aju
(aju)
30 Kwiecień 2006 21:16
#1
Ściągałem sobie program z neta i nod cały czas informował mnie, iż zbiór zawiera BAT/Delwin.BZ trojan i rozłączał pobieranie. Tak się nieszczęśliwie składało, iż program musiałem ściągnąć do końca więc pozwoliłem dościągać go do końca, nodowi kazałem zaś zignorować zagrożenie i wpuściłem wira do kompa z tym iż dałem kwarantanne (nod32 wyświetlił komunikat iż może dojść do zagrożenia).
Przeskanowałem już system AV i nic nie znalazły. Dla pewności jednak daję moje logi.
Logfile of HijackThis v1.99.1 Scan saved at 23:07:59, on 2006-04-30 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5335.0005) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Eset\nod32krn.exe C:\Program Files\Agnitum\Outpost Firewall\outpost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Eset\nod32kui.exe C:\Program Files\JetAudio\JetAudio.exe C:\Documents and Settings\Kuba\Program files\Gadu-Gadu\gg.exe C:\Documents and Settings\Kuba\Program files\Gmail Notifier\gnotify.exe C:\Program Files\Opera\Opera.exe C:\Documents and Settings\Kuba\Moje dokumenty\Aktówka\inne\pasek\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://onet.pl/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843 O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O4 - HKLM…\Run: [nod32kui] “C:\Program Files\Eset\nod32kui.exe” /WAITSERVICE O4 - HKLM…\Run: [Outpost Firewall] C:\Program Files\Agnitum\Outpost Firewall\outpost.exe /waitservice O4 - HKCU…\Run: [jetAudio] C:\Program Files\JetAudio\JetAudio.exe O4 - HKCU…\Run: [Gadu-Gadu] “C:\Documents and Settings\Kuba\Program files\Gadu-Gadu\gg.exe” /tray O4 - HKCU…\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Documents and Settings\Kuba\Program files\Gmail Notifier\gnotify.exe O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O11 - Options group: [iNTERNATIONAL] International* O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda … 5280663359 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup … 8295016140 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan … asinst.cab O20 - AppInit_DLLs: C:\PROGRA~1\Agnitum\OUTPOS~1\wl_hook.dll O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum Ltd. - C:\Program Files\Agnitum\Outpost Firewall\outpost.exe
“Silent Runners.vbs”, revision 45, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by “{++}” Startup items buried in registry: --------------------------------- HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} “jetAudio” = “C:\Program Files\JetAudio\JetAudio.exe” [“JetAudio, Inc.”] “Gadu-Gadu” = ““C:\Documents and Settings\Kuba\Program files\Gadu-Gadu\gg.exe” /tray” [“Gadu-Gadu Sp. z oo”] “{0228e555-4f9c-4e35-a3ec-b109a192b4c2}” = “C:\Documents and Settings\Kuba\Program files\Gmail Notifier\gnotify.exe” [“Google Inc.”] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} “nod32kui” = ““C:\Program Files\Eset\nod32kui.exe” /WAITSERVICE” ["Eset "] “Outpost Firewall” = “C:\Program Files\Agnitum\Outpost Firewall\outpost.exe /waitservice” [“Agnitum Ltd.”] HKLM\Software\Microsoft\Active Setup\Installed Components\ {44BBA844-CC51-11CF-AAFA-AABBCCDDEE02}(Default) = “skrzynka bogiego” \StubPath = “rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\skrzynka.inf,profil.d” [MS] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}(Default) = (no title provided) -> {HKLM…CLSID} = “SSVHelper Class” \InProcServer32(Default) = “C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll” [“Sun Microsystems, Inc.”] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ “{42071714-76d4-11d1-8b24-00a0c9068ff3}” = “Rozszerzenie CPL kadrowania wyświetlania” -> {HKLM…CLSID} = “Rozszerzenie CPL kadrowania wyświetlania” \InProcServer32(Default) = “deskpan.dll” [file not found] “{88895560-9AA2-1069-930E-00AA0030EBC8}” = “Rozszerzenie ikony HyperTerminalu” -> {HKLM…CLSID} = “HyperTerminal Icon Ext” \InProcServer32(Default) = “C:\WINDOWS\system32\hticons.dll” [“Hilgraeve, Inc.”] “{30D02401-6A81-11d0-8274-00C04FD5AE38}” = “IE Search Band” -> {HKLM…CLSID} = “IE Search Band” \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] “{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}” = “Shell DocObject Viewer” -> {HKLM…CLSID} = “Shell DocObject Viewer” \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] “{FBF23B40-E3F0-101B-8488-00AA003E56F8}” = “InternetShortcut” -> {HKLM…CLSID} = “Internet Shortcut” \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] “{3C374A40-BAE4-11CF-BF7D-00AA006946EE}” = “Microsoft Url History Service” -> {HKLM…CLSID} = “Microsoft Url History Service” \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] “{FF393560-C2A7-11CF-BFF4-444553540000}” = “History” -> {HKLM…CLSID} = “History” \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] “{7BD29E00-76C1-11CF-9DD0-00A0C9034933}” = “Temporary Internet Files” -> {HKLM…CLSID} = “Temporary Internet Files” \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] “{7BD29E01-76C1-11CF-9DD0-00A0C9034933}” = “Temporary Internet Files” -> {HKLM…CLSID} = “Temporary Internet Files” \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] “{CFBFAE00-17A6-11D0-99CB-00C04FD64497}” = “Microsoft Url Search Hook” -> {HKLM…CLSID} = “Microsoft Url Search Hook” \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] “{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}” = “The Internet” -> {HKLM…CLSID} = “The Internet” \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] “{871C5380-42A0-1069-A2EA-08002B30309D}” = “Internet Name Space” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] “{640167b4-59b0-47a6-b335-a6b3c0695aea}” = “Portable Media Devices” -> {HKLM…CLSID} = “Portable Media Devices” \InProcServer32(Default) = “C:\WINDOWS\system32\Audiodev.dll” [MS] “{cc86590a-b60a-48e6-996b-41d25ed39a1e}” = “Portable Media Devices Menu” -> {HKLM…CLSID} = “Portable Media Devices Menu” \InProcServer32(Default) = “C:\WINDOWS\system32\Audiodev.dll” [MS] “{2F603045-309F-11CF-9774-0020AFD0CFF6}” = “Synaptics Control Panel” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\Program Files\Synaptics\SynTP\SynTPCpl.dll” [“Synaptics, Inc.”] “{42042206-2D85-11D3-8CFF-005004838597}” = “Microsoft Office HTML Icon Handler” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\Program Files\Microsoft Office\Office10\msohev.dll” [MS] “{00DF1F20-0849-A4D1-0239-00D0AF3E9CB0}” = “TuneUp Shredder Shell Context Menu Extension” -> {HKLM…CLSID} = “TuneUp Shredder Shell Context Menu Extension” \InProcServer32(Default) = ““C:\Program Files\TuneUp Utilities 2006\sdshelex.dll”” [“TuneUp Software GmbH”] “{21569614-B795-46b1-85F4-E737A8DC09AD}” = “Shell Search Band” -> {HKLM…CLSID} = “Shell Search Band” \InProcServer32(Default) = “C:\WINDOWS\system32\browseui.dll” [MS] “{0006F045-0000-0000-C000-000000000046}” = “Microsoft Outlook Custom Icon Handler” -> {HKLM…CLSID} = “Rozszerzenie ikon plików programu Outlook” \InProcServer32(Default) = “C:\Program Files\Microsoft Office\Office10\OLKFSTUB.DLL” [MS] “{8D1636FD-CA49-4B4E-90E4-0A20E03A15E8}” = “jetAudio” -> {HKLM…CLSID} = “JetFlExt” \InProcServer32(Default) = “C:\Program Files\JetAudio\JetFlExt.dll” [“JetAudio, Inc.”] “{2B3453E4-49DF-11D3-8229-0080BE509050}” = “GMail Drive” -> {HKLM…CLSID} = “GMail Drive” \InProcServer32(Default) = “C:\WINDOWS\system32\ShellExt\GMailFS.dll” [“Bjarke Viksoe”] “{2B3453E4-49DF-11D3-8229-0080BE509052}” = “GMailFS Property Sheet” -> {HKLM…CLSID} = “GMailFS Property Sheet” \InProcServer32(Default) = “C:\WINDOWS\system32\ShellExt\GMailFS.dll” [“Bjarke Viksoe”] “{2B3453E4-49DF-11D3-8229-0080BE509054}” = “GMailFS Drop Handler” -> {HKLM…CLSID} = “GMailFS Drop Handler” \InProcServer32(Default) = “C:\WINDOWS\system32\ShellExt\GMailFS.dll” [“Bjarke Viksoe”] “{2B3453E4-49DF-11D3-8229-0080BE509056}” = “GMailFS Context Menu” -> {HKLM…CLSID} = “GMailFS Context Menu” \InProcServer32(Default) = “C:\WINDOWS\system32\ShellExt\GMailFS.dll” [“Bjarke Viksoe”] “{9DED7A30-D572-4D21-8D82-6945EA697400}” = “Macromedia FlashPaper Context Menu” -> {HKLM…CLSID} = “FlashPaperContextHandler Class” \InProcServer32(Default) = “C:\Program Files\Macromedia\FlashPaper 2\FlashPaperContextMenu.dll” [null data] “{43886CD5-6529-41c4-A707-7B3C92C05E68}” = “IE Navigation Bar” -> {HKLM…CLSID} = “IE Navigation Bar” \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] “{3028902F-6374-48b2-8DC6-9725E775B926}” = “IE AutoComplete” -> {HKLM…CLSID} = “IE AutoComplete” \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] “{4B78D326-D922-44f9-AF2A-07805C2A3560}” = “IE Menu Band” -> {HKLM…CLSID} = “IE Menu Band” \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] “{6CF48EF8-44CD-45d2-8832-A16EA016311B}” = “IE IShellFolderBand” -> {HKLM…CLSID} = “IE IShellFolderBand” \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] “{F2CF5485-4E02-4f68-819C-B92DE9277049}” = “&Links” -> {HKLM…CLSID} = “&Links” \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] “{1C1EDB47-CE22-4bbb-B608-77B48F83C823}” = “IE Fade Task” -> {HKLM…CLSID} = “IE Fade Task” \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] “{6B4ECC4F-16D1-4474-94AB-5A763F2A54AE}” = “IE Tracking Shell Menu” -> {HKLM…CLSID} = “IE Tracking Shell Menu” \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] “{44C76ECD-F7FA-411c-9929-1B77BA77F524}” = “IE Menu Site” -> {HKLM…CLSID} = “IE Menu Site” \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] “{e82a2d71-5b2f-43a0-97b8-81be15854de8}” = “ShellLink for Application References” -> {HKLM…CLSID} = “ShellLink for Application References” \InProcServer32(Default) = “C:\WINDOWS\system32\dfshim.dll” [MS] “{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75}” = “Shell Icon Handler for Application References” -> {HKLM…CLSID} = “Shell Icon Handler for Application References” \InProcServer32(Default) = “C:\WINDOWS\system32\dfshim.dll” [MS] “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” = “WinRAR shell extension” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] “{0D6D4F41-2994-4ba0-8FEF-620E43CD2812}” = “IE Microsoft Internet Toolbar” -> {HKLM…CLSID} = “IE Microsoft Internet Toolbar” \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] “{73CFD649-CD48-4fd8-A272-2070EA56526B}” = “IE BandProxy” -> {HKLM…CLSID} = “IE BandProxy” \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] “{07C45BB1-4A8C-4642-A1F5-237E7215FF66}” = “IE Microsoft BrowserBand” -> {HKLM…CLSID} = “IE Microsoft BrowserBand” \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] “{C4EC38BD-4E9E-4b5e-935A-D1BFF237D980}” = “Explorer Travel Band” -> {HKLM…CLSID} = “Explorer Travel Band” \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] “{6D8BB3D3-9D87-4a91-AB56-4F30CFFEFE9F}” = “Explorer Search Band” -> {HKLM…CLSID} = “Explorer Search Band” \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] “{F83DAC1C-9BB9-4f2b-B619-09819DA81B0E}” = “IE Registry Tree Options Utility” -> {HKLM…CLSID} = “IE Registry Tree Options Utility” \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] “{DE011590-0531-4804-9C9C-3FEDC7E6E5C8}” = “IE &Address” -> {HKLM…CLSID} = “IE &Address” \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] “{7E48925F-FF5C-47fa-A99A-F5912A10623B}” = “IE Address EditBox” -> {HKLM…CLSID} = “IE Address EditBox” \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] “{98FF6D4B-6387-4b0a-8FBD-C5C4BB17B4F8}” = “IE MRU AutoComplete List” -> {HKLM…CLSID} = “IE MRU AutoComplete List” \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] “{FDE7673D-2E19-4145-8376-BBD58C4BC7BA}” = “IE Custom MRU AutoCompleted List” -> {HKLM…CLSID} = “IE Custom MRU AutoCompleted List” \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] “{6038EF75-ABFC-4e59-AB6F-12D397F6568D}” = “IE Microsoft History AutoComplete List” -> {HKLM…CLSID} = “IE Microsoft History AutoComplete List” \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] “{9D958C62-3954-4b44-8FAB-C4670C1DB4C2}” = “IE Microsoft Shell Folder AutoComplete List” -> {HKLM…CLSID} = “IE Microsoft Shell Folder AutoComplete List” \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] “{B31C5FAE-961F-415b-BAF0-E697A5178B94}” = “IE Microsoft Multiple AutoComplete List Container” -> {HKLM…CLSID} = “IE Microsoft Multiple AutoComplete List Container” \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] “{E6EE9AAC-F76B-4947-8260-A9F136138E11}” = “IE Shell Band Site Menu” -> {HKLM…CLSID} = “IE Shell Band Site Menu” \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] “{BFAD62EE-9D54-4b2a-BF3B-76F90697BD2A}” = “IE Shell Rebar BandSite” -> {HKLM…CLSID} = “IE Shell Rebar BandSite” \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] “{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75}” = “IE User Assist” -> {HKLM…CLSID} = “IE User Assist” \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] “{F0353E1D-FEEC-474e-A984-1E5C6865E380}” = “IE Global Folder Settings” -> {HKLM…CLSID} = “IE Global Folder Settings” \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] “{205D7A97-F16D-4691-86EF-F3075DCCA57D}” = “IE Menu Desk Bar” -> {HKLM…CLSID} = “IE Menu Desk Bar” \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] “{482A7CB3-2EDF-4595-A315-A5244F1E96E6}” = “IE Search Control” -> {HKLM…CLSID} = “IE Search Control” \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] “{BC476F4C-D9D7-4100-8D4E-E043F6DEC409}” = “Microsoft Browser Architecture” -> {HKLM…CLSID} = “Microsoft Browser Architecture” \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] “{B089FE88-FB52-11D3-BDF1-0050DA34150D}” = “NOD32 Context Menu Shell Extension” -> {HKLM…CLSID} = “NOD32 Context Menu Shell Extension” \InProcServer32(Default) = “C:\Program Files\Eset\nodshex.dll” [null data] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\ INFECTION WARNING! “{553858A7-4922-4e7e-B1C1-97140C1C16EF}” = “IE Component Categories cache daemon” -> {HKLM…CLSID} = “IE Component Categories cache daemon” \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\ INFECTION WARNING! “AppInit_DLLs” = “C:\PROGRA~1\Agnitum\OUTPOS~1\wl_hook.dll” [“Agnitum Ltd.”] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ INFECTION WARNING! AtiExtEvent\DLLName = “Ati2evxx.dll” [“ATI Technologies Inc.”] HKLM\Software\Classes*\shellex\ContextMenuHandlers\ ASW(Default) = “{33C9E362-3EDA-4930-8AFE-5DA39A8BB77A}” -> {HKLM…CLSID} = “Outpost.ASWShellExt Component” \InProcServer32(Default) = “C:\Program Files\Agnitum\Outpost Firewall\op_shell.dll” [“Agnitum Ltd.”] Macromedia.FlashPaper.ContextMenu(Default) = “{9DED7A30-D572-4D21-8D82-6945EA697400}” -> {HKLM…CLSID} = “FlashPaperContextHandler Class” \InProcServer32(Default) = “C:\Program Files\Macromedia\FlashPaper 2\FlashPaperContextMenu.dll” [null data] NOD32 Context Menu Shell Extension(Default) = “{B089FE88-FB52-11D3-BDF1-0050DA34150D}” -> {HKLM…CLSID} = “NOD32 Context Menu Shell Extension” \InProcServer32(Default) = “C:\Program Files\Eset\nodshex.dll” [null data] TuneUp Shredder(Default) = “{00DF1F20-0849-A4D1-0239-00D0AF3E9CB0}” -> {HKLM…CLSID} = “TuneUp Shredder Shell Context Menu Extension” \InProcServer32(Default) = ““C:\Program Files\TuneUp Utilities 2006\sdshelex.dll”” [“TuneUp Software GmbH”] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ ASW(Default) = “{33C9E362-3EDA-4930-8AFE-5DA39A8BB77A}” -> {HKLM…CLSID} = “Outpost.ASWShellExt Component” \InProcServer32(Default) = “C:\Program Files\Agnitum\Outpost Firewall\op_shell.dll” [“Agnitum Ltd.”] jetAudio(Default) = “{8D1636FD-CA49-4B4E-90E4-0A20E03A15E8}” -> {HKLM…CLSID} = “JetFlExt” \InProcServer32(Default) = “C:\Program Files\JetAudio\JetFlExt.dll” [“JetAudio, Inc.”] TuneUp Shredder(Default) = “{00DF1F20-0849-A4D1-0239-00D0AF3E9CB0}” -> {HKLM…CLSID} = “TuneUp Shredder Shell Context Menu Extension” \InProcServer32(Default) = ““C:\Program Files\TuneUp Utilities 2006\sdshelex.dll”” [“TuneUp Software GmbH”] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ ASW(Default) = “{33C9E362-3EDA-4930-8AFE-5DA39A8BB77A}” -> {HKLM…CLSID} = “Outpost.ASWShellExt Component” \InProcServer32(Default) = “C:\Program Files\Agnitum\Outpost Firewall\op_shell.dll” [“Agnitum Ltd.”] jetAudio(Default) = “{8D1636FD-CA49-4B4E-90E4-0A20E03A15E8}” -> {HKLM…CLSID} = “JetFlExt” \InProcServer32(Default) = “C:\Program Files\JetAudio\JetFlExt.dll” [“JetAudio, Inc.”] NOD32 Context Menu Shell Extension(Default) = “{B089FE88-FB52-11D3-BDF1-0050DA34150D}” -> {HKLM…CLSID} = “NOD32 Context Menu Shell Extension” \InProcServer32(Default) = “C:\Program Files\Eset\nodshex.dll” [null data] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] Active Desktop and Wallpaper: ----------------------------- Active Desktop is disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState HKCU\Control Panel\Desktop\ “Wallpaper” = “C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp” Enabled Screen Saver: --------------------- HKCU\Control Panel\Desktop\ “SCRNSAVE.EXE” = “C:\WINDOWS\system32\fish.scr” [null data] DESKTOP.INI DLL launch in local fixed drive directories: -------------------------------------------------------- C:\Documents and Settings\Kuba\Cookies\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Microsoft\Feeds\Feeds Cache\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Microsoft\Feeds\Feeds Cache\0S8I0G60\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Microsoft\Feeds\Feeds Cache\QOL0G9TL\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Microsoft\Feeds\Feeds Cache\RDOCFMOO\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Microsoft\Feeds\Feeds Cache\U4IGSK6X\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\Documents and Settings\Kuba\Ustawienia lokalne\Historia\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] CLSID={FF393560-C2A7-11CF-BFF4-444553540000} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\Documents and Settings\Kuba\Ustawienia lokalne\Historia\History.IE5\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\Documents and Settings\Kuba\Ustawienia lokalne\Temporary Internet Files\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\Documents and Settings\Kuba\Ustawienia lokalne\Temporary Internet Files\Content.IE5\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\Documents and Settings\LocalService\Cookies\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\Documents and Settings\LocalService\Ustawienia lokalne\Historia\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] CLSID={FF393560-C2A7-11CF-BFF4-444553540000} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\Documents and Settings\LocalService\Ustawienia lokalne\Historia\History.IE5\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] CLSID={FF393560-C2A7-11CF-BFF4-444553540000} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\Documents and Settings\LocalService\Ustawienia lokalne\Temporary Internet Files\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\Documents and Settings\LocalService\Ustawienia lokalne\Temporary Internet Files\Content.IE5\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\Documents and Settings\Piotr\Cookies\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\Microsoft\Feeds\Feeds Cache\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\Microsoft\Feeds\Feeds Cache\KEWOFY2P\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\Microsoft\Feeds\Feeds Cache\KT8I148P\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\Microsoft\Feeds\Feeds Cache\T0QE45OL\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\Microsoft\Feeds\Feeds Cache\ZVXBWR3G\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\Documents and Settings\Piotr\Ustawienia lokalne\Historia\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] CLSID={FF393560-C2A7-11CF-BFF4-444553540000} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\Documents and Settings\Piotr\Ustawienia lokalne\Historia\History.IE5\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] CLSID={FF393560-C2A7-11CF-BFF4-444553540000} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\Documents and Settings\Piotr\Ustawienia lokalne\Temporary Internet Files\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\Documents and Settings\Piotr\Ustawienia lokalne\Temporary Internet Files\Content.IE5\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\Documents and Settings\Piotr\Ustawienia lokalne\Temporary Internet Files\Content.IE5\AQJRREUZ\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\Documents and Settings\Piotr\Ustawienia lokalne\Temporary Internet Files\Content.IE5\V5RL4XRG\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\Documents and Settings\Piotr\Ustawienia lokalne\Temporary Internet Files\Content.IE5\YMH9XMOJ\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\Documents and Settings\Piotr\Ustawienia lokalne\Temporary Internet Files\Content.IE5\Z5JOXE48\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\Documents and Settings\Tadeusz\Cookies\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\Documents and Settings\Tadeusz\Ustawienia lokalne\Dane aplikacji\Microsoft\Feeds\Feeds Cache\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\Documents and Settings\Tadeusz\Ustawienia lokalne\Dane aplikacji\Microsoft\Feeds\Feeds Cache\1KZD5A1E\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\Documents and Settings\Tadeusz\Ustawienia lokalne\Dane aplikacji\Microsoft\Feeds\Feeds Cache\7HU4Z07E\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\Documents and Settings\Tadeusz\Ustawienia lokalne\Dane aplikacji\Microsoft\Feeds\Feeds Cache\BSKY7IO1\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\Documents and Settings\Tadeusz\Ustawienia lokalne\Dane aplikacji\Microsoft\Feeds\Feeds Cache\NMGXFTRU\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\Documents and Settings\Tadeusz\Ustawienia lokalne\Historia\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] CLSID={FF393560-C2A7-11CF-BFF4-444553540000} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\Documents and Settings\Tadeusz\Ustawienia lokalne\Historia\History.IE5\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\Documents and Settings\Tadeusz\Ustawienia lokalne\Temporary Internet Files\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\Documents and Settings\Tadeusz\Ustawienia lokalne\Temporary Internet Files\Content.IE5\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Historia\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] CLSID={FF393560-C2A7-11CF-BFF4-444553540000} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Temporary Internet Files\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Temporary Internet Files\Content.IE5\GBWD8L2B\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Temporary Internet Files\Content.IE5\I963I9EJ\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Temporary Internet Files\Content.IE5\MXGJCPMH\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Temporary Internet