Ikona w trayu - nie można usunąć

Dla specjalistów Bezpieczeństwo
#1

Jakieś dziadostwo się przylepiło i nie mogę tego wywalić. Skanowałem Ad-Aware, Ewido, Smitfraudx, Smitrem, Spybot & search, McAffe.

Ikona - znak zapytania naprzemian z czerwonym przekreślonym kółkiem. Co chwile wyskakuje System alert.

Logfile of HijackThis v1.99.1

Scan saved at 05:13:50, on 2007-03-04

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16414)


Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\ULI5289\ALi5289.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\McAfee.com\VSO\mcvsshld.exe

C:\Program Files\McAfee.com\VSO\oasclnt.exe

C:\PROGRA~1\mcafee.com\agent\mcagent.exe

c:\progra~1\mcafee.com\vso\mcvsescn.exe

C:\WINDOWS\system32\RaConfig.exe

C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe

c:\program files\mcafee.com\agent\mcdetect.exe

c:\PROGRA~1\mcafee.com\vso\mcshield.exe

C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe

c:\PROGRA~1\mcafee.com\agent\mctskshd.exe

C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Mozilla Firefox\firefox.exe

E:\Programy\Ochrona\Hjt\HijackThis.exe


R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll

O4 - HKLM\..\Run: [ALi5289] C:\Program Files\ULI5289\ALi5289.exe

O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask

O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe

O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe

O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe

O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe

O4 - Global Startup: RaConfig.lnk = C:\WINDOWS\system32\RaConfig.exe

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe

O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe

O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe

O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe

O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe

"Silent Runners.vbs", revision 47, http://www.silentrunners.org/

Operating System: Windows XP SP2

Output limited to non-default values, except where indicated by "{++}"



Startup items buried in registry:

---------------------------------


HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}

"ALi5289" = "C:\Program Files\ULI5289\ALi5289.exe" ["ALi Corporation"]

"SoundMan" = "SOUNDMAN.EXE" ["Realtek Semiconductor Corp."]

"VSOCheckTask" = ""C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask" ["McAfee, Inc."]

"VirusScan Online" = "C:\Program Files\McAfee.com\VSO\mcvsshld.exe" ["McAfee, Inc."]

"OASClnt" = "C:\Program Files\McAfee.com\VSO\oasclnt.exe" ["McAfee, Inc."]

"MCAgentExe" = "c:\PROGRA~1\mcafee.com\agent\mcagent.exe" ["McAfee, Inc"]

"MCUpdateExe" = "C:\PROGRA~1\mcafee.com\agent\mcupdate.exe" ["McAfee, Inc"]


HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)

  -> {HKLM...CLSID} = "AcroIEHlprObj Class"

                   \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)

  -> {HKLM...CLSID} = "SSVHelper Class"

                   \InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll" ["Sun Microsystems, Inc."]


HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"

  -> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"

                   \InProcServer32\(Default) = "deskpan.dll" [file not found]

"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"

  -> {HKLM...CLSID} = "HyperTerminal Icon Ext"

                   \InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]

"{21569614-B795-46b1-85F4-E737A8DC09AD}" = "Shell Search Band"

  -> {HKLM...CLSID} = "Shell Search Band"

                   \InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]

"{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"

  -> {HKLM...CLSID} = "Microsoft Office Outlook"

                   \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL" [MS]

"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"

  -> {HKLM...CLSID} = "Rozszerzenie ikon plików programu Outlook"

                   \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL" [MS]

"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"

  -> {HKLM...CLSID} = (no title provided)

                   \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS]

"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

"{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"

  -> {HKLM...CLSID} = "Portable Media Devices"

                   \InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]

"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"

  -> {HKLM...CLSID} = "Portable Media Devices Menu"

                   \InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]

"{32020A01-506E-484D-A2A8-BE3CF17601C3}" = "AlcoholShellEx"

  -> {HKLM...CLSID} = "AlcoholShellEx"

                   \InProcServer32\(Default) = "C:\PROGRA~1\ALCOHO~1\ALCOHO~1\axshlex.dll" ["Alcohol Soft Development Team"]

"{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}" = "UnlockerShellExtension"

  -> {HKLM...CLSID} = "UnlockerShellExtension"

                   \InProcServer32\(Default) = "C:\Program Files\Unlocker\UnlockerCOM.dll" [null data]


HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\

INFECTION WARNING! "{aed6f6a3-183c-488d-9f90-23db99f56e7f}" = "apathies"

  -> {HKLM...CLSID} = (no title provided)

                   \InProcServer32\(Default) = "C:\WINDOWS\system32\geplxss.dll" [null data]


HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\

INFECTION WARNING! "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}" = "ewido anti-spyware 4.0"

  -> {HKLM...CLSID} = "CShellExecuteHookImpl Object"

                   \InProcServer32\(Default) = "C:\Program Files\ewido anti-spyware 4.0\shellexecutehook.dll" ["Anti-Malware Development a.s."]


HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\

INFECTION WARNING! AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."]


HKLM\Software\Classes\PROTOCOLS\Filter\

INFECTION WARNING! text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"

  -> {HKLM...CLSID} = (no title provided)

                   \InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]


HKLM\Software\Classes\Folder\shellex\ColumnHandlers\

{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"

  -> {HKLM...CLSID} = "PDF Shell Extension"

                   \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]


HKLM\Software\Classes\*\shellex\ContextMenuHandlers\

ewido anti-spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"

  -> {HKLM...CLSID} = "CContextScan Object"

                   \InProcServer32\(Default) = "C:\Program Files\ewido anti-spyware 4.0\context.dll" ["Anti-Malware Development a.s."]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]


HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\

ewido anti-spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"

  -> {HKLM...CLSID} = "CContextScan Object"

                   \InProcServer32\(Default) = "C:\Program Files\ewido anti-spyware 4.0\context.dll" ["Anti-Malware Development a.s."]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]


HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\

UnlockerShellExtension\(Default) = "{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}"

  -> {HKLM...CLSID} = "UnlockerShellExtension"

                   \InProcServer32\(Default) = "C:\Program Files\Unlocker\UnlockerCOM.dll" [null data]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]



Active Desktop and Wallpaper:

-----------------------------


Active Desktop is disabled at this entry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState


HKCU\Control Panel\Desktop\

"Wallpaper" = "C:\Documents and Settings\HENRYK\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"



Enabled Screen Saver:

---------------------


HKCU\Control Panel\Desktop\

"SCRNSAVE.EXE" = "C:\WINDOWS\system32\logon.scr" [MS]



DESKTOP.INI DLL launch in local fixed drive directories:

--------------------------------------------------------


C:\Documents and Settings\Administrator\Ustawienia lokalne\Historia\DESKTOP.INI

[.ShellClassInfo]

UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}

  -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]

CLSID={FF393560-C2A7-11CF-BFF4-444553540000}

  -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]


C:\Documents and Settings\Administrator\Ustawienia lokalne\Historia\History.IE5\DESKTOP.INI

[.ShellClassInfo]

UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}

  -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]

CLSID={FF393560-C2A7-11CF-BFF4-444553540000}

  -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]


C:\Documents and Settings\Administrator\Ustawienia lokalne\Temporary Internet Files\DESKTOP.INI

[.ShellClassInfo]

UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}

  -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]


C:\Documents and Settings\Administrator\Ustawienia lokalne\Temporary Internet Files\Content.IE5\DESKTOP.INI

[.ShellClassInfo]

UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}

  -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]


C:\Documents and Settings\Administrator\Ustawienia lokalne\Temporary Internet Files\Content.IE5\4XU9SLYN\DESKTOP.INI

[.ShellClassInfo]

UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}

  -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]


C:\Documents and Settings\Administrator\Ustawienia lokalne\Temporary Internet Files\Content.IE5\I32RMHOX\DESKTOP.INI

[.ShellClassInfo]

UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}

  -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]


C:\Documents and Settings\Administrator\Ustawienia lokalne\Temporary Internet Files\Content.IE5\Y521IH8J\DESKTOP.INI

[.ShellClassInfo]

UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}

  -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]


C:\Documents and Settings\Administrator\Ustawienia lokalne\Temporary Internet Files\Content.IE5\Y7CFQT4B\DESKTOP.INI

[.ShellClassInfo]

UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}

  -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]


C:\Documents and Settings\Default User\Ustawienia lokalne\Historia\DESKTOP.INI

[.ShellClassInfo]

UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}

  -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]

CLSID={FF393560-C2A7-11CF-BFF4-444553540000}

  -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]


C:\Documents and Settings\Default User\Ustawienia lokalne\Historia\History.IE5\DESKTOP.INI

[.ShellClassInfo]

UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}

  -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]

CLSID={FF393560-C2A7-11CF-BFF4-444553540000}

  -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]


C:\Documents and Settings\Default User\Ustawienia lokalne\Temporary Internet Files\DESKTOP.INI

[.ShellClassInfo]

UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}

  -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]


C:\Documents and Settings\Default User\Ustawienia lokalne\Temporary Internet Files\Content.IE5\DESKTOP.INI

[.ShellClassInfo]

UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}

  -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]


C:\Documents and Settings\Default User\Ustawienia lokalne\Temporary Internet Files\Content.IE5\4XU9SLYN\DESKTOP.INI

[.ShellClassInfo]

UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}

  -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]


C:\Documents and Settings\Default User\Ustawienia lokalne\Temporary Internet Files\Content.IE5\I32RMHOX\DESKTOP.INI

[.ShellClassInfo]

UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}

  -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]


C:\Documents and Settings\Default User\Ustawienia lokalne\Temporary Internet Files\Content.IE5\Y521IH8J\DESKTOP.INI

[.ShellClassInfo]

UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}

  -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]


C:\Documents and Settings\Default User\Ustawienia lokalne\Temporary Internet Files\Content.IE5\Y7CFQT4B\DESKTOP.INI

[.ShellClassInfo]

UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}

  -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]


C:\Documents and Settings\HENRYK\Ustawienia lokalne\Dane aplikacji\Microsoft\Feeds Cache\DESKTOP.INI

[.ShellClassInfo]

UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}

  -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]


C:\Documents and Settings\HENRYK\Ustawienia lokalne\Dane aplikacji\Microsoft\Feeds Cache\75ONP2VA\DESKTOP.INI

[.ShellClassInfo]

UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}

  -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]


C:\Documents and Settings\HENRYK\Ustawienia lokalne\Dane aplikacji\Microsoft\Feeds Cache\JUUVM7BD\DESKTOP.INI

[.ShellClassInfo]

UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}

  -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]


C:\Documents and Settings\HENRYK\Ustawienia lokalne\Dane aplikacji\Microsoft\Feeds Cache\QW0I83Y2\DESKTOP.INI

[.ShellClassInfo]

UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}

  -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]


C:\Documents and Settings\HENRYK\Ustawienia lokalne\Dane aplikacji\Microsoft\Feeds Cache\TG866BQZ\DESKTOP.INI

[.ShellClassInfo]

UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}

  -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]


C:\Documents and Settings\HENRYK\Ustawienia lokalne\Historia\DESKTOP.INI

[.ShellClassInfo]

UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}

  -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]

CLSID={FF393560-C2A7-11CF-BFF4-444553540000}

  -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]


C:\Documents and Settings\HENRYK\Ustawienia lokalne\Historia\History.IE5\DESKTOP.INI

[.ShellClassInfo]

UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}

  -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]

CLSID={FF393560-C2A7-11CF-BFF4-444553540000}

  -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]


C:\Documents and Settings\HENRYK\Ustawienia lokalne\Temporary Internet Files\DESKTOP.INI

[.ShellClassInfo]

UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}

  -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]


C:\Documents and Settings\HENRYK\Ustawienia lokalne\Temporary Internet Files\Content.IE5\DESKTOP.INI

[.ShellClassInfo]

UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}

  -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]


C:\Documents and Settings\HENRYK\Ustawienia lokalne\Temporary Internet Files\Content.IE5\4XU9SLYN\DESKTOP.INI

[.ShellClassInfo]

UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}

  -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]


C:\Documents and Settings\HENRYK\Ustawienia lokalne\Temporary Internet Files\Content.IE5\Y521IH8J\DESKTOP.INI

[.ShellClassInfo]

UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}

  -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]


C:\Documents and Settings\HENRYK\Ustawienia lokalne\Temporary Internet Files\Content.IE5\Y7CFQT4B\DESKTOP.INI

[.ShellClassInfo]

UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}

  -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]


C:\Documents and Settings\LocalService\Ustawienia lokalne\Historia\DESKTOP.INI

[.ShellClassInfo]

UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}

  -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]

CLSID={FF393560-C2A7-11CF-BFF4-444553540000}

  -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]


C:\Documents and Settings\LocalService\Ustawienia lokalne\Historia\History.IE5\DESKTOP.INI

[.ShellClassInfo]

UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}

  -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]

CLSID={FF393560-C2A7-11CF-BFF4-444553540000}

  -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]


C:\Documents and Settings\LocalService\Ustawienia lokalne\Temporary Internet Files\DESKTOP.INI

[.ShellClassInfo]

UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}

  -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]


C:\Documents and Settings\LocalService\Ustawienia lokalne\Temporary Internet Files\Content.IE5\DESKTOP.INI

[.ShellClassInfo]

UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}

  -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]


C:\Documents and Settings\LocalService\Ustawienia lokalne\Temporary Internet Files\Content.IE5\F80ZCW64\DESKTOP.INI

[.ShellClassInfo]

UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}

  -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]


C:\Documents and Settings\LocalService\Ustawienia lokalne\Temporary Internet Files\Content.IE5\G2FFDZPH\DESKTOP.INI

[.ShellClassInfo]

UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}

  -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]


C:\Documents and Settings\LocalService\Ustawienia lokalne\Temporary Internet Files\Content.IE5\JPQLG74V\DESKTOP.INI

[.ShellClassInfo]

UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}

  -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]


C:\Documents and Settings\LocalService\Ustawienia lokalne\Temporary Internet Files\Content.IE5\XS5J64GM\DESKTOP.INI

[.ShellClassInfo]

UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}

  -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]


C:\Documents and Settings\NetworkService\Ustawienia lokalne\Historia\History.IE5\DESKTOP.INI

[.ShellClassInfo]

UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}

  -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]

CLSID={FF393560-C2A7-11CF-BFF4-444553540000}

  -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]


C:\Documents and Settings\NetworkService\Ustawienia lokalne\Temporary Internet Files\Content.IE5\DESKTOP.INI

[.ShellClassInfo]

UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}

  -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]


C:\Documents and Settings\NetworkService\Ustawienia lokalne\Temporary Internet Files\Content.IE5\4XU9SLYN\DESKTOP.INI

[.ShellClassInfo]

UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}

  -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]


C:\Documents and Settings\NetworkService\Ustawienia lokalne\Temporary Internet Files\Content.IE5\I32RMHOX\DESKTOP.INI

[.ShellClassInfo]

UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}

  -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]


C:\Documents and Settings\NetworkService\Ustawienia lokalne\Temporary Internet Files\Content.IE5\Y521IH8J\DESKTOP.INI

[.ShellClassInfo]

UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}

  -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]


C:\Documents and Settings\NetworkService\Ustawienia lokalne\Temporary Internet Files\Content.IE5\Y7CFQT4B\DESKTOP.INI

[.ShellClassInfo]

UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}

  -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]


C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Historia\DESKTOP.INI

[.ShellClassInfo]

UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}

  -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]

CLSID={FF393560-C2A7-11CF-BFF4-444553540000}

  -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]


C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\DESKTOP.INI

[.ShellClassInfo]

UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}

  -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]

CLSID={FF393560-C2A7-11CF-BFF4-444553540000}

  -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]


C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Temporary Internet Files\DESKTOP.INI

[.ShellClassInfo]

UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}

  -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]


C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Temporary Internet Files\Content.IE5\DESKTOP.INI

[.ShellClassInfo]

UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}

  -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]


C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Temporary Internet Files\Content.IE5\85UJWHMZ\DESKTOP.INI

[.ShellClassInfo]

UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}

  -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]


C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Temporary Internet Files\Content.IE5\G9E7KXAF\DESKTOP.INI

[.ShellClassInfo]

UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}

  -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]


C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Temporary Internet Files\Content.IE5\GXIJGTYJ\DESKTOP.INI

[.ShellClassInfo]

UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}

  -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]


C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Temporary Internet Files\Content.IE5\S1QZ0PUN\DESKTOP.INI

[.ShellClassInfo]

UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}

  -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]


C:\WINDOWS\Temp\Historia\History.IE5\DESKTOP.INI

[.ShellClassInfo]

UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}

  -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]

CLSID={FF393560-C2A7-11CF-BFF4-444553540000}

  -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]


C:\WINDOWS\Temp\History\History.IE5\DESKTOP.INI

[.ShellClassInfo]

CLSID={FF393560-C2A7-11CF-BFF4-444553540000}

  -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]

UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}

  -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]


C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\DESKTOP.INI

[.ShellClassInfo]

UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}

  -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]


C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\08TUBI4T\DESKTOP.INI

[.ShellClassInfo]

UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}

  -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]


C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\CRT4NUMC\DESKTOP.INI

[.ShellClassInfo]

UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}

  -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]


C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\DV5WV6S0\DESKTOP.INI

[.ShellClassInfo]

UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}

  -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]


C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\JOQRZFSB\DESKTOP.INI

[.ShellClassInfo]

UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}

  -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]



Startup items in "HENRYK" & "All Users" startup folders:

--------------------------------------------------------


C:\Documents and Settings\All Users\Menu Start\Programy\Autostart

"RaConfig" -> shortcut to: "C:\WINDOWS\system32\RaConfig.exe" ["Ralink Technology, Corp."]



Winsock2 Service Provider DLLs:

-------------------------------


Namespace Service Providers


HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}

000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]

000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]


Transport Service Providers


HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}

0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:

%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 13

%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05



Toolbars, Explorer Bars, Extensions:

------------------------------------


Toolbars


HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\

"{F2CF5485-4E02-4F68-819C-B92DE9277049}"

  -> {HKLM...CLSID} = "&Links"

                   \InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]


HKLM\Software\Microsoft\Internet Explorer\Toolbar\

"{BA52B914-B692-46C4-B683-905236F6F655}" = "McAfee VirusScan"

  -> {HKLM...CLSID} = "McAfee VirusScan"

                   \InProcServer32\(Default) = "c:\progra~1\mcafee.com\vso\mcvsshl.dll" ["McAfee, Inc."]


Explorer Bars


Dormant Explorer Bars in "View, Explorer Bar" menu


HKLM\Software\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Badanie"

Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]

InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL" [MS]


Extensions (Tools menu items, main toolbar menu buttons)


HKLM\Software\Microsoft\Internet Explorer\Extensions\

{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\

"MenuText" = "Sun Java Console"

"CLSIDExtension" = "{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBC}"

  -> {HKCU...CLSID} = "Java Plug-in 1.5.0_09"

                   \InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll" ["Sun Microsystems, Inc."]

  -> {HKLM...CLSID} = "Java Plug-in 1.5.0_09"

                   \InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll" ["Sun Microsystems, Inc."]


{92780B25-18CC-41C8-B9BE-3C9C571A8263}\

"ButtonText" = "Badanie"


{E2E2DD38-D088-4134-82B7-F2BA38496583}\

"MenuText" = "@xpsp3res.dll,-20001"

"Exec" = "%windir%\Network Diagnostic\xpnetdiag.exe" [MS]



Running Services (Display Name, Service Name, Path {Service DLL}):

------------------------------------------------------------------


Ati HotKey Poller, Ati HotKey Poller, "C:\WINDOWS\system32\Ati2evxx.exe" ["ATI Technologies Inc."]

ewido anti-spyware 4.0 guard, ewido anti-spyware 4.0 guard, "C:\Program Files\ewido anti-spyware 4.0\guard.exe" ["Anti-Malware Development a.s."]

McAfee Task Scheduler, McTskshd.exe, "c:\PROGRA~1\mcafee.com\agent\mctskshd.exe" ["McAfee, Inc"]

McAfee WSC Integration, McDetect.exe, "c:\program files\mcafee.com\agent\mcdetect.exe" ["McAfee, Inc"]

McAfee.com McShield, McShield, "c:\PROGRA~1\mcafee.com\vso\mcshield.exe" ["McAfee Inc."]

SecuROM User Access Service (V7), UserAccess7, "C:\WINDOWS\system32\UAService7.exe" ["Sony DADC Austria AG."]

Sunbelt Kerio Personal Firewall 4, KPF4, ""C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe"" ["Sunbelt Software"]

Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]



Print Monitors:

---------------


HKLM\System\CurrentControlSet\Control\Print\Monitors\

Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS]



----------

+ This report excludes default entries except where indicated.

+ To see *everywhere* the script checks and *everything* it finds,

  launch it from a command prompt or a shortcut with the -all parameter.

+ The search for DESKTOP.INI DLL launch points on all local fixed drives

  took 39 seconds.

+ The search for all Registry CLSIDs containing dormant Explorer Bars

  took 13 seconds.

---------- (total run time: 77 seconds)
#2

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\

INFECTION WARNING! “{aed6f6a3-183c-488d-9f90-23db99f56e7f}” = “apathies”

-> {HKLM…CLSID} = (no title provided)

\InProcServer32(Default) = “C:\WINDOWS\system32\geplxss.dll” [null data]

ale SmitFraud powinien sobie z nią poradzić - ten klucz to jego specjalność

(na wszelki wypadek sprawdż jeszcze właściwości tego pliku)

#3

Wywal folder z dysku, usuń wpis w HJT.

C:\WINDOWS\system32\geplxss.dll

Ubij to Killboxem, daj nowe logi :slight_smile:

#4

No właśnie też tak myślałem, ale nie chciał usunąć.

To jest ALi SATA/RAID Controller.

To pomogło już się nie pokazuje.

To pomogło. Już się nie pokazuje.

Logfile of HijackThis v1.99.1

Scan saved at 13:26:57, on 2007-03-04

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16414)


Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\ULI5289\ALi5289.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\McAfee.com\VSO\mcvsshld.exe

C:\Program Files\McAfee.com\VSO\oasclnt.exe

C:\PROGRA~1\mcafee.com\agent\mcagent.exe

c:\progra~1\mcafee.com\vso\mcvsescn.exe

C:\WINDOWS\system32\RaConfig.exe

C:\Program Files\ewido anti-spyware 4.0\guard.exe

C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe

c:\program files\mcafee.com\agent\mcdetect.exe

c:\PROGRA~1\mcafee.com\vso\mcshield.exe

c:\PROGRA~1\mcafee.com\agent\mctskshd.exe

C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe

C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\NOTEPAD.EXE

E:\Programy\Ochrona\Hjt\HijackThis.exe


R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll

O4 - HKLM\..\Run: [ALi5289] C:\Program Files\ULI5289\ALi5289.exe

O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask

O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe

O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe

O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe

O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe

O4 - Global Startup: RaConfig.lnk = C:\WINDOWS\system32\RaConfig.exe

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe

O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe

O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe

O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe

O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe

"Silent Runners.vbs", revision 47, http://www.silentrunners.org/

Operating System: Windows XP SP2

Output limited to non-default values, except where indicated by "{++}"



Startup items buried in registry:

---------------------------------


HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}

"ALi5289" = "C:\Program Files\ULI5289\ALi5289.exe" ["ALi Corporation"]

"SoundMan" = "SOUNDMAN.EXE" ["Realtek Semiconductor Corp."]

"VSOCheckTask" = ""C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask" ["McAfee, Inc."]

"VirusScan Online" = "C:\Program Files\McAfee.com\VSO\mcvsshld.exe" ["McAfee, Inc."]

"OASClnt" = "C:\Program Files\McAfee.com\VSO\oasclnt.exe" ["McAfee, Inc."]

"MCAgentExe" = "c:\PROGRA~1\mcafee.com\agent\mcagent.exe" ["McAfee, Inc"]

"MCUpdateExe" = "C:\PROGRA~1\mcafee.com\agent\mcupdate.exe" ["McAfee, Inc"]


HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)

  -> {HKLM...CLSID} = "AcroIEHlprObj Class"

                   \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)

  -> {HKLM...CLSID} = "SSVHelper Class"

                   \InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll" ["Sun Microsystems, Inc."]


HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"

  -> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"

                   \InProcServer32\(Default) = "deskpan.dll" [file not found]

"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"

  -> {HKLM...CLSID} = "HyperTerminal Icon Ext"

                   \InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]

"{21569614-B795-46b1-85F4-E737A8DC09AD}" = "Shell Search Band"

  -> {HKLM...CLSID} = "Shell Search Band"

                   \InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]

"{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"

  -> {HKLM...CLSID} = "Microsoft Office Outlook"

                   \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL" [MS]

"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"

  -> {HKLM...CLSID} = "Rozszerzenie ikon plików programu Outlook"

                   \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL" [MS]

"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"

  -> {HKLM...CLSID} = (no title provided)

                   \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS]

"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

"{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"

  -> {HKLM...CLSID} = "Portable Media Devices"

                   \InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]

"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"

  -> {HKLM...CLSID} = "Portable Media Devices Menu"

                   \InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]

"{32020A01-506E-484D-A2A8-BE3CF17601C3}" = "AlcoholShellEx"

  -> {HKLM...CLSID} = "AlcoholShellEx"

                   \InProcServer32\(Default) = "C:\PROGRA~1\ALCOHO~1\ALCOHO~1\axshlex.dll" ["Alcohol Soft Development Team"]

"{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}" = "UnlockerShellExtension"

  -> {HKLM...CLSID} = "UnlockerShellExtension"

                   \InProcServer32\(Default) = "C:\Program Files\Unlocker\UnlockerCOM.dll" [null data]


HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\

INFECTION WARNING! "{aed6f6a3-183c-488d-9f90-23db99f56e7f}" = "apathies"

  -> {HKLM...CLSID} = (no title provided)

                   \InProcServer32\(Default) = "C:\WINDOWS\system32\geplxss.dll" [file not found]


HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\

INFECTION WARNING! "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}" = "ewido anti-spyware 4.0"

  -> {HKLM...CLSID} = "CShellExecuteHookImpl Object"

                   \InProcServer32\(Default) = "C:\Program Files\ewido anti-spyware 4.0\shellexecutehook.dll" ["Anti-Malware Development a.s."]


HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\

INFECTION WARNING! AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."]


HKLM\Software\Classes\PROTOCOLS\Filter\

INFECTION WARNING! text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"

  -> {HKLM...CLSID} = (no title provided)

                   \InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]


HKLM\Software\Classes\Folder\shellex\ColumnHandlers\

{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"

  -> {HKLM...CLSID} = "PDF Shell Extension"

                   \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]


HKLM\Software\Classes\*\shellex\ContextMenuHandlers\

ewido anti-spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"

  -> {HKLM...CLSID} = "CContextScan Object"

                   \InProcServer32\(Default) = "C:\Program Files\ewido anti-spyware 4.0\context.dll" ["Anti-Malware Development a.s."]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]


HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\

ewido anti-spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"

  -> {HKLM...CLSID} = "CContextScan Object"

                   \InProcServer32\(Default) = "C:\Program Files\ewido anti-spyware 4.0\context.dll" ["Anti-Malware Development a.s."]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]


HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\

UnlockerShellExtension\(Default) = "{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}"

  -> {HKLM...CLSID} = "UnlockerShellExtension"

                   \InProcServer32\(Default) = "C:\Program Files\Unlocker\UnlockerCOM.dll" [null data]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]



Active Desktop and Wallpaper:

-----------------------------


Active Desktop is disabled at this entry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState


HKCU\Control Panel\Desktop\

"Wallpaper" = "C:\Documents and Settings\HENRYK\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"



Enabled Screen Saver:

---------------------


HKCU\Control Panel\Desktop\

"SCRNSAVE.EXE" = "C:\WINDOWS\system32\logon.scr" [MS]



DESKTOP.INI DLL launch in local fixed drive directories:

--------------------------------------------------------


C:\Documents and Settings\Administrator\Ustawienia lokalne\Historia\DESKTOP.INI

[.ShellClassInfo]

UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}

  -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]

CLSID={FF393560-C2A7-11CF-BFF4-444553540000}

  -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]


C:\Documents and Settings\Administrator\Ustawienia lokalne\Historia\History.IE5\DESKTOP.INI

[.ShellClassInfo]

UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}

  -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]

CLSID={FF393560-C2A7-11CF-BFF4-444553540000}

  -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]


C:\Documents and Settings\Administrator\Ustawienia lokalne\Temporary Internet Files\DESKTOP.INI

[.ShellClassInfo]

UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}

  -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]


C:\Documents and Settings\Administrator\Ustawienia lokalne\Temporary Internet Files\Content.IE5\DESKTOP.INI

[.ShellClassInfo]

UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}

  -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]


C:\Documents and Settings\Administrator\Ustawienia lokalne\Temporary Internet Files\Content.IE5\4XU9SLYN\DESKTOP.INI

[.ShellClassInfo]

UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}

  -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]


C:\Documents and Settings\Administrator\Ustawienia lokalne\Temporary Internet Files\Content.IE5\I32RMHOX\DESKTOP.INI

[.ShellClassInfo]

UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}

  -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]


C:\Documents and Settings\Administrator\Ustawienia lokalne\Temporary Internet Files\Content.IE5\Y521IH8J\DESKTOP.INI

[.ShellClassInfo]

UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}

  -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]


C:\Documents and Settings\Administrator\Ustawienia lokalne\Temporary Internet Files\Content.IE5\Y7CFQT4B\DESKTOP.INI

[.ShellClassInfo]

UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}

  -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]


C:\Documents and Settings\Default User\Ustawienia lokalne\Historia\DESKTOP.INI

[.ShellClassInfo]

UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}

  -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]

CLSID={FF393560-C2A7-11CF-BFF4-444553540000}

  -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]


C:\Documents and Settings\Default User\Ustawienia lokalne\Historia\History.IE5\DESKTOP.INI

[.ShellClassInfo]

UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}

  -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]

CLSID={FF393560-C2A7-11CF-BFF4-444553540000}

  -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]


C:\Documents and Settings\Default User\Ustawienia lokalne\Temporary Internet Files\DESKTOP.INI

[.ShellClassInfo]

UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}

  -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]


C:\Documents and Settings\Default User\Ustawienia lokalne\Temporary Internet Files\Content.IE5\DESKTOP.INI

[.ShellClassInfo]

UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}

  -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]


C:\Documents and Settings\Default User\Ustawienia lokalne\Temporary Internet Files\Content.IE5\4XU9SLYN\DESKTOP.INI

[.ShellClassInfo]

UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}

  -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]


C:\Documents and Settings\Default User\Ustawienia lokalne\Temporary Internet Files\Content.IE5\I32RMHOX\DESKTOP.INI

[.ShellClassInfo]

UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}

  -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]


C:\Documents and Settings\Default User\Ustawienia lokalne\Temporary Internet Files\Content.IE5\Y521IH8J\DESKTOP.INI

[.ShellClassInfo]

UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}

  -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]


C:\Documents and Settings\Default User\Ustawienia lokalne\Temporary Internet Files\Content.IE5\Y7CFQT4B\DESKTOP.INI

[.ShellClassInfo]

UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}

  -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]


C:\Documents and Settings\HENRYK\Ustawienia lokalne\Dane aplikacji\Microsoft\Feeds Cache\DESKTOP.INI

[.ShellClassInfo]

UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}

  -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]


C:\Documents and Settings\HENRYK\Ustawienia lokalne\Dane aplikacji\Microsoft\Feeds Cache\75ONP2VA\DESKTOP.INI

[.ShellClassInfo]

UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}

  -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]


C:\Documents and Settings\HENRYK\Ustawienia lokalne\Dane aplikacji\Microsoft\Feeds Cache\JUUVM7BD\DESKTOP.INI

[.ShellClassInfo]

UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}

  -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]


C:\Documents and Settings\HENRYK\Ustawienia lokalne\Dane aplikacji\Microsoft\Feeds Cache\QW0I83Y2\DESKTOP.INI

[.ShellClassInfo]

UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}

  -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]


C:\Documents and Settings\HENRYK\Ustawienia lokalne\Dane aplikacji\Microsoft\Feeds Cache\TG866BQZ\DESKTOP.INI

[.ShellClassInfo]

UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}

  -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]


C:\Documents and Settings\HENRYK\Ustawienia lokalne\Historia\DESKTOP.INI

[.ShellClassInfo]

UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}

  -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]

CLSID={FF393560-C2A7-11CF-BFF4-444553540000}

  -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]


C:\Documents and Settings\HENRYK\Ustawienia lokalne\Historia\History.IE5\DESKTOP.INI

[.ShellClassInfo]

UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}

  -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]

CLSID={FF393560-C2A7-11CF-BFF4-444553540000}

  -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]


C:\Documents and Settings\HENRYK\Ustawienia lokalne\Temporary Internet Files\DESKTOP.INI

[.ShellClassInfo]

UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}

  -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]


C:\Documents and Settings\HENRYK\Ustawienia lokalne\Temporary Internet Files\Content.IE5\DESKTOP.INI

[.ShellClassInfo]

UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}

  -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]


C:\Documents and Settings\HENRYK\Ustawienia lokalne\Temporary Internet Files\Content.IE5\4XU9SLYN\DESKTOP.INI

[.ShellClassInfo]

UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}

  -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]


C:\Documents and Settings\HENRYK\Ustawienia lokalne\Temporary Internet Files\Content.IE5\Y521IH8J\DESKTOP.INI

[.ShellClassInfo]

UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}

  -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]


C:\Documents and Settings\HENRYK\Ustawienia lokalne\Temporary Internet Files\Content.IE5\Y7CFQT4B\DESKTOP.INI

[.ShellClassInfo]

UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}

  -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]


C:\Documents and Settings\LocalService\Ustawienia lokalne\Historia\DESKTOP.INI

[.ShellClassInfo]

UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}

  -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]

CLSID={FF393560-C2A7-11CF-BFF4-444553540000}

  -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]


C:\Documents and Settings\LocalService\Ustawienia lokalne\Historia\History.IE5\DESKTOP.INI

[.ShellClassInfo]

UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}

  -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]

CLSID={FF393560-C2A7-11CF-BFF4-444553540000}

  -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]


C:\Documents and Settings\LocalService\Ustawienia lokalne\Temporary Internet Files\DESKTOP.INI

[.ShellClassInfo]

UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}

  -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]


C:\Documents and Settings\LocalService\Ustawienia lokalne\Temporary Internet Files\Content.IE5\DESKTOP.INI

[.ShellClassInfo]

UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}

  -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]


C:\Documents and Settings\LocalService\Ustawienia lokalne\Temporary Internet Files\Content.IE5\F80ZCW64\DESKTOP.INI

[.ShellClassInfo]

UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}

  -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]


C:\Documents and Settings\LocalService\Ustawienia lokalne\Temporary Internet Files\Content.IE5\G2FFDZPH\DESKTOP.INI

[.ShellClassInfo]

UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}

  -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]


C:\Documents and Settings\LocalService\Ustawienia lokalne\Temporary Internet Files\Content.IE5\JPQLG74V\DESKTOP.INI

[.ShellClassInfo]

UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}

  -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]


C:\Documents and Settings\LocalService\Ustawienia lokalne\Temporary Internet Files\Content.IE5\XS5J64GM\DESKTOP.INI

[.ShellClassInfo]

UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}

  -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]


C:\Documents and Settings\NetworkService\Ustawienia lokalne\Historia\History.IE5\DESKTOP.INI

[.ShellClassInfo]

UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}

  -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]

CLSID={FF393560-C2A7-11CF-BFF4-444553540000}

  -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]


C:\Documents and Settings\NetworkService\Ustawienia lokalne\Temporary Internet Files\Content.IE5\DESKTOP.INI

[.ShellClassInfo]

UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}

  -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]


C:\Documents and Settings\NetworkService\Ustawienia lokalne\Temporary Internet Files\Content.IE5\4XU9SLYN\DESKTOP.INI

[.ShellClassInfo]

UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}

  -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]


C:\Documents and Settings\NetworkService\Ustawienia lokalne\Temporary Internet Files\Content.IE5\I32RMHOX\DESKTOP.INI

[.ShellClassInfo]

UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}

  -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]


C:\Documents and Settings\NetworkService\Ustawienia lokalne\Temporary Internet Files\Content.IE5\Y521IH8J\DESKTOP.INI

[.ShellClassInfo]

UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}

  -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]


C:\Documents and Settings\NetworkService\Ustawienia lokalne\Temporary Internet Files\Content.IE5\Y7CFQT4B\DESKTOP.INI

[.ShellClassInfo]

UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}

  -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]


C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Historia\DESKTOP.INI

[.ShellClassInfo]

UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}

  -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]

CLSID={FF393560-C2A7-11CF-BFF4-444553540000}

  -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]


C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\DESKTOP.INI

[.ShellClassInfo]

UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}

  -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]

CLSID={FF393560-C2A7-11CF-BFF4-444553540000}

  -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]


C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Temporary Internet Files\DESKTOP.INI

[.ShellClassInfo]

UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}

  -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]


C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Temporary Internet Files\Content.IE5\DESKTOP.INI

[.ShellClassInfo]

UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}

  -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]


C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Temporary Internet Files\Content.IE5\85UJWHMZ\DESKTOP.INI

[.ShellClassInfo]

UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}

  -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]


C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Temporary Internet Files\Content.IE5\G9E7KXAF\DESKTOP.INI

[.ShellClassInfo]

UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}

  -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]


C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Temporary Internet Files\Content.IE5\GXIJGTYJ\DESKTOP.INI

[.ShellClassInfo]

UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}

  -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]


C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Temporary Internet Files\Content.IE5\S1QZ0PUN\DESKTOP.INI

[.ShellClassInfo]

UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}

  -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]


C:\WINDOWS\Temp\Historia\History.IE5\DESKTOP.INI

[.ShellClassInfo]

UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}

  -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]

CLSID={FF393560-C2A7-11CF-BFF4-444553540000}

  -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]


C:\WINDOWS\Temp\History\History.IE5\DESKTOP.INI

[.ShellClassInfo]

CLSID={FF393560-C2A7-11CF-BFF4-444553540000}

  -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]

UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}

  -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]


C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\DESKTOP.INI

[.ShellClassInfo]

UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}

  -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]


C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\08TUBI4T\DESKTOP.INI

[.ShellClassInfo]

UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}

  -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]


C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\CRT4NUMC\DESKTOP.INI

[.ShellClassInfo]

UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}

  -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]


C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\DV5WV6S0\DESKTOP.INI

[.ShellClassInfo]

UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}

  -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]


C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\JOQRZFSB\DESKTOP.INI

[.ShellClassInfo]

UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}

  -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]



Startup items in "HENRYK" & "All Users" startup folders:

--------------------------------------------------------


C:\Documents and Settings\All Users\Menu Start\Programy\Autostart

"RaConfig" -> shortcut to: "C:\WINDOWS\system32\RaConfig.exe" ["Ralink Technology, Corp."]



Winsock2 Service Provider DLLs:

-------------------------------


Namespace Service Providers


HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}

000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]

000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]


Transport Service Providers


HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}

0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:

%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 13

%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05



Toolbars, Explorer Bars, Extensions:

------------------------------------


Toolbars


HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\

"{F2CF5485-4E02-4F68-819C-B92DE9277049}"

  -> {HKLM...CLSID} = "&Links"

                   \InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]


HKLM\Software\Microsoft\Internet Explorer\Toolbar\

"{BA52B914-B692-46C4-B683-905236F6F655}" = "McAfee VirusScan"

  -> {HKLM...CLSID} = "McAfee VirusScan"

                   \InProcServer32\(Default) = "c:\progra~1\mcafee.com\vso\mcvsshl.dll" ["McAfee, Inc."]


Explorer Bars


Dormant Explorer Bars in "View, Explorer Bar" menu


HKLM\Software\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Badanie"

Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]

InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL" [MS]


Extensions (Tools menu items, main toolbar menu buttons)


HKLM\Software\Microsoft\Internet Explorer\Extensions\

{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\

"MenuText" = "Sun Java Console"

"CLSIDExtension" = "{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBC}"

  -> {HKCU...CLSID} = "Java Plug-in 1.5.0_09"

                   \InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll" ["Sun Microsystems, Inc."]

  -> {HKLM...CLSID} = "Java Plug-in 1.5.0_09"

                   \InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll" ["Sun Microsystems, Inc."]


{92780B25-18CC-41C8-B9BE-3C9C571A8263}\

"ButtonText" = "Badanie"


{E2E2DD38-D088-4134-82B7-F2BA38496583}\

"MenuText" = "@xpsp3res.dll,-20001"

"Exec" = "%windir%\Network Diagnostic\xpnetdiag.exe" [MS]



Running Services (Display Name, Service Name, Path {Service DLL}):

------------------------------------------------------------------


Ati HotKey Poller, Ati HotKey Poller, "C:\WINDOWS\system32\Ati2evxx.exe" ["ATI Technologies Inc."]

ewido anti-spyware 4.0 guard, ewido anti-spyware 4.0 guard, "C:\Program Files\ewido anti-spyware 4.0\guard.exe" ["Anti-Malware Development a.s."]

McAfee Task Scheduler, McTskshd.exe, "c:\PROGRA~1\mcafee.com\agent\mctskshd.exe" ["McAfee, Inc"]

McAfee WSC Integration, McDetect.exe, "c:\program files\mcafee.com\agent\mcdetect.exe" ["McAfee, Inc"]

McAfee.com McShield, McShield, "c:\PROGRA~1\mcafee.com\vso\mcshield.exe" ["McAfee Inc."]

SecuROM User Access Service (V7), UserAccess7, "C:\WINDOWS\system32\UAService7.exe" ["Sony DADC Austria AG."]

Sunbelt Kerio Personal Firewall 4, KPF4, ""C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe"" ["Sunbelt Software"]

Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]



Print Monitors:

---------------


HKLM\System\CurrentControlSet\Control\Print\Monitors\

Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS]



----------

+ This report excludes default entries except where indicated.

+ To see *everywhere* the script checks and *everything* it finds,

  launch it from a command prompt or a shortcut with the -all parameter.

+ The search for DESKTOP.INI DLL launch points on all local fixed drives

  took 42 seconds.

+ The search for all Registry CLSIDs containing dormant Explorer Bars

  took 14 seconds.

---------- (total run time: 78 seconds)
#5

Otwórz Notatnik i wklej w nim to:

Plik >>> Zapisz jako >>> Zmień rozszerzenie z TXT na Wszystkie pliki >>> Zapisz pod nazwą FIX.REG >>> kliknij dwa razy na utworzony plik FIX.REG i potwierdź dodanie do rejestru >>> restart.

Użyj narzędzia SmitFraudFix z opcji numer 2 w trybie awaryjnym.

Skoro sam to instalowałeś i jest Ci to potrzebne to oczywiście tego nie usuwaj.

#6

Wpis dodany.

SmitFraudFix v2.147


Scan done at 14:00:01,20, 2007-03-04

Run from C:\SmitfraudFix

OS: Microsoft Windows XP [Wersja 5.1.2600] - Windows_NT

The filesystem type is NTFS

Fix run in safe mode


»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!Attention, following keys are not inevitably infected!


SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» Killing process



»»»»»»»»»»»»»»»»»»»»»»»» hosts



127.0.0.1 localhost


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix


GenericRenosFix by S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files



»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files



»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!Attention, following keys are not inevitably infected!


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

"System"=""



»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning


Registry Cleaning done. 


»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!Attention, following keys are not inevitably infected!


SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll



»»»»»»»»»»»»»»»»»»»»»»»» End[/code]
#7

SmitFrauFix przeczyścił trochę, bo prawie wszystko usunąłeś ręcznie.

Czy są jeszcze jakieś problemy?

#8

Już wszystko gra.

Podziękowania dla Joan , adam9870 i rixx.