Bardzo wolny start komputera

StelmachStelmi · 29 Maj 2011 16:32

Witam wszystkich serdecznie, będę niezmiernie wdzięczny za sprawdzenie logów i pomoc. Wczoraj zainstalowałem ZoneAlarm version 9.2.106.000 na kompie, na którym był już zainstalowany Norton SystemWorks i AntiVirus 2009. Od tego czasu system uruchamia się około 5 minut. Logi poniżej, jeśli coś więcej potrzeba z mojej strony, to będę do usług 8)

Z HIJACKTHIS:

Logfile of HijackThis v1.99.1

Scan saved at 17:56:04, on 2011-05-29

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\Symantec Shared\PIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

C:\Program Files\Norton AntiVirus\Engine\16.8.0.41\ccSvcHst.exe

C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Norton AntiVirus\Engine\16.8.0.41\ccSvcHst.exe

C:\WINDOWS\system32\RunDLL32.exe

C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe

C:\Program Files\Logitech\iTouch\iTouch.exe

C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe

C:\Program Files\Common Files\Symantec Shared\PIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

C:\WINDOWS\system32\hphmon04.exe

C:\Program Files\Norton SystemWorks Premier Edition\NswUiTray.exe

C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

C:\Program Files\CheckPoint\ZAForceField\ForceField.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Mój komputer\Pulpit\Hijackthis - program do plików LOG.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft…k/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft…k/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft…k/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft…k/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

R3 - URLSearchHook: ZoneAlarm Security Toolbar - {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files\ZoneAlarm_Security\prxtbZone.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\16.8.0.41\IPSBHO.DLL

O2 - BHO: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll

O2 - BHO: ZoneAlarm Security - {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files\ZoneAlarm_Security\prxtbZone.dll

O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O3 - Toolbar: ZoneAlarm Security Toolbar - {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files\ZoneAlarm_Security\prxtbZone.dll

O3 - Toolbar: ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll

O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM…\Run: [nwiz] nwiz.exe /install

O4 - HKLM…\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit

O4 - HKLM…\Run: [VGAUtil] C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe

O4 - HKLM…\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe

O4 - HKLM…\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE

O4 - HKLM…\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe

O4 - HKLM…\Run: [symantec PIF AlertEng] “C:\Program Files\Common Files\Symantec Shared\PIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe” /a /m “C:\Program Files\Common Files\Symantec Shared\PIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll”

O4 - HKLM…\Run: [HPHmon04] C:\WINDOWS\system32\hphmon04.exe

O4 - HKLM…\Run: [HPHUPD04] “C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe”

O4 - HKLM…\Run: [NSWosCheck] “C:\Program Files\Norton SystemWorks Premier Edition\osCheck.exe”

O4 - HKLM…\Run: [NswUiTray] C:\Program Files\Norton SystemWorks Premier Edition\NswUiTray.exe

O4 - HKLM…\Run: [iSW] “C:\Program Files\CheckPoint\ZAForceField\ForceField.exe” /icon=“hidden”

O4 - HKLM…\Run: [ZoneAlarm Client] “C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe”

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll

O9 - Extra ‘Tools’ menuitem: Utwórz Ulubione dla urządzenia przenośnego… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll

O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks Premier Edition\Norton Cleanup\WCQuick.lnk

O9 - Extra ‘Tools’ menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks Premier Edition\Norton Cleanup\WCQuick.lnk

O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra ‘Tools’ menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International

O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.s…abs/tgctlsr.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi…b?1306682123750

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset…lineScanner.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m…ash/swflash.cab

O23 - Service: Norton2009 Reset (.norton2009Reset) - Unknown owner - C:\Documents and Settings\All Users\Dane aplikacji\Norton\Norton2009Reset.exe

O23 - Service: ZoneAlarm Toolbar IswSvc (IswSvc) - Check Point Software Technologies - C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)

O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE

O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - (no file)

O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)

O23 - Service: Norton AntiVirus - Unknown owner - C:\Program Files\Norton AntiVirus\Engine\16.8.0.41\ccSvcHst.exe" /s “Norton AntiVirus” /m “C:\Program Files\Norton AntiVirus\Engine\16.8.0.41\diMaster.dll” /prefetch:1 (file missing)

O23 - Service: Norton UnErase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\HPHipm11.exe

O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE

O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Z SILENTRUNNERS:

“Silent Runners.vbs”, revision 41, http://www.silentrunners.org/

Operating System: Windows XP SP2

Output limited to non-default values, except where indicated by “{++}”

Startup items buried in registry:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}

“NvCplDaemon” = “RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup” [MS]

“nwiz” = “nwiz.exe /install” [“NVIDIA Corporation”]

“NvMediaCenter” = “RunDLL32.exe NvMCTray.dll,NvTaskbarInit” [MS]

“VGAUtil” = “C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe” [empty string]

“zBrowser Launcher” = “C:\Program Files\Logitech\iTouch\iTouch.exe” ["Logitech Inc. "]

“EM_EXEC” = “C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE” ["Logitech Inc. "]

“HPDJ Taskbar Utility” = “C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe” [“HP”]

“Symantec PIF AlertEng” = ““C:\Program Files\Common Files\Symantec Shared\PIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe” /a /m “C:\Program Files\Common Files\Symantec Shared\PIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll”” [“Symantec Corporation”]

“HPHmon04” = “C:\WINDOWS\system32\hphmon04.exe” [“Hewlett-Packard”]

“HPHUPD04” = ““C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe”” [“Hewlett-Packard”]

“NSWosCheck” = ““C:\Program Files\Norton SystemWorks Premier Edition\osCheck.exe”” [“Symantec Corporation”]

“NswUiTray” = “C:\Program Files\Norton SystemWorks Premier Edition\NswUiTray.exe” [“Symantec Corporation”]

“ISW” = ““C:\Program Files\CheckPoint\ZAForceField\ForceField.exe” /icon=“hidden”” [“Check Point Software Technologies”]

“ZoneAlarm Client” = ““C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe”” [“Check Point Software Technologies LTD”]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = “AcroIEHlprObj Class” [from CLSID]

-> {CLSID}\InProcServer32(Default) = “C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll” [“Adobe Systems Incorporated”]

{53707962-6F74-2D53-2644-206D7942484F}(Default) = “Spybot-S&D IE Protection” [from CLSID]

-> {CLSID}\InProcServer32(Default) = “C:\Program Files\Spybot - Search & Destroy\SDHelper.dll” [“Safer Networking Limited”]

{6D53EC84-6AAE-4787-AEEE-F4628F01010C}(Default) = “Symantec Intrusion Prevention”

-> {CLSID}\InProcServer32(Default) = “C:\Program Files\Norton AntiVirus\Engine\16.8.0.41\IPSBHO.DLL” [“Symantec Corporation”]

{8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3}(Default) = “ZoneAlarm Security Engine Registrar”

-> {CLSID}\InProcServer32(Default) = “C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll” [“Check Point Software Technologies”]

{91da5e8a-3318-4f8c-b67e-5964de3ab546}(Default) = “ZoneAlarm Security”

-> {CLSID}\InProcServer32(Default) = “C:\Program Files\ZoneAlarm_Security\prxtbZone.dll” [“Conduit Ltd.”]

{DBC80044-A445-435b-BC74-9C25C1C588A9}(Default) = “Java™ Plug-In 2 SSV Helper” [from CLSID]

-> {CLSID}\InProcServer32(Default) = “C:\Program Files\Java\jre6\bin\jp2ssv.dll” [“Sun Microsystems, Inc.”]

{E7E6F031-17CE-4C07-BC86-EABFE594F69C}(Default) = “JQSIEStartDetectorImpl”

-> {CLSID}\InProcServer32(Default) = “C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll” [“Sun Microsystems, Inc.”]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

“{88895560-9AA2-1069-930E-00AA0030EBC8}” = “Rozszerzenie ikony HyperTerminalu”

-> {CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\hticons.dll” [“Hilgraeve, Inc.”]

“{30D02401-6A81-11d0-8274-00C04FD5AE38}” = “IE Search Band”

-> {CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS]

“{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}” = “Shell DocObject Viewer”

-> {CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS]

“{FBF23B40-E3F0-101B-8488-00AA003E56F8}” = “InternetShortcut”

-> {CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS]

“{3C374A40-BAE4-11CF-BF7D-00AA006946EE}” = “Microsoft Url History Service”

-> {CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS]

“{FF393560-C2A7-11CF-BFF4-444553540000}” = “History”

-> {CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS]

“{7BD29E00-76C1-11CF-9DD0-00A0C9034933}” = “Temporary Internet Files”

-> {CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS]

“{7BD29E01-76C1-11CF-9DD0-00A0C9034933}” = “Temporary Internet Files”

-> {CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS]

“{CFBFAE00-17A6-11D0-99CB-00C04FD64497}” = “Microsoft Url Search Hook”

-> {CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS]

“{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}” = “The Internet”

-> {CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS]

“{871C5380-42A0-1069-A2EA-08002B30309D}” = “Internet Name Space”

-> {CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS]

“{A70C977A-BF00-412C-90B7-034C51DA2439}” = “NvCpl DesktopContext Class”

-> {CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\nvcpl.dll” [“NVIDIA Corporation”]

“{FFB699E0-306A-11d3-8BD1-00104B6F7516}” = “Play on my TV helper”

-> {CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\nvcpl.dll” [“NVIDIA Corporation”]

“{1CDB2949-8F65-4355-8456-263E7C208A5D}” = “Desktop Explorer”

-> {CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\nvshell.dll” [“NVIDIA Corporation”]

“{1E9B04FB-F9E5-4718-997B-B8DA88302A47}” = “Desktop Explorer Menu”

-> {CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\nvshell.dll” [“NVIDIA Corporation”]

“{1E9B04FB-F9E5-4718-997B-B8DA88302A48}” = “nView Desktop Context Menu”

-> {CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\nvshell.dll” [“NVIDIA Corporation”]

“{42042206-2D85-11D3-8CFF-005004838597}” = “Microsoft Office HTML Icon Handler”

-> {CLSID}\InProcServer32(Default) = “C:\Program Files\Microsoft Office\OFFICE11\msohev.dll” [MS]

“{E0D79304-84BE-11CE-9641-444553540000}” = “WinZip”

-> {CLSID}\InProcServer32(Default) = “C:\PROGRA~1\WINZIP\WZSHLSTB.DLL” [“WinZip Computing, Inc.”]

“{E0D79305-84BE-11CE-9641-444553540000}” = “WinZip”

-> {CLSID}\InProcServer32(Default) = “C:\PROGRA~1\WINZIP\WZSHLSTB.DLL” [“WinZip Computing, Inc.”]

“{E0D79306-84BE-11CE-9641-444553540000}” = “WinZip”

-> {CLSID}\InProcServer32(Default) = “C:\PROGRA~1\WINZIP\WZSHLSTB.DLL” [“WinZip Computing, Inc.”]

“{E0D79307-84BE-11CE-9641-444553540000}” = “WinZip”

-> {CLSID}\InProcServer32(Default) = “C:\PROGRA~1\WINZIP\WZSHLSTB.DLL” [“WinZip Computing, Inc.”]

“{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}” = “Shell Extensions for RealOne Player”

-> {CLSID}\InProcServer32(Default) = “C:\Program Files\Real\RealPlayer\rpshell.dll” [“RealNetworks, Inc.”]

“{B41DB860-8EE4-11D2-9906-E49FADC173CA}” = “WinRAR shell extension”

-> {CLSID}\InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data]

“{49BF5420-FA7F-11cf-8011-00A0C90A8F78}” = “Mobile Device”

-> {CLSID}\InProcServer32(Default) = “C:\PROGRA~1\MICROS~3\Wcesview.dll” [MS]

“{07C45BB1-4A8C-4642-A1F5-237E7215FF66}” = “IE Microsoft BrowserBand”

-> {CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS]

“{11016101-E366-4D22-BC06-4ADA335C892B}” = “IE History and Feeds Shell Data Source for Windows Search”

-> {CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS]

“{1C1EDB47-CE22-4bbb-B608-77B48F83C823}” = “IE Fade Task”

-> {CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS]

“{205D7A97-F16D-4691-86EF-F3075DCCA57D}” = “IE Menu Desk Bar”

-> {CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS]

“{25336920-03f9-11cf-8fd0-00aa00686f13}” = “HTML Document”

-> {CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\mshtml.dll” [MS]

“{3028902F-6374-48b2-8DC6-9725E775B926}” = “IE AutoComplete”

-> {CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS]

“{3050f3d9-98b5-11cf-bb82-00aa00bdce0b}” = “MSHTML Document”

-> {CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\mshtml.dll” [MS]

“{43886CD5-6529-41c4-A707-7B3C92C05E68}” = “IE Navigation Bar”

-> {CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS]

“{44C76ECD-F7FA-411c-9929-1B77BA77F524}” = “IE Menu Site”

-> {CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS]

“{4B78D326-D922-44f9-AF2A-07805C2A3560}” = “IE Menu Band”

-> {CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS]

“{6038EF75-ABFC-4e59-AB6F-12D397F6568D}” = “IE Microsoft History AutoComplete List”

-> {CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS]

“{6B4ECC4F-16D1-4474-94AB-5A763F2A54AE}” = “IE Tracking Shell Menu”

-> {CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS]

“{6CF48EF8-44CD-45d2-8832-A16EA016311B}” = “IE IShellFolderBand”

-> {CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS]

“{73CFD649-CD48-4fd8-A272-2070EA56526B}” = “IE BandProxy”

-> {CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS]

“{8856f961-340a-11d0-a96b-00c04fd705a2}” = “Microsoft Web Browser”

-> {CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS]

“{98FF6D4B-6387-4b0a-8FBD-C5C4BB17B4F8}” = “IE MRU AutoComplete List”

-> {CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS]

“{9A096BB5-9DC3-4D1C-8526-C3CBF991EA4E}” = “IE RSS Feeder Folder”

-> {CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS]

“{9D958C62-3954-4b44-8FAB-C4670C1DB4C2}” = “IE Microsoft Shell Folder AutoComplete List”

-> {CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS]

“{B31C5FAE-961F-415b-BAF0-E697A5178B94}” = “IE Microsoft Multiple AutoComplete List Container”

-> {CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS]

“{BFAD62EE-9D54-4b2a-BF3B-76F90697BD2A}” = “IE Shell Rebar BandSite”

-> {CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS]

“{E6EE9AAC-F76B-4947-8260-A9F136138E11}” = “IE Shell Band Site Menu”

-> {CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS]

“{F2CF5485-4E02-4f68-819C-B92DE9277049}” = “&Links”

-> {CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS]

“{F83DAC1C-9BB9-4f2b-B619-09819DA81B0E}” = “IE Registry Tree Options Utility”

-> {CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS]

“{FDE7673D-2E19-4145-8376-BBD58C4BC7BA}” = “IE Custom MRU AutoCompleted List”

-> {CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS]

HKLM\Software\Classes\PROTOCOLS\Filter\

INFECTION WARNING! text/xml\CLSID = “{807553E5-5146-11D5-A672-00B0D022E945}”

-> {CLSID}\InProcServer32(Default) = “C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL” [MS]

HKLM\Software\Classes*\shellex\ContextMenuHandlers\

Symantec.Norton.Antivirus.IEContextMenu(Default) = “{FAD61B3D-699D-49B2-BE16-7F82CB4C59CA}”

-> {CLSID}\InProcServer32(Default) = ““C:\Program Files\Norton AntiVirus\Engine\16.8.0.41\NavShExt.dll”” [“Symantec Corporation”]

WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}”

-> {CLSID}\InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data]

WinZip(Default) = “{E0D79304-84BE-11CE-9641-444553540000}”

-> {CLSID}\InProcServer32(Default) = “C:\PROGRA~1\WINZIP\WZSHLSTB.DLL” [“WinZip Computing, Inc.”]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\

WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}”

-> {CLSID}\InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data]

WinZip(Default) = “{E0D79304-84BE-11CE-9641-444553540000}”

-> {CLSID}\InProcServer32(Default) = “C:\PROGRA~1\WINZIP\WZSHLSTB.DLL” [“WinZip Computing, Inc.”]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\

Symantec.Norton.Antivirus.IEContextMenu(Default) = “{FAD61B3D-699D-49B2-BE16-7F82CB4C59CA}”

-> {CLSID}\InProcServer32(Default) = ““C:\Program Files\Norton AntiVirus\Engine\16.8.0.41\NavShExt.dll”” [“Symantec Corporation”]

WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}”

-> {CLSID}\InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data]

WinZip(Default) = “{E0D79304-84BE-11CE-9641-444553540000}”

-> {CLSID}\InProcServer32(Default) = “C:\PROGRA~1\WINZIP\WZSHLSTB.DLL” [“WinZip Computing, Inc.”]

Active Desktop and Wallpaper:

Active Desktop is disabled at this entry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

HKCU\Control Panel\Desktop\

“Wallpaper” = “C:\Documents and Settings\Mój komputer\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp”

Enabled Screen Saver:

HKCU\Control Panel\Desktop\

“SCRNSAVE.EXE” = “C:\WINDOWS\system32\sspipes.scr” [MS]

DESKTOP.INI DLL launch in local fixed drive directories:

C:\Documents and Settings\Default User\Ustawienia lokalne\Historia\DESKTOP.INI

[.ShellClassInfo]

UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}

-> {CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS]

CLSID={FF393560-C2A7-11CF-BFF4-444553540000}

-> {CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS]

C:\Documents and Settings\Default User\Ustawienia lokalne\Historia\History.IE5\DESKTOP.INI

[.ShellClassInfo]

UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}

-> {CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS]

CLSID={FF393560-C2A7-11CF-BFF4-444553540000}

-> {CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS]

C:\Documents and Settings\Default User\Ustawienia lokalne\Temporary Internet Files\DESKTOP.INI

[.ShellClassInfo]

UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}

-> {CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS]

C:\Documents and Settings\Default User\Ustawienia lokalne\Temporary Internet Files\Content.IE5\DESKTOP.INI

[.ShellClassInfo]

UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}

-> {CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS]

C:\Documents and Settings\Default User\Ustawienia lokalne\Temporary Internet Files\Content.IE5\69E96H2J\DESKTOP.INI

[.ShellClassInfo]

UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}

-> {CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS]

C:\Documents and Settings\Default User\Ustawienia lokalne\Temporary Internet Files\Content.IE5\IT2JWTYX\DESKTOP.INI

[.ShellClassInfo]

UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}

-> {CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS]

C:\Documents and Settings\Default User\Ustawienia lokalne\Temporary Internet Files\Content.IE5\KJ0BYBCB\DESKTOP.INI

[.ShellClassInfo]

UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}

-> {CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS]

C:\Documents and Settings\Default User\Ustawienia lokalne\Temporary Internet Files\Content.IE5\YTER0FKR\DESKTOP.INI

[.ShellClassInfo]

UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}

-> {CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS]

C:\Documents and Settings\LocalService\Ustawienia lokalne\Historia\DESKTOP.INI

[.ShellClassInfo]

UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}

-> {CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS]

CLSID={FF393560-C2A7-11CF-BFF4-444553540000}

-> {CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS]

C:\Documents and Settings\LocalService\Ustawienia lokalne\Historia\History.IE5\DESKTOP.INI

[.ShellClassInfo]

UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}

-> {CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS]

CLSID={FF393560-C2A7-11CF-BFF4-444553540000}

-> {CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS]

C:\Documents and Settings\LocalService\Ustawienia lokalne\Temporary Internet Files\DESKTOP.INI

[.ShellClassInfo]

UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}

-> {CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS]

C:\Documents and Settings\LocalService\Ustawienia lokalne\Temporary Internet Files\Content.IE5\DESKTOP.INI

[.ShellClassInfo]

UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}

-> {CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS]

C:\Documents and Settings\LocalService\Ustawienia lokalne\Temporary Internet Files\Content.IE5\07TRJWRG\DESKTOP.INI

[.ShellClassInfo]

UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}

-> {CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS]

C:\Documents and Settings\LocalService\Ustawienia lokalne\Temporary Internet Files\Content.IE5\QFGBLAQ0\DESKTOP.INI

[.ShellClassInfo]

UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}

-> {CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS]

C:\Documents and Settings\LocalService\Ustawienia lokalne\Temporary Internet Files\Content.IE5\RAHOVZF7\DESKTOP.INI

[.ShellClassInfo]

UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}

-> {CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS]

C:\Documents and Settings\LocalService\Ustawienia lokalne\Temporary Internet Files\Content.IE5\SEXYNC4N\DESKTOP.INI

[.ShellClassInfo]

UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}

-> {CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS]

C:\Documents and Settings\Mój komputer\Ustawienia lokalne\Dane aplikacji\Microsoft\Feeds Cache\DESKTOP.INI

[.ShellClassInfo]

UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}

-> {CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS]

C:\Documents and Settings\Mój komputer\Ustawienia lokalne\Dane aplikacji\Microsoft\Feeds Cache\12T3O6RU\DESKTOP.INI

[.ShellClassInfo]

UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}

-> {CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS]

C:\Documents and Settings\Mój komputer\Ustawienia lokalne\Dane aplikacji\Microsoft\Feeds Cache\1CXBVV1O\DESKTOP.INI

