Problem z menedzerem zadan

Dla specjalistów Bezpieczeństwo
#1

Witam

Od wczoraj mam takie problem - po wcisnieciu ctr+alt+del nie pojawia mi sie menedzer zadan. Uzylwm GMERA i proces jest widoczny na liscie. Po prostu nie pojawia sie okienko. Mam Kasperskiego i ZAP, skanowalem ad-awarem i spybotem i nic nieznalazlo. Jezeli ktos wie czym to moze byc spowodowane to prosil bym o pomoc.

#2
#3

Wejdz panel sterowania- Narzędzia administracyjne- Usługi.

Gmer pozostawia swoje usługi nawet po odinstalowaniu . Wyłącz je !!

Resztę poczytaj

:arrow: http://www.searchengines.pl/phpbb203/lo … 69134.html

#4

Wklej logi hijackthis i silent runners, menadżer nie zaniknał bez powodu.

#5

Po uruchomieniu tego wpisu do rejestru nic sie nie zmienilo, tzn menedzer pojawil sie raz a potem znowu to samo. Ponizej logi:

Logfile of HijackThis v1.99.1

Scan saved at 17:25:14, on 2006-07-24

Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)


Running processes:

D:\WINDOW\System32\smss.exe

D:\WINDOW\system32\csrss.exe

D:\WINDOW\system32\winlogon.exe

D:\WINDOW\system32\services.exe

D:\WINDOW\system32\lsass.exe

D:\WINDOW\system32\svchost.exe

D:\WINDOW\System32\svchost.exe

D:\WINDOW\System32\svchost.exe

D:\WINDOW\System32\svchost.exe

D:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe

D:\WINDOW\system32\spoolsv.exe

D:\WINDOW\Explorer.EXE

F:\Kaspersky Anti-Virus 6.0\avp.exe

E:\cfspeed\spd.exe

D:\WINDOW\System32\nvsvc32.exe

D:\WINDOW\System32\oodag.exe

D:\WINDOW\sm56hlpr.exe

D:\WINDOW\System32\RunDll32.exe

D:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe

f:\Spyware Doctor\sdhelp.exe

D:\WINDOW\System32\ctfmon.exe

D:\Program Files\TechniSat DVB\bin\Server4PC.exe

F:\Kaspersky Anti-Virus 6.0\avp.exe

D:\Program Files\PowerStrip\pstrip.exe

D:\WINDOW\system32\ZoneLabs\vsmon.exe

E:\cfspeed\cfosspeed.exe

D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

D:\Documents and Settings\ttt\Pulpit\HijackThis.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - D:\Program Files\GetRight\xx2gr.dll

O2 - BHO: IE 4.x-5.x BHO in ObjectPascal - {49E0E0F0-5C30-11D4-945D-000000000000} - C:\PROGRA~1\MarBit\TOOLS\IEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\programy\SPYBOT~1\SDHelper.dll

O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - f:\SPYWAR~1\tools\iesdsg.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: TweakMASTER Component - {7DAAC7DE-9EF0-4FF0-BFA5-AFF3E899054C} - f:\TweakMASTER\TweakBHO.dll

O2 - BHO: (no name) - {A013F31A-0C92-4A18-AAB4-C5FCA35F2472} - D:\WINDOW\System32\ipxsap32.dll (file missing)

O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - E:\programy\FlashGet\jccatch.dll

O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - f:\SPYWAR~1\tools\iesdpb.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOW\System32\msdxm.ocx

O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [KAVPersonal50] "D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize

O4 - HKLM\..\Run: [MS22] D:\WINDOW\System32\MS22.exe

O4 - HKCU\..\Run: [AWMON] "D:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOW\System32\ctfmon.exe

O4 - Startup: Kaspersky Anti-Virus 6.0.lnk = F:\Kaspersky Anti-Virus 6.0\avp.exe

O4 - Startup: PowerStrip.lnk = D:\Program Files\PowerStrip\pstrip.exe

O4 - Startup: Skrót do cfosspeed.lnk = E:\cfspeed\cfosspeed.exe

O4 - Startup: Zone Labs Security.lnk = D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

O4 - Global Startup: Server4PC.lnk = D:\Program Files\TechniSat DVB\bin\Server4PC.exe

O8 - Extra context menu item: Download with GetRight - D:\Program Files\GetRight\GRdownload.htm

O8 - Extra context menu item: Download with Internet TOOLS - C:\Program Files\MarBit\TOOLS\MBdownload.htm

O8 - Extra context menu item: Open with GetRight Browser - D:\Program Files\GetRight\GRbrowse.htm

O8 - Extra context menu item: Ściągnij przy pomocy FlashGet'a - E:\programy\FlashGet\jc_link.htm

