Paskudne problemy z kompem


(Aga4winn) #1
Logfile of HijackThis v1.99.1

Scan saved at 17:38:03, on 2006-08-12

Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)


Running processes:

F:\WINDOWS\System32\smss.exe

F:\WINDOWS\system32\winlogon.exe

F:\WINDOWS\system32\services.exe

F:\WINDOWS\system32\lsass.exe

F:\WINDOWS\System32\Ati2evxx.exe

F:\WINDOWS\system32\svchost.exe

F:\WINDOWS\System32\svchost.exe

F:\Program Files\Ahead\InCD\InCDsrv.exe

F:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

F:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

F:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

F:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

F:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

F:\WINDOWS\system32\Ati2evxx.exe

F:\WINDOWS\system32\LEXBCES.EXE

F:\WINDOWS\system32\spoolsv.exe

F:\WINDOWS\system32\LEXPPS.EXE

F:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

F:\WINDOWS\System32\drivers\crauto.exe

F:\WINDOWS\System32\drivers\IMountSRV.exe

F:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

F:\Program Files\Norton AntiVirus\navapsvc.exe

F:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe

F:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

F:\WINDOWS\System32\svchost.exe

F:\WINDOWS\System32\lxcccoms.exe

F:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE

F:\WINDOWS\system32\winlogon.exe

F:\WINDOWS\system32\Ati2evxx.exe

F:\WINDOWS\Explorer.EXE

F:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

F:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

F:\Program Files\Ahead\InCD\InCD.exe

F:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe

F:\PROGRA~1\INTERN~2\MEDIAKEY.EXE

F:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

F:\Program Files\Common Files\Symantec Shared\ccApp.exe

F:\Program Files\Lexmark 3300 Series\lxccmon.exe

F:\Program Files\Lexmark 2200 Series\lxbvbmon.exe

F:\WINDOWS\System32\ctfmon.exe

F:\Program Files\Gadu-Gadu\gg.exe

F:\PROGRA~1\INTERN~2\KBOSDCtl.EXE

F:\PROGRA~1\INTERN~2\KCodeMsg.EXE

F:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe

F:\Program Files\Internet Explorer\IEXPLORE.EXE

F:\WINDOWS\System32\wuauclt.exe

F:\Documents and Settings\olgierd\Pulpit\HijackThis.exe

F:\Program Files\Messenger\msmsgs.exe


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wp.pl/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

R3 - Default URLSearchHook is missing

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {1da7dbe8-c51b-4ae4-bc6e-21863349b0b4} - F:\Program Files\IntCodec\isaddon.dll

O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - F:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - F:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - F:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Protection Bar - {a2595f37-48d0-46a1-9b51-478591a97764} - F:\Program Files\IntCodec\iesplugin.dll

O4 - HKLM\..\Run: [ATIPTA] F:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [Encrypted Disk Auto Mount] rundll32.exe edshell.dll,MountAll

O4 - HKLM\..\Run: [RemoteControl] "F:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [InCD] F:\Program Files\Ahead\InCD\InCD.exe

O4 - HKLM\..\Run: [NeroFilterCheck] F:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [Lexmark 2200 Series] "F:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe"

O4 - HKLM\..\Run: [FaxCenterServer] "F:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s

O4 - HKLM\..\Run: [MediaKey] F:\PROGRA~1\INTERN~2\MEDIAKEY.EXE

O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [WorksFUD] F:\Program Files\Microsoft Works\wkfud.exe

O4 - HKLM\..\Run: [Microsoft Works Portfolio] F:\Program Files\Microsoft Works\WksSb.exe /AllUsers

O4 - HKLM\..\Run: [Microsoft Works Update Detection] F:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

O4 - HKLM\..\Run: [ccApp] "F:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [SSC_UserPrompt] "F:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe"

O4 - HKLM\..\Run: [lxccmon.exe] "F:\Program Files\Lexmark 3300 Series\lxccmon.exe"

O4 - HKLM\..\Run: [LXCCCATS] rundll32 F:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll,_RunDLLEntry@16

O4 - HKCU\..\Run: [CTFMON.EXE] F:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [Gadu-Gadu] "F:\Program Files\Gadu-Gadu\gg.exe" /tray

O4 - Startup: PowerReg Scheduler.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = F:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Microsoft Office.lnk = F:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?

