Prosze o rutynowe sprawdzenie log'ów

przez **Bozz** » 16 Lis 2006, 17:21

Hijakthis

Logfile of HijackThis v1.99.1
Scan saved at 16:17:38, on 2006-11-16
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32LEXBCES.EXE
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSsystem32LEXPPS.EXE
C:Program FilesNetwork AssociatesVirusScanSHSTAT.EXE
C:Program FilesCommon FilesRealUpdate_OB ealsched.exe
C:Program FilesGadu-Gadugg.exe
C:Program FilesCommon FilesAheadLibNMBgMonitor.exe
C:Program FilesCommon FilesAheadLibNMIndexStoreSvr.exe
C:WINDOWSATKKBService.exe
C:Program FilesNetwork AssociatesCommon FrameworkFrameworkService.exe
C:Program FilesNetwork AssociatesVirusScanMcshield.exe
C:Program FilesNetwork AssociatesVirusScanVsTskMgr.exe
C:WINDOWSsystem32
vsvc32.exe
C:Program FilesWinampwinamp.exe
C:Program FilesGadu-Gadugg.exe
C:Program FilesMozilla Firefoxfirefox.exe
C:Program FilesBearShareBearShare.exe
C:Documents and Settings
nvPulpitHijackThis.exe

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://google.bearshare.com/pl/
R1 - HKCUSoftwareMicrosoftInternet Connection Wizard,ShellNext = http://ad.firstadsolution.com/rw?title=New offer!&qs=iframe3?nPMAADSDAQDZMQIA--AAAAIAAAAAAP8AAAAGEgACAALwogEAyXQBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA2CiQfqCBzT8AAAAAAAAAAOSKi6NyE9U.AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAZB-uKMDUgQH1SLzqguqVYa8J5s5qe9HP3nyXfQAAAAA=,,http://www.bearshare.com/home/index.htm (obfuscated)
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
O2 - BHO: XBTP01621 - {9EBBE90B-282E-4c39-8A7E-120749169F0F} - C:PROGRA~1BEARSH~2MediaBar.dll
O3 - Toolbar: BearShare MediaBar - {B7D3E479-CC68-42B5-A338-938ECE35F419} - C:Program FilesBearShare MediaBarMediaBar.dll
O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup
O4 - HKLM..Run: [ShStatEXE] "C:Program FilesNetwork AssociatesVirusScanSHSTAT.EXE" /STANDALONE
O4 - HKLM..Run: [NeroFilterCheck] C:Program FilesCommon FilesAheadLibNeroCheck.exe
O4 - HKLM..Run: [I downloaded pirated Software from P2P ] Need for Speed Carbon
O4 - HKLM..Run: [TkBellExe] "C:Program FilesCommon FilesRealUpdate_OB ealsched.exe" -osboot
O4 - HKCU..Run: [Gadu-Gadu] "C:Program FilesGadu-Gadugg.exe" /tray
O4 - HKCU..Run: [Internet Download Accelerator] C:Program FilesIDAida.exe -autorun
O4 - HKCU..Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:Program FilesCommon FilesAheadLibNMBgMonitor.exe"
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:PROGRA~1MICROS~2Office10EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.5.0_02in
pjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.5.0_02in
pjpi150_02.dll
O9 - Extra button: (no name) - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:WINDOWSATKKBService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:WINDOWSsystem32LEXBCES.EXE
O23 - Service: Serwis struktury programu McAfee (McAfeeFramework) - Network Associates, Inc. - C:Program FilesNetwork AssociatesCommon FrameworkFrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:Program FilesNetwork AssociatesVirusScanMcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:Program FilesNetwork AssociatesVirusScanVsTskMgr.exe
O23 - Service: NBService - Nero AG - C:Program FilesNeroNero 7Nero BackItUpNBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:WINDOWSsystem32
vsvc32.exe

Silent

"Silent Runners.vbs", revision 48, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"

