logi.zip

prosze o sprawdzenie loga

witam, mam w notebooku problem z karta WiFi, rozlacza sie od tak :( prosze o sprawdzenie logow z Combofixa i hijacka dzieki pozdrowionka

  • logi.zip
    • startuplist.txt
    • hijackthis.log
    • ComboFix.txt


Pobierz plik - link do postu

logi.zip > startuplist.txt

StartupList report, 2009-05-10, 21:29:48
StartupList version: 1.52.2
Started from : E:\instalki\antyvir\HiJackThis.EXE
Detected: Windows XP Dodatek SP3 (WinNT 5.01.2600)
Detected: Internet Explorer v8.00 (8.00.6001.18702)
* Using default options
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\tsnp2std.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Nowe Gadu-Gadu\gg.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\O2Micro Oz128 Driver\o2flash.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Nowe Gadu-Gadu\spellchecker_gg.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
E:\instalki\antyvir\HiJackThis.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Common Startup:
[C:\Documents and Settings\All Users\Menu Start\Programy\Autostart]
Bluetooth Manager.lnk = ?

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

tsnp2std = C:\WINDOWS\tsnp2std.exe
IgfxTray = C:\WINDOWS\system32\igfxtray.exe
HotKeysCmds = C:\WINDOWS\system32\hkcmd.exe
Persistence = C:\WINDOWS\system32\igfxpers.exe
AGRSMMSG = AGRSMMSG.exe
RTHDCPL = RTHDCPL.EXE
avast! = C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
SunJavaUpdateSched = " C:\Program Files\Java\jre6\bin\jusched.exe "
Adobe Reader Speed Launcher = " C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe "

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

Nowe Gadu-Gadu = " C:\Program Files\Nowe Gadu-Gadu\gg.exe "

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

[OptionalComponents]
=

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=*Registry value not found*
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry value not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------


Enumerating Browser Helper Objects:

AcroIEHelperStub - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll - {18DF081C-E8AD-4283-A596-FA578C2EBDC3}
(no name) - C:\Program Files\Java\jre6\bin\jp2ssv.dll - {DBC80044-A445-435b-BC74-9C25C1C588A9}
JQSIEStartDetectorImpl - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll - {E7E6F031-17CE-4C07-BC86-EABFE594F69C}

--------------------------------------------------

Enumerating Task Scheduler jobs:

User_Feed_Synchronization-{D256C587-DFAF-40E1-B510-3EC1FAB9C904}.job

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\system32\webcheck.dll
SysTray: C:\WINDOWS\system32\stobject.dll

--------------------------------------------------
End of report, 5 390 bytes
Report generated in 0,047 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only


logi.zip > ComboFix.txt

ComboFix 09-05-09.05 - sylwia 2009-05-10 20:48.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.48.1045.18.2039.1649 [GMT 2:00]
Uruchomiony z: e:\instalki\antyvir\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090509-0] *On-access scanning disabled* (Updated)
.

((((((((((((((((((((((((( Pliki utworzone od 2009-04-10 do 2009-05-10 )))))))))))))))))))))))))))))))
.

