Wolny komputer i internet


(Jarekwysocki) #1

Witam Wszystkich.

Od pewnego czasu moj komputer i internet wolno chodzi.Mam athlona 3000+,512 mb ram,160 gb dysk twardy.Skanowłem antywirusem,oczyszcilem rejestr,oczyszczlem komputer programem odkurzacz i nic dalej to samo.Moze Wy wiecie co moze byc przyczyna.

Z gory wielkie dzieki.

Pozdrawiam Wszystkich.


(De Niro) #2

przejdz do działu Bezpieczeństwo i podaj LOG'i


(Jarekwysocki) #3

Sorry ale mam pytanie czy mam załozyc nowy temat w dziale bezpieczenstwo czy podac logi tu?


(De Niro) #4

dawaj tu nasi moderatorzy bedą wiedziec co z tym zrobić :wink:


(Jarekwysocki) #5
[quote]Logfile of HijackThis v1.99.1

Scan saved at 12:13:54, on 2006-10-03

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)


Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe

C:\PROGRA~1\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE

d:\Programy\ewido anti-malware\ewidoctrl.exe

C:\Program Files\F-Secure Internet Security\backweb\4476822\program\fsbwsys.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\MsPMSPSv.exe

C:\Program Files\Microsoft Hardware\Keyboard\type32.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9EE.EXE

C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

C:\WINDOWS\system32\ezSP_Px.exe

C:\WINDOWS\system32\CTHELPER.EXE

C:\WINDOWS\vsnpstd3.exe

C:\Program Files\F-Secure Internet Security\backweb\4476822\Program\fspex.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\AOL 9.0a\waol.exe

C:\Program Files\AOL 9.0a\shellmon.exe

C:\Program Files\Common Files\Aol\aoltpspd.exe

C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe

C:\Program Files\F-Secure Internet Security\Anti-Virus\FSGK32.EXE

C:\Program Files\F-Secure Internet Security\Anti-Virus\fssm32.exe

C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE

C:\Program Files\F-Secure Internet Security\Common\FSMB32.EXE

C:\Program Files\F-Secure Internet Security\Common\FCH32.EXE

C:\Program Files\F-Secure Internet Security\Common\FAMEH32.EXE

C:\Program Files\F-Secure Internet Security\Anti-Virus\fsqh.exe

C:\Program Files\F-Secure Internet Security\Anti-Virus\fsrw.exe

C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe

C:\Program Files\F-Secure Internet Security\Anti-Virus\fsav32.exe

C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE

C:\PROGRA~1\F-SECU~1\ANTI-S~1\fsaw.exe

C:\Program Files\F-Secure Internet Security\FSGUI\fsguidll.exe

D:\PROGRAMY\HijackThis.exe

C:\WINDOWS\explorer.exe


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.pl/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.creative.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O3 - Toolbar: (no name) - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - (no file)

O3 - Toolbar: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)

O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"

O4 - HKLM\..\Run: [EPSON Stylus CX6600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9EE.EXE /P26 "EPSON Stylus CX6600 Series" /O6 "USB001" /M "Stylus CX6600"

O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe

O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE

O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe"

O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe

O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE" /splash

O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure Internet Security\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW

O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\F-Secure Internet Security\FSGUI\FSSW.EXE" /reboot

O4 - HKCU\..\Run: [Komunikator] "C:\Program Files\Tlen.pl\tlen.exe" --confdir=home

O4 - Global Startup: AOL 9.0 Tray-Symbol.lnk = C:\Program Files\AOL 9.0a\aoltray.exe

O4 - Global Startup: F-Secure Anti-Virus 2006.lnk = C:\Program Files\F-Secure Internet Security\backweb\4476822\Program\fspex.exe

O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML

O8 - Extra context menu item: &Zablokuj to okienko - C:\Program Files\F-Secure Internet Security\Anti-Spyware\blockpopups.htm

O9 - Extra button: Osłona programu IE - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure Internet Security\Anti-Spyware\ieshield.dll

O9 - Extra 'Tools' menuitem: Osłona programu IE... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure Internet Security\Anti-Spyware\ieshield.dll

O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQ-PL\ICQLite.exe

O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQ-PL\ICQLite.exe

O14 - IERESET.INF: START_PAGE_URL=http://www.creative.com

O16 - DPF: {0585238B-9CA6-4CCB-A9B2-FE4BA495E880} (AXWebMon Control) - http://www.smilecam.com/home/ezwebcam/eng5/common/AXWebMonProj1.cab

