Kinia
(Mlaura)
19 Styczeń 2006 13:26
#1
Problem polega na tym, że Norton wykrywa mi Trojana “browsela.dll”, którego nie mogę w żaden sposób usunąć. Czy istnieje jakiś sposób??? Z góry dziękuję za wsparcie.
Oto log:
Logfile of HijackThis v1.99.1
Scan saved at 14:25:56, on 2006-01-19
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
F:\WINNT\System32\smss.exe
F:\WINNT\system32\csrss.exe
F:\WINNT\system32\winlogon.exe
F:\WINNT\system32\services.exe
F:\WINNT\system32\lsass.exe
F:\WINNT\system32\svchost.exe
F:\WINNT\system32\spoolsv.exe
F:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
F:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
F:\WINNT\System32\svchost.exe
F:\WINNT\system32\hidserv.exe
F:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
F:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
F:\WINNT\system32\regsvc.exe
F:\WINNT\system32\MSTask.exe
F:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
F:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
F:\WINNT\System32\WBEM\WinMgmt.exe
F:\WINNT\system32\svchost.exe
F:\WINNT\Explorer.EXE
F:\Program Files\Common Files\Symantec Shared\SymTray.exe
F:\Program Files\Common Files\Symantec Shared\ccApp.exe
F:\Program Files\QuickTime\qttask.exe
F:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
F:\WINNT\system32\internat.exe
F:\Program Files\Gadu-Gadu\gg.exe
F:\WINNT\system32\wuauclt.exe
F:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
F:\Program Files\Sony\Projector\Projector Station for Air Shot\PjstnAS.exe
F:\Program Files\Outlook Express\msimn.exe
F:\WINNT\system32\wisptis.exe
F:\Program Files\Microsoft Office\Office\EXCEL.EXE
F:\WINNT\msagent\AgentSvr.exe
F:\Program Files\Pakiet firmy InsERT\System\Centrala.exe
F:\Program Files\Internet Explorer\IEXPLORE.EXE
F:\Program Files\Adobe\Acrobat 6.0\Acrobat\Acrobat.exe
F:\Program Files\Internet Explorer\IEXPLORE.EXE
F:\Program Files\WinRAR\WinRAR.exe
F:\DOCUME~1\ADMINI~1\USTAWI~1\Temp\Rar$EX00.709\HijackThis.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - F:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - F:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O2 - BHO: IEPlugin Class - {CF7C3CF0-4B15-11D1-ABED-709549C10000} - F:\Program Files\Advanced System Optimizer\IEHelper.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - F:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: F:\WINNT\adsldpbf.dll - {EEE7178C-BBC3-4153-9DDE-CD0E9AB1B5B6} - F:\WINNT\adsldpbf.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - F:\WINNT\system32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - F:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - F:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - F:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [ccApp] "F:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "F:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [SymTray - Norton SystemWorks] F:\Program Files\Common Files\Symantec Shared\Symtray.exe SetReg
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] F:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SSC_UserPrompt] F:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SpySweeper] "F:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "F:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - Global Startup: E_SPSU01.lnk = F:\WINNT\system32\spool\drivers\w32x86\3\E_SPSU01.EXE
O4 - Global Startup: Microsoft Office.lnk = F:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Acrobat Assistant.lnk = F:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: PS for Air Shot.lnk = F:\Program Files\Sony\Projector\Projector Station for Air Shot\PjstnAS.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - F:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - F:\WINNT\web\related.htm
O15 - Trusted Zone: http://www.mks.com.pl
O15 - Trusted Zone: *.techdata.com
O15 - Trusted Zone: *.techdata.pl
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://www.modgik.lodz.pl/Mapa/mgaxctrl.cab
O16 - DPF: {92ECE6FA-AC2E-4042-BFAE-0C8608E52A43} (SignActivX Control) - https://www.bph.pl/pi/components/SignActivX.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A957CB75-EB22-408A-B718-58F390AF7C53} (obl_cli.obl_cli) - https://sklep.elraty.pl/skk.cab
O16 - DPF: {BFA1F11D-3121-AFE1-4112-894323212DAC} (GameDesire Word Games) - http://67.15.101.3/g_bin/pl/words_2_0_0_38.cab
O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab
O20 - Winlogon Notify: browsela - F:\WINNT\system32\browsela.dll
O23 - Service: Adobe LM Service - Adobe Systems - F:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Usługa administracyjna Menedżera dysków logicznych (dmadmin) - VERITAS Software Corp. - F:\WINNT\System32\dmadmin.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - F:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Usługa Auto-Protect w programie Norton AntiVirus (navapsvc) - Symantec Corporation - F:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - F:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - F:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - F:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - F:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
kacz2n
(Kacz2n)
19 Styczeń 2006 14:57
#2
Ściągasz Pocket Kilbox . W ścieżkę wklejasz F:\WINNT\system32\browsela.dll .