O4 - Global Startup: Ulead Photo Express 4.0 SE Calendar Checker .lnk = F:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://F:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - F:\WINDOWS\web\related.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - F:\WINDOWS\web\related.htm

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\MSMSGS.EXE

O12 - Plugin for .mid: F:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1110625797932

O16 - DPF: {DB893839-10F0-4AF9-92FA-B23528F530AF} - http://deposito.traffic-advance.net/1056307.exe

O20 - Winlogon Notify: WgaLogon - F:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: Ati HotKey Poller - Unknown owner - F:\WINDOWS\System32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - F:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - F:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: crauto - Unknown owner - F:\WINDOWS\System32\drivers\crauto.exe

O23 - Service: IMountSRV - Unknown owner - F:\WINDOWS\System32\drivers\IMountSRV.exe

O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - F:\Program Files\Ahead\InCD\InCDsrv.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - F:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: LiveUpdate - Symantec Corporation - F:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: lxcc_device - Lexmark International, Inc. - F:\WINDOWS\System32\lxcccoms.exe

O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - F:\Program Files\Norton AntiVirus\navapsvc.exe

O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - F:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe

O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE

O23 - Service: PMounter - Unknown owner - F:\WINDOWS\system32\PMounter.exe

O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - F:\Program Files\Norton AntiVirus\SAVScan.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - F:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

O23 - Service: SPBBCSvc - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Symantec Core LC - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

(Monczkin) #2

nunak może tak napisz, jakie masz problem ??


(Myszonus) #3

  1. Startujesz do trybu awaryjnego i wyłączasz przywracanie systemu.

  2. Pliki/foldery na czerwono skasuj z dysku.

  3. Wpisy skasuj Hijackiem.

  4. Użyj SmitFraudFix – tu masz opis. --> opcja 2.

  5. Daj log z Silent Runners – tu masz opis.


(Aga4winn) #4

przepraszam ale w zasadzie jestem tu nowa i niewiele sama mogę zrobić na kompie.Wczoraj załapałam SpywareQuake i WinFixer. Użyłam już SmitFraudFix i dzięki niemu zniknęły dziwne migająca znaczki virus alert. Przeszłam też silent runners ale nie mogą znależć raportu. Komputer chodzi wolno, nie ustawia wp.pl jako strona główna i pod adresem strony pojawił się jeszcze jeden pasek ,,Protection bar" i kilka innych przycisków na tym pasku

Złączono Posta : 12.08.2006 (Sob) 18:15

Myszak co to znaczy ,,startujesz do trybu awaryjnego" :shock: Please help me :frowning:


(Myszonus) #5

Wyłączenie przywracania systemu.

Włączanie trybu awaryjnego

Potem kasujesz pliki/foldery, które zaznaczyłem na czerwono. Używasz SmitFraudFix - opcja 2. Potem dasz raport ze SmitFrauda.

Silenta umieść np. na pulpicie włącz zrób skan i czekaj, aż program potwierdzi, że zakończył - log będzie na pulpicie - plik .txt


(Aga4winn) #6

Myszak :slight_smile: , przepraszam za zawracanie głowy, ale chyba nic z tego nie będzie. wchodzę w panel sterowania- system-przywracanie systemu- zaznaczam ,,wyłacz przywracanie na wszystkicz dyskach", zatwierdzam i nic, kompletnie nic się nie dzieje. ekran nie robi się czarny i nic się nie resetuje :frowning: To chyba jakiś koszmar :shock:


(Myszonus) #7

nie nie nie :wink: Wyłączsz przyracanie systemu tak jak napisałaś :slight_smile: A potem włączas kompa ponownie i ma jeszcze czarny ekran klikamy nieustannie

i bardzo szybko w klawisz F8. Problem z metodą F8 polega na strzelaniu w ten klawisz

WE WŁAŚCIWYM MOMENCIE: na czarnym ekranie ale nie za wcześnie (inaczej wystąpi błąd klawiatury)

i nie za późno (inaczej załaduje się Windows w trybie Normalnym). Po pojawieniu się menu

tekstowego należy wybrać opcję: Tryb awaryjny. Wybierasz potem swoje konto :slight_smile:


(Aga4winn) #8
"Silent Runners.vbs", revision 46, http://www.silentrunners.org/

Operating System: Windows XP

Output limited to non-default values, except where indicated by "{++}"



