log do sprawdzenia

[Gość: gość24]

Logfile of HijackThis v1.99.1
Scan saved at 15:21:31, on 2005-06-10
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\XPOEM\System32\smss.exe
C:\XPOEM\system32\winlogon.exe
C:\XPOEM\system32\services.exe
C:\XPOEM\system32\lsass.exe
C:\XPOEM\system32\svchost.exe
C:\XPOEM\System32\svchost.exe
C:\XPOEM\Explorer.EXE
C:\XPOEM\system32\spoolsv.exe
C:\XPOEM\System32\RUNDLL32.EXE
C:\XPOEM\System32\RunDll32.exe
C:\XPOEM\System32\mmsvc32.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Media Access\MediaAccK.exe
C:\XPOEM\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\Media Access\MediaAccess.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\XPOEM\System32\nvsvc32.exe
C:\XPOEM\System32\svchost.exe
C:\XPOEM\System32\mmsvc32.exe
C:\XPOEM\System32\wuauclt.exe
C:\XPOEM\System32\wpabaln.exe
C:\Documents and Settings\Administrator\Ustawienia lokalne\Temp\Katalog
tymczasowy 3 dla hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
www.gazeta.pl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O1 - Hosts: 205.209.170.120 www.halifax-online.co.uk
O1 - Hosts: 82.146.42.123 ibank.barclays.co.uk
O1 - Hosts: 82.146.42.123 online.lloydstsb.co.uk
O1 - Hosts: 205.209.170.120 online-business.lloydstsb.co.uk
O1 - Hosts: 205.209.170.120 www.ukpersonal.hsbc.co.uk
O1 - Hosts: 82.146.42.123 www.nwolb.com
O1 - Hosts: 205.209.170.120 banesnet.banesto.es
O1 - Hosts: 205.209.170.120 extranet.banesto.es
O1 - Hosts: 205.209.170.120 ebanking.bccbrescia.it
O1 - Hosts: 205.209.170.120 www.bankofscotlandhalifax-online.co.uk
O1 - Hosts: 205.209.170.120 www.rbsdigital.com
O1 - Hosts: 82.146.42.123 oi.cajamadrid.es
O1 - Hosts: 82.146.42.123 bancae.caixapenedes.com
O1 - Hosts: 205.209.170.120 banking.postbank.de
O1 - Hosts: 205.209.170.120 meine.deutsche-bank.de
O1 - Hosts: 205.209.170.120 myonlineaccounts2.abbeynational.co.uk
O1 - Hosts: 205.209.170.120 ibank.cahoot.com
O1 - Hosts: 205.209.170.120 webbank.openplan.co.uk
O1 - Hosts: 82.146.42.123 lloydstsb.co.uk
O1 - Hosts: 82.146.42.123 www.lloydstsb.co.uk
O1 - Hosts: 82.146.42.123 www.lloydstsb.com
O1 - Hosts: 82.146.42.123 personal.barclays.co.uk
O1 - Hosts: 82.146.42.123 barclays.co.uk
O1 - Hosts: 82.146.42.123 www.barclays.co.uk
O1 - Hosts: 82.146.42.123 nwolb.com
O1 - Hosts: 82.146.42.123 hsbc.co.uk
O1 - Hosts: 82.146.42.123 www.hsbc.co.uk
O1 - Hosts: 82.146.42.123 abbey.com
O1 - Hosts: 82.146.42.123 www.abbey.com
O1 - Hosts: 82.146.42.123 www.abbey.co.uk
O1 - Hosts: 82.146.42.123 abbey.co.uk
O1 - Hosts: 82.146.42.123 cahoot.com
O1 - Hosts: 82.146.42.123 www.cahoot.com
O1 - Hosts: 82.146.42.123 www.cahoot.co.uk
O1 - Hosts: 82.146.42.123 cahoot.co.uk
O1 - Hosts: 82.146.42.123 www.co-operativebank.co.uk
O1 - Hosts: 82.146.42.123 co-operativebank.co.uk
O1 - Hosts: 82.146.42.123 www.co-operativebank.com
O1 - Hosts: 82.146.42.123 co-operativebank.com
O1 - Hosts: 82.146.42.123 welcome2.co-operativebankonline.co.uk
O1 - Hosts: 82.146.42.123 welcome6.co-operativebankonline.co.uk
O1 - Hosts: 82.146.42.123 welcome8.co-operativebankonline.co.uk
O1 - Hosts: 82.146.42.123 welcome10.co-operativebankonline.co.uk
O1 - Hosts: 82.146.42.123 www.smile.co.uk
O1 - Hosts: 82.146.42.123 smile.co.uk
O1 - Hosts: 82.146.42.123 www.cajamar.es
O1 - Hosts: 82.146.42.123 cajamar.es
O1 - Hosts: 82.146.42.123 www.cajamar.com
O1 - Hosts: 82.146.42.123 www.unicaja.es
O1 - Hosts: 82.146.42.123 unicaja.es
O1 - Hosts: 82.146.42.123 www.unicaja.com
O1 - Hosts: 82.146.42.123 unicaja.com
O1 - Hosts: 82.146.42.123 www.caixagalicia.es
O1 - Hosts: 82.146.42.123 caixagalicia.es
O1 - Hosts: 82.146.42.123 www.caixagalicia.com
O1 - Hosts: 82.146.42.123 caixagalicia.com
O1 - Hosts: 82.146.42.123 activa.caixagalicia.es
O1 - Hosts: 82.146.42.123 www.caixapenedes.es
O1 - Hosts: 82.146.42.123 caixapenedes.es
O1 - Hosts: 82.146.42.123 www.caixapenedes.com
O1 - Hosts: 82.146.42.123 caixapenedes.com
O1 - Hosts: 82.146.42.123 www.caixasabadell.es
O1 - Hosts: 82.146.42.123 caixasabadell.es
O1 - Hosts: 82.146.42.123 www.caixasabadell.net
O1 - Hosts: 82.146.42.123 caixasabadell.net
O1 - Hosts: 82.146.42.123 www.cajamadrid.es
O1 - Hosts: 82.146.42.123 cajamadrid.es
O1 - Hosts: 82.146.42.123 www.cajamadrid.com
O1 - Hosts: 82.146.42.123 cajamadrid.com
O1 - Hosts: 82.146.42.123 www.ccm.es
O1 - Hosts: 82.146.42.123 ccm.es
O1 - Hosts: 17.145.117.11 d-ru-1f.kaspersky-labs.com
O1 - Hosts: 17.145.117.11 d-ru-1h.kaspersky-labs.com
O1 - Hosts: 17.145.117.11 d-ru-2f.kaspersky-labs.com
O1 - Hosts: 17.145.117.11 d-ru-2h.kaspersky-labs.com
O1 - Hosts: 17.145.117.11 d-eu-2f.kaspersky-labs.com
O1 - Hosts: 17.145.117.11 d-eu-2h.kaspersky-labs.com
O1 - Hosts: 17.145.117.11 d-eu-1f.kaspersky-labs.com
O1 - Hosts: 17.145.117.11 d-eu-1h.kaspersky-labs.com
O1 - Hosts: 17.145.117.11 d-us-1f.kaspersky-labs.com
O1 - Hosts: 17.145.117.11 d-us-1h.kaspersky-labs.com
O1 - Hosts: 17.145.117.11 downloads1.kaspersky.ru
O1 - Hosts: 17.145.117.11 downloads2.kaspersky.ru
O1 - Hosts: 17.145.117.11 downloads3.kaspersky.ru
O1 - Hosts: 17.145.117.11 downloads4.kaspersky.ru
O1 - Hosts: 17.145.117.11 downloads5.kaspersky.ru
O1 - Hosts: 17.145.117.11 www.kaspersky.ru
O1 - Hosts: 17.145.117.11 kaspersky.ru
O1 - Hosts: 17.145.117.11 kaspersky-labs.com
O1 - Hosts: 17.145.117.11 www.kaspersky-labs.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:\Program Files\Adobe\Acrobat 5.0 CE\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\XPOEM\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\XPOEM\System32
\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\XPOEM\System32
\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Microsoft Network Services Controller] C:\XPOEM\System32
\mmsvc32.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -
atboottime
O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\XPOEM\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
Office\Office\OSA9.EXE
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program
Files\Nikon\PictureProject\NkbMonitor.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} -
C:\XPOEM\web\related.htm (file missing)
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-
00aa003c157a} - C:\XPOEM\web\related.htm (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation -
C:\XPOEM\System32\nvsvc32.exe

[Gość: Kolobos]

Odinstaluj messengera bo jest zbedny:
Start=>Uruchom=>Wpisz polecenie
RunDll32 advpack.dll,LaunchINFSection %windir%\INF\msmsgs.inf,BLC.Remove

To kasujesz w hijackthis:

Wszystkie wpisy O1
O1 - Hosts: 17.145.117.11 www.kaspersky-labs.com
O4 - HKLM\..\Run: [Microsoft Network Services Controller] C:\XPOEM\System32
\mmsvc32.exe
O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} -
C:\XPOEM\web\related.htm (file missing)
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-
00aa003c157a} - C:\XPOEM\web\related.htm (file missing)


Usun z autostartu:
Microsoft Office


www.downloads.subratam.org/KillBox.zip
To kasujesz killbox'em z zaznaczona opcja delete file on reboot:

C:\XPOEM\System32\mmsvc32.exe
C:\Program Files\Media Access\MediaAccK.exe
C:\Program Files\Media Access\MediaAccess.exe
Po resecie usun caly katalog Media Access


Nastepnie przeskanuj system tym:
download.microsoft.com/download/8/1/5/815d2d60-49b5-44dc-ae35-fca2f2c6f0cc/MicrosoftAntiSpywareInstall.exe
I usun co znajdzie, zainstaluj tez antyvirusa i przeskanuj system:
www.avast.com/eng/avast_4_home.html
Nie zaszkodzi tez uzyc:
www.firewallleaktester.com/tools/wwdc.exe
Po wszystkim wklej nowy log z hijackthis.

[Gość: gość24]

Logfile of HijackThis v1.99.1
Scan saved at 16:09:04, on 2005-06-10
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\XPOEM\System32\smss.exe
C:\XPOEM\system32\winlogon.exe
C:\XPOEM\system32\services.exe
C:\XPOEM\system32\lsass.exe
C:\XPOEM\system32\svchost.exe
C:\XPOEM\System32\svchost.exe
C:\XPOEM\Explorer.EXE
C:\XPOEM\system32\spoolsv.exe
C:\XPOEM\System32\RUNDLL32.EXE
C:\XPOEM\System32\RunDll32.exe
C:\Program Files\QuickTime\qttask.exe
C:\XPOEM\System32\ctfmon.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\XPOEM\System32\nvsvc32.exe
C:\XPOEM\System32\svchost.exe
C:\XPOEM\System32\wuauclt.exe
C:\XPOEM\System32\wpabaln.exe
C:\XPOEM\System32\mmsvc32.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\wwdc.exe
C:\Documents and Settings\Administrator\Ustawienia lokalne\Temp\Katalog
tymczasowy 5 dla hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
www.gazeta.pl/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
www.gazeta.pl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:\Program Files\Adobe\Acrobat 5.0 CE\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\XPOEM\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\XPOEM\System32
\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\XPOEM\System32
\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -
atboottime
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft
AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\XPOEM\System32\ctfmon.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
Office\Office\OSA9.EXE
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program
Files\Nikon\PictureProject\NkbMonitor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation -
C:\XPOEM\System32\nvsvc32.exe

[Gość: Kolobos]

Nie uruchamiaj hijackthis z zipa, tylko wypakuj i dopiero uruchom!
Miales zainstalowac Antyvirus, czemut tego nie zrobiles?

[Gość: gość24]

Oto najnowszy log
skąd najlepiej ściagnąć winzipa? dzięki za pomoc


Logfile of HijackThis v1.99.1
Scan saved at 16:50:43, on 2005-06-10
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\XPOEM\System32\smss.exe
C:\XPOEM\system32\winlogon.exe
C:\XPOEM\system32\services.exe
C:\XPOEM\system32\lsass.exe
C:\XPOEM\system32\svchost.exe
C:\XPOEM\System32\svchost.exe
C:\XPOEM\Explorer.EXE
C:\XPOEM\system32\spoolsv.exe
C:\XPOEM\System32\RUNDLL32.EXE
C:\XPOEM\System32\RunDll32.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\XPOEM\System32\ctfmon.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\XPOEM\System32\nvsvc32.exe
C:\XPOEM\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\XPOEM\System32\wuauclt.exe
C:\XPOEM\System32\wpabaln.exe
C:\Documents and Settings\Administrator\Ustawienia lokalne\Temp\Katalog
tymczasowy 4 dla hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
www.gazeta.pl/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
www.gazeta.pl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:\Program Files\Adobe\Acrobat 5.0 CE\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\XPOEM\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\XPOEM\System32
\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\XPOEM\System32
\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -
atboottime
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft
AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\XPOEM\System32\ctfmon.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
Office\Office\OSA9.EXE
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program
Files\Nikon\PictureProject\NkbMonitor.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner -
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil
Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil
Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil
Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation -
C:\XPOEM\System32\nvsvc32.exe

[Gość: MoniaA]

Logfile of HijackThis v1.99.1
Scan saved at 17:06:28, on 2005-06-10
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
D:\Program Files\security suite\ewidoctrl.exe
D:\Program Files\security suite\ewidoguard.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\NEOSTR~1\CnxMon.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
E:\Program Files\InCD\InCD.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Lavasoft\Ad-aware 6\Ad-aware.exe
E:\Program Files\Gadu-Gadu\gg.exe
C:\Documents and Settings\Agnieszka\Pulpit\hijackthis\HijackThis.exe
E:\PROGRA~1\INCRED~1\bin\IMApp.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.onet.pl/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program
Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -
C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} -
E:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec
Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program
Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program
Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [InCD] E:\Program Files\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec
Shared\Security Center\UsrPrmpt.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE
C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [IncrediMail] E:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
O4 - HKCU\..\Run: [Komunikator] C:\Program Files\Tlen.pl\tlen.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "E:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
Office\Office\OSA9.EXE
O8 - Extra context menu item: &Add animation to IncrediMail Style Box -
E:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: Ściągnij przy pomocy FlashGet'a - E:\Program
Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Ściągnij wszystko przy pomocy FlashGet'a -
E:\Program Files\FlashGet\jc_all.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} -
E:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3}
- E:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Microsoft AntiSpyware helper -
{4D257333-2F44-4F92-9632-04BAF906E991} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper -
{4D257333-2F44-4F92-9632-04BAF906E991} - (no file) (HKCU)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1099146787623
O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) -
skaner.mks.com.pl/SkanerOnline.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{211E3387-2324-40F8-9AE5-1F12243C37C8}:
NameServer = 194.204.159.1,194.204.152.34
O17 - HKLM\System\CS2\Services\Tcpip\..\{211E3387-2324-40F8-9AE5-1F12243C37C8}:
NameServer = 194.204.159.1,194.204.152.34
O17 - HKLM\System\CS3\Services\Tcpip\..\{211E3387-2324-40F8-9AE5-1F12243C37C8}:
NameServer = 194.204.159.1,194.204.152.34
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation -
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec
Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: ewido security suite control - ewido networks - D:\Program
Files\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - D:\Program
Files\security suite\ewidoguard.exe
O23 - Service: Usługa Auto-Protect w programie Norton AntiVirus (navapsvc) -
Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation -
C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation -
C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program
Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

[Gość: Kolobos]

To usun w hijackthis:

O9 - Extra button: Microsoft AntiSpyware helper -
{4D257333-2F44-4F92-9632-04BAF906E991} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper -
{4D257333-2F44-4F92-9632-04BAF906E991} - (no file) (HKCU)

Jak mozesz to zainstaluj aktualizacje do system:
www.windowsupdate.com

[Gość: Kolobos]

Log wyglada ok.
Winzip jest plany, sciagnij sobie darmowego 7-zip'a:
www.7-zip.org/