prośba o spr loga

[zse]

mam 2 pytania
1) prosze o spr loga ponieważ podejrzewam ze złapałem wirusa rozsyłanego w linku przez GG

Kod: Zaznacz wszystko

Logfile of HijackThis v1.99.1
Scan saved at 14:18:31, on 2006-11-05
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\LClock\LClock.exe
D:\Programy zainstalowane na PC\Programy Antywirusowi i Firewall\Sunbelt Kerio Personal Firewall\Personal Firewall 4\kpf4ss.exe
D:\Programy zainstalowane na PC\Programy Antywirusowi i Firewall\Nod32 PL\nod32kui.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\SysInfoMyWork\SysInfoMyWork.exe
D:\Programy zainstalowane na PC\Programy Antywirusowi i Firewall\Nod32 PL\nod32krn.exe
C:\WINDOWS\System32\nvsvc32.exe
D:\Programy zainstalowane na PC\Programy Antywirusowi i Firewall\Sunbelt Kerio Personal Firewall\Personal Firewall 4\kpf4gui.exe
D:\Programy zainstalowane na PC\Programy Antywirusowi i Firewall\Sunbelt Kerio Personal Firewall\Personal Firewall 4\kpf4gui.exe
C:\Program Files\AutoConnect\AutoConnect.exe
D:\Programy zainstalowane na PC\Programy Multimedialne\Foobar 2K\foobar2000.exe
D:\Programy zainstalowane na PC\Programy Internetowe\Konnekt\konnekt.exe
D:\PROGRA~1\PROGRA~3\FREEDO~1\fdm.exe
D:\Programy zainstalowane na PC\Programy Antywirusowi i Firewall\Ewido anti-spyware 4.0\ewido.exe
C:\DOCUME~1\S0A75~1.GRA\USTAWI~1\Temp\Katalog tymczasowy 1 dla hijackthis1.99.1.zip\HijackThis.exe
D:\Programy zainstalowane na PC\Programy Internetowe\Opera\Opera.exe
C:\Inne\W P N\antivir_workstation_win7u_en_h.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incredimail.com/english
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
O2 - BHO: (no name) - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - (no file)
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - D:\Programy zainstalowane na PC\Programy Internetowe\Free Download Manager\iefdmcks.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LClock] C:\Program Files\LClock\LClock.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nod32kui] "D:\Programy zainstalowane na PC\Programy Antywirusowi i Firewall\Nod32 PL\nod32kui.exe" /WAITSERVICE
O4 - Startup: SysInfoMyWork.lnk = C:\Program Files\SysInfoMyWork\SysInfoMyWork.exe
O8 - Extra context menu item: Download all with Free Download Manager - file://D:\Programy zainstalowane na PC\Programy Internetowe\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://D:\Programy zainstalowane na PC\Programy Internetowe\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://D:\Programy zainstalowane na PC\Programy Internetowe\Free Download Manager\dllink.htm
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Pop-Up Blocker - {84536FE2-ABCD-3586-DCAB-40E286323737} - D:\Programy zainstalowane na PC\Programy Systemowe\WINnerTweak3\PopUp Blocker.exe
O9 - Extra 'Tools' menuitem: Pop-Up Blocker - {84536FE2-ABCD-3586-DCAB-40E286323737} - D:\Programy zainstalowane na PC\Programy Systemowe\WINnerTweak3\PopUp Blocker.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{5CE74B17-E7B1-4EB6-B458-02FEBFA4380F}: NameServer = 194.204.152.34 217.98.63.164
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - D:\Programy zainstalowane na PC\Programy Antywirusowi i Firewall\Ewido anti-spyware 4.0\guard.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - D:\Programy zainstalowane na PC\Programy Antywirusowi i Firewall\Sunbelt Kerio Personal Firewall\Personal Firewall 4\kpf4ss.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset  - D:\Programy zainstalowane na PC\Programy Antywirusowi i Firewall\Nod32 PL\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe



2) mój zestaw ochronny to Nod32 i Kerio oraz Firefox i Opera i myśle nad zmiana antywirusa zastaniawiam się nad Avira AntiVir PersonalEdition Classic i czy moze cie powiedzcieć czy to dobry antywirus jeśli to jakie antywirus byś Cie proponowali

[Aqui]

prosze o spr loga ponieważ podejrzewam ze złapałem wirusa

A jakie są objawy,czemu tak podejrzewasz

[zse]

komputer znacząco zwolił

[Aqui]

O2 - BHO: (no name) - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - (no file)
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)

fix kosmetyczny
Dodatkowo

C:\Inne\W P N\antivir_workstation_win7u_en_h.exe

To jest od Avira AntiVir
Ale ty juz masz Noda-takze masz 2 antyvirusy??
Dlatego zwolnil.....

[Mały22222]

2) mój zestaw ochronny to Nod32 i Kerio oraz Firefox i Opera i myśle nad zmiana antywirusa zastaniawiam się nad Avira AntiVir PersonalEdition Classic i czy moze cie powiedzcieć czy to dobry antywirus jeśli to jakie antywirus byś Cie proponowali

moim zdaniem masz dobry zestaw i nie musisz go zmieniac.Ja mam identyczny zestaw i jest spokój Mozesz jeszcze dorzucic do tego zestawu anty_spyware np ewido lub ad-adware

[zse]

Mały22222

ale masz 2 antyuwiry usun jednego!

mam jednego tylko przez przypadek odpaliłem instalke Avira AntiVir

[Aqui]

Co do Twojego zestawu-jest bardzo dobry
Mam nadzieje ze nie zainstalowales 2 antyvira..??
Daj jeszcze silentrunners
Przeczysc rejestr==>program ktory do tego służy to jv16 PowerTools 2006 1.5.2.344
Instrukcja tego programu
==============================
Opcje rejestru ==> Narzędzia ==> Czyszczenie rejestru ==> Po zakończeniu ==> Wybierz ==> Wybór specjalny == > Pozycje które można bezpiecznie usunąć
==============================
Start==>uruchom==>msconfig zakładka uruchamianie i wyłącz z autostartu to co Ci nie jest potrzebne...

[zse]

można prosić o link do programu silentrunners

[Mały22222]

http://www.forum.programosy.pl/hijackthis-amp-silent-runners-gtobsuga-i-umieszczanie-vt9452.html
tu masz wszystko napisane

[zse]

log z silentrunners :

Kod: Zaznacz wszystko

"Silent Runners.vbs", revision 49, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit" [MS]
"LClock" = "C:\Program Files\LClock\LClock.exe" [null data]
"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]
"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]
"nod32kui" = ""D:\Programy zainstalowane na PC\Programy Antywirusowi i Firewall\Nod32 PL\nod32kui.exe" /WAITSERVICE" ["Eset "]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{CC59E0F9-7E43-44FA-9FAA-8377850BF205}\(Default) = (no title provided)
  -> {HKLM...CLSID} = "FDMIECookiesBHO Class"
                   \InProcServer32\(Default) = "D:\Programy zainstalowane na PC\Programy Internetowe\Free Download Manager\iefdmcks.dll" [null data]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"
  -> {HKLM...CLSID} = "HyperTerminal Icon Ext"
                   \InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
  -> {HKLM...CLSID} = "WinRAR"
                   \InProcServer32\(Default) = "D:\Programy zainstalowane na PC\Programy Systemowe\Winrar\rarext.dll" [null data]
"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
  -> {HKLM...CLSID} = "DesktopContext Class"
                   \InProcServer32\(Default) = "C:\WINDOWS\System32\nvcpl.dll" ["NVIDIA Corporation"]
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
  -> {HKLM...CLSID} = "NVIDIA CPL Extension"
                   \InProcServer32\(Default) = "C:\WINDOWS\System32\nvcpl.dll" ["NVIDIA Corporation"]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
  -> {HKLM...CLSID} = "Desktop Explorer"
                   \InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
  -> {HKLM...CLSID} = (no title provided)
                   \InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"
  -> {HKLM...CLSID} = "nView Desktop Context Menu"
                   \InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{A4D78B20-6E05-1069-8758-4E73FD83DEAD}" = "QCopy"
  -> {HKLM...CLSID} = "QCopy"
                   \InProcServer32\(Default) = "dropcpyr.dll" [null data]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"
  -> {HKLM...CLSID} = "Rozszerzenie ikon plików programu Outlook"
                   \InProcServer32\(Default) = "D:\PROGRA~1\PROGRA~2\OFFICE~1\Office\OLKFSTUB.DLL" [MS]
"{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}" = "UnlockerShellExtension"
  -> {HKLM...CLSID} = "UnlockerShellExtension"
                   \InProcServer32\(Default) = "D:\Programy zainstalowane na PC\Programy Systemowe\Unlocker\UnlockerCOM.dll" [null data]
"{52B87208-9CCF-42C9-B88E-069281105805}" = "Trojan Remover Shell Extension"
  -> {HKLM...CLSID} = "Trojan Remover Shell Extension"
                   \InProcServer32\(Default) = "D:\PROGRA~1\PROGRA~1\TROJAN~1\Trshlex.dll" ["Simply Super Software"]
"{B089FE88-FB52-11D3-BDF1-0050DA34150D}" = "NOD32 Context Menu Shell Extension"
  -> {HKLM...CLSID} = "NOD32 Context Menu Shell Extension"
                   \InProcServer32\(Default) = "D:\Programy zainstalowane na PC\Programy Antywirusowi i Firewall\Nod32 PL\nodshex.dll" [null data]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
<<!>> "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}" = "ewido anti-spyware 4.0"
  -> {HKLM...CLSID} = "CShellExecuteHookImpl Object"
                   \InProcServer32\(Default) = "D:\Programy zainstalowane na PC\Programy Antywirusowi i Firewall\Ewido anti-spyware 4.0\shellexecutehook.dll" ["Anti-Malware Development a.s."]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
ewido anti-spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"
  -> {HKLM...CLSID} = "CContextScan Object"
                   \InProcServer32\(Default) = "D:\Programy zainstalowane na PC\Programy Antywirusowi i Firewall\Ewido anti-spyware 4.0\context.dll" ["Anti-Malware Development a.s."]
NOD32 Context Menu Shell Extension\(Default) = "{B089FE88-FB52-11D3-BDF1-0050DA34150D}"
  -> {HKLM...CLSID} = "NOD32 Context Menu Shell Extension"
                   \InProcServer32\(Default) = "D:\Programy zainstalowane na PC\Programy Antywirusowi i Firewall\Nod32 PL\nodshex.dll" [null data]
Trojan Remover\(Default) = "{52B87208-9CCF-42C9-B88E-069281105805}"
  -> {HKLM...CLSID} = "Trojan Remover Shell Extension"
                   \InProcServer32\(Default) = "D:\PROGRA~1\PROGRA~1\TROJAN~1\Trshlex.dll" ["Simply Super Software"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
  -> {HKLM...CLSID} = "WinRAR"
                   \InProcServer32\(Default) = "D:\Programy zainstalowane na PC\Programy Systemowe\Winrar\rarext.dll" [null data]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
ewido anti-spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"
  -> {HKLM...CLSID} = "CContextScan Object"
                   \InProcServer32\(Default) = "D:\Programy zainstalowane na PC\Programy Antywirusowi i Firewall\Ewido anti-spyware 4.0\context.dll" ["Anti-Malware Development a.s."]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
  -> {HKLM...CLSID} = "WinRAR"
                   \InProcServer32\(Default) = "D:\Programy zainstalowane na PC\Programy Systemowe\Winrar\rarext.dll" [null data]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
NOD32 Context Menu Shell Extension\(Default) = "{B089FE88-FB52-11D3-BDF1-0050DA34150D}"
  -> {HKLM...CLSID} = "NOD32 Context Menu Shell Extension"
                   \InProcServer32\(Default) = "D:\Programy zainstalowane na PC\Programy Antywirusowi i Firewall\Nod32 PL\nodshex.dll" [null data]
Trojan Remover\(Default) = "{52B87208-9CCF-42C9-B88E-069281105805}"
  -> {HKLM...CLSID} = "Trojan Remover Shell Extension"
                   \InProcServer32\(Default) = "D:\PROGRA~1\PROGRA~1\TROJAN~1\Trshlex.dll" ["Simply Super Software"]
UnlockerShellExtension\(Default) = "{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}"
  -> {HKLM...CLSID} = "UnlockerShellExtension"
                   \InProcServer32\(Default) = "D:\Programy zainstalowane na PC\Programy Systemowe\Unlocker\UnlockerCOM.dll" [null data]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
  -> {HKLM...CLSID} = "WinRAR"
                   \InProcServer32\(Default) = "D:\Programy zainstalowane na PC\Programy Systemowe\Winrar\rarext.dll" [null data]

HKLM\Software\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\
UnlockerShellExtension\(Default) = "{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}"
  -> {HKLM...CLSID} = "UnlockerShellExtension"
                   \InProcServer32\(Default) = "D:\Programy zainstalowane na PC\Programy Systemowe\Unlocker\UnlockerCOM.dll" [null data]


Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------

Note: detected settings may not have any effect.

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\

"NoLowDiskSpaceChecks" = (REG_DWORD) hex:0x00000001
{unrecognized setting}

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\

"DisableRegistryTools" = (REG_DWORD) hex:0x00000000
{User Configuration|Administrative Templates|System|
Prevent access to registry editing tools}

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\

"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}

"undockwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}


Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\S.Góralewski\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"


Startup items in "S.Góralewski" & "All Users" startup folders:
--------------------------------------------------------------

C:\Documents and Settings\S.Góralewski\Menu Start\Programy\Autostart
"SysInfoMyWork" -> shortcut to: "C:\Program Files\SysInfoMyWork\SysInfoMyWork.exe" ["Vetch Utilities"]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
C:\WINDOWS\system32\imon.dll ["Eset "], 01 - 05, 21
%SystemRoot%\system32\mswsock.dll [MS], 06 - 08, 11 - 20
%SystemRoot%\system32\rsvpsp.dll [MS], 09 - 10


Toolbars, Explorer Bars, Extensions:
------------------------------------

Explorer Bars

HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\

HKLM\Software\Classes\CLSID\{01002DB2-8170-4D9B-A8B1-DDC9DD114E03}\(Default) = "Volet Wanadoo"
Implemented Categories\{00021494-0000-0000-C000-000000000046}\ [horizontal bar]
InProcServer32\(Default) = "C:\PROGRA~1\NEOSTR~1\audience\audience.dll" [empty string]

HKLM\Software\Classes\CLSID\{3BAF4A27-C764-4E1A-A6F4-62F7A7E5E51C}\(Default) = "ToolBand Class"
Implemented Categories\{00021494-0000-0000-C000-000000000046}\ [horizontal bar]
InProcServer32\(Default) = "C:\PROGRA~1\NEOSTR~1\audience\audience.dll" [empty string]

HKLM\Software\Classes\CLSID\{5BF498C0-931E-4A4F-B33F-456D07137EAA}\(Default) = "Volet Wanadoo"
Implemented Categories\{00021494-0000-0000-C000-000000000046}\ [horizontal bar]
InProcServer32\(Default) = "C:\PROGRA~1\NEOSTR~1\audience\audience.dll" [empty string]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBC}"
  -> {HKLM...CLSID} = "Java Plug-in 1.5.0_04"
                   \InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll" ["Sun Microsystems, Inc."]

{84536FE2-ABCD-3586-DCAB-40E286323737}\
"ButtonText" = "Pop-Up Blocker"
"MenuText" = "Pop-Up Blocker"
"Exec" = "D:\Programy zainstalowane na PC\Programy Systemowe\WINnerTweak3\PopUp Blocker.exe" ["WINner Tweak Software Development Team"]


Miscellaneous IE Hijack Points
------------------------------

HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\
<<H>> "{08C06D61-F1F3-4799-86F8-BE1A89362C85}" = (no title provided)
  -> {HKLM...CLSID} = "Search Class"
                   \InProcServer32\(Default) = "C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL" [empty string]


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

NOD32 Kernel Service, NOD32krn, ""D:\Programy zainstalowane na PC\Programy Antywirusowi i Firewall\Nod32 PL\nod32krn.exe"" ["Eset "]
NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\System32\nvsvc32.exe" ["NVIDIA Corporation"]
Sunbelt Kerio Personal Firewall 4, KPF4, ""D:\Programy zainstalowane na PC\Programy Antywirusowi i Firewall\Sunbelt Kerio Personal Firewall\Personal Firewall 4\kpf4ss.exe"" ["Sunbelt Software"]


Print Monitors:
---------------

HKLM\System\CurrentControlSet\Control\Print\Monitors\
hpzsnt05\Driver = "hpzsnt05.dll" ["HP"]
Monitor 2 języka BJ\Driver = "CNBJMON2.DLL" [MS]


----------
<<!>>: Suspicious data at a malware launch point.
<<H>>: Suspicious data at a browser hijack point.

+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
  launch it from a command prompt or a shortcut with the -all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
  took 12 seconds.
---------- (total run time: 64 seconds)


[Aqui]

Wszystko jest w porządku
Wykonaj to co wczesniej napisalem-pomoże