2009-05-10 14:51 . 2009-02-25 18:19 1744288 ----a-w c:\windows\system32\drivers\athwx.sys
2009-05-10 14:51 . 2009-02-25 18:17 1344224 ----a-w c:\windows\system32\drivers\athw.sys
2009-05-01 23:17 . 2009-05-01 23:17 -------- d-----w c:\documents and settings\sylwia\Dane aplikacji\gtk-2.0
2009-05-01 23:17 . 2009-05-01 23:17 -------- d-----w c:\documents and settings\sylwia\.thumbnails
2009-05-01 23:16 . 2009-05-03 15:15 -------- d-----w c:\documents and settings\sylwia\.gimp-2.6
2009-05-01 23:16 . 2009-05-01 23:16 -------- d-----w c:\documents and settings\sylwia\.gegl-0.0
2009-05-01 23:16 . 2009-05-01 23:16 -------- d-----w c:\program files\GIMP-2.0
2009-05-01 23:03 . 2009-05-01 23:03 -------- d-----w c:\documents and settings\sylwia\Dane aplikacji\Media Player Classic
2009-05-01 22:37 . 2009-05-01 22:38 -------- d-----w c:\documents and settings\sylwia\Ustawienia lokalne\Dane aplikacji\Adobe
2009-05-01 22:36 . 2007-05-02 17:00 546976 ----a-w c:\windows\system32\ar5211.sys
2009-05-01 21:59 . 2009-05-01 21:59 -------- d-----w c:\windows\Sun
2009-05-01 21:57 . 2009-05-01 21:57 410984 ----a-w c:\windows\system32\deploytk.dll
2009-05-01 21:57 . 2009-05-01 21:57 -------- d-----w c:\program files\Java
2009-05-01 21:47 . 2009-05-01 21:47 -------- d-----w c:\windows\system32\Adobe
2009-05-01 21:22 . 2009-05-01 21:22 -------- d-----w c:\documents and settings\sylwia\Dane aplikacji\Ashampoo
2009-05-01 21:19 . 2009-05-01 21:19 -------- d-----w c:\documents and settings\sylwia\Ustawienia lokalne\Dane aplikacji\ashampoo
2009-05-01 21:19 . 2009-05-01 21:19 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\ashampoo
2009-05-01 21:19 . 2009-05-01 21:19 -------- d-----w c:\program files\Ashampoo
2009-05-01 21:16 . 2009-05-01 21:16 -------- d-----w c:\documents and settings\sylwia\.gstreamer-0.10
2009-05-01 21:16 . 2009-05-01 21:16 -------- d-----w c:\documents and settings\sylwia\Dane aplikacji\OpenFM
2009-05-01 21:08 . 2008-04-13 22:15 26368 -c--a-w c:\windows\system32\dllcache\usbstor.sys
2009-05-01 20:40 . 2001-10-26 14:57 12160 -c--a-w c:\windows\system32\dllcache\mouhid.sys
2009-05-01 20:40 . 2001-10-26 14:57 12160 ----a-w c:\windows\system32\drivers\mouhid.sys
2009-05-01 20:40 . 2008-04-13 22:15 10368 -c--a-w c:\windows\system32\dllcache\hidusb.sys
2009-05-01 20:40 . 2008-04-13 22:15 10368 ----a-w c:\windows\system32\drivers\hidusb.sys
2009-05-01 19:28 . 2009-05-01 19:28 -------- d-----w c:\documents and settings\sylwia\Ustawienia lokalne\Dane aplikacji\Identities
2009-05-01 18:25 . 2009-05-01 21:06 -------- d-----w c:\documents and settings\sylwia\Dane aplikacji\Nowe Gadu-Gadu
2009-05-01 18:25 . 2009-05-01 21:04 -------- d-----w c:\program files\Nowe Gadu-Gadu
2009-04-28 19:29 . 2009-05-01 20:38 -------- d-----w c:\program files\Windows Media Connect 2
2009-04-28 19:28 . 2009-05-01 20:38 -------- d-----w c:\windows\system32\drivers\UMDF
2009-04-28 19:20 . 2009-04-28 19:20 -------- d-sh--w c:\documents and settings\sylwia\IECompatCache
2009-04-28 19:19 . 2009-04-28 19:19 -------- d-sh--w c:\documents and settings\sylwia\PrivacIE
2009-04-28 19:18 . 2009-04-28 19:18 -------- d-sh--w c:\documents and settings\sylwia\IETldCache
2009-04-28 19:12 . 2009-04-28 19:12 -------- d-----w c:\windows\ie8updates
2009-04-28 19:12 . 2009-02-28 04:55 105984 -c----w c:\windows\system32\dllcache\iecompat.dll
2009-04-28 19:11 . 2009-04-28 19:12 -------- dc-h--w c:\windows\ie8
2009-04-27 21:47 . 2009-02-09 11:26 2190336 -c----w c:\windows\system32\dllcache\ntoskrnl.exe
2009-04-27 21:47 . 2009-02-09 11:26 2146816 -c----w c:\windows\system32\dllcache\ntkrnlmp.exe
2009-04-27 21:47 . 2009-02-09 11:26 2025472 -c----w c:\windows\system32\dllcache\ntkrpamp.exe
2009-04-27 21:43 . 2008-10-24 11:21 455296 -c----w c:\windows\system32\dllcache\mrxsmb.sys
2009-04-27 21:41 . 2008-06-14 17:36 273024 -c----w c:\windows\system32\dllcache\bthport.sys
2009-04-27 21:41 . 2008-06-14 17:36 273024 ------w c:\windows\system32\drivers\bthport.sys
2009-04-27 21:38 . 2009-01-07 16:21 26144 ----a-w c:\windows\system32\spupdsvc.exe
2009-04-27 21:38 . 2009-04-28 19:12 -------- d--h--w c:\windows\$hf_mig$
2009-04-27 21:37 . 2009-04-27 21:37 -------- d-sh--w c:\documents and settings\sylwia\UserData
2009-04-27 21:10 . 2009-05-01 22:47 -------- d-----w c:\program files\Common Files\Adobe
2009-04-27 21:09 . 2009-04-27 21:09 -------- d-----w c:\program files\7-Zip
2009-04-27 20:57 . 2003-03-18 19:20 1060864 ----a-w c:\windows\system32\MFC71.dll
2009-04-27 20:57 . 2003-03-18 18:14 499712 ----a-w c:\windows\system32\MSVCP71.dll
2009-04-27 20:57 . 2003-02-21 02:42 348160 ----a-w c:\windows\system32\MSVCR71.dll
2009-04-27 20:57 . 2009-04-27 20:57 -------- d-----w c:\program files\Alwil Software

.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-01 22:36 . 2009-04-27 12:27 -------- d--h--w c:\program files\InstallShield Installation Information
2009-05-01 22:30 . 2009-04-27 12:30 -------- d-----w c:\program files\Intel
2009-05-01 22:29 . 2009-04-27 12:42 356352 ----a-w c:\windows\system32\AegisI5Installer.exe
2009-05-01 19:30 . 2009-04-27 12:10 76487 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-04-28 19:10 . 2008-04-15 12:00 49910 ----a-w c:\windows\system32\perfc015.dat
2009-04-28 19:10 . 2008-04-15 12:00 356068 ----a-w c:\windows\system32\perfh015.dat
2009-04-27 21:12 . 2009-04-27 21:12 0 ----a-w c:\windows\nsreg.dat
2009-04-27 21:12 . 2009-04-27 21:12 -------- d-----w c:\program files\K-Lite Codec Pack
2009-04-27 12:36 . 2009-04-27 12:36 -------- d-----w c:\program files\Toshiba
2009-04-27 12:35 . 2009-04-27 12:35 -------- d-----w c:\program files\Realtek
2009-04-27 12:35 . 2009-04-27 12:35 315392 ----a-w c:\windows\HideWin.exe
2009-04-27 12:35 . 2009-04-27 12:35 -------- d-----w c:\program files\O2Micro Oz128 Driver
2009-04-27 12:27 . 2009-04-27 12:27 -------- d-----w c:\program files\Common Files\snp2std
2009-04-27 12:27 . 2009-04-27 12:27 -------- d-----w c:\program files\Common Files\InstallShield
2009-04-27 12:18 . 2009-04-27 12:18 12328 ----a-w c:\documents and settings\sylwia\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
2009-04-27 12:11 . 2009-04-27 12:11 -------- d-----w c:\program files\microsoft frontpage
2009-04-27 12:10 . 2008-04-15 12:00 67 --sha-w c:\windows\Fonts\desktop.ini
2009-04-27 12:09 . 2009-04-27 12:09 -------- d-----w c:\program files\Us?ugi online
2009-04-27 12:07 . 2009-04-27 12:07 21856 ----a-w c:\windows\system32\emptyregdb.dat
2009-03-08 02:34 . 2008-04-15 12:00 914944 ----a-w c:\windows\system32\wininet.dll
2009-03-08 02:34 . 2008-04-15 12:00 43008 ----a-w c:\windows\system32\licmgr10.dll
2009-03-08 02:33 . 2008-04-15 12:00 18944 ----a-w c:\windows\system32\corpol.dll
2009-03-08 02:33 . 2008-04-15 12:00 420352 ----a-w c:\windows\system32\vbscript.dll
2009-03-08 02:32 . 2008-04-15 12:00 72704 ----a-w c:\windows\system32\admparse.dll
2009-03-08 02:32 . 2008-04-15 12:00 71680 ----a-w c:\windows\system32\iesetup.dll
2009-03-08 02:31 . 2008-04-15 12:00 34816 ----a-w c:\windows\system32\imgutil.dll
2009-03-08 02:31 . 2008-04-15 12:00 48128 ----a-w c:\windows\system32\mshtmler.dll
2009-03-08 02:31 . 2008-04-15 12:00 45568 ----a-w c:\windows\system32\mshta.exe
2009-03-08 02:22 . 2008-04-15 12:00 156160 ----a-w c:\windows\system32\msls31.dll
2009-03-06 14:22 . 2008-04-15 12:00 285696 ----a-w c:\windows\system32\pdh.dll
2009-03-02 18:10 . 2009-04-27 21:12 67584 ----a-w c:\windows\system32\ff_vfw.dll
.

((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyœlne, prawid?owe wpisy nie s? pokazane
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
" Nowe Gadu-Gadu " = " c:\program files\Nowe Gadu-Gadu\gg.exe " [2009-04-20 9818728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
" tsnp2std " = " c:\windows\tsnp2std.exe " [2005-08-17 90112]
" IgfxTray " = " c:\windows\system32\igfxtray.exe " [2007-06-13 142104]
" HotKeysCmds " = " c:\windows\system32\hkcmd.exe " [2007-06-13 162584]
" Persistence " = " c:\windows\system32\igfxpers.exe " [2007-06-13 138008]
" ITSecMng " = " c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe " [2008-12-19 83336]
" avast! " = " c:\progra~1\ALWILS~1\Avast4\ashDisp.exe " [2009-02-05 81000]
" SunJavaUpdateSched " = " c:\program files\Java\jre6\bin\jusched.exe " [2009-05-01 148888]
" Adobe Reader Speed Launcher " = " c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe " [2009-02-27 35696]
" AGRSMMSG " = " AGRSMMSG.exe " - c:\windows\AGRSMMSG.exe [2006-06-29 89541]
" RTHDCPL " = " RTHDCPL.EXE " - c:\windows\RTHDCPL.exe [2007-07-05 16380416]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
" CTFMON.EXE " = " c:\windows\system32\CTFMON.EXE " [2008-04-15 15360]

c:\documents and settings\All Users\Menu Start\Programy\Autostart\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2009-1-6 2360648]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
" AntiVirusOverride " =dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
" %windir%\\Network Diagnostic\\xpnetdiag.exe " =
" %windir%\\system32\\sessmgr.exe " =
" c:\\Program Files\\Nowe Gadu-Gadu\\gg.exe " =

R0 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2009-04-27 39680]
R0 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [2009-04-27 35712]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-04-27 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-04-27 20560]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ & gt; {60B49E34-C7CC-11D0-8953-00A0C90347FF}]
" c:\windows\system32\rundll32.exe " " c:\windows\system32\iedkcs32.dll " ,BrandIEActiveSetup SIGNUP
.
Zawartoœae folderu 'Zaplanowane zadania'

2009-05-10 c:\windows\Tasks\User_Feed_Synchronization-{D256C587-DFAF-40E1-B510-3EC1FAB9C904}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
.
.
------- Skan uzupe?niaj?cy -------
.
FF - ProfilePath - c:\documents and settings\sylwia\Dane aplikacji\Mozilla\Firefox\Profiles\m04cbkae.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.pl
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-10 20:49
Windows 5.1.2600 Dodatek Service Pack 3 NTFS

skanowanie ukrytych procesów ...

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ...

skanowanie pomyœlnie uko?czone
ukryte pliki: 0

**************************************************************************
.
--------------------- Pliki DLL ?adowane pod uruchomionymi procesami ---------------------

- - - - - - - & gt; 'explorer.exe'(1584)
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
Czas uko?czenia: 2009-05-10 20:50
ComboFix-quarantined-files.txt 2009-05-10 18:50

Przed: 24 972 689 408 bajtów wolnych
Po: 24 973 152 256 bajtów wolnych

WindowsXP-KB310994-SP2-Home-BootDisk-PLK.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT= " Microsoft Windows Recovery Console " /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS= " Microsoft Windows XP Home Edition " /noexecute=optin /fastdetect

165