Ogromne dzieki jest super.
Życie nabiera innych barw jak komputerek elegancko chodzi. :lol:
Złączono Posta : 13.11.2006 (Pon) 19:17
Niestety nadal bardzo długo się zamyka, nie wiem czemu.
Zrobiłem logi Hijackiem i SilenRunnerem
Logfile of HijackThis v1.99.1 Scan saved at 19:15:32, on 2006-11-13 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\Program Files\WIDCOMM\Oprogramowanie interfejsu Bluetooth\bin\btwdins.exe C:\WINDOWS\system32\CTsvcCDA.EXE C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\Explorer.EXE C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\taskswitch.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\PROGRA~1\NEOSTR~1\CnxMon.exe C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe C:\Program Files\WIDCOMM\Oprogramowanie interfejsu Bluetooth\BTTray.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe C:\Program Files\Neostrada TP\NeostradaTP.exe C:\Program Files\Neostrada TP\ComComp.exe C:\Program Files\Neostrada TP\Watch.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Mozilla Firefox\firefox.exe D:\Programy\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://szukaj.wp.pl R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.pl/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O4 - HKLM…\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM…\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM…\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM…\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe O4 - HKLM…\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe O4 - HKLM…\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM…\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM…\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM…\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe O4 - HKLM…\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM…\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime O4 - HKLM…\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM…\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM…\Run: [RemoteControl] “C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe” O4 - HKLM…\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe O4 - HKLM…\Run: [speedTouch USB Diagnostics] “C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe” /icon O4 - HKLM…\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe O4 - HKLM…\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe O4 - HKLM…\Run: [Hidder] C:\PROGRA~1\GDATAS~1\SEKRET~1\Hidder.exe /start O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU…\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Wyślij do interfejsu &Bluetooth - C:\Program Files\WIDCOMM\Oprogramowanie interfejsu Bluetooth\btsendto_ie_ctx.htm O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: @btrez.dll ,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Oprogramowanie interfejsu Bluetooth\btsendto_ie.htm O9 - Extra ‘Tools’ menuitem: @btrez.dll ,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Oprogramowanie interfejsu Bluetooth\btsendto_ie.htm O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O15 - Trusted Zone: http://*.mks.com.pl O16 - DPF: {5A09E43F-A0A7-4ABF-AF80-11367CF1DC8F} (MainControl Class) - http://mks.com.pl/skaner/SkanerOnline.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan … asinst.cab O17 - HKLM\System\CCS\Services\Tcpip…{90534214-27D1-4544-8E25-29CE9D0C0F35}: NameServer = 194.204.152.34 217.98.63.164 O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Oprogramowanie interfejsu Bluetooth\bin\btwdins.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe Ato Silentrunner
“Silent Runners.vbs”, revision 49, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by “{++}”
Startup items buried in registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
“CTFMON.EXE” = “C:\WINDOWS\system32\ctfmon.exe” [MS]
“Creative Detector” = “C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R” [“Creative Technology Ltd”]
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
“IgfxTray” = “C:\WINDOWS\system32\igfxtray.exe” [“Intel Corporation”]
“HotKeysCmds” = “C:\WINDOWS\system32\hkcmd.exe” [“Intel Corporation”]
“Persistence” = “C:\WINDOWS\system32\igfxpers.exe” [“Intel Corporation”]
“High Definition Audio Property Page Shortcut” = “HDAShCut.exe” [“Windows ® Server 2003 DDK provider”]
“AzMixerSel” = “C:\Program Files\Realtek\InstallShield\AzMixerSel.exe” [“Realtek Semiconductor Corp.”]
“SynTPLpr” = “C:\Program Files\Synaptics\SynTP\SynTPLpr.exe” [“Synaptics, Inc.”]
“SynTPEnh” = “C:\Program Files\Synaptics\SynTP\SynTPEnh.exe” [“Synaptics, Inc.”]
“RTHDCPL” = “RTHDCPL.EXE” [“Realtek Semiconductor Corp.”]
“CoolSwitch” = “C:\WINDOWS\system32\taskswitch.exe” [null data]
“SunJavaUpdateSched” = “C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe” [“Sun Microsystems, Inc.”]
“QuickTime Task” = ““C:\Program Files\QuickTime\qttask.exe” -atboottime” [“Apple Computer, Inc.”]
“AVG7_CC” = “C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP” [“GRISOFT, s.r.o.”]
“NeroFilterCheck” = “C:\WINDOWS\system32\NeroCheck.exe” [“Ahead Software Gmbh”]
“RemoteControl” = ““C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe”” [“Cyberlink Corp.”]
“WooCnxMon” = “C:\PROGRA~1\NEOSTR~1\CnxMon.exe” [empty string]
“SpeedTouch USB Diagnostics” = ““C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe” /icon” [“THOMSON Telecom Belgium”]
“WOOWATCH” = “C:\PROGRA~1\NEOSTR~1\Watch.exe” [“France Télécom R&D”]
“WOOTASKBARICON” = “C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe” [“France Télécom R&D”]
“Hidder” = “C:\PROGRA~1\GDATAS~1\SEKRET~1\Hidder.exe /start” [“G DATA Software Sp. z o.o.”]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided)
-> {HKLM…CLSID} = “AcroIEHlprObj Class”
\InProcServer32(Default) = “C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx” [empty string]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}(Default) = (no title provided)
-> {HKLM…CLSID} = “SSVHelper Class”
\InProcServer32(Default) = “C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll” [“Sun Microsystems, Inc.”]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
“{42071714-76d4-11d1-8b24-00a0c9068ff3}” = “Rozszerzenie CPL kadrowania wyświetlania”
-> {HKLM…CLSID} = “Rozszerzenie CPL kadrowania wyświetlania”
\InProcServer32(Default) = “deskpan.dll” [file not found]
“{88895560-9AA2-1069-930E-00AA0030EBC8}” = “Rozszerzenie ikony HyperTerminalu”
-> {HKLM…CLSID} = “HyperTerminal Icon Ext”
\InProcServer32(Default) = “C:\WINDOWS\system32\hticons.dll” [“Hilgraeve, Inc.”]
“{2F603045-309F-11CF-9774-0020AFD0CFF6}” = “Synaptics Control Panel”
-> {HKLM…CLSID} = (no title provided)
\InProcServer32(Default) = “C:\Program Files\Synaptics\SynTP\SynTPCpl.dll” [“Synaptics, Inc.”]
“{6af09ec9-b429-11d4-a1fb-0090960218cb}” = “My Bluetooth Places”
-> {HKLM…CLSID} = “Moje miejsca interfejsu Bluetooth”
\InProcServer32(Default) = “C:\WINDOWS\system32\btneighborhood.dll” [“Broadcom Corporation.”]
“{cc86590a-b60a-48e6-996b-41d25ed39a1e}” = “Portable Media Devices Menu”
-> {HKLM…CLSID} = “Portable Media Devices Menu”
\InProcServer32(Default) = “C:\WINDOWS\system32\Audiodev.dll” [MS]
“{709C6E11-538F-4759-86AC-6ACB302AA0DE}” = “Desktop Manager”
-> {HKCU…CLSID} = “Desktop Manager”
\InProcServer32(Default) = “C:\WINDOWS\system32\msvdm.dll” [null data]
“{1530F7EE-5128-43BD-9977-84A4B0FAD7DF}” = “PhotoToys”
-> {HKCU…CLSID} = (no title provided)
\InProcServer32(Default) = “C:\WINDOWS\system32\phototoys.dll” [MS]
“{efb97cb8-a4a4-4357-a261-002ffaed0267}” = “CD Slideshow Powertoy”
-> {HKCU…CLSID} = “CD Burn Slideshow Hook”
\InProcServer32(Default) = “C:\WINDOWS\system32\slideshow.dll” [MS]
“{B41DB860-8EE4-11D2-9906-E49FADC173CA}” = “WinRAR shell extension”
-> {HKLM…CLSID} = “WinRAR”
\InProcServer32(Default) = “c:\program files\winrar\rarext.dll” [null data]
“{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}” = “AVG7 Shell Extension”
-> {HKLM…CLSID} = “AVG7 Shell Extension Class”
\InProcServer32(Default) = “C:\Program Files\Grisoft\AVG7\avgse.dll” [“GRISOFT, s.r.o.”]
“{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}” = “AVG7 Find Extension”
-> {HKLM…CLSID} = “AVG7 Find Extension Class”
\InProcServer32(Default) = “C:\Program Files\Grisoft\AVG7\avgse.dll” [“GRISOFT, s.r.o.”]
“{42042206-2D85-11D3-8CFF-005004838597}” = “Microsoft Office HTML Icon Handler”
-> {HKLM…CLSID} = (no title provided)
\InProcServer32(Default) = “C:\Program Files\Microsoft Office\OFFICE11\msohev.dll” [MS]
“{0E40CBF0-0263-4AD4-A71B-11316667CBB7}” = “MuVo V200 Media Explorer”
-> {HKLM…CLSID} = “MuVo V200 Media Explorer”
\InProcServer32(Default) = “C:\Program Files\Creative\Creative MuVo V200\CTMvns.dll” [“Creative Technology Ltd”]
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
<> igfxcui\DLLName = “igfxdev.dll” [“Intel Corporation”]
HKLM\Software\Classes\PROTOCOLS\Filter\
<> text/xml\CLSID = “{807553E5-5146-11D5-A672-00B0D022E945}”
-> {HKLM…CLSID} = (no title provided)
\InProcServer32(Default) = “C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL” [MS]
HKLM\Software\Classes\Folder\shellex\ColumnHandlers\
{F9DB5320-233E-11D1-9F84-707F02C10627}(Default) = “PDF Column Info”
-> {HKLM…CLSID} = “PDF Shell Extension”
\InProcServer32(Default) = “C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll” [“Adobe Systems, Inc.”]
HKLM\Software\Classes*\shellex\ContextMenuHandlers\
AVG7 Shell Extension(Default) = “{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}”
-> {HKLM…CLSID} = “AVG7 Shell Extension Class”
\InProcServer32(Default) = “C:\Program Files\Grisoft\AVG7\avgse.dll” [“GRISOFT, s.r.o.”]
WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}”
-> {HKLM…CLSID} = “WinRAR”
\InProcServer32(Default) = “c:\program files\winrar\rarext.dll” [null data]
HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}”
-> {HKLM…CLSID} = “WinRAR”
\InProcServer32(Default) = “c:\program files\winrar\rarext.dll” [null data]
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
AVG7 Shell Extension(Default) = “{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}”
-> {HKLM…CLSID} = “AVG7 Shell Extension Class”
\InProcServer32(Default) = “C:\Program Files\Grisoft\AVG7\avgse.dll” [“GRISOFT, s.r.o.”]
WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}”
-> {HKLM…CLSID} = “WinRAR”
\InProcServer32(Default) = “c:\program files\winrar\rarext.dll” [null data]
Group Policies {GPedit.msc branch and setting}:
Note: detected settings may not have any effect.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\
“shutdownwithoutlogon” = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}
“undockwithoutlogon” = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}
Active Desktop and Wallpaper:
Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
“Wallpaper” = “C:\WINDOWS\Web\Wallpaper\Idylla.bmp”
Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
“Wallpaper” = “C:\WINDOWS\Web\Wallpaper\Idylla.bmp”
Enabled Screen Saver:
HKCU\Control Panel\Desktop\
“SCRNSAVE.EXE” = “C:\WINDOWS\system32\logon.scr” [MS]
Startup items in “Kamil” & “All Users” startup folders:
C:\Documents and Settings\All Users\Menu Start\Programy\Autostart
“BTTray” -> shortcut to: “C:\Program Files\WIDCOMM\Oprogramowanie interfejsu Bluetooth\BTTray.exe” [“Broadcom Corporation.”]
“Adobe Reader Speed Launch” -> shortcut to: “C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe” [“Adobe Systems Incorporated”]
Winsock2 Service Provider DLLs:
Namespace Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS]
000000000002\LibraryPath = “%SystemRoot%\System32\winrnr.dll” [MS]
000000000003\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS]
Transport Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 19
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05
Toolbars, Explorer Bars, Extensions:
Explorer Bars
HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\
HKLM\Software\Classes\CLSID{01002DB2-8170-4D9B-A8B1-DDC9DD114E03}(Default) = “Volet Wanadoo”
Implemented Categories{00021494-0000-0000-C000-000000000046}\ [horizontal bar]
InProcServer32(Default) = “C:\PROGRA~1\NEOSTR~1\audience\audience.dll” [empty string]
HKLM\Software\Classes\CLSID{3BAF4A27-C764-4E1A-A6F4-62F7A7E5E51C}(Default) = “ToolBand Class”
Implemented Categories{00021494-0000-0000-C000-000000000046}\ [horizontal bar]
InProcServer32(Default) = “C:\PROGRA~1\NEOSTR~1\audience\audience.dll” [empty string]
HKLM\Software\Classes\CLSID{5BF498C0-931E-4A4F-B33F-456D07137EAA}(Default) = “Volet Wanadoo”
Implemented Categories{00021494-0000-0000-C000-000000000046}\ [horizontal bar]
InProcServer32(Default) = “C:\PROGRA~1\NEOSTR~1\audience\audience.dll” [empty string]
HKLM\Software\Classes\CLSID{FF059E31-CC5A-4E2E-BF3B-96E929D65503}(Default) = “&Badanie”
Implemented Categories{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL” [MS]
Extensions (Tools menu items, main toolbar menu buttons)
HKLM\Software\Microsoft\Internet Explorer\Extensions\
{92780B25-18CC-41C8-B9BE-3C9C571A8263}\
“ButtonText” = “Badanie”
{CCA281CA-C863-46EF-9331-5C8D4460577F}\
“ButtonText” = “@btrez.dll ,-4015”
“MenuText” = “@btrez.dll ,-4017”
“Script” = “C:\Program Files\WIDCOMM\Oprogramowanie interfejsu Bluetooth\btsendto_ie.htm” [null data]
Miscellaneous IE Hijack Points
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\
<> “{08C06D61-F1F3-4799-86F8-BE1A89362C85}” = (no title provided)
-> {HKLM…CLSID} = “Search Class”
\InProcServer32(Default) = “C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL” [empty string]
Running Services (Display Name, Service Name, Path {Service DLL}):
AVG E-mail Scanner, AVGEMS, “C:\PROGRA~1\Grisoft\AVG7\avgemc.exe” [“GRISOFT, s.r.o.”]
AVG7 Alert Manager Server, Avg7Alrt, “C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe” [“GRISOFT, s.r.o.”]
AVG7 Update Service, Avg7UpdSvc, “C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe” [“GRISOFT, s.r.o.”]
Bluetooth Service, btwdins, “C:\Program Files\WIDCOMM\Oprogramowanie interfejsu Bluetooth\bin\btwdins.exe” [“Broadcom Corporation.”]
Creative Service for CDROM Access, Creative Service for CDROM Access, “C:\WINDOWS\system32\CTsvcCDA.EXE” [“Creative Technology Ltd”]
Machine Debug Manager, MDM, ““C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE”” [MS]
Sunbelt Kerio Personal Firewall 4, KPF4, ““C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe”” [“Sunbelt Software”]
Windows User Mode Driver Framework, UMWdf, “C:\WINDOWS\system32\wdfmgr.exe” [MS]
<>: Suspicious data at a malware launch point.
<>: Suspicious data at a browser hijack point.
This report excludes default entries except where indicated.
To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
The search for DESKTOP.INI DLL launch points on all local fixed drives
took 54 seconds.
---------- (total run time: 109 seconds)
zerknijcie…