Dziwne zachowanie komputera


(O9m) #1

Ostatnio zauważyłam dziwne zachowanie komputra, włancza mi się samoistnie jakaś muzyczka i po paru sekundach milknie .Obawiam się czy ktoś nie włamał mi się do komputera.Wirusów nie ma,porty zamknięte wwdc, plus ZoneAlarm.Co zrobić w takim przypadku?


(Monczkin) #2

w jakich sytuacjach muzyczka ta sie “pojawia” ??

to znaczy - czy przy przegladaniu stron www ??

czy przy używaniu jakiegokolwiek progranu ??

więcej informacji by sie przydało :slight_smile:


(Johny) #3

Olga przypomnij sobie,czy czegoś ostatnio nie instalowałaś,to może być nawet mały program instalowany z jakimś większym


(O9m) #4

Muzyczka pojawiła się trzy dni temu(akurat używałam WordPada) ,wtedy nic nie instalowałam i pojawiła się dzisjaj gdy byłam podłączona do sieci ale nie przeglądałam stron www ,dziwi mnie również to ,że nawet jak nic nie robię to komputer wydaje dziwne ‘odgłosy’-kontrolka przy H.D.D ciągle migocze.Od tego czasu dostaję też sporo spamu na pocztę,co do tej pory wcale się nie zdarzało.Sybot i Ad-Aware też nic nie znajdują.


(Gutek) #5

Zarzuć log z hijacka i silenta -

Silent opis: http://www.searchengines.pl/phpbb203/in … opic=15989


(O9m) #6

Scan saved at 02:05:41, on 2005-12-23

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:/WINDOWS/System32/smss.exe

C:/WINDOWS/system32/winlogon.exe

C:/WINDOWS/system32/services.exe

C:/WINDOWS/system32/lsass.exe

C:/WINDOWS/system32/svchost.exe

C:/WINDOWS/System32/svchost.exe

C:/WINDOWS/system32/spoolsv.exe

C:/Program Files/Eset/nod32krn.exe

C:/WINDOWS/system32/nvsvc32.exe

C:/WINDOWS/system32/ZoneLabs/vsmon.exe

C:/WINDOWS/Explorer.EXE

C:/WINDOWS/SOUNDMAN.EXE

C:/Program Files/Eset/nod32kui.exe

C:/Program Files/Zone Labs/ZoneAlarm/zlclient.exe

C:/Program Files/Java/jre1.5.0_04/bin/jusched.exe

C:/Program Files/Tlen.pl/tlen.exe

C:/Program Files/Mozilla Firefox/firefox.exe

C:/WINDOWS/system32/svchost.exe

C:/Program Files/Opera/Opera.exe

C:/WINDOWS/Explorer.EXE

C:/Program Files/WinRAR/WinRAR.exe

C/:HijackThis.exe

R0 - HKCU/Software/Microsoft/Internet Explorer/Main,Start Page = http://www.google.pl/

R0 - HKCU/Software/Microsoft/Internet Explorer/Main,Local Page = c:/WINDOWS/pchealth/helpctr/System/panels/blank.htm

R0 - HKLM/Software/Microsoft/Internet Explorer/Main,Local Page = c:/WINDOWS/pchealth/helpctr/System/panels/blank.htm

R1 - HKCU/Software/Microsoft/Internet Explorer/Main,Window Title = Microsoft Internet Explorer

R0 - HKCU/Software/Microsoft/Internet Explorer/Toolbar,LinksFolderName = Łącza

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:/Program Files/Adobe/Acrobat 5.0/Reader/ActiveX/AcroIEHelper.ocx

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:/PROGRA~1/SPYBOT~1/SDHelper.dll

O4 - HKLM/…/Run: [NvMediaCenter] RUNDLL32.EXE C:/WINDOWS/system32/NvMcTray.dll,NvTaskbarInit

O4 - HKLM/…/Run: [odk_mon] C:/Program Files/Odkurzacz 9.3 Pro/odk_mon.exe

O4 - HKLM/…/Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM/…/Run: [nod32kui] “C:/Program Files/Eset/nod32kui.exe” /WAITSERVICE

