Blad przy wlaczaniu pc


(Luucass92) #1

Po włączeniu kompa wyskakuje mi komunikat: Wystąpił błąd podczas ładowania C:\Program~1\MYWEBS~1\bar\3.bin\M3PLUGIN.DLL Nie można odnaleźć określonego modułu.

Daje O.K. i wszystko niby działa. jak wyłączyć ten komunikat i co on oznacza?


(tores1977) #2

Daj loga Hijack This i Silent Runners viewtopic.php?t=36654

to chyba pozostałość po mywebsearch


(Luucass92) #3

Hijack

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 23:54:15, on 2009-11-24

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal


Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\VTTimer.exe

C:\WINDOWS\system32\VTtrayp.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\HP\hpcoretech\hpcmpmgr.exe

C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe

C:\Program Files\ESET\ESET Smart Security\egui.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Gadu-Gadu\gg.exe

C:\Program Files\Pando Networks\Media Booster\PMB.exe

C:\Program Files\ESET\ESET Smart Security\ekrn.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\System32\WScript.exe

C:\Documents and Settings\Kostek_czwk\Pulpit\Nowy folder\HijackThis.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.garena.com/portal/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)

O2 - BHO: flashget2 urlcatch - {1F364306-AA45-47B5-9F9D-39A8B94E7EF1} - C:\Program Files\FlashGet Network\FlashGet universal\ComDlls\bhoCATCH.dll

O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll

O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Foxit Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe

O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe

O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [MyWebSearch Plugin] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL,UPF

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray

O4 - HKCU\..\Run: [Pando Media Booster] "C:\Program Files\Pando Networks\Media Booster\PMB.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA LOKALNA')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA SIECIOWA')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: &Download All by FlashGet - C:\Program Files\FlashGet Network\FlashGet universal\ComDlls\Bhoall.htm

O8 - Extra context menu item: &Download by FlashGet - C:\Program Files\FlashGet Network\FlashGet universal\ComDlls\Bholink.htm

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe

O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe


--

End of file - 4442 bytes

Silent Runners

"Silent Runners.vbs", revision 60, http://www.silentrunners.org/

Operating System: Windows XP SP2

Output limited to non-default values, except where indicated by "{++}"



Startup items buried in registry:

---------------------------------


HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}

"CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS]

"Gadu-Gadu" = ""C:\Program Files\Gadu-Gadu\gg.exe" /tray" ["Gadu-Gadu S.A."]

"Pando Media Booster" = ""C:\Program Files\Pando Networks\Media Booster\PMB.exe" [file not found]


HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}

"VTTimer" = "VTTimer.exe" ["S3 Graphics, Inc."]

"VTTrayp" = "VTtrayp.exe" ["S3 Graphics Co., Ltd."]

"SoundMan" = "SOUNDMAN.EXE" ["Realtek Semiconductor Corp."]

"HP Component Manager" = ""C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"" ["Hewlett-Packard Company"]

"HP Software Update" = ""C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"" ["Hewlett-Packard Company"]

"HPDJ Taskbar Utility" = "C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe" ["HP"]

"egui" = ""C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice" ["ESET"]

"SunJavaUpdateSched" = ""C:\Program Files\Java\jre6\bin\jusched.exe"" ["Sun Microsystems, Inc."]

"NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]

"MyWebSearch Plugin" = "rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL,UPF" [MS]


HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\


{1F364306-AA45-47B5-9F9D-39A8B94E7EF1}\(Default) = "flashget2 urlcatch"

  -> {HKLM...CLSID} = "FG2CatchUrl"

                   \InProcServer32\(Default) = "C:\Program Files\FlashGet Network\FlashGet universal\ComDlls\bhoCATCH.dll" ["FlashGet"]


{201f27d4-3704-41d6-89c1-aa35e39143ed}\(Default) = "AskBar BHO"

  -> {HKLM...CLSID} = "AskBar BHO"

                   \InProcServer32\(Default) = "C:\Program Files\AskBarDis\bar\bin\askBar.dll" ["Ask.com"]


{DBC80044-A445-435b-BC74-9C25C1C588A9}\(Default) = (no title provided)

  -> {HKLM...CLSID} = "Java(tm) Plug-In 2 SSV Helper"

                   \InProcServer32\(Default) = "C:\Program Files\Java\jre6\bin\jp2ssv.dll" ["Sun Microsystems, Inc."]


{E7E6F031-17CE-4C07-BC86-EABFE594F69C}\(Default) = "JQSIEStartDetectorImpl"

  -> {HKLM...CLSID} = "JQSIEStartDetectorImpl Class"

                   \InProcServer32\(Default) = "C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll" ["Sun Microsystems, Inc."]


HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\


"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"

  -> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"

                   \InProcServer32\(Default) = "deskpan.dll" [file not found]


"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"

  -> {HKLM...CLSID} = "HyperTerminal Icon Ext"

                   \InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]


"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" ["Alexander Roshal"]


"{1F77B17B-F531-44DB-ACA4-76ABB5010A28}" = "AIMP2: ShellExt"

  -> {HKLM...CLSID} = "AIMP2: ShellExt"

                   \InProcServer32\(Default) = "C:\PROGRA~1\AIMP2\System\AIMP_S~1.DLL" ["AIMP DevTeam"]


"{B089FE88-FB52-11D3-BDF1-0050DA34150D}" = "Eset Smart Security - Context Menu Shell Extension"

  -> {HKLM...CLSID} = "Eset Smart Security - Context Menu Shell Extension"

                   \InProcServer32\(Default) = "C:\Program Files\ESET\ESET Smart Security\shellExt.dll" ["ESET"]


"{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" = "OpenOffice.org Column Handler"

  -> {HKLM...CLSID} = (no title provided)

                   \InProcServer32\(Default) = ""C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll"" ["Sun Microsystems, Inc."]


"{087B3AE3-E237-4467-B8DB-5A38AB959AC9}" = "OpenOffice.org Infotip Handler"

  -> {HKLM...CLSID} = (no title provided)

                   \InProcServer32\(Default) = ""C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll"" ["Sun Microsystems, Inc."]


"{63542C48-9552-494A-84F7-73AA6A7C99C1}" = "OpenOffice.org Property Sheet Handler"

  -> {HKLM...CLSID} = (no title provided)

                   \InProcServer32\(Default) = ""C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll"" ["Sun Microsystems, Inc."]


"{3B092F0C-7696-40E3-A80F-68D74DA84210}" = "OpenOffice.org Thumbnail Viewer"

  -> {HKLM...CLSID} = (no title provided)

                   \InProcServer32\(Default) = ""C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll"" ["Sun Microsystems, Inc."]


HKLM\SYSTEM\CurrentControlSet\Control\Lsa\

<> "Notification Packages" = ""|"scecli"|"scecli"


HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\


<> cetihpz\CLSID = "{CF184AD3-CDCB-4168-A3F7-8E447D129300}"

  -> {HKLM...CLSID} = "CZipHandler Object"

                   \InProcServer32\(Default) = "C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll" ["Hewlett-Packard Company"]


HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\


AIMPClassic\(Default) = "{1F77B17B-F531-44DB-ACA4-76ABB5010A28}"

  -> {HKLM...CLSID} = "AIMP2: ShellExt"

                   \InProcServer32\(Default) = "C:\PROGRA~1\AIMP2\System\AIMP_S~1.DLL" ["AIMP DevTeam"]


ALZip\(Default) = "{4EB37360-49E8-11D3-95B5-004033382980}"

  -> {HKLM...CLSID} = "AZContextMenu Class"

                   \InProcServer32\(Default) = "C:\Program Files\ESTsoft\ALZip\AZCTM.dll" ["ESTsoft Corp."]


Eset Smart Security - Context Menu Shell Extension\(Default) = "{B089FE88-FB52-11D3-BDF1-0050DA34150D}"

  -> {HKLM...CLSID} = "Eset Smart Security - Context Menu Shell Extension"

                   \InProcServer32\(Default) = "C:\Program Files\ESET\ESET Smart Security\shellExt.dll" ["ESET"]


WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" ["Alexander Roshal"]


HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\


AIMPClassic\(Default) = "{1F77B17B-F531-44DB-ACA4-76ABB5010A28}"

  -> {HKLM...CLSID} = "AIMP2: ShellExt"

                   \InProcServer32\(Default) = "C:\PROGRA~1\AIMP2\System\AIMP_S~1.DLL" ["AIMP DevTeam"]


ALZip\(Default) = "{4EB37360-49E8-11D3-95B5-004033382980}"

  -> {HKLM...CLSID} = "AZContextMenu Class"

                   \InProcServer32\(Default) = "C:\Program Files\ESTsoft\ALZip\AZCTM.dll" ["ESTsoft Corp."]


WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" ["Alexander Roshal"]


HKLM\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\


ALZip\(Default) = "{4EB37360-49E8-11D3-95B5-004033382980}"

  -> {HKLM...CLSID} = "AZContextMenu Class"

                   \InProcServer32\(Default) = "C:\Program Files\ESTsoft\ALZip\AZCTM.dll" ["ESTsoft Corp."]


WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" ["Alexander Roshal"]


HKLM\SOFTWARE\Classes\Directory\Background\shellex\ContextMenuHandlers\


ALZip\(Default) = "{4EB37360-49E8-11D3-95B5-004033382980}"

  -> {HKLM...CLSID} = "AZContextMenu Class"

                   \InProcServer32\(Default) = "C:\Program Files\ESTsoft\ALZip\AZCTM.dll" ["ESTsoft Corp."]


HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\


{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\(Default) = "OpenOffice.org Column Handler"

  -> {HKLM...CLSID} = (no title provided)

                   \InProcServer32\(Default) = ""C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll"" ["Sun Microsystems, Inc."]


HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\


ALZip\(Default) = "{4EB37360-49E8-11D3-95B5-004033382980}"

  -> {HKLM...CLSID} = "AZContextMenu Class"

                   \InProcServer32\(Default) = "C:\Program Files\ESTsoft\ALZip\AZCTM.dll" ["ESTsoft Corp."]


Eset Smart Security - Context Menu Shell Extension\(Default) = "{B089FE88-FB52-11D3-BDF1-0050DA34150D}"

  -> {HKLM...CLSID} = "Eset Smart Security - Context Menu Shell Extension"

                   \InProcServer32\(Default) = "C:\Program Files\ESET\ESET Smart Security\shellExt.dll" ["ESET"]


WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" ["Alexander Roshal"]


HKLM\SOFTWARE\Classes\Folder\shellex\DragDropHandlers\


ALZip\(Default) = "{4EB37360-49E8-11D3-95B5-004033382980}"

  -> {HKLM...CLSID} = "AZContextMenu Class"

                   \InProcServer32\(Default) = "C:\Program Files\ESTsoft\ALZip\AZCTM.dll" ["ESTsoft Corp."]


WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" ["Alexander Roshal"]



Active Desktop and Wallpaper:

-----------------------------


Active Desktop may be disabled at this entry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState


Displayed if Active Desktop enabled and wallpaper not set by Group Policy:

HKCU\Software\Microsoft\Internet Explorer\Desktop\General\

"Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"


Displayed if Active Desktop disabled and wallpaper not set by Group Policy:

HKCU\Control Panel\Desktop\

"Wallpaper" = "C:\Documents and Settings\Kostek_czwk\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"



Enabled Screen Saver:

---------------------


HKCU\Control Panel\Desktop\

"SCRNSAVE.EXE" = "C:\WINDOWS\System32\logon.scr" [MS]



Windows Portable Device AutoPlay Handlers

-----------------------------------------


HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\


MPCPlayCDAudioOnArrival\

"Provider" = "Media Player Classic"

"InvokeProgID" = "MediaPlayerClassic.Autorun"

"InvokeVerb" = "PlayCDAudio"

HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayCDAudio\command\(Default) = ""C:\Program Files\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe" %1 /cd" ["mpc-hc@Sourceforge"]


MPCPlayDVDMovieOnArrival\

"Provider" = "Media Player Classic"

"InvokeProgID" = "MediaPlayerClassic.Autorun"

"InvokeVerb" = "PlayDVDMovie"

HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayDVDMovie\command\(Default) = ""C:\Program Files\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe" %1 /dvd" ["mpc-hc@Sourceforge"]


MPCPlayMusicFilesOnArrival\

"Provider" = "Media Player Classic"

"InvokeProgID" = "MediaPlayerClassic.Autorun"

"InvokeVerb" = "PlayMusicFiles"

HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayMusicFiles\command\(Default) = ""C:\Program Files\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe" %1" ["mpc-hc@Sourceforge"]


MPCPlayVideoFilesOnArrival\

"Provider" = "Media Player Classic"

"InvokeProgID" = "MediaPlayerClassic.Autorun"

"InvokeVerb" = "PlayVideoFiles"

HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayVideoFiles\command\(Default) = ""C:\Program Files\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe" %1" ["mpc-hc@Sourceforge"]


NeroAutoPlayEmptyCD\

"Provider" = "Nero StartSmart"

"InvokeProgID" = "Nero.AutoPlay"

"InvokeVerb" = "EmptyCD"

HKLM\SOFTWARE\Classes\Nero.AutoPlay\shell\EmptyCD\command\(Default) = ""C:\Program Files\Ahead\nero startsmart\nerostartsmart.exe" /Drive:%L" ["Ahead Software AG"]



Enabled Scheduled Tasks:

------------------------


"AppleSoftwareUpdate" -> launches: "C:\Program Files\Apple Software Update\SoftwareUpdate.exe -task" ["Apple Inc."]



Winsock2 Service Provider DLLs:

-------------------------------


Namespace Service Providers


HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}

000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]

000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

000000000004\LibraryPath = "%SystemRoot%\System32\nwprovau.dll" [MS]


Transport Service Providers


HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}

0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:

%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 20

%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05



Toolbars, Explorer Bars, Extensions:

------------------------------------


Toolbars


HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\


"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"

  -> {HKLM...CLSID} = "Foxit Toolbar"

                   \InProcServer32\(Default) = "C:\Program Files\AskBarDis\bar\bin\askBar.dll" ["Ask.com"]


HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\

"{3041D03E-FD4B-44E0-B742-2D9B88305F98}" = (no title provided)

  -> {HKLM...CLSID} = "Foxit Toolbar"

                   \InProcServer32\(Default) = "C:\Program Files\AskBarDis\bar\bin\askBar.dll" ["Ask.com"]


Explorer Bars


HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\


HKLM\SOFTWARE\Classes\CLSID\{B0DE3308-5D5A-470D-81B9-634FC078393B}\(Default) = "Ask Toolbar Quick View"

Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]

InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]


Extensions (Tools menu items, main toolbar menu buttons)


HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\

{FB5F1910-F110-11D2-BB9E-00C04F795683}\

"ButtonText" = "Messenger"

"MenuText" = "Windows Messenger"

"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]



Running Services (Display Name, Service Name, Path {Service DLL}):

------------------------------------------------------------------


Eset Service, ekrn, "C:\Program Files\ESET\ESET Smart Security\ekrn.exe" ["ESET"]

Java Quick Starter, JavaQuickStarterService, ""C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf"" ["Sun Microsystems, Inc."]



Print Monitors:

---------------


HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\

hpzsnt10\Driver = "hpzsnt10.dll" ["HP"]



---------- (launch time: 2009-11-24 23:48:51)

<>: Suspicious data at a malware launch point.


+ This report excludes default entries except where indicated.

+ To see *everywhere* the script checks and *everything* it finds,

  launch it from a command prompt or a shortcut with the -all parameter.

+ The search for DESKTOP.INI DLL launch points on all local fixed drives

  took 153 seconds.

---------- (total run time: 415 seconds)

(tores1977) #4

Fix w Hijack

O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll

O3 - Toolbar: Foxit Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll

R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)

O4 - HKLM\..\Run: [MyWebSearch Plugin] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL,UPF

Wykonaj pełny skan Malwarebytes' Anti-Malware - znalezione obiekty usuń.

Gdy będą wirusy pokaż raport.

Wyczyść rejestr i dysk CCleaner.


(krzysiekx) #5

Wykonaj skan ESET Online Scanner


(Luucass92) #6

Zrobilem Fix w Hijack i juz nie wyskakuje ten blad to chyba wszystko dobrze... :wink: Przeskanowalem tym programem ale nic nie wykrylo. :stuck_out_tongue: Dziekuje i pozdrawiam. :slight_smile: