Proszę o sprawdzenie loga

artlion · 2 Czerwiec 2006 13:09

Witam,

Załączam log, bo już nie mam pomysłów co się dzieje

Przy uruchomieniu IE następuje wzrost pracy procesora dla tego programu do 100% i komputer zwiesa. Dzieje się tak również dla programów korzystających z połączenia do internetu poprzez ustawienia z IE (np. Messenger, Siderbar, power point przy odwołaniu do sieci etc.). Co ciekawe cały czas dobrze mi działa Firefox (na szczęście dlatego mam jak napisać info)

Poniżej log z hijack

Logfile of HijackThis v1.99.1 Scan saved at 15:08:13, on 06-06-02 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5346.0005) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Network Associates\Common Framework\FrameworkService.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\CCM\CcmExec.exe C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe C:\WINDOWS\system32\taskmgr.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\DOCUME~1\leczyart\USTAWI~1\Temp\Rar$EX00.748\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://proxy.tepenet/tp.pac R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O1 - Hosts: 126.185.4.35 tdprod tdprodcop1 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Idea2 SidebarBrowserMonitor Class - {45AD732C-2CE2-4666-B366-B2214AD57A49} - C:\Program Files\Desktop Sidebar\sbhelp.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM…\Run: [gemstrmw] C:\WINDOWS\system32\gemstrmw.exe /r O4 - HKLM…\Run: [DAEMON Tools] “C:\Program Files\DAEMON Tools\daemon.exe” -lang 1033 O4 - HKCU…\Run: [sIDEBAR] “C:\Program Files\Desktop Sidebar\dsidebar.exe” O4 - HKCU…\Run: [H/PC Connection Agent] “C:\Program Files\Microsoft ActiveSync\wcescomm.exe” O4 - HKCU…\Run: [MsnMsgr] “C:\Program Files\MSN Messenger\MsnMsgr.Exe” /background O4 - HKCU…\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll O9 - Extra button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll O9 - Extra ‘Tools’ menuitem: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra ‘Tools’ menuitem: Utwórz łącze Ulubione dla urządzenia przenośnego… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [iNTERNATIONAL] International* O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {65FDEDF3-8ED9-4F5B-825E-18C2D44191A7} (OneCCCtl Class) - http://d.69.25.47.76.downloads.estara.c … 7OneCC.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = tp.gk.corp.tepenet O17 - HKLM\Software…\Telephony: DomainName = tp.gk.corp.tepenet O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = tp.gk.corp.tepenet O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = tp.gk.corp.tepenet O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = tp.gk.corp.tepenet O17 - HKLM\System\CS4\Services\Tcpip\Parameters: Domain = tp.gk.corp.tepenet O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - “C:\PROGRA~1\MSNMES~1\msgrapp.dll” (file missing) O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - “C:\PROGRA~1\MSNMES~1\msgrapp.dll” (file missing) O18 - Protocol: qrev - {9DE24BAC-FC3C-42C4-9FC4-76B3FAFDBD90} - C:\PROGRA~1\QUESTS~1\TOADFO~1\RNetPin.dll O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe O23 - Service: Klient Symantec AntiVirus (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe O23 - Service: OracleOraHome92ClientCache - Unknown owner - C:\oracle\ora92\BIN\ONRSD.EXE O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

====================================

Uwaga: Jak wklejasz loga to obejmuj go znacznikiem (tagiem) CODE lub QUOTE

Proponuje poczytać TEN temat i zobacz jaka jest prośba do userów wklejających loga.

Widziałeś ten komunikat Ważny komunikat dotyczący tytułowania tematów zastosuj sie do niego => inaczej temat poleci do śmietnika :evil:

Pozdrawiam kuz5

InfinityToJa · 2 Czerwiec 2006 13:16

w logu nic nie widać, możesz wkleić log z silent runners

logi wstawiamy w tagach, zmień tytuł tematu na konkretny

artlion · 2 Czerwiec 2006 13:23

Co oznacza w tagach - jestem laikiem :oops:

Może jest jakiś soft, który odpalę - on będzie monitorował, a ja uruchomię program powodujący zawalenie się procesora ?

Log z silent runner

“Silent Runners.vbs”, revision 45, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by “{++}” Startup items buried in registry: --------------------------------- HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} “SIDEBAR” = ““C:\Program Files\Desktop Sidebar\dsidebar.exe”” [“Idea2”] “H/PC Connection Agent” = ““C:\Program Files\Microsoft ActiveSync\wcescomm.exe”” [MS] “MsnMsgr” = ““C:\Program Files\MSN Messenger\MsnMsgr.Exe” /background” [MS] “ctfmon.exe” = “C:\WINDOWS\system32\ctfmon.exe” [MS] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} “gemstrmw” = “C:\WINDOWS\system32\gemstrmw.exe /r” [“Gemplus”] “DAEMON Tools” = ““C:\Program Files\DAEMON Tools\daemon.exe” -lang 1033” [“DT Soft Ltd.”] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided) -> {HKLM…CLSID} = “Adobe PDF Reader Link Helper” \InProcServer32(Default) = “C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll” [“Adobe Systems Incorporated”] {45AD732C-2CE2-4666-B366-B2214AD57A49}(Default) = “Idea2 SidebarBrowserMonitor Class” -> {HKLM…CLSID} = “Idea2 SidebarBrowserMonitor Class” \InProcServer32(Default) = “C:\Program Files\Desktop Sidebar\sbhelp.dll” [“Idea2”] {53707962-6F74-2D53-2644-206D7942484F}(Default) = (no title provided) -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\PROGRA~1\SPYBOT~1\SDHelper.dll” [“Safer Networking Limited”] {9030D464-4C02-4ABF-8ECC-5164760863C6}(Default) = (no title provided) -> {HKLM…CLSID} = “Windows Live Sign-in Helper” \InProcServer32(Default) = “C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll” [MS] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ “{42071714-76d4-11d1-8b24-00a0c9068ff3}” = “Rozszerzenie CPL kadrowania wyświetlania” -> {HKLM…CLSID} = “Rozszerzenie CPL kadrowania wyświetlania” \InProcServer32(Default) = “deskpan.dll” [file not found] “{88895560-9AA2-1069-930E-00AA0030EBC8}” = “Rozszerzenie ikony HyperTerminalu” -> {HKLM…CLSID} = “HyperTerminal Icon Ext” \InProcServer32(Default) = “C:\WINDOWS\system32\hticons.dll” [“Hilgraeve, Inc.”] “{30D02401-6A81-11d0-8274-00C04FD5AE38}” = “IE Search Band” -> {HKLM…CLSID} = “IE Search Band” \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] “{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}” = “Shell DocObject Viewer” -> {HKLM…CLSID} = “Shell DocObject Viewer” \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] “{FBF23B40-E3F0-101B-8488-00AA003E56F8}” = “InternetShortcut” -> {HKLM…CLSID} = “Internet Shortcut” \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] “{3C374A40-BAE4-11CF-BF7D-00AA006946EE}” = “Microsoft Url History Service” -> {HKLM…CLSID} = “Microsoft Url History Service” \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] “{FF393560-C2A7-11CF-BFF4-444553540000}” = “History” -> {HKLM…CLSID} = “History” \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] “{7BD29E00-76C1-11CF-9DD0-00A0C9034933}” = “Temporary Internet Files” -> {HKLM…CLSID} = “Temporary Internet Files” \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] “{7BD29E01-76C1-11CF-9DD0-00A0C9034933}” = “Temporary Internet Files” -> {HKLM…CLSID} = “Temporary Internet Files” \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] “{CFBFAE00-17A6-11D0-99CB-00C04FD64497}” = “Microsoft Url Search Hook” -> {HKLM…CLSID} = “Microsoft Url Search Hook” \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] “{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}” = “The Internet” -> {HKLM…CLSID} = “The Internet” \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] “{871C5380-42A0-1069-A2EA-08002B30309D}” = “Internet Name Space” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] “{00020D75-0000-0000-C000-000000000046}” = “Microsoft Office Outlook Desktop Icon Handler” -> {HKLM…CLSID} = “Microsoft Office Outlook” \InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL” [MS] “{0006F045-0000-0000-C000-000000000046}” = “Microsoft Office Outlook Custom Icon Handler” -> {HKLM…CLSID} = “Rozszerzenie ikon plików programu Outlook” \InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL” [MS] “{42042206-2D85-11D3-8CFF-005004838597}” = “Microsoft Office HTML Icon Handler” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\Program Files\Microsoft Office\OFFICE11\msohev.dll” [MS] “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” = “WinRAR shell extension” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] “{640167b4-59b0-47a6-b335-a6b3c0695aea}” = “Portable Media Devices” -> {HKLM…CLSID} = “Portable Media Devices” \InProcServer32(Default) = “C:\WINDOWS\system32\Audiodev.dll” [MS] “{cc86590a-b60a-48e6-996b-41d25ed39a1e}” = “Portable Media Devices Menu” -> {HKLM…CLSID} = “Portable Media Devices Menu” \InProcServer32(Default) = “C:\WINDOWS\system32\Audiodev.dll” [MS] “{2F603045-309F-11CF-9774-0020AFD0CFF6}” = “Synaptics Control Panel” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\Program Files\Synaptics\SynTP\SynTPCpl.dll” [“Synaptics, Inc.”] “{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}” = “Shell Extensions for RealOne Player” -> {HKLM…CLSID} = “RealOne Player Context Menu Class” \InProcServer32(Default) = “C:\Program Files\Real\RealPlayer\rpshell.dll” [“RealNetworks, Inc.”] “{F2185E5D-720E-4956-90D9-75F6AC141575}” = “Idea2 SidebarIconHandler Class” -> {HKLM…CLSID} = “SidebarIconHandler Class” \InProcServer32(Default) = “C:\Program Files\Desktop Sidebar\sbhelp.dll” [“Idea2”] “{BDA77241-42F6-11d0-85E2-00AA001FE28C}” = “LDVP Shell Extensions” -> {HKLM…CLSID} = “VpshellEx Class” \InProcServer32(Default) = “C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll” [“Symantec Corporation”] “{B4579AA5-E3A0-49A1-AC0B-5112AFBD215B}” = “iSQL*Plus Servers” -> {HKLM…CLSID} = “iSqlPlusShellExt Class” \InProcServer32(Default) = “C:\WINDOWS\system32\isqlext.dll” [“Oracle Corporation”] “{49BF5420-FA7F-11cf-8011-00A0C90A8F78}” = “Mobile Device” -> {HKLM…CLSID} = “Urządzenie przenośne” \InProcServer32(Default) = “C:\PROGRA~1\MI3AA1~1\Wcesview.dll” [MS] “{A5110426-177D-4e08-AB3F-785F10B4439C}” = “My Phones” -> {HKLM…CLSID} = “My Phones” \InProcServer32(Default) = “C:\Program Files\Sony Ericsson\Mobile\File Manager\fmgrgui.dll” [“Sony Ericsson Mobile Communications AB”] “{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D}” = “Messenger Sharing Folders” -> {HKLM…CLSID} = “My Sharing Folders” \InProcServer32(Default) = “C:\PROGRA~1\MSNMES~1\fsshext.dll” [MS] “{07C45BB1-4A8C-4642-A1F5-237E7215FF66}” = “IE Microsoft BrowserBand” -> {HKLM…CLSID} = “IE Microsoft BrowserBand” \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] “{0D6D4F41-2994-4ba0-8FEF-620E43CD2812}” = “IE Microsoft Internet Toolbar” -> {HKLM…CLSID} = “IE Microsoft Internet Toolbar” \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] “{1C1EDB47-CE22-4bbb-B608-77B48F83C823}” = “IE Fade Task” -> {HKLM…CLSID} = “IE Fade Task” \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] “{205D7A97-F16D-4691-86EF-F3075DCCA57D}” = “IE Menu Desk Bar” -> {HKLM…CLSID} = “IE Menu Desk Bar” \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] “{3028902F-6374-48b2-8DC6-9725E775B926}” = “IE AutoComplete” -> {HKLM…CLSID} = “IE AutoComplete” \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] “{43886CD5-6529-41c4-A707-7B3C92C05E68}” = “IE Navigation Bar” -> {HKLM…CLSID} = “IE Navigation Bar” \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] “{44C76ECD-F7FA-411c-9929-1B77BA77F524}” = “IE Menu Site” -> {HKLM…CLSID} = “IE Menu Site” \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] “{482A7CB3-2EDF-4595-A315-A5244F1E96E6}” = “IE Search Control” -> {HKLM…CLSID} = “IE Search Control” \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] “{4B78D326-D922-44f9-AF2A-07805C2A3560}” = “IE Menu Band” -> {HKLM…CLSID} = “IE Menu Band” \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] “{6038EF75-ABFC-4e59-AB6F-12D397F6568D}” = “IE Microsoft History AutoComplete List” -> {HKLM…CLSID} = “IE Microsoft History AutoComplete List” \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] “{6B4ECC4F-16D1-4474-94AB-5A763F2A54AE}” = “IE Tracking Shell Menu” -> {HKLM…CLSID} = “IE Tracking Shell Menu” \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] “{6CF48EF8-44CD-45d2-8832-A16EA016311B}” = “IE IShellFolderBand” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] “{6D8BB3D3-9D87-4a91-AB56-4F30CFFEFE9F}” = “Explorer Search Band” -> {HKLM…CLSID} = “Explorer Search Band” \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] “{73CFD649-CD48-4fd8-A272-2070EA56526B}” = “IE BandProxy” -> {HKLM…CLSID} = “IE BandProxy” \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] “{7E48925F-FF5C-47fa-A99A-F5912A10623B}” = “IE Address EditBox” -> {HKLM…CLSID} = “IE Address EditBox” \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] “{98FF6D4B-6387-4b0a-8FBD-C5C4BB17B4F8}” = “IE MRU AutoComplete List” -> {HKLM…CLSID} = “IE MRU AutoComplete List” \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] “{9D958C62-3954-4b44-8FAB-C4670C1DB4C2}” = “IE Microsoft Shell Folder AutoComplete List” -> {HKLM…CLSID} = “IE Microsoft Shell Folder AutoComplete List” \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] “{B31C5FAE-961F-415b-BAF0-E697A5178B94}” = “IE Microsoft Multiple AutoComplete List Container” -> {HKLM…CLSID} = “IE Microsoft Multiple AutoComplete List Container” \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] “{BC476F4C-D9D7-4100-8D4E-E043F6DEC409}” = “Microsoft Browser Architecture” -> {HKLM…CLSID} = “Microsoft Browser Architecture” \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] “{BFAD62EE-9D54-4b2a-BF3B-76F90697BD2A}” = “IE Shell Rebar BandSite” -> {HKLM…CLSID} = “IE Shell Rebar BandSite” \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] “{C4EC38BD-4E9E-4b5e-935A-D1BFF237D980}” = “Explorer Travel Band” -> {HKLM…CLSID} = “Explorer Travel Band” \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] “{DE011590-0531-4804-9C9C-3FEDC7E6E5C8}” = “IE &Address” -> {HKLM…CLSID} = “IE &Address” \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] “{E6EE9AAC-F76B-4947-8260-A9F136138E11}” = “IE Shell Band Site Menu” -> {HKLM…CLSID} = “IE Shell Band Site Menu” \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] “{F0353E1D-FEEC-474e-A984-1E5C6865E380}” = “IE Global Folder Settings” -> {HKLM…CLSID} = “IE Global Folder Settings” \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] “{F2CF5485-4E02-4f68-819C-B92DE9277049}” = “&Links” -> {HKLM…CLSID} = “&Links” \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] “{F83DAC1C-9BB9-4f2b-B619-09819DA81B0E}” = “IE Registry Tree Options Utility” -> {HKLM…CLSID} = “IE Registry Tree Options Utility” \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] “{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75}” = “IE User Assist” -> {HKLM…CLSID} = “IE User Assist” \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] “{FDE7673D-2E19-4145-8376-BBD58C4BC7BA}” = “IE Custom MRU AutoCompleted List” -> {HKLM…CLSID} = “IE Custom MRU AutoCompleted List” \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\ INFECTION WARNING! “{553858A7-4922-4e7e-B1C1-97140C1C16EF}” = “IE Component Categories cache daemon” -> {HKLM…CLSID} = “IE Component Categories cache daemon” \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ INFECTION WARNING! AtiExtEvent\DLLName = “Ati2evxx.dll” [“ATI Technologies Inc.”] INFECTION WARNING! NavLogon\DLLName = “C:\WINDOWS\system32\NavLogon.dll” [null data] HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Startup\0\ DisplayName = “TP Domain Policy " 0\ -> launches: “\tp.gk.corp.tepenet\sysvol\tp.gk.corp.tepenet\Policies{8472233D-C583-497A-80B0-4406A4B1FD8A}\Machine\Scripts\Startup\WSUS-GROUP.vbe” [** WMI GetObject error **] HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Startup\1\ DisplayName = “#Komputery” 0\ -> launches: “\tp.gk.corp.tepenet\sysvol\tp.gk.corp.tepenet\Policies{8875B961-1090-470E-ADD4-9642927C4922}\Machine\Scripts\Startup\AppStandard.exe” [** WMI GetObject error **] DisplayName = “#Komputery” 1\ -> launches: “\tp.gk.corp.tepenet\sysvol\tp.gk.corp.tepenet\Policies{8875B961-1090-470E-ADD4-9642927C4922}\Machine\Scripts\Startup\GroupToSMS.exe S-1-5-32-544 S-1-5-32-547 LxFloppy LxCDROM LxRemovable” [** WMI GetObject error **] DisplayName = “#Komputery” 2\ -> launches: “net time \tp.gk.corp.tepenet /SET /Y” [MS] HKLM\Software\Classes\PROTOCOLS\Filter\ INFECTION WARNING! text/xml\CLSID = “{807553E5-5146-11D5-A672-00B0D022E945}” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL” [MS] HKLM\Software\Classes\Folder\shellex\ColumnHandlers\ {F9DB5320-233E-11D1-9F84-707F02C10627}(Default) = “PDF Column Info” -> {HKLM…CLSID} = “PDF Shell Extension” \InProcServer32(Default) = “C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll” [“Adobe Systems, Inc.”] HKLM\Software\Classes*\shellex\ContextMenuHandlers\ LDVPMenu(Default) = “{BDA77241-42F6-11d0-85E2-00AA001FE28C}” -> {HKLM…CLSID} = “VpshellEx Class” \InProcServer32(Default) = “C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll” [“Symantec Corporation”] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ LDVPMenu(Default) = “{BDA77241-42F6-11d0-85E2-00AA001FE28C}” -> {HKLM…CLSID} = “VpshellEx Class” \InProcServer32(Default) = “C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll” [“Symantec Corporation”] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] Active Desktop and Wallpaper: ----------------------------- Active Desktop is disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState HKCU\Control Panel\Desktop\ “Wallpaper” = “C:\Documents and Settings\leczyart\Dane aplikacji\Webshots\The Webshots Desktop\Webshots Wallpaper.bmp” DESKTOP.INI DLL launch in local fixed drive directories: -------------------------------------------------------- C:\Documents and Settings\Administrator\Ustawienia lokalne\Historia\History.IE5\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] CLSID={FF393560-C2A7-11CF-BFF4-444553540000} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\Documents and Settings\Administrator\Ustawienia lokalne\Temporary Internet Files\Content.IE5\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\Documents and Settings\Administrator\Ustawienia lokalne\Temporary Internet Files\Content.IE5\6QB3DF7Y\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\Documents and Settings\Administrator\Ustawienia lokalne\Temporary Internet Files\Content.IE5\84DREW1V\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\Documents and Settings\Administrator\Ustawienia lokalne\Temporary Internet Files\Content.IE5\9FP2REGN\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\Documents and Settings\Administrator\Ustawienia lokalne\Temporary Internet Files\Content.IE5\NAZIARGN\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\Documents and Settings\Default User\Ustawienia lokalne\Historia\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] CLSID={FF393560-C2A7-11CF-BFF4-444553540000} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\Documents and Settings\Default User\Ustawienia lokalne\Historia\History.IE5\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] CLSID={FF393560-C2A7-11CF-BFF4-444553540000} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\Documents and Settings\Default User\Ustawienia lokalne\Temporary Internet Files\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\Documents and Settings\Default User\Ustawienia lokalne\Temporary Internet Files\Content.IE5\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\Documents and Settings\Default User\Ustawienia lokalne\Temporary Internet Files\Content.IE5\6QB3DF7Y\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\Documents and Settings\Default User\Ustawienia lokalne\Temporary Internet Files\Content.IE5\84DREW1V\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\Documents and Settings\Default User\Ustawienia lokalne\Temporary Internet Files\Content.IE5\9FP2REGN\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\Documents and Settings\Default User\Ustawienia lokalne\Temporary Internet Files\Content.IE5\NAZIARGN\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\Documents and Settings\leczyart\Cookies\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\Documents and Settings\leczyart\Ustawienia lokalne\Dane aplikacji\Microsoft\Feeds Cache\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\Documents and Settings\leczyart\Ustawienia lokalne\Dane aplikacji\Microsoft\Feeds Cache\5YPYEHF6\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\Documents and Settings\leczyart\Ustawienia lokalne\Dane aplikacji\Microsoft\Feeds Cache\VHSYOT3S\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\Documents and Settings\leczyart\Ustawienia lokalne\Dane aplikacji\Microsoft\Feeds Cache\XV9NZVAL\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\Documents and Settings\leczyart\Ustawienia lokalne\Dane aplikacji\Microsoft\Feeds Cache\YLVBIGDW\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\Documents and Settings\leczyart\Ustawienia lokalne\Historia\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] CLSID={FF393560-C2A7-11CF-BFF4-444553540000} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\Documents and Settings\leczyart\Ustawienia lokalne\Historia\History.IE5\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] CLSID={FF393560-C2A7-11CF-BFF4-444553540000} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\Documents and Settings\leczyart\Ustawienia lokalne\Temporary Internet Files\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\Documents and Settings\leczyart\Ustawienia lokalne\Temporary Internet Files\Content.IE5\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\Documents and Settings\leczyart\Ustawienia lokalne\Temporary Internet Files\Content.IE5\0BZZ6CDX\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\Documents and Settings\leczyart\Ustawienia lokalne\Temporary Internet Files\Content.IE5\1BVV1PCA\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\Documents and Settings\leczyart\Ustawienia lokalne\Temporary Internet Files\Content.IE5\4RJZA0DT\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\Documents and Settings\leczyart\Ustawienia lokalne\Temporary Internet Files\Content.IE5\6P2B4TQB\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\Documents and Settings\leczyart\Ustawienia lokalne\Temporary Internet Files\Content.IE5\7Q03FP8L\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\Documents and Settings\leczyart\Ustawienia lokalne\Temporary Internet Files\Content.IE5\ALVCPG3Y\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\Documents and Settings\leczyart\Ustawienia lokalne\Temporary Internet Files\Content.IE5\AXLEZ6LC\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\Documents and Settings\leczyart\Ustawienia lokalne\Temporary Internet Files\Content.IE5\C56F0TEB\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\Documents and Settings\leczyart\Ustawienia lokalne\Temporary Internet Files\Content.IE5\CJQNO5E5\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\Documents and Settings\leczyart\Ustawienia lokalne\Temporary Internet Files\Content.IE5\CZ5R2MFP\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\Documents and Settings\leczyart\Ustawienia lokalne\Temporary Internet Files\Content.IE5\D80VLXGL\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\Documents and Settings\leczyart\Ustawienia lokalne\Temporary Internet Files\Content.IE5\G9CX23G5\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\Documents and Settings\leczyart\Ustawienia lokalne\Temporary Internet Files\Content.IE5\GDYBSX2Z\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\Documents and Settings\leczyart\Ustawienia lokalne\Temporary Internet Files\Content.IE5\GHOZWNC7\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\Documents and Settings\leczyart\Ustawienia lokalne\Temporary Internet Files\Content.IE5\IHNCTKVQ\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\Documents and Settings\leczyart\Ustawienia lokalne\Temporary Internet Files\Content.IE5\J20NN58P\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\Documents and Settings\leczyart\Ustawienia lokalne\Temporary Internet Files\Content.IE5\JJLR3LGW\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\Documents and Settings\leczyart\Ustawienia lokalne\Temporary Internet Files\Content.IE5\KX2V49EF\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\Documents and Settings\leczyart\Ustawienia lokalne\Temporary Internet Files\Content.IE5\OTQ78HMB\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\Documents and Settings\leczyart\Ustawienia lokalne\Temporary Internet Files\Content.IE5\VNDFRDKO\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\Documents and Settings\LocalService\Cookies\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\Documents and Settings\LocalService\Ustawienia lokalne\Historia\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] CLSID={FF393560-C2A7-11CF-BFF4-444553540000} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\Documents and Settings\LocalService\Ustawienia lokalne\Historia\History.IE5\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] CLSID={FF393560-C2A7-11CF-BFF4-444553540000} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\Documents and Settings\LocalService\Ustawienia lokalne\Temporary Internet Files\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\Documents and Settings\LocalService\Ustawienia lokalne\Temporary Internet Files\Content.IE5\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\Documents and Settings\LocalService\Ustawienia lokalne\Temporary Internet Files\Content.IE5\41AFKPI3\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\Documents and Settings\LocalService\Ustawienia lokalne\Temporary Internet Files\Content.IE5\4D2JOTIZ\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\Documents and Settings\LocalService\Ustawienia lokalne\Temporary Internet Files\Content.IE5\K1QVGDER\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\Documents and Settings\LocalService\Ustawienia lokalne\Temporary Internet Files\Content.IE5\O9QJWDYJ\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\Documents and Settings\NetworkService\Cookies\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\Documents and Settings\NetworkService\Ustawienia lokalne\Historia\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] CLSID={FF393560-C2A7-11CF-BFF4-444553540000} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\Documents and Settings\NetworkService\Ustawienia lokalne\Historia\History.IE5\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] CLSID={FF393560-C2A7-11CF-BFF4-444553540000} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\Documents and Settings\NetworkService\Ustawienia lokalne\Temporary Internet Files\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\Documents and Settings\NetworkService\Ustawienia lokalne\Temporary Internet Files\Content.IE5\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\Documents and Settings\NetworkService\Ustawienia lokalne\Temporary Internet Files\Content.IE5\CDYBWXMN\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\Documents and Settings\NetworkService\Ustawienia lokalne\Temporary Internet Files\Content.IE5\RJ234A6U\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\Documents and Settings\NetworkService\Ustawienia lokalne\Temporary Internet Files\Content.IE5\WXMBWPE3\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\Documents and Settings\NetworkService\Ustawienia lokalne\Temporary Internet Files\Content.IE5\YLQX6FIR\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\Documents and Settings\SMSCCMBootAcct&.Y-00HUB45002HW\Ustawienia lokalne\Historia\History.IE5\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] CLSID={FF393560-C2A7-11CF-BFF4-444553540000} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\Documents and Settings\SMSCCMBootAcct&.Y-00HUB45002HW\Ustawienia lokalne\Temporary Internet Files\Content.IE5\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\Documents and Settings\SMSCCMBootAcct&.Y-00HUB45002HW\Ustawienia lokalne\Temporary Internet Files\Content.IE5\6QB3DF7Y\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\Documents and Settings\SMSCCMBootAcct&.Y-00HUB45002HW\Ustawienia lokalne\Temporary Internet Files\Content.IE5\84DREW1V\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\Documents and Settings\SMSCCMBootAcct&.Y-00HUB45002HW\Ustawienia lokalne\Temporary Internet Files\Content.IE5\9FP2REGN\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\Documents and Settings\SMSCCMBootAcct&.Y-00HUB45002HW\Ustawienia lokalne\Temporary Internet Files\Content.IE5\NAZIARGN\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\Documents and Settings\SMSCliSvcAcct&\Ustawienia lokalne\Historia\History.IE5\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] CLSID={FF393560-C2A7-11CF-BFF4-444553540000} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\Documents and Settings\SMSCliSvcAcct&\Ustawienia lokalne\Temporary Internet Files\Content.IE5\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\Documents and Settings\SMSCliSvcAcct&\Ustawienia lokalne\Temporary Internet Files\Content.IE5\6QB3DF7Y\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\Documents and Settings\SMSCliSvcAcct&\Ustawienia lokalne\Temporary Internet Files\Content.IE5\84DREW1V\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\Documents and Settings\SMSCliSvcAcct&\Ustawienia lokalne\Temporary Internet Files\Content.IE5\9FP2REGN\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\Documents and Settings\SMSCliSvcAcct&\Ustawienia lokalne\Temporary Internet Files\Content.IE5\NAZIARGN\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\Documents and Settings\SMSCliToknLocalAcct&\Ustawienia lokalne\Historia\History.IE5\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] CLSID={FF393560-C2A7-11CF-BFF4-444553540000} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\Documents and Settings\SMSCliToknLocalAcct&\Ustawienia lokalne\Temporary Internet Files\Content.IE5\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\Documents and Settings\SMSCliToknLocalAcct&\Ustawienia lokalne\Temporary Internet Files\Content.IE5\6QB3DF7Y\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\Documents and Settings\SMSCliToknLocalAcct&\Ustawienia lokalne\Temporary Internet Files\Content.IE5\84DREW1V\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\Documents and Settings\SMSCliToknLocalAcct&\Ustawienia lokalne\Temporary Internet Files\Content.IE5\9FP2REGN\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\Documents and Settings\SMSCliToknLocalAcct&\Ustawienia lokalne\Temporary Internet Files\Content.IE5\NAZIARGN\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\WINDOWS\system32\config\systemprofile\Cookies\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Historia\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] CLSID={FF393560-C2A7-11CF-BFF4-444553540000} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] CLSID={FF393560-C2A7-11CF-BFF4-444553540000} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Temporary Internet Files\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Temporary Internet Files\Content.IE5\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Temporary Internet Files\Content.IE5\K1M34PQR\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Temporary Internet Files\Content.IE5\KTSDA9CX\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Temporary Internet Files\Content.IE5\S3S7QV2J\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Temporary Internet Files\Content.IE5\SXUV0D67\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] Startup items in “leczyart” & “All Users” startup folders: ---------------------------------------------------------- C:\Documents and Settings\leczyart\Menu Start\Programy\Autostart “Webshots” -> shortcut to: “C:\Program Files\Webshots\Launcher.exe /t” [null data] Enabled Scheduled Tasks: ------------------------ “Symantec NetDetect” -> launches: “C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE” [“Symantec Corporation”] “{CD106A5A-CAD6-4775-8E72-B144F03523CB}_TP_LeczyArt” -> launches: “C:\WINDOWS\system32\mobsync.exe /Schedule=”{CD106A5A-CAD6-4775-8E72-B144F03523CB}_TP_LeczyArt”" [MS] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] 000000000002\LibraryPath = “%SystemRoot%\System32\winrnr.dll” [MS] 000000000003\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 22 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Explorer Bars Dormant Explorer Bars in “View, Explorer Bar” menu HKLM\Software\Classes\CLSID{FF059E31-CC5A-4E2E-BF3B-96E929D65503}(Default) = “&Research” Implemented Categories{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL” [MS] Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ “MenuText” = “Sun Java Console” “CLSIDExtension” = “{08B0E5C0-4FCB-11CF-AAA5-00401C608501}” {09FE188B-6E85-479E-9411-51FB2220DF80}\ “ButtonText” = “Subscribe in Desktop Sidebar” “MenuText” = “Subscribe in Desktop Sidebar” “CLSIDExtension” = “{45AD732C-2CE2-4666-B366-B2214AD57A49}” -> {HKLM…CLSID} = “Idea2 SidebarBrowserMonitor Class” \InProcServer32(Default) = “C:\Program Files\Desktop Sidebar\sbhelp.dll” [“Idea2”] {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F}\ “ButtonText” = “Create Mobile Favorite” “CLSIDExtension” = “{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F}” -> {HKLM…CLSID} = “Create Mobile Favorite” \InProcServer32(Default) = “C:\PROGRA~1\MI3AA1~1\INetRepl.dll” [MS] {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F}\ “MenuText” = “Utwórz łącze Ulubione dla urządzenia przenośnego…” “CLSIDExtension” = “{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F}” -> {HKLM…CLSID} = “Create Mobile Favorite” \InProcServer32(Default) = “C:\PROGRA~1\MI3AA1~1\INetRepl.dll” [MS] {92780B25-18CC-41C8-B9BE-3C9C571A8263}\ “ButtonText” = “Research” {FB5F1910-F110-11D2-BB9E-00C04F795683}\ “ButtonText” = “Messenger” “MenuText” = “Windows Messenger” “Exec” = “C:\Program Files\Messenger\msmsgs.exe” [MS] Miscellaneous IE Hijack Points ------------------------------ C:\WINDOWS\INF\IERESET.INF (used to “Reset Web Settings”) Added lines (compared with English-language version): [strings]: START_PAGE_URL=http://www.hp.com [strings]: MS_START_PAGE_URL=“http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome” Missing lines (compared with English-language version): [strings]: 2 lines HKLM\Software\Microsoft\Internet Explorer\AboutURLs\ HIJACK WARNING! “NavigationFailure” = “res://ieframe.dll/navcancl.htm” [MS] HIJACK WARNING! “DesktopItemNavigationFailure” = “res://ieframe.dll/navcancl.htm” [MS] HIJACK WARNING! “NavigationCanceled” = “res://ieframe.dll/navcancl.htm” [MS] HIJACK WARNING! “OfflineInformation” = “res://ieframe.dll/offcancl.htm” [MS] HIJACK WARNING! “PostNotCached” = “res://ieframe.dll/repost.htm” [MS] HIJACK WARNING! “NoAdd-ons” = “res://ieframe.dll/noaddon.htm” [MS] HIJACK WARNING! “NoAdd-onsInfo” = “res://ieframe.dll/noaddoninfo.htm” [MS] HIJACK WARNING! “SecurityRisk” = “res://ieframe.dll/securityatrisk.htm” [MS] HIJACK WARNING! “Tabs” = “res://ieframe.dll/tabswelcome.htm” [MS] HOSTS file ---------- C:\WINDOWS\System32\drivers\etc\HOSTS maps: 2 domain names to IP addresses, 1 of the IP addresses is *not* localhost! Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ Klient Symantec AntiVirus, Norton AntiVirus Server, “C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe” [“Symantec Corporation”] Machine Debug Manager, MDM, ““C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE”” [MS] McAfee Framework Service, McAfeeFramework, “C:\Program Files\Network Associates\Common Framework\FrameworkService.exe /ServiceStart” [“Network Associates, Inc.”] SMS Agent Host, CcmExec, “C:\WINDOWS\system32\CCM\CcmExec.exe” [MS] Print Monitors: --------------- HKLM\System\CurrentControlSet\Control\Print\Monitors\ hpZJLanguageMonitor\Driver = “ZLMhp1.DLL” [“Zenographics”] Microsoft Document Imaging Writer Monitor\Driver = “mdimon.dll” [MS] ---------- + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + The search for DESKTOP.INI DLL launch points on all local fixed drives took 168 seconds. + The search for all Registry CLSIDs containing dormant Explorer Bars took 19 seconds. ---------- (total run time: 228 seconds)

InfinityToJa · 2 Czerwiec 2006 13:26

log ok

w tagach code lub quote, popatrz w przyklejonym temacie HijackThis, Silent runners …

możesz przeskanować jeszcze http://www.ewido.net /po update

artlion · 2 Czerwiec 2006 13:48

Nie mam jak przeskanować bo w firefox nie działa, a IE od razu się zawiesza Błędne koło. Może jakiś soft do obserwowania kompa na bieżąco podczas zwisu ?

Bieniol · 2 Czerwiec 2006 13:54

W jakiś sposób się tutaj na forum dostałeś, więc ściągnąć narzędzie EWIDO możesz

Ściągasz --> instalujesz --> robisz update i skanujesz nim dysk