Błąd explorer.exe


(Daniel124) #1

Witam serdecznie.Prawie przy każdym uruchomienie systemu mam błąd explorer.exe i nie mam pojęcia co to jest.Proszę o pomoc, a to moje logi.

Logfile of HijackThis v1.99.1

Scan saved at 03:17:52, on 2007-08-19

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:

D:\WINDOWS\System32\smss.exe

D:\WINDOWS\system32\winlogon.exe

D:\WINDOWS\system32\services.exe

D:\WINDOWS\system32\lsass.exe

D:\WINDOWS\system32\svchost.exe

D:\WINDOWS\System32\svchost.exe

D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

D:\Program Files\Alwil Software\Avast4\ashServ.exe

D:\WINDOWS\system32\spoolsv.exe

C:\programy\a-square\a-squared Free\a2service.exe

C:\programy\zerospyware\FileDeleter.exe

C:\programy\google descop\AlienGUIse\wbload.exe

D:\WINDOWS\system32\nvsvc32.exe

D:\Program Files\Spyware Terminator\sp_rsser.exe

D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

D:\Program Files\Alwil Software\Avast4\ashWebSv.exe

D:\WINDOWS\Explorer.EXE

D:\WINDOWS\RTHDCPL.EXE

D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

D:\Program Files\VIA\RAID\raid_tool.exe

C:\programy\daemon\daemon.exe

C:\programy\winamp\winampa.exe

D:\Program Files\Java\jre1.6.0_02\bin\jusched.exe

D:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe

C:\programy\crystal XP\Crystal Clear\UberIcon\UberIcon Manager.exe

C:\programy\crystal XP\Crystal Clear\RocketDock\RocketDock.exe

C:\programy\clock\Clock Tray Skins\ClockTraySkins.exe

C:\programy\cursor powre pack\CursorXP.exe

C:\programy\winzip\WZQKPICK.EXE

C:\programy\POP3 tray\PopTray.exe

C:\programy\ObjectDock\ObjectDock.exe

C:\programy\crystal XP\Crystal Clear\YzShadow\YzShadow.exe

C:\programy\crystal XP\Crystal Clear\YzToolbar\YzToolBar.exe

D:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

D:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

D:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\programy\gadu-gadu\gg.exe

C:\programy\spybot\Spybot - Search & Destroy\SpybotSD.exe

C:\programy\hijack\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatche ... p=aus&qkw=%s&tbid=60308

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60308

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60308

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60308

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60308

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - D:\PROGRA~1\Crawler\Toolbar\ctbr.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\programy\spybot\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - D:\PROGRA~1\Crawler\Toolbar\ctbr.dll

O4 - HKLM..\Run: [skyTel] SkyTel.EXE

O4 - HKLM..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM..\Run: [RaidTool] D:\Program Files\VIA\RAID\raid_tool.exe

O4 - HKLM..\Run: [nwiz] nwiz.exe /install

O4 - HKLM..\Run: [DAEMON Tools-1033] "C:\programy\daemon\daemon.exe" -lang 1033

O4 - HKLM..\Run: [WinampAgent] C:\programy\winamp\winampa.exe

O4 - HKLM..\Run: [LogonStudio] "C:\programy\LogonStudio\LogonStudio\logonstudio.exe" /RANDOM

O4 - HKLM..\Run: [bootSkin Startup Jobs] "C:\programy\BootSkin\BootSkin.exe" /StartupJobs

O4 - HKLM..\Run: [sunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"

O4 - HKLM..\Run: [spywareTerminator] "D:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"

O4 - HKLM..\Run: [Google Desktop Search] "D:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKCU..\Run: [uberIcon] "C:\programy\crystal XP\Crystal Clear\UberIcon\UberIcon Manager.exe"

O4 - HKCU..\Run: [RocketDock] "C:\programy\crystal XP\Crystal Clear\RocketDock\RocketDock.exe"

O4 - HKCU..\Run: [skinClock] C:\programy\clock\Clock Tray Skins\ClockTraySkins.exe

O4 - HKCU..\Run: [CursorXP] C:\programy\cursor powre pack\CursorXP.exe

O4 - Startup: PopTray.lnk = C:\programy\POP3 tray\PopTray.exe

O4 - Startup: RocketDock.lnk = C:\programy\crystal XP\Crystal Clear\RocketDock\RocketDock.exe

O4 - Startup: Stardock ObjectDock.lnk = C:\programy\ObjectDock\ObjectDock.exe

O4 - Startup: UberIcon.lnk = C:\programy\crystal XP\Crystal Clear\UberIcon\UberIcon Manager.exe

O4 - Startup: Y'z Shadow.lnk = C:\programy\crystal XP\Crystal Clear\YzShadow\YzShadow.exe

O4 - Startup: Y'z Toolbar.lnk = C:\programy\crystal XP\Crystal Clear\YzToolbar\YzToolBar.exe

O4 - Global Startup: WinZip Quick Pick.lnk = C:\programy\winzip\WZQKPICK.EXE

O8 - Extra context menu item: Crawler Search - tbr:iemenu

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O11 - Options group: [iNTERNATIONAL] International*

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 5388838578

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab

O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - D:\PROGRA~1\Crawler\Toolbar\ctbr.dll

O20 - AppInit_DLLs: wbsys.dll D:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

O20 - Winlogon Notify: WB - C:\programy\google descop\AlienGUIse\fastload.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - D:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\programy\a-square\a-squared Free\a2service.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: ZeroSpyware FileDeleter (FileDeleter) - FBM Software - C:\programy\zerospyware\FileDeleter.exe

O23 - Service: GoogleDesktopManager - Google - D:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - D:\Program Files\Spyware Terminator\sp_rsser.exe

"Silent Runners.vbs", revision R50, http://www.silentrunners.org/

Operating System: Windows XP SP2

Output limited to non-default values, except where indicated by "{++}"

Startup items buried in registry:


HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}

"UberIcon" = ""C:\programy\crystal XP\Crystal Clear\UberIcon\UberIcon Manager.exe"" [null data]

"RocketDock" = ""C:\programy\crystal XP\Crystal Clear\RocketDock\RocketDock.exe"" [null data]

"SkinClock" = "C:\programy\clock\Clock Tray Skins\ClockTraySkins.exe" [null data]

"CursorXP" = "C:\programy\cursor powre pack\CursorXP.exe" [" "]

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}

"SkyTel" = "SkyTel.EXE" ["Realtek Semiconductor Corp."]

"RTHDCPL" = "RTHDCPL.EXE" ["Realtek Semiconductor Corp."]

"Alcmtr" = "ALCMTR.EXE" ["Realtek Semiconductor Corp."]

"avast!" = "D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" ["ALWIL Software"]

"RaidTool" = "D:\Program Files\VIA\RAID\raid_tool.exe" ["VIA Technologies"]

"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]

"DAEMON Tools-1033" = ""C:\programy\daemon\daemon.exe" -lang 1033" ["DAEMON'S HOME"]

"WinampAgent" = "C:\programy\winamp\winampa.exe" [null data]

"LogonStudio" = ""C:\programy\LogonStudio\LogonStudio\logonstudio.exe" /RANDOM" ["Stardock and Luca Saggese"]

"BootSkin Startup Jobs" = ""C:\programy\BootSkin\BootSkin.exe" /StartupJobs" [empty string]

"SunJavaUpdateSched" = ""D:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"" ["Sun Microsystems, Inc."]

"SpywareTerminator" = ""D:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"" ["Crawler.com"]

"Google Desktop Search" = ""D:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup" ["Google"]

"NvCplDaemon" = "RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}(Default) = (no title provided)

-> {HKLM...CLSID} = (no title provided)

\InProcServer32(Default) = "D:\PROGRA~1\Crawler\Toolbar\ctbr.dll" ["Crawler.com"]

{53707962-6F74-2D53-2644-206D7942484F}(Default) = (no title provided)

-> {HKLM...CLSID} = (no title provided)

\InProcServer32(Default) = "C:\programy\spybot\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}(Default) = (no title provided)

-> {HKLM...CLSID} = "SSVHelper Class"

\InProcServer32(Default) = "D:\Program Files\Java\jre1.6.0_02\bin\ssv.dll" ["Sun Microsystems, Inc."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"

-> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"

\InProcServer32(Default) = "deskpan.dll" [file not found]

"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"

-> {HKLM...CLSID} = "HyperTerminal Icon Ext"

\InProcServer32(Default) = "D:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]

"{EFA24E62-B078-11d0-89E4-00C04FC9E26E}" = "History Band"

-> {HKLM...CLSID} = "History Band"