Startup items buried in registry:

---------------------------------


HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}

"CTFMON.EXE" = "F:\WINDOWS\System32\ctfmon.exe" [MS]

"PowerBar" = (empty string)

"Gadu-Gadu" = ""F:\Program Files\Gadu-Gadu\gg.exe" /tray" ["Gadu-Gadu Sp. z oo"]


HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ {++}

"homepage.monitor.exe" = "F:\Program Files\IntCodec\isamonitor.exe" [file not found]

"pmsngr.exe" = "F:\Program Files\IntCodec\pmsngr.exe" [file not found]


HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}

"ATIPTA" = "F:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" ["ATI Technologies, Inc."]

"Encrypted Disk Auto Mount" = "rundll32.exe edshell.dll,MountAll" [MS]

"RemoteControl" = ""F:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"" ["Cyberlink Corp."]

"InCD" = "F:\Program Files\Ahead\InCD\InCD.exe" ["Ahead Software AG"]

"NeroFilterCheck" = "F:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]

"Lexmark 2200 Series" = ""F:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe"" ["Lexmark International, Inc."]

"FaxCenterServer" = ""F:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s" [null data]

"(Default)" = (empty string)

"MediaKey" = "F:\PROGRA~1\INTERN~2\MEDIAKEY.EXE" ["Dritek System Inc."]

"QuickTime Task" = ""F:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]

"WorksFUD" = "F:\Program Files\Microsoft Works\wkfud.exe" ["Microsoft® Corporation"]

"Microsoft Works Portfolio" = "F:\Program Files\Microsoft Works\WksSb.exe /AllUsers" ["Microsoft® Corporation"]

"Microsoft Works Update Detection" = "F:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" ["Microsoft® Corporation"]

"ccApp" = ""F:\Program Files\Common Files\Symantec Shared\ccApp.exe"" ["Symantec Corporation"]

"SSC_UserPrompt" = ""F:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe"" ["Symantec Corporation"]

"lxccmon.exe" = ""F:\Program Files\Lexmark 3300 Series\lxccmon.exe"" ["Lexmark International, Inc."]

"LXCCCATS" = "rundll32 F:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll,_RunDLLEntry@16" [MS]


HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{A8F38D8D-E480-4D52-B7A2-731BB6995FDD}\(Default) = "NAV Helper"

  -> {HKLM...CLSID} = "CNavExtBho Class"

                   \InProcServer32\(Default) = "F:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]


HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"

  -> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"

                   \InProcServer32\(Default) = "deskpan.dll" [file not found]

"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"

  -> {HKLM...CLSID} = "HyperTerminal Icon Ext"

                   \InProcServer32\(Default) = "F:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]

"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"

  -> {HKLM...CLSID} = "Rozszerzenie ikon plików programu Outlook"

                   \InProcServer32\(Default) = "F:\Program Files\Microsoft Office\Office10\OLKFSTUB.DLL" [MS]

"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"

  -> {HKLM...CLSID} = (no title provided)

                   \InProcServer32\(Default) = "F:\Program Files\Microsoft Office\Office10\msohev.dll" [MS]

"{793FEE91-6A71-11d3-BFDB-000000000000}" = "Paragon Encrypted Disk Shell Extension"

  -> {HKLM...CLSID} = "Paragon Encrypted Disk Shell Extension"

                   \InProcServer32\(Default) = "edshell.dll" [null data]

"{950FF917-7A57-46BC-8017-59D9BF474000}" = "Shell Extension for CDRW"

  -> {HKLM...CLSID} = "Shell Extension for CDRW"

                   \InProcServer32\(Default) = "F:\Program Files\Ahead\InCD\incdshx.dll" ["Ahead Software AG"]

"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "F:\Program Files\WinRAR\rarext.dll" [null data]

"{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"

  -> {HKLM...CLSID} = "Portable Media Devices"

                   \InProcServer32\(Default) = "F:\WINDOWS\System32\Audiodev.dll" [MS]

"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"

  -> {HKLM...CLSID} = "Portable Media Devices Menu"

                   \InProcServer32\(Default) = "F:\WINDOWS\System32\Audiodev.dll" [MS]

"{32020A01-506E-484D-A2A8-BE3CF17601C3}" = "AlcoholShellEx"

  -> {HKLM...CLSID} = "AlcoholShellEx"

                   \InProcServer32\(Default) = "F:\PROGRA~1\ALCOHO~1\ALCOHO~1\AXShlEx.dll" ["Alcohol Soft Development Team"]


HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\

INFECTION WARNING! AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."]

