Kspersky wykrył trojana w pliku regedit.exe. Logi

pogoneiro · 29 Czerwiec 2007 18:45

Witam. Bardzo prosze sprawdzić logi bo kasper wykrył konia trojańskiego

TZN. chyba usunął ten cały plik regedit.exe

Potem to samo w pliku regedit.exe.new ale przy neutralizacji napisał że pliku nie znaleziono.

Zauwazyłem że komuter jakby ostatnio spowolnił.

Logfile of HijackThis v1.99.1 Scan saved at 20:32:07, on 2007-06-29 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16473) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe C:\Program Files\Executive Software\DiskeeperLite\DKService.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe C:\Program Files\Windows Defender\MSASCui.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\Program Files\Gadu-Gadu\gg.exe C:\Program Files\Winamp\winamp.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Duncaen\Pulpit\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O4 - HKLM…\Run: [WinPatrol] C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe O4 - HKLM…\Run: [iSUSPM Startup] “C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe” -startup O4 - HKLM…\Run: [iSUSScheduler] “C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe” -start O4 - HKLM…\Run: [kis] “C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe” O4 - HKLM…\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup O4 - HKLM…\Run: [Adobe Photo Downloader] “C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe” O4 - HKLM…\Run: [samsung Common SM] “C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe” /autorun O4 - HKLM…\Run: [Windows Defender] “C:\Program Files\Windows Defender\MSASCui.exe” -hide O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU…\Run: [Odkurzacz-MCD] C:\Program Files\Odkurzacz\odk_mcd.exe O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe O8 - Extra context menu item: Dodaj do Kaspersky Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\ie_banner_deny.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Ochrona WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [iNTERNATIONAL] International* O15 - Trusted Zone: http://www.mks.com.pl O16 - DPF: ING Bank Online - https://ssl.bsk.com.pl/bskonl/component/INGOnl.cab O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - https://scan.safety.live.com/resource/d … se3401.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup … 8815405500 O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" -r (file missing) O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperLite\DKService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

