Logfile of HijackThis v1.99.1
Scan saved at 12:17:31, on 06-08-18
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v5.00 (5.00.2614.3500)
Running processes:
D:\WINDOWS\SYSTEM\KERNEL32.DLL
D:\WINDOWS\SYSTEM\MSGSRV32.EXE
D:\WINDOWS\SYSTEM\MPREXE.EXE
D:\WINDOWS\SYSTEM\ATI2EVXX.EXE
E:\GHOST\GHOSTSTARTSERVICE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
D:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
D:\WINDOWS\SYSTEM\INTERNAT.EXE
D:\WINDOWS\SYSTEM\SYSTRAY.EXE
D:\WINDOWS\SOUNDMAN.EXE
E:\GHOST\GHOSTSTARTTRAYAPP.EXE
C:\PROGRAM FILES\TLEN.PL\TLEN.EXE
D:\PROGRAM FILES\STEAM\STEAM.EXE
C:\PROGRAM FILES\AVACS\MPEGTV STATION PCITV\REMOTECTL.EXE
D:\WINDOWS\SYSTEM\DDHELP.EXE
D:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\PULPIT\HJACK\HIJACKTHIS.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.bearshare.com/pl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.eu.microsoft.com/poland/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = D:\WINDOWS\SYSTEM\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: My Global Search Bar BHO - {37B85A21-692B-4205-9CAD-2626E4993404} - C:\PROGRAM FILES\MYGLOBALSEARCH\BAR\1.BIN\MGSBAR.DLL (file missing)
O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\PROGRAM FILES\MYGLOBALSEARCH\BAR\1.BIN\MGSBAR.DLL (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [internat.exe] internat.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Zasobnik systemowy] SysTray.Exe
O4 - HKLM\..\Run: [GhostStartTrayApp] E:\ghost\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [BearShare] "C:\PROGRAM FILES\BEARSHARE\BEARSHARE.EXE" /pause
O4 - HKLM\..\Run: [MKS_MENU] C:\Program Files\MKS\Bin\mks_menu.exe
O4 - HKLM\..\Run: [MKS_MON] C:\Program Files\MKS\Bin\mks_mon.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [BearFlix] "C:\PROGRAM FILES\BEARFLIX\BEARFLIX.EXE" /pause
O4 - HKLM\..\RunServices: [ATIPOLL] ati2evxx.exe
O4 - HKLM\..\RunServices: [ATISmart] C:\WINDOWS\SYSTEM\ati2s9ag.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [GhostStartService] E:\GHOST\GHOSTSTARTSERVICE.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] C:\WINDOWS\SYSTEM\mstask.exe
O4 - HKCU\..\Run: [Komunikator] C:\PROGRAM FILES\TLEN.PL\TLEN.EXE
O4 - HKCU\..\Run: [Steam] "d:\program files\steam\steam.exe" -silent
O4 - Startup: MpegTV Station PCITV Remote Control.lnk = C:\Program Files\AVACS\MpegTV Station PCITV\RemoteCtl.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O14 - IERESET.INF: SEARCH_PAGE_URL=
O14 - IERESET.INF: START_PAGE_URL=
O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C5} (GameDesire Snooker) - http://67.15.101.3/g_bin/pl/snooker_2_0_0_28.cab
O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://mks.com.pl/skaner/SkanerOnline.cab
O16 - DPF: {5A09E43F-A0A7-4ABF-AF80-11367CF1DC8F} - http://mks.com.pl/skaner/SkanerOnline.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.pl/resources/virusscanner/kavwebscan_ansi.cab
O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool 8) - http://67.15.101.3/g_bin/pl/billard8_2_0_0_28.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 194.204.159.1,194.204.152.34
Proszę się zastosować
http://forum.dobreprogramy.pl/viewtopic.php?t=66889
boczi