O8 - Extra context menu item: Ściągnij wszystko przy pomocy FlashGet'a - E:\programy\FlashGet\jc_all.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - F:\Kaspersky Anti-Virus 6.0\scieplugin.dll

O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - f:\SPYWAR~1\tools\iesdpb.dll

O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\MICROS~1\OFFICE11\REFIEBAR.DLL

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\programy\FlashGet\flashget.exe

O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\programy\FlashGet\flashget.exe

O12 - Plugin for .pdf: D:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll

O20 - Winlogon Notify: klogon - D:\WINDOW\System32\klogon.dll

O20 - Winlogon Notify: MCPClient - D:\PROGRA~1\COMMON~1\Stardock\mcpstub.dll

O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - F:\Kaspersky Anti-Virus 6.0\avp.exe

O23 - Service: cFosSpeed System Service (cFosSpeedS) - Unknown owner - E:\cfspeed\spd.exe" -service (file missing)

O23 - Service: netconf32 - Unknown owner - D:\WINDOW\netconf32.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOW\System32\nvsvc32.exe

O23 - Service: O&O Defrag - O&O Software GmbH - D:\WINDOW\System32\oodag.exe

O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - f:\Spyware Doctor\sdhelp.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - D:\WINDOW\system32\ZoneLabs\vsmon.exe

"Silent Runners.vbs", revision 46, http://www.silentrunners.org/

Operating System: Windows XP

Output limited to non-default values, except where indicated by "{++}"



Startup items buried in registry:

---------------------------------


HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}

"AWMON" = ""D:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe"" ["Lavasoft Sweden"]

"CTFMON.EXE" = "D:\WINDOW\System32\ctfmon.exe" [MS]


HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}

"SMSERIAL" = "sm56hlpr.exe" ["Motorola Inc."]

"Cmaudio" = "RunDll32 cmicnfg.cpl,CMICtrlWnd" [MS]

"KAVPersonal50" = ""D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize" [file not found]

"MS22" = "D:\WINDOW\System32\MS22.exe" [file not found]


HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\ {++}

"CRKAVP" = (empty string)


HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{31FF080D-12A3-439A-A2EF-4BA95A3148E8}\(Default) = (no title provided)

  -> {HKLM...CLSID} = "bho2gr Class"

                   \InProcServer32\(Default) = "D:\Program Files\GetRight\xx2gr.dll" ["Headlight Software, Inc."]

{49E0E0F0-5C30-11D4-945D-000000000000}\(Default) = (no title provided)

  -> {HKLM...CLSID} = "IE 4.x-5.x BHO in ObjectPascal"

                   \InProcServer32\(Default) = "C:\PROGRA~1\MarBit\TOOLS\IEHelper.dll" ["MarBit"]

{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)

  -> {HKLM...CLSID} = (no title provided)

                   \InProcServer32\(Default) = "F:\programy\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]

{5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB}\(Default) = (no title provided)

  -> {HKLM...CLSID} = "PCTools Site Guard"

                   \InProcServer32\(Default) = "f:\SPYWAR~1\tools\iesdsg.dll" ["PC Tools"]

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)

  -> {HKLM...CLSID} = "SSVHelper Class"

                   \InProcServer32\(Default) = "D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."]

{7DAAC7DE-9EF0-4FF0-BFA5-AFF3E899054C}\(Default) = (no title provided)

  -> {HKLM...CLSID} = "TweakMASTER Component"

                   \InProcServer32\(Default) = "f:\TweakMASTER\TweakBHO.dll" ["Hagel Technologies Ltd."]

{A013F31A-0C92-4A18-AAB4-C5FCA35F2472}\(Default) = (no title provided)

  -> {HKLM...CLSID} = (no title provided)

                   \InProcServer32\(Default) = "D:\WINDOW\System32\ipxsap32.dll" [file not found]

{A5366673-E8CA-11D3-9CD9-0090271D075B}\(Default) = (no title provided)

  -> {HKLM...CLSID} = "IeCatch2 Class"

                   \InProcServer32\(Default) = "E:\programy\FlashGet\jccatch.dll" ["Amaze Soft"]

{B56A7D7D-6927-48C8-A975-17DF180C71AC}\(Default) = (no title provided)

  -> {HKLM...CLSID} = "PCTools Browser Monitor"

                   \InProcServer32\(Default) = "f:\SPYWAR~1\tools\iesdpb.dll" ["PC Tools"]


HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"

  -> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"

                   \InProcServer32\(Default) = "deskpan.dll" [file not found]

"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"

  -> {HKLM...CLSID} = "HyperTerminal Icon Ext"

                   \InProcServer32\(Default) = "D:\WINDOW\System32\hticons.dll" ["Hilgraeve, Inc."]
#6

start>>>uruchom>>>services.msc>>>zatrzymaj i wyłącz usługę netconf32

skasuj wpisy hijackiem, przed kasowaniem wyłącz strażnika ad-watch .

#7

Zrobilem co kazales i teraz wyglada to tak, ze menedzer pokazuje mi sie tylko wtedy jesli nie jestem polaczony z internetm. Dac eszcze raz loga?

#8

tak wklej nowe logi, użyj również Windows Woorms Door Cleaner, odpal>>>zmień wszystkie znaczki z disable na enable>>>po użyciu narzedzia wymagany jest reset kompa.

#9

zrobilem, napisalo mi ze mam teraz dobrze zabezpieczony system:), no ale w dalszym ciagu po polaczeniu z netem nie pokauje sie meneger. I jeszcze jedno po uruchomieniu kompa dostaje mniejwiecej taki komunikat z kasperskego: np. ad watch/zone alarm probuje sie kontaktoac z kasperskim przez urzycie jego procesow(?), wczesniej tego nie mialem, to pojawia sie mimo tego ze zaznacze zeby nie pokazywal mi wiecej tego komunikatu. A czy nie ma takiej mozliwosci zeby to ZA blokowal?

Logfile of HijackThis v1.99.1

Scan saved at 20:39:35, on 2006-07-24

Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)


Running processes:

D:\WINDOW\System32\smss.exe

D:\WINDOW\system32\csrss.exe

D:\WINDOW\system32\winlogon.exe

D:\WINDOW\system32\services.exe

D:\WINDOW\system32\lsass.exe

D:\WINDOW\system32\svchost.exe

D:\WINDOW\System32\svchost.exe

D:\WINDOW\System32\svchost.exe

D:\WINDOW\System32\svchost.exe

D:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe

D:\WINDOW\system32\spoolsv.exe

D:\WINDOW\Explorer.EXE

F:\Kaspersky Anti-Virus 6.0\avp.exe

E:\cfspeed\spd.exe

D:\WINDOW\sm56hlpr.exe

D:\WINDOW\System32\RunDll32.exe

D:\WINDOW\System32\nvsvc32.exe

D:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe

D:\WINDOW\System32\oodag.exe

D:\WINDOW\System32\ctfmon.exe

f:\Spyware Doctor\sdhelp.exe

F:\Kaspersky Anti-Virus 6.0\avp.exe

D:\Program Files\PowerStrip\pstrip.exe

E:\cfspeed\cfosspeed.exe

D:\WINDOW\system32\ZoneLabs\vsmon.exe

D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

F:\programy\KonektorTP\KonektorTP.exe

D:\Documents and Settings\ttt\Pulpit\HijackThis.exe

F:\PROGRAMY\MOZILL~1\FIREFOX.EXE


R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - D:\Program Files\GetRight\xx2gr.dll

O2 - BHO: IE 4.x-5.x BHO in ObjectPascal - {49E0E0F0-5C30-11D4-945D-000000000000} - C:\PROGRA~1\MarBit\TOOLS\IEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\programy\SPYBOT~1\SDHelper.dll

O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - f:\SPYWAR~1\tools\iesdsg.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: TweakMASTER Component - {7DAAC7DE-9EF0-4FF0-BFA5-AFF3E899054C} - f:\TweakMASTER\TweakBHO.dll

O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - E:\programy\FlashGet\jccatch.dll

O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - f:\SPYWAR~1\tools\iesdpb.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOW\System32\msdxm.ocx

O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [KAVPersonal50] "D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize

O4 - HKLM\..\Run: [MS22] D:\WINDOW\System32\MS22.exe

O4 - HKCU\..\Run: [AWMON] "D:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOW\System32\ctfmon.exe

O4 - Startup: Kaspersky Anti-Virus 6.0.lnk = F:\Kaspersky Anti-Virus 6.0\avp.exe

O4 - Startup: PowerStrip.lnk = D:\Program Files\PowerStrip\pstrip.exe

O4 - Startup: Skrót do cfosspeed.lnk = E:\cfspeed\cfosspeed.exe

O4 - Startup: Zone Labs Security.lnk = D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

O4 - Global Startup: Server4PC.lnk = D:\Program Files\TechniSat DVB\bin\Server4PC.exe

O8 - Extra context menu item: Download with GetRight - D:\Program Files\GetRight\GRdownload.htm

O8 - Extra context menu item: Download with Internet TOOLS - C:\Program Files\MarBit\TOOLS\MBdownload.htm

O8 - Extra context menu item: Open with GetRight Browser - D:\Program Files\GetRight\GRbrowse.htm

O8 - Extra context menu item: Ściągnij przy pomocy FlashGet'a - E:\programy\FlashGet\jc_link.htm

O8 - Extra context menu item: Ściągnij wszystko przy pomocy FlashGet'a - E:\programy\FlashGet\jc_all.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - F:\Kaspersky Anti-Virus 6.0\scieplugin.dll