“Silent Runners.vbs”, revision 46, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by “{++}” Startup items buried in registry: --------------------------------- HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} “CTFMON.EXE” = “C:\WINDOWS\system32\ctfmon.exe” [MS] “Odkurzacz-MCD” = “C:\Program Files\Odkurzacz\odk_mcd.exe” [“Franmo Software”] “Gadu-Gadu” = ““C:\Program Files\Gadu-Gadu\gg.exe” /tray” [“Gadu-Gadu S.A.”] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} “WinPatrol” = “C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe” [“BillP Studios”] “ISUSPM Startup” = ““C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe” -startup” [“Macrovision Corporation”] “ISUSScheduler” = ““C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe” -start” [“Macrovision Corporation”] “kis” = ““C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe”” [“Kaspersky Lab”] “PCSuiteTrayApplication” = “C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup” [“Nokia”] “Adobe Photo Downloader” = ““C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe”” [“Adobe Systems Incorporated”] “Samsung Common SM” = ““C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe” /autorun” [“Samsung Electronics.”] “Windows Defender” = ““C:\Program Files\Windows Defender\MSASCui.exe” -hide” [MS] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided) -> {HKLM…CLSID} = “AcroIEHlprObj Class” \InProcServer32(Default) = “C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll” [“Adobe Systems Incorporated”] {53707962-6F74-2D53-2644-206D7942484F}(Default) = (no title provided) -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\PROGRA~1\SPYBOT~1\SDHelper.dll” [“Safer Networking Limited”] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}(Default) = (no title provided) -> {HKLM…CLSID} = “SSVHelper Class” \InProcServer32(Default) = “C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll” [“Sun Microsystems, Inc.”] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ “{42071714-76d4-11d1-8b24-00a0c9068ff3}” = “Rozszerzenie CPL kadrowania wyświetlania” -> {HKLM…CLSID} = “Rozszerzenie CPL kadrowania wyświetlania” \InProcServer32(Default) = “deskpan.dll” [file not found] “{88895560-9AA2-1069-930E-00AA0030EBC8}” = “Rozszerzenie ikony HyperTerminalu” -> {HKLM…CLSID} = “HyperTerminal Icon Ext” \InProcServer32(Default) = “C:\WINDOWS\system32\hticons.dll” [“Hilgraeve, Inc.”] “{30D02401-6A81-11d0-8274-00C04FD5AE38}” = “IE Search Band” -> {HKLM…CLSID} = “IE Search Band” \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] “{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}” = “Shell DocObject Viewer” -> {HKLM…CLSID} = “Shell DocObject Viewer” \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] “{FBF23B40-E3F0-101B-8488-00AA003E56F8}” = “InternetShortcut” -> {HKLM…CLSID} = “Internet Shortcut” \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] “{3C374A40-BAE4-11CF-BF7D-00AA006946EE}” = “Microsoft Url History Service” -> {HKLM…CLSID} = “Microsoft Url History Service” \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] “{FF393560-C2A7-11CF-BFF4-444553540000}” = “History” -> {HKLM…CLSID} = “History” \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] “{7BD29E00-76C1-11CF-9DD0-00A0C9034933}” = “Temporary Internet Files” -> {HKLM…CLSID} = “Temporary Internet Files” \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] “{7BD29E01-76C1-11CF-9DD0-00A0C9034933}” = “Temporary Internet Files” -> {HKLM…CLSID} = “Temporary Internet Files” \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] “{CFBFAE00-17A6-11D0-99CB-00C04FD64497}” = “Microsoft Url Search Hook” -> {HKLM…CLSID} = “Microsoft Url Search Hook” \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] “{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}” = “The Internet” -> {HKLM…CLSID} = “The Internet” \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] “{871C5380-42A0-1069-A2EA-08002B30309D}” = “Internet Name Space” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] “{21569614-B795-46b1-85F4-E737A8DC09AD}” = “Shell Search Band” -> {HKLM…CLSID} = “Shell Search Band” \InProcServer32(Default) = “C:\WINDOWS\system32\browseui.dll” [MS] “{5E2121EE-0300-11D4-8D3B-444553540000}” = “Catalyst Context Menu extension” -> {HKLM…CLSID} = “SimpleShlExt Class” \InProcServer32(Default) = “C:\Program Files\ATI Technologies\ATI.ACE\atiacmxx.dll” [empty string] “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” = “WinRAR shell extension” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] “{640167b4-59b0-47a6-b335-a6b3c0695aea}” = “Portable Media Devices” -> {HKLM…CLSID} = “Portable Media Devices” \InProcServer32(Default) = “C:\WINDOWS\system32\Audiodev.dll” [MS] “{cc86590a-b60a-48e6-996b-41d25ed39a1e}” = “Portable Media Devices Menu” -> {HKLM…CLSID} = “Portable Media Devices Menu” \InProcServer32(Default) = “C:\WINDOWS\system32\Audiodev.dll” [MS] “{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}” = “OpenOffice.org Column Handler” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = ““C:\Program Files\OpenOffice.ux.pl 2.0.2\program\shlxthdl.dll”” [“Sun Microsystems, Inc.”] “{087B3AE3-E237-4467-B8DB-5A38AB959AC9}” = “OpenOffice.org Infotip Handler” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = ““C:\Program Files\OpenOffice.ux.pl 2.0.2\program\shlxthdl.dll”” [“Sun Microsystems, Inc.”] “{63542C48-9552-494A-84F7-73AA6A7C99C1}” = “OpenOffice.org Property Sheet Handler” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = ““C:\Program Files\OpenOffice.ux.pl 2.0.2\program\shlxthdl.dll”” [“Sun Microsystems, Inc.”] “{3B092F0C-7696-40E3-A80F-68D74DA84210}” = “OpenOffice.org Thumbnail Viewer” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = ““C:\Program Files\OpenOffice.ux.pl 2.0.2\program\shlxthdl.dll”” [“Sun Microsystems, Inc.”] “{85E0B171-04FA-11D1-B7DA-00A0C90348D6}” = “Ochrona WWW” -> {HKLM…CLSID} = “Ochrona WWW” \InProcServer32(Default) = “C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll” [“Kaspersky Lab”] “{416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A}” = “PhoneBrowser” -> {HKLM…CLSID} = “Nokia Phone Browser” \InProcServer32(Default) = “C:\Program Files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll” [“Nokia”] “{07C45BB1-4A8C-4642-A1F5-237E7215FF66}” = “IE Microsoft BrowserBand” -> {HKLM…CLSID} = “IE Microsoft BrowserBand” \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] “{1C1EDB47-CE22-4bbb-B608-77B48F83C823}” = “IE Fade Task” -> {HKLM…CLSID} = “IE Fade Task” \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] “{205D7A97-F16D-4691-86EF-F3075DCCA57D}” = “IE Menu Desk Bar” -> {HKLM…CLSID} = “IE Menu Desk Bar” \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] “{3028902F-6374-48b2-8DC6-9725E775B926}” = “IE AutoComplete” -> {HKLM…CLSID} = “IE AutoComplete” \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] “{43886CD5-6529-41c4-A707-7B3C92C05E68}” = “IE Navigation Bar” -> {HKLM…CLSID} = “IE Navigation Bar” \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] “{44C76ECD-F7FA-411c-9929-1B77BA77F524}” = “IE Menu Site” -> {HKLM…CLSID} = “IE Menu Site” \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] “{4B78D326-D922-44f9-AF2A-07805C2A3560}” = “IE Menu Band” -> {HKLM…CLSID} = “IE Menu Band” \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] “{6038EF75-ABFC-4e59-AB6F-12D397F6568D}” = “IE Microsoft History AutoComplete List” -> {HKLM…CLSID} = “IE Microsoft History AutoComplete List” \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] “{6B4ECC4F-16D1-4474-94AB-5A763F2A54AE}” = “IE Tracking Shell Menu” -> {HKLM…CLSID} = “IE Tracking Shell Menu” \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] “{6CF48EF8-44CD-45d2-8832-A16EA016311B}” = “IE IShellFolderBand” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] “{73CFD649-CD48-4fd8-A272-2070EA56526B}” = “IE BandProxy” -> {HKLM…CLSID} = “IE BandProxy” \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] “{98FF6D4B-6387-4b0a-8FBD-C5C4BB17B4F8}” = “IE MRU AutoComplete List” -> {HKLM…CLSID} = “IE MRU AutoComplete List” \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] “{9A096BB5-9DC3-4D1C-8526-C3CBF991EA4E}” = “IE RSS Feeder Folder” -> {HKLM…CLSID} = “IE RSS Feeds Folder” \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] “{9D958C62-3954-4b44-8FAB-C4670C1DB4C2}” = “IE Microsoft Shell Folder AutoComplete List” -> {HKLM…CLSID} = “IE Microsoft Shell Folder AutoComplete List” \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] “{B31C5FAE-961F-415b-BAF0-E697A5178B94}” = “IE Microsoft Multiple AutoComplete List Container” -> {HKLM…CLSID} = “IE Microsoft Multiple AutoComplete List Container” \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] “{BC476F4C-D9D7-4100-8D4E-E043F6DEC409}” = “Microsoft Browser Architecture” -> {HKLM…CLSID} = “Microsoft Browser Architecture” \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] “{BFAD62EE-9D54-4b2a-BF3B-76F90697BD2A}” = “IE Shell Rebar BandSite” -> {HKLM…CLSID} = “IE Shell Rebar BandSite” \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] “{E6EE9AAC-F76B-4947-8260-A9F136138E11}” = “IE Shell Band Site Menu” -> {HKLM…CLSID} = “IE Shell Band Site Menu” \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] “{F2CF5485-4E02-4f68-819C-B92DE9277049}” = “&Links” -> {HKLM…CLSID} = “&Links” \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] “{F83DAC1C-9BB9-4f2b-B619-09819DA81B0E}” = “IE Registry Tree Options Utility” -> {HKLM…CLSID} = “IE Registry Tree Options Utility” \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] “{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75}” = “IE User Assist” -> {HKLM…CLSID} = “IE User Assist” \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] “{FDE7673D-2E19-4145-8376-BBD58C4BC7BA}” = “IE Custom MRU AutoCompleted List” -> {HKLM…CLSID} = “IE Custom MRU AutoCompleted List” \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] “{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}” = “UnlockerShellExtension” -> {HKLM…CLSID} = “UnlockerShellExtension” \InProcServer32(Default) = “C:\Program Files\Unlocker\UnlockerCOM.dll” [null data] “{1CC513EE-A20D-4f42-BDAF-4BE42BCDB6EC}” = “UIM File Extension” -> {HKLM…CLSID} = “UimShlExt Class” \InProcServer32(Default) = “C:\WINDOWS\system32\UimExt.dll” [empty string] “{1CC513AE-A20D-4f42-BDAF-4BE42BCDB6EC}” = “UIM Drive Extension” -> {HKLM…CLSID} = “UimDriveExt Class” \InProcServer32(Default) = “C:\WINDOWS\system32\UimExt.dll” [empty string] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\ INFECTION WARNING! “{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}” = “Microsoft AntiMalware ShellExecuteHook” -> {HKLM…CLSID} = “Microsoft AntiMalware ShellExecuteHook” \InProcServer32(Default) = “C:\PROGRA~1\WINDOW~4\MpShHook.dll” [MS] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\ INFECTION WARNING! “AppInit_DLLs” = “C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll” [“Kaspersky Lab”] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ INFECTION WARNING! AtiExtEvent\DLLName = “Ati2evxx.dll” [“ATI Technologies Inc.”] INFECTION WARNING! klogon\DLLName = “C:\WINDOWS\system32\klogon.dll” [“Kaspersky Lab”] INFECTION WARNING! WgaLogon\DLLName = “WgaLogon.dll” [MS] HKLM\Software\Classes\Folder\shellex\ColumnHandlers\ {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}(Default) = “OpenOffice.org Column Handler” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = ““C:\Program Files\OpenOffice.ux.pl 2.0.2\program\shlxthdl.dll”” [“Sun Microsystems, Inc.”] HKLM\Software\Classes*\shellex\ContextMenuHandlers\ Kaspersky Anti-Virus(Default) = “{dd230880-495a-11d1-b064-008048ec2fc5}” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\shellex.dll” [“Kaspersky Lab”] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ Kaspersky Anti-Virus(Default) = “{dd230880-495a-11d1-b064-008048ec2fc5}” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\shellex.dll” [“Kaspersky Lab”] UnlockerShellExtension(Default) = “{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}” -> {HKLM…CLSID} = “UnlockerShellExtension” \InProcServer32(Default) = “C:\Program Files\Unlocker\UnlockerCOM.dll” [null data] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] Active Desktop and Wallpaper: ----------------------------- Active Desktop is disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState HKCU\Control Panel\Desktop\ “Wallpaper” = “C:\Documents and Settings\Duncaen\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp” Enabled Screen Saver: --------------------- HKCU\Control Panel\Desktop\ “SCRNSAVE.EXE” = “C:\WINDOWS\system32\logon.scr” [MS] DESKTOP.INI DLL launch in local fixed drive directories: -------------------------------------------------------- C:\Documents and Settings\Default User\Ustawienia lokalne\Historia\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] CLSID={FF393560-C2A7-11CF-BFF4-444553540000} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\Documents and Settings\Default User\Ustawienia lokalne\Historia\History.IE5\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] CLSID={FF393560-C2A7-11CF-BFF4-444553540000} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\Documents and Settings\Default User\Ustawienia lokalne\Temporary Internet Files\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\Documents and Settings\Duncaen\Ustawienia lokalne\Dane aplikacji\Microsoft\Feeds Cache\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\Documents and Settings\Duncaen\Ustawienia lokalne\Dane aplikacji\Microsoft\Feeds Cache\DWJ03SK6\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\Documents and Settings\Duncaen\Ustawienia lokalne\Dane aplikacji\Microsoft\Feeds Cache\TET63RMC\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\Documents and Settings\Duncaen\Ustawienia lokalne\Dane aplikacji\Microsoft\Feeds Cache\U1ZQVKOM\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\Documents and Settings\Duncaen\Ustawienia lokalne\Dane aplikacji\Microsoft\Feeds Cache\XU2RNN2N\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\Documents and Settings\Duncaen\Ustawienia lokalne\Historia\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] CLSID={FF393560-C2A7-11CF-BFF4-444553540000} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\Documents and Settings\Duncaen\Ustawienia lokalne\Historia\History.IE5\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] CLSID={FF393560-C2A7-11CF-BFF4-444553540000} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\Documents and Settings\Duncaen\Ustawienia lokalne\Temporary Internet Files\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\Documents and Settings\Duncaen\Ustawienia lokalne\Temporary Internet Files\Content.IE5\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\Documents and Settings\Duncaen\Ustawienia lokalne\Temporary Internet Files\Content.IE5\064H8OVI\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\Documents and Settings\Duncaen\Ustawienia lokalne\Temporary Internet Files\Content.IE5\0RX0HXHQ\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\Documents and Settings\Duncaen\Ustawienia lokalne\Temporary Internet Files\Content.IE5\70R3C35P\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\Documents and Settings\Duncaen\Ustawienia lokalne\Temporary Internet Files\Content.IE5\769ZYC7W\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\Documents and Settings\Duncaen\Ustawienia lokalne\Temporary Internet Files\Content.IE5\EK3BMGBR\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\Documents and Settings\Duncaen\Ustawienia lokalne\Temporary Internet Files\Content.IE5\KDSZ4JB8\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\Documents and Settings\Duncaen\Ustawienia lokalne\Temporary Internet Files\Content.IE5\KP2L1TZC\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\Documents and Settings\Duncaen\Ustawienia lokalne\Temporary Internet Files\Content.IE5\NAHLOWS2\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\Documents and Settings\Duncaen\Ustawienia lokalne\Temporary Internet Files\Content.IE5\PLGRVVA3\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\Documents and Settings\Duncaen\Ustawienia lokalne\Temporary Internet Files\Content.IE5\TB28KHK4\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\Documents and Settings\Duncaen\Ustawienia lokalne\Temporary Internet Files\Content.IE5\XMV8Y19Y\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\Documents and Settings\Duncaen\Ustawienia lokalne\Temporary Internet Files\Content.IE5\ZP1C653U\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\Documents and Settings\Gość\Ustawienia lokalne\Historia\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] CLSID={FF393560-C2A7-11CF-BFF4-444553540000} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\Documents and Settings\Gość\Ustawienia lokalne\Historia\History.IE5\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] CLSID={FF393560-C2A7-11CF-BFF4-444553540000} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\Documents and Settings\Gość\Ustawienia lokalne\Temporary Internet Files\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\Documents and Settings\Gość\Ustawienia lokalne\Temporary Internet Files\Content.IE5\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\Documents and Settings\Gość\Ustawienia lokalne\Temporary Internet Files\Content.IE5\JPGNF8C1\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\Documents and Settings\Gość\Ustawienia lokalne\Temporary Internet Files\Content.IE5\OHEL1NWR\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\Documents and Settings\Gość\Ustawienia lokalne\Temporary Internet Files\Content.IE5\QVBYYGTM\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\Documents and Settings\Gość\Ustawienia lokalne\Temporary Internet Files\Content.IE5\YIVZTM5X\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\Documents and Settings\LocalService\Ustawienia lokalne\Historia\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] CLSID={FF393560-C2A7-11CF-BFF4-444553540000} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\Documents and Settings\LocalService\Ustawienia lokalne\Historia\History.IE5\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] CLSID={FF393560-C2A7-11CF-BFF4-444553540000} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\Documents and Settings\LocalService\Ustawienia lokalne\Temporary Internet Files\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\Documents and Settings\LocalService\Ustawienia lokalne\Temporary Internet Files\Content.IE5\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\Documents and Settings\Misiek\Ustawienia lokalne\Dane aplikacji\Microsoft\Feeds Cache\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\Documents and Settings\Misiek\Ustawienia lokalne\Dane aplikacji\Microsoft\Feeds Cache\7GDOG3FN\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\Documents and Settings\Misiek\Ustawienia lokalne\Dane aplikacji\Microsoft\Feeds Cache\88G2MSUD\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\Documents and Settings\Misiek\Ustawienia lokalne\Dane aplikacji\Microsoft\Feeds Cache\BO8QW8CL\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\Documents and Settings\Misiek\Ustawienia lokalne\Dane aplikacji\Microsoft\Feeds Cache\O8TCG2QV\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\Documents and Settings\Misiek\Ustawienia lokalne\Historia\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] CLSID={FF393560-C2A7-11CF-BFF4-444553540000} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\Documents and Settings\Misiek\Ustawienia lokalne\Historia\History.IE5\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] CLSID={FF393560-C2A7-11CF-BFF4-444553540000} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\Documents and Settings\Misiek\Ustawienia lokalne\Temporary Internet Files\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\Documents and Settings\Misiek\Ustawienia lokalne\Temporary Internet Files\Content.IE5\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\Documents and Settings\Misiek\Ustawienia lokalne\Temporary Internet Files\Content.IE5\JPGNF8C1\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\Documents and Settings\Misiek\Ustawienia lokalne\Temporary Internet Files\Content.IE5\OHEL1NWR\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\Documents and Settings\Misiek\Ustawienia lokalne\Temporary Internet Files\Content.IE5\QVBYYGTM\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\Documents and Settings\Misiek\Ustawienia lokalne\Temporary Internet