proszę na to spojrzeć
Rodacy oświećcie ciemnego !
Czy ktoś mógłby to przeanalizować i napisać jakieś sugestie :–)
A ........... i jeszcze co to jest i do czego słuźy :oops:
"Silent Runners.vbs", revision 37, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non–default values, except where indicated by "{++}"
Startup items buried in registry:
–––––––––––––––––––––––––––––––––
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"Gadu–Gadu" = ""C:\Program Files\Gadu–Gadu\gg.exe" /tray" ["sms–express.com"]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"DAEMON Tools–1033" = ""C:\Program Files\D–Tools\daemon.exe" –lang 1045" ["DAEMON'S HOME"]
"Cmaudio" = "RunDll32 cmicnfg.cpl,CMICtrlWnd" [MS]
"KAVPersonal50" = ""C:\Program Files\Kaspersky Lab\Kaspersky Anti–Virus Personal\kav.exe" /minimize" ["Kaspersky Lab"]
"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F–C8D7–4D59–B87D–784B7D6BE0B3}\(Default) = "AcroIEHlprObj Class" [from CLSID]
–> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{53707962–6F74–2D53–2644–206D7942484F}\(Default) = (no title provided)
–> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]
{A5366673–E8CA–11D3–9CD9–0090271D075B}\(Default) = "IeCatch2 Class" [from CLSID]
–> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\FlashGet\jccatch.dll" ["Amaze Soft"]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714–76d4–11d1–8b24–00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"
–> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560–9AA2–1069–930E–00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"
–> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
"{59850401–6664–101B–B21C–00AA004BA90B}" = "Microsoft Office Binder Unbind"
–> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office\1045\UNBIND.DLL" [MS]
"{0006F045–0000–0000–C000–000000000046}" = "Microsoft Outlook Custom Icon Handler"
–> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office\OLKFSTUB.DLL" [MS]
"{640167b4–59b0–47a6–b335–a6b3c0695aea}" = "Portable Media Devices"
–> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{cc86590a–b60a–48e6–996b–41d25ed39a1e}" = "Portable Media Devices Menu"
–> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{A70C977A–BF00–412C–90B7–034C51DA2439}" = "NvCpl DesktopContext Class"
–> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{1CDB2949–8F65–4355–8456–263E7C208A5D}" = "Desktop Explorer"
–> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB–F9E5–4718–997B–B8DA88302A47}" = "Desktop Explorer Menu"
–> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB–F9E5–4718–997B–B8DA88302A48}" = "nView Desktop Context Menu"
–> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{C56C4E21–706D–11d0–AFC5–444553540002}" = "My Digital Camera"
–> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Common Files\FotoNation\camview.dll" ["FotoNation Inc."]
"{FFB699E0–306A–11d3–8BD1–00104B6F7516}" = "Play on my TV helper"
–> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
Enabled Active Desktop and Wallpaper:
–––––––––––––––––––––––––––––––––––––
Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\WINDOWS\Web\Wallpaper\Idylla.bmp"
Startup items in "Drake" & "All Users" startup folders:
–––––––––––––––––––––––––––––––––––––––––––––––––––––––
C:\Documents and Settings\All Users\Menu Start\Programy\Autostart
"CoreCenter" –> shortcut to: "C:\Program Files\MSI\Core Center\CoreCenter.exe" [empty string]
Winsock2 Service Provider DLLs:
–––––––––––––––––––––––––––––––
Namespace Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
Transport Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 – 03, 06 – 14
%SystemRoot%\system32\rsvpsp.dll [MS], 04 – 05
Toolbars, Explorer Bars, Extensions:
––––––––––––––––––––––––––––––––––––
Toolbars
HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{E0E899AB–F487–11D5–8D29–0050BA6940E3}"
–> {CLSID}\(Default) = "FlashGet Bar"
–> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\FlashGet\fgiebar.dll" ["Amaze Soft"]
Extensions (Tools menu items, main toolbar menu buttons)
HKCU\Software\Microsoft\Internet Explorer\Extensions\
{CCCE5D70–9AA2–40F1–9C6B–12A255F08500}\
"ButtonText" = "Tłumacz na angielski"
"MenuText" = "Tłumacz na angielski"
"CLSIDExtension" = "{CC4371C0–D2F6–11D7–BDC4–00605209B788}"
{CCCE5D71–9AA2–40F1–9C6B–12A255F08500}\
"ButtonText" = "Tłumacz na polski"
"MenuText" = "Tłumacz na polski"
"CLSIDExtension" = "{CC4371C1–D2F6–11D7–BDC4–00605209B788}"
{CCCE5D72–9AA2–40F1–9C6B–12A255F08500}\
"ButtonText" = "Zachowaj przetłumaczoną stronę"
"MenuText" = "Zachowaj przetłumaczoną stronę"
"CLSIDExtension" = "{CC4371C2–D2F6–11D7–BDC4–00605209B788}"
HKLM\Software\Microsoft\Internet Explorer\Extensions\
{D6E814A0–E0C5–11D4–8D29–0050BA6940E3}\
"ButtonText" = "FlashGet"
"MenuText" = "&FlashGet"
"Exec" = "C:\PROGRA~1\FlashGet\flashget.exe" ["Amaze Soft"]
{EF79EAC5–3452–4E02–B8BD–BA4C89F1AC7A}\
"ButtonText" = "eBay – Homepage"
"CLSIDExtension" = "{1FBA04EE–3024–11D2–8F1F–0000F87ABD16}"
–> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]
"Exec" = "C:\Program Files\IrfanView\Ebay\Ebay.htm" [file not found]
Running Services (Display Name, Service Name, Path {Service DLL}):
––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––
GEARSecurity, GEARSecurity, "SYSTEM32\GEARSEC.EXE" ["GEAR Software"]
kavsvc, kavsvc, ""C:\Program Files\Kaspersky Lab\Kaspersky Anti–Virus Personal\kavsvc.exe"" ["Kaspersky Lab"]
NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"]
––––––––––
This report excludes default entries except where indicated.
To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the –all parameter.
––––––––––
Czy ktoś mógłby to przeanalizować i napisać jakieś sugestie :–)
A ........... i jeszcze co to jest i do czego słuźy :oops:
"Silent Runners.vbs", revision 37, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non–default values, except where indicated by "{++}"
Startup items buried in registry:
–––––––––––––––––––––––––––––––––
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"Gadu–Gadu" = ""C:\Program Files\Gadu–Gadu\gg.exe" /tray" ["sms–express.com"]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"DAEMON Tools–1033" = ""C:\Program Files\D–Tools\daemon.exe" –lang 1045" ["DAEMON'S HOME"]
"Cmaudio" = "RunDll32 cmicnfg.cpl,CMICtrlWnd" [MS]
"KAVPersonal50" = ""C:\Program Files\Kaspersky Lab\Kaspersky Anti–Virus Personal\kav.exe" /minimize" ["Kaspersky Lab"]
"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F–C8D7–4D59–B87D–784B7D6BE0B3}\(Default) = "AcroIEHlprObj Class" [from CLSID]
–> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{53707962–6F74–2D53–2644–206D7942484F}\(Default) = (no title provided)
–> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]
{A5366673–E8CA–11D3–9CD9–0090271D075B}\(Default) = "IeCatch2 Class" [from CLSID]
–> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\FlashGet\jccatch.dll" ["Amaze Soft"]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714–76d4–11d1–8b24–00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"
–> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560–9AA2–1069–930E–00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"
–> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
"{59850401–6664–101B–B21C–00AA004BA90B}" = "Microsoft Office Binder Unbind"
–> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office\1045\UNBIND.DLL" [MS]
"{0006F045–0000–0000–C000–000000000046}" = "Microsoft Outlook Custom Icon Handler"
–> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office\OLKFSTUB.DLL" [MS]
"{640167b4–59b0–47a6–b335–a6b3c0695aea}" = "Portable Media Devices"
–> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{cc86590a–b60a–48e6–996b–41d25ed39a1e}" = "Portable Media Devices Menu"
–> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{A70C977A–BF00–412C–90B7–034C51DA2439}" = "NvCpl DesktopContext Class"
–> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{1CDB2949–8F65–4355–8456–263E7C208A5D}" = "Desktop Explorer"
–> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB–F9E5–4718–997B–B8DA88302A47}" = "Desktop Explorer Menu"
–> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB–F9E5–4718–997B–B8DA88302A48}" = "nView Desktop Context Menu"
–> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{C56C4E21–706D–11d0–AFC5–444553540002}" = "My Digital Camera"
–> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Common Files\FotoNation\camview.dll" ["FotoNation Inc."]
"{FFB699E0–306A–11d3–8BD1–00104B6F7516}" = "Play on my TV helper"
–> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
Enabled Active Desktop and Wallpaper:
–––––––––––––––––––––––––––––––––––––
Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\WINDOWS\Web\Wallpaper\Idylla.bmp"
Startup items in "Drake" & "All Users" startup folders:
–––––––––––––––––––––––––––––––––––––––––––––––––––––––
C:\Documents and Settings\All Users\Menu Start\Programy\Autostart
"CoreCenter" –> shortcut to: "C:\Program Files\MSI\Core Center\CoreCenter.exe" [empty string]
Winsock2 Service Provider DLLs:
–––––––––––––––––––––––––––––––
Namespace Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
Transport Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 – 03, 06 – 14
%SystemRoot%\system32\rsvpsp.dll [MS], 04 – 05
Toolbars, Explorer Bars, Extensions:
––––––––––––––––––––––––––––––––––––
Toolbars
HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{E0E899AB–F487–11D5–8D29–0050BA6940E3}"
–> {CLSID}\(Default) = "FlashGet Bar"
–> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\FlashGet\fgiebar.dll" ["Amaze Soft"]
Extensions (Tools menu items, main toolbar menu buttons)
HKCU\Software\Microsoft\Internet Explorer\Extensions\
{CCCE5D70–9AA2–40F1–9C6B–12A255F08500}\
"ButtonText" = "Tłumacz na angielski"
"MenuText" = "Tłumacz na angielski"
"CLSIDExtension" = "{CC4371C0–D2F6–11D7–BDC4–00605209B788}"
{CCCE5D71–9AA2–40F1–9C6B–12A255F08500}\
"ButtonText" = "Tłumacz na polski"
"MenuText" = "Tłumacz na polski"
"CLSIDExtension" = "{CC4371C1–D2F6–11D7–BDC4–00605209B788}"
{CCCE5D72–9AA2–40F1–9C6B–12A255F08500}\
"ButtonText" = "Zachowaj przetłumaczoną stronę"
"MenuText" = "Zachowaj przetłumaczoną stronę"
"CLSIDExtension" = "{CC4371C2–D2F6–11D7–BDC4–00605209B788}"
HKLM\Software\Microsoft\Internet Explorer\Extensions\
{D6E814A0–E0C5–11D4–8D29–0050BA6940E3}\
"ButtonText" = "FlashGet"
"MenuText" = "&FlashGet"
"Exec" = "C:\PROGRA~1\FlashGet\flashget.exe" ["Amaze Soft"]
{EF79EAC5–3452–4E02–B8BD–BA4C89F1AC7A}\
"ButtonText" = "eBay – Homepage"
"CLSIDExtension" = "{1FBA04EE–3024–11D2–8F1F–0000F87ABD16}"
–> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]
"Exec" = "C:\Program Files\IrfanView\Ebay\Ebay.htm" [file not found]
Running Services (Display Name, Service Name, Path {Service DLL}):
––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––
GEARSecurity, GEARSecurity, "SYSTEM32\GEARSEC.EXE" ["GEAR Software"]
kavsvc, kavsvc, ""C:\Program Files\Kaspersky Lab\Kaspersky Anti–Virus Personal\kavsvc.exe"" ["Kaspersky Lab"]
NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"]
––––––––––
This report excludes default entries except where indicated.
To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the –all parameter.
––––––––––
Odpowiedzi: 4
Zastosuj fixa na R3
Zapisz to jako. reg i odpal.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Do404Search"=hex:01,00,00,00
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Search Bar"="http://search.msn.com/spbasic.htm"
"Use Custom Search URL"= dword:00000000
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00–17A6–11D0–99CB–00C04FD64497}"=""
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
""="http://home.microsoft.com/access/autosearch.asp?p=%s"
"provider"=""
" "="+"
"&"="%26"
"+"="%2B"
"#"="%23"
"?"="%3F"
"="="%3D"
[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Search Bar"="http://search.msn.com/spbasic.htm"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search]
"SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"
"CustomizeSearch"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm"
"Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
[–HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\URL]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\URL]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
@="http://"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\URL\Prefixes]
"ftp"="ftp://"
"gopher"="gopher://"
"home"="http://"
"mosaic"="http://"
"www"="http://"
Zapisz to jako. reg i odpal.
Teź czysty,raczej nic nie mogło się zmienić :wink:
W ramach kosmetyki moźna usunąć :
W ramach kosmetyki moźna usunąć :
R3 – Default URLSearchHook is missing
O9 – Extra button: eBay – Homepage – {EF79EAC5–3452–4E02–B8BD–BA4C89F1AC7A} – C:\Program Files\IrfanView\Ebay\Ebay.htm (file missing)
O19 – User stylesheet: (file missing)
bardzo proszę oto to hj
Logfile of HijackThis v1.99.1
Scan saved at 23:37:11, on 2005–06–12
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\D–Tools\daemon.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\MSI\Core Center\CoreCenter.exe
C:\WINDOWS\SYSTEM32\GEARSEC.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Downloads\hijackthis\HijackThis.exe
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Drake Sp. z o.o.
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 – Default URLSearchHook is missing
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 – BHO: (no name) – {53707962–6F74–2D53–2644–206D7942484F} – C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 – BHO: IeCatch2 Class – {A5366673–E8CA–11D3–9CD9–0090271D075B} – C:\PROGRA~1\FlashGet\jccatch.dll
O4 – HKLM\..\Run: [DAEMON Tools–1033] "C:\Program Files\D–Tools\daemon.exe" –lang 1045
O4 – HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 – HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti–Virus Personal\kav.exe" /minimize
O4 – HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 – HKCU\..\Run: [Gadu–Gadu] "C:\Program Files\Gadu–Gadu\gg.exe" /tray
O4 – Global Startup: CoreCenter.lnk = C:\Program Files\MSI\Core Center\CoreCenter.exe
O8 – Extra context menu item: Ściągnij przy pomocy FlashGet'a – C:\Program Files\FlashGet\jc_link.htm
O8 – Extra context menu item: Ściągnij wszystko przy pomocy FlashGet'a – C:\Program Files\FlashGet\jc_all.htm
O9 – Extra button: FlashGet – {D6E814A0–E0C5–11d4–8D29–0050BA6940E3} – C:\PROGRA~1\FlashGet\flashget.exe
O9 – Extra 'Tools' menuitem: &FlashGet – {D6E814A0–E0C5–11d4–8D29–0050BA6940E3} – C:\PROGRA~1\FlashGet\flashget.exe
O9 – Extra button: eBay – Homepage – {EF79EAC5–3452–4E02–B8BD–BA4C89F1AC7A} – C:\Program Files\IrfanView\Ebay\Ebay.htm (file missing)
O9 – Extra button: Tłumacz na angielski – {CCCE5D70–9AA2–40F1–9C6B–12A255F08500} – C:\Program Files\poleng\translatica\bin\win\int\browser\iepolengextension.dll (HKCU)
O9 – Extra 'Tools' menuitem: Tłumacz na angielski – {CCCE5D70–9AA2–40F1–9C6B–12A255F08500} – C:\Program Files\poleng\translatica\bin\win\int\browser\iepolengextension.dll (HKCU)
O9 – Extra button: Tłumacz na polski – {CCCE5D71–9AA2–40F1–9C6B–12A255F08500} – C:\Program Files\poleng\translatica\bin\win\int\browser\iepolengextension.dll (HKCU)
O9 – Extra 'Tools' menuitem: Tłumacz na polski – {CCCE5D71–9AA2–40F1–9C6B–12A255F08500} – C:\Program Files\poleng\translatica\bin\win\int\browser\iepolengextension.dll (HKCU)
O9 – Extra button: Zachowaj przetłumaczoną stronę – {CCCE5D72–9AA2–40F1–9C6B–12A255F08500} – C:\Program Files\poleng\translatica\bin\win\int\browser\iepolengextension.dll (HKCU)
O9 – Extra 'Tools' menuitem: Zachowaj przetłumaczoną stronę – {CCCE5D72–9AA2–40F1–9C6B–12A255F08500} – C:\Program Files\poleng\translatica\bin\win\int\browser\iepolengextension.dll (HKCU)
O17 – HKLM\System\CCS\Services\Tcpip\..\{404BF83F–330D–4FDA–AA91–1173A4DD9F15}: NameServer = 194.204.159.1,193.110.121.20
O19 – User stylesheet: (file missing)
O23 – Service: GEARSecurity – GEAR Software – C:\WINDOWS\SYSTEM32\GEARSEC.EXE
O23 – Service: kavsvc – Kaspersky Lab – C:\Program Files\Kaspersky Lab\Kaspersky Anti–Virus Personal\kavsvc.exe
O23 – Service: NVIDIA Display Driver Service (NVSvc) – NVIDIA Corporation – C:\WINDOWS\system32\nvsvc32.exe
Logfile of HijackThis v1.99.1
Scan saved at 23:37:11, on 2005–06–12
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\D–Tools\daemon.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\MSI\Core Center\CoreCenter.exe
C:\WINDOWS\SYSTEM32\GEARSEC.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Downloads\hijackthis\HijackThis.exe
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Drake Sp. z o.o.
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 – Default URLSearchHook is missing
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 – BHO: (no name) – {53707962–6F74–2D53–2644–206D7942484F} – C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 – BHO: IeCatch2 Class – {A5366673–E8CA–11D3–9CD9–0090271D075B} – C:\PROGRA~1\FlashGet\jccatch.dll
O4 – HKLM\..\Run: [DAEMON Tools–1033] "C:\Program Files\D–Tools\daemon.exe" –lang 1045
O4 – HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 – HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti–Virus Personal\kav.exe" /minimize
O4 – HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 – HKCU\..\Run: [Gadu–Gadu] "C:\Program Files\Gadu–Gadu\gg.exe" /tray
O4 – Global Startup: CoreCenter.lnk = C:\Program Files\MSI\Core Center\CoreCenter.exe
O8 – Extra context menu item: Ściągnij przy pomocy FlashGet'a – C:\Program Files\FlashGet\jc_link.htm
O8 – Extra context menu item: Ściągnij wszystko przy pomocy FlashGet'a – C:\Program Files\FlashGet\jc_all.htm
O9 – Extra button: FlashGet – {D6E814A0–E0C5–11d4–8D29–0050BA6940E3} – C:\PROGRA~1\FlashGet\flashget.exe
O9 – Extra 'Tools' menuitem: &FlashGet – {D6E814A0–E0C5–11d4–8D29–0050BA6940E3} – C:\PROGRA~1\FlashGet\flashget.exe
O9 – Extra button: eBay – Homepage – {EF79EAC5–3452–4E02–B8BD–BA4C89F1AC7A} – C:\Program Files\IrfanView\Ebay\Ebay.htm (file missing)
O9 – Extra button: Tłumacz na angielski – {CCCE5D70–9AA2–40F1–9C6B–12A255F08500} – C:\Program Files\poleng\translatica\bin\win\int\browser\iepolengextension.dll (HKCU)
O9 – Extra 'Tools' menuitem: Tłumacz na angielski – {CCCE5D70–9AA2–40F1–9C6B–12A255F08500} – C:\Program Files\poleng\translatica\bin\win\int\browser\iepolengextension.dll (HKCU)
O9 – Extra button: Tłumacz na polski – {CCCE5D71–9AA2–40F1–9C6B–12A255F08500} – C:\Program Files\poleng\translatica\bin\win\int\browser\iepolengextension.dll (HKCU)
O9 – Extra 'Tools' menuitem: Tłumacz na polski – {CCCE5D71–9AA2–40F1–9C6B–12A255F08500} – C:\Program Files\poleng\translatica\bin\win\int\browser\iepolengextension.dll (HKCU)
O9 – Extra button: Zachowaj przetłumaczoną stronę – {CCCE5D72–9AA2–40F1–9C6B–12A255F08500} – C:\Program Files\poleng\translatica\bin\win\int\browser\iepolengextension.dll (HKCU)
O9 – Extra 'Tools' menuitem: Zachowaj przetłumaczoną stronę – {CCCE5D72–9AA2–40F1–9C6B–12A255F08500} – C:\Program Files\poleng\translatica\bin\win\int\browser\iepolengextension.dll (HKCU)
O17 – HKLM\System\CCS\Services\Tcpip\..\{404BF83F–330D–4FDA–AA91–1173A4DD9F15}: NameServer = 194.204.159.1,193.110.121.20
O19 – User stylesheet: (file missing)
O23 – Service: GEARSecurity – GEAR Software – C:\WINDOWS\SYSTEM32\GEARSEC.EXE
O23 – Service: kavsvc – Kaspersky Lab – C:\Program Files\Kaspersky Lab\Kaspersky Anti–Virus Personal\kavsvc.exe
O23 – Service: NVIDIA Display Driver Service (NVSvc) – NVIDIA Corporation – C:\WINDOWS\system32\nvsvc32.exe
A o ćo chodzi ?
To log Silent Runners'a ,czysty swoją drogą.
Uźywaj zamiast niego HJ ,jest bardziej "przyjazny"dla uźytkownika.
Program umoźliwia wyszukanie np. programów szpiegujących itp.
To log Silent Runners'a ,czysty swoją drogą.
Uźywaj zamiast niego HJ ,jest bardziej "przyjazny"dla uźytkownika.
Program umoźliwia wyszukanie np. programów szpiegujących itp.
Strona 1 / 1