witam
Do Modow: pisze w poscie innego usera poniewaz ja nie moge utworzyc nowego postu niewiem co sie dzieje;/
mam zainstalowanego nod-a32 i co jakies 30-40 sek wykrywa mi infekcje nawt jezeli sam inter jest wlaczony bez zadnych innych programow zamieszczam loga
- Kod: Zaznacz wszystko
Logfile of HijackThis v1.99.1
Scan saved at 23:11:02, on 2006-11-03
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\ewido anti-spyware 4.0\guard.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\Explorer.EXE
E:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
E:\Program Files\Eset\nod32krn.exe
E:\WINDOWS\system32\svchost.exe
E:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
E:\PROGRA~1\NEOSTR~1\CnxMon.exe
E:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
E:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
E:\Program Files\ScanSoft\OmniPageSE\opware32.exe
E:\Program Files\Eset\nod32kui.exe
E:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
E:\Program Files\Corel\Graphics9\Register\Remind32.exe
E:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
E:\WINDOWS\system32\wscntfy.exe
E:\PROGRA~1\NEOSTR~1\NeostradaTP.exe
E:\PROGRA~1\NEOSTR~1\ComComp.exe
E:\PROGRA~1\NEOSTR~1\Watch.exe
E:\Program Files\Miranda IM\miranda32.exe
E:\Program Files\Winamp\winamp.exe
E:\Program Files\D-Tools\daemon.exe
E:\Program Files\WinRAR\WinRAR.exe
E:\DOCUME~1\wsp\USTAWI~1\Temp\Rar$EX00.078\HijackThis.exe
E:\Program Files\mozilla.org\Mozilla\mozilla.exe
E:\DOCUME~1\wsp\USTAWI~1\Temp\Rar$EX18.578\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://szukaj.wp.pl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.pl
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - E:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
O1 - Hosts: localhost 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - E:\PROGRA~1\FLASHGET\jccatch.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - E:\PROGRA~1\FLASHGET\fgiebar.dll
O4 - HKLM\..\Run: [CTStartup] E:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [WOOWATCH] E:\PROGRA~1\NEOSTR~1\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] E:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
O4 - HKLM\..\Run: [WooCnxMon] E:\PROGRA~1\NEOSTR~1\CnxMon.exe
O4 - HKLM\..\Run: [UpdReg] E:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] E:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "E:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [SiSUSBRG] E:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [Omnipage] E:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [nod32kui] "E:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NeroFilterCheck] E:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Jet Detection] E:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [dmgnt.exe] E:\WINDOWS\system32\dmgnt.exe
O4 - Startup: Rejestrowanie produktów Corela.lnk = E:\Program Files\Corel\Graphics9\Register\Remind32.exe
O4 - Startup: Adobe Gamma.lnk = E:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = E:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: InterVideo WinCinema Manager.lnk = E:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O8 - Extra context menu item: Download All by FlashGet - E:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - E:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - E:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - E:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\PROGRA~1\FLASHGET\flashget.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{6838D502-D1C7-4969-BADB-8898B963AC47}: NameServer = 194.204.152.34 217.98.63.164
O17 - HKLM\System\CCS\Services\Tcpip\..\{BBC45764-ADF6-4238-B8FF-DB98899DC08A}: NameServer = 85.255.114.108,85.255.112.143
O20 - Winlogon Notify: rpcc - E:\WINDOWS\system32\rpcc.dll
O23 - Service: Adobe LM Service - Adobe Systems - E:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - E:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - E:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - E:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - E:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: Alias Maya 5.0 PLE Help Server (Maya5PLEHelpServer) - Unknown owner - C:\Maya 5 Personal Learning Edition\docs\Wrapper.exe" -s "C:\Maya 5 Personal Learning Edition\docs/Wrapper.conf (file missing)
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - E:\Program Files\Eset\nod32krn.exe
przeskanowalme system ewido i ad-adware i nic nie wykrywa wszystko z aktualizacjami
log z silenta
- Kod: Zaznacz wszystko
"Silent Runners.vbs", revision 49, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"CTStartup" = "E:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run" ["Creative Technology Ltd."]
"WOOWATCH" = "E:\PROGRA~1\NEOSTR~1\Watch.exe" ["France Télécom R&D"]
"WOOTASKBARICON" = "E:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe" ["France Télécom R&D"]
"WooCnxMon" = "E:\PROGRA~1\NEOSTR~1\CnxMon.exe" [empty string]
"UpdReg" = "E:\WINDOWS\Updreg.exe" ["Creative Technology Ltd."]
"SunJavaUpdateSched" = "E:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" ["Sun Microsystems, Inc."]
"SpeedTouch USB Diagnostics" = ""E:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon" ["THOMSON Telecom Belgium"]
"SiSUSBRG" = "E:\WINDOWS\SiSUSBrg.exe" ["Silicon Integrated Systems Corp."]
"Omnipage" = "E:\Program Files\ScanSoft\OmniPageSE\opware32.exe" ["ScanSoft, Inc"]
"nod32kui" = ""E:\Program Files\Eset\nod32kui.exe" /WAITSERVICE" ["Eset "]
"NeroFilterCheck" = "E:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]
"Jet Detection" = "E:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe" [empty string]
"dmgnt.exe" = "E:\WINDOWS\system32\dmgnt.exe" [file not found]
HKLM\Software\Microsoft\Active Setup\Installed Components\
>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}\(Default) = "Outlook Express"
\StubPath = "E:\WINDOWS\system32\shmgrate.exe OCInstallUserConfigOE" [MS]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "AcroIEHlprObj Class"
\InProcServer32\(Default) = "E:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
-> {HKLM...CLSID} = "SSVHelper Class"
\InProcServer32\(Default) = "E:\Program Files\Java\jre1.5.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."]
{A5366673-E8CA-11D3-9CD9-0090271D075B}\(Default) = (no title provided)
-> {HKLM...CLSID} = "IeCatch2 Class"
\InProcServer32\(Default) = "E:\PROGRA~1\FLASHGET\jccatch.dll" ["Amaze Soft"]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"
-> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "E:\WINDOWS\system32\hticons.dll" [file not found]
"{B089FE88-FB52-11d3-BDF1-0050DA34150D}" = "NOD32 Context Menu Shell Extension"
-> {HKLM...CLSID} = "NOD32 Context Menu Shell Extension"
\InProcServer32\(Default) = "E:\Program Files\Eset\nodshex.dll" ["Eset "]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "E:\Program Files\WinRAR\rarext.dll" [null data]
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
-> {HKLM...CLSID} = "RealOne Player Context Menu Class"
\InProcServer32\(Default) = "E:\Program Files\K-Lite Codec Pack\Real\rpshell.dll" ["RealNetworks, Inc."]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
<<!>> "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}" = "ewido anti-spyware 4.0"
-> {HKLM...CLSID} = "CShellExecuteHookImpl Object"
\InProcServer32\(Default) = "E:\Program Files\ewido anti-spyware 4.0\shellexecutehook.dll" ["Anti-Malware Development a.s."]
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\
<<!>> "System" = "csepp.exe" [file not found]
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
<<!>> AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."]
<<!>> rpcc\DLLName = "E:\WINDOWS\system32\rpcc.dll" [null data]
HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
ewido anti-spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"
-> {HKLM...CLSID} = "CContextScan Object"
\InProcServer32\(Default) = "E:\Program Files\ewido anti-spyware 4.0\context.dll" ["Anti-Malware Development a.s."]
NOD32 Context Menu Shell Extension\(Default) = "{B089FE88-FB52-11d3-BDF1-0050DA34150D}"
-> {HKLM...CLSID} = "NOD32 Context Menu Shell Extension"
\InProcServer32\(Default) = "E:\Program Files\Eset\nodshex.dll" ["Eset "]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "E:\Program Files\WinRAR\rarext.dll" [null data]
HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
ewido anti-spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"
-> {HKLM...CLSID} = "CContextScan Object"
\InProcServer32\(Default) = "E:\Program Files\ewido anti-spyware 4.0\context.dll" ["Anti-Malware Development a.s."]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "E:\Program Files\WinRAR\rarext.dll" [null data]
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
FineReader\(Default) = "{AC0DD14A-8F29-4F88-BE1D-0F0ED1B06C9F}"
-> {HKLM...CLSID} = "FineReaderExplorerContextMenuHandler"
\InProcServer32\(Default) = "e:\program files\abbyy finereader 7.0 professional edition\fecmenu.dll" ["ABBYY (BIT Software)"]
NOD32 Context Menu Shell Extension\(Default) = "{B089FE88-FB52-11d3-BDF1-0050DA34150D}"
-> {HKLM...CLSID} = "NOD32 Context Menu Shell Extension"
\InProcServer32\(Default) = "E:\Program Files\Eset\nodshex.dll" ["Eset "]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "E:\Program Files\WinRAR\rarext.dll" [null data]
Default executables:
--------------------
HKLM\Software\Classes\.scr\(Default) = "Icad.load.scr"
HKLM\Software\Classes\Icad.load.scr\shell\open\command\ = (key not found)
HKLM\Software\Classes\Icad.load.scr\ = (key not found)
Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------
Note: detected settings may not have any effect.
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
"NoBandCustomize" = (REG_DWORD) hex:0x00000000
{User Configuration|Administrative Templates|Windows Components|Internet Explorer|Toolbars|
Disable customizing browser toolbars}
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\
"DisableRegistryTools" = (REG_DWORD) hex:0x00000000
{User Configuration|Administrative Templates|System|
Prevent access to registry editing tools}
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\
"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}
"undockwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}
Active Desktop and Wallpaper:
-----------------------------
Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "E:\WINDOWS\Mozilla Wallpaper.bmp"
Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "E:\WINDOWS\Mozilla Wallpaper.bmp"
Startup items in "wsp" & "All Users" startup folders:
-----------------------------------------------------
E:\Documents and Settings\wsp\Menu Start\Programy\Autostart
"Rejestrowanie produktów Corela" -> shortcut to: "E:\Program Files\Corel\Graphics9\Register\Remind32.exe" ["IntelliQuest Communications, Inc."]
"Adobe Gamma" -> shortcut to: "E:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe" ["Adobe Systems, Inc."]
E:\Documents and Settings\All Users\Menu Start\Programy\Autostart
"Microsoft Office" -> shortcut to: "E:\Program Files\Microsoft Office\Office\OSA9.EXE -b -l" [MS]
"InterVideo WinCinema Manager" -> shortcut to: "E:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe" [file not found]
Winsock2 Service Provider DLLs:
-------------------------------
Namespace Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
Transport Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
imon.dll ["Eset "], 01 - 05, 21
%SystemRoot%\system32\mswsock.dll [MS], 06 - 08, 11 - 20
%SystemRoot%\system32\rsvpsp.dll [MS], 09 - 10
Toolbars, Explorer Bars, Extensions:
------------------------------------
Toolbars
HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{E0E899AB-F487-11D5-8D29-0050BA6940E3}" = "FlashGet Bar"
-> {HKLM...CLSID} = "FlashGet Bar"
\InProcServer32\(Default) = "E:\PROGRA~1\FLASHGET\fgiebar.dll" ["Amaze Soft"]
Explorer Bars
HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\
HKLM\Software\Classes\CLSID\{01002DB2-8170-4D9B-A8B1-DDC9DD114E03}\(Default) = "Volet Wanadoo"
Implemented Categories\{00021494-0000-0000-C000-000000000046}\ [horizontal bar]
InProcServer32\(Default) = "E:\PROGRA~1\NEOSTR~1\audience\audience.dll" [empty string]
HKLM\Software\Classes\CLSID\{3BAF4A27-C764-4E1A-A6F4-62F7A7E5E51C}\(Default) = "ToolBand Class"
Implemented Categories\{00021494-0000-0000-C000-000000000046}\ [horizontal bar]
InProcServer32\(Default) = "E:\PROGRA~1\NEOSTR~1\audience\audience.dll" [empty string]
HKLM\Software\Classes\CLSID\{5BF498C0-931E-4A4F-B33F-456D07137EAA}\(Default) = "Volet Wanadoo"
Implemented Categories\{00021494-0000-0000-C000-000000000046}\ [horizontal bar]
InProcServer32\(Default) = "E:\PROGRA~1\NEOSTR~1\audience\audience.dll" [empty string]
Extensions (Tools menu items, main toolbar menu buttons)
HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}"
-> {HKCU...CLSID} = "Java Plug-in"
\InProcServer32\(Default) = "E:\Program Files\Java\jre1.5.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."]
-> {HKLM...CLSID} = "Java Plug-in 1.5.0_06"
\InProcServer32\(Default) = "E:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll" ["Sun Microsystems, Inc."]
{36ECAF82-3300-8F84-092E-AFF36D6C7040}\
"ButtonText" = "Run WinHTTrack"
"MenuText" = "Launch WinHTTrack"
"CLSIDExtension" = "{86529161-034E-4F8A-88D2-3C625E612E04}"
-> {HKLM...CLSID} = "WinHTTrackLauncher Class"
\InProcServer32\(Default) = "E:\Program Files\WinHTTrack\WinHTTrackIEBar.dll" [null data]
{D6E814A0-E0C5-11D4-8D29-0050BA6940E3}\
"ButtonText" = "FlashGet"
"MenuText" = "&FlashGet"
"Exec" = "E:\PROGRA~1\FLASHGET\flashget.exe" ["Amaze Soft"]
Miscellaneous IE Hijack Points
------------------------------
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\
<<H>> "{08C06D61-F1F3-4799-86F8-BE1A89362C85}" = (no title provided)
-> {HKLM...CLSID} = "Search Class"
\InProcServer32\(Default) = "E:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL" [empty string]
HOSTS file
----------
E:\WINDOWS\System32\drivers\etc\HOSTS
maps: 1 domain name to an IP address,
1 of the IP addresses is *not* localhost!
Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------
Ati HotKey Poller, Ati HotKey Poller, "E:\WINDOWS\system32\Ati2evxx.exe" ["ATI Technologies Inc."]
ewido anti-spyware 4.0 guard, ewido anti-spyware 4.0 guard, "E:\Program Files\ewido anti-spyware 4.0\guard.exe" ["Anti-Malware Development a.s."]
Kerio Personal Firewall 4, KPF4, ""E:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe"" ["Kerio Technologies"]
NOD32 Kernel Service, NOD32krn, ""E:\Program Files\Eset\nod32krn.exe"" ["Eset "]
Print Monitors:
---------------
HKLM\System\CurrentControlSet\Control\Print\Monitors\
hpzlnt08\Driver = "hpzlnt08.dll" ["HP"]
----------
<<!>>: Suspicious data at a malware launch point.
<<H>>: Suspicious data at a browser hijack point.
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
took 36 seconds.
---------- (total run time: 113 seconds)
przy probie wlaczenia programiku Windows worms dorrs closed pojawil mi sie nastepujacy komunikat
- Kod: Zaznacz wszystko
your system seems to be infected by a virus your SVCHOST virtual memory usage 27576Ko is beyond usual values.It is strongly advised to chec your system with AntiVirus up to date and antiTrojan.
co zrobic z tym fantem;(