Mój Log


(Pikkoo 666) #1
Logfile of HijackThis v1.99.0

Scan saved at 22:04:13, on 2005-06-19

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)


Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\SYSTEM32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\SYSTEM32\Ati2evxx.exe

C:\WINDOWS\system32\qttask.exe

C:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe

C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe

C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe

C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe

D:\ACE Mega CoDecS Pack\SystemS\RealMedia\Update_OB\realsched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\TGTSoft\StyleXP\StyleXP.exe

C:\Program Files\VIA\RAID\raid_tool.exe

C:\Program Files\V-Stream Multimedia\TV713X Utilities\P3XRCtl.exe

D:\InterVideo\WinScheduler.exe

D:\Common\Bin\WinCinemaMgr.exe

C:\WINDOWS\system32\inetsrv\inetinfo.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\oodag.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\explorer.exe

E:\Opera\Opera.exe

C:\Program Files\Gadu-Gadu\gg.exe

C:\Program Files\FlashGet\flashget.exe

D:\HijackThis.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wp.pl/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,setup32.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Adobe Reader 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FLASHGET\jccatch.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\system32\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iKeyWorks] C:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe

O4 - HKLM\..\Run: [WheelMouse] C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe

O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"

O4 - HKLM\..\Run: [TkBellExe] "D:\ACE Mega CoDecS Pack\SystemS\RealMedia\Update_OB\realsched.exe" -osboot

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide

O4 - Startup: Desktop Calendar StartUp.lnk = C:\Desktop_Calenda\DESKCAL.EXE

O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe

O4 - Global Startup: TV Remote Control.lnk = C:\Program Files\V-Stream Multimedia\TV713X Utilities\P3XRCtl.exe

O4 - Global Startup: InterVideo WinScheduler.lnk = D:\InterVideo\WinScheduler.exe

O4 - Global Startup: InterVideo WinCinema Manager.lnk = D:\Common\Bin\WinCinemaMgr.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Adobe Reader 7.0\Reader\reader_sl.exe

O4 - Global Startup: MpegTV Station PCITV Remote Control.lnk = C:\Program Files\KWORLD\MpegTV Station PCITV\RemoteCtl.exe

O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: RapidShare-Download - res://E:\rapidshare\more-rapid.exe/RsMenExt.html

O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html

O8 - Extra context menu item: Ściągnij przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_link.htm

O8 - Extra context menu item: Ściągnij wszystko przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_all.htm

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O12 - Plugin for .png: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin6.dll

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1116767378717

O17 - HKLM\System\CCS\Services\Tcpip\..\{92F062B8-28B3-4577-9ADB-640FB25B645D}: NameServer = 62.29.152.2

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: LexBce Server - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: Macromedia Licensing Service - Unknown - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe

O23 - Service: Panda Process Protection Service - Unknown - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe (file missing)

O23 - Service: RadClock - Unknown - C:\WINDOWS\system32\RadClock.exe

O23 - Service: StyleXPService - Unknown - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

(boczi) #2

Czy to na pewno log z wersji 1.99.1?

Link do pobrania: http://dobreprogramy.pl/index.php?dz=2&id=730&t=82


(Pikkoo 666) #3

uuuuuuuuuuuuuuups daje to 1.99.1

Logfile of HijackThis v1.99.1

Scan saved at 22:09:39, on 2005-06-19

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)


Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\SYSTEM32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\SYSTEM32\Ati2evxx.exe

C:\WINDOWS\system32\qttask.exe

C:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe

C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe

C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe

C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe

D:\ACE Mega CoDecS Pack\SystemS\RealMedia\Update_OB\realsched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\TGTSoft\StyleXP\StyleXP.exe

C:\Program Files\VIA\RAID\raid_tool.exe

C:\Program Files\V-Stream Multimedia\TV713X Utilities\P3XRCtl.exe

D:\InterVideo\WinScheduler.exe

D:\Common\Bin\WinCinemaMgr.exe

C:\WINDOWS\system32\inetsrv\inetinfo.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\oodag.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\explorer.exe

E:\Opera\Opera.exe

C:\Program Files\Gadu-Gadu\gg.exe

C:\Program Files\FlashGet\flashget.exe

D:\hijackthis\HijackThis.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wp.pl/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,setup32.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Adobe Reader 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FLASHGET\jccatch.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\system32\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iKeyWorks] C:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe

O4 - HKLM\..\Run: [WheelMouse] C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe

O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"

O4 - HKLM\..\Run: [TkBellExe] "D:\ACE Mega CoDecS Pack\SystemS\RealMedia\Update_OB\realsched.exe" -osboot

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide

O4 - Startup: Desktop Calendar StartUp.lnk = C:\Desktop_Calenda\DESKCAL.EXE

O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe

O4 - Global Startup: TV Remote Control.lnk = C:\Program Files\V-Stream Multimedia\TV713X Utilities\P3XRCtl.exe

O4 - Global Startup: InterVideo WinScheduler.lnk = D:\InterVideo\WinScheduler.exe

O4 - Global Startup: InterVideo WinCinema Manager.lnk = D:\Common\Bin\WinCinemaMgr.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Adobe Reader 7.0\Reader\reader_sl.exe

O4 - Global Startup: MpegTV Station PCITV Remote Control.lnk = C:\Program Files\KWORLD\MpegTV Station PCITV\RemoteCtl.exe

O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: RapidShare-Download - res://E:\rapidshare\more-rapid.exe/RsMenExt.html

O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html

O8 - Extra context menu item: Ściągnij przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_link.htm

O8 - Extra context menu item: Ściągnij wszystko przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_all.htm

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O12 - Plugin for .png: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin6.dll

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1116767378717

O17 - HKLM\System\CCS\Services\Tcpip\..\{92F062B8-28B3-4577-9ADB-640FB25B645D}: NameServer = 62.29.152.2

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe

O23 - Service: Panda Process Protection Service (PavPrSrv) - Unknown owner - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe (file missing)

O23 - Service: RadClock - Unknown owner - C:\WINDOWS\system32\RadClock.exe

O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

(Kuz5) #4

Log masz ogólnie czysty

Usuń: (wszystko oczywiście robisz w trybie awaryjnym z wyłączonym przywracaniem systemu)

Pliki na czerwono usun ręcznie z dysku

Jeżeli bedzie problem w usunieciu tego pliku to usuń go programem Pocket Killbox czyli odpalasz Killboxa zaznacz opcję Delete on Reboot następnie w polu Full Path of File to Delete wklej ścieżke:

C:\WINDOWS\system32**** setup32.exe

następnie program będzie pytał o restart (oczywiście zgadzasz sie)


(boczi) #5

Log ogólnie OK

setup32.exe

Jeśłi plik będzie w WINDOWS\System32, skasuj go. Jak będą trudności, użyj KillBox.

Z autostartu możesz odznaczyć:

Adobe Gamma Loader.exe

reader_sl.exe

realsched.exe

qttask.exe

MSN Messenger, jeśli nie używasz kasujesz:

http://amnezja.org/modules.php?name=New ... e&sid=4369

No i jeszcze.

Wydaje mi się, że skasowałeś Pandę?

Jeśli tak, kasacja:

Hijackthis -> Open the misctools section -> Delete an NT service -> wpisz pavprsrv.exe -> OK.

Poza tym, masz jakiś problem z systemem?


(Kuz5) #6

boczi twoim zdaniem jest to Ok


(Pikkoo 666) #7

Narazie żadnych ale jest mocny bo 3 miechy trzyma ale niekiedy np jak wchodze w folder ze zdjęciami lub filmami to błąd explorera się pojawia


(boczi) #8

OK. Zastosuj się wpierw do naszych porad. Potem log i się pomyśli co z tym explorerem.

@kuz5, posta edytowałem już wcześniej, szukałem info o występowaniu tego procesu. :stuck_out_tongue:


(Pikkoo 666) #9

W System32 nie ma pliku setup32.exe


(Kuz5) #10

Napewno go niw ma ?

A skożystałeś z tego:


(Pikkoo 666) #11

W kill boxie pojawia mi się coś tam data pending


(Kuz5) #12

Hmmm wklej jeszcze raz loga


(Pikkoo 666) #13
Logfile of HijackThis v1.99.1

Scan saved at 22:57:44, on 2005-06-19

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)


Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\SYSTEM32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\SYSTEM32\Ati2evxx.exe

C:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe

C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe

C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe

C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe

D:\ACE Mega CoDecS Pack\SystemS\RealMedia\Update_OB\realsched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\TGTSoft\StyleXP\StyleXP.exe

C:\Program Files\VIA\RAID\raid_tool.exe

C:\Program Files\V-Stream Multimedia\TV713X Utilities\P3XRCtl.exe

D:\InterVideo\WinScheduler.exe

D:\Common\Bin\WinCinemaMgr.exe

C:\WINDOWS\system32\inetsrv\inetinfo.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\oodag.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\explorer.exe

E:\Opera\Opera.exe

C:\Program Files\Gadu-Gadu\gg.exe

C:\WINDOWS\system32\qttask.exe

D:\hijackthis\HijackThis.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wp.pl/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,setup32.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Adobe Reader 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FLASHGET\jccatch.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [iKeyWorks] C:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe

O4 - HKLM\..\Run: [WheelMouse] C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe

O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide

O4 - Startup: Desktop Calendar StartUp.lnk = C:\Desktop_Calenda\DESKCAL.EXE

O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe

O4 - Global Startup: TV Remote Control.lnk = C:\Program Files\V-Stream Multimedia\TV713X Utilities\P3XRCtl.exe

O4 - Global Startup: InterVideo WinScheduler.lnk = D:\InterVideo\WinScheduler.exe

O4 - Global Startup: InterVideo WinCinema Manager.lnk = D:\Common\Bin\WinCinemaMgr.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Adobe Reader 7.0\Reader\reader_sl.exe

O4 - Global Startup: MpegTV Station PCITV Remote Control.lnk = C:\Program Files\KWORLD\MpegTV Station PCITV\RemoteCtl.exe

O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: RapidShare-Download - res://E:\rapidshare\more-rapid.exe/RsMenExt.html

O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html

O8 - Extra context menu item: Ściągnij przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_link.htm

O8 - Extra context menu item: Ściągnij wszystko przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_all.htm

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1116767378717

O17 - HKLM\System\CCS\Services\Tcpip\..\{92F062B8-28B3-4577-9ADB-640FB25B645D}: NameServer = 62.29.152.2

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe

O23 - Service: Panda Process Protection Service (PavPrSrv) - Unknown owner - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe (file missing)

O23 - Service: RadClock - Unknown owner - C:\WINDOWS\system32\RadClock.exe

O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

(Kuz5) #14

Hmm dziwne a brałeś Narzedzia => Opcje folderów => Zakładka Widok i Pokaż ukryte pliki i foldery

Sprawdz dokładnie katalog system32


(Pikkoo 666) #15

Tak brałem a tu jest to co mam w System32

system321vk.jpg


(Kuz5) #16

A weź jeszcze wyszukiwanie i wpisz setup32.exe i zobaczymy czy znajdzie jakikolwiek plik o takiej nazwie a zaznacz opcje szukaj w ukrytych.

A próbowałeś zwyczajnie to skasować HijackThisem