\InProcServer32(Default) = "D:\WINDOWS\system32\shdocvw.dll" [MS]

"{472083B0-C522-11CF-8763-00608CC02F24}" = "avast"

-> {HKLM...CLSID} = "avast"

\InProcServer32(Default) = "D:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]

"{E0D79304-84BE-11CE-9641-444553540000}" = "WinZip"

-> {HKLM...CLSID} = "WinZip"

\InProcServer32(Default) = "C:\PROGRAMY\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]

"{E0D79305-84BE-11CE-9641-444553540000}" = "WinZip"

-> {HKLM...CLSID} = "WinZip"

\InProcServer32(Default) = "C:\PROGRAMY\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]

"{E0D79306-84BE-11CE-9641-444553540000}" = "WinZip"

-> {HKLM...CLSID} = "WinZip"

\InProcServer32(Default) = "C:\PROGRAMY\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]

"{E0D79307-84BE-11CE-9641-444553540000}" = "WinZip"

-> {HKLM...CLSID} = "WinZip"

\InProcServer32(Default) = "C:\PROGRAMY\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]

"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"

-> {HKLM...CLSID} = "DesktopContext Class"

\InProcServer32(Default) = "D:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]

"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"

-> {HKLM...CLSID} = "NVIDIA CPL Extension"

\InProcServer32(Default) = "D:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]

"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"

-> {HKLM...CLSID} = "Desktop Explorer"

\InProcServer32(Default) = "D:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]

"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32(Default) = "D:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]

"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"

-> {HKLM...CLSID} = "nView Desktop Context Menu"

\InProcServer32(Default) = "D:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]

"{A155339D-CCCD-4714-85EB-3754B804C9DF}" = "a-squared Free Shell Extension"

-> {HKLM...CLSID} = "a-squared Free Shell Extension"

\InProcServer32(Default) = "C:\programy\a-square\a-squared Free\a2freecontmenu.dll" ["Emsi Software GmbH"]

"{B327765E-D724-4347-8B16-78AE18552FC3}" = "NeroDigitalIconHandler"

-> {HKLM...CLSID} = "NeroDigitalIconHandler Class"

\InProcServer32(Default) = "D:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]

"{7F1CF152-04F8-453A-B34C-E609530A9DC8}" = "NeroDigitalPropSheetHandler"

-> {HKLM...CLSID} = "NeroDigitalPropSheetHandler Class"

\InProcServer32(Default) = "D:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]

"{BD88A479-9623-4897-8546-BC62B9628F44}" = "SPTHandler"

-> {HKLM...CLSID} = "SPTHandler"

\InProcServer32(Default) = "D:\Program Files\Spyware Terminator\sptcontmenu.dll" ["Crawler.com"]

"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"

-> {HKLM...CLSID} = "RealOne Player Context Menu Class"

\InProcServer32(Default) = "C:\programy\real player\rpshell.dll" ["RealNetworks, Inc."]

"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32(Default) = "D:\Program Files\WinRAR\rarext.dll" [null data]

"{ABC70703-32AF-11d4-90C4-D483A70F4825}" = "CMenuExtender"

-> {HKLM...CLSID} = "CMenuExtender"

\InProcServer32(Default) = "C:\programy\crystal XP\Crystal Clear\iColorFolder\CMExt.dll" ["Revenger inc."]

HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\

"WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

-> {HKLM...CLSID} = "WPDShServiceObj Class"

\InProcServer32(Default) = "D:\WINDOWS\system32\WPDShServiceObj.dll" [MS]

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\

<> "AppInit_DLLs" = "wbsys.dll D:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL" ["Stardock.Net, Inc"]

HKLM\System\CurrentControlSet\Control\Session Manager\

<> "BootExecute" = "autocheck autochk *"| [file not found]

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\

<> WB\DLLName = "C:\programy\google descop\AlienGUIse\fastload.dll" ["Stardock"]

HKLM\Software\Classes\Folder\shellex\ColumnHandlers\

{7D4D6379-F301-4311-BEBA-E26EB0561882}(Default) = "NeroDigitalExt.NeroDigitalColumnHandler"

-> {HKLM...CLSID} = "NeroDigitalColumnHandler Class"

\InProcServer32(Default) = "D:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]

HKLM\Software\Classes*\shellex\ContextMenuHandlers\

avast(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"

-> {HKLM...CLSID} = "avast"

\InProcServer32(Default) = "D:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]

WinRAR(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32(Default) = "D:\Program Files\WinRAR\rarext.dll" [null data]

WinZip(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"

-> {HKLM...CLSID} = "WinZip"

\InProcServer32(Default) = "C:\PROGRAMY\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\

CMenuExtender(Default) = "{ABC70703-32AF-11d4-90C4-D483A70F4825}"

-> {HKLM...CLSID} = "CMenuExtender"

\InProcServer32(Default) = "C:\programy\crystal XP\Crystal Clear\iColorFolder\CMExt.dll" ["Revenger inc."]

WinRAR(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32(Default) = "D:\Program Files\WinRAR\rarext.dll" [null data]

WinZip(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"

-> {HKLM...CLSID} = "WinZip"

\InProcServer32(Default) = "C:\PROGRAMY\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\

a-squared Free Shell Extension(Default) = "{A155339D-CCCD-4714-85EB-3754B804C9DF}"

-> {HKLM...CLSID} = "a-squared Free Shell Extension"

\InProcServer32(Default) = "C:\programy\a-square\a-squared Free\a2freecontmenu.dll" ["Emsi Software GmbH"]

avast(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"

-> {HKLM...CLSID} = "avast"

\InProcServer32(Default) = "D:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]

WinRAR(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32(Default) = "D:\Program Files\WinRAR\rarext.dll" [null data]

WinZip(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"

-> {HKLM...CLSID} = "WinZip"

\InProcServer32(Default) = "C:\PROGRAMY\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]

HKLM\Software\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\

a-squared Free Shell Extension(Default) = "{A155339D-CCCD-4714-85EB-3754B804C9DF}"

-> {HKLM...CLSID} = "a-squared Free Shell Extension"

\InProcServer32(Default) = "C:\programy\a-square\a-squared Free\a2freecontmenu.dll" ["Emsi Software GmbH"]

SPTContMenu(Default) = "{BD88A479-9623-4897-8546-BC62B9628F44}"

-> {HKLM...CLSID} = "SPTHandler"

\InProcServer32(Default) = "D:\Program Files\Spyware Terminator\sptcontmenu.dll" ["Crawler.com"]

Group Policies {policy setting}:


Note: detected settings may not have any effect.

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\

"NoViewContextMenu" = (REG_DWORD) hex:0x00000000

{unrecognized setting}

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\

"NoDispCPL" = (REG_DWORD) hex:0x00000000

{Remove Display in Control Panel}

"NoDispBackgroundPage" = (REG_DWORD) hex:0x00000000

{Hide Desktop tab}

"NoDispScrSavPage" = (REG_DWORD) hex:0x00000000

{unrecognized setting}

"NoDispAppearancePage" = (REG_DWORD) hex:0x00000000

{unrecognized setting}

"NoDispSettingsPage" = (REG_DWORD) hex:0x00000000

{unrecognized setting}

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\

"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001

{Shutdown: Allow system to be shut down without having to log on}

"undockwithoutlogon" = (REG_DWORD) hex:0x00000001

{Devices: Allow undock without having to log on}

Active Desktop and Wallpaper:


Active Desktop may be disabled at this entry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:

HKCU\Software\Microsoft\Internet Explorer\Desktop\General\

"Wallpaper" = "D:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:

HKCU\Control Panel\Desktop\

"Wallpaper" = "D:\Documents and Settings\Van Helsing\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"

Startup items in "Van Helsing" & "All Users" startup folders:


D:\Documents and Settings\Van Helsing\Menu Start\Programy\Autostart

"PopTray" -> shortcut to: "C:\programy\POP3 tray\PopTray.exe" ["Renier Crause"]

"RocketDock" -> shortcut to: "C:\programy\crystal XP\Crystal Clear\RocketDock\RocketDock.exe" [null data]

"Stardock ObjectDock" -> shortcut to: "C:\programy\ObjectDock\ObjectDock.exe" ["Stardock"]

"UberIcon" -> shortcut to: "C:\programy\crystal XP\Crystal Clear\UberIcon\UberIcon Manager.exe" [null data]

"Y'z Shadow" -> shortcut to: "C:\programy\crystal XP\Crystal Clear\YzShadow\YzShadow.exe" ["Y'z@Home"]

"Y'z Toolbar" -> shortcut to: "C:\programy\crystal XP\Crystal Clear\YzToolbar\YzToolBar.exe" ["Y'z@Home"]

D:\Documents and Settings\All Users\Menu Start\Programy\Autostart

"WinZip Quick Pick" -> shortcut to: "C:\programy\winzip\WZQKPICK.EXE" ["WinZip Computing, Inc."]

