x-kom hosting

problem z zaporą?

matpin
utworzono
utworzono

Mam jakiś problem z komputerem. Nie działa mi najnowszy internet explorer, nie działają mi żadne aktualizacje (programy antywirusowe itp.) zapore windows mam wyłączoną i nie mam żadnego firewalla nie wiem co to jest. Proszę pomocy! Nie wiem czy to coś da ale moge wyslac loga z hijack

[ Dodano: 2007-02-25, 17:36 ]

Logfile of HijackThis v1.98.2

Scan saved at 17:36:12, on 2007-02-25

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:

C:WINDOWSSystem32smss.exe

C:WINDOWSsystem32winlogon.exe

C:WINDOWSsystem32services.exe

C:WINDOWSsystem32lsass.exe

C:WINDOWSsystem32svchost.exe

C:WINDOWSSystem32svchost.exe

C:WINDOWSsystem32spoolsv.exe

C:Program FilesEsetnod32krn.exe

C:WINDOWSSystem32svchost.exe

C:WINDOWSsystem32ZoneLabsvsmon.exe

C:WINDOWSExplorer.EXE

C:Program FilesQuickTimeqttask.exe

C:Program FilesEsetnod32kui.exe

C:Program FilesMessengermsmsgs.exe

C:Program FilesMSN Messengermsnmsgr.exe

C:WINDOWSsystem32ctfmon.exe

C:Program FilesD-Link AirPlusAirPlus.exe

C:WINDOWSsystem32svchost.exe

E:Spox programyGadu-Gadugg.exe

E:Spox programyNowy folderfirefox.exe

E:Spox programyPythonpython.exe

E:Spox programyProgramyhijackthis1982.exe

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.pajacyk.pl/

R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = localhost

R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza

R3 - URLSearchHook: PerfectNavBHO Class - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - C:PROGRA~1PERFEC~1BHOPERFEC~1.DLL (file missing)

O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:Program FilesMyWebSearchSrchAstt1.binMWSSRCAS.DLL (file missing)

O2 - BHO: NavErrRedir Class - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - C:PROGRA~1PERFEC~1BHOPERFEC~1.DLL (file missing)

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll

O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:Program FilesMyWebSearchbar1.binMWSBAR.DLL (file missing)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:Program FilesCommon FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll

O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:Program FilesMyWebSearchbar1.binMWSBAR.DLL (file missing)

O4 - HKLM..Run: [QuickTime Task] "C:Program FilesQuickTimeqttask.exe" -atboottime

O4 - HKLM..Run: [nod32kui] "C:Program FilesEsetnod32kui.exe" /WAITSERVICE

O4 - HKCU..Run: [internetCalls] "C:Program FilesInternetCalls.comInternetCallsInternetCalls.exe" -nosplash -minimized

O4 - HKCU..Run: [MSMSGS] "C:Program FilesMessengermsmsgs.exe" /background

O4 - HKCU..Run: [msnmsgr] "C:Program FilesMSN Messengermsnmsgr.exe" /background

O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe

O4 - Global Startup: D-Link AirPlus.lnk = ?

O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZNxmk043XXPL

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)

O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%Network Diagnosticxpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%Network Diagnosticxpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O15 - Trusted Zone: http://mks.com.pl

O15 - Trusted Zone: http://www.mks.com.pl

O15 - Trusted Zone: http://skaner.mks.com.pl

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwe...etup1.0.0.8.cab

O16 - DPF: {5A09E43F-A0A7-4ABF-AF80-11367CF1DC8F} (MainControl Class) - http://mks.com.pl/skaner/SkanerOnline.cab

O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MainControl Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1168159267562

O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://skaner.mks.com.pl/SkanerOnline.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:PROGRA~1MSNMES~1MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:PROGRA~1MSNMES~1MSGRAP~1.DLL

Aqui
komentarz
komentarz

Czy to jest napewno cały log?Dołącz log z Silentrunners.

matpin
komentarz
komentarz

"Silent Runners.vbs", revision R50, http://www.silentrunners.org/

Operating System: Windows XP SP2

Output limited to non-default values, except where indicated by "{++}"

Startup items buried in registry:

---------------------------------

HKCUSoftwareMicrosoftWindowsCurrentVersionRun {++}

"InternetCalls" = ""C:Program FilesInternetCalls.comInternetCallsInternetCalls.exe" -nosplash -minimized" [file not found]

"MSMSGS" = ""C:Program FilesMessengermsmsgs.exe" /background" [MS]

"msnmsgr" = ""C:Program FilesMSN Messengermsnmsgr.exe" /background" [MS]

"ctfmon.exe" = "C:WINDOWSsystem32ctfmon.exe" [MS]

HKLMSoftwareMicrosoftWindowsCurrentVersionRun {++}

"QuickTime Task" = ""C:Program FilesQuickTimeqttask.exe" -atboottime" ["Apple Computer, Inc."]

"nod32kui" = ""C:Program FilesEsetnod32kui.exe" /WAITSERVICE" ["Eset "]

HKLMSoftwareMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects

{00A6FAF1-072E-44cf-8957-5838F569A31D}(Default) = "MyWebSearch Search Assistant BHO"

-> {HKLM...CLSID} = "MyWebSearch Search Assistant BHO"

InProcServer32(Default) = "C:Program FilesMyWebSearchSrchAstt1.binMWSSRCAS.DLL" [file not found]

{00D6A7E7-4A97-456f-848A-3B75BF7554D7}(Default) = "NavErrRedir Class"

-> {HKLM...CLSID} = "PerfectNavBHO Class"

InProcServer32(Default) = "C:PROGRA~1PERFEC~1BHOPERFEC~1.DLL" [file not found]

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided)

-> {HKLM...CLSID} = "AcroIEHlprObj Class"

InProcServer32(Default) = "C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll" ["Adobe Systems Incorporated"]

{07B18EA1-A523-4961-B6BB-170DE4475CCA}(Default) = "mwsBar BHO"

-> {HKLM...CLSID} = "mwsBar BHO"

InProcServer32(Default) = "C:Program FilesMyWebSearchbar1.binMWSBAR.DLL" [file not found]

{9030D464-4C02-4ABF-8ECC-5164760863C6}(Default) = (no title provided)

-> {HKLM...CLSID} = "Windows Live Sign-in Helper"

InProcServer32(Default) = "C:Program FilesCommon FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll" [MS]

HKLMSoftwareMicrosoftWindowsCurrentVersionShell ExtensionsApproved

"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"

-> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"

InProcServer32(Default) = "deskpan.dll" [file not found]

"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"

-> {HKLM...CLSID} = "HyperTerminal Icon Ext"

InProcServer32(Default) = "C:WINDOWSSystem32hticons.dll" ["Hilgraeve, Inc."]

"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}" = "Microsoft Data Link"

-> {HKLM...CLSID} = "Microsoft OLE DB Service Component Data Links"

InProcServer32(Default) = "C:Program FilesCommon FilesSystemOle DBoledb32.dll" [file not found]

"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"

-> {HKLM...CLSID} = "WinRAR"

InProcServer32(Default) = "C:Program FilesWinRARrarext.dll" [null data]

"{32020A01-506E-484D-A2A8-BE3CF17601C3}" = "AlcoholShellEx"

-> {HKLM...CLSID} = "AlcoholShellEx"

InProcServer32(Default) = "C:PROGRA~1ALCOHO~1ALCOHO~1AXShlEx.dll" ["Alcohol Soft Development Team"]

"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"

-> {HKLM...CLSID} = "Portable Media Devices Menu"

InProcServer32(Default) = "C:WINDOWSsystem32Audiodev.dll" [MS]

"{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"

-> {HKLM...CLSID} = "Microsoft Office Outlook"

InProcServer32(Default) = "C:PROGRA~1MICROS~2OFFICE11MLSHEXT.DLL" [MS]

"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"

-> {HKLM...CLSID} = "Rozszerzenie ikon plików programu Outlook"

InProcServer32(Default) = "C:PROGRA~1MICROS~2OFFICE11OLKFSTUB.DLL" [MS]

"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"

-> {HKLM...CLSID} = (no title provided)

InProcServer32(Default) = "C:Program FilesMicrosoft OfficeOFFICE11msohev.dll" [MS]

"{EE75AC21-B24F-11d3-BA80-00C0CA16AA37}" = "BenQ-Siemens Device"

-> {HKLM...CLSID} = "BenQ-Siemens Device"

InProcServer32(Default) = "C:Program FilesMobile Phone ManagerbinPhoneExplorer.dll" [file not found]

"{EE75AC22-B24F-11d3-BA80-00C0CA16AA37}" = "BenQ-Siemens Device ContextMenuHandler"

-> {HKLM...CLSID} = "BenQ-Siemens Device ContextMenuHandler"

InProcServer32(Default) = "C:Program FilesMobile Phone ManagerbinPhoneExplorer.dll" [file not found]

"{EE75AC23-B24F-11d3-BA80-00C0CA16AA37}" = "BenQ-Siemens Device PropertySheetHandlers"

-> {HKLM...CLSID} = "BenQ-Siemens Device PropertySheetHandler"

InProcServer32(Default) = "C:Program FilesMobile Phone ManagerbinPhoneExplorer.dll" [file not found]

"{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D}" = "Messenger Sharing Folders"

-> {HKLM...CLSID} = "Moje foldery udostępniania"

InProcServer32(Default) = "C:Program FilesMSN Messengerfsshext.8.0.0812.00.dll" [MS]

"{400CFEE2-39D0-46DC-96DF-E0BB5A4324B3}" = "My Logitech Pictures"

-> {HKLM...CLSID} = "My Logitech Pictures"

InProcServer32(Default) = "C:Program FilesLogitechVideoNamespc2.dll" ["Logitech Inc."]

"{B089FE88-FB52-11D3-BDF1-0050DA34150D}" = "NOD32 Context Menu Shell Extension"

-> {HKLM...CLSID} = "NOD32 Context Menu Shell Extension"

InProcServer32(Default) = "C:Program FilesEsetnodshex.dll" [null data]

HKLMSoftwareClassesPROTOCOLSFilter

<<!>> text/xmlCLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"

-> {HKLM...CLSID} = (no title provided)

InProcServer32(Default) = "C:Program FilesCommon FilesMicrosoft SharedOFFICE11MSOXMLMF.DLL" [MS]

HKLMSoftwareClassesFoldershellexColumnHandlers

{F9DB5320-233E-11D1-9F84-707F02C10627}(Default) = "PDF Column Info"

-> {HKLM...CLSID} = "PDF Shell Extension"

InProcServer32(Default) = "C:Program FilesAdobeAcrobat 7.0ActiveXPDFShell.dll" ["Adobe Systems, Inc."]

HKLMSoftwareClasses*shellexContextMenuHandlers

NOD32 Context Menu Shell Extension(Default) = "{B089FE88-FB52-11D3-BDF1-0050DA34150D}"

-> {HKLM...CLSID} = "NOD32 Context Menu Shell Extension"

InProcServer32(Default) = "C:Program FilesEsetnodshex.dll" [null data]

WinRAR(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

-> {HKLM...CLSID} = "WinRAR"

InProcServer32(Default) = "C:Program FilesWinRARrarext.dll" [null data]

HKLMSoftwareClassesDirectoryshellexContextMenuHandlers

WinRAR(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

-> {HKLM...CLSID} = "WinRAR"

InProcServer32(Default) = "C:Program FilesWinRARrarext.dll" [null data]

HKLMSoftwareClassesFoldershellexContextMenuHandlers

NOD32 Context Menu Shell Extension(Default) = "{B089FE88-FB52-11D3-BDF1-0050DA34150D}"

-> {HKLM...CLSID} = "NOD32 Context Menu Shell Extension"

InProcServer32(Default) = "C:Program FilesEsetnodshex.dll" [null data]

WinRAR(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

-> {HKLM...CLSID} = "WinRAR"

InProcServer32(Default) = "C:Program FilesWinRARrarext.dll" [null data]

Group Policies {policy setting}:

--------------------------------

Note: detected settings may not have any effect.

HKLMSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem

"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001

{Shutdown: Allow system to be shut down without having to log on}

"undockwithoutlogon" = (REG_DWORD) hex:0x00000001

{Devices: Allow undock without having to log on}

Active Desktop and Wallpaper:

-----------------------------

Active Desktop may be disabled at this entry:

HKCUSoftwareMicrosoftWindowsCurrentVersionExplorerShellState

Enabled Screen Saver:

---------------------

HKCUControl PanelDesktop

"SCRNSAVE.EXE" = "C:WINDOWSSystem32logon.scr" [MS]

Startup items in "User" & "All Users" startup folders:

------------------------------------------------------

C:Documents and SettingsAll UsersMenu StartProgramyAutostart

"D-Link AirPlus" -> shortcut to: "C:Program FilesD-Link AirPlusAirPlus.exe" ["D-Link"]

Winsock2 Service Provider DLLs:

-------------------------------

Namespace Service Providers

HKLMSystemCurrentControlSetServicesWinsock2ParametersNameSpace_Catalog5Catalog_E

tries {++}

000000000001LibraryPath = "%SystemRoot%System32mswsock.dll" [MS]

000000000002LibraryPath = "%SystemRoot%System32winrnr.dll" [MS]

000000000003LibraryPath = "%SystemRoot%System32mswsock.dll" [MS]

000000000004LibraryPath = "%SystemRoot%System32nwprovau.dll" [MS]

Transport Service Providers

HKLMSystemCurrentControlSetServicesWinsock2ParametersProtocol_Catalog9Catalog_En

ries {++}

0000000000##PackedCatalogItem (contains) DLL [Company Name], (at) ## range:

%SystemRoot%system32mswsock.dll [MS], 01 - 03, 06 - 18

%SystemRoot%system32rsvpsp.dll [MS], 04 - 05

Toolbars, Explorer Bars, Extensions:

------------------------------------

Toolbars

HKCUSoftwareMicrosoftInternet ExplorerToolbarShellBrowser

"{07B18EA9-A523-4961-B6BB-170DE4475CCA}"

-> {HKLM...CLSID} = "My &Web Search"

InProcServer32(Default) = "C:Program FilesMyWebSearchbar1.binMWSBAR.DLL" [file not found]

HKCUSoftwareMicrosoftInternet ExplorerToolbarWebBrowser

"{0494D0D9-F8E0-41AD-92A3-14154ECE70AC}"

-> {HKLM...CLSID} = "My &Search Bar"

InProcServer32(Default) = "C:Program FilesMyWaymyBar1.binMYBAR.DLL" [file not found]

HKLMSoftwareMicrosoftInternet ExplorerToolbar

"{07B18EA9-A523-4961-B6BB-170DE4475CCA}" = (no title provided)

-> {HKLM...CLSID} = "My &Web Search"

InProcServer32(Default) = "C:Program FilesMyWebSearchbar1.binMWSBAR.DLL" [file not found]

Explorer Bars

HKLMSoftwareMicrosoftInternet ExplorerExplorer Bars

HKLMSoftwareClassesCLSID{0494D0DE-F8E0-41AD-92A3-14154ECE70AC}(Default) = "My Search Bar Quick View"

Implemented Categories{00021493-0000-0000-C000-000000000046} [vertical bar]

InProcServer32(Default) = "C:WINDOWSSystem32shdocvw.dll" [MS]

HKLMSoftwareClassesCLSID{1E0DE227-5CE4-4EA3-AB0C-8B03E1AA76BC}(Default) = "My Web Search Quick View"

Implemented Categories{00021493-0000-0000-C000-000000000046} [vertical bar]

InProcServer32(Default) = "C:WINDOWSSystem32shdocvw.dll" [MS]

HKLMSoftwareClassesCLSID{FF059E31-CC5A-4E2E-BF3B-96E929D65503}(Default) = "&Badanie"

Implemented Categories{00021493-0000-0000-C000-000000000046} [vertical bar]

InProcServer32(Default) = "C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL" [MS]

Extensions (Tools menu items, main toolbar menu buttons)

HKLMSoftwareMicrosoftInternet ExplorerExtensions

{08B0E5C0-4FCB-11CF-AAA5-00401C608501}

"MenuText" = "Sun Java Console"

"CLSIDExtension" = "{08B0E5C0-4FCB-11CF-AAA5-00401C608501}"

{92780B25-18CC-41C8-B9BE-3C9C571A8263}

"ButtonText" = "Badanie"

{E2E2DD38-D088-4134-82B7-F2BA38496583}

"MenuText" = "@xpsp3res.dll,-20001"

"Exec" = "%windir%Network Diagnosticxpnetdiag.exe" [MS]

{FB5F1910-F110-11D2-BB9E-00C04F795683}

"ButtonText" = "Messenger"

"MenuText" = "Windows Messenger"

"Exec" = "C:Program FilesMessengermsmsgs.exe" [MS]

Miscellaneous IE Hijack Points

------------------------------

HKCUSoftwareMicrosoftInternet ExplorerURLSearchHooks

<<H>> "{00D6A7E7-4A97-456f-848A-3B75BF7554D7}" = (no title provided)

-> {HKLM...CLSID} = "PerfectNavBHO Class"

InProcServer32(Default) = "C:PROGRA~1PERFEC~1BHOPERFEC~1.DLL" [file not found]

Running Services (Display Name, Service Name, Path {Service DLL}):

------------------------------------------------------------------

NOD32 Kernel Service, NOD32krn, ""C:Program FilesEsetnod32krn.exe"" ["Eset "]

TrueVector Internet Monitor, vsmon, "C:WINDOWSsystem32ZoneLabsvsmon.exe -service" ["Zone Labs, LLC"]

Usługa Messenger Sharing USN Journal Reader, usnsvc, "C:WINDOWSsystem32svchost.exe -k usnsvc" {"C:Program FilesMSN Messengerusnsvc.dll" [MS]}

Windows User Mode Driver Framework, UMWdf, "C:WINDOWSsystem32wdfmgr.exe" [MS]

Print Monitors:

---------------

HKLMSystemCurrentControlSetControlPrintMonitors

HP Standard TCP/IP PortDriver = "HpTcpMon.dll" ["Hewlett Packard"]

LIDIL hpzll054Driver = "hpzll054.dll" ["Hewlett-Packard Company"]

Microsoft Document Imaging Writer MonitorDriver = "mdimon.dll" [MS]

----------

<<!>>: Suspicious data at a malware launch point.

<<H>>: Suspicious data at a browser hijack point.

+ This report excludes default entries except where indicated.

+ To see *everywhere* the script checks and *everything* it finds,

launch it from a command prompt or a shortcut with the -all parameter.

+ The search for DESKTOP.INI DLL launch points on all local fixed drives

took 37 seconds.

---------- (total run time: 89 seconds)

Aqui
komentarz
komentarz

Usuwasz w trybie awaryjnym z wyłączonym przywracaniem systemu.

R3 - URLSearchHook: PerfectNavBHO Class - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - C:PROGRA~1PERFEC~1BHOPERFEC~1.DLL (file missing)

O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:Program FilesMyWebSearchSrchAstt1.binMWSSRCAS.DLL (file missing)

O2 - BHO: NavErrRedir Class - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - C:PROGRA~1PERFEC~1BHOPERFEC~1.DLL (file missing)

O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:Program FilesMyWebSearchbar1.binMWSBAR.DLL (file missing)

O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:Program FilesMyWebSearchbar1.binMWSBAR.DLL (file missing)

O8 - Extra context menu item: &Search - http://bar.mywebsearch.co...?p=ZNxmk043XXPL

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/ima...etup1.0.0.8.cab

Wpisy zaznacz i wcisnij fix checked,pogrubione pliki/foldery usun recznie z dysku.

matpin
komentarz
komentarz

wprawdzie nie rozwiązało to mojego problemu ale pewnie mam kilka wirusów mniej. Internet explorer nadal mi nie działa tak jak aktualizacje do nod32 i jeszcze pare programów które niedawno zainstalowałem. Być może coś skasowałem w systemie i sie coś zrypało. Proszę o jakieś info co mam robić. Prosze pomocy!

Aqui
komentarz
komentarz

Daj nowe logi....

matpin
komentarz
komentarz

Logfile of HijackThis v1.98.2

Scan saved at 18:15:22, on 2007-02-26

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:

C:WINDOWSSystem32smss.exe

C:WINDOWSsystem32winlogon.exe

C:WINDOWSsystem32services.exe

C:WINDOWSsystem32lsass.exe

C:WINDOWSsystem32svchost.exe

C:WINDOWSSystem32svchost.exe

C:WINDOWSsystem32spoolsv.exe

C:Program FilesEsetnod32krn.exe

C:WINDOWSsystem32HPZipm12.exe

C:WINDOWSSystem32svchost.exe

C:WINDOWSsystem32ZoneLabsvsmon.exe

C:WINDOWSExplorer.EXE

C:Program FilesQuickTimeqttask.exe

C:Program FilesMessengermsmsgs.exe

C:Program FilesMSN Messengermsnmsgr.exe

C:WINDOWSsystem32ctfmon.exe

C:Program FilesD-Link AirPlusAirPlus.exe

C:WINDOWSsystem32taskmgr.exe

E:Spox programyGadu-Gadugg.exe

E:Spox programyNowy folderfirefox.exe

E:Spox programyProgramyhijackthis1982.exe

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.pajacyk.pl/

R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = localhost

R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:Program FilesCommon FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll

O4 - HKLM..Run: [QuickTime Task] "C:Program FilesQuickTimeqttask.exe" -atboottime

O4 - HKLM..Run: [nod32kui] "C:Program FilesEsetnod32kui.exe" /WAITSERVICE

O4 - HKCU..Run: [internetCalls] "C:Program FilesInternetCalls.comInternetCallsInternetCalls.exe" -nosplash -minimized

O4 - HKCU..Run: [MSMSGS] "C:Program FilesMessengermsmsgs.exe" /background

O4 - HKCU..Run: [msnmsgr] "C:Program FilesMSN Messengermsnmsgr.exe" /background

O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe

O4 - Global Startup: D-Link AirPlus.lnk = ?

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)

O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%Network Diagnosticxpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%Network Diagnosticxpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O15 - Trusted Zone: http://mks.com.pl

O15 - Trusted Zone: http://www.mks.com.pl

O15 - Trusted Zone: http://skaner.mks.com.pl

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {5A09E43F-A0A7-4ABF-AF80-11367CF1DC8F} (MainControl Class) - http://mks.com.pl/skaner/SkanerOnline.cab

O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MainControl Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1168159267562

O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://skaner.mks.com.pl/SkanerOnline.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:PROGRA~1MSNMES~1MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:PROGRA~1MSNMES~1MSGRAP~1.DLL

"Silent Runners.vbs", revision R50, http://www.silentrunners.org/

Operating System: Windows XP SP2

Output limited to non-default values, except where indicated by "{++}"

Startup items buried in registry:

---------------------------------

HKCUSoftwareMicrosoftWindowsCurrentVersionRun {++}

"InternetCalls" = ""C:Program FilesInternetCalls.comInternetCallsInternetCalls.exe" -nosplash -minimized" [file not found]

"MSMSGS" = ""C:Program FilesMessengermsmsgs.exe" /background" [MS]

"msnmsgr" = ""C:Program FilesMSN Messengermsnmsgr.exe" /background" [MS]

"ctfmon.exe" = "C:WINDOWSsystem32ctfmon.exe" [MS]

HKLMSoftwareMicrosoftWindowsCurrentVersionRun {++}

"QuickTime Task" = ""C:Program FilesQuickTimeqttask.exe" -atboottime" ["Apple Computer, Inc."]

"nod32kui" = ""C:Program FilesEsetnod32kui.exe" /WAITSERVICE" ["Eset "]

HKLMSoftwareMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided)

-> {HKLM...CLSID} = "AcroIEHlprObj Class"

InProcServer32(Default) = "C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll" ["Adobe Systems Incorporated"]

{9030D464-4C02-4ABF-8ECC-5164760863C6}(Default) = (no title provided)

-> {HKLM...CLSID} = "Windows Live Sign-in Helper"

InProcServer32(Default) = "C:Program FilesCommon FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll" [MS]

HKLMSoftwareMicrosoftWindowsCurrentVersionShell ExtensionsApproved

"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"

-> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"

InProcServer32(Default) = "deskpan.dll" [file not found]

"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"

-> {HKLM...CLSID} = "HyperTerminal Icon Ext"

InProcServer32(Default) = "C:WINDOWSSystem32hticons.dll" ["Hilgraeve, Inc."]

"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}" = "Microsoft Data Link"

-> {HKLM...CLSID} = "Microsoft OLE DB Service Component Data Links"

InProcServer32(Default) = "C:Program FilesCommon FilesSystemOle DBoledb32.dll" [file not found]

"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"

-> {HKLM...CLSID} = "WinRAR"

InProcServer32(Default) = "C:Program FilesWinRARrarext.dll" [null data]

"{32020A01-506E-484D-A2A8-BE3CF17601C3}" = "AlcoholShellEx"

-> {HKLM...CLSID} = "AlcoholShellEx"

InProcServer32(Default) = "C:PROGRA~1ALCOHO~1ALCOHO~1AXShlEx.dll" ["Alcohol Soft Development Team"]

"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"

-> {HKLM...CLSID} = "Portable Media Devices Menu"

InProcServer32(Default) = "C:WINDOWSsystem32Audiodev.dll" [MS]

"{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"

-> {HKLM...CLSID} = "Microsoft Office Outlook"

InProcServer32(Default) = "C:PROGRA~1MICROS~2OFFICE11MLSHEXT.DLL" [MS]

"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"

-> {HKLM...CLSID} = "Rozszerzenie ikon plików programu Outlook"

InProcServer32(Default) = "C:PROGRA~1MICROS~2OFFICE11OLKFSTUB.DLL" [MS]

"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"

-> {HKLM...CLSID} = (no title provided)

InProcServer32(Default) = "C:Program FilesMicrosoft OfficeOFFICE11msohev.dll" [MS]

"{EE75AC21-B24F-11d3-BA80-00C0CA16AA37}" = "BenQ-Siemens Device"

-> {HKLM...CLSID} = "BenQ-Siemens Device"

InProcServer32(Default) = "C:Program FilesMobile Phone ManagerbinPhoneExplorer.dll" [file not found]

"{EE75AC22-B24F-11d3-BA80-00C0CA16AA37}" = "BenQ-Siemens Device ContextMenuHandler"

-> {HKLM...CLSID} = "BenQ-Siemens Device ContextMenuHandler"

InProcServer32(Default) = "C:Program FilesMobile Phone ManagerbinPhoneExplorer.dll" [file not found]

"{EE75AC23-B24F-11d3-BA80-00C0CA16AA37}" = "BenQ-Siemens Device PropertySheetHandlers"

-> {HKLM...CLSID} = "BenQ-Siemens Device PropertySheetHandler"

InProcServer32(Default) = "C:Program FilesMobile Phone ManagerbinPhoneExplorer.dll" [file not found]

"{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D}" = "Messenger Sharing Folders"

-> {HKLM...CLSID} = "Moje foldery udostępniania"

InProcServer32(Default) = "C:Program FilesMSN Messengerfsshext.8.0.0812.00.dll" [MS]

"{400CFEE2-39D0-46DC-96DF-E0BB5A4324B3}" = "My Logitech Pictures"

-> {HKLM...CLSID} = "My Logitech Pictures"

InProcServer32(Default) = "C:Program FilesLogitechVideoNamespc2.dll" ["Logitech Inc."]

"{B089FE88-FB52-11D3-BDF1-0050DA34150D}" = "NOD32 Context Menu Shell Extension"

-> {HKLM...CLSID} = "NOD32 Context Menu Shell Extension"

InProcServer32(Default) = "C:Program FilesEsetnodshex.dll" [null data]

HKLMSoftwareClassesPROTOCOLSFilter

<<!>> text/xmlCLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"

-> {HKLM...CLSID} = (no title provided)

InProcServer32(Default) = "C:Program FilesCommon FilesMicrosoft SharedOFFICE11MSOXMLMF.DLL" [MS]

HKLMSoftwareClassesFoldershellexColumnHandlers

{F9DB5320-233E-11D1-9F84-707F02C10627}(Default) = "PDF Column Info"

-> {HKLM...CLSID} = "PDF Shell Extension"

InProcServer32(Default) = "C:Program FilesAdobeAcrobat 7.0ActiveXPDFShell.dll" ["Adobe Systems, Inc."]

HKLMSoftwareClasses*shellexContextMenuHandlers

NOD32 Context Menu Shell Extension(Default) = "{B089FE88-FB52-11D3-BDF1-0050DA34150D}"

-> {HKLM...CLSID} = "NOD32 Context Menu Shell Extension"

InProcServer32(Default) = "C:Program FilesEsetnodshex.dll" [null data]

WinRAR(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

-> {HKLM...CLSID} = "WinRAR"

InProcServer32(Default) = "C:Program FilesWinRARrarext.dll" [null data]

HKLMSoftwareClassesDirectoryshellexContextMenuHandlers

WinRAR(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

-> {HKLM...CLSID} = "WinRAR"

InProcServer32(Default) = "C:Program FilesWinRARrarext.dll" [null data]

HKLMSoftwareClassesFoldershellexContextMenuHandlers

NOD32 Context Menu Shell Extension(Default) = "{B089FE88-FB52-11D3-BDF1-0050DA34150D}"

-> {HKLM...CLSID} = "NOD32 Context Menu Shell Extension"

InProcServer32(Default) = "C:Program FilesEsetnodshex.dll" [null data]

WinRAR(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

-> {HKLM...CLSID} = "WinRAR"

InProcServer32(Default) = "C:Program FilesWinRARrarext.dll" [null data]

Group Policies {policy setting}:

--------------------------------

Note: detected settings may not have any effect.

HKLMSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem

"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001

{Shutdown: Allow system to be shut down without having to log on}

"undockwithoutlogon" = (REG_DWORD) hex:0x00000001

{Devices: Allow undock without having to log on}

Active Desktop and Wallpaper:

-----------------------------

Active Desktop may be disabled at this entry:

HKCUSoftwareMicrosoftWindowsCurrentVersionExplorerShellState

Enabled Screen Saver:

---------------------

HKCUControl PanelDesktop

"SCRNSAVE.EXE" = "C:WINDOWSSystem32logon.scr" [MS]

Startup items in "User" & "All Users" startup folders:

------------------------------------------------------

C:Documents and SettingsAll UsersMenu StartProgramyAutostart

"D-Link AirPlus" -> shortcut to: "C:Program FilesD-Link AirPlusAirPlus.exe" ["D-Link"]

Winsock2 Service Provider DLLs:

-------------------------------

Namespace Service Providers

HKLMSystemCurrentControlSetServicesWinsock2ParametersNameSpace_Catalog5Catalog_E

tries {++}

000000000001LibraryPath = "%SystemRoot%System32mswsock.dll" [MS]

000000000002LibraryPath = "%SystemRoot%System32winrnr.dll" [MS]

000000000003LibraryPath = "%SystemRoot%System32mswsock.dll" [MS]

000000000004LibraryPath = "%SystemRoot%System32nwprovau.dll" [MS]

Transport Service Providers

HKLMSystemCurrentControlSetServicesWinsock2ParametersProtocol_Catalog9Catalog_En

ries {++}

0000000000##PackedCatalogItem (contains) DLL [Company Name], (at) ## range:

%SystemRoot%system32mswsock.dll [MS], 01 - 03, 06 - 18

%SystemRoot%system32rsvpsp.dll [MS], 04 - 05

Toolbars, Explorer Bars, Extensions:

------------------------------------

Toolbars

HKCUSoftwareMicrosoftInternet ExplorerToolbarShellBrowser

"{07B18EA9-A523-4961-B6BB-170DE4475CCA}"

-> {HKLM...CLSID} = "My &Web Search"

InProcServer32(Default) = "C:Program FilesMyWebSearchbar1.binMWSBAR.DLL" [file not found]

HKCUSoftwareMicrosoftInternet ExplorerToolbarWebBrowser

"{0494D0D9-F8E0-41AD-92A3-14154ECE70AC}"

-> {HKLM...CLSID} = "My &Search Bar"

InProcServer32(Default) = "C:Program FilesMyWaymyBar1.binMYBAR.DLL" [file not found]

Explorer Bars

HKLMSoftwareMicrosoftInternet ExplorerExplorer Bars

HKLMSoftwareClassesCLSID{0494D0DE-F8E0-41AD-92A3-14154ECE70AC}(Default) = "My Search Bar Quick View"

Implemented Categories{00021493-0000-0000-C000-000000000046} [vertical bar]

InProcServer32(Default) = "C:WINDOWSSystem32shdocvw.dll" [MS]

HKLMSoftwareClassesCLSID{1E0DE227-5CE4-4EA3-AB0C-8B03E1AA76BC}(Default) = "My Web Search Quick View"

Implemented Categories{00021493-0000-0000-C000-000000000046} [vertical bar]

InProcServer32(Default) = "C:WINDOWSSystem32shdocvw.dll" [MS]

HKLMSoftwareClassesCLSID{FF059E31-CC5A-4E2E-BF3B-96E929D65503}(Default) = "&Badanie"

Implemented Categories{00021493-0000-0000-C000-000000000046} [vertical bar]

InProcServer32(Default) = "C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL" [MS]

Extensions (Tools menu items, main toolbar menu buttons)

HKLMSoftwareMicrosoftInternet ExplorerExtensions

{08B0E5C0-4FCB-11CF-AAA5-00401C608501}

"MenuText" = "Sun Java Console"

"CLSIDExtension" = "{08B0E5C0-4FCB-11CF-AAA5-00401C608501}"

{92780B25-18CC-41C8-B9BE-3C9C571A8263}

"ButtonText" = "Badanie"

{E2E2DD38-D088-4134-82B7-F2BA38496583}

"MenuText" = "@xpsp3res.dll,-20001"

"Exec" = "%windir%Network Diagnosticxpnetdiag.exe" [MS]

{FB5F1910-F110-11D2-BB9E-00C04F795683}

"ButtonText" = "Messenger"

"MenuText" = "Windows Messenger"

"Exec" = "C:Program FilesMessengermsmsgs.exe" [MS]

Running Services (Display Name, Service Name, Path {Service DLL}):

------------------------------------------------------------------

NOD32 Kernel Service, NOD32krn, ""C:Program FilesEsetnod32krn.exe"" ["Eset "]

Pml Driver HPZ12, Pml Driver HPZ12, "C:WINDOWSsystem32HPZipm12.exe" ["HP"]

TrueVector Internet Monitor, vsmon, "C:WINDOWSsystem32ZoneLabsvsmon.exe -service" ["Zone Labs, LLC"]

Windows User Mode Driver Framework, UMWdf, "C:WINDOWSsystem32wdfmgr.exe" [MS]

Print Monitors:

---------------

HKLMSystemCurrentControlSetControlPrintMonitors

HP Standard TCP/IP PortDriver = "HpTcpMon.dll" ["Hewlett Packard"]

LIDIL hpzll054Driver = "hpzll054.dll" ["Hewlett-Packard Company"]

Microsoft Document Imaging Writer MonitorDriver = "mdimon.dll" [MS]

----------

<<!>>: Suspicious data at a malware launch point.

+ This report excludes default entries except where indicated.

+ To see *everywhere* the script checks and *everything* it finds,

launch it from a command prompt or a shortcut with the -all parameter.

+ To search all directories of local fixed drives for DESKTOP.INI

DLL launch points, use the -supp parameter or answer "No" at the

first message box and "Yes" at the second message box.

---------- (total run time: 53 seconds, including 9 seconds for message boxes)

Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!

Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.

×
×
  • Dodaj nową pozycję...

Powiadomienie o plikach cookie

Strona wykorzystuje pliki cookies w celu prawidłowego świadczenia usług i wygody użytkowników. Warunki przechowywania i dostępu do plików cookies możesz zmienić w ustawieniach przeglądarki.