Zaznaczasz Delete on reboot i naciskasz czerwony krzyżyk. Program poprosi o reset kompa, więc resetujesz potem wklej log.
Kinia
(Mlaura)
19 Styczeń 2006 16:16
#3
Zrobiłam tak jak napisałeś, ale program nie poprosił o restart kompa. Sama go zrestartowałam.
Przesyłam aktualny log.
Prosze o ponowną weryfikację. Czy pozbyłam się “browsela.dll”???
Logfile of HijackThis v1.99.1
Scan saved at 17:16:01, on 2006-01-19
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
F:\WINNT\System32\smss.exe
F:\WINNT\system32\csrss.exe
F:\WINNT\system32\winlogon.exe
F:\WINNT\system32\services.exe
F:\WINNT\system32\lsass.exe
F:\WINNT\system32\svchost.exe
F:\WINNT\system32\spoolsv.exe
F:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
F:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
F:\WINNT\System32\svchost.exe
F:\WINNT\system32\hidserv.exe
F:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
F:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
F:\WINNT\system32\regsvc.exe
F:\WINNT\system32\MSTask.exe
F:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
F:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
F:\WINNT\System32\WBEM\WinMgmt.exe
F:\WINNT\system32\svchost.exe
F:\WINNT\Explorer.EXE
F:\Program Files\Common Files\Symantec Shared\ccApp.exe
F:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
F:\Program Files\QuickTime\qttask.exe
F:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
F:\WINNT\system32\internat.exe
F:\Program Files\Gadu-Gadu\gg.exe
F:\WINNT\system32\wuauclt.exe
F:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
F:\Program Files\Sony\Projector\Projector Station for Air Shot\PjstnAS.exe
F:\Program Files\Symantec\LiveUpdate\AUpdate.exe
F:\Program Files\WinRAR\WinRAR.exe
F:\DOCUME~1\ADMINI~1\USTAWI~1\Temp\Rar$EX00.097\HijackThis.exe
F:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - F:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - F:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O2 - BHO: IEPlugin Class - {CF7C3CF0-4B15-11D1-ABED-709549C10000} - F:\Program Files\Advanced System Optimizer\IEHelper.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - F:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: F:\WINNT\adsldpbf.dll - {EEE7178C-BBC3-4153-9DDE-CD0E9AB1B5B6} - F:\WINNT\adsldpbf.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - F:\WINNT\system32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - F:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - F:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - F:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [ccApp] "F:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "F:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [SymTray - Norton SystemWorks] F:\Program Files\Common Files\Symantec Shared\Symtray.exe SetReg
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] F:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SSC_UserPrompt] F:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SpySweeper] "F:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\RunOnce: [SymTray - Norton SystemWorks] F:\Program Files\Common Files\Symantec Shared\Symtrdr.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "F:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - Global Startup: E_SPSU01.lnk = F:\WINNT\system32\spool\drivers\w32x86\3\E_SPSU01.EXE
O4 - Global Startup: Microsoft Office.lnk = F:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Acrobat Assistant.lnk = F:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: PS for Air Shot.lnk = F:\Program Files\Sony\Projector\Projector Station for Air Shot\PjstnAS.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - F:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - F:\WINNT\web\related.htm
O15 - Trusted Zone: http://www.mks.com.pl
O15 - Trusted Zone: *.techdata.com
O15 - Trusted Zone: *.techdata.pl
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://www.modgik.lodz.pl/Mapa/mgaxctrl.cab
O16 - DPF: {92ECE6FA-AC2E-4042-BFAE-0C8608E52A43} (SignActivX Control) - https://www.bph.pl/pi/components/SignActivX.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A957CB75-EB22-408A-B718-58F390AF7C53} (obl_cli.obl_cli) - https://sklep.elraty.pl/skk.cab
O16 - DPF: {BFA1F11D-3121-AFE1-4112-894323212DAC} (GameDesire Word Games) - http://67.15.101.3/g_bin/pl/words_2_0_0_38.cab
O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab
O20 - Winlogon Notify: browsela - F:\WINNT\system32\browsela.dll
O23 - Service: Adobe LM Service - Adobe Systems - F:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Usługa administracyjna Menedżera dysków logicznych (dmadmin) - VERITAS Software Corp. - F:\WINNT\System32\dmadmin.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - F:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Usługa Auto-Protect w programie Norton AntiVirus (navapsvc) - Symantec Corporation - F:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - F:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - F:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - F:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - F:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
kuz5
(Kuz5)
19 Styczeń 2006 16:42
#4
kacz2n czemu nie sprawdziłes całego loga :?
