hey W HJT usunolem pliki ale w trybie normalnym niewiedzialem ze trzeba w awaryjnym hmm potem poszedlem w awaryjny i skasowalem pliki ktore musialem z HJT i usunalem tapetke ale jak wrocilem do trybu normalnego nadal w rogu mam te czerwone koleczka i na pulpicie jest tylko siwy kolor niemoge ustawic tapety oto moj log
Logfile of HijackThis v1.99.1
Scan saved at 02:55:56, on 2005–10–08
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
D:\Program Files\Panda Software\Panda Titanium Antivirus 2004\pavsrv51.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
D:\Program Files\Panda Software\Panda Titanium Antivirus 2004\PsImSvc.exe
D:\Program Files\Panda Software\Panda Titanium Antivirus 2004\AVENGINE.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
D:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\Program Files\Svycj\Vdqrzps.exe
D:\Program Files\Panda Software\Panda Titanium Antivirus 2004\APVXDWIN.EXE
C:\WINDOWS\iwbjbwo.exe
C:\WINDOWS\System32\paytime.exe
D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\tool2.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\paytime.exe
C:\WINDOWS\tool2.exe
C:\WINDOWS\tool2.exe
C:\winstall.exe
C:\Program Files\D–Link AirPlus\AirPlus.exe
D:\Program Files\OpenOffice.org1.1.2\program\soffice.exe
C:\Program Files\ISTsvc\istsvc.exe
D:\Program Files\Panda Software\Panda Titanium Antivirus 2004\WebProxy.exe
C:\Documents and Settings\seba\Pulpit\HijackThis.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\Program Files\Panda Software\Panda Titanium Antivirus 2004\avciman.exe

R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
R1 – HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = w3cache.icm.edu.pl:8080
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 – BHO: BHObj Class – {00000010–6F7D–442C–93E3–4A4827C2E4C8} – C:\WINDOWS\nem220.dll (file missing)
O2 – BHO: RXResultTracker Class – {59879FA4–4790–461c–A1CC–4EC4DE4CA483} – C:\Program Files\RXToolBar\sfcont.dll (file missing)
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:\WINDOWS\System32\msdxm.ocx
O3 – Toolbar: (no name) – {E0E899AB–F487–11D5–8D29–0050BA6940E3} – (no file)
O4 – HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 – HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 – HKLM\..\Run: [WinampAgent] d:\Program Files\Winamp\winampa.exe
O4 – HKLM\..\Run: [4tln66a2] C:\WINDOWS\System32\4tln66a2.exe
O4 – HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 – HKLM\..\Run: [Gthci] C:\Program Files\Svycj\Vdqrzps.exe
O4 – HKLM\..\Run: [BearShare] "D:\Program Files\BearShare\BearShare.exe" /pause
O4 – HKLM\..\Run: [APVXDWIN] "D:\Program Files\Panda Software\Panda Titanium Antivirus 2004\APVXDWIN.EXE" /s
O4 – HKLM\..\Run: [FEVx] C:\WINDOWS\iwbjbwo.exe
O4 – HKLM\..\Run: [PayTime] C:\WINDOWS\System32\paytime.exe
O4 – HKLM\..\Run: [RemoteControl] "d:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 – HKLM\..\Run: [bO
–y–ŻŚ] C:\WINDOWS\iwbjbwo.exe
O4 – HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 – HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 – HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 – HKCU\..\Run: [Gadu–Gadu] "D:\Program Files\Gadu–Gadu\gg.exe" /tray
O4 – HKCU\..\Run: [PayTime] C:\WINDOWS\System32\paytime.exe
O4 – HKCU\..\Run: [SNInstall] C:\WINDOWS\tool2.exe
O4 – HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 – Startup: OpenOffice.org 1.1.2.lnk = D:\Program Files\OpenOffice.org1.1.2\program\quickstart.exe
O4 – Global Startup: D–Link AirPlus.lnk = ?
O8 – Extra context menu item: Pobierz uźywając Download &Express'a – d:\Program Files\Download Express\Add_Url.htm
O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 – Extra 'Tools' menuitem: Sun Java Console – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 – Extra button: Related – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:\WINDOWS\web\related.htm
O9 – Extra 'Tools' menuitem: Show &Related Links – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:\WINDOWS\web\related.htm
O16 – DPF: {9A9307A0–7DA4–4DAF–B042–5009F29E09E1} (ActiveScan Installer Class) – http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 – DPF: {E7544C6C–CFD6–43EA–B4E9–360CEE20BDF7} (MainControl Class) – http://skaner.mks.com.pl/SkanerOnline.cab
O17 – HKLM\System\CCS\Services\Tcpip\..\{2D688898–1143–4040–AAC3–E7177CAE9516}: NameServer = 194.204.152.34
O17 – HKLM\System\CS1\Services\Tcpip\..\{2D688898–1143–4040–AAC3–E7177CAE9516}: NameServer = 194.204.152.34
O17 – HKLM\System\CS2\Services\Tcpip\..\{2D688898–1143–4040–AAC3–E7177CAE9516}: NameServer = 194.204.152.34
O20 – AppInit_DLLs: PAVWAIT.DLL
O21 – SSODL: SysTray.Exlv – {5368DCFC–4F5C–4f5b–B134–E67294FC78E9} – C:\WINDOWS\System32\gggjbalc.dll (file missing)
O21 – SSODL: F0DJ0JFJ – {04772DBE–7685–700A–62DC–1B7171051B03} – C:\WINDOWS\System32\Mfpblbnm.dll (file missing)
O21 – SSODL: mtklefap – {5E9C7911–E423–47C3–22AF–4D11D833C832} – C:\WINDOWS\System32\hwinih32.dll (file missing)
O21 – SSODL: mtklefa – {894CA715–3457–4178–19B9–E440BAA7C236} – C:\WINDOWS\System32\elvl32.dll (file missing)
O23 – Service: Ati HotKey Poller – Unknown owner – C:\WINDOWS\System32\Ati2evxx.exe
O23 – Service: ATI Smart – Unknown owner – C:\WINDOWS\system32\ati2sgag.exe
O23 – Service: LexBce Server (LexBceS) – Lexmark International, Inc. – C:\WINDOWS\system32\LEXBCES.EXE
O23 – Service: Panda Process Protection Service (PavPrSrv) – Panda Software – C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 – Service: Panda anti–virus service (PAVSRV) – Panda Software – D:\Program Files\Panda Software\Panda Titanium Antivirus 2004\pavsrv51.exe
O23 – Service: Panda IManager Service (PSIMSVC) – Panda Software Internacional – D:\Program


pomocy