Brak mozliwosci zainstalowania javy

Dla specjalistów Bezpieczeństwo
#1

  1. Przepraszam za brak polskich liter ale ja juz tu siedze od 18 i przegladam wszystkie mozliwosci jak wprowadzic polska literowke na forum i mnie cos zaraz trafi bo trace dzien na nie swoj komp.

  2. Komp jest ogolnie zamulony, nie chce sie zainstalowac java bo pisze cos o braku wirtualnej maszyny i brak wpisow w dodaj usun/programy.

    Logfile of HijackThis v1.99.1

    Scan saved at 5:32:08 PM, on 5/4/2007

    Platform: Windows XP SP2 (WinNT 5.01.2600)

    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\WINDOWS\Explorer.EXE

    C:\Program Files\Eset\nod32kui.exe

    C:\Gadu-Gadu\gg.exe

    C:\Program Files\Eset\nod32krn.exe

    C:\WINDOWS\system32\svchost.exe

    C:\Program Files\Microsoft Windows OneCare Live\winss.exe

    C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe

    C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe

    C:\WINDOWS\Explorer.EXE

    C:\WINDOWS\system32\winlogon.exe

    C:\Program Files\Internet Explorer\IEXPLORE.EXE

    C:\Program Files\Internet Explorer\iexplore.exe

    C:\DOCUME~1\bunnyusa\LOCALS~1\Temp\Temporary Directory 2 for hijackthis1.99.1.zip\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = localhost:2323

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local

    R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)

    R3 - URLSearchHook: (no name) - {9F3BE465-8193-A793-E290-B7D1209F7B22} - ftbar.dll (file missing)

    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe

    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

    O2 - BHO: Class - {184726FC-0A5F-1C4B-02D0-96C8A7EC9D84} - C:\Program Files\LinkOptimizer\LinkOptimizer.dll (file missing)

    O2 - BHO: X1IEHook Class - {52706EF7-D7A2-49AD-A615-E903858CF284} - C:\Program Files\NetZero\qsacc\x1IEBHO.dll

    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)

    O3 - Toolbar: ZeroBar - {F5735C15-1FB2-41FE-BA12-242757E69DDE} - C:\Program Files\NetZero\toolbar.dll

    O4 - HKLM…\Run: [nod32kui] “C:\Program Files\Eset\nod32kui.exe” /WAITSERVICE

    O4 - HKCU…\Run: [Gadu-Gadu] “C:\Gadu-Gadu\gg.exe” /tray

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll

    O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll

    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\system32\shdocvw.dll

    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

    O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O9 - Extra button: ArmorIE - {0565CF3E-6070-4272-8EEF-51E5083BE3D9} - C:\Program Files\ArmorIE\SX.dll (HKCU)

    O15 - Trusted Zone: *.gadu-gadu.pl

    O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB

    O16 - DPF: {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} - http://cdn.downloadcontrol.com/files/installers/cab/SystemDoctor2006FreeInstall.cab

    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1133284252656

    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - “C:\PROGRA~1\MSNMES~1\msgrapp.dll” (file missing)

    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll

    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

    O21 - SSODL: horologium - {7be183d2-a42d-4915-bf60-ec86fbf002cf} - C:\WINDOWS\system32\httge.dll (file missing)

    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe

    “Silent Runners.vbs”, revision R50, http://www.silentrunners.org/

    Operating System: Windows XP SP2

    Output limited to non-default values, except where indicated by “{++}”

    Startup items buried in registry:

    HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}

    “Gadu-Gadu” = ““C:\Gadu-Gadu\gg.exe” /tray” [“Gadu-Gadu Sp. z oo”]

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}

    “nod32kui” = ““C:\Program Files\Eset\nod32kui.exe” /WAITSERVICE” ["Eset "]

    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

    {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided)

    -> {HKLM…CLSID} = “Adobe PDF Reader Link Helper”

                    \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]

    {184726FC-0A5F-1C4B-02D0-96C8A7EC9D84}(Default) = (no title provided)

    -> {HKLM…CLSID} = “Class”

                    \InProcServer32\(Default) = "C:\Program Files\LinkOptimizer\LinkOptimizer.dll" [file not found]

    {52706EF7-D7A2-49AD-A615-E903858CF284}(Default) = (no title provided)

    -> {HKLM…CLSID} = “X1IEHook Class”

                    \InProcServer32\(Default) = "C:\Program Files\NetZero\qsacc\x1IEBHO.dll" ["United Online, Inc."]

    HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

    “{88895560-9AA2-1069-930E-00AA0030EBC8}” = “HyperTerminal Icon Ext”

    -> {HKLM…CLSID} = “HyperTerminal Icon Ext”

                    \InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]

    “{cc86590a-b60a-48e6-996b-41d25ed39a1e}” = “Portable Media Devices Menu”

    -> {HKLM…CLSID} = “Portable Media Devices Menu”

                    \InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]

    “{DEE12703-6333-4D4E-8F34-738C4DCC2E04}” = “RecordNow! SendToExt”

    -> {HKLM…CLSID} = “RecordNow! SendToExt”

                    \InProcServer32\(Default) = "C:\Program Files\Sonic\RecordNow!\shlext.dll" [null data]

    “{7D5C4BDD-B015-4401-8731-1507B87DE297}” = “QBVersionTool”

    -> {HKLM…CLSID} = “VersionShellExt Class”

                    \InProcServer32\(Default) = "C:\Program Files\Common Files\Intuit\QuickBooks\QBVersionTool.dll" ["Intuit, Inc."]

    “{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}” = “iTunes”

    -> {HKLM…CLSID} = “iTunes”

                    \InProcServer32\(Default) = "C:\Program Files\iTunes\iTunesMiniPlayer.dll" ["Apple Computer, Inc."]

    “{B089FE88-FB52-11D3-BDF1-0050DA34150D}” = “NOD32 Context Menu Shell Extension”

    -> {HKLM…CLSID} = “NOD32 Context Menu Shell Extension”

                    \InProcServer32\(Default) = "C:\Program Files\Eset\nodshex.dll" [null data]

    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\

    <> “{7be183d2-a42d-4915-bf60-ec86fbf002cf}” = “horologium”

    -> {HKLM…CLSID} = (no title provided)

                    \InProcServer32\(Default) = "C:\WINDOWS\system32\httge.dll" [file not found]

    HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\

    “horologium” = “{7be183d2-a42d-4915-bf60-ec86fbf002cf}”

    -> {HKLM…CLSID} = (no title provided)

                    \InProcServer32\(Default) = "C:\WINDOWS\system32\httge.dll" [file not found]

    HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\

    “AppInit_DLLs” = (value not set)

    HKLM\System\CurrentControlSet\Control\Session Manager\

    <> “BootExecute” = “stera” [file not found]

    HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\

    <> igfxcui\DLLName = “igfxdev.dll” [“Intel Corporation”]

    HKLM\Software\Classes\Folder\shellex\ColumnHandlers\

    {F9DB5320-233E-11D1-9F84-707F02C10627}(Default) = “PDF Column Info”

    -> {HKLM…CLSID} = “PDF Shell Extension”

                    \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]

    HKLM\Software\Classes*\shellex\ContextMenuHandlers\

    NOD32 Context Menu Shell Extension(Default) = “{B089FE88-FB52-11D3-BDF1-0050DA34150D}”

    -> {HKLM…CLSID} = “NOD32 Context Menu Shell Extension”

                    \InProcServer32\(Default) = "C:\Program Files\Eset\nodshex.dll" [null data]

    HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\

    NOD32 Context Menu Shell Extension(Default) = “{B089FE88-FB52-11D3-BDF1-0050DA34150D}”

    -> {HKLM…CLSID} = “NOD32 Context Menu Shell Extension”

                    \InProcServer32\(Default) = "C:\Program Files\Eset\nodshex.dll" [null data]

    HKLM\Software\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\

    AntivirusShlExt(Default) = “{BE79B9C8-9791-41d3-9267-C4123AC0AEAE}”

    -> {HKLM…CLSID} = “AVShellExt Class”

                    \InProcServer32\(Default) = "C:\Program Files\Microsoft Windows OneCare Live\AVShellExt.dll" [MS]

    Group Policies {policy setting}:

    Note: detected settings may not have any effect.

    HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\

    “ClearRecentDocsOnExit” = (REG_DWORD) hex:0x00000000

    {unrecognized setting}

    “NoBandCustomize” = (REG_DWORD) hex:0x00000000

    {Disable customizing browser toolbars}

    HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\

    “NoCDBurning” = (REG_DWORD) hex:0x00000000

    {unrecognized setting}

    HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\

    “shutdownwithoutlogon” = (REG_DWORD) hex:0x00000001

    {Shutdown: Allow system to be shut down without having to log on}

    “undockwithoutlogon” = (REG_DWORD) hex:0x00000001

    {Devices: Allow undock without having to log on}

    Active Desktop and Wallpaper:

    Active Desktop may be disabled at this entry:

    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

    Displayed if Active Desktop enabled and wallpaper not set by Group Policy:

    HKCU\Software\Microsoft\Internet Explorer\Desktop\General\

    “Wallpaper” = “C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Wallpaper1.bmp”

    Displayed if Active Desktop disabled and wallpaper not set by Group Policy:

    HKCU\Control Panel\Desktop\

    “Wallpaper” = “C:\Documents and Settings\bunnyusa\Local Settings\Application Data\Microsoft\Wallpaper1.bmp”

    Enabled Screen Saver:

    HKCU\Control Panel\Desktop\

    “SCRNSAVE.EXE” = “C:\WINDOWS\system32\logon.scr” [MS]

    Enabled Scheduled Tasks:

    “MP Scheduled Scan” -> launches: “C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MpCmdRun.exe Scan -RestrictPrivileges” [MS]

    “Symantec NetDetect” -> launches: “C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE” [file not found]

    Winsock2 Service Provider DLLs:

    Namespace Service Providers

    HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}

    000000000001\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS]

    000000000002\LibraryPath = “%SystemRoot%\System32\winrnr.dll” [MS]

    000000000003\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS]

    Transport Service Providers

    HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}

    0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:

    C:\WINDOWS\system32\imon.dll ["Eset "], 01 - 05, 29

    C:\WINDOWS\system32\mclsp.dll [“Networks Associates Technology, Inc”], 06 - 16, 28

    %SystemRoot%\system32\mswsock.dll [MS], 17 - 19, 22 - 27

    %SystemRoot%\system32\rsvpsp.dll [MS], 20 - 21

    Toolbars, Explorer Bars, Extensions:

    Toolbars

    HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\

    “{F5735C15-1FB2-41FE-BA12-242757E69DDE}”

    -> {HKLM…CLSID} = “ZeroBar”

                    \InProcServer32\(Default) = "C:\Program Files\NetZero\toolbar.dll" [empty string]

    HKLM\Software\Microsoft\Internet Explorer\Toolbar\

    “{F5735C15-1FB2-41FE-BA12-242757E69DDE}” = (no title provided)

    -> {HKLM…CLSID} = “ZeroBar”

                    \InProcServer32\(Default) = "C:\Program Files\NetZero\toolbar.dll" [empty string]

    Explorer Bars

    HKCU\Software\Microsoft\Internet Explorer\Explorer Bars\

    {32D93E0D-E3B3-1317-5C87-5B79E434D004}(Default) = (no title provided)

    -> {HKLM…CLSID} = “Stealth console”

                    \InProcServer32\(Default) = "C:\Program Files\LinkOptimizer\LinkOptimizer.dll" [file not found]

    {548857A9-80D0-4ACB-B4F9-3F6EEF16A246}(Default) = (no title provided)

    -> {HKLM…CLSID} = “ArmorIE”

                    \InProcServer32\(Default) = "C:\Program Files\ArmorIE\SX.dll" [null data]

    Extensions (Tools menu items, main toolbar menu buttons)

    HKCU\Software\Microsoft\Internet Explorer\Extensions\

    {0565CF3E-6070-4272-8EEF-51E5083BE3D9}\

    “ButtonText” = “ArmorIE”

    HKLM\Software\Microsoft\Internet Explorer\Extensions\

    {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\

    “MenuText” = “Sun Java Console”

    “CLSIDExtension” = “{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}”

    {2D663D1A-8670-49D9-A1A5-4C56B4E14E84}\

    “ButtonText” = “Spyware Doctor”

    “CLSIDExtension” = “{A1EDC4A1-940F-48E0-8DFD-E38F1D501021}”

    {CD67F990-D8E9-11D2-98FE-00C0F0318AFE}\

    {D81CA86B-EF63-42AF-BEE3-4502D9A03C2D}\

    “ButtonText” = “MUSICMATCH MX Web Player”

    “Script” = “http://wwws.musicmatch.com/mmz/openWebRadio.html” [file not found]

    {FB5F1910-F110-11D2-BB9E-00C04F795683}\

    “ButtonText” = “Messenger”

    “MenuText” = “Windows Messenger”

    “Exec” = “C:\Program Files\Messenger\msmsgs.exe” [MS]

    Miscellaneous IE Hijack Points

    HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\

    <> “{9F3BE465-8193-A793-E290-B7D1209F7B22}” = “sysconf16”

    -> {HKLM…CLSID} = (no title provided)

                    \InProcServer32\(Default) = "ftbar.dll" [file not found]

    Running Services (Display Name, Service Name, Path {Service DLL}):

    NOD32 Kernel Service, NOD32krn, ““C:\Program Files\Eset\nod32krn.exe”” ["Eset "]

    OneCare AntiSpyware and AntiVirus, OneCareMP, ““C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe”” [MS]

    Windows Live OneCare, winss, “C:\Program Files\Microsoft Windows OneCare Live\winss.exe” [MS]

    Print Monitors:

    HKLM\System\CurrentControlSet\Control\Print\Monitors\

    hpzsnt09\Driver = “hpzsnt09.dll” [“HP”]

    Microsoft Shared Fax Monitor\Driver = “FXSMON.DLL” [MS]

    <>: Suspicious data at a malware launch point.

    <>: Suspicious data at a browser hijack point.

    • This report excludes default entries except where indicated.

    • To see everywhere the script checks and everything it finds,

      launch it from a command prompt or a shortcut with the -all parameter.

    • To search all directories of local fixed drives for DESKTOP.INI

      DLL launch points, use the -supp parameter or answer “No” at the

      first message box and “Yes” at the second message box.

    ---------- (total run time: 42 seconds, including 14 seconds for message boxes)

Prosze o pomoc.

#2

Weź ODINSTALUJ starą wersję i dopiero instaluj nową.

#3

usuń wpisy HJT

Skan AVG Anti-Spyware 7.5 po update :wink:

Czyszczenie rejestru:

RegCleaner - http://www.dobreprogramy.pl/index.php?dz=2&t=29&id=177

możesz rejestr przelecieć albo

jv16 PowerTools - http://www.dobreprogramy.pl/index.php?dz=2&t=29&id=509

Po tym nowe logi z HJT a zwłaszcza z Silenta

#4

Wrrr nie moge odpalic silenta bo pisze ze musze odpalic WMI service i bylem w tych narzedziach administracyjnych i to jest ustawione na Start :evil:

Po za tym jako glowna strona w expolerze odpala mi sie msn i nie moge zmienic na inna. Narazie wklejam loga z hijackthis.

Logfile of HijackThis v1.99.1

Scan saved at 11:17:32 AM, on 5/5/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)


Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Microsoft Windows OneCare Live\winss.exe

C:\Documents and Settings\bunnyusa\Desktop\hijackthis1.99.1\HijackThis.exe


R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = localhost:2323

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {52706EF7-D7A2-49AD-A615-E903858CF284} - (no file)

O3 - Toolbar: (no name) - {F5735C15-1FB2-41FE-BA12-242757E69DDE} - (no file)

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O15 - Trusted Zone: *.gadu-gadu.pl

O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - http://support.dell.com/systemprofiler/SysPro.CAB

O16 - DPF: {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} - http://cdn.downloadcontrol.com/files/installers/cab/SystemDoctor2006FreeInstall.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1133284252656

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

Do tego mi zniknela ikona z traya o polaczeniu lokalnym i nawet jej nie ma w panelu sterowania.

Prosze o pomoc.

#5

Usuń wpisy HJT.

Wrzuć log z ComboFix. Aby zrobić w nim log należy go uruchomić => nacisnąć klawisz Y => czekać cierpliwie i log powinien być w formie pliku .txt o nazwie combofix na partycji C.

#6 
Logfile of HijackThis v1.99.1

Scan saved at 12:06:00 PM, on 5/5/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)


Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Microsoft Windows OneCare Live\winss.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\Gadu-Gadu\gg.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Documents and Settings\bunnyusa\Desktop\hijackthis1.99.1\HijackThis.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pajacyk.pl/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = localhost:2323

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O15 - Trusted Zone: *.gadu-gadu.pl

O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - http://support.dell.com/systemprofiler/SysPro.CAB

O16 - DPF: {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} - http://cdn.downloadcontrol.com/files/installers/cab/SystemDoctor2006FreeInstall.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1133284252656

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

i combo

"bunnyusa" - 07-05-05 11:55:46 Service Pack 2