pasek1948 Posted March 17, 2007 Share Posted March 17, 2007 To narzędzie jest bardzo zmyślne. Wyszukuje niepożądane procesy w naszym komputerze, wywołane przez wirusy, - często typu trojan. Nie jestem być może najkompetentnieszą osobą do zreferowania tego programu, - reklama2000 zrobiłby to na pewno lepiej, - ale postaram się opisać co i jak zrobić. 1.Ściągnij malutki programik ze strony: http://dobreprogramy.pl/index.php?dz=2&t=55&id=730 2.Zapisz w zakładkach lub ulubionych ten link: http://www.hijackthis.de/ Teraz uruchom ściągnięty program HijackThis.exe i kliknij pierwszy napis - "Do a system scan and save a logfile". Program błyskawicznie przeskanuje komputer, - i otrzymamy dwie plansze. Zawartość drugiej z nich, - o tytule "hijackthis.log - Notatnik" - kopiujemy i wklejamy na stronkę - http://www.hijackthis.de/ - po czym klikamy "Analyze". W ten dość skomplikowany sposób otrzymamy ocenę tego, co zostało znalezione w naszym komputerze. Nie powinno być pozycji oznaczonych krzyżykiem, - a już na pewno nie czerwonym krzyżykiem (oprócz czerwonych może wystąpić żółty krzyżyk). Po prawej stronie są opisy każdej pozycji. Mój pierwszy skan hijackiem dał mi jeden czerwony i jeden żółty krzyżyk. Dwa dni temu poleciłem hijack znajomemu z innego forum. Nie mogłem uwierzyć - w wyniku miał 8 czerwonych krzyżyków!!! I jak taki biedny komputer ma być sprawny? Co zrobić z tymi niechcianymi wpisami? W "dobreprogramy" nie radzą nowicjuszom usuwać czegokolwiek samemu. Jest kilka sposobów. Albo się kogoś poradzić - albo usunąć samemu. Poradzić można się tu, - na forum, - albo na forum w dobreprogramy. Można wkleić "log" jako post i poprosić o radę. Ja - na własne ryzyko - usunąłem sam, - ale wpierw poszukałem w internecie co piszą o danym pliku. Aby usunąć dane "paskudztwo" oznaczone krzyżykiem, - odszukujemy tą pozycję na pierwszej planszy - tej, od której zaczęliśmy całą operację (HijackThis - v1.99.1), - i klikamy na kwadracik po lewej stronie odszukanej pozycji (po kliknięciu zrobi się w kwadraciku czarny "ptaszek" - v). Następnie klikamy "Fix checked" - i to "coś" zostaje usunięte z naszego komputera. Po uporaniu z wszystkimi niechcianymi pozycjami zalecam powtórzyć całą operację, aby się upewnić czy jest "czysto". Są podobno takie - które nie chcą dać się usunąć. Wówczas przydatny jest programik "unlocker" - można go pobrać tu: http://dobreprogramy.pl/index.php?dz=2&t=59&id=1571 Jemu chyba żaden Trojan się nie oprze. Myślę, że dokładnie opisałem co i jak, - nie trzeba często sprawdzać tym sposobem - ale czasem warto (8 krzyżyków!!!!!!!!!!!!!). Jeśli czegoś nie dopowiedziałem - proszę bardziej doświadczonych o dopisanie - lub sprostowanie. Quote Link to comment Share on other sites More sharing options...
reklama2000 Posted March 17, 2007 Share Posted March 17, 2007 Od siebie tylko dodam, że Hijackthis! najlepiej ściągać z oficjalnej strony - tam jako pierwsza pojawia się zawsze najnowsza wersja: http://www.spywareinfo.com/~merijn/programs.php Przed usunięciem wpisów w rejestrze dobrze jest wyłączyć Przywracanie Sytemu - nie chcemy przecież, by uparte wpisy wróciły. Opis: http://support.microsoft.com/kb/310405/pl Quote Link to comment Share on other sites More sharing options...
jordan Posted March 17, 2007 Share Posted March 17, 2007 http://www.hijackthis.de - ja nie polecam tej strony, najlepiej jest wkleić log z HijackThis na jakimś forum, aby sprawdzili go specjaliści Quote Link to comment Share on other sites More sharing options...
pasek1948 Posted March 17, 2007 Author Share Posted March 17, 2007 To może ja sam rozpocznę - i poproszę o ocenę fachowców - po analizie niby krzyżyków nie mam - ale może coś czasem.... Tu był log PS - dzięki za ocenę Quote Link to comment Share on other sites More sharing options...
reklama2000 Posted March 17, 2007 Share Posted March 17, 2007 http://www.hijackthis.de - ja nie polecam tej strony, najlepiej jest wkleić log z HijackThis na jakimś forum, aby sprawdzili go specjaliści Jest ona niewskazana osobom, które polegają tylko i wyłącznie na jej ocenie. Ale każdy nieznany proces można sprawdzić w Google, jak pisał to wcześniej pasek1948, a strona ta przyspiesza wynajdowanie nieznanych procesów. poproszę o ocenę Log czysty. Quote Link to comment Share on other sites More sharing options...
Venni Posted March 17, 2007 Share Posted March 17, 2007 moze na moj jeszcze zerknij reklamo ;) TUTAJ BYŁ LOG Quote Link to comment Share on other sites More sharing options...
reklama2000 Posted March 17, 2007 Share Posted March 17, 2007 to i ja moze na moj jeszcze zerknij reklamo ;) Według mnie log czysty. ZaFIXowałbym jednak: O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) Dodatkowo wyrzuciłbym z autostartu msmsgs.exe (prawdopodobnie wcale tego nie używasz) oraz winampa.exe. Jeśli nie wiesz jak to zrobić to daj znać. Quote Link to comment Share on other sites More sharing options...
pasek1948 Posted July 1, 2007 Author Share Posted July 1, 2007 Tu był mój log. Quote Link to comment Share on other sites More sharing options...
reklama2000 Posted July 1, 2007 Share Posted July 1, 2007 Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600) Przede wszystkim zainstaluj Service Pack 2. Możesz go ściągnąć chociażby z tej strony: http://www.download.net.pl/161/Windows-XP-Service-Pack/ Po instalacji SP2 odwiedź witrynę Windows Update korzystając z Internet Explorera (Narzędzia -> Windows Update) i ściągnij brakujące poprawki. Na tej witrynie możesz również ściągnąć najnowszą wersję Internet Explorera o numerze 7.x (Ty masz obecnie zainstalowaną wersję 6.x), którą również warto zainstalować, nawet jeśli nie korzystasz z IE. IE jest bardzo zintegrowany z systemem i aktualizacja przeglądarki uaktualni także niektóre pliki systemowe. Tak poza tym to log jest czysty. Mógłbyś jedynie zaFIXować: O23 - Service: StarWind iSCSI Service (StarWindService) - Unknown owner - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe (file missing) Quote Link to comment Share on other sites More sharing options...
eurocash Posted August 7, 2007 Share Posted August 7, 2007 hi jackthis----jest OK,ale nie wykrył trojana i 2 wirusów AB,które wykazał mi NOD32... Quote Link to comment Share on other sites More sharing options...
reklama2000 Posted August 7, 2007 Share Posted August 7, 2007 hi jackthis----jest OK,ale nie wykrył trojana i 2 wirusów AB,które wykazał mi NOD32... HijackThis nie jest programem antywirusowym. Quote Link to comment Share on other sites More sharing options...
kemosz Posted October 12, 2007 Share Posted October 12, 2007 Każdy używa co lubi.Ja stosuje avast(wiem jest slabszy od kasperskiego czy bitdefendera)w kombinacji z comodo firewallem + ad-aware se personal i spy bot.I c-cleanera czyszczącego zakamarki kompa z rejestrem włącznie.to myślę niezbędne minimum dla kogoś aktywnie korzystającego z sieci. Quote Link to comment Share on other sites More sharing options...
pasek1948 Posted October 12, 2007 Author Share Posted October 12, 2007 Każdy używa co lubi.Ja stosuje avast(wiem jest slabszy od kasperskiego czy bitdefendera)w kombinacji z comodo firewallem + ad-aware se personal i spy bot.I c-cleanera czyszczącego zakamarki kompa z rejestrem włącznie.to myślę niezbędne minimum dla kogoś aktywnie korzystającego z sieci. Sporo tego masz. Avast może nie jest zły, - ale obciąża komputer - co do tego nie mam wątpliwości, bo go używałem. O wiele mniej obciąża NOD23 - a jest równie dobry - o ile nie lepszy. Ładuje się błyskawicznie, nie spowalnia komputera, - a przy używaniu Firefoxa - a nie Internet Explorera - mam od wielu miesięcy spokój z wirusami. Jeśli chronić komputer to przede wszystkim programem NOD32 - który oprócz doskonałej ochrony jest również przyjazny dla zasobów komputera, w przeciwieństwie do Nortona, który niemiłosiernie spowalnia działanie systemu. http://forumemoney.com/showthread.php?t=9511&page=2 Quote Link to comment Share on other sites More sharing options...
kemosz Posted October 12, 2007 Share Posted October 12, 2007 Nie piszę ze nod32 jest zły,każdy ma swoje zaufane programy które dowiodły swojej użyteczności.Jednak teraz zapora i antywirus to mało.Robię raz na tydzień ''odkurzanie" i jak nie spybot to ad-aware zawsze ale to zawsze coś znajdują.Przeważnie to małe zagrożenia szpiegowskie ale trafiają się trojany od czasu do czasu.Na koniec używam ccleanera który pozbywa się zbędnych danych które komputer pobiera z internetu i porces ''odkurzania" kończy się pełnym sukcesem.Odkąd podchwyciłem tę metodę od znajomej, nie mam kłopotu z systemem(windows)który przedtem często mi padał z braku ochrony.Miałem wtedy jedynie avasta(wbrew obiegowej opinii wcale nie najgorszy)i zaporę windowsa co nie chroniło komputera przed atakami z internetu. Quote Link to comment Share on other sites More sharing options...
HUGOLOT Posted November 13, 2007 Share Posted November 13, 2007 Oto te 2 błędy: Explorer.EXE App Name:explorer.exe App Ver:6.0.2900.2649 Mod Name:unknown Mod Ver:0.0.0.0 Offset:02a11da4 drwatsn32.exe Event Type:BEX P1:drwtsn32.exe P2:5.1.2600 P3:3b7d84a2 P4:dbghelp.dll P5:5.1.2600.2180 P6:41109379 P7:0001295d P8:c0000409 P9:00000000 Błąd wyskoczył gdy zrobiłem oczyszczanie dysku C, mój komputer, właściwości, oczyszczanie dysku. Mój log:HijackThis Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:36:44, on 2007-11-12 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0011) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\WINDOWS\system32\taskswitch.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\PROGRA~1\LEXMAR~1\ACMonitor_X73.exe C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X73.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe C:\WINDOWS\explorer.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\pchealth\helpctr\System\panels\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office12\GRA8E1~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Alcohol Toolbar Helper - {8126A4A5-BFD3-46FE-BBDF-BFB5CF78E489} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL O3 - Toolbar: &Tłumaczenie - {0D704FAD-66E9-4F0A-BFED-4F665770DDB3} - C:\Program Files\Techland\Common\InternetTranslator\InternetTranslator.dll O3 - Toolbar: Alcohol Toolbar - {ED4BD629-C1B6-4399-8A34-02CCAA921DC9} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe O4 - HKLM\..\Run: [AtiPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [Lexmark X73 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X73.exe O4 - HKLM\..\Run: [Lexmark X73 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X73.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [RunDll32 C:\WINDOWS\system\cmicnfg.cpl,CMICtrlWnd] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: ["C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000 O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {B46B0919-62BA-4D99-A5C4-916B57A6805C} - C:\Program Files\Techland\Common\InternetTranslator\InternetTranslator.dll O9 - Extra 'Tools' menuitem: @C:\Program Files\Techland\Common\InternetTranslator\InternetTranslator.dll,-103 - {B46B0919-62BA-4D99-A5C4-916B57A6805C} - C:\Program Files\Techland\Common\InternetTranslator\InternetTranslator.dll O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~1\Office12\GR99D3~1.DLL O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- End of file - 7146 bytes Mój log:Silent Runners.vbs "Silent Runners.vbs", revision 52, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} "CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS] ""C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"" = ""C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"" ["Nero AG"] "AlcoholAutomount" = ""C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount" [null data] HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++} "GrooveMonitor" = ""C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"" [MS] "CoolSwitch" = "C:\WINDOWS\system32\taskswitch.exe" [null data] "PrinTray" = "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe" ["Lexmark"] "AtiPTA" = "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" ["ATI Technologies, Inc."] "Lexmark X73 Button Monitor" = "C:\PROGRA~1\LEXMAR~1\ACMonitor_X73.exe" ["Silitek Corp."] "Lexmark X73 Button Manager" = "C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X73.exe" ["Jetsoft Development Company"] "avast!" = "C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" ["ALWIL Software"] "RunDll32 C:\WINDOWS\system\cmicnfg.cpl,CMICtrlWnd" = "RunDll32 cmicnfg.cpl,CMICtrlWnd" [MS] "Cmaudio" = "RunDll32 cmicnfg.cpl,CMICtrlWnd" [MS] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided) -> {HKLM...CLSID} = "Adobe PDF Reader Link Helper" \InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"] {72853161-30C5-4D22-B7F9-0BBC1D38A37E}\(Default) = (no title provided) -> {HKLM...CLSID} = "Groove GFS Browser Helper" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~1\Office12\GRA8E1~1.DLL" [MS] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided) -> {HKLM...CLSID} = "SSVHelper Class" \InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll" ["Sun Microsystems, Inc."] {8126A4A5-BFD3-46FE-BBDF-BFB5CF78E489}\(Default) = (no title provided) -> {HKLM...CLSID} = "Alcohol Toolbar Helper" \InProcServer32\(Default) = "C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll" [null data] {9CB65201-89C4-402c-BA80-02D8C59F9B1D}\(Default) = "Ask Search Assistant BHO" -> {HKLM...CLSID} = "Ask Search Assistant BHO" \InProcServer32\(Default) = "C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL" ["Ask.com"] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu" -> {HKLM...CLSID} = "HyperTerminal Icon Ext" \InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."] "{EFA24E62-B078-11d0-89E4-00C04FC9E26E}" = "History Band" -> {HKLM...CLSID} = "History Band" \InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS] "{72853161-30C5-4D22-B7F9-0BBC1D38A37E}" = "Groove GFS Browser Helper" -> {HKLM...CLSID} = "Groove GFS Browser Helper" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~1\Office12\GRA8E1~1.DLL" [MS] "{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}" = "Groove GFS Explorer Bar" -> {HKLM...CLSID} = "Groove Folder