Hijack - prosba o spr. logow

Witam,
Bardzo prosze o spr. logow z Hijacka.

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe
C:Program FilesAlwil SoftwareAvast4ashServ.exe
C:WINDOWSMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe
C:WINDOWSsystem32o2flash.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesCommon FilesSymantec SharedCCPD-LCsymlcsvc.exe
C:WINDOWSExplorer.EXE
C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe
C:Program FilesAlwil SoftwareAvast4ashWebSv.exe
C:WINDOWSsystem32igfxtray.exe
C:WINDOWSsystem32hkcmd.exe
C:WINDOWSsystem32igfxpers.exe
C:WINDOWSsm56hlpr.exe
C:Program FilesCyberLinkPowerDVDPDVDServ.exe
C:Program FilesCommon FilesRealUpdate_OB ealsched.exe
C:Program FilesWinampwinampa.exe
C:Program FilesD-Toolsdaemon.exe
C:PROGRA~1ALWILS~1Avast4ashDisp.exe
C:Program FilesJavajre1.5.0_11injusched.exe
C:Program FilesiTunesiTunesHelper.exe
C:PROGRA~1MESSEN~1Msmsgs.exe
C:Program FilesGadu-Gadugg.exe
C:Program FilesSkypePhoneSkype.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesTlen.pl len.exe
C:Program FilesTEXTwareHotKeyTwalink.exe
C:Program FilesiPodiniPodService.exe
C:Program FilesSkypePlugin ManagerSkypePM.exe
C:Program FilesWinampwinamp.exe
C:Program FilesMozilla Firefoxfirefox.exe
C:Program FilesWinRARWinRAR.exe
C:DOCUME~1PinokioLOCALS~1TempRar$EX00.719HijackThis.exe

R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL =

http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL =

http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page =

http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page =

http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program

FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:Program FilesSpybot - Search &

DestroySDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program

FilesJavajre1.5.0_11inssv.dll
O4 - HKLM..Run: [igfxtray] C:WINDOWSsystem32igfxtray.exe
O4 - HKLM..Run: [igfxhkcmd] C:WINDOWSsystem32hkcmd.exe
O4 - HKLM..Run: [igfxpers] C:WINDOWSsystem32igfxpers.exe
O4 - HKLM..Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM..Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM..Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM..Run: [NeroFilterCheck] C:WINDOWSsystem32NeroCheck.exe
O4 - HKLM..Run: [RemoteControl] "C:Program FilesCyberLinkPowerDVDPDVDServ.exe"
O4 - HKLM..Run: [TkBellExe] "C:Program FilesCommon FilesRealUpdate_OB ealsched.exe" -osboot
O4 - HKLM..Run: [WinampAgent] C:Program FilesWinampwinampa.exe
O4 - HKLM..Run: [DAEMON Tools-1033] "C:Program FilesD-Toolsdaemon.exe" -lang 1033
O4 - HKLM..Run: [avast!] C:PROGRA~1ALWILS~1Avast4ashDisp.exe
O4 - HKLM..Run: [SunJavaUpdateSched] "C:Program FilesJavajre1.5.0_11injusched.exe"
O4 - HKLM..Run: [Resume copy] copyfstq.exe /startup
O4 - HKLM..Run: [QuickTime Task] "C:Program FilesK-Lite Codec PackQuickTimeqttask.exe" -atboottime
O4 - HKLM..Run: [iTunesHelper] "C:Program FilesiTunesiTunesHelper.exe"
O4 - HKCU..Run: [MSMSGS] "c:PROGRA~1MESSEN~1Msmsgs.exe" /background
O4 - HKCU..Run: [Gadu-Gadu] "C:Program FilesGadu-Gadugg.exe" /tray
O4 - HKCU..Run: [Skype] "C:Program FilesSkypePhoneSkype.exe" /nosplash /minimized
O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 - HKCU..Run: [Komunikator] C:Program FilesTlen.pl len.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:Program FilesAdobeAcrobat

7.0Reader eader_sl.exe
O4 - Global Startup: HotKey.lnk = C:Program FilesTEXTwareHotKeyTwalink.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program

FilesJavajre1.5.0_11inssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program

FilesJavajre1.5.0_11inssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%Network

Diagnosticxpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} -

%windir%Network Diagnosticxpnetdiag.exe (file missing)
O9 - Extra button: @c:Program FilesMessengerMsgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683}

- c:Program FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: @c:Program FilesMessengerMsgslang.dll,-61144 -

{FB5F1910-F110-11d2-BB9E-00C04F795683} - c:Program FilesMessengermsmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -

http://acs.pandasoftware.com/activescan ... asinst.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -

C:PROGRA~1COMMON~1SkypeSKYPE4~1.DLL
O20 - Winlogon Notify: igfxcui - C:WINDOWSSYSTEM32igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:WINDOWSSYSTEM32WgaLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:Program FilesAlwil

SoftwareAvast4aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:Program FilesAlwil SoftwareAvast4ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe"

/service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:Program FilesAlwil SoftwareAvast4ashWebSv.exe"

/service (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:Program FilesGoogleCommonGoogle

UpdaterGoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:Program FilesCommon

FilesInstallShieldDriver1050Intel 32IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:Program FilesiPodiniPodService.exe
O23 - Service: O2Micro Flash Memory (O2Flash) - Unknown owner - C:WINDOWSsystem32o2flash.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:Program FilesCommon FilesSymantec
ory wielkie dzieki za pomoc
SharedCCPD-LCsymlcsvc.exe

Z gory wielkie dzieki za pomoc.
POZDRAWIAM

O4 - HKLM..Run: [SMSERIAL] sm56hlpr.exe

Usunąc plik i zafixować wpis.

start>>uruchom>>msconfig>.uruchamianie>>odznaczasz to co zbedne przy każdym starcie systemu.

Opisz problem.

Oks - zrobilem zgodnie z Twoimi wskazowkami - dzieki. Problem tkwi w bibliotekach. Cos sie po£$%$lo. Przy uruchomianiu systemu ukazuje sie mi komunikat bledu:

RTHDCPL.EXE - Illegal System DLL Relocation

The system DLL user32.dll was relocated in memory. The application will not run properly. The relocation occurred because the DLL C:WINDOWSSYSTEM32HHCTRL.OCX occupied an address range reserved for Windows system DLLs. The vendor supplying the DLL should be contacted for a new DLL.

Wydawalo mi sie ze moze to miec zwiazek z jakims shitem w rejestrze (kiedys juz mialem podobna sytuacje) ale widze ze chyba nie. W kazdym razie bede wdzieczny za jakies dodatkowe sugestie.

POZDRAWIAM

Oks - zrobilem zgodnie z Twoimi wskazowkami - dzieki. Problem tkwi w bibliotekach. Cos sie po£$%$lo. Przy uruchomianiu systemu ukazuje sie mi komunikat bledu:

RTHDCPL.EXE - Illegal System DLL Relocation

The system DLL user32.dll was relocated in memory. The application will not run properly. The relocation occurred because the DLL C:WINDOWSSYSTEM32HHCTRL.OCX occupied an address range reserved for Windows system DLLs. The vendor supplying the DLL should be contacted for a new DLL.

Wydawalo mi sie ze moze to miec zwiazek z jakims shitem w rejestrze (kiedys juz mialem podobna sytuacje) ale widze ze chyba nie. W kazdym razie bede wdzieczny za jakies dodatkowe sugestie.

POZDRAWIAM

http://jagdtiger.net/forum/viewtopic.php?t=1314 Pierwszy post.

Wielkie dzieki - pomoglo
POZDRAWIAM