Files\Content.IE5\UVKFGBQN\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\WINDOWS\Temp\Historia\History.IE5\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] CLSID={FF393560-C2A7-11CF-BFF4-444553540000} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\HLYBRVK2\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\I4KU426V\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\UUNZYNFJ\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\VTLYHIV2\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] Enabled Scheduled Tasks: ------------------------ “Critical Battery Alarm Program” -> WARNING – The file “Critical Battery Alarm Program.job” is corrupt! (no executable) Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] 000000000002\LibraryPath = “%SystemRoot%\System32\winrnr.dll” [MS] 000000000003\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: C:\WINDOWS\system32\imon.dll ["Eset "], 01 - 05, 17 %SystemRoot%\system32\mswsock.dll [MS], 06 - 08, 11 - 16 %SystemRoot%\system32\rsvpsp.dll [MS], 09 - 10 Toolbars, Explorer Bars, Extensions: ------------------------------------ Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ “MenuText” = “Sun Java Console” “CLSIDExtension” = “{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}” -> {HKCU…CLSID} = “Java Plug-in” \InProcServer32(Default) = “C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll” [“Sun Microsystems, Inc.”] -> {HKLM…CLSID} = “Java Plug-in 1.5.0_06” \InProcServer32(Default) = “C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll” [“Sun Microsystems, Inc.”] Miscellaneous IE Hijack Points ------------------------------ C:\WINDOWS\INF\IERESET.INF (used to “Reset Web Settings”) Added lines (compared with English-language version): [strings]: START_PAGE_URL=“http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome ” [strings]: MS_START_PAGE_URL=“http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome ” Missing lines (compared with English-language version): [strings]: 2 lines HKLM\Software\Microsoft\Internet Explorer\AboutURLs\ HIJACK WARNING! “TuneUp” = “file://C|/Documents and Settings/All Users/Dane aplikacji/TuneUp Software/Common/base.css” [file not found] HIJACK WARNING! “NoAdd-ons” = “res://ieframe.dll/noaddon.htm” [MS] HIJACK WARNING! “NoAdd-onsInfo” = “res://ieframe.dll/noaddoninfo.htm” [MS] HIJACK WARNING! “SecurityRisk” = “res://ieframe.dll/securityatrisk.htm” [MS] HIJACK WARNING! “Tabs” = “res://ieframe.dll/tabswelcome.htm” [MS] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ NOD32 Kernel Service, NOD32krn, ““C:\Program Files\Eset\nod32krn.exe”” ["Eset "] Outpost Firewall Service, OutpostFirewall, “C:\Program Files\Agnitum\Outpost Firewall\outpost.exe /service” [“Agnitum Ltd.”] Windows User Mode Driver Framework, UMWdf, “C:\WINDOWS\system32\wdfmgr.exe” [MS] Print Monitors: --------------- HKLM\System\CurrentControlSet\Control\Print\Monitors\ hpzsnt05\Driver = “hpzsnt05.dll” [“HP”] ---------- + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + The search for DESKTOP.INI DLL launch points on all local fixed drives took 8 seconds. + The search for all Registry CLSIDs containing dormant Explorer Bars took 11 seconds. ---------- (total run time: 41 seconds)
Bieniol
(Bbieniol)
30 Kwiecień 2006 21:22
#2
Moge Cie pocieszyć - w logach czysto
Pzdr
uzyj jakiegos skanera online. A tak wogóle to z jakiej str sciągałeś i jaki to był program.
pozdro
aju
(aju)
30 Kwiecień 2006 21:35
#4
Karolcia126 przeczytaj dokładnie mój post. Napisałem że skanowałem już system.
Bieniol bardzo dziękuję za odpowiedź. Najwyraźniej wirusik siedzi sobie w kwarantannie.
Temat uważam za zamknięty.
heh a ty przeczytaj dokładnie moje pytanie .Pytałam sie na jakiej str sciągałeś ten program i co to był?
](*,) ](*,)
Gutek
(Gutek)
30 Kwiecień 2006 21:43
#6
Ok aby nie było zbędnych dyskusji Zamykam