Startup items buried in registry:
---------------------------------

HKCUSOFTWAREMicrosoftWindowsCurrentVersionRun {++}
"Gadu-Gadu" = ""C:Program FilesGadu-Gadugg.exe" /tray" ["Gadu-Gadu S.A."]
"Internet Download Accelerator" = "C:Program FilesIDAida.exe -autorun" [file not found]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" = ""C:Program FilesCommon FilesAheadLibNMBgMonitor.exe"" ["Nero AG"]

HKLMSOFTWAREMicrosoftWindowsCurrentVersionRun {++}
"NvCplDaemon" = "RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup" [MS]
"ShStatEXE" = ""C:Program FilesNetwork AssociatesVirusScanSHSTAT.EXE" /STANDALONE" ["Network Associates, Inc."]
"NeroFilterCheck" = "C:Program FilesCommon FilesAheadLibNeroCheck.exe" ["Nero AG"]
"I downloaded pirated Software from P2P " = "Need for Speed Carbon" [file not found]
"TkBellExe" = ""C:Program FilesCommon FilesRealUpdate_OB ealsched.exe" -osboot" ["RealNetworks, Inc."]

HKLMSoftwareMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects
{9EBBE90B-282E-4c39-8A7E-120749169F0F}(Default) = "XBTP01621"

{HKLM...CLSID} = "XBTP01621 Class"
InProcServer32(Default) = "C:PROGRA~1BEARSH~2MediaBar.dll" ["IE Toolbar"]

HKLMSoftwareMicrosoftWindowsCurrentVersionShell ExtensionsApproved
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"

{HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"
InProcServer32(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"

{HKLM...CLSID} = "HyperTerminal Icon Ext"
InProcServer32(Default) = "C:WINDOWSsystem32hticons.dll" ["Hilgraeve, Inc."]
"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"

{HKLM...CLSID} = "DesktopContext Class"
InProcServer32(Default) = "C:WINDOWSsystem32
vcpl.dll" ["NVIDIA Corporation"]
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"

{HKLM...CLSID} = "NVIDIA CPL Extension"
InProcServer32(Default) = "C:WINDOWSsystem32
vcpl.dll" ["NVIDIA Corporation"]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"

{HKLM...CLSID} = "Desktop Explorer"
InProcServer32(Default) = "C:WINDOWSsystem32
vshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"

{HKLM...CLSID} = (no title provided)
InProcServer32(Default) = "C:WINDOWSsystem32
vshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"

{HKLM...CLSID} = "nView Desktop Context Menu"
InProcServer32(Default) = "C:WINDOWSsystem32
vshell.dll" ["NVIDIA Corporation"]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"

{HKLM...CLSID} = "WinRAR"
InProcServer32(Default) = "C:Program FilesWinRAR arext.dll" [null data]
"{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"

{HKLM...CLSID} = "Portable Media Devices"
InProcServer32(Default) = "C:WINDOWSsystem32Audiodev.dll" [MS]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"

{HKLM...CLSID} = "Portable Media Devices Menu"
InProcServer32(Default) = "C:WINDOWSsystem32Audiodev.dll" [MS]
"{21569614-B795-46b1-85F4-E737A8DC09AD}" = "Shell Search Band"

{HKLM...CLSID} = "Shell Search Band"
InProcServer32(Default) = "C:WINDOWSsystem32rowseui.dll" [MS]
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"

{HKLM...CLSID} = "RealOne Player Context Menu Class"
InProcServer32(Default) = "C:Program FilesRealRealPlayer pshell.dll" ["RealNetworks, Inc."]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"

{HKLM...CLSID} = "Outlook File Icon Extension"
InProcServer32(Default) = "C:Program FilesMicrosoft OfficeOffice10OLKFSTUB.DLL" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"

{HKLM...CLSID} = (no title provided)
InProcServer32(Default) = "C:Program FilesMicrosoft OfficeOffice10msohev.dll" [MS]

HKLMSoftwareClasses*shellexContextMenuHandlers
VirusScan(Default) = "{cda2863e-2497-4c49-9b89-06840e070a87}"

{HKLM...CLSID} = (no title provided)
InProcServer32(Default) = "C:Program FilesNetwork AssociatesVirusScanshext.dll" ["Network Associates, Inc."]
WinRAR(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

{HKLM...CLSID} = "WinRAR"
InProcServer32(Default) = "C:Program FilesWinRAR arext.dll" [null data]

HKLMSoftwareClassesDirectoryshellexContextMenuHandlers
VirusScan(Default) = "{cda2863e-2497-4c49-9b89-06840e070a87}"

{HKLM...CLSID} = (no title provided)
InProcServer32(Default) = "C:Program FilesNetwork AssociatesVirusScanshext.dll" ["Network Associates, Inc."]
WinRAR(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

{HKLM...CLSID} = "WinRAR"
InProcServer32(Default) = "C:Program FilesWinRAR arext.dll" [null data]

HKLMSoftwareClassesFoldershellexContextMenuHandlers
VirusScan(Default) = "{cda2863e-2497-4c49-9b89-06840e070a87}"

{HKLM...CLSID} = (no title provided)
InProcServer32(Default) = "C:Program FilesNetwork AssociatesVirusScanshext.dll" ["Network Associates, Inc."]
WinRAR(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

{HKLM...CLSID} = "WinRAR"
InProcServer32(Default) = "C:Program FilesWinRAR arext.dll" [null data]

Active Desktop and Wallpaper:
-----------------------------

Active Desktop is disabled at this entry:
HKCUSoftwareMicrosoftWindowsCurrentVersionExplorerShellState

HKCUControl PanelDesktop
"Wallpaper" = "C:Documents and Settings
nvUstawienia lokalneDane aplikacjiMicrosoftWallpaper1.bmp"

Enabled Screen Saver:
---------------------

HKCUControl PanelDesktop
"SCRNSAVE.EXE" = "C:WINDOWSsystem32logon.scr" [MS]

Enabled Scheduled Tasks:
------------------------

"At1"

launches: "C:WINDOWSsystem32wunauclt.exe" [file not found]
"At2"

launches: "C:WINDOWSsystem32wunauclt.exe" [file not found]
"At3"

launches: "C:WINDOWSsystem32wunauclt.exe" [file not found]
"At4"

launches: "C:WINDOWSsystem32wunauclt.exe" [file not found]
"At5"

launches: "C:WINDOWSsystem32wunauclt.exe" [file not found]
"At6"

launches: "C:WINDOWSsystem32wunauclt.exe" [file not found]

Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLMSystemCurrentControlSetServicesWinsock2ParametersNameSpace_Catalog5Catalog_Entries {++}
000000000001LibraryPath = "%SystemRoot%System32mswsock.dll" [MS]
000000000002LibraryPath = "%SystemRoot%System32winrnr.dll" [MS]
000000000003LibraryPath = "%SystemRoot%System32mswsock.dll" [MS]

Transport Service Providers

HKLMSystemCurrentControlSetServicesWinsock2ParametersProtocol_Catalog9Catalog_Entries {++}
0000000000##PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%system32mswsock.dll [MS], 01 - 03, 06 - 11
%SystemRoot%system32 svpsp.dll [MS], 04 - 05

Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKCUSoftwareMicrosoftInternet ExplorerToolbarWebBrowser
"{B7D3E479-CC68-42B5-A338-938ECE35F419}"

{HKLM...CLSID} = "BearShare MediaBar"
InProcServer32(Default) = "C:Program FilesBearShare MediaBarMediaBar.dll" ["IE Toolbar"]

HKLMSoftwareMicrosoftInternet ExplorerToolbar
"{B7D3E479-CC68-42B5-A338-938ECE35F419}" = (no title provided)

{HKLM...CLSID} = "BearShare MediaBar"
InProcServer32(Default) = "C:Program FilesBearShare MediaBarMediaBar.dll" ["IE Toolbar"]

Extensions (Tools menu items, main toolbar menu buttons)

HKLMSoftwareMicrosoftInternet ExplorerExtensions
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBC}"

{HKLM...CLSID} = "Java Plug-in 1.5.0_02"
InProcServer32(Default) = "C:Program FilesJavajre1.5.0_02in
pjpi150_02.dll" ["Sun Microsystems, Inc."]

{9819CC0E-9669-4D01-9CD7-2C66DA43AC6C}

{FB5F1910-F110-11D2-BB9E-00C04F795683}
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:Program FilesMessengermsmsgs.exe" [MS]

Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

ATK Keyboard Service, ATKKeyboardService, "C:WINDOWSATKKBService.exe" ["ASUSTeK COMPUTER INC."]
LexBce Server, LexBceS, "C:WINDOWSsystem32LEXBCES.EXE" ["Lexmark International, Inc."]
Network Associates McShield, McShield, ""C:Program FilesNetwork AssociatesVirusScanMcshield.exe"" ["Network Associates, Inc."]
Network Associates Task Manager, McTaskManager, ""C:Program FilesNetwork AssociatesVirusScanVsTskMgr.exe"" ["Network Associates, Inc."]
NVIDIA Display Driver Service, NVSvc, "C:WINDOWSsystem32
vsvc32.exe" ["NVIDIA Corporation"]
Serwis struktury programu McAfee, McAfeeFramework, "C:Program FilesNetwork AssociatesCommon FrameworkFrameworkService.exe /ServiceStart" ["Network Associates, Inc."]
Windows User Mode Driver Framework, UMWdf, "C:WINDOWSsystem32wdfmgr.exe" [MS]

Print Monitors:
---------------

HKLMSystemCurrentControlSetControlPrintMonitors
Lexmark Network PortDriver = "LEXLMPM.DLL" ["Lexmark International, Inc."]

----------
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points and all Registry CLSIDs for dormant Explorer Bars,
use the -supp parameter or answer "No" at the first message box.
---------- (total run time: 33 seconds, including 2 seconds for message boxes)

przez **pp3088** » 16 Lis 2006, 18:27

Bozz'' napisał(a):Hijakthis
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://google.bearshare.com/pl/
R1 - HKCUSoftwareMicrosoftInternet Connection Wizard,ShellNext = http://ad.firstadsolution.com/rw?title=New offer!&qs=iframe3?nPMAADSDAQDZMQIA--AAAAIAAAAAAP8AAAAGEgACAALwogEAyXQBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA2CiQfqCBzT8AAAAAAAAAAOSKi6NyE9U.AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAZB-uKMDUgQH1SLzqguqVYa8J5s5qe9HP3nyXfQAAAAA=,,http://www.bearshare.com/home/index.htm (obfuscated)
O2 - BHO: XBTP01621 - {9EBBE90B-282E-4c39-8A7E-120749169F0F} - C:PROGRA~1BEARSH~2MediaBar.dll
O3 - Toolbar: BearShare MediaBar - {B7D3E479-CC68-42B5-A338-938ECE35F419} - C:Program FilesBearShare MediaBarMediaBar.dll
O4 - HKLM..Run: [I downloaded pirated Software from P2P ] Need for Speed Carbon
O4 - HKCU..Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:Program FilesCommon FilesAheadLibNMBgMonitor.exe"
O9 - Extra button: (no name) - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - (no file)

Kasujesz te wpisy i usuwasz folder BearSareMediaBar

Enabled Scheduled Tasks:
------------------------

"At1" launches: "C:WINDOWSsystem32wunauclt.exe" [file not found]
"At2" launches: "C:WINDOWSsystem32wunauclt.exe" [file not found]
"At3" launches: "C:WINDOWSsystem32wunauclt.exe" [file not found]
"At4" launches: "C:WINDOWSsystem32wunauclt.exe" [file not found]
"At5" launches: "C:WINDOWSsystem32wunauclt.exe" [file not found]
"At6" launches: "C:WINDOWSsystem32wunauclt.exe" [file not found]

)

Ściągnij program WinPatrol http://www.instalki.pl/programy/downloa ... atrol.html
po zainstalowaniu odpal go. Przejdź do Scheduled Tasks i usuńpozycję widoczną wyżej.

Nowe logi

P.S. Czemu ten antywir. Jest mało znan i do iedawna był na blackliście. radzę go wymienić.

przez **Bozz** » 16 Lis 2006, 21:19

A to w hijacku moge tak normalnie usunac czy tzreba w awaryjnym?

przez **pp3088** » 16 Lis 2006, 21:35

Spróbuj normalnie.

przez **Bozz** » 17 Lis 2006, 14:34

Wszystko zrobilem, zainstalowałem BearShare PRO [slyszalem ze lepszy] właczylem kompa jeszcze raz i...

Hijjaktjis

Logfile of HijackThis v1.99.1
Scan saved at 13:56:45, on 2006-11-17
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32LEXBCES.EXE
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSsystem32LEXPPS.EXE
C:Program FilesNetwork AssociatesVirusScanSHSTAT.EXE
C:Program FilesCommon FilesRealUpdate_OB ealsched.exe
C:Program FilesBillP StudiosWinPatrolwinpatrol.exe
C:Program FilesGadu-Gadugg.exe
C:WINDOWSATKKBService.exe
C:Program FilesNetwork AssociatesCommon FrameworkFrameworkService.exe
C:Program FilesNetwork AssociatesVirusScanMcshield.exe
C:Program FilesNetwork AssociatesVirusScanVsTskMgr.exe
C:WINDOWSsystem32
vsvc32.exe
C:Program FilesGadu-Gadugg.exe
C:Program FilesWinampwinamp.exe
C:Program FilesBearShareBearShare.exe
C:Program FilesMozilla Firefoxfirefox.exe
C:Documents and Settings
nvPulpitHijackThis.exe

R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup
O4 - HKLM..Run: [ShStatEXE] "C:Program FilesNetwork AssociatesVirusScanSHSTAT.EXE" /STANDALONE
O4 - HKLM..Run: [NeroFilterCheck] C:Program FilesCommon FilesAheadLibNeroCheck.exe
O4 - HKLM..Run: [TkBellExe] "C:Program FilesCommon FilesRealUpdate_OB ealsched.exe" -osboot
O4 - HKLM..Run: [WinPatrol] C:Program FilesBillP StudiosWinPatrolwinpatrol.exe
O4 - HKCU..Run: [Gadu-Gadu] "C:Program FilesGadu-Gadugg.exe" /tray
O4 - HKCU..Run: [Internet Download Accelerator] C:Program FilesIDAida.exe -autorun
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:PROGRA~1MICROS~2Office10EXCEL.EXE/3000
O9 - Extra button: (no name) - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:WINDOWSATKKBService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:WINDOWSsystem32LEXBCES.EXE
O23 - Service: Serwis struktury programu McAfee (McAfeeFramework) - Network Associates, Inc. - C:Program FilesNetwork AssociatesCommon FrameworkFrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:Program FilesNetwork AssociatesVirusScanMcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:Program FilesNetwork AssociatesVirusScanVsTskMgr.exe
O23 - Service: NBService - Nero AG - C:Program FilesNeroNero 7Nero BackItUpNBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:WINDOWSsystem32
vsvc32.exe

Silent

"Silent Runners.vbs", revision 48, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"

Startup items buried in registry:
---------------------------------

HKCUSOFTWAREMicrosoftWindowsCurrentVersionRun {++}
"Gadu-Gadu" = ""C:Program FilesGadu-Gadugg.exe" /tray" ["Gadu-Gadu S.A."]
"Internet Download Accelerator" = "C:Program FilesIDAida.exe -autorun" [file not found]

HKLMSOFTWAREMicrosoftWindowsCurrentVersionRun {++}
"NvCplDaemon" = "RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup" [MS]
"ShStatEXE" = ""C:Program FilesNetwork AssociatesVirusScanSHSTAT.EXE" /STANDALONE" ["Network Associates, Inc."]
"NeroFilterCheck" = "C:Program FilesCommon FilesAheadLibNeroCheck.exe" ["Nero AG"]
"TkBellExe" = ""C:Program FilesCommon FilesRealUpdate_OB ealsched.exe" -osboot" ["RealNetworks, Inc."]
"WinPatrol" = "C:Program FilesBillP StudiosWinPatrolwinpatrol.exe" ["BillP Studios"]

HKLMSoftwareMicrosoftWindowsCurrentVersionShell ExtensionsApproved
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"