Nie
Usuń: (wszystko oczywiście robisz w trybie awaryjnym z wyłączonym przywracaniem systemu)
Pliki na czerwono usun ręcznie z dysku
Użyj KillTrusted 0.7
Wklej loga SilentRunners
Kinia
(Mlaura)
19 Styczeń 2006 17:14
#5
Jak przejść na tryb awaryjny z wyłączonym przywracaniem systemu ???
Kiedy użyć KillTrusted 0.7???
kuz5
(Kuz5)
19 Styczeń 2006 22:49
#6
Mozesz w trybie normalnym
Wyłaczasz przywracanie systemu:
PPM=>Mój komputer=>Właściwości=>Przywracanie systemu=>“Wyłącz przywracanie systemu”
Nastepnie restartujesz kompa i przy jego rozruchu klikasz F8 , z listy wybierasz tryb awaryjny i do dzieła
Kinia
(Mlaura)
20 Styczeń 2006 11:16
#7
Funkcji przywracania systemu w ogóle nie znalazłam ( a szukałam naprawdę wszędzie ), więc nie mogłam wyłączyć przywracania systemu. Pomimo to spróbowałam w trybie awaryjnym usunąć plik:
adsldpbf.dll - nie znalazłam tego pliku
browsela.dll - nie można go usunąć , bo jest uzywany przez system .
I co mam teraz począć ???
Mój problem nadal istnieje
Bardzo prosze o pomoc :lol:
kuz5
(Kuz5)
20 Styczeń 2006 15:44
#8
Sorki moja wina, myslałem że masz win xp
Wklej loga SilentRunners
Kinia
(Mlaura)
23 Styczeń 2006 14:42
#9
Mam nadzieję, że dobrze wkleiłam log.