O4 - HKLM/…/Run: [Zone Labs Client] C:/Program Files/Zone Labs/ZoneAlarm/zlclient.exe

O4 - HKLM/…/Run: [sunJavaUpdateSched] C:/Program Files/Java/jre1.5.0_04/bin/jusched.exe

O4 - HKLM/…/Run: [NvCplDaemon] RUNDLL32.EXE C:/WINDOWS/system32/NvCpl.dll,NvStartup

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:/Program Files/Java/jre1.5.0_04/bin/npjpi150_04.dll

O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:/Program Files/Java/jre1.5.0_04/bin/npjpi150_04.dll

O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:/Program Files/IrfanView/Ebay/Ebay.htm

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:/Program Files/Messenger/msmsgs.exe

O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:/Program Files/Messenger/msmsgs.exe

O12 - Plugin for .spop: C:/Program Files/Internet Explorer/Plugins/NPDocBox.dll

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda … 9807030875

O17 - HKLM/System/CCS/Services/Tcpip/…/{107B97BE-B27B-42FB-B64F-D58C81F365EC}: NameServer = …

O17 - HKLM/System/CCS/Services/Tcpip/…/{DB3A196E-2351-4496-88FD-ED75CFB7A83C}: NameServer = …

O17 - HKLM/System/CS1/Services/Tcpip/…/{107B97BE-B27B-42FB-B64F-D58C81F365EC}: NameServer = …

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:/Program Files/Eset/nod32krn.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:/WINDOWS/system32/nvsvc32.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:/WINDOWS/system32/ZoneLabs/vsmon.exe

Jak nie ten log to usunełam,O17 jest w porządku

Logfile of HijackThis v1.99.1


(Gutek) #7

Co do silenta nie ten log - Silent opis: http://www.searchengines.pl/phpbb203/in … opic=15989


(O9m) #8
"Silent Runners.vbs", revision 41, http://www.silentrunners.org/

Operating System: Windows XP SP2

Output limited to non-default values, except where indicated by "{++}"



Startup items buried in registry:

---------------------------------


HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}

"NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit" [MS]

"odk_mon" = "C:\Program Files\Odkurzacz 9.3 Pro\odk_mon.exe" ["FranmoSoft"]

"SoundMan" = "SOUNDMAN.EXE" ["Realtek Semiconductor Corp."]

"nod32kui" = ""C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE" ["Eset "]

"Zone Labs Client" = "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" ["Zone Labs, LLC"]

"SunJavaUpdateSched" = "C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe" ["Sun Microsystems, Inc."]

"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]


HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = "AcroIEHlprObj Class" [from CLSID]

  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx" [empty string]

{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)

  -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]


HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"

  -> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found]

"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]

"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]

"{63542C48-9552-494A-84F7-73AA6A7C99C1}" = "OpenOffice Property Sheet Handler"

  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\OpenOffice.org1.1.2\program\shlxthdl.dll" ["Sun Microsystems, Inc."]

"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]

"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]

"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]

"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]

"{B089FE88-FB52-11d3-BDF1-0050DA34150D}" = "NOD32 Context Menu Shell Extension"

  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Eset\nodshex.dll" ["Eset "]

"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"

  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

"{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]

"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]


HKLM\Software\Classes\*\shellex\ContextMenuHandlers\

NOD32 Context Menu Shell Extension\(Default) = "{B089FE88-FB52-11d3-BDF1-0050DA34150D}"

  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Eset\nodshex.dll" ["Eset "]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]


HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]


HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\

NOD32 Context Menu Shell Extension\(Default) = "{B089FE88-FB52-11d3-BDF1-0050DA34150D}"

  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Eset\nodshex.dll" ["Eset "]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]



Active Desktop and Wallpaper:

-----------------------------


Active Desktop is disabled at this entry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState


HKCU\Control Panel\Desktop\

"Wallpaper" = "C:\Documents and Settings\Ewa\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"



Enabled Screen Saver:

---------------------


HKCU\Control Panel\Desktop\

"SCRNSAVE.EXE" = "C:\WINDOWS\system32\ssmarque.scr" [MS]



Enabled Scheduled Tasks:

------------------------


"Symantec NetDetect" -> launches: "C:\Program Files\Symantec\LiveUpdate\NDetect.exe" [file not found]



Winsock2 Service Provider DLLs:

-------------------------------


Namespace Service Providers


HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}

000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]

000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]


Transport Service Providers


HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}

0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:

imon.dll ["Eset "], 01 - 05, 23

%SystemRoot%\system32\mswsock.dll [MS], 06 - 08, 11 - 22

%SystemRoot%\system32\rsvpsp.dll [MS], 09 - 10



Toolbars, Explorer Bars, Extensions:

------------------------------------


Extensions (Tools menu items, main toolbar menu buttons)


HKLM\Software\Microsoft\Internet Explorer\Extensions\

{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\

"MenuText" = "Sun Java Console"

"CLSIDExtension" = "{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBC}"

  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll" ["Sun Microsystems, Inc."]


{EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A}\

"ButtonText" = "eBay - Homepage"

"CLSIDExtension" = "{1FBA04EE-3024-11D2-8F1F-0000F87ABD16}"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]

"Exec" = "C:\Program Files\IrfanView\Ebay\Ebay.htm" [null data]


{FB5F1910-F110-11D2-BB9E-00C04F795683}\

"ButtonText" = "Messenger"

"MenuText" = "Windows Messenger"

"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]



Running Services (Display Name, Service Name, Path {Service DLL}):

------------------------------------------------------------------


NOD32 Kernel Service, NOD32krn, ""C:\Program Files\Eset\nod32krn.exe"" ["Eset "]

NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"]

TrueVector Internet Monitor, vsmon, "C:\WINDOWS\system32\ZoneLabs\vsmon.exe -service" ["Zone Labs, LLC"]

Usługa dostarczania sieci, xmlprov, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\xmlprov.dll" [MS]}



Print Monitors:

---------------


HKLM\System\CurrentControlSet\Control\Print\Monitors\

hpzlnt05\Driver = "hpzlnt05.dll" ["HP"]



----------

+ This report excludes default entries except where indicated.

+ To see *everywhere* the script checks and *everything* it finds,

  launch it from a command prompt or a shortcut with the -all parameter.

+ To search all directories of local fixed drives for DESKTOP.INI

  DLL launch points and all Registry CLSIDs for dormant Explorer Bars,

  use the -supp parameter or answer "No" at the first message box.

---------- (total run time: 14 seconds, including 4 seconds for message boxes)

Teraz chyba dobrze


(Gutek) #9

Niestety nic nie widac co powodóje problem


(O9m) #10

Dzięki ale coś się dzieje bo rozłancza mnie z GG i i mama problemy z pobieraniem poczty.


(Kopec86) #11

czy masz radiowke ?? bo jesli tak to sprawa prosta :slight_smile: lapiesz fale radiowe jakiejs stacji :slight_smile: czytalem juz o takich przypadkach :slight_smile:


(Gutek) #12

Z gg czasem są problemy - to moze być u nich, jak przed chwilą, to pewnie u każdego, ja też tak miałem - rozłaczony byłem :wink:


(O9m) #13

Dzięki ,teraz jeszcze doczytałam ,że dałam log skrócony,ale nadal nie jestem pewna czy wszystko jest ok.Zobaczę co się będzie działo dalej.Jak będą nadal te same problemy to zainstaluję chyba system na nowo,czytałam gdzieś że najlepiej wyczyścić dysk(że to daje lepszy efekt niż format) tylko nie wiem jak .


(Gutek) #14

Jak nie cały log to źle - powinien być cały.

Reinstalacja XP http://www.searchengines.pl/phpbb203/in … ntry109540


(O9m) #15
"Silent Runners.vbs", revision 41, http://www.silentrunners.org/

Operating System: Windows XP SP2

Output limited to non-default values, except where indicated by "{++}"



Startup items buried in registry:

---------------------------------


HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}

"NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit" [MS]

"odk_mon" = "C:\Program Files\Odkurzacz 9.3 Pro\odk_mon.exe" ["FranmoSoft"]

"SoundMan" = "SOUNDMAN.EXE" ["Realtek Semiconductor Corp."]

"nod32kui" = ""C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE" ["Eset "]

"Zone Labs Client" = "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" ["Zone Labs, LLC"]

"SunJavaUpdateSched" = "C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe" ["Sun Microsystems, Inc."]

"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]


HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = "AcroIEHlprObj Class" [from CLSID]

  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx" [empty string]

{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)

  -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]


HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"

  -> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found]

"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]

"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]

"{63542C48-9552-494A-84F7-73AA6A7C99C1}" = "OpenOffice Property Sheet Handler"

  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\OpenOffice.org1.1.2\program\shlxthdl.dll" ["Sun Microsystems, Inc."]

"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]

"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]

"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]

"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]

"{B089FE88-FB52-11d3-BDF1-0050DA34150D}" = "NOD32 Context Menu Shell Extension"

  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Eset\nodshex.dll" ["Eset "]

"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"

  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

"{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]

"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]


HKLM\Software\Classes\*\shellex\ContextMenuHandlers\

NOD32 Context Menu Shell Extension\(Default) = "{B089FE88-FB52-11d3-BDF1-0050DA34150D}"

  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Eset\nodshex.dll" ["Eset "]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]


HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]


HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\

NOD32 Context Menu Shell Extension\(Default) = "{B089FE88-FB52-11d3-BDF1-0050DA34150D}"

  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Eset\nodshex.dll" ["Eset "]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]



Active Desktop and Wallpaper:

-----------------------------


Active Desktop is disabled at this entry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState


HKCU\Control Panel\Desktop\

"Wallpaper" = "C:\Documents and Settings\Ewa\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"



Enabled Screen Saver:

---------------------


HKCU\Control Panel\Desktop\

"SCRNSAVE.EXE" = "C:\WINDOWS\system32\ssmarque.scr" [MS]



Enabled Scheduled Tasks:

------------------------


"Symantec NetDetect" -> launches: "C:\Program Files\Symantec\LiveUpdate\NDetect.exe" [file not found]



Winsock2 Service Provider DLLs:

-------------------------------


Namespace Service Providers


HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}

000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]

000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]


Transport Service Providers


HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}

0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:

imon.dll ["Eset "], 01 - 05, 23

%SystemRoot%\system32\mswsock.dll [MS], 06 - 08, 11 - 22

%SystemRoot%\system32\rsvpsp.dll [MS], 09 - 10



Toolbars, Explorer Bars, Extensions:

------------------------------------


Extensions (Tools menu items, main toolbar menu buttons)


HKLM\Software\Microsoft\Internet Explorer\Extensions\

{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\

"MenuText" = "Sun Java Console"

"CLSIDExtension" = "{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBC}"

  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll" ["Sun Microsystems, Inc."]


{EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A}\

"ButtonText" = "eBay - Homepage"

"CLSIDExtension" = "{1FBA04EE-3024-11D2-8F1F-0000F87ABD16}"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]

"Exec" = "C:\Program Files\IrfanView\Ebay\Ebay.htm" [null data]


{FB5F1910-F110-11D2-BB9E-00C04F795683}\

"ButtonText" = "Messenger"

"MenuText" = "Windows Messenger"

"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]



Running Services (Display Name, Service Name, Path {Service DLL}):

------------------------------------------------------------------


NOD32 Kernel Service, NOD32krn, ""C:\Program Files\Eset\nod32krn.exe"" ["Eset "]

NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"]

TrueVector Internet Monitor, vsmon, "C:\WINDOWS\system32\ZoneLabs\vsmon.exe -service" ["Zone Labs, LLC"]

Usługa dostarczania sieci, xmlprov, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\xmlprov.dll" [MS]}



Print Monitors:

---------------


HKLM\System\CurrentControlSet\Control\Print\Monitors\

hpzlnt05\Driver = "hpzlnt05.dll" ["HP"]



----------

+ This report excludes default entries except where indicated.

+ To see *everywhere* the script checks and *everything* it finds,

  launch it from a command prompt or a shortcut with the -all parameter.

+ The search for DESKTOP.INI DLL launch points on all local fixed drives

  took 8 seconds.

+ The search for all Registry CLSIDs containing dormant Explorer Bars

  took 7 seconds.

---------- (total run time: 30 seconds)

dzięki za link


(Gutek) #16

Jest Ok czysto :wink: