Witam wszystkich serdecznie, będę niezmiernie wdzięczny za sprawdzenie logów i pomoc. Wczoraj zainstalowałem ZoneAlarm version 9.2.106.000 na kompie, na którym był już zainstalowany Norton SystemWorks i AntiVirus 2009. Od tego czasu system uruchamia się około 5 minut. Logi poniżej, jeśli coś więcej potrzeba z mojej strony, to będę do usług 8)
Z HIJACKTHIS:
Logfile of HijackThis v1.99.1
Scan saved at 17:56:04, on 2011-05-29
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Symantec Shared\PIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Norton AntiVirus\Engine\16.8.0.41\ccSvcHst.exe
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Norton AntiVirus\Engine\16.8.0.41\ccSvcHst.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Program Files\Common Files\Symantec Shared\PIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\WINDOWS\system32\hphmon04.exe
C:\Program Files\Norton SystemWorks Premier Edition\NswUiTray.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Mój komputer\Pulpit\Hijackthis - program do plików LOG.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft…k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft…k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft…k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft…k/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: ZoneAlarm Security Toolbar - {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files\ZoneAlarm_Security\prxtbZone.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\16.8.0.41\IPSBHO.DLL
O2 - BHO: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O2 - BHO: ZoneAlarm Security - {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files\ZoneAlarm_Security\prxtbZone.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: ZoneAlarm Security Toolbar - {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files\ZoneAlarm_Security\prxtbZone.dll
O3 - Toolbar: ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM…\Run: [nwiz] nwiz.exe /install
O4 - HKLM…\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM…\Run: [VGAUtil] C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe
O4 - HKLM…\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM…\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM…\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM…\Run: [symantec PIF AlertEng] “C:\Program Files\Common Files\Symantec Shared\PIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe” /a /m “C:\Program Files\Common Files\Symantec Shared\PIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll”
O4 - HKLM…\Run: [HPHmon04] C:\WINDOWS\system32\hphmon04.exe
O4 - HKLM…\Run: [HPHUPD04] “C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe”
O4 - HKLM…\Run: [NSWosCheck] “C:\Program Files\Norton SystemWorks Premier Edition\osCheck.exe”
O4 - HKLM…\Run: [NswUiTray] C:\Program Files\Norton SystemWorks Premier Edition\NswUiTray.exe
O4 - HKLM…\Run: [iSW] “C:\Program Files\CheckPoint\ZAForceField\ForceField.exe” /icon=“hidden”
O4 - HKLM…\Run: [ZoneAlarm Client] “C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe”
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra ‘Tools’ menuitem: Utwórz Ulubione dla urządzenia przenośnego… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks Premier Edition\Norton Cleanup\WCQuick.lnk
O9 - Extra ‘Tools’ menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks Premier Edition\Norton Cleanup\WCQuick.lnk
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra ‘Tools’ menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [iNTERNATIONAL] International
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.s…abs/tgctlsr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi…b?1306682123750
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset…lineScanner.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m…ash/swflash.cab
O23 - Service: Norton2009 Reset (.norton2009Reset) - Unknown owner - C:\Documents and Settings\All Users\Dane aplikacji\Norton\Norton2009Reset.exe
O23 - Service: ZoneAlarm Toolbar IswSvc (IswSvc) - Check Point Software Technologies - C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - (no file)
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: Norton AntiVirus - Unknown owner - C:\Program Files\Norton AntiVirus\Engine\16.8.0.41\ccSvcHst.exe" /s “Norton AntiVirus” /m “C:\Program Files\Norton AntiVirus\Engine\16.8.0.41\diMaster.dll” /prefetch:1 (file missing)
O23 - Service: Norton UnErase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\HPHipm11.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Z SILENTRUNNERS:
“Silent Runners.vbs”, revision 41, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by “{++}”
Startup items buried in registry:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
“NvCplDaemon” = “RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup” [MS]
“nwiz” = “nwiz.exe /install” [“NVIDIA Corporation”]
“NvMediaCenter” = “RunDLL32.exe NvMCTray.dll,NvTaskbarInit” [MS]
“VGAUtil” = “C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe” [empty string]
“zBrowser Launcher” = “C:\Program Files\Logitech\iTouch\iTouch.exe” ["Logitech Inc. "]
“EM_EXEC” = “C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE” ["Logitech Inc. "]
“HPDJ Taskbar Utility” = “C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe” [“HP”]
“Symantec PIF AlertEng” = ““C:\Program Files\Common Files\Symantec Shared\PIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe” /a /m “C:\Program Files\Common Files\Symantec Shared\PIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll”” [“Symantec Corporation”]
“HPHmon04” = “C:\WINDOWS\system32\hphmon04.exe” [“Hewlett-Packard”]
“HPHUPD04” = ““C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe”” [“Hewlett-Packard”]
“NSWosCheck” = ““C:\Program Files\Norton SystemWorks Premier Edition\osCheck.exe”” [“Symantec Corporation”]
“NswUiTray” = “C:\Program Files\Norton SystemWorks Premier Edition\NswUiTray.exe” [“Symantec Corporation”]
“ISW” = ““C:\Program Files\CheckPoint\ZAForceField\ForceField.exe” /icon=“hidden”” [“Check Point Software Technologies”]
“ZoneAlarm Client” = ““C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe”” [“Check Point Software Technologies LTD”]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = “AcroIEHlprObj Class” [from CLSID]
-> {CLSID}\InProcServer32(Default) = “C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll” [“Adobe Systems Incorporated”]
{53707962-6F74-2D53-2644-206D7942484F}(Default) = “Spybot-S&D IE Protection” [from CLSID]
-> {CLSID}\InProcServer32(Default) = “C:\Program Files\Spybot - Search & Destroy\SDHelper.dll” [“Safer Networking Limited”]
{6D53EC84-6AAE-4787-AEEE-F4628F01010C}(Default) = “Symantec Intrusion Prevention”
-> {CLSID}\InProcServer32(Default) = “C:\Program Files\Norton AntiVirus\Engine\16.8.0.41\IPSBHO.DLL” [“Symantec Corporation”]
{8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3}(Default) = “ZoneAlarm Security Engine Registrar”
-> {CLSID}\InProcServer32(Default) = “C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll” [“Check Point Software Technologies”]
{91da5e8a-3318-4f8c-b67e-5964de3ab546}(Default) = “ZoneAlarm Security”
-> {CLSID}\InProcServer32(Default) = “C:\Program Files\ZoneAlarm_Security\prxtbZone.dll” [“Conduit Ltd.”]
{DBC80044-A445-435b-BC74-9C25C1C588A9}(Default) = “Java™ Plug-In 2 SSV Helper” [from CLSID]
-> {CLSID}\InProcServer32(Default) = “C:\Program Files\Java\jre6\bin\jp2ssv.dll” [“Sun Microsystems, Inc.”]
{E7E6F031-17CE-4C07-BC86-EABFE594F69C}(Default) = “JQSIEStartDetectorImpl”
-> {CLSID}\InProcServer32(Default) = “C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll” [“Sun Microsystems, Inc.”]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
“{88895560-9AA2-1069-930E-00AA0030EBC8}” = “Rozszerzenie ikony HyperTerminalu”
-> {CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\hticons.dll” [“Hilgraeve, Inc.”]
“{30D02401-6A81-11d0-8274-00C04FD5AE38}” = “IE Search Band”
-> {CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS]
“{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}” = “Shell DocObject Viewer”
-> {CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS]
“{FBF23B40-E3F0-101B-8488-00AA003E56F8}” = “InternetShortcut”
-> {CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS]
“{3C374A40-BAE4-11CF-BF7D-00AA006946EE}” = “Microsoft Url History Service”
-> {CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS]
“{FF393560-C2A7-11CF-BFF4-444553540000}” = “History”
-> {CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS]
“{7BD29E00-76C1-11CF-9DD0-00A0C9034933}” = “Temporary Internet Files”
-> {CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS]
“{7BD29E01-76C1-11CF-9DD0-00A0C9034933}” = “Temporary Internet Files”
-> {CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS]
“{CFBFAE00-17A6-11D0-99CB-00C04FD64497}” = “Microsoft Url Search Hook”
-> {CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS]
“{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}” = “The Internet”
-> {CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS]
“{871C5380-42A0-1069-A2EA-08002B30309D}” = “Internet Name Space”
-> {CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS]
“{A70C977A-BF00-412C-90B7-034C51DA2439}” = “NvCpl DesktopContext Class”
-> {CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\nvcpl.dll” [“NVIDIA Corporation”]
“{FFB699E0-306A-11d3-8BD1-00104B6F7516}” = “Play on my TV helper”
-> {CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\nvcpl.dll” [“NVIDIA Corporation”]
“{1CDB2949-8F65-4355-8456-263E7C208A5D}” = “Desktop Explorer”
-> {CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\nvshell.dll” [“NVIDIA Corporation”]
“{1E9B04FB-F9E5-4718-997B-B8DA88302A47}” = “Desktop Explorer Menu”
-> {CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\nvshell.dll” [“NVIDIA Corporation”]
“{1E9B04FB-F9E5-4718-997B-B8DA88302A48}” = “nView Desktop Context Menu”
-> {CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\nvshell.dll” [“NVIDIA Corporation”]
“{42042206-2D85-11D3-8CFF-005004838597}” = “Microsoft Office HTML Icon Handler”
-> {CLSID}\InProcServer32(Default) = “C:\Program Files\Microsoft Office\OFFICE11\msohev.dll” [MS]
“{E0D79304-84BE-11CE-9641-444553540000}” = “WinZip”
-> {CLSID}\InProcServer32(Default) = “C:\PROGRA~1\WINZIP\WZSHLSTB.DLL” [“WinZip Computing, Inc.”]
“{E0D79305-84BE-11CE-9641-444553540000}” = “WinZip”
-> {CLSID}\InProcServer32(Default) = “C:\PROGRA~1\WINZIP\WZSHLSTB.DLL” [“WinZip Computing, Inc.”]
“{E0D79306-84BE-11CE-9641-444553540000}” = “WinZip”
-> {CLSID}\InProcServer32(Default) = “C:\PROGRA~1\WINZIP\WZSHLSTB.DLL” [“WinZip Computing, Inc.”]
“{E0D79307-84BE-11CE-9641-444553540000}” = “WinZip”
-> {CLSID}\InProcServer32(Default) = “C:\PROGRA~1\WINZIP\WZSHLSTB.DLL” [“WinZip Computing, Inc.”]
“{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}” = “Shell Extensions for RealOne Player”
-> {CLSID}\InProcServer32(Default) = “C:\Program Files\Real\RealPlayer\rpshell.dll” [“RealNetworks, Inc.”]
“{B41DB860-8EE4-11D2-9906-E49FADC173CA}” = “WinRAR shell extension”
-> {CLSID}\InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data]
“{49BF5420-FA7F-11cf-8011-00A0C90A8F78}” = “Mobile Device”
-> {CLSID}\InProcServer32(Default) = “C:\PROGRA~1\MICROS~3\Wcesview.dll” [MS]
“{07C45BB1-4A8C-4642-A1F5-237E7215FF66}” = “IE Microsoft BrowserBand”
-> {CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS]
“{11016101-E366-4D22-BC06-4ADA335C892B}” = “IE History and Feeds Shell Data Source for Windows Search”
-> {CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS]
“{1C1EDB47-CE22-4bbb-B608-77B48F83C823}” = “IE Fade Task”
-> {CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS]
“{205D7A97-F16D-4691-86EF-F3075DCCA57D}” = “IE Menu Desk Bar”
-> {CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS]
“{25336920-03f9-11cf-8fd0-00aa00686f13}” = “HTML Document”
-> {CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\mshtml.dll” [MS]
“{3028902F-6374-48b2-8DC6-9725E775B926}” = “IE AutoComplete”
-> {CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS]
“{3050f3d9-98b5-11cf-bb82-00aa00bdce0b}” = “MSHTML Document”
-> {CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\mshtml.dll” [MS]
“{43886CD5-6529-41c4-A707-7B3C92C05E68}” = “IE Navigation Bar”
-> {CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS]
“{44C76ECD-F7FA-411c-9929-1B77BA77F524}” = “IE Menu Site”
-> {CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS]
“{4B78D326-D922-44f9-AF2A-07805C2A3560}” = “IE Menu Band”
-> {CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS]
“{6038EF75-ABFC-4e59-AB6F-12D397F6568D}” = “IE Microsoft History AutoComplete List”
-> {CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS]
“{6B4ECC4F-16D1-4474-94AB-5A763F2A54AE}” = “IE Tracking Shell Menu”
-> {CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS]
“{6CF48EF8-44CD-45d2-8832-A16EA016311B}” = “IE IShellFolderBand”
-> {CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS]
“{73CFD649-CD48-4fd8-A272-2070EA56526B}” = “IE BandProxy”
-> {CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS]
“{8856f961-340a-11d0-a96b-00c04fd705a2}” = “Microsoft Web Browser”
-> {CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS]
“{98FF6D4B-6387-4b0a-8FBD-C5C4BB17B4F8}” = “IE MRU AutoComplete List”
-> {CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS]
“{9A096BB5-9DC3-4D1C-8526-C3CBF991EA4E}” = “IE RSS Feeder Folder”
-> {CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS]
“{9D958C62-3954-4b44-8FAB-C4670C1DB4C2}” = “IE Microsoft Shell Folder AutoComplete List”
-> {CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS]
“{B31C5FAE-961F-415b-BAF0-E697A5178B94}” = “IE Microsoft Multiple AutoComplete List Container”
-> {CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS]
“{BFAD62EE-9D54-4b2a-BF3B-76F90697BD2A}” = “IE Shell Rebar BandSite”
-> {CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS]
“{E6EE9AAC-F76B-4947-8260-A9F136138E11}” = “IE Shell Band Site Menu”
-> {CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS]
“{F2CF5485-4E02-4f68-819C-B92DE9277049}” = “&Links”
-> {CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS]
“{F83DAC1C-9BB9-4f2b-B619-09819DA81B0E}” = “IE Registry Tree Options Utility”
-> {CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS]
“{FDE7673D-2E19-4145-8376-BBD58C4BC7BA}” = “IE Custom MRU AutoCompleted List”
-> {CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS]
HKLM\Software\Classes\PROTOCOLS\Filter\
INFECTION WARNING! text/xml\CLSID = “{807553E5-5146-11D5-A672-00B0D022E945}”
-> {CLSID}\InProcServer32(Default) = “C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL” [MS]
HKLM\Software\Classes*\shellex\ContextMenuHandlers\
Symantec.Norton.Antivirus.IEContextMenu(Default) = “{FAD61B3D-699D-49B2-BE16-7F82CB4C59CA}”
-> {CLSID}\InProcServer32(Default) = ““C:\Program Files\Norton AntiVirus\Engine\16.8.0.41\NavShExt.dll”” [“Symantec Corporation”]
WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}”
-> {CLSID}\InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data]
WinZip(Default) = “{E0D79304-84BE-11CE-9641-444553540000}”
-> {CLSID}\InProcServer32(Default) = “C:\PROGRA~1\WINZIP\WZSHLSTB.DLL” [“WinZip Computing, Inc.”]
HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}”
-> {CLSID}\InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data]
WinZip(Default) = “{E0D79304-84BE-11CE-9641-444553540000}”
-> {CLSID}\InProcServer32(Default) = “C:\PROGRA~1\WINZIP\WZSHLSTB.DLL” [“WinZip Computing, Inc.”]
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
Symantec.Norton.Antivirus.IEContextMenu(Default) = “{FAD61B3D-699D-49B2-BE16-7F82CB4C59CA}”
-> {CLSID}\InProcServer32(Default) = ““C:\Program Files\Norton AntiVirus\Engine\16.8.0.41\NavShExt.dll”” [“Symantec Corporation”]
WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}”
-> {CLSID}\InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data]
WinZip(Default) = “{E0D79304-84BE-11CE-9641-444553540000}”
-> {CLSID}\InProcServer32(Default) = “C:\PROGRA~1\WINZIP\WZSHLSTB.DLL” [“WinZip Computing, Inc.”]
Active Desktop and Wallpaper:
Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
HKCU\Control Panel\Desktop\
“Wallpaper” = “C:\Documents and Settings\Mój komputer\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp”
Enabled Screen Saver:
HKCU\Control Panel\Desktop\
“SCRNSAVE.EXE” = “C:\WINDOWS\system32\sspipes.scr” [MS]
DESKTOP.INI DLL launch in local fixed drive directories:
C:\Documents and Settings\Default User\Ustawienia lokalne\Historia\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
-> {CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS]
CLSID={FF393560-C2A7-11CF-BFF4-444553540000}
-> {CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS]
C:\Documents and Settings\Default User\Ustawienia lokalne\Historia\History.IE5\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
-> {CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS]
CLSID={FF393560-C2A7-11CF-BFF4-444553540000}
-> {CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS]
C:\Documents and Settings\Default User\Ustawienia lokalne\Temporary Internet Files\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
-> {CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS]
C:\Documents and Settings\Default User\Ustawienia lokalne\Temporary Internet Files\Content.IE5\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
-> {CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS]
C:\Documents and Settings\Default User\Ustawienia lokalne\Temporary Internet Files\Content.IE5\69E96H2J\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
-> {CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS]
C:\Documents and Settings\Default User\Ustawienia lokalne\Temporary Internet Files\Content.IE5\IT2JWTYX\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
-> {CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS]
C:\Documents and Settings\Default User\Ustawienia lokalne\Temporary Internet Files\Content.IE5\KJ0BYBCB\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
-> {CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS]
C:\Documents and Settings\Default User\Ustawienia lokalne\Temporary Internet Files\Content.IE5\YTER0FKR\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
-> {CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS]
C:\Documents and Settings\LocalService\Ustawienia lokalne\Historia\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
-> {CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS]
CLSID={FF393560-C2A7-11CF-BFF4-444553540000}
-> {CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS]
C:\Documents and Settings\LocalService\Ustawienia lokalne\Historia\History.IE5\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
-> {CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS]
CLSID={FF393560-C2A7-11CF-BFF4-444553540000}
-> {CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS]
C:\Documents and Settings\LocalService\Ustawienia lokalne\Temporary Internet Files\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
-> {CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS]
C:\Documents and Settings\LocalService\Ustawienia lokalne\Temporary Internet Files\Content.IE5\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
-> {CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS]
C:\Documents and Settings\LocalService\Ustawienia lokalne\Temporary Internet Files\Content.IE5\07TRJWRG\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
-> {CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS]
C:\Documents and Settings\LocalService\Ustawienia lokalne\Temporary Internet Files\Content.IE5\QFGBLAQ0\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
-> {CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS]
C:\Documents and Settings\LocalService\Ustawienia lokalne\Temporary Internet Files\Content.IE5\RAHOVZF7\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
-> {CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS]
C:\Documents and Settings\LocalService\Ustawienia lokalne\Temporary Internet Files\Content.IE5\SEXYNC4N\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
-> {CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS]
C:\Documents and Settings\Mój komputer\Ustawienia lokalne\Dane aplikacji\Microsoft\Feeds Cache\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
-> {CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS]
C:\Documents and Settings\Mój komputer\Ustawienia lokalne\Dane aplikacji\Microsoft\Feeds Cache\12T3O6RU\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
-> {CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS]
C:\Documents and Settings\Mój komputer\Ustawienia lokalne\Dane aplikacji\Microsoft\Feeds Cache\1CXBVV1O\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
-> {CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS]
C:\Documents and Settings\Mój komputer\Ustawienia lokalne\Dane aplikacji\Microsoft\Feeds Cache\3JK43Y0C\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
-> {CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS]
C:\Documents and Settings\Mój komputer\Ustawienia lokalne\Dane aplikacji\Microsoft\Feeds Cache\ZLP9BNPE\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
-> {CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS]
C:\Documents and Settings\Mój komputer\Ustawienia lokalne\Historia\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
-> {CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS]
CLSID={FF393560-C2A7-11CF-BFF4-444553540000}
-> {CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS]
C:\Documents and Settings\Mój komputer\Ustawienia lokalne\Historia\History.IE5\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
-> {CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS]
CLSID={FF393560-C2A7-11CF-BFF4-444553540000}
-> {CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS]
C:\Documents and Settings\Mój komputer\Ustawienia lokalne\Temporary Internet Files\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
-> {CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS]
C:\Documents and Settings\Mój komputer\Ustawienia lokalne\Temporary Internet Files\Content.IE5\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
-> {CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS]
C:\Documents and Settings\NetworkService\Ustawienia lokalne\Historia\History.IE5\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
-> {CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS]
CLSID={FF393560-C2A7-11CF-BFF4-444553540000}
-> {CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS]
C:\Documents and Settings\NetworkService\Ustawienia lokalne\Temporary Internet Files\Content.IE5\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
-> {CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS]
C:\Documents and Settings\NetworkService\Ustawienia lokalne\Temporary Internet Files\Content.IE5\69E96H2J\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
-> {CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS]
C:\Documents and Settings\NetworkService\Ustawienia lokalne\Temporary Internet Files\Content.IE5\IT2JWTYX\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
-> {CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS]
C:\Documents and Settings\NetworkService\Ustawienia lokalne\Temporary Internet Files\Content.IE5\KJ0BYBCB\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
-> {CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS]
C:\Documents and Settings\NetworkService\Ustawienia lokalne\Temporary Internet Files\Content.IE5\YTER0FKR\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
-> {CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS]
C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Historia\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
-> {CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS]
CLSID={FF393560-C2A7-11CF-BFF4-444553540000}
-> {CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS]
C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
-> {CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS]
CLSID={FF393560-C2A7-11CF-BFF4-444553540000}
-> {CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS]
C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Temporary Internet Files\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
-> {CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS]
C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Temporary Internet Files\Content.IE5\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
-> {CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS]
C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Temporary Internet Files\Content.IE5\GZIJ2345\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
-> {CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS]
C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Temporary Internet Files\Content.IE5\IJK3MN67\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
-> {CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS]
C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Temporary Internet Files\Content.IE5\OPQ9STUV\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
-> {CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS]
C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Temporary Internet Files\Content.IE5\Q9STCDWF\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
-> {CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS]
Enabled Scheduled Tasks:
“Norton SystemWorks One Button Checkup” -> launches: “C:\Program Files\Norton SystemWorks Premier Edition\OBC.exe /CUSTOM /SCHEDULE /AUTO” [“Symantec Corporation”]
“RealUpgradeLogonTaskS-1-5-21-1343024091-1614895754-725345543-1003” -> launches: “C:\Program Files\Real\RealUpgrade\realupgrade.exe /logoncheck” [“RealNetworks, Inc.”]
“RealUpgradeScheduledTaskS-1-5-21-1343024091-1614895754-725345543-1003” -> launches: “C:\Program Files\Real\RealUpgrade\realupgrade.exe /scheduledcheck” [“RealNetworks, Inc.”]
“RegistryBooster” -> launches: “C:\Program Files\Uniblue\RegistryBooster\rbmonitor.exe” [“Uniblue Systems Limited”]
Winsock2 Service Provider DLLs:
Namespace Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS]
000000000002\LibraryPath = “%SystemRoot%\System32\winrnr.dll” [MS]
000000000003\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS]
Transport Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 15
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05
Toolbars, Explorer Bars, Extensions:
Toolbars
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
“{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107}” = “ZoneAlarm Security Engine” [from CLSID]
-> {CLSID}\InProcServer32(Default) = “C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll” [“Check Point Software Technologies”]
“{91DA5E8A-3318-4F8C-B67E-5964DE3AB546}” = “ZoneAlarm Security Toolbar” [from CLSID]
-> {CLSID}\InProcServer32(Default) = “C:\Program Files\ZoneAlarm_Security\prxtbZone.dll” [“Conduit Ltd.”]
HKLM\Software\Microsoft\Internet Explorer\Toolbar\
“{91DA5E8A-3318-4F8C-B67E-5964DE3AB546}” = “ZoneAlarm Security Toolbar”
-> {CLSID}\InProcServer32(Default) = “C:\Program Files\ZoneAlarm_Security\prxtbZone.dll” [“Conduit Ltd.”]
“{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107}” = “ZoneAlarm Security Engine”
-> {CLSID}\InProcServer32(Default) = “C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll” [“Check Point Software Technologies”]
Explorer Bars
Dormant Explorer Bars in “View, Explorer Bar” menu
HKLM\Software\Classes\CLSID{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\ = “&Badanie”
Implemented Categories{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL” [MS]
Extensions (Tools menu items, main toolbar menu buttons)
HKLM\Software\Microsoft\Internet Explorer\Extensions\
{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F}\
“ButtonText” = “Create Mobile Favorite”
“CLSIDExtension” = “{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F}”
-> {CLSID}\InProcServer32(Default) = “C:\PROGRA~1\MICROS~3\INetRepl.dll” [MS]
{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F}\
“MenuText” = “Utwórz Ulubione dla urządzenia przenośnego…”
“CLSIDExtension” = “{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F}”
-> {CLSID}\InProcServer32(Default) = “C:\PROGRA~1\MICROS~3\INetRepl.dll” [MS]
{5E638779-1818-4754-A595-EF1C63B87A56}\
“ButtonText” = “Express Cleanup”
“MenuText” = “Express Cleanup”
“Exec” = “C:\Program Files\Norton SystemWorks Premier Edition\Norton Cleanup\WCQuick.lnk” [null data]
{92780B25-18CC-41C8-B9BE-3C9C571A8263}\
“ButtonText” = “Badanie”
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}\
“MenuText” = “Spybot - Search && Destroy Configuration”
“CLSIDExtension” = “{53707962-6F74-2D53-2644-206D7942484F}”
-> {CLSID}\InProcServer32(Default) = “C:\Program Files\Spybot - Search & Destroy\SDHelper.dll” [“Safer Networking Limited”]
{FB5F1910-F110-11D2-BB9E-00C04F795683}\
“ButtonText” = “Messenger”
“MenuText” = “Windows Messenger”
“Exec” = “C:\Program Files\Messenger\msmsgs.exe” [MS]
Miscellaneous IE Hijack Points
C:\WINDOWS\INF\IERESET.INF (used to “Reset Web Settings”)
Added lines (compared with English-language version):
Missing lines (compared with English-language version):
strings: 2 lines
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\
“{91da5e8a-3318-4f8c-b67e-5964de3ab546}” = “ZoneAlarm Security Toolbar” [from CLSID]
-> {CLSID}\InProcServer32(Default) = “C:\Program Files\ZoneAlarm_Security\prxtbZone.dll” [“Conduit Ltd.”]
HKLM\Software\Microsoft\Internet Explorer\AboutURLs\
HIJACK WARNING! “NavigationFailure” = “res://ieframe.dll/navcancl.htm” [MS]
HIJACK WARNING! “DesktopItemNavigationFailure” = “res://ieframe.dll/navcancl.htm” [MS]
HIJACK WARNING! “NavigationCanceled” = “res://ieframe.dll/navcancl.htm” [MS]
HIJACK WARNING! “OfflineInformation” = “res://ieframe.dll/offcancl.htm” [MS]
HIJACK WARNING! “PostNotCached” = “res://ieframe.dll/repost.htm” [MS]
HIJACK WARNING! “InPrivate” = “res://ieframe.dll/inprivate.htm” [MS]
HIJACK WARNING! “NoAdd-ons” = “res://ieframe.dll/noaddon.htm” [MS]
HIJACK WARNING! “NoAdd-onsInfo” = “res://ieframe.dll/noaddoninfo.htm” [MS]
HIJACK WARNING! “SecurityRisk” = “res://ieframe.dll/securityatrisk.htm” [MS]
HIJACK WARNING! “Tabs” = “res://ieframe.dll/tabswelcome.htm” [MS]
Running Services (Display Name, Service Name, Path {Service DLL}):
Java Quick Starter, JavaQuickStarterService, ““C:\Program Files\Java\jre6\bin\jqs.exe” -service -config “C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf”” [“Sun Microsystems, Inc.”]
LiveUpdate Notice Service, LiveUpdate Notice Service, ““C:\Program Files\Common Files\Symantec Shared\PIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe” /m “C:\Program Files\Common Files\Symantec Shared\PIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll”” [“Symantec Corporation”]
Norton AntiVirus, Norton AntiVirus, ““C:\Program Files\Norton AntiVirus\Engine\16.8.0.41\ccSvcHst.exe” /s “Norton AntiVirus” /m “C:\Program Files\Norton AntiVirus\Engine\16.8.0.41\diMaster.dll” /prefetch:1” [“Symantec Corporation”]
Norton UnErase Protection, NProtectService, “C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE” [“Symantec Corporation”]
NVIDIA Display Driver Service, NVSvc, “C:\WINDOWS\system32\nvsvc32.exe” [“NVIDIA Corporation”]
Speed Disk service, Speed Disk service, “C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE” [“Symantec Corporation”]
TrueVector Internet Monitor, vsmon, “C:\WINDOWS\system32\ZoneLabs\vsmon.exe -service” [“Check Point Software Technologies LTD”]
Windows User Mode Driver Framework, UMWdf, “C:\WINDOWS\system32\wdfmgr.exe” [MS]
ZoneAlarm Toolbar IswSvc, IswSvc, ““C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe”” [“Check Point Software Technologies”]
Keyboard Driver Filters:
HKLM\System\CurrentControlSet\Control\Class{4D36E96B-E325-11CE-BFC1-08002BE10318}\
“UpperFilters” = INFECTION WARNING! “Lkbdflt2” [“Logitech, Inc.”]
Print Monitors:
HKLM\System\CurrentControlSet\Control\Print\Monitors\
Microsoft Document Imaging Writer Monitor\Driver = “mdimon.dll” [MS]
-
This report excludes default entries except where indicated.
-
To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
- The search for DESKTOP.INI DLL launch points on all local fixed drives
took 80 seconds.
- The search for all Registry CLSIDs containing dormant Explorer Bars
took 21 seconds.
---------- (total run time: 164 seconds)