Synchronization" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~1\Office12\GRA8E1~1.DLL" [MS] "{A449600E-1DC6-4232-B948-9BD794D62056}" = "Groove GFS Stub Icon Handler" -> {HKLM...CLSID} = "Groove GFS Stub Icon Handler" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~1\Office12\GRA8E1~1.DLL" [MS] "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}" = "Groove GFS Stub Execution Hook" -> {HKLM...CLSID} = "Groove GFS Stub Execution Hook" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~1\Office12\GRA8E1~1.DLL" [MS] "{6C467336-8281-4E60-8204-430CED96822D}" = "Groove GFS Context Menu Handler" -> {HKLM...CLSID} = "Groove GFS Context Menu Handler" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~1\Office12\GRA8E1~1.DLL" [MS] "{387E725D-DC16-4D76-B310-2C93ED4752A0}" = "Groove XML Icon Handler" -> {HKLM...CLSID} = "Groove XML Icon Handler" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~1\Office12\GRA8E1~1.DLL" [MS] "{16F3DD56-1AF5-4347-846D-7C10C4192619}" = "Groove Explorer Icon Overlay 3 (GFS Folder)" -> {HKLM...CLSID} = "Groove Explorer Icon Overlay 3 (GFS Folder)" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~1\Office12\GRA8E1~1.DLL" [MS] "{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC}" = "Groove Explorer Icon Overlay 2 (GFS Stub)" -> {HKLM...CLSID} = "Groove Explorer Icon Overlay 2 (GFS Stub)" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~1\Office12\GRA8E1~1.DLL" [MS] "{2916C86E-86A6-43FE-8112-43ABE6BF8DCC}" = "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" -> {HKLM...CLSID} = "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~1\Office12\GRA8E1~1.DLL" [MS] "{99FD978C-D287-4F50-827F-B2C658EDA8E7}" = "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" -> {HKLM...CLSID} = "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~1\Office12\GRA8E1~1.DLL" [MS] "{920E6DB1-9907-4370-B3A0-BAFC03D81399}" = "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" -> {HKLM...CLSID} = "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~1\Office12\GRA8E1~1.DLL" [MS] "{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler" -> {HKLM...CLSID} = "Outlook File Icon Extension" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~1\Office12\OLKFSTUB.DLL" [MS] "{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler" -> {HKLM...CLSID} = "Microsoft Office Outlook" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~1\Office12\MLSHEXT.DLL" [MS] "{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C}" = "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" -> {HKLM...CLSID} = "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~1\Office12\ONFILTER.DLL" [MS] "{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\msohevi.dll" [MS] "{993BE281-6695-4BA5-8A2A-7AACBFAAB69E}" = "Microsoft Office Metadata Handler" -> {HKLM...CLSID} = "Microsoft Office Metadata Handler" \InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS] "{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97}" = "Microsoft Office Thumbnail Handler" -> {HKLM...CLSID} = "Microsoft Office Thumbnail Handler" \InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS] "{1530F7EE-5128-43BD-9977-84A4B0FAD7DF}" = "PhotoToys" -> {HKCU...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\WINDOWS\system32\phototoys.dll" [MS] "{efb97cb8-a4a4-4357-a261-002ffaed0267}" = "CD Slideshow Powertoy" -> {HKCU...CLSID} = "CD Burn Slideshow Hook" \InProcServer32\(Default) = "C:\WINDOWS\system32\slideshow.dll" [MS] "{709C6E11-538F-4759-86AC-6ACB302AA0DE}" = "Desktop Manager" -> {HKCU...CLSID} = "Desktop Manager" \InProcServer32\(Default) = "C:\WINDOWS\system32\msvdm.dll" [null data] "{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D}" = "Messenger Sharing Folders" -> {HKLM...CLSID} = "Moje foldery udostępniania" \InProcServer32\(Default) = "C:\Program Files\MSN Messenger\fsshext.8.1.0178.00.dll" [MS] "{B327765E-D724-4347-8B16-78AE18552FC3}" = "NeroDigitalIconHandler" -> {HKLM...CLSID} = "NeroDigitalIconHandler Class" \InProcServer32\(Default) = "C:\Program Files\Common Files\Nero\Lib\NeroDigitalExt.dll" ["Nero AG"] "{7F1CF152-04F8-453A-B34C-E609530A9DC8}" = "NeroDigitalPropSheetHandler" -> {HKLM...CLSID} = "NeroDigitalPropSheetHandler Class" \InProcServer32\(Default) = "C:\Program Files\Common Files\Nero\Lib\NeroDigitalExt.dll" ["Nero AG"] "{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player" -> {HKLM...CLSID} = "RealOne Player Context Menu Class" \InProcServer32\(Default) = "C:\Program Files\ACE Mega CoDecS Pack\SystemS\RealMedia\rpshell.dll" ["RealNetworks, Inc."] "{CA5FEE26-14C1-4B5A-86E9-233FC0EE2682}" = "IZArc DragDrop Menu" -> {HKLM...CLSID} = "IZArc DragDrop Menu" \InProcServer32\(Default) = "C:\PROGRA~1\IZArc\IZArcCM.dll" [null data] "{8D9D4D0D-FDDD-44CB-AAB2-6161FA0757C5}" = "IZArc Shell Context Menu" -> {HKLM...CLSID} = "IZArc Shell Context Menu" \InProcServer32\(Default) = "C:\PROGRA~1\IZArc\IZArcCM.dll" [null data] "{472083B0-C522-11CF-8763-00608CC02F24}" = "avast" -> {HKLM...CLSID} = "avast" \InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"] "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] "{97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2}" = "NeroCoverEd Live Icons" -> {HKLM...CLSID} = "NeroCoverEdLiveIcons Class" \InProcServer32\(Default) = "C:\Program Files\Nero\Nero8\Nero CoverDesigner\CoverEdExtension.dll" ["Nero AG"] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\ <<!>> "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}" = "Groove GFS Stub Execution Hook" -> {HKLM...CLSID} = "Groove GFS Stub Execution Hook" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~1\Office12\GRA8E1~1.DLL" [MS] HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ "WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}" -> {HKLM...CLSID} = "WPDShServiceObj Class" \InProcServer32\(Default) = "C:\WINDOWS\system32\WPDShServiceObj.dll" [MS] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ <<!>> AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."] HKLM\Software\Classes\PROTOCOLS\Filter\ <<!>> text/xml\CLSID = "{807563E5-5146-11D5-A672-00B0D022E945}" -> {HKLM...CLSID} = "Microsoft Office InfoPath XML Mime Filter" \InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL" [MS] HKLM\Software\Classes\Folder\shellex\ColumnHandlers\ {7D4D6379-F301-4311-BEBA-E26EB0561882}\(Default) = "NeroDigitalExt.NeroDigitalColumnHandler" -> {HKLM...CLSID} = "NeroDigitalColumnHandler Class" \InProcServer32\(Default) = "C:\Program Files\Common Files\Nero\Lib\NeroDigitalExt.dll" ["Nero AG"] {F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info" -> {HKLM...CLSID} = "PDF Shell Extension" \InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."] HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}" -> {HKLM...CLSID} = "avast" \InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"] Cover Designer\(Default) = "{73FCA462-9BD5-4065-A73F-A8E5F6904EF7}" -> {HKLM...CLSID} = "NeroCoverEdContextMenu Class" \InProcServer32\(Default) = "C:\Program Files\Nero\Nero8\Nero CoverDesigner\CoverEdExtension.dll" ["Nero AG"] IZArcCM\(Default) = "{8D9D4D0D-FDDD-44CB-AAB2-6161FA0757C5}" -> {HKLM...CLSID} = "IZArc Shell Context Menu" \InProcServer32\(Default) = "C:\PROGRA~1\IZArc\IZArcCM.dll" [null data] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] XXX Groove GFS Context Menu Handler XXX\(Default) = "{6C467336-8281-4E60-8204-430CED96822D}" -> {HKLM...CLSID} = "Groove GFS Context Menu Handler" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~1\Office12\GRA8E1~1.DLL" [MS] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ IZArcCM\(Default) = "{8D9D4D0D-FDDD-44CB-AAB2-6161FA0757C5}" -> {HKLM...CLSID} = "IZArc Shell Context