O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - f:\SPYWAR~1\tools\iesdpb.dll

O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\MICROS~1\OFFICE11\REFIEBAR.DLL

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\programy\FlashGet\flashget.exe

O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\programy\FlashGet\flashget.exe

O12 - Plugin for .pdf: D:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll

O17 - HKLM\System\CCS\Services\Tcpip\..\{7390F65A-4528-4B80-BA27-6845D7C088BA}: NameServer = 194.204.159.1 217.98.63.164

O20 - Winlogon Notify: klogon - D:\WINDOW\System32\klogon.dll

O20 - Winlogon Notify: MCPClient - D:\PROGRA~1\COMMON~1\Stardock\mcpstub.dll

O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - F:\Kaspersky Anti-Virus 6.0\avp.exe

O23 - Service: cFosSpeed System Service (cFosSpeedS) - Unknown owner - E:\cfspeed\spd.exe" -service (file missing)

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOW\System32\nvsvc32.exe

O23 - Service: O&O Defrag - O&O Software GmbH - D:\WINDOW\System32\oodag.exe

O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - f:\Spyware Doctor\sdhelp.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - D:\WINDOW\system32\ZoneLabs\vsmon.exe
#10

nadal jest:

skasuj.

#11

skasowalem, dalj to samo :frowning:

Logfile of HijackThis v1.99.1

Scan saved at 22:17:55, on 2006-07-24

Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)


Running processes:

D:\WINDOW\System32\smss.exe

D:\WINDOW\system32\csrss.exe

D:\WINDOW\system32\winlogon.exe

D:\WINDOW\system32\services.exe

D:\WINDOW\system32\lsass.exe

D:\WINDOW\system32\svchost.exe

D:\WINDOW\System32\svchost.exe

D:\WINDOW\System32\svchost.exe

D:\WINDOW\System32\svchost.exe

D:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe

D:\WINDOW\system32\spoolsv.exe

D:\WINDOW\Explorer.EXE

F:\Kaspersky Anti-Virus 6.0\avp.exe

D:\WINDOW\sm56hlpr.exe

D:\WINDOW\System32\RunDll32.exe

E:\cfspeed\spd.exe

F:\Kaspersky Anti-Virus 6.0\avp.exe

D:\WINDOW\System32\ctfmon.exe

D:\WINDOW\System32\nvsvc32.exe

D:\WINDOW\System32\oodag.exe

D:\Program Files\PowerStrip\pstrip.exe

f:\Spyware Doctor\sdhelp.exe

E:\cfspeed\cfosspeed.exe

D:\WINDOW\system32\ZoneLabs\vsmon.exe

D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

F:\programy\KonektorTP\KonektorTP.exe

F:\PROGRAMY\MOZILL~1\FIREFOX.EXE

D:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe

D:\Documents and Settings\ttt\Pulpit\HijackThis.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - D:\Program Files\GetRight\xx2gr.dll

O2 - BHO: IE 4.x-5.x BHO in ObjectPascal - {49E0E0F0-5C30-11D4-945D-000000000000} - C:\PROGRA~1\MarBit\TOOLS\IEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\programy\SPYBOT~1\SDHelper.dll

O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - f:\SPYWAR~1\tools\iesdsg.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: TweakMASTER Component - {7DAAC7DE-9EF0-4FF0-BFA5-AFF3E899054C} - f:\TweakMASTER\TweakBHO.dll

O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - E:\programy\FlashGet\jccatch.dll

O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - f:\SPYWAR~1\tools\iesdpb.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOW\System32\msdxm.ocx

O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [KAVPersonal50] "D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize

O4 - HKLM\..\Run: [kav] "F:\Kaspersky Anti-Virus 6.0\avp.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOW\System32\ctfmon.exe

O4 - HKCU\..\Run: [AWMON] "D:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe"

O4 - Startup: Kaspersky Anti-Virus 6.0.lnk = F:\Kaspersky Anti-Virus 6.0\avp.exe

O4 - Startup: PowerStrip.lnk = D:\Program Files\PowerStrip\pstrip.exe

O4 - Startup: Skrót do cfosspeed.lnk = E:\cfspeed\cfosspeed.exe

O4 - Startup: Zone Labs Security.lnk = D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

O4 - Global Startup: Server4PC.lnk = D:\Program Files\TechniSat DVB\bin\Server4PC.exe

O8 - Extra context menu item: Download with GetRight - D:\Program Files\GetRight\GRdownload.htm

O8 - Extra context menu item: Download with Internet TOOLS - C:\Program Files\MarBit\TOOLS\MBdownload.htm

O8 - Extra context menu item: Open with GetRight Browser - D:\Program Files\GetRight\GRbrowse.htm

O8 - Extra context menu item: Ściągnij przy pomocy FlashGet'a - E:\programy\FlashGet\jc_link.htm

O8 - Extra context menu item: Ściągnij wszystko przy pomocy FlashGet'a - E:\programy\FlashGet\jc_all.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - F:\Kaspersky Anti-Virus 6.0\scieplugin.dll

O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - f:\SPYWAR~1\tools\iesdpb.dll

O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\MICROS~1\OFFICE11\REFIEBAR.DLL

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\programy\FlashGet\flashget.exe

O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\programy\FlashGet\flashget.exe

O12 - Plugin for .pdf: D:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll

O17 - HKLM\System\CCS\Services\Tcpip\..\{7390F65A-4528-4B80-BA27-6845D7C088BA}: NameServer = 194.204.159.1 217.98.63.164

O20 - Winlogon Notify: klogon - D:\WINDOW\System32\klogon.dll

O20 - Winlogon Notify: MCPClient - D:\PROGRA~1\COMMON~1\Stardock\mcpstub.dll

O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - F:\Kaspersky Anti-Virus 6.0\avp.exe

O23 - Service: cFosSpeed System Service (cFosSpeedS) - Unknown owner - E:\cfspeed\spd.exe" -service (file missing)

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOW\System32\nvsvc32.exe

O23 - Service: O&O Defrag - O&O Software GmbH - D:\WINDOW\System32\oodag.exe

O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - f:\Spyware Doctor\sdhelp.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - D:\WINDOW\system32\ZoneLabs\vsmon.exe

Złączono Posta _: 24.07.2006 (Pon) 22:18_skasowalem, dalj to samo :frowning:

Logfile of HijackThis v1.99.1

Scan saved at 22:17:55, on 2006-07-24

Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)


Running processes:

D:\WINDOW\System32\smss.exe

D:\WINDOW\system32\csrss.exe

D:\WINDOW\system32\winlogon.exe

D:\WINDOW\system32\services.exe

D:\WINDOW\system32\lsass.exe

D:\WINDOW\system32\svchost.exe

D:\WINDOW\System32\svchost.exe

D:\WINDOW\System32\svchost.exe

D:\WINDOW\System32\svchost.exe

D:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe

D:\WINDOW\system32\spoolsv.exe

D:\WINDOW\Explorer.EXE

F:\Kaspersky Anti-Virus 6.0\avp.exe

D:\WINDOW\sm56hlpr.exe

D:\WINDOW\System32\RunDll32.exe

E:\cfspeed\spd.exe

F:\Kaspersky Anti-Virus 6.0\avp.exe

D:\WINDOW\System32\ctfmon.exe

D:\WINDOW\System32\nvsvc32.exe

D:\WINDOW\System32\oodag.exe

D:\Program Files\PowerStrip\pstrip.exe

f:\Spyware Doctor\sdhelp.exe

E:\cfspeed\cfosspeed.exe

D:\WINDOW\system32\ZoneLabs\vsmon.exe

D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

F:\programy\KonektorTP\KonektorTP.exe

F:\PROGRAMY\MOZILL~1\FIREFOX.EXE

D:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe

D:\Documents and Settings\ttt\Pulpit\HijackThis.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - D:\Program Files\GetRight\xx2gr.dll

O2 - BHO: IE 4.x-5.x BHO in ObjectPascal - {49E0E0F0-5C30-11D4-945D-000000000000} - C:\PROGRA~1\MarBit\TOOLS\IEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\programy\SPYBOT~1\SDHelper.dll

O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - f:\SPYWAR~1\tools\iesdsg.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: TweakMASTER Component - {7DAAC7DE-9EF0-4FF0-BFA5-AFF3E899054C} - f:\TweakMASTER\TweakBHO.dll

O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - E:\programy\FlashGet\jccatch.dll

O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - f:\SPYWAR~1\tools\iesdpb.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOW\System32\msdxm.ocx

O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [KAVPersonal50] "D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize

O4 - HKLM\..\Run: [kav] "F:\Kaspersky Anti-Virus 6.0\avp.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOW\System32\ctfmon.exe

O4 - HKCU\..\Run: [AWMON] "D:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe"

O4 - Startup: Kaspersky Anti-Virus 6.0.lnk = F:\Kaspersky Anti-Virus 6.0\avp.exe

O4 - Startup: PowerStrip.lnk = D:\Program Files\PowerStrip\pstrip.exe

O4 - Startup: Skrót do cfosspeed.lnk = E:\cfspeed\cfosspeed.exe

O4 - Startup: Zone Labs Security.lnk = D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

O4 - Global Startup: Server4PC.lnk = D:\Program Files\TechniSat DVB\bin\Server4PC.exe

O8 - Extra context menu item: Download with GetRight - D:\Program Files\GetRight\GRdownload.htm

O8 - Extra context menu item: Download with Internet TOOLS - C:\Program Files\MarBit\TOOLS\MBdownload.htm

O8 - Extra context menu item: Open with GetRight Browser - D:\Program Files\GetRight\GRbrowse.htm

O8 - Extra context menu item: Ściągnij przy pomocy FlashGet'a - E:\programy\FlashGet\jc_link.htm

O8 - Extra context menu item: Ściągnij wszystko przy pomocy FlashGet'a - E:\programy\FlashGet\jc_all.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - F:\Kaspersky Anti-Virus 6.0\scieplugin.dll

O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - f:\SPYWAR~1\tools\iesdpb.dll

O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\MICROS~1\OFFICE11\REFIEBAR.DLL

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\programy\FlashGet\flashget.exe

O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\programy\FlashGet\flashget.exe

O12 - Plugin for .pdf: D:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll

O17 - HKLM\System\CCS\Services\Tcpip\..\{7390F65A-4528-4B80-BA27-6845D7C088BA}: NameServer = 194.204.159.1 217.98.63.164

O20 - Winlogon Notify: klogon - D:\WINDOW\System32\klogon.dll

O20 - Winlogon Notify: MCPClient - D:\PROGRA~1\COMMON~1\Stardock\mcpstub.dll

O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - F:\Kaspersky Anti-Virus 6.0\avp.exe

O23 - Service: cFosSpeed System Service (cFosSpeedS) - Unknown owner - E:\cfspeed\spd.exe" -service (file missing)

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOW\System32\nvsvc32.exe

O23 - Service: O&O Defrag - O&O Software GmbH - D:\WINDOW\System32\oodag.exe

O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - f:\Spyware Doctor\sdhelp.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - D:\WINDOW\system32\ZoneLabs\vsmon.exe
#12

Nowy log jest już ok.

Możesz zajrzeć: XP - Optymalizacja, odchudzanie dla trochę bardziej zaawansowanych. Lub Optymalizacja i odchudzanie Windowsa XP dla trochę mniej zaawansowanych.

#13

OK, ale w takim razie co moze powodowac brak menegera??

#14

Jesteś pewnien, że wprowadziłeś tamte rzeczy do rejestru co podał aju. I po dodaniu zrobiłeś reset kompa ?

Może nie zrobiłeś resetu po dodaniu i dlatego? Albo może wkleiłeś przez przypadek słowo “Cytat” ? Jak coś to wklej loga z SilentRunners

#15

Z wpisem na pewno zrobilem wszystko jak trzeba - dodalem potem reset, nic nie pmoglo i oczywiscie nie wkleilem ctatu:)

"Silent Runners.vbs", revision 46, http://www.silentrunners.org/

Operating System: Windows XP

Output limited to non-default values, except where indicated by "{++}"



Startup items buried in registry:

---------------------------------


HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}

"CTFMON.EXE" = "D:\WINDOW\System32\ctfmon.exe" [MS]

"AWMON" = ""D:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe"" ["Lavasoft Sweden"]


HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}

"SMSERIAL" = "sm56hlpr.exe" ["Motorola Inc."]

"Cmaudio" = "RunDll32 cmicnfg.cpl,CMICtrlWnd" [MS]

"KAVPersonal50" = ""D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize" [file not found]

"MS22" = "D:\WINDOW\System32\MS22.exe" [file not found]


HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\ {++}

"CRKAVP" = (empty string)


HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{31FF080D-12A3-439A-A2EF-4BA95A3148E8}\(Default) = (no title provided)

  -> {HKLM...CLSID} = "bho2gr Class"

                   \InProcServer32\(Default) = "D:\Program Files\GetRight\xx2gr.dll" ["Headlight Software, Inc."]

{49E0E0F0-5C30-11D4-945D-000000000000}\(Default) = (no title provided)

  -> {HKLM...CLSID} = "IE 4.x-5.x BHO in ObjectPascal"

                   \InProcServer32\(Default) = "C:\PROGRA~1\MarBit\TOOLS\IEHelper.dll" ["MarBit"]

{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)

  -> {HKLM...CLSID} = (no title provided)

                   \InProcServer32\(Default) = "F:\programy\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]

{5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB}\(Default) = (no title provided)

  -> {HKLM...CLSID} = "PCTools Site Guard"

                   \InProcServer32\(Default) = "f:\SPYWAR~1\tools\iesdsg.dll" ["PC Tools"]

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)

  -> {HKLM...CLSID} = "SSVHelper Class"

                   \InProcServer32\(Default) = "D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."]

{7DAAC7DE-9EF0-4FF0-BFA5-AFF3E899054C}\(Default) = (no title provided)

  -> {HKLM...CLSID} = "TweakMASTER Component"

                   \InProcServer32\(Default) = "f:\TweakMASTER\TweakBHO.dll" ["Hagel Technologies Ltd."]

{A5366673-E8CA-11D3-9CD9-0090271D075B}\(Default) = (no title provided)

  -> {HKLM...CLSID} = "IeCatch2 Class"

                   \InProcServer32\(Default) = "E:\programy\FlashGet\jccatch.dll" ["Amaze Soft"]

{B56A7D7D-6927-48C8-A975-17DF180C71AC}\(Default) = (no title provided)

  -> {HKLM...CLSID} = "PCTools Browser Monitor"

                   \InProcServer32\(Default) = "f:\SPYWAR~1\tools\iesdpb.dll" ["PC Tools"]


HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"

  -> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"

                   \InProcServer32\(Default) = "deskpan.dll" [file not found]

Złączono Posta : 25.07.2006 (Wto) 0:04

#16

mówiłem aby wyłączyć strażnika ad-watch przed kasowaniem

start>>>uruchom.>>regedit>>> przejdź do klucza HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ i skasuj wartość MS22

przeskanuj Skanerami online

#17

Po usunieciu tego wpisu - ms22, po restarcie pojawia sie na nowo, usuwalem juz hijackiem i regeditem.

#18

Ponieważ masz włączonego strażnika ad-watch, który nałożył blokade autostartu, dlatego przywraca ten wpis.

#19

Wylaczylem straznika, wpisu juz niema, menedzera dalej nie ma :frowning:

"Silent Runners.vbs", revision 46, http://www.silentrunners.org/

Operating System: Windows XP

Output limited to non-default values, except where indicated by "{++}"



Startup items buried in registry:

---------------------------------


HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}

"CTFMON.EXE" = "D:\WINDOW\System32\ctfmon.exe" [MS]

"AWMON" = ""D:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe"" ["Lavasoft Sweden"]


HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}

"SMSERIAL" = "sm56hlpr.exe" ["Motorola Inc."]

"Cmaudio" = "RunDll32 cmicnfg.cpl,CMICtrlWnd" [MS]

"KAVPersonal50" = ""D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize" [file not found]

"MS22" = "D:\WINDOW\System32\MS22.exe" [file not found]


HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\ {++}

"CRKAVP" = (empty string)


HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{31FF080D-12A3-439A-A2EF-4BA95A3148E8}\(Default) = (no title provided)

  -> {HKLM...CLSID} = "bho2gr Class"

                   \InProcServer32\(Default) = "D:\Program Files\GetRight\xx2gr.dll" ["Headlight Software, Inc."]

{49E0E0F0-5C30-11D4-945D-000000000000}\(Default) = (no title provided)

  -> {HKLM...CLSID} = "IE 4.x-5.x BHO in ObjectPascal"

                   \InProcServer32\(Default) = "C:\PROGRA~1\MarBit\TOOLS\IEHelper.dll" ["MarBit"]

{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)

  -> {HKLM...CLSID} = (no title provided)

                   \InProcServer32\(Default) = "F:\programy\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]

{5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB}\(Default) = (no title provided)

  -> {HKLM...CLSID} = "PCTools Site Guard"

                   \InProcServer32\(Default) = "f:\SPYWAR~1\tools\iesdsg.dll" ["PC Tools"]

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)

  -> {HKLM...CLSID} = "SSVHelper Class"

                   \InProcServer32\(Default) = "D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."]

{7DAAC7DE-9EF0-4FF0-BFA5-AFF3E899054C}\(Default) = (no title provided)

  -> {HKLM...CLSID} = "TweakMASTER Component"

                   \InProcServer32\(Default) = "f:\TweakMASTER\TweakBHO.dll" ["Hagel Technologies Ltd."]

{A5366673-E8CA-11D3-9CD9-0090271D075B}\(Default) = (no title provided)

  -> {HKLM...CLSID} = "IeCatch2 Class"

                   \InProcServer32\(Default) = "E:\programy\FlashGet\jccatch.dll" ["Amaze Soft"]

{B56A7D7D-6927-48C8-A975-17DF180C71AC}\(Default) = (no title provided)

  -> {HKLM...CLSID} = "PCTools Browser Monitor"

                   \InProcServer32\(Default) = "f:\SPYWAR~1\tools\iesdpb.dll" ["PC Tools"]


HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"

  -> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"

                   \InProcServer32\(Default) = "deskpan.dll" [file not found]

Logfile of HijackThis v1.99.1

Scan saved at 13:44:34, on 2006-07-25

Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)


Running processes:

D:\WINDOW\System32\smss.exe

D:\WINDOW\system32\csrss.exe

D:\WINDOW\system32\winlogon.exe

D:\WINDOW\system32\services.exe

D:\WINDOW\system32\lsass.exe

D:\WINDOW\system32\svchost.exe

D:\WINDOW\System32\svchost.exe

D:\WINDOW\System32\svchost.exe

D:\WINDOW\System32\svchost.exe

D:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe

D:\WINDOW\system32\spoolsv.exe

D:\WINDOW\Explorer.EXE

F:\Kaspersky Anti-Virus 6.0\avp.exe

D:\WINDOW\sm56hlpr.exe

E:\cfspeed\spd.exe

D:\WINDOW\System32\RunDll32.exe

D:\WINDOW\System32\ctfmon.exe

D:\WINDOW\System32\nvsvc32.exe

D:\WINDOW\System32\oodag.exe

F:\Kaspersky Anti-Virus 6.0\avp.exe

D:\Program Files\PowerStrip\pstrip.exe

f:\Spyware Doctor\sdhelp.exe

E:\cfspeed\cfosspeed.exe

D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

D:\WINDOW\system32\ZoneLabs\vsmon.exe

F:\programy\KonektorTP\KonektorTP.exe

D:\WINDOW\system32\NOTEPAD.EXE

D:\Documents and Settings\ttt\Pulpit\HijackThis.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - D:\Program Files\GetRight\xx2gr.dll

O2 - BHO: IE 4.x-5.x BHO in ObjectPascal - {49E0E0F0-5C30-11D4-945D-000000000000} - C:\PROGRA~1\MarBit\TOOLS\IEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\programy\SPYBOT~1\SDHelper.dll

O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - f:\SPYWAR~1\tools\iesdsg.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: TweakMASTER Component - {7DAAC7DE-9EF0-4FF0-BFA5-AFF3E899054C} - f:\TweakMASTER\TweakBHO.dll

O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - E:\programy\FlashGet\jccatch.dll

O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - f:\SPYWAR~1\tools\iesdpb.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOW\System32\msdxm.ocx

O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [KAVPersonal50] "D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOW\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [kav] "F:\Kaspersky Anti-Virus 6.0\avp.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOW\System32\ctfmon.exe

O4 - Startup: Kaspersky Anti-Virus 6.0.lnk = F:\Kaspersky Anti-Virus 6.0\avp.exe

O4 - Startup: PowerStrip.lnk = D:\Program Files\PowerStrip\pstrip.exe

O4 - Startup: Skrót do cfosspeed.lnk = E:\cfspeed\cfosspeed.exe

O4 - Startup: Zone Labs Security.lnk = D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

O4 - Global Startup: Server4PC.lnk = D:\Program Files\TechniSat DVB\bin\Server4PC.exe

O8 - Extra context menu item: Download with GetRight - D:\Program Files\GetRight\GRdownload.htm

O8 - Extra context menu item: Download with Internet TOOLS - C:\Program Files\MarBit\TOOLS\MBdownload.htm

O8 - Extra context menu item: Open with GetRight Browser - D:\Program Files\GetRight\GRbrowse.htm

O8 - Extra context menu item: Ściągnij przy pomocy FlashGet'a - E:\programy\FlashGet\jc_link.htm

O8 - Extra context menu item: Ściągnij wszystko przy pomocy FlashGet'a - E:\programy\FlashGet\jc_all.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - F:\Kaspersky Anti-Virus 6.0\scieplugin.dll

O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - f:\SPYWAR~1\tools\iesdpb.dll

O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\MICROS~1\OFFICE11\REFIEBAR.DLL

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\programy\FlashGet\flashget.exe

O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\programy\FlashGet\flashget.exe

O12 - Plugin for .pdf: D:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll

O16 - DPF: {5A09E43F-A0A7-4ABF-AF80-11367CF1DC8F} (MainControl Class) - http://mks.com.pl/skaner/SkanerOnline.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{7390F65A-4528-4B80-BA27-6845D7C088BA}: NameServer = 194.204.159.1 217.98.63.164

O20 - Winlogon Notify: klogon - D:\WINDOW\System32\klogon.dll

O20 - Winlogon Notify: MCPClient - D:\PROGRA~1\COMMON~1\Stardock\mcpstub.dll

O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - F:\Kaspersky Anti-Virus 6.0\avp.exe

O23 - Service: cFosSpeed System Service (cFosSpeedS) - Unknown owner - E:\cfspeed\spd.exe" -service (file missing)

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOW\System32\nvsvc32.exe

O23 - Service: O&O Defrag - O&O Software GmbH - D:\WINDOW\System32\oodag.exe

O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - f:\Spyware Doctor\sdhelp.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - D:\WINDOW\system32\ZoneLabs\vsmon.exe
#20

Wpis nadal jest,

Daj na wszelki wypadek log z Gmer’a, ściągnij>>>uruchom>>>przejdź do zakładki “rootkit”>>>wybierz “szukaj”>>>czekaż cierpliwie aż program zakończy prace>>>klikasz “kopiuj”>>>ctrl + v i wklej do posta.