Strasznie muli komp


(Reyzones) #1

możecie sprawdzić logi?

"Silent Runners.vbs", revision 49, http://www.silentrunners.org/ 

Operating System: Windows XP SP2 

Output limited to non-default values, except where indicated by "{++}" 



Startup items buried in registry: 

--------------------------------- 


HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} 

"CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS] 

"AQQ" = "C:\PROGRA~1\Wapster\AQQ\AQQ.exe" ["AQQ Sp. z o.o."] 

"Spyware Doctor" = ""C:\Program Files\Spyware Doctor\swdoctor.exe" /Q" [file not found] 

"MSMSGS" = ""C:\Program Files\Messenger\msmsgs.exe" /background" [MS] 

"ares" = ""C:\Program Files\Ares\Ares.exe" -h" [file not found] 

"MyWebSearch Email Plugin" = "C:\PROGRA~1\MYWEBS~1\bar\d.bin\mwsoemon.exe" ["MyWebSearch.com"] 

"Gadu-Gadu" = ""C:\Program Files\Gadu-Gadu\gg.exe" /tray" [file not found] 

"scvhost" = "c:\windows\system\scvhost.exe" [null data] 

"Skype" = ""C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized" ["Skype Technologies S.A."] 


HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++} 

"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS] 

"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"] 

"NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit" [MS] 

"NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"] 

"HP Component Manager" = ""C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"" ["Hewlett-Packard Company"] 

"avast!" = "C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [null data] 

"SunJavaUpdateSched" = ""C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"" ["Sun Microsystems, Inc."] 

"HP Software Update" = "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" ["Hewlett-Packard Co."] 

"Spik" = "C:\Program Files\Spik\Spik.exe -autostart" [file not found] 

"MyWebSearch Email Plugin" = "C:\PROGRA~1\MYWEBS~1\bar\d.bin\mwsoemon.exe" ["MyWebSearch.com"] 

"BearShare" = ""C:\Program Files\BearShare\BearShare.exe" /pause" [file not found] 

"WinampAgent" = "C:\Program Files\Winamp\winampa.exe" [null data] 


HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ 

{00A6FAF1-072E-44cf-8957-5838F569A31D}\(Default) = (no title provided) 

  -> {HKLM...CLSID} = "MyWebSearch Search Assistant BHO" 

                   \InProcServer32\(Default) = "C:\Program Files\MyWebSearch\SrchAstt\d.bin\MWSSRCAS.DLL" ["MyWebSearch.com"] 

{02478D38-C3F9-4EFB-9B51-7695ECA05670}\(Default) = (no title provided) 

  -> {HKLM...CLSID} = "Yahoo! Toolbar Helper" 

                   \InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."] 

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided) 

  -> {HKLM...CLSID} = "AcroIEHlprObj Class" 

                   \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"] 

{07B18EA1-A523-4961-B6BB-170DE4475CCA}\(Default) = (no title provided) 

  -> {HKLM...CLSID} = "mwsBar BHO" 

                   \InProcServer32\(Default) = "C:\Program Files\MyWebSearch\bar\d.bin\MWSBAR.DLL" ["MyWebSearch.com"] 

{2A8A997F-BB9F-48F6-AA2B-2762D50F9289}\(Default) = "ShprRprts" 

  -> {HKLM...CLSID} = "ShprRprts" 

                   \InProcServer32\(Default) = "C:\Program Files\ShopperReports\Bin\2.0.0\ShprRprt.dll" ["ShopperReports"] 

{37B85A21-692B-4205-9CAD-2626E4993404}\(Default) = "My Global Search Bar BHO" 

  -> {HKLM...CLSID} = "My Global Search Bar BHO" 

                   \InProcServer32\(Default) = "C:\Program Files\MyGlobalSearch\bar\2.bin\MGSBAR.DLL" ["My Global Search"] 

{5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB}\(Default) = (no title provided) 

  -> {HKLM...CLSID} = "PCTools Site Guard" 

                   \InProcServer32\(Default) = "C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll" [file not found] 

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided) 

  -> {HKLM...CLSID} = "SSVHelper Class" 

                   \InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll" ["Sun Microsystems, Inc."] 

{B56A7D7D-6927-48C8-A975-17DF180C71AC}\(Default) = (no title provided) 

  -> {HKLM...CLSID} = "PCTools Browser Monitor" 

                   \InProcServer32\(Default) = "C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll" [file not found] 


HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ 

"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania" 

  -> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania" 

                   \InProcServer32\(Default) = "deskpan.dll" [file not found] 

"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu" 

  -> {HKLM...CLSID} = "HyperTerminal Icon Ext" 

                   \InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."] 

"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler" 

  -> {HKLM...CLSID} = "Rozszerzenie ikon plików programu Outlook" 

                   \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office\OLKFSTUB.DLL" [MS] 

"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class" 

  -> {HKLM...CLSID} = "DesktopContext Class" 

                   \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"] 

"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper" 

  -> {HKLM...CLSID} = "NVIDIA CPL Extension" 

                   \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"] 

"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer" 

  -> {HKLM...CLSID} = "Desktop Explorer" 

                   \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"] 

"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu" 

  -> {HKLM...CLSID} = (no title provided) 

                   \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"] 

"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu" 

  -> {HKLM...CLSID} = "nView Desktop Context Menu" 

                   \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"] 

"{472083B0-C522-11CF-8763-00608CC02F24}" = "avast" 

  -> {HKLM...CLSID} = "avast" 

                   \InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"] 

"{5E2121EE-0300-11D4-8D3B-444553540000}" = "SimpleShlExt extension" 

  -> {HKLM...CLSID} = "SimpleShlExt Class" 

                   \InProcServer32\(Default) = "C:\Program Files\Spik\shellext_wpmsg.dll" [file not found] 

"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension" 

  -> {HKLM...CLSID} = "WinRAR" 

                   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] 

"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu" 

  -> {HKLM...CLSID} = "Portable Media Devices Menu" 

                   \InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS] 


HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ 

avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}" 

  -> {HKLM...CLSID} = "avast" 

                   \InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"] 

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" 

  -> {HKLM...CLSID} = "WinRAR" 

                   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] 

WPKontakt\(Default) = "{5E2121EE-0300-11D4-8D3B-444553540000}" 

  -> {HKLM...CLSID} = "SimpleShlExt Class" 

                   \InProcServer32\(Default) = "C:\Program Files\Spik\shellext_wpmsg.dll" [file not found] 


HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ 

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" 

  -> {HKLM...CLSID} = "WinRAR" 

                   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] 


HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ 

avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}" 

  -> {HKLM...CLSID} = "avast" 

                   \InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"] 

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" 

  -> {HKLM...CLSID} = "WinRAR" 

                   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] 



Group Policies {GPedit.msc branch and setting}: 

----------------------------------------------- 


Note: detected settings may not have any effect. 


HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\ 


"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001 

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| 

Shutdown: Allow system to be shut down without having to log on} 


"undockwithoutlogon" = (REG_DWORD) hex:0x00000001 

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| 

Devices: Allow undock without having to log on} 



Active Desktop and Wallpaper: 

----------------------------- 


Active Desktop may be disabled at this entry: 

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState 


Displayed if Active Desktop enabled and wallpaper not set by Group Policy: 

HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ 

"Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp" 


Displayed if Active Desktop disabled and wallpaper not set by Group Policy: 

HKCU\Control Panel\Desktop\ 

"Wallpaper" = "C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp" 



Enabled Screen Saver: 

--------------------- 


HKCU\Control Panel\Desktop\ 

"SCRNSAVE.EXE" = "C:\WINDOWS\system32\sstext3d.scr" [MS] 



Startup items in "user" & "All Users" startup folders: 

------------------------------------------------------ 


C:\Documents and Settings\All Users\Menu Start\Programy\Autostart 

"Microsoft Office" -> shortcut to: "C:\Program Files\Microsoft Office\Office\OSA9.EXE -b -l" [MS] 

"HP Digital Imaging Monitor" -> shortcut to: "C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" ["Hewlett-Packard Co."] 

"HP Image Zone - szybkie uruchamianie" -> shortcut to: "C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe -s" [null data] 

"MyWebSearch Email Plugin" -> shortcut to: "C:\Program Files\MyWebSearch\bar\d.bin\MWSOEMON.EXE" ["MyWebSearch.com"] 



Winsock2 Service Provider DLLs: 

------------------------------- 


Namespace Service Providers 


HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 

000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 

000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS] 

000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 


Transport Service Providers 


HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 

0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: 

%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 17 

%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 



Toolbars, Explorer Bars, Extensions: 

------------------------------------ 


Toolbars 


HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\ 

"{74CC49F7-EB32-4A08-B204-948962A6E3DB}" 

  -> {HKLM...CLSID} = "H&otbar" 

                   \InProcServer32\(Default) = "C:\Program Files\HbTools\Bin\4.7.7.0\HbtHostIE.dll" [file not found] 


HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ 

"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" 

  -> {HKLM...CLSID} = "Yahoo! Toolbar" 

                   \InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."] 

"{74CC49F7-EB32-4A08-B204-948962A6E3DB}" 

  -> {HKLM...CLSID} = "H&otbar" 

                   \InProcServer32\(Default) = "C:\Program Files\HbTools\Bin\4.7.7.0\HbtHostIE.dll" [file not found] 

"{37B85A29-692B-4205-9CAD-2626E4993404}" 

  -> {HKLM...CLSID} = "My Global Search Bar" 

                   \InProcServer32\(Default) = "C:\Program Files\MyGlobalSearch\bar\2.bin\MGSBAR.DLL" ["My Global Search"] 


HKLM\Software\Microsoft\Internet Explorer\Toolbar\ 

"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" = (no title provided) 

  -> {HKLM...CLSID} = "Yahoo! Toolbar" 

                   \InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."] 

"{37B85A29-692B-4205-9CAD-2626E4993404}" = (no title provided) 

  -> {HKLM...CLSID} = "My Global Search Bar" 

                   \InProcServer32\(Default) = "C:\Program Files\MyGlobalSearch\bar\2.bin\MGSBAR.DLL" ["My Global Search"] 


Explorer Bars 


HKCU\Software\Microsoft\Internet Explorer\Explorer Bars\ 

{2178C864-B8BC-41AE-A1FB-EB6A32F87EB1}\(Default) = (no title provided) 

  -> {HKLM...CLSID} = "ShopperReports – Price Comparison" 

                   \InProcServer32\(Default) = "C:\Program Files\ShopperReports\Bin\2.0.0\ShprRprt.dll" ["ShopperReports"] 

{66B90ADB-0BE3-40AE-8680-84A6F0577CA0}\(Default) = (no title provided) 

  -> {HKLM...CLSID} = "Web Assistant" 

                   \InProcServer32\(Default) = "C:\Program Files\HbTools\Bin\4.7.7.0\HbtHostIE.dll" [file not found] 

{7E66936C-FEA0-4984-AD26-7B6661AC5B2E}\(Default) = (no title provided) 

  -> {HKLM...CLSID} = "Hotbar Information Window" 

                   \InProcServer32\(Default) = "C:\Program Files\HbTools\Bin\4.7.7.0\HbtHostIE.dll" [file not found] 


HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\ 

{7E66936C-FEA0-4984-AD26-7B6661AC5B2E}\(Default) = (no title provided) 

  -> {HKLM...CLSID} = "Hotbar Information Window" 

                   \InProcServer32\(Default) = "C:\Program Files\HbTools\Bin\4.7.7.0\HbtHostIE.dll" [file not found] 


HKLM\Software\Classes\CLSID\{1E0DE227-5CE4-4EA3-AB0C-8B03E1AA76BC}\(Default) = "My Web Search Quick View" 

Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar] 

InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS] 


Extensions (Tools menu items, main toolbar menu buttons) 


HKLM\Software\Microsoft\Internet Explorer\Extensions\ 

{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ 

"MenuText" = "Sun Java Console" 

"CLSIDExtension" = "{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBC}" 

  -> {HKCU...CLSID} = "Java Plug-in 1.5.0_09" 

                   \InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll" ["Sun Microsystems, Inc."] 

  -> {HKLM...CLSID} = "Java Plug-in 1.5.0_09" 

                   \InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll" ["Sun Microsystems, Inc."] 


{2D663D1A-8670-49D9-A1A5-4C56B4E14E84}\ 

"ButtonText" = "Spyware Doctor" 

"CLSIDExtension" = "{A1EDC4A1-940F-48E0-8DFD-E38F1D501021}" 

  -> {HKLM...CLSID} = "PCTools Browser Monitor" 

                   \InProcServer32\(Default) = "C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll" [file not found] 


{946B3E9E-E21A-49C8-9F63-900533FAFE14}\ 

"ButtonText" = "ShopperReports - Compare product prices" 

"CLSIDExtension" = "{580a1f3f-89b4-433b-bbdb-b97aeb13f3fc}" 

  -> {HKLM...CLSID} = "IEButton" 

                   \InProcServer32\(Default) = "C:\Program Files\ShopperReports\Bin\2.0.0\ShprRprt.dll" ["ShopperReports"] 


{946B3E9E-E21A-49C8-9F63-900533FAFE15}\ 

"ButtonText" = "ShopperReports - Compare travel rates" 

"CLSIDExtension" = "{454b4812-e572-4703-a1bb-63490809eac0}" 

  -> {HKLM...CLSID} = "IEButtonA" 

                   \InProcServer32\(Default) = "C:\Program Files\ShopperReports\Bin\2.0.0\ShprRprt.dll" ["ShopperReports"] 


{FB5F1910-F110-11D2-BB9E-00C04F795683}\ 

"ButtonText" = "Messenger" 

"MenuText" = "Windows Messenger" 

"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS] 



Miscellaneous IE Hijack Points 

------------------------------ 


HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\ 

<> "{08C06D61-F1F3-4799-86F8-BE1A89362C85}" = (no title provided) 

  -> {HKLM...CLSID} = "Search Class" 

                   \InProcServer32\(Default) = "C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL" [file not found] 

<> "{00A6FAF6-072E-44cf-8957-5838F569A31D}" = (no title provided) 

  -> {HKLM...CLSID} = (no title provided) 

                   \InProcServer32\(Default) = "C:\Program Files\MyWebSearch\SrchAstt\d.bin\MWSSRCAS.DLL" ["MyWebSearch.com"] 



Running Services (Display Name, Service Name, Path {Service DLL}): 

------------------------------------------------------------------ 


avast! Antivirus, avast! Antivirus, ""C:\Program Files\Alwil Software\Avast4\ashServ.exe"" [null data] 

avast! iAVS4 Control Service, aswUpdSv, ""C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"" [null data] 

avast! Mail Scanner, avast! Mail Scanner, ""C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service" ["ALWIL Software"] 

avast! Web Scanner, avast! Web Scanner, ""C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service" ["ALWIL Software"] 

NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"] 

Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS] 



Print Monitors: 

--------------- 


HKLM\System\CurrentControlSet\Control\Print\Monitors\ 

EPSON V6 2KMonitor\Driver = "EBPMON24.DLL" ["SEIKO EPSON CORPORATION"] 

hpzsnt10\Driver = "hpzsnt10.dll" ["HP"] 



---------- 

<>: Suspicious data at a browser hijack point. 


+ This report excludes default entries except where indicated. 

+ To see *everywhere* the script checks and *everything* it finds, 

  launch it from a command prompt or a shortcut with the -all parameter. 

+ To search all directories of local fixed drives for DESKTOP.INI 

  DLL launch points, use the -supp parameter or answer "No" at the 

  first message box and "Yes" at the second message box. 

---------- (total run time: 132 seconds, including 18 seconds for message boxes)

Logfile of HijackThis v1.99.1 

Scan saved at 13:18:04, on 2006-12-29 

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) 

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) 


Running processes: 

C:\WINDOWS\System32\smss.exe 

C:\WINDOWS\system32\winlogon.exe 

C:\WINDOWS\system32\services.exe 

C:\WINDOWS\system32\lsass.exe 

C:\WINDOWS\system32\svchost.exe 

C:\WINDOWS\System32\svchost.exe 

C:\WINDOWS\system32\spoolsv.exe 

C:\WINDOWS\Explorer.EXE 

C:\Program Files\HP\hpcoretech\hpcmpmgr.exe 

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe 

C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe 

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe 

C:\PROGRA~1\MYWEBS~1\bar\d.bin\mwsoemon.exe 

C:\Program Files\Winamp\winampa.exe 

C:\WINDOWS\system32\ctfmon.exe 

C:\windows\system\scvhost.exe 

C:\Program Files\Skype\Phone\Skype.exe 

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe 

C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe 

C:\Program Files\Mozilla Firefox\firefox.exe 

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe 

C:\Program Files\Alwil Software\Avast4\ashServ.exe 

C:\Program Files\Skype\Plugin Manager\SkypePM.exe 

C:\WINDOWS\system32\nvsvc32.exe 

C:\WINDOWS\system32\svchost.exe 

C:\WINDOWS\system32\WgaTray.exe 

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe 

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe 

C:\Program Files\Wapster\AQQ\AQQ.exe 

C:\WINDOWS\system32\javaw.exe 

C:\Program Files\WinRAR\WinRAR.exe 

C:\DOCUME~1\user\USTAWI~1\Temp\Rar$EX00.266\HijackThis.exe 


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.bearshare.com/pl/ 

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza 

R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL (file missing) 

R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\d.bin\MWSSRCAS.DLL 

O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\d.bin\MWSSRCAS.DLL 

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll 

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll 

O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\d.bin\MWSBAR.DLL 

O2 - BHO: ShprRprts - {2A8A997F-BB9F-48F6-AA2B-2762D50F9289} - C:\Program Files\ShopperReports\Bin\2.0.0\ShprRprt.dll 

O2 - BHO: My Global Search Bar BHO - {37B85A21-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\2.bin\MGSBAR.DLL 

O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll (file missing) 

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll 

O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll (file missing) 

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll 

O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\2.bin\MGSBAR.DLL 

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup 

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install 

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit 

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe 

O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" 

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe 

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe" 

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe 

O4 - HKLM\..\Run: [Spik] C:\Program Files\Spik\Spik.exe -autostart 

O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\d.bin\mwsoemon.exe 

O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause 

O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe 

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe 

O4 - HKCU\..\Run: [AQQ] C:\PROGRA~1\Wapster\AQQ\AQQ.exe 

O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q 

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background 

O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h 

O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\d.bin\mwsoemon.exe 

O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray 

O4 - HKCU\..\Run: [scvhost] c:\windows\system\scvhost.exe 

O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized 

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE 

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe 

O4 - Global Startup: HP Image Zone - szybkie uruchamianie.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe 

O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\d.bin\MWSOEMON.EXE 

O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZU 

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll 

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll 

O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll (file missing) 

O9 - Extra button: ShopperReports - Compare product prices - {946B3E9E-E21A-49c8-9F63-900533FAFE14} - C:\Program Files\ShopperReports\Bin\2.0.0\ShprRprt.dll 

O9 - Extra button: ShopperReports - Compare travel rates - {946B3E9E-E21A-49c8-9F63-900533FAFE15} - C:\Program Files\ShopperReports\Bin\2.0.0\ShprRprt.dll 

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe 

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe 

O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://skaner.mks.com.pl/SkanerOnline.cab 

O17 - HKLM\System\CCS\Services\Tcpip\..\{43491AC3-381E-4D66-9EB6-065A608C6436}: NameServer = 194.204.159.1 

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL 

O18 - Protocol: wpmsg - {2E0AC5A0-3597-11D6-B3ED-0001021DC1C3} - C:\Program Files\Spik\url_wpmsg.dll (file missing) 

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll 

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe 

O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe 

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) 

O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) 

O23 - Service: MkS_Vir Monitor (MksVirMonSvc) - Unknown owner - C:\Program Files\MKS\Bin\mksmonsv.exe (file missing) 

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe 

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

(adam9870) #2

W trybie awaryjnym z wyłączonym przywracaniem systemu usuń:

Pliki i foldery zaznaczone kasujesz ręcznie z dysku natomiast wpisy w HijackThis.

Otwórz Notatnik i wklej w nim to:

Plik >>> Zapisz jako >>> Zmień rozszerzenie z TXT na Wszystkie pliki >>> Zapisz pod nazwą FIX.REG i uruchom go w trybie awaryjnym.

Po wykonaniu proszę pokazać nowy log z HijackThis plus z SilentRunners.