matpin utworzono 25 lutego 2007 utworzono 25 lutego 2007 Mam jakiś problem z komputerem. Nie działa mi najnowszy internet explorer, nie działają mi żadne aktualizacje (programy antywirusowe itp.) zapore windows mam wyłączoną i nie mam żadnego firewalla nie wiem co to jest. Proszę pomocy! Nie wiem czy to coś da ale moge wyslac loga z hijack [ Dodano: 2007-02-25, 17:36 ] Logfile of HijackThis v1.98.2 Scan saved at 17:36:12, on 2007-02-25 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16414) Running processes: C:WINDOWSSystem32smss.exe C:WINDOWSsystem32winlogon.exe C:WINDOWSsystem32services.exe C:WINDOWSsystem32lsass.exe C:WINDOWSsystem32svchost.exe C:WINDOWSSystem32svchost.exe C:WINDOWSsystem32spoolsv.exe C:Program FilesEsetnod32krn.exe C:WINDOWSSystem32svchost.exe C:WINDOWSsystem32ZoneLabsvsmon.exe C:WINDOWSExplorer.EXE C:Program FilesQuickTimeqttask.exe C:Program FilesEsetnod32kui.exe C:Program FilesMessengermsmsgs.exe C:Program FilesMSN Messengermsnmsgr.exe C:WINDOWSsystem32ctfmon.exe C:Program FilesD-Link AirPlusAirPlus.exe C:WINDOWSsystem32svchost.exe E:Spox programyGadu-Gadugg.exe E:Spox programyNowy folderfirefox.exe E:Spox programyPythonpython.exe E:Spox programyProgramyhijackthis1982.exe R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.pajacyk.pl/ R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = localhost R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza R3 - URLSearchHook: PerfectNavBHO Class - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - C:PROGRA~1PERFEC~1BHOPERFEC~1.DLL (file missing) O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:Program FilesMyWebSearchSrchAstt1.binMWSSRCAS.DLL (file missing) O2 - BHO: NavErrRedir Class - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - C:PROGRA~1PERFEC~1BHOPERFEC~1.DLL (file missing) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:Program FilesMyWebSearchbar1.binMWSBAR.DLL (file missing) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:Program FilesCommon FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:Program FilesMyWebSearchbar1.binMWSBAR.DLL (file missing) O4 - HKLM..Run: [QuickTime Task] "C:Program FilesQuickTimeqttask.exe" -atboottime O4 - HKLM..Run: [nod32kui] "C:Program FilesEsetnod32kui.exe" /WAITSERVICE O4 - HKCU..Run: [internetCalls] "C:Program FilesInternetCalls.comInternetCallsInternetCalls.exe" -nosplash -minimized O4 - HKCU..Run: [MSMSGS] "C:Program FilesMessengermsmsgs.exe" /background O4 - HKCU..Run: [msnmsgr] "C:Program FilesMSN Messengermsnmsgr.exe" /background O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe O4 - Global Startup: D-Link AirPlus.lnk = ? O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZNxmk043XXPL O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file) O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file) O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%Network Diagnosticxpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%Network Diagnosticxpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe O11 - Options group: [iNTERNATIONAL] International* O15 - Trusted Zone: http://mks.com.pl O15 - Trusted Zone: http://www.mks.com.pl O15 - Trusted Zone: http://skaner.mks.com.pl O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwe...etup1.0.0.8.cab O16 - DPF: {5A09E43F-A0A7-4ABF-AF80-11367CF1DC8F} (MainControl Class) - http://mks.com.pl/skaner/SkanerOnline.cab O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MainControl Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1168159267562 O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://skaner.mks.com.pl/SkanerOnline.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:PROGRA~1MSNMES~1MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:PROGRA~1MSNMES~1MSGRAP~1.DLL
Aqui komentarz 25 lutego 2007 komentarz 25 lutego 2007 Czy to jest napewno cały log?Dołącz log z Silentrunners.
matpin komentarz 25 lutego 2007 Autor komentarz 25 lutego 2007 "Silent Runners.vbs", revision R50, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCUSoftwareMicrosoftWindowsCurrentVersionRun {++} "InternetCalls" = ""C:Program FilesInternetCalls.comInternetCallsInternetCalls.exe" -nosplash -minimized" [file not found] "MSMSGS" = ""C:Program FilesMessengermsmsgs.exe" /background" [MS] "msnmsgr" = ""C:Program FilesMSN Messengermsnmsgr.exe" /background" [MS] "ctfmon.exe" = "C:WINDOWSsystem32ctfmon.exe" [MS] HKLMSoftwareMicrosoftWindowsCurrentVersionRun {++} "QuickTime Task" = ""C:Program FilesQuickTimeqttask.exe" -atboottime" ["Apple Computer, Inc."] "nod32kui" = ""C:Program FilesEsetnod32kui.exe" /WAITSERVICE" ["Eset "] HKLMSoftwareMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects {00A6FAF1-072E-44cf-8957-5838F569A31D}(Default) = "MyWebSearch Search Assistant BHO" -> {HKLM...CLSID} = "MyWebSearch Search Assistant BHO" InProcServer32(Default) = "C:Program FilesMyWebSearchSrchAstt1.binMWSSRCAS.DLL" [file not found] {00D6A7E7-4A97-456f-848A-3B75BF7554D7}(Default) = "NavErrRedir Class" -> {HKLM...CLSID} = "PerfectNavBHO Class" InProcServer32(Default) = "C:PROGRA~1PERFEC~1BHOPERFEC~1.DLL" [file not found] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided) -> {HKLM...CLSID} = "AcroIEHlprObj Class" InProcServer32(Default) = "C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll" ["Adobe Systems Incorporated"] {07B18EA1-A523-4961-B6BB-170DE4475CCA}(Default) = "mwsBar BHO" -> {HKLM...CLSID} = "mwsBar BHO" InProcServer32(Default) = "C:Program FilesMyWebSearchbar1.binMWSBAR.DLL" [file not found] {9030D464-4C02-4ABF-8ECC-5164760863C6}(Default) = (no title provided) -> {HKLM...CLSID} = "Windows Live Sign-in Helper" InProcServer32(Default) = "C:Program FilesCommon FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll" [MS] HKLMSoftwareMicrosoftWindowsCurrentVersionShell ExtensionsApproved "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania" -> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania" InProcServer32(Default) = "deskpan.dll" [file not found] "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu" -> {HKLM...CLSID} = "HyperTerminal Icon Ext" InProcServer32(Default) = "C:WINDOWSSystem32hticons.dll" ["Hilgraeve, Inc."] "{2206CDB2-19C1-11D1-89E0-00C04FD7A829}" = "Microsoft Data Link" -> {HKLM...CLSID} = "Microsoft OLE DB Service Component Data Links" InProcServer32(Default) = "C:Program FilesCommon FilesSystemOle DBoledb32.dll" [file not found] "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension" -> {HKLM...CLSID} = "WinRAR" InProcServer32(Default) = "C:Program FilesWinRARrarext.dll" [null data] "{32020A01-506E-484D-A2A8-BE3CF17601C3}" = "AlcoholShellEx" -> {HKLM...CLSID} = "AlcoholShellEx" InProcServer32(Default) = "C:PROGRA~1ALCOHO~1ALCOHO~1AXShlEx.dll" ["Alcohol Soft Development Team"] "{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu" -> {HKLM...CLSID} = "Portable Media Devices Menu" InProcServer32(Default) = "C:WINDOWSsystem32Audiodev.dll" [MS] "{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler" -> {HKLM...CLSID} = "Microsoft Office Outlook" InProcServer32(Default) = "C:PROGRA~1MICROS~2OFFICE11MLSHEXT.DLL" [MS] "{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler" -> {HKLM...CLSID} = "Rozszerzenie ikon plików programu Outlook" InProcServer32(Default) = "C:PROGRA~1MICROS~2OFFICE11OLKFSTUB.DLL" [MS] "{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler" -> {HKLM...CLSID} = (no title provided) InProcServer32(Default) = "C:Program FilesMicrosoft OfficeOFFICE11msohev.dll" [MS] "{EE75AC21-B24F-11d3-BA80-00C0CA16AA37}" = "BenQ-Siemens Device" -> {HKLM...CLSID} = "BenQ-Siemens Device" InProcServer32(Default) = "C:Program FilesMobile Phone ManagerbinPhoneExplorer.dll" [file not found] "{EE75AC22-B24F-11d3-BA80-00C0CA16AA37}" = "BenQ-Siemens Device ContextMenuHandler" -> {HKLM...CLSID} = "BenQ-Siemens Device ContextMenuHandler" InProcServer32(Default) = "C:Program FilesMobile Phone ManagerbinPhoneExplorer.dll" [file not found] "{EE75AC23-B24F-11d3-BA80-00C0CA16AA37}" = "BenQ-Siemens Device PropertySheetHandlers" -> {HKLM...CLSID} = "BenQ-Siemens Device PropertySheetHandler" InProcServer32(Default) = "C:Program FilesMobile Phone ManagerbinPhoneExplorer.dll" [file not found] "{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D}" = "Messenger Sharing Folders" -> {HKLM...CLSID} = "Moje foldery udostępniania" InProcServer32(Default) = "C:Program FilesMSN Messengerfsshext.8.0.0812.00.dll" [MS] "{400CFEE2-39D0-46DC-96DF-E0BB5A4324B3}" = "My Logitech Pictures" -> {HKLM...CLSID} = "My Logitech Pictures" InProcServer32(Default) = "C:Program FilesLogitechVideoNamespc2.dll" ["Logitech Inc."] "{B089FE88-FB52-11D3-BDF1-0050DA34150D}" = "NOD32 Context Menu Shell Extension" -> {HKLM...CLSID} = "NOD32 Context Menu Shell Extension" InProcServer32(Default) = "C:Program FilesEsetnodshex.dll" [null data] HKLMSoftwareClassesPROTOCOLSFilter <<!>> text/xmlCLSID = "{807553E5-5146-11D5-A672-00B0D022E945}" -> {HKLM...CLSID} = (no title provided) InProcServer32(Default) = "C:Program FilesCommon FilesMicrosoft SharedOFFICE11MSOXMLMF.DLL" [MS] HKLMSoftwareClassesFoldershellexColumnHandlers {F9DB5320-233E-11D1-9F84-707F02C10627}(Default) = "PDF Column Info" -> {HKLM...CLSID} = "PDF Shell Extension" InProcServer32(Default) = "C:Program FilesAdobeAcrobat 7.0ActiveXPDFShell.dll" ["Adobe Systems, Inc."] HKLMSoftwareClasses*shellexContextMenuHandlers NOD32 Context Menu Shell Extension(Default) = "{B089FE88-FB52-11D3-BDF1-0050DA34150D}" -> {HKLM...CLSID} = "NOD32 Context Menu Shell Extension" InProcServer32(Default) = "C:Program FilesEsetnodshex.dll" [null data] WinRAR(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" InProcServer32(Default) = "C:Program FilesWinRARrarext.dll" [null data] HKLMSoftwareClassesDirectoryshellexContextMenuHandlers WinRAR(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" InProcServer32(Default) = "C:Program FilesWinRARrarext.dll" [null data] HKLMSoftwareClassesFoldershellexContextMenuHandlers NOD32 Context Menu Shell Extension(Default) = "{B089FE88-FB52-11D3-BDF1-0050DA34150D}" -> {HKLM...CLSID} = "NOD32 Context Menu Shell Extension" InProcServer32(Default) = "C:Program FilesEsetnodshex.dll" [null data] WinRAR(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" InProcServer32(Default) = "C:Program FilesWinRARrarext.dll" [null data] Group Policies {policy setting}: -------------------------------- Note: detected settings may not have any effect. HKLMSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem "shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001 {Shutdown: Allow system to be shut down without having to log on} "undockwithoutlogon" = (REG_DWORD) hex:0x00000001 {Devices: Allow undock without having to log on} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCUSoftwareMicrosoftWindowsCurrentVersionExplorerShellState Enabled Screen Saver: --------------------- HKCUControl PanelDesktop "SCRNSAVE.EXE" = "C:WINDOWSSystem32logon.scr" [MS] Startup items in "User" & "All Users" startup folders: ------------------------------------------------------ C:Documents and SettingsAll UsersMenu StartProgramyAutostart "D-Link AirPlus" -> shortcut to: "C:Program FilesD-Link AirPlusAirPlus.exe" ["D-Link"] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLMSystemCurrentControlSetServicesWinsock2ParametersNameSpace_Catalog5Catalog_E tries {++} 000000000001LibraryPath = "%SystemRoot%System32mswsock.dll" [MS] 000000000002LibraryPath = "%SystemRoot%System32winrnr.dll" [MS] 000000000003LibraryPath = "%SystemRoot%System32mswsock.dll" [MS] 000000000004LibraryPath = "%SystemRoot%System32nwprovau.dll" [MS] Transport Service Providers HKLMSystemCurrentControlSetServicesWinsock2ParametersProtocol_Catalog9Catalog_En ries {++} 0000000000##PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%system32mswsock.dll [MS], 01 - 03, 06 - 18 %SystemRoot%system32rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCUSoftwareMicrosoftInternet ExplorerToolbarShellBrowser "{07B18EA9-A523-4961-B6BB-170DE4475CCA}" -> {HKLM...CLSID} = "My &Web Search" InProcServer32(Default) = "C:Program FilesMyWebSearchbar1.binMWSBAR.DLL" [file not found] HKCUSoftwareMicrosoftInternet ExplorerToolbarWebBrowser "{0494D0D9-F8E0-41AD-92A3-14154ECE70AC}" -> {HKLM...CLSID} = "My &Search Bar" InProcServer32(Default) = "C:Program FilesMyWaymyBar1.binMYBAR.DLL" [file not found] HKLMSoftwareMicrosoftInternet ExplorerToolbar "{07B18EA9-A523-4961-B6BB-170DE4475CCA}" = (no title provided) -> {HKLM...CLSID} = "My &Web Search" InProcServer32(Default) = "C:Program FilesMyWebSearchbar1.binMWSBAR.DLL" [file not found] Explorer Bars HKLMSoftwareMicrosoftInternet ExplorerExplorer Bars HKLMSoftwareClassesCLSID{0494D0DE-F8E0-41AD-92A3-14154ECE70AC}(Default) = "My Search Bar Quick View" Implemented Categories{00021493-0000-0000-C000-000000000046} [vertical bar] InProcServer32(Default) = "C:WINDOWSSystem32shdocvw.dll" [MS] HKLMSoftwareClassesCLSID{1E0DE227-5CE4-4EA3-AB0C-8B03E1AA76BC}(Default) = "My Web Search Quick View" Implemented Categories{00021493-0000-0000-C000-000000000046} [vertical bar] InProcServer32(Default) = "C:WINDOWSSystem32shdocvw.dll" [MS] HKLMSoftwareClassesCLSID{FF059E31-CC5A-4E2E-BF3B-96E929D65503}(Default) = "&Badanie" Implemented Categories{00021493-0000-0000-C000-000000000046} [vertical bar] InProcServer32(Default) = "C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL" [MS] Extensions (Tools menu items, main toolbar menu buttons) HKLMSoftwareMicrosoftInternet ExplorerExtensions {08B0E5C0-4FCB-11CF-AAA5-00401C608501} "MenuText" = "Sun Java Console" "CLSIDExtension" = "{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" {92780B25-18CC-41C8-B9BE-3C9C571A8263} "ButtonText" = "Badanie" {E2E2DD38-D088-4134-82B7-F2BA38496583} "MenuText" = "@xpsp3res.dll,-20001" "Exec" = "%windir%Network Diagnosticxpnetdiag.exe" [MS] {FB5F1910-F110-11D2-BB9E-00C04F795683} "ButtonText" = "Messenger" "MenuText" = "Windows Messenger" "Exec" = "C:Program FilesMessengermsmsgs.exe" [MS] Miscellaneous IE Hijack Points ------------------------------ HKCUSoftwareMicrosoftInternet ExplorerURLSearchHooks <<H>> "{00D6A7E7-4A97-456f-848A-3B75BF7554D7}" = (no title provided) -> {HKLM...CLSID} = "PerfectNavBHO Class" InProcServer32(Default) = "C:PROGRA~1PERFEC~1BHOPERFEC~1.DLL" [file not found] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ NOD32 Kernel Service, NOD32krn, ""C:Program FilesEsetnod32krn.exe"" ["Eset "] TrueVector Internet Monitor, vsmon, "C:WINDOWSsystem32ZoneLabsvsmon.exe -service" ["Zone Labs, LLC"] Usługa Messenger Sharing USN Journal Reader, usnsvc, "C:WINDOWSsystem32svchost.exe -k usnsvc" {"C:Program FilesMSN Messengerusnsvc.dll" [MS]} Windows User Mode Driver Framework, UMWdf, "C:WINDOWSsystem32wdfmgr.exe" [MS] Print Monitors: --------------- HKLMSystemCurrentControlSetControlPrintMonitors HP Standard TCP/IP PortDriver = "HpTcpMon.dll" ["Hewlett Packard"] LIDIL hpzll054Driver = "hpzll054.dll" ["Hewlett-Packard Company"] Microsoft Document Imaging Writer MonitorDriver = "mdimon.dll" [MS] ---------- <<!>>: Suspicious data at a malware launch point. <<H>>: Suspicious data at a browser hijack point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + The search for DESKTOP.INI DLL launch points on all local fixed drives took 37 seconds. ---------- (total run time: 89 seconds)
Aqui komentarz 25 lutego 2007 komentarz 25 lutego 2007 Usuwasz w trybie awaryjnym z wyłączonym przywracaniem systemu. R3 - URLSearchHook: PerfectNavBHO Class - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - C:PROGRA~1PERFEC~1BHOPERFEC~1.DLL (file missing)O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:Program FilesMyWebSearchSrchAstt1.binMWSSRCAS.DLL (file missing) O2 - BHO: NavErrRedir Class - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - C:PROGRA~1PERFEC~1BHOPERFEC~1.DLL (file missing) O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:Program FilesMyWebSearchbar1.binMWSBAR.DLL (file missing) O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:Program FilesMyWebSearchbar1.binMWSBAR.DLL (file missing) O8 - Extra context menu item: &Search - http://bar.mywebsearch.co...?p=ZNxmk043XXPL O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/ima...etup1.0.0.8.cab Wpisy zaznacz i wcisnij fix checked,pogrubione pliki/foldery usun recznie z dysku.
matpin komentarz 26 lutego 2007 Autor komentarz 26 lutego 2007 wprawdzie nie rozwiązało to mojego problemu ale pewnie mam kilka wirusów mniej. Internet explorer nadal mi nie działa tak jak aktualizacje do nod32 i jeszcze pare programów które niedawno zainstalowałem. Być może coś skasowałem w systemie i sie coś zrypało. Proszę o jakieś info co mam robić. Prosze pomocy!
matpin komentarz 26 lutego 2007 Autor komentarz 26 lutego 2007 Logfile of HijackThis v1.98.2 Scan saved at 18:15:22, on 2007-02-26 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16414) Running processes: C:WINDOWSSystem32smss.exe C:WINDOWSsystem32winlogon.exe C:WINDOWSsystem32services.exe C:WINDOWSsystem32lsass.exe C:WINDOWSsystem32svchost.exe C:WINDOWSSystem32svchost.exe C:WINDOWSsystem32spoolsv.exe C:Program FilesEsetnod32krn.exe C:WINDOWSsystem32HPZipm12.exe C:WINDOWSSystem32svchost.exe C:WINDOWSsystem32ZoneLabsvsmon.exe C:WINDOWSExplorer.EXE C:Program FilesQuickTimeqttask.exe C:Program FilesMessengermsmsgs.exe C:Program FilesMSN Messengermsnmsgr.exe C:WINDOWSsystem32ctfmon.exe C:Program FilesD-Link AirPlusAirPlus.exe C:WINDOWSsystem32taskmgr.exe E:Spox programyGadu-Gadugg.exe E:Spox programyNowy folderfirefox.exe E:Spox programyProgramyhijackthis1982.exe R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.pajacyk.pl/ R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = localhost R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:Program FilesCommon FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll O4 - HKLM..Run: [QuickTime Task] "C:Program FilesQuickTimeqttask.exe" -atboottime O4 - HKLM..Run: [nod32kui] "C:Program FilesEsetnod32kui.exe" /WAITSERVICE O4 - HKCU..Run: [internetCalls] "C:Program FilesInternetCalls.comInternetCallsInternetCalls.exe" -nosplash -minimized O4 - HKCU..Run: [MSMSGS] "C:Program FilesMessengermsmsgs.exe" /background O4 - HKCU..Run: [msnmsgr] "C:Program FilesMSN Messengermsnmsgr.exe" /background O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe O4 - Global Startup: D-Link AirPlus.lnk = ? O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file) O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file) O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%Network Diagnosticxpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%Network Diagnosticxpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe O11 - Options group: [iNTERNATIONAL] International* O15 - Trusted Zone: http://mks.com.pl O15 - Trusted Zone: http://www.mks.com.pl O15 - Trusted Zone: http://skaner.mks.com.pl O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {5A09E43F-A0A7-4ABF-AF80-11367CF1DC8F} (MainControl Class) - http://mks.com.pl/skaner/SkanerOnline.cab O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MainControl Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1168159267562 O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://skaner.mks.com.pl/SkanerOnline.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:PROGRA~1MSNMES~1MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:PROGRA~1MSNMES~1MSGRAP~1.DLL "Silent Runners.vbs", revision R50, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCUSoftwareMicrosoftWindowsCurrentVersionRun {++} "InternetCalls" = ""C:Program FilesInternetCalls.comInternetCallsInternetCalls.exe" -nosplash -minimized" [file not found] "MSMSGS" = ""C:Program FilesMessengermsmsgs.exe" /background" [MS] "msnmsgr" = ""C:Program FilesMSN Messengermsnmsgr.exe" /background" [MS] "ctfmon.exe" = "C:WINDOWSsystem32ctfmon.exe" [MS] HKLMSoftwareMicrosoftWindowsCurrentVersionRun {++} "QuickTime Task" = ""C:Program FilesQuickTimeqttask.exe" -atboottime" ["Apple Computer, Inc."] "nod32kui" = ""C:Program FilesEsetnod32kui.exe" /WAITSERVICE" ["Eset "] HKLMSoftwareMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided) -> {HKLM...CLSID} = "AcroIEHlprObj Class" InProcServer32(Default) = "C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll" ["Adobe Systems Incorporated"] {9030D464-4C02-4ABF-8ECC-5164760863C6}(Default) = (no title provided) -> {HKLM...CLSID} = "Windows Live Sign-in Helper" InProcServer32(Default) = "C:Program FilesCommon FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll" [MS] HKLMSoftwareMicrosoftWindowsCurrentVersionShell ExtensionsApproved "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania" -> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania" InProcServer32(Default) = "deskpan.dll" [file not found] "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu" -> {HKLM...CLSID} = "HyperTerminal Icon Ext" InProcServer32(Default) = "C:WINDOWSSystem32hticons.dll" ["Hilgraeve, Inc."] "{2206CDB2-19C1-11D1-89E0-00C04FD7A829}" = "Microsoft Data Link" -> {HKLM...CLSID} = "Microsoft OLE DB Service Component Data Links" InProcServer32(Default) = "C:Program FilesCommon FilesSystemOle DBoledb32.dll" [file not found] "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension" -> {HKLM...CLSID} = "WinRAR" InProcServer32(Default) = "C:Program FilesWinRARrarext.dll" [null data] "{32020A01-506E-484D-A2A8-BE3CF17601C3}" = "AlcoholShellEx" -> {HKLM...CLSID} = "AlcoholShellEx" InProcServer32(Default) = "C:PROGRA~1ALCOHO~1ALCOHO~1AXShlEx.dll" ["Alcohol Soft Development Team"] "{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu" -> {HKLM...CLSID} = "Portable Media Devices Menu" InProcServer32(Default) = "C:WINDOWSsystem32Audiodev.dll" [MS] "{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler" -> {HKLM...CLSID} = "Microsoft Office Outlook" InProcServer32(Default) = "C:PROGRA~1MICROS~2OFFICE11MLSHEXT.DLL" [MS] "{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler" -> {HKLM...CLSID} = "Rozszerzenie ikon plików programu Outlook" InProcServer32(Default) = "C:PROGRA~1MICROS~2OFFICE11OLKFSTUB.DLL" [MS] "{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler" -> {HKLM...CLSID} = (no title provided) InProcServer32(Default) = "C:Program FilesMicrosoft OfficeOFFICE11msohev.dll" [MS] "{EE75AC21-B24F-11d3-BA80-00C0CA16AA37}" = "BenQ-Siemens Device" -> {HKLM...CLSID} = "BenQ-Siemens Device" InProcServer32(Default) = "C:Program FilesMobile Phone ManagerbinPhoneExplorer.dll" [file not found] "{EE75AC22-B24F-11d3-BA80-00C0CA16AA37}" = "BenQ-Siemens Device ContextMenuHandler" -> {HKLM...CLSID} = "BenQ-Siemens Device ContextMenuHandler" InProcServer32(Default) = "C:Program FilesMobile Phone ManagerbinPhoneExplorer.dll" [file not found] "{EE75AC23-B24F-11d3-BA80-00C0CA16AA37}" = "BenQ-Siemens Device PropertySheetHandlers" -> {HKLM...CLSID} = "BenQ-Siemens Device PropertySheetHandler" InProcServer32(Default) = "C:Program FilesMobile Phone ManagerbinPhoneExplorer.dll" [file not found] "{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D}" = "Messenger Sharing Folders" -> {HKLM...CLSID} = "Moje foldery udostępniania" InProcServer32(Default) = "C:Program FilesMSN Messengerfsshext.8.0.0812.00.dll" [MS] "{400CFEE2-39D0-46DC-96DF-E0BB5A4324B3}" = "My Logitech Pictures" -> {HKLM...CLSID} = "My Logitech Pictures" InProcServer32(Default) = "C:Program FilesLogitechVideoNamespc2.dll" ["Logitech Inc."] "{B089FE88-FB52-11D3-BDF1-0050DA34150D}" = "NOD32 Context Menu Shell Extension" -> {HKLM...CLSID} = "NOD32 Context Menu Shell Extension" InProcServer32(Default) = "C:Program FilesEsetnodshex.dll" [null data] HKLMSoftwareClassesPROTOCOLSFilter <<!>> text/xmlCLSID = "{807553E5-5146-11D5-A672-00B0D022E945}" -> {HKLM...CLSID} = (no title provided) InProcServer32(Default) = "C:Program FilesCommon FilesMicrosoft SharedOFFICE11MSOXMLMF.DLL" [MS] HKLMSoftwareClassesFoldershellexColumnHandlers {F9DB5320-233E-11D1-9F84-707F02C10627}(Default) = "PDF Column Info" -> {HKLM...CLSID} = "PDF Shell Extension" InProcServer32(Default) = "C:Program FilesAdobeAcrobat 7.0ActiveXPDFShell.dll" ["Adobe Systems, Inc."] HKLMSoftwareClasses*shellexContextMenuHandlers NOD32 Context Menu Shell Extension(Default) = "{B089FE88-FB52-11D3-BDF1-0050DA34150D}" -> {HKLM...CLSID} = "NOD32 Context Menu Shell Extension" InProcServer32(Default) = "C:Program FilesEsetnodshex.dll" [null data] WinRAR(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" InProcServer32(Default) = "C:Program FilesWinRARrarext.dll" [null data] HKLMSoftwareClassesDirectoryshellexContextMenuHandlers WinRAR(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" InProcServer32(Default) = "C:Program FilesWinRARrarext.dll" [null data] HKLMSoftwareClassesFoldershellexContextMenuHandlers NOD32 Context Menu Shell Extension(Default) = "{B089FE88-FB52-11D3-BDF1-0050DA34150D}" -> {HKLM...CLSID} = "NOD32 Context Menu Shell Extension" InProcServer32(Default) = "C:Program FilesEsetnodshex.dll" [null data] WinRAR(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" InProcServer32(Default) = "C:Program FilesWinRARrarext.dll" [null data] Group Policies {policy setting}: -------------------------------- Note: detected settings may not have any effect. HKLMSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem "shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001 {Shutdown: Allow system to be shut down without having to log on} "undockwithoutlogon" = (REG_DWORD) hex:0x00000001 {Devices: Allow undock without having to log on} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCUSoftwareMicrosoftWindowsCurrentVersionExplorerShellState Enabled Screen Saver: --------------------- HKCUControl PanelDesktop "SCRNSAVE.EXE" = "C:WINDOWSSystem32logon.scr" [MS] Startup items in "User" & "All Users" startup folders: ------------------------------------------------------ C:Documents and SettingsAll UsersMenu StartProgramyAutostart "D-Link AirPlus" -> shortcut to: "C:Program FilesD-Link AirPlusAirPlus.exe" ["D-Link"] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLMSystemCurrentControlSetServicesWinsock2ParametersNameSpace_Catalog5Catalog_E tries {++} 000000000001LibraryPath = "%SystemRoot%System32mswsock.dll" [MS] 000000000002LibraryPath = "%SystemRoot%System32winrnr.dll" [MS] 000000000003LibraryPath = "%SystemRoot%System32mswsock.dll" [MS] 000000000004LibraryPath = "%SystemRoot%System32nwprovau.dll" [MS] Transport Service Providers HKLMSystemCurrentControlSetServicesWinsock2ParametersProtocol_Catalog9Catalog_En ries {++} 0000000000##PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%system32mswsock.dll [MS], 01 - 03, 06 - 18 %SystemRoot%system32rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCUSoftwareMicrosoftInternet ExplorerToolbarShellBrowser "{07B18EA9-A523-4961-B6BB-170DE4475CCA}" -> {HKLM...CLSID} = "My &Web Search" InProcServer32(Default) = "C:Program FilesMyWebSearchbar1.binMWSBAR.DLL" [file not found] HKCUSoftwareMicrosoftInternet ExplorerToolbarWebBrowser "{0494D0D9-F8E0-41AD-92A3-14154ECE70AC}" -> {HKLM...CLSID} = "My &Search Bar" InProcServer32(Default) = "C:Program FilesMyWaymyBar1.binMYBAR.DLL" [file not found] Explorer Bars HKLMSoftwareMicrosoftInternet ExplorerExplorer Bars HKLMSoftwareClassesCLSID{0494D0DE-F8E0-41AD-92A3-14154ECE70AC}(Default) = "My Search Bar Quick View" Implemented Categories{00021493-0000-0000-C000-000000000046} [vertical bar] InProcServer32(Default) = "C:WINDOWSSystem32shdocvw.dll" [MS] HKLMSoftwareClassesCLSID{1E0DE227-5CE4-4EA3-AB0C-8B03E1AA76BC}(Default) = "My Web Search Quick View" Implemented Categories{00021493-0000-0000-C000-000000000046} [vertical bar] InProcServer32(Default) = "C:WINDOWSSystem32shdocvw.dll" [MS] HKLMSoftwareClassesCLSID{FF059E31-CC5A-4E2E-BF3B-96E929D65503}(Default) = "&Badanie" Implemented Categories{00021493-0000-0000-C000-000000000046} [vertical bar] InProcServer32(Default) = "C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL" [MS] Extensions (Tools menu items, main toolbar menu buttons) HKLMSoftwareMicrosoftInternet ExplorerExtensions {08B0E5C0-4FCB-11CF-AAA5-00401C608501} "MenuText" = "Sun Java Console" "CLSIDExtension" = "{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" {92780B25-18CC-41C8-B9BE-3C9C571A8263} "ButtonText" = "Badanie" {E2E2DD38-D088-4134-82B7-F2BA38496583} "MenuText" = "@xpsp3res.dll,-20001" "Exec" = "%windir%Network Diagnosticxpnetdiag.exe" [MS] {FB5F1910-F110-11D2-BB9E-00C04F795683} "ButtonText" = "Messenger" "MenuText" = "Windows Messenger" "Exec" = "C:Program FilesMessengermsmsgs.exe" [MS] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ NOD32 Kernel Service, NOD32krn, ""C:Program FilesEsetnod32krn.exe"" ["Eset "] Pml Driver HPZ12, Pml Driver HPZ12, "C:WINDOWSsystem32HPZipm12.exe" ["HP"] TrueVector Internet Monitor, vsmon, "C:WINDOWSsystem32ZoneLabsvsmon.exe -service" ["Zone Labs, LLC"] Windows User Mode Driver Framework, UMWdf, "C:WINDOWSsystem32wdfmgr.exe" [MS] Print Monitors: --------------- HKLMSystemCurrentControlSetControlPrintMonitors HP Standard TCP/IP PortDriver = "HpTcpMon.dll" ["Hewlett Packard"] LIDIL hpzll054Driver = "hpzll054.dll" ["Hewlett-Packard Company"] Microsoft Document Imaging Writer MonitorDriver = "mdimon.dll" [MS] ---------- <<!>>: Suspicious data at a malware launch point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + To search all directories of local fixed drives for DESKTOP.INI DLL launch points, use the -supp parameter or answer "No" at the first message box and "Yes" at the second message box. ---------- (total run time: 53 seconds, including 9 seconds for message boxes)
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.