witam wstaje dzisaj rano a tu psikus zero działajacych skrótów i wogóle dziwnie zachowujacy sie komp.Wrzucam event log z ad-watch może ktos juz miał podobny problem. z góry dzieki za pomoc
2006-05-12 08:56:59 - Registry modification detected
Root:HKEY_LOCAL_MACHINE
Key:SOFTWARE\Classes\regfile\shell\open\command
Value:
Data:
New Data:regedit.exe “%1”
===============================================
2006-05-12 08:57:10 - Registry modification detected
Root:HKEY_LOCAL_MACHINE
Key:SOFTWARE\Classes\lnkfile\CLSID
Value:
Data:
New Data:{00021401-0000-0000-C000-000000000046}
===============================================
2006-05-12 08:57:11 - Registry modification detected
Root:HKEY_LOCAL_MACHINE
Key:SOFTWARE\Classes\exefile\shell\open\command
Value:
Data:
New Data:"%1" %*
===============================================
2006-05-12 08:57:12 - Registry modification detected
Root:HKEY_LOCAL_MACHINE
Key:Software\Classes.com
Value:
Data:
New Data:comfile
===============================================
2006-05-12 08:57:12 - Registry modification detected
Root:HKEY_LOCAL_MACHINE
Key:Software\Classes.scr
Value:
Data:
New Data:scrfile
===============================================
2006-05-12 08:57:13 - Registry modification detected
Root:HKEY_LOCAL_MACHINE
Key:Software\Classes.bat
Value:
Data:
New Data:batfile
===============================================
2006-05-12 08:57:14 - Registry modification detected
Root:HKEY_LOCAL_MACHINE
Key:Software\Classes.pif
Value:
Data:
New Data:piffile
===============================================
2006-05-12 08:57:15 - Registry modification detected
Root:HKEY_LOCAL_MACHINE
Key:Software\Classes.reg
Value:
Data:
New Data:regfile
===============================================
2006-05-12 08:57:16 - Registry modification detected
Root:HKEY_LOCAL_MACHINE
Key:Software\Classes.lnk
Value:
Data:
New Data:lnkfile
===============================================
2006-05-12 08:57:25 - Registry modification detected
Root:HKEY_LOCAL_MACHINE
Key:Software\Classes.exe
Value:
Data:
New Data:exefile
===============================================
2006-05-12 08:57:26 - Registry modification detected
Root:HKEY_LOCAL_MACHINE
Key:Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
Value:0aMCPClient
Data:
New Data:{F5DF91F9-15E9-416B-A7C3-7519B11ECBFC}
===============================================
2006-05-12 08:57:27 - Registry modification detected
Root:HKEY_LOCAL_MACHINE
Key:Software\Microsoft\Windows\CurrentVersion\Policies\System
Value:dontdisplaylastusername
Data:
New Data:0
===============================================
2006-05-12 09:52:36 - Registry modification detected
Root:HKEY_CURRENT_USER
Key:Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
Value:NoLowDiskSpaceChecks
Data:
New Data:1
===============================================
2006-05-12 09:52:39 - Registry modification detected
Root:HKEY_LOCAL_MACHINE
Key:Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
Value:LinkResolveIgnoreLinkInfo
Data:
New Data:0
===============================================
2006-05-12 09:52:40 - Registry modification detected
Root:HKEY_LOCAL_MACHINE
Key:Software\Microsoft\Windows\CurrentVersion\Run
Value:SunJavaUpdateSched
Data:
New Data:C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
===============================================
2006-05-12 09:52:41 - Registry modification detected
Root:HKEY_CURRENT_USER
Key:Software\Microsoft\Windows\CurrentVersion\Run
Value:Konnekt
Data:
New Data:“C:\Program Files\Konnekt\konnekt.exe” /autostart
===============================================
2006-05-12 09:52:41 - Registry modification detected
Root:HKEY_LOCAL_MACHINE
Key:Software\Microsoft\Internet Explorer\Search
Value:SearchAssistant
Data:
New Data:
===============================================
2006-05-12 09:52:41 - Registry modification detected
Root:HKEY_LOCAL_MACHINE
Key:Software\Microsoft\Internet Explorer\Main
Value:Default_Page_URL
Data:
New Data:http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
===============================================
2006-05-12 09:52:42 - Registry modification detected
Root:HKEY_CURRENT_USER
Key:Software\Microsoft\Internet Explorer\SearchUrl
Value:provider
Data:
New Data:intranet
===============================================
2006-05-12 09:52:42 - Registry modification detected
Root:HKEY_LOCAL_MACHINE
Key:Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
Value:PostBootReminder
Data:
New Data:{7849596a-48ea-486e-8937-a2a3009f31a9}
2006-05-12 09:52:43 - Registry modification detected
Root:HKEY_LOCAL_MACHINE
Key:Software\Microsoft\Windows\CurrentVersion\Policies\System
Value:legalnoticecaption
Data:
New Data:
===============================================
2006-05-12 09:52:43 - Registry modification detected
Root:HKEY_CURRENT_USER
Key:Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
Value:NoInstrumentation
Data:
New Data:0
===============================================
2006-05-12 09:52:43 - Registry modification detected
Root:HKEY_LOCAL_MACHINE
Key:Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
Value:NoResolveSearch
Data:
New Data:1
===============================================
2006-05-12 09:52:44 - Registry modification detected
Root:HKEY_LOCAL_MACHINE
Key:Software\Microsoft\Windows\CurrentVersion\Run
Value:avast!
Data:
New Data:d:\Program Files\Alwil Software\Avast4\ashDisp.exe
===============================================
2006-05-12 09:52:44 - Registry modification detected
Root:HKEY_CURRENT_USER
Key:Software\Microsoft\Windows\CurrentVersion\Run
Value:AWMON
Data:
New Data:“D:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe”
===============================================
2006-05-12 09:52:44 - Registry modification detected
Root:HKEY_LOCAL_MACHINE
Key:Software\Microsoft\Internet Explorer\Search
Value:CustomizeSearch
Data:
New Data:http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
===============================================
2006-05-12 09:52:44 - Registry modification detected
Root:HKEY_LOCAL_MACHINE
Key:Software\Microsoft\Internet Explorer\Main
Value:Default_Search_URL
Data:
New Data:http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
===============================================
2006-05-12 09:52:45 - Registry modification detected
Root:HKEY_LOCAL_MACHINE
Key:Software\Microsoft\Internet Explorer\Main
Value:Search Page
Data:
New Data:http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
===============================================
2006-05-12 09:52:46 - Registry modification detected
Root:HKEY_CURRENT_USER
Key:Software\Microsoft\Windows\CurrentVersion\Run
Value:tinydialer
Data:
New Data:“C:\Program Files\Tiny Dialer\dialup.exe” /tray
===============================================
2006-05-12 09:52:46 - Registry modification detected
Root:HKEY_CURRENT_USER
Key:Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
Value:ForceClassicControlPanel
Data:
New Data:1
===============================================
2006-05-12 09:52:46 - Registry modification detected
Root:HKEY_LOCAL_MACHINE
Key:Software\Microsoft\Windows\CurrentVersion\Policies\System
Value:legalnoticetext
Data:
New Data:
===============================================
2006-05-12 09:52:46 - Registry modification detected
Root:HKEY_LOCAL_MACHINE
Key:Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
Value:CDBurn
Data:
New Data:{fbeb8a05-beee-4442-804e-409d6c4515e9}
===============================================
2006-05-12 09:52:47 - Registry modification detected
Root:HKEY_LOCAL_MACHINE
Key:Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
Value:WebCheck
Data:
New Data:{E6FB5E20-DE35-11CF-9C87-00AA005127ED}
===============================================
2006-05-12 09:52:47 - Registry modification detected
Root:HKEY_LOCAL_MACHINE
Key:Software\Microsoft\Windows\CurrentVersion\Policies\System
Value:shutdownwithoutlogon
Data:
New Data:1
===============================================
2006-05-12 09:52:48 - Registry modification detected
Root:HKEY_LOCAL_MACHINE
Key:Software\Microsoft\Internet Explorer\Main
Value:Local Page
Data:
New Data:C:\WINDOWS\System32\blank.htm
===============================================
2006-05-12 09:52:48 - Registry modification detected
Root:HKEY_LOCAL_MACHINE
Key:Software\Microsoft\Internet Explorer\Main
Value:Start Page
Data:
New Data:http://www.google.pl
===============================================
2006-05-12 09:53:56 - Registry modification detected
Root:HKEY_LOCAL_MACHINE
Key:Software\Microsoft\Windows\CurrentVersion\Policies\System
Value:undockwithoutlogon
Data:
New Data:1
===============================================
2006-05-12 09:53:57 - Registry modification detected
Root:HKEY_LOCAL_MACHINE
Key:Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
Value:SysTray
Data:
New Data:{35CEC8A3-2BE6-11D2-8773-92E220524153}
===============================================
2006-05-12 09:53:58 - Registry modification detected
Root:HKEY_LOCAL_MACHINE
Key:Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
Value:IconPackager Repair
Data:
New Data:{1799460C-0BC8-4865-B9DF-4A36CD703FF0}
===============================================
2006-05-12 09:53:59 - Registry modification detected
Root:HKEY_CURRENT_USER
Key:Software\Microsoft\Internet Explorer\Main
Value:Local Page
Data:
New Data:C:\WINDOWS\System32\blank.htm
===============================================
2006-05-12 09:54:39 - Registry modification detected
Root:HKEY_CURRENT_USER
Key:Software\Microsoft\Internet Explorer\Main
Value:Search Page
Data:
New Data:http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
===============================================
2006-05-12 09:54:40 - Registry modification detected
Root:HKEY_CURRENT_USER
Key:Software\Microsoft\Internet Explorer\Main
Value:Start Page
Data:
New Data:http://www.sfd.pl/
2006-05-12 10:07:34 - Registry modification detected
Root:HKEY_LOCAL_MACHINE
Key:Software\Classes.exe
Value:Content Type
Data:
New Data:application/x-msdownload
Złączono Posta : 12.05.2006 (Pią) 11:09
dorzucam jescze akutualny log z hijacka
Logfile of HijackThis v1.99.1
Scan saved at 11:09:01, on 2006-05-12
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\crypserv.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Raxco\PerfectDisk\PDSched.exe
D:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Tiny Dialer\dialup.exe
C:\Documents and Settings\Dracula\Pulpit\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 211.34.123.125:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - D:\Program Files\Spyware Doctor\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - D:\Program Files\Spyware Doctor\tools\iesdpb.dll
O4 - HKCU\..\Run: [AWMON] "D:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - D:\Program Files\Spyware Doctor\tools\iesdpb.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O17 - HKLM\System\CCS\Services\Tcpip\..\{5AA8224E-924F-4A99-B5B2-72E584214528}: NameServer = 194.204.152.34 217.98.63.164
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: kavsvc - Unknown owner - d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe (file missing)
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe