Jak usunąć trojana z kompa ? antywirus nawed nie pomaga AVG POMOCY boi juz chce instalowac od nowa kompa… wszystkie stronki www przez to otwieraja sie przez 3minuty
nie ten dział, jeżeli znasz jego lokalizacje to uruchom komputer w Trybie Awaryjnym i spróbuj usnąć
Skąd podejrzenie szkodnika?
Proszę wkleić na forum zestaw logów (do tego tematu) - HijackThis i SilentRunners:
Proszę zmienić tytuł swojego tematu na konkretny, mówiący o problemie.
W tym celu proszę użyć przycisku
OT kosz, przeprowadzka do odpowiedniego działu.
gg505 proszę pisać poprawnie i używać polskich znaków w pisowni postów.
już wszystko jest wporządku, teraz jeszcze 1sprawa, mam AVG free edition i co jeszcze potrzebuje ?? bo wiem że są potrzebne 2programy dajcie link do tego 2 - darmowego co jest potrzebny, dzieki
PS. żeby nie było ADMIN napisz na PW co mam pobrać i usuń ten temat !
Po co usuwać temat ?? Wklej koniecznie logi, o które prosiłem:
http://forum.dobreprogramy.pl/viewtopic.php?t=36654
O wyborze programów zabezpieczających poczytaj tutaj:
ale ten temat jest zamknięty gdzie te logi mam wkleic ? zdecyduj sie! wkleiłem do tematu “komputer strasznie wolno chhodzi” ale dam tutaj jeszcze raz:
Logfile of HijackThis v1.99.1
Scan saved at 22:09:46, on 05-01-2007
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\msiexec.exe
C:\DOCUME~1\Gry\USTAWI~1\Temp\Rar$EX00.094\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.bearshare.com/sidebar.html?src=ssb
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.bearshare.com/pl/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare applications\BearShare MediaBar\MediaBar.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Need2Find Bar BHO - {4D1C4E81-A32A-416b-BCDB-33B3EF3617D3} - C:\Program Files\Need2Find\bar\1.bin\ND2FNBAR.DLL
O2 - BHO: RXResultTracker Class - {59879FA4-4790-461c-A1CC-4EC4DE4CA483} - C:\Program Files\RXToolBar\sfcont.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: XBTP02634 - {F97DA966-F09D-4cab-BF29-75A0026986EA} - C:\PROGRA~1\BEARSH~3\BEARSH~2\MediaBar.dll
O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare applications\BearShare MediaBar\MediaBar.dll
O4 - HKLM…\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM…\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM…\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM…\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM…\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM…\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM…\Run: [semanticInsight] C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.exe
O4 - HKLM…\Run: [inCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM…\Run: [RemoteControl] “C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe”
O4 - HKLM…\Run: [LGODDFU] “C:\Program Files\lg_fwupdate\fwupdate.exe”
O4 - HKLM…\Run: [QuickTime Task] “C:\Program Files\QuickTime Alternative\qttask.exe” -atboottime
O4 - HKLM…\Run: [TkBellExe] “C:\Program Files\Common Files\Real\Update_OB\realsched.exe” -osboot
O4 - HKLM…\Run: [bearShare] “C:\Program Files\BearShare\BearShare.exe” /pause
O4 - HKLM…\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU…\Run: [Komunikator] “C:\Program Files\Tlen.pl\tlen.exe” --confdir=home
O4 - HKCU…\Run: [MyKeys] “C:\Program Files\mfk\MFK.EXE” /M
O4 - HKCU…\Run: [FreeCall] “C:\Program Files\FreeCall.com\FreeCall\FreeCall.exe” -nosplash -minimized
O4 - HKCU…\Run: [WengoPhoneNG] C:\Program Files\WengoPhone\qtwengophone.exe -b
O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Search - http://kn.bar.need2find.com/KN/menusearch.html?p=KN
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O17 - HKLM\System\CCS\Services\Tcpip…{1AD2D254-63B8-48FE-B983-512F775E25EB}: NameServer = 194.204.159.1,194.204.152.34
O17 - HKLM\System\CCS\Services\Tcpip…{906E4B9C-8406-47F3-8927-18D84AF0CEAB}: NameServer = 194.204.159.1,194.204.152.34
O17 - HKLM\System\CCS\Services\Tcpip…{96B2E690-D7C1-4F0C-AA0E-E710F74A0A87}: NameServer = 194.204.159.1,194.204.152.34
O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - C:\Program Files\RXToolBar\sfcont.dll
O20 - Winlogon Notify: WgaLogon - WgaLogon.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
W tamtym temacie znajduje się opis, a logi wkleja się do osobnych, własnych tematów na forum.
