Log... prosze sprawdzic

IP: *.neoplus.adsl.tpnet.pl 03.09.06, 15:16
Ojeja, strasznie sie muli, cos okropnego :(

Logfile of HijackThis v1.99.1
Scan saved at 15:11:29, on 03-09-06
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\PROGRAM FILES\REALVNC\VNC4\WINVNC4.EXE
C:\PROGRAM FILES\ANTIVIR PERSONALEDITION CLASSIC\SCHEDM.EXE
C:\WINDOWS\SYSTEM\WINDOWSUPAD0.EXE
C:\WINDOWS\SYSTEM\WINOA386.MOD
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\DPMW32.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\INTERNAT.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\AHEAD\INCD\INCD.EXE
C:\PROGRAM FILES\MULTIMEDIA CARD READER\SHWICON98.EXE
C:\WINDOWS\SYSTEM\MSTMON_N.EXE
C:\PROGRAM FILES\WANADOO\TASKBARICON.EXE
C:\PROGRAM FILES\ACD SYSTEMS\DEVDETECT\DEVDETECT.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\PROGRAM FILES\GADU-GADU\GG.EXE
C:\PROGRAM FILES\SAGEM\SAGEM F@ST 800-840\DSLMON.EXE
C:\WINDOWS\SYSTEM\WINOA386.MOD
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\WANADOO\ESPACEWANADOO.EXE
C:\PROGRAM FILES\WANADOO\COMCOMP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\WANADOO\WATCH.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\PULPIT\TECHNICZNE\HIJACKTHIS-1.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
www.neostrada.pl
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada
Plus wita Cie w Internecie
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [NDPS] C:\WINDOWS\SYSTEM\dpmw32.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [UFD Monitor] C:\Program Files\PanRam\UFD Utility\UFDMon.exe
O4 - HKLM\..\Run: [UFD Utility] C:\Program Files\PanRam\UFD Utility\UsbTD.exe
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [CriticalUpdate] C:\WINDOWS\SYSTEM\wucrtupd.exe -startup
O4 - HKLM\..\Run: [internat.exe] internat.exe
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [ABBYY Community Agent] C:\PROGRAM FILES\SPRINT & FINEREADER
5.0 OFFICE TRY&BUY\SPRINT\CAGENT.EXE
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [Sunkist] C:\Program Files\Multimedia Card Reader\shwicon98.exe
O4 - HKLM\..\Run: [KONICA MINOLTA PagePro 1300WStatusDisplay]
C:\WINDOWS\SYSTEM\MSTMON_N.EXE
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe
powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [autoclk] autoclk.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\WANADOO\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\WANADOO\TaskbarIcon.exe
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE C:\WINDOWS\SYSTEM\TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [Transparent] Trans.exe
O4 - HKLM\..\Run: [Camera Detector] C:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE
-autorun
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avgctrl] "C:\Program Files\AntiVir PersonalEdition
Classic\avgctrl.exe" /min
O4 - HKLM\..\Run: [Windows modez Verifier] WINDOWSUPAD0.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe
powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKLM\..\RunServices: [WinVNC4] "C:\PROGRAM
FILES\REALVNC\VNC4\WINVNC4.EXE" -noconsole -service
O4 - HKLM\..\RunServices: [schedm] "C:\Program Files\AntiVir PersonalEdition
Classic\schedm.exe"
O4 - HKLM\..\RunServices: [Windows modez Verifier] WINDOWSUPAD0.EXE
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\PROGRAM FILES\GADU-GADU\GG.EXE" /tray
O4 - Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\DSLMON.exe
O4 - Startup: Action Manager 32.lnk = C:\Program Files\ScannerU\AM32.exe
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM
FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsearch.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: ppctlcab - ppupdates.ca.com/downloads/scanner/ppctlcab.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13}
(PPSDKActiveXScanner.MainScreen) -
ppupdates.ca.com/downloads/scanner/axscanner.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) -
www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class)
- acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) -
www.windowsecurity.com/trojanscan/axscan.cab
O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) -
skaner.mks.com.pl/SkanerOnline.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) -
a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O18 - Protocol: wpmsg - {2E0AC5A0-3597-11D6-B3ED-0001021DC1C3} - C:\PROGRAM
FILES\WIRTUALNA POLSKA\KONTAKT\URL_WPMSG.DLL

    • Gość: Alus Re: Log... prosze sprawdzic IP: *.neoplus.adsl.tpnet.pl 03.09.06, 18:44
      Po resecie chodzi dosc dobrze okolo 30 minut, potem stopniowo zwalnia (efekt
      zacinajacej myszki, dlugotrwale uruchamianie aplikacji, otwieranie folderow
      itp.) AntiVir wykryl tylko trzy raczej malo znaczace rzeczy, ktore usunelam,
      Ewido nie chce mi sie uruchomic, informuje, ze 'nicht' na Windows 2000.

      Prosze wiec o pomoc. Dziekuje.

      Ala.
    • Gość: Kolobos Re: Log... prosze sprawdzic IP: *.warszawa.sdi.tpnet.pl 03.09.06, 19:35
      alt+ctrl+del i tam zakoncz:
      C:\WINDOWS\SYSTEM\WINDOWSUPAD0.EXE
      plik usun z dysku.

      W hjt usun:
      O4 - HKLM\..\Run: [Windows modez Verifier] WINDOWSUPAD0.EXE
      O4 - HKLM\..\RunServices: [Windows modez Verifier] WINDOWSUPAD0.EXE

      Do tego mozesz wylaczyc zbedne programy przy pomocy Start->uruchom->msconfig
      • Gość: Alus Re: Log... prosze sprawdzic IP: *.neoplus.adsl.tpnet.pl 03.09.06, 20:41
        alt+ctrl+del C:\WINDOWS\SYSTEM\WINDOWSUPAD0.EXE tego zakonczyc nie moge :( bo
        ja w takiej postaci tego nie mam. Mam za to:
        Explorer
        Neostrada
        Internat
        Firefox
        GG
        Rnaapp
        Mstmon_n
        Comcomp
        Taskbaricon
        Dslmon
        Devdetected
        Winooldap
        Qtaskl
        Cagent
        Incd
        Shwicon
        Dpmw32
        Rundll32
        Systray
        Winoldap
        Watch

        i w zwiazku z tym nie moge usunac tego pliku z dysku: odmowa dostepu...

        W hjt usunełam:
        O4 - HKLM\..\Run: [Windows modez Verifier] WINDOWSUPAD0.EXE
        O4 - HKLM\..\RunServices: [Windows modez Verifier] WINDOWSUPAD0.EXE
        log wkleje jak sie uporamy z tym pierwszym :(


        Hmmm juz nic nie rozumiem, po napisaniu tego co wyzej, zaczelam szukac
        C:\WINDOWS\SYSTEM\WINDOWSUPAD0.EXE i teraz nie moge znalezc. Czyzby pojawial sie
        po jakims czasie?
        Zanim doszlam co to znaczyc 'usun z dysku" potraktowalam go Killboxem ale
        zrozumialam jednak, ze usunac go moge, tak jak zasugerowales, no wiec dalej to
        co napisalam na wstepie. Potem reset komputera. (W pierwszej kolejnosci hij
        usunelam te dwa wpisy.
        I coz dalej?
        • Gość: Kolobos Re: Log... prosze sprawdzic IP: *.warszawa.sdi.tpnet.pl 03.09.06, 20:59
          Wklej nowy log.
          • Gość: Alus Re: Log... prosze sprawdzic IP: *.neoplus.adsl.tpnet.pl 03.09.06, 21:09
            Logfile of HijackThis v1.99.1
            Scan saved at 21:08:23, on 03-09-06
            Platform: Windows 98 SE (Win9x 4.10.2222A)
            MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

            Running processes:
            C:\WINDOWS\SYSTEM\KERNEL32.DLL
            C:\WINDOWS\SYSTEM\MSGSRV32.EXE
            C:\WINDOWS\SYSTEM\MPREXE.EXE
            C:\WINDOWS\SYSTEM\mmtask.tsk
            C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
            C:\PROGRAM FILES\REALVNC\VNC4\WINVNC4.EXE
            C:\PROGRAM FILES\ANTIVIR PERSONALEDITION CLASSIC\SCHEDM.EXE
            C:\WINDOWS\EXPLORER.EXE
            C:\WINDOWS\SYSTEM\SYSTRAY.EXE
            C:\WINDOWS\SYSTEM\DPMW32.EXE
            C:\WINDOWS\RUNDLL32.EXE
            C:\WINDOWS\TASKMON.EXE
            C:\WINDOWS\SYSTEM\INTERNAT.EXE
            C:\PROGRAM FILES\SPRINT & FINEREADER 5.0 OFFICE TRY&BUY\SPRINT\CAGENT.EXE
            C:\PROGRAM FILES\AHEAD\INCD\INCD.EXE
            C:\PROGRAM FILES\MULTIMEDIA CARD READER\SHWICON98.EXE
            C:\WINDOWS\SYSTEM\MSTASK.EXE
            C:\WINDOWS\SYSTEM\MSTMON_N.EXE
            C:\PROGRAM FILES\WANADOO\TASKBARICON.EXE
            C:\PROGRAM FILES\ACD SYSTEMS\DEVDETECT\DEVDETECT.EXE
            C:\WINDOWS\SYSTEM\QTTASK.EXE
            C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
            C:\PROGRAM FILES\GADU-GADU\GG.EXE
            C:\PROGRAM FILES\SAGEM\SAGEM F@ST 800-840\DSLMON.EXE
            C:\WINDOWS\SYSTEM\SPOOL32.EXE
            C:\WINDOWS\SYSTEM\WMIEXE.EXE
            C:\WINDOWS\SYSTEM\DDHELP.EXE
            C:\PROGRAM FILES\WANADOO\ESPACEWANADOO.EXE
            C:\PROGRAM FILES\WANADOO\COMCOMP.EXE
            C:\WINDOWS\SYSTEM\TAPISRV.EXE
            C:\PROGRAM FILES\WANADOO\WATCH.EXE
            C:\WINDOWS\SYSTEM\RNAAPP.EXE
            C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE
            C:\WINDOWS\PULPIT\TECHNICZNE\HIJACKTHIS-1.EXE

            R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
            www.neostrada.pl
            R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada
            Plus wita Cie w Internecie
            R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
            O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
            C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
            O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
            C:\WINDOWS\SYSTEM\MSDXM.OCX
            O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
            O4 - HKLM\..\Run: [NDPS] C:\WINDOWS\SYSTEM\dpmw32.exe
            O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
            O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
            O4 - HKLM\..\Run: [CriticalUpdate] C:\WINDOWS\SYSTEM\wucrtupd.exe -startup
            O4 - HKLM\..\Run: [internat.exe] internat.exe
            O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
            O4 - HKLM\..\Run: [ABBYY Community Agent] C:\PROGRAM FILES\SPRINT & FINEREADER
            5.0 OFFICE TRY&BUY\SPRINT\CAGENT.EXE
            O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
            O4 - HKLM\..\Run: [Sunkist] C:\Program Files\Multimedia Card Reader\shwicon98.exe
            O4 - HKLM\..\Run: [KONICA MINOLTA PagePro 1300WStatusDisplay]
            C:\WINDOWS\SYSTEM\MSTMON_N.EXE
            O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
            O4 - HKLM\..\Run: [autoclk] autoclk.exe
            O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\WANADOO\Watch.exe
            O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\WANADOO\TaskbarIcon.exe
            O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE C:\WINDOWS\SYSTEM\TWEAKUI.CPL,TweakMeUp
            O4 - HKLM\..\Run: [Transparent] Trans.exe
            O4 - HKLM\..\Run: [Camera Detector] C:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE
            -autorun
            O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
            O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
            Files\Real\Update_OB\realsched.exe" -osboot
            O4 - HKLM\..\Run: [avgctrl] "C:\Program Files\AntiVir PersonalEdition
            Classic\avgctrl.exe" /min
            O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe
            powrprof.dll,LoadCurrentPwrScheme
            O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
            O4 - HKLM\..\RunServices: [WinVNC4] "C:\PROGRAM FILES\REALVNC\VNC4\WINVNC4.EXE"
            -noconsole -service
            O4 - HKLM\..\RunServices: [schedm] "C:\Program Files\AntiVir PersonalEdition
            Classic\schedm.exe"
            O4 - HKCU\..\Run: [Gadu-Gadu] "C:\PROGRAM FILES\GADU-GADU\GG.EXE" /tray
            O4 - Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\DSLMON.exe
            O4 - Startup: Action Manager 32.lnk = C:\Program Files\ScannerU\AM32.exe
            O8 - Extra context menu item: &Google Search - res://C:\PROGRAM
            FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsearch.html
            O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
            C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
            O9 - Extra 'Tools' menuitem: Sun Java Console -
            {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
            Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
            O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
            O16 - DPF: ppctlcab - ppupdates.ca.com/downloads/scanner/ppctlcab.cab
            O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13}
            (PPSDKActiveXScanner.MainScreen) -
            ppupdates.ca.com/downloads/scanner/axscanner.cab
            O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) -
            www3.ca.com/securityadvisor/virusinfo/webscan.cab
            O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) -
            www.windowsecurity.com/trojanscan/axscan.cab
            O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) -
            skaner.mks.com.pl/SkanerOnline.cab
            O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) -
            a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
            O18 - Protocol: wpmsg - {2E0AC5A0-3597-11D6-B3ED-0001021DC1C3} - C:\PROGRAM
            FILES\WIRTUALNA POLSKA\KONTAKT\URL_WPMSG.DLL

            • Gość: Kolobos Re: Log... prosze sprawdzic IP: *.warszawa.sdi.tpnet.pl 04.09.06, 06:00
              Wyglada ok.
              • Gość: Alus Re: Log... prosze sprawdzic IP: *.neoplus.adsl.tpnet.pl 04.09.06, 08:53
                Dzieki !! I wczoraj juz bylo duuuuzo lepiej!!

                Dzieki, Ala.
                • Gość: Alus Re: Log... prosze sprawdzic IP: *.neoplus.adsl.tpnet.pl 11.09.06, 19:52
                  Rece mi opadaja :(

                  Siedzial moj syn caly weekend no i pajawil mi sie jakze ... znajomy glos w moim
                  kompie: slowa z seksmisji, cos z rodzaju: 'ciemnosc widze, widze ciemnosc' albo
                  'co mi pan sugeruje prosze pana'. To oczywiscie pojawia sie przy roznych
                  operacjach ale ja juz to wieeeeki temu wywalilam/wylaczylam no a dzis jest znowuz.

                  Zajrzalam tez przez msconfig do 'autostartu' a tam wszystko wlaczone! :(
                  Zanim wkleje (o ile zaistnieje taka potrzeba) co jest wlaczone w autostarcie,
                  wklejam log.

                  Logfile of HijackThis v1.99.1
                  Scan saved at 19:46:15, on 11-09-06
                  Platform: Windows 98 SE (Win9x 4.10.2222A)
                  MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

                  Running processes:
                  C:\WINDOWS\SYSTEM\KERNEL32.DLL
                  C:\WINDOWS\SYSTEM\MSGSRV32.EXE
                  C:\WINDOWS\SYSTEM\MPREXE.EXE
                  C:\WINDOWS\SYSTEM\mmtask.tsk
                  C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
                  C:\PROGRAM FILES\REALVNC\VNC4\WINVNC4.EXE
                  C:\PROGRAM FILES\ANTIVIR PERSONALEDITION CLASSIC\SCHEDM.EXE
                  C:\WINDOWS\SYSTEM\MSTASK.EXE
                  C:\WINDOWS\EXPLORER.EXE
                  C:\WINDOWS\SYSTEM\SYSTRAY.EXE
                  C:\WINDOWS\SYSTEM\DPMW32.EXE
                  C:\WINDOWS\RUNDLL32.EXE
                  C:\WINDOWS\TASKMON.EXE
                  C:\WINDOWS\SYSTEM\INTERNAT.EXE
                  C:\PROGRAM FILES\SPRINT & FINEREADER 5.0 OFFICE TRY&BUY\SPRINT\CAGENT.EXE
                  C:\PROGRAM FILES\AHEAD\INCD\INCD.EXE
                  C:\PROGRAM FILES\MULTIMEDIA CARD READER\SHWICON98.EXE
                  C:\WINDOWS\SYSTEM\MSTMON_N.EXE
                  C:\PROGRAM FILES\WANADOO\TASKBARICON.EXE
                  C:\PROGRAM FILES\ACD SYSTEMS\DEVDETECT\DEVDETECT.EXE
                  C:\WINDOWS\SYSTEM\QTTASK.EXE
                  C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
                  C:\WINDOWS\TPPALDR.EXE
                  C:\PROGRAM FILES\GADU-GADU\GG.EXE
                  C:\PROGRAM FILES\SAGEM\SAGEM F@ST 800-840\DSLMON.EXE
                  C:\WINDOWS\SYSTEM\SPOOL32.EXE
                  C:\WINDOWS\SYSTEM\WMIEXE.EXE
                  C:\PROGRAM FILES\WANADOO\ESPACEWANADOO.EXE
                  C:\PROGRAM FILES\WANADOO\COMCOMP.EXE
                  C:\WINDOWS\SYSTEM\DDHELP.EXE
                  C:\WINDOWS\SYSTEM\TAPISRV.EXE
                  C:\PROGRAM FILES\WANADOO\WATCH.EXE
                  C:\WINDOWS\SYSTEM\RNAAPP.EXE
                  C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE
                  C:\WINDOWS\PULPIT\TECHNICZNE\HIJACKTHIS-1.EXE

                  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
                  google.bearshare.com/pl/
                  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada
                  Plus wita Cie w Internecie
                  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
                  O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
                  C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
                  O2 - BHO: My Global Search Bar BHO - {37B85A21-692B-4205-9CAD-2626E4993404} -
                  C:\PROGRAM FILES\MYGLOBALSEARCH\BAR\1.BIN\MGSBAR.DLL
                  O2 - BHO: Zango Search Assistant Helper
                  /fleok=1D8A83A5C5E315789FA575760EA83FA5EF80752B94E3D676557C432F38C7 -
                  {56F1D444-11BF-4879-A12B-79CF0177F038} - C:\PROGRAM FILES\ZANGO\ZANGOHOOK.DLL
                  (file missing)
                  O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
                  C:\WINDOWS\SYSTEM\MSDXM.OCX
                  O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} -
                  C:\PROGRAM FILES\MYGLOBALSEARCH\BAR\1.BIN\MGSBAR.DLL
                  O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
                  O4 - HKLM\..\Run: [NDPS] C:\WINDOWS\SYSTEM\dpmw32.exe
                  O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
                  O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
                  O4 - HKLM\..\Run: [CriticalUpdate] C:\WINDOWS\SYSTEM\wucrtupd.exe -startup
                  O4 - HKLM\..\Run: [internat.exe] internat.exe
                  O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
                  O4 - HKLM\..\Run: [ABBYY Community Agent] C:\PROGRAM FILES\SPRINT & FINEREADER
                  5.0 OFFICE TRY&BUY\SPRINT\CAGENT.EXE
                  O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
                  O4 - HKLM\..\Run: [Sunkist] C:\Program Files\Multimedia Card Reader\shwicon98.exe
                  O4 - HKLM\..\Run: [KONICA MINOLTA PagePro 1300WStatusDisplay]
                  C:\WINDOWS\SYSTEM\MSTMON_N.EXE
                  O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
                  O4 - HKLM\..\Run: [autoclk] autoclk.exe
                  O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\WANADOO\Watch.exe
                  O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\WANADOO\TaskbarIcon.exe
                  O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE C:\WINDOWS\SYSTEM\TWEAKUI.CPL,TweakMeUp
                  O4 - HKLM\..\Run: [Transparent] Trans.exe
                  O4 - HKLM\..\Run: [Camera Detector] C:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE
                  -autorun
                  O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
                  O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
                  Files\Real\Update_OB\realsched.exe" -osboot
                  O4 - HKLM\..\Run: [avgctrl] "C:\Program Files\AntiVir PersonalEdition
                  Classic\avgctrl.exe" /min
                  O4 - HKLM\..\Run: [BearShare] "C:\PROGRAM FILES\BEARSHARE\BEARSHARE.EXE" /pause
                  O4 - HKLM\..\Run: [RealTray] c:\WINDOWS\RealPlay.exe SYSTEMBOOTHIDEPLAYER
                  O4 - HKLM\..\Run: [winupd] C:\WINDOWS\SYSTEM\winupd.exe
                  O4 - HKLM\..\Run: [winshost.exe] C:\WINDOWS\SYSTEM\winshost.exe
                  O4 - HKLM\..\Run: [Media Access] C:\PROGRAM FILES\MEDIA ACCESS\MediaAccK.exe
                  O4 - HKLM\..\Run: [TPP Auto Loader] C:\WINDOWS\TPPALDR.EXE
                  O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe
                  powrprof.dll,LoadCurrentPwrScheme
                  O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
                  O4 - HKLM\..\RunServices: [WinVNC4] "C:\PROGRAM FILES\REALVNC\VNC4\WINVNC4.EXE"
                  -noconsole -service
                  O4 - HKLM\..\RunServices: [schedm] "C:\Program Files\AntiVir PersonalEdition
                  Classic\schedm.exe"
                  O4 - HKLM\..\RunServices: [SchedulingAgent] C:\WINDOWS\SYSTEM\mstask.exe
                  O4 - HKCU\..\Run: [Gadu-Gadu] "C:\PROGRAM FILES\GADU-GADU\GG.EXE" /tray
                  O4 - HKCU\..\Run: [winshost.exe] C:\WINDOWS\SYSTEM\winshost.exe
                  O4 - Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\DSLMON.exe
                  O4 - Startup: Action Manager 32.lnk = C:\Program Files\ScannerU\AM32.exe
                  O8 - Extra context menu item: &Google Search - res://C:\PROGRAM
                  FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsearch.html
                  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
                  C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
                  O9 - Extra 'Tools' menuitem: Sun Java Console -
                  {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
                  Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
                  O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
                  O16 - DPF: ppctlcab - ppupdates.ca.com/downloads/scanner/ppctlcab.cab
                  O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13}
                  (PPSDKActiveXScanner.MainScreen) -
                  ppupdates.ca.com/downloads/scanner/axscanner.cab
                  O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) -
                  www3.ca.com/securityadvisor/virusinfo/webscan.cab
                  O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) -
                  www.windowsecurity.com/trojanscan/axscan.cab
                  O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) -
                  skaner.mks.com.pl/SkanerOnline.cab
                  O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) -
                  a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
                  O18 - Protocol: wpmsg - {2E0AC5A0-3597-11D6-B3ED-0001021DC1C3} - C:\PROGRAM
                  FILES\WIRTUALNA POLSKA\KONTAKT\URL_WPMSG.DLL

                  Ala.
                  • Gość: Kolobos Re: Log... prosze sprawdzic IP: *.warszawa.sdi.tpnet.pl 11.09.06, 20:07
                    > Siedzial moj syn caly weekend no i pajawil mi sie jakze

                    Wiec nie dawaj mu korzystac lub naucz zeby nie sciagal trojanow itp.

                    W hjt usun:
                    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
                    google.bearshare.com/pl/ <- ustaw sobie normalna strone www.google.pl
                    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada
                    Plus wita Cie w Internecie
                    O2 - BHO: My Global Search Bar BHO - {37B85A21-692B-4205-9CAD-2626E4993404} -
                    C:\PROGRAM FILES\MYGLOBALSEARCH\BAR\1.BIN\MGSBAR.DLL <- katalog Myglo... usun z dysku.
                    O2 - BHO: Zango Search Assistant Helper
                    /fleok=1D8A83A5C5E315789FA575760EA83FA5EF80752B94E3D676557C432F38C7 -
                    {56F1D444-11BF-4879-A12B-79CF0177F038} - C:\PROGRAM FILES\ZANGO\ZANGOHOOK.DLL
                    (file missing)
                    O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} -
                    C:\PROGRAM FILES\MYGLOBALSEARCH\BAR\1.BIN\MGSBAR.DLL
                    O4 - HKLM\..\Run: [winupd] C:\WINDOWS\SYSTEM\winupd.exe <- plik usun z dysku.
                    O4 - HKLM\..\Run: [winshost.exe] C:\WINDOWS\SYSTEM\winshost.exe <- i ten
                    O4 - HKLM\..\Run: [Media Access] C:\PROGRAM FILES\MEDIA ACCESS\MediaAccK.exe <- katalog media... usun z dysku.
                    O4 - HKCU\..\Run: [winshost.exe] C:\WINDOWS\SYSTEM\winshost.exe

                    Do tego skan przy pomocy SpyBot'a.

                    Wylacz tez zbedne programy w msconfig bo masz ich pelno.
                    • Gość: Alus Re: Log... prosze sprawdzic IP: *.neoplus.adsl.tpnet.pl 12.09.06, 01:15
                      Wiem, wiem, robie co moge... w kwestii syna


                      Oto log po Twoich wskazowkach:

                      Logfile of HijackThis v1.99.1
                      Scan saved at 01:10:32, on 12-09-06
                      Platform: Windows 98 SE (Win9x 4.10.2222A)
                      MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

                      Running processes:
                      C:\WINDOWS\SYSTEM\KERNEL32.DLL
                      C:\WINDOWS\SYSTEM\MSGSRV32.EXE
                      C:\WINDOWS\SYSTEM\MPREXE.EXE
                      C:\WINDOWS\SYSTEM\mmtask.tsk
                      C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
                      C:\PROGRAM FILES\REALVNC\VNC4\WINVNC4.EXE
                      C:\PROGRAM FILES\ANTIVIR PERSONALEDITION CLASSIC\SCHEDM.EXE
                      C:\WINDOWS\SYSTEM\MSTASK.EXE
                      C:\WINDOWS\EXPLORER.EXE
                      C:\WINDOWS\SYSTEM\SYSTRAY.EXE
                      C:\WINDOWS\SYSTEM\DPMW32.EXE
                      C:\WINDOWS\RUNDLL32.EXE
                      C:\WINDOWS\TASKMON.EXE
                      C:\WINDOWS\SYSTEM\INTERNAT.EXE
                      C:\PROGRAM FILES\SPRINT & FINEREADER 5.0 OFFICE TRY&BUY\SPRINT\CAGENT.EXE
                      C:\PROGRAM FILES\AHEAD\INCD\INCD.EXE
                      C:\PROGRAM FILES\MULTIMEDIA CARD READER\SHWICON98.EXE
                      C:\PROGRAM FILES\WANADOO\TASKBARICON.EXE
                      C:\PROGRAM FILES\ACD SYSTEMS\DEVDETECT\DEVDETECT.EXE
                      C:\WINDOWS\SYSTEM\QTTASK.EXE
                      C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
                      C:\WINDOWS\TPPALDR.EXE
                      C:\PROGRAM FILES\GADU-GADU\GG.EXE
                      C:\PROGRAM FILES\SAGEM\SAGEM F@ST 800-840\DSLMON.EXE
                      C:\WINDOWS\SYSTEM\WMIEXE.EXE
                      C:\WINDOWS\SYSTEM\DDHELP.EXE
                      C:\PROGRAM FILES\WANADOO\ESPACEWANADOO.EXE
                      C:\PROGRAM FILES\WANADOO\COMCOMP.EXE
                      C:\WINDOWS\SYSTEM\TAPISRV.EXE
                      C:\PROGRAM FILES\WANADOO\WATCH.EXE
                      C:\WINDOWS\SYSTEM\RNAAPP.EXE
                      C:\WINDOWS\PULPIT\TECHNICZNE\HIJACKTHIS-1.EXE

                      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
                      O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
                      C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
                      O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
                      C:\WINDOWS\SYSTEM\MSDXM.OCX
                      O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
                      O4 - HKLM\..\Run: [NDPS] C:\WINDOWS\SYSTEM\dpmw32.exe
                      O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
                      O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
                      O4 - HKLM\..\Run: [CriticalUpdate] C:\WINDOWS\SYSTEM\wucrtupd.exe -startup
                      O4 - HKLM\..\Run: [internat.exe] internat.exe
                      O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
                      O4 - HKLM\..\Run: [ABBYY Community Agent] C:\PROGRAM FILES\SPRINT & FINEREADER
                      5.0 OFFICE TRY&BUY\SPRINT\CAGENT.EXE
                      O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
                      O4 - HKLM\..\Run: [Sunkist] C:\Program Files\Multimedia Card Reader\shwicon98.exe
                      O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
                      O4 - HKLM\..\Run: [autoclk] autoclk.exe
                      O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\WANADOO\Watch.exe
                      O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\WANADOO\TaskbarIcon.exe
                      O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE C:\WINDOWS\SYSTEM\TWEAKUI.CPL,TweakMeUp
                      O4 - HKLM\..\Run: [Transparent] Trans.exe
                      O4 - HKLM\..\Run: [Camera Detector] C:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE
                      -autorun
                      O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
                      O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
                      Files\Real\Update_OB\realsched.exe" -osboot
                      O4 - HKLM\..\Run: [avgctrl] "C:\Program Files\AntiVir PersonalEdition
                      Classic\avgctrl.exe" /min
                      O4 - HKLM\..\Run: [BearShare] "C:\PROGRAM FILES\BEARSHARE\BEARSHARE.EXE" /pause
                      O4 - HKLM\..\Run: [RealTray] c:\WINDOWS\RealPlay.exe SYSTEMBOOTHIDEPLAYER
                      O4 - HKLM\..\Run: [TPP Auto Loader] C:\WINDOWS\TPPALDR.EXE
                      O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe
                      powrprof.dll,LoadCurrentPwrScheme
                      O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
                      O4 - HKLM\..\RunServices: [WinVNC4] "C:\PROGRAM FILES\REALVNC\VNC4\WINVNC4.EXE"
                      -noconsole -service
                      O4 - HKLM\..\RunServices: [schedm] "C:\Program Files\AntiVir PersonalEdition
                      Classic\schedm.exe"
                      O4 - HKLM\..\RunServices: [SchedulingAgent] C:\WINDOWS\SYSTEM\mstask.exe
                      O4 - HKCU\..\Run: [Gadu-Gadu] "C:\PROGRAM FILES\GADU-GADU\GG.EXE" /tray
                      O4 - Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\DSLMON.exe
                      O4 - Startup: Action Manager 32.lnk = C:\Program Files\ScannerU\AM32.exe
                      O8 - Extra context menu item: &Google Search - res://C:\PROGRAM
                      FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsearch.html
                      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
                      C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
                      O9 - Extra 'Tools' menuitem: Sun Java Console -
                      {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
                      Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
                      O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
                      O16 - DPF: ppctlcab - ppupdates.ca.com/downloads/scanner/ppctlcab.cab
                      O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13}
                      (PPSDKActiveXScanner.MainScreen) -
                      ppupdates.ca.com/downloads/scanner/axscanner.cab
                      O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) -
                      www3.ca.com/securityadvisor/virusinfo/webscan.cab
                      O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) -
                      www.windowsecurity.com/trojanscan/axscan.cab
                      O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) -
                      skaner.mks.com.pl/SkanerOnline.cab
                      O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) -
                      a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
                      O18 - Protocol: wpmsg - {2E0AC5A0-3597-11D6-B3ED-0001021DC1C3} - C:\PROGRAM
                      FILES\WIRTUALNA POLSKA\KONTAKT\URL_WPMSG.DLL


                      A'propo zbednych programow w msconfig... nie wiem, ktore sa zbedne a ktore nie.
                      Wypisze te ktore mam wlaczone i mniej wiecej te (po nazwach) z ktorych
                      korzystam. Ale to jutro, bo bede robic to na piechote... gdyz z msconfig-a nie
                      idzie skopiowac tego, co tam jest.

                      Licze wiec na Ciebie Kolobos.
                      I wiekie dzieki!!

                      Ala.
                      • Gość: Kolobos Re: Log... prosze sprawdzic IP: *.warszawa.sdi.tpnet.pl 12.09.06, 11:36
                        To mozna smialo wylaczyc w msconfig:
                        O4 - HKLM\..\Run: [internat.exe] internat.exe
                        O4 - HKLM\..\Run: [ABBYY Community Agent] C:\PROGRAM FILES\SPRINT & FINEREADER
                        5.0 OFFICE TRY&BUY\SPRINT\CAGENT.EXE
                        O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
                        O4 - HKLM\..\Run: [Sunkist] C:\Program Files\Multimedia Card Reader\shwicon98.exe
                        O4 - HKLM\..\Run: [autoclk] autoclk.exe
                        O4 - HKLM\..\Run: [Camera Detector] C:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE
                        -autorun
                        O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
                        O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
                        Files\Real\Update_OB\realsched.exe" -osboot
                        O4 - HKLM\..\Run: [BearShare] "C:\PROGRAM FILES\BEARSHARE\BEARSHARE.EXE" /pause
                        O4 - HKLM\..\Run: [RealTray] c:\WINDOWS\RealPlay.exe SYSTEMBOOTHIDEPLAYER
                        O4 - HKLM\..\RunServices: [WinVNC4] "C:\PROGRAM FILES\REALVNC\VNC4\WINVNC4.EXE"
                        -noconsole -service

                        Wylacz co chcesz, zawsze bedzie mozna to wlaczyc wiec nie ma problemu.
Pełna wersja