>>>Prośba o sprawdzenie loga<<<
Logfile of HijackThis v1.99.1
Scan saved at 20:08:14, on 2005–04–25
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\System32\CTsvcCDA.exe
C:\PROGRA~1\NORTON~1\NORTON~1\GHOSTS~2.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD–LC\symlcsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\PROGRA~1\NEOSTR~1\CnxMon.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\PROGRA~1\NEOSTR~1\taskbaricon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe
C:\Program Files\Netropa\Onscreen Display\OSD.exe
C:\PROGRA~1\NEOSTR~1\NeostradaTP.exe
C:\PROGRA~1\NEOSTR~1\ComComp.exe
C:\PROGRA~1\NEOSTR~1\Watch.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Symantec Shared\NMain.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 – URLSearchHook: (no name) – {CE000994–A58C–4441–8938–744CD72AB27F} – (no file)
R3 – URLSearchHook: Search Class – {08C06D61–F1F3–4799–86F8–BE1A89362C85} – C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
O2 – BHO: HelperObject Class – {00C6482D–C502–44C8–8409–FCE54AD9C208} – D:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – D:\Program Files\Adobe\Acrobat 5.0 CE\Reader\ActiveX\AcroIEHelper.ocx
O2 – BHO: Norton Internet Security – {9ECB9560–04F9–4bbc–943D–298DDF1699E1} – C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 – BHO: IeCatch2 Class – {A5366673–E8CA–11D3–9CD9–0090271D075B} – C:\PROGRA~1\FLASHGET\jccatch.dll
O2 – BHO: NAV Helper – {BDF3E430–B101–42AD–A544–FADC6B084872} – C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 – Toolbar: FlashGet Bar – {E0E899AB–F487–11D5–8D29–0050BA6940E3} – C:\PROGRA~1\FLASHGET\fgiebar.dll
O3 – Toolbar: Norton Internet Security – {0B53EAC3–8D69–4b9e–9B19–A37C9A5676A7} – C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 – Toolbar: Norton AntiVirus – {42CDD1BF–3FFB–4238–8AD1–7859DF00B1D6} – C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 – Toolbar: SnagIt – {8FF5E183–ABDE–46EB–B09E–D2AAB95CABE3} – D:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
O4 – HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
O4 – HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 – HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 – HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 – HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 – HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 – HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 – HKLM\..\Run: [nwiz] nwiz.exe /install
O4 – HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 – HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe
O4 – HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 – HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe
O4 – HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\taskbaricon.exe
O4 – HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" –osboot
O4 – HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 – HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 – HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 – Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 – Global Startup: CleanSweep Smart Sweep–Internet Sweep.LNK = C:\Program Files\Norton SystemWorks\Norton CleanSweep\csinsmnt.exe
O4 – Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 – Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 – Extra context menu item: &Add animation to IncrediMail Style Box – C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 – Extra context menu item: E&ksport do programu Microsoft Excel – res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 – Extra context menu item: Ściągnij przy pomocy FlashGet'a – C:\Program Files\FlashGet\jc_link.htm
O8 – Extra context menu item: Ściągnij wszystko przy pomocy FlashGet'a – C:\Program Files\FlashGet\jc_all.htm
O9 – Extra button: Messenger – –{FB5F1910–F110–11d2–BB9E–00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O9 – Extra 'Tools' menuitem: Windows Messenger – –{FB5F1910–F110–11d2–BB9E–00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 – Extra 'Tools' menuitem: Sun Java Console – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 – Extra button: FlashGet – {D6E814A0–E0C5–11d4–8D29–0050BA6940E3} – C:\PROGRA~1\FLASHGET\flashget.exe
O9 – Extra 'Tools' menuitem: &FlashGet – {D6E814A0–E0C5–11d4–8D29–0050BA6940E3} – C:\PROGRA~1\FLASHGET\flashget.exe
O16 – DPF: {18506D80–9B80–11D4–82C2–0080C8D7ED4A} (GameDesire Roulette) – http://67.15.101.3/g_bin/pl/roulette_2_0_0_15.cab
O16 – DPF: {41ACD49D–1974–791A–0981–AA9872721044} (GINBOARDS Class) – http://67.15.101.3/g_bin/pl/boards_2_0_0_19.cab
O16 – DPF: {4B4513E2–4E57–43DF–9496–FCD37E9DFA64} (GameDesire Sea Battle) – http://67.15.101.3/g_bin/pl/navy_2_0_0_17.cab
O16 – DPF: {5D9E4B6D–CD17–4D85–99D4–6A52B394EC3B} (WSDownloader Control) – http://www.webshots.com/samplers/WSDownloader.ocx
O16 – DPF: {6414512B–B978–451D–A0D8–FCFDF33E833C} (WUWebControl Class) – http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1093244051530
O16 – DPF: {644E432F–49D3–41A1–8DD5–E099162EEEC5} (Symantec RuFSI Utility Class) – http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 – DPF: {94837F90–A2CA–4A8A–9DA0–B5438EC563EA} – http://install.wildtangent.com/cda/islandrally/ActiveLauncher/ActiveLauncherSetup.cab
O16 – DPF: {A6212120–01D4–11D5–9A39–0080C8D85044} (GameDesire Slots 70th) – http://67.15.101.3/g_bin/pl/slots70_2_0_0_24.cab
O16 – DPF: {AC120B1D–9411–4111–AF52–118052D85D45} (GameDesire Darts Games) – http://67.15.101.3/g_bin/pl/darts_2_0_0_29.cab
O16 – DPF: {AE609930–A6EB–4A78–B7DA–B3200705FEBD} (Mophun Control) – http://www.mophun.com/codebase/mophun.cab
O16 – DPF: {BFA1F11D–3121–AFE1–4112–894323212DAC} (GameDesire Word Games) – http://67.15.101.3/g_bin/pl/words_2_0_0_36.cab
O16 – DPF: {BFA1F11D–3121–AFE1–4112–983219421AEF} (GameDesire 1Player Word Games) – http://67.15.101.3/g_bin/pl/wordssingle_2_0_0_34.cab
O16 – DPF: {E7544C6C–CFD6–43EA–B4E9–360CEE20BDF7} (MainControl Class) – http://skaner.mks.com.pl/SkanerOnline.cab
O16 – DPF: {F00F4763–7355–4725–82F7–0DA94A256D46} (IMDownloader Class) – http://www2.incredimail.com/contents/setup/downloader/imloader.cab
O16 – DPF: {FDDBE2B8–6602–4AD8–946D–94C5A32FA6C1} (GameDesire Pool 8) – http://67.15.101.3/g_bin/pl/billard8_2_0_0_21.cab
O16 – DPF: {FDDBE2B8–6602–4AD8–946D–94C5A32FA6C4} (GameDesire Pool Training) – http://67.15.101.3/g_bin/pl/billardt_2_0_0_21.cab
O16 – DPF: {FDDBE2B8–6602–4AD8–946D–94C5A32FA6C5} (GameDesire Snooker) – http://67.15.101.3/g_bin/pl/snooker_2_0_0_21.cab
O17 – HKLM\System\CCS\Services\Tcpip\..\{0CB43747–772D–48DB–B691–B5BBC403085D}: NameServer = 194.204.152.34 217.98.63.164
O23 – Service: C–DillaSrv – C–Dilla Ltd – C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 – Service: Symantec Event Manager (ccEvtMgr) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 – Service: Symantec Network Proxy (ccProxy) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 – Service: Symantec Password Validation (ccPwdSvc) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 – Service: Symantec Settings Manager (ccSetMgr) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 – Service: Creative Service for CDROM Access – Creative Technology Ltd – C:\WINDOWS\System32\CTsvcCDA.exe
O23 – Service: GhostStartService – Symantec Corporation – C:\PROGRA~1\NORTON~1\NORTON~1\GHOSTS~2.EXE
O23 – Service: ISSvc (ISSVC) – Symantec Corporation – C:\Program Files\Norton Internet Security\ISSVC.exe
O23 – Service: Macromedia Licensing Service – Unknown owner – C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 – Service: Norton AntiVirus Auto–Protect Service (navapsvc) – Symantec Corporation – C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 – Service: Netropa NHK Server (nhksrv) – Unknown owner – C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
O23 – Service: Norton Unerase Protection (NProtectService) – Symantec Corporation – C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 – Service: NVIDIA Display Driver Service (NVSvc) – NVIDIA Corporation – C:\WINDOWS\system32\nvsvc32.exe
O23 – Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) – Unknown owner – %ProgramFiles%\WinPcap\rpcapd.exe" –d –f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 – Service: SAVScan – Symantec Corporation – C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 – Service: ScriptBlocking Service (SBService) – Symantec Corporation – C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 – Service: Symantec Network Drivers Service (SNDSrvc) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 – Service: Symantec SPBBCSvc (SPBBCSvc) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 – Service: Speed Disk service – Symantec Corporation – C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
O23 – Service: Symantec Core LC – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\CCPD–LC\symlcsvc.exe
Scan saved at 20:08:14, on 2005–04–25
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\System32\CTsvcCDA.exe
C:\PROGRA~1\NORTON~1\NORTON~1\GHOSTS~2.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD–LC\symlcsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\PROGRA~1\NEOSTR~1\CnxMon.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\PROGRA~1\NEOSTR~1\taskbaricon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe
C:\Program Files\Netropa\Onscreen Display\OSD.exe
C:\PROGRA~1\NEOSTR~1\NeostradaTP.exe
C:\PROGRA~1\NEOSTR~1\ComComp.exe
C:\PROGRA~1\NEOSTR~1\Watch.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Symantec Shared\NMain.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 – URLSearchHook: (no name) – {CE000994–A58C–4441–8938–744CD72AB27F} – (no file)
R3 – URLSearchHook: Search Class – {08C06D61–F1F3–4799–86F8–BE1A89362C85} – C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
O2 – BHO: HelperObject Class – {00C6482D–C502–44C8–8409–FCE54AD9C208} – D:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – D:\Program Files\Adobe\Acrobat 5.0 CE\Reader\ActiveX\AcroIEHelper.ocx
O2 – BHO: Norton Internet Security – {9ECB9560–04F9–4bbc–943D–298DDF1699E1} – C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 – BHO: IeCatch2 Class – {A5366673–E8CA–11D3–9CD9–0090271D075B} – C:\PROGRA~1\FLASHGET\jccatch.dll
O2 – BHO: NAV Helper – {BDF3E430–B101–42AD–A544–FADC6B084872} – C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 – Toolbar: FlashGet Bar – {E0E899AB–F487–11D5–8D29–0050BA6940E3} – C:\PROGRA~1\FLASHGET\fgiebar.dll
O3 – Toolbar: Norton Internet Security – {0B53EAC3–8D69–4b9e–9B19–A37C9A5676A7} – C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 – Toolbar: Norton AntiVirus – {42CDD1BF–3FFB–4238–8AD1–7859DF00B1D6} – C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 – Toolbar: SnagIt – {8FF5E183–ABDE–46EB–B09E–D2AAB95CABE3} – D:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
O4 – HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
O4 – HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 – HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 – HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 – HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 – HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 – HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 – HKLM\..\Run: [nwiz] nwiz.exe /install
O4 – HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 – HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe
O4 – HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 – HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe
O4 – HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\taskbaricon.exe
O4 – HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" –osboot
O4 – HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 – HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 – HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 – Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 – Global Startup: CleanSweep Smart Sweep–Internet Sweep.LNK = C:\Program Files\Norton SystemWorks\Norton CleanSweep\csinsmnt.exe
O4 – Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 – Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 – Extra context menu item: &Add animation to IncrediMail Style Box – C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 – Extra context menu item: E&ksport do programu Microsoft Excel – res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 – Extra context menu item: Ściągnij przy pomocy FlashGet'a – C:\Program Files\FlashGet\jc_link.htm
O8 – Extra context menu item: Ściągnij wszystko przy pomocy FlashGet'a – C:\Program Files\FlashGet\jc_all.htm
O9 – Extra button: Messenger – –{FB5F1910–F110–11d2–BB9E–00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O9 – Extra 'Tools' menuitem: Windows Messenger – –{FB5F1910–F110–11d2–BB9E–00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 – Extra 'Tools' menuitem: Sun Java Console – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 – Extra button: FlashGet – {D6E814A0–E0C5–11d4–8D29–0050BA6940E3} – C:\PROGRA~1\FLASHGET\flashget.exe
O9 – Extra 'Tools' menuitem: &FlashGet – {D6E814A0–E0C5–11d4–8D29–0050BA6940E3} – C:\PROGRA~1\FLASHGET\flashget.exe
O16 – DPF: {18506D80–9B80–11D4–82C2–0080C8D7ED4A} (GameDesire Roulette) – http://67.15.101.3/g_bin/pl/roulette_2_0_0_15.cab
O16 – DPF: {41ACD49D–1974–791A–0981–AA9872721044} (GINBOARDS Class) – http://67.15.101.3/g_bin/pl/boards_2_0_0_19.cab
O16 – DPF: {4B4513E2–4E57–43DF–9496–FCD37E9DFA64} (GameDesire Sea Battle) – http://67.15.101.3/g_bin/pl/navy_2_0_0_17.cab
O16 – DPF: {5D9E4B6D–CD17–4D85–99D4–6A52B394EC3B} (WSDownloader Control) – http://www.webshots.com/samplers/WSDownloader.ocx
O16 – DPF: {6414512B–B978–451D–A0D8–FCFDF33E833C} (WUWebControl Class) – http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1093244051530
O16 – DPF: {644E432F–49D3–41A1–8DD5–E099162EEEC5} (Symantec RuFSI Utility Class) – http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 – DPF: {94837F90–A2CA–4A8A–9DA0–B5438EC563EA} – http://install.wildtangent.com/cda/islandrally/ActiveLauncher/ActiveLauncherSetup.cab
O16 – DPF: {A6212120–01D4–11D5–9A39–0080C8D85044} (GameDesire Slots 70th) – http://67.15.101.3/g_bin/pl/slots70_2_0_0_24.cab
O16 – DPF: {AC120B1D–9411–4111–AF52–118052D85D45} (GameDesire Darts Games) – http://67.15.101.3/g_bin/pl/darts_2_0_0_29.cab
O16 – DPF: {AE609930–A6EB–4A78–B7DA–B3200705FEBD} (Mophun Control) – http://www.mophun.com/codebase/mophun.cab
O16 – DPF: {BFA1F11D–3121–AFE1–4112–894323212DAC} (GameDesire Word Games) – http://67.15.101.3/g_bin/pl/words_2_0_0_36.cab
O16 – DPF: {BFA1F11D–3121–AFE1–4112–983219421AEF} (GameDesire 1Player Word Games) – http://67.15.101.3/g_bin/pl/wordssingle_2_0_0_34.cab
O16 – DPF: {E7544C6C–CFD6–43EA–B4E9–360CEE20BDF7} (MainControl Class) – http://skaner.mks.com.pl/SkanerOnline.cab
O16 – DPF: {F00F4763–7355–4725–82F7–0DA94A256D46} (IMDownloader Class) – http://www2.incredimail.com/contents/setup/downloader/imloader.cab
O16 – DPF: {FDDBE2B8–6602–4AD8–946D–94C5A32FA6C1} (GameDesire Pool 8) – http://67.15.101.3/g_bin/pl/billard8_2_0_0_21.cab
O16 – DPF: {FDDBE2B8–6602–4AD8–946D–94C5A32FA6C4} (GameDesire Pool Training) – http://67.15.101.3/g_bin/pl/billardt_2_0_0_21.cab
O16 – DPF: {FDDBE2B8–6602–4AD8–946D–94C5A32FA6C5} (GameDesire Snooker) – http://67.15.101.3/g_bin/pl/snooker_2_0_0_21.cab
O17 – HKLM\System\CCS\Services\Tcpip\..\{0CB43747–772D–48DB–B691–B5BBC403085D}: NameServer = 194.204.152.34 217.98.63.164
O23 – Service: C–DillaSrv – C–Dilla Ltd – C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 – Service: Symantec Event Manager (ccEvtMgr) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 – Service: Symantec Network Proxy (ccProxy) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 – Service: Symantec Password Validation (ccPwdSvc) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 – Service: Symantec Settings Manager (ccSetMgr) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 – Service: Creative Service for CDROM Access – Creative Technology Ltd – C:\WINDOWS\System32\CTsvcCDA.exe
O23 – Service: GhostStartService – Symantec Corporation – C:\PROGRA~1\NORTON~1\NORTON~1\GHOSTS~2.EXE
O23 – Service: ISSvc (ISSVC) – Symantec Corporation – C:\Program Files\Norton Internet Security\ISSVC.exe
O23 – Service: Macromedia Licensing Service – Unknown owner – C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 – Service: Norton AntiVirus Auto–Protect Service (navapsvc) – Symantec Corporation – C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 – Service: Netropa NHK Server (nhksrv) – Unknown owner – C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
O23 – Service: Norton Unerase Protection (NProtectService) – Symantec Corporation – C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 – Service: NVIDIA Display Driver Service (NVSvc) – NVIDIA Corporation – C:\WINDOWS\system32\nvsvc32.exe
O23 – Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) – Unknown owner – %ProgramFiles%\WinPcap\rpcapd.exe" –d –f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 – Service: SAVScan – Symantec Corporation – C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 – Service: ScriptBlocking Service (SBService) – Symantec Corporation – C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 – Service: Symantec Network Drivers Service (SNDSrvc) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 – Service: Symantec SPBBCSvc (SPBBCSvc) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 – Service: Speed Disk service – Symantec Corporation – C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
O23 – Service: Symantec Core LC – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\CCPD–LC\symlcsvc.exe
Odpowiedzi: 5
W taki razie spróbuj z komendami:
sc stop rpcapd
sc delete rpcapd
Gdy pierwszej nie łyknie walnij drugą.
sc stop rpcapd
sc delete rpcapd
Gdy pierwszej nie łyknie walnij drugą.
@Robi, Probowalem zrobic jak opisujesz, jak juz wpisuje rpcapd i klikam ok to pojawia sie okienko :
Service "rpcapd" was not found in the Registry. Make sure you entered the short name of the service.,vbExclamation
Co dalej ??
Service "rpcapd" was not found in the Registry. Make sure you entered the short name of the service.,vbExclamation
Co dalej ??
Sterownik ten pojawia sie bardzo czesto obok pojecia sniffingu z sieci albo przechwytywania pakietów, ale nie tylko.
I jesli to Ty sie w takie cos nie bawisz to moze ktos na sieci Ciebie "podsłuchuje".
Jesli nie masz z tym nic wspolnego to zaden problem tą usługe zlikwidować.
Start >> Uruchom >> CMD, wpisujesz: net stop rpcapd, zatwierdzasz
Teraz uruchamiasz HJT, Config >> Misc Tools >> Delete NT service >> wpisz: rpcapd
Zresetuj system i usun katalog WinPcap z Program Files
TUTAj poczytaj wiecej o tej wtyczce albo inaczej – o jej pozostałosci w postaci wpisu w URLSearchHook
I jesli to Ty sie w takie cos nie bawisz to moze ktos na sieci Ciebie "podsłuchuje".
Jesli nie masz z tym nic wspolnego to zaden problem tą usługe zlikwidować.
Start >> Uruchom >> CMD, wpisujesz: net stop rpcapd, zatwierdzasz
Teraz uruchamiasz HJT, Config >> Misc Tools >> Delete NT service >> wpisz: rpcapd
Zresetuj system i usun katalog WinPcap z Program Files
TUTAj poczytaj wiecej o tej wtyczce albo inaczej – o jej pozostałosci w postaci wpisu w URLSearchHook
Bobi_robert: Jaki sterownik nie weim co to za program i skad sie wzial usunac go (nie ma go w starcie)?
Ale w jaki sposob go usunac?
On jest takis niebezpieczny? Tez usunac??? Ale w jaki sposob?
Ale w jaki sposob go usunac?
Masz jeszcze plugin od VeriSign ??
On jest takis niebezpieczny? Tez usunac??? Ale w jaki sposob?
Masz jeszcze plugin od VeriSign ??
Poza tym czysto
Nawet nie pytam po co Ci ten sterownik
R3 – URLSearchHook: (no name) – {CE000994–A58C–4441–8938–744CD72AB27F} – (no file)
Poza tym czysto
Nawet nie pytam po co Ci ten sterownik
O23 – Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) – Unknown owner – %ProgramFiles%\WinPcap\rpcapd.exe" –d –f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)