Problem z Interent explorerem
Mam nastepujacy problem, zmienia mi sie strona startowa. Przeskanowalem system programem Spybot – Search & Destroy usunelem problem i wszystko jest ok do czasu gdy wlacze ponownie komputer, wtedy zaczyna sie wszystko od poczatku, na pulpicie pokazuja sie ikonki skrotow internetowych i strona startowa znowu sie podmienia. Co robic ????
Odpowiedzi: 12
No dzieki ziomus zadzialalo :D
EL, wykrakałeś kurna :mrgreen:
Duncan, "strona startowa ciągle taka sama" ale jaka w koncu ? Nie sądze, źeby o netspirita chodziło.
Odpowiem za Ciebie, updatescenter.com zapewne.
Usunąłęś ten plik *.tmp z wpisu 02 ?
Sa jeszcze inne badziewia startujace z HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
Silent Runners je pokaźe.
Uźyj tego w trybie awaryjnym.
Duncan, "strona startowa ciągle taka sama" ale jaka w koncu ? Nie sądze, źeby o netspirita chodziło.
Odpowiem za Ciebie, updatescenter.com zapewne.
Usunąłęś ten plik *.tmp z wpisu 02 ?
Sa jeszcze inne badziewia startujace z HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
Silent Runners je pokaźe.
Uźyj tego w trybie awaryjnym.
zrobilem to co napisaliscie ale strona startowa ciagle taka sama :cry:
Nie szkodzi ze do Bobiego.
http://forum.centrumxp.pl/viewtopic.php?t=33140 znajdziesz link do malego opisu dzialania HiJack This. Pamietaj – czytj i staraj sie rozumiec :P .
http://forum.centrumxp.pl/viewtopic.php?t=33140 znajdziesz link do malego opisu dzialania HiJack This. Pamietaj – czytj i staraj sie rozumiec :P .
Pytanie do Bobiego nie do elnino !!!!
Jak mam usunac to co napisales w cytacie ???
Zakanczam procesy ktore wymieniles ale one pojawiaja sie zaraz znowu.....
Jak mam usunac to co napisales w cytacie ???
Zakanczam procesy ktore wymieniles ale one pojawiaja sie zaraz znowu.....
Bobi, dlaczego nie wytlumaczyles jak "zakancza sie" procesy, co to jest "wyroznienie boldem", w jaki sposob wylacza sie przywracanie, w jaki sposob usunac to co podales ? Wszak Duncan to nie geniusz i zaraz posta napisze z takimi pytaniami.
P.S. Duncan, jesli sie czegos nie wie, czyta sie to co podpowiadaja inni, czyli w tym wypadku to, co w podanym linku. Czyta sie i stara sie zrozumiec co sie czyta.
P.S. Duncan, jesli sie czegos nie wie, czyta sie to co podpowiadaja inni, czyli w tym wypadku to, co w podanym linku. Czyta sie i stara sie zrozumiec co sie czyta.
– wyłącz przywracanie systemu
– zakończ procesy:
Mhmsrm.exe
webrebates.exe
w11150.exe
popuper.exe
shnlog.exe
intmon.exe
msole32.exe
intmonp.exe
– usuń wszystkie wpisy zaznaczone poniźej oraz pliki/katalogi z dysku wyróznione boldem w całym poście:
– zakończ procesy:
Mhmsrm.exe
webrebates.exe
w11150.exe
popuper.exe
shnlog.exe
intmon.exe
msole32.exe
intmonp.exe
– usuń wszystkie wpisy zaznaczone poniźej oraz pliki/katalogi z dysku wyróznione boldem w całym poście:
F2 – REG:system.ini: Shell=Explorer.exe, msmsgs.exe // usuń tego z System32
O2 – BHO: HP Class – {FFFFFFFF–FFFF–FFFF–FFFF–FFFFFFFFFFFA} – C:\WINDOWS\System32\hp2092.tmp
O3 – Toolbar: NetSprint Toolbar – {34F459B8–1D37–4FF2–9EFA–192D8E3ABA6F} – C:\WINDOWS\Downloaded Program Files\CONFLICT.1\toolbar.dll (file missing)
O4 – HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O4 – HKLM\..\Run: [Xnkoweed] C:\Program Files\Kiafkzl\Mhmsrm.exe
O4 – HKLM\..\Run: [RegSvr32] C:\WINDOWS\System32\msmsgs.exe
O4 – HKLM\..\Run: [webrebates] "C:\Program Files\WebRebates4\webrebates.exe"
O8 – Extra context menu item: Web Rebates. – file://C:\Program Files\WebRebates4\websrebates\webtrebates\toprC0.htm
O16 – DPF: {22222222–2222–2222–2222–222222222222} – file://c:\x.cab
O21 – SSODL: SystemCheck – {54645654–2225–4455–44A1–9F4543D34544} – (no file)
No wiesz nie kazdy jest taki geniusz jak ty !!! ja np nie mam pojecia co z tym wszystkim zrobic !!!! wiec skoro jestes taki madry to wytlumacz mi krok po kroku co mam robic...
Jest tu taki specjalnie przyklejony temat –> http://forum.centrumxp.pl/viewtopic.php?t=37513
Sprawdzisz sobie w nim log zaprzegajac do tego swoje szare komorki, a gdyby cos w dalszym ciagu bylo nie tak, wklisz nowy log po usunieciu tego dziadostwa ktore masz.
Sprawdzisz sobie w nim log zaprzegajac do tego swoje szare komorki, a gdyby cos w dalszym ciagu bylo nie tak, wklisz nowy log po usunieciu tego dziadostwa ktore masz.
Logfile of HijackThis v1.99.1
Scan saved at 13:29:23, on 2005–10–09
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Kiafkzl\Mhmsrm.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\PowerS.exe
C:\Program Files\WebRebates4\webrebates.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\Program Files\BitComet\BitComet.exe
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\PROGRA~1\GADU–G~1\gg.exe
C:\Program Files\Spybot – Search & Destroy\TeaTimer.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD–LC\symlcsvc.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\PROGRA~1\INCRED~1\bin\IMAPP.EXE
C:\Program Files\WebRebates4\w11150.exe
C:\WINDOWS\popuper.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\shnlog.exe
C:\WINDOWS\System32\intmon.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\msole32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\TUGZip\TUGZip.exe
C:\Temp\HijackThis.exe
C:\WINDOWS\System32\intmonp.exe
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.netsprint.pl/
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.onet.pl/
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
F2 – REG:system.ini: Shell=Explorer.exe, msmsgs.exe
O2 – BHO: HP Class – {FFFFFFFF–FFFF–FFFF–FFFF–FFFFFFFFFFFA} – C:\WINDOWS\System32\hp2092.tmp
O3 – Toolbar: FlashGet Bar – {E0E899AB–F487–11D5–8D29–0050BA6940E3} – C:\PROGRA~1\FLASHGET\fgiebar.dll
O3 – Toolbar: Norton AntiVirus – {42CDD1BF–3FFB–4238–8AD1–7859DF00B1D6} – C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 – Toolbar: &Google – {2318C2B1–4965–11d4–9B18–009027A5CD4F} – c:\program files\google\googletoolbar3.dll
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:\WINDOWS\System32\msdxm.ocx
O3 – Toolbar: NetSprint Toolbar – {34F459B8–1D37–4FF2–9EFA–192D8E3ABA6F} – C:\WINDOWS\Downloaded Program Files\CONFLICT.1\toolbar.dll (file missing)
O4 – HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 – HKLM\..\Run: [Device Detector] DevDetect.exe –autorun
