antistes
(Desert Springtime)
12 Kwiecień 2007 17:33
#1
od wczoraj nie chce wlaczyc mi sie SpywareGuard, wiec prosilabym o sprawdzenie loga, czy wszystko jest w porzadku i czy to moze tylko wina programu czy cos… bo ja na to patrze i nic nie rozumiem
Silent Runners:
“Silent Runners.vbs”, revision R50, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by “{++}” Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “Konnekt” = ““C:\Program Files\Konnekt\konnekt.exe” /autostart” [“Stamina”] HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “NvCplDaemon” = “RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup” [MS] “CTHelper” = “CTHELPER.EXE” [“Creative Technology Ltd”] “CTDVDDet” = “C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE” [“Creative Technology Ltd”] “AsioReg” = “REGSVR32.EXE /S CTASIO.DLL” [MS] “KernelFaultCheck” = “C:\WINDOWS\system32\dumprep 0 -k” “SmcService” = “C:\PROGRA~1\SYGATE~1\smc.exe -startgui” [“Sygate Technologies, Inc.”] “BDMCon” = ““C:\Program Files\Softwin\BitDefender8\bdmcon.exe”” [“SOFTWIN S.R.L.”] “BDNewsAgent” = ““C:\Program Files\Softwin\BitDefender8\bdnagent.exe”” [null data] “AVG7_CC” = “C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP” [“GRISOFT, s.r.o.”] “nwiz” = “nwiz.exe /install” [“NVIDIA Corporation”] “NvMediaCenter” = “RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit” [MS] “EPSON Stylus D78 Series” = “C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBGE.EXE /FU “C:\WINDOWS\TEMP\E_S191.tmp” /EF “HKLM”” [“SEIKO EPSON CORPORATION”] “DownloadAccelerator” = ““C:\Program Files\DAP\DAP.EXE” /STARTUP” [“Speedbit Ltd.”] “TkBellExe” = ““C:\Program Files\Common Files\Real\Update_OB\realsched.exe” -osboot” [“RealNetworks, Inc.”] “WinampAgent” = ““C:\Program Files\Winamp\winampa.exe”” [null data] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided) -> {HKLM…CLSID} = “AcroIEHlprObj Class” \InProcServer32(Default) = “C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx” [empty string] {4A368E80-174F-4872-96B5-0B27DDD11DB2}(Default) = “SpywareGuard Download Protection” -> {HKLM…CLSID} = “SpywareGuardDLBLOCK.CBrowserHelper” \InProcServer32(Default) = “C:\Program Files\SpywareGuard\dlprotect.dll” [null data] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}(Default) = (no title provided) -> {HKLM…CLSID} = “SSVHelper Class” \InProcServer32(Default) = “C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll” [“Sun Microsystems, Inc.”] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ “{42071714-76d4-11d1-8b24-00a0c9068ff3}” = “Rozszerzenie CPL kadrowania wyświetlania” -> {HKLM…CLSID} = “Rozszerzenie CPL kadrowania wyświetlania” \InProcServer32(Default) = “deskpan.dll” [file not found] “{88895560-9AA2-1069-930E-00AA0030EBC8}” = “Rozszerzenie ikony HyperTerminalu” -> {HKLM…CLSID} = “HyperTerminal Icon Ext” \InProcServer32(Default) = “C:\WINDOWS\system32\hticons.dll” [“Hilgraeve, Inc.”] “{e57ce731-33e8-4c51-8354-bb4de9d215d1}” = “Uniwersalne urządzenia Plug and Play” -> {HKLM…CLSID} = “Uniwersalne urządzenia Plug and Play” \InProcServer32(Default) = “C:\WINDOWS\system32\upnpui.dll” [MS] “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” = “WinRAR shell extension” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] “{B327765E-D724-4347-8B16-78AE18552FC3}” = “NeroDigitalIconHandler” -> {HKLM…CLSID} = “NeroDigitalIconHandler Class” \InProcServer32(Default) = “C:\Program