XP + AVAST + trojan? wirus?

[gosiareczka]

POOOOOMOCY....
Nie znam się za bardzo na wiruskach i innych .....
ale moze uda mi się opisac problem.

Wczoraj coś mi się chyba zainstalowało bo przy stronie o gg wyskoczył
komunikat ze KOŃ TROJAŃSKi... wrzuciłam to do kwarantanny bo nie dało się
usunąć...
Dziś przeskanowałam cały dysk - znalazł 3 trojany, które udało sie avastowi
usunąć...
Problem polega na tym, że ciągle widze w lewym dolnym roku że skanuje jakby
przychodzącą wiadomość... CIĄAAAGLE....
Potem wyrzuca komunikat:

czas oczekiwania na połącznie minął. Czekać dalej?
(winlogon.exe->193.223.101.17:25)... albo też po strzałce zupełnie inne
rzeczy z rozszerzeniem com, net lub innymi.


Co robić??? Jak to naprawić??
Pomożcie (tylko opiszcie co mam zrobić zrozumiałym językiem, bo jak
mówiłam... kiepska jestem)

[gosiareczka]

ach... i jeszcze jak włączę net od razu wyskakuje milion powiadomień o
podejrzanych wiadomościach - np z tytułem "hej info"

[neder]

wklej log z Hijack This

sprawdzenie loga z hijack this

[gosiareczka]

Logfile of HijackThis v1.99.1
Scan saved at 17:14:41, on 2005-11-23
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\HbTools\Bin\4.7.0.0\HbtSrv.exe
C:\PROGRA~1\GADU-G~1\gg.exe
C:\Documents and Settings\GOSIA\Pulpit\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
www.wp.pl/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
resultsmaster.com/SmartOffers/Services/resultsmaster/ResultsMasterHomeLeftPane.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
F2 - REG:system.ini: Shell=explorer.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} -
c:\program files\google\googletoolbar1.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} -
C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: H&otbar - {74CC49F7-EB32-4A08-B204-948962A6E3DB} - C:\Program
Files\HbTools\Bin\4.7.0.0\HbtHostIE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program
files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04
\bin\jusched.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [hriqxosl] C:\WINDOWS\System32\ejzqouty.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-
Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital
Imaging\\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Komunikator] C:\Program Files\Tlen.pl\tlen.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\PROGRA~1\GADU-G~1\gg.exe" /tray
O4 - HKCU\..\Run: [Skype] "C:\Program
Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [aupd] C:\WINDOWS\System32\sywsvcs.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware
Doctor\swdoctor.exe" /Q
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://c:\program
files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program
files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program
files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program
files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&ksport do programu Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program
files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program
files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-
00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} -
C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: ShopperReports - Compare travel rates - {946B3E9E-E21A-49c8-
9F63-900533FAFE14} - C:\Program Files\ShopperReports\Bin\1.0.8.0\ShprRprt.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} -
C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-
00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: ShopperReports - Compare product prices - {E77EDA01-3C56-
4a96-8D08-02B42891C169} - C:\Program Files\ShopperReports\Bin\1.0.8.0
\ShprRprt.dll
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - ms-
its:mhtml:file://c:\nosuklc.mht!http://kazaalite.pl/stats/loud.chm::/Bridge-
c139.cab
O16 - DPF: {8C875948-9C60-4381-9248-0DF180542D53} (HbtInstObj) -
installs.hotbar.com/installs/hbtools/programs/hbtools.cab
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller
Control) - ms-its:mhtml:file://c:\nosukmt.mht!
kazaalite.pl/stats/mta.chm::/MediaTicketsInstaller.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IncrediMail) -
www5.incredimail.com/contents/setup/downloader_jfp_ag/imloader.cab
O20 - Winlogon Notify: msctl32.dll - C:\WINDOWS\system32\msctl32.dll (file
missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner -
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil
Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil
Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil
Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools - C:\Program
Files\Spyware Doctor\sdhelp.exe

[Gość: k]

piracki windows bez aktaulizacji...

Zanstaluj sobie Opere (znajdziesz na google i nie uzywaj wiecej Internet
Explorera o ile nie chcesz miec syfu!

W menadzerze zadan zakoncz:
C:\Program Files\HbTools\Bin\4.7.0.0\HbtSrv.exe

W hijackthis:

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
resultsmaster.com/SmartOffers/Services/resultsmaster/ResultsMasterHomeLeftPane.h
tm
O3 - Toolbar: H&otbar - {74CC49F7-EB32-4A08-B204-948962A6E3DB} - C:\Program
Files\HbTools\Bin\4.7.0.0\HbtHostIE.dll <- usun katalog HbTools
O4 - HKLM\..\Run: [hriqxosl] C:\WINDOWS\System32\ejzqouty.exe <- usun plik
O4 - HKCU\..\Run: [aupd] C:\WINDOWS\System32\sywsvcs.exe <- usun plik
O9 - Extra button: ShopperReports - Compare travel rates - {946B3E9E-E21A-49c8-
9F63-900533FAFE14} - C:\Program Files\ShopperReports\Bin\1.0.8.0\ShprRprt.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} -
C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-
00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: ShopperReports - Compare product prices - {E77EDA01-3C56-
4a96-8D08-02B42891C169} - C:\Program Files\ShopperReports\Bin\1.0.8.0
\ShprRprt.dll <- usun katalog ShopperReports
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - ms-
its:mhtml:file://c:\nosuklc.mht!http://kazaalite.pl/stats/loud.chm::/Bridge-
c139.cab
O16 - DPF: {8C875948-9C60-4381-9248-0DF180542D53} (HbtInstObj) -
installs.hotbar.com/installs/hbtools/programs/hbtools.cab
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller
Control) - ms-its:mhtml:file://c:\nosukmt.mht!
kazaalite.pl/stats/mta.chm::/MediaTicketsInstaller.cab
O20 - Winlogon Notify: msctl32.dll - C:\WINDOWS\system32\msctl32.dll (file
missing)

I jeszcze skan tym:
download.ewido.net/ewido-setup.exe <- zrob update przed skanowaniem, po
przeskanowaniu odinstaluj.

Po wszystkim nowy log.

kontrolne sprawdzenie loga z hijack this

[gosiareczka]

dzięki za pomoc i prosze jeszcze o spr. kontrolne....

Pytanie jeszcze jedno.... nie działa mi teraz poczta... nie chce sie połączyć
(outlook express 6.0 - bład: Serwer zwrócił błąd. Konto: 'poczta.fm',
Serwer: 'poczta.fm', Protokół: POP3, Odpowiedź serwera: '-ERR Cannot connect
to POP server 217.74.64.235 (217.74.64.235:110), connect error 10060', Port:
110, Zabezpieczenie (SSL): Nie, Błąd serwera: 0x800CCC90, Numer błędu:
0x800CCC90)




Logfile of HijackThis v1.99.1
Scan saved at 21:06:11, on 2005-11-23
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\GADU-G~1\gg.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18
\c3d1ac703af22ad23576d007bc6ee098\update\update.exe
C:\Documents and Settings\GOSIA\Pulpit\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
www.wp.pl/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
resultsmaster.com/SmartOffers/Services/resultsmaster/ResultsMasterHomeLeftPane.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
F2 - REG:system.ini: Shell=explorer.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} -
c:\program files\google\googletoolbar1.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} -
C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: H&otbar - {74CC49F7-EB32-4A08-B204-948962A6E3DB} - C:\Program
Files\HbTools\Bin\4.7.0.0\HbtHostIE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program
files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04
\bin\jusched.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-
Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital
Imaging\\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\PROGRA~1\GADU-G~1\gg.exe" /tray
O4 - HKCU\..\Run: [Skype] "C:\Program
Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware
Doctor\swdoctor.exe" /Q
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://c:\program
files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program
files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program
files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program
files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&ksport do programu Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program
files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program
files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-
00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} -
C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} -
C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-
00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - ms-
its:mhtml:file://c:\nosuklc.mht!http://kazaalite.pl/stats/loud.chm::/Bridge-
c139.cab
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller
Control) - ms-its:mhtml:file://c:\nosukmt.mht!
kazaalite.pl/stats/mta.chm::/MediaTicketsInstaller.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IncrediMail) -
www5.incredimail.com/contents/setup/downloader_jfp_ag/imloader.cab
O20 - Winlogon Notify: msctl32.dll - C:\WINDOWS\system32\msctl32.dll (file
missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner -
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil
Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil
Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil
Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools - C:\Program
Files\Spyware Doctor\sdhelp.exe

[Gość: k]

Jakie kontrolne? Nie usunelas tego co podalem i nie zmienilas przegladarki.
Poczta Ci nie dziala bo cos sie u nich zepsulo, jak naprawia to zacznie.

[gosiareczka]

-usunęłam, ale nie wiem dlaczego nadal się to pojawiało, moze teraz?
-zainstalowałam operę - wg zaleceń
-poczta działa
-czy wszystko teraz juz ok?



Logfile of HijackThis v1.99.1
Scan saved at 11:41:48, on 2005-11-24
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\GADU-G~1\gg.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Opera\Opera.exe
C:\Documents and Settings\GOSIA\Pulpit\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.wp.pl/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = resultsmaster.com/SmartOffers/Services/resultsmaster/ResultsMasterHomeLeftPane.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
F2 - REG:system.ini: Shell=explorer.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\PROGRA~1\GADU-G~1\gg.exe" /tray
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - ms-its:mhtml:file://c:\nosuklc.mht!http://kazaalite.pl/stats/loud.chm::/Bridge-c139.cab
O20 - Winlogon Notify: msctl32.dll - C:\WINDOWS\system32\msctl32.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools - C:\Program Files\Spyware Doctor\sdhelp.exe

[Gość: k]

Mialas nie uzywac IE, a dalej masz go wlaczonego wiec zapewne uzywasz...

W hijackthis usun:

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} -
C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-
00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - ms-its:mhtml:
href="file://c:\nosuklc.mht!http://kazaalite.pl/stats/loud.chm::/Bridge-
c139.cab" target="_blank">file://c:\nosuklc.mht!
kazaalite.pl/stats/loud.chm::/Bridge-c139.cab
O20 - Winlogon Notify: msctl32.dll - C:\WINDOWS\system32\msctl32.dll (file
missing)

[gosiareczka]

Nie używam IE, zainstalowałam operę i to ona odpala się pierwsza... ale IE nie odinstalowywałam - powinnam to zrobić czy wystarczy nie korzystać z IE?

Logfile of HijackThis v1.99.1
Scan saved at 12:30:29, on 2005-11-24
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\GADU-G~1\gg.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Opera\Opera.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\GOSIA\Pulpit\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.wp.pl/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = resultsmaster.com/SmartOffers/Services/resultsmaster/ResultsMasterHomeLeftPane.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
F2 - REG:system.ini: Shell=explorer.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\PROGRA~1\GADU-G~1\gg.exe" /tray
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools - C:\Program Files\Spyware Doctor\sdhelp.exe

[sunrise79]

sprawdz czy masz ustawioną opere jako domyślną przeglądarke
Narzędzia/preferencje/zaawansowane/programy

[Gość: k]

Log wyglada juz ok, a co do IE to go nie uruchamiaj i tyle :-)

dzięki wielkie :)))

[gosiareczka]

Świetnie... :)))
Dziękuję baaaaaaaaaaaaaaardzo gorąco za pomoc :)))))
pozdrówka :)