Wyskakujące okienka


(Barbaraes) #1

Witam, od pewnego czasu wyskakują mi okienka z IE, np. broadcaster.

Proszę o pomoc.

Logfile of HijackThis v1.99.1

Scan saved at 13:25:11, on 2007-06-08

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)


Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe

C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe

C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe

C:\WINDOWS\System32\svchosts.exe

C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe

C:\WINDOWS\runservice.exe

C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\prevsrv.exe

C:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe

C:\WINDOWS\System32\PSIService.exe

C:\Program Files\Netropa\Onscreen Display\OSD.exe

C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\Program Files\Common Files\{024D170E-03BE-1045-0123-021018010030}\Update.exe

C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\PsImSvc.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Messenger\msmsgs.exe

C:\DOCUME~1\Czazur\DANEAP~1\MBOLS~1\winlogon.exe

C:\Program Files\Ipwindows\ipwins.exe

C:\Documents and Settings\Czazur\Dane aplikacji\??stem\w?wexec.exe

C:\WINDOWS\System32\wdfmgr.exe

D:\Programy\Gadu-Gadu\gg.exe

D:\Programy\Opera\opera.exe

C:\Documents and Settings\Czazur\Pulpit\HijackThis.exe


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.bearshare.com/sidebar.html?src=ssb

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.bearshare.com/sidebar.html?src=ssb

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.bearshare.com/pl/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.onet.pl/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

R3 - Default URLSearchHook is missing

O2 - BHO: (no name) - {098F17F1-8919-CBCF-6F8D-F1AD7E7FE2C1} - C:\WINDOWS\System32\kkupeat.dll (file missing)

O2 - BHO: (no name) - {0C1DEFD1-7664-3DEE-4D1F-58C7E972B498} - C:\WINDOWS\System32\pgrbkwbi.dll

O2 - BHO: (no name) - {11C2F83E-6386-7A01-A341-1DE33AE0AACC} - C:\WINDOWS\System32\lejzm.dll (file missing)

O2 - BHO: (no name) - {22DDF67B-609A-764A-B9E0-47A67E0897C7} - C:\WINDOWS\System32\kmqooabt.dll (file missing)

O2 - BHO: My Global Search Bar BHO - {37B85A21-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL

O2 - BHO: (no name) - {4297A33E-6884-7E55-A341-1DE33AEBFE9D} - C:\WINDOWS\System32\wyfivyc.dll (file missing)

O2 - BHO: (no name) - {93784815-D4A8-CF7C-D906-F9ADDEB3219E} - C:\WINDOWS\System32\djoks.dll (file missing)

O2 - BHO: (no name) - {942F4F46-D1AB-9824-D906-F9ADDEE728C5} - C:\WINDOWS\System32\aczxomsm.dll

O2 - BHO: Bar888 - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\COMMON~1\{324D1~1\Bar888.dll

O2 - BHO: WhIeHelperObj Class - {c900b400-cdfe-11d3-976a-00e02913a9e0} - C:\Program Files\webHancer\programs\whiehlpr.dll

O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - D:\Programy\DAP\DAPIEBar.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL

O3 - Toolbar: Bar888 - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\COMMON~1\{324D1~1\Bar888.dll

O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"

O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [outlook] C:\Program Files\outlook\outlook.exe /auto

O4 - HKLM\..\Run: [{024D170E-03BE-1045-0123-021018010030}] "C:\Program Files\Common Files\{024D170E-03BE-1045-0123-021018010030}\Update.exe" te-110-12-0000245

O4 - HKLM\..\Run: [{024D170E-03BD-1045-0123-021018010030}] "C:\Program Files\Common Files\{024D170E-03BD-1045-0123-021018010030}\Update.exe" te-110-12-0000245

O4 - HKLM\..\Run: [webHancer Agent] C:\Program Files\webHancer\Programs\whagent.exe

O4 - HKLM\..\Run: [BearShare] "D:\Programy\Bearshare\BearShare.exe" /pause

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [Saeh] "C:\DOCUME~1\Czazur\DANEAP~1\MBOLS~1\winlogon.exe" -vt yazb

O4 - HKCU\..\Run: [Slefns] C:\Documents and Settings\Czazur\Moje dokumenty\?racle\?xplorer.exe

O4 - HKCU\..\Run: [IpWins] C:\Program Files\Ipwindows\ipwins.exe

O4 - HKCU\..\Run: [Wmlmwoe] "C:\Documents and Settings\Czazur\Dane aplikacji\??stem\w?wexec.exe"

O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Microsoft Office.lnk = D:\Programy\Office Premium 2000\Office\OSA9.EXE

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - D:\PROGRAMY\DAP\DAP.EXE

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O16 - DPF: {CC7D09F5-FB74-4476-9E27-881E178238D6} (EscupX Control) - http://www.escup.com/c/escup1.cab

O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool 8) - http://67.15.101.3/g_bin/pl/billard8_2_0_0_28.cab

O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C5} (GameDesire Snooker) - http://67.15.101.3/g_bin/pl/snooker_2_0_0_31.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{988CD92D-7F86-49B2-9CE0-06B3435B7D2B}: NameServer = 85.255.116.119,85.255.112.220

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.116.119 85.255.112.220

O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.116.119 85.255.112.220

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.119 85.255.112.220

O20 - AppInit_DLLs: PAVWAIT.DLL

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: COM+ Messages - Unknown owner - C:\WINDOWS\System32\svchosts.exe" -e te-110-12-0000245 (file missing)

O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe

O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe

O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe

O23 - Service: Panda Preventium+ Service (PREVSRV) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\prevsrv.exe

O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\System32\PSIService.exe

O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software Internacional - C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\PsImSvc.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe

(Gutek) #2

Automaty na początek.

Użyj VundoFix + Trojan.Vundo Removal Tool + VirtumundoBeGone.

Użyj FixWareOut - http://downloads.subratam.org/Fixwareout.exe

Daj log z Combofix


(Barbaraes) #3

Zastosowałem się .


(Gutek) #4

plik do usunięcia

Czyszczenie rejestru:

RegCleaner - http://www.dobreprogramy.pl/index.php?dz=2&t=29&id=177

możesz rejestr przelecieć albo

jv16 PowerTools - http://www.dobreprogramy.pl/index.php?dz=2&t=29&id=509

Po tym nowy log z Combo


(Barbaraes) #5

Nie mam takiego folderu na dysku...

Wyszukiwanie pliku również nie przynosi rezultatu...

==

Nie wiem czy to to , a innego nie ma . . .

ComboFix 07-06-09.5

(Gutek) #6

Użyj Pocket Killbox. Zaznaczasz opcję Delete on Reboot oraz All Files i w polu Full Path of File to Delete wklejasz ścieżki

C:\WINDOWS\System32\bdaefcd3_r.dll

C:\WINDOWS\System32\aczxomsm.dll

i naciskasz X czerwony. Program poprosi o reset kompa ... czyli resetujesz.


(Barbaraes) #7

Problem zniknął po wcześniejszych zabiegach :wink:

ComboFix 07-06-09.5 

"Czazur" - 2007-06-09 16:54:49   



((((((((((((((((((((((((( Files Created from 2007-05-09 to 2007-06-09 )))))))))))))))))))))))))))))))



2007-06-09 14:03

[code]Logfile of HijackThis v1.99.1 Scan saved at 17:07, on 2007-06-09 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\WINDOWS\runservice.exe C:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\prevsrv.exe C:\Program Files\Netropa\Onscreen Display\OSD.exe C:\WINDOWS\System32\PSIService.exe C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\PsImSvc.exe C:\WINDOWS\System32\svchost.exe D:\Programy\Opera\opera.exe C:\ComboFix\catchme.cfexe C:\ComboFix\catchme.cfexe C:\WINDOWS\explorer.exe C:\Documents and Settings\Czazur\Pulpit\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.bearshare.com/pl/ R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.onet.pl/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = L1cza O2 - BHO: (no name) - {098F17F1-8919-CBCF-6F8D-F1AD7E7FE2C1} - (no file) O2 - BHO: (no name) - {0C1DEFD1-7664-3DEE-4D1F-58C7E972B498} - C:\WINDOWS\System32\pgrbkwbi.dll O2 - BHO: (no name) - {11C2F83E-6386-7A01-A341-1DE33AE0AACC} - (no file) O2 - BHO: (no name) - {22DDF67B-609A-764A-B9E0-47A67E0897C7} - (no file) O2 - BHO: My Global Search Bar BHO - {37B85A21-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL O2 - BHO: (no name) - {4297A33E-6884-7E55-A341-1DE33AEBFE9D} - (no file) O2 - BHO: (no name) - {93784815-D4A8-CF7C-D906-F9ADDEB3219E} - (no file) O2 - BHO: (no name) - {942F4F46-D1AB-9824-D906-F9ADDEE728C5} - C:\WINDOWS\System32\aczxomsm.dll (file missing) O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - D:\Programy\DAP\DAPIEBar.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL O4 - HKLM..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe" O4 - HKLM..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe O4 - HKLM..\Run: [nwiz] nwiz.exe /install O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe O4 - HKLM..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKCU..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU..\Run: [Saeh] "C:\DOCUME~1\Czazur\DANEAP~1\MBOLS~1\winlogon.exe" -vt yazb O4 - HKCU..\Run: [Slefns] C:\Documents and Settings\Czazur\Moje dokumenty\?racle\?xplorer.exe O4 - HKCU..\Run: [Wmlmwoe] "C:\Documents and Settings\Czazur\Dane aplikacji\??stem\w?wexec.exe" O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Microsoft Office.lnk = D:\Programy\Office Premium 2000\Office\OSA9.EXE O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - D:\PROGRAMY\DAP\DAP.EXE O16 - DPF: {CC7D09F5-FB74-4476-9E27-881E178238D6} (EscupX Control) - http://www.escup.com/c/escup1.cab O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool 8) - http://67.15.101.3/g\_bin/pl/billard8\_2\_0\_0\_28.cab O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C5} (GameDesire Snooker) - http://67.15.101.3/g\_bin/pl/snooker\_2\_0\_0\_31.cab O17 - HKLM\System\CCS\Services\Tcpip..{988CD92D-7F86-49B2-9CE0-06B3435B7D2B}: NameServer = 172.23.1.1,195.114.161.161 O20 - AppInit_DLLs: PAVWAIT.DLL O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe O23 - Service: Panda Preventium+ Service (PREVSRV) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\prevsrv.exe O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\System32\PSIService.exe O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software Internacional - C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\PsImSvc.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe


(adam9870) #8

Poprzez aplet Dodaj/usuń programy odinstaluj MyGlobalSearch oraz WeatherCast.

Pliki i foldery zaznaczone na czerwono usuń ręcznie z dysku w trybie awaryjnym natomiast wpisy HijackThis. Ze względu na to, że masz do usunięcia tzw. pytajnikowca, przez zabraniem się za usuwanie poczytaj - Usuwanie PurityScan.

Start >>> uruchom >>> wpis cmd i kliknij OK >>> w konsoli, która się otworzy wydaj następujące polecenia:

Otwórz Notatnik i wklej w nim to:

Plik >>> Zapisz jako >>> Zmień rozszerzenie z TXT na Wszystkie pliki >>> Zapisz pod nazwą FIX.REG >>> kliknij dwa razy na utworzony plik FIX.REG i potwierdź dodanie do rejestru >>> restart.

Po wykonaniu wklej komplet nowych logów.


(Barbaraes) #9

Nie ma na dysku żadnego pliku i folderu zaznaczonego na czerwono.

Nie mogę również usunać pytajnikowca gdyż nie ma folderu system32...

ComboFix 07-06-09.5 

"Czazur" - 2007-06-09 22:08:14   



((((((((((((((((((((((((( Files Created from 2007-05-09 to 2007-06-09 )))))))))))))))))))))))))))))))



2007-06-09 21:38	225,280	--a------	C:\Program Files\Uninstall My Global Search Bar.dll

2007-06-09 14:03

[code]Logfile of HijackThis v1.99.1 Scan saved at 22:17, on 2007-06-09 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe C:\WINDOWS\runservice.exe C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\prevsrv.exe C:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe C:\WINDOWS\System32\PSIService.exe C:\Program Files\Netropa\Onscreen Display\OSD.exe C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\PsImSvc.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\chkdsk.exe C:\ComboFix\sed.cfexe C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\findstr.exe C:\ComboFix\sed.cfexe C:\WINDOWS\explorer.exe D:\Programy\Opera\opera.exe C:\WINDOWS\System32\taskmgr.exe C:\Documents and Settings\Czazur\Pulpit\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.bearshare.com/pl/ R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.onet.pl/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = L1cza O2 - BHO: (no name) - {098F17F1-8919-CBCF-6F8D-F1AD7E7FE2C1} - (no file) O2 - BHO: (no name) - {0C1DEFD1-7664-3DEE-4D1F-58C7E972B498} - C:\WINDOWS\System32\pgrbkwbi.dll (file missing) O2 - BHO: (no name) - {11C2F83E-6386-7A01-A341-1DE33AE0AACC} - (no file) O2 - BHO: (no name) - {22DDF67B-609A-764A-B9E0-47A67E0897C7} - (no file) O2 - BHO: (no name) - {4297A33E-6884-7E55-A341-1DE33AEBFE9D} - (no file) O2 - BHO: (no name) - {93784815-D4A8-CF7C-D906-F9ADDEB3219E} - (no file) O2 - BHO: (no name) - {942F4F46-D1AB-9824-D906-F9ADDEE728C5} - C:\WINDOWS\System32\aczxomsm.dll (file missing) O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - D:\Programy\DAP\DAPIEBar.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe" O4 - HKLM..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe O4 - HKLM..\Run: [nwiz] nwiz.exe /install O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe O4 - HKLM..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKCU..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU..\Run: [Saeh] "C:\DOCUME~1\Czazur\DANEAP~1\MBOLS~1\winlogon.exe" -vt yazb O4 - HKCU..\Run: [Slefns] C:\Documents and Settings\Czazur\Moje dokumenty\?racle\?xplorer.exe O4 - HKCU..\Run: [Wmlmwoe] "C:\Documents and Settings\Czazur\Dane aplikacji\??stem\w?wexec.exe" O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Microsoft Office.lnk = D:\Programy\Office Premium 2000\Office\OSA9.EXE O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - D:\PROGRAMY\DAP\DAP.EXE O16 - DPF: {CC7D09F5-FB74-4476-9E27-881E178238D6} (EscupX Control) - http://www.escup.com/c/escup1.cab O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool 8) - http://67.15.101.3/g\_bin/pl/billard8\_2\_0\_0\_28.cab O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C5} (GameDesire Snooker) - http://67.15.101.3/g\_bin/pl/snooker\_2\_0\_0\_31.cab O17 - HKLM\System\CCS\Services\Tcpip..{988CD92D-7F86-49B2-9CE0-06B3435B7D2B}: NameServer = 172.23.1.1,195.114.161.161 O20 - AppInit_DLLs: PAVWAIT.DLL O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe O23 - Service: Panda Preventium+ Service (PREVSRV) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\prevsrv.exe O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\System32\PSIService.exe O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software Internacional - C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\PsImSvc.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe


(Gutek) #10

poczytaj Usuwanie PurityScan. - link wyżej, wpisy usuń HJT

Skan AVG Anti-Spyware 7.5 po update :wink:

Czyszczenie rejestru:

RegCleaner - http://www.dobreprogramy.pl/index.php?dz=2&t=29&id=177

możesz rejestr przelecieć albo

jv16 PowerTools - http://www.dobreprogramy.pl/index.php?dz=2&t=29&id=509

Po tym log z Combo