Menu" \InProcServer32\(Default) = "C:\PROGRA~1\IZArc\IZArcCM.dll" [null data] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] XXX Groove GFS Context Menu Handler XXX\(Default) = "{6C467336-8281-4E60-8204-430CED96822D}" -> {HKLM...CLSID} = "Groove GFS Context Menu Handler" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~1\Office12\GRA8E1~1.DLL" [MS] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}" -> {HKLM...CLSID} = "avast" \InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] XXX Groove GFS Context Menu Handler XXX\(Default) = "{6C467336-8281-4E60-8204-430CED96822D}" -> {HKLM...CLSID} = "Groove GFS Context Menu Handler" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~1\Office12\GRA8E1~1.DLL" [MS] HKLM\Software\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\ XXX Groove GFS Context Menu Handler XXX\(Default) = "{6C467336-8281-4E60-8204-430CED96822D}" -> {HKLM...CLSID} = "Groove GFS Context Menu Handler" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~1\Office12\GRA8E1~1.DLL" [MS] Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\ "NoLowDiskSpaceChecks" = (REG_DWORD) hex:0x00000001 {unrecognized setting} "NoRecentDocsMenu" = (REG_DWORD) hex:0x00000001 {unrecognized setting} "NoSMConfigurePrograms" = (REG_DWORD) hex:0x00000001 {unrecognized setting} "ForceClassicControlPanel" = (REG_DWORD) hex:0x00000001 {unrecognized setting} "NoChangeKeyboardNavigationIndicators" = (REG_DWORD) hex:0x00000000 {unrecognized setting} "ClassicShell" = (REG_DWORD) hex:0x00000000 {User Configuration|Administrative Templates|Windows Components|Windows Explorer| Enable Classic Shell / Turn on Classic Shell} "NoSharedDocuments" = (REG_DWORD) hex:0x00000001 {User Configuration|Administrative Templates|Windows Components|Windows Explorer| Remove Shared Documents from My Computer} HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\ "ClassicShell" = (REG_DWORD) hex:0x00000000 {unrecognized setting} "NoRemoteRecursiveEvents" = (REG_DWORD) hex:0x00000001 {unrecognized setting} HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\ "shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Shutdown: Allow system to be shut down without having to log on} "undockwithoutlogon" = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Devices: Allow undock without having to log on} "NoInternetOpenWith" = (REG_DWORD) hex:0x00000001 {unrecognized setting} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ "Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp" Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ "Wallpaper" = "C:\Documents and Settings\Mariusz\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp" Enabled Scheduled Tasks: ------------------------ "Registry First Aid Platinum autoscan" -> launches: "C:\Program Files\RFA Platinum\reg1aid.exe /autoscan" ["KsL Software"] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS] 000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 11 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ "{ED4BD629-C1B6-4399-8A34-02CCAA921DC9}" -> {HKLM...CLSID} = "Alcohol Toolbar" \InProcServer32\(Default) = "C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll" [null data] HKLM\Software\Microsoft\Internet Explorer\Toolbar\ "{0D704FAD-66E9-4F0A-BFED-4F665770DDB3}" = (no title provided) -> {HKLM...CLSID} = "&Tłumaczenie" \InProcServer32\(Default) = "C:\Program Files\Techland\Common\InternetTranslator\InternetTranslator.dll" ["Techland"] "{ED4BD629-C1B6-4399-8A34-02CCAA921DC9}" = "Alcohol Toolbar" -> {HKLM...CLSID} = "Alcohol Toolbar" \InProcServer32\(Default) = "C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll" [null data] Explorer Bars HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\ HKLM\Software\Classes\CLSID\{175556B1-4D91-4E9A-9C4B-D6888D5DEE6C}\(Default) = "&Ramka Tłumaczenia" Implemented Categories\{00021494-0000-0000-C000-000000000046}\ [horizontal bar] InProcServer32\(Default) = "C:\Program Files\Techland\Common\InternetTranslator\InternetTranslator.dll" ["Techland"] HKLM\Software\Classes\CLSID\{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}\(Default) = "Groove Folder Synchronization" Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32\(Default) = "C:\PROGRA~1\MICROS~1\Office12\GRA8E1~1.DLL" [MS] HKLM\Software\Classes\CLSID\{D553F157-2AB0-4B46-98D2-7BA7CA418491}\(Default) = "&Słownik Podręczny" Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32\(Default) = "C:\Program Files\Techland\Common\InternetTranslator\InternetTranslator.dll" ["Techland"] HKLM\Software\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Poszukaj" Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32\(Default) = "C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL" [MS] Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {2670000A-7350-4F3C-8081-5663EE0C6C49}\ "ButtonText" = "Wyślij do programu OneNote" "MenuText" = "Wyślij &do programu OneNote" "CLSIDExtension" = "{48E73304-E1D6-4330-914C-F5F514E3486C}" -> {HKLM...CLSID} = "Send to OneNote from Internet Explorer button" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll" [MS] {92780B25-18CC-41C8-B9BE-3C9C571A8263}\ "ButtonText" = "Research" {B46B0919-62BA-4D99-A5C4-916B57A6805C}\ "MenuText" = "@C:\Program Files\Techland\Common\InternetTranslator\InternetTranslator.dll,-103" "CLSIDExtension" = "{B46B0919-62BA-4D99-A5C4-916B57A6805C}" -> {HKLM...CLSID} = "InternetTranslatorProperties Class" \InProcServer32\(Default) = "C:\Program Files\Techland\Common\InternetTranslator\InternetTranslator.dll" ["Techland"] {FB5F1910-F110-11D2-BB9E-00C04F795683}\ "ButtonText" = "@C:\Program Files\Messenger\Msgslang.dll,-61144" "MenuText" = "@C:\Program Files\Messenger\Msgslang.dll,-61144" "Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS] Miscellaneous IE Hijack Points ------------------------------ HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\ <<H>> "{9CB65206-89C4-402c-BA80-02D8C59F9B1D}" = (no title provided) -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL" ["Ask.com"] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ Ati HotKey Poller, Ati HotKey Poller, "C:\WINDOWS\system32\Ati2evxx.exe" ["ATI Technologies Inc."] avast! Antivirus, avast! Antivirus, ""C:\Program Files\Alwil Software\Avast4\ashServ.exe"" ["ALWIL Software"] avast! iAVS4 Control Service, aswUpdSv, ""C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"" ["ALWIL Software"] avast! Mail Scanner, avast! Mail Scanner, ""C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service" ["ALWIL Software"] avast! Web Scanner, avast! Web Scanner, ""C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service" ["ALWIL Software"] LexBce Server, LexBceS, "C:\WINDOWS\system32\LEXBCES.EXE" ["Lexmark International, Inc."] Nero BackItUp Scheduler 3, Nero BackItUp Scheduler 3, "C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe" ["Nero AG"] NMIndexingService, NMIndexingService, ""C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe"" ["Nero AG"] StarWind AE Service, StarWindServiceAE, "C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe" ["Rocket Division Software"] Print Monitors: --------------- HKLM\System\CurrentControlSet\Control\Print\Monitors\ Lexmark Network Port\Driver = "LEXLMPM.DLL" ["Lexmark International, Inc."] Send To Microsoft OneNote Monitor\Driver = "msonpmon.dll" [MS] ---------- (launch time: 2007-11-12 19:32:27) <<!>>: Suspicious data at a malware launch point. <<H>>: Suspicious data at a browser hijack point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + The search for DESKTOP.INI DLL launch points on all local fixed drives took 53 seconds. ---------- (total run time: 197 seconds) Quote Link to comment Share on other sites More sharing options...
reklama2000 Posted November 13, 2007 Share Posted November 13, 2007 Wyłącz Przywracanie Systemu. W HijackThis zaFIXuj: R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL (usuń fizycznie folder z dysku) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL Silent Runner pokazuje to samo. Po usunięciu wpisów zrestartuj komputer i zrób nowe logi - sprawdź, czy wpisy zniknęły. Jeśli nie to daj znać. Dodatkowo: :arrow: Przeczyść dysk Ccleanerem: http://forumemoney.com/showthread.php?t=9480 :arrow: Uaktualnij system za pomocą witryny Windows Update. :arrow: Przeskanuj dysk programami typu antywirus/antyspyware: Kaspersky http://www.kaspersky.com/virusscanner Panda http://www.pandasoftware.com/products/activescan Ad Aware http://www.download.com/3000-2144-10045910.html Więcej w temacie: http://forumemoney.com/showthread.php?t=8193&highlight=kaspersky :arrow: Zdefragmentuj dysk: Start -> Programy -> Akcesoria -> Narzędzia Systemowe -> Defragmentator Dysku :arrow: Odinstaluj za pomocą Dodań/Usuń Programy nieużywane aplikacje by zkwiększyć ilość wolnego miejsca na dysku C: :arrow: Przeskanuj dysk narzędziem chkdsk: Start -> Uruchom -> wpisz cmd i naciśnij enter. W konsoli, która się otworzy wpisz chkdsk /r Uruchom ponownie komputer. :arrow: Sprawdź, czy nie wyskakują opisane przez Ciebie błędy i daj znać. Quote Link to comment Share on other sites More sharing options...
HUGOLOT Posted November 14, 2007 Share Posted November 14, 2007 Dzięki za pomoc reklama2000. Podobne wnioski wyciągłem co ty, co do tych wpisów. Troche wczoraj szperałem na google... Ale i tak denks...:D Dzięki za dodatkowe inf co należy dalej zrobić po usunięciu wpisów... Logi rzuce w piątek... NARA Quote Link to comment Share on other sites More sharing options...
HUGOLOT Posted November 16, 2007 Share Posted November 16, 2007 Witam... Hej reklama2000, zrobiłem tak jak opisałeś, ale błąd nadal wyskakiwał, więc usunąłem nero8:evil: bo mnie troche wkór.... :evil: długo się uruchamiał:mad: , ale to nic nie dało:( , więc na odstrzał poszedł alcohol120%:evil: i eureka...:D przypomniałem sobie że w nim gdzieś widniał napis 0.0.0.0 to samo było w Explorer.EXE... ...dosyć gadania, błędów narazie nie ma... to moje nowe logi;HijackThis Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:29:25, on 2007-11-15 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0011) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\WINDOWS\system32\taskswitch.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\PROGRA~1\LEXMAR~1\ACMonitor_X73.exe C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X73.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\pchealth\helpctr\System\panels\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office12\GRA8E1~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O3 - Toolbar: &Tłumaczenie - {0D704FAD-66E9-4F0A-BFED-4F665770DDB3} - C:\Program Files\Techland\Common\InternetTranslator\InternetTranslator.dll O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe O4 - HKLM\..\Run: [AtiPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [Lexmark X73 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X73.exe O4 - HKLM\..\Run: [Lexmark X73 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X73.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000 O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {B46B0919-62BA-4D99-A5C4-916B57A6805C} - C:\Program Files\Techland\Common\InternetTranslator\InternetTranslator.dll O9 - Extra 'Tools' menuitem: @C:\Program Files\Techland\Common\InternetTranslator\InternetTranslator.dll,-103 - {B46B0919-62BA-4D99-A5C4-916B57A6805C} - C:\Program Files\Techland\Common\InternetTranslator\InternetTranslator.dll O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~1\Office12\GR99D3~1.DLL O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE -- End of file - 5737 bytes oraz log z;Silent Runners.vbs "Silent Runners.vbs", revision 52, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} "CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS] HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++} "GrooveMonitor" = ""C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"" [MS] "CoolSwitch" = "C:\WINDOWS\system32\taskswitch.exe" [null data] "PrinTray" = "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe" ["Lexmark"] "AtiPTA" = "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" ["ATI Technologies, Inc."] "Lexmark X73 Button Monitor" = "C:\PROGRA~1\LEXMAR~1\ACMonitor_X73.exe" ["Silitek Corp."] "Lexmark X73 Button Manager" = "C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X73.exe" ["Jetsoft Development Company"] "avast!" = "C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" ["ALWIL Software"] "Cmaudio" = "RunDll32 cmicnfg.cpl,CMICtrlWnd" [MS] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided) -> {HKLM...CLSID} = "Adobe PDF Reader Link Helper" \InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"] {72853161-30C5-4D22-B7F9-0BBC1D38A37E}\(Default) = (no title provided) -> {HKLM...CLSID} = "Groove GFS Browser Helper" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~1\Office12\GRA8E1~1.DLL" [MS] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided) -> {HKLM...CLSID} = "SSVHelper Class" \InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll" ["Sun Microsystems, Inc."] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu" -> {HKLM...CLSID} = "HyperTerminal Icon Ext" \InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."] "{EFA24E62-B078-11d0-89E4-00C04FC9E26E}" = "History Band" -> {HKLM...CLSID} = "History Band" \InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS] "{72853161-30C5-4D22-B7F9-0BBC1D38A37E}" = "Groove GFS Browser Helper" -> {HKLM...CLSID} = "Groove GFS Browser Helper" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~1\Office12\GRA8E1~1.DLL" [MS] "{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}" = "Groove GFS Explorer Bar" -> {HKLM...CLSID} = "Groove Folder Synchronization" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~1\Office12\GRA8E1~1.DLL" [MS] "{A449600E-1DC6-4232-B948-9BD794D62056}" = "Groove GFS Stub Icon Handler" -> {HKLM...CLSID} = "Groove GFS Stub Icon Handler" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~1\Office12\GRA8E1~1.DLL" [MS] "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}" = "Groove GFS Stub Execution Hook" -> {HKLM...CLSID} = "Groove GFS Stub Execution Hook" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~1\Office12\GRA8E1~1.DLL" [MS] "{6C467336-8281-4E60-8204-430CED96822D}" = "Groove GFS Context Menu Handler" -> {HKLM...CLSID} = "Groove GFS Context Menu Handler" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~1\Office12\GRA8E1~1.DLL" [MS] "{387E725D-DC16-4D76-B310-2C93ED4752A0}" = "Groove XML Icon Handler" -> {HKLM...CLSID} = "Groove XML Icon Handler" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~1\Office12\GRA8E1~1.DLL" [MS] "{16F3DD56-1AF5-4347-846D-7C10C4192619}" = "Groove Explorer Icon Overlay 3 (GFS Folder)" -> {HKLM...CLSID} = "Groove Explorer Icon Overlay 3 (GFS Folder)" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~1\Office12\GRA8E1~1.DLL" [MS] "{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC}" = "Groove Explorer Icon Overlay 2 (GFS Stub)" -> {HKLM...CLSID} = "Groove Explorer Icon Overlay 2 (GFS Stub)" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~1\Office12\GRA8E1~1.DLL" [MS] "{2916C86E-86A6-43FE-8112-43ABE6BF8DCC}" = "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" -> {HKLM...CLSID} = "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~1\Office12\GRA8E1~1.DLL" [MS] "{99FD978C-D287-4F50-827F-B2C658EDA8E7}" = "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" -> {HKLM...CLSID} = "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~1\Office12\GRA8E1~1.DLL" [MS] "{920E6DB1-9907-4370-B3A0-BAFC03D81399}" = "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" -> {HKLM...CLSID} = "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~1\Office12\GRA8E1~1.DLL" [MS] "{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler" -> {HKLM...CLSID} = "Outlook File Icon Extension" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~1\Office12\OLKFSTUB.DLL" [MS] "{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler" -> {HKLM...CLSID} = "Microsoft Office Outlook" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~1\Office12\MLSHEXT.DLL" [MS] "{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C}" = "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" -> {HKLM...CLSID} = "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~1\Office12\ONFILTER.DLL" [MS] "{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\msohevi.dll" [MS] "{993BE281-6695-4BA5-8A2A-7AACBFAAB69E}" = "Microsoft Office Metadata Handler" -> {HKLM...CLSID} = "Microsoft Office Metadata Handler" \InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS] "{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97}" = "Microsoft Office Thumbnail Handler" -> {HKLM...CLSID} = "Microsoft Office Thumbnail Handler" \InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS] "{1530F7EE-5128-43BD-9977-84A4B0FAD7DF}" = "PhotoToys" -> {HKCU...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\WINDOWS\system32\phototoys.dll" [MS] "{efb97cb8-a4a4-4357-a261-002ffaed0267}" = "CD Slideshow Powertoy" -> {HKCU...CLSID} = "CD Burn Slideshow Hook" \InProcServer32\(Default) = "C:\WINDOWS\system32\slideshow.dll" [MS] "{709C6E11-538F-4759-86AC-6ACB302AA0DE}" = "Desktop Manager" -> {HKCU...CLSID} = "Desktop Manager" \InProcServer32\(Default) = "C:\WINDOWS\system32\msvdm.dll" [null data] "{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D}" = "Messenger Sharing Folders" -> {HKLM...CLSID} = "Moje foldery udostępniania" \InProcServer32\(Default) = "C:\Program Files\MSN Messenger\fsshext.8.1.0178.00.dll" [MS] "{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player" -> {HKLM...CLSID} = "RealOne Player Context Menu Class" \InProcServer32\(Default) = "C:\Program Files\ACE Mega CoDecS Pack\SystemS\RealMedia\rpshell.dll" ["RealNetworks, Inc."] "{CA5FEE26-14C1-4B5A-86E9-233FC0EE2682}" = "IZArc DragDrop Menu" -> {HKLM...CLSID} = "IZArc DragDrop Menu" \InProcServer32\(Default) = "C:\PROGRA~1\IZArc\IZArcCM.dll" [null data] "{8D9D4D0D-FDDD-44CB-AAB2-6161FA0757C5}" = "IZArc Shell Context Menu" -> {HKLM...CLSID} = "IZArc Shell Context Menu" \InProcServer32\(Default) = "C:\PROGRA~1\IZArc\IZArcCM.dll" [null data] "{472083B0-C522-11CF-8763-00608CC02F24}" = "avast" -> {HKLM...CLSID} = "avast" \InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"] "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\ <<!>> "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}" = "Groove GFS Stub Execution Hook" -> {HKLM...CLSID} = "Groove GFS Stub Execution Hook" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~1\Office12\GRA8E1~1.DLL" [MS] HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ "WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}" -> {HKLM...CLSID} = "WPDShServiceObj Class" \InProcServer32\(Default) = "C:\WINDOWS\system32\WPDShServiceObj.dll" [MS] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ <<!>> AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."] HKLM\Software\Classes\PROTOCOLS\Filter\ <<!>> text/xml\CLSID = "{807563E5-5146-11D5-A672-00B0D022E945}" -> {HKLM...CLSID} = "Microsoft Office InfoPath XML Mime Filter" \InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL" [MS] HKLM\Software\Classes\Folder\shellex\ColumnHandlers\ {F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info" -> {HKLM...CLSID} = "PDF Shell Extension" \InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."] HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}" -> {HKLM...CLSID} = "avast" \InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"] IZArcCM\(Default) = "{8D9D4D0D-FDDD-44CB-AAB2-6161FA0757C5}" -> {HKLM...CLSID} = "IZArc Shell Context Menu" \InProcServer32\(Default) = "C:\PROGRA~1\IZArc\IZArcCM.dll" [null data] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] XXX Groove GFS Context Menu Handler XXX\(Default) = "{6C467336-8281-4E60-8204-430CED96822D}" -> {HKLM...CLSID} = "Groove GFS Context Menu Handler" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~1\Office12\GRA8E1~1.DLL" [MS] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ IZArcCM\(Default) = "{8D9D4D0D-FDDD-44CB-AAB2-6161FA0757C5}" -> {HKLM...CLSID} = "IZArc Shell Context Menu" \InProcServer32\(Default) = "C:\PROGRA~1\IZArc\IZArcCM.dll" [null data] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] XXX Groove GFS Context Menu Handler XXX\(Default) = "{6C467336-8281-4E60-8204-430CED96822D}" -> {HKLM...CLSID} = "Groove GFS Context Menu Handler" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~1\Office12\GRA8E1~1.DLL" [MS] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}" -> {HKLM...CLSID} = "avast" \InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] XXX Groove GFS Context Menu Handler XXX\(Default) = "{6C467336-8281-4E60-8204-430CED96822D}" -> {HKLM...CLSID} = "Groove GFS Context Menu Handler" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~1\Office12\GRA8E1~1.DLL" [MS] HKLM\Software\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\ XXX Groove GFS Context Menu Handler XXX\(Default) = "{6C467336-8281-4E60-8204-430CED96822D}" -> {HKLM...CLSID} = "Groove GFS Context Menu Handler" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~1\Office12\GRA8E1~1.DLL" [MS] Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\ "NoLowDiskSpaceChecks" = (REG_DWORD) hex:0x00000001 {unrecognized setting} "NoRecentDocsMenu" = (REG_DWORD) hex:0x00000001 {unrecognized setting} "NoSMConfigurePrograms" = (REG_DWORD) hex:0x00000001 {unrecognized setting} "ForceClassicControlPanel" = (REG_DWORD) hex:0x00000001 {unrecognized setting} "NoChangeKeyboardNavigationIndicators" = (REG_DWORD) hex:0x00000000 {unrecognized setting} "ClassicShell" = (REG_DWORD) hex:0x00000000 {User Configuration|Administrative Templates|Windows Components|Windows Explorer| Enable Classic Shell / Turn on Classic Shell} "NoSharedDocuments" = (REG_DWORD) hex:0x00000001 {User Configuration|Administrative Templates|Windows Components|Windows Explorer| Remove Shared Documents from My Computer} HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\ "ClassicShell" = (REG_DWORD) hex:0x00000000 {unrecognized setting} "NoRemoteRecursiveEvents" = (REG_DWORD) hex:0x00000001 {unrecognized setting} HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\ "shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Shutdown: Allow system to be shut down without having to log on} "undockwithoutlogon" = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Devices: Allow undock without having to log on} "NoInternetOpenWith" = (REG_DWORD) hex:0x00000001 {unrecognized setting} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ "Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp" Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ "Wallpaper" = "C:\Documents and Settings\Mariusz\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp" Enabled Scheduled Tasks: ------------------------ "Registry First Aid Platinum autoscan" -> launches: "C:\Program Files\RFA Platinum\reg1aid.exe /autoscan" ["KsL Software"] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS] 000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 11 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKLM\Software\Microsoft\Internet Explorer\Toolbar\ "{0D704FAD-66E9-4F0A-BFED-4F665770DDB3}" = (no title provided) -> {HKLM...CLSID} = "&Tłumaczenie" \InProcServer32\(Default) = "C:\Program Files\Techland\Common\InternetTranslator\InternetTranslator.dll" ["Techland"] Explorer Bars HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\ HKLM\Software\Classes\CLSID\{175556B1-4D91-4E9A-9C4B-D6888D5DEE6C}\(Default) = "&Ramka Tłumaczenia" Implemented Categories\{00021494-0000-0000-C000-000000000046}\ [horizontal bar] InProcServer32\(Default) = "C:\Program Files\Techland\Common\InternetTranslator\InternetTranslator.dll" ["Techland"] HKLM\Software\Classes\CLSID\{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}\(Default) = "Groove Folder Synchronization" Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32\(Default) = "C:\PROGRA~1\MICROS~1\Office12\GRA8E1~1.DLL" [MS] HKLM\Software\Classes\CLSID\{D553F157-2AB0-4B46-98D2-7BA7CA418491}\(Default) = "&Słownik Podręczny" Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32\(Default) = "C:\Program Files\Techland\Common\InternetTranslator\InternetTranslator.dll" ["Techland"] HKLM\Software\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Poszukaj" Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32\(Default) = "C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL" [MS] Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {2670000A-7350-4F3C-8081-5663EE0C6C49}\ "ButtonText" = "Wyślij do programu OneNote" "MenuText" = "Wyślij &do programu OneNote" "CLSIDExtension" = "{48E73304-E1D6-4330-914C-F5F514E3486C}" -> {HKLM...CLSID} = "Send to OneNote from Internet Explorer button" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll" [MS] {92780B25-18CC-41C8-B9BE-3C9C571A8263}\ "ButtonText" = "Research" {B46B0919-62BA-4D99-A5C4-916B57A6805C}\ "MenuText" = "@C:\Program Files\Techland\Common\InternetTranslator\InternetTranslator.dll,-103" "CLSIDExtension" = "{B46B0919-62BA-4D99-A5C4-916B57A6805C}" -> {HKLM...CLSID} = "InternetTranslatorProperties Class" \InProcServer32\(Default) = "C:\Program Files\Techland\Common\InternetTranslator\InternetTranslator.dll" ["Techland"] {FB5F1910-F110-11D2-BB9E-00C04F795683}\ "ButtonText" = "@C:\Program Files\Messenger\Msgslang.dll,-61144" "MenuText" = "@C:\Program Files\Messenger\Msgslang.dll,-61144" "Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ Ati HotKey Poller, Ati HotKey Poller, "C:\WINDOWS\system32\Ati2evxx.exe" ["ATI Technologies Inc."] avast! Antivirus, avast! Antivirus, ""C:\Program Files\Alwil Software\Avast4\ashServ.exe"" ["ALWIL Software"] avast! iAVS4 Control Service, aswUpdSv, ""C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"" ["ALWIL Software"] avast! Mail Scanner, avast! Mail Scanner, ""C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service" ["ALWIL Software"] avast! Web Scanner, avast! Web Scanner, ""C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service" ["ALWIL Software"] LexBce Server, LexBceS, "C:\WINDOWS\system32\LEXBCES.EXE" ["Lexmark International, Inc."] Print Monitors: --------------- HKLM\System\CurrentControlSet\Control\Print\Monitors\ Lexmark Network Port\Driver = "LEXLMPM.DLL" ["Lexmark International, Inc."] Send To Microsoft OneNote Monitor\Driver = "msonpmon.dll" [MS] ---------- (launch time: 2007-11-15 17:29:53) <<!>>: Suspicious data at a malware launch point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + To search all directories of local fixed drives for DESKTOP.INI DLL launch points, use the -supp parameter or answer "No" at the first message box and "Yes" at the second message box. ---------- (total run time: 124 seconds, including 6 seconds for message boxes) wydaje się że jes czysto...ale ten wpis miał żółty znak zapytania; O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - sprawdze w googlah co to jest... jak ktoś coś zauważył to niech da znać... miłego weekendu dla wszystkich forumowców... --- połączone --- Zapomniałem o czymś.... Nie robiłem aktualizacji systemu Windows Update...po prostu nie mam w chacie neta...zrobie to u kumpla...ale nie w tym odcinku... Quote Link to comment Share on other sites More sharing options...
reklama2000 Posted November 16, 2007 Share Posted November 16, 2007 wydaje się że jes czysto...ale ten wpis miał żółty znak zapytania;O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - Logi czyste. Ten wpis najprawdopodobniej został utworzony przez Yahoo! Messenger lub inny produkt Yahoo! Quote Link to comment Share on other sites More sharing options...
HUGOLOT Posted November 19, 2007 Share Posted November 19, 2007 Witam... Co do tego wpisu O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - to jak instalowałem CCleaner, to się zainstalowało Yahoo!...wywaliłem Yahoo! i ten wpis też... Teraz jest czysto... A do sprzątania kompa używam; Your Uninstaller 2006 pro Registry First Aid Platinum v6 Odkurzacz 10 profesional Dobre programiki...polecam...:D Quote Link to comment Share on other sites More sharing options...
pasek1948 Posted November 19, 2007 Author Share Posted November 19, 2007 Usunął bym jeszcze te wpisy, - ale najlepiej po potwierdzeniu przez reklama2000: O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') Quote Link to comment Share on other sites More sharing options...
HUGOLOT Posted November 19, 2007 Share Posted November 19, 2007 Na temat; ctfmon.exe znalazłem coś takiego; http://wirusy.antivirenkit.pl/pl/opis/Backdoor.Win32.VB.ade.html zobaczymy co powie reklama2000... Quote Link to comment Share on other sites More sharing options...
reklama2000 Posted November 19, 2007 Share Posted November 19, 2007 ctfmon.exe jest procesem całkowicie niegroźnym. Odpowiada on za multijęzyczność, czyli na przykład za rozpoznawanie języka. Jeśli korzystasz jedynie z języka polskiego to możesz go wyrzucić jako zbędny: Panel sterowania -> Ustawienia regionalne -> Język -> Szczegóły -> Zaawansowane -> haczyk przy wyłączaniu usług tekstowych w sekcji Konfiguracja systemu Podany przez Ciebie link opisuje trojana, jadnak w jego przypadku plik jest uruchamiany z folderu dllcache, natomiast u Ciebie jest on uruchamaiy z folderu system32, czyli wszystko w porządku. Quote Link to comment Share on other sites More sharing options...
HUGOLOT Posted November 20, 2007 Share Posted November 20, 2007 Tego procesu ctfmon.exe, nie będe wyłączał, kożystam z kilku języków... Narazie komp działa...:D Jak będą problemy, to wiem gdzie się zgłosić... Podziękowania dla reklama2000 i dla pasek1948 - za zwrócenie uwagi co do wpisów; O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') spostrzerzenia nie były trafne, ale teraz już wiemy co to są za wpisy, a co jest wirusem...:cool: Temat uważam za zamknięty. Quote Link to comment Share on other sites More sharing options...
Kazimierz Posted February 29, 2008 Share Posted February 29, 2008 Mam problem, chociaż nie stwierdziłem wirusów. Proszę o przejrzenie loga i jakąś podpowiedź. Logfile of HijackThis v1.99.1 Scan saved at 19:11:49, on 2008-02-29 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16608) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\RunDll32.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\wvremcon.exe C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe C:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe C:\Program Files\Logitech\QuickCam10\QuickCam10.exe C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\CursorXP\CursorXP.exe C:\Program Files\WIDCOMM\Oprogramowanie interfejsu Bluetooth\BTTray.exe C:\Program Files\Corel\Graphics9\Register\Remind32.exe C:\PROGRA~1\WIDCOMM\OPROGR~1\BTSTAC~1.EXE C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\WIDCOMM\Oprogramowanie interfejsu Bluetooth\bin\btwdins.exe c:\program files\mcafee.com\agent\mcdetect.exe c:\PROGRA~1\mcafee.com\agent\mctskshd.exe C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe C:\Program Files\SiteAdvisor\6253\SAService.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Logitech\QuickCam10\COCIManager.exe C:\Program Files\Gadu-Gadu\gg.exe C:\Program Files\Winamp\winamp.exe C:\Program Files\iTunes\iTunes.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\Program Files\SiteAdvisor\6253\SiteAdv.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Outlook Express\msimn.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\WinRAR\WinRAR.exe C:\DOCUME~1\Kaziu\USTAWI~1\Temp\Rar$EX17.936\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - I:\Program Files\FlashGet\jccatch.dll (file missing) O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [wvremcon] C:\WINDOWS\wvremcon.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe" O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe O4 - Startup: Rejestrowanie produktów Corela.lnk = C:\Program Files\Corel\Graphics9\Register\Remind32.exe O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O8 - Extra context menu item: &Stáhnout &vše FlashGetem - I:\Program Files\FlashGet\jc_all.htm O8 - Extra context menu item: &Stáhnout FlashGetem - I:\Program Files\FlashGet\jc_link.htm O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Oprogramowanie interfejsu Bluetooth\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Oprogramowanie interfejsu Bluetooth\btsendto_ie.htm O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [iNTERNATIONAL] International* O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab O18 - Protocol: bw+0 - {9EC55765-D3F3-40EB-AE78-474523321C65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw+0s - {9EC55765-D3F3-40EB-AE78-474523321C65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0 - {9EC55765-D3F3-40EB-AE78-474523321C65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0s - {9EC55765-D3F3-40EB-AE78-474523321C65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00 - {9EC55765-D3F3-40EB-AE78-474523321C65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00s - {9EC55765-D3F3-40EB-AE78-474523321C65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10 - {9EC55765-D3F3-40EB-AE78-474523321C65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10s - {9EC55765-D3F3-40EB-AE78-474523321C65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20 - {9EC55765-D3F3-40EB-AE78-474523321C65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20s - {9EC55765-D3F3-40EB-AE78-474523321C65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30 - {9EC55765-D3F3-40EB-AE78-474523321C65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30s - {9EC55765-D3F3-40EB-AE78-474523321C65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40 - {9EC55765-D3F3-40EB-AE78-474523321C65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40s - {9EC55765-D3F3-40EB-AE78-474523321C65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50 - {9EC55765-D3F3-40EB-AE78-474523321C65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50s - {9EC55765-D3F3-40EB-AE78-474523321C65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60 - {9EC55765-D3F3-40EB-AE78-474523321C65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60s - {9EC55765-D3F3-40EB-AE78-474523321C65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70 - {9EC55765-D3F3-40EB-AE78-474523321C65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70s - {9EC55765-D3F3-40EB-AE78-474523321C65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80 - {9EC55765-D3F3-40EB-AE78-474523321C65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80s - {9EC55765-D3F3-40EB-AE78-474523321C65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90 - {9EC55765-D3F3-40EB-AE78-474523321C65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90s - {9EC55765-D3F3-40EB-AE78-474523321C65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0 - {9EC55765-D3F3-40EB-AE78-474523321C65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0s - {9EC55765-D3F3-40EB-AE78-474523321C65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0 - {9EC55765-D3F3-40EB-AE78-474523321C65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0s - {9EC55765-D3F3-40EB-AE78-474523321C65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0 - {9EC55765-D3F3-40EB-AE78-474523321C65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0s - {9EC55765-D3F3-40EB-AE78-474523321C65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0 - {9EC55765-D3F3-40EB-AE78-474523321C65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0s - {9EC55765-D3F3-40EB-AE78-474523321C65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0 - {9EC55765-D3F3-40EB-AE78-474523321C65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0s - {9EC55765-D3F3-40EB-AE78-474523321C65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0 - {9EC55765-D3F3-40EB-AE78-474523321C65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0s - {9EC55765-D3F3-40EB-AE78-474523321C65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: bwg0 - {9EC55765-D3F3-40EB-AE78-474523321C65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwg0s - {9EC55765-D3F3-40EB-AE78-474523321C65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0 - {9EC55765-D3F3-40EB-AE78-474523321C65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0s - {9EC55765-D3F3-40EB-AE78-474523321C65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0 - {9EC55765-D3F3-40EB-AE78-474523321C65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0s - {9EC55765-D3F3-40EB-AE78-474523321C65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0 - {9EC55765-D3F3-40EB-AE78-474523321C65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0s - {9EC55765-D3F3-40EB-AE78-474523321C65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0 - {9EC55765-D3F3-40EB-AE78-474523321C65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0s - {9EC55765-D3F3-40EB-AE78-474523321C65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0 - {9EC55765-D3F3-40EB-AE78-474523321C65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0s - {9EC55765-D3F3-40EB-AE78-474523321C65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0 - {9EC55765-D3F3-40EB-AE78-474523321C65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0s - {9EC55765-D3F3-40EB-AE78-474523321C65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0 - {9EC55765-D3F3-40EB-AE78-474523321C65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0s - {9EC55765-D3F3-40EB-AE78-474523321C65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0 - {9EC55765-D3F3-40EB-AE78-474523321C65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0s - {9EC55765-D3F3-40EB-AE78-474523321C65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0 - {9EC55765-D3F3-40EB-AE78-474523321C65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0s - {9EC55765-D3F3-40EB-AE78-474523321C65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0 - {9EC55765-D3F3-40EB-AE78-474523321C65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0s - {9EC55765-D3F3-40EB-AE78-474523321C65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0 - {9EC55765-D3F3-40EB-AE78-474523321C65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0s - {9EC55765-D3F3-40EB-AE78-474523321C65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0 - {9EC55765-D3F3-40EB-AE78-474523321C65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0s - {9EC55765-D3F3-40EB-AE78-474523321C65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0 - {9EC55765-D3F3-40EB-AE78-474523321C65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0s - {9EC55765-D3F3-40EB-AE78-474523321C65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0 - {9EC55765-D3F3-40EB-AE78-474523321C65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0s - {9EC55765-D3F3-40EB-AE78-474523321C65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0 - {9EC55765-D3F3-40EB-AE78-474523321C65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0s - {9EC55765-D3F3-40EB-AE78-474523321C65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0 - {9EC55765-D3F3-40EB-AE78-474523321C65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0s - {9EC55765-D3F3-40EB-AE78-474523321C65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0 - {9EC55765-D3F3-40EB-AE78-474523321C65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0s - {9EC55765-D3F3-40EB-AE78-474523321C65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0 - {9EC55765-D3F3-40EB-AE78-474523321C65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0s - {9EC55765-D3F3-40EB-AE78-474523321C65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0 - {9EC55765-D3F3-40EB-AE78-474523321C65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0s - {9EC55765-D3F3-40EB-AE78-474523321C65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: offline-8876480 - {9EC55765-D3F3-40EB-AE78-474523321C65} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O21 - SSODL: bdmanager - {DAF83190-6799-415C-BFAE-76BF23CE34C9} - (no file) O21 - SSODL: admgcx - {9FCE6731-B575-4091-B7DD-44FCCC8A070D} - C:\WINDOWS\admgcx.dll O23 - Service: Urządzenie mobilne Apple (Apple Mobile Device) - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Oprogramowanie interfejsu Bluetooth\bin\btwdins.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Usługa iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Usługa SiteAdvisor (SiteAdvisor Service) - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.