Winsock2 Service Provider DLLs:


Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}

000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]

000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}

0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:

%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 13

%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05

Toolbars, Explorer Bars, Extensions:


Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\

"{4B3803EA-5230-4DC3-A7FC-33638F3D3542}"

-> {HKLM...CLSID} = "&Crawler Toolbar"

\InProcServer32(Default) = "D:\PROGRA~1\Crawler\Toolbar\ctbr.dll" ["Crawler.com"]

HKLM\Software\Microsoft\Internet Explorer\Toolbar\

"{4B3803EA-5230-4DC3-A7FC-33638F3D3542}" = (no title provided)

-> {HKLM...CLSID} = "&Crawler Toolbar"

\InProcServer32(Default) = "D:\PROGRA~1\Crawler\Toolbar\ctbr.dll" ["Crawler.com"]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\

{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\

"MenuText" = "Sun Java Console"

"CLSIDExtension" = "{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC}"

-> {HKCU...CLSID} = "Java Plug-in 1.6.0_02"

\InProcServer32(Default) = "D:\Program Files\Java\jre1.6.0_02\bin\ssv.dll" ["Sun Microsystems, Inc."]

-> {HKLM...CLSID} = "Java Plug-in 1.6.0_02"

\InProcServer32(Default) = "D:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll" ["Sun Microsystems, Inc."]

{E2E2DD38-D088-4134-82B7-F2BA38496583}\

"MenuText" = "@xpsp3res.dll,-20001"

"Exec" = "%windir%\Network Diagnostic\xpnetdiag.exe" [MS]

Running Services (Display Name, Service Name, Path {Service DLL}):


a-squared Free Service, a2free, ""C:\programy\a-square\a-squared Free\a2service.exe"" ["Emsi Software GmbH"]

avast! Antivirus, avast! Antivirus, ""D:\Program Files\Alwil Software\Avast4\ashServ.exe"" ["ALWIL Software"]

avast! iAVS4 Control Service, aswUpdSv, ""D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"" ["ALWIL Software"]

avast! Mail Scanner, avast! Mail Scanner, ""D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service" ["ALWIL Software"]

avast! Web Scanner, avast! Web Scanner, ""D:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service" ["ALWIL Software"]

NVIDIA Display Driver Service, NVSvc, "D:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"]

Spyware Terminator Realtime Shield Service, sp_rssrv, ""D:\Program Files\Spyware Terminator\sp_rsser.exe"" ["Crawler.com"]

ZeroSpyware FileDeleter, FileDeleter, "C:\programy\zerospyware\FileDeleter.exe" ["FBM Software"]


<>: Suspicious data at a malware launch point.

  • This report excludes default entries except where indicated.

  • To see *everywhere* the script checks and *everything* it finds,

launch it from a command prompt or a shortcut with the -all parameter.

  • The search for DESKTOP.INI DLL launch points on all local fixed drives

took 47 seconds.

---------- (total run time: 89 seconds)

ComboFix 07-07-30.2 - "Van Helsing" 2007-08-19 3:32:59.5 [GMT 2:00] - NTFS

Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1045.18.Prawda

((((((((((((((((((((((((( Files Created from 2007-07-19 to 2007-08-19 )))))))))))))))))))))))))))))))

