aaaa...
Aktualizacje na programosy.pl:
W10Privacy • UPX • StaxRip • Wipe • Pixel Repair • mikroSubiekt • mFaktura • Faktury Express • Chromium
-
- Ogłoszenie:
error safe i problemu z explorerem
32 posty(ów) • Strona 2 z 2 • 1, 2
przez majlenka 02 Paź 2006, 12:39
aaaa...
przez Red 02 Paź 2006, 12:54
to ze znikł to nic nie szkodzi
poczytaj ten temat:
http://www.forum.programosy.pl/trudne-przypadki-i-metody-usuwania-vp319544.html?highlight=#319544
[ Dodano: Dzisiaj o 12:56 ]
zastosuj
http://www.atribune.org/ccount/click.php?id=4
http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe
poczytaj ten temat:
http://www.forum.programosy.pl/trudne-przypadki-i-metody-usuwania-vp319544.html?highlight=#319544
[ Dodano: Dzisiaj o 12:56 ]
zastosuj
http://www.atribune.org/ccount/click.php?id=4
http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe
-
Red - ^zasłużony
- Posty: 8694
- Dołączenie: 01 Wrz 2005, 10:57
- Miejscowość: Piaseczno
- Pochwały: 701
przez majlenka 02 Paź 2006, 14:29
chyba poszlo ...
- Kod: Zaznacz wszystko
[10/01/2006, 12:59:18] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Sérgio Nobre\Ambiente de trabalho\VirtumundoBeGone.exe" )
[10/01/2006, 12:59:29] - Detected System Information:
[10/01/2006, 12:59:29] - Windows Version: 5.1.2600, Service Pack 1
[10/01/2006, 12:59:29] - Current Username: Sérgio Nobre (Admin)
[10/01/2006, 12:59:29] - Windows is in NORMAL mode.
[10/01/2006, 12:59:29] - Searching for Browser Helper Objects:
[10/01/2006, 12:59:29] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[10/01/2006, 12:59:29] - BHO 2: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[10/01/2006, 12:59:30] - BHO 3: {A83D18BC-D2A6-46F1-9D78-DA7BE5914153} ()
[10/01/2006, 12:59:30] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/01/2006, 12:59:30] - Checking for HKLM\...\Winlogon\Notify\awvtr
[10/01/2006, 12:59:30] - Found: HKLM\...\Winlogon\Notify\awvtr - This is probably Virtumundo.
[10/01/2006, 12:59:30] - Assigning {A83D18BC-D2A6-46F1-9D78-DA7BE5914153} MSEvents Object
[10/01/2006, 12:59:30] - BHO list has been changed! Starting over...
[10/01/2006, 12:59:30] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[10/01/2006, 12:59:30] - BHO 2: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[10/01/2006, 12:59:30] - BHO 3: {A83D18BC-D2A6-46F1-9D78-DA7BE5914153} (MSEvents Object)
[10/01/2006, 12:59:30] - ALERT: Found MSEvents Object!
[10/01/2006, 12:59:30] - BHO 4: {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} (CNavExtBho Class)
[10/01/2006, 12:59:30] - BHO 5: {AE7CD045-E861-484f-8273-0445EE161910} (AcroIEToolbarHelper Class)
[10/01/2006, 12:59:30] - BHO 6: {B7672BAF-E9A3-49B6-86B2-C81719A18A4C} ()
[10/01/2006, 12:59:30] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/01/2006, 12:59:30] - Checking for HKLM\...\Winlogon\Notify\gphpgkvn
[10/01/2006, 12:59:30] - Key not found: HKLM\...\Winlogon\Notify\gphpgkvn, continuing.
[10/01/2006, 12:59:30] - BHO 7: {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} (EpsonToolBandKicker Class)
[10/01/2006, 12:59:30] - Finished Searching Browser Helper Objects
[10/01/2006, 12:59:30] - *** Detected MSEvents Object
[10/01/2006, 12:59:30] - Trying to remove MSEvents Object...
[10/01/2006, 12:59:31] - Terminating Process: IEXPLORE.EXE
[10/01/2006, 12:59:31] - Terminating Process: RUNDLL32.EXE
[10/01/2006, 12:59:31] - Disabling Automatic Shell Restart
[10/01/2006, 12:59:31] - Terminating Process: EXPLORER.EXE
[10/01/2006, 12:59:32] - Suspending the NT Session Manager System Service
[10/01/2006, 12:59:32] - Terminating Windows NT Logon/Logoff Manager
[10/01/2006, 12:59:32] - Re-enabling Automatic Shell Restart
[10/01/2006, 12:59:32] - File to disable: C:\WINDOWS\System32\awvtr.dll
[10/01/2006, 12:59:32] - Renaming C:\WINDOWS\System32\awvtr.dll -> C:\WINDOWS\System32\awvtr.dll.vir
[10/01/2006, 12:59:33] - File successfully renamed!
[10/01/2006, 12:59:33] - Removing HKLM\...\Browser Helper Objects\{A83D18BC-D2A6-46F1-9D78-DA7BE5914153}
[10/01/2006, 12:59:33] - Removing HKCR\CLSID\{A83D18BC-D2A6-46F1-9D78-DA7BE5914153}
[10/01/2006, 12:59:33] - Adding Kill Bit for ActiveX for GUID: {A83D18BC-D2A6-46F1-9D78-DA7BE5914153}
[10/01/2006, 12:59:33] - Deleting ATLEvents/MSEvents Registry entries
[10/01/2006, 12:59:33] - Removing HKLM\...\Winlogon\Notify\awvtr
[10/01/2006, 12:59:33] - Searching for Browser Helper Objects:
[10/01/2006, 12:59:33] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[10/01/2006, 12:59:33] - BHO 2: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[10/01/2006, 12:59:33] - BHO 3: {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} (CNavExtBho Class)
[10/01/2006, 12:59:33] - BHO 4: {AE7CD045-E861-484f-8273-0445EE161910} (AcroIEToolbarHelper Class)
[10/01/2006, 12:59:33] - BHO 5: {B7672BAF-E9A3-49B6-86B2-C81719A18A4C} ()
[10/01/2006, 12:59:33] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/01/2006, 12:59:33] - Checking for HKLM\...\Winlogon\Notify\gphpgkvn
[10/01/2006, 12:59:33] - Key not found: HKLM\...\Winlogon\Notify\gphpgkvn, continuing.
[10/01/2006, 12:59:33] - BHO 6: {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} (EpsonToolBandKicker Class)
[10/01/2006, 12:59:33] - Finished Searching Browser Helper Objects
[10/01/2006, 12:59:33] - Finishing up...
[10/01/2006, 12:59:33] - A restart is needed.
[10/01/2006, 13:00:11] - Attempting to Restart via STOP error (Blue Screen!)
