Witam Serdecznie.
Dziś przy próbie ściągnięcia programu z pewnej niekomercyjnej stronki do komputerka zawitała niezbyt przyjazna reklamka. W dodatku jeśli chodzi o internet występuje ciągły upload, internet sie zawiesza. Ponadto, gdy próbuję skanowac komputer CWSreaderem lub Spybot`em komputer się zawiesza po czym wystepuje natychmiastowy zgon i restart
Już mam dość tego wszystkiego, wypróbowałem wiele skanerów on-line, Ad-Warea i inne tego typu ustrojstwa :) Poniżej log z Hijakthis oraz print-screen "sympatycznej" reklamki :) Dodam że nie jest to część Active Desktop
u. JEŚLI CHODZI O PRTSCRN to proszę o PW, prześlę.
Jeśli chodzi o SilentRuners w czasie skanowania otrzymałem komunikat tej treści:
“The ‘Silent Runners.vbs’ was closed by rbvflra.exe”. Jednakże coś tam wygenerował i pliczek się pokazał, nie wiem czy cały ale… dodac nie zaszkodzi
A tutaj już same logi :
Logfile of HijackThis v1.99.1
Scan saved at 01:20:54, on 2005-12-17
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\csrss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\System32\Ati2evxx.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\HHVcdV7Sys\VC7SecS.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\explorer.exe
E:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
E:\WINDOWS\SOUNDMAN.EXE
E:\PROGRA~1\NEOSTR~1\CnxMon.exe
E:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
E:\Program Files\D-Tools\daemon.exe
E:\Program Files\HHVcdV7Sys\VC7Play.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
E:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Motorola\A925 Desktop Suite\ConnMngmntBox.exe
E:\PROGRA~1\INTUWA~1\Shared\MROUTE~1\mRouterRuntime.exe
C:\Program Files\Virtual CD v7\System\VC7Tray.exe
E:\WINDOWS\System32\wuauclt.exe
E:\Program Files\Internet Explorer\IEXPLORE.EXE
E:\Program Files\Internet Explorer\IEXPLORE.EXE
E:\WINDOWS\System32\wbem\wmiprvse.exe
E:\WINDOWS\system32\NOTEPAD.EXE
E:\WINDOWS\system32\NOTEPAD.EXE
E:\WINDOWS\system32\NOTEPAD.EXE
E:\Documents and Settings\Master\Pulpit\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.pl/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.pl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
F2 - REG:system.ini: Shell=explorer.exe
O2 - BHO: (no name) - {00000000-6CB0-410C-8C3D-8FA8D2011D0A} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [ATIPTA] E:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [WooCnxMon] E:\PROGRA~1\NEOSTR~1\CnxMon.exe
O4 - HKLM\..\Run: [WOOWATCH] E:\PROGRA~1\NEOSTR~1\Watch.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "E:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [DAEMON Tools-1033] "E:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [VC7Player] E:\Program Files\HHVcdV7Sys\VC7Play.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [adiras] adiras.exe
O4 - HKLM\..\Run: [Microsoft Windows Logon Process] iwinlogon.exe
O4 - HKLM\..\Run: [SysMemory manager] e:\windows\system32\mdms.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\RunServices: [Microsoft Windows Logon Process] iwinlogon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [rdavoxj] e:\windows\ketjdge.exe
O4 - HKCU\..\Run: [ajltjmx] e:\windows\rbvflra.exe
O4 - HKCU\..\Run: [esdecng] e:\windows\rbvflra.exe
O4 - HKCU\..\Run: [wrpjkey] e:\windows\rbvflra.exe
O4 - HKCU\..\Run: [wlappdd] e:\windows\rbvflra.exe
O4 - HKCU\..\Run: [iwwxhvd] e:\windows\rbvflra.exe
O4 - HKCU\..\Run: [dshfocn] e:\windows\rbvflra.exe
O4 - HKCU\..\Run: [uejipms] e:\windows\rbvflra.exe
O4 - HKCU\..\Run: [ejkkvjw] e:\windows\rbvflra.exe
O4 - HKCU\..\Run: [ubfpvbg] e:\windows\rbvflra.exe
O4 - HKCU\..\Run: [wcrfsug] e:\windows\rbvflra.exe
O4 - HKCU\..\Run: [smervgv] e:\windows\rbvflra.exe
O4 - HKCU\..\Run: [dllnupj] e:\windows\rbvflra.exe
O4 - HKCU\..\Run: [cliwldt] e:\windows\xysjkei.exe
O4 - HKCU\..\Run: [qxgmryk] e:\windows\xysjkei.exe
O4 - HKCU\..\Run: [pwuktib] e:\windows\xysjkei.exe
O4 - HKCU\..\Run: [qdkusja] e:\windows\xysjkei.exe
O4 - HKCU\..\Run: [xgjtjei] e:\windows\xysjkei.exe
O4 - HKCU\..\Run: [fkstsnt] e:\windows\xysjkei.exe
O4 - HKCU\..\Run: [srwphth] e:\windows\xysjkei.exe
O4 - HKCU\..\Run: [tkvqdfr] e:\windows\xysjkei.exe
O4 - HKCU\..\Run: [snfvqpk] e:\windows\xysjkei.exe
O4 - HKCU\..\Run: [xpqjtbh] e:\windows\xysjkei.exe
O4 - HKCU\..\Run: [nkrtcaq] e:\windows\xysjkei.exe
O4 - HKCU\..\Run: [sdesjst] e:\windows\xysjkei.exe
O4 - HKCU\..\Run: [kcssrsc] e:\windows\xysjkei.exe
O4 - HKCU\..\Run: [elrcvmx] e:\windows\xysjkei.exe
O4 - HKCU\..\Run: [vxwcxok] e:\windows\xysjkei.exe
O4 - HKCU\..\Run: [jmcnfmh] e:\windows\xysjkei.exe
O4 - HKCU\..\Run: [ubnooof] e:\windows\jglvstr.exe
O4 - HKCU\..\Run: [gpymmor] e:\windows\jglvstr.exe
O4 - HKCU\..\Run: [ytrkwgu] e:\windows\ssqwdvf.exe
O4 - HKCU\..\Run: [anfcftg] e:\windows\ssqwdvf.exe
O4 - HKCU\..\Run: [stkaobw] e:\windows\ssqwdvf.exe
O4 - HKCU\..\Run: [MSMSGS] "E:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: A925 Connection Manager.lnk = ?
O8 - Extra context menu item: Ściągnij przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Ściągnij wszystko przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_all.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O12 - Plugin for .pdf: E:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {0585238B-9CA6-4CCB-A9B2-FE4BA495E880} -
O16 - DPF: {3D8700FB-86A4-4CB4-B738-6F0FC016AC7D} (MainControl Class) - http://arcaonline.arcabit.com/ArcaOnline.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} -
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{68473299-8E93-4F3D-8ACD-2CE062B01FBA}: NameServer = 85.255.115.115 85.255.112.24
O20 - Winlogon Notify: printpnp - E:\WINDOWS\SYSTEM32\printpnp.dll
O23 - Service: Adobe LM Service - Unknown owner - E:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - E:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - E:\WINDOWS\system32\ati2sgag.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - E:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: NetLimiter (nlsvc) - Locktime Software - E:\Program Files\NetLimiter 2 Lite\nlsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum - C:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe
O23 - Service: Virtual CD v7 Management Service (VC7SecS) - H+H Software GmbH - E:\Program Files\HHVcdV7Sys\VC7SecS.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Program Files\RealVNC\VNC4\WinVNC4.exe" -service (file missing)
I log z SilentRunners :
"Silent Runners.vbs", revision 41, http://www.silentrunners.org/
Operating System: Windows XP
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"SpybotSD TeaTimer" = "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" ["Safer Networking Limited"]
"Gadu-Gadu" = ""C:\Program Files\Gadu-Gadu\gg.exe" /tray" ["sms-express.com"]
"rdavoxj" = "e:\windows\ketjdge.exe" [file not found]
"ajltjmx" = "e:\windows\rbvflra.exe" [file not found]
"esdecng" = "e:\windows\rbvflra.exe" [file not found]
"wrpjkey" = "e:\windows\rbvflra.exe" [file not found]
"wlappdd" = "e:\windows\rbvflra.exe" [file not found]
"iwwxhvd" = "e:\windows\rbvflra.exe" [file not found]
"dshfocn" = "e:\windows\rbvflra.exe" [file not found]
"uejipms" = "e:\windows\rbvflra.exe" [file not found]
"ejkkvjw" = "e:\windows\rbvflra.exe" [file not found]
"ubfpvbg" = "e:\windows\rbvflra.exe" [file not found]
"wcrfsug" = "e:\windows\rbvflra.exe" [file not found]
"smervgv" = "e:\windows\rbvflra.exe" [file not found]
"dllnupj" = "e:\windows\rbvflra.exe" [file not found]
"cliwldt" = "e:\windows\xysjkei.exe" [file not found]
"qxgmryk" = "e:\windows\xysjkei.exe" [file not found]
"pwuktib" = "e:\windows\xysjkei.exe" [file not found]
"qdkusja" = "e:\windows\xysjkei.exe" [file not found]
"xgjtjei" = "e:\windows\xysjkei.exe" [file not found]
"fkstsnt" = "e:\windows\xysjkei.exe" [file not found]
"srwphth" = "e:\windows\xysjkei.exe" [file not found]
"tkvqdfr" = "e:\windows\xysjkei.exe" [file not found]
"snfvqpk" = "e:\windows\xysjkei.exe" [file not found]
"xpqjtbh" = "e:\windows\xysjkei.exe" [file not found]
"nkrtcaq" = "e:\windows\xysjkei.exe" [file not found]
"sdesjst" = "e:\windows\xysjkei.exe" [file not found]
"kcssrsc" = "e:\windows\xysjkei.exe" [file not found]
"elrcvmx" = "e:\windows\xysjkei.exe" [file not found]
"vxwcxok" = "e:\windows\xysjkei.exe" [file not found]
"jmcnfmh" = "e:\windows\xysjkei.exe" [file not found]
"ubnooof" = "e:\windows\jglvstr.exe" [file not found]
"gpymmor" = "e:\windows\jglvstr.exe" [file not found]
"ytrkwgu" = "e:\windows\ssqwdvf.exe" [file not found]
"anfcftg" = "e:\windows\ssqwdvf.exe" [file not found]
"stkaobw" = "e:\windows\ssqwdvf.exe" [file not found]
"MSMSGS" = ""E:\Program Files\Messenger\msmsgs.exe" /background" [MS]
"desktop" = "E:\WINDOWS\System32\idemlog.exe" [empty string]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"ATIPTA" = "E:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" ["ATI Technologies, Inc."]
"SoundMan" = "SOUNDMAN.EXE" ["Realtek Semiconductor Corp."]
"WooCnxMon" = "E:\PROGRA~1\NEOSTR~1\CnxMon.exe" [empty string]
"WOOWATCH" = "E:\PROGRA~1\NEOSTR~1\Watch.exe" ["France Télécom R&D"]
"SpeedTouch USB Diagnostics" = ""E:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon" ["THOMSON Telecom Belgium"]
"DAEMON Tools-1033" = ""E:\Program Files\D-Tools\daemon.exe" -lang 1033" ["VeNoM386 and SwENSkE"]
"NvCplDaemon" = "RUNDLL32.EXE E:\WINDOWS\System32\NvCpl.dll,NvStartup" [MS]
"NvMediaCenter" = "RUNDLL32.EXE E:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit" [MS]
"VC7Player" = "E:\Program Files\HHVcdV7Sys\VC7Play.exe" ["H+H Software GmbH"]
"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]
"adiras" = "adiras.exe" [file not found]
" Microsoft Windows Logon Process" = "iwinlogon.exe" [null data]
"SysMemory manager" = "e:\windows\system32\mdms.exe" [file not found]
"dmuns.exe" = "E:\WINDOWS\System32\dmuns.exe" [null data]
"KernelFaultCheck" = "E:\WINDOWS\system32\dumprep 0 -k" [MS]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"
-> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"
-> {CLSID}\InProcServer32\(Default) = "E:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {CLSID}\InProcServer32\(Default) = "E:\Program Files\WinRAR\rarext.dll" [null data]
"{EC10012C-A920-4DBE-A13A-AB798F48E4FD}" = "My A925"
-> {CLSID}\InProcServer32\(Default) = "c:\PROGRA~1\Motorola\A925DE~1\pw32expl.dll" ["Motorola, Inc."]
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
-> {CLSID}\InProcServer32\(Default) = "E:\Program Files\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."]
"{D3796116-94D3-4009-96D7-51578411CC7D}" = "Outpost Shell Extension"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\Agnitum\OUTPOS~1.0\oshdlr.dll" ["Agnitum Ltd."]
"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
-> {CLSID}\InProcServer32\(Default) = "E:\WINDOWS\System32\nvcpl.dll" ["NVIDIA Corporation"]
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
-> {CLSID}\InProcServer32\(Default) = "E:\WINDOWS\System32\nvcpl.dll" ["NVIDIA Corporation"]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
-> {CLSID}\InProcServer32\(Default) = "E:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
-> {CLSID}\InProcServer32\(Default) = "E:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"
-> {CLSID}\InProcServer32\(Default) = "E:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\
INFECTION WARNING! "System" = "csaul.exe" [null data]
HKLM\System\CurrentControlSet\Control\Session Manager\
INFECTION WARNING! "BootExecute" = "autocheck autochk * PFDNNT E:\WINDOWS\SYSTEM32\WINACPI.DLL" [file not found], [MS], [file not found], [file not found], [file not found]
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
INFECTION WARNING! AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."]
INFECTION WARNING! printpnp\DLLName = "printpnp.dll" [**WMI GetObject error**]
HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {CLSID}\InProcServer32\(Default) = "E:\Program Files\WinRAR\rarext.dll" [null data]
HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {CLSID}\InProcServer32\(Default) = "E:\Program Files\WinRAR\rarext.dll" [null data]
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {CLSID}\InProcServer32\(Default) = "E:\Program Files\WinRAR\rarext.dll" [null data]
Active Desktop and Wallpaper:
-----------------------------
Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
HKCU\Control Panel\Desktop\
"Wallpaper" = "E:\Documents and Settings\Master\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"
Enabled Screen Saver:
---------------------
HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "E:\WINDOWS\System32\ssbezier.scr" [MS]
Startup items in "Master" & "All Users" startup folders:
--------------------------------------------------------
E:\Documents and Settings\All Users.WINDOWS\Menu Start\Programy\Autostart
"A925 Connection Manager" -> shortcut to: "C:\Program Files\Motorola\A925 Desktop Suite\ConnMngmntBox.exe" [empty string]
Enabled Scheduled Tasks:
------------------------
"XoftSpy" -> launches: "E:\Program Files\XoftSpy\XoftSpy.exe -t" ["ParetoLogic Inc."]
"mks_vir - Zadanie 0" -> launches: "E:\Program Files\MKS\Bin\mks_virw.exe /profil:"Skanowanie wybranych dysków"" [file not found]
Winsock2 Service Provider DLLs:
-------------------------------
Namespace Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
Transport Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 21
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05
Toolbars, Explorer Bars, Extensions:
------------------------------------
Extensions (Tools menu items, main toolbar menu buttons)
HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBC}"
-> {CLSID}\InProcServer32\(Default) = "E:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll" ["Sun Microsystems, Inc."]
{D6E814A0-E0C5-11D4-8D29-0050BA6940E3}\
"ButtonText" = "FlashGet"
"MenuText" = "&FlashGet"
"Exec" = "C:\PROGRA~1\FlashGet\flashget.exe" ["Amaze Soft"]
Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------
Ati HotKey Poller, Ati HotKey Poller, "E:\WINDOWS\System32\Ati2evxx.exe" ["ATI Technologies Inc."]
BlueSoleil Hid Service, BlueSoleil Hid Service, "E:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe" [null data]
Outpost Firewall Service, OutpostFirewall, "C:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe /service" ["Agnitum"]
Virtual CD v7 Management Service, VC7SecS, "E:\Program Files\HHVcdV7Sys\VC7SecS.exe" ["H+H Software GmbH"]
----------
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points and all Registry CLSIDs for dormant Explorer Bars,
use the -supp parameter or answer "No" at the first message box.
---------- (total run time: 47 seconds, including 12 seconds for message boxes)
Pozdrawiam serdecznie i czekam na szybką odpowiedź