Przestarzałe tematy dotyczące sprawdzania logów

Dzięki za nakierowanie, co i jak.

Ale jak dokładnie mam wyłączyc te pliki.

Usuń/Dodaj Programy, mam wers nadmieniający, 'usuń informacje do deinstalizacji Windowsa Millenium'

Czy mam to zrobic innym sposobem ?

Z góry dzięki za pomoc.

Post - #2...

 hijackthis.txt   5,31 KB   283 Ilość pobrań

O19 - User stylesheet: (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O2 - BHO: BTGrabObj Class - {00000000-F09C-02B4-6EC2-AD0300000000} - C:\WINDOWS\BTGRAB.DLL (file missing)
O2 - BHO: (no name) - {83DE62E0-5805-11D8-9B25-00E04C60FAF2} - C:\WINDOWS\2_0_1browserhelper2.dll (file missing)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll (file missing)
O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\SYSTEM\MSBE.DLL (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll (file missing)
O2 - BHO: IE 4.x-5.x BHO in ObjectPascal - {49E0E0F0-5C30-11D4-945D-000000000000} - C:\PROGRA~1\MARBIT\TOOLS\IEHELPER.DLL (file missing)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

Pliki na czerwono usuń z dysku w Trybie Awaryjnym. Wpisy zafixuj w Hjt.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\TEMP\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\WINDOWS\TEMP\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\WINDOWS\TEMP\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\WINDOWS\TEMP\sp.html

Twoja robota? Jak nie to wpisy zafixuj w Hjt.

Po pracy pokaż nowego loga z Hjt + Silent Runners.

 hijackthis.txt   4,28 KB   259 Ilość pobrań

Proszę zafixować wpisy i pokazać nowe, oba logi!

witam od pewnego czasu ukazuje mi sie co jakiś czas w programie avg ze wykryto:
trojan horse IRC/Backdoor.SdBot2.RIT klikam heal potem musze zrestartowac kompa ale po jakims czasie gdy użytkuje kompa mam znów znow to samo plik zainfekowany: mssmpp.exe ale w c:\windows\system32\mssmpp.exe nie ma takiego pliku! prosze o pomoc! AVG wykrywa tego virusa bezpośrednio, gdy skanuje nic nie zauważa!

internet caly czas wysyła jakieś pakiety nawet jak nie jestem na necie;/

oto log z hijack:




Logfile of HijackThis v1.99.1
Scan saved at 21:27, on 2007-06-29
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Pando Networks\Pando\pando.exe
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\Creative\ShareDLL\MediaDet.Exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Opera\Opera.exe
C:\Program Files\Tlen.pl\tlen.exe
C:\ComboFix\catchme.cfexe
C:\Documents and Settings\Patryk\Pulpit\HijackThis.exe
C:\WINDOWS\explorer.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = L1cza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: CInterceptor Object - {38D3FE60-3D53-4F37-BB0E-C7A97A26A156} - C:\Program Files\Pando Networks\Pando\PandoIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Pando] "C:\Program Files\Pando Networks\Pando\pando.exe" /Minimized
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE


log z ComboFix:




ComboFix 07-06-18.2 - C:\download\ComboFix.exe
"Patryk" - 2007-06-29 21:24:33 - Dodatek Service Pack. 1 NTFS


((((((((((((((((((((((((( Files Created from 2007-05-28 to 2007-06-29 )))))))))))))))))))))))))))))))


2007-06-29 19:17 <DIR> d-------- C:\DOCUME~1\Patryk\DANEAP~1\Media Player Classic
2007-06-29 18:51 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-06-29 12:37 182,880 --a------ C:\WINDOWS\system32\iuengine.dll
2007-06-29 09:40 <DIR> d-------- C:\DOCUME~1\Patryk\DANEAP~1\Lavasoft
2007-06-29 09:39 <DIR> d-------- C:\Program Files\Lavasoft
2007-06-29 08:55 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-06-29 08:54 266,240 --a------ C:\Program Files\Uninstall Pando Toolbar.dll
2007-06-28 19:58 <DIR> d-------- C:\DOCUME~1\Patryk\DANEAP~1\OpenOffice.org2
2007-06-28 19:41 57,856 --a------ C:\WINDOWS\system32\drivers\drmk.sys
2007-06-28 19:41 134,272 --a------ C:\WINDOWS\system32\drivers\portcls.sys
2007-06-28 19:40 775,296 --a------ C:\WINDOWS\system32\drivers\emu10k1f.sys
2007-06-28 19:40 6,912 --a------ C:\WINDOWS\system32\drivers\ctlface.sys
2007-06-28 19:40 59,392 --a------ C:\WINDOWS\system32\a3d.dll
2007-06-28 19:40 51,200 --a------ C:\WINDOWS\system32\sfman32.dll
2007-06-28 19:40 495,616 --a------ C:\WINDOWS\system32\sblfx.dll
2007-06-28 19:40 36,992 --a------ C:\WINDOWS\system32\drivers\sfman.sys
2007-06-28 19:40 3,584 --a------ C:\WINDOWS\system32\ctwdm32.dll
2007-06-28 19:40 25,600 --a------ C:\WINDOWS\system32\devldr32.exe
2007-06-28 19:35 44,032 --a------ C:\WINDOWS\system32\CTSVCCDA.EXE
2007-06-28 19:35 <DIR> d-------- C:\Media
2007-06-28 19:31 <DIR> d-------- C:\Shooter[2007]DvDrip[Eng]-aXXo
2007-06-28 19:29 <DIR> d-------- C:\Cellular
2007-06-28 19:13 <DIR> d-------- C:\Program Files\Gadu-Gadu
2007-06-28 19:13 <DIR> d-------- C:\DOCUME~1\Patryk\Gadu-Gadu
2007-06-28 17:58 <DIR> d-------- C:\DOCUME~1\Patryk\DANEAP~1\Opera
2007-06-28 17:28 <DIR> d-------- C:\DOCUME~1\Patryk\DANEAP~1\Tlen.pl
2007-06-28 17:28 <DIR> d-------- C:\DOCUME~1\Patryk\DANEAP~1\Skype
2007-06-28 17:19 <DIR> d-------- C:\DOCUME~1\Patryk\DANEAP~1\DeepBurner
2007-06-28 17:16 <DIR> d-------- C:\DOCUME~1\Patryk\DANEAP~1\Azureus
2007-06-28 17:06 <DIR> dr-h----- C:\DOCUME~1\Patryk\Dane aplikacji
2007-06-28 17:06 <DIR> dr------- C:\DOCUME~1\Patryk\Ulubione
2007-06-28 17:06 <DIR> dr------- C:\DOCUME~1\Patryk\Moje dokumenty
2007-06-28 17:06 <DIR> dr------- C:\DOCUME~1\Patryk\Menu Start
2007-06-28 17:06 <DIR> d--h----- C:\DOCUME~1\Patryk\Szablony
2007-06-28 17:06 <DIR> d-------- C:\DOCUME~1\Patryk\Pulpit
2007-06-28 17:05 1,310,720 --ah----- C:\DOCUME~1\Patryk\NTUSER.DAT
2007-06-28 17:05 <DIR> d--h----- C:\DOCUME~1\Patryk\Ustawienia lokalne
2007-06-28 17:05 <DIR> d-------- C:\WINDOWS\Prefetch
2007-06-28 16:51 23,070 --a------ C:\WINDOWS\system32\drivers\RTL8139.sys
2007-06-28 16:44 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2007-06-28 16:44 13,312 --a------ C:\WINDOWS\system32\irclass.dll
2007-06-28 15:58 118,784 --a------ C:\WINDOWS\system32\MSSTDFMT.DLL
2007-06-28 15:58 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-06-28 15:34 (2) -rahs-ot- C:\WINDOWS\winstart.bat
2007-06-28 14:16 24,960 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2007-06-28 14:16 <DIR> d-------- C:\WUTemp
2007-06-27 09:51 <DIR> d-------- C:\Program Files\Pando Networks
2007-06-25 09:18 98,816 --a------ C:\WINDOWS\system32\dmstyle.dll
2007-06-25 09:18 974,848 --a------ C:\WINDOWS\system32\dxdiag.exe
2007-06-25 09:18 83,968 --a------ C:\WINDOWS\system32\drivers\nabtsfec.sys
2007-06-25 09:18 80,896 --a------ C:\WINDOWS\system32\dpvsetup.exe
2007-06-25 09:18 8,192 --a------ C:\WINDOWS\system32\d3d8thk.dll
2007-06-25 09:18 797,184 --a------ C:\WINDOWS\system32\d3dim700.dll
2007-06-25 09:18 79,360 --a------ C:\WINDOWS\system32\dpwsockx.dll
2007-06-25 09:18 77,824 --a------ C:\WINDOWS\system32\dpmodemx.dll
2007-06-25 09:18 76,800 --a------ C:\WINDOWS\system32\dmscript.dll
2007-06-25 09:18 733,184 --a------ C:\WINDOWS\system32\qedwipes.dll
2007-06-25 09:18 723,968 --a------ C:\WINDOWS\system32\dpnet.dll
2007-06-25 09:18 7,424 --a------ C:\WINDOWS\system32\drivers\mskssrv.sys
2007-06-25 09:18 68,096 --a------ C:\WINDOWS\system32\dpnhupnp.dll
2007-06-25 09:18 667,648 --a------ C:\WINDOWS\system32\dinput8.dll
2007-06-25 09:18 648,704 --a------ C:\WINDOWS\system32\dinput.dll
2007-06-25 09:18 64,512 --a------ C:\WINDOWS\system32\amstream.dll
2007-06-25 09:18 602,624 --a------ C:\WINDOWS\system32\dx7vb.dll
2007-06-25 09:18 590,336 --a------ C:\WINDOWS\system32\d3dramp.dll
2007-06-25 09:18 58,368 --a------ C:\WINDOWS\system32\dmcompos.dll
2007-06-25 09:18 52,096 --a------ C:\WINDOWS\system32\drivers\msdv.sys
2007-06-25 09:18 5,504 --a------ C:\WINDOWS\system32\drivers\mstee.sys
2007-06-25 09:18 5,248 --a------ C:\WINDOWS\system32\drivers\mspclock.sys
2007-06-25 09:18 491,520 --a------ C:\WINDOWS\system32\dsdmoprp.dll
2007-06-25 09:18 48,512 --a------ C:\WINDOWS\system32\drivers\stream.sys
2007-06-25 09:18 470,528 --a------ C:\WINDOWS\system32\qdvd.dll
2007-06-25 09:18 47,616 --a------ C:\WINDOWS\system32\d3dxof.dll
2007-06-25 09:18 47,104 --a------ C:\WINDOWS\system32\wstdecod.dll
2007-06-25 09:18 467,968 --a------ C:\WINDOWS\system32\diactfrm.dll
2007-06-25 09:18 44,032 --a------ C:\WINDOWS\system32\dimap.dll
2007-06-25 09:18 436,224 --a------ C:\WINDOWS\system32\d3dim.dll
2007-06-25 09:18 4,608 --a------ C:\WINDOWS\system32\drivers\mspqm.sys
2007-06-25 09:18 4,096 --a------ C:\WINDOWS\system32\ksuser.dll
2007-06-25 09:18 4,096 --a------ C:\WINDOWS\system32\drivers\swenum.sys
2007-06-25 09:18 381,952 --a------ C:\WINDOWS\system32\dsound.dll
2007-06-25 09:18 381,952 --a------ C:\WINDOWS\system32\dpvoice.dll
2007-06-25 09:18 354,816 --a------ C:\WINDOWS\system32\psisdecd.dll
2007-06-25 09:18 350,208 --a------ C:\WINDOWS\system32\d3drm.dll
2007-06-25 09:18 34,816 --a------ C:\WINDOWS\system32\d3dpmesh.dll
2007-06-25 09:18 34,304 --a------ C:\WINDOWS\system32\mciqtz32.dll
2007-06-25 09:18 33,280 --a------ C:\WINDOWS\system32\dmloader.dll
2007-06-25 09:18 324,096 --a------ C:\WINDOWS\system32\mswebdvd.dll
2007-06-25 09:18 32,768 --a------ C:\WINDOWS\system32\dpnhpast.dll
2007-06-25 09:18 316,928 --a------ C:\WINDOWS\system32\qdv.dll
2007-06-25 09:18 31,744 --a------ C:\WINDOWS\system32\pid.dll
2007-06-25 09:18 3,072 --a------ C:\WINDOWS\system32\dpnlobby.dll
2007-06-25 09:18 3,072 --a------ C:\WINDOWS\system32\dpnaddr.dll
2007-06-25 09:18 292,864 --a------ C:\WINDOWS\system32\ddraw.dll
2007-06-25 09:18 28,160 --a------ C:\WINDOWS\system32\dplaysvr.exe
2007-06-25 09:18 27,136 --a------ C:\WINDOWS\system32\dmband.dll
2007-06-25 09:18 257,024 --a------ C:\WINDOWS\system32\qcap.dll
2007-06-25 09:18 24,064 --a------ C:\WINDOWS\system32\ddrawex.dll
2007-06-25 09:18 230,400 --a------ C:\WINDOWS\system32\dplayx.dll
2007-06-25 09:18 223,232 --a------ C:\WINDOWS\system32\gcdef.dll


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-29 19:18:01 49,712 ----a-w C:\WINDOWS\system32\perfc015.dat
2007-06-29 19:18:01 355,830 ----a-w C:\WINDOWS\system32\perfh015.dat
2007-06-11 21:23:18 -------- d-----w C:\Program Files\Usługi online


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx [2001-03-02 12:02]
{38D3FE60-3D53-4F37-BB0E-C7A97A26A156}=C:\Program Files\Pando Networks\Pando\PandoIEPlugin.dll [2007-06-18 12:52]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0\bin\ssv.dll [2007-06-12 19:16]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2006-10-25 07:37]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0\bin\jusched.exe" [2007-06-12 19:16]
"AHQInit"="C:\Program Files\Creative\SBLive\Program\AHQInit.exe" [2001-05-10 18:49]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-06-29 08:37]
"Disc Detector"="C:\Program Files\Creative\ShareDLL\CtNotify.exe" [1999-08-30 01:55]
"AudioHQ"="C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE" [2001-08-17 17:01]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Pando"="C:\Program Files\Pando Networks\Pando\pando.exe" [2007-06-18 12:52]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
@=

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2007-05-30 14:29]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Guard]

*Newly Created Service* - ALG
*Newly Created Service* - IPNAT

Logi są czyste.


Pozamykaj dziurawe porty narzędziem Windows Worms Doors Cleaner. Wszystkie znaczki mają być na zielono! Po użyciu zresetuj komputer.

Pobierz narzędzie The Avenger.

Uruchom program w Trybie Awaryjnym i zaznacz opcję Input script manually. Następnie kliknij w "lupkę" po prawej stronie okna programu, a w okienku które Ci się otworzy wklej taki tekst:

Files to delete:

C:\WINDOWS\System32\mssmpp.exe

Kliknij klawisz Done, a następnie 'zielone światełko'. Na komunikat który się wyświetli odpowiadasz OK.

Proszę o sprawdzenie loga:

Logfile of HijackThis v1.99.1
Scan saved at 09:06:11, on 2007-07-10
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
G:\WINDOWS\System32\smss.exe
G:\WINDOWS\system32\winlogon.exe
G:\WINDOWS\system32\services.exe
G:\WINDOWS\system32\lsass.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\System32\svchost.exe
G:\WINDOWS\system32\spoolsv.exe
G:\WINDOWS\Explorer.EXE
G:\Program Files\a-squared Free\a2service.exe
G:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
G:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
G:\Program Files\Common Files\LightScribe\LSSrvc.exe
G:\WINDOWS\system32\svchost.exe
G:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
G:\WINDOWS\system32\ctfmon.exe
G:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBVE.EXE
G:\DOCUME~1\dom\Pulpit\AQQ.exe
G:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
G:\WINDOWS\system32\wbem\wmiapsrv.exe
G:\WINDOWS\system32\wscntfy.exe
G:\Program Files\Mozilla Firefox\firefox.exe
G:\Documents and Settings\dom\Pulpit\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/def.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/def...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/def...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - G:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Expressivo - {85F685C3-20D9-4943-95E4-EB4224056C3F} - G:\Program Files\ivo\Expressivo\IH_iexplore.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - G:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Expressivo - {85F685C3-20D9-4943-95E4-EB4224056C3F} - G:\Program Files\ivo\Expressivo\IH_iexplore.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - G:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [AVP] "G:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] G:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EPSON Stylus DX5000 Series] G:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBVE.EXE /FU "G:\WINDOWS\TEMP\E_S92.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [AQQ] G:\DOCUME~1\dom\Pulpit\AQQ.exe
O4 - Global Startup: DSLMON.lnk = ?
O8 - Extra context menu item: Dodaj do blokowanych banerów - G:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\ie_banner_deny.htm
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://G:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Statystyki ochrony WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - G:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{E850DFCD-FF65-41A3-BB0D-EF181D24E587}: NameServer = 194.204.159.1 217.98.63.164
O17 - HKLM\System\CS1\Services\VxD\MSTCP: NameServer = 212.51.192.2
O17 - HKLM\System\CS2\Services\VxD\MSTCP: NameServer = 212.51.192.2
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 212.51.192.2
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - G:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: G:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll G:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: klogon - G:\WINDOWS\system32\klogon.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - G:\Program Files\a-squared Free\a2service.exe
O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Unknown owner - G:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" -r (file missing)
O23 - Service: Diskeeper - Diskeeper Corporation - G:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: GoogleDesktopManager - Google - G:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - G:\Program Files\Common Files\LightScribe\LSSrvc.exe

Czysty, można usunąć ewentualnie traya Javy, narzędzia Epsona i HP.

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

Fix w Hjt.

Pokaż logi z: Silent Runners + ComboFix.

Log z Combo fix:
"dom" - 2007-07-10 16:03:44 - ComboFix 07-07-10.1 - Dodatek Service Pack 2


((((((((((((((((((((((((( Files Created from 2007-06-10 to 2007-07-10 )))))))))))))))))))))))))))))))


2007-07-10 16:03 51,200 --a------ G:\WINDOWS\nircmd.exe
2007-07-10 11:20 <DIR> d-------- G:\DOCUME~1\dom\DANEAP~1\Roxio
2007-07-10 11:12 <DIR> d-------- G:\Program Files\directx
2007-07-10 11:12 <DIR> d-------- G:\Program Files\Common Files\Roxio Shared
2007-07-09 21:11 <DIR> d-------- G:\WINDOWS\pss
2007-07-09 13:37 <DIR> d-------- G:\Program Files\a-squared Free
2007-07-09 12:30 <DIR> d-------- G:\Program Files\Audacity
2007-07-06 21:07 <DIR> d-------- G:\DOCUME~1\dom\DANEAP~1\EPSON
2007-07-06 20:54 <DIR> d-------- G:\DOCUME~1\ALLUSE~1\DANEAP~1\UDL
2007-07-06 20:52 <DIR> d-------- G:\Program Files\ABBYY FineReader 6.0 Sprint
2007-07-06 20:50 80,024 --a------ G:\WINDOWS\system32\PICSDK.dll
2007-07-06 20:50 71,840 --a------ G:\WINDOWS\system32\EPPicMgr.dll
2007-07-06 20:50 501,912 --a------ G:\WINDOWS\system32\PICSDK2.dll
2007-07-06 20:50 4,943 --a------ G:\WINDOWS\system32\EPPICPattern6.dat
2007-07-06 20:50 31,053 --a------ G:\WINDOWS\system32\EPPICPattern131.dat
2007-07-06 20:50 27,417 --a------ G:\WINDOWS\system32\EPPICPattern121.dat
2007-07-06 20:50 26,154 --a------ G:\WINDOWS\system32\EPPICPattern1.dat
2007-07-06 20:50 24,903 --a------ G:\WINDOWS\system32\EPPICPattern3.dat
2007-07-06 20:50 21,390 --a------ G:\WINDOWS\system32\EPPICPattern5.dat
2007-07-06 20:50 20,148 --a------ G:\WINDOWS\system32\EPPICPattern2.dat
2007-07-06 20:50 120,992 --a------ G:\WINDOWS\system32\EpPicPrt.dll
2007-07-06 20:50 111,932 --a------ G:\WINDOWS\system32\EPPICPrinterDB.dat
2007-07-06 20:50 11,811 --a------ G:\WINDOWS\system32\EPPICPattern4.dat
2007-07-06 20:50 108,704 --a------ G:\WINDOWS\system32\PICEntry.dll
2007-07-06 20:50 1,146 --a------ G:\WINDOWS\system32\EPPICPresetData_DU.dat
2007-07-06 20:50 1,139 --a------ G:\WINDOWS\system32\EPPICPresetData_PT.dat
2007-07-06 20:50 1,139 --a------ G:\WINDOWS\system32\EPPICPresetData_BP.dat
2007-07-06 20:50 1,136 --a------ G:\WINDOWS\system32\EPPICPresetData_ES.dat
2007-07-06 20:50 1,129 --a------ G:\WINDOWS\system32\EPPICPresetData_FR.dat
2007-07-06 20:50 1,129 --a------ G:\WINDOWS\system32\EPPICPresetData_CF.dat
2007-07-06 20:50 1,120 --a------ G:\WINDOWS\system32\EPPICPresetData_IT.dat
2007-07-06 20:50 1,107 --a------ G:\WINDOWS\system32\EPPICPresetData_GE.dat
2007-07-06 20:50 1,104 --a------ G:\WINDOWS\system32\EPPICPresetData_EN.dat
2007-07-06 20:50 <DIR> d-------- G:\DOCUME~1\dom\DANEAP~1\InstallShield
2007-07-06 20:49 75,264 --a------ G:\WINDOWS\system32\E_FLBBVE.DLL
2007-07-06 20:49 62,976 --a------ G:\WINDOWS\system32\E_FD4BBVE.DLL
2007-07-06 20:49 49,152 --a------ G:\WINDOWS\system32\E_DCINST.DLL
2007-07-06 20:48 31,616 --a------ G:\WINDOWS\system32\drivers\usbccgp.sys
2007-07-06 20:48 15,104 --a------ G:\WINDOWS\system32\drivers\usbscan.sys
2007-07-06 20:35 61,952 --a------ G:\WINDOWS\system32\escwiad.dll
2007-07-06 20:35 <DIR> d-------- G:\Program Files\epson
2007-07-06 20:35 <DIR> d-------- G:\DOCUME~1\ALLUSE~1\DANEAP~1\EPSON
2007-07-03 12:42 <DIR> d-------- G:\DOCUME~1\dom\DANEAP~1\Media Player Classic
2007-07-03 12:41 <DIR> d-------- G:\Program Files\Real Alternative
2007-07-03 12:41 <DIR> d-------- G:\Program Files\Media Player Classic
2007-07-03 12:41 <DIR> d-------- G:\DOCUME~1\dom\DANEAP~1\Real
2007-07-03 12:41 <DIR> d-------- G:\DOCUME~1\ALLUSE~1\DANEAP~1\Real
2007-06-30 12:00 974,848 --a------ G:\WINDOWS\system32\mfc70.dll
2007-06-30 12:00 964,608 --a------ G:\WINDOWS\system32\MFC70U.DLL
2007-06-30 12:00 344,064 --a------ G:\WINDOWS\system32\msvcr70.dll
2007-06-30 12:00 <DIR> d-------- G:\Program Files\Vi-Soft
2007-06-30 11:56 41,984 --a------ G:\WINDOWS\system32\drivers\Xprotector.sys
2007-06-22 10:45 <DIR> d-------- G:\Program Files\Konnekt
2007-06-18 15:35 <DIR> d-------- G:\Program Files\Lavalys
2007-06-17 21:52 <DIR> d-------- G:\DOCUME~1\dom\win2k_xp
2007-06-17 21:52 <DIR> d-------- G:\DOCUME~1\dom\images
2007-06-17 21:52 <DIR> d-------- G:\DOCUME~1\dom\animation
2007-06-14 20:53 <DIR> d-------- G:\WINDOWS\Komputer ?wiat Rocznik 2005
2007-06-14 20:44 <DIR> d-------- G:\Program Files\Komputer ?wiat Rocznik 2005
2007-06-14 15:11 <DIR> d-------- G:\Program Files\ProgMan
2007-06-13 21:10 <DIR> d-------- G:\Program Files\Kreator ?wiadectw 2004


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-09 20:11:06 -------- d-----w G:\Program Files\Yahoo!
2007-07-07 09:49:03 -------- d-----w G:\DOCUME~1\dom\DANEAP~1\Skype
2007-07-06 19:00:42 -------- d--h--w G:\Program Files\InstallShield Installation Information
2007-07-06 18:58:39 -------- d-----w G:\Program Files\Common Files\InstallShield
2007-07-03 13:37:36 -------- d-----w G:\Program Files\ivo
2007-06-15 12:52:38 -------- d-----w G:\Program Files\Mozilla Thunderbird
2007-06-14 18:55:33 -------- d-----w G:\Program Files\Komputer Świat Rocznik 2005
2007-06-14 18:42:32 74,450 ----a-w G:\WINDOWS\system32\perfc015.dat
2007-06-14 18:42:32 448,348 ----a-w G:\WINDOWS\system32\perfh015.dat
2007-06-13 19:10:51 -------- d-----w G:\Program Files\Kreator Świadectw 2004
2007-06-06 06:50:42 -------- d-----w G:\Program Files\ABBYY FineReader 5.0 Sprint
2007-05-27 18:16:19 -------- d-----w G:\Program Files\Gimnazjum klasa 1 - Chemia
2007-05-23 18:39:48 -------- d-----w G:\Program Files\Unlock Codes Calculator (by Crux)
2007-05-23 14:04:50 -------- d-----w G:\DOCUME~1\dom\DANEAP~1\Jasc
2007-05-23 14:04:27 -------- d-----w G:\Program Files\Jasc Software Inc
2007-05-22 13:52:05 -------- d-----w G:\DOCUME~1\dom\DANEAP~1\CyberLink
2007-05-22 13:45:03 -------- d-----w G:\Program Files\CyberLink
2007-05-22 13:13:11 -------- d-----w G:\Program Files\FreshDevices
2007-05-21 18:58:33 -------- d-----w G:\Program Files\Google
2007-05-11 17:44:07 -------- d-----w G:\DOCUME~1\dom\DANEAP~1\Blueberry
2007-05-11 17:43:40 4,608 ----a-w G:\WINDOWS\system32\bbchlp.dll
2007-05-11 17:43:40 27,776 ----a-w G:\WINDOWS\system32\bbcap.dll
2007-05-11 17:43:40 2,944 ----a-w G:\WINDOWS\system32\drivers\bbcap.sys
2007-05-11 12:27:47 -------- d-----w G:\Program Files\FlashGet
2007-05-11 12:17:50 -------- d-----w G:\DOCUME~1\dom\DANEAP~1\FlashGet
2007-05-10 18:39:35 -------- d-----w G:\Program Files\Play
2007-05-10 14:05:43 -------- d-----w G:\DOCUME~1\dom\DANEAP~1\Google
2007-05-06 16:58:02 36 ----a-w G:\CallLog.dat
2007-05-06 07:15:42 39 ----a-w G:\WINDOWS\pamlicCls.dll
2007-05-03 18:30:12 0 ----a-w G:\WINDOWS\nsreg.dat
2007-04-19 13:25:52 1,243 ----a-w G:\WINDOWS\unins000.dat
2007-04-18 15:53:27 21,856 ----a-w G:\WINDOWS\system32\emptyregdb.dat


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
2007-03-14 03:43 501400 --a------ G:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{85F685C3-20D9-4943-95E4-EB4224056C3F}]
2007-01-23 14:29 102400 --a------ G:\Program Files\ivo\Expressivo\IH_iexplore.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}]
2005-02-22 13:50 368640 --a------ G:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="G:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:44]
"EPSON Stylus DX5000 Series"="G:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBVE.exe" [2006-09-22 06:01]
"AQQ"="G:\DOCUME~1\dom\Pulpit\AQQ.exe" [2007-02-28 14:18]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoLowDiscSpaceChecks"=000000000000f03f

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ClearRecentDocsOnExit"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=G:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll G:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\G:^Documents and Settings^dom^Menu Start^Programy^Autostart^Yahoo! Widget Engine.lnk]
path=G:\Documents and Settings\dom\Menu Start\Programy\Autostart\Yahoo! Widget Engine.lnk
backup=G:\WINDOWS\pss\Yahoo! Widget Engine.lnkStartup
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - netsvcs
UxTuneUp


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{85c4df03-edd1-11db-83e0-806d6172696f}]
AutoRun\command- F:\instaluj.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9d9a6c20-fd6c-11db-b1dd-4d6564696130}]
AutoRun\command- G:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe


Contents of the 'Scheduled Tasks' folder
2007-06-15 15:15:00 G:\WINDOWS\tasks\1-Klick-Wartung.job

**************************************************************************

catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-10 16:06:50
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-07-10 16:08:34

--- E O F ---



I z tego drugiego programu:
"Silent Runners.vbs", revision R50, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"CTFMON.EXE" = "G:\WINDOWS\system32\ctfmon.exe" [MS]
"EPSON Stylus DX5000 Series" = "G:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBVE.EXE /FU "G:\WINDOWS\TEMP\E_S92.tmp" /EF "HKCU"" ["SEIKO EPSON CORPORATION"]
"AQQ" = "G:\DOCUME~1\dom\Pulpit\AQQ.exe" ["AQQ Sp. z o.o."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
-> {HKLM...CLSID} = "SSVHelper Class"
\InProcServer32\(Default) = "G:\Program Files\Java\jre1.6.0_01\bin\ssv.dll" ["Sun Microsystems, Inc."]
{85F685C3-20D9-4943-95E4-EB4224056C3F}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Expressivo"
\InProcServer32\(Default) = "G:\Program Files\ivo\Expressivo\IH_iexplore.dll" ["IVO Software Sp. z o.o."]
{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}\(Default) = (no title provided)
-> {HKLM...CLSID} = "EpsonToolBandKicker Class"
\InProcServer32\(Default) = "G:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll" ["SEIKO EPSON CORPORATION"]

Silent Runners jest ucięty. Czekam na całego loga.

To?
"Silent Runners.vbs", revision R50, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"CTFMON.EXE" = "G:\WINDOWS\system32\ctfmon.exe" [MS]
"EPSON Stylus DX5000 Series" = "G:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBVE.EXE /FU "G:\WINDOWS\TEMP\E_S92.tmp" /EF "HKCU"" ["SEIKO EPSON CORPORATION"]
"AQQ" = "G:\DOCUME~1\dom\Pulpit\AQQ.exe" ["AQQ Sp. z o.o."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
-> {HKLM...CLSID} = "SSVHelper Class"
\InProcServer32\(Default) = "G:\Program Files\Java\jre1.6.0_01\bin\ssv.dll" ["Sun Microsystems, Inc."]
{85F685C3-20D9-4943-95E4-EB4224056C3F}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Expressivo"
\InProcServer32\(Default) = "G:\Program Files\ivo\Expressivo\IH_iexplore.dll" ["IVO Software Sp. z o.o."]
{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}\(Default) = (no title provided)
-> {HKLM...CLSID} = "EpsonToolBandKicker Class"
\InProcServer32\(Default) = "G:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll" ["SEIKO EPSON CORPORATION"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"
-> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "G:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
"{85E0B171-04FA-11D1-B7DA-00A0C90348D6}" = "Statystyki ochrony WWW"
-> {HKLM...CLSID} = "Statystyki ochrony WWW"
\InProcServer32\(Default) = "G:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll" ["Kaspersky Lab"]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "G:\Program Files\WinRAR\rarext.dll" [null data]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "G:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS]
"{B327765E-D724-4347-8B16-78AE18552FC3}" = "NeroDigitalIconHandler"
-> {HKLM...CLSID} = "NeroDigitalIconHandler Class"
\InProcServer32\(Default) = "G:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]
"{7F1CF152-04F8-453A-B34C-E609530A9DC8}" = "NeroDigitalPropSheetHandler"
-> {HKLM...CLSID} = "NeroDigitalPropSheetHandler Class"
\InProcServer32\(Default) = "G:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]
"{453D1B6D-BD6A-4FA1-B876-9E4DD848D434}" = "AQQ File Transfer Shell Extension"
-> {HKLM...CLSID} = "AQQ File Transfer Shell Extension"
\InProcServer32\(Default) = "G:\PROGRA~1\WapSter\AQQ\System\AQQSHE~1.DLL" [null data]
"{4858E7D9-8E12-45a3-B6A3-1CD128C9D403}" = "TuneUp Shredder Shell Extension"
-> {HKLM...CLSID} = "TuneUp Shredder Shell Extension"
\InProcServer32\(Default) = "G:\Program Files\TuneUp Utilities 2007\SDShelEx-win32.dll" ["TuneUp Software GmbH"]
"{44440D00-FF19-4AFC-B765-9A0970567D97}" = "TuneUp Theme Extension"
-> {HKLM...CLSID} = "TuneUp Theme Extension"
\InProcServer32\(Default) = "G:\WINDOWS\system32\uxtuneup.dll" ["TuneUp Software GmbH"]
"{A155339D-CCCD-4714-85EB-3754B804C9DF}" = "a-squared Free Shell Extension"
-> {HKLM...CLSID} = "a-squared Free Shell Extension"
\InProcServer32\(Default) = "G:\Program Files\a-squared Free\a2freecontmenu.dll" ["Emsi Software GmbH"]

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\
<<!>> "AppInit_DLLs" = "G:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll G:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL" ["Kaspersky Lab"]

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
<<!>> klogon\DLLName = "G:\WINDOWS\system32\klogon.dll" ["Kaspersky Lab"]

HKLM\Software\Classes\PROTOCOLS\Filter\
<<!>> text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "G:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]

HKLM\Software\Classes\Folder\shellex\ColumnHandlers\
{7D4D6379-F301-4311-BEBA-E26EB0561882}\(Default) = "NeroDigitalExt.NeroDigitalColumnHandler"
-> {HKLM...CLSID} = "NeroDigitalColumnHandler Class"
\InProcServer32\(Default) = "G:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
-> {HKLM...CLSID} = "PDF Shell Extension"
\InProcServer32\(Default) = "G:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
AQQFileTransfer\(Default) = "{453D1B6D-BD6A-4FA1-B876-9E4DD848D434}"
-> {HKLM...CLSID} = "AQQ File Transfer Shell Extension"
\InProcServer32\(Default) = "G:\PROGRA~1\WapSter\AQQ\System\AQQSHE~1.DLL" [null data]
EPPShellEx\(Default) = "{509FE1AF-ADD5-49EC-BC55-7CF81FD16E78}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "G:\Program Files\EPSON\Creativity Suite\Easy Photo Print\EPPShell.dll" ["SEIKO EPSON CORPORATION"]
Kaspersky Anti-Virus\(Default) = "{dd230880-495a-11d1-b064-008048ec2fc5}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "G:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\ShellEx.dll" ["Kaspersky Lab"]
TuneUp Shredder Shell Extension\(Default) = "{4858E7D9-8E12-45a3-B6A3-1CD128C9D403}"
-> {HKLM...CLSID} = "TuneUp Shredder Shell Extension"
\InProcServer32\(Default) = "G:\Program Files\TuneUp Utilities 2007\SDShelEx-win32.dll" ["TuneUp Software GmbH"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "G:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
TuneUp Shredder Shell Extension\(Default) = "{4858E7D9-8E12-45a3-B6A3-1CD128C9D403}"
-> {HKLM...CLSID} = "TuneUp Shredder Shell Extension"
\InProcServer32\(Default) = "G:\Program Files\TuneUp Utilities 2007\SDShelEx-win32.dll" ["TuneUp Software GmbH"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "G:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
a-squared Free Shell Extension\(Default) = "{A155339D-CCCD-4714-85EB-3754B804C9DF}"
-> {HKLM...CLSID} = "a-squared Free Shell Extension"
\InProcServer32\(Default) = "G:\Program Files\a-squared Free\a2freecontmenu.dll" ["Emsi Software GmbH"]
Kaspersky Anti-Virus\(Default) = "{dd230880-495a-11d1-b064-008048ec2fc5}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "G:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\ShellEx.dll" ["Kaspersky Lab"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "G:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\
a-squared Free Shell Extension\(Default) = "{A155339D-CCCD-4714-85EB-3754B804C9DF}"
-> {HKLM...CLSID} = "a-squared Free Shell Extension"
\InProcServer32\(Default) = "G:\Program Files\a-squared Free\a2freecontmenu.dll" ["Emsi Software GmbH"]


Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------

Note: detected settings may not have any effect.

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\

"ClearRecentDocsOnExit" = (REG_DWORD) hex:0x00000001
{unrecognized setting}

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\

"NoLowDiscSpaceChecks" = (REG_BINARY) hex:00 00 00 00 00 00 F0 3F
{unrecognized setting}

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\

"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}

"undockwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}


Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "G:\WINDOWS\web\wallpaper\Idylla.bmp"

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "G:\WINDOWS\web\wallpaper\Idylla.bmp"


Startup items in "dom" & "All Users" startup folders:
-----------------------------------------------------

G:\Documents and Settings\All Users\Menu Start\Programy\Autostart
"DSLMON" -> shortcut to: "G:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe" [null data]


Enabled Scheduled Tasks:
------------------------

"1-Klick-Wartung" -> launches: "G:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe /schedulestart" ["TuneUp Software GmbH"]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 13
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05


Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{85F685C3-20D9-4943-95E4-EB4224056C3F}" = "Expressivo"
-> {HKLM...CLSID} = "Expressivo"
\InProcServer32\(Default) = "G:\Program Files\ivo\Expressivo\IH_iexplore.dll" ["IVO Software Sp. z o.o."]
"{EE5D279F-081B-4404-994D-C6B60AAEBA6D}" = (no title provided)
-> {HKLM...CLSID} = "EPSON Web-To-Page"
\InProcServer32\(Default) = "G:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll" ["SEIKO EPSON CORPORATION"]

Explorer Bars

HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\

HKLM\Software\Classes\CLSID\{85E0B171-04FA-11D1-B7DA-00A0C90348D6}\(Default) = "Statystyki ochrony WWW"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "G:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll" ["Kaspersky Lab"]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC}"
-> {HKCU...CLSID} = "Java Plug-in 1.6.0_01"
\InProcServer32\(Default) = "G:\Program Files\Java\jre1.6.0_01\bin\ssv.dll" ["Sun Microsystems, Inc."]
-> {HKLM...CLSID} = "Java Plug-in 1.6.0_01"
\InProcServer32\(Default) = "G:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll" ["Sun Microsystems, Inc."]

{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E}\
"ButtonText" = "Statystyki ochrony WWW"


Miscellaneous IE Hijack Points
------------------------------

HKLM\Software\Microsoft\Internet Explorer\AboutURLs\
<<H>> "TuneUp" = "file://G|/Documents and Settings/All Users/Dane aplikacji/TuneUp Software/Common/base.css" [file not found]


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

a-squared Free Service, a2free, "G:\Program Files\a-squared Free\a2service.exe" ["Emsi Software GmbH"]
Diskeeper, Diskeeper, ""G:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe"" ["Diskeeper Corporation"]
Karta wydajności WMI, WmiApSrv, "G:\WINDOWS\system32\wbem\wmiapsrv.exe" [MS]
Kaspersky Internet Security 6.0, AVP, ""G:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" -r" ["Kaspersky Lab"]
LightScribeService Direct Disc Labeling Service, LightScribeService, ""G:\Program Files\Common Files\LightScribe\LSSrvc.exe"" ["Hewlett-Packard Company"]
TuneUp Designerweiterung, UxTuneUp, "G:\WINDOWS\System32\svchost.exe -k netsvcs" {"G:\WINDOWS\System32\uxtuneup.dll" ["TuneUp Software GmbH"]}
Windows User Mode Driver Framework, UMWdf, "G:\WINDOWS\system32\wdfmgr.exe" [MS]

To.

Otwórz Notatnik i wklej:

Windows Registry Editor Version 5.00 

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9d9a6c20-fd6c-11db-b1dd-4d6564696130}]

Plik => Zapisz jako => Zmień rozszerzenie z .txt na Wszystkie pliki => Następnie zapisz pod nazwą FIX.REG

Uruchom utworzony plik FIX.REG, a później potwierdź dodanie do Rejestru i zresetuj komputer.

Logfile of HijackThis v1.99.1
Scan saved at 10:42:53, on 2007-07-12
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\Shared Files\CTSched.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\A4Tech\Mouse\Amoumain.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
D:\Program Files\Gadu-Gadu\gg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Skype\Plugin Manager\SkypePM.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Neostrada TP\NeostradaTP.exe
C:\Program Files\Neostrada TP\ComComp.exe
C:\Program Files\Neostrada TP\Watch.exe
C:\Program Files\Mozilla Firefox 2 Beta 1\firefox.exe
C:\DOCUME~1\Bari\USTAWI~1\Temp\Katalog tymczasowy 1 dla hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://szukaj.wp.pl
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.bearshare.com/sidebar.html?src=ssb
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.pl
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
R3 - URLSearchHook: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare applications\BearShare MediaBar\MediaBar.dll (file missing)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: XBTP02634 Class - {F97DA966-F09D-4cab-BF29-75A0026986EA} - C:\PROGRA~1\BEARSH~1\BEARSH~1\MediaBar.dll (file missing)
O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare applications\BearShare MediaBar\MediaBar.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [CreativeTaskScheduler] "C:\Program Files\Creative\Shared Files\CTSched.exe" /logon
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [WheelMouse] C:\Program Files\A4Tech\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Creative Software Update] "C:\Program Files\Creative\Shared Files\Software Update\AutoUpdate.exe" /Silent
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Komunikator] C:\Program Files\Tlen.pl\tlen.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "D:\Program Files\Gadu-Gadu\gg.exe" /tray
O8 - Extra context menu item: Dodaj do blokowanych banerów - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\ie_banner_deny.htm
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Statystyki ochrony WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwa...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A140FA26-89E8-48AD-9762-A06531E1C9CF}: NameServer = 194.204.159.1 217.98.63.164
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" -r (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Creative VF0260 RunApp Service (VF0260Srv) - Creative Technology Ltd. - C:\WINDOWS\system32\V0260Srv.exe

R3 - URLSearchHook: [url="http://www.download.net.pl/44/BearShare-Free/"]BearShare[/url] MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\[url="http://www.download.net.pl/44/BearShare-Free/"]BearShare[/url] applications\[url="http://www.download.net.pl/44/BearShare-Free/"]BearShare[/url] MediaBar\MediaBar.dll (file missing)
O2 - BHO: XBTP02634 Class - {F97DA966-F09D-4cab-BF29-75A0026986EA} - C:\PROGRA~1\BEARSH~1\BEARSH~1\MediaBar.dll (file missing)
O3 - Toolbar: [url="http://www.download.net.pl/44/BearShare-Free/"]BearShare[/url] MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\[url="http://www.download.net.pl/44/BearShare-Free/"]BearShare[/url] applications\[url="http://www.download.net.pl/44/BearShare-Free/"]BearShare[/url] MediaBar\MediaBar.dll (file missing)

Fix

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.bearshare.com/sidebar.html?src=ssb
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb

Fix w Hjt.

Pokaż logi z: Silent Runners + ComboFix.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.bearshare.com/sidebar.html?src=ssb
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb

Fix w Hjt.

Pokaż logi z: Silent Runners + ComboFix.

Już nie pokażę logów z silent runners i combo fix, bo u tego kolegi nie jestem często, a on tak na kompach się nie zna...

A szkoda, może jeszcze by coś było...