niedawno zauważyłem że mój komputer dziwnie się zachowuje tzn.nie chce instalowac żadnych poprawek(błąd 1305),oraz jak uruchomię internet explorera uruchamia po pewnym czasie dwie strony(broadcaster,errorsafe)
tu jest log z hijack this:
Logfile of HijackThis v1.99.1
Scan saved at 16:07:59, on 2007-07-01
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
E:\WINDOWS\system32\nvsvc32.exe
E:\WINDOWS\system32\tcpsvcs.exe
E:\WINDOWS\system32\tlntsvr.exe
E:\WINDOWS\system32\RunDll32.exe
E:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
E:\Program Files\D-Tools\daemon.exe
E:\WINDOWS\system32\RunDLL32.exe
E:\Program Files\Winamp2.95\Winampa.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Programs\free ram\FreeRAM.exe
E:\Program Files\Gadu-Gadu\gg.exe
E:\Program Files\Skype\Phone\Skype.exe
E:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
E:\Program Files\Hack-It\HackIt.exe
E:\Program Files\OpenOffice.org 2.2\program\soffice.exe
E:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
E:\WINDOWS\system32\wscntfy.exe
E:\WINDOWS\system32\wuauclt.exe
E:\Program Files\Skype\Plugin Manager\skypePM.exe
E:\Program Files\Internet Explorer\iexplore.exe
E:\WINDOWS\system32\msiexec.exe
E:\WINDOWS\system32\wuauclt.exe
E:\Programs\winrar3.61\WinRAR.exe
E:\Program Files\Winamp2.95\Skins\hijackthis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O3 - Toolbar: Kwyshell MidpX - {EBE9E2B5-B526-48BC-AD46-687263EDCB0E} - E:\Program Files\Kwyshell\MidpX\JadInvoker\MidpInvoker.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "E:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WinampAgent] "E:\Program Files\Winamp2.95\Winampa.exe"
O4 - HKLM\..\Run: [GPLv3] rundll32.exe "E:\WINDOWS\system32\tglhoddk.dll",realset
O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BySoft FreeRAM] E:\Programs\free ram\FreeRAM.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "E:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [Skype] "E:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Startup: Hack-It.lnk = E:\Program Files\Hack-It\HackIt.exe
O4 - Startup: OpenOffice.org 2.2.lnk = E:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
O4 - Global Startup: DSLMON.lnk = E:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O8 - Extra context menu item: Download all links using BitComet - res://E:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://E:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://E:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Link to &MidpX - E:\Program Files\Kwyshell\MidpX\JadInvoker\Extent\jad_wrap.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - E:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0585238B-9CA6-4CCB-A9B2-FE4BA495E880} (AXWebMon Control) - http://www.magiccam.pl/wideokonferencje/AXWebMonProj1.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8300.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1180633188515
O16 - DPF: {AC120B1D-9411-4111-AF52-118052D85D45} (GameDesire Darts Games) - http://67.15.101.3/g_bin/pl/darts_2_0_0_38.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://download.games.yahoo.com/games/web_games/gamehouse/frenzy/SproutLauncher.cab
O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C5} (GameDesire Snooker) - http://67.15.101.3/g_bin/pl/snooker_2_0_0_30.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F52EF324-B2FB-44FC-A3C0-3C715B79158C}: NameServer = 194.204.159.1 217.98.63.164
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - E:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - E:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - E:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: CA Personal Firewall ASEM - Unknown owner - E:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe
A tutaj z silent runners
"Silent Runners.vbs", revision R50, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"ctfmon.exe" = "E:\WINDOWS\system32\ctfmon.exe" [MS]
"BySoft FreeRAM" = "E:\Programs\free ram\FreeRAM.exe" ["BySoft"]
"Gadu-Gadu" = ""E:\Program Files\Gadu-Gadu\gg.exe" /tray" ["Gadu-Gadu S.A."]
"Skype" = ""E:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized" ["Skype Technologies S.A."]
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]
"Cmaudio" = "RunDll32 cmicnfg.cpl,CMICtrlWnd" [MS]
"NvCplDaemon" = "RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]
"SunJavaUpdateSched" = ""E:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"" ["Sun Microsystems, Inc."]
"DAEMON Tools-1033" = ""E:\Program Files\D-Tools\daemon.exe" -lang 1033" ["DAEMON'S HOME"]
"NvMediaCenter" = "RunDLL32.exe NvMCTray.dll,NvTaskbarInit" [MS]
"WinampAgent" = ""E:\Program Files\Winamp2.95\Winampa.exe"" [null data]
"GPLv3" = "rundll32.exe "E:\WINDOWS\system32\tglhoddk.dll",realset" [MS]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "AcroIEHlprObj Class"
\InProcServer32\(Default) = "E:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{22BF413B-C6D2-4d91-82A9-A0F997BA588C}\(Default) = "Skype add-on (mastermind)"
-> {HKLM...CLSID} = "Skype add-on (mastermind)"
\InProcServer32\(Default) = "E:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll" ["Skype Technologies S.A."]
{360489F8-3E19-414D-B934-E4BAA2A1B10E}\(Default) = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "E:\WINDOWS\system32\sstqo.dll" [null data]
{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}\(Default) = "BitComet ClickCapture"
-> {HKLM...CLSID} = "BitComet Helper"
\InProcServer32\(Default) = "E:\Program Files\BitComet\tools\BitCometBHO_1.1.5.19.dll" ["BitComet"]
{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "E:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]
{5ADF3862-9E2E-4ad3-86F7-4510E6550CD0}\(Default) = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "E:\WINDOWS\system32\iqtjxigx.dll" [null data]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
-> {HKLM...CLSID} = "SSVHelper Class"
\InProcServer32\(Default) = "E:\Program Files\Java\jre1.6.0_01\bin\ssv.dll" ["Sun Microsystems, Inc."]
{8A61098D-612B-4EF2-943D-64E920684061}\(Default) = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "E:\WINDOWS\system32\nnnonkl.dll" [null data]
{EBE9E2B5-B526-48BC-AD46-687263EDCB0E}\(Default) = "Kwyshell MidpX BHO"
-> {HKLM...CLSID} = "Kwyshell MidpX"
\InProcServer32\(Default) = "E:\Program Files\Kwyshell\MidpX\JadInvoker\MidpInvoker.dll" ["Kwyshell G.Corp"]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "E:\Programs\winrar3.61\rarext.dll" [null data]
"{2C49B5D0-ACE7-4D17-9DF0-A254A6C5A0C5}" = "dBpoweramp Music Converter"
-> {HKLM...CLSID} = "dMCIShell Class"
\InProcServer32\(Default) = "E:\Program Files\Illustrate\dBpoweramp\dMCShell.dll" ["Illustrate"]
"{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" = "OpenOffice.org Column Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = ""E:\Program Files\OpenOffice.org 2.2\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]
"{087B3AE3-E237-4467-B8DB-5A38AB959AC9}" = "OpenOffice.org Infotip Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = ""E:\Program Files\OpenOffice.org 2.2\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]
"{63542C48-9552-494A-84F7-73AA6A7C99C1}" = "OpenOffice.org Property Sheet Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = ""E:\Program Files\OpenOffice.org 2.2\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]
"{3B092F0C-7696-40E3-A80F-68D74DA84210}" = "OpenOffice.org Thumbnail Viewer"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = ""E:\Program Files\OpenOffice.org 2.2\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]
"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
-> {HKLM...CLSID} = "DesktopContext Class"
\InProcServer32\(Default) = "E:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
-> {HKLM...CLSID} = "NVIDIA CPL Extension"
\InProcServer32\(Default) = "E:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
-> {HKLM...CLSID} = "Desktop Explorer"
\InProcServer32\(Default) = "E:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "E:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"
-> {HKLM...CLSID} = "nView Desktop Context Menu"
\InProcServer32\(Default) = "E:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
<> "{8A61098D-612B-4EF2-943D-64E920684061}" = "*_" (unwritable string)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "E:\WINDOWS\system32\nnnonkl.dll" [null data]
HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\
"WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
-> {HKLM...CLSID} = "WPDShServiceObj Class"
\InProcServer32\(Default) = "E:\WINDOWS\system32\WPDShServiceObj.dll" [MS]
HKLM\System\CurrentControlSet\Control\Session Manager\
<> "BootExecute" = "autocheck autochk *"|"lsdelete" [null data]
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
<> nnnonkl\DLLName = "nnnonkl.dll" [null data]
<> sstqo\DLLName = "E:\WINDOWS\system32\sstqo.dll" [null data]
HKLM\Software\Classes\Folder\shellex\ColumnHandlers\
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\(Default) = "OpenOffice.org Column Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = ""E:\Program Files\OpenOffice.org 2.2\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
-> {HKLM...CLSID} = "PDF Shell Extension"
\InProcServer32\(Default) = "E:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]
{FED7043D-346A-414D-ACD7-550D052499A7}\(Default) = "dBpoweramp Column Handler"
-> {HKLM...CLSID} = "dBpShell Class"
\InProcServer32\(Default) = "E:\Program Files\Illustrate\dBpoweramp\dBShell.dll" ["Illustrate"]
HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
VIDEOTRANS\(Default) = "{548773BA-874E-4C02-9DC7-B7A096772C7D}"
-> {HKLM...CLSID} = "CountLines Class"
\InProcServer32\(Default) = "E:\Program Files\MP3 Player Utilities 3.57\AMVTools\SrcCount.dll" [empty string]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "E:\Programs\winrar3.61\rarext.dll" [null data]
HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "E:\Programs\winrar3.61\rarext.dll" [null data]
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "E:\Programs\winrar3.61\rarext.dll" [null data]
Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------
Note: detected settings may not have any effect.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\
"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}
"undockwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}
Active Desktop and Wallpaper:
-----------------------------
Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "E:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"
Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "E:\Documents and Settings\Win\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"
Enabled Screen Saver:
---------------------
HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "E:\WINDOWS\System32\POLKOM~2.SCR" (PolKompLa.scr) [null data]
Startup items in "Win" & "All Users" startup folders:
-----------------------------------------------------
E:\Documents and Settings\Win\Menu Start\Programy\Autostart
"Hack-It" -> shortcut to: "E:\Program Files\Hack-It\HackIt.exe" [empty string]
"OpenOffice.org 2.2" -> shortcut to: "E:\Program Files\OpenOffice.org 2.2\program\quickstart.exe" [null data]
E:\Documents and Settings\All Users\Menu Start\Programy\Autostart
"DSLMON" -> shortcut to: "E:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe" [empty string]
Enabled Scheduled Tasks:
------------------------
"XoftSpySE 2" -> launches: "E:\Program Files\XoftSpySE\XoftSpy.exe ShowReminders" ["ParetoLogic"]
"XoftSpySE" -> launches: "E:\Program Files\XoftSpySE\XoftSpy.exe -t" ["ParetoLogic"]
Winsock2 Service Provider DLLs:
-------------------------------
Namespace Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
Transport Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 13
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05
Toolbars, Explorer Bars, Extensions:
------------------------------------
Toolbars
HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\
"{EBE9E2B5-B526-48BC-AD46-687263EDCB0E}"
-> {HKLM...CLSID} = "Kwyshell MidpX"
\InProcServer32\(Default) = "E:\Program Files\Kwyshell\MidpX\JadInvoker\MidpInvoker.dll" ["Kwyshell G.Corp"]
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{EBE9E2B5-B526-48BC-AD46-687263EDCB0E}"
-> {HKLM...CLSID} = "Kwyshell MidpX"
\InProcServer32\(Default) = "E:\Program Files\Kwyshell\MidpX\JadInvoker\MidpInvoker.dll" ["Kwyshell G.Corp"]
HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{EBE9E2B5-B526-48BC-AD46-687263EDCB0E}" = "Kwyshell MidpX"
-> {HKLM...CLSID} = "Kwyshell MidpX"
\InProcServer32\(Default) = "E:\Program Files\Kwyshell\MidpX\JadInvoker\MidpInvoker.dll" ["Kwyshell G.Corp"]
Extensions (Tools menu items, main toolbar menu buttons)
HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC}"
-> {HKCU...CLSID} = "Java Plug-in 1.6.0_01"
\InProcServer32\(Default) = "E:\Program Files\Java\jre1.6.0_01\bin\ssv.dll" ["Sun Microsystems, Inc."]
-> {HKLM...CLSID} = "Java Plug-in 1.6.0_01"
\InProcServer32\(Default) = "E:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll" ["Sun Microsystems, Inc."]
{77BF5300-1474-4EC7-9980-D32B190E9B07}\
"ButtonText" = "Skype"
"CLSIDExtension" = "{77BF5300-1474-4EC7-9980-D32B190E9B07}"
-> {HKLM...CLSID} = "Skype add-on (button)"
\InProcServer32\(Default) = "E:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll" ["Skype Technologies S.A."]
{E2E2DD38-D088-4134-82B7-F2BA38496583}\
"MenuText" = "@xpsp3res.dll,-20001"
"Exec" = "%windir%\Network Diagnostic\xpnetdiag.exe" [MS]
{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "E:\Program Files\Messenger\msmsgs.exe" [MS]
Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------
.NET Runtime Optimization Service v2.0.50727_X86, clr_optimization_v2.0.50727_32, "E:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe" [MS]
Ad-Aware 2007 Service, aawservice, ""E:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe"" ["Lavasoft AB"]
NVIDIA Display Driver Service, NVSvc, "E:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"]
Usługi Simple TCP/IP, SimpTcp, "E:\WINDOWS\system32\tcpsvcs.exe" [MS]
----------
<>: Suspicious data at a malware launch point.
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points, use the -supp parameter or answer "No" at the
first message box and "Yes" at the second message box.
---------- (total run time: 52 seconds)