ProszE o sprawdzenie raportu hijackthis


(Kordakordas) #1

:cry: Jestem początkującym w netcie i złapałem wczoraj ponad50 wirusów!!!Mój antivir personal skasował 50 ale dalej mam ich pełno (tak myślę)nie mogę zobaczć żadnej tapety i wogóle.ZA rad ą jednrgo gościa ściągnąłem hijackthis ale nie wiem jak go użyć to jego raport(Logfile of HijackThis v1.99.0

Scan saved at 23:30:17, on 2005-01-28

Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\AVPersonal\AVGUARD.EXE

C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe

C:\Program Files\AVPersonal\AVWUPSRV.EXE

C:\WINDOWS\System32\CTsvcCDA.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\MsPMSPSv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

C:\Program Files\QuickTime\qttask.exe

C:\WINDOWS\System32\CTHELPER.EXE

C:\PROGRA~1\DAP\DAP.EXE

C:\Program Files\AVPersonal\AVGNT.EXE

C:\Program Files\AdStatus Service\AdStatServ.exe

C:\WINDOWS\System32\ctfmon.exe

C:\WINDOWS\System32\RUNDLL32.EXE

C:\Program Files\Creative\SBAudigy\TaskBar\CTLTray.exe

C:\Program Files\AdStatus Service\AdStatKeep.exe

C:\Program Files\Silicon Image\SiISATARaid\SATARaid.exe

C:\BITWARE\NT\bwprnmon.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9EE.EXE

C:\Program Files\AOL 9.0\waol.exe

C:\Program Files\AOL 9.0\shellmon.exe

C:\Program Files\Common Files\Aol\aoltpspd.exe

C:\WINDOWS\System32\wuauclt.exe

C:\Documents and Settings\jarek\Ustawienia lokalne\Temp\Katalog tymczasowy 1 dla hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://213.159.117.134/index.php

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://213.159.117.134/index.php

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://213.159.117.134/index.php

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://213.159.117.134/index.php

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://213.159.117.134/index.php

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://213.159.117.134/index.php

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O1 - Hosts: 127.0.0.3 n-glx.s-redirect.com

O1 - Hosts: 127.0.0.3 x.full-tgp.net

O1 - Hosts: 127.0.0.3 counter.sexmaniack.com

O1 - Hosts: 127.0.0.3 autoescrowpay.com

O1 - Hosts: 127.0.0.3 http://www.autoescrowpay.com

O1 - Hosts: 127.0.0.3 http://www.awmdabest.com

O1 - Hosts: 127.0.0.3 http://www.sexfiles.nu

O1 - Hosts: 127.0.0.3 awmdabest.com

O1 - Hosts: 127.0.0.3 sexfiles.nu

O1 - Hosts: 127.0.0.3 allforadult.com

O1 - Hosts: 127.0.0.3 http://www.allforadult.com

O1 - Hosts: 127.0.0.3 http://www.iframe.biz

O1 - Hosts: 127.0.0.3 iframe.biz

O1 - Hosts: 127.0.0.3 http://www.newiframe.biz

O1 - Hosts: 127.0.0.3 newiframe.biz

O1 - Hosts: 127.0.0.3 http://www.vesbiz.biz

O1 - Hosts: 127.0.0.3 vesbiz.biz

O1 - Hosts: 127.0.0.3 http://www.pizdato.biz

O1 - Hosts: 127.0.0.3 pizdato.biz

O1 - Hosts: 127.0.0.3 http://www.aaasexypics.com

O1 - Hosts: 127.0.0.3 aaasexypics.com

O1 - Hosts: 127.0.0.3 http://www.virgin-tgp.net

O1 - Hosts: 127.0.0.3 virgin-tgp.net127.0.0.3 http://www.iframedollars.biz

O1 - Hosts: 127.0.0.3 iframedollars.biz

O1 - Hosts: 127.0.0.3 virgin-tgp.net

O1 - Hosts: 127.0.0.3 http://www.virgin-tgp.net

O1 - Hosts: 127.0.0.3 aaasexypics.com

O1 - Hosts: 127.0.0.3 http://www.aaasexypics.com

O1 - Hosts: 127.0.0.3 http://www.newiframe.biz

O1 - Hosts: 127.0.0.3 iframe.biz

O1 - Hosts: 127.0.0.3 http://www.iframe.biz

O1 - Hosts: 127.0.0.3 http://www.allforadult.com

O1 - Hosts: 127.0.0.3 allforadult.com

O1 - Hosts: 127.0.0.3 sexfiles.nu

O1 - Hosts: 127.0.0.3 awmdabest.com

O1 - Hosts: 127.0.0.3 http://www.sexfiles.nu

O1 - Hosts: 127.0.0.3 http://www.awmdabest.com

O1 - Hosts: 127.0.0.3 http://www.autoescrowpay.com

O1 - Hosts: 127.0.0.3 x.full-tgp.net

O1 - Hosts: 127.0.0.3 counter.sexmaniack.com

O1 - Hosts: 127.0.0.3 autoescrowpay.com

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O3 - Toolbar: (no name) - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - (no file)

O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM..\Run: [nwiz] nwiz.exe /install

O4 - HKLM..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM..\Run: [WINDVDPatch] CTHELPER.EXE

O4 - HKLM..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM..\Run: [Jet Detection] "C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe"

O4 - HKLM..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run

O4 - HKLM..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM..\Run: [EPSON Stylus CX6600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9EE.EXE /P26 "EPSON Stylus CX6600 Series" /O6 "USB001" /M "Stylus CX6600"

O4 - HKLM..\Run: [NavRegReminder] "C:\WINDOWS\temp\NavBrowser.exe" /r /i "C:\WINDOWS\temp\NavLoad.ini"

O4 - HKLM..\Run: [DownloadAccelerator] C:\PROGRA~1\DAP\DAP.EXE /STARTUP

O4 - HKLM..\Run: [sysTime] C:\WINDOWS\System32\systime.exe

O4 - HKLM..\Run: [ControlPanel] C:\WINDOWS\System32\cmd32.exe internat.dll,LoadKeyboardProfile

O4 - HKLM..\Run: [AVGCtrl] C:\Program Files\AVPersonal\AVGNT.EXE /min

O4 - HKLM..\Run: [AdStatus Service] C:\Program Files\AdStatus Service\AdStatServ.exe

O4 - HKLM..\Run: [internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"

O4 - HKCU..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit

O4 - HKCU..\Run: [TaskTray] "C:\Program Files\Creative\SBAudigy\TaskBar\CTLTray.exe"

O4 - HKCU..\Run: [TaskBar] "C:\Program Files\Creative\SBAudigy\TaskBar\CTLTask.exe"

O4 - Global Startup: SATARaid.lnk = ?

O4 - Global Startup: BitWare Print Monitor.lnk = C:\BITWARE\NT\bwprnmon.exe

O4 - Global Startup: AOL 9.0 Tray-Symbol.lnk = C:\Program Files\AOL 9.0\aoltray.exe

O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm

O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm

O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\PROGRA~1\DAP\DAP.EXE

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

O15 - Trusted Zone: *.clickspring.net

O15 - Trusted Zone: *.flingstone.com

O15 - Trusted Zone: *.iframedollars.biz

O15 - Trusted Zone: *.mt-download.com

O15 - Trusted Zone: *.my-internet.info

O15 - Trusted Zone: *.searchbarcash.com

O15 - Trusted Zone: *.searchmiracle.com

O15 - Trusted Zone: *.skoobidoo.com

O15 - Trusted Zone: *.slotchbar.com

O15 - Trusted Zone: *.windupdates.com

O15 - Trusted Zone: *.ysbweb.com

O15 - Trusted Zone: *.clickspring.net (HKLM)

O15 - Trusted Zone: *.flingstone.com (HKLM)

O15 - Trusted Zone: *.iframedollars.biz (HKLM)

O15 - Trusted Zone: *.mt-download.com (HKLM)

O15 - Trusted Zone: *.my-internet.info (HKLM)

O15 - Trusted Zone: *.searchbarcash.com (HKLM)

O15 - Trusted Zone: *.searchmiracle.com (HKLM)

O15 - Trusted Zone: *.skoobidoo.com (HKLM)

O15 - Trusted Zone: *.slotchbar.com (HKLM)

O15 - Trusted Zone: *.windupdates.com (HKLM)

O15 - Trusted Zone: *.ysbweb.com (HKLM)

O15 - Trusted IP range: 67.19.185.246

O15 - Trusted IP range: 67.19.185.246 (HKLM)

O16 - DPF: {11111111-1111-1111-1111-111111111157} - ms-its:mhtml:file://c:\nosuch.mht! http://iframedollars.biz/dl/adv407/x.chm::/load.exe

O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.de/computercheckup/qdiagcc.cab

O16 - DPF: {79849612-A98F-45B8-95E9-4D13C7B6B35C} (Loader2 Control) - http://iframedollars.biz/tb/loader2.ocx

O16 - DPF: {FF3F0F03-0F01-131A-A3F9-08F02B23E0CC} - http://66.117.37.13/dba10.exe

O17 - HKLM\System\CCS\Services\Tcpip..{05031B14-A000-4203-B554-9CF005F108FF}: NameServer = 205.188.146.145

O17 - HKLM\System\CS1\Services\Tcpip..{05031B14-A000-4203-B554-9CF005F108FF}: NameServer = 205.188.146.145

O23 - Service: AntiVir Service - H+BEDV Datentechnik GmbH - C:\Program Files\AVPersonal\AVGUARD.EXE

O23 - Service: AOL Connectivity Service - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe

O23 - Service: AntiVir Update - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe

O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: TrueVector Internet Monitor - Zone Labs Inc. - C:\WINDOWS\system32\ZONELABS\vsmon.exe

Proszę pomocy


(Qbek50) #2

do kasacji:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://213.159.117.134/index.php

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://213.159.117.134/index.php

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://213.159.117.134/index.php

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://213.159.117.134/index.php

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://213.159.117.134/index.php

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://213.159.117.134/index.php

O1 - Hosts: 127.0.0.3 n-glx.s-redirect.com

O1 - Hosts: 127.0.0.3 x.full-tgp.net

O1 - Hosts: 127.0.0.3 counter.sexmaniack.com

O1 - Hosts: 127.0.0.3 autoescrowpay.com

O1 - Hosts: 127.0.0.3 http://www.autoescrowpay.com

O1 - Hosts: 127.0.0.3 http://www.awmdabest.com

O1 - Hosts: 127.0.0.3 http://www.sexfiles.nu

O1 - Hosts: 127.0.0.3 awmdabest.com

O1 - Hosts: 127.0.0.3 sexfiles.nu

O1 - Hosts: 127.0.0.3 allforadult.com

O1 - Hosts: 127.0.0.3 http://www.allforadult.com

O1 - Hosts: 127.0.0.3 http://www.iframe.biz

O1 - Hosts: 127.0.0.3 iframe.biz

O1 - Hosts: 127.0.0.3 http://www.newiframe.biz

O1 - Hosts: 127.0.0.3 newiframe.biz

O1 - Hosts: 127.0.0.3 http://www.vesbiz.biz

O1 - Hosts: 127.0.0.3 vesbiz.biz

O1 - Hosts: 127.0.0.3 http://www.pizdato.biz

O1 - Hosts: 127.0.0.3 pizdato.biz

O1 - Hosts: 127.0.0.3 http://www.aaasexypics.com

O1 - Hosts: 127.0.0.3 aaasexypics.com

O1 - Hosts: 127.0.0.3 http://www.virgin-tgp.net

O1 - Hosts: 127.0.0.3 virgin-tgp.net127.0.0.3 http://www.iframedollars.biz

O1 - Hosts: 127.0.0.3 iframedollars.biz

O1 - Hosts: 127.0.0.3 virgin-tgp.net

O1 - Hosts: 127.0.0.3 http://www.virgin-tgp.net

O1 - Hosts: 127.0.0.3 aaasexypics.com

O1 - Hosts: 127.0.0.3 http://www.aaasexypics.com

O1 - Hosts: 127.0.0.3 http://www.newiframe.biz

O1 - Hosts: 127.0.0.3 iframe.biz

O1 - Hosts: 127.0.0.3 http://www.iframe.biz

O1 - Hosts: 127.0.0.3 http://www.allforadult.com

O1 - Hosts: 127.0.0.3 allforadult.com

O1 - Hosts: 127.0.0.3 sexfiles.nu

O1 - Hosts: 127.0.0.3 awmdabest.com

O1 - Hosts: 127.0.0.3 http://www.sexfiles.nu

O1 - Hosts: 127.0.0.3 http://www.awmdabest.com

O1 - Hosts: 127.0.0.3 http://www.autoescrowpay.com

O1 - Hosts: 127.0.0.3 x.full-tgp.net

O1 - Hosts: 127.0.0.3 counter.sexmaniack.com

O1 - Hosts: 127.0.0.3 autoescrowpay.com

O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\PROGRA~1\DAP\DAP.EXE

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

O15 - Trusted Zone: *.clickspring.net

O15 - Trusted Zone: *.flingstone.com

O15 - Trusted Zone: *.iframedollars.biz

O15 - Trusted Zone: *.mt-download.com

O15 - Trusted Zone: *.my-internet.info

O15 - Trusted Zone: *.searchbarcash.com

O15 - Trusted Zone: *.searchmiracle.com

O15 - Trusted Zone: *.skoobidoo.com

O15 - Trusted Zone: *.slotchbar.com

O15 - Trusted Zone: *.windupdates.com

O15 - Trusted Zone: *.ysbweb.com

O15 - Trusted Zone: *.clickspring.net (HKLM)

O15 - Trusted Zone: *.flingstone.com (HKLM)

O15 - Trusted Zone: *.iframedollars.biz (HKLM)

O15 - Trusted Zone: *.mt-download.com (HKLM)

O15 - Trusted Zone: *.my-internet.info (HKLM)

O15 - Trusted Zone: *.searchbarcash.com (HKLM)

O15 - Trusted Zone: *.searchmiracle.com (HKLM)

O15 - Trusted Zone: *.skoobidoo.com (HKLM)

O15 - Trusted Zone: *.slotchbar.com (HKLM)

O15 - Trusted Zone: *.windupdates.com (HKLM)

O15 - Trusted Zone: *.ysbweb.com (HKLM)

O15 - Trusted IP range: 67.19.185.246

O15 - Trusted IP range: 67.19.185.246 (HKLM)

O16 - DPF: {11111111-1111-1111-1111-111111111157} - ms-its:mhtml:file://c:\nosuch.mht! http://iframedollars.biz/dl/adv407/x.chm::/load.exe

O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.de/computercheckup/qdiagcc.cab

O16 - DPF: {79849612-A98F-45B8-95E9-4D13C7B6B35C} (Loader2 Control) - http://iframedollars.biz/tb/loader2.ocx

O16 - DPF: {FF3F0F03-0F01-131A-A3F9-08F02B23E0CC} - http://66.117.37.13/dba10.exe

zaznaczyłem ci DAPa (on instaluje spyware) - wywal go !!

przeskanuj dysk:

Ad-Aware:

http://www.dobreprogramy.pl/index.php?dz=2id=107t=55

i SpyBot SD:

http://www.dobreprogramy.pl/index.php?dz=2id=188t=55

usuń syf i daj ponownie loga 8)


(Mlody) #3

ogólna moja rada gdyz bylem w podobnej sytuacji co Ty:

format c:

potem zainstaluj sp2, pestpatrol, spywareblaster, AV personal i jezeli lubisz sie bawic to wypróbuj jakiegos firewall (a ten windowsowski wlacz) przyda sie takze cwshreder.

wiem ze to nie jest zbyt racjonalne wyjscie, ale jak probowalem naprawic swoj komp recznie to w pewnym momencie stracilem winde i pojawialy sie tylko niebieskie ekrany. a potem tylko same problemy .... sam zadecyduj


(Kordakordas) #4

to mój nowy log Logfile of HijackThis v1.99.0

Scan saved at 01:13:42, on 2005-01-30

Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\AVPersonal\AVGUARD.EXE

C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

C:\Program Files\QuickTime\qttask.exe

C:\WINDOWS\System32\CTHELPER.EXE

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9EE.EXE

C:\PROGRA~1\DAP\DAP.EXE

C:\Program Files\AVPersonal\AVGNT.EXE

C:\Program Files\AVPersonal\AVWUPSRV.EXE

C:\Program Files\AdStatus Service\AdStatServ.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\System32\ctfmon.exe

C:\WINDOWS\System32\RUNDLL32.EXE

C:\Program Files\Creative\SBAudigy\TaskBar\CTLTray.exe

C:\Program Files\Creative\SBAudigy\TaskBar\CTLTask.exe

C:\Program Files\Silicon Image\SiISATARaid\SATARaid.exe

C:\BITWARE\NT\bwprnmon.exe

C:\WINDOWS\System32\CTsvcCDA.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\Program Files\AdStatus Service\AdStatKeep.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\MsPMSPSv.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\WINDOWS\System32\wuauclt.exe

C:\Program Files\AVPersonal\AVWIN.EXE

C:\Program Files\AOL 9.0\waol.exe

C:\Program Files\AOL 9.0\shellmon.exe

C:\Program Files\Common Files\Aol\aoltpspd.exe

C:\Documents and Settings\jarek\Ustawienia lokalne\Temp\Katalog tymczasowy 1 dla hijackthis.zip\HijackThis.exe

C:\Documents and Settings\jarek\Ustawienia lokalne\Temp\Katalog tymczasowy 4 dla hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O3 - Toolbar: (no name) - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - (no file)

O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM..\Run: [nwiz] nwiz.exe /install

O4 - HKLM..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM..\Run: [WINDVDPatch] CTHELPER.EXE

O4 - HKLM..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM..\Run: [Jet Detection] "C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe"

O4 - HKLM..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run

O4 - HKLM..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM..\Run: [EPSON Stylus CX6600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9EE.EXE /P26 "EPSON Stylus CX6600 Series" /O6 "USB001" /M "Stylus CX6600"

O4 - HKLM..\Run: [NavRegReminder] "C:\WINDOWS\temp\NavBrowser.exe" /r /i "C:\WINDOWS\temp\NavLoad.ini"

O4 - HKLM..\Run: [DownloadAccelerator] C:\PROGRA~1\DAP\DAP.EXE /STARTUP

O4 - HKLM..\Run: [sysTime] C:\WINDOWS\System32\systime.exe

O4 - HKLM..\Run: [ControlPanel] C:\WINDOWS\System32\cmd32.exe internat.dll,LoadKeyboardProfile

O4 - HKLM..\Run: [AVGCtrl] C:\Program Files\AVPersonal\AVGNT.EXE /min

O4 - HKLM..\Run: [AdStatus Service] C:\Program Files\AdStatus Service\AdStatServ.exe

O4 - HKLM..\Run: [internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"

O4 - HKLM..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKCU..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit

O4 - HKCU..\Run: [TaskTray] "C:\Program Files\Creative\SBAudigy\TaskBar\CTLTray.exe"

O4 - HKCU..\Run: [TaskBar] "C:\Program Files\Creative\SBAudigy\TaskBar\CTLTask.exe"

O4 - Global Startup: SATARaid.lnk = ?

O4 - Global Startup: BitWare Print Monitor.lnk = C:\BITWARE\NT\bwprnmon.exe

O4 - Global Startup: AOL 9.0 Tray-Symbol.lnk = C:\Program Files\AOL 9.0\aoltray.exe

O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm

O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm

O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\PROGRA~1\DAP\DAP.EXE

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab

O17 - HKLM\System\CCS\Services\Tcpip..{05031B14-A000-4203-B554-9CF005F108FF}: NameServer = 205.188.146.145

O17 - HKLM\System\CS1\Services\Tcpip..{05031B14-A000-4203-B554-9CF005F108FF}: NameServer = 205.188.146.145

O23 - Service: AntiVir Service - H+BEDV Datentechnik GmbH - C:\Program Files\AVPersonal\AVGUARD.EXE

O23 - Service: AOL Connectivity Service - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe

O23 - Service: avast! iAVS4 Control Service - Unknown - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - Unknown - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: AntiVir Update - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe

O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: TrueVector Internet Monitor - Zone Labs Inc. - C:\WINDOWS\system32\ZONELABS\vsmon.exe

nie usunołem dapa bo podobno jest on bezpieczny ale jak jest to konieczne to go usune.Mój antivir chodzi teraz tak wolno ze szok.Jeszcze nie skonczył skan.Moj pulpit nadal jest biały i miga jak klikne prawy mychy to jak by to była strona internetowa. poradzcie cos DZIEKI DLA DETEKTYWA 997 I MLODEGO