Witam!

Mam bardzo wielki problem.Zainstalowalem program Windows Media Player 10.0v i do tego byl Kodek ktory sie nazywa IntCodec, i to sie okazalo ze to jest jeden wielkie Spyware!!Przez niego niemoge w nic grac bo mi wywala gry tymi glupimi reklamami pornograficznymi, lub takimi zeby kliknac i sciagnac AntiVirusa!!Oczywiscie mam AntiVirusa mam Norton SystemWorks i on mi nie wykrywa tego programu, bo to jest Spyware, a nie wirus.Ciagle na poczatku startu Windowsa wlacza sie ten program i nie moge go nawet wylaczyc w Menedzer Zadan bociagle pojawia sie na nowo Nieiwcie jak takie za przeproszeniem gowno usunac??? Bede bardzoo wdzieczny.

Pozdro 4all

Na początek wklej loga

http://forum.dobreprogramy.pl/viewtopic.php?t=36654

I zapomnialem dodac ze usunalem to Ad Adwarem SE ale to nadal jest i robi szkody :( Te pliki sie nazywaja tak :

isamini.exe

isamonitor.exe

isaddon.dll

pmmon.exe

pmsngr.exe

I to wszystko jest w pliku IntCodec na dysku D: tam gdzie mam Windowsa.Adware mi wykryl to jako Spyware Quake.Nie moge tego za cholere wykasowac z mojego komputera.

Złączono Posta : 08.08.2006 (Wto) 22:24

Juz pobieram i wklejam

Złączono Posta : 08.08.2006 (Wto) 22:24

Logfile of HijackThis v1.99.1

Scan saved at 22:24:48, on 2006-08-08

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

D:\WINDOWS\System32\smss.exe

D:\WINDOWS\system32\winlogon.exe

D:\WINDOWS\system32\services.exe

D:\WINDOWS\system32\lsass.exe

D:\WINDOWS\system32\svchost.exe

D:\WINDOWS\System32\svchost.exe

D:\Program Files\Sygate\SPF\smc.exe

D:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

D:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

D:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

D:\WINDOWS\system32\spoolsv.exe

D:\Program Files\cFosSpeed\spd.exe

D:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe

D:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe

D:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE

D:\WINDOWS\system32\nvsvc32.exe

D:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE

D:\WINDOWS\system32\svchost.exe

D:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

D:\WINDOWS\Explorer.EXE

D:\WINDOWS\system32\WgaTray.exe

D:\Program Files\IntCodec\isamonitor.exe

D:\Program Files\IntCodec\pmsngr.exe

D:\Program Files\Common Files\Symantec Shared\ccApp.exe

D:\WINDOWS\TBPanel.exe

D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE

D:\Program Files\IntCodec\isamini.exe

D:\Program Files\IntCodec\pmmon.exe

D:\Program Files\cFosSpeed\cFosSpeed.exe

D:\Program Files\Java\jre1.5.0_07\bin\jusched.exe

D:\WINDOWS\system32\ctfmon.exe

D:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe

D:\Program Files\Nikon\NkView6\NkvMon.exe

D:\Program Files\Opera\Opera.exe

D:\Documents and Settings\Bartosz\Pulpit\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

R3 - URLSearchHook: (no name) - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file)

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {1da7dbe8-c51b-4ae4-bc6e-21863349b0b4} - D:\Program Files\IntCodec\isaddon.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.5.0_07\bin\ssv.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll

O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - D:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - D:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O3 - Toolbar: Protection Bar - {a2595f37-48d0-46a1-9b51-478591a97764} - D:\Program Files\IntCodec\iesplugin.dll (file missing)

O4 - HKLM…\Run: [ccApp] “D:\Program Files\Common Files\Symantec Shared\ccApp.exe”

O4 - HKLM…\Run: [Gainward] D:\WINDOWS\TBPanel.exe /A

O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM…\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM…\Run: [symantec NetDriver Monitor] D:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer

O4 - HKLM…\Run: [EPSON Stylus DX3800 Series] D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 “EPSON Stylus DX3800 Series” /O6 “USB001” /M “Stylus DX3800”

O4 - HKLM…\Run: [bearShare] “D:\Program Files\BearShare\BearShare.exe” /pause

O4 - HKLM…\Run: [DAEMON Tools-1033] “D:\Program Files\D-Tools\daemon.exe” -lang 1033 -lock

O4 - HKLM…\Run: [Client Server Runtime Process] D:\WINDOWS\system32\smmss.exe

O4 - HKLM…\Run: [cFosSpeed] D:\Program Files\cFosSpeed\cFosSpeed.exe

O4 - HKLM…\Run: [smcService] D:\PROGRA~1\Sygate\SPF\smc.exe -startgui

O4 - HKLM…\Run: [sunJavaUpdateSched] D:\Program Files\Java\jre1.5.0_07\bin\jusched.exe

O4 - HKLM…\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe

O4 - HKCU…\Run: [Gadu-Gadu] “D:\Program Files\Gadu-Gadu\gg.exe” /tray

O4 - HKCU…\Run: [Norton SystemWorks] “D:\Program Files\Norton SystemWorks\cfgwiz.exe” /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz

O4 - HKCU…\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe

O4 - Global Startup: DSLMON.lnk = D:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe

O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: NkvMon.exe.lnk = D:\Program Files\Nikon\NkView6\NkvMon.exe

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_07\bin\ssv.dll

O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_07\bin\ssv.dll

O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O17 - HKLM\System\CCS\Services\Tcpip…{423DEE9F-6230-4789-A32C-D6CBA77A0459}: NameServer = 194.204.152.34 217.98.63.164

O17 - HKLM\System\CS1\Services\Tcpip…{423DEE9F-6230-4789-A32C-D6CBA77A0459}: NameServer = 194.204.152.34 217.98.63.164

O20 - Winlogon Notify: WgaLogon - D:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: bestreak - {874443fe-aa33-4ebf-a6ac-73208787e62d} - D:\WINDOWS\system32\viruxz.dll (file missing)

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: cFosSpeed System Service (cFosSpeedS) - Unknown owner - D:\Program Files\cFosSpeed\spd.exe" -service (file missing)

O23 - Service: MySql - Unknown owner - c:\usr/MYSQL/bin/mysqld.exe (file missing)

O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - D:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe

O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - D:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe

O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - D:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe

O23 - Service: SAVScan - Symantec Corporation - D:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - D:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - D:\Program Files\Sygate\SPF\smc.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Speed Disk service - Symantec Corporation - D:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE

O23 - Service: Symantec Core LC - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

Użyj SmitFraudFix w trybie awaryjnym - Opcja 2.

Po czynnościach wklej Loga HijackThis + SilentRunners

Logfile of HijackThis v1.99.1

Scan saved at 22:45:46, on 2006-08-08

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

D:\WINDOWS\System32\smss.exe

D:\WINDOWS\system32\winlogon.exe

D:\WINDOWS\system32\services.exe

D:\WINDOWS\system32\savedump.exe

D:\WINDOWS\system32\lsass.exe

D:\WINDOWS\system32\svchost.exe

D:\WINDOWS\System32\svchost.exe

D:\Program Files\Sygate\SPF\smc.exe

D:\WINDOWS\Explorer.EXE

D:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

D:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

D:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

D:\WINDOWS\system32\spoolsv.exe

D:\Program Files\cFosSpeed\spd.exe

D:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe

D:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe

D:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE

D:\WINDOWS\system32\nvsvc32.exe

D:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE

D:\WINDOWS\system32\svchost.exe

D:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

D:\Program Files\Common Files\Symantec Shared\ccApp.exe

D:\WINDOWS\TBPanel.exe

D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE

D:\Program Files\cFosSpeed\cFosSpeed.exe

D:\Program Files\Java\jre1.5.0_07\bin\jusched.exe

D:\WINDOWS\system32\WgaTray.exe

D:\WINDOWS\system32\ctfmon.exe

D:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe

D:\Program Files\Nikon\NkView6\NkvMon.exe

D:\WINDOWS\system32\wuauclt.exe

D:\Documents and Settings\Bartosz\Pulpit\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

