Logi do sprawdzenia

avidawid · 16 Styczeń 2007 19:37

jesli byscie byli tacy mili i logi mi sprawdzili

Logfile of HijackThis v1.99.1

Scan saved at 20:38:06, on 2007-01-16

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\SYSTEM32\GEARSEC.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\oodag.exe

C:\WINDOWS\Explorer.EXE

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\rmctrl.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\22M WLAN Adapter\WLANMON.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\eMule\emule.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Star Downloader\stardown.exe

C:\DOCUME~1\dawid\USTAWI~1\Temp\Rar$EX00.505\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.bearshare.com/sidebar.html?src=ssb

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.bearshare.com/sidebar.html?src=ssb

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.interia.pl/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll

O2 - BHO: (no name) - {FFFFFEF0-5B30-21D4-945D-000000000000} - C:\PROGRA~1\STARDO~1\SDIEInt.dll

O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL

O4 - HKLM…\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM…\Run: [RemoteControl] C:\WINDOWS\system32\rmctrl.exe

O4 - HKLM…\Run: [nwiz] nwiz.exe /install

O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM…\Run: [DAEMON Tools] “D:\TEST\DAEMON Tools\daemon.exe” -lang 1045 -noicon

O4 - HKCU…\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Global Startup: 22M WLAN Adapter.lnk = ?

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O8 - Extra context menu item: Download with Star Downloader - C:\Program Files\Star Downloader\sdie.htm

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll

O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O11 - Options group: [iNTERNATIONAL] International*

O15 - Trusted Zone: http://*.mks.com.pl

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar … vSniff.cab

O16 - DPF: {5A09E43F-A0A7-4ABF-AF80-11367CF1DC8F} (MainControl Class) - http://mks.com.pl/skaner/SkanerOnline.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda … 0304895070

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar … /cabsa.cab

O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MainControl Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup … 9774180806

O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\SYSTEM32\GEARSEC.EXE

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: MkS_Vir Monitor (MksVirMonSvc) - Unknown owner - C:\Program Files\MKS\Bin\mksmonsv.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe

“Silent Runners.vbs”, revision 45, http://www.silentrunners.org/

Operating System: Windows XP SP2

Output limited to non-default values, except where indicated by “{++}”

Startup items buried in registry:

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}

“ctfmon.exe” = “C:\WINDOWS\system32\ctfmon.exe” [MS]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}

“avast!” = “C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [null data]

“RemoteControl” = “C:\WINDOWS\system32\rmctrl.exe” [null data]

“nwiz” = “nwiz.exe /install” [“NVIDIA Corporation”]

“NvCplDaemon” = “RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup” [MS]

“DAEMON Tools” = ““D:\TEST\DAEMON Tools\daemon.exe” -lang 1045 -noicon” [“DT Soft Ltd.”]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided)

-> {HKLM…CLSID} = “AcroIEHlprObj Class”

\InProcServer32(Default) = “C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll” [“Adobe Systems Incorporated”]

{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}(Default) = (no title provided)

-> {HKLM…CLSID} = “Megaupload Toolbar”

\InProcServer32(Default) = “C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL” [“MegaUpload”]

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}(Default) = (no title provided)

-> {HKLM…CLSID} = “SSVHelper Class”

\InProcServer32(Default) = “C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll” [“Sun Microsystems, Inc.”]

{FFFFFEF0-5B30-21D4-945D-000000000000}(Default) = (no title provided)

-> {HKLM…CLSID} = (no title provided)

\InProcServer32(Default) = “C:\PROGRA~1\STARDO~1\SDIEInt.dll” [null data]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

“{42071714-76d4-11d1-8b24-00a0c9068ff3}” = “Rozszerzenie CPL kadrowania wyświetlania”

-> {HKLM…CLSID} = “Rozszerzenie CPL kadrowania wyświetlania”

\InProcServer32(Default) = “deskpan.dll” [file not found]

“{88895560-9AA2-1069-930E-00AA0030EBC8}” = “Rozszerzenie ikony HyperTerminalu”

-> {HKLM…CLSID} = “HyperTerminal Icon Ext”

\InProcServer32(Default) = “C:\WINDOWS\system32\hticons.dll” [“Hilgraeve, Inc.”]

“{30D02401-6A81-11d0-8274-00C04FD5AE38}” = “IE Search Band”

-> {HKLM…CLSID} = “IE Search Band”

\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS]

“{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}” = “Shell DocObject Viewer”

-> {HKLM…CLSID} = “Shell DocObject Viewer”

\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS]

“{FBF23B40-E3F0-101B-8488-00AA003E56F8}” = “InternetShortcut”

-> {HKLM…CLSID} = “Internet Shortcut”

\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS]

“{3C374A40-BAE4-11CF-BF7D-00AA006946EE}” = “Microsoft Url History Service”

-> {HKLM…CLSID} = “Microsoft Url History Service”

\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS]

“{FF393560-C2A7-11CF-BFF4-444553540000}” = “History”

-> {HKLM…CLSID} = “History”

\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS]

“{7BD29E00-76C1-11CF-9DD0-00A0C9034933}” = “Temporary Internet Files”

-> {HKLM…CLSID} = “Temporary Internet Files”

\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS]

“{7BD29E01-76C1-11CF-9DD0-00A0C9034933}” = “Temporary Internet Files”

-> {HKLM…CLSID} = “Temporary Internet Files”

\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS]

“{CFBFAE00-17A6-11D0-99CB-00C04FD64497}” = “Microsoft Url Search Hook”

-> {HKLM…CLSID} = “Microsoft Url Search Hook”

\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS]

“{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}” = “The Internet”

-> {HKLM…CLSID} = “The Internet”

\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS]

“{871C5380-42A0-1069-A2EA-08002B30309D}” = “Internet Name Space”

-> {HKLM…CLSID} = (no title provided)

\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS]

“{472083B0-C522-11CF-8763-00608CC02F24}” = “avast”

-> {HKLM…CLSID} = “avast”

\InProcServer32(Default) = “C:\Program Files\Alwil Software\Avast4\ashShell.dll” [“ALWIL Software”]

“{B41DB860-8EE4-11D2-9906-E49FADC173CA}” = “WinRAR shell extension”

-> {HKLM…CLSID} = “WinRAR”

\InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data]

“{00020000-0000-1011-8004-0000C06B5161}” = “WIBU-SYSTEMS Shell Extension”

-> {HKLM…CLSID} = “WIBU-SYSTEMS Shell Extension”

\InProcServer32(Default) = “C:\Program Files\WIBU-SYSTEMS\System\WibuShellExt.dll” [“WIBU-SYSTEMS AG”]

“{21569614-B795-46b1-85F4-E737A8DC09AD}” = “Shell Search Band”

-> {HKLM…CLSID} = “Shell Search Band”

\InProcServer32(Default) = “C:\WINDOWS\system32\browseui.dll” [MS]

“{42042206-2D85-11D3-8CFF-005004838597}” = “Microsoft Office HTML Icon Handler”

-> {HKLM…CLSID} = (no title provided)

\InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\Office10\msohev.dll” [MS]

“{e82a2d71-5b2f-43a0-97b8-81be15854de8}” = “ShellLink for Application References”

-> {HKLM…CLSID} = “ShellLink for Application References”

\InProcServer32(Default) = “C:\WINDOWS\system32\dfshim.dll” [MS]

“{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75}” = “Shell Icon Handler for Application References”

-> {HKLM…CLSID} = “Shell Icon Handler for Application References”

\InProcServer32(Default) = “C:\WINDOWS\system32\dfshim.dll” [MS]

“{A4DF5659-0801-4A60-9607-1C48695EFDA9}” = “Folder przesyłania Share-to-Web”

-> {HKLM…CLSID} = “Folder przesyłania Share-to-Web”

\InProcServer32(Default) = “C:\Program Files\Hewlett-Packard\HP Share-to-Web\HPGS2WNS.DLL” [“Hewlett-Packard”]

“{A70C977A-BF00-412C-90B7-034C51DA2439}” = “NvCpl DesktopContext Class”

-> {HKLM…CLSID} = “DesktopContext Class”

\InProcServer32(Default) = “C:\WINDOWS\system32\nvcpl.dll” [“NVIDIA Corporation”]

“{1CDB2949-8F65-4355-8456-263E7C208A5D}” = “Desktop Explorer”

-> {HKLM…CLSID} = “Desktop Explorer”

\InProcServer32(Default) = “C:\WINDOWS\system32\nvshell.dll” [“NVIDIA Corporation”]

“{1E9B04FB-F9E5-4718-997B-B8DA88302A47}” = “Desktop Explorer Menu”

-> {HKLM…CLSID} = (no title provided)

\InProcServer32(Default) = “C:\WINDOWS\system32\nvshell.dll” [“NVIDIA Corporation”]

“{1E9B04FB-F9E5-4718-997B-B8DA88302A48}” = “nView Desktop Context Menu”

-> {HKLM…CLSID} = “nView Desktop Context Menu”

\InProcServer32(Default) = “C:\WINDOWS\system32\nvshell.dll” [“NVIDIA Corporation”]

“{efb97cb8-a4a4-4357-a261-002ffaed0267}” = “CD Slideshow Powertoy”

-> {HKCU…CLSID} = “CD Burn Slideshow Hook”

\InProcServer32(Default) = “C:\WINDOWS\system32\slideshow.dll” [MS]

“{0006F045-0000-0000-C000-000000000046}” = “Microsoft Outlook Custom Icon Handler”

-> {HKLM…CLSID} = “Rozszerzenie ikon plików programu Outlook”

\InProcServer32(Default) = “C:\Program Files\Microsoft Office\Office10\OLKFSTUB.DLL” [MS]

“{640167b4-59b0-47a6-b335-a6b3c0695aea}” = “Portable Media Devices”

-> {HKLM…CLSID} = “Portable Media Devices”

\InProcServer32(Default) = “C:\WINDOWS\system32\Audiodev.dll” [MS]

“{35786D3C-B075-49b9-88DD-029876E11C01}” = “Portable Devices”

-> {HKLM…CLSID} = “Portable Devices”

\InProcServer32(Default) = “C:\WINDOWS\system32\wpdshext.dll” [MS]

“{D6791A63-E7E2-4fee-BF52-5DED8E86E9B8}” = “Portable Devices Menu”

-> {HKLM…CLSID} = “Portable Devices Menu”

\InProcServer32(Default) = “C:\WINDOWS\system32\wpdshext.dll” [MS]

“{07C45BB1-4A8C-4642-A1F5-237E7215FF66}” = “IE Microsoft BrowserBand”

-> {HKLM…CLSID} = “IE Microsoft BrowserBand”

\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS]

“{1C1EDB47-CE22-4bbb-B608-77B48F83C823}” = “IE Fade Task”

-> {HKLM…CLSID} = “IE Fade Task”

\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS]

“{205D7A97-F16D-4691-86EF-F3075DCCA57D}” = “IE Menu Desk Bar”

-> {HKLM…CLSID} = “IE Menu Desk Bar”

\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS]

“{3028902F-6374-48b2-8DC6-9725E775B926}” = “IE AutoComplete”

-> {HKLM…CLSID} = “IE AutoComplete”

\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS]

“{43886CD5-6529-41c4-A707-7B3C92C05E68}” = “IE Navigation Bar”

-> {HKLM…CLSID} = “IE Navigation Bar”

\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS]

“{44C76ECD-F7FA-411c-9929-1B77BA77F524}” = “IE Menu Site”

-> {HKLM…CLSID} = “IE Menu Site”

\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS]

“{4B78D326-D922-44f9-AF2A-07805C2A3560}” = “IE Menu Band”

-> {HKLM…CLSID} = “IE Menu Band”

\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS]

“{6038EF75-ABFC-4e59-AB6F-12D397F6568D}” = “IE Microsoft History AutoComplete List”

-> {HKLM…CLSID} = “IE Microsoft History AutoComplete List”

\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS]

“{6B4ECC4F-16D1-4474-94AB-5A763F2A54AE}” = “IE Tracking Shell Menu”

-> {HKLM…CLSID} = “IE Tracking Shell Menu”

\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS]

“{6CF48EF8-44CD-45d2-8832-A16EA016311B}” = “IE IShellFolderBand”

-> {HKLM…CLSID} = (no title provided)

\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS]

“{73CFD649-CD48-4fd8-A272-2070EA56526B}” = “IE BandProxy”

-> {HKLM…CLSID} = “IE BandProxy”

\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS]

“{98FF6D4B-6387-4b0a-8FBD-C5C4BB17B4F8}” = “IE MRU AutoComplete List”

-> {HKLM…CLSID} = “IE MRU AutoComplete List”

\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS]

“{9A096BB5-9DC3-4D1C-8526-C3CBF991EA4E}” = “IE RSS Feeder Folder”

-> {HKLM…CLSID} = “IE RSS Feeds Folder”

\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS]

“{9D958C62-3954-4b44-8FAB-C4670C1DB4C2}” = “IE Microsoft Shell Folder AutoComplete List”

-> {HKLM…CLSID} = “IE Microsoft Shell Folder AutoComplete List”

\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS]

“{B31C5FAE-961F-415b-BAF0-E697A5178B94}” = “IE Microsoft Multiple AutoComplete List Container”

-> {HKLM…CLSID} = “IE Microsoft Multiple AutoComplete List Container”

\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS]

“{BC476F4C-D9D7-4100-8D4E-E043F6DEC409}” = “Microsoft Browser Architecture”

-> {HKLM…CLSID} = “Microsoft Browser Architecture”

\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS]

“{BFAD62EE-9D54-4b2a-BF3B-76F90697BD2A}” = “IE Shell Rebar BandSite”

-> {HKLM…CLSID} = “IE Shell Rebar BandSite”

\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS]

“{E6EE9AAC-F76B-4947-8260-A9F136138E11}” = “IE Shell Band Site Menu”

-> {HKLM…CLSID} = “IE Shell Band Site Menu”

\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS]

“{F2CF5485-4E02-4f68-819C-B92DE9277049}” = “&Links”

-> {HKLM…CLSID} = “&Links”

\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS]

“{F83DAC1C-9BB9-4f2b-B619-09819DA81B0E}” = “IE Registry Tree Options Utility”

-> {HKLM…CLSID} = “IE Registry Tree Options Utility”

\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS]

“{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75}” = “IE User Assist”

-> {HKLM…CLSID} = “IE User Assist”

\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS]

“{FDE7673D-2E19-4145-8376-BBD58C4BC7BA}” = “IE Custom MRU AutoCompleted List”

-> {HKLM…CLSID} = “IE Custom MRU AutoCompleted List”

\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS]

“{A5110426-177D-4e08-AB3F-785F10B4439C}” = “Sony Ericsson File Manager”

-> {HKLM…CLSID} = “Sony Ericsson File Manager”

\InProcServer32(Default) = “C:\Program Files\Sony Ericsson\Mobile2\File Manager\fmgrgui.dll” [“Sony Ericsson Mobile Communications AB”]

“{AC0B5D2E-B691-4E12-A4F9-CA88492579A2}” = “Zinio Shell Extension”

-> {HKLM…CLSID} = “Zinio Magazine”

\InProcServer32(Default) = “C:\Program Files\Common Files\Zinio\ZShext.dll” [“Zinio Systems, Inc.”]

“{A9AACA72-1C51-4F84-804D-90EDBA0D58F4}” = “Zinio Magazine Column Provider”

-> {HKLM…CLSID} = “MyMagazinesColumn Class”

\InProcServer32(Default) = “C:\Program Files\Common Files\Zinio\ZShext.dll” [“Zinio Systems, Inc.”]

“{FFB699E0-306A-11d3-8BD1-00104B6F7516}” = “Play on my TV helper”

-> {HKLM…CLSID} = “NVIDIA CPL Extension”

\InProcServer32(Default) = “C:\WINDOWS\system32\nvcpl.dll” [“NVIDIA Corporation”]

HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\

“WPDShServiceObj” = “{AAA288BA-9A4C-45B0-95D7-94D524869DB5}”

-> {HKLM…CLSID} = “WPDShServiceObj Class”

\InProcServer32(Default) = “C:\WINDOWS\system32\WPDShServiceObj.dll” [MS]

HKLM\System\CurrentControlSet\Control\Session Manager\

INFECTION WARNING! “BootExecute” = “autocheck autochk * OODBS” [file not found], [MS], [file not found], [file not found]

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\

INFECTION WARNING! WgaLogon\DLLName = “WgaLogon.dll” [MS]

HKLM\Software\Classes\Folder\shellex\ColumnHandlers\

{00020000-0000-1011-8004-0000C06B5161}(Default) = (no title provided)

-> {HKLM…CLSID} = “WIBU-SYSTEMS Shell Extension”

\InProcServer32(Default) = “C:\Program Files\WIBU-SYSTEMS\System\WibuShellExt.dll” [“WIBU-SYSTEMS AG”]

{A9AACA72-1C51-4F84-804D-90EDBA0D58F4}(Default) = “Zinio Magazine Column Provider”

-> {HKLM…CLSID} = “MyMagazinesColumn Class”

\InProcServer32(Default) = “C:\Program Files\Common Files\Zinio\ZShext.dll” [“Zinio Systems, Inc.”]

{F9DB5320-233E-11D1-9F84-707F02C10627}(Default) = “PDF Column Info”

-> {HKLM…CLSID} = “PDF Shell Extension”

\InProcServer32(Default) = “C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll” [“Adobe Systems, Inc.”]

HKLM\Software\Classes*\shellex\ContextMenuHandlers\

avast(Default) = “{472083B0-C522-11CF-8763-00608CC02F24}”

-> {HKLM…CLSID} = “avast”

\InProcServer32(Default) = “C:\Program Files\Alwil Software\Avast4\ashShell.dll” [“ALWIL Software”]

MyPhoneExplorer(Default) = “{2D30AAA2-9084-4686-B8B9-B9B62EEFFD4E}”

-> {HKLM…CLSID} = “MyPhoneExplorer_ShellEx.ShellExt”

\InProcServer32(Default) = “D:\TEST\MyPhoneExplorer\DLL\ShellMgr.dll” [“F.J. Wechselberger”]

WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}”

-> {HKLM…CLSID} = “WinRAR”

\InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\

WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}”

-> {HKLM…CLSID} = “WinRAR”

\InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\

avast(Default) = “{472083B0-C522-11CF-8763-00608CC02F24}”

-> {HKLM…CLSID} = “avast”

\InProcServer32(Default) = “C:\Program Files\Alwil Software\Avast4\ashShell.dll” [“ALWIL Software”]

WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}”

-> {HKLM…CLSID} = “WinRAR”

\InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data]

Active Desktop and Wallpaper:

Active Desktop is disabled at this entry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

HKCU\Control Panel\Desktop\

“Wallpaper” = “C:\Documents and Settings\dawid\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp”

Startup items in “dawid” & “All Users” startup folders:

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart

“22M WLAN Adapter” -> shortcut to: “C:\Program Files\22M WLAN Adapter\WLANMON.exe” [empty string]

“Adobe Reader Speed Launch” -> shortcut to: “C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe” [“Adobe Systems Incorporated”]

Winsock2 Service Provider DLLs:

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}

000000000001\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS]

000000000002\LibraryPath = “%SystemRoot%\System32\winrnr.dll” [MS]

000000000003\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}

0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:

%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 14

%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05

Toolbars, Explorer Bars, Extensions:

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\

“{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}”

-> {HKLM…CLSID} = “Megaupload Toolbar”

\InProcServer32(Default) = “C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL” [“MegaUpload”]

HKLM\Software\Microsoft\Internet Explorer\Toolbar\

“{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}” = (no title provided)

-> {HKLM…CLSID} = “Megaupload Toolbar”

\InProcServer32(Default) = “C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL” [“MegaUpload”]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\

{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\

“MenuText” = “Sun Java Console”

“CLSIDExtension” = “{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBC}”

-> {HKCU…CLSID} = “Java Plug-in”

\InProcServer32(Default) = “C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll” [“Sun Microsystems, Inc.”]

-> {HKLM…CLSID} = “Java Plug-in 1.5.0_07”

\InProcServer32(Default) = “C:\Program Files\Java\jre1.5.0_07\bin\npjpi150_07.dll” [“Sun Microsystems, Inc.”]

{E2E2DD38-D088-4134-82B7-F2BA38496583}\

“MenuText” = “@xpsp3res.dll,-20001”

“Exec” = “%windir%\Network Diagnostic\xpnetdiag.exe” [MS]

Miscellaneous IE Hijack Points

C:\WINDOWS\INF\IERESET.INF (used to “Reset Web Settings”)

Added lines (compared with English-language version):

Missing lines (compared with English-language version):

strings: 2 lines

HKLM\Software\Microsoft\Internet Explorer\AboutURLs\

HIJACK WARNING! “NavigationFailure” = “res://ieframe.dll/navcancl.htm” [MS]

HIJACK WARNING! “DesktopItemNavigationFailure” = “res://ieframe.dll/navcancl.htm” [MS]

HIJACK WARNING! “NavigationCanceled” = “res://ieframe.dll/navcancl.htm” [MS]

HIJACK WARNING! “OfflineInformation” = “res://ieframe.dll/offcancl.htm” [MS]

HIJACK WARNING! “PostNotCached” = “res://ieframe.dll/repost.htm” [MS]

HIJACK WARNING! “NoAdd-ons” = “res://ieframe.dll/noaddon.htm” [MS]

HIJACK WARNING! “NoAdd-onsInfo” = “res://ieframe.dll/noaddoninfo.htm” [MS]

HIJACK WARNING! “SecurityRisk” = “res://ieframe.dll/securityatrisk.htm” [MS]

HIJACK WARNING! “Tabs” = “res://ieframe.dll/tabswelcome.htm” [MS]

Running Services (Display Name, Service Name, Path {Service DLL}):

avast! Antivirus, avast! Antivirus, ““C:\Program Files\Alwil Software\Avast4\ashServ.exe”” [null data]

avast! iAVS4 Control Service, aswUpdSv, ““C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe”” [null data]

avast! Mail Scanner, avast! Mail Scanner, ““C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe” /service” [“ALWIL Software”]

avast! Web Scanner, avast! Web Scanner, ““C:\Program Files\Alwil Software\Avast4\ashWebSv.exe” /service” [“ALWIL Software”]

GEARSecurity, GEARSecurity, “SYSTEM32\GEARSEC.EXE” [“GEAR Software”]

LexBce Server, LexBceS, “C:\WINDOWS\system32\LEXBCES.EXE” [“Lexmark International, Inc.”]

NVIDIA Display Driver Service, NVSvc, “C:\WINDOWS\system32\nvsvc32.exe” [“NVIDIA Corporation”]

O&O Defrag, O&O Defrag, “C:\WINDOWS\system32\oodag.exe” [“O&O Software GmbH”]

Print Monitors:

HKLM\System\CurrentControlSet\Control\Print\Monitors\

Lexmark Network Port\Driver = “LEXLMPM.DLL” [“Lexmark International, Inc.”]

This report excludes default entries except where indicated.
To see *everywhere* the script checks and *everything* it finds,

launch it from a command prompt or a shortcut with the -all parameter.

To search all directories of local fixed drives for DESKTOP.INI

DLL launch points and all Registry CLSIDs for dormant Explorer Bars,

use the -supp parameter or answer “No” at the first message box.

---------- (total run time: 64 seconds, including 6 seconds for message boxes)

Gutek · 16 Styczeń 2007 19:39

Jest Ok

Zastosuj się do tego Tematu i zmień tytuł tematu na konkretny inaczej KOSZ

Pozdrawiam Gutek2222

usuń tylko HJT

avidawid · 16 Styczeń 2007 19:46

a jednak cos nie tak cos wyłacza mi karte sieciówke .sprzet ok .myslalem ze moze jaki wir

adam9870 · 16 Styczeń 2007 19:48

Jak to wyłącza?

W jaki sposób łączysz się z internetem?

Jaka to karta sieciowa?

Jaka konfiguracja sprzętowa komputera?

Czy od dawna tak się dzieje?

Czy ostatnio robiłeś coś poważniejszego?

Czy próbowałeś przeinstalować sterowniki od karty? Jest nie to spróbuj.

Krótko mówiąc - opisz dokładniej swój problem.

Gutek · 16 Styczeń 2007 19:59

Zastosuj się do tego Tematu i zmień tytuł tematu na konkretny inaczej KOSZ - tak to tylko problem, nie wiadomo o co tobie chodzi? Stosuj się do reguł działu, a na pewno ktoś pomoże chętnie

Pozdrawiam Gutek2222