[Rozwiazany]Jak usunąć programy z traya?

[Yasco]

łał ma się ten łeb na karku...znów pokazałem klasę;D

mam nadzieje że to dobre je;P

Logfile of HijackThis v1.99.1

Scan saved at 22:18:16, on 2007-07-24

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:WINDOWSSystem32smss.exe

C:WINDOWSsystem32winlogon.exe

C:WINDOWSsystem32services.exe

C:WINDOWSsystem32lsass.exe

C:WINDOWSsystem32svchost.exe

C:WINDOWSSystem32svchost.exe

C:Program FilesIntelWirelessBinEvtEng.exe

C:Program FilesIntelWirelessBinS24EvMon.exe

C:Program FilesIntelWirelessBinWLKeeper.exe

C:WINDOWSsystem32spoolsv.exe

C:Program FilesLavasoftAd-Aware 2007aawservice.exe

C:PROGRA~1GrisoftAVG7avgamsvr.exe

C:PROGRA~1GrisoftAVG7avgupsvc.exe

C:Program FilesWIDCOMMBluetooth Softwarebinbtwdins.exe

C:WINDOWSeHomeehRecvr.exe

C:WINDOWSeHomeehSched.exe

C:Program FilesIntelWirelessBinRegSrvc.exe

C:WINDOWSSystem32snmp.exe

C:Program FilesAlcohol SoftAlcohol 120StarWindStarWindService.exe

C:WINDOWSsystem32svchost.exe

C:Program FilesHewlett-PackardSharedhpqwmiex.exe

C:WINDOWSsystem32mqsvc.exe

C:WINDOWSsystem32mqtgsvc.exe

C:WINDOWSsystem32dllhost.exe

C:WINDOWSsystem32wscntfy.exe

C:WINDOWSExplorer.EXE

C:Program FilesJavajre1.6.0_01binjusched.exe

C:Program FilesSynapticsSynTPSynTPEnh.exe

C:Program FilesHPQuickPlayQPService.exe

C:Program FilesHpHP Software UpdateHPWuSchd2.exe

C:Program FilesHPhpcoretechhpcmpmgr.exe

C:PROGRA~1GrisoftAVG7avgcc.exe

C:Program FilesTapeterTapeter.exe

C:WINDOWSsystem32ctfmon.exe

C:Program FilesGadu-Gadugg.exe

C:Program FilesGadwin SystemsPrintScreenProPrintScreenPro.exe

C:Program FilesWIDCOMMBluetooth SoftwareBTTray.exe

C:PROGRA~1WIDCOMMBLUETO~1BTSTAC~1.EXE

C:Program FilesWinampwinamp.exe

C:Program FilesWinampwinamp.exe

C:Program FilesMozilla Firefoxfirefox.exe

C:Documents and SettingsyascodApplication DataMicrosoftInternet ExplorerQuick LaunchHijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre1.6.0_01binssv.dll

O2 - BHO: Alcohol Toolbar Helper - {8126A4A5-BFD3-46FE-BBDF-BFB5CF78E489} - C:Program FilesAlcohol Toolbarv3.2.0.0Alcohol_Toolbar.dll

O3 - Toolbar: Alcohol Toolbar - {ED4BD629-C1B6-4399-8A34-02CCAA921DC9} - C:Program FilesAlcohol Toolbarv3.2.0.0Alcohol_Toolbar.dll

O4 - HKLM..Run: [sunJavaUpdateSched] "C:Program FilesJavajre1.6.0_01binjusched.exe"

O4 - HKLM..Run: [synTPEnh] C:Program FilesSynapticsSynTPSynTPEnh.exe

O4 - HKLM..Run: [QPService] "C:Program FilesHPQuickPlayQPService.exe"

O4 - HKLM..Run: [Cpqset] C:Program FilesHewlett-PackardDefault Settingscpqset.exe

O4 - HKLM..Run: [MsmqIntCert] regsvr32 /s mqrt.dll

O4 - HKLM..Run: [HP Software Update] C:Program FilesHpHP Software UpdateHPWuSchd2.exe

O4 - HKLM..Run: [HP Component Manager] "C:Program FilesHPhpcoretechhpcmpmgr.exe"

O4 - HKLM..Run: [AVG7_CC] C:PROGRA~1GrisoftAVG7avgcc.exe /STARTUP

O4 - HKLM..Run: [Tapeter] C:Program FilesTapeterTapeter.exe hide

O4 - HKLM..Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe

O4 - HKLM..Run: [QlbCtrl] %ProgramFiles%Hewlett-PackardHP Quick Launch ButtonsQlbCtrl.exe /Start

O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe

O4 - HKCU..Run: [Gadu-Gadu] "C:Program FilesGadu-Gadugg.exe" /tray

O4 - HKCU..Run: [Gadwin PrintScreen Pro] C:Program FilesGadwin SystemsPrintScreenProPrintScreenPro.exe /nosplash

O4 - Global Startup: BTTray.lnk = ?

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:PROGRA~1MICROS~2Office10EXCEL.EXE/3000

O8 - Extra context menu item: Wyślij do interfejsu &Bluetooth - C:Program FilesWIDCOMMBluetooth Softwarebtsendto_ie_ctx.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_01binssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_01binssv.dll

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:Program FilesWIDCOMMBluetooth Softwarebtsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:Program FilesWIDCOMMBluetooth Softwarebtsendto_ie.htm

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe

O17 - HKLMSystemCCSServicesTcpip..{A952878E-7856-456E-888E-003D700E173B}: NameServer = 80.249.5.5,80.249.0.18

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:PROGRA~1COMMON~1SkypeSKYPE4~1.DLL

O20 - Winlogon Notify: igfxcui - C:WINDOWSSYSTEM32igfxdev.dll

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:Program FilesLavasoftAd-Aware 2007aawservice.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:PROGRA~1GrisoftAVG7avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:PROGRA~1GrisoftAVG7avgupsvc.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:Program FilesWIDCOMMBluetooth Softwarebinbtwdins.exe

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:Program FilesIntelWirelessBinEvtEng.exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:Program FilesHewlett-PackardSharedhpqwmiex.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:Program FilesCommon FilesInstallShieldDriver1050Intel 32IDriverT.exe

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:Program FilesIntelWirelessBinRegSrvc.exe

O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:Program FilesIntelWirelessBinS24EvMon.exe

O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:Program FilesAlcohol SoftAlcohol 120StarWindStarWindService.exe

O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:Program FilesIntelWirelessBinWLKeeper.exe

CoomboFIX

"yascod" - 2007-07-24 22:20:22 - ComboFix 07-07-14.6 - Service Pack 2 NTFS

((((((((((((((((((((((((( Files Created from 2007-06-24 to 2007-07-24 )))))))))))))))))))))))))))))))

2007-07-24 12:39 4,682 --a------ C:WINDOWSsystem32npptNT2.sys

2007-07-24 12:28 <DIR> d-------- C:Program FilesLineage II

2007-07-23 21:51 <DIR> d-------- C:DOCUME~1yascodAPPLIC~1PCToolsFirewallPlus

2007-07-23 20:56 <DIR> d-------- C:House

2007-07-23 18:13 55,904 --a------ C:WINDOWSsystem32driverspctfw.sys

2007-07-22 20:59 2,306 --a------ C:WINDOWSsystem32tmp.reg

2007-07-22 20:29 51,200 --a------ C:WINDOWSnircmd.exe

2007-07-22 18:37 <DIR> d-------- C:Program FilesGadwin Systems

2007-07-22 16:31 <DIR> d-------- C:Program FilesLavasoft

2007-07-22 16:31 <DIR> d-------- C:DOCUME~1ALLUSE~1APPLIC~1Lavasoft

2007-07-22 16:30 <DIR> d-------- C:Program FilesCommon FilesWise Installation Wizard

2007-07-22 15:23 <DIR> d-a------ C:DOCUME~1ALLUSE~1APPLIC~1TEMP

2007-07-15 20:36 <DIR> d-------- C:Program FilesTapeter

2007-07-14 00:15 9,464 --------- C:WINDOWSsystem32driverscdralw2k.sys

2007-07-14 00:15 9,336 --------- C:WINDOWSsystem32driverscdr4_xp.sys

2007-07-14 00:15 129,784 --------- C:WINDOWSsystem32pxafs.dll

2007-07-09 19:58 <DIR> d-------- C:Program FilesReal

2007-07-09 19:58 <DIR> d-------- C:Program FilesCommon FilesReal

2007-07-09 19:56 <DIR> d-------- C:DOCUME~1yascodAPPLIC~1Real

2007-07-09 19:32 <DIR> d-------- C:DOCUME~1yascodAPPLIC~1gtk-2.0

2007-07-09 19:31 <DIR> d-------- C:DOCUME~1yascod.thumbnails

2007-07-09 19:31 <DIR> d-------- C:DOCUME~1yascod.gimp-2.3

2007-07-09 19:28 <DIR> d-------- C:Program FilesGIMP-2.0

2007-07-09 19:21 <DIR> d-------- C:Program FilesPicasa2

2007-07-07 23:59 <DIR> d-------- C:DOCUME~1ALLUSE~1APPLIC~1Google

2007-07-04 23:46 <DIR> d-------- C:Program FilesSHOUTcast

2007-07-04 18:41 <DIR> d-------- C:DOCUME~1yascodAPPLIC~1Skype

2007-07-04 18:40 <DIR> d-------- C:Program FilesSkype

2007-07-04 18:40 <DIR> d-------- C:Program FilesCommon FilesSkype

2007-07-04 18:40 <DIR> d-------- C:DOCUME~1ALLUSE~1APPLIC~1Skype

2007-07-01 21:40 <DIR> d-------- C:Program FilesBearShare

2007-07-01 21:40 <DIR> d-------- C:My Downloads

2007-06-30 00:01 1,165 --a------ C:WINDOWSmozver.dat

2007-06-29 20:48 <DIR> d-------- C:DOCUME~1yascodAPPLIC~1Gadu-Gadu

2007-06-29 18:17 626,960 -ra------ C:WINDOWSsystem32hpvaut32.dll

2007-06-29 18:17 487,424 -ra------ C:WINDOWSsystem32hpvcp70.dll

2007-06-29 18:17 344,064 -ra------ C:WINDOWSsystem32hpvcr70.dll

2007-06-29 17:52 25,856 --a------ C:WINDOWSsystem32driversusbprint.sys

2007-06-29 17:08 0 --a------ C:WINDOWSnsreg.dat

2007-06-29 16:58 <DIR> d-------- C:Program FileseMule

2007-06-29 16:35 <DIR> d-------- C:Program FilesGadu-Gadu

2007-06-29 16:35 <DIR> d-------- C:DOCUME~1yascodGadu-Gadu

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-24 10:28:42 -------- d--h--w C:Program FilesInstallShield Installation Information

2007-07-22 22:30:40 -------- d-----w C:Program FilesWinamp

2007-07-15 19:12:09 -------- d-----w C:Program FilesKalendarz XP

2007-07-15 19:11:48 -------- d-----w C:Program FilesVstPlugins

2007-07-15 19:11:48 -------- d-----w C:Program FilesImage-Line

2007-07-13 19:01:03 -------- d-----w C:Program FilesCommon FilesSymantec Shared

2007-06-30 09:33:09 -------- d-----w C:DOCUME~1yascodAPPLIC~1AdobeUM

2007-06-29 16:36:34 -------- d-----w C:Program FilesHP

2007-06-29 16:36:32 -------- d-----w C:Program FilesHewlett-Packard

2007-06-12 11:37:12 -------- d-----w C:DOCUME~1yascodAPPLIC~1Google

2007-06-12 11:36:22 -------- d-----w C:Program FilesGoogle

2007-06-04 13:18:48 9,344 ----a-w C:WINDOWSsystem32driversNSDriver.sys

2007-06-04 13:17:02 8,320 ----a-w C:WINDOWSsystem32driversAWRTRD.sys

2007-06-04 13:14:56 6,272 ----a-w C:WINDOWSsystem32driversAWRTPD.sys

2007-04-16 16:44:31 46,960 ----a-w C:DOCUME~1yascodAPPLIC~1GDIPFONTCACHEV1.DAT

2006-12-13 17:46:39 22 --sha-w C:WINDOWSSMINSTHPCD.sys

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE~Browser Helper Objects{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

2006-12-18 04:16 59032 --a------ C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll

[HKEY_LOCAL_MACHINE~Browser Helper Objects{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

2007-03-14 03:43 501400 --a------ C:Program FilesJavajre1.6.0_01binssv.dll

[HKEY_LOCAL_MACHINE~Browser Helper Objects{8126A4A5-BFD3-46FE-BBDF-BFB5CF78E489}]

2006-12-28 02:59 798720 --a------ C:Program FilesAlcohol Toolbarv3.2.0.0Alcohol_Toolbar.dll

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]

"SunJavaUpdateSched"="C:Program FilesJavajre1.6.0_01binjusched.exe" [2007-03-14 03:43]

"SynTPEnh"="C:Program FilesSynapticsSynTPSynTPEnh.exe" [2006-06-17 07:22]

"QPService"="C:Program FilesHPQuickPlayQPService.exe" [2006-07-19 15:14]

"Cpqset"="C:Program FilesHewlett-PackardDefault Settingscpqset.exe" [2006-06-19 10:50]

"MsmqIntCert"="regsvr32 /s mqrt.dll" []

"HP Software Update"="C:Program FilesHpHP Software UpdateHPWuSchd2.exe" [2005-02-16 23:11]

"HP Component Manager"="C:Program FilesHPhpcoretechhpcmpmgr.exe" [2003-12-22 08:38]

"AVG7_CC"="C:PROGRA~1GrisoftAVG7avgcc.exe" [2007-07-14 09:38]

"Tapeter"="C:Program FilesTapeterTapeter.exe" [2005-07-09 18:22]

"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-06-02 16:02 C:WINDOWSsystem32CHDAudPropShortcut.exe]

"QlbCtrl"="%ProgramFiles%Hewlett-PackardHP Quick Launch ButtonsQlbCtrl.exe" []

[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]

"ctfmon.exe"="C:WINDOWSsystem32ctfmon.exe" [2006-03-16 06:00]

"Gadu-Gadu"="C:Program FilesGadu-Gadugg.exe" [2007-05-10 16:36]

"Gadwin PrintScreen Pro"="C:Program FilesGadwin SystemsPrintScreenProPrintScreenPro.exe" [2007-07-09 07:24]

[HKEY_USERS.defaultsoftwaremicrosoftwindowscurrentversionrun]

"PcSync"=C:Program FilesNokiaNokia PC Suite 6PcSync2.exe /NoDialog

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciessystem]

"InstallVisualStyle"=C:WINDOWSResourcesThemesRoyaleRoyale.msstyles

"InstallTheme"=C:WINDOWSResourcesThemesRoyale.theme

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionpoliciesexplorer]

"NoLowDiskSpaceChecks"=1 (0x1)

[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetcontrolsafebootminimalaawservice]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupfolderC:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]

path=C:Documents and SettingsAll UsersStart MenuProgramsStartupAdobe Reader Speed Launch.lnk

backup=C:WINDOWSpssAdobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupfolderC:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Pavilion Webcam Tray Icon.lnk]

path=C:Documents and SettingsAll UsersStart MenuProgramsStartupHP Pavilion Webcam Tray Icon.lnk

backup=C:WINDOWSpssHP Pavilion Webcam Tray Icon.lnkCommon Startup

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupfolderC:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier - Szybkie uruchomienie.lnk]

path=C:Documents and SettingsAll UsersStart MenuProgramsStartupHP Photosmart Premier - Szybkie uruchomienie.lnk

backup=C:WINDOWSpssHP Photosmart Premier - Szybkie uruchomienie.lnkCommon Startup

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupfolderC:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]

path=C:Documents and SettingsAll UsersStart MenuProgramsStartupMicrosoft Office.lnk

backup=C:WINDOWSpssMicrosoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupreghpWirelessAssistant]

C:Program FileshpqHP Wireless AssistantHP Wireless Assistant.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregIntelWireless]

"C:Program FilesIntelWirelessBinifrmewrk.exe" /tf Intel PROSet/Wireless

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregIntelZeroConfig]

"C:Program FilesIntelWirelessbinZCfgSvc.exe"

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregNeroFilterCheck]

C:WINDOWSsystem32NeroCheck.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregPCSuiteTrayApplication]

C:Program FilesNokiaNokia PC Suite 6LaunchApplication.exe -startup

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSony Ericsson PC Suite]

"C:Program FilesSony EricssonMobile2Application LauncherApplication Launcher.exe" /startoptions

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregWinampAgent]

C:Program FilesWinampwinampa.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigservices]

"wuauserv"=2 (0x2)

"mnmsrvc"=3 (0x3)

"ERSvc"=2 (0x2)

"ServiceLayer"=3 (0x3)

"LightScribeService"=2 (0x2)

"AddFiltr"=3 (0x3)

**************************************************************************

catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net

Rootkit scan 2007-07-24 22:23:16

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLMSoftwareMicrosoftWindowsCurrentVersionRun

Cpqset = C:Program FilesHewlett-PackardDefault Settingscpqset.exe????????????L?@? ????Y??????`?@?????L?@

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

Completion time: 2007-07-24 22:24:04

C:ComboFix-quarantined-files.txt ... 2007-07-24 22:23

--- E O F ---

PREGO:)

[CatchMe]

Usuń z dysku folder i plik a wpis skasuj w HijackThis:

O2 - BHO: Alcohol Toolbar Helper - {8126A4A5-BFD3-46FE-BBDF-BFB5CF78E489} - C:Program FilesAlcohol Toolbarv3.2.0.0Alcohol_Toolbar.dll

C:WINDOWSsystem32tmp.reg

- Poza tym jest już czysto.

[Yasco]

uff udało się dzięki wielkie !! case is closed