- Kod: Zaznacz wszystko
Logfile of HijackThis v1.99.1
Scan saved at 13:06:41, on 01-10-2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
D:\Programas\Sygate\SPF\smc.exe
C:\Programas\Ficheiros comuns\Symantec Shared\ccSetMgr.exe
C:\Programas\Ficheiros comuns\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programas\Ficheiros comuns\Symantec Shared\SNDSrvc.exe
C:\Programas\Ficheiros comuns\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programas\Ficheiros comuns\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Programas\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programas\Synaptics\SynTP\SynTPLpr.exe
C:\Programas\Synaptics\SynTP\SynTPEnh.exe
C:\Programas\Java\jre1.5.0\bin\jusched.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programas\Google\Gmail Notifier\gnotify.exe
D:\Programas\Picasa2\PicasaMediaDetector.exe
C:\Programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
D:\Programas\iTunes\iTunesHelper.exe
C:\Programas\Ficheiros comuns\Symantec Shared\ccApp.exe
C:\Programas\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programas\MSN Messenger\MsnMsgr.Exe
C:\Programas\Ficheiros comuns\Ahead\lib\NMBgMonitor.exe
C:\Documents and Settings\Convidado\Definições locais\Application Data\Skype\Phone\Skype.exe
D:\Programas\Gadu-Gadu\gg.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programas\Adobe\Acrobat 7.0\Distillr\AcroDist.exe
C:\DOCUME~1\SÉRGIO~1\DEFINI~1\Temp\Adobelm_Cleanup.0001
C:\Programas\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Programas\Norton AntiVirus\navapsvc.exe
C:\Programas\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Programas\iPod\bin\iPodService.exe
C:\Programas\Ficheiros comuns\Adobe Systems Shared\Service\Adobelmsvc.exe
C:\Programas\Ficheiros comuns\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
D:\Programas\Mozilla Firefox\firefox.exe
C:\Programas\Messenger\msmsgs.exe
D:\Programas\Hijack - skanowanie\HijackThis.exe
C:\Programas\Symantec\LiveUpdate\AUpdate.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Programas\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Programas\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Programas\Symantec\LiveUpdate\LuCallbackProxy.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.fbnet.pt/pcg/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer disponibilizado por PC Guia
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Programas\Norton AntiVirus\NavShExt.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {B7672BAF-E9A3-49B6-86B2-C81719A18A4C} - C:\WINDOWS\System32\gphpgkvn.dll (file missing)
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programas\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programas\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Programas\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [preload] C:\Windows\RUNXMLPL.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programas\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programas\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programas\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programas\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SmcService] D:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [EPSON Stylus CX3600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P26 "EPSON Stylus CX3600 Series" /O6 "USB001" /M "Stylus CX3600"
O4 - HKLM\..\Run: [EPSON Stylus CX3600 Series (cópia 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P36 "EPSON Stylus CX3600 Series (cópia 1)" /O6 "USB001" /M "Stylus CX3600"
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Programas\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [Picasa Media Detector] d:\Programas\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [iTunesHelper] "D:\Programas\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Programas\Ficheiros comuns\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] "C:\Programas\Ficheiros comuns\Symantec Shared\Security Center\UsrPrmpt.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Programas\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programas\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programas\Ficheiros comuns\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Skype] "C:\Documents and Settings\Convidado\Definições locais\Application Data\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Gadu-Gadu] "D:\Programas\Gadu-Gadu\gg.exe" /tray
O4 - Startup: Adobe Gamma.lnk = C:\Programas\Ficheiros comuns\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programas\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O14 - IERESET.INF: START_PAGE_URL=http://www.fbnet.pt/pcg/
O15 - Trusted Zone: http://arcaonline.arcabit.com
O15 - Trusted Zone: http://www.mks.com.pl
O16 - DPF: {3D8700FB-86A4-4CB4-B738-6F0FC016AC7D} (MainControl Class) - http://arcaonline.arcabit.com/ArcaOnline.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programas\Ficheiros comuns\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Programas\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programas\Ficheiros comuns\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programas\Ficheiros comuns\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programas\Ficheiros comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programas\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Programas\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programas\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Programas\Ficheiros comuns\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: sasrfc Service (sasrfcService) - Unknown owner - C:\Programas\SAS Institute\SAS\V8\access\sasexe\sasrfc.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Programas\Norton AntiVirus\SAVScan.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - D:\Programas\Sygate\SPF\smc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programas\Ficheiros comuns\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Programas\Ficheiros comuns\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programas\Ficheiros comuns\Symantec Shared\CCPD-LC\symlcsvc.exe
- Kod: Zaznacz wszystko
"Silent Runners.vbs", revision 48, http://www.silentrunners.org/
Operating System: Windows XP
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"CTFMON.EXE" = "C:\WINDOWS\System32\ctfmon.exe" [MS]
"MsnMsgr" = ""C:\Programas\MSN Messenger\MsnMsgr.Exe" /background" [MS]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" = ""C:\Programas\Ficheiros comuns\Ahead\lib\NMBgMonitor.exe"" ["Nero AG"]
"Skype" = ""C:\Documents and Settings\Convidado\Definições locais\Application Data\Skype\Phone\Skype.exe" /nosplash /minimized" ["Skype Technologies S.A."]
"Gadu-Gadu" = ""D:\Programas\Gadu-Gadu\gg.exe" /tray" ["Gadu-Gadu Sp. z oo"]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"preload" = "C:\Windows\RUNXMLPL.exe" [null data]
"ATIModeChange" = "Ati2mdxx.exe" ["ATI Technologies, Inc."]
"ATIPTA" = "C:\Programas\ATI Technologies\ATI Control Panel\atiptaxx.exe" ["ATI Technologies, Inc."]
"SynTPLpr" = "C:\Programas\Synaptics\SynTP\SynTPLpr.exe" ["Synaptics, Inc."]
"SynTPEnh" = "C:\Programas\Synaptics\SynTP\SynTPEnh.exe" ["Synaptics, Inc."]
"SunJavaUpdateSched" = "C:\Programas\Java\jre1.5.0\bin\jusched.exe" ["Sun Microsystems, Inc."]
"AGRSMMSG" = "AGRSMMSG.exe" ["Agere Systems"]
"SoundMan" = "SOUNDMAN.EXE" ["Realtek Semiconductor Corp."]
"SmcService" = "D:\PROGRA~1\Sygate\SPF\smc.exe -startgui" ["Sygate Technologies, Inc."]
"EPSON Stylus CX3600 Series" = "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P26 "EPSON Stylus CX3600 Series" /O6 "USB001" /M "Stylus CX3600"" ["SEIKO EPSON CORPORATION"]
"EPSON Stylus CX3600 Series (cópia 1)" = "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P36 "EPSON Stylus CX3600 Series (cópia 1)" /O6 "USB001" /M "Stylus CX3600"" ["SEIKO EPSON CORPORATION"]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}" = "C:\Programas\Google\Gmail Notifier\gnotify.exe" ["Google Inc."]
"Picasa Media Detector" = "d:\Programas\Picasa2\PicasaMediaDetector.exe" ["Google Inc."]
"NeroFilterCheck" = "C:\WINDOWS\System32\NeroCheck.exe" ["Nero AG"]
"RemoteControl" = ""C:\Programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"" ["Cyberlink Corp."]
"iTunesHelper" = ""D:\Programas\iTunes\iTunesHelper.exe"" ["Apple Computer, Inc."]
"ccApp" = ""C:\Programas\Ficheiros comuns\Symantec Shared\ccApp.exe"" ["Symantec Corporation"]
"SSC_UserPrompt" = ""C:\Programas\Ficheiros comuns\Symantec Shared\Security Center\UsrPrmpt.exe"" ["Symantec Corporation"]
"Acrobat Assistant 7.0" = ""C:\Programas\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"" ["Adobe Systems Inc."]
"(Default)" = (empty string)
"ALUAlert" = "C:\Programas\Symantec\LiveUpdate\ALUNOTIFY.EXE" ["Symantec Corporation"]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "AcroIEHlprObj Class"
\InProcServer32\(Default) = "C:\Programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{9030D464-4C02-4ABF-8ECC-5164760863C6}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Windows Live Sign-in Helper"
\InProcServer32\(Default) = "C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll" [MS]
{A8F38D8D-E480-4D52-B7A2-731BB6995FDD}\(Default) = "NAV Helper"
-> {HKLM...CLSID} = "CNavExtBho Class"
\InProcServer32\(Default) = "C:\Programas\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]
{AE7CD045-E861-484f-8273-0445EE161910}\(Default) = (no title provided)
-> {HKLM...CLSID} = "AcroIEToolbarHelper Class"
\InProcServer32\(Default) = "C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll" ["Adobe Systems Incorporated"]
{B7672BAF-E9A3-49B6-86B2-C81719A18A4C}\(Default) = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\System32\gphpgkvn.dll" [file not found]
{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}\(Default) = (no title provided)
-> {HKLM...CLSID} = "EpsonToolBandKicker Class"
\InProcServer32\(Default) = "C:\Programas\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll" ["SEIKO EPSON CORPORATION"]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Apresentar extensão de panorâmica CPL"
-> {HKLM...CLSID} = "Apresentar extensão de panorâmica CPL"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Extensão de ícone HyperTerminal"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{2F603045-309F-11CF-9774-0020AFD0CFF6}" = "Synaptics Control Panel"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Programas\Synaptics\SynTP\SynTPCpl.dll" ["Synaptics, Inc."]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"
-> {HKLM...CLSID} = "Extensão de ícones de ficheiros do Outlook"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office\OLKFSTUB.DLL" [MS]
"{40E85620-3DCB-11D3-8A0D-0060080C1EFA}" = "ZipCentral"
-> {HKLM...CLSID} = "ZipCentral"
\InProcServer32\(Default) = "C:\Programas\ZipCentral\zccm.dll" ["Johan Savås"]
"{A5110426-177D-4e08-AB3F-785F10B4439C}" = "Sony Ericsson Gestor de Ficheiros"
-> {HKLM...CLSID} = "Sony Ericsson Gestor de Ficheiros"
\InProcServer32\(Default) = "C:\Programas\Sony Ericsson\Mobile\File Manager\fmgrgui.dll" ["Sony Ericsson Mobile Communications AB"]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Programas\WinRAR\rarext.dll" [null data]
"{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"
-> {HKLM...CLSID} = "Portable Media Devices"
\InProcServer32\(Default) = "C:\WINDOWS\System32\Audiodev.dll" [MS]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
-> {HKLM...CLSID} = "Portable Media Devices Menu"
\InProcServer32\(Default) = "C:\WINDOWS\System32\Audiodev.dll" [MS]
"{B327765E-D724-4347-8B16-78AE18552FC3}" = "NeroDigitalIconHandler"
-> {HKLM...CLSID} = "NeroDigitalIconHandler Class"
\InProcServer32\(Default) = "C:\Programas\Ficheiros comuns\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]
"{7F1CF152-04F8-453A-B34C-E609530A9DC8}" = "NeroDigitalPropSheetHandler"
-> {HKLM...CLSID} = "NeroDigitalPropSheetHandler Class"
\InProcServer32\(Default) = "C:\Programas\Ficheiros comuns\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]
"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}" = "iTunes"
-> {HKLM...CLSID} = "iTunes"
\InProcServer32\(Default) = "D:\Programas\iTunes\iTunesMiniPlayer.dll" ["Apple Computer, Inc."]
"{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D}" = "Messenger Sharing Folders"
-> {HKLM...CLSID} = "My Sharing Folders"
\InProcServer32\(Default) = "C:\Programas\MSN Messenger\fsshext.8.0.0812.00.dll" [MS]
"{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802}" = "Adobe.Acrobat.ContextMenu"
-> {HKLM...CLSID} = "Acrobat Elements Context Menu"
\InProcServer32\(Default) = "C:\Programas\Adobe\Acrobat 7.0\Acrobat Elements\ContextMenu.dll" ["Adobe Systems Inc."]
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
INFECTION WARNING! AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."]
HKLM\Software\Classes\Folder\shellex\ColumnHandlers\
{7D4D6379-F301-4311-BEBA-E26EB0561882}\(Default) = "NeroDigitalExt.NeroDigitalColumnHandler"
-> {HKLM...CLSID} = "NeroDigitalColumnHandler Class"
\InProcServer32\(Default) = "C:\Programas\Ficheiros comuns\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
-> {HKLM...CLSID} = "PDF Shell Extension"
\InProcServer32\(Default) = "C:\Programas\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]
HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
Adobe.Acrobat.ContextMenu\(Default) = "{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802}"
-> {HKLM...CLSID} = "Acrobat Elements Context Menu"
\InProcServer32\(Default) = "C:\Programas\Adobe\Acrobat 7.0\Acrobat Elements\ContextMenu.dll" ["Adobe Systems Inc."]
Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{FAD61B3D-699D-49B2-BE16-7F82CB4C59CA}"
-> {HKLM...CLSID} = "IEContextMenu Class"
\InProcServer32\(Default) = "C:\Programas\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Programas\WinRAR\rarext.dll" [null data]
ZipCentral\(Default) = "{40E85620-3DCB-11D3-8A0D-0060080C1EFA}"
-> {HKLM...CLSID} = "ZipCentral"
\InProcServer32\(Default) = "C:\Programas\ZipCentral\zccm.dll" ["Johan Savås"]
HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Programas\WinRAR\rarext.dll" [null data]
ZipCentral\(Default) = "{40E85620-3DCB-11D3-8A0D-0060080C1EFA}"
-> {HKLM...CLSID} = "ZipCentral"
\InProcServer32\(Default) = "C:\Programas\ZipCentral\zccm.dll" ["Johan Savås"]
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{FAD61B3D-699D-49B2-BE16-7F82CB4C59CA}"
-> {HKLM...CLSID} = "IEContextMenu Class"
\InProcServer32\(Default) = "C:\Programas\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Programas\WinRAR\rarext.dll" [null data]
ZipCentral\(Default) = "{40E85620-3DCB-11D3-8A0D-0060080C1EFA}"
-> {HKLM...CLSID} = "ZipCentral"
\InProcServer32\(Default) = "C:\Programas\ZipCentral\zccm.dll" ["Johan Savås"]
Active Desktop and Wallpaper:
-----------------------------
Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\Sérgio Nobre\Definições locais\Application Data\Microsoft\Wallpaper1.bmp"
Enabled Screen Saver:
---------------------
HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\System32\ssstars.scr" [MS]
Startup items in "Sérgio Nobre" & "All Users" startup folders:
--------------------------------------------------------------
C:\Documents and Settings\Sérgio Nobre\Menu Iniciar\Programas\Arranque
"Adobe Gamma" -> shortcut to: "C:\Programas\Ficheiros comuns\Adobe\Calibration\Adobe Gamma Loader.exe" ["Adobe Systems, Inc."]
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Arranque
"Microsoft Office" -> shortcut to: "C:\Programas\Microsoft Office\Office\OSA9.EXE -b -l" [MS]
"Adobe Acrobat Speed Launcher" -> shortcut to: "C:\WINDOWS\Installer\{AC76BA86-1033-F400-8796-100000000002}\SC_Acrobat.exe" [null data]
Enabled Scheduled Tasks:
------------------------
"Norton AntiVirus - Run Full System Scan - Sérgio Nobre" -> launches: "C:\PROGRA~1\NORTON~1\Navw32.exe /TASK:"C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Tasks\mycomp.sca"" ["Symantec Corporation"]
Winsock2 Service Provider DLLs:
-------------------------------
Namespace Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
Transport Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 20
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05
Toolbars, Explorer Bars, Extensions:
------------------------------------
Toolbars
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}"
-> {HKLM...CLSID} = "Adobe PDF"
\InProcServer32\(Default) = "C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll" ["Adobe Systems Incorporated"]
"{821F87FF-8245-4972-9E28-732E92EC2F51}"
-> {HKLM...CLSID} = "&VSToolBar"
\InProcServer32\(Default) = "C:\Programas\VSToolbar\VSToolBar.dll" [file not found]
HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{EE5D279F-081B-4404-994D-C6B60AAEBA6D}" = (no title provided)
-> {HKLM...CLSID} = "EPSON Web-To-Page"
\InProcServer32\(Default) = "C:\Programas\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll" ["SEIKO EPSON CORPORATION"]
"{C4069E3A-68F1-403E-B40E-20066696354B}" = "Norton AntiVirus"
-> {HKLM...CLSID} = "Norton AntiVirus"
\InProcServer32\(Default) = "C:\Programas\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" = (no title provided)
-> {HKLM...CLSID} = "Adobe PDF"
\InProcServer32\(Default) = "C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll" ["Adobe Systems Incorporated"]
Explorer Bars
HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\
{182EC0BE-5110-49C8-A062-BEB1D02A220B}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Adobe PDF"
\InProcServer32\(Default) = "C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll" ["Adobe Systems Incorporated"]
Miscellaneous IE Hijack Points
------------------------------
C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings")
Added lines (compared with English-language version):
[Strings]: START_PAGE_URL=http://www.fbnet.pt/pcg/
Missing lines (compared with English-language version):
[Strings]: 1 line
Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------
Adobe LM Service, Adobe LM Service, ""C:\Programas\Ficheiros comuns\Adobe Systems Shared\Service\Adobelmsvc.exe"" ["Adobe Systems"]
Ati HotKey Poller, Ati HotKey Poller, "C:\WINDOWS\System32\Ati2evxx.exe" ["ATI Technologies Inc."]
Automatic LiveUpdate Scheduler, Automatic LiveUpdate Scheduler, ""C:\Programas\Symantec\LiveUpdate\ALUSchedulerSvc.exe"" ["Symantec Corporation"]
Fax, Fax, "C:\WINDOWS\system32\fxssvc.exe" [MS]
iPodService, iPodService, "C:\Programas\iPod\bin\iPodService.exe" ["Apple Computer, Inc."]
Norton AntiVirus Auto-Protect Service, navapsvc, ""C:\Programas\Norton AntiVirus\navapsvc.exe"" ["Symantec Corporation"]
Norton AntiVirus Firewall Monitor Service, NPFMntor, ""C:\Programas\Norton AntiVirus\IWP\NPFMntor.exe"" ["Symantec Corporation"]
Norton Protection Center Service, NSCService, ""C:\Programas\Ficheiros comuns\Symantec Shared\Security Console\NSCSRVCE.EXE"" ["Symantec Corporation"]
SPBBCSvc, SPBBCSvc, ""C:\Programas\Ficheiros comuns\Symantec Shared\SPBBC\SPBBCSvc.exe"" ["Symantec Corporation"]
Sygate Personal Firewall, SmcService, "D:\Programas\Sygate\SPF\smc.exe" ["Sygate Technologies, Inc."]
Symantec Core LC, Symantec Core LC, ""C:\Programas\Ficheiros comuns\Symantec Shared\CCPD-LC\symlcsvc.exe"" ["Symantec Corporation"]
Symantec Event Manager, ccEvtMgr, ""C:\Programas\Ficheiros comuns\Symantec Shared\ccEvtMgr.exe"" ["Symantec Corporation"]
Symantec Network Drivers Service, SNDSrvc, ""C:\Programas\Ficheiros comuns\Symantec Shared\SNDSrvc.exe"" ["Symantec Corporation"]
Symantec Settings Manager, ccSetMgr, ""C:\Programas\Ficheiros comuns\Symantec Shared\ccSetMgr.exe"" ["Symantec Corporation"]
Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\System32\wdfmgr.exe" [MS]
Print Monitors:
---------------
HKLM\System\CurrentControlSet\Control\Print\Monitors\
Adobe PDF Port\Driver = "C:\WINDOWS\System32\AdobePDF.dll" ["Adobe Systems Incorporated."]
EPSON Stylus CX3600 Series 2KMonitor5E\Driver = "E_FLM9BE.DLL" ["SEIKO EPSON CORPORATION"]
Microsoft Shared Fax Monitor\Driver = "FXSMON.DLL" [MS]
PDF reDirect Monitor\Driver = "PDFreDirectMonNT.dll" [null data]
----------
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points and all Registry CLSIDs for dormant Explorer Bars,
use the -supp parameter or answer "No" at the first message box.
---------- (total run time: 183 seconds, including 3 seconds for message boxes)
przez Red 02 Paź 2006, 14:41
do usuniecia masz jeszcze:
a w logu usun:
C:\Programas\VSToolbar\VSToolBar.dll
a w logu usun:
O2 - BHO: (no name) - {B7672BAF-E9A3-49B6-86B2-C81719A18A4C} - C:\WINDOWS\System32\gphpgkvn.dll (file missing)
-
Red - ^zasłużony
- Posty: 8694
- Dołączenie: 01 Wrz 2005, 10:57
- Miejscowość: Piaseczno
- Pochwały: 701
-
przez majlenka 02 Paź 2006, 16:43
zrobilam wszystko wg scenariusza i chyba sie usunelo?
- Kod: Zaznacz wszystko
"Silent Runners.vbs", revision 48, http://www.silentrunners.org/
Operating System: Windows XP
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"CTFMON.EXE" = "C:\WINDOWS\System32\ctfmon.exe" [MS]
"MsnMsgr" = ""C:\Programas\MSN Messenger\MsnMsgr.Exe" /background" [MS]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" = ""C:\Programas\Ficheiros comuns\Ahead\lib\NMBgMonitor.exe"" ["Nero AG"]
"Skype" = ""C:\Documents and Settings\Convidado\Definições locais\Application Data\Skype\Phone\Skype.exe" /nosplash /minimized" ["Skype Technologies S.A."]
"Gadu-Gadu" = ""D:\Programas\Gadu-Gadu\gg.exe" /tray" ["Gadu-Gadu Sp. z oo"]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"preload" = "C:\Windows\RUNXMLPL.exe" [null data]
"ATIModeChange" = "Ati2mdxx.exe" ["ATI Technologies, Inc."]
"ATIPTA" = "C:\Programas\ATI Technologies\ATI Control Panel\atiptaxx.exe" ["ATI Technologies, Inc."]
"SynTPLpr" = "C:\Programas\Synaptics\SynTP\SynTPLpr.exe" ["Synaptics, Inc."]
"SynTPEnh" = "C:\Programas\Synaptics\SynTP\SynTPEnh.exe" ["Synaptics, Inc."]
"SunJavaUpdateSched" = "C:\Programas\Java\jre1.5.0\bin\jusched.exe" ["Sun Microsystems, Inc."]
"AGRSMMSG" = "AGRSMMSG.exe" ["Agere Systems"]
"SoundMan" = "SOUNDMAN.EXE" ["Realtek Semiconductor Corp."]
"SmcService" = "D:\PROGRA~1\Sygate\SPF\smc.exe -startgui" ["Sygate Technologies, Inc."]
"EPSON Stylus CX3600 Series" = "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P26 "EPSON Stylus CX3600 Series" /O6 "USB001" /M "Stylus CX3600"" ["SEIKO EPSON CORPORATION"]
"EPSON Stylus CX3600 Series (cópia 1)" = "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P36 "EPSON Stylus CX3600 Series (cópia 1)" /O6 "USB001" /M "Stylus CX3600"" ["SEIKO EPSON CORPORATION"]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}" = "C:\Programas\Google\Gmail Notifier\gnotify.exe" ["Google Inc."]
"Picasa Media Detector" = "d:\Programas\Picasa2\PicasaMediaDetector.exe" ["Google Inc."]
"NeroFilterCheck" = "C:\WINDOWS\System32\NeroCheck.exe" ["Nero AG"]
"RemoteControl" = ""C:\Programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"" ["Cyberlink Corp."]
"iTunesHelper" = ""D:\Programas\iTunes\iTunesHelper.exe"" ["Apple Computer, Inc."]
"ccApp" = ""C:\Programas\Ficheiros comuns\Symantec Shared\ccApp.exe"" ["Symantec Corporation"]
"SSC_UserPrompt" = ""C:\Programas\Ficheiros comuns\Symantec Shared\Security Center\UsrPrmpt.exe"" ["Symantec Corporation"]
"Acrobat Assistant 7.0" = ""C:\Programas\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"" ["Adobe Systems Inc."]
"(Default)" = (empty string)
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "AcroIEHlprObj Class"
\InProcServer32\(Default) = "C:\Programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{9030D464-4C02-4ABF-8ECC-5164760863C6}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Windows Live Sign-in Helper"
\InProcServer32\(Default) = "C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll" [MS]
{A8F38D8D-E480-4D52-B7A2-731BB6995FDD}\(Default) = "NAV Helper"
-> {HKLM...CLSID} = "CNavExtBho Class"
\InProcServer32\(Default) = "C:\Programas\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]
{AE7CD045-E861-484f-8273-0445EE161910}\(Default) = (no title provided)
-> {HKLM...CLSID} = "AcroIEToolbarHelper Class"
\InProcServer32\(Default) = "C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll" ["Adobe Systems Incorporated"]
{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}\(Default) = (no title provided)
-> {HKLM...CLSID} = "EpsonToolBandKicker Class"
\InProcServer32\(Default) = "C:\Programas\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll" ["SEIKO EPSON CORPORATION"]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Apresentar extensão de panorâmica CPL"
-> {HKLM...CLSID} = "Apresentar extensão de panorâmica CPL"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Extensão de ícone HyperTerminal"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{2F603045-309F-11CF-9774-0020AFD0CFF6}" = "Synaptics Control Panel"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Programas\Synaptics\SynTP\SynTPCpl.dll" ["Synaptics, Inc."]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"
-> {HKLM...CLSID} = "Extensão de ícones de ficheiros do Outlook"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office\OLKFSTUB.DLL" [MS]
"{40E85620-3DCB-11D3-8A0D-0060080C1EFA}" = "ZipCentral"
-> {HKLM...CLSID} = "ZipCentral"
\InProcServer32\(Default) = "C:\Programas\ZipCentral\zccm.dll" ["Johan Savås"]
"{A5110426-177D-4e08-AB3F-785F10B4439C}" = "Sony Ericsson Gestor de Ficheiros"
-> {HKLM...CLSID} = "Sony Ericsson Gestor de Ficheiros"
\InProcServer32\(Default) = "C:\Programas\Sony Ericsson\Mobile\File Manager\fmgrgui.dll" ["Sony Ericsson Mobile Communications AB"]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Programas\WinRAR\rarext.dll" [null data]
"{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"
-> {HKLM...CLSID} = "Portable Media Devices"
\InProcServer32\(Default) = "C:\WINDOWS\System32\Audiodev.dll" [MS]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
-> {HKLM...CLSID} = "Portable Media Devices Menu"
\InProcServer32\(Default) = "C:\WINDOWS\System32\Audiodev.dll" [MS]
"{B327765E-D724-4347-8B16-78AE18552FC3}" = "NeroDigitalIconHandler"
-> {HKLM...CLSID} = "NeroDigitalIconHandler Class"
\InProcServer32\(Default) = "C:\Programas\Ficheiros comuns\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]
"{7F1CF152-04F8-453A-B34C-E609530A9DC8}" = "NeroDigitalPropSheetHandler"
-> {HKLM...CLSID} = "NeroDigitalPropSheetHandler Class"
\InProcServer32\(Default) = "C:\Programas\Ficheiros comuns\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]
"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}" = "iTunes"
-> {HKLM...CLSID} = "iTunes"
\InProcServer32\(Default) = "D:\Programas\iTunes\iTunesMiniPlayer.dll" ["Apple Computer, Inc."]
"{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D}" = "Messenger Sharing Folders"
-> {HKLM...CLSID} = "My Sharing Folders"
\InProcServer32\(Default) = "C:\Programas\MSN Messenger\fsshext.8.0.0812.00.dll" [MS]
"{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802}" = "Adobe.Acrobat.ContextMenu"
-> {HKLM...CLSID} = "Acrobat Elements Context Menu"
\InProcServer32\(Default) = "C:\Programas\Adobe\Acrobat 7.0\Acrobat Elements\ContextMenu.dll" ["Adobe Systems Inc."]
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
INFECTION WARNING! AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."]
HKLM\Software\Classes\Folder\shellex\ColumnHandlers\
{7D4D6379-F301-4311-BEBA-E26EB0561882}\(Default) = "NeroDigitalExt.NeroDigitalColumnHandler"
-> {HKLM...CLSID} = "NeroDigitalColumnHandler Class"
\InProcServer32\(Default) = "C:\Programas\Ficheiros comuns\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
-> {HKLM...CLSID} = "PDF Shell Extension"
\InProcServer32\(Default) = "C:\Programas\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]
HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
Adobe.Acrobat.ContextMenu\(Default) = "{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802}"
-> {HKLM...CLSID} = "Acrobat Elements Context Menu"
\InProcServer32\(Default) = "C:\Programas\Adobe\Acrobat 7.0\Acrobat Elements\ContextMenu.dll" ["Adobe Systems Inc."]
Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{FAD61B3D-699D-49B2-BE16-7F82CB4C59CA}"
-> {HKLM...CLSID} = "IEContextMenu Class"
\InProcServer32\(Default) = "C:\Programas\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Programas\WinRAR\rarext.dll" [null data]
ZipCentral\(Default) = "{40E85620-3DCB-11D3-8A0D-0060080C1EFA}"
-> {HKLM...CLSID} = "ZipCentral"
\InProcServer32\(Default) = "C:\Programas\ZipCentral\zccm.dll" ["Johan Savås"]
HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Programas\WinRAR\rarext.dll" [null data]
ZipCentral\(Default) = "{40E85620-3DCB-11D3-8A0D-0060080C1EFA}"
-> {HKLM...CLSID} = "ZipCentral"
\InProcServer32\(Default) = "C:\Programas\ZipCentral\zccm.dll" ["Johan Savås"]
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{FAD61B3D-699D-49B2-BE16-7F82CB4C59CA}"
-> {HKLM...CLSID} = "IEContextMenu Class"
\InProcServer32\(Default) = "C:\Programas\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Programas\WinRAR\rarext.dll" [null data]
ZipCentral\(Default) = "{40E85620-3DCB-11D3-8A0D-0060080C1EFA}"
-> {HKLM...CLSID} = "ZipCentral"
\InProcServer32\(Default) = "C:\Programas\ZipCentral\zccm.dll" ["Johan Savås"]
Active Desktop and Wallpaper:
-----------------------------
Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\Sérgio Nobre\Definições locais\Application Data\Microsoft\Wallpaper1.bmp"
Enabled Screen Saver:
---------------------
HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\System32\ssstars.scr" [MS]
Startup items in "Sérgio Nobre" & "All Users" startup folders:
--------------------------------------------------------------
C:\Documents and Settings\Sérgio Nobre\Menu Iniciar\Programas\Arranque
"Adobe Gamma" -> shortcut to: "C:\Programas\Ficheiros comuns\Adobe\Calibration\Adobe Gamma Loader.exe" ["Adobe Systems, Inc."]
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Arranque
"Microsoft Office" -> shortcut to: "C:\Programas\Microsoft Office\Office\OSA9.EXE -b -l" [MS]
"Adobe Acrobat Speed Launcher" -> shortcut to: "C:\WINDOWS\Installer\{AC76BA86-1033-F400-8796-100000000002}\SC_Acrobat.exe" [null data]
Enabled Scheduled Tasks:
------------------------
"Norton AntiVirus - Run Full System Scan - Sérgio Nobre" -> launches: "C:\PROGRA~1\NORTON~1\Navw32.exe /TASK:"C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Tasks\mycomp.sca"" ["Symantec Corporation"]
Winsock2 Service Provider DLLs:
-------------------------------
Namespace Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
Transport Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 20
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05
Toolbars, Explorer Bars, Extensions:
------------------------------------
Toolbars
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}"
-> {HKLM...CLSID} = "Adobe PDF"
\InProcServer32\(Default) = "C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll" ["Adobe Systems Incorporated"]
"{821F87FF-8245-4972-9E28-732E92EC2F51}"
-> {HKLM...CLSID} = "&VSToolBar"
\InProcServer32\(Default) = "C:\Programas\VSToolbar\VSToolBar.dll" [file not found]
HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{EE5D279F-081B-4404-994D-C6B60AAEBA6D}" = (no title provided)
-> {HKLM...CLSID} = "EPSON Web-To-Page"
\InProcServer32\(Default) = "C:\Programas\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll" ["SEIKO EPSON CORPORATION"]
"{C4069E3A-68F1-403E-B40E-20066696354B}" = "Norton AntiVirus"
-> {HKLM...CLSID} = "Norton AntiVirus"
\InProcServer32\(Default) = "C:\Programas\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" = (no title provided)
-> {HKLM...CLSID} = "Adobe PDF"
\InProcServer32\(Default) = "C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll" ["Adobe Systems Incorporated"]
Explorer Bars
HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\
{182EC0BE-5110-49C8-A062-BEB1D02A220B}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Adobe PDF"
\InProcServer32\(Default) = "C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll" ["Adobe Systems Incorporated"]
Miscellaneous IE Hijack Points
------------------------------
C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings")
Added lines (compared with English-language version):
[Strings]: START_PAGE_URL=http://www.fbnet.pt/pcg/
Missing lines (compared with English-language version):
[Strings]: 1 line
Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------
Adobe LM Service, Adobe LM Service, ""C:\Programas\Ficheiros comuns\Adobe Systems Shared\Service\Adobelmsvc.exe"" ["Adobe Systems"]
Ati HotKey Poller, Ati HotKey Poller, "C:\WINDOWS\System32\Ati2evxx.exe" ["ATI Technologies Inc."]
Automatic LiveUpdate Scheduler, Automatic LiveUpdate Scheduler, ""C:\Programas\Symantec\LiveUpdate\ALUSchedulerSvc.exe"" ["Symantec Corporation"]
Fax, Fax, "C:\WINDOWS\system32\fxssvc.exe" [MS]
iPodService, iPodService, "C:\Programas\iPod\bin\iPodService.exe" ["Apple Computer, Inc."]
Norton AntiVirus Auto-Protect Service, navapsvc, ""C:\Programas\Norton AntiVirus\navapsvc.exe"" ["Symantec Corporation"]
Norton AntiVirus Firewall Monitor Service, NPFMntor, ""C:\Programas\Norton AntiVirus\IWP\NPFMntor.exe"" ["Symantec Corporation"]
Norton Protection Center Service, NSCService, ""C:\Programas\Ficheiros comuns\Symantec Shared\Security Console\NSCSRVCE.EXE"" ["Symantec Corporation"]
SPBBCSvc, SPBBCSvc, ""C:\Programas\Ficheiros comuns\Symantec Shared\SPBBC\SPBBCSvc.exe"" ["Symantec Corporation"]
Sygate Personal Firewall, SmcService, "D:\Programas\Sygate\SPF\smc.exe" ["Sygate Technologies, Inc."]
Symantec Core LC, Symantec Core LC, ""C:\Programas\Ficheiros comuns\Symantec Shared\CCPD-LC\symlcsvc.exe"" ["Symantec Corporation"]
Symantec Event Manager, ccEvtMgr, ""C:\Programas\Ficheiros comuns\Symantec Shared\ccEvtMgr.exe"" ["Symantec Corporation"]
Symantec Network Drivers Service, SNDSrvc, ""C:\Programas\Ficheiros comuns\Symantec Shared\SNDSrvc.exe"" ["Symantec Corporation"]
Symantec Settings Manager, ccSetMgr, ""C:\Programas\Ficheiros comuns\Symantec Shared\ccSetMgr.exe"" ["Symantec Corporation"]
Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\System32\wdfmgr.exe" [MS]
Print Monitors:
---------------
HKLM\System\CurrentControlSet\Control\Print\Monitors\
Adobe PDF Port\Driver = "C:\WINDOWS\System32\AdobePDF.dll" ["Adobe Systems Incorporated."]
EPSON Stylus CX3600 Series 2KMonitor5E\Driver = "E_FLM9BE.DLL" ["SEIKO EPSON CORPORATION"]
Microsoft Shared Fax Monitor\Driver = "FXSMON.DLL" [MS]
PDF reDirect Monitor\Driver = "PDFreDirectMonNT.dll" [null data]
----------
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points and all Registry CLSIDs for dormant Explorer Bars,
use the -supp parameter or answer "No" at the first message box.
---------- (total run time: 206 seconds, including 2 seconds for message boxes)
- Kod: Zaznacz wszystko
Logfile of HijackThis v1.99.1
Scan saved at 15:10:03, on 01-10-2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
D:\Programas\Sygate\SPF\smc.exe
C:\Programas\Ficheiros comuns\Symantec Shared\ccSetMgr.exe
C:\Programas\Ficheiros comuns\Symantec Shared\ccEvtMgr.exe
C:\Programas\Ficheiros comuns\Symantec Shared\SNDSrvc.exe
C:\Programas\Ficheiros comuns\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programas\Ficheiros comuns\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programas\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programas\Synaptics\SynTP\SynTPLpr.exe
C:\Programas\Synaptics\SynTP\SynTPEnh.exe
C:\Programas\Java\jre1.5.0\bin\jusched.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE
C:\Programas\Google\Gmail Notifier\gnotify.exe
D:\Programas\Picasa2\PicasaMediaDetector.exe
C:\Programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
D:\Programas\iTunes\iTunesHelper.exe
C:\Programas\Ficheiros comuns\Symantec Shared\ccApp.exe
C:\Programas\Ficheiros comuns\Symantec Shared\Security Center\UsrPrmpt.exe
C:\Programas\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programas\MSN Messenger\MsnMsgr.Exe
C:\Programas\Ficheiros comuns\Ahead\lib\NMBgMonitor.exe
C:\Documents and Settings\Convidado\Definições locais\Application Data\Skype\Phone\Skype.exe
C:\Programas\Adobe\Acrobat 7.0\Distillr\AcroDist.exe
D:\Programas\Gadu-Gadu\gg.exe
C:\DOCUME~1\SÉRGIO~1\DEFINI~1\Temp\Adobelm_Cleanup.0001
C:\Programas\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Programas\Norton AntiVirus\navapsvc.exe
C:\Programas\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Programas\iPod\bin\iPodService.exe
C:\Programas\Ficheiros comuns\Adobe Systems Shared\Service\Adobelmsvc.exe
C:\Programas\Ficheiros comuns\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Programas\Messenger\msmsgs.exe
D:\Programas\Hijack - skanowanie\HijackThis.exe
D:\Programas\Mozilla Firefox\firefox.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.fbnet.pt/pcg/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer disponibilizado por PC Guia
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Programas\Norton AntiVirus\NavShExt.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programas\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programas\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Programas\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [preload] C:\Windows\RUNXMLPL.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programas\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programas\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programas\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programas\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SmcService] D:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [EPSON Stylus CX3600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P26 "EPSON Stylus CX3600 Series" /O6 "USB001" /M "Stylus CX3600"
O4 - HKLM\..\Run: [EPSON Stylus CX3600 Series (cópia 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P36 "EPSON Stylus CX3600 Series (cópia 1)" /O6 "USB001" /M "Stylus CX3600"
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Programas\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [Picasa Media Detector] d:\Programas\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [iTunesHelper] "D:\Programas\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Programas\Ficheiros comuns\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] "C:\Programas\Ficheiros comuns\Symantec Shared\Security Center\UsrPrmpt.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Programas\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programas\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programas\Ficheiros comuns\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Skype] "C:\Documents and Settings\Convidado\Definições locais\Application Data\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Gadu-Gadu] "D:\Programas\Gadu-Gadu\gg.exe" /tray
O4 - Startup: Adobe Gamma.lnk = C:\Programas\Ficheiros comuns\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programas\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O14 - IERESET.INF: START_PAGE_URL=http://www.fbnet.pt/pcg/
O15 - Trusted Zone: http://arcaonline.arcabit.com
O15 - Trusted Zone: http://www.mks.com.pl
O16 - DPF: {3D8700FB-86A4-4CB4-B738-6F0FC016AC7D} (MainControl Class) - http://arcaonline.arcabit.com/ArcaOnline.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programas\Ficheiros comuns\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Programas\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programas\Ficheiros comuns\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programas\Ficheiros comuns\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programas\Ficheiros comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programas\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Programas\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programas\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Programas\Ficheiros comuns\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: sasrfc Service (sasrfcService) - Unknown owner - C:\Programas\SAS Institute\SAS\V8\access\sasexe\sasrfc.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Programas\Norton AntiVirus\SAVScan.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - D:\Programas\Sygate\SPF\smc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programas\Ficheiros comuns\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Programas\Ficheiros comuns\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programas\Ficheiros comuns\Symantec Shared\CCPD-LC\symlcsvc.exe
przez Red 02 Paź 2006, 16:51
sprawdz jeszcze program files i jesli bedzie to usun recznie folder:
C:\Program Files\VSToolbar\VSToolBar.dll
-
Red - ^zasłużony
- Posty: 8694
- Dołączenie: 01 Wrz 2005, 10:57
- Miejscowość: Piaseczno
- Pochwały: 701
-
przez Bieniol 02 Paź 2006, 17:59
Kosmetycznie otwórz notatnik i wklej w nim to:
Plik -> zapisz jako -> zmień rozszerzenie na wszystkie pliki -> zapisz pod nazwą FIX.REG
Odpal plik FIX.REG i potwierdź dodanie do rejestru i reset kompa
Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{821F87FF-8245-4972-9E28-732E92EC2F51}"=-
Plik -> zapisz jako -> zmień rozszerzenie na wszystkie pliki -> zapisz pod nazwą FIX.REG
Odpal plik FIX.REG i potwierdź dodanie do rejestru i reset kompa
IE sluzy do przegladania internetu z twojego komputera i na odwrot !!
"...Everybody's going to the party have a real good time..."
"...Everybody's going to the party have a real good time..."
-
Bieniol - ~user
- Posty: 566
- Dołączenie: 16 Gru 2005, 21:23
- Miejscowość: Łódź
- Pochwały: 65
przez majlenka 02 Paź 2006, 18:17
no to chlopaki powtorka z rozrywki...odpalam drugie konto na kompie (poprzednio wszystko robilam na koncie admin) i co... welcome errorsafe....aaaaaaaaaaa...i co teraz?
[ Dodano: Dzisiaj o 18:24 ]
to z drugiego konta uzytkownika
[ Dodano: Dzisiaj o 18:24 ]
to z drugiego konta uzytkownika
- Kod: Zaznacz wszystko
Logfile of HijackThis v1.99.1
Scan saved at 17:03:25, on 01-10-2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\Explorer.EXE
C:\Programas\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programas\Synaptics\SynTP\SynTPLpr.exe
C:\Programas\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE
C:\Programas\Google\Gmail Notifier\gnotify.exe
D:\Programas\Picasa2\PicasaMediaDetector.exe
C:\Programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
D:\Programas\iTunes\iTunesHelper.exe
C:\Programas\Ficheiros comuns\Symantec Shared\ccApp.exe
C:\Programas\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programas\MSN Messenger\msnmsgr.exe
C:\Programas\Ficheiros comuns\Ahead\lib\NMBgMonitor.exe
C:\Documents and Settings\Convidado\Definições locais\Application Data\Skype\Phone\Skype.exe
D:\Programas\Gadu-Gadu\gg.exe
D:\Programas\Mozilla Firefox\firefox.exe
C:\Programas\Messenger\msmsgs.exe
D:\Programas\Hijack - skanowanie\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.fbnet.pt/pcg/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer disponibilizado por PC Guia
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Programas\Norton AntiVirus\NavShExt.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programas\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programas\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Programas\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [preload] C:\Windows\RUNXMLPL.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programas\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programas\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programas\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programas\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SmcService] D:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [EPSON Stylus CX3600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P26 "EPSON Stylus CX3600 Series" /O6 "USB001" /M "Stylus CX3600"
O4 - HKLM\..\Run: [EPSON Stylus CX3600 Series (cópia 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P36 "EPSON Stylus CX3600 Series (cópia 1)" /O6 "USB001" /M "Stylus CX3600"
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Programas\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [Picasa Media Detector] d:\Programas\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [iTunesHelper] "D:\Programas\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Programas\Ficheiros comuns\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] "C:\Programas\Ficheiros comuns\Symantec Shared\Security Center\UsrPrmpt.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Programas\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programas\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [QuickTime Task] "C:\Programas\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programas\Ficheiros comuns\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Skype] "C:\Documents and Settings\Convidado\Definições locais\Application Data\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Gadu-Gadu] "D:\Programas\Gadu-Gadu\gg.exe" /tray
O4 - Global Startup: Microsoft Office.lnk = C:\Programas\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O8 - Extra context menu item: &Search - http://kn.bar.need2find.com/KN/menusearch.html?p=KN
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O14 - IERESET.INF: START_PAGE_URL=http://www.fbnet.pt/pcg/
O15 - Trusted Zone: http://locator.cdn.imageservr.com
O15 - Trusted Zone: http://locator1.cdn.imageservr.com
O16 - DPF: {3D8700FB-86A4-4CB4-B738-6F0FC016AC7D} (MainControl Class) - http://arcaonline.arcabit.com/ArcaOnline.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programas\Ficheiros comuns\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Programas\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programas\Ficheiros comuns\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programas\Ficheiros comuns\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programas\Ficheiros comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programas\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Programas\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programas\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Programas\Ficheiros comuns\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: sasrfc Service (sasrfcService) - Unknown owner - C:\Programas\SAS Institute\SAS\V8\access\sasexe\sasrfc.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Programas\Norton AntiVirus\SAVScan.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - D:\Programas\Sygate\SPF\smc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programas\Ficheiros comuns\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Programas\Ficheiros comuns\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programas\Ficheiros comuns\Symantec Shared\CCPD-LC\symlcsvc.exe
przez Red 02 Paź 2006, 18:51
kosmetycznie zaptaszkuj:
O8 - Extra context menu item: &Search - http://kn.bar.need2find.com/KN/menusearch.html?p=KN
-
Red - ^zasłużony
- Posty: 8694
- Dołączenie: 01 Wrz 2005, 10:57
- Miejscowość: Piaseczno
- Pochwały: 701
-
32 posty(ów) • Strona 2 z 2 • 1, 2
Kto jest na forum
Użytkownicy przeglądający to forum: Brak zarejestrowanych użytkowników oraz 1 gość