Powtarzający się komunikat o błędzie (Explorer.EXE)


(sarek01) #1

Witam wszystkich na tym forum.

Mam Windowsa XP Pro i 6- letni już komp, którego poza dodaniem pamięci nie modernizowałem i jak dotąd ładnie mi chodził, od kilku dni gdy otwieram dowolny folder dostaję komunikat o błędzie tej treści:

Explorer.EXE

Wystąpił problem z aplikacją Explorer.EXE i zostanie ona zamknięta.(...) - Wyślij raport o błędach - Nie wysyłaj

Po wybraniu: Nie wysyłaj znikają mi wszystkie ikony na pulpicie i w trayu systemowym, po czym wszystko się odświeża i wraca znów na miejsce. Ten komunikat i po nim "sypanie się" wystepuje zawsze po tym jak otwieram jakiś dowolny folder na dysku C. Dodam, ze nie dzielę mojego dysku na partycje. Mam IE 7, WMP 11 oraz Service Pack 3. Co ciekawe komunikat ten pojawia sie tylko zaraz po uruchomieniu systemu , po 5-10min. już nie wystepuje. Problem chyba nie dotyczy przeglądarki IE 7 (używam firefoxa 3.0.1) ale eksploratora windows w folderach.

Sprawdzałem też procesy w autostarcie ale wszystko chyba jest tam ok., Kaspersky 7 nie wykrył zadnych wirusów, tak samo Ashampoo AntiSpyWare zadnych trojanów ani niebezpiecznego spyware.

Bardzo proszę o jakąś pomoc co mam zrobić. Ponizej logi z HijackThis i Silent Runners:

Logfile of HijackThis v1.99.1

Scan saved at 19:12:47, on 2008-09-09

Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0013)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\Portrait Displays\HP My Display\DTHtml.exe

C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe

C:\Program Files\Ad Muncher\AdMunch.exe

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\Ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWare2Guard.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Internet Download Manager\IDMan.exe

C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe

C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

C:\Program Files\Ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWareService.exe

C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe

C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\CyberLink\Shared files\RichVideo.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

C:\WINDOWS\System32\alg.exe

C:\Program Files\Internet Download Manager\IEMonitor.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\sarek01\Moje dokumenty\Downloads\Compressed\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://onet.pl/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O4 - HKLM..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM..\Run: [DT HPW] C:\Program Files\Portrait Displays\HP My Display\DTHtml.exe -startup_folder

O4 - HKLM..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe

O4 - HKLM..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"

O4 - HKLM..\Run: [Ad Muncher] "C:\Program Files\Ad Muncher\AdMunch.exe" /bt

O4 - HKLM..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"

O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM..\Run: [nwiz] nwiz.exe /install

O4 - HKLM..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM..\Run: [AntiSpyWare2Guard] C:\Program Files\Ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWare2Guard.exe

O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU..\Run: [iDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot

O4 - HKCU..\Run: [skinClock] C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe

O4 - HKCU..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU..\Run: [Magic Tree] C:\Documents and Settings\sarek01\Moje dokumenty\Downloads\Compressed\magictree\MagicTree.exe

O8 - Extra context menu item: Block frame with Ad Muncher - http://www.admuncher.com/request_will_b ... u_ie_frame

O8 - Extra context menu item: Block image with Ad Muncher - http://www.admuncher.com/request_will_b ... u_ie_image

O8 - Extra context menu item: Block link with Ad Muncher - http://www.admuncher.com/request_will_b ... nu_ie_link

O8 - Extra context menu item: Dodaj do blokowanych banerów - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm

O8 - Extra context menu item: Don't filter page with Ad Muncher - http://www.admuncher.com/request_will_b ... ie_exclude

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Report page to the Ad Muncher developers - http://www.admuncher.com/request_will_b ... _ie_report

O8 - Extra context menu item: Ściągnij przez IDM - C:\Program Files\Internet Download Manager\IEExt.htm

O8 - Extra context menu item: Ściągnij wszystkie linki przez IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm

O8 - Extra context menu item: Ściągnij zawartość wideo FLV przez IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Statystyki dla ochrony WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll

O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O11 - Options group: [TABS] Tabbed Browsing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD44/JSCDL/jdk ... 586-jc.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab

O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll

O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)

O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll

O23 - Service: Ashampoo AntiSpyWare 2 Service (AASW2_Service) - Unknown owner - C:\Program Files\Ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWareService.exe

O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" -r (file missing)

O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe

_____________________________________________________________________________________________________________________________________________________

"Silent Runners.vbs", revision 58, http://www.silentrunners.org/

Operating System: Windows XP

Output limited to non-default values, except where indicated by "{++}"

Startup items buried in registry:


HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}

"ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS]

"IDMan" = "C:\Program Files\Internet Download Manager\IDMan.exe /onboot" ["Tonec Inc."]

"SkinClock" = "C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe" [null data]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" = ""C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"" ["Nero AG"]

"Magic Tree" = "C:\Documents and Settings\sarek01\Moje dokumenty\Downloads\Compressed\magictree\MagicTree.exe" [file not found]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}

"SoundMan" = "SOUNDMAN.EXE" ["Realtek Semiconductor Corp."]

"DT HPW" = "C:\Program Files\Portrait Displays\HP My Display\DTHtml.exe -startup_folder" ["Portrait Displays, Inc"]

"OrderReminder" = "C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe" ["Hewlett-Packard"]

"SunJavaUpdateSched" = ""C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"" ["Sun Microsystems, Inc."]

"AVP" = ""C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"" ["Kaspersky Lab"]

"Ad Muncher" = ""C:\Program Files\Ad Muncher\AdMunch.exe" /bt" ["Murray Hurps Corp Pty Ltd"]

"RemoteControl" = ""C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"" ["Cyberlink Corp."]

"LanguageShortcut" = ""C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"" [null data]

"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]

"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]

"NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit" [MS]

"Adobe Reader Speed Launcher" = ""C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"" ["Adobe Systems Incorporated"]

"NeroFilterCheck" = "C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" ["Nero AG"]

"AntiSpyWare2Guard" = "C:\Program Files\Ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWare2Guard.exe" ["Ashampoo GmbH & Co. KG"]

"KernelFaultCheck" = "C:\WINDOWS\system32\dumprep 0 -k"

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{0055C089-8582-441B-A0BF-17B458C2A3A8}(Default) = "IDM Helper"

-> {HKLM...CLSID} = "IDMIEHlprObj Class"

\InProcServer32(Default) = "C:\Program Files\Internet Download Manager\IDMIECC.dll" ["Tonec Inc."]

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided)

-> {HKLM...CLSID} = "Adobe PDF Reader Link Helper"

\InProcServer32(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}(Default) = (no title provided)

-> {HKLM...CLSID} = "SSVHelper Class"

\InProcServer32(Default) = "C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll" ["Sun Microsystems, Inc."]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"

-> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"

\InProcServer32(Default) = "deskpan.dll" [file not found]

"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"

-> {HKLM...CLSID} = "HyperTerminal Icon Ext"

\InProcServer32(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]

"{EFA24E62-B078-11d0-89E4-00C04FC9E26E}" = "History Band"

-> {HKLM...CLSID} = "History Band"

\InProcServer32(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]

"{654D0431-C930-43C4-B8DA-9AA01BA5B486}" = "PDI GUI Engine COM Obj"

-> {HKLM...CLSID} = "PDI GUI Engine COM Obj"

\InProcServer32(Default) = "C:\Program Files\Common Files\Portrait Displays\Shared\HtmlEngine.dll" ["Portrait Displays, Inc"]

"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32(Default) = "C:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS]

"{85E0B171-04FA-11D1-B7DA-00A0C90348D6}" = "Statystyki dla ochrony WWW"

-> {HKLM...CLSID} = "Statystyki dla ochrony WWW"

\InProcServer32(Default) = "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll" ["Kaspersky Lab"]

"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"

-> {HKLM...CLSID} = "DesktopContext Class"

\InProcServer32(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]

"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"

-> {HKLM...CLSID} = "NVIDIA CPL Extension"

\InProcServer32(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]

"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"

-> {HKLM...CLSID} = "Desktop Explorer"

\InProcServer32(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]

"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]

"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"

-> {HKLM...CLSID} = "nView Desktop Context Menu"

\InProcServer32(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]

"{97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2}" = "NeroCoverEd Live Icons"

-> {HKLM...CLSID} = "NeroCoverEdLiveIcons Class"

\InProcServer32(Default) = "C:\Program Files\Nero\Nero 7\Nero CoverDesigner\CoverEdExtension.dll" ["Nero AG"]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\

"WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

-> {HKLM...CLSID} = "WPDShServiceObj Class"

\InProcServer32(Default) = "C:\WINDOWS\system32\wpdshserviceobj.dll" [MS]

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\

<> dimsntfy\DLLName = "C:\WINDOWS\System32\dimsntfy.dll" [MS]

<> klogon\DLLName = "C:\WINDOWS\system32\klogon.dll" ["Kaspersky Lab"]

HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\

<> text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32(Default) = "C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]

HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\

{F9DB5320-233E-11D1-9F84-707F02C10627}(Default) = "PDF Column Info"

-> {HKLM...CLSID} = "PDF Shell Extension"

\InProcServer32(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]

HKLM\SOFTWARE\Classes*\shellex\ContextMenuHandlers\

Cover Designer(Default) = "{73FCA462-9BD5-4065-A73F-A8E5F6904EF7}"

-> {HKLM...CLSID} = "NeroCoverEdContextMenu Class"

\InProcServer32(Default) = "C:\Program Files\Nero\Nero 7\Nero CoverDesigner\CoverEdExtension.dll" ["Nero AG"]

Kaspersky Anti-Virus(Default) = "{dd230880-495a-11d1-b064-008048ec2fc5}"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32(Default) = "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ShellEx.dll" ["Kaspersky Lab"]

WinRAR(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\

WinRAR(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\

Kaspersky Anti-Virus(Default) = "{dd230880-495a-11d1-b064-008048ec2fc5}"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32(Default) = "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ShellEx.dll" ["Kaspersky Lab"]

WinRAR(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

Group Policies {GPedit.msc branch and setting}:


Note: detected settings may not have any effect.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\

"shutdownwithoutlogon" = (REG_DWORD) dword:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

Shutdown: Allow system to be shut down without having to log on}

"undockwithoutlogon" = (REG_DWORD) dword:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

Devices: Allow undock without having to log on}

Active Desktop and Wallpaper:


Active Desktop may be disabled at this entry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:

HKCU\Software\Microsoft\Internet Explorer\Desktop\General\

"Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:

HKCU\Control Panel\Desktop\

"Wallpaper" = "C:\Documents and Settings\sarek01\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"

Enabled Screen Saver:


HKCU\Control Panel\Desktop\

"SCRNSAVE.EXE" = "C:\WINDOWS\system32\ssstars.scr" [MS]

Windows Portable Device AutoPlay Handlers


HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\

MSWPDShellNamespaceHandler\

"Provider" = "@%SystemRoot%\System32\WPDShextRes.dll,-501"

"CLSID" = "{A55803CC-4D53-404c-8557-FD63DBA95D24}"

"InitCmdLine" = " "

-> {HKLM...CLSID} = "WPDShextAutoplay"

\LocalServer32(Default) = "C:\WINDOWS\system32\WPDShextAutoplay.exe" [MS]

PDVDPlayCDAudioOnArrival\

"Provider" = "PowerDVD"

"InvokeProgID" = "AudioCD"

"InvokeVerb" = "PlayWithPowerDVD"

HKLM\SOFTWARE\Classes\AudioCD\shell\PlayWithPowerDVD\Command(Default) = ""C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe" "%L"" ["CyberLink Corp."]

PDVDPlayDVDMovieOnArrival\

"Provider" = "PowerDVD"

"InvokeProgID" = "DVD"

"InvokeVerb" = "PlayWithPowerDVD"

HKLM\SOFTWARE\Classes\DVD\shell\PlayWithPowerDVD\Command(Default) = ""C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe" "%l"" ["CyberLink Corp."]

PDVDPlayVCDMovieOnArrival\

"Provider" = "PowerDVD"

"InvokeProgID" = "VCD"

"InvokeVerb" = "PlayWithPowerDVD"

HKLM\SOFTWARE\Classes\VCD\shell\PlayWithPowerDVD\Command(Default) = ""C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe" "%l"" ["CyberLink Corp."]

Winsock2 Service Provider DLLs:


Namespace Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}

000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]

000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}

0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:

%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 11

%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05

Toolbars, Explorer Bars, Extensions:


Explorer Bars

HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\

HKLM\SOFTWARE\Classes\CLSID{85E0B171-04FA-11D1-B7DA-00A0C90348D6}(Default) = "Statystyki dla ochrony WWW"

Implemented Categories{00021493-0000-0000-C000-000000000046}\ [vertical bar]

InProcServer32(Default) = "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll" ["Kaspersky Lab"]

HKLM\SOFTWARE\Classes\CLSID{FF059E31-CC5A-4E2E-BF3B-96E929D65503}(Default) = "&Badanie"

Implemented Categories{00021493-0000-0000-C000-000000000046}\ [vertical bar]

InProcServer32(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL" [MS]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\

{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\

"MenuText" = "Sun Java Console"

"CLSIDExtension" = "{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC}"

-> {HKCU...CLSID} = "Java Plug-in 1.6.0_07"

\InProcServer32(Default) = "C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll" ["Sun Microsystems, Inc."]

-> {HKLM...CLSID} = "Java Plug-in 1.6.0_07"

\InProcServer32(Default) = "C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll" ["Sun Microsystems, Inc."]

{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E}\

"ButtonText" = "Statystyki dla ochrony WWW"

{92780B25-18CC-41C8-B9BE-3C9C571A8263}\

"ButtonText" = "Badanie"

{E2E2DD38-D088-4134-82B7-F2BA38496583}\

"MenuText" = "@xpsp3res.dll,-20001"

"Exec" = "%windir%\Network Diagnostic\xpnetdiag.exe" [MS]

{FB5F1910-F110-11D2-BB9E-00C04F795683}\

"ButtonText" = "Messenger"

"MenuText" = "Windows Messenger"

"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]

Running Services (Display Name, Service Name, Path {Service DLL}):


Ashampoo AntiSpyWare 2 Service, AASW2_Service, "C:\Program Files\Ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWareService.exe" [null data]

Cyberlink RichVideo Service(CRVS), RichVideo, ""C:\Program Files\CyberLink\Shared files\RichVideo.exe"" [empty string]

Kaspersky Internet Security 7.0, AVP, ""C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" -r" ["Kaspersky Lab"]

NMIndexingService, NMIndexingService, ""C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe"" ["Nero AG"]

NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"]

Portrait Displays Display Tune Service, DTSRVC, "C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe" [null data]

Print Monitors:


HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\

HPLJ1018LM\Driver = "ZLhp1018.DLL" ["Zenographics, Inc."]

Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS]

---------- (launch time: 2008-09-09 19:20:55)

<>: Suspicious data at a malware launch point.

  • This report excludes default entries except where indicated.

  • To see *everywhere* the script checks and *everything* it finds,

launch it from a command prompt or a shortcut with the -all parameter.

  • To search all directories of local fixed drives for DESKTOP.INI

DLL launch points, use the -supp parameter or answer "No" at the

first message box and "Yes" at the second message box.

---------- (total run time: 68 seconds, including 18 seconds for message boxes)


(huber2t) #2

fix w hijackthis

Podaj log z Combofix


(sarek01) #3

Combofix link: http://wklej.org/id/3401/

Dodam, że problem ten nie występuje w trybie awaryjnym.

Jeśli ten komunikat wyskakuje mi kiedy otwieram folder zaraz po uruchomieniu kompa to może jest to autostart - jakieś zbędne w nim programy, wygląda na to jakby mój komp nie nadążał z szybkim otwieraniem folderów zaraz po starcie windowsa.