INFECTION WARNING! WgaLogon\DLLName = "WgaLogon.dll" [MS]


HKLM\Software\Classes\*\shellex\ContextMenuHandlers\

Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{FAD61B3D-699D-49B2-BE16-7F82CB4C59CA}"

  -> {HKLM...CLSID} = "IEContextMenu Class"

                   \InProcServer32\(Default) = "F:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]

VersionsMenu\(Default) = "{03170921-4754-11cf-AB9A-00C0F00683EB}"

  -> {HKLM...CLSID} = "Corel Versions"

                   \InProcServer32\(Default) = "F:\Program Files\Corel\Versions\CVersion.dll" [file not found]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "F:\Program Files\WinRAR\rarext.dll" [null data]


HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "F:\Program Files\WinRAR\rarext.dll" [null data]


HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\

Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{FAD61B3D-699D-49B2-BE16-7F82CB4C59CA}"

  -> {HKLM...CLSID} = "IEContextMenu Class"

                   \InProcServer32\(Default) = "F:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]

VersionsMenu\(Default) = "{03170921-4754-11cf-AB9A-00C0F00683EB}"

  -> {HKLM...CLSID} = "Corel Versions"

                   \InProcServer32\(Default) = "F:\Program Files\Corel\Versions\CVersion.dll" [file not found]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "F:\Program Files\WinRAR\rarext.dll" [null data]



Active Desktop and Wallpaper:

-----------------------------


Active Desktop is disabled at this entry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState


HKCU\Control Panel\Desktop\

"Wallpaper" = "F:\Documents and Settings\olgierd\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"



Enabled Screen Saver:

---------------------


HKCU\Control Panel\Desktop\

"SCRNSAVE.EXE" = "F:\WINDOWS\System32\sstext3d.scr" [MS]



Startup items in "olgierd" & "All Users" startup folders:

---------------------------------------------------------


F:\Documents and Settings\All Users\Menu Start\Programy\Autostart

"Adobe Gamma Loader" -> shortcut to: "F:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe" ["Adobe Systems, Inc."]

"Microsoft Office" -> shortcut to: "F:\Program Files\Microsoft Office\Office10\OSA.EXE -b -l" [MS]

"Microsoft Works Calendar Reminders" -> shortcut to: "F:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe" ["Microsoft® Corporation"]

"Ulead Photo Express 4.0 SE Calendar Checker " -> shortcut to: "F:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe" ["Ulead Systems, Inc."]



Enabled Scheduled Tasks:

------------------------


"Norton AntiVirus - Run Full System Scan - olgierd" -> launches: "F:\PROGRA~1\NORTON~1\Navw32.exe /TASK:"F:\Documents and Settings\All Users\Dane aplikacji\Symantec\Norton AntiVirus\Tasks\mycomp.sca"" ["Symantec Corporation"]

"Norton AntiVirus - Run Norton QuickScan - olgierd" -> launches: "F:\PROGRA~1\NORTON~1\NAVW32.EXE /TASK:"F:\Documents and Settings\All Users\Dane aplikacji\Symantec\Norton AntiVirus\Tasks\quick.sca"" ["Symantec Corporation"]



Winsock2 Service Provider DLLs:

-------------------------------


Namespace Service Providers


HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}

000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]

000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]


Transport Service Providers


HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}

0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:

%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 15

%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05



Toolbars, Explorer Bars, Extensions:

------------------------------------


Toolbars


HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\

"{A2595F37-48D0-46A1-9B51-478591A97764}"

  -> {HKLM...CLSID} = "Protection Bar"

                   \InProcServer32\(Default) = "F:\Program Files\IntCodec\iesplugin.dll" [null data]

"{C4069E3A-68F1-403E-B40E-20066696354B}"

  -> {HKLM...CLSID} = "Norton AntiVirus"

                   \InProcServer32\(Default) = "F:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]


HKLM\Software\Microsoft\Internet Explorer\Toolbar\

"{C4069E3A-68F1-403E-B40E-20066696354B}" = "Norton AntiVirus"

  -> {HKLM...CLSID} = "Norton AntiVirus"