[.ShellClassInfo]

UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}

-> {CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS]

C:\Documents and Settings\Mój komputer\Ustawienia lokalne\Dane aplikacji\Microsoft\Feeds Cache\3JK43Y0C\DESKTOP.INI

[.ShellClassInfo]

UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}

-> {CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS]

C:\Documents and Settings\Mój komputer\Ustawienia lokalne\Dane aplikacji\Microsoft\Feeds Cache\ZLP9BNPE\DESKTOP.INI

[.ShellClassInfo]

UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}

-> {CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS]

C:\Documents and Settings\Mój komputer\Ustawienia lokalne\Historia\DESKTOP.INI

[.ShellClassInfo]

UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}

-> {CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS]

CLSID={FF393560-C2A7-11CF-BFF4-444553540000}

-> {CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS]

C:\Documents and Settings\Mój komputer\Ustawienia lokalne\Historia\History.IE5\DESKTOP.INI

[.ShellClassInfo]

UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}

-> {CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS]

CLSID={FF393560-C2A7-11CF-BFF4-444553540000}

-> {CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS]

C:\Documents and Settings\Mój komputer\Ustawienia lokalne\Temporary Internet Files\DESKTOP.INI

[.ShellClassInfo]

UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}

-> {CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS]

C:\Documents and Settings\Mój komputer\Ustawienia lokalne\Temporary Internet Files\Content.IE5\DESKTOP.INI

[.ShellClassInfo]

UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}

-> {CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS]

C:\Documents and Settings\NetworkService\Ustawienia lokalne\Historia\History.IE5\DESKTOP.INI

[.ShellClassInfo]

UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}

-> {CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS]

CLSID={FF393560-C2A7-11CF-BFF4-444553540000}

-> {CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS]

C:\Documents and Settings\NetworkService\Ustawienia lokalne\Temporary Internet Files\Content.IE5\DESKTOP.INI

[.ShellClassInfo]

UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}

-> {CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS]

C:\Documents and Settings\NetworkService\Ustawienia lokalne\Temporary Internet Files\Content.IE5\69E96H2J\DESKTOP.INI

[.ShellClassInfo]

UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}

-> {CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS]

C:\Documents and Settings\NetworkService\Ustawienia lokalne\Temporary Internet Files\Content.IE5\IT2JWTYX\DESKTOP.INI

[.ShellClassInfo]

UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}

-> {CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS]

C:\Documents and Settings\NetworkService\Ustawienia lokalne\Temporary Internet Files\Content.IE5\KJ0BYBCB\DESKTOP.INI

[.ShellClassInfo]

UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}

-> {CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS]

C:\Documents and Settings\NetworkService\Ustawienia lokalne\Temporary Internet Files\Content.IE5\YTER0FKR\DESKTOP.INI

[.ShellClassInfo]

UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}

-> {CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS]

C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Historia\DESKTOP.INI

[.ShellClassInfo]

UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}

-> {CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS]

CLSID={FF393560-C2A7-11CF-BFF4-444553540000}

-> {CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS]

C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\DESKTOP.INI

[.ShellClassInfo]

UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}

-> {CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS]

CLSID={FF393560-C2A7-11CF-BFF4-444553540000}

-> {CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS]

C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Temporary Internet Files\DESKTOP.INI

[.ShellClassInfo]

UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}

-> {CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS]

C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Temporary Internet Files\Content.IE5\DESKTOP.INI

[.ShellClassInfo]

UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}

-> {CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS]

C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Temporary Internet Files\Content.IE5\GZIJ2345\DESKTOP.INI

[.ShellClassInfo]

UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}

-> {CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS]

C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Temporary Internet Files\Content.IE5\IJK3MN67\DESKTOP.INI

[.ShellClassInfo]

UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}

-> {CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS]

C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Temporary Internet Files\Content.IE5\OPQ9STUV\DESKTOP.INI

[.ShellClassInfo]

UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}

-> {CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS]

C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Temporary Internet Files\Content.IE5\Q9STCDWF\DESKTOP.INI

[.ShellClassInfo]

UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}

-> {CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS]

Enabled Scheduled Tasks:

“Norton SystemWorks One Button Checkup” -> launches: “C:\Program Files\Norton SystemWorks Premier Edition\OBC.exe /CUSTOM /SCHEDULE /AUTO” [“Symantec Corporation”]

“RealUpgradeLogonTaskS-1-5-21-1343024091-1614895754-725345543-1003” -> launches: “C:\Program Files\Real\RealUpgrade\realupgrade.exe /logoncheck” [“RealNetworks, Inc.”]

“RealUpgradeScheduledTaskS-1-5-21-1343024091-1614895754-725345543-1003” -> launches: “C:\Program Files\Real\RealUpgrade\realupgrade.exe /scheduledcheck” [“RealNetworks, Inc.”]

“RegistryBooster” -> launches: “C:\Program Files\Uniblue\RegistryBooster\rbmonitor.exe” [“Uniblue Systems Limited”]

Winsock2 Service Provider DLLs:

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}

000000000001\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS]

000000000002\LibraryPath = “%SystemRoot%\System32\winrnr.dll” [MS]

000000000003\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}

0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:

%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 15

%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05

Toolbars, Explorer Bars, Extensions:

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\

“{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107}” = “ZoneAlarm Security Engine” [from CLSID]

-> {CLSID}\InProcServer32(Default) = “C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll” [“Check Point Software Technologies”]

“{91DA5E8A-3318-4F8C-B67E-5964DE3AB546}” = “ZoneAlarm Security Toolbar” [from CLSID]

-> {CLSID}\InProcServer32(Default) = “C:\Program Files\ZoneAlarm_Security\prxtbZone.dll” [“Conduit Ltd.”]

HKLM\Software\Microsoft\Internet Explorer\Toolbar\

“{91DA5E8A-3318-4F8C-B67E-5964DE3AB546}” = “ZoneAlarm Security Toolbar”

-> {CLSID}\InProcServer32(Default) = “C:\Program Files\ZoneAlarm_Security\prxtbZone.dll” [“Conduit Ltd.”]

“{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107}” = “ZoneAlarm Security Engine”

-> {CLSID}\InProcServer32(Default) = “C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll” [“Check Point Software Technologies”]

Explorer Bars

Dormant Explorer Bars in “View, Explorer Bar” menu

HKLM\Software\Classes\CLSID{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\ = “&Badanie”

Implemented Categories{00021493-0000-0000-C000-000000000046}\ [vertical bar]

InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL” [MS]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\

{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F}\

“ButtonText” = “Create Mobile Favorite”

“CLSIDExtension” = “{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F}”

-> {CLSID}\InProcServer32(Default) = “C:\PROGRA~1\MICROS~3\INetRepl.dll” [MS]

{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F}\

“MenuText” = “Utwórz Ulubione dla urządzenia przenośnego…”

“CLSIDExtension” = “{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F}”

-> {CLSID}\InProcServer32(Default) = “C:\PROGRA~1\MICROS~3\INetRepl.dll” [MS]

{5E638779-1818-4754-A595-EF1C63B87A56}\

“ButtonText” = “Express Cleanup”

“MenuText” = “Express Cleanup”

“Exec” = “C:\Program Files\Norton SystemWorks Premier Edition\Norton Cleanup\WCQuick.lnk” [null data]

{92780B25-18CC-41C8-B9BE-3C9C571A8263}\

“ButtonText” = “Badanie”

{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}\

“MenuText” = “Spybot - Search && Destroy Configuration”

“CLSIDExtension” = “{53707962-6F74-2D53-2644-206D7942484F}”

-> {CLSID}\InProcServer32(Default) = “C:\Program Files\Spybot - Search & Destroy\SDHelper.dll” [“Safer Networking Limited”]

{FB5F1910-F110-11D2-BB9E-00C04F795683}\

“ButtonText” = “Messenger”

“MenuText” = “Windows Messenger”

“Exec” = “C:\Program Files\Messenger\msmsgs.exe” [MS]

Miscellaneous IE Hijack Points

C:\WINDOWS\INF\IERESET.INF (used to “Reset Web Settings”)

Added lines (compared with English-language version):

Missing lines (compared with English-language version):

strings: 2 lines

HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\

“{91da5e8a-3318-4f8c-b67e-5964de3ab546}” = “ZoneAlarm Security Toolbar” [from CLSID]

-> {CLSID}\InProcServer32(Default) = “C:\Program Files\ZoneAlarm_Security\prxtbZone.dll” [“Conduit Ltd.”]

HKLM\Software\Microsoft\Internet Explorer\AboutURLs\

HIJACK WARNING! “NavigationFailure” = “res://ieframe.dll/navcancl.htm” [MS]

HIJACK WARNING! “DesktopItemNavigationFailure” = “res://ieframe.dll/navcancl.htm” [MS]

HIJACK WARNING! “NavigationCanceled” = “res://ieframe.dll/navcancl.htm” [MS]

HIJACK WARNING! “OfflineInformation” = “res://ieframe.dll/offcancl.htm” [MS]

HIJACK WARNING! “PostNotCached” = “res://ieframe.dll/repost.htm” [MS]

HIJACK WARNING! “InPrivate” = “res://ieframe.dll/inprivate.htm” [MS]

HIJACK WARNING! “NoAdd-ons” = “res://ieframe.dll/noaddon.htm” [MS]

HIJACK WARNING! “NoAdd-onsInfo” = “res://ieframe.dll/noaddoninfo.htm” [MS]

HIJACK WARNING! “SecurityRisk” = “res://ieframe.dll/securityatrisk.htm” [MS]

HIJACK WARNING! “Tabs” = “res://ieframe.dll/tabswelcome.htm” [MS]

Running Services (Display Name, Service Name, Path {Service DLL}):

Java Quick Starter, JavaQuickStarterService, ““C:\Program Files\Java\jre6\bin\jqs.exe” -service -config “C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf”” [“Sun Microsystems, Inc.”]

LiveUpdate Notice Service, LiveUpdate Notice Service, ““C:\Program Files\Common Files\Symantec Shared\PIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe” /m “C:\Program Files\Common Files\Symantec Shared\PIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll”” [“Symantec Corporation”]

Norton AntiVirus, Norton AntiVirus, ““C:\Program Files\Norton AntiVirus\Engine\16.8.0.41\ccSvcHst.exe” /s “Norton AntiVirus” /m “C:\Program Files\Norton AntiVirus\Engine\16.8.0.41\diMaster.dll” /prefetch:1” [“Symantec Corporation”]

Norton UnErase Protection, NProtectService, “C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE” [“Symantec Corporation”]

NVIDIA Display Driver Service, NVSvc, “C:\WINDOWS\system32\nvsvc32.exe” [“NVIDIA Corporation”]

Speed Disk service, Speed Disk service, “C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE” [“Symantec Corporation”]

TrueVector Internet Monitor, vsmon, “C:\WINDOWS\system32\ZoneLabs\vsmon.exe -service” [“Check Point Software Technologies LTD”]

Windows User Mode Driver Framework, UMWdf, “C:\WINDOWS\system32\wdfmgr.exe” [MS]

ZoneAlarm Toolbar IswSvc, IswSvc, ““C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe”” [“Check Point Software Technologies”]

Keyboard Driver Filters:

HKLM\System\CurrentControlSet\Control\Class{4D36E96B-E325-11CE-BFC1-08002BE10318}\

“UpperFilters” = INFECTION WARNING! “Lkbdflt2” [“Logitech, Inc.”]

Print Monitors:

HKLM\System\CurrentControlSet\Control\Print\Monitors\

Microsoft Document Imaging Writer Monitor\Driver = “mdimon.dll” [MS]

This report excludes default entries except where indicated.
To see *everywhere* the script checks and *everything* it finds,

launch it from a command prompt or a shortcut with the -all parameter.

The search for DESKTOP.INI DLL launch points on all local fixed drives

took 80 seconds.

The search for all Registry CLSIDs containing dormant Explorer Bars

took 21 seconds.

---------- (total run time: 164 seconds)

system · 29 Maj 2011 19:44

Po pierwsze: odinstaluj Antywirus 2009! Norton całkowicie Ci wystarczy. Ten ZoneAlarm też spokojnie można sobie podarować. Pobierz, uruchom i wyczyść komputer programem Glarysoft Utilities i CCleaner , oraz przeprowadź defragmentację dysków programem, np. Iobit SmartDefrag lub Defraggler. To wszystko “kosmetyka” na początek.

Jeśli nadal życzysz sobie analizy logów, przeczytaj to: zasady-wklejania-logow-forum-tytulowania-tematow-t253052.html a powyższy Twój post wyedytuj i skróć do pierwszego zdania.

Lukasz6 · 29 Maj 2011 19:53

Antywirus 2009 to fałszywy program antywirusowy.

Jednym słowem sam jest wirusem, i wirusy pobiera.

Daj wyżej wspomniane logi.