R3 - URLSearchHook: (no name) - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file)

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.5.0_07\bin\ssv.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll

O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - D:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - D:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O4 - HKLM…\Run: [ccApp] “D:\Program Files\Common Files\Symantec Shared\ccApp.exe”

O4 - HKLM…\Run: [Gainward] D:\WINDOWS\TBPanel.exe /A

O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM…\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM…\Run: [symantec NetDriver Monitor] D:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer

O4 - HKLM…\Run: [EPSON Stylus DX3800 Series] D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 “EPSON Stylus DX3800 Series” /O6 “USB001” /M “Stylus DX3800”

O4 - HKLM…\Run: [bearShare] “D:\Program Files\BearShare\BearShare.exe” /pause

O4 - HKLM…\Run: [DAEMON Tools-1033] “D:\Program Files\D-Tools\daemon.exe” -lang 1033 -lock

O4 - HKLM…\Run: [Client Server Runtime Process] D:\WINDOWS\system32\smmss.exe

O4 - HKLM…\Run: [cFosSpeed] D:\Program Files\cFosSpeed\cFosSpeed.exe

O4 - HKLM…\Run: [smcService] D:\PROGRA~1\Sygate\SPF\smc.exe -startgui

O4 - HKLM…\Run: [sunJavaUpdateSched] D:\Program Files\Java\jre1.5.0_07\bin\jusched.exe

O4 - HKLM…\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe

O4 - HKCU…\Run: [Gadu-Gadu] “D:\Program Files\Gadu-Gadu\gg.exe” /tray

O4 - HKCU…\Run: [Norton SystemWorks] “D:\Program Files\Norton SystemWorks\cfgwiz.exe” /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz

O4 - HKCU…\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe

O4 - Global Startup: DSLMON.lnk = D:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe

O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: NkvMon.exe.lnk = D:\Program Files\Nikon\NkView6\NkvMon.exe

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_07\bin\ssv.dll

O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_07\bin\ssv.dll

O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O17 - HKLM\System\CCS\Services\Tcpip…{423DEE9F-6230-4789-A32C-D6CBA77A0459}: NameServer = 194.204.152.34 217.98.63.164

O17 - HKLM\System\CS1\Services\Tcpip…{423DEE9F-6230-4789-A32C-D6CBA77A0459}: NameServer = 194.204.152.34 217.98.63.164

O20 - Winlogon Notify: WgaLogon - D:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: cFosSpeed System Service (cFosSpeedS) - Unknown owner - D:\Program Files\cFosSpeed\spd.exe" -service (file missing)

O23 - Service: MySql - Unknown owner - c:\usr/MYSQL/bin/mysqld.exe (file missing)

O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - D:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe

O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - D:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe

O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - D:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe

O23 - Service: SAVScan - Symantec Corporation - D:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - D:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - D:\Program Files\Sygate\SPF\smc.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Speed Disk service - Symantec Corporation - D:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE

O23 - Service: Symantec Core LC - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

BossMistrz

[qoude]

Nom juz jest wszystko OK bo bylo napisane w raporcie ze usunal i na dysku D niemam tego. :mrgreen: :mrgreen:

Złączono Posta : 08.08.2006 (Wto) 22:49

A to z Silent Runners

“Silent Runners.vbs”, revision 46, http://www.silentrunners.org/

Operating System: Windows XP SP2

Output limited to non-default values, except where indicated by “{++}”

Startup items buried in registry:

---

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}

“Gadu-Gadu” = ““D:\Program Files\Gadu-Gadu\gg.exe” /tray” [“Gadu-Gadu Sp. z oo”]

“Norton SystemWorks” = ““D:\Program Files\Norton SystemWorks\cfgwiz.exe” /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz” [“Symantec Corporation”]

“ctfmon.exe” = “D:\WINDOWS\system32\ctfmon.exe” [MS]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ {++}

“WinShell” = “D:\WINDOWS\shell.exe” [file not found]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}

“ccApp” = ““D:\Program Files\Common Files\Symantec Shared\ccApp.exe”” [“Symantec Corporation”]

“Gainward” = “D:\WINDOWS\TBPanel.exe /A” [“Gainward Co.”]

“NvCplDaemon” = “RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup” [MS]

“NvMediaCenter” = “RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit” [MS]

“Cmaudio” = “RunDll32 cmicnfg.cpl,CMICtrlWnd” [MS]

“Symantec NetDriver Monitor” = “D:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer” [“Symantec Corporation”]

“EPSON Stylus DX3800 Series” = "D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 “EPSON Stylus DX3800 Series” /O6 “USB001” /M “Stylus DX3800"” [“SEIKO EPSON CORPORATION”]

“BearShare” = ““D:\Program Files\BearShare\BearShare.exe” /pause” [file not found]

“DAEMON Tools-1033” = ““D:\Program Files\D-Tools\daemon.exe” -lang 1033 -lock” [“DAEMON’S HOME”]

“Client Server Runtime Process” = “D:\WINDOWS\system32\smmss.exe” [file not found]

“cFosSpeed” = “D:\Program Files\cFosSpeed\cFosSpeed.exe” [“cFos Software GmbH”]

“SmcService” = “D:\PROGRA~1\Sygate\SPF\smc.exe -startgui” [“Sygate Technologies, Inc.”]

“SunJavaUpdateSched” = “D:\Program Files\Java\jre1.5.0_07\bin\jusched.exe” [“Sun Microsystems, Inc.”]

“NeroFilterCheck” = “D:\WINDOWS\system32\NeroCheck.exe” [“Ahead Software Gmbh”]

HKLM\Software\Microsoft\Active Setup\Installed Components\

>{26923b43-4d38-484f-9b9e-de460746276c}(Default) = “Internet Explorer”

\StubPath = “D:\WINDOWS\system32\shmgrate.exe OCInstallUserConfigIE” [MS]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided)

-> {HKLM…CLSID} = “AcroIEHlprObj Class”

\InProcServer32(Default) = “D:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx” [empty string]

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}(Default) = (no title provided)

-> {HKLM…CLSID} = “SSVHelper Class”

\InProcServer32(Default) = “D:\Program Files\Java\jre1.5.0_07\bin\ssv.dll” [“Sun Microsystems, Inc.”]

{BDF3E430-B101-42AD-A544-FADC6B084872}(Default) = “NAV Helper”

-> {HKLM…CLSID} = “CNavExtBho Class”

\InProcServer32(Default) = “D:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll” [“Symantec Corporation”]

{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}(Default) = (no title provided)

-> {HKLM…CLSID} = “EpsonToolBandKicker Class”

\InProcServer32(Default) = “D:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll” [“SEIKO EPSON CORPORATION”]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

“{88895560-9AA2-1069-930E-00AA0030EBC8}” = “Rozszerzenie ikony HyperTerminalu”

-> {HKLM…CLSID} = “HyperTerminal Icon Ext”

\InProcServer32(Default) = “D:\WINDOWS\system32\hticons.dll” [“Hilgraeve, Inc.”]

“{A70C977A-BF00-412C-90B7-034C51DA2439}” = “NvCpl DesktopContext Class”

-> {HKLM…CLSID} = “DesktopContext Class”

\InProcServer32(Default) = “D:\WINDOWS\system32\nvcpl.dll” [“NVIDIA Corporation”]

“{FFB699E0-306A-11d3-8BD1-00104B6F7516}” = “Play on my TV helper”

-> {HKLM…CLSID} = “NVIDIA CPL Extension”

\InProcServer32(Default) = “D:\WINDOWS\system32\nvcpl.dll” [“NVIDIA Corporation”]

“{1CDB2949-8F65-4355-8456-263E7C208A5D}” = “Desktop Explorer”

-> {HKLM…CLSID} = “Desktop Explorer”

\InProcServer32(Default) = “D:\WINDOWS\system32\nvshell.dll” [“NVIDIA Corporation”]

“{1E9B04FB-F9E5-4718-997B-B8DA88302A47}” = “Desktop Explorer Menu”

-> {HKLM…CLSID} = (no title provided)

\InProcServer32(Default) = “D:\WINDOWS\system32\nvshell.dll” [“NVIDIA Corporation”]

“{1E9B04FB-F9E5-4718-997B-B8DA88302A48}” = “nView Desktop Context Menu”

-> {HKLM…CLSID} = “nView Desktop Context Menu”

\InProcServer32(Default) = “D:\WINDOWS\system32\nvshell.dll” [“NVIDIA Corporation”]

“{B41DB860-8EE4-11D2-9906-E49FADC173CA}” = “WinRAR shell extension”

-> {HKLM…CLSID} = “WinRAR”

\InProcServer32(Default) = “D:\Program Files\WinRAR\rarext.dll” [null data]

“{0006F045-0000-0000-C000-000000000046}” = “Microsoft Outlook Custom Icon Handler”

-> {HKLM…CLSID} = “Rozszerzenie ikon plików programu Outlook”

\InProcServer32(Default) = “D:\Program Files\Microsoft Office\Office10\OLKFSTUB.DLL” [MS]

“{42042206-2D85-11D3-8CFF-005004838597}” = “Microsoft Office HTML Icon Handler”

-> {HKLM…CLSID} = (no title provided)

\InProcServer32(Default) = “D:\Program Files\Microsoft Office\Office10\msohev.dll” [MS]

“{21569614-B795-46b1-85F4-E737A8DC09AD}” = “Shell Search Band”

-> {HKLM…CLSID} = “Shell Search Band”

\InProcServer32(Default) = “D:\WINDOWS\system32\browseui.dll” [MS]

“{32A9D769-5B55-4a25-9A62-86B5683FE50A}” = “NikonView Drop Extension”

-> {HKLM…CLSID} = “NikonView Drop Extension”

\InProcServer32(Default) = “D:\Program Files\Nikon\NkView6\NkvDropExt.dll” [“Nikon Corporation”]

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\

INFECTION WARNING! WgaLogon\DLLName = “WgaLogon.dll” [MS]

HKLM\Software\Classes*\shellex\ContextMenuHandlers\

Symantec.Norton.Antivirus.IEContextMenu(Default) = “{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}”

-> {HKLM…CLSID} = “IEContextMenu Class”

\InProcServer32(Default) = “D:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll” [“Symantec Corporation”]

WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}”

-> {HKLM…CLSID} = “WinRAR”

\InProcServer32(Default) = “D:\Program Files\WinRAR\rarext.dll” [null data]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\

WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}”

-> {HKLM…CLSID} = “WinRAR”

\InProcServer32(Default) = “D:\Program Files\WinRAR\rarext.dll” [null data]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\

Symantec.Norton.Antivirus.IEContextMenu(Default) = “{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}”

-> {HKLM…CLSID} = “IEContextMenu Class”

\InProcServer32(Default) = “D:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll” [“Symantec Corporation”]

WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}”

-> {HKLM…CLSID} = “WinRAR”

\InProcServer32(Default) = “D:\Program Files\WinRAR\rarext.dll” [null data]

Active Desktop and Wallpaper:

---

Active Desktop is disabled at this entry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

HKCU\Control Panel\Desktop\

“Wallpaper” = “D:\Documents and Settings\Bartosz\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp”

Startup items in “Bartosz” & “All Users” startup folders:

---

D:\Documents and Settings\All Users\Menu Start\Programy\Autostart

“DSLMON” -> shortcut to: “D:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe” [empty string]

“Microsoft Office” -> shortcut to: “D:\Program Files\Microsoft Office\Office10\OSA.EXE -b -l” [MS]

“NkvMon.exe” -> shortcut to: “D:\Program Files\Nikon\NkView6\NkvMon.exe” [“Nikon Corporation”]

Enabled Scheduled Tasks:

---

“Symantec Drmc” -> launches: “D:\Program Files\Common Files\Symantec Shared\SymDrmc.exe /CUSTOM /SCHEDULE” [“Symantec Corporation”]

“Symantec NetDetect” -> launches: “D:\Program Files\Symantec\LiveUpdate\NDETECT.EXE” [“Symantec Corporation”]

Winsock2 Service Provider DLLs:

---

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}

000000000001\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS]

000000000002\LibraryPath = “%SystemRoot%\System32\winrnr.dll” [MS]

000000000003\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}

0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:

%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 17

%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05

Toolbars, Explorer Bars, Extensions:

---

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\

“{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}”

-> {HKLM…CLSID} = “Norton AntiVirus”

\InProcServer32(Default) = “D:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll” [“Symantec Corporation”]

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\

“{EE5D279F-081B-4404-994D-C6B60AAEBA6D}”

-> {HKLM…CLSID} = “EPSON Web-To-Page”

\InProcServer32(Default) = “D:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll” [“SEIKO EPSON CORPORATION”]

“{4D5C8C2A-D075-11D0-B416-00C04FB90376}”

-> {HKLM…CLSID} = “Pasek poleceń Microsoft”

\InProcServer32(Default) = “D:\WINDOWS\system32\browseui.dll” [MS]

HKLM\Software\Microsoft\Internet Explorer\Toolbar\

“{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}” = “Norton AntiVirus”

-> {HKLM…CLSID} = “Norton AntiVirus”

\InProcServer32(Default) = “D:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll” [“Symantec Corporation”]

“{EE5D279F-081B-4404-994D-C6B60AAEBA6D}” = (no title provided)

-> {HKLM…CLSID} = “EPSON Web-To-Page”

\InProcServer32(Default) = “D:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll” [“SEIKO EPSON CORPORATION”]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\

{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\

“MenuText” = “Sun Java Console”

“CLSIDExtension” = “{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBC}”

-> {HKCU…CLSID} = “Java Plug-in”

\InProcServer32(Default) = “D:\Program Files\Java\jre1.5.0_07\bin\ssv.dll” [“Sun Microsystems, Inc.”]

-> {HKLM…CLSID} = “Java Plug-in 1.5.0_07”

\InProcServer32(Default) = “D:\Program Files\Java\jre1.5.0_07\bin\npjpi150_07.dll” [“Sun Microsystems, Inc.”]

Running Services (Display Name, Service Name, Path {Service DLL}):

---

cFosSpeed System Service, cFosSpeedS, ““D:\Program Files\cFosSpeed\spd.exe” -service” [“cFos Software GmbH”]

Norton AntiVirus Auto-Protect Service, navapsvc, ““D:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe”” [“Symantec Corporation”]

Norton AntiVirus Firewall Monitor Service, NPFMntor, ““D:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe”” [“Symantec Corporation”]

Norton Unerase Protection, NProtectService, “D:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE” [“Symantec Corporation”]

NVIDIA Display Driver Service, NVSvc, “D:\WINDOWS\system32\nvsvc32.exe” [“NVIDIA Corporation”]

Speed Disk service, Speed Disk service, “D:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE” [“Symantec Corporation”]

Sygate Personal Firewall, SmcService, “D:\Program Files\Sygate\SPF\smc.exe” [“Sygate Technologies, Inc.”]

Symantec Core LC, Symantec Core LC, “D:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe” [“Symantec Corporation”]

Symantec Event Manager, ccEvtMgr, ““D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe”” [“Symantec Corporation”]

Symantec Network Drivers Service, SNDSrvc, ““D:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe”” [“Symantec Corporation”]

Symantec Settings Manager, ccSetMgr, ““D:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe”” [“Symantec Corporation”]

Symantec SPBBCSvc, SPBBCSvc, ““D:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe”” [“Symantec Corporation”]

Złączono Posta : 08.08.2006 (Wto) 22:59

No to jak wszystko OK???

BossMistrz czytałeś może

Ważny komunikat dotyczący tytułowania tematów

Kurcze , tak naprawde nie da sie sprawdzić loga :-s

Wiem ja rozumiem ze nie da sie tak dokladnie sprawdzic loga.Tylko sie pytalem czy wszystko OK Ale juz widze ze wszystko OK, bo w kompie juz niema tych programow i niema juz glupich reklam.

Nareszcie!

Dzieki all za pomoc. 8)