Wolny net

(Kaskada4) #1

Witam, u mnie generalnie wystepuje jeden problem pod tytulem wolno chodzacy internet. uzywam kaspersky internet security i zapory windowsa i nic niby nie wykrywaja… wklejam ponizej loga, bo podobno od dzisiaj nie mozna na wklejto. a i jeszcze mam windows vista oraz wczesniej juz usunelam program bearshare.

ComboFix 08-06-20.4 - Boska 2008-06-28 11:10:05.1 - NTFSx86

Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1250.1.1045.18.1105 [GMT 2:00]

Running from: C:\Users\Boska\Desktop\ComboFix.exe

* Created a new restore point

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Program Files\myglobalsearch

C:\Program Files\myglobalsearch\bar\1.bin\M9FFXTBR.JAR

C:\Program Files\myglobalsearch\bar\1.bin\M9FFXTBR.MANIFEST

C:\Program Files\myglobalsearch\bar\1.bin\M9NTSTBR.JAR

C:\Program Files\myglobalsearch\bar\1.bin\M9NTSTBR.MANIFEST

C:\Program Files\myglobalsearch\bar\1.bin\M9PLUGIN.DLL

C:\Program Files\myglobalsearch\bar\1.bin\MGSBAR.DLL

C:\Program Files\myglobalsearch\bar\1.bin\NPMYGLSH.DLL

C:\Program Files\myglobalsearch\bar\Cache\00109DB5

C:\Program Files\myglobalsearch\bar\Cache\0010A12E

C:\Program Files\myglobalsearch\bar\Cache\0010A2F2.bin

C:\Program Files\myglobalsearch\bar\Cache\0010A572.bin

C:\Program Files\myglobalsearch\bar\Cache\0010A708.bin

C:\Program Files\myglobalsearch\bar\Cache\files.ini

C:\Program Files\myglobalsearch\bar\History\search

C:\Program Files\myglobalsearch\bar\Settings\prevcfg.htm

C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat

C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat

C:\Windows\system32\KBL.LOG

----- BITS: Possible infected sites -----

hxxp://www.rssx.hp.com

.

((((((((((((((((((((((((( Files Created from 2008-05-28 to 2008-06-28 )))))))))))))))))))))))))))))))

.

2008-06-28 10:54 . 2008-06-28 10:54

2008-06-28 10:42 . 2008-06-28 10:42 2,560 --a------ C:\Windows_MSRSTRT.EXE

2008-06-27 12:23 . 2008-06-27 12:24

2008-06-14 10:22 . 2008-04-23 06:27 1,244,672 --a------ C:\Windows\System32\mcmde.dll

2008-06-14 10:22 . 2008-04-23 06:27 428,032 --a------ C:\Windows\System32\EncDec.dll

2008-06-14 10:22 . 2008-04-23 06:27 292,352 --a------ C:\Windows\System32\psisdecd.dll

2008-06-14 10:22 . 2008-04-23 06:26 218,624 --a------ C:\Windows\System32\psisrndr.ax

2008-06-14 10:22 . 2008-04-23 06:26 80,896 --a------ C:\Windows\System32\MSNP.ax

2008-06-14 10:22 . 2008-04-23 06:26 68,608 --a------ C:\Windows\System32\Mpeg2Data.ax

2008-06-14 10:22 . 2008-04-23 06:26 57,856 --a------ C:\Windows\System32\MSDvbNP.ax

2008-06-09 18:51 . 2008-06-09 18:51

2008-06-07 20:03 . 2008-06-07 20:03

2008-06-07 20:03 . 2008-06-07 20:03

2008-06-07 20:02 . 2008-06-07 20:03

2008-06-07 20:01 . 2008-06-07 20:02

2008-06-07 20:01 . 2008-06-07 20:02

2008-06-07 20:01 . 2008-06-07 20:01

2008-06-07 20:01 . 2008-06-07 20:01

2008-06-07 19:59 . 2008-06-07 19:59

2008-06-07 19:59 . 2008-06-07 19:59

2008-06-07 19:59 . 2008-06-07 19:59

2008-06-07 08:25 . 2008-06-07 08:25

2008-05-28 18:48 . 2008-06-28 10:43

2008-05-28 18:48 . 2008-06-11 15:53

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-06-28 09:14 84,248 --sha-w C:\Windows\system32\drivers\fidbox.idx

2008-06-28 09:14 6,132,256 --sha-w C:\Windows\system32\drivers\fidbox.dat

2008-06-28 08:44 --------- d-----w C:\ProgramData\Kaspersky Lab

2008-06-12 15:46 --------- d-----w C:\Program Files\Windows Mail

2008-06-11 11:53 --------- d-----w C:\ProgramData\Microsoft Help

2008-05-29 20:10 96,966 ----a-w C:\Windows\system32\drivers\klin.dat

2008-05-29 20:10 88,774 ----a-w C:\Windows\system32\drivers\klick.dat

2008-05-29 20:10 112,144 ----a-w C:\Windows\system32\drivers\kl1.sys

2008-05-24 16:57 --------- d-----w C:\ProgramData\CyberLink

2008-05-24 16:17 --------- d-----w C:\Program Files\Java

2008-05-23 19:14 54,784 ----a-w C:\Windows\system32\drivers\i8042prt.sys

2008-05-23 19:14 495,160 ----a-w C:\Windows\system32\drivers\Wdf01000.sys

2008-05-23 19:14 35,384 ----a-w C:\Windows\system32\drivers\WdfLdr.sys

2008-05-23 19:14 35,384 ----a-w C:\Windows\system32\drivers\kbdclass.sys

2008-05-23 19:14 34,360 ----a-w C:\Windows\system32\drivers\mouclass.sys

2008-05-23 19:14 19,968 ----a-w C:\Windows\system32\drivers\sermouse.sys

2008-05-23 19:14 15,872 ----a-w C:\Windows\system32\drivers\kbdhid.sys

2008-05-22 15:01 --------- d-----w C:\Program Files\Windows Sidebar

2008-05-22 14:53 28,344 ----a-w C:\Windows\system32\drivers\battc.sys

2008-05-22 14:53 258,232 ----a-w C:\Windows\system32\drivers\acpi.sys

2008-05-22 14:53 20,920 ----a-w C:\Windows\system32\drivers\compbatt.sys

2008-05-22 14:53 2,923,520 ----a-w C:\Windows\explorer.exe

2008-05-22 14:53 14,208 ----a-w C:\Windows\system32\drivers\CmBatt.sys

2008-05-22 14:53 11,264 ----a-w C:\Windows\system32\drivers\wmiacpi.sys

2008-05-22 14:52 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys

2008-05-22 14:51 41,984 ----a-w C:\Windows\system32\drivers\monitor.sys

2008-05-22 14:51 1,060,920 ----a-w C:\Windows\system32\drivers\ntfs.sys

2008-05-22 14:50 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys

2008-05-22 14:50 211,000 ----a-w C:\Windows\system32\drivers\volsnap.sys

2008-05-22 14:50 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys

2008-05-22 14:50 17,464 ----a-w C:\Windows\system32\drivers\intelide.sys

2008-05-22 14:50 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys

2008-05-22 14:50 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys

2008-05-22 14:49 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys

2008-05-22 14:49 216,632 ----a-w C:\Windows\system32\drivers\netio.sys

2008-05-22 14:47 84,992 ----a-w C:\Windows\system32\drivers\srvnet.sys

2008-05-22 14:47 58,368 ----a-w C:\Windows\system32\drivers\mrxsmb20.sys

2008-05-22 14:47 130,048 ----a-w C:\Windows\system32\drivers\srv2.sys

2008-05-22 14:47 101,888 ----a-w C:\Windows\system32\drivers\mrxsmb.sys

2008-05-22 14:45 --------- d-----w C:\Program Files\MSXML 4.0

2008-05-21 16:56 --------- d-----w C:\Program Files\TEXTware

2008-05-21 16:45 --------- d-----w C:\Program Files\Macmillan

2008-05-20 17:48 --------- d-----w C:\Program Files\Gadu-Gadu

2008-05-20 16:38 --------- d-----w C:\Program Files\Common Files\Symantec Shared

2008-05-20 16:32 --------- d-----w C:\Program Files\Kaspersky Lab

2008-05-20 16:28 --------- d-----w C:\ProgramData\Symantec

2008-05-16 19:22 --------- d-----w C:\Users\Boska\AppData\Roaming\CyberLink

2008-05-16 16:48 27,335 ----a-w C:\Users\Boska\AppData\Roaming\nvModes.dat

2008-05-16 16:46 --------- d-----w C:\Users\Boska\AppData\Roaming\HP

2008-05-16 16:46 --------- d-----w C:\ProgramData\HP

2008-05-16 16:42 --------- d-----w C:\Program Files\Microsoft Works

2008-05-16 16:41 --------- d-----w C:\Program Files\Microsoft.NET

2008-05-16 16:23 --------- d-----w C:\Users\Boska\AppData\Roaming\Symantec

2008-05-16 16:23 --------- d-----w C:\ProgramData\NVIDIA

2008-05-16 16:22 --------- d-----w C:\Users\Boska\AppData\Roaming\DigitalPersona

2008-05-16 16:21 --------- d-----w C:\Users\Boska\AppData\Roaming\Hewlett-Packard

2008-05-16 16:16 --------- d-----w C:\Program Files\MSN Messenger

2008-05-16 16:16 --------- d-----w C:\Program Files\HPQ

2008-05-16 16:16 --------- d-----w C:\Program Files\Common Files\LightScribe

2008-05-16 16:15 --------- d-----w C:\Users\Boska\AppData\Roaming\Macrovision

2008-05-16 16:15 --------- d-----w C:\Program Files\HP

2008-05-16 16:14 0 --sha-r C:\Windows\system32\drivers\103C_HP_cNB_Pavilion dv6700 Notebook PC_Y5335KV_0U_QCNF8104N0C_E459053-243_4A_I30D2_SQuanta_V79.29_F.51_T080226_WV3-0_L415_M2046_J250_7Intel_86FB_92.20_#071128_N10EC8136;80864222_(KG679EA#AKD)_XMOBILE_CN10_Z.MRK

2008-05-16 16:12 --------- d-sh–w C:\ProgramData\Ulubione

2008-05-16 16:12 --------- d-sh–w C:\ProgramData\Szablony

2008-05-16 16:12 --------- d-sh–w C:\ProgramData\Pulpit

2008-05-16 16:12 --------- d-sh–w C:\ProgramData\Menu Start

2008-05-16 16:12 --------- d-sh–w C:\ProgramData\Dokumenty

2008-05-16 16:12 --------- d-sh–w C:\ProgramData\Dane aplikacji

2008-05-10 01:21 113,664 ----a-w C:\Windows\system32\drivers\rmcast.sys

2008-04-29 01:42 29,184 ----a-w C:\Windows\system32\drivers\BTHUSB.SYS

2008-04-29 01:42 220,160 ----a-w C:\Windows\system32\drivers\bthport.sys

2008-04-29 01:42 19,456 ----a-w C:\Windows\system32\drivers\bthenum.sys

2008-04-25 04:23 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll

2007-11-28 03:28 174 --sha-w C:\Program Files\desktop.ini

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“Sidebar”=“C:\Program Files\Windows Sidebar\sidebar.exe” [2008-05-22 16:47 1232896]

“LightScribe Control Panel”=“C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe” [2007-08-23 17:36 455968]

“ehTray.exe”=“C:\Windows\ehome\ehTray.exe” [2006-11-02 14:35 125440]

“Gadu-Gadu”=“C:\Program Files\Gadu-Gadu\gg.exe” [2008-03-20 12:04 2127296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“NvSvc”=“C:\Windows\system32\nvsvc.dll” [2007-09-19 22:05 86016]

“NvCplDaemon”=“C:\Windows\system32\NvCpl.dll” [2007-09-19 22:05 8497696]

“NvMediaCenter”=“C:\Windows\system32\NvMcTray.dll” [2007-09-19 22:05 81920]

“SynTPStart”=“C:\Program Files\Synaptics\SynTP\SynTPStart.exe” [2007-09-15 10:29 102400]

“SMSERIAL”=“C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe” [2007-01-17 15:34 634880]

“RtHDVCpl”=“RtHDVCpl.exe” [2007-08-17 15:27 4702208 C:\Windows\RtHDVCpl.exe]

“IAAnotif”=“C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe” [2007-07-25 08:02 174616]

“QPService”=“C:\Program Files\HP\QuickPlay\QPService.exe” [2007-09-30 20:34 181544]

“QlbCtrl”=“C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe” [2007-09-19 15:31 202032]

“OnScreenDisplay”=“C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe” [2007-09-04 14:54 554320]

“UCam_Menu”=“C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe” [2007-08-17 00:13 218408]

“DpAgent”=“C:\Program Files\DigitalPersona\Bin\dpagent.exe” [2007-09-20 12:12 671744]

“HP Health Check Scheduler”="[ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" []

“hpWirelessAssistant”=“C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe” [2007-09-13 09:47 480560]

“WAWifiMessage”=“C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe” [2007-01-08 16:53 311296]

“SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe” [2008-02-22 04:25 144784]

“HP Software Update”=“C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe” [2005-02-16 23:11 49152]

“BearShare”=“C:\Program Files\BearShare\BearShare.exe” []

“QuickTime Task”=“C:\Program Files\QuickTime\QTTask.exe” [2008-03-28 23:37 413696]

“iTunesHelper”=“C:\Program Files\iTunes\iTunesHelper.exe” [2008-03-30 10:36 267048]

“Adobe Reader Speed Launcher”=“C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe” [2008-01-11 22:16 39792]

C:\Users\Boska\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Tworzenie wycink˘w ekranu i uruchamianie programu OneNote 2007.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 20:24:54 98632]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\

BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-09-05 14:09:54 727592]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

“msacm.l3codecp”= l3codecp.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

“DisableMonitoring”=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]

“DisableMonitoring”=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

“DisableMonitoring”=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

“DisableMonitoring”=dword:00000001

[HKLM~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

“{5F745DD9-58E3-425A-A0F9-1E92F3B773B8}”= C:\Program Files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector

“{6E446FD3-EF03-407F-9490-5D56E2BFB871}”= C:\Program Files\HP\QuickPlay\QP.exe:Quick Play

“{E1E4BA3B-7A73-483B-A05F-A2905542B09F}”= C:\Program Files\HP\QuickPlay\QPService.exe:Quick Play Resident Program

“{4F8B1A93-EBA4-448A-BA7C-73FF2CEDB28F}”= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)

“{CE1ADDDB-50F7-474F-80FA-C37C8FBB3CDB}”= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

“{85932898-083A-4236-B50B-A68E776802DB}”= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

“TCP Query User{9DA7B880-E2BD-4BAE-AE60-E1FAE4203ADF}C:\program files\bearshare\bearshare.exe”= UDP:C:\program files\bearshare\bearshare.exe:BearShare

“UDP Query User{7EF5562E-D343-415A-B443-64F346DDDEC1}C:\program files\bearshare\bearshare.exe”= TCP:C:\program files\bearshare\bearshare.exe:BearShare

“{2400902F-3DEC-4D34-83E9-1FB54EF9BADD}”= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour

“{3C1E64A5-AF99-4D49-997D-6CBEE8184FEA}”= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour

“{B7570309-2FAB-46DE-99CA-FE0AF71B9721}”= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes

“{ECEDF0BA-EEF4-47A0-BE3D-789379B668C8}”= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes

[HKLM~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]

“DFSR-1”= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\system32\DRIVERS\klim6.sys [2007-04-04 14:59]

R2 QPCapSvc;QuickPlay Background Capture Service (QBCS);“C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe” [2007-09-30 20:34]

R2 QPSched;QuickPlay Task Scheduler (QTS);“C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe” [2007-09-30 20:34]

R3 btwaudio;Urz1dzenie dYwiekowe Bluetooth;C:\Windows\system32\drivers\btwaudio.sys [2007-09-18 15:12]

R3 btwavdt;Bluetooth AVDT;C:\Windows\system32\drivers\btwavdt.sys [2007-09-18 15:12]

R3 btwrchid;btwrchid;C:\Windows\system32\DRIVERS\btwrchid.sys [2007-09-18 15:12]

R3 HpqRemHid;HP Remote Control HID Device;C:\Windows\system32\DRIVERS\HpqRemHid.sys [2007-07-11 11:30]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

bthsvcs REG_MULTI_SZ BthServ

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

“C:\Program Files\Common Files\LightScribe\LSRunOnce.exe”

.

Contents of the ‘Scheduled Tasks’ folder

“2008-06-28 07:26:30 C:\Windows\Tasks\User_Feed_Synchronization-{455EC601-67FB-41DD-96CC-B48A1B732DBE}.job”

  • C:\Windows\system32\msfeedssync.exe

.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-06-28 11:16:41

Windows 6.0.6000 NTFS

scanning hidden processes …

scanning hidden autostart entries …

scanning hidden files …

scan completed successfully

hidden files: 0

**************************************************************************

.

------------------------ Other Running Processes ------------------------

.

C:\Windows\System32\audiodg.exe

C:\Program Files\DigitalPersona\Bin\DpHostW.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\CyberLink\Shared Files\RichVideo.exe

C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe

C:\Windows\System32\conime.exe

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe

C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe

C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe

C:\Windows\System32\wbem\WMIADAP.exe

.

**************************************************************************

.

Completion time: 2008-06-28 11:21:12 - machine was rebooted

ComboFix-quarantined-files.txt 2008-06-28 09:20:51

Pre-Run: 182,631,219,200 bajtów wolnych

Post-Run: 182,273,400,832 bajt˘w wolnych

249 — E O F — 2008-06-27 12:21:03

(huber2t) #2

Log ok czy sa jakieś problemy?

(Kaskada4) #3

problem jest generalnie jeden, internet mi wolno chodzi. mam w domu siec bezprzewodowa zalozona na neostradzie 2MB. na drugim kompie raczej sie nic nie sciaga duzego, wiec nie powinno byc problemow z obciazeniem sieci

(huber2t) #4

Pokaż log z hijackthis

(Kaskada4) #5

Logfile of HijackThis v1.99.1

Scan saved at 15:26:58, on 2008-06-28

Platform: Unknown Windows (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16681)

Running processes:

C:\Program Files\DigitalPersona\Bin\DpAgent.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Synaptics\SynTP\SynTPStart.exe

C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Program Files\HP\QuickPlay\QPService.exe

C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe

C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

C:\Windows\ehome\ehmsas.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe

C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe

C:\Windows\Explorer.exe

C:\Program Files\Gadu-Gadu\gg.exe

C:\PROGRA~1\MOZILL~1\FIREFOX.EXE

C:\Users\Boska\AppData\Local\Temp\Temp1_hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= … &pf=laptop

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= … &pf=laptop

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)

O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL (file missing)

O4 - HKLM…\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart

O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM…\Run: [synTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe

O4 - HKLM…\Run: [sMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe

O4 - HKLM…\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM…\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe

O4 - HKLM…\Run: [QPService] “C:\Program Files\HP\QuickPlay\QPService.exe”

O4 - HKLM…\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

O4 - HKLM…\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe

O4 - HKLM…\Run: [uCam_Menu] “C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe” “C:\Program Files\CyberLink\YouCam” update “Software\CyberLink\YouCam\1.0”

O4 - HKLM…\Run: [DpAgent] C:\Program Files\DigitalPersona\Bin\dpagent.exe

O4 - HKLM…\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

O4 - HKLM…\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

O4 - HKLM…\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe

O4 - HKLM…\Run: [sunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe”

O4 - HKLM…\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

O4 - HKLM…\Run: [bearShare] “C:\Program Files\BearShare\BearShare.exe” /pause

O4 - HKLM…\Run: [QuickTime Task] “C:\Program Files\QuickTime\QTTask.exe” -atboottime

O4 - HKLM…\Run: [iTunesHelper] “C:\Program Files\iTunes\iTunesHelper.exe”

O4 - HKLM…\Run: [Adobe Reader Speed Launcher] “C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe”

O4 - HKCU…\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU…\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden

O4 - HKCU…\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray

O4 - Startup: Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

O4 - Global Startup: BTTray.lnk = ?

O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Wyślij obraz do urządzenia &Bluetooth… - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O8 - Extra context menu item: Wyślij stronę do urządzenia &Bluetooth… - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Statystyki dla ochrony WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll

O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra ‘Tools’ menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra ‘Tools’ menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll

O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll

O11 - Options group: [iNTERNATIONAL] International*

O13 - Gopher Prefix:

O15 - Trusted Zone: http://*.mks.com.pl

O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll,C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll

O20 - Winlogon Notify: klogon - C:\Windows\system32\klogon.dll

O23 - Service: Urządzenie mobilne Apple (Apple Mobile Device) - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Kaspersky Internet Security Home Edition 7.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" -r (file missing)

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe

O23 - Service: Biometric Authentication Service (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHostW.exe

O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: Usługa iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe

O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe

O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)

(huber2t) #6

fix w hijackthis

poza tym ok