Files\Content.IE5\YIVZTM5X\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\Documents and Settings\NetworkService\Ustawienia lokalne\Historia\History.IE5\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] CLSID={FF393560-C2A7-11CF-BFF4-444553540000} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\WINDOWS\Temp\History\History.IE5\DESKTOP.INI [.ShellClassInfo] CLSID={FF393560-C2A7-11CF-BFF4-444553540000} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\12VJ6D8X\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\7WC30EBQ\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\IG3SE8GO\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\M445PD7A\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] Startup items in “Duncaen” & “All Users” startup folders: --------------------------------------------------------- C:\Documents and Settings\All Users\Menu Start\Programy\Autostart “ATI CATALYST System Tray” -> shortcut to: “C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe SystemTray” [null data] Enabled Scheduled Tasks: ------------------------ “MP Scheduled Scan” -> launches: “C:\Program Files\Windows Defender\MpCmdRun.exe Scan -RestrictPrivileges” [MS] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] 000000000002\LibraryPath = “%SystemRoot%\System32\winrnr.dll” [MS] 000000000003\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 11 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Explorer Bars Dormant Explorer Bars in “View, Explorer Bar” menu HKLM\Software\Classes\CLSID{85E0B171-04FA-11D1-B7DA-00A0C90348D6}(Default) = “Ochrona WWW” Implemented Categories{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32(Default) = “C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll” [“Kaspersky Lab”] Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ “MenuText” = “Sun Java Console” “CLSIDExtension” = “{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}” -> {HKCU…CLSID} = “Java Plug-in” \InProcServer32(Default) = “C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll” [“Sun Microsystems, Inc.”] -> {HKLM…CLSID} = “Java Plug-in 1.5.0_06” \InProcServer32(Default) = “C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll” [“Sun Microsystems, Inc.”] {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E}\ “ButtonText” = “Ochrona WWW” {E2E2DD38-D088-4134-82B7-F2BA38496583}\ “MenuText” = “@xpsp3res.dll,-20001” “Exec” = “%windir%\Network Diagnostic\xpnetdiag.exe” [MS] {FB5F1910-F110-11D2-BB9E-00C04F795683}\ “ButtonText” = “Messenger” “MenuText” = “Windows Messenger” “Exec” = “C:\Program Files\Messenger\msmsgs.exe” [MS] Miscellaneous IE Hijack Points ------------------------------ C:\WINDOWS\INF\IERESET.INF (used to “Reset Web Settings”) Added lines (compared with English-language version): [strings]: START_PAGE_URL=“http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome” [strings]: MS_START_PAGE_URL=“http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome” Missing lines (compared with English-language version): [strings]: 2 lines HKLM\Software\Microsoft\Internet Explorer\AboutURLs\ HIJACK WARNING! “NavigationFailure” = “res://ieframe.dll/navcancl.htm” [MS] HIJACK WARNING! “DesktopItemNavigationFailure” = “res://ieframe.dll/navcancl.htm” [MS] HIJACK WARNING! “NavigationCanceled” = “res://ieframe.dll/navcancl.htm” [MS] HIJACK WARNING! “OfflineInformation” = “res://ieframe.dll/offcancl.htm” [MS] HIJACK WARNING! “PostNotCached” = “res://ieframe.dll/repost.htm” [MS] HIJACK WARNING! “NoAdd-ons” = “res://ieframe.dll/noaddon.htm” [MS] HIJACK WARNING! “NoAdd-onsInfo” = “res://ieframe.dll/noaddoninfo.htm” [MS] HIJACK WARNING! “SecurityRisk” = “res://ieframe.dll/securityatrisk.htm” [MS] HIJACK WARNING! “Tabs” = “res://ieframe.dll/tabswelcome.htm” [MS] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ Ati HotKey Poller, Ati HotKey Poller, “C:\WINDOWS\system32\Ati2evxx.exe” [“ATI Technologies Inc.”] Diskeeper, Diskeeper, ““C:\Program Files\Executive Software\DiskeeperLite\DKService.exe”” [“Executive Software International, Inc.”] Kaspersky Internet Security 6.0, AVP, ““C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe” -r” [“Kaspersky Lab”] LightScribeService Direct Disc Labeling Service, LightScribeService, ““C:\Program Files\Common Files\LightScribe\LSSrvc.exe”” [“Hewlett-Packard Company”] Machine Debug Manager, MDM, ““C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe”” [MS] ServiceLayer, ServiceLayer, ““C:\Program Files\PC Connectivity Solution\ServiceLayer.exe”” [“Nokia.”] Windows Defender, WinDefend, ““C:\Program Files\Windows Defender\MsMpEng.exe”” [MS] Print Monitors: --------------- HKLM\System\CurrentControlSet\Control\Print\Monitors\ hpzlnt04\Driver = “hpzlnt04.dll” [“HP”] Microsoft Shared Fax Monitor\Driver = “FXSMON.DLL” [MS] SUGS2 Langmon\Driver = “SUGS2LMK.DLL” [“Samsung Electronics.”] ---------- + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + The search for DESKTOP.INI DLL launch points on all local fixed drives took 184 seconds. + The search for all Registry CLSIDs containing dormant Explorer Bars took 26 seconds. ---------- (total run time: 278 seconds)

Złączono Posta : 29.06.2007 (Pią) 23:25

Teraz w jeszcze jednym pliku w System Volume…, ale na stronie kaspra na viruslist nie znajduje takiego trojana!

Ostatnio instalowałem Turbo Delphi 2006 może to od niego jakis fałszywy alarm?

Joan · 1 Lipiec 2007 19:51

logi są czyste, daj loga z ComboFix

pogoneiro · 1 Lipiec 2007 20:58

ComboFix nie działa, może dlatego że regedit został przez kaspra usunięty. Z tego co teraz mi wiadomo to był to fałszywy alarm, ale przez to straciłem plik regedit.exe.

Jednakże od kilku dni zauważyłem, że jak tylko kasper cos skanuje, np. obiekty startowe itp to komp praktycznie staje w miejscu - nie idzie nic robić tak długo uruchamia inne aplikacje czy nawet w przeglądarce nowego adresy nie chce wpisac. Rejestr poczyszczony regCleanerem, Startup zminimaliyowany, zrobiona defradmentacja a pomimo tego starsznie muli (ale tylko podczas skanowania - co do tej pory było niezauważalne)

A jak przywrócić regedit?

jan1 · 2 Lipiec 2007 05:20

Kasper powinien utworzyć kopie zapasową usuniętych plików jeśli tak się stało można wysłać je do ich laboratorium w celu sprawdzenia ,druga sprawa jeśli to był fałszywy alarm a są ich kopie po aktualizacji takie pliki są automatycznie sprawdzane i w razie błędu przywracane.

Joan · 2 Lipiec 2007 06:25

No można przywrócić świeżą kopię rejestru spod konsoli odzyskiwania, tylko że sterowniki będziesz musiał instalować. Gdyby nie było regedita to komp by Cię powitał BSODem i nic byś nie zrobił, więc może lepiej sprawdzić jakich wpisów brakuje, np programem Regmon.