O4 – HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 – HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 – HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 – HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O4 – HKLM\..\Run: [Xnkoweed] C:\Program Files\Kiafkzl\Mhmsrm.exe
O4 – HKLM\..\Run: [NetLimiter] C:\Program Files\NetLimiter\NetLimiter.exe /s
O4 – HKLM\..\Run: [PowerS] C:\WINDOWS\PowerS.exe
O4 – HKLM\..\Run: [RegSvr32] C:\WINDOWS\System32\msmsgs.exe
O4 – HKLM\..\Run: [webrebates] "C:\Program Files\WebRebates4\webrebates.exe"
O4 – HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 – HKCU\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
O4 – HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD–5CC4–4ceb–AAAF–CF00BF39736A} /MODE CfgWiz
O4 – HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 – HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe"
O4 – HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 – HKCU\..\Run: [Gadu–Gadu] "C:\PROGRA~1\GADU–G~1\gg.exe" /tray
O4 – HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot – Search & Destroy\TeaTimer.exe
O4 – Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 – Extra context menu item: &Add animation to IncrediMail Style Box – C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 – Extra context menu item: &Google Search – res://c:\program files\google\GoogleToolbar3.dll/cmsearch.html
O8 – Extra context menu item: Backward Links – res://c:\program files\google\GoogleToolbar3.dll/cmbacklinks.html
O8 – Extra context menu item: Cached Snapshot of Page – res://c:\program files\google\GoogleToolbar3.dll/cmcache.html
O8 – Extra context menu item: Open using &Advanced JPEG Compressor – C:\Program Files\Advanced JPEG Compressor\ajcieex.htm
O8 – Extra context menu item: Similar Pages – res://c:\program files\google\GoogleToolbar3.dll/cmsimilar.html
O8 – Extra context menu item: Translate into English – res://c:\program files\google\GoogleToolbar3.dll/cmtrans.html
O8 – Extra context menu item: Web Rebates. – file://C:\Program Files\WebRebates4\websrebates\webtrebates\toprC0.htm
O8 – Extra context menu item: Ściągnij przy pomocy FlashGet'a – C:\PROGRA~1\FLASHGET\jc_link.htm
O8 – Extra context menu item: Ściągnij wszystko przy pomocy FlashGet'a – C:\PROGRA~1\FLASHGET\jc_all.htm
O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 – Extra 'Tools' menuitem: Sun Java Console – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 – Extra button: FlashGet – {D6E814A0–E0C5–11d4–8D29–0050BA6940E3} – C:\PROGRA~1\FLASHGET\flashget.exe
O9 – Extra 'Tools' menuitem: &FlashGet – {D6E814A0–E0C5–11d4–8D29–0050BA6940E3} – C:\PROGRA~1\FLASHGET\flashget.exe
O16 – DPF: {22222222–2222–2222–2222–222222222222} – file://c:\x.cab
O16 – DPF: {288C5F13–7E52–4ADA–A32E–F5BF9D125F98} (CR64Loader Object) – http://www.miniclip.com/bestfriends/miniclipGameLoader.dll
O16 – DPF: {31B7EB4E–8B4B–11D1–A789–00A0CC6651A8} (Cult3D ActiveX Player) – http://www.cult3d.com/download/cult.cab
O16 – DPF: {6414512B–B978–451D–A0D8–FCFDF33E833C} (WUWebControl Class) – http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1119789952088
O16 – DPF: {6E32070A–766D–4EE6–879C–DC1FA91D2FC3} (MUWebControl Class) – http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1123518112314
O16 – DPF: {9A9307A0–7DA4–4DAF–B042–5009F29E09E1} (ActiveScan Installer Class) – http://www.pandasoftware.com/activescan/as5/asinst.cab
O21 – SSODL: SystemCheck – {54645654–2225–4455–44A1–9F4543D34544} – (no file)
O23 – Service: Symantec Event Manager (ccEvtMgr) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 – Service: Symantec Password Validation (ccPwdSvc) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 – Service: Symantec Settings Manager (ccSetMgr) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 – Service: Macromedia Licensing Service – Macromedia – C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 – Service: Norton AntiVirus Auto–Protect Service (navapsvc) – Symantec Corporation – C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 – Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) – Symantec Corporation – C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 – Service: Norton Unerase Protection (NProtectService) – Symantec Corporation – C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 – Service: NVIDIA Driver Helper Service (NVSvc) – NVIDIA Corporation – C:\WINDOWS\System32\nvsvc32.exe
O23 – Service: SAVScan – Symantec Corporation – C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 – Service: ScriptBlocking Service (SBService) – Symantec Corporation – C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 – Service: Symantec Network Drivers Service (SNDSrvc) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 – Service: Symantec SPBBCSvc (SPBBCSvc) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 – Service: Speed Disk service – Symantec Corporation – C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 – Service: Symantec Core LC – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\CCPD–LC\symlcsvc.exe
Scan saved at 13:29:23, on 2005–10–09
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Kiafkzl\Mhmsrm.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\PowerS.exe
C:\Program Files\WebRebates4\webrebates.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\Program Files\BitComet\BitComet.exe
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\PROGRA~1\GADU–G~1\gg.exe
C:\Program Files\Spybot – Search & Destroy\TeaTimer.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD–LC\symlcsvc.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\PROGRA~1\INCRED~1\bin\IMAPP.EXE
C:\Program Files\WebRebates4\w11150.exe
C:\WINDOWS\popuper.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\shnlog.exe
C:\WINDOWS\System32\intmon.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\msole32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\TUGZip\TUGZip.exe
C:\Temp\HijackThis.exe
C:\WINDOWS\System32\intmonp.exe
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.netsprint.pl/
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.onet.pl/
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
F2 – REG:system.ini: Shell=Explorer.exe, msmsgs.exe
O2 – BHO: HP Class – {FFFFFFFF–FFFF–FFFF–FFFF–FFFFFFFFFFFA} – C:\WINDOWS\System32\hp2092.tmp
O3 – Toolbar: FlashGet Bar – {E0E899AB–F487–11D5–8D29–0050BA6940E3} – C:\PROGRA~1\FLASHGET\fgiebar.dll
O3 – Toolbar: Norton AntiVirus – {42CDD1BF–3FFB–4238–8AD1–7859DF00B1D6} – C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 – Toolbar: &Google – {2318C2B1–4965–11d4–9B18–009027A5CD4F} – c:\program files\google\googletoolbar3.dll
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:\WINDOWS\System32\msdxm.ocx
O3 – Toolbar: NetSprint Toolbar – {34F459B8–1D37–4FF2–9EFA–192D8E3ABA6F} – C:\WINDOWS\Downloaded Program Files\CONFLICT.1\toolbar.dll (file missing)
O4 – HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 – HKLM\..\Run: [Device Detector] DevDetect.exe –autorun
O4 – HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 – HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 – HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 – HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O4 – HKLM\..\Run: [Xnkoweed] C:\Program Files\Kiafkzl\Mhmsrm.exe
O4 – HKLM\..\Run: [NetLimiter] C:\Program Files\NetLimiter\NetLimiter.exe /s
O4 – HKLM\..\Run: [PowerS] C:\WINDOWS\PowerS.exe
O4 – HKLM\..\Run: [RegSvr32] C:\WINDOWS\System32\msmsgs.exe
O4 – HKLM\..\Run: [webrebates] "C:\Program Files\WebRebates4\webrebates.exe"
O4 – HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 – HKCU\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
O4 – HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD–5CC4–4ceb–AAAF–CF00BF39736A} /MODE CfgWiz
O4 – HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 – HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe"
O4 – HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 – HKCU\..\Run: [Gadu–Gadu] "C:\PROGRA~1\GADU–G~1\gg.exe" /tray
O4 – HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot – Search & Destroy\TeaTimer.exe
O4 – Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 – Extra context menu item: &Add animation to IncrediMail Style Box – C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 – Extra context menu item: &Google Search – res://c:\program files\google\GoogleToolbar3.dll/cmsearch.html
O8 – Extra context menu item: Backward Links – res://c:\program files\google\GoogleToolbar3.dll/cmbacklinks.html
O8 – Extra context menu item: Cached Snapshot of Page – res://c:\program files\google\GoogleToolbar3.dll/cmcache.html
O8 – Extra context menu item: Open using &Advanced JPEG Compressor – C:\Program Files\Advanced JPEG Compressor\ajcieex.htm
O8 – Extra context menu item: Similar Pages – res://c:\program files\google\GoogleToolbar3.dll/cmsimilar.html
O8 – Extra context menu item: Translate into English – res://c:\program files\google\GoogleToolbar3.dll/cmtrans.html
O8 – Extra context menu item: Web Rebates. – file://C:\Program Files\WebRebates4\websrebates\webtrebates\toprC0.htm
O8 – Extra context menu item: Ściągnij przy pomocy FlashGet'a – C:\PROGRA~1\FLASHGET\jc_link.htm
O8 – Extra context menu item: Ściągnij wszystko przy pomocy FlashGet'a – C:\PROGRA~1\FLASHGET\jc_all.htm
O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 – Extra 'Tools' menuitem: Sun Java Console – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 – Extra button: FlashGet – {D6E814A0–E0C5–11d4–8D29–0050BA6940E3} – C:\PROGRA~1\FLASHGET\flashget.exe
O9 – Extra 'Tools' menuitem: &FlashGet – {D6E814A0–E0C5–11d4–8D29–0050BA6940E3} – C:\PROGRA~1\FLASHGET\flashget.exe
O16 – DPF: {22222222–2222–2222–2222–222222222222} – file://c:\x.cab
O16 – DPF: {288C5F13–7E52–4ADA–A32E–F5BF9D125F98} (CR64Loader Object) – http://www.miniclip.com/bestfriends/miniclipGameLoader.dll
O16 – DPF: {31B7EB4E–8B4B–11D1–A789–00A0CC6651A8} (Cult3D ActiveX Player) – http://www.cult3d.com/download/cult.cab
O16 – DPF: {6414512B–B978–451D–A0D8–FCFDF33E833C} (WUWebControl Class) – http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1119789952088
O16 – DPF: {6E32070A–766D–4EE6–879C–DC1FA91D2FC3} (MUWebControl Class) – http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1123518112314
O16 – DPF: {9A9307A0–7DA4–4DAF–B042–5009F29E09E1} (ActiveScan Installer Class) – http://www.pandasoftware.com/activescan/as5/asinst.cab
O21 – SSODL: SystemCheck – {54645654–2225–4455–44A1–9F4543D34544} – (no file)
O23 – Service: Symantec Event Manager (ccEvtMgr) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 – Service: Symantec Password Validation (ccPwdSvc) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 – Service: Symantec Settings Manager (ccSetMgr) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 – Service: Macromedia Licensing Service – Macromedia – C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 – Service: Norton AntiVirus Auto–Protect Service (navapsvc) – Symantec Corporation – C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 – Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) – Symantec Corporation – C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 – Service: Norton Unerase Protection (NProtectService) – Symantec Corporation – C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 – Service: NVIDIA Driver Helper Service (NVSvc) – NVIDIA Corporation – C:\WINDOWS\System32\nvsvc32.exe
O23 – Service: SAVScan – Symantec Corporation – C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 – Service: ScriptBlocking Service (SBService) – Symantec Corporation – C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 – Service: Symantec Network Drivers Service (SNDSrvc) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 – Service: Symantec SPBBCSvc (SPBBCSvc) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 – Service: Speed Disk service – Symantec Corporation – C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 – Service: Symantec Core LC – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\CCPD–LC\symlcsvc.exe
pokaz logi z hijack this bo pewnie masz jakies spyware albo trojany na kompie
Strona 1 / 1