moj log

[Gość: e-teacher]

przedstawiam Wam moj log, nie wiem co z tym zrobic, dostalem pracownie w
szkole po przednim nauczycielu i zalamalem rece, non stop jakies pop upy i
inne dziwne historie, co powiinenem zrobic???
to log z hijacka
Logfile of HijackThis v1.99.1
Scan saved at 10:02:08, on 2005-09-05
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\System32\termsrv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\msdtc.exe
C:\WINNT\system32\Dfssvc.exe
C:\WINNT\System32\tcpsvcs.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\ismserv.exe
C:\WINNT\System32\llssrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\OLAP Services\Bin\msmdsrv.exe
C:\WINNT\system32\ntfrs.exe
C:\WINNT\system32\regsvc.exe
C:\EuroPlus+\Server\RewardSchool.exe
C:\WINNT\System32\locator.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\wins.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\dns.exe
C:\WINNT\System32\inetsrv\inetinfo.exe
C:\WINNT\System32\modemshr.exe
C:\Program Files\Exchsrvr\bin\exmgmt.exe
C:\Program Files\Exchsrvr\bin\mad.exe
C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe
C:\Program Files\Microsoft Shared Fax\Bin\FXSSVC.exe
C:\Program Files\Microsoft ISA Server\mspadmin.exe
C:\Program Files\Exchsrvr\bin\store.exe
C:\Program Files\Exchsrvr\bin\emsmta.exe
C:\Program Files\Microsoft ISA Server\w3proxy.exe
C:\Program Files\Microsoft ISA Server\W3Prefch.exe
C:\Program Files\Microsoft ISA Server\wspsrv.exe
C:\WINNT\Explorer.EXE
C:\Program Files\ISTsvc\istsvc.exe
C:\Program Files\Media Access\MediaAccK.exe
C:\WINNT\bdpkce.exe
C:\Program Files\Media Access\MediaAccess.exe
C:\Program Files\Internet Optimizer\optimize.exe
C:\temp\salm.exe
C:\Program Files\Vojs\Qmymu.exe
C:\WINNT\system32\id5g7gv3.exe
C:\WINNT\system32\rundll32.exe
C:\WINNT\system32\gglib.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\Internet Optimizer\actalert.exe
C:\Program Files\BullsEye Network\bin\bargains.exe
C:\WINNT\system32\wuauclt.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\DOCUME~1\ADMINI~1\USTAWI~1\Temp\Rar$EX33.250\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
res://C:\DOCUME~1\ADMINI~1\USTAWI~1\Temp\se.dll/spage.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
sbs2k
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
res://C:\DOCUME~1\ADMINI~1\USTAWI~1\Temp\se.dll/spage.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings,ProxyServer = sbs2k:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings,ProxyOverride = sbs2k*;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no
file)
O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} -
C:\WINNT\nem220.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: BHObj Class - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} -
C:\WINNT\wsem303.dll
O2 - BHO: BAHelper Class - {A3FDD654-A057-4971-9844-4ED8E67DBBB8} -
C:\Program Files\SideFind\sfbho.dll
O2 - BHO: (no name) - {E16F387E-0388-417A-8680-1504D2F5BC23} -
C:\WINNT\system32\fpck.dll
O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} -
C:\WINNT\system32\msbe.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: ISTbar - {FAA356E4-D317-42a6-AB41-A3021C6E7D52} - C:\Program
Files\ISTbar\istbarcm.dll
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O4 - HKLM\..\Run: [PvXSE] C:\WINNT\bdpkce.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet
Optimizer\optimize.exe"
O4 - HKLM\..\Run: [salm] c:\temp\salm.exe
O4 - HKLM\..\Run: [BullsEye Network] C:\Program Files\BullsEye
Network\bin\bargains.exe
O4 - HKLM\..\Run: [uzqpar] C:\WINNT\uzqpar.exe
O4 - HKLM\..\Run: [Tfmsg] C:\Program Files\Vojs\Qmymu.exe
O4 - HKLM\..\Run: [id5g7gv3] C:\WINNT\system32\id5g7gv3.exe
O4 - HKLM\..\Run: [Pvůőš/‚˛95ßPĎvbšŹÁC:\Program Files\ISTsvc\istsvc.exe]
C:\WINNT\bdpkce.exe
O4 - HKLM\..\Run: [sp] rundll32 C:\DOCUME~1\ADMINI~1\USTAWI~1
\Temp\se.dll,DllInstall
O4 - HKLM\..\Run: [vmtuner] gglib.exe
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [STManager] "C:\Program Files\SpeedTouch\Dr
SpeedTouch\drst.exe" -b
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
Office\Office10\OSA.EXE
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL
Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: E&ksport do programu Microsoft Excel -
res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} -
C:\Program Files\SideFind\sidefind.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} -
C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-
00aa003c157a} - C:\WINNT\web\related.htm
O14 - IERESET.INF: START_PAGE_URL=sbs2k
O15 - Trusted Zone: ny.contentmatch.net (HKLM)
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} -
static.windupdates.com/cab/MediaAccessVerisign/ie/bridge-c11.cab
O16 - DPF: {1FB464C8-09BB-4017-A2F5-EB742F04392F} (Microsoft Terminal
Services Control (redist)) - sbs2k/myconsole/mstscax.cab
O16 - DPF: {7C559105-9ECF-42B8-B3F7-832E75EDD959} (Installer Class) -
www.xxxtoolbar.com/ist/softwares/v4.0/0006_regular.cab
O16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339} -
www.netvenda.com/sites/games-intl/pl/games4.cab?fgiocv=1
O16 - DPF: {D19781C5-2051-44F8-8445-DDC82933C191}
(VacPro.internazionale_ver11) -
advnt01.com/dialer/internazionale_ver11.CAB
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = men2k.edu.pl
O17 - HKLM\System\CCS\Services\Tcpip\..\{88DAC08D-7348-47D9-8667-
0713BB2AB6E9}: Domain = men2k.edu.pl
O17 - HKLM\System\CCS\Services\Tcpip\..\{88DAC08D-7348-47D9-8667-
0713BB2AB6E9}: NameServer = 192.168.16.2
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = men2k.edu.pl
O17 - HKLM\System\CS2\Services

[Gość: Kolobos]

Log sie nie zmiescil caly..

Skan tym:
download.microsoft.com/download/8/1/5/815d2d60-49b5-44dc-ae35-fca2f2c6f0cc/MicrosoftAntiSpywareInstall.exe
download.ewido.net/ewido-setup.exe <- zrob update przed skanowaniem, po
przeskanowaniu odinstaluj.
Zamknij porty tym:
www.firewallleaktester.com/tools/wwdc.exe
Uzyj tez:
www.trojaner-info.de/files/SpSeHjfix112.exe
securityresponse.symantec.com/avcenter/FxIstbar.exe

Zakoncz procesy:
C:\Program Files\ISTsvc\istsvc.exe <- usun katalog
C:\Program Files\Media Access\MediaAccK.exe <- usun katalog
C:\WINNT\bdpkce.exe <- usun plik
C:\Program Files\Media Access\MediaAccess.exe
C:\Program Files\Internet Optimizer\optimize.exe <- usun katalog
C:\temp\salm.exe <- usun wszystko z temp
C:\Program Files\Vojs\Qmymu.exe <- usun Vojs
C:\WINNT\system32\id5g7gv3.exe <- usun plik
C:\WINNT\system32\gglib.exe <- usun plik
C:\Program Files\Internet Optimizer\actalert.exe
C:\Program Files\BullsEye Network\bin\bargains.exe <- usun katalog

W hijackthis usun:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
res://C:\DOCUME~1\ADMINI~1\USTAWI~1\Temp\se.dll/spage.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
sbs2k
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
res://C:\DOCUME~1\ADMINI~1\USTAWI~1\Temp\se.dll/spage.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no
file)
O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} -
C:\WINNT\nem220.dll <- usun plik
O2 - BHO: BHObj Class - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} -
C:\WINNT\wsem303.dll <- usun plik
O2 - BHO: BAHelper Class - {A3FDD654-A057-4971-9844-4ED8E67DBBB8} -
C:\Program Files\SideFind\sfbho.dll <- usun katalog
O2 - BHO: (no name) - {E16F387E-0388-417A-8680-1504D2F5BC23} -
C:\WINNT\system32\fpck.dll <- usun plik
O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} -
C:\WINNT\system32\msbe.dll <- usun plik
O3 - Toolbar: ISTbar - {FAA356E4-D317-42a6-AB41-A3021C6E7D52} - C:\Program
Files\ISTbar\istbarcm.dll <- usun katalog
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O4 - HKLM\..\Run: [PvXSE] C:\WINNT\bdpkce.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet
Optimizer\optimize.exe"
O4 - HKLM\..\Run: [salm] c:\temp\salm.exe
O4 - HKLM\..\Run: [BullsEye Network] C:\Program Files\BullsEye
Network\bin\bargains.exe
O4 - HKLM\..\Run: [uzqpar] C:\WINNT\uzqpar.exe <- usun plik
O4 - HKLM\..\Run: [Tfmsg] C:\Program Files\Vojs\Qmymu.exe
O4 - HKLM\..\Run: [id5g7gv3] C:\WINNT\system32\id5g7gv3.exe <- usun plik
O4 - HKLM\..\Run: [Pvůőš/‚˛95ßPĎvbšŹÁC:\Program Files\ISTsvc\istsvc.exe]
C:\WINNT\bdpkce.exe
O4 - HKLM\..\Run: [sp] rundll32 C:\DOCUME~1\ADMINI~1\USTAWI~1
\Temp\se.dll,DllInstall
O4 - HKLM\..\Run: [vmtuner] gglib.exe
O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} -
C:\Program Files\SideFind\sidefind.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} -
C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-
00aa003c157a} - C:\WINNT\web\related.htm
O15 - Trusted Zone: ny.contentmatch.net (HKLM)
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} -
static.windupdates.com/cab/MediaAccessVerisign/ie/bridge-c11.cab
O16 - DPF: {7C559105-9ECF-42B8-B3F7-832E75EDD959} (Installer Class) -
www.xxxtoolbar.com/ist/softwares/v4.0/0006_regular.cab
O16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339} -
www.netvenda.com/sites/games-intl/pl/games4.cab?fgiocv=1
O16 - DPF: {D19781C5-2051-44F8-8445-DDC82933C191}
(VacPro.internazionale_ver11) -
advnt01.com/dialer/internazionale_ver11.CAB

Jak juz wszystko zrobisz to wklej nowy log.

Ps. Zawsze myslalem, ze nauczyciel powinien sie znac na komputerach ;-)

[Gość: e-teacher]

nauczyciel powinien, ale niekoniecznie angielskiego;];];], robie co moge, a z
drugiej strony, kto to widział żeby nauczyciel angielskiego miał sale
informatyczna (jedna z dwóch) przy 4 informatykach w szkole;;];];]

[Gość: e-teacher]

Logfile of HijackThis v1.99.1
Scan saved at 08:31:52, on 2005-09-07
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\System32\termsrv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\msdtc.exe
C:\WINNT\system32\Dfssvc.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\ismserv.exe
C:\WINNT\System32\llssrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\OLAP Services\Bin\msmdsrv.exe
C:\WINNT\system32\ntfrs.exe
C:\WINNT\system32\regsvc.exe
C:\EuroPlus+\Server\RewardSchool.exe
C:\WINNT\System32\locator.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\wins.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\dns.exe
C:\WINNT\System32\inetsrv\inetinfo.exe
C:\WINNT\System32\modemshr.exe
C:\Program Files\Exchsrvr\bin\exmgmt.exe
C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe
C:\Program Files\Microsoft Shared Fax\Bin\FXSSVC.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINNT\system32\wuauclt.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\DOCUME~1\ADMINI~1\USTAWI~1\Temp\Rar$EX49.500\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
www.onet.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
sbs2k
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings,ProxyServer = sbs2k:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings,ProxyOverride = sbs2k*;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft
AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [STManager] "C:\Program Files\SpeedTouch\Dr
SpeedTouch\drst.exe" -b
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
Office\Office10\OSA.EXE
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL
Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: E&ksport do programu Microsoft Excel -
res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O14 - IERESET.INF: START_PAGE_URL=sbs2k
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = men2k.edu.pl
O17 - HKLM\System\CCS\Services\Tcpip\..\{88DAC08D-7348-47D9-8667-0713BB2AB6E9}:
Domain = men2k.edu.pl
O17 - HKLM\System\CCS\Services\Tcpip\..\{88DAC08D-7348-47D9-8667-0713BB2AB6E9}:
NameServer = 192.168.16.2
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = men2k.edu.pl
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = men2k.edu.pl
O23 - Service: Usługa administracyjna Menedżera dysków logicznych (dmadmin) -
VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ForumConnectionGateway - Unknown owner -
C:\EuroPlus+\Server\ForumConnectionGateway.exe
O23 - Service: Microsoft H.323 Gatekeeper (GKSVC) - Unknown owner - svchost.exe
(file missing)
O23 - Service: Microsoft Connector for POP3 Mailboxes (MSPOP3Connector) -
Unknown owner - C:\Program Files\Microsoft BackOffice\Connectivity\POP3
Connector\vmimb.exe" /SERVICE (file missing)
O23 - Service: RewardForumService - Unknown owner -
C:\EuroPlus+\Server\RewardForumService.exe
O23 - Service: RewardLicenseDatabase - Unknown owner -
C:\EuroPlus+\Server\RewardLicenseDatabase.exe
O23 - Service: RewardLobbyServer2 - Unknown owner -
C:\EuroPlus+\Server\RewardLobbyServer2.exe
O23 - Service: RewardSchool - Unknown owner -
C:\EuroPlus+\Server\RewardSchool.exe
O23 - Service: RewardServiceProvider - Unknown owner -
C:\EuroPlus+\Server\RewardServiceProvider.exe
O23 - Service: RewardUserDatabase - Unknown owner -
C:\EuroPlus+\Server\RewardUserDatabase.exe
O23 - Service: UserInfoService - Unknown owner -
C:\EuroPlus+\Server\UserInfoService.exe

prosze bardzo, czy teraz juz wszystko ok???? z Twojej instrukcji po usuwaniu
hijackiem połowy tych plików które miałem usunąć już nie było;]
jeśli już czysto to dzięki bardzo a jeśli coś trzeba jeszcze zrobić to proszę o
rade

[Gość: Kolobos]

Jeszcze to w hijackthis:
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
O23 - Service: Microsoft H.323 Gatekeeper (GKSVC) - Unknown owner - svchost.exe
(file missing) <- uruchom services.msc i wylacz tam ta usluge, nastepnie
hijackthis->open misc tools->delete nt service i wpisz tam GKSVC

Na koniec zainstaluj aktualizacje do Internet Explorera z www.windowsupdate.com