2007-08-18 20:18 512,688 --a------ D:\WINDOWS\system32\XceedCry.dll

2007-08-18 20:18 423,784 --a------ D:\WINDOWS\system32\XceedBkp.dll

2007-08-18 20:18 118,784 --a------ D:\WINDOWS\system32\msstdfmt.dll

2007-08-18 20:18 101,888 --a------ D:\WINDOWS\system32\VB6STKIT.DLL

2007-08-18 15:19 51,200 --a------ D:\WINDOWS\nircmd.exe

2007-08-15 05:41 4,102 --a------ D:\WINDOWS\BricoPackFoldersDelete.cmd

2007-08-15 05:35 221,184 --a------ D:\WINDOWS\system32\wmpns.dll

2007-08-13 19:55

2007-08-11 13:29

2007-08-10 17:37 143,872 --a------ D:\WINDOWS\system32\iacenc.dll

2007-08-09 09:56 36,864 --a------ D:\WINDOWS\system32\wbsys.dll

2007-08-09 09:37

2007-08-09 09:30

2007-08-07 19:04

2007-08-06 14:44

2007-08-04 11:12 81,920 --a------ D:\WINDOWS\system32\OpenAL32.dll

2007-08-04 11:12 221,184 --a------ D:\WINDOWS\system32\wrap_oal.dll

2007-08-03 09:44 108,144 --a------ D:\WINDOWS\system32\CmdLineExt.dll

2007-08-03 09:44

2007-08-02 06:38 138,624 --a------ D:\WINDOWS\system32\drivers\sp_rsdrv2.sys

2007-08-02 06:37

2007-08-02 06:36

2007-08-02 06:36

2007-08-01 20:46

2007-08-01 20:24

2007-07-31 15:12

2007-07-31 14:59 98,304 --a------ D:\WINDOWS\system32\msir3jp.dll

2007-07-31 14:59 9,216 --a------ D:\WINDOWS\system32\kbdnecAT.dll

2007-07-31 14:59 838,144 --a------ D:\WINDOWS\system32\chtbrkr.dll

2007-07-31 14:59 70,656 --a------ D:\WINDOWS\system32\korwbrkr.dll

2007-07-31 14:59 7,680 --a------ D:\WINDOWS\system32\kbdnecNT.dll

2007-07-31 14:59 7,168 --a------ D:\WINDOWS\system32\kbdnec95.dll

2007-07-31 14:59 7,168 --a------ D:\WINDOWS\system32\kbdibm02.dll

2007-07-31 14:59 7,168 --a------ D:\WINDOWS\system32\f3ahvoas.dll

2007-07-31 14:59 6,656 --a------ D:\WINDOWS\system32\kbdlk41a.dll

2007-07-31 14:59 6,144 --a------ D:\WINDOWS\system32\kbdlk41j.dll

2007-07-31 14:59 6,144 --a------ D:\WINDOWS\system32\kbdax2.dll

2007-07-31 14:59 6,144 --a------ D:\WINDOWS\system32\kbd106n.dll

2007-07-31 14:59 6,144 --a------ D:\WINDOWS\system32\kbd101a.dll

2007-07-31 14:59 6,144 --a------ D:\WINDOWS\system32\kbd101.dll

2007-07-31 14:59 218,112 --a------ D:\WINDOWS\system32\c_g18030.dll

2007-07-31 14:59 1,677,824 --a------ D:\WINDOWS\system32\chsbrkr.dll

2007-07-31 14:58 811,064 --a------ D:\WINDOWS\system32\imjp81k.dll

2007-07-31 14:58 76,288 --a------ D:\WINDOWS\system32\uniime.dll

2007-07-31 14:58 6,656 --a------ D:\WINDOWS\system32\c_is2022.dll

2007-07-31 14:57 8,704 --a------ D:\WINDOWS\system32\kbdjpn.dll

2007-07-31 14:57 8,192 --a------ D:\WINDOWS\system32\kbdkor.dll

2007-07-31 14:57 6,144 --a------ D:\WINDOWS\system32\kbd106.dll

2007-07-31 14:57 6,144 --a------ D:\WINDOWS\system32\kbd101c.dll

2007-07-31 14:57 6,144 --a------ D:\WINDOWS\system32\kbd101b.dll

2007-07-31 14:57 5,632 --a------ D:\WINDOWS\system32\kbd103.dll

2007-07-29 20:46

2007-07-29 15:07 271,360 --a------ D:\WINDOWS\system32\drivers\atksgt.sys

2007-07-29 15:07 18,048 --a------ D:\WINDOWS\system32\drivers\lirsgt.sys

2007-07-29 07:49

2007-07-29 07:49

2007-07-29 07:48

2007-07-28 16:19

2007-07-27 09:58

2007-07-26 16:25

2007-07-26 16:19 1,415,680 --a------ D:\WINDOWS\system32\wmv9vcm.dll

2007-07-26 15:55 420,240 --a------ D:\WINDOWS\system32\mpg4c32.dll

2007-07-26 15:55 309,616 --a------ D:\WINDOWS\system32\wmv8dmod.dll

2007-07-26 15:32

2007-07-26 15:24

2007-07-26 06:31

2007-07-26 06:20

2007-07-26 05:33

2007-07-26 05:22

2007-07-26 05:01

2007-07-26 04:15

2007-07-26 04:12

2007-07-26 04:12

2007-07-26 04:11 14,048 --------- D:\WINDOWS\system32\spmsg2.dll

2007-07-26 04:10

2007-07-26 04:09

2007-07-26 04:09

2007-07-26 04:04

2007-07-26 03:31 2,916,352 --------- D:\WINDOWS\UNNMP.exe

2007-07-26 03:30 155,648 --a------ D:\WINDOWS\system32\NeroCheck.exe

2007-07-26 03:30

2007-07-26 03:29 476,320 --------- D:\WINDOWS\system32\ImagXpr7.dll

2007-07-26 03:29 471,040 --------- D:\WINDOWS\system32\ImagXRA7.dll

2007-07-26 03:29 38,912 --------- D:\WINDOWS\system32\picn20.dll

2007-07-26 03:29 364,544 --------- D:\WINDOWS\system32\TwnLib4.dll

2007-07-26 03:29 262,144 --------- D:\WINDOWS\system32\ImagXR7.dll

2007-07-26 03:29 24,064 --------- D:\WINDOWS\system32\msxml3a.dll

2007-07-26 03:29 2,977,792 --------- D:\WINDOWS\UNNeroVision.exe

2007-07-26 03:29 106,496 --a------ D:\WINDOWS\system32\TwnLib20.dll

2007-07-26 03:29 1,568,768 --------- D:\WINDOWS\system32\ImagX7.dll

2007-07-26 03:29

2007-07-26 03:29

2007-07-26 03:27 9,600 --a------ D:\WINDOWS\system32\drivers\hidusb.sys

2007-07-26 03:27

2007-07-25 22:51 163,712 --a------ D:\WINDOWS\system32\drivers\vidstub.sys

2007-07-25 22:50 187,392 --a------ D:\WINDOWS\system32\JPGUtils.dll

2007-07-25 22:50

2007-07-25 22:04

2007-07-25 21:58

2007-07-25 21:56

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-14 22:53 36 ---h----- D:\Program Files\desktop.ini

2007-07-26 04:50 87188 --a------ D:\WINDOWS\system32\perfc015.dat

2007-07-26 04:50 494652 --a------ D:\WINDOWS\system32\perfh015.dat

2007-07-25 22:50 6632448 --a------ D:\WINDOWS\system32\logonuiX.exe

2007-07-25 19:18 219648 --a------ D:\WINDOWS\system32\uxtheme.dll

2007-06-26 08:10 1104896 --a------ D:\WINDOWS\system32\msxml3.dll

2007-06-19 15:32 282112 --a------ D:\WINDOWS\system32\gdi32.dll

2007-06-13 15:23 1034752 --a------ D:\WINDOWS\explorer.exe

--------- D:\Program Files\Usługi online

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SkyTel"="SkyTel.EXE" [2006-05-16 19:04 D:\WINDOWS\SkyTel.exe]

"RTHDCPL"="RTHDCPL.EXE" [2006-08-01 20:10 D:\WINDOWS\RTHDCPL.exe]

"Alcmtr"="ALCMTR.EXE" [2005-05-03 19:43 D:\WINDOWS\Alcmtr.exe]

"avast!"="D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-07-28 00:03]

"RaidTool"="D:\Program Files\VIA\RAID\raid_tool.exe" [2006-01-04 09:43]

"nwiz"="nwiz.exe" [2007-04-19 13:26 D:\WINDOWS\system32\nwiz.exe]

"DAEMON Tools-1033"="C:\programy\daemon\daemon.exe" [2004-08-22 17:05]

"WinampAgent"="C:\programy\winamp\winampa.exe" [2007-05-15 00:22]

"LogonStudio"="C:\programy\LogonStudio\LogonStudio\logonstudio.exe" [2002-09-03 18:38]

"BootSkin Startup Jobs"="C:\programy\BootSkin\BootSkin.exe" [2004-04-26 16:21]

"SunJavaUpdateSched"="D:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]

"SpywareTerminator"="D:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2007-08-09 05:45]

"Google Desktop Search"="D:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-08-13 02:06]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"UberIcon"="C:\programy\crystal XP\Crystal Clear\UberIcon\UberIcon Manager.exe" [2006-02-05 14:20]

"RocketDock"="C:\programy\crystal XP\Crystal Clear\RocketDock\RocketDock.exe" [2006-05-14 22:47]

"SkinClock"="C:\programy\clock\Clock Tray Skins\ClockTraySkins.exe" [2007-07-23 19:31]

"CursorXP"="C:\programy\cursor powre pack\CursorXP.exe" [2005-01-19 17:34]

D:\Documents and Settings\Van Helsing\Menu Start\Programy\Autostart\

PopTray.lnk - C:\programy\POP3 tray\PopTray.exe [2006-09-16 15:01:16]

RocketDock.lnk - C:\programy\crystal XP\Crystal Clear\RocketDock\RocketDock.exe [2006-05-14 22:47:48]

Stardock ObjectDock.lnk - C:\programy\ObjectDock\ObjectDock.exe [2007-07-04 18:15:32]

UberIcon.lnk - C:\programy\crystal XP\Crystal Clear\UberIcon\UberIcon Manager.exe [2006-02-05 14:20:14]

Y'z Shadow.lnk - C:\programy\crystal XP\Crystal Clear\YzShadow\YzShadow.exe [2002-09-30 21:09:06]

Y'z Toolbar.lnk - C:\programy\crystal XP\Crystal Clear\YzToolbar\YzToolBar.exe [2002-09-29 14:41:10]

D:\Documents and Settings\All Users\Menu Start\Programy\Autostart\

WinZip Quick Pick.lnk - C:\programy\winzip\WZQKPICK.EXE [2007-07-25 18:28:53]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]

"NoDispCPL"=0 (0x0)

"NoDispBackgroundPage"=0 (0x0)

"NoDispScrSavPage"=0 (0x0)

"NoDispAppearancePage"=0 (0x0)

"NoDispSettingsPage"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoViewContextMenu"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]

C:\programy\google descop\AlienGUIse\fastload.dll 2001-12-20 23:34 24576 C:\programy\google descop\AlienGUIse\fastload.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"appinit_dlls"=wbsys.dll D:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

R0 viamraid;viamraid;D:\WINDOWS\system32\DRIVERS\viamraid.sys

R0 videX32;videX32;D:\WINDOWS\system32\DRIVERS\videX32.sys

R1 AmdK8;Sterownik procesora AMD;D:\WINDOWS\system32\DRIVERS\AmdK8.sys

R1 sp_rsdrv2;Spyware Terminator Driver 2;\??\D:\WINDOWS\system32\drivers\sp_rsdrv2.sys

R2 atksgt;atksgt;D:\WINDOWS\system32\DRIVERS\atksgt.sys

R2 FileDeleter;ZeroSpyware FileDeleter;C:\programy\zerospyware\FileDeleter.exe

R2 lirsgt;lirsgt;D:\WINDOWS\system32\DRIVERS\lirsgt.sys

R3 netrcacm;RCA USB Digital Cable Modem Driver;D:\WINDOWS\system32\DRIVERS\netrcacm.sys

S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0;D:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

S3 idsvc;Windows CardSpace;"D:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe"

S3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver;D:\WINDOWS\system32\DRIVERS\Rtenicxp.sys

S4 NetTcpPortSharing;Net.Tcp Port Sharing Service;"D:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe"

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-08-19 03:33:39

Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\A\1\5\1c]

"Order"=hex:08,00,00,00,02,00,00,00,b8,01,00,00,01,00,00,00,04,00,00,00,8c,..

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

Completion time: 2007-08-19 3:34:09

D:\ComboFix2.txt ... 2007-08-18 15:20

--- E O F ---

Z góry dziękuje.


(Mydoom H) #2

Masz trochę dodatków "upiększających".

Może jakaś nakładka weszła w konflikt z explorerem.

  1. W czasie uruchamiania kompa klikaj F8 - pojawi się lista wyboru z której trzeba wybrać "(....) wierszem polecenia.

  2. Gdy pojawi się wiersz poleceń wpisz "sfc /scannow"

Musisz mieć płyte od xpeka, jak zapyta to trzeba mu ją dać.


(Daniel124) #3

Dziękuje.


(Agatonster) #4

124daniel

Ważny komunikat dotyczący tytułowania tematów

Zapoznaj się ze wskazanym tematem i popraw logi obejmując je tagami