"Silent Runners.vbs", revision 43, http://www.silentrunners.org/
Operating System: Windows 2000
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"internat.exe" = "internat.exe" [MS]
"Gadu-Gadu" = ""F:\Program Files\Gadu-Gadu\gg.exe" /tray" ["sms-express.com"]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"Synchronization Manager" = "mobsync.exe /logon" [MS]
"ccApp" = ""F:\Program Files\Common Files\Symantec Shared\ccApp.exe"" ["Symantec Corporation"]
"ccRegVfy" = ""F:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"" ["Symantec Corporation"]
"SymTray - Norton SystemWorks" = "F:\Program Files\Common Files\Symantec Shared\Symtray.exe SetReg" ["Symantec Corporation"]
"Symantec NetDriver Monitor" = "F:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer" ["Symantec Corporation"]
"SSC_UserPrompt" = "F:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe" ["Symantec Corporation"]
"QuickTime Task" = ""F:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]
"SpySweeper" = ""F:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray" ["Webroot Software, Inc."]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = "AcroIEHlprObj Class" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "F:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
-> {CLSID}\InProcServer32\(Default) = "F:\Program Files\Spybot - Search & Destroy\SDHelper.dll" ["Safer Networking Limited"]
{AE7CD045-E861-484f-8273-0445EE161910}\(Default) = "AcroIEToolbarHelper Class" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "F:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll" [null data]
{BDF3E430-B101-42AD-A544-FADC6B084872}\(Default) = "NAV Helper"
-> {CLSID}\InProcServer32\(Default) = "F:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]
{CF7C3CF0-4B15-11D1-ABED-709549C10000}\(Default) = "IEPlugin Class" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "F:\Program Files\Advanced System Optimizer\IEHelper.dll" ["Systweak Inc"]
{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}\(Default) = "EpsonToolBandKicker Class" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "F:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll" ["SEIKO EPSON CORPORATION"]
{EEE7178C-BBC3-4153-9DDE-CD0E9AB1B5B6}\(Default) = "F:\WINNT\adsldpbf.dll" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "F:\WINNT\adsldpbf.dll" [file not found]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"
-> {CLSID}\InProcServer32\(Default) = "F:\WINNT\System32\hticons.dll" ["Hilgraeve, Inc."]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"
-> {CLSID}\InProcServer32\(Default) = "F:\PROGRA~1\MICROS~2\Office\OLKFSTUB.DLL" [MS]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {CLSID}\InProcServer32\(Default) = "F:\Program Files\WinRAR\rarext.dll" [null data]
"{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802}" = "Adobe.Acrobat.ContextMenu"
-> {CLSID}\InProcServer32\(Default) = "F:\Program Files\Adobe\Acrobat 6.0\Acrobat Elements\ContextMenu.dll" ["Adobe Systems Inc."]
"{7C9D5882-CB4A-4090-96C8-430BFE8B795B}" = "Webroot Spy Sweeper Context Menu Integration"
-> {CLSID}\InProcServer32\(Default) = "F:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll" ["Webroot Software, Inc."]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\
INFECTION WARNING! "{31EE3286-D785-4E3F-95FC-51D00FDABC01}" = "Master Browseui"
-> {CLSID}\InProcServer32\(Default) = "F:\WINNT\system32\browsela.dll" [null data]
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
INFECTION WARNING! browsela\DLLName = "F:\WINNT\system32\browsela.dll" [null data]
HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
Adobe.Acrobat.ContextMenu\(Default) = "{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802}"
-> {CLSID}\InProcServer32\(Default) = "F:\Program Files\Adobe\Acrobat 6.0\Acrobat Elements\ContextMenu.dll" ["Adobe Systems Inc."]
FileEncrypt\(Default) = "{90A07ACC-0331-4aee-9AAD-A854A9C37667}"
-> {CLSID}\InProcServer32\(Default) = "F:\Program Files\Advanced System Optimizer\ShellExt.dll" ["Systweak Inc"]
Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}"
-> {CLSID}\InProcServer32\(Default) = "F:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {CLSID}\InProcServer32\(Default) = "F:\Program Files\WinRAR\rarext.dll" [null data]
HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
FileEncrypt\(Default) = "{90A07ACC-0331-4aee-9AAD-A854A9C37667}"
-> {CLSID}\InProcServer32\(Default) = "F:\Program Files\Advanced System Optimizer\ShellExt.dll" ["Systweak Inc"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {CLSID}\InProcServer32\(Default) = "F:\Program Files\WinRAR\rarext.dll" [null data]
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
SpySweeper\(Default) = "{7C9D5882-CB4A-4090-96C8-430BFE8B795B}"
-> {CLSID}\InProcServer32\(Default) = "F:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll" ["Webroot Software, Inc."]
Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}"
-> {CLSID}\InProcServer32\(Default) = "F:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {CLSID}\InProcServer32\(Default) = "F:\Program Files\WinRAR\rarext.dll" [null data]
Active Desktop and Wallpaper:
-----------------------------
Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
DESKTOP.INI DLL launch in local fixed drive directories:
--------------------------------------------------------
C:\Documents and Settings\CEZARY SLAWECKI\Ustawienia lokalne\Historia\DESKTOP.INI -- cannot be opened!
C:\Documents and Settings\CEZARY SLAWECKI\Ustawienia lokalne\Historia\History.IE5\DESKTOP.INI -- cannot be opened!
