Programy nie pojawiaja sie na pasku


(Madzialena1878) #1

Witam. Pare chwil temu usunalem BraveSentry. Zadne bledy sie nie wyswietlaja natomiast nadal pozostala tapeta z "Your computer is in danger ....". Programy nie pojawiaja sie na pasku, procz tego tylko internet explorer sie pojawia. Jest to dosc dziwne poniewaz kazda minimalizajca wiaza sie z niemozliwoscia uzycia tego programu. Jest on nadal w spisie dzialajacych programow. System tez dziala dosc wolno.

Z gory dziekuje.

Logfile of HijackThis v1.99.1

Scan saved at 14:07:37, on 2006-07-31

Platform: Windows ME (Win9x 4.90.3000)

MSIE: Internet Explorer v5.50 (5.50.4134.0100)


Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\WINDOWS\HCOUNT.EXE

C:\WINDOWS\SYSTEM\MSTASK.EXE

C:\WINDOWS\SYSTEM\STIMON.EXE

C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON GHOST\GHOSTSTARTSERVICE.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\WINDOWS\EXPLORER.EXE

C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE

C:\WINDOWS\SYSTEM\INTERNAT.EXE

C:\WINDOWS\TASKMON.EXE

C:\WINDOWS\SYSTEM\SYSTRAY.EXE

C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHWEBSV.EXE

C:\WINDOWS\INET20026\SOCKS.EXE

C:\WINDOWS\SYSTEM\WMIEXE.EXE

C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHMAISV.EXE

C:\PROGRAM FILES\MYWEBSEARCH\BAR\1.BIN\MWSOEMON.EXE

C:\PROGRAM FILES\SEEKMO\SEEKMO.EXE

C:\PROGRAM FILES\SYMANTEC\LIVEUPDATE\ALUNOTIFY.EXE

C:\WINDOWS\SYSTEM\TAPISRV.EXE

C:\WINDOWS\SYSTEM\DDHELP.EXE

C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE

C:\WINDOWS\SYSTEM\WBEM\WINMGMT.EXE

C:\WINDOWS\PULPIT\USUWANIE WIRUSOW\HIJACKTHIS.EXE


R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\PROGRAM FILES\MYWEBSEARCH\SRCHASTT\1.BIN\MWSSRCAS.DLL

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0 CE\READER\ACTIVEX\ACROIEHELPER.OCX

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll

O2 - BHO: HBO Class - {5321E378-FFAD-4999-8C62-03CA8155F0B3} - C:\WINDOWS\inet20026\3.03.00.dll

O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\PROGRAM FILES\MYWEBSEARCH\BAR\1.BIN\MWSBAR.DLL

O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\PROGRAM FILES\MYWEBSEARCH\SRCHASTT\1.BIN\MWSSRCAS.DLL

O2 - BHO: Seekmo Search Assistant Helper /fleok=1D8A83A5C7E1167B91AD75760EA83FA5EF80752B94E3D877547E432E3CC7 - {5929CD6E-2062-44a4-B2C5-2C7E78FBAB38} - C:\PROGRAM FILES\SEEKMO\SEEKMOHOOK.DLL

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: @msdxmLC.dll,-1@1045,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX

O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\PROGRAM FILES\MYWEBSEARCH\BAR\1.BIN\MWSBAR.DLL

O4 - HKLM\..\Run: [internat.exe] internat.exe

O4 - HKLM\..\Run: [Windows Millennium Edition Intro Video] C:\WINDOWS\Applic~1\Micros~1\Intro\content.hta

O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun

O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe

O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s

O4 - HKLM\..\Run: [SystemTray] SysTray.Exe

O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\Run: [avast! Web Scanner] C:\PROGRA~1\ALWILS~1\AVAST4\ASHWEBSV.EXE

O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMON.EXE

O4 - HKLM\..\Run: [SiS Mpc Service] C:\WINDOWS\SYSTEM\mpcsvc.exe

O4 - HKLM\..\Run: [Microsoft standard protector] C:\WINDOWS\INET20026\SOCKS.EXE 

O4 - HKLM\..\Run: [spoolsvv] C:\WINDOWS\SYSTEM\spoolsvv.exe

O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\AVAST4\ashmaisv.exe

O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\BAR\1.BIN\MWSBAR.DLL,S

O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\BAR\1.BIN\MWSOEMON.EXE

O4 - HKLM\..\Run: [seekmo] "c:\program files\seekmo\seekmo.exe"

O4 - HKLM\..\RunServices: [HiberMonitor] HCount.exe

O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe

O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe

O4 - HKLM\..\RunServices: [avast!] C:\Program Files\Alwil Software\Avast4\ashServ.exe

O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE

O4 - HKLM\..\RunServices: [GhostStartService] C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON GHOST\GHOSTSTARTSERVICE.EXE

O4 - HKCU\..\Run: [Gadu-Gadu] "D:\GG\GADU-GADU\GG.EXE" /tray

O4 - HKCU\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe

O4 - HKCU\..\Run: [Windows update loader] C:\Windows\xpupdate.exe

O4 - HKCU\..\Run: [xp_system] C:\WINDOWS\INET20001\WINLOGON.EXE

O4 - HKCU\..\Run: [BraveSentry] C:\PROGRAM FILES\BRAVESENTRY\BraveSentry.exe

O4 - HKCU\..\Run: [brmfrsmq] C:\WINDOWS\SYSTEM\brmfrsmq.exe

O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\BAR\1.BIN\MWSOEMON.EXE

O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZCxdm766YYPL

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE

O12 - Plugin for .mp3: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin3.dll

O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/CursorManiaFWBInitialSetup1.0.0.15.cab

O16 - DPF: {DECEAAA2-370A-49BB-9362-68C3A58DDC62} (SAIX) - http://static.zangocash.com/cab/Seekmo/ie/bridge-c567.cab?0a2e6090c16c6fa766c2ec812f33caa27e414a20797df48af9f22b31e49da0d473cff0cc03b3798f4818fb065e6fada9e440c0407c7887c4a536a97d31:859ec7a03e7b9ea5295bcb2fa4bf8f60

"Silent Runners.vbs", revision 46, http://www.silentrunners.org/

Operating System: Windows Me (Millennium Edition)

Output limited to non-default values, except where indicated by "{++}"



Startup items buried in registry:

---------------------------------


HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}

"Gadu-Gadu" = ""D:\GG\GADU-GADU\GG.EXE" /tray" ["Gadu-Gadu Sp. z oo"]

"ALUAlert" = "C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe" ["Symantec Corporation"]

"Windows update loader" = "C:\Windows\xpupdate.exe" [file not found]

"xp_system" = "C:\WINDOWS\INET20001\WINLOGON.EXE" [file not found]

"BraveSentry" = "C:\PROGRAM FILES\BRAVESENTRY\BraveSentry.exe" [file not found]

"brmfrsmq" = "C:\WINDOWS\SYSTEM\brmfrsmq.exe" [file not found]

"MyWebSearch Email Plugin" = "C:\PROGRA~1\MYWEBS~1\BAR\1.BIN\MWSOEMON.EXE" ["MyWebSearch.com"]


HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}

"internat.exe" = "internat.exe" [MS]

"Windows Millennium Edition Intro Video" = "C:\WINDOWS\Applic~1\Micros~1\Intro\content.hta" [file not found]

"ScanRegistry" = "C:\WINDOWS\scanregw.exe /autorun" [MS]

"TaskMonitor" = "C:\WINDOWS\taskmon.exe" [MS]

"PCHealth" = "C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s" [MS]

"SystemTray" = "SysTray.Exe" [MS]

"LoadPowerProfile" = "Rundll32.exe powrprof.dll,LoadCurrentPwrScheme" [MS]

"avast! Web Scanner" = "C:\PROGRA~1\ALWILS~1\AVAST4\ASHWEBSV.EXE" ["ALWIL Software"]

"Symantec NetDriver Monitor" = "C:\PROGRA~1\SYMNET~1\SNDMON.EXE" ["Symantec Corporation"]

"SiS Mpc Service" = "C:\WINDOWS\SYSTEM\mpcsvc.exe" [null data]

"Microsoft standard protector" = "C:\WINDOWS\INET20026\SOCKS.EXE " [null data]

"spoolsvv" = "C:\WINDOWS\SYSTEM\spoolsvv.exe" [file not found]

"ashMaiSv" = "C:\PROGRA~1\ALWILS~1\AVAST4\ashmaisv.exe" ["ALWIL Software"]

"My Web Search Bar" = "rundll32 C:\PROGRA~1\MYWEBS~1\BAR\1.BIN\MWSBAR.DLL,S" [MS]

"MyWebSearch Email Plugin" = "C:\PROGRA~1\MYWEBS~1\BAR\1.BIN\MWSOEMON.EXE" ["MyWebSearch.com"]

"seekmo" = ""c:\program files\seekmo\seekmo.exe"" ["180solutions, Inc."]


HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\ {++}

"HiberMonitor" = "HCount.exe" [null data]

"LoadPowerProfile" = "Rundll32.exe powrprof.dll,LoadCurrentPwrScheme" [MS]

"SchedulingAgent" = "mstask.exe" [MS]

"*StateMgr" = "C:\WINDOWS\System\Restore\StateMgr.exe" [MS]

"avast!" = "C:\Program Files\Alwil Software\Avast4\ashServ.exe" [null data]

"StillImageMonitor" = "C:\WINDOWS\SYSTEM\STIMON.EXE" [MS]

"GhostStartService" = "C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON GHOST\GHOSTSTARTSERVICE.EXE" ["Symantec Corporation"]


HKLM\Software\Microsoft\Active Setup\Installed Components\

PerUser_CVT_Inis\(Default) = "Instalator systemu Windows — Konwerter FAT32"

                 \StubPath = "rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_CVT_Inis 64 C:\WINDOWS\INF\applets1.inf" [MS]


HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)

  -> {HKLM...CLSID} = "AcroIEHlprObj Class"

                   \InProcServer32\(Default) = "C:\PROGRAM FILES\ADOBE\ACROBAT 5.0 CE\READER\ACTIVEX\ACROIEHELPER.OCX" ["("]

{BDF3E430-B101-42AD-A544-FADC6B084872}\(Default) = "NAV Helper"

  -> {HKLM...CLSID} = "CNavExtBho Class"

                   \InProcServer32\(Default) = "C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]

{5321E378-FFAD-4999-8C62-03CA8155F0B3}\(Default) = (no title provided)

  -> {HKLM...CLSID} = "HBO Class"

                   \InProcServer32\(Default) = "C:\WINDOWS\inet20026\3.03.00.dll" ["$"]

{07B18EA1-A523-4961-B6BB-170DE4475CCA}\(Default) = "mwsBar BHO"

  -> {HKLM...CLSID} = "mwsBar BHO"

                   \InProcServer32\(Default) = "C:\PROGRAM FILES\MYWEBSEARCH\BAR\1.BIN\MWSBAR.DLL" ["MyWebSearch.com"]

{00A6FAF1-072E-44cf-8957-5838F569A31D}\(Default) = "MyWebSearch Search Assistant BHO"

  -> {HKLM...CLSID} = "MyWebSearch Search Assistant BHO"

                   \InProcServer32\(Default) = "C:\PROGRAM FILES\MYWEBSEARCH\SRCHASTT\1.BIN\MWSSRCAS.DLL" ["MyWebSearch.com"]

{5929CD6E-2062-44a4-B2C5-2C7E78FBAB38}\(Default) = "Seekmo Search Assistant Helper /fleok=1D8A83A5C7E1167B91AD75760EA83FA5EF80752B94E3D877547E432E3CC7"

  -> {HKLM...CLSID} = "Seekmo Search Assistant Helper"

                   \InProcServer32\(Default) = "C:\PROGRAM FILES\SEEKMO\SEEKMOHOOK.DLL" ["180solutions, Inc."]


HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Eksplorator pulpitów"

  -> {HKLM...CLSID} = "Eksplorator pulpitów"

                   \InProcServer32\(Default) = "C:\WINDOWS\SYSTEM\NVSHELL.DLL" ["NVIDIA Corporation"]

"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"

  -> {HKLM...CLSID} = (no title provided)

                   \InProcServer32\(Default) = "C:\WINDOWS\SYSTEM\NVSHELL.DLL" ["NVIDIA Corporation"]

"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "C:\PROGRAM FILES\WINRAR\rarext.dll" [null data]

"{2E9D3540-211C-11d0-A5F2-00A0248C37BE}" = "Nero Shell Extension Property Sheet"

  -> {HKLM...CLSID} = "Nero Shell Extension Property Sheet"

                   \InProcServer32\(Default) = "C:\Program Files\Ahead\nero\neroshx.dll" ["ahead software gmbh im stoeckmaedle 6 76307 karlsbad, germany Fax: ++49-7248-911-888 e-mail: info@ahead.de"]

"{57C51AF9-DEF7-11D3-A801-00C04F163490}" = "Ghost Shell Extension"

  -> {HKLM...CLSID} = "PropPage Class"

                   \InProcServer32\(Default) = "C:\Program Files\Norton SystemWorks\Norton Ghost\GhoShExt.dll" ["Symantec Corporation"]

"{30424D42-5946-11D2-B8E5-006097C9C6FF}" = "Norton WipeInfo"

  -> {HKLM...CLSID} = "Wymazywanie informacji"

                   \InProcServer32\(Default) = "C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON UTILITIES\WFSHELEX.DLL" ["Symantec Corporation"]

"{472083B0-C522-11CF-8763-00608CC02F24}" = "avast"

  -> {HKLM...CLSID} = "avast"

                   \InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]


HKLM\Software\Classes\*\shellex\ContextMenuHandlers\

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "C:\PROGRAM FILES\WINRAR\rarext.dll" [null data]

Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}"

  -> {HKLM...CLSID} = "IEContextMenu Class"

                   \InProcServer32\(Default) = "C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]

Norton WipeInfo\(Default) = "{30424D42-5946-11D2-B8E5-006097C9C6FF}"

  -> {HKLM...CLSID} = "Wymazywanie informacji"

                   \InProcServer32\(Default) = "C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON UTILITIES\WFSHELEX.DLL" ["Symantec Corporation"]

avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"

  -> {HKLM...CLSID} = "avast"

                   \InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]


HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "C:\PROGRAM FILES\WINRAR\rarext.dll" [null data]


HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "C:\PROGRAM FILES\WINRAR\rarext.dll" [null data]

Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}"

  -> {HKLM...CLSID} = "IEContextMenu Class"

                   \InProcServer32\(Default) = "C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]

Norton WipeInfo\(Default) = "{30424D42-5946-11D2-B8E5-006097C9C6FF}"

  -> {HKLM...CLSID} = "Wymazywanie informacji"

                   \InProcServer32\(Default) = "C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON UTILITIES\WFSHELEX.DLL" ["Symantec Corporation"]

avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"

  -> {HKLM...CLSID} = "avast"

                   \InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]



System Policies [Description]:

------------------------------


HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\

HIJACK WARNING! "ForceActiveDesktopOn"=dword:00000001 

[enables Active Desktop and prevents disabling it]


HIJACK WARNING! "Wallpaper" = "C:\WINDOWS\desktop.html"

[disables Display Properties|Background (tab); selects wallpaper if

Active Desktop is enabled]



Active Desktop and Wallpaper:

-----------------------------


Active Desktop enabled via System Policy.


Wallpaper selected via System Policy.



Enabled Scheduled Tasks:

------------------------


"Rozpoczęcie aplikacji dostrajania" -> launches: "walign" [MS]

"Symantec NetDetect" -> launches: "C:\PROGRAM FILES\SYMANTEC\LIVEUPDATE\NDETECT.EXE" ["Symantec Corporation"]

"Norton AntiVirus - Skanuj komputer" -> launches: "C:\PROGRA~1\NORTON~1\NORTON~1\NAVW32.exe /task:C:\WINDOWS\ALLUSE~1\DANEAP~1\SYMANTEC\NORTON~1\TASKS\MYCOMP.SCA" ["Symantec Corporation"]

"Harmonogram programu PCHealth dla zbierania danych" -> launches: "C:\WINDOWS\PCHEALTH\SUPPORT\PCHSCHD.EXE -c" [MS]



Winsock2 Service Provider DLLs:

-------------------------------


Namespace Service Providers


HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}

000000000001\LibraryPath = "C:\WINDOWS\SYSTEM\rnr20.dll" [MS]


Transport Service Providers


HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}

00000000000#\PackedCatalogItem (contains) DLL [Company Name], (at) # range:

C:\WINDOWS\SYSTEM\mswsosp.dll [MS], 1

C:\WINDOWS\SYSTEM\msafd.dll [MS], 2 - 4

C:\WINDOWS\SYSTEM\rsvpsp.dll [MS], 5 - 6



Toolbars, Explorer Bars, Extensions:

------------------------------------


Toolbars


HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\

"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}"

  -> {HKLM...CLSID} = "Norton AntiVirus"

                   \InProcServer32\(Default) = "C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]


HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\

"{07B18EA9-A523-4961-B6BB-170DE4475CCA}"

  -> {HKLM...CLSID} = "My &Web Search"

                   \InProcServer32\(Default) = "C:\PROGRAM FILES\MYWEBSEARCH\BAR\1.BIN\MWSBAR.DLL" ["MyWebSearch.com"]


HKLM\Software\Microsoft\Internet Explorer\Toolbar\

"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" = "Norton AntiVirus"

  -> {HKLM...CLSID} = "Norton AntiVirus"

                   \InProcServer32\(Default) = "C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]

"{07B18EA9-A523-4961-B6BB-170DE4475CCA}" = (no title provided)

  -> {HKLM...CLSID} = "My &Web Search"

                   \InProcServer32\(Default) = "C:\PROGRAM FILES\MYWEBSEARCH\BAR\1.BIN\MWSBAR.DLL" ["MyWebSearch.com"]


Explorer Bars


Dormant Explorer Bars in "View, Explorer Bar" menu


HKLM\Software\Classes\CLSID\{1E0DE227-5CE4-4EA3-AB0C-8B03E1AA76BC}\(Default) = "My Web Search Quick View"

Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]

InProcServer32\(Default) = "C:\WINDOWS\SYSTEM\shdocvw.dll" [MS]


Extensions (Tools menu items, main toolbar menu buttons)


HKLM\Software\Microsoft\Internet Explorer\Extensions\

{FB5F1910-F110-11D2-BB9E-00C04F795683}\

"ButtonText" = "Messenger"

"MenuText" = "MSN Messenger Service"

"Exec" = "C:\PROGRA~1\MESSEN~1\MSMSGS.EXE" [MS]



Miscellaneous IE Hijack Points

------------------------------


HKLM\Software\Microsoft\Internet Explorer\Version = (invalid data)

The Internet Explorer version cannot be found!


C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings")

The contents of IERESET.INF cannot be reliably checked!


Added lines (compared with English-language version):

[Strings]: START_PAGE_URL="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome"

[Strings]: MS_START_PAGE_URL="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome"


Missing lines (compared with English-language version):

[Strings]: 2 lines


HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\

"{00A6FAF6-072E-44cf-8957-5838F569A31D}" = (no title provided)

  -> {HKLM...CLSID} = (no title provided)

                   \InProcServer32\(Default) = "C:\PROGRAM FILES\MYWEBSEARCH\SRCHASTT\1.BIN\MWSSRCAS.DLL" ["MyWebSearch.com"]



----------

+ This report excludes default entries except where indicated.

+ To see *everywhere* the script checks and *everything* it finds,

  launch it from a command prompt or a shortcut with the -all parameter.

+ The search for DESKTOP.INI DLL launch points on all local fixed drives

  took 19 seconds.

+ The search for all Registry CLSIDs containing dormant Explorer Bars

  took 9 seconds.

---------- (total run time: 41 seconds)

(Gutek) #2

no co ty - IE SP1 -

http://www.microsoft.com/downloads/deta ... b602228de6 a najlepiej jak użyjesz innej przegladarki

w trybie awaryjnym usuń wszytskie foldery i pliki a wpisy usuń hijackiem

Użyj smitfraudfix - http://forum.dobreprogramy.pl/viewtopic.php?t=36654

Dokończyć skanerami online - Skanery do wyboru