donkey_PL
(Donkey Pl)
7 Sierpień 2007 07:37
#1
Siemka, dziś rano gdy weszłem na internet to nawet nie mogłem płynnie przeglądać stron to uruchomiłem Hijackthis i chciałem dać loga na forum to HJ się zaciął i musiałem uruchamiać jeszcze raz :/. Logi:
HJ:
Logfile of HijackThis v1.99.1 Scan saved at Zegar :48, on 2007-08-07 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16473) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\taskmgr.exe C:\Program Files\Mouse Driver\MouseDrv.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\LClock\LClock.exe C:\Program Files\Unlocker\UnlockerAssistant.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Winamp\winampa.exe C:\Program Files\Eset\nod32kui.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Neostrada TP\NeostradaTP.exe C:\Program Files\Neostrada TP\ComComp.exe C:\Program Files\Neostrada TP\Watch.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\Robert\Pulpit\Inne\Programy\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://szukaj.wp.pl R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.pl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.windowsxlive.net R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM…\Run: [CreativeMouse] C:\Program Files\Mouse Driver\MouseDrv.exe O4 - HKLM…\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM…\Run: [TkBellExe] “C:\Program Files\Common Files\Real\Update_OB\realsched.exe” -osboot O4 - HKLM…\Run: [DAEMON Tools] “C:\Program Files\DAEMON Tools\daemon.exe” -lang 1045 O4 - HKLM…\Run: [LClock] C:\Program Files\LClock\LClock.exe O4 - HKLM…\Run: [unlockerAssistant] “C:\Program Files\Unlocker\UnlockerAssistant.exe” -H O4 - HKLM…\Run: [nwiz] nwiz.exe /install O4 - HKLM…\Run: [WooCnxMon] ; C:\PROGRA~1\NEOSTR~1\CnxMon.exe O4 - HKLM…\Run: [WOOTASKBARICON] ; C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe O4 - HKLM…\Run: [WOOWATCH] ; C:\PROGRA~1\NEOSTR~1\Watch.exe O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM…\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM…\Run: [nod32kui] “C:\Program Files\Eset\nod32kui.exe” /WAITSERVICE O4 - HKCU…\Run: [Numlock Activate] ; C:\Program Files\WINnerTweak3\command.exe numlock O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra ‘Tools’ menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra button: Pop-Up Blocker - {84536FE2-ABCD-3586-DCAB-40E286323737} - C:\Program Files\WINnerTweak3\PopUp Blocker.exe O9 - Extra ‘Tools’ menuitem: Pop-Up Blocker - {84536FE2-ABCD-3586-DCAB-40E286323737} - C:\Program Files\WINnerTweak3\PopUp Blocker.exe O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe O9 - Extra ‘Tools’ menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe O11 - Options group: [iNTERNATIONAL] International* O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/s … wflash.cab O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol … _en_dl.cab O17 - HKLM\System\CCS\Services\Tcpip…{1137D436-F7D2-4DAE-8A25-C080DAD27605}: NameServer = 194.204.152.34 217.98.63.164 O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
SR:
“Silent Runners.vbs”, revision 48, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by “{++}” Startup items buried in registry: --------------------------------- HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} “Numlock Activate” = “; C:\Program Files\WINnerTweak3\command.exe numlock” [file not found] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} “NvCplDaemon” = “RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup” [MS] "CreativeMouse " = “C:\Program Files\Mouse Driver\MouseDrv.exe” [empty string] “SoundMan” = “SOUNDMAN.EXE” [“Realtek Semiconductor Corp.”] “TkBellExe” = ““C:\Program Files\Common Files\Real\Update_OB\realsched.exe” -osboot” [“RealNetworks, Inc.”] “DAEMON Tools” = ““C:\Program Files\DAEMON Tools\daemon.exe” -lang 1045” [“DT Soft Ltd.”] “LClock” = “C:\Program Files\LClock\LClock.exe” [null data] “UnlockerAssistant” = ““C:\Program Files\Unlocker\UnlockerAssistant.exe” -H” [null data] “nwiz” = “nwiz.exe /install” [“NVIDIA Corporation”] “WooCnxMon” = “; C:\PROGRA~1\NEOSTR~1\CnxMon.exe” [file not found] “WOOTASKBARICON” = “; C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe” [file not found] “WOOWATCH” = “; C:\PROGRA~1\NEOSTR~1\Watch.exe” [file not found] “NvMediaCenter” = “RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit” [MS] “WinampAgent” = “C:\Program Files\Winamp\winampa.exe” [null data] “nod32kui” = ““C:\Program Files\Eset\nod32kui.exe” /WAITSERVICE” ["Eset "] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ “{42071714-76d4-11d1-8b24-00a0c9068ff3}” = “Rozszerzenie CPL kadrowania wyświetlania” -> {HKLM…CLSID} = “Rozszerzenie CPL kadrowania wyświetlania” \InProcServer32(Default) = “deskpan.dll” [file not found] “{88895560-9AA2-1069-930E-00AA0030EBC8}” = “Rozszerzenie ikony HyperTerminalu” -> {HKLM…CLSID} = “HyperTerminal Icon Ext” \InProcServer32(Default) = “C:\WINDOWS\system32\hticons.dll” [“Hilgraeve, Inc.”] “{A70C977A-BF00-412C-90B7-034C51DA2439}” = “NvCpl DesktopContext Class” -> {HKLM…CLSID} = “DesktopContext Class” \InProcServer32(Default) = “C:\WINDOWS\system32\nvcpl.dll” [“NVIDIA Corporation”] “{1CDB2949-8F65-4355-8456-263E7C208A5D}” = “Desktop Explorer” -> {HKLM…CLSID} = “Desktop Explorer” \InProcServer32(Default) = “C:\WINDOWS\system32\nvshell.dll” [“NVIDIA Corporation”] “{1E9B04FB-F9E5-4718-997B-B8DA88302A47}” = “Desktop Explorer Menu” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\WINDOWS\system32\nvshell.dll” [“NVIDIA Corporation”] “{1E9B04FB-F9E5-4718-997B-B8DA88302A48}” = “nView Desktop Context Menu” -> {HKLM…CLSID} = “nView Desktop Context Menu” \InProcServer32(Default) = “C:\WINDOWS\system32\nvshell.dll” [“NVIDIA Corporation”] “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” = “WinRAR shell extension” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] “{21569614-B795-46b1-85F4-E737A8DC09AD}” = “Shell Search Band” -> {HKLM…CLSID} = “Shell Search Band” \InProcServer32(Default) = “C:\WINDOWS\system32\browseui.dll” [MS] “{e82a2d71-5b2f-43a0-97b8-81be15854de8}” = “ShellLink for Application References” -> {HKLM…CLSID} = “ShellLink for Application References” \InProcServer32(Default) = “C:\WINDOWS\system32\dfshim.dll” [MS] “{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75}” = “Shell Icon Handler for Application References” -> {HKLM…CLSID} = “Shell Icon Handler for Application References” \InProcServer32(Default) = “C:\WINDOWS\system32\dfshim.dll” [MS] “{40950107-FEA6-4d53-A65F-B2DCBA57DD58}” = “Nokia Phone Browser” -> {HKLM…CLSID} = “Nokia Phone Browser” \InProcServer32(Default) = “C:\Program Files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll” [“Nokia”] “{FBFE7864-D495-41f0-B7DC-4BB601CC295E}” = “Contact View” -> {HKLM…CLSID} = “Contact View” \InProcServer32(Default) = “C:\Program Files\Nokia\Nokia PC Suite 6\ContactView.dll” [“Nokia”] “{C0C4375A-5B72-4efe-929D-3B848C3A1E91}” = “Message View” -> {HKLM…CLSID} = “Message View” \InProcServer32(Default) = “C:\Program Files\Nokia\Nokia PC Suite 6\MessageView.dll” [“Nokia”] “{35786D3C-B075-49b9-88DD-029876E11C01}” = “Portable Devices” -> {HKLM…CLSID} = “Portable Devices” \InProcServer32(Default) = “C:\WINDOWS\system32\wpdshext.dll” [MS] “{D6791A63-E7E2-4fee-BF52-5DED8E86E9B8}” = “Portable Devices Menu” -> {HKLM…CLSID} = “Portable Devices Menu” \InProcServer32(Default) = “C:\WINDOWS\system32\wpdshext.dll” [MS] “{AC0B5D2E-B691-4E12-A4F9-CA88492579A2}” = “Zinio Shell Extension” -> {HKLM…CLSID} = “Zinio Magazine” \InProcServer32(Default) = “C:\Program Files\Common Files\Zinio\ZShext.dll” [“Zinio Systems, Inc.”] “{A9AACA72-1C51-4F84-804D-90EDBA0D58F4}” = “Zinio Magazine Column Provider” -> {HKLM…CLSID} = “MyMagazinesColumn Class” \InProcServer32(Default) = “C:\Program Files\Common Files\Zinio\ZShext.dll” [“Zinio Systems, Inc.”] “{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}” = “Shell Extensions for RealOne Player” -> {HKLM…CLSID} = “RealOne Player Context Menu Class” \InProcServer32(Default) = “C:\Program Files\Real\RealPlayer\rpshell.dll” [“RealNetworks, Inc.”] “{32020A01-506E-484D-A2A8-BE3CF17601C3}” = “AlcoholShellEx” -> {HKLM…CLSID} = “AlcoholShellEx” \InProcServer32(Default) = “C:\PROGRA~1\ALCOHO~1\ALCOHO~1\AxShlex.dll” [“Alcohol Soft Development Team”] “{0006F045-0000-0000-C000-000000000046}” = “Microsoft Outlook Custom Icon Handler” -> {HKLM…CLSID} = “Outlook File Icon Extension” \InProcServer32(Default) = “C:\Program Files\Microsoft Office\Office10\OLKFSTUB.DLL” [MS] “{42042206-2D85-11D3-8CFF-005004838597}” = “Microsoft Office HTML Icon Handler” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\Program Files\Microsoft Office\Office10\msohev.dll” [MS] “{B089FE88-FB52-11D3-BDF1-0050DA34150D}” = “NOD32 Context Menu Shell Extension” -> {HKLM…CLSID} = “NOD32 Context Menu Shell Extension” \InProcServer32(Default) = “C:\Program Files\Eset\nodshex.dll” [null data] “{97090E2F-3062-4459-855B-014F0D3CDBB1}” = “Windows Deskbar” -> {HKCU…CLSID} = “Windows Search Deskbar” \InProcServer32(Default) = “C:\Program Files\Windows Desktop Search\deskbar.dll” [MS] “{13E7F612-F261-4391-BEA2-39DF4F3FA311}” = “Windows Desktop Search” -> {HKLM…CLSID} = “Windows Desktop Search” \InProcServer32(Default) = “C:\Program Files\Windows Desktop Search\msnlExt.dll” [MS] “{D426CFD0-87FC-4906-98D9-A23F5D515D61}” = “Windows Desktop Search Outlook Express ISearchFolder Class” -> {HKLM…CLSID} = “Windows Desktop Search Outlook Express SearchProtocol Class” \InProcServer32(Default) = “C:\Program Files\Windows Desktop Search\OEPH.dll” [MS] “{640167b4-59b0-47a6-b335-a6b3c0695aea}” = “Portable Media Devices” -> {HKLM…CLSID} = “Portable Media Devices” \InProcServer32(Default) = “C:\WINDOWS\system32\Audiodev.dll” [MS] “{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}” = “iTunes” -> {HKLM…CLSID} = “iTunes” \InProcServer32(Default) = “C:\Program Files\iTunes\iTunesMiniPlayer.dll” [“Apple Inc.”] “{2F5AC606-70CF-461C-BFE1-734234536262}” = “WindowBlinds CPL Extension” -> {HKLM…CLSID} = “DisplayCplExt Class” \InProcServer32(Default) = “C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbui.dll” [“Stardock.Net , Inc”] “{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}” = “UnlockerShellExtension” -> {HKLM…CLSID} = “UnlockerShellExtension” \InProcServer32(Default) = “C:\Program Files\Unlocker\UnlockerCOM.dll” [null data] “{A5110426-177D-4e08-AB3F-785F10B4439C}” = “Sony Ericsson File Manager” -> {HKLM…CLSID} = “Sony Ericsson File Manager” \InProcServer32(Default) = “C:\Program Files\Sony Ericsson\Mobile2\File Manager\fmgrgui.dll” [“Sony Ericsson Mobile Communications AB”] “{453D1B6D-BD6A-4FA1-B876-9E4DD848D434}” = “AQQ File Transfer Shell Extension” -> {HKLM…CLSID} = “AQQ File Transfer Shell Extension” \InProcServer32(Default) = “C:\PROGRA~1\Wapster\AQQ\System\AQQSHE~1.DLL” [null data] “{FFB699E0-306A-11d3-8BD1-00104B6F7516}” = “Play on my TV helper” -> {HKLM…CLSID} = “NVIDIA CPL Extension” \InProcServer32(Default) = “C:\WINDOWS\system32\nvcpl.dll” [“NVIDIA Corporation”] “{46E22146-59C0-4136-9233-52E412E2B428}” = “EzCddax extension” -> {HKLM…CLSID} = “EzCddax Class” \InProcServer32(Default) = “C:\Program Files\Easy CD-DA Extractor 8\ezcddax8.dll” [null data] “{46E22146-59C0-4136-9233-FB7720E777B2}” = “EzCddax extension” -> {HKLM…CLSID} = “EzCddax Class” \InProcServer32(Default) = “C:\Program Files\Easy CD-DA Extractor 10\ezcddax10.dll” [null data] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\ INFECTION WARNING! “{56F9679E-7826-4C84-81F3-532071A8BCC5}” = (no title provided) -> {HKLM…CLSID} = “Windows Desktop Search Namespace Manager” \InProcServer32(Default) = “C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll” [MS] INFECTION WARNING! “{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}” = “Microsoft AntiMalware ShellExecuteHook” -> {HKLM…CLSID} = “Microsoft AntiMalware ShellExecuteHook” \InProcServer32(Default) = “C:\PROGRA~1\WIFD1F~1\MpShHook.dll” [MS] HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ “WPDShServiceObj” = “{AAA288BA-9A4C-45B0-95D7-94D524869DB5}” -> {HKLM…CLSID} = “WPDShServiceObj Class” \InProcServer32(Default) = “C:\WINDOWS\system32\WPDShServiceObj.dll” [MS] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\ INFECTION WARNING! “AppInit_DLLs” = “wbsys.dll” [“Stardock.Net , Inc”] HKLM\Software\Classes\Folder\shellex\ColumnHandlers\ {A9AACA72-1C51-4F84-804D-90EDBA0D58F4}(Default) = “Zinio Magazine Column Provider” -> {HKLM…CLSID} = “MyMagazinesColumn Class” \InProcServer32(Default) = “C:\Program Files\Common Files\Zinio\ZShext.dll” [“Zinio Systems, Inc.”] HKLM\Software\Classes*\shellex\ContextMenuHandlers\ AQQFileTransfer(Default) = “{453D1B6D-BD6A-4FA1-B876-9E4DD848D434}” -> {HKLM…CLSID} = “AQQ File Transfer Shell Extension” \InProcServer32(Default) = “C:\PROGRA~1\Wapster\AQQ\System\AQQSHE~1.DLL” [null data] EzCddax(Default) = “{46E22146-59C0-4136-9233-FB7720E777B2}” -> {HKLM…CLSID} = “EzCddax Class” \InProcServer32(Default) = “C:\Program Files\Easy CD-DA Extractor 10\ezcddax10.dll” [null data] HexWorkshopContextMenu(Default) = “{DB34D5DC-D41A-482E-A5EF-8FA0F88761DA}” -> {HKLM…CLSID} = “Hex Workshop Shell Extension” \InProcServer32(Default) = “C:\Program Files\BreakPoint Software\Hex Workshop 4.2\hwext.dll” [“BreakPoint Software, Inc.”] NOD32 Context Menu Shell Extension(Default) = “{B089FE88-FB52-11D3-BDF1-0050DA34150D}” -> {HKLM…CLSID} = “NOD32 Context Menu Shell Extension” \InProcServer32(Default) = “C:\Program Files\Eset\nodshex.dll” [null data] Notepad++(Default) = “{120B94B5-2E6A-4F13-94D0-414BCB64FA0F}” -> {HKLM…CLSID} = “Notepad++” \InProcServer32(Default) = “C:\Program Files\Notepad++\nppcm.dll” [“Burgaud.com ”] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ NOD32 Context Menu Shell Extension(Default) = “{B089FE88-FB52-11D3-BDF1-0050DA34150D}” -> {HKLM…CLSID} = “NOD32 Context Menu Shell Extension” \InProcServer32(Default) = “C:\Program Files\Eset\nodshex.dll” [null data] UnlockerShellExtension(Default) = “{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}” -> {HKLM…CLSID} = “UnlockerShellExtension” \InProcServer32(Default) = “C:\Program Files\Unlocker\UnlockerCOM.dll” [null data] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] Default executables: -------------------- HKCU\Software\Classes.bat(Default) = “batfile” HKCU\Software\Classes.cmd(Default) = “cmdfile” HKCU\Software\Classes.com (Default) = “comfile” HKCU\Software\Classes.exe(Default) = “exefile” Active Desktop and Wallpaper: ----------------------------- Active Desktop is disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState HKCU\Control Panel\Desktop\ “Wallpaper” = “C:\Documents and Settings\Robert\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp” DESKTOP.INI DLL launch in local fixed drive directories: -------------------------------------------------------- C:\Documents and Settings\Default User\Ustawienia lokalne\Historia\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] CLSID={FF393560-C2A7-11CF-BFF4-444553540000} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\Documents and Settings\Default User\Ustawienia lokalne\Historia\History.IE5\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] CLSID={FF393560-C2A7-11CF-BFF4-444553540000} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\Documents and Settings\Default User\Ustawienia lokalne\Temporary Internet Files\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\Documents and Settings\Default User\Ustawienia lokalne\Temporary Internet Files\Content.IE5\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\Documents and Settings\Default User\Ustawienia lokalne\Temporary Internet Files\Content.IE5\0YAPAGF0\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\Documents and Settings\Default User\Ustawienia lokalne\Temporary Internet Files\Content.IE5\CFQ3K7AN\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\Documents and Settings\Default User\Ustawienia lokalne\Temporary Internet Files\Content.IE5\OR3XYZ2R\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\Documents and Settings\Default User\Ustawienia lokalne\Temporary Internet Files\Content.IE5\UXI5LC72\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\Documents and Settings\LocalService\Ustawienia lokalne\Historia\History.IE5\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] CLSID={FF393560-C2A7-11CF-BFF4-444553540000} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\Documents and Settings\LocalService\Ustawienia lokalne\Temporary Internet Files\Content.IE5\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\Documents and Settings\LocalService\Ustawienia lokalne\Temporary Internet Files\Content.IE5\A72D6LU1\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\Documents and Settings\LocalService\Ustawienia lokalne\Temporary Internet Files\Content.IE5\CTCB8XAP\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\Documents and Settings\LocalService\Ustawienia lokalne\Temporary Internet Files\Content.IE5\M14T4XCT\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\Documents and Settings\LocalService\Ustawienia lokalne\Temporary Internet Files\Content.IE5\Q92ZYHQD\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\Documents and Settings\NetworkService\Ustawienia lokalne\Historia\History.IE5\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] CLSID={FF393560-C2A7-11CF-BFF4-444553540000} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\Documents and Settings\NetworkService\Ustawienia lokalne\Pliki internetowe\Temporary Internet Files\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\Documents and Settings\NetworkService\Ustawienia lokalne\Pliki internetowe\Temporary Internet Files\Content.IE5\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\Documents and Settings\NetworkService\Ustawienia lokalne\Pliki internetowe\Temporary Internet Files\Content.IE5\1YSUKDEK\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\Documents and Settings\NetworkService\Ustawienia lokalne\Pliki internetowe\Temporary Internet Files\Content.IE5\31FMJQ4V\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\Documents and Settings\NetworkService\Ustawienia lokalne\Pliki internetowe\Temporary Internet Files\Content.IE5\CL1PB99C\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\Documents and Settings\NetworkService\Ustawienia lokalne\Pliki internetowe\Temporary Internet Files\Content.IE5\IJ17GKUJ\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\Documents and Settings\NetworkService\Ustawienia lokalne\Temporary Internet Files\Content.IE5\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\Documents and Settings\NetworkService\Ustawienia lokalne\Temporary Internet Files\Content.IE5\416GPEJ2\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\Documents and Settings\NetworkService\Ustawienia lokalne\Temporary Internet Files\Content.IE5\630XKKMR\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\Documents and Settings\NetworkService\Ustawienia lokalne\Temporary Internet Files\Content.IE5\K9QFKN2Z\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\Documents and Settings\NetworkService\Ustawienia lokalne\Temporary Internet Files\Content.IE5\YYFUTAYH\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\Documents and Settings\Robert\Cookies\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\Documents and Settings\Robert\Ustawienia lokalne\Dane aplikacji\Microsoft\Feeds Cache\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\Documents and Settings\Robert\Ustawienia lokalne\Dane aplikacji\Microsoft\Feeds Cache\8Y170GMW\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\Documents and Settings\Robert\Ustawienia lokalne\Dane aplikacji\Microsoft\Feeds Cache\H7ZG86B0\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\Documents and Settings\Robert\Ustawienia lokalne\Dane aplikacji\Microsoft\Feeds Cache\HDZO63CB\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\Documents and Settings\Robert\Ustawienia lokalne\Dane aplikacji\Microsoft\Feeds Cache\P4ZP0UP5\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\Documents and Settings\Robert\Ustawienia lokalne\Historia\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] CLSID={FF393560-C2A7-11CF-BFF4-444553540000} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\Documents and Settings\Robert\Ustawienia lokalne\Historia\History.IE5\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\Documents and Settings\Robert\Ustawienia lokalne\Pliki internetowe\Temporary Internet Files\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\Documents and Settings\Robert\Ustawienia lokalne\Pliki internetowe\Temporary Internet Files\Content.IE5\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\Documents and Settings\Robert\Ustawienia lokalne\Pliki internetowe\Temporary Internet Files\Content.IE5\6OOVEV5I\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\Documents and Settings\Robert\Ustawienia lokalne\Pliki internetowe\Temporary Internet Files\Content.IE5\79MUPO74\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\Documents and Settings\Robert\Ustawienia lokalne\Pliki internetowe\Temporary Internet Files\Content.IE5\EDNKXS3Q\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\Documents and Settings\Robert\Ustawienia lokalne\Pliki internetowe\Temporary Internet Files\Content.IE5\SOEM6AOZ\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\Documents and Settings\Robert\Ustawienia lokalne\Temporary Internet Files\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\Documents and Settings\Robert\Ustawienia lokalne\Temporary Internet Files\Content.IE5\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\Documents and Settings\Robert\Ustawienia lokalne\Temporary Internet Files\Content.IE5\2A02G70P\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\Documents and Settings\Robert\Ustawienia lokalne\Temporary Internet Files\Content.IE5\2DMK8OR9\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\Documents and Settings\Robert\Ustawienia lokalne\Temporary Internet Files\Content.IE5\D5315AK9\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\Documents and Settings\Robert\Ustawienia lokalne\Temporary Internet Files\Content.IE5\TV85IHQS\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Historia\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] CLSID={FF393560-C2A7-11CF-BFF4-444553540000} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] CLSID={FF393560-C2A7-11CF-BFF4-444553540000} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Temporary Internet Files\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Temporary Internet Files\Content.IE5\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Temporary Internet Files\Content.IE5\2MKF6S3J\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Temporary Internet Files\Content.IE5\4BM7WGSV\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Temporary Internet Files\Content.IE5\CI4COMBK\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Temporary Internet Files\Content.IE5\FW109P38\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] Enabled Scheduled Tasks: ------------------------ “AppleSoftwareUpdate” -> launches: “C:\Program Files\Apple Software Update\SoftwareUpdate.exe -Task” [“Apple Computer, Inc.”] “MP Scheduled Scan” -> launches: “C:\Program Files\Windows Defender\MpCmdRun.exe Scan -RestrictPrivileges” [MS] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] 000000000002\LibraryPath = “%SystemRoot%\System32\winrnr.dll” [MS] 000000000003\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: C:\WINDOWS\system32\imon.dll ["Eset "], 01 - 05, 34 %SystemRoot%\system32\mswsock.dll [MS], 06 - 08, 11 - 33 %SystemRoot%\system32\rsvpsp.dll [MS], 09 - 10 Toolbars, Explorer Bars, Extensions: ------------------------------------ Explorer Bars Dormant Explorer Bars in “View, Explorer Bar” menu HKLM\Software\Classes\CLSID{01002DB2-8170-4D9B-A8B1-DDC9DD114E03}(Default) = “Volet Wanadoo” Implemented Categories{00021494-0000-0000-C000-000000000046}\ [horizontal bar] InProcServer32(Default) = “C:\PROGRA~1\NEOSTR~1\audience\audience.dll” [empty string] HKLM\Software\Classes\CLSID{3BAF4A27-C764-4E1A-A6F4-62F7A7E5E51C}(Default) = “ToolBand Class” Implemented Categories{00021494-0000-0000-C000-000000000046}\ [horizontal bar] InProcServer32(Default) = “C:\PROGRA~1\NEOSTR~1\audience\audience.dll” [empty string] HKLM\Software\Classes\CLSID{5BF498C0-931E-4A4F-B33F-456D07137EAA}(Default) = “Volet Wanadoo” Implemented Categories{00021494-0000-0000-C000-000000000046}\ [horizontal bar] InProcServer32(Default) = “C:\PROGRA~1\NEOSTR~1\audience\audience.dll” [empty string] HKLM\Software\Classes\CLSID{72FE8681-0BFA-471B-9B2A-B37ED68DD09E}(Default) = “Ask PopSwatter” Implemented Categories{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32(Default) = “C:\WINDOWS\system32\shdocvw.dll” [MS] Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {36ECAF82-3300-8F84-092E-AFF36D6C7040}\ “ButtonText” = “Run WinHTTrack” “MenuText” = “Launch WinHTTrack” “CLSIDExtension” = “{86529161-034E-4F8A-88D2-3C625E612E04}” -> {HKLM…CLSID} = “WinHTTrackLauncher Class” \InProcServer32(Default) = “C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll” [null data] {84536FE2-ABCD-3586-DCAB-40E286323737}\ “ButtonText” = “Pop-Up Blocker” “MenuText” = “Pop-Up Blocker” “Exec” = “C:\Program Files\WINnerTweak3\PopUp Blocker.exe” [“WINner Tweak Software Development Team”] {D6E814A0-E0C5-11D4-8D29-0050BA6940E3}\ “ButtonText” = “FlashGet” “MenuText” = “&FlashGet” “Exec” = “C:\PROGRA~1\FlashGet\flashget.exe” [“FlashGet.com ”] Miscellaneous IE Hijack Points ------------------------------ HKLM\Software\Microsoft\Internet Explorer\AboutURLs\ HIJACK WARNING! “TuneUp” = “file://C|/Documents and Settings/All Users/Dane aplikacji/TuneUp Software/Common/base.css” [file not found] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ Machine Debug Manager, MDM, ““C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe”” [MS] NOD32 Kernel Service, NOD32krn, ““C:\Program Files\Eset\nod32krn.exe”” ["Eset "] NVIDIA Display Driver Service, NVSvc, “C:\WINDOWS\system32\nvsvc32.exe” [“NVIDIA Corporation”] ---------- + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + The search for DESKTOP.INI DLL launch points on all local fixed drives took 327 seconds. + The search for all Registry CLSIDs containing dormant Explorer Bars took 69 seconds. ---------- (total run time: 508 seconds)
jessica
(jessica)
8 Sierpień 2007 10:35
#2
Logi wyglądają na czyste pod względem “wirusowym”.
Niezbyt za to podoba mi się to poniższe:
Ale jeśli nie masz kłopotów z plikami *.exe , to zostawiamy to w spokoju.
Możesz dać jeszcze log z ComboFixa:
http://forum.dobreprogramy.pl/viewtopic.php?t=36654
(na dole tej strony z linku) -
Log wklej na http://wklej.org/ , a w poście daj tylko link.
.
donkey_PL
(Donkey Pl)
8 Sierpień 2007 11:23
#3
Ok zrobiłem, http://wklej.org/id/d8d5f1a35d
A i jeszcze dam plik ComboFix-quarantined-files.txt
2007-01-12 21:42 2819072 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\sysdm.exe.vir
Zmienna PATH folderu
Numer seryjny woluminu: 28E8-1E0B
C:\QOOBOX
\---Quarantine
+---C
| \---WINDOWS
| \---system32
| sysdm.exe.vir
|
\---Registry_backups
Złączono Posta : 08.08.2007 (Sro) 13:47
Eeee… teraz jak klikam na mój komputer i właściwości to nic się nie pojawia
anka91
(Trzylaski)
8 Sierpień 2007 19:51
#4
najlepiej zainstaluj sobie linuxa to nie bedziesz miec takich problemow :mrgreen:
donkey_PL
(Donkey Pl)
9 Sierpień 2007 09:05
#5
anka91 naprawdę bardzo mi pomogłaś
jessica
(jessica)
9 Sierpień 2007 10:09
#6
Czy to oznacza, że zrezygnowałeś z WinXP?
Tak to zrozumiałam.
Jeśli źle zrozumiałam, to na wszelki wypadek:
Log z ComboFixa wygląda na czysty.
Natomiast w sprawie uszkodzonych rozszerzeń musisz zaczekać na @Adam9870 - ja nie mam takich umiejętności jak On w takich sprawach.
Podejrzewam, że Twoje kłopoty z “Mój Komputer” też mają z tym związek.
Ale jeśli masz już Linuxa…
.
Kuba11
(Kuba1)
9 Sierpień 2007 10:17
#7
Zastosuj narzędzie DAFT >>Instrukcja
donkey_PL
(Donkey Pl)
9 Sierpień 2007 12:28
#8
jessica nie, nadal mam win xp a na innym dysku mam linuxa ale to już od dawna. Z tymi uszkodzonymi rozszeżeniami to ja mam zawsze problem gdy daję loga więc nie będę już nawet tego naprawiać. A teraz druga sprawa, nie chcę zakładać nowego tematu więc napiszę w tym: jak usunąć linuxa i na jego miejsce zainstalować windowsa xp (oczywiście chodzi o to że będą 2 windowsy) i żeby był wybór między nimi. Na ten nowy chcę zainstalować VTP 7.0 a ten starszy żeby był, poprostu został, proszę o link do jakiegoś faq na ten temat :]