C:\Documents and Settings\CEZARY SLAWECKI\Ustawienia lokalne\Temp\Historia\History.IE5\DESKTOP.INI -- cannot be opened!
C:\Documents and Settings\CEZARY SLAWECKI\Ustawienia lokalne\Temp\Temporary Internet Files\Content.IE5\DESKTOP.INI -- cannot be opened!
C:\Documents and Settings\CEZARY SLAWECKI\Ustawienia lokalne\Temp\Temporary Internet Files\Content.IE5\KJCN61OB\DESKTOP.INI -- cannot be opened!
C:\Documents and Settings\CEZARY SLAWECKI\Ustawienia lokalne\Temp\Temporary Internet Files\Content.IE5\MJQPQFS7\DESKTOP.INI -- cannot be opened!
C:\Documents and Settings\CEZARY SLAWECKI\Ustawienia lokalne\Temp\Temporary Internet Files\Content.IE5\O0L2F6GL\DESKTOP.INI -- cannot be opened!
C:\Documents and Settings\CEZARY SLAWECKI\Ustawienia lokalne\Temp\Temporary Internet Files\Content.IE5\SP6Z81IN\DESKTOP.INI -- cannot be opened!
C:\Documents and Settings\CEZARY SLAWECKI\Ustawienia lokalne\Temporary Internet Files\DESKTOP.INI -- cannot be opened!
C:\Documents and Settings\CEZARY SLAWECKI\Ustawienia lokalne\Temporary Internet Files\Content.IE5\DESKTOP.INI -- cannot be opened!
C:\Documents and Settings\CEZARY SLAWECKI\Ustawienia lokalne\Temporary Internet Files\Content.IE5\012FS1EB\DESKTOP.INI -- cannot be opened!
C:\Documents and Settings\CEZARY SLAWECKI\Ustawienia lokalne\Temporary Internet Files\Content.IE5\2ZWHAVG7\DESKTOP.INI -- cannot be opened!
C:\Documents and Settings\CEZARY SLAWECKI\Ustawienia lokalne\Temporary Internet Files\Content.IE5\8LW7OFO3\DESKTOP.INI -- cannot be opened!
C:\Documents and Settings\CEZARY SLAWECKI\Ustawienia lokalne\Temporary Internet Files\Content.IE5\CD0XYFKH\DESKTOP.INI -- cannot be opened!
C:\Documents and Settings\CEZARY SLAWECKI\Ustawienia lokalne\Temporary Internet Files\Content.IE5\CPK9YJCP\DESKTOP.INI -- cannot be opened!
C:\Documents and Settings\CEZARY SLAWECKI\Ustawienia lokalne\Temporary Internet Files\Content.IE5\G9M3WD6N\DESKTOP.INI -- cannot be opened!
C:\Documents and Settings\CEZARY SLAWECKI\Ustawienia lokalne\Temporary Internet Files\Content.IE5\GHMVKHAB\DESKTOP.INI -- cannot be opened!
C:\Documents and Settings\CEZARY SLAWECKI\Ustawienia lokalne\Temporary Internet Files\Content.IE5\IHA7WHYF\DESKTOP.INI -- cannot be opened!
C:\Documents and Settings\CEZARY SLAWECKI\Ustawienia lokalne\Temporary Internet Files\Content.IE5\KTYJCDE3\DESKTOP.INI -- cannot be opened!
C:\Documents and Settings\CEZARY SLAWECKI\Ustawienia lokalne\Temporary Internet Files\Content.IE5\MFYVA5UB\DESKTOP.INI -- cannot be opened!
C:\Documents and Settings\CEZARY SLAWECKI\Ustawienia lokalne\Temporary Internet Files\Content.IE5\WHMFUZQL\DESKTOP.INI -- cannot be opened!
C:\Documents and Settings\CEZARY SLAWECKI\Ustawienia lokalne\Temporary Internet Files\Content.IE5\WXWFSFGB\DESKTOP.INI -- cannot be opened!
Startup items in "Administrator" & "All Users" startup folders:
---------------------------------------------------------------
F:\Documents and Settings\All Users\Menu Start\Programy\Autostart
"E_SPSU01" -> shortcut to: "F:\WINNT\system32\spool\drivers\w32x86\3\E_SPSU01.EXE /P "EPSON Stylus C42 Series" /T1 "180" /T2 "180"/s" ["SEIKO EPSON Corporation"]
"Microsoft Office" -> shortcut to: "F:\Program Files\Microsoft Office\Office\OSA9.EXE -b -l" [MS]
"Acrobat Assistant" -> shortcut to: "F:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe" ["Adobe Systems Inc."]
"PS for Air Shot" -> shortcut to: "F:\Program Files\Sony\Projector\Projector Station for Air Shot\PjstnAS.exe" ["Sony Corporation"]
Enabled Scheduled Tasks:
------------------------
"Norton AntiVirus - Skanuj komputer" -> launches: "F:\PROGRA~1\NORTON~1\NORTON~1\NAVW32.exe /task:F:\DOCUME~1\ALLUSE~1\DANEAP~1\Symantec\NORTON~1\Tasks\mycomp.sca" ["Symantec Corporation"]
"Symantec NetDetect" -> launches: "F:\Program Files\Symantec\LiveUpdate\NDETECT.EXE" ["Symantec Corporation"]
Winsock2 Service Provider DLLs:
-------------------------------
Namespace Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\rnr20.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
Transport Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\msafd.dll [MS], 01 - 03, 06 - 11
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05
Toolbars, Explorer Bars, Extensions:
------------------------------------
Toolbars
HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" = "Adobe PDF" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "F:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll" [null data]
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" = "Norton AntiVirus" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "F:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" = "Adobe PDF" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "F:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll" [null data]
"{EE5D279F-081B-4404-994D-C6B60AAEBA6D}" = "EPSON Web-To-Page" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "F:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll" ["SEIKO EPSON CORPORATION"]
HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" = "Norton AntiVirus"
-> {CLSID}\InProcServer32\(Default) = "F:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" = "Adobe PDF" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "F:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll" [null data]
"{EE5D279F-081B-4404-994D-C6B60AAEBA6D}" = "EPSON Web-To-Page" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "F:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll" ["SEIKO EPSON CORPORATION"]
Explorer Bars
HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\
{182EC0BE-5110-49C8-A062-BEB1D02A220B}\ = "Adobe PDF" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "F:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll" [null data]
Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------
EPSON Printer Status Agent2, EPSONStatusAgent2, "F:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe" ["SEIKO EPSON CORPORATION"]
HID Input Service, HidServ, "F:\WINNT\system32\hidserv.exe" [MS]
Norton Unerase Protection, NProtectService, "F:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE" ["Symantec Corporation"]
Speed Disk service, Speed Disk service, "F:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe" ["Symantec Corporation"]
Symantec Event Manager, ccEvtMgr, ""F:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"" ["Symantec Corporation"]
System zdarzeń COM+, EventSystem, "F:\WINNT\System32\svchost.exe -k netsvcs" {"F:\WINNT\System32\es.dll" [null data]}
Usługa Auto-Protect w programie Norton AntiVirus, navapsvc, ""F:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe"" ["Symantec Corporation"]
Webroot Spy Sweeper Engine, svcWRSSSDK, "F:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe" ["Webroot Software, Inc."]
Print Monitors:
---------------
HKLM\System\CurrentControlSet\Control\Print\Monitors\
Adobe PDF Port\Driver = "F:\WINNT\system32\AdobePDF.dll" ["Adobe Systems Incorporated."]
EPSON V5 2KMonitor\Driver = "EBPMON2.DLL" ["SEIKO EPSON CORPORATION"]
EPSON V6 2KMonitor\Driver = "EBPMON24.DLL" ["SEIKO EPSON CORPORATION"]
----------
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
took 140 seconds.
+ The search for all Registry CLSIDs containing dormant Explorer Bars
took 34 seconds.
---------- (total run time: 335 seconds)
Złączono Posta : 24.01.2006 (Wto) 13:28
Złączono Posta : 24.01.2006 (Wto) 16:57
Czy ktoś mógłby sprawdzić mój log???
z góry dziękuję.
:lol: