prosze o sprawdzenie loga........
prubowalem juz najrozniejszych sposobow ale wciaz mam na pulpicie "SPYWARE INFECTION" i samoczynnie otwierajace sie strony.....
prubowalem nortonem, avastem, spybotem, i logami z hijackthis
PROSZE O POMOC!
log z hijackthis:
Logfile of HijackThis v1.99.1
Scan saved at 11:40:40, on 2005–12–22
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\rundll32.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
D:\PROGRA~1\NORTON~1\NORTON~2\GHOSTS~2.EXE
D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
D:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
D:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
D:\WINDOWS\System32\nvsvc32.exe
D:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
D:\WINDOWS\system32\ZoneLabs\vsmon.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Common Files\Symantec Shared\ccApp.exe
D:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
D:\WINDOWS\System32\RUNDLL32.EXE
D:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
D:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
D:\Program Files\QuickTime\qttask.exe
D:\Program Files\iTunes\iTunesHelper.exe
D:\Program Files\D–Tools\daemon.exe
D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
D:\Program Files\Winamp\winampa.exe
D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
D:\WINDOWS\System32\ctfmon.exe
D:\Program Files\Messenger\msmsgs.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\WINDOWS\System32\wuauclt.exe
D:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
D:\Program Files\Spybot – Search & Destroy\SpybotSD.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Documents and Settings\Bartek\Pulpit\Nowy folder\HijackThis.exe
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – D:\WINDOWS\System32\msdxm.ocx
O3 – Toolbar: Norton AntiVirus – {42CDD1BF–3FFB–4238–8AD1–7859DF00B1D6} – D:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 – HKLM\..\Run: [ccApp] "D:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 – HKLM\..\Run: [ccRegVfy] "D:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 – HKLM\..\Run: [GhostStartTrayApp] D:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
O4 – HKLM\..\Run: [Symantec NetDriver Monitor] D:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 – HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 – HKLM\..\Run: [nwiz] nwiz.exe /install
O4 – HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 – HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 – HKLM\..\Run: [SSC_UserPrompt] D:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 – HKLM\..\Run: [HPDJ Taskbar Utility] D:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 – HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 – HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" –atboottime
O4 – HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 – HKLM\..\Run: [DAEMON Tools–1033] "D:\Program Files\D–Tools\daemon.exe" –lang 1033
O4 – HKLM\..\Run: [RemoteControl] "D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 – HKLM\..\Run: [WinampAgent] D:\Program Files\Winamp\winampa.exe
O4 – HKLM\..\Run: [Zone Labs Client] D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 – HKLM\..\Run: [winsync] D:\WINDOWS\System32\yykpak.exe reg_run
O4 – HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\ctfmon.exe
O4 – HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
O4 – HKCU\..\Run: [Gadu–Gadu] "D:\Program Files\Gadu–Gadu\gg.exe" /tray
O4 – HKCU\..\Run: [CU1] D:\Program Files\Common Files\VCClient\VCClient.exe
O4 – HKCU\..\Run: [CU2] D:\Program Files\Common Files\VCClient\VCMain.exe
O4 – HKCU\..\Run: [wffk] C:\stub_113_4_0_4_0.exe
O4 – Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 – Extra context menu item: E&ksport do programu Microsoft Excel – res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – D:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 – Extra 'Tools' menuitem: Sun Java Console – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – D:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 – Extra button: Badanie – {92780B25–18CC–41C8–B9BE–3C9C571A8263} – D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 – Extra button: Related – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – D:\WINDOWS\web\related.htm
O9 – Extra 'Tools' menuitem: Show &Related Links – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – D:\WINDOWS\web\related.htm
O20 – Winlogon Notify: msctl32.dll – D:\WINDOWS\System32\msctl32.dll
O20 – Winlogon Notify: Setup – D:\WINDOWS\system32\wsnsrv.dll
O23 – Service: Symantec Event Manager (ccEvtMgr) – Symantec Corporation – D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 – Service: Symantec Password Validation Service (ccPwdSvc) – Symantec Corporation – D:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 – Service: GhostStartService – Symantec Corporation – D:\PROGRA~1\NORTON~1\NORTON~2\GHOSTS~2.EXE
O23 – Service: iPod Service (iPodService) – Apple Computer, Inc. – D:\Program Files\iPod\bin\iPodService.exe
O23 – Service: Usługa Auto–Protect w programie Norton AntiVirus (navapsvc) – Symantec Corporation – D:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 – Service: Norton Unerase Protection (NProtectService) – Symantec Corporation – D:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 – Service: NVIDIA Display Driver Service (NVSvc) – NVIDIA Corporation – D:\WINDOWS\System32\nvsvc32.exe
O23 – Service: ScriptBlocking Service (SBService) – Symantec Corporation – D:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 – Service: Symantec Network Drivers Service (SNDSrvc) – Symantec Corporation – D:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 – Service: Speed Disk service – Symantec Corporation – D:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
O23 – Service: SymWMI Service (SymWSC) – Symantec Corporation – D:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 – Service: TrueVector Internet Monitor (vsmon) – Zone Labs, LLC – D:\WINDOWS\system32\ZoneLabs\vsmon.exe
z gory dzieki
pzdr
prubowalem nortonem, avastem, spybotem, i logami z hijackthis
PROSZE O POMOC!
log z hijackthis:
Logfile of HijackThis v1.99.1
Scan saved at 11:40:40, on 2005–12–22
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\rundll32.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
D:\PROGRA~1\NORTON~1\NORTON~2\GHOSTS~2.EXE
D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
D:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
D:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
D:\WINDOWS\System32\nvsvc32.exe
D:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
D:\WINDOWS\system32\ZoneLabs\vsmon.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Common Files\Symantec Shared\ccApp.exe
D:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
D:\WINDOWS\System32\RUNDLL32.EXE
D:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
D:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
D:\Program Files\QuickTime\qttask.exe
D:\Program Files\iTunes\iTunesHelper.exe
D:\Program Files\D–Tools\daemon.exe
D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
D:\Program Files\Winamp\winampa.exe
D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
D:\WINDOWS\System32\ctfmon.exe
D:\Program Files\Messenger\msmsgs.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\WINDOWS\System32\wuauclt.exe
D:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
D:\Program Files\Spybot – Search & Destroy\SpybotSD.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Documents and Settings\Bartek\Pulpit\Nowy folder\HijackThis.exe
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – D:\WINDOWS\System32\msdxm.ocx
O3 – Toolbar: Norton AntiVirus – {42CDD1BF–3FFB–4238–8AD1–7859DF00B1D6} – D:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 – HKLM\..\Run: [ccApp] "D:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 – HKLM\..\Run: [ccRegVfy] "D:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 – HKLM\..\Run: [GhostStartTrayApp] D:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
O4 – HKLM\..\Run: [Symantec NetDriver Monitor] D:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 – HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 – HKLM\..\Run: [nwiz] nwiz.exe /install
O4 – HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 – HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 – HKLM\..\Run: [SSC_UserPrompt] D:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 – HKLM\..\Run: [HPDJ Taskbar Utility] D:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 – HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 – HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" –atboottime
O4 – HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 – HKLM\..\Run: [DAEMON Tools–1033] "D:\Program Files\D–Tools\daemon.exe" –lang 1033
O4 – HKLM\..\Run: [RemoteControl] "D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 – HKLM\..\Run: [WinampAgent] D:\Program Files\Winamp\winampa.exe
O4 – HKLM\..\Run: [Zone Labs Client] D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 – HKLM\..\Run: [winsync] D:\WINDOWS\System32\yykpak.exe reg_run
O4 – HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\ctfmon.exe
O4 – HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
O4 – HKCU\..\Run: [Gadu–Gadu] "D:\Program Files\Gadu–Gadu\gg.exe" /tray
O4 – HKCU\..\Run: [CU1] D:\Program Files\Common Files\VCClient\VCClient.exe
O4 – HKCU\..\Run: [CU2] D:\Program Files\Common Files\VCClient\VCMain.exe
O4 – HKCU\..\Run: [wffk] C:\stub_113_4_0_4_0.exe
O4 – Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 – Extra context menu item: E&ksport do programu Microsoft Excel – res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – D:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 – Extra 'Tools' menuitem: Sun Java Console – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – D:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 – Extra button: Badanie – {92780B25–18CC–41C8–B9BE–3C9C571A8263} – D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 – Extra button: Related – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – D:\WINDOWS\web\related.htm
O9 – Extra 'Tools' menuitem: Show &Related Links – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – D:\WINDOWS\web\related.htm
O20 – Winlogon Notify: msctl32.dll – D:\WINDOWS\System32\msctl32.dll
O20 – Winlogon Notify: Setup – D:\WINDOWS\system32\wsnsrv.dll
O23 – Service: Symantec Event Manager (ccEvtMgr) – Symantec Corporation – D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 – Service: Symantec Password Validation Service (ccPwdSvc) – Symantec Corporation – D:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 – Service: GhostStartService – Symantec Corporation – D:\PROGRA~1\NORTON~1\NORTON~2\GHOSTS~2.EXE
O23 – Service: iPod Service (iPodService) – Apple Computer, Inc. – D:\Program Files\iPod\bin\iPodService.exe
O23 – Service: Usługa Auto–Protect w programie Norton AntiVirus (navapsvc) – Symantec Corporation – D:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 – Service: Norton Unerase Protection (NProtectService) – Symantec Corporation – D:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 – Service: NVIDIA Display Driver Service (NVSvc) – NVIDIA Corporation – D:\WINDOWS\System32\nvsvc32.exe
O23 – Service: ScriptBlocking Service (SBService) – Symantec Corporation – D:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 – Service: Symantec Network Drivers Service (SNDSrvc) – Symantec Corporation – D:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 – Service: Speed Disk service – Symantec Corporation – D:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
O23 – Service: SymWMI Service (SymWSC) – Symantec Corporation – D:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 – Service: TrueVector Internet Monitor (vsmon) – Zone Labs, LLC – D:\WINDOWS\system32\ZoneLabs\vsmon.exe
z gory dzieki
pzdr
Odpowiedzi: 13
Na pierwszy rzut oka to wszystko jak najbardziej powinno się w zsypie znaleźc.
Tyle tylko, źe w rejestrze i na dysku jest jeszcze więcej plików, które wypada usunąć. Stąd włąśnie pisałem o L2mfix i logu jaki tworzy.
W przejrzystej formie moźna dostrzec to czego naleźy się pozbyć.
Dasz się namówić na wklejenie tutaj tego loga? Tobie czy mnie zaleźy źeby się tego pozbyć?
P.S. Przycisk zmień widzisz?
Tyle tylko, źe w rejestrze i na dysku jest jeszcze więcej plików, które wypada usunąć. Stąd włąśnie pisałem o L2mfix i logu jaki tworzy.
W przejrzystej formie moźna dostrzec to czego naleźy się pozbyć.
Dasz się namówić na wklejenie tutaj tego loga? Tobie czy mnie zaleźy źeby się tego pozbyć?
P.S. Przycisk zmień widzisz?
mozesz zobaczyc czy te wpisy co zaznaczyl ten program do kasowania sa jakos potrzebne czy moge je spokojnie "deleted"??
http://img465.imageshack.us/my.php?image=deleted7yl.jpg
http://img465.imageshack.us/my.php?image=deleted7yl.jpg
Ponadto doszły mnie słuchy, ze ponoc ten remover został stworzony przez tych samych osobników którzy stworzyli Look2me. Ile w tym prawdy – trudno mi orzec.
Wrzuc tutaj log zrobiony narzędziem L2mfix.
wiev moge nacisnac deleted? czy raczej nie??
Nadal w systemie masz kupe śmiecia:
Ponadto doszły mnie słuchy, ze ponoc ten remover został stworzony przez tych samych osobników którzy stworzyli Look2me. Ile w tym prawdy – trudno mi orzec.
Wrzuc tutaj log zrobiony narzędziem L2mfix.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"CU1" = "D:\Program Files\Common Files\VCClient\VCClient.exe" [null data]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{BA11E569–9AA7–40C8–B612–91D7145D1ACA}" = (no title provided)
–> {CLSID}\InProcServer32\(Default) = "D:\WINDOWS\system32\szorprop.dll" [file not found]
"{03AC2F2D–EA58–4EC6–930A–BF8A8DF1B125}" = (no title provided)
–> {CLSID}\InProcServer32\(Default) = "D:\WINDOWS\system32\xqnroll.dll" [null data]
"{39A5C45F–E215–49AE–88F4–748AA007C91E}" = (no title provided)
–> {CLSID}\InProcServer32\(Default) = "D:\WINDOWS\system32\ciypt32.dll" [null data]
"{6295AA11–BAAB–4714–B696–468DC5276DDF}" = (no title provided)
–> {CLSID}\InProcServer32\(Default) = "D:\WINDOWS\system32\gsmf32.dll" [null data]
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
INFECTION WARNING! msctl32.dll\DLLName = "D:\WINDOWS\System32\msctl32.dll" [null data]
INFECTION WARNING! WindowsUpdate\DLLName = "D:\WINDOWS\system32\lvpm0971e.dll" [null data]
HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
ggqmyqgg\(Default) = "{e0d68d54–adf9–4042–8794–6d30463ed7ab}"
–> {CLSID}\InProcServer32\(Default) = "D:\WINDOWS\System32\gglkm.dll" [file not found]
Ponadto doszły mnie słuchy, ze ponoc ten remover został stworzony przez tych samych osobników którzy stworzyli Look2me. Ile w tym prawdy – trudno mi orzec.
Wrzuc tutaj log zrobiony narzędziem L2mfix.
przeskanowalem kompa programem o nazwie look2me rmover
i znalazl mi to:
http://img465.imageshack.us/my.php?image=deleted7yl.jpg
czy moge spokojnie nacisnac delete keys?[/url]
i znalazl mi to:
http://img465.imageshack.us/my.php?image=deleted7yl.jpg
czy moge spokojnie nacisnac delete keys?[/url]
no niestety nie pomoglo to w sprawie pojawiajacych sie z nikad okienek zachecajacych do kupna lub sciagniecia roznych zeczy :/
LOG Z SILENT RUNNERS:
"Silent Runners.vbs", revision 41, http://www.silentrunners.org/
Operating System: Windows XP
Output limited to non–default values, except where indicated by "{++}"
Startup items buried in registry:
–––––––––––––––––––––––––––––––––
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"CTFMON.EXE" = "D:\WINDOWS\System32\ctfmon.exe" [MS]
"MSMSGS" = ""D:\Program Files\Messenger\msmsgs.exe" /background" [MS]
"Gadu–Gadu" = ""D:\Program Files\Gadu–Gadu\gg.exe" /tray" ["Gadu–Gadu Sp. z oo"]
"CU1" = "D:\Program Files\Common Files\VCClient\VCClient.exe" [null data]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"ccApp" = ""D:\Program Files\Common Files\Symantec Shared\ccApp.exe"" ["Symantec Corporation"]
"ccRegVfy" = ""D:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"" ["Symantec Corporation"]
"Symantec NetDriver Monitor" = "D:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer" ["Symantec Corporation"]
"NvCplDaemon" = "RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup" [MS]
"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]
"NvMediaCenter" = "RUNDLL32.EXE D:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit" [MS]
"SunJavaUpdateSched" = "D:\Program Files\Java\jre1.5.0_05\bin\jusched.exe" ["Sun Microsystems, Inc."]
"SSC_UserPrompt" = "D:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe" ["Symantec Corporation"]
"HPDJ Taskbar Utility" = "D:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe" ["HP"]
"NeroFilterCheck" = "D:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]
"QuickTime Task" = ""D:\Program Files\QuickTime\qttask.exe" –atboottime" ["Apple Computer, Inc."]
"iTunesHelper" = ""D:\Program Files\iTunes\iTunesHelper.exe"" ["Apple Computer, Inc."]
"DAEMON Tools–1033" = ""D:\Program Files\D–Tools\daemon.exe" –lang 1033" ["DAEMON'S HOME"]
"RemoteControl" = ""D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"" ["Cyberlink Corp."]
"WinampAgent" = "D:\Program Files\Winamp\winampa.exe" [null data]
"Zone Labs Client" = "D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" ["Zone Labs, LLC"]
"THGuard" = ""D:\Program Files\TrojanHunter 4.2\THGuard.exe"" ["Mischel Internet Security"]
HKLM\Software\Microsoft\Active Setup\Installed Components\
{306D6C21–C1B6–4629–986C–E59E1875B8AF}\(Default) = (no title provided)
\StubPath = ""D:\WINDOWS\System32\rundll32.exe" "D:\Program Files\Messenger\msgsc.dll",ShowIconsUser" [MS]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{88895560–9AA2–1069–930E–00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"
–> {CLSID}\InProcServer32\(Default) = "D:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{B41DB860–8EE4–11D2–9906–E49FADC173CA}" = "WinRAR shell extension"
–> {CLSID}\InProcServer32\(Default) = "D:\Program Files\WinRAR\rarext.dll" [null data]
"{32020A01–506E–484D–A2A8–BE3CF17601C3}" = "AlcoholShellEx"
–> {CLSID}\InProcServer32\(Default) = "D:\PROGRA~1\ALCOHO~1\ALCOHO~1\AXShlEx.dll" ["Alcohol Soft Development Team"]
"{A70C977A–BF00–412C–90B7–034C51DA2439}" = "NvCpl DesktopContext Class"
–> {CLSID}\InProcServer32\(Default) = "D:\WINDOWS\System32\nvcpl.dll" ["NVIDIA Corporation"]
"{FFB699E0–306A–11d3–8BD1–00104B6F7516}" = "Play on my TV helper"
–> {CLSID}\InProcServer32\(Default) = "D:\WINDOWS\System32\nvcpl.dll" ["NVIDIA Corporation"]
"{1CDB2949–8F65–4355–8456–263E7C208A5D}" = "Desktop Explorer"
–> {CLSID}\InProcServer32\(Default) = "D:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB–F9E5–4718–997B–B8DA88302A47}" = "Desktop Explorer Menu"
–> {CLSID}\InProcServer32\(Default) = "D:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB–F9E5–4718–997B–B8DA88302A48}" = "nView Desktop Context Menu"
–> {CLSID}\InProcServer32\(Default) = "D:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{00020D75–0000–0000–C000–000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"
–> {CLSID}\InProcServer32\(Default) = "D:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL" [MS]
"{0006F045–0000–0000–C000–000000000046}" = "Microsoft Office Outlook Custom Icon Handler"
–> {CLSID}\InProcServer32\(Default) = "D:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL" [MS]
"{42042206–2D85–11D3–8CFF–005004838597}" = "Microsoft Office HTML Icon Handler"
–> {CLSID}\InProcServer32\(Default) = "D:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS]
"{B9E1D2CB–CCFF–4AA6–9579–D7A4754030EF}" = "iTunes"
–> {CLSID}\InProcServer32\(Default) = "D:\Program Files\iTunes\iTunesMiniPlayer.dll" ["Apple Computer, Inc."]
"{BA11E569–9AA7–40C8–B612–91D7145D1ACA}" = (no title provided)
–> {CLSID}\InProcServer32\(Default) = "D:\WINDOWS\system32\szorprop.dll" [file not found]
"{03AC2F2D–EA58–4EC6–930A–BF8A8DF1B125}" = (no title provided)
–> {CLSID}\InProcServer32\(Default) = "D:\WINDOWS\system32\xqnroll.dll" [null data]
"{39A5C45F–E215–49AE–88F4–748AA007C91E}" = (no title provided)
–> {CLSID}\InProcServer32\(Default) = "D:\WINDOWS\system32\ciypt32.dll" [null data]
"{EBDF1F20–C829–11D1–8233–FF20AF3E97A9}" = "TrojanHunter Menu Shell Extension"
–> {CLSID}\InProcServer32\(Default) = "D:\PROGRA~1\TROJAN~1.2\contmenu.dll" [null data]
"{6295AA11–BAAB–4714–B696–468DC5276DDF}" = (no title provided)
–> {CLSID}\InProcServer32\(Default) = "D:\WINDOWS\system32\gsmf32.dll" [null data]
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
INFECTION WARNING! msctl32.dll\DLLName = "D:\WINDOWS\System32\msctl32.dll" [null data]
INFECTION WARNING! WindowsUpdate\DLLName = "D:\WINDOWS\system32\lvpm0971e.dll" [null data]
HKLM\Software\Classes\PROTOCOLS\Filter\
INFECTION WARNING! text/xml\CLSID = "{807553E5–5146–11D5–A672–00B0D022E945}"
–> {CLSID}\InProcServer32\(Default) = "D:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]
HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
ggqmyqgg\(Default) = "{e0d68d54–adf9–4042–8794–6d30463ed7ab}"
–> {CLSID}\InProcServer32\(Default) = "D:\WINDOWS\System32\gglkm.dll" [file not found]
Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{5345A4D5–41EB–4A2F–9616–CE1D4F6C35B2}"
–> {CLSID}\InProcServer32\(Default) = "D:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]
TrojanHunter\(Default) = "{EBDF1F20–C829–11D1–8233–FF20AF3E97A9}"
–> {CLSID}\InProcServer32\(Default) = "D:\PROGRA~1\TROJAN~1.2\contmenu.dll" [null data]
WinRAR\(Default) = "{B41DB860–8EE4–11D2–9906–E49FADC173CA}"
–> {CLSID}\InProcServer32\(Default) = "D:\Program Files\WinRAR\rarext.dll" [null data]
HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
TrojanHunter\(Default) = "{EBDF1F20–C829–11D1–8233–FF20AF3E97A9}"
–> {CLSID}\InProcServer32\(Default) = "D:\PROGRA~1\TROJAN~1.2\contmenu.dll" [null data]
WinRAR\(Default) = "{B41DB860–8EE4–11D2–9906–E49FADC173CA}"
–> {CLSID}\InProcServer32\(Default) = "D:\Program Files\WinRAR\rarext.dll" [null data]
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{5345A4D5–41EB–4A2F–9616–CE1D4F6C35B2}"
–> {CLSID}\InProcServer32\(Default) = "D:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]
TrojanHunter\(Default) = "{EBDF1F20–C829–11D1–8233–FF20AF3E97A9}"
–> {CLSID}\InProcServer32\(Default) = "D:\PROGRA~1\TROJAN~1.2\contmenu.dll" [null data]
WinRAR\(Default) = "{B41DB860–8EE4–11D2–9906–E49FADC173CA}"
–> {CLSID}\InProcServer32\(Default) = "D:\Program Files\WinRAR\rarext.dll" [null data]
Active Desktop and Wallpaper:
–––––––––––––––––––––––––––––
Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
HKCU\Control Panel\Desktop\
"Wallpaper" = "D:\WINDOWS\Web\Wallpaper\Idylla.bmp"
Enabled Screen Saver:
–––––––––––––––––––––
HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "D:\WINDOWS\System32\logon.scr" [MS]
Startup items in "Bartek" & "All Users" startup folders:
––––––––––––––––––––––––––––––––––––––––––––––––––––––––
D:\Documents and Settings\All Users\Menu Start\Programy\Autostart
"Adobe Reader Speed Launch" –> shortcut to: "D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe" ["Adobe Systems Incorporated"]
Enabled Scheduled Tasks:
––––––––––––––––––––––––
"Symantec NetDetect" –> launches: "D:\Program Files\Symantec\LiveUpdate\NDETECT.EXE" ["Symantec Corporation"]
Winsock2 Service Provider DLLs:
–––––––––––––––––––––––––––––––
Namespace Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
Transport Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 – 03, 06 – 11
%SystemRoot%\system32\rsvpsp.dll [MS], 04 – 05
Toolbars, Explorer Bars, Extensions:
––––––––––––––––––––––––––––––––––––
Toolbars
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{42CDD1BF–3FFB–4238–8AD1–7859DF00B1D6}" = "Norton AntiVirus" [from CLSID]
–> {CLSID}\InProcServer32\(Default) = "D:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]
HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{42CDD1BF–3FFB–4238–8AD1–7859DF00B1D6}" = "Norton AntiVirus"
–> {CLSID}\InProcServer32\(Default) = "D:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]
Extensions (Tools menu items, main toolbar menu buttons)
HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0–4FCB–11CF–AAA5–00401C608501}\
"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{CAFEEFAC–0015–0000–0005–ABCDEFFEDCBC}"
–> {CLSID}\InProcServer32\(Default) = "D:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll" ["Sun Microsystems, Inc."]
{85D1F590–48F4–11D9–9669–0800200C9A66}\
"MenuText" = "Uninstall BitDefender Online Scanner v8"
"Exec" = "%windir%\bdoscandel.exe" [null data]
{92780B25–18CC–41C8–B9BE–3C9C571A8263}\
"ButtonText" = "Badanie"
Running Services (Display Name, Service Name, Path {Service DLL}):
––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––
iPod Service, iPodService, "D:\Program Files\iPod\bin\iPodService.exe" ["Apple Computer, Inc."]
Machine Debug Manager, MDM, ""D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE"" [MS]
NVIDIA Display Driver Service, NVSvc, "D:\WINDOWS\System32\nvsvc32.exe" ["NVIDIA Corporation"]
Symantec Event Manager, ccEvtMgr, ""D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"" ["Symantec Corporation"]
TrueVector Internet Monitor, vsmon, "D:\WINDOWS\system32\ZoneLabs\vsmon.exe –service" ["Zone Labs, LLC"]
Print Monitors:
–––––––––––––––
HKLM\System\CurrentControlSet\Control\Print\Monitors\
hpzlnt05\Driver = "hpzlnt05.dll" ["HP"]
Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS]
––––––––––
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the –all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points and all Registry CLSIDs for dormant Explorer Bars,
use the –supp parameter or answer "No" at the first message box.
–––––––––– (total run time: 100 seconds, including 3 seconds for message boxes)
LOG Z SILENT RUNNERS:
"Silent Runners.vbs", revision 41, http://www.silentrunners.org/
Operating System: Windows XP
Output limited to non–default values, except where indicated by "{++}"
Startup items buried in registry:
–––––––––––––––––––––––––––––––––
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"CTFMON.EXE" = "D:\WINDOWS\System32\ctfmon.exe" [MS]
"MSMSGS" = ""D:\Program Files\Messenger\msmsgs.exe" /background" [MS]
"Gadu–Gadu" = ""D:\Program Files\Gadu–Gadu\gg.exe" /tray" ["Gadu–Gadu Sp. z oo"]
"CU1" = "D:\Program Files\Common Files\VCClient\VCClient.exe" [null data]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"ccApp" = ""D:\Program Files\Common Files\Symantec Shared\ccApp.exe"" ["Symantec Corporation"]
"ccRegVfy" = ""D:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"" ["Symantec Corporation"]
"Symantec NetDriver Monitor" = "D:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer" ["Symantec Corporation"]
"NvCplDaemon" = "RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup" [MS]
"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]
"NvMediaCenter" = "RUNDLL32.EXE D:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit" [MS]
"SunJavaUpdateSched" = "D:\Program Files\Java\jre1.5.0_05\bin\jusched.exe" ["Sun Microsystems, Inc."]
"SSC_UserPrompt" = "D:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe" ["Symantec Corporation"]
"HPDJ Taskbar Utility" = "D:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe" ["HP"]
"NeroFilterCheck" = "D:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]
"QuickTime Task" = ""D:\Program Files\QuickTime\qttask.exe" –atboottime" ["Apple Computer, Inc."]
"iTunesHelper" = ""D:\Program Files\iTunes\iTunesHelper.exe"" ["Apple Computer, Inc."]
"DAEMON Tools–1033" = ""D:\Program Files\D–Tools\daemon.exe" –lang 1033" ["DAEMON'S HOME"]
"RemoteControl" = ""D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"" ["Cyberlink Corp."]
"WinampAgent" = "D:\Program Files\Winamp\winampa.exe" [null data]
"Zone Labs Client" = "D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" ["Zone Labs, LLC"]
"THGuard" = ""D:\Program Files\TrojanHunter 4.2\THGuard.exe"" ["Mischel Internet Security"]
HKLM\Software\Microsoft\Active Setup\Installed Components\
{306D6C21–C1B6–4629–986C–E59E1875B8AF}\(Default) = (no title provided)
\StubPath = ""D:\WINDOWS\System32\rundll32.exe" "D:\Program Files\Messenger\msgsc.dll",ShowIconsUser" [MS]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{88895560–9AA2–1069–930E–00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"
–> {CLSID}\InProcServer32\(Default) = "D:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{B41DB860–8EE4–11D2–9906–E49FADC173CA}" = "WinRAR shell extension"
–> {CLSID}\InProcServer32\(Default) = "D:\Program Files\WinRAR\rarext.dll" [null data]
"{32020A01–506E–484D–A2A8–BE3CF17601C3}" = "AlcoholShellEx"
–> {CLSID}\InProcServer32\(Default) = "D:\PROGRA~1\ALCOHO~1\ALCOHO~1\AXShlEx.dll" ["Alcohol Soft Development Team"]
"{A70C977A–BF00–412C–90B7–034C51DA2439}" = "NvCpl DesktopContext Class"
–> {CLSID}\InProcServer32\(Default) = "D:\WINDOWS\System32\nvcpl.dll" ["NVIDIA Corporation"]
"{FFB699E0–306A–11d3–8BD1–00104B6F7516}" = "Play on my TV helper"
–> {CLSID}\InProcServer32\(Default) = "D:\WINDOWS\System32\nvcpl.dll" ["NVIDIA Corporation"]
"{1CDB2949–8F65–4355–8456–263E7C208A5D}" = "Desktop Explorer"
–> {CLSID}\InProcServer32\(Default) = "D:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB–F9E5–4718–997B–B8DA88302A47}" = "Desktop Explorer Menu"
–> {CLSID}\InProcServer32\(Default) = "D:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB–F9E5–4718–997B–B8DA88302A48}" = "nView Desktop Context Menu"
–> {CLSID}\InProcServer32\(Default) = "D:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{00020D75–0000–0000–C000–000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"
–> {CLSID}\InProcServer32\(Default) = "D:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL" [MS]
"{0006F045–0000–0000–C000–000000000046}" = "Microsoft Office Outlook Custom Icon Handler"
–> {CLSID}\InProcServer32\(Default) = "D:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL" [MS]
"{42042206–2D85–11D3–8CFF–005004838597}" = "Microsoft Office HTML Icon Handler"
–> {CLSID}\InProcServer32\(Default) = "D:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS]
"{B9E1D2CB–CCFF–4AA6–9579–D7A4754030EF}" = "iTunes"
–> {CLSID}\InProcServer32\(Default) = "D:\Program Files\iTunes\iTunesMiniPlayer.dll" ["Apple Computer, Inc."]
"{BA11E569–9AA7–40C8–B612–91D7145D1ACA}" = (no title provided)
–> {CLSID}\InProcServer32\(Default) = "D:\WINDOWS\system32\szorprop.dll" [file not found]
"{03AC2F2D–EA58–4EC6–930A–BF8A8DF1B125}" = (no title provided)
–> {CLSID}\InProcServer32\(Default) = "D:\WINDOWS\system32\xqnroll.dll" [null data]
"{39A5C45F–E215–49AE–88F4–748AA007C91E}" = (no title provided)
–> {CLSID}\InProcServer32\(Default) = "D:\WINDOWS\system32\ciypt32.dll" [null data]
"{EBDF1F20–C829–11D1–8233–FF20AF3E97A9}" = "TrojanHunter Menu Shell Extension"
–> {CLSID}\InProcServer32\(Default) = "D:\PROGRA~1\TROJAN~1.2\contmenu.dll" [null data]
"{6295AA11–BAAB–4714–B696–468DC5276DDF}" = (no title provided)
–> {CLSID}\InProcServer32\(Default) = "D:\WINDOWS\system32\gsmf32.dll" [null data]
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
INFECTION WARNING! msctl32.dll\DLLName = "D:\WINDOWS\System32\msctl32.dll" [null data]
INFECTION WARNING! WindowsUpdate\DLLName = "D:\WINDOWS\system32\lvpm0971e.dll" [null data]
HKLM\Software\Classes\PROTOCOLS\Filter\
INFECTION WARNING! text/xml\CLSID = "{807553E5–5146–11D5–A672–00B0D022E945}"
–> {CLSID}\InProcServer32\(Default) = "D:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]
HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
ggqmyqgg\(Default) = "{e0d68d54–adf9–4042–8794–6d30463ed7ab}"
–> {CLSID}\InProcServer32\(Default) = "D:\WINDOWS\System32\gglkm.dll" [file not found]
Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{5345A4D5–41EB–4A2F–9616–CE1D4F6C35B2}"
–> {CLSID}\InProcServer32\(Default) = "D:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]
TrojanHunter\(Default) = "{EBDF1F20–C829–11D1–8233–FF20AF3E97A9}"
–> {CLSID}\InProcServer32\(Default) = "D:\PROGRA~1\TROJAN~1.2\contmenu.dll" [null data]
WinRAR\(Default) = "{B41DB860–8EE4–11D2–9906–E49FADC173CA}"
–> {CLSID}\InProcServer32\(Default) = "D:\Program Files\WinRAR\rarext.dll" [null data]
HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
TrojanHunter\(Default) = "{EBDF1F20–C829–11D1–8233–FF20AF3E97A9}"
–> {CLSID}\InProcServer32\(Default) = "D:\PROGRA~1\TROJAN~1.2\contmenu.dll" [null data]
WinRAR\(Default) = "{B41DB860–8EE4–11D2–9906–E49FADC173CA}"
–> {CLSID}\InProcServer32\(Default) = "D:\Program Files\WinRAR\rarext.dll" [null data]
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{5345A4D5–41EB–4A2F–9616–CE1D4F6C35B2}"
–> {CLSID}\InProcServer32\(Default) = "D:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]
TrojanHunter\(Default) = "{EBDF1F20–C829–11D1–8233–FF20AF3E97A9}"
–> {CLSID}\InProcServer32\(Default) = "D:\PROGRA~1\TROJAN~1.2\contmenu.dll" [null data]
WinRAR\(Default) = "{B41DB860–8EE4–11D2–9906–E49FADC173CA}"
–> {CLSID}\InProcServer32\(Default) = "D:\Program Files\WinRAR\rarext.dll" [null data]
Active Desktop and Wallpaper:
–––––––––––––––––––––––––––––
Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
HKCU\Control Panel\Desktop\
"Wallpaper" = "D:\WINDOWS\Web\Wallpaper\Idylla.bmp"
Enabled Screen Saver:
–––––––––––––––––––––
HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "D:\WINDOWS\System32\logon.scr" [MS]
Startup items in "Bartek" & "All Users" startup folders:
––––––––––––––––––––––––––––––––––––––––––––––––––––––––
D:\Documents and Settings\All Users\Menu Start\Programy\Autostart
"Adobe Reader Speed Launch" –> shortcut to: "D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe" ["Adobe Systems Incorporated"]
Enabled Scheduled Tasks:
––––––––––––––––––––––––
"Symantec NetDetect" –> launches: "D:\Program Files\Symantec\LiveUpdate\NDETECT.EXE" ["Symantec Corporation"]
Winsock2 Service Provider DLLs:
–––––––––––––––––––––––––––––––
Namespace Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
Transport Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 – 03, 06 – 11
%SystemRoot%\system32\rsvpsp.dll [MS], 04 – 05
Toolbars, Explorer Bars, Extensions:
––––––––––––––––––––––––––––––––––––
Toolbars
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{42CDD1BF–3FFB–4238–8AD1–7859DF00B1D6}" = "Norton AntiVirus" [from CLSID]
–> {CLSID}\InProcServer32\(Default) = "D:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]
HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{42CDD1BF–3FFB–4238–8AD1–7859DF00B1D6}" = "Norton AntiVirus"
–> {CLSID}\InProcServer32\(Default) = "D:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]
Extensions (Tools menu items, main toolbar menu buttons)
HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0–4FCB–11CF–AAA5–00401C608501}\
"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{CAFEEFAC–0015–0000–0005–ABCDEFFEDCBC}"
–> {CLSID}\InProcServer32\(Default) = "D:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll" ["Sun Microsystems, Inc."]
{85D1F590–48F4–11D9–9669–0800200C9A66}\
"MenuText" = "Uninstall BitDefender Online Scanner v8"
"Exec" = "%windir%\bdoscandel.exe" [null data]
{92780B25–18CC–41C8–B9BE–3C9C571A8263}\
"ButtonText" = "Badanie"
Running Services (Display Name, Service Name, Path {Service DLL}):
––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––
iPod Service, iPodService, "D:\Program Files\iPod\bin\iPodService.exe" ["Apple Computer, Inc."]
Machine Debug Manager, MDM, ""D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE"" [MS]
NVIDIA Display Driver Service, NVSvc, "D:\WINDOWS\System32\nvsvc32.exe" ["NVIDIA Corporation"]
Symantec Event Manager, ccEvtMgr, ""D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"" ["Symantec Corporation"]
TrueVector Internet Monitor, vsmon, "D:\WINDOWS\system32\ZoneLabs\vsmon.exe –service" ["Zone Labs, LLC"]
Print Monitors:
–––––––––––––––
HKLM\System\CurrentControlSet\Control\Print\Monitors\
hpzlnt05\Driver = "hpzlnt05.dll" ["HP"]
Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS]
––––––––––
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the –all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points and all Registry CLSIDs for dormant Explorer Bars,
use the –supp parameter or answer "No" at the first message box.
–––––––––– (total run time: 100 seconds, including 3 seconds for message boxes)
Wyłacz przywracanie i pozbądź się:
Gbyby sie nie pprawiło zrób log z Silent Runners.
O4 – HKLM\..\Run: [winsync] D:\WINDOWS\System32\yykpak.exe reg_run
O4 – HKCU\..\Run: [CU1] D:\Program Files\Common Files\VCClient\VCClient.exe
O4 – HKCU\..\Run: [CU2] D:\Program Files\Common Files\VCClient\VCMain.exe
O4 – HKCU\..\Run: [wffk] C:\stub_113_4_0_4_0.exe
O9 – Extra button: Related – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – D:\WINDOWS\web\related.htm
O9 – Extra 'Tools' menuitem: Show &Related Links – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – D:\WINDOWS\web\related.htm
O20 – Winlogon Notify: msctl32.dll – D:\WINDOWS\System32\msctl32.dll
O20 – Winlogon Notify: Setup – D:\WINDOWS\system32\wsnsrv.dll
Gbyby sie nie pprawiło zrób log z Silent Runners.
kurcze no ze 3 razy przelecialem tego loga i zadnego juz nasty czy innego badziewia nie ma........;/
a czy to mozlive ze w plikach norton antivirus 2003
mogly sie schowac wirusy??
a czy to mozlive ze w plikach norton antivirus 2003
mogly sie schowac wirusy??
Nie no nic się chyba nie zmieniło ...
Skorzystaj z tej przyklejonej instrukcji do sprawdzania autorstwa EL NINO i przeczyść tego loga. Jak coś będzie powracało to pisz.
Skorzystaj z tej przyklejonej instrukcji do sprawdzania autorstwa EL NINO i przeczyść tego loga. Jak coś będzie powracało to pisz.
nie wiele sie tu zmienilo.........:/
Logfile of HijackThis v1.99.1
Scan saved at 12:47:42, on 2005–12–22
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\rundll32.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
D:\PROGRA~1\NORTON~1\NORTON~2\GHOSTS~2.EXE
D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
D:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
D:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
D:\WINDOWS\System32\nvsvc32.exe
D:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
D:\WINDOWS\system32\ZoneLabs\vsmon.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Common Files\Symantec Shared\ccApp.exe
D:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
D:\WINDOWS\System32\RUNDLL32.EXE
D:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
D:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
D:\Program Files\QuickTime\qttask.exe
D:\Program Files\iTunes\iTunesHelper.exe
D:\Program Files\D–Tools\daemon.exe
D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
D:\Program Files\Winamp\winampa.exe
D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
D:\WINDOWS\System32\ctfmon.exe
D:\Program Files\Messenger\msmsgs.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\WINDOWS\System32\wuauclt.exe
D:\Program Files\Gadu–Gadu\gg.exe
D:\Program Files\Winamp\winamp.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Documents and Settings\Bartek\Pulpit\Nowy folder\HijackThis.exe
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – D:\WINDOWS\System32\msdxm.ocx
O3 – Toolbar: Norton AntiVirus – {42CDD1BF–3FFB–4238–8AD1–7859DF00B1D6} – D:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 – HKLM\..\Run: [ccApp] "D:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 – HKLM\..\Run: [ccRegVfy] "D:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 – HKLM\..\Run: [GhostStartTrayApp] D:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
O4 – HKLM\..\Run: [Symantec NetDriver Monitor] D:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 – HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 – HKLM\..\Run: [nwiz] nwiz.exe /install
O4 – HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 – HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 – HKLM\..\Run: [SSC_UserPrompt] D:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 – HKLM\..\Run: [HPDJ Taskbar Utility] D:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 – HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 – HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" –atboottime
O4 – HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 – HKLM\..\Run: [DAEMON Tools–1033] "D:\Program Files\D–Tools\daemon.exe" –lang 1033
O4 – HKLM\..\Run: [RemoteControl] "D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 – HKLM\..\Run: [WinampAgent] D:\Program Files\Winamp\winampa.exe
O4 – HKLM\..\Run: [Zone Labs Client] D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 – HKLM\..\Run: [winsync] D:\WINDOWS\System32\yykpak.exe reg_run
O4 – HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\ctfmon.exe
O4 – HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
O4 – HKCU\..\Run: [Gadu–Gadu] "D:\Program Files\Gadu–Gadu\gg.exe" /tray
O4 – HKCU\..\Run: [CU1] D:\Program Files\Common Files\VCClient\VCClient.exe
O4 – HKCU\..\Run: [CU2] D:\Program Files\Common Files\VCClient\VCMain.exe
O4 – HKCU\..\Run: [wffk] C:\stub_113_4_0_4_0.exe
O4 – Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 – Extra context menu item: E&ksport do programu Microsoft Excel – res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – D:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 – Extra 'Tools' menuitem: Sun Java Console – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – D:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 – Extra button: Badanie – {92780B25–18CC–41C8–B9BE–3C9C571A8263} – D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 – Extra button: Related – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – D:\WINDOWS\web\related.htm
O9 – Extra 'Tools' menuitem: Show &Related Links – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – D:\WINDOWS\web\related.htm
O20 – Winlogon Notify: msctl32.dll – D:\WINDOWS\System32\msctl32.dll
O20 – Winlogon Notify: Setup – D:\WINDOWS\system32\wsnsrv.dll
O23 – Service: Symantec Event Manager (ccEvtMgr) – Symantec Corporation – D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 – Service: Symantec Password Validation Service (ccPwdSvc) – Symantec Corporation – D:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 – Service: GhostStartService – Symantec Corporation – D:\PROGRA~1\NORTON~1\NORTON~2\GHOSTS~2.EXE
O23 – Service: iPod Service (iPodService) – Apple Computer, Inc. – D:\Program Files\iPod\bin\iPodService.exe
O23 – Service: Usługa Auto–Protect w programie Norton AntiVirus (navapsvc) – Symantec Corporation – D:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 – Service: Norton Unerase Protection (NProtectService) – Symantec Corporation – D:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 – Service: NVIDIA Display Driver Service (NVSvc) – NVIDIA Corporation – D:\WINDOWS\System32\nvsvc32.exe
O23 – Service: ScriptBlocking Service (SBService) – Symantec Corporation – D:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 – Service: Symantec Network Drivers Service (SNDSrvc) – Symantec Corporation – D:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 – Service: Speed Disk service – Symantec Corporation – D:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
O23 – Service: SymWMI Service (SymWSC) – Symantec Corporation – D:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 – Service: TrueVector Internet Monitor (vsmon) – Zone Labs, LLC – D:\WINDOWS\system32\ZoneLabs\vsmon.exe
Logfile of HijackThis v1.99.1
Scan saved at 12:47:42, on 2005–12–22
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\rundll32.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
D:\PROGRA~1\NORTON~1\NORTON~2\GHOSTS~2.EXE
D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
D:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
D:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
D:\WINDOWS\System32\nvsvc32.exe
D:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
D:\WINDOWS\system32\ZoneLabs\vsmon.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Common Files\Symantec Shared\ccApp.exe
D:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
D:\WINDOWS\System32\RUNDLL32.EXE
D:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
D:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
D:\Program Files\QuickTime\qttask.exe
D:\Program Files\iTunes\iTunesHelper.exe
D:\Program Files\D–Tools\daemon.exe
D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
D:\Program Files\Winamp\winampa.exe
D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
D:\WINDOWS\System32\ctfmon.exe
D:\Program Files\Messenger\msmsgs.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\WINDOWS\System32\wuauclt.exe
D:\Program Files\Gadu–Gadu\gg.exe
D:\Program Files\Winamp\winamp.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Documents and Settings\Bartek\Pulpit\Nowy folder\HijackThis.exe
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – D:\WINDOWS\System32\msdxm.ocx
O3 – Toolbar: Norton AntiVirus – {42CDD1BF–3FFB–4238–8AD1–7859DF00B1D6} – D:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 – HKLM\..\Run: [ccApp] "D:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 – HKLM\..\Run: [ccRegVfy] "D:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 – HKLM\..\Run: [GhostStartTrayApp] D:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
O4 – HKLM\..\Run: [Symantec NetDriver Monitor] D:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 – HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 – HKLM\..\Run: [nwiz] nwiz.exe /install
O4 – HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 – HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 – HKLM\..\Run: [SSC_UserPrompt] D:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 – HKLM\..\Run: [HPDJ Taskbar Utility] D:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 – HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 – HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" –atboottime
O4 – HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 – HKLM\..\Run: [DAEMON Tools–1033] "D:\Program Files\D–Tools\daemon.exe" –lang 1033
O4 – HKLM\..\Run: [RemoteControl] "D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 – HKLM\..\Run: [WinampAgent] D:\Program Files\Winamp\winampa.exe
O4 – HKLM\..\Run: [Zone Labs Client] D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 – HKLM\..\Run: [winsync] D:\WINDOWS\System32\yykpak.exe reg_run
O4 – HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\ctfmon.exe
O4 – HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
O4 – HKCU\..\Run: [Gadu–Gadu] "D:\Program Files\Gadu–Gadu\gg.exe" /tray
O4 – HKCU\..\Run: [CU1] D:\Program Files\Common Files\VCClient\VCClient.exe
O4 – HKCU\..\Run: [CU2] D:\Program Files\Common Files\VCClient\VCMain.exe
O4 – HKCU\..\Run: [wffk] C:\stub_113_4_0_4_0.exe
O4 – Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 – Extra context menu item: E&ksport do programu Microsoft Excel – res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – D:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 – Extra 'Tools' menuitem: Sun Java Console – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – D:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 – Extra button: Badanie – {92780B25–18CC–41C8–B9BE–3C9C571A8263} – D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 – Extra button: Related – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – D:\WINDOWS\web\related.htm
O9 – Extra 'Tools' menuitem: Show &Related Links – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – D:\WINDOWS\web\related.htm
O20 – Winlogon Notify: msctl32.dll – D:\WINDOWS\System32\msctl32.dll
O20 – Winlogon Notify: Setup – D:\WINDOWS\system32\wsnsrv.dll
O23 – Service: Symantec Event Manager (ccEvtMgr) – Symantec Corporation – D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 – Service: Symantec Password Validation Service (ccPwdSvc) – Symantec Corporation – D:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 – Service: GhostStartService – Symantec Corporation – D:\PROGRA~1\NORTON~1\NORTON~2\GHOSTS~2.EXE
O23 – Service: iPod Service (iPodService) – Apple Computer, Inc. – D:\Program Files\iPod\bin\iPodService.exe
O23 – Service: Usługa Auto–Protect w programie Norton AntiVirus (navapsvc) – Symantec Corporation – D:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 – Service: Norton Unerase Protection (NProtectService) – Symantec Corporation – D:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 – Service: NVIDIA Display Driver Service (NVSvc) – NVIDIA Corporation – D:\WINDOWS\System32\nvsvc32.exe
O23 – Service: ScriptBlocking Service (SBService) – Symantec Corporation – D:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 – Service: Symantec Network Drivers Service (SNDSrvc) – Symantec Corporation – D:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 – Service: Speed Disk service – Symantec Corporation – D:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
O23 – Service: SymWMI Service (SymWSC) – Symantec Corporation – D:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 – Service: TrueVector Internet Monitor (vsmon) – Zone Labs, LLC – D:\WINDOWS\system32\ZoneLabs\vsmon.exe
To nowego loga wrzuć po tym jak przeczyściłeś.
tak patrzylem i zrobilem jak tam pisze usunolem wszystkie nasty ale i tak mi sie pojawiaja te strony
PS.tej tapety juz nie mam
PS.tej tapety juz nie mam
a zajrzałeś chociaź na chwilke do przyklejonych tematów ? wydaje mnie się źe coś tam by się znalazło, chyba źe mnie źle monitor wyświetla.
Strona 1 / 1