sprawdzenie loga

[elbert]

Proszę o sprzwdzenie loga. Dziękuję.
Logfile of HijackThis v1.99.1
Scan saved at 00:13:45, on 2006-05-31
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\csrss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
E:\Program Files\Internet Explorer\iexplore.exe
E:\Program Files\Internet Explorer\iexplore.exe
E:\Program Files\Internet Explorer\iexplore.exe
E:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
E:\WINDOWS\system32\LEXBCES.EXE
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\system32\LEXPPS.EXE
E:\WINDOWS\Explorer.EXE
E:\Program Files\Creative\Desktop Wireless\mouse_2k.exe
E:\PROGRA~1\NORTON~1\NORTON~4\GHOSTS~2.EXE
E:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
E:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
E:\Program Files\Creative\Desktop Wireless\kb_2k.exe
E:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
E:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
E:\Program Files\QuickTime\qttask.exe
E:\Program Files\Spyware Doctor\sdhelp.exe
E:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
E:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
E:\WINDOWS\System32\wdfmgr.exe
E:\Program Files\Internet Explorer\iexplore.exe
E:\WINDOWS\System32\wuauclt.exe
E:\Program Files\Spyware Doctor\swdoctor.exe
E:\Documents and Settings\dom\Pulpit\SkrótyInne\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
www.google.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
E:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\Program
Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} -
E:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} -
E:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} -
E:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - E:\Program
Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
E:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [EM_EXEC] E:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [CreativeMouse ] E:\Program Files\Creative\Desktop
Wireless\mouse_2k.exe
O4 - HKLM\..\Run: [CreativeKeyboard ] E:\Program Files\Creative\Desktop
Wireless\kb_2k.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] E:\Program Files\Java\j2re1.4.2_05
\bin\jusched.exe
O4 - HKLM\..\Run: [PrinTray] E:\WINDOWS\System32\spool\DRIVERS\W32X86\3
\printray.exe
O4 - HKLM\..\Run: [PDF Converter Registry Controller] "E:\Program
Files\ScanSoft\PDF Converter 2.0\\RegistryController.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "E:\Program Files\Adobe\Acrobat 7.0
\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [PinnacleDriverCheck] E:\WINDOWS\System32\PSDrvCheck.exe -
CheckReg
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -
atboottime
O4 - HKCU\..\Run: [Spyware Doctor] "E:\Program Files\Spyware
Doctor\swdoctor.exe" /Q
O8 - Extra context menu item: E&ksport do programu Microsoft Excel -
res://E:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Konwertuj do Adobe PDF - res://E:\Program
Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Konwertuj do istniejącego pliku PDF -
res://E:\Program Files\Adobe\Acrobat 7.0
\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Konwertuj miejsce docelowe łącza do Adobe PDF -
res://E:\Program Files\Adobe\Acrobat 7.0
\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Konwertuj miejsce docelowe łącza do
istniejącego pliku PDF - res://E:\Program Files\Adobe\Acrobat 7.0
\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Konwertuj wybrane łącza do Adobe PDF -
res://E:\Program Files\Adobe\Acrobat 7.0
\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Konwertuj wybrane łącza do istniejącego pliku
PDF - res://E:\Program Files\Adobe\Acrobat 7.0
\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Konwertuj zaznaczenie do Adobe PDF -
res://E:\Program Files\Adobe\Acrobat 7.0
\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Konwertuj zaznaczenie do istniejącego pliku
PDF - res://E:\Program Files\Adobe\Acrobat 7.0
\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Open PDF in Word (PDF Converter 2.0) -
res://E:\Program Files\ScanSoft\PDF Converter 2.0\IEShellExt.dll /100
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
E:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-
00401C608501} - E:\WINDOWS\System32\msjava.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} -
E:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
E:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) -
www.kaspersky.pl/resources/virusscanner/kavwebscan_unicode.cab
O16 - DPF: {3D8700FB-86A4-4CB4-B738-6F0FC016AC7D} (MainControl Class) -
arcaonline.arcabit.com/ArcaOnline.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) -
a840.g.akamai.net/7/840/537/2005102501/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) -
www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer
Class) - acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) -
skaner.mks.com.pl/SkanerOnline.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D866B8C9-BD93-44BB-B71A-
ACF13FB0B134}: NameServer = 194.204.159.1,194.204.152.34
O20 - Winlogon Notify: 20242402reg - E:\Documents and Settings\All
Users\Dokumenty\Settings\20242402.dll
O20 - Winlogon Notify: artm_newreg - E:\Documents and Settings\All
Users\Dokumenty\Settings\artm_new.dll
O20 - Winlogon Notify: polymorphreg - E:\

[Gość: k]

Usun w hjt:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
F2 - REG:system.ini: UserInit=userinit.exe
O20 - Winlogon Notify: 20242402reg - E:\Documents and Settings\All
Users\Dokumenty\Settings\20242402.dll <- plik usun z dysku, najlepiej
killbox'em.
O20 - Winlogon Notify: artm_newreg - E:\Documents and Settings\All
Users\Dokumenty\Settings\artm_new.dll <- i ten

Doklej brakujaca czesc log'a od:
O20 - Winlogon Notify: polymorphreg - E:\

Do tego zrob skan przy pomocy ewido.

[elbert]

Nie udało się usunąć w hjt. i killbox'em
> O20 - Winlogon Notify: 20242402reg - E:\Documents and Settings\All
> Users\Dokumenty\Settings\20242402.dll <- plik usun z dysku, najlepiej
> killbox'em.
> O20 - Winlogon Notify: artm_newreg - E:\Documents and Settings\All
> Users\Dokumenty\Settings\artm_new.dll <

Załączam loga ewido anti-malware - Process report
---------------------------------------------------------

+ Created on: 22:12:44, 2006-06-01
+ Report-Checksum: 6D87CDB1

0: System Process
4: System Process
152: E:\Program Files\ewido anti-malware\ewidoctrl.exe
196: E:\Program Files\ewido anti-malware\ewidoguard.exe
216: E:\PROGRA~1\NORTON~1\NORTON~4\GHOSTS~2.EXE
236: E:\Program Files\Creative\Desktop Wireless\mouse_2k.exe
252: E:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
276: E:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
412: E:\Program Files\Creative\Desktop Wireless\kb_2k.exe
420: E:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
456: E:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
472: E:\Program Files\QuickTime\qttask.exe
528: E:\Program Files\Spyware Doctor\sdhelp.exe
588: E:\Program Files\Spyware Doctor\swdoctor.exe
592: \SystemRoot\System32\smss.exe
608: E:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
640: \??\E:\WINDOWS\system32\csrss.exe
664: \??\E:\WINDOWS\system32\winlogon.exe
708: E:\WINDOWS\system32\services.exe
720: E:\WINDOWS\system32\lsass.exe
848: E:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
888: E:\WINDOWS\system32\svchost.exe
912: E:\WINDOWS\System32\wdfmgr.exe
952: E:\WINDOWS\System32\svchost.exe
1076: E:\WINDOWS\System32\svchost.exe
1096: E:\WINDOWS\System32\svchost.exe
1188: E:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
1212: E:\Program Files\Internet Explorer\iexplore.exe
1232: E:\Program Files\Internet Explorer\iexplore.exe
1260: E:\Program Files\Internet Explorer\iexplore.exe
1400: E:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
1524: E:\WINDOWS\system32\LEXBCES.EXE
1552: E:\WINDOWS\system32\spoolsv.exe
1584: E:\WINDOWS\system32\LEXPPS.EXE
1780: E:\WINDOWS\Explorer.EXE
2492: E:\Program Files\ewido anti-malware\SecuritySuite.exe
2832: E:\Program Files\Internet Explorer\iexplore.exe
3036: E:\WINDOWS\System32\wuauclt.exe
3532: E:\Program Files\Internet Explorer\iexplore.exe

I ponownie Logfile of HijackThis v1.99.1
Scan saved at 22:15:18, on 2006-06-01
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\csrss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
E:\Program Files\Internet Explorer\iexplore.exe
E:\Program Files\Internet Explorer\iexplore.exe
E:\Program Files\Internet Explorer\iexplore.exe
E:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
E:\WINDOWS\system32\LEXBCES.EXE
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\system32\LEXPPS.EXE
E:\WINDOWS\Explorer.EXE
E:\PROGRA~1\NORTON~1\NORTON~4\GHOSTS~2.EXE
E:\Program Files\Creative\Desktop Wireless\mouse_2k.exe
E:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
E:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
E:\Program Files\Creative\Desktop Wireless\kb_2k.exe
E:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
E:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
E:\Program Files\QuickTime\qttask.exe
E:\Program Files\Spyware Doctor\sdhelp.exe
E:\Program Files\Spyware Doctor\swdoctor.exe
E:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
E:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
E:\WINDOWS\System32\wdfmgr.exe
E:\Program Files\Internet Explorer\iexplore.exe
E:\WINDOWS\System32\wuauclt.exe
E:\Program Files\Internet Explorer\iexplore.exe
E:\Program Files\ewido anti-malware\ewidoguard.exe
E:\Program Files\ewido anti-malware\ewidoctrl.exe
E:\Program Files\ewido anti-malware\SecuritySuite.exe
E:\WINDOWS\system32\NOTEPAD.EXE
E:\Documents and Settings\dom\Pulpit\SkrótyInne\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
www.google.pl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
E:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\Program
Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} -
E:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} -
E:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} -
E:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - E:\Program
Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
E:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [EM_EXEC] E:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [CreativeMouse ] E:\Program Files\Creative\Desktop
Wireless\mouse_2k.exe
O4 - HKLM\..\Run: [CreativeKeyboard ] E:\Program Files\Creative\Desktop
Wireless\kb_2k.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] E:\Program Files\Java\j2re1.4.2_05
\bin\jusched.exe
O4 - HKLM\..\Run: [PrinTray] E:\WINDOWS\System32\spool\DRIVERS\W32X86\3
\printray.exe
O4 - HKLM\..\Run: [PDF Converter Registry Controller] "E:\Program
Files\ScanSoft\PDF Converter 2.0\\RegistryController.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "E:\Program Files\Adobe\Acrobat 7.0
\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [PinnacleDriverCheck] E:\WINDOWS\System32\PSDrvCheck.exe -
CheckReg
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -
atboottime
O4 - HKCU\..\Run: [Spyware Doctor] "E:\Program Files\Spyware
Doctor\swdoctor.exe" /Q
O8 - Extra context menu item: E&ksport do programu Microsoft Excel -
res://E:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Konwertuj do Adobe PDF - res://E:\Program
Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Konwertuj do istniejącego pliku PDF -
res://E:\Program Files\Adobe\Acrobat 7.0
\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Konwertuj miejsce docelowe łącza do Adobe PDF -
res://E:\Program Files\Adobe\Acrobat 7.0
\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Konwertuj miejsce docelowe łącza do istniejącego
pliku PDF - res://E:\Program Files\Adobe\Acrobat 7.0
\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Konwertuj wybrane łącza do Adobe PDF -
res://E:\Program Files\Adobe\Acrobat 7.0
\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Konwertuj wybrane łącza do istniejącego pliku
PDF - res://E:\Program Files\Adobe\Acrobat 7.0
\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Konwertuj zaznaczenie do Adobe PDF -
res://E:\Program Files\Adobe\Acrobat 7.0
\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Konwertuj zaznaczenie do istniejącego pliku PDF -
res://E:\Program Files\Adobe\Acrobat 7.0
\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra

[Gość: k]

Czy ja prosilem o log z ewido? Czy ja prosilem o log z hijackthis? Chcialem
tylko zebys wkleil to co nie zmiescilo sie w poprzednim poscie (koncowka log'a
z hjt).

Dlaczego nie dalo sie usunac killbox'em?

[elbert]

wklejam końcówkę
O8 - Extra context menu item: Konwertuj miejsce docelowe łącza do Adobe PDF -
res://E:\Program Files\Adobe\Acrobat 7.0
\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Konwertuj miejsce docelowe łącza do istniejącego
pliku PDF - res://E:\Program Files\Adobe\Acrobat 7.0
\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Konwertuj wybrane łącza do Adobe PDF -
res://E:\Program Files\Adobe\Acrobat 7.0
\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Konwertuj wybrane łącza do istniejącego pliku
PDF - res://E:\Program Files\Adobe\Acrobat 7.0
\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Konwertuj zaznaczenie do Adobe PDF -
res://E:\Program Files\Adobe\Acrobat 7.0
\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Konwertuj zaznaczenie do istniejącego pliku PDF -
res://E:\Program Files\Adobe\Acrobat 7.0
\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Open PDF in Word (PDF Converter 2.0) -
res://E:\Program Files\ScanSoft\PDF Converter 2.0\IEShellExt.dll /100
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
E:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-
00401C608501} - E:\WINDOWS\System32\msjava.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} -
E:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
E:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) -
www.kaspersky.pl/resources/virusscanner/kavwebscan_unicode.cab
O16 - DPF: {3D8700FB-86A4-4CB4-B738-6F0FC016AC7D} (MainControl Class) -
arcaonline.arcabit.com/ArcaOnline.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) -
a840.g.akamai.net/7/840/537/2005102501/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) -
www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) -
skaner.mks.com.pl/SkanerOnline.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D866B8C9-BD93-44BB-B71A-ACF13FB0B134}:
NameServer = 194.204.159.1,194.204.152.34
O20 - Winlogon Notify: 20242402reg - E:\Documents and Settings\All
Users\Dokumenty\Settings\20242402.dll
O20 - Winlogon Notify: artm_newreg - E:\Documents and Settings\All
Users\Dokumenty\Settings\artm_new.dll
O20 - Winlogon Notify: polymorphreg - E:\Documents and Settings\All
Users\Dokumenty\Settings\polymorph.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation -
E:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation -
E:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation -
E:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - E:\Program
Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - E:\Program
Files\ewido anti-malware\ewidoguard.exe
O23 - Service: GhostStartService - Symantec Corporation - E:\PROGRA~1\NORTON~1
\NORTON~4\GHOSTS~2.EXE
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. -
E:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec
Corporation - E:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd -
E:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Speed Disk service - Symantec Corporation - E:\PROGRA~1\NORTON~1
\NORTON~2\SPEEDD~1\NOPDB.EXE
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. -
E:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
Pozdrawiam i dziękuję elbert.

[Gość: k]

Do kasacji to:
O20 - Winlogon Notify: 20242402reg - E:\Documents and Settings\All
Users\Dokumenty\Settings\20242402.dll
O20 - Winlogon Notify: artm_newreg - E:\Documents and Settings\All
Users\Dokumenty\Settings\artm_new.dll
O20 - Winlogon Notify: polymorphreg - E:\Documents and Settings\All
Users\Dokumenty\Settings\polymorph.dll

Albo usuwasz killbox'em z zaznaczona opcja delete on reboot, albo:
regsvr32.exe /u "E:\Documents and Settings\All
Users\Dokumenty\Settings\polymorph.dll"
to samo robisz z pozostalymi dwoma i kasujesz.

[elbert]

Podpiąłem mój dysk do innego kompa i wykasowałem pliki
20242402.dll,artm_new.dll,polymorph.dll. Odpaliłem na swoim i bez problemu
Hijack_iem skasowałem te wpisy.
Dziękuje za pomoc. Pozdrawiam - elbert