Files\Common Files\Ahead\lib\NeroDigitalExt.dll” [“Nero AG”] “{7F1CF152-04F8-453A-B34C-E609530A9DC8}” = “NeroDigitalPropSheetHandler” -> {HKLM…CLSID} = “NeroDigitalPropSheetHandler Class” \InProcServer32(Default) = “C:\Program Files\Common Files\Ahead\lib\NeroDigitalExt.dll” [“Nero AG”] “{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}” = “Shell Extensions for RealOne Player” -> {HKLM…CLSID} = “RealOne Player Context Menu Class” \InProcServer32(Default) = “C:\Program Files\Real\RealPlayer\rpshell.dll” [“RealNetworks, Inc.”] “{A70C977A-BF00-412C-90B7-034C51DA2439}” = “NvCpl DesktopContext Class” -> {HKLM…CLSID} = “DesktopContext Class” \InProcServer32(Default) = “C:\WINDOWS\system32\nvcpl.dll” [“NVIDIA Corporation”] “{1CDB2949-8F65-4355-8456-263E7C208A5D}” = “Desktop Explorer” -> {HKLM…CLSID} = “Desktop Explorer” \InProcServer32(Default) = “C:\WINDOWS\system32\nvshell.dll” [“NVIDIA Corporation”] “{1E9B04FB-F9E5-4718-997B-B8DA88302A47}” = “Desktop Explorer Menu” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\WINDOWS\system32\nvshell.dll” [“NVIDIA Corporation”] “{1E9B04FB-F9E5-4718-997B-B8DA88302A48}” = “nView Desktop Context Menu” -> {HKLM…CLSID} = “nView Desktop Context Menu” \InProcServer32(Default) = “C:\WINDOWS\system32\nvshell.dll” [“NVIDIA Corporation”] “{42042206-2D85-11D3-8CFF-005004838597}” = “Microsoft Office HTML Icon Handler” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\Program Files\Microsoft Office\OFFICE11\msohev.dll” [MS] “{D653647D-D607-4DF6-A5B8-48D2BA195F7B}” = “BitDefender Antivirus v8” -> {HKLM…CLSID} = “BitDefender Antivirus v8” \InProcServer32(Default) = “C:\Program Files\Softwin\BitDefender8\bdshelxt.dll” [“SOFTWIN S.R.L.”] “{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}” = “AVG7 Shell Extension” -> {HKLM…CLSID} = “AVG7 Shell Extension Class” \InProcServer32(Default) = “C:\Program Files\Grisoft\AVG7\avgse.dll” [“GRISOFT, s.r.o.”] “{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}” = “AVG7 Find Extension” -> {HKLM…CLSID} = “AVG7 Find Extension Class” \InProcServer32(Default) = “C:\Program Files\Grisoft\AVG7\avgse.dll” [“GRISOFT, s.r.o.”] “{CA5FEE26-14C1-4B5A-86E9-233FC0EE2682}” = “IZArc DragDrop Menu” -> {HKLM…CLSID} = “IZArc DragDrop Menu” \InProcServer32(Default) = “C:\PROGRA~1\IZArc\IZArcCM.dll” [null data] “{8D9D4D0D-FDDD-44CB-AAB2-6161FA0757C5}” = “IZArc Shell Context Menu” -> {HKLM…CLSID} = “IZArc Shell Context Menu” \InProcServer32(Default) = “C:\PROGRA~1\IZArc\IZArcCM.dll” [null data] “{FFB699E0-306A-11d3-8BD1-00104B6F7516}” = “Play on my TV helper” -> {HKLM…CLSID} = “NVIDIA CPL Extension” \InProcServer32(Default) = “C:\WINDOWS\system32\nvcpl.dll” [“NVIDIA Corporation”] “{08267B21-223F-11d3-ACD4-004F4902B913}” = “Desktop Architect” -> {HKLM…CLSID} = “Desktop Architect” \InProcServer32(Default) = “C:\Program Files\Desktop Architect\dadesk.dll” [file not found] “{81559C35-8464-49F7-BB0E-07A383BEF910}” = “SpywareGuard” -> {HKLM…CLSID} = “SpywareGuard.Handler” \InProcServer32(Default) = “C:\Program Files\SpywareGuard\spywareguard.dll” [null data] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\ <> “{81559C35-8464-49F7-BB0E-07A383BEF910}” = “SpywareGuard” -> {HKLM…CLSID} = “SpywareGuard.Handler” \InProcServer32(Default) = “C:\Program Files\SpywareGuard\spywareguard.dll” [null data] HKLM\Software\Classes\PROTOCOLS\Filter\ <> text/xml\CLSID = “{807553E5-5146-11D5-A672-00B0D022E945}” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL” [MS] HKLM\Software\Classes\Folder\shellex\ColumnHandlers\ {7D4D6379-F301-4311-BEBA-E26EB0561882}(Default) = “NeroDigitalExt.NeroDigitalColumnHandler” -> {HKLM…CLSID} = “NeroDigitalColumnHandler Class” \InProcServer32(Default) = “C:\Program Files\Common Files\Ahead\lib\NeroDigitalExt.dll” [“Nero AG”] HKLM\Software\Classes*\shellex\ContextMenuHandlers\ AVG7 Shell Extension(Default) = “{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}” -> {HKLM…CLSID} = “AVG7 Shell Extension Class” \InProcServer32(Default) = “C:\Program Files\Grisoft\AVG7\avgse.dll” [“GRISOFT, s.r.o.”] BitDefender Antivirus v8(Default) = “{D653647D-D607-4DF6-A5B8-48D2BA195F7B}” -> {HKLM…CLSID} = “BitDefender Antivirus v8” \InProcServer32(Default) = “C:\Program Files\Softwin\BitDefender8\bdshelxt.dll” [“SOFTWIN S.R.L.”] DAP_ShredMenu(Default) = “{BED4C38B-F765-45AC-8C56-613F76BBF43E}” -> {HKLM…CLSID} = “DAPMenuShellExt Class” \InProcServer32(Default) = “C:\PROGRA~1\DAP\PRIVAC~1\DAPCTX~1.DLL” [“Speedbit Ltd.”] EPPShellEx(Default) = “{509FE1AF-ADD5-49EC-BC55-7CF81FD16E78}” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\Program Files\EPSON\Creativity Suite\Easy Photo Print\EPPShell.dll” [“SEIKO EPSON CORPORATION”] IZArcCM(Default) = “{8D9D4D0D-FDDD-44CB-AAB2-6161FA0757C5}” -> {HKLM…CLSID} = “IZArc Shell Context Menu” \InProcServer32(Default) = “C:\PROGRA~1\IZArc\IZArcCM.dll” [null data] MkS_Vir(Default) = “{E64226E0-9DA1-479E-8265-8D65BA327BD4}” -> {HKLM…CLSID} = “MkS_Vir Shell Extension” \InProcServer32(Default) = “/u\mksshell.dll” [file not found] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ DAP_ShredMenu(Default) = “{BED4C38B-F765-45AC-8C56-613F76BBF43E}” -> {HKLM…CLSID} = “DAPMenuShellExt Class” \InProcServer32(Default) = “C:\PROGRA~1\DAP\PRIVAC~1\DAPCTX~1.DLL” [“Speedbit Ltd.”] IZArcCM(Default) = “{8D9D4D0D-FDDD-44CB-AAB2-6161FA0757C5}” -> {HKLM…CLSID} = “IZArc Shell Context Menu” \InProcServer32(Default) = “C:\PROGRA~1\IZArc\IZArcCM.dll” [null data] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ AVG7 Shell Extension(Default) = “{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}” -> {HKLM…CLSID} = “AVG7 Shell Extension Class” \InProcServer32(Default) = “C:\Program Files\Grisoft\AVG7\avgse.dll” [“GRISOFT, s.r.o.”] BitDefender Antivirus v8(Default) = “{D653647D-D607-4DF6-A5B8-48D2BA195F7B}” -> {HKLM…CLSID} = “BitDefender Antivirus v8” \InProcServer32(Default) = “C:\Program Files\Softwin\BitDefender8\bdshelxt.dll” [“SOFTWIN S.R.L.”] MkS_Vir(Default) = “{E64226E0-9DA1-479E-8265-8D65BA327BD4}” -> {HKLM…CLSID} = “MkS_Vir Shell Extension” \InProcServer32(Default) = “/u\mksshell.dll” [file not found] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\ “DisableRegistryTools” = (REG_DWORD) hex:0x00000000 {User Configuration|Administrative Templates|System| Prevent access to registry editing tools} HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\ “shutdownwithoutlogon” = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Shutdown: Allow system to be shut down without having to log on} “undockwithoutlogon” = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Devices: Allow undock without having to log on} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ “Wallpaper” = “%APPDATA%\Mozilla\Firefox\Tapeta pulpitu.bmp” Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ “Wallpaper” = “C:\Documents and Settings\dom\Dane aplikacji\IrfanView\IrfanView_Wallpaper.bmp” Enabled Screen Saver: --------------------- HKCU\Control Panel\Desktop\ “SCRNSAVE.EXE” = “C:\WINDOWS\system32\logon.scr” [MS] Startup items in “dom” & “All Users” startup folders: ----------------------------------------------------- C:\Documents and Settings\dom\Menu Start\Programy\Autostart “Adobe Gamma” -> shortcut to: “C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe” [“Adobe Systems, Inc.”] “Budzik” -> shortcut to: “C:\Program Files\Budzik\budzik.exe” [“BLITZ-ART”] “SpywareGuard” -> shortcut to: “C:\Program Files\SpywareGuard\sgmain.exe” [null data] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] 000000000002\LibraryPath = “%SystemRoot%\System32\winrnr.dll” [MS] 000000000003\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 17 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Explorer Bars HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\ HKLM\Software\Classes\CLSID{FF059E31-CC5A-4E2E-BF3B-96E929D65503}(Default) = “&Research” Implemented Categories{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL” [MS] Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ “MenuText” = “Sun Java Console” “CLSIDExtension” = “{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}” -> {HKCU…CLSID} = “Java Plug-in” \InProcServer32(Default) = “C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll” [“Sun Microsystems, Inc.”] -> {HKLM…CLSID} = “Java Plug-in 1.5.0_06” \InProcServer32(Default) = “C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll” [“Sun Microsystems, Inc.”] {92780B25-18CC-41C8-B9BE-3C9C571A8263}\ “ButtonText” = “Research” HOSTS file ---------- C:\WINDOWS\System32\drivers\etc\HOSTS maps: 2 domain names to IP addresses, 1 of the IP addresses is *not* localhost! Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ AVG7 Alert Manager Server, Avg7Alrt, “C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe” [“GRISOFT, s.r.o.”] AVG7 Update Service, Avg7UpdSvc, “C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe” [“GRISOFT, s.r.o.”] BitDefender Communicator, XCOMM, ““C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe” /service” [“Softwin”] BitDefender Scan Server, bdss, ““C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe” /service” [null data] Creative Service for CDROM Access, Creative Service for CDROM Access, “C:\WINDOWS\system32\CTsvcCDA.exe” [“Creative Technology Ltd”] NVIDIA Display Driver Service, NVSvc, “C:\WINDOWS\system32\nvsvc32.exe” [“NVIDIA Corporation”] Sygate Personal Firewall, SmcService, “C:\Program Files\Sygate Personal Firewall\smc.exe” [“Sygate Technologies, Inc.”] Symantec Core LC, Symantec Core LC, ““C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe”” [“Symantec Corporation”] Windows User Mode Driver Framework, UMWdf, “C:\WINDOWS\system32\wdfmgr.exe” [MS] Print Monitors: --------------- HKLM\System\CurrentControlSet\Control\Print\Monitors\ EPSON Stylus D78 Series 32MonitorBE\Driver = “E_FLBBGE.DLL” [“SEIKO EPSON CORPORATION”] Microsoft Document Imaging Writer Monitor\Driver = “mdimon.dll” [MS] ---------- <>: Suspicious data at a malware launch point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + The search for DESKTOP.INI DLL launch points on all local fixed drives took 125 seconds. ---------- (total run time: 184 seconds)
HijackThis
Logfile of HijackThis v1.99.1 Scan saved at 19:15:07, on 2007-04-12 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Sygate Personal Firewall\smc.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\CTHELPER.EXE C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE C:\Program Files\Softwin\BitDefender8\bdmcon.exe C:\Program Files\Softwin\BitDefender8\bdnagent.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\Program Files\DAP\DAP.EXE C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\Konnekt\konnekt.exe C:\Program Files\SpywareGuard\sgmain.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\WINDOWS\system32\cisvc.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\SpywareGuard\sgbhp.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\dom\Moje dokumenty\My Completed Downloads\hijackthis_sfx.exe C:\Program Files\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza F2 - REG:system.ini: Shell=explorer.exe O1 - Hosts: 217.153.219.170 L2authd.lineage2.com O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM…\Run: [CTHelper] CTHELPER.EXE O4 - HKLM…\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE O4 - HKLM…\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL O4 - HKLM…\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM…\Run: [smcService] C:\PROGRA~1\SYGATE~1\smc.exe -startgui O4 - HKLM…\Run: [bDMCon] “C:\Program Files\Softwin\BitDefender8\bdmcon.exe” O4 - HKLM…\Run: [bDNewsAgent] “C:\Program Files\Softwin\BitDefender8\bdnagent.exe” O4 - HKLM…\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM…\Run: [nwiz] nwiz.exe /install O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM…\Run: [EPSON Stylus D78 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBGE.EXE /FU “C:\WINDOWS\TEMP\E_S191.tmp” /EF “HKLM” O4 - HKLM…\Run: [DownloadAccelerator] “C:\Program Files\DAP\DAP.EXE” /STARTUP O4 - HKLM…\Run: [TkBellExe] “C:\Program Files\Common Files\Real\Update_OB\realsched.exe” -osboot O4 - HKLM…\Run: [WinampAgent] “C:\Program Files\Winamp\winampa.exe” O4 - HKCU…\Run: [Konnekt] “C:\Program Files\Konnekt\konnekt.exe” /autostart O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: Budzik.lnk = C:\Program Files\Budzik\budzik.exe O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.pl/resources/virus … nicode.cab O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan … asinst.cab O17 - HKLM\System\CCS\Services\Tcpip…{E748E9C9-C4A4-4396-A4C8-5F8348F64D3B}: NameServer = 62.179.1.60,62.179.1.61 O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing) O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate Personal Firewall\smc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)
JNJN
(JNJN)
12 Kwiecień 2007 17:46
#2
antistes
Proszę używać polskich znaków,opcja zmień i popraw.JNJN
adam9870
(adam9870)
12 Kwiecień 2007 18:49
#3
Oba logi czyste.
Czy próbowałeś przeinstalować SpywareGuard’a czyszcząc przed jego ponowną instalację rejestr (opis ) ??
A tak btw. po co Ci SpywareGuard jeśli masz moim zdaniem o wiele lepszy program tego typu - AVG. On w połączeniu z Sygate Personal Firewall i BitDefender powinni zapewnić bardzo dobrą ochronę systemu.
Czy masz jeszcze Nortona? Jeśli nie to wybierz start => uruchom => wpisz cmd i kliknij OK => w konsoli, która się otworzy wpisz:
Dodatkowo poczytaj o usuwaniu produktów marki Norton za pomocą narzędzia SymNRT:
http://forum.dobreprogramy.pl/viewtopic.php?t=75075