Nie trzymaj hijacka w TEMPie - umieść go np. na pulpicie.
Foldery usuń ręcznie w trybie awaryjnym, a wpisy w hjt.
Po wykonaniu proszę pokazać nowy log z HijackThis plus z SilentRunners
C:\Program Files\RXToolBar\sfcont.dll —> tego tu nie ma :|:|
Logi:
Logfile of HijackThis v1.99.1
Scan saved at 22:36:49, on 05-01-2007
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Gry\Pulpit\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.bearshare.com/sidebar.html?src=ssb
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.bearshare.com/pl/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare applications\BearShare MediaBar\MediaBar.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Need2Find Bar BHO - {4D1C4E81-A32A-416b-BCDB-33B3EF3617D3} - C:\Program Files\Need2Find\bar\1.bin\ND2FNBAR.DLL (file missing)
O2 - BHO: RXResultTracker Class - {59879FA4-4790-461c-A1CC-4EC4DE4CA483} - C:\Program Files\RXToolBar\sfcont.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: XBTP02634 - {F97DA966-F09D-4cab-BF29-75A0026986EA} - C:\PROGRA~1\BEARSH~3\BEARSH~2\MediaBar.dll (file missing)
O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare applications\BearShare MediaBar\MediaBar.dll (file missing)
O4 - HKLM…\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM…\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM…\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM…\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM…\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM…\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM…\Run: [semanticInsight] C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.exe
O4 - HKLM…\Run: [inCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM…\Run: [RemoteControl] “C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe”
O4 - HKLM…\Run: [LGODDFU] “C:\Program Files\lg_fwupdate\fwupdate.exe”
O4 - HKLM…\Run: [QuickTime Task] “C:\Program Files\QuickTime Alternative\qttask.exe” -atboottime
O4 - HKLM…\Run: [TkBellExe] “C:\Program Files\Common Files\Real\Update_OB\realsched.exe” -osboot
O4 - HKLM…\Run: [bearShare] “C:\Program Files\BearShare\BearShare.exe” /pause
O4 - HKLM…\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU…\Run: [Komunikator] “C:\Program Files\Tlen.pl\tlen.exe” --confdir=home
O4 - HKCU…\Run: [MyKeys] “C:\Program Files\mfk\MFK.EXE” /M
O4 - HKCU…\Run: [FreeCall] “C:\Program Files\FreeCall.com\FreeCall\FreeCall.exe” -nosplash -minimized
O4 - HKCU…\Run: [WengoPhoneNG] C:\Program Files\WengoPhone\qtwengophone.exe -b
O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Search - http://kn.bar.need2find.com/KN/menusearch.html?p=KN
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O17 - HKLM\System\CCS\Services\Tcpip…{1AD2D254-63B8-48FE-B983-512F775E25EB}: NameServer = 194.204.159.1,194.204.152.34
O17 - HKLM\System\CCS\Services\Tcpip…{906E4B9C-8406-47F3-8927-18D84AF0CEAB}: NameServer = 194.204.159.1,194.204.152.34
O17 - HKLM\System\CCS\Services\Tcpip…{96B2E690-D7C1-4F0C-AA0E-E710F74A0A87}: NameServer = 194.204.159.1,194.204.152.34
O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - C:\Program Files\RXToolBar\sfcont.dll
O20 - Winlogon Notify: WgaLogon - WgaLogon.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
i z tego 2 programiku:
“Silent Runners.vbs”, revision 49, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by “{++}”
Startup items buried in registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
“CTFMON.EXE” = “C:\WINDOWS\system32\ctfmon.exe” [MS]
“PowerBar” = “(empty string)” [file not found]
“Komunikator” = ““C:\Program Files\Tlen.pl\tlen.exe” --confdir=home” [file not found]
“MyKeys” = ““C:\Program Files\mfk\MFK.EXE” /M” [file not found]
“FreeCall” = ““C:\Program Files\FreeCall.com\FreeCall\FreeCall.exe” -nosplash -minimized” [file not found]
“WengoPhoneNG” = “C:\Program Files\WengoPhone\qtwengophone.exe -b” [file not found]
“Gadu-Gadu” = ““C:\Program Files\Gadu-Gadu\gg.exe” /tray” [“Gadu-Gadu S.A.”]
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
“Cmaudio” = “RunDll32 cmicnfg.cpl,CMICtrlWnd” [MS]
“AVG7_CC” = “C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP” [“GRISOFT, s.r.o.”]
“AVG7_EMC” = “C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe” [“GRISOFT, s.r.o.”]
“NeroFilterCheck” = “C:\WINDOWS\system32\NeroCheck.exe” [“Ahead Software Gmbh”]
“HPDJ Taskbar Utility” = “C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe” [“HP”]
“SunJavaUpdateSched” = “C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe” [“Sun Microsystems, Inc.”]
“SemanticInsight” = “C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.exe” [file not found]
“CorelDRAW Graphics Suite 11b” = “(empty string)” [file not found]
“InCD” = “C:\Program Files\Ahead\InCD\InCD.exe” [“Nero AG”]
“RemoteControl” = ““C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe”” [“Cyberlink Corp.”]
“LGODDFU” = ““C:\Program Files\lg_fwupdate\fwupdate.exe”” [null data]
“QuickTime Task” = ““C:\Program Files\QuickTime Alternative\qttask.exe” -atboottime” [“Apple Computer, Inc.”]
“TkBellExe” = ““C:\Program Files\Common Files\Real\Update_OB\realsched.exe” -osboot” [“RealNetworks, Inc.”]
“BearShare” = ““C:\Program Files\BearShare\BearShare.exe” /pause” [“Free Peers, Inc.”]
“WinampAgent” = “C:\Program Files\Winamp\winampa.exe” [null data]
“AT-Watch” = “(empty string)” [file not found]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided)
-> {HKLM…CLSID} = “AcroIEHlprObj Class”
\InProcServer32(Default) = “C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll” [“Adobe Systems Incorporated”]
{4D1C4E81-A32A-416b-BCDB-33B3EF3617D3}(Default) = (no title provided)
-> {HKLM…CLSID} = “Need2Find Bar BHO”
\InProcServer32(Default) = “C:\Program Files\Need2Find\bar\1.bin\ND2FNBAR.DLL” [file not found]
{59879FA4-4790-461c-A1CC-4EC4DE4CA483}(Default) = (no title provided)
-> {HKLM…CLSID} = “RXResultTracker Class”
\InProcServer32(Default) = “C:\Program Files\RXToolBar\sfcont.dll” [file not found]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}(Default) = (no title provided)
-> {HKLM…CLSID} = “SSVHelper Class”
\InProcServer32(Default) = “C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll” [“Sun Microsystems, Inc.”]
{F97DA966-F09D-4cab-BF29-75A0026986EA}(Default) = “XBTP02634”
-> {HKLM…CLSID} = “XBTP02634 Class”
\InProcServer32(Default) = “C:\PROGRA~1\BEARSH~3\BEARSH~2\MediaBar.dll” [file not found]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
“{42071714-76d4-11d1-8b24-00a0c9068ff3}” = “Rozszerzenie CPL kadrowania wyświetlania”
-> {HKLM…CLSID} = “Rozszerzenie CPL kadrowania wyświetlania”
\InProcServer32(Default) = “deskpan.dll” [file not found]
“{88895560-9AA2-1069-930E-00AA0030EBC8}” = “Rozszerzenie ikony HyperTerminalu”
-> {HKLM…CLSID} = “HyperTerminal Icon Ext”
\InProcServer32(Default) = “C:\WINDOWS\system32\hticons.dll” [“Hilgraeve, Inc.”]
“{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}” = “AVG7 Shell Extension”
-> {HKLM…CLSID} = “AVG7 Shell Extension Class”
\InProcServer32(Default) = “C:\Program Files\Grisoft\AVG Free\avgse.dll” [“GRISOFT, s.r.o.”]
“{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}” = “AVG7 Find Extension”
-> {HKLM…CLSID} = “AVG7 Find Extension Class”
\InProcServer32(Default) = “C:\Program Files\Grisoft\AVG Free\avgse.dll” [“GRISOFT, s.r.o.”]
“{23170F69-40C1-278A-1000-000100020000}” = “7-Zip Shell Extension”
-> {HKLM…CLSID} = “7-Zip Shell Extension”
\InProcServer32(Default) = “C:\Program Files\7-Zip\7-zip.dll” [“Igor Pavlov”]
“{0006F045-0000-0000-C000-000000000046}” = “Microsoft Outlook Custom Icon Handler”
-> {HKLM…CLSID} = “Rozszerzenie ikon plików programu Outlook”
\InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\Office\OLKFSTUB.DLL” [MS]
“{950FF917-7A57-46BC-8017-59D9BF474000}” = “Shell Extension for CDRW”
-> {HKLM…CLSID} = “Shell Extension for CDRW”
\InProcServer32(Default) = “C:\Program Files\Ahead\InCD\incdshx.dll” [“Nero AG”]
“{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}” = “Shell Extensions for RealOne Player”
-> {HKLM…CLSID} = “RealOne Player Context Menu Class”
\InProcServer32(Default) = “C:\Program Files\Real\RealPlayer\rpshell.dll” [“RealNetworks, Inc.”]
“{B41DB860-8EE4-11D2-9906-E49FADC173CA}” = “WinRAR shell extension”
-> {HKLM…CLSID} = “WinRAR”
\InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data]
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
<> AtiExtEvent\DLLName = “Ati2evxx.dll” [“ATI Technologies Inc.”]
HKLM\Software\Classes\PROTOCOLS\Filter\
<> text/html\CLSID = “{2AB289AE-4B90-4281-B2AE-1F4BB034B647}”
-> {HKLM…CLSID} = “RXResultFilter Class”
\InProcServer32(Default) = “C:\Program Files\RXToolBar\sfcont.dll” [file not found]
HKLM\Software\Classes*\shellex\ContextMenuHandlers\
7-Zip(Default) = “{23170F69-40C1-278A-1000-000100020000}”
-> {HKLM…CLSID} = “7-Zip Shell Extension”
\InProcServer32(Default) = “C:\Program Files\7-Zip\7-zip.dll” [“Igor Pavlov”]
AVG7 Shell Extension(Default) = “{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}”
-> {HKLM…CLSID} = “AVG7 Shell Extension Class”
\InProcServer32(Default) = “C:\Program Files\Grisoft\AVG Free\avgse.dll” [“GRISOFT, s.r.o.”]
WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}”
-> {HKLM…CLSID} = “WinRAR”
\InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data]
HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
7-Zip(Default) = “{23170F69-40C1-278A-1000-000100020000}”
-> {HKLM…CLSID} = “7-Zip Shell Extension”
\InProcServer32(Default) = “C:\Program Files\7-Zip\7-zip.dll” [“Igor Pavlov”]
WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}”
-> {HKLM…CLSID} = “WinRAR”
\InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data]
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
AVG7 Shell Extension(Default) = “{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}”
-> {HKLM…CLSID} = “AVG7 Shell Extension Class”
\InProcServer32(Default) = “C:\Program Files\Grisoft\AVG Free\avgse.dll” [“GRISOFT, s.r.o.”]
WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}”
-> {HKLM…CLSID} = “WinRAR”
\InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data]
Group Policies {GPedit.msc branch and setting}:
Note: detected settings may not have any effect.
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
“NoControlPanel” = (REG_DWORD) hex:0x00000000
{unrecognized setting}
HKCU\Software\Policies\Microsoft\Windows\System\
“DisableCMD” = (REG_DWORD) hex:0x00000000
{User Configuration|Administrative Templates|System|
Disable the command prompt}
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\
“shutdownwithoutlogon” = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}
“undockwithoutlogon” = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}
Active Desktop and Wallpaper:
Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
“Wallpaper” = “C:\WINDOWS\system32\config\systemprofile\Pulpit\moje\Laski 3D2.bmp”
Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
“Wallpaper” = “C:\Documents and Settings\Gry\Pulpit\moje\Laski 3D2.bmp”
Enabled Screen Saver:
HKCU\Control Panel\Desktop\
“SCRNSAVE.EXE” = “C:\WINDOWS\system32\ssstars.scr” [MS]
Startup items in “Gry” & “All Users” startup folders:
C:\Documents and Settings\All Users\Menu Start\Programy\Autostart
“Microsoft Office” -> shortcut to: “C:\Program Files\Microsoft Office\Office\OSA9.EXE -b -l” [MS]
Enabled Scheduled Tasks:
“AppleSoftwareUpdate” -> launches: “C:\Program Files\Apple Software Update\SoftwareUpdate.exe -Task” [“Apple Computer, Inc.”]
Winsock2 Service Provider DLLs:
Namespace Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS]
000000000002\LibraryPath = “%SystemRoot%\System32\winrnr.dll” [MS]
000000000003\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS]
Transport Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 20
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05
Toolbars, Explorer Bars, Extensions:
Toolbars
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
“{D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A}”
-> {HKLM…CLSID} = “BearShare MediaBar”
\InProcServer32(Default) = “C:\Program Files\BearShare applications\BearShare MediaBar\MediaBar.dll” [file not found]
HKLM\Software\Microsoft\Internet Explorer\Toolbar\
“{D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A}” = (no title provided)
-> {HKLM…CLSID} = “BearShare MediaBar”
\InProcServer32(Default) = “C:\Program Files\BearShare applications\BearShare MediaBar\MediaBar.dll” [file not found]
Extensions (Tools menu items, main toolbar menu buttons)
HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
“MenuText” = “Sun Java Console”
“CLSIDExtension” = “{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}”
-> {HKCU…CLSID} = “Java Plug-in”
\InProcServer32(Default) = “C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll” [“Sun Microsystems, Inc.”]
-> {HKLM…CLSID} = “Java Plug-in 1.5.0_06”
\InProcServer32(Default) = “C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll” [“Sun Microsystems, Inc.”]
{FB5F1910-F110-11D2-BB9E-00C04F795683}\
“ButtonText” = “Messenger”
“MenuText” = “Windows Messenger”
“Exec” = “C:\Program Files\Messenger\msmsgs.exe” [MS]
Miscellaneous IE Hijack Points
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\
<> “{D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A}” = (no title provided)
-> {HKLM…CLSID} = “BearShare MediaBar”
\InProcServer32(Default) = “C:\Program Files\BearShare applications\BearShare MediaBar\MediaBar.dll” [file not found]
Running Services (Display Name, Service Name, Path {Service DLL}):
Ati HotKey Poller, Ati HotKey Poller, “C:\WINDOWS\system32\Ati2evxx.exe” [“ATI Technologies Inc.”]
AVG7 Alert Manager Server, Avg7Alrt, “C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe” [“GRISOFT, s.r.o.”]
AVG7 Update Service, Avg7UpdSvc, “C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe” [“GRISOFT, s.r.o.”]
BlueSoleil Hid Service, BlueSoleil Hid Service, “C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe” [null data]
Canon Camera Access Library 8, CCALib8, “C:\Program Files\Canon\CAL\CALMAIN.exe” [“Canon Inc.”]
InCD Helper, InCDsrv, “C:\Program Files\Ahead\InCD\InCDsrv.exe” [“Nero AG”]
LightScribeService Direct Disc Labeling Service, LightScribeService, ““C:\Program Files\Common Files\LightScribe\LSSrvc.exe”” [“Hewlett-Packard Company”]
Windows User Mode Driver Framework, UMWdf, “C:\WINDOWS\system32\wdfmgr.exe” [MS]
Print Monitors:
HKLM\System\CurrentControlSet\Control\Print\Monitors\
hpzsnt05\Driver = “hpzsnt05.dll” [“HP”]
<>: Suspicious data at a malware launch point.
<>: Suspicious data at a browser hijack point.
-
This report excludes default entries except where indicated.
-
To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
- The search for DESKTOP.INI DLL launch points on all local fixed drives
took 59 seconds.
---------- (total run time: 135 seconds)
Otwórz Notatnik i wklej w nim to:
Plik >>> Zapisz jako >>> Zmień rozszerzenie z TXT na Wszystkie pliki >>> Zapisz pod nazwą FIX.REG i uruchom go w trybie awaryjnym.
Usuń w hjt.
Po wykonaniu wklej nowe logi.
Logfile of HijackThis v1.99.1
Scan saved at 23:15:26, on 05-01-2007
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Gry\Pulpit\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.bearshare.com/sidebar.html?src=ssb
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.bearshare.com/pl/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM…\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM…\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM…\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM…\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM…\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM…\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM…\Run: [inCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM…\Run: [RemoteControl] “C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe”
O4 - HKLM…\Run: [LGODDFU] “C:\Program Files\lg_fwupdate\fwupdate.exe”
O4 - HKLM…\Run: [QuickTime Task] “C:\Program Files\QuickTime Alternative\qttask.exe” -atboottime
O4 - HKLM…\Run: [TkBellExe] “C:\Program Files\Common Files\Real\Update_OB\realsched.exe” -osboot
O4 - HKLM…\Run: [bearShare] “C:\Program Files\BearShare\BearShare.exe” /pause
O4 - HKLM…\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Search - http://kn.bar.need2find.com/KN/menusearch.html?p=KN
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O17 - HKLM\System\CCS\Services\Tcpip…{1AD2D254-63B8-48FE-B983-512F775E25EB}: NameServer = 194.204.159.1,194.204.152.34
O17 - HKLM\System\CCS\Services\Tcpip…{906E4B9C-8406-47F3-8927-18D84AF0CEAB}: NameServer = 194.204.159.1,194.204.152.34
O17 - HKLM\System\CCS\Services\Tcpip…{96B2E690-D7C1-4F0C-AA0E-E710F74A0A87}: NameServer = 194.204.159.1,194.204.152.34
O20 - Winlogon Notify: WgaLogon - WgaLogon.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
oraz
“Silent Runners.vbs”, revision 49, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by “{++}”
Startup items buried in registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
“CTFMON.EXE” = “C:\WINDOWS\system32\ctfmon.exe” [MS]
“Gadu-Gadu” = ““C:\Program Files\Gadu-Gadu\gg.exe” /tray” [“Gadu-Gadu S.A.”]
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
“Cmaudio” = “RunDll32 cmicnfg.cpl,CMICtrlWnd” [MS]
“AVG7_CC” = “C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP” [“GRISOFT, s.r.o.”]
“AVG7_EMC” = “C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe” [“GRISOFT, s.r.o.”]
“NeroFilterCheck” = “C:\WINDOWS\system32\NeroCheck.exe” [“Ahead Software Gmbh”]
“HPDJ Taskbar Utility” = “C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe” [“HP”]
“SunJavaUpdateSched” = “C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe” [“Sun Microsystems, Inc.”]
“CorelDRAW Graphics Suite 11b” = “(empty string)” [file not found]
“InCD” = “C:\Program Files\Ahead\InCD\InCD.exe” [“Nero AG”]
“RemoteControl” = ““C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe”” [“Cyberlink Corp.”]
“LGODDFU” = ““C:\Program Files\lg_fwupdate\fwupdate.exe”” [null data]
“QuickTime Task” = ““C:\Program Files\QuickTime Alternative\qttask.exe” -atboottime” [“Apple Computer, Inc.”]
“TkBellExe” = ““C:\Program Files\Common Files\Real\Update_OB\realsched.exe” -osboot” [“RealNetworks, Inc.”]
“BearShare” = ““C:\Program Files\BearShare\BearShare.exe” /pause” [“Free Peers, Inc.”]
“WinampAgent” = “C:\Program Files\Winamp\winampa.exe” [null data]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided)
-> {HKLM…CLSID} = “AcroIEHlprObj Class”
\InProcServer32(Default) = “C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll” [“Adobe Systems Incorporated”]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}(Default) = (no title provided)
-> {HKLM…CLSID} = “SSVHelper Class”
\InProcServer32(Default) = “C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll” [“Sun Microsystems, Inc.”]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
“{42071714-76d4-11d1-8b24-00a0c9068ff3}” = “Rozszerzenie CPL kadrowania wyświetlania”
-> {HKLM…CLSID} = “Rozszerzenie CPL kadrowania wyświetlania”
\InProcServer32(Default) = “deskpan.dll” [file not found]
“{88895560-9AA2-1069-930E-00AA0030EBC8}” = “Rozszerzenie ikony HyperTerminalu”
-> {HKLM…CLSID} = “HyperTerminal Icon Ext”
\InProcServer32(Default) = “C:\WINDOWS\system32\hticons.dll” [“Hilgraeve, Inc.”]
“{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}” = “AVG7 Shell Extension”
-> {HKLM…CLSID} = “AVG7 Shell Extension Class”
\InProcServer32(Default) = “C:\Program Files\Grisoft\AVG Free\avgse.dll” [“GRISOFT, s.r.o.”]
“{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}” = “AVG7 Find Extension”
-> {HKLM…CLSID} = “AVG7 Find Extension Class”
\InProcServer32(Default) = “C:\Program Files\Grisoft\AVG Free\avgse.dll” [“GRISOFT, s.r.o.”]
“{23170F69-40C1-278A-1000-000100020000}” = “7-Zip Shell Extension”
-> {HKLM…CLSID} = “7-Zip Shell Extension”
\InProcServer32(Default) = “C:\Program Files\7-Zip\7-zip.dll” [“Igor Pavlov”]
“{0006F045-0000-0000-C000-000000000046}” = “Microsoft Outlook Custom Icon Handler”
-> {HKLM…CLSID} = “Rozszerzenie ikon plików programu Outlook”
\InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\Office\OLKFSTUB.DLL” [MS]
“{950FF917-7A57-46BC-8017-59D9BF474000}” = “Shell Extension for CDRW”
-> {HKLM…CLSID} = “Shell Extension for CDRW”
\InProcServer32(Default) = “C:\Program Files\Ahead\InCD\incdshx.dll” [“Nero AG”]
“{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}” = “Shell Extensions for RealOne Player”
-> {HKLM…CLSID} = “RealOne Player Context Menu Class”
\InProcServer32(Default) = “C:\Program Files\Real\RealPlayer\rpshell.dll” [“RealNetworks, Inc.”]
“{B41DB860-8EE4-11D2-9906-E49FADC173CA}” = “WinRAR shell extension”
-> {HKLM…CLSID} = “WinRAR”
\InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data]
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
<> AtiExtEvent\DLLName = “Ati2evxx.dll” [“ATI Technologies Inc.”]
HKLM\Software\Classes*\shellex\ContextMenuHandlers\
7-Zip(Default) = “{23170F69-40C1-278A-1000-000100020000}”
-> {HKLM…CLSID} = “7-Zip Shell Extension”
\InProcServer32(Default) = “C:\Program Files\7-Zip\7-zip.dll” [“Igor Pavlov”]
AVG7 Shell Extension(Default) = “{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}”
-> {HKLM…CLSID} = “AVG7 Shell Extension Class”
\InProcServer32(Default) = “C:\Program Files\Grisoft\AVG Free\avgse.dll” [“GRISOFT, s.r.o.”]
WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}”
-> {HKLM…CLSID} = “WinRAR”
\InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data]
HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
7-Zip(Default) = “{23170F69-40C1-278A-1000-000100020000}”
-> {HKLM…CLSID} = “7-Zip Shell Extension”
\InProcServer32(Default) = “C:\Program Files\7-Zip\7-zip.dll” [“Igor Pavlov”]
WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}”
-> {HKLM…CLSID} = “WinRAR”
\InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data]
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
AVG7 Shell Extension(Default) = “{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}”
-> {HKLM…CLSID} = “AVG7 Shell Extension Class”
\InProcServer32(Default) = “C:\Program Files\Grisoft\AVG Free\avgse.dll” [“GRISOFT, s.r.o.”]
WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}”
-> {HKLM…CLSID} = “WinRAR”
\InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data]
Group Policies {GPedit.msc branch and setting}:
Note: detected settings may not have any effect.
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
“NoControlPanel” = (REG_DWORD) hex:0x00000000
{unrecognized setting}
HKCU\Software\Policies\Microsoft\Windows\System\
“DisableCMD” = (REG_DWORD) hex:0x00000000
{User Configuration|Administrative Templates|System|
Disable the command prompt}
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\
“shutdownwithoutlogon” = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}
“undockwithoutlogon” = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}
Active Desktop and Wallpaper:
Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
“Wallpaper” = “C:\WINDOWS\system32\config\systemprofile\Pulpit\moje\Laski 3D2.bmp”
Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
“Wallpaper” = “C:\Documents and Settings\Gry\Pulpit\moje\Laski 3D2.bmp”
Enabled Screen Saver:
HKCU\Control Panel\Desktop\
“SCRNSAVE.EXE” = “C:\WINDOWS\system32\ssstars.scr” [MS]
Startup items in “Gry” & “All Users” startup folders:
C:\Documents and Settings\All Users\Menu Start\Programy\Autostart
“Microsoft Office” -> shortcut to: “C:\Program Files\Microsoft Office\Office\OSA9.EXE -b -l” [MS]
Enabled Scheduled Tasks:
“AppleSoftwareUpdate” -> launches: “C:\Program Files\Apple Software Update\SoftwareUpdate.exe -Task” [“Apple Computer, Inc.”]
Winsock2 Service Provider DLLs:
Namespace Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS]
000000000002\LibraryPath = “%SystemRoot%\System32\winrnr.dll” [MS]
000000000003\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS]
Transport Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 20
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05
Toolbars, Explorer Bars, Extensions:
Extensions (Tools menu items, main toolbar menu buttons)
HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
“MenuText” = “Sun Java Console”
“CLSIDExtension” = “{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}”
-> {HKCU…CLSID} = “Java Plug-in”
\InProcServer32(Default) = “C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll” [“Sun Microsystems, Inc.”]
-> {HKLM…CLSID} = “Java Plug-in 1.5.0_06”
\InProcServer32(Default) = “C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll” [“Sun Microsystems, Inc.”]
{FB5F1910-F110-11D2-BB9E-00C04F795683}\
“ButtonText” = “Messenger”
“MenuText” = “Windows Messenger”
“Exec” = “C:\Program Files\Messenger\msmsgs.exe” [MS]
Running Services (Display Name, Service Name, Path {Service DLL}):
Ati HotKey Poller, Ati HotKey Poller, “C:\WINDOWS\system32\Ati2evxx.exe” [“ATI Technologies Inc.”]
AVG7 Alert Manager Server, Avg7Alrt, “C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe” [“GRISOFT, s.r.o.”]
AVG7 Update Service, Avg7UpdSvc, “C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe” [“GRISOFT, s.r.o.”]
BlueSoleil Hid Service, BlueSoleil Hid Service, “C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe” [null data]
Canon Camera Access Library 8, CCALib8, “C:\Program Files\Canon\CAL\CALMAIN.exe” [“Canon Inc.”]
InCD Helper, InCDsrv, “C:\Program Files\Ahead\InCD\InCDsrv.exe” [“Nero AG”]
LightScribeService Direct Disc Labeling Service, LightScribeService, ““C:\Program Files\Common Files\LightScribe\LSSrvc.exe”” [“Hewlett-Packard Company”]
Windows User Mode Driver Framework, UMWdf, “C:\WINDOWS\system32\wdfmgr.exe” [MS]
Print Monitors:
HKLM\System\CurrentControlSet\Control\Print\Monitors\
hpzsnt05\Driver = “hpzsnt05.dll” [“HP”]
<>: Suspicious data at a malware launch point.
-
This report excludes default entries except where indicated.
-
To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
- The search for DESKTOP.INI DLL launch points on all local fixed drives
took 51 seconds.
---------- (total run time: 100 seconds)
Usuń w hjt.
Po wykonaniu możesz pokazać nowy log z hijacka.
Logfile of HijackThis v1.99.1
Scan saved at 23:26:32, on 05-01-2007
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Gry\Pulpit\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.bearshare.com/pl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM…\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM…\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM…\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM…\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM…\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM…\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM…\Run: [inCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM…\Run: [RemoteControl] “C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe”
O4 - HKLM…\Run: [LGODDFU] “C:\Program Files\lg_fwupdate\fwupdate.exe”
O4 - HKLM…\Run: [QuickTime Task] “C:\Program Files\QuickTime Alternative\qttask.exe” -atboottime
O4 - HKLM…\Run: [TkBellExe] “C:\Program Files\Common Files\Real\Update_OB\realsched.exe” -osboot
O4 - HKLM…\Run: [bearShare] “C:\Program Files\BearShare\BearShare.exe” /pause
O4 - HKLM…\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O17 - HKLM\System\CCS\Services\Tcpip…{1AD2D254-63B8-48FE-B983-512F775E25EB}: NameServer = 194.204.159.1,194.204.152.34
O17 - HKLM\System\CCS\Services\Tcpip…{906E4B9C-8406-47F3-8927-18D84AF0CEAB}: NameServer = 194.204.159.1,194.204.152.34
O17 - HKLM\System\CCS\Services\Tcpip…{96B2E690-D7C1-4F0C-AA0E-E710F74A0A87}: NameServer = 194.204.159.1,194.204.152.34
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
Dziękuje za pomoc. Co u mnie właściwie w kompie siedziało ??
Miałeś kilka fałszywych, typu adware programów.
Ogólnie rzecz biorąc nie są one groźne, a mogły powodować wyświetlanie jakiś reklam czy były jako dodatkowy pasek w IE.
jezeli mozesz to zobacz jeszcze raz bo zrobilem to oczyszczanie systemu i tez cos sciagalem ui napisz czy moj system juz jest zdrowy
Logfile of HijackThis v1.99.1
Scan saved at 00:57:02, on 06-01-2007
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\BearShare\BearShare.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Gry\Pulpit\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.bearshare.com/pl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM…\Run: [bearShare] “C:\Program Files\BearShare\BearShare.exe” /pause
O4 - HKLM…\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O17 - HKLM\System\CCS\Services\Tcpip…{1AD2D254-63B8-48FE-B983-512F775E25EB}: NameServer = 194.204.159.1,194.204.152.34
O17 - HKLM\System\CCS\Services\Tcpip…{906E4B9C-8406-47F3-8927-18D84AF0CEAB}: NameServer = 194.204.159.1,194.204.152.34
O17 - HKLM\System\CCS\Services\Tcpip…{96B2E690-D7C1-4F0C-AA0E-E710F74A0A87}: NameServer = 194.204.159.1,194.204.152.34
yyy oczyszczanie systemu :o ? Wywaliłeś antywira, koniecznie jakiegoś zainstaluj.
Przeczyść rejestr jak już coś usuwasz > jv16 PowerTools 2006 1.5.2.344.
Log ok
A teraz:
Logfile of HijackThis v1.99.1
Scan saved at 01:19:36, on 06-01-2007
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\BearShare\BearShare.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Grisoft\AVG Free\avgcc.exe
C:\Documents and Settings\Gry\Pulpit\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.bearshare.com/pl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM…\Run: [bearShare] “C:\Program Files\BearShare\BearShare.exe” /pause
O4 - HKLM…\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O17 - HKLM\System\CCS\Services\Tcpip…{1AD2D254-63B8-48FE-B983-512F775E25EB}: NameServer = 194.204.159.1,194.204.152.34
O17 - HKLM\System\CCS\Services\Tcpip…{906E4B9C-8406-47F3-8927-18D84AF0CEAB}: NameServer = 194.204.159.1,194.204.152.34
O17 - HKLM\System\CCS\Services\Tcpip…{96B2E690-D7C1-4F0C-AA0E-E710F74A0A87}: NameServer = 194.204.159.1,194.204.152.34
Jest cały bo wywaliłeś wszystkie usługi. Nie wklejaj nowego loga, bo jest czysto
KONIECZNA instalacja antywirusa. Polecam bezpłatny Avira AntiVir Personal Edition Classic.