                   \InProcServer32\(Default) = "F:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]

"{A2595F37-48D0-46A1-9B51-478591A97764}" = (no title provided)

  -> {HKLM...CLSID} = "Protection Bar"

                   \InProcServer32\(Default) = "F:\Program Files\IntCodec\iesplugin.dll" [null data]


Explorer Bars


Dormant Explorer Bars in "View, Explorer Bar" menu


HKLM\Software\Classes\CLSID\{A2595F37-48D0-46A1-9B51-478591A97764}\(Default) = "Protection Bar"

Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]

InProcServer32\(Default) = "F:\Program Files\IntCodec\iesplugin.dll" [null data]


Extensions (Tools menu items, main toolbar menu buttons)


HKLM\Software\Microsoft\Internet Explorer\Extensions\

{FB5F1910-F110-11D2-BB9E-00C04F795683}\

"ButtonText" = "Messenger"

"MenuText" = "Messenger"

"Exec" = "F:\Program Files\Messenger\MSMSGS.EXE" [MS]



Running Services (Display Name, Service Name, Path {Service DLL}):

------------------------------------------------------------------


Ati HotKey Poller, Ati HotKey Poller, "F:\WINDOWS\System32\Ati2evxx.exe" ["ATI Technologies Inc."]

Automatic LiveUpdate Scheduler, Automatic LiveUpdate Scheduler, ""F:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe"" ["Symantec Corporation"]

crauto, crauto, "F:\WINDOWS\System32\drivers\crauto.exe" [null data]

IMountSRV, IMountSRV, "F:\WINDOWS\System32\drivers\IMountSRV.exe" [null data]

InCD Helper, InCDsrv, "F:\Program Files\Ahead\InCD\InCDsrv.exe" ["Ahead Software AG"]

LexBce Server, LexBceS, "F:\WINDOWS\system32\LEXBCES.EXE" ["Lexmark International, Inc."]

lxcc_device, lxcc_device, "F:\WINDOWS\System32\lxcccoms.exe -service" ["Lexmark International, Inc."]

Machine Debug Manager, MDM, ""F:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe"" [MS]

Norton AntiVirus Auto-Protect Service, navapsvc, "F:\Program Files\Norton AntiVirus\navapsvc.exe" ["Symantec Corporation"]

Norton AntiVirus Firewall Monitor Service, NPFMntor, ""F:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe"" ["Symantec Corporation"]

Norton Protection Center Service, NSCService, ""F:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE"" ["Symantec Corporation"]

SoundMAX Agent Service, SoundMAX Agent Service (default), "F:\Program Files\Analog Devices\SoundMAX\SMAgent.exe" ["Analog Devices, Inc."]

SPBBCSvc, SPBBCSvc, ""F:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe"" ["Symantec Corporation"]

Symantec Core LC, Symantec Core LC, ""F:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe"" ["Symantec Corporation"]

Symantec Event Manager, ccEvtMgr, ""F:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"" ["Symantec Corporation"]

Symantec Network Drivers Service, SNDSrvc, ""F:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe"" ["Symantec Corporation"]

Symantec Settings Manager, ccSetMgr, ""F:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"" ["Symantec Corporation"]

Windows User Mode Driver Framework, UMWdf, "F:\WINDOWS\System32\wdfmgr.exe" [MS]



Print Monitors:

---------------


HKLM\System\CurrentControlSet\Control\Print\Monitors\

3300 Series Port\Driver = "lxcclmpm.DLL" ["Lexmark International, Inc."]

Lexmark Network Port\Driver = "LEXLMPM.DLL" ["Lexmark International, Inc."]

Lexmark Print-2-Fax Port\Driver = "LXPRMON.DLL" [null data]



----------

+ This report excludes default entries except where indicated.

+ To see *everywhere* the script checks and *everything* it finds,

  launch it from a command prompt or a shortcut with the -all parameter.

+ The search for DESKTOP.INI DLL launch points on all local fixed drives

  took 41 seconds.

+ The search for all Registry CLSIDs containing dormant Explorer Bars

  took 20 seconds.

---------- (total run time: 191 seconds)

Złączono Posta : 12.08.2006 (Sob) 20:29

Myszak coś tam pogrzebałam i powyżej masz mój log z silent runners, czarna magia- jak dla mnie- rozumiesz coś z tego :?: