witam,
prosze o sparwdzenie loga
z góry wielkie dzięki
grape
"Silent Runners.vbs", revision 49,
http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKLMSoftwareMicrosoftWindowsCurrentVersionRun {++}
"SigmatelSysTrayApp" = "stsystra.exe" ["SigmaTel, Inc."]
"ASUS Live Update" = "C:Program FilesASUSASUS Live UpdateALU.exe" [empty string]
"ATKMEDIA" = "C:Program FilesASUSATK MediaDMEDIA.EXE" ["ASUSTeK Computer INC."]
"SynTPEnh" = "C:Program FilesSynapticsSynTPSynTPEnh.exe" ["Synaptics, Inc."]
"ABLKSR" = "C:WINDOWSABLKSRABLKSR.exe" ["ASYSTeK Computer INC."]
"ccApp" = ""c:Program FilesCommon FilesSymantec SharedccApp.exe"" ["Symantec Corporation"]
"Power_Gear" = "C:Program FilesASUSPower4 GearBatteryLife.exe 1" ["ASUSTeK Computer Inc."]
"ACMON" = "C:Program FilesASUSSplendidACMON.exe" ["ATK"]
"IntelZeroConfig" = ""C:Program FilesIntelWirelessinCfgSvc.exe"" ["Intel Corporation"]
"(Default)" = "(empty string)" [file not found]
"Symantec NetDriver Monitor" = "C:PROGRA~1SYMNET~1SNDMon.exe /Consumer" ["Symantec Corporation"]
"ISUSPM Startup" = ""C:Program FilesCommon FilesInstallShieldUpdateServiceisuspm.exe" -startup" ["Macrovision Corporation"]
"ISUSScheduler" = ""C:Program FilesCommon FilesInstallShieldUpdateServiceissch.exe" -start" ["Macrovision Corporation"]
"Wireless Console 2" = "C:Program FilesWireless Console 2wcourier.exe" [null data]
"igfxhkcmd" = "C:WINDOWSsystem32hkcmd.exe" ["Intel Corporation"]
"IntelWireless" = ""C:Program FilesIntelWirelessBinifrmewrk.exe" /tf Intel PROSet/Wireless" ["Intel Corporation"]
"igfxtray" = "C:WINDOWSsystem32igfxtray.exe" ["Intel Corporation"]
"igfxpers" = "C:WINDOWSsystem32igfxpers.exe" ["Intel Corporation"]
"EOUApp" = ""C:Program FilesIntelWirelessBinEOUWiz.exe"" ["Intel Corporation"]
"HControl" = "C:WINDOWSATK0100HControl.exe" [empty string]
HKLMSoftwareMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided)
{HKLM...CLSID} = "Adobe PDF Reader Link Helper"
InProcServer32(Default) = "C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll" ["Adobe Systems Incorporated"]
{4E7BD74F-2B8D-469E-A1FB-F862B587B57D}(Default) = (no title provided)
{HKLM...CLSID} = "Orange"
InProcServer32(Default) = "C:PROGRA~1orange3orange3.dll" [empty string]
{9ECB9560-04F9-4bbc-943D-298DDF1699E1}(Default) = "Norton Internet Security"
{HKLM...CLSID} = "CNisExtBho Class"
InProcServer32(Default) = "c:Program FilesCommon FilesSymantec SharedAdBlockingNISShExt.dll" ["Symantec Corporation"]
{AE7CD045-E861-484f-8273-0445EE161910}(Default) = (no title provided)
{HKLM...CLSID} = "Adobe PDF Conversion Toolbar Helper"
InProcServer32(Default) = "C:Program FilesAdobeAcrobat 7.0AcrobatAcroIEFavClient.dll" ["Adobe Systems Incorporated"]
{BDF3E430-B101-42AD-A544-FADC6B084872}(Default) = "NAV Helper"
{HKLM...CLSID} = "CNavExtBho Class"
InProcServer32(Default) = "c:Program FilesNorton Internet SecurityNorton AntiVirusNavShExt.dll" ["Symantec Corporation"]
HKLMSoftwareMicrosoftWindowsCurrentVersionShell ExtensionsApproved
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"
{HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"
InProcServer32(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"
{HKLM...CLSID} = "HyperTerminal Icon Ext"
InProcServer32(Default) = "C:WINDOWSsystem32hticons.dll" ["Hilgraeve, Inc."]
"{2F603045-309F-11CF-9774-0020AFD0CFF6}" = "Synaptics Control Panel"
{HKLM...CLSID} = (no title provided)
InProcServer32(Default) = "C:Program FilesSynapticsSynTPSynTPCpl.dll" ["Synaptics, Inc."]
"{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802}" = "Adobe.Acrobat.ContextMenu"
{HKLM...CLSID} = "Acrobat Elements Context Menu"
InProcServer32(Default) = "C:Program FilesAdobeAcrobat 7.0Acrobat ElementsContextMenu.dll" ["Adobe Systems Inc."]
"{BB7DF450-F119-11CD-8465-00AA00425D90}" = "Microsoft Access Custom Icon Handler"
{HKLM...CLSID} = (no title provided)
InProcServer32(Default) = "C:Program FilesMicrosoft OfficeOfficesoa800.dll" [MS]
HKLMSoftwareMicrosoftWindows NTCurrentVersionWindows
<<!>> "AppInit_DLLs" = "acaptuser32.dll" ["Adobe Systems, Inc."]
HKLMSoftwareMicrosoftWindows NTCurrentVersionWinlogonNotify
<<!>> igfxcuiDLLName = "igfxdev.dll" ["Intel Corporation"]
HKLMSoftwareClassesFoldershellexColumnHandlers
{F9DB5320-233E-11D1-9F84-707F02C10627}(Default) = "PDF Column Info"
{HKLM...CLSID} = "PDF Shell Extension"
InProcServer32(Default) = "C:Program FilesAdobeAcrobat 7.0ActiveXPDFShell.dll" ["Adobe Systems, Inc."]
HKLMSoftwareClasses*shellexContextMenuHandlers
Adobe.Acrobat.ContextMenu(Default) = "{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802}"
{HKLM...CLSID} = "Acrobat Elements Context Menu"
InProcServer32(Default) = "C:Program FilesAdobeAcrobat 7.0Acrobat ElementsContextMenu.dll" ["Adobe Systems Inc."]
DAP_Menu(Default) = "{BED4C38B-F765-45AC-8C56-613F76BBF43E}"
{HKLM...CLSID} = "DAPMenuShellExt Class"
InProcServer32(Default) = "C:PROGRA~1DAPPRIVAC~1DAPCTX~1.DLL" ["Speedbit Ltd."]
DAP_ShredMenu(Default) = "{BED4C38B-F765-45AC-8C56-613F76BBF43E}"
{HKLM...CLSID} = "DAPMenuShellExt Class"
InProcServer32(Default) = "C:PROGRA~1DAPPRIVAC~1DAPCTX~1.DLL" ["Speedbit Ltd."]
Symantec.Norton.Antivirus.IEContextMenu(Default) = "{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}"
{HKLM...CLSID} = "IEContextMenu Class"
InProcServer32(Default) = "c:Program FilesNorton Internet SecurityNorton AntiVirusNavShExt.dll" ["Symantec Corporation"]
HKLMSoftwareClassesDirectoryshellexContextMenuHandlers
DAP_ShredMenu(Default) = "{BED4C38B-F765-45AC-8C56-613F76BBF43E}"
{HKLM...CLSID} = "DAPMenuShellExt Class"
InProcServer32(Default) = "C:PROGRA~1DAPPRIVAC~1DAPCTX~1.DLL" ["Speedbit Ltd."]
HKLMSoftwareClassesFoldershellexContextMenuHandlers
Symantec.Norton.Antivirus.IEContextMenu(Default) = "{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}"
{HKLM...CLSID} = "IEContextMenu Class"
InProcServer32(Default) = "c:Program FilesNorton Internet SecurityNorton AntiVirusNavShExt.dll" ["Symantec Corporation"]
Group Policies {policy setting}:
--------------------------------
Note: detected settings may not have any effect.
HKLMSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem
"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001
{Shutdown: Allow system to be shut down without having to log on}
"undockwithoutlogon" = (REG_DWORD) hex:0x00000001
{Devices: Allow undock without having to log on}
Active Desktop and Wallpaper:
-----------------------------
Active Desktop may be disabled at this entry:
HKCUSoftwareMicrosoftWindowsCurrentVersionExplorerShellState
Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCUSoftwareMicrosoftInternet ExplorerDesktopGeneral
"Wallpaper" = "C:WINDOWSsystem32configsystemprofileUstawienia lokalneDane aplikacjiMicrosoftWallpaper1.bmp"
Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCUControl PanelDesktop
"Wallpaper" = "C:Documents and SettingsŁukaszUstawienia lokalneDane aplikacjiMicrosoftWallpaper1.bmp"
Enabled Scheduled Tasks:
------------------------
"Norton AntiVirus - Scan my computer - Łukasz"
launches: "c:PROGRA~1NORTON~1NORTON~1Navw32.exe /task:"C:Documents and SettingsAll UsersDane aplikacjiSymantecNorton AntiVirusTasksmycomp.sca"" ["Symantec Corporation"]
Winsock2 Service Provider DLLs:
-------------------------------
Namespace Service Providers
HKLMSystemCurrentControlSetServicesWinsock2ParametersNameSpace_Catalog5Catalog_Entries {++}
000000000001LibraryPath = "%SystemRoot%System32mswsock.dll" [MS]
000000000002LibraryPath = "%SystemRoot%System32winrnr.dll" [MS]
000000000003LibraryPath = "%SystemRoot%System32mswsock.dll" [MS]
Transport Service Providers
HKLMSystemCurrentControlSetServicesWinsock2ParametersProtocol_Catalog9Catalog_Entries {++}
0000000000##PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%system32mswsock.dll [MS], 01 - 03, 06 - 19
%SystemRoot%system32
svpsp.dll [MS], 04 - 05
Toolbars, Explorer Bars, Extensions:
------------------------------------
Toolbars
HKCUSoftwareMicrosoftInternet ExplorerToolbarShellBrowser
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}"
{HKLM...CLSID} = "Norton AntiVirus"
InProcServer32(Default) = "c:Program FilesNorton Internet SecurityNorton AntiVirusNavShExt.dll" ["Symantec Corporation"]
HKCUSoftwareMicrosoftInternet ExplorerToolbarWebBrowser
"{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}"
{HKLM...CLSID} = "Norton Internet Security"
InProcServer32(Default) = "c:Program FilesCommon FilesSymantec SharedAdBlockingNISShExt.dll" ["Symantec Corporation"]
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}"
{HKLM...CLSID} = "Adobe PDF"
InProcServer32(Default) = "C:Program FilesAdobeAcrobat 7.0AcrobatAcroIEFavClient.dll" ["Adobe Systems Incorporated"]
"{4E7BD74F-2B8D-469E-A1FB-F862B587B57D}"
{HKLM...CLSID} = "Orange"
InProcServer32(Default) = "C:PROGRA~1orange3orange3.dll" [empty string]
HKLMSoftwareMicrosoftInternet ExplorerToolbar
"{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}" = "Norton Internet Security"
{HKLM...CLSID} = "Norton Internet Security"
InProcServer32(Default) = "c:Program FilesCommon FilesSymantec SharedAdBlockingNISShExt.dll" ["Symantec Corporation"]
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" = "Norton AntiVirus"
{HKLM...CLSID} = "Norton AntiVirus"
InProcServer32(Default) = "c:Program FilesNorton Internet SecurityNorton AntiVirusNavShExt.dll" ["Symantec Corporation"]
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" = (no title provided)
{HKLM...CLSID} = "Adobe PDF"
InProcServer32(Default) = "C:Program FilesAdobeAcrobat 7.0AcrobatAcroIEFavClient.dll" ["Adobe Systems Incorporated"]
"{4E7BD74F-2B8D-469E-A1FB-F862B587B57D}" = (no title provided)
{HKLM...CLSID} = "Orange"
InProcServer32(Default) = "C:PROGRA~1orange3orange3.dll" [empty string]
Explorer Bars
HKLMSoftwareMicrosoftInternet ExplorerExplorer Bars
{182EC0BE-5110-49C8-A062-BEB1D02A220B}(Default) = (no title provided)
{HKLM...CLSID} = "Adobe PDF"
InProcServer32(Default) = "C:Program FilesAdobeAcrobat 7.0AcrobatAcroIEFavClient.dll" ["Adobe Systems Incorporated"]
Extensions (Tools menu items, main toolbar menu buttons)
HKLMSoftwareMicrosoftInternet ExplorerExtensions
{FB5F1910-F110-11D2-BB9E-00C04F795683}
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:Program FilesMessengermsmsgs.exe" [MS]
Miscellaneous IE Hijack Points
------------------------------
C:WINDOWSINFIERESET.INF (used to "Reset Web Settings")
Added lines (compared with English-language version):
[Strings]: START_PAGE_URL=http://www.asus.com
Missing lines (compared with English-language version):
[Strings]: 1 line
Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------
Automatic LiveUpdate Scheduler, Automatic LiveUpdate Scheduler, ""C:Program FilesSymantecLiveUpdateALUSchedulerSvc.exe"" ["Symantec Corporation"]
HTTP SSL, HTTPFilter, "C:WINDOWSSystem32svchost.exe -k HTTPFilter" {"C:WINDOWSSystem32w3ssl.dll" [MS]}
Intel(R) PROSet/Wireless Event Log, EvtEng, "C:Program FilesIntelWirelessBinEvtEng.exe" ["Intel Corporation"]
Intel(R) PROSet/Wireless Registry Service, RegSrvc, "C:Program FilesIntelWirelessBinRegSrvc.exe" ["Intel Corporation"]
Intel(R) PROSet/Wireless Service, S24EventMonitor, "C:Program FilesIntelWirelessBinS24EvMon.exe" ["Intel Corporation "]
ISSvc, ISSVC, ""c:Program FilesNorton Internet SecurityISSVC.exe"" ["Symantec Corporation"]
Norton AntiVirus Auto-Protect Service, navapsvc, ""c:Program FilesNorton Internet SecurityNorton AntiVirus
avapsvc.exe"" ["Symantec Corporation"]
Symantec Event Manager, ccEvtMgr, ""c:Program FilesCommon FilesSymantec SharedccEvtMgr.exe"" ["Symantec Corporation"]
Symantec Network Drivers Service, SNDSrvc, ""c:Program FilesCommon FilesSymantec SharedSNDSrvc.exe"" ["Symantec Corporation"]
Symantec Network Proxy, ccProxy, ""c:Program FilesCommon FilesSymantec SharedccProxy.exe"" ["Symantec Corporation"]
Symantec Settings Manager, ccSetMgr, ""c:Program FilesCommon FilesSymantec SharedccSetMgr.exe"" ["Symantec Corporation"]
Symantec SPBBCSvc, SPBBCSvc, ""c:Program FilesCommon FilesSymantec SharedSPBBCSPBBCSvc.exe"" ["Symantec Corporation"]
WUSB54GSv2SVC, WUSB54GSv2SVC, ""C:Program FilesLinksys Wireless-G USB Wireless Network MonitorWLService.exe" "WUSB54GSv2.exe"" ["GEMTEKS"]
Print Monitors:
---------------
HKLMSystemCurrentControlSetControlPrintMonitors
Adobe PDF PortDriver = "C:WINDOWSsystem32AdobePDF.dll" ["Adobe Systems Incorporated."]
----------
<<!>>: Suspicious data at a malware launch point.
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points, use the -supp parameter or answer "No" at the
first message box and "Yes" at the second message box.
---------- (total run time: 47 seconds, including 26 seconds for message boxes)
Logfile of HijackThis v1.99.1
Scan saved at 23:42:31, on 2006-12-01
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesIntelWirelessBinEvtEng.exe
C:Program FilesIntelWirelessBinS24EvMon.exe
c:Program FilesCommon FilesSymantec SharedccProxy.exe
c:Program FilesCommon FilesSymantec SharedccSetMgr.exe
c:Program FilesNorton Internet SecurityISSVC.exe
c:Program FilesCommon FilesSymantec SharedSNDSrvc.exe
c:Program FilesCommon FilesSymantec SharedSPBBCSPBBCSvc.exe
C:WINDOWSExplorer.EXE
c:Program FilesCommon FilesSymantec SharedccEvtMgr.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesSymantecLiveUpdateALUSchedulerSvc.exe
c:Program FilesNorton Internet SecurityNorton AntiVirus
avapsvc.exe
C:Program FilesIntelWirelessBinRegSrvc.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesLinksys Wireless-G USB Wireless Network MonitorWLService.exe
C:Program FilesLinksys Wireless-G USB Wireless Network MonitorWUSB54GSv2.exe
C:WINDOWSstsystra.exe
C:Program FilesASUSATK MediaDMEDIA.EXE
C:Program FilesSynapticsSynTPSynTPEnh.exe
C:Program FilesCommon FilesSymantec SharedccApp.exe
C:Program FilesASUSSplendidACMON.exe
C:Program FilesIntelWirelessinCfgSvc.exe
C:WINDOWSsystem32ACEngSvr.exe
C:Program FilesCommon FilesInstallShieldUpdateServiceissch.exe
C:Program FilesWireless Console 2wcourier.exe
C:WINDOWSsystem32hkcmd.exe
C:Program FilesIntelWirelessBinifrmewrk.exe
C:WINDOWSsystem32igfxtray.exe
C:WINDOWSsystem32igfxpers.exe
C:Program FilesIntelWirelessBinEOUWiz.exe
C:WINDOWSATK0100HControl.exe
C:WINDOWSsystem32acovcnt.exe
C:WINDOWSATK0100ATKOSD.exe
C:PROGRA~1IntelWirelessBinDot1XCfg.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesInternet Exploreriexplore.exe
c:Program FilesCommon FilesSymantec SharedAdBlockingNSMdtr.exe
C:Program FilesDAPDAP.EXE
C:Program FilesMessengermsmsgs.exe
C:DOCUME~1ŁUKASZUSTAWI~1TempKatalog tymczasowy 2 dla hijackthis.zipHijackThis.exe
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page =
http://www.onet.pl/
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL =
http://www.asus.com
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Local Page =
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll
O2 - BHO: Orange - {4E7BD74F-2B8D-469E-A1FB-F862B587B57D} - C:PROGRA~1orange3orange3.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - c:Program FilesCommon FilesSymantec SharedAdBlockingNISShExt.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:Program FilesAdobeAcrobat 7.0AcrobatAcroIEFavClient.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:Program FilesNorton Internet SecurityNorton AntiVirusNavShExt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - c:Program FilesCommon FilesSymantec SharedAdBlockingNISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:Program FilesNorton Internet SecurityNorton AntiVirusNavShExt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:Program FilesAdobeAcrobat 7.0AcrobatAcroIEFavClient.dll
O3 - Toolbar: Orange - {4E7BD74F-2B8D-469E-A1FB-F862B587B57D} - C:PROGRA~1orange3orange3.dll
O4 - HKLM..Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM..Run: [ASUS Live Update] C:Program FilesASUSASUS Live UpdateALU.exe
O4 - HKLM..Run: [ATKMEDIA] C:Program FilesASUSATK MediaDMEDIA.EXE
O4 - HKLM..Run: [SynTPEnh] C:Program FilesSynapticsSynTPSynTPEnh.exe
O4 - HKLM..Run: [ABLKSR] C:WINDOWSABLKSRABLKSR.exe
O4 - HKLM..Run: [ccApp] "c:Program FilesCommon FilesSymantec SharedccApp.exe"
O4 - HKLM..Run: [Power_Gear] C:Program FilesASUSPower4 GearBatteryLife.exe 1
O4 - HKLM..Run: [ACMON] C:Program FilesASUSSplendidACMON.exe
O4 - HKLM..Run: [IntelZeroConfig] "C:Program FilesIntelWirelessinCfgSvc.exe"
O4 - HKLM..Run: [Symantec NetDriver Monitor] C:PROGRA~1SYMNET~1SNDMon.exe /Consumer
O4 - HKLM..Run: [ISUSPM Startup] "C:Program FilesCommon FilesInstallShieldUpdateServiceisuspm.exe" -startup
O4 - HKLM..Run: [ISUSScheduler] "C:Program FilesCommon FilesInstallShieldUpdateServiceissch.exe" -start
O4 - HKLM..Run: [Wireless Console 2] C:Program FilesWireless Console 2wcourier.exe
O4 - HKLM..Run: [igfxhkcmd] C:WINDOWSsystem32hkcmd.exe
O4 - HKLM..Run: [IntelWireless] "C:Program FilesIntelWirelessBinifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM..Run: [igfxtray] C:WINDOWSsystem32igfxtray.exe
O4 - HKLM..Run: [igfxpers] C:WINDOWSsystem32igfxpers.exe
O4 - HKLM..Run: [EOUApp] "C:Program FilesIntelWirelessBinEOUWiz.exe"
O4 - HKLM..Run: [HControl] C:WINDOWSATK0100HControl.exe
O8 - Extra context menu item: &Clean Traces - C:Program FilesDAPPrivacy Packagedapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:Program FilesDAPdapextie.htm
O8 - Extra context menu item: Convert link target to Adobe PDF -
res://C:Program FilesAdobeAcrobat 7.0AcrobatAcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF -
res://C:Program FilesAdobeAcrobat 7.0AcrobatAcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF -
res://C:Program FilesAdobeAcrobat 7.0AcrobatAcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF -
res://C:Program FilesAdobeAcrobat 7.0AcrobatAcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF -
res://C:Program FilesAdobeAcrobat 7.0AcrobatAcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF -
res://C:Program FilesAdobeAcrobat 7.0AcrobatAcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF -
res://C:Program FilesAdobeAcrobat 7.0AcrobatAcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF -
res://C:Program FilesAdobeAcrobat 7.0AcrobatAcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Download &all with DAP - C:Program FilesDAPdapextie2.htm
O8 - Extra context menu item: orange search -
file://C:Program FilesORANGE3CacheSelectedContextSearch.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com
O15 - Trusted Zone:
http://*.mks.com.pl
O16 - DPF: {5A09E43F-A0A7-4ABF-AF80-11367CF1DC8F} (MainControl Class) -
http://mks.com.pl/skaner/SkanerOnline.cab
O17 - HKLMSystemCCSServicesTcpip..{B20DB712-650A-4225-A945-9F9D09FDE953}: NameServer = 10.1.10.254
O20 - AppInit_DLLs: acaptuser32.dll
O20 - Winlogon Notify: igfxcui - C:WINDOWSSYSTEM32igfxdev.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:Program FilesCommon FilesAdobe Systems SharedServiceAdobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:Program FilesSymantecLiveUpdateALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:Program FilesCommon FilesSymantec SharedccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:Program FilesCommon FilesSymantec SharedccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:Program FilesCommon FilesSymantec SharedccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:Program FilesCommon FilesSymantec SharedccSetMgr.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:Program FilesIntelWirelessBinEvtEng.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - c:Program FilesNorton Internet SecurityISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:PROGRA~1SymantecLIVEUP~1LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:Program FilesNorton Internet SecurityNorton AntiVirus
avapsvc.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:Program FilesIntelWirelessBinRegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:Program FilesIntelWirelessBinS24EvMon.exe
O23 - Service: SAVScan - Symantec Corporation - c:Program FilesNorton Internet SecurityNorton AntiVirusSAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:PROGRA~1COMMON~1SYMANT~1SCRIPT~1SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:Program FilesCommon FilesSymantec SharedSNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:Program FilesCommon FilesSymantec SharedSPBBCSPBBCSvc.exe
O23 - Service: WUSB54GSv2SVC - Unknown owner - C:Program FilesLinksys Wireless-G USB Wireless Network MonitorWLService.exe" "WUSB54GSv2.exe (file missing)