter3""CLSID" = "{A55803CC-4D53-404c-8557-FD63DBA95D24}""InitCmdLine" = "/WiaCmd;C:\Program Files\Brother\ControlCenter3\brctrcen.exe /StiDevice:%1 /StiEvent:%2;" -> {HKLM...CLSID} = "WPDShextAutoplay" \LocalServer32\(Default) = "C:\Windows\system32\WPDShextAutoplay.exe" [MS]WIA_{AE611045-ACE8-4EA7-8F8A-F7BEE94340D9}\"Provider" = "PaperPort""CLSID" = "{A55803CC-4D53-404c-8557-FD63DBA95D24}""InitCmdLine" = "/WiaCmd;C:\Program Files\ScanSoft\PaperPort\PaprPort.exe /StillImage /StiDevice:%1 /StiEvent:%2;" -> {HKLM...CLSID} = "WPDShextAutoplay" \LocalServer32\(Default) = "C:\Windows\system32\WPDShextAutoplay.exe" [MS]WinampMTPHandler\"Provider" = "Winamp""ProgID" = "Shell.HWEventHandlerShellExecute""InitCmdLine" = "C:\Program Files\Winamp\winamp.exe"HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = "{FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" -> {HKLM...CLSID} = "Shell Execute Hardware Event Handler" \LocalServer32\(Default) = "C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" [MS]WinampPlayMediaOnArrival\"Provider" = "Winamp""InvokeProgID" = "Winamp.File""InvokeVerb" = "Play"HKLM\SOFTWARE\Classes\Winamp.File\shell\Play\command\(Default) = ""D:\Winamp\winamp.exe" "%1"" [file not found]HKLM\SOFTWARE\Classes\Winamp.File\shell\Play\DropTarget\CLSID = "{46986115-84D6-459c-8F95-52DD653E532E}" -> {HKLM...CLSID} = (no title provided) \LocalServer32\(Default) = ""D:\Winamp\winamp.exe"" [file not found]Startup items in "Krysiaczek" & "All Users" startup folders:------------------------------------------------------------C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup"Microsoft Office" -> shortcut to: "C:\Program Files\Microsoft Office\Office\OSA9.EXE -b -l" [MS]"Symantec Fax Starter Edition Port" -> shortcut to: "C:\Program Files\Microsoft Office\Office\1045\OLFSNT40.EXE" [MS]Winsock2 Service Provider DLLs:-------------------------------Namespace Service ProvidersHKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}000000000001\LibraryPath = "%SystemRoot%\system32\NLAapi.dll" [MS]000000000002\LibraryPath = "%SystemRoot%\system32\napinsp.dll" [MS]000000000003\LibraryPath = "%SystemRoot%\system32\pnrpnsp.dll" [MS]000000000004\LibraryPath = "%SystemRoot%\system32\pnrpnsp.dll" [MS]000000000005\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]000000000006\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]Transport Service ProvidersHKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:%SystemRoot%\system32\mswsock.dll [MS], 01 - 30Toolbars, Explorer Bars, Extensions:------------------------------------ToolbarsHKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" -> {HKLM...CLSID} = "&Google" \InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" ["Google Inc."]"{37B85A29-692B-4205-9CAD-2626E4993404}" -> {HKLM...CLSID} = "My Global Search Bar" \InProcServer32\(Default) = "C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL" ["My Global Search"]HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\"{37B85A29-692B-4205-9CAD-2626E4993404}" = (no title provided) -> {HKLM...CLSID} = "My Global Search Bar" \InProcServer32\(Default) = "C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL" ["My Global Search"]"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = (no title provided) -> {HKLM...CLSID} = "&Google" \InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" ["Google Inc."]Extensions (Tools menu items, main toolbar menu buttons)HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\"MenuText" = "Sun Java Console""CLSIDExtension" = "{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC}" -> {HKCU...CLSID} = "Java Plug-in 1.6.0_07" \InProcServer32\(Default) = "C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll" ["Sun Microsystems, Inc."] -> {HKLM...CLSID} = "Java Plug-in 1.6.0_07" \InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll" ["Sun Microsystems, Inc."]{77BF5300-1474-4EC7-9980-D32B190E9B07}\"ButtonText" = "Skype""CLSIDExtension" = "{77BF5300-1474-4EC7-9980-D32B190E9B07}" -> {HKLM...CLSID} = "Skype add-on (button)" \InProcServer32\(Default) = "C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll" ["Skype Technologies S.A."]{C08CAF1D-C0A3-40D5-9970-06D067EAC017}\"ButtonText" = "eBay""Exec" = "http://www.webtip.ch/cgi-bin/toshiba/tracker_url.pl?PL" [file not found]{D18A0B52-D63C-4ED0-AFC6-C1E3DC1AF43A}\"ButtonText" = "BitComet""Script" = "res://D:\BitComet\tools\BitCometBHO_1.2.2.28.dll/206" [file not found]Running Services (Display Name, Service Name, Path {Service DLL}):------------------------------------------------------------------Agere Modem Call Progress Audio, AgereModemAudio, "C:\Windows\system32\agrsmsvc.exe" ["Agere Systems"]Ati External Event Utility, Ati External Event Utility, "C:\Windows\system32\Ati2evxx.exe" ["ATI Technologies Inc."]Autokonfiguracja sieci WLAN, Wlansvc, "C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted" {"C:\Windows\System32\wlansvc.dll" [MS]}avast! Antivirus, avast! Antivirus, ""C:\Program Files\Alwil Software\Avast4\ashServ.exe"" ["ALWIL Software"]avast! iAVS4 Control Service, aswUpdSv, ""C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"" ["ALWIL Software"]avast! Mail Scanner, avast! Mail Scanner, ""C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service" ["ALWIL Software"]avast! Web Scanner, avast! Web Scanner, ""C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service" ["ALWIL Software"]Dost?p do urz?dze? interfejsu HID, hidserv, "C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted" {"C:\Windows\system32\hidserv.dll" [MS]}Izolacja klucza CNG, KeyIso, "C:\Windows\system32\lsass.exe" [MS]LiveUpdate Notice Service, LiveUpdate Notice Service, ""C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll"" ["Symantec Corporation"]Protokó? uwierzytelniania rozszerzonego (EAP), EapHost, "C:\Windows\System32\svchost.exe -k netsvcs" {"C:\Windows\System32\eapsvc.dll" [MS]}Przegl?darka komputera, Browser, "C:\Windows\System32\svchost.exe -k netsvcs" {"C:\Windows\System32\browser.dll" [MS]}TOSHIBA Optical Disc Drive Service, TODDSrv, "C:\Windows\system32\TODDSrv.exe" ["TOSHIBA Corporation"]TOSHIBA Power Saver, TosCoSrv, ""C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe"" ["TOSHIBA Corporation"]Us?uga Protokó? SSTP, SstpSvc, "C:\Windows\system32\svchost.exe -k LocalService" {"C:\Windows\system32\sstpsvc.dll" [MS]}Us?uga udost?pniania w sieci programu Windows Media Player, WMPNetworkSvc, ""C:\Program Files\Windows Media Player\wmpnetwk.exe"" [MS]Windows Driver Foundation ? User-mode Driver Framework, wudfsvc, "C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted" {"C:\Windows\System32\WUDFSvc.dll" [MS]}Windows Image Acquisition (WIA), stisvc, "C:\Windows\system32\svchost.exe -k imgsvc" {"C:\Windows\System32\wiaservc.dll" [MS]}Print Monitors:---------------HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\LIDIL hpzlllhn\Driver = "hpzlllhn.dll" ["Hewlett-Packard Company"]OLFax Ports\Driver = "OLFMNT40.DLL" [MS]---------- (launch time: 2008-11-05 11:09:58)+ This report excludes default entries except where indicated.+ To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter.+ To search all directories of local fixed drives for DESKTOP.INI DLL launch points, use the -supp parameter or answer "No" at the first message box and "Yes" at the second message box.---------- (total run time: 89 seconds, including 18 seconds for message boxes)
Bardock komentarz 5 listopada 2008 komentarz 5 listopada 2008 //Nie potrafisz sprawdzać logów to tego nie rób //Treść posta usunięta //Mateusz
andromeda komentarz 5 listopada 2008 Autor komentarz 5 listopada 2008 Fix? To znaczy, że mam naprawić, tak? Niestety nie wiem jak to zrobić :co_jest: proszę o podpowiedz :unsure: I proszę jeszcze o sprawdzenie tych logów, z Combofix ComboFix 08-11-04.02 - Krysiaczek 2008-11-05 11:34:45.1 - NTFSx86Microsoft? Windows Vista? Home Basic 6.0.6001.1.1250.1.1045.18.321 [GMT 1:00]Uruchomiony z: c:\users\Krysiaczek\ComboFix.exe * Utworzono nowy punkt przywracania.((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))).c:\program files\myglobalsearchc:\program files\myglobalsearch\bar\1.bin\M9FFXTBR.JARc:\program files\myglobalsearch\bar\1.bin\M9FFXTBR.MANIFESTc:\program files\myglobalsearch\bar\1.bin\M9NTSTBR.JARc:\program files\myglobalsearch\bar\1.bin\M9NTSTBR.MANIFESTc:\program files\myglobalsearch\bar\1.bin\M9PLUGIN.DLLc:\program files\myglobalsearch\bar\1.bin\MGSBAR.DLLc:\program files\myglobalsearch\bar\1.bin\NPMYGLSH.DLLc:\program files\myglobalsearch\bar\Cache\[u]0[/u]06A52DFc:\program files\myglobalsearch\bar\Cache\[u]0[/u]06A5688c:\program files\myglobalsearch\bar\Cache\[u]0[/u]06A5A22.binc:\program files\myglobalsearch\bar\Cache\[u]0[/u]06A68B9.binc:\program files\myglobalsearch\bar\Cache\[u]0[/u]06A6A20.binc:\program files\myglobalsearch\bar\Cache\files.inic:\program files\myglobalsearch\bar\History\searchc:\program files\myglobalsearch\bar\Settings\prevcfg.htmc:\windows\system32\mdm.exe.((((((((((((((((((((((((( Pliki utworzone od 2008-10-05 do 2008-11-05 ))))))))))))))))))))))))))))))).2008-11-05 11:32 . 2008-11-05 11:32 3,024,895 -ra------ c:\users\Krysiaczek\ComboFix.exe2008-11-05 11:00 . 2008-11-05 11:00 <DIR> d-------- c:\program files\Trend Micro2008-11-04 11:13 . 2008-11-04 11:13 <DIR> d-------- c:\users\Krysiaczek\AppData\Roaming\PeerNetworking2008-11-01 16:40 . 2008-11-01 16:40 <DIR> d-------- c:\users\All Users\Newsoft2008-11-01 16:40 . 2008-11-01 16:40 <DIR> d-------- c:\programdata\Newsoft2008-11-01 16:40 . 2008-11-01 16:40 <DIR> d-------- c:\program files\NewSoft2008-11-01 16:40 . 2008-11-01 16:40 <DIR> d-------- c:\program files\Common Files\NewSoft2008-11-01 16:40 . 2008-11-01 16:40 1,846 --a------ c:\windows\if42le.ini2008-11-01 16:40 . 2008-11-01 16:40 308 --a------ c:\windows\Pexplore.ini2008-11-01 14:42 . 2008-11-01 14:42 <DIR> d-------- c:\windows\System32\Viewers2008-11-01 10:27 . 2008-11-01 10:27 404 --a------ c:\windows\BRWMARK.INI2008-11-01 10:27 . 2008-11-01 10:27 27 --a------ c:\windows\BRPP2KA.INI2008-11-01 10:15 . 2008-11-01 10:15 50 --a------ c:\windows\System32\bridf07a.dat2008-11-01 10:13 . 2007-02-01 13:19 1,520,640 --a------ c:\windows\System32\BrWia07a.dll2008-11-01 10:13 . 2007-01-25 17:16 94,208 -r------- c:\windows\System32\BrDctF2.dll2008-11-01 10:13 . 2007-02-02 14:22 55,808 --a------ c:\windows\System32\brinsstr.dll2008-11-01 10:13 . 2007-01-26 14:06 45,568 --a------ c:\windows\System32\BrUsi07a.dll2008-11-01 10:13 . 2007-01-15 21:54 12,288 -r------- c:\windows\System32\BrDctF2S.dll2008-11-01 10:13 . 2007-01-15 18:56 12,288 -r------- c:\windows\System32\BrDctF2L.dll2008-11-01 10:12 . 2008-11-01 10:14 <DIR> d-------- c:\program files\Brother2008-11-01 10:12 . 2006-12-28 13:39 176,128 --------- c:\windows\System32\BroSNMP.dll2008-11-01 10:12 . 2007-01-18 13:51 163,840 --------- c:\windows\System32\NSSearch.dll2008-11-01 10:12 . 2007-02-15 13:54 131,072 --------- c:\windows\brunin03.dll2008-11-01 10:12 . 2004-10-21 01:00 6,222 --------- c:\windows\CVRPAGE.BMP2008-11-01 10:09 . 2008-11-01 10:09 <DIR> d-------- c:\program files\Nuance2008-11-01 10:08 . 2008-11-01 10:08 <DIR> d-------- c:\users\All Users\InstallShield2008-11-01 10:08 . 2008-11-01 10:08 <DIR> d-------- c:\programdata\InstallShield2008-11-01 10:08 . 2006-10-24 15:34 31,567 --a------ c:\windows\maxlink.ini2008-11-01 10:07 . 2008-11-01 12:07 <DIR> d-------- c:\users\All Users\ScanSoft2008-11-01 10:07 . 2008-11-01 12:07 <DIR> d-------- c:\programdata\ScanSoft2008-11-01 10:07 . 2008-11-01 10:07 <DIR> d-------- c:\program files\Common Files\ScanSoft Shared2008-11-01 10:06 . 2008-11-01 10:06 <DIR> d-------- c:\program files\ScanSoft2008-11-01 10:03 . 2008-11-01 10:03 <DIR> d-------- c:\users\All Users\Brother2008-11-01 10:03 . 2008-11-01 10:03 <DIR> d-------- c:\programdata\Brother2008-10-29 11:32 . 2008-08-12 04:39 443,392 --a------ c:\windows\System32\win32spl.dll2008-10-29 11:32 . 2008-09-18 05:56 147,456 --a------ c:\windows\System32\Faultrep.dll2008-10-29 11:32 . 2008-09-18 05:56 125,952 --a------ c:\windows\System32\wersvc.dll2008-10-26 15:50 . 2008-10-26 15:50 0 --ah----- c:\windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf2008-10-18 10:33 . 2008-09-18 03:16 2,032,640 --a------ c:\windows\System32\win32k.sys2008-10-18 10:33 . 2008-08-27 02:06 288,768 --a------ c:\windows\System32\drivers\srv.sys2008-10-18 10:32 . 2008-09-18 06:09 3,601,464 --a------ c:\windows\System32\ntkrnlpa.exe2008-10-18 10:32 . 2008-09-18 06:09 3,549,240 --a------ c:\windows\System32\ntoskrnl.exe2008-10-18 10:32 . 2008-10-02 02:32 1,383,424 --a------ c:\windows\System32\mshtml.tlb2008-10-18 10:32 . 2008-10-02 04:49 827,392 --a------ c:\windows\System32\wininet.dll2008-10-10 15:36 . 2008-10-10 15:36 <DIR> d-------- c:\program files\SAGEM2008-10-10 15:36 . 2006-12-22 19:05 449,536 --a------ c:\windows\System32\drivers\athrusb.sys2008-10-10 15:35 . 2008-10-10 15:35 <DIR> d-------- c:\users\Krysiaczek\AppData\Roaming\InstallShield.(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))).2008-11-05 10:16 --------- d-----w c:\users\Krysiaczek\AppData\Roaming\Skype2008-11-05 07:16 --------- d-----w c:\users\Krysiaczek\AppData\Roaming\skypePM2008-11-01 15:39 --------- d--h--w c:\program files\InstallShield Installation Information2008-11-01 09:07 --------- d-----w c:\program files\Common Files\InstallShield2008-10-19 10:33 --------- d-----w c:\program files\Windows Mail2008-09-10 20:44 --------- d-----w c:\program files\MarBit2008-06-29 14:00 56 ---ha-w c:\users\All Users\ezsidmv.dat2008-06-29 14:00 56 ---ha-w c:\programdata\ezsidmv.dat2008-06-21 15:15 174 --sha-w c:\program files\desktop.ini1999-05-17 12:58 99,840 ----a-w c:\program files\Common Files\IRAABOUT.DLL1998-12-09 01:53 70,144 ----a-w c:\program files\Common Files\IRAMDMTR.DLL1998-12-09 01:53 48,640 ----a-w c:\program files\Common Files\IRALPTTR.DLL1998-12-09 01:53 31,744 ----a-w c:\program files\Common Files\IRAWEBTR.DLL1998-12-09 01:53 186,368 ----a-w c:\program files\Common Files\IRAREG.DLL1998-12-09 01:53 17,920 ----a-w c:\program files\Common Files\IRASRIAL.DLL.((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))..*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"swg"="c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-07-29 171448]"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-09-23 21755688]"ares"="c:\program files\Ares\Ares.exe" [2008-02-20 963072]"Gadu-Gadu"="c:\program files\Gadu-Gadu\gg.exe" [2008-03-20 2127296][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-27 815104]"TOSHIBA Volume Indicator"="c:\program files\Toshiba\Utilities\VolControl.exe" [2006-12-13 94208]"ALUAlert"="c:\program files\Symantec\LiveUpdate\ALuNotify.exe" [2007-01-29 484984]"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 517768]"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]"NeroCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-01-29 30248]"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-01-29 46632]"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-02-01 255528]"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2007-03-12 663552]"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-01-26 65536][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"Nokia.PCSync"="d:\moje dokumenty\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 1744896]c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-02-17 65588]Symantec Fax Starter Edition Port.lnk - c:\program files\Microsoft Office\Office\1045\OLFSNT40.EXE [1999-05-17 46080][HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"EnableUIADesktopToggle"= 0 (0x0)[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]"vidc.i420"= i263_32.drv"vidc.XVID"= xvid.dll"msacm.l3codec"= l3codecp.acm"vidc.3iv2"= 3ivxVfWCodec.dll"msacm.divxa32"= divxa32.acm"VIDC.HFYU"= huffyuv.dll"VIDC.i263"= i263_32.drv"msacm.imc"= imc32.acm"VIDC.VP31"= vp31vfw.dll"vidc.DIV3"= DivXc32.dll"vidc.DIV4"= DivXc32f.dll[HKEY_LOCAL_MACHINE\software\microsoft\security center]"UacDisableNotify"=dword:00000001"InternetSettingsDisableNotify"=dword:00000001"AutoUpdateDisableNotify"=dword:00000001[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]"DisableMonitoring"=dword:00000001[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]"DisableMonitoring"=dword:00000001[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]"DisableMonitoring"=dword:00000001[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-735493497-2453998329-1764707017-1000]"EnableNotificationsRef"=dword:00000001[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]"{C5E616D9-BB39-4F1E-B19E-D590E427DC99}"= UDP:26138:BitComet 26138 TCP"{2B5A387D-E296-4057-B38A-C1C2B6E94891}"= TCP:26138:BitComet 26138 UDP"TCP Query User{CC83DF92-E6FA-466C-8E2B-BE0770655822}c:\\program files\\bearshare\\bearshare.exe"= UDP:c:\program files\bearshare\bearshare.exe:BearShare"UDP Query User{DB87E3F5-122C-4E69-BD7D-9B1EF8C59CD5}c:\\program files\\bearshare\\bearshare.exe"= TCP:c:\program files\bearshare\bearshare.exe:BearShare"TCP Query User{018EFBEB-6B58-4E75-ADA4-B211CAFB3588}c:\\program files\\skype\\phone\\skype.exe"= UDP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath "UDP Query User{2269044C-797F-48C0-B2FD-1850457624DE}c:\\program files\\skype\\phone\\skype.exe"= TCP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath "TCP Query User{5F410C39-9DDD-4C52-B3EF-FD84BD0DCE4B}c:\\program files\\bitcomet\\bitcomet.exe"= UDP:c:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client"UDP Query User{EB58FFAF-341C-4851-9794-A01C89695C21}c:\\program files\\bitcomet\\bitcomet.exe"= TCP:c:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client"{2B26ADE6-4F74-4485-A9D4-B18CE3C667D2}"= UDP:c:\program files\Internet Explorer\iexplore.exe:Internet Explorer"{5D3F992E-4B73-44EC-BFE9-D1C574938815}"= TCP:c:\program files\Internet Explorer\iexplore.exe:Internet Explorer"TCP Query User{A7E140E2-FF2B-4F12-8EE1-33021106613D}c:\\program files\\skype\\phone\\skype.exe"= UDP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath "UDP Query User{99A15D36-37BB-4E2E-B7B4-BA014B7B927E}c:\\program files\\skype\\phone\\skype.exe"= TCP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath "TCP Query User{75338AC5-E13F-4C02-B5DF-C9CD498842CC}d:\\gadu-gadu\\gg.exe"= UDP:d:\gadu-gadu\gg.exe:Gadu-Gadu - program główny"UDP Query User{8A636BD3-59D2-4AFE-B7E6-7178630AB373}d:\\gadu-gadu\\gg.exe"= TCP:d:\gadu-gadu\gg.exe:Gadu-Gadu - program główny"TCP Query User{BE10D6D3-2D95-4867-8D3F-A02393CC129E}d:\\ares\\ares.exe"= UDP:d:\ares\ares.exe:Ares p2p for windows"UDP Query User{AF4EACF0-9712-49F4-9D50-071D83D902B6}d:\\ares\\ares.exe"= TCP:d:\ares\ares.exe:Ares p2p for windows"TCP Query User{6D0C0C19-AE40-429A-A730-40B61AE62FC7}d:\\ares\\ares.exe"= UDP:d:\ares\ares.exe:Ares p2p for windows"UDP Query User{44EBC463-4C25-4F50-9215-9361C5A47985}d:\\ares\\ares.exe"= TCP:d:\ares\ares.exe:Ares p2p for windows"TCP Query User{D3A0DA0C-D718-4144-A116-15D4334E2C60}d:\\bitcomet\\bitcomet.exe"= UDP:d:\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client"UDP Query User{C51700B9-1D0B-4E58-A497-3E0C74282E9F}d:\\bitcomet\\bitcomet.exe"= TCP:d:\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client"{D9F2EE31-27C0-4F2E-93C6-BCDA9F4D758C}"= UDP:23306:BitComet 23306 TCP"{D2FB8E9F-0E2B-4D1F-93B0-DEA1EE200AA7}"= TCP:23306:BitComet 23306 UDP"{B239AA4C-DB07-4FE3-9EC9-98AB28A02115}"= UDP:23306:BitComet 23306 TCP"{8CA0B22A-05B5-4FDE-8842-84B4E5E23D85}"= TCP:23306:BitComet 23306 UDP"TCP Query User{3DD09277-F74F-4E31-B120-84838674F003}d:\\bitcomet\\bitcomet.exe"= UDP:d:\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client"UDP Query User{472B0AA9-A570-4832-A162-06CF795ECC48}d:\\bitcomet\\bitcomet.exe"= TCP:d:\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client"{CD1035C3-2783-439F-97CA-484421E1619C}"= c:\program files\Skype\Phone\Skype.exe:Skype"TCP Query User{B922FFC0-B5FC-4923-8F55-F91CB50C7AA9}c:\\program files\\ares\\ares.exe"= UDP:c:\program files\ares\ares.exe:Ares p2p for windows"UDP Query User{C16BA213-C02D-4062-8292-53B3CAFE769E}c:\\program files\\ares\\ares.exe"= TCP:c:\program files\ares\ares.exe:Ares p2p for windows"TCP Query User{9495D0DE-046A-45FB-A1D7-0765122AC278}c:\\program files\\dc++\\dcplusplus.exe"= UDP:c:\program files\dc++\dcplusplus.exe:DC++"UDP Query User{9AD253E7-A5CA-4FDF-9643-524A03B28B2E}c:\\program files\\dc++\\dcplusplus.exe"= TCP:c:\program files\dc++\dcplusplus.exe:DC++"TCP Query User{50D97A51-87E1-4262-805A-BB9580CFD703}c:\\program files\\ares\\ares.exe"= UDP:c:\program files\ares\ares.exe:Ares p2p for windows"UDP Query User{44AF1626-94E2-4681-89B7-9CA63D48C25F}c:\\program files\\ares\\ares.exe"= TCP:c:\program files\ares\ares.exe:Ares p2p for windows"TCP Query User{2298A69E-A0DC-4A50-9500-BB7E8001AE94}c:\\program files\\gadu-gadu\\gg.exe"= UDP:c:\program files\gadu-gadu\gg.exe:Gadu-Gadu - program główny"UDP Query User{CE6C4717-E8AF-4539-8EB8-5EB44480BF01}c:\\program files\\gadu-gadu\\gg.exe"= TCP:c:\program files\gadu-gadu\gg.exe:Gadu-Gadu - program główny"TCP Query User{A91E354D-DEF9-42ED-A5CB-3887D94CE4E0}c:\\program files\\gadu-gadu\\gg.exe"= UDP:c:\program files\gadu-gadu\gg.exe:Gadu-Gadu - program główny"UDP Query User{97571E58-234C-4157-90E3-6B16BCFFF977}c:\\program files\\gadu-gadu\\gg.exe"= TCP:c:\program files\gadu-gadu\gg.exe:Gadu-Gadu - program głównyR1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-07-19 78416]R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]R2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\aswMonFlt.sys [2008-07-19 51280]R3 athrusb;Atheros Wireless LAN USB device driver;c:\windows\system32\DRIVERS\athrusb.sys [2006-12-22 449536]R3 BoiHwsetup;Access 32bits INT15 routine;c:\windows\system32\drivers\BoiHwSetup.sys [2006-10-12 7680]R3 qkbfiltr;Keyboard Filter Driver;c:\windows\system32\DRIVERS\qkbfiltr.sys [2006-11-20 33792][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]\shell\AutoRun\command - G:\LaunchU3.exe -a[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{25189459-0df3-11dd-b3c1-001636e4adc0}]\shell\AutoRun\command - G:\LaunchU3.exe -a[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{51c69164-a572-11dc-8da1-001636e4adc0}]\shell\AutoRun\command - F:\setupSNK.exe[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f363f7ea-0d59-11dc-9928-001636e4adc0}]\shell\AutoRun\command - G:\USBNB.exe*Newly Created Service* - CATCHME*Newly Created Service* - PROCEXP90.Zawartość folderu 'Zaplanowane zadania'2008-11-04 c:\windows\Tasks\User_Feed_Synchronization-{5C3B969C-EDFC-4C1F-9DAC-7D87648FF424}.job- c:\windows\system32\msfeedssync.exe [2008-01-19 08:33].- - - - USUNIĘTO PUSTE WPISY - - - -HKLM-Run-NBKeyScan - c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe.------- Skan uzupełniający -------.R0 -: HKCU-Main,Start Page = hxxp://o2.pl/R0 -: HKLM-Main,Start Page = hxxp://www.yahoo.comO8 -: &D&ownload &with BitComet - d:\bitcomet\BitComet.exe/AddLink.htmO8 -: &D&ownload all video with BitComet - d:\bitcomet\BitComet.exe/AddVideo.htmO8 -: &D&ownload all with BitComet - d:\bitcomet\BitComet.exe/AddAllLink.htmO9 -: {C08CAF1D-C0A3-40D5-9970-06D067EAC017} - http://www.webtip.ch/cgi-bin/toshiba/tracker_url.pl?PLO9 -: {C08CAF1D-C0A3-40D5-9970-06D067EAC017} - http://www.webtip.ch/cgi-bin/toshiba/tracker_url.pl?PL -.**************************************************************************catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2008-11-05 11:38:39Windows 6.0.6001 Service Pack 1 NTFSskanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ...skanowanie ukrytych plików ... skanowanie pomyślnie ukończoneukryte pliki: 0**************************************************************************.Czas ukończenia: 2008-11-05 11:40:27ComboFix-quarantined-files.txt 2008-11-05 10:40:23Przed: 4 729 925 632 bajtów wolnychPo: 5,272,776,704 bajtów wolnych237 --- E O F --- 2008-11-05 08:14:39
Bardock komentarz 5 listopada 2008 komentarz 5 listopada 2008 Nie wiedziałem, że nie wiesz. Ale ok, nie ma problemu, już piszę: HijackThis > Do a system scan only > zaznaczasz podane przeze mnie wpisy > Fix checked. A co do Combo i Silent, to ja już Ci nie pomogę (nie znam się na tym za bardzo), poczekaj na kogoś innego. Pozdrawiam. //Na hjt też się nie znasz //Nie sprawdzaj logów, no chyba, że chcesz warna //Mateusz
andromeda komentarz 5 listopada 2008 Autor komentarz 5 listopada 2008 Ja na pewno się nie znam na żadnych logach :wstydliwy: jeszcze raz proszę o sprawdzenie ale tym razem kogoś kompetentnego ( :!: )
Mateusz J. komentarz 5 listopada 2008 komentarz 5 listopada 2008 O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)O2 - BHO: My Global Search Bar BHO - {37B85A21-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLLO2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\BitComet\tools\BitCometBHO_1.2.2.28.dll (file missing)O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLLO9 - Extra button: eBay - {C08CAF1D-C0A3-40D5-9970-06D067EAC017} - http://www.webtip.ch/cgi-bin/toshiba/tracker_url.pl?PL (file missing)O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://D:\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing) Zaznacz te wpisy w HijackThis, następnie kliknij Fix checked. Infekcje usunął ComboFix. A jaki był dokładnie powód sprawdzania logów?
andromeda komentarz 5 listopada 2008 Autor komentarz 5 listopada 2008 Wszystkie pliki LNK, czyli skróty otwierają mi się tylko i wyłącznie za pomocą Windows Photo Gallery. To jest raczej nieczęsto spotykany problem. Pisałam już na kilku forach, na razie bez rezultatu, ktoś polecił aby wrzucić tu logi. Tyle wiem. Byłabym wdzięczna za jakąś radę...
Mateusz J. komentarz 5 listopada 2008 komentarz 5 listopada 2008 Spróbuj czegoś takiego. Do notatnika wklej: Windows Registry Editor Version 5.00[HKEY_CLASSES_ROOT\.exe]@="exefile""Content Type"="application/x-msdownload"[HKEY_CLASSES_ROOT\.exe\PersistentHandler]@="{098f2470-bae0-11cd-b579-08002b30bfeb}"[HKEY_CLASSES_ROOT\exefile]@="Application""EditFlags"=hex:38,07,00,00"TileInfo"="prop:FileDescription;Company;FileVersion""InfoTip"="prop:FileDescription;Company;FileVersion;Create;Size"[HKEY_CLASSES_ROOT\exefile\DefaultIcon]@="%1"[HKEY_CLASSES_ROOT\exefile\shell][HKEY_CLASSES_ROOT\exefile\shell\open]"EditFlags"=hex:00,00,00,00[HKEY_CLASSES_ROOT\exefile\shell\open\command]@="\"%1\" %*"[HKEY_CLASSES_ROOT\exefile\shell\runas][HKEY_CLASSES_ROOT\exefile\shell\runas\command]@="\"%1\" %*"[HKEY_CLASSES_ROOT\exefile\shellex][HKEY_CLASSES_ROOT\exefile\shellex\DropHandler]@="{86C86720-42A0-1069-A2E8-08002B30309D}"[HKEY_CLASSES_ROOT\exefile\shellex\PropertySheetHandlers][HKEY_CLASSES_ROOT\exefile\shellex\PropertySheetHandlers\PEAnalyser]@="{09A63660-16F9-11d0-B1DF-004F56001CA7}"[HKEY_CLASSES_ROOT\exefile\shellex\PropertySheetHandlers\PifProps]@="{86F19A00-42A0-1069-A2E9-08002B30309D}"[HKEY_CLASSES_ROOT\exefile\shellex\PropertySheetHandlers\ShimLayer Property Page]@="{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"[HKEY_CLASSES_ROOT\regfile]@="Registration Entries""EditFlags"=dword:00100000"BrowserFlags"=dword:00000008[HKEY_CLASSES_ROOT\regfile\DefaultIcon]@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\00,5c,00,72,00,65,00,67,00,65,00,64,00,69,00,74,00,2e,00,65,00,78,00,65,00,\2c,00,31,00,00,00[HKEY_CLASSES_ROOT\regfile\shell]@="open"[HKEY_CLASSES_ROOT\regfile\shell\edit][HKEY_CLASSES_ROOT\regfile\shell\edit\command]@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,4e,00,4f,00,\54,00,45,00,50,00,41,00,44,00,2e,00,45,00,58,00,45,00,20,00,25,00,31,00,00,\00[HKEY_CLASSES_ROOT\regfile\shell\open]@="Mer&ge"[HKEY_CLASSES_ROOT\regfile\shell\open\command]@="regedit.exe \"%1\""[HKEY_CLASSES_ROOT\regfile\shell\print][HKEY_CLASSES_ROOT\regfile\shell\print\command]@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,4e,00,4f,00,\54,00,45,00,50,00,41,00,44,00,2e,00,45,00,58,00,45,00,20,00,2f,00,70,00,20,\00,25,00,31,00,00,00[HKEY_CLASSES_ROOT\.lnk]@="lnkfile"[HKEY_CLASSES_ROOT\.lnk\ShellEx][HKEY_CLASSES_ROOT\.lnk\ShellEx\{000214EE-0000-0000-C000-000000000046}]@="{00021401-0000-0000-C000-000000000046}"[HKEY_CLASSES_ROOT\.lnk\ShellEx\{000214F9-0000-0000-C000-000000000046}]@="{00021401-0000-0000-C000-000000000046}"[HKEY_CLASSES_ROOT\.lnk\ShellEx\{00021500-0000-0000-C000-000000000046}]@="{00021401-0000-0000-C000-000000000046}"[HKEY_CLASSES_ROOT\.lnk\ShellEx\{BB2E617C-0920-11d1-9A0B-00C04FC2D6C1}]@="{00021401-0000-0000-C000-000000000046}"[HKEY_CLASSES_ROOT\.lnk\ShellNew]"Command"="rundll32.exe appwiz.cpl,NewLinkHere %1"[HKEY_CLASSES_ROOT\lnkfile]@="Shortcut""EditFlags"=dword:00000001"IsShortcut"="""NeverShowExt"=""[HKEY_CLASSES_ROOT\lnkfile\CLSID]@="{00021401-0000-0000-C000-000000000046}"[HKEY_CLASSES_ROOT\lnkfile\shellex][HKEY_CLASSES_ROOT\lnkfile\shellex\ContextMenuHandlers][HKEY_CLASSES_ROOT\lnkfile\shellex\ContextMenuHandlers\Offline Files]@="{750fdf0e-2a26-11d1-a3ea-080036587f03}"[HKEY_CLASSES_ROOT\lnkfile\shellex\ContextMenuHandlers\{00021401-0000-0000-C000-000000000046}][HKEY_CLASSES_ROOT\lnkfile\shellex\DropHandler]@="{00021401-0000-0000-C000-000000000046}"[HKEY_CLASSES_ROOT\lnkfile\shellex\IconHandler]@="{00021401-0000-0000-C000-000000000046}"[HKEY_CLASSES_ROOT\lnkfile\shellex\PropertySheetHandlers][HKEY_CLASSES_ROOT\lnkfile\shellex\PropertySheetHandlers\ShimLayer Property Page]@="{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"[HKEY_CLASSES_ROOT\CLSID\{00021401-0000-0000-C000-000000000046}]@="Shortcut"[HKEY_CLASSES_ROOT\CLSID\{00021401-0000-0000-C000-000000000046}\InProcServer32]@="shell32.dll""ThreadingModel"="Apartment"[HKEY_CLASSES_ROOT\CLSID\{00021401-0000-0000-C000-000000000046}\PersistentAddinsRegistered][HKEY_CLASSES_ROOT\CLSID\{00021401-0000-0000-C000-000000000046}\PersistentAddinsRegistered\{89BCB740-6119-101A-BCB7-00DD010655AF}]@="{00021401-0000-0000-C000-000000000046}"[HKEY_CLASSES_ROOT\CLSID\{00021401-0000-0000-C000-000000000046}\PersistentHandler]@="{00021401-0000-0000-C000-000000000046}"[HKEY_CLASSES_ROOT\CLSID\{00021401-0000-0000-C000-000000000046}\ProgID]@="lnkfile"[HKEY_CLASSES_ROOT\CLSID\{00021401-0000-0000-C000-000000000046}\shellex][HKEY_CLASSES_ROOT\CLSID\{00021401-0000-0000-C000-000000000046}\shellex\MayChangeDefaultMenu] Plik ==> Zapisz jako ==> Zmień rozszerzenie na Wszystkie pliki ==> Zapisz pod nazwą FIX.REG Uruchom utworzony plik FIX.REG i potwierdź dodanie do Rejestru i zresetuj komputer.
andromeda komentarz 5 listopada 2008 Autor komentarz 5 listopada 2008 Niestety nie udało się Pojawił się błąd: Nie można zaimprtować.. nie wszystkie dane zostały pomyślnie zapisane w rejestrze. Niektóre klucze są otwarte przez system lub inne procesy zresetowałam mimo to ale brak poprawy, no i mam wirusa, niewiem gdzie, niewiem jakiego bo avast antiwirus mi go nie wykrył, a mam napewno (jedna strona otwiera mi się 1-2 minut). Please help!
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.