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab

O16 - DPF: {41ACD49D-1974-791A-0981-AA9872721044} (Ganymede Board Games) - http://67.15.101.3/g_bin/pl/boards_2_0_0_24.cab

O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.de/computercheckup/qdiagcc.cab

O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe

O16 - DPF: {5A09E43F-A0A7-4ABF-AF80-11367CF1DC8F} (MainControl Class) - http://mks.com.pl/skaner/SkanerOnline.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab

O16 - DPF: {9085316E-42BA-11D4-BAA3-0080C8D7ED4A} (GameDesire JungleHunter) - http://67.15.101.3/g_bin/pl/hunter_2_0_0_19.cab

O16 - DPF: {94EB57FE-2720-496C-B33F-D9353C6E23F7} (F-Secure Online Scanner 2.1) - http://support.f-secure.com/ols/fscax.cab

O16 - DPF: {A1FE3DE0-CF77-11D4-8340-0080C8D7ED4A} (GameDesire Pinball Demon) - http://67.15.101.3/g_bin/pl/demon_2_0_0_22.cab

O16 - DPF: {AC120B1D-9411-4111-AF52-118052D85D45} (GameDesire Darts Games) - http://67.15.101.3/g_bin/pl/darts_2_0_0_31.cab

O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - http://www.trendmicro.com/spyware-scan/as4web.cab

O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsecurity.com/trojanscan/axscan.cab

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://arcade.icq.com/carlo/zuma/popcaploader_v5.cab

O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab

O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4708/mcfscan.cab

O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C2} (GameDesire Pool 9) - http://67.15.101.3/g_bin/pl/billard9_2_0_0_24.cab

O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{FFA0888C-5A4A-4564-9F67-EC5C84DE5A03}: NameServer = 205.188.146.145

O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe

O23 - Service: F-Secure Anti-Virus 2006 (BackWeb Plug-in - 4476822) - F-Secure Internet Security 2005 - C:\PROGRA~1\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE

O23 - Service: ewido security suite control - ewido networks - d:\Programy\ewido anti-malware\ewidoctrl.exe

O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe

O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure Internet Security\backweb\4476822\program\fsbwsys.exe

O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe

O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe[/quote]

Złączono Posta : 03.10.2006 (Wto) 12:14

[quote]"Silent Runners.vbs", revision 48, http://www.silentrunners.org/

Operating System: Windows XP SP2

Output limited to non-default values, except where indicated by "{++}"



Startup items buried in registry:

---------------------------------


HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}

"Komunikator" = ""C:\Program Files\Tlen.pl\tlen.exe" --confdir=home" ["o2.pl Sp. z o.o."]


HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}

"nForce Tray Options" = "sstray.exe /r" ["NVIDIA Corporation"]

"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]

"IntelliType" = ""C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"" [MS]

"EPSON Stylus CX6600 Series" = "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9EE.EXE /P26 "EPSON Stylus CX6600 Series" /O6 "USB001" /M "Stylus CX6600"" ["SEIKO EPSON CORPORATION"]

"AOLDialer" = "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" ["America Online, Inc"]

"NWEReboot" = (empty string)

"ezShieldProtector for Px" = "C:\WINDOWS\system32\ezSP_Px.exe" ["Easy Systems Japan Ltd."]

"WINDVDPatch" = "CTHELPER.EXE" ["Creative Technology Ltd"]

"UpdReg" = "C:\WINDOWS\UpdReg.EXE" ["Creative Technology Ltd."]

"Jet Detection" = ""C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe"" [empty string]

"snpstd3" = "C:\WINDOWS\vsnpstd3.exe" [empty string]

"F-Secure Manager" = ""C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE" /splash" ["F-Secure Corporation"]

"F-Secure TNB" = ""C:\Program Files\F-Secure Internet Security\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW" ["F-Secure Corporation"]

"F-Secure Startup Wizard" = ""C:\Program Files\F-Secure Internet Security\FSGUI\FSSW.EXE" /reboot" ["F-Secure Corporation"]


HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)

  -> {HKLM...CLSID} = "Adobe PDF Reader Link Helper"

                   \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]

{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)

  -> {HKLM...CLSID} = (no title provided)

                   \InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)

  -> {HKLM...CLSID} = "SSVHelper Class"

                   \InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."]

{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}\(Default) = (no title provided)

  -> {HKLM...CLSID} = "EpsonToolBandKicker Class"

                   \InProcServer32\(Default) = "C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll" ["SEIKO EPSON CORPORATION"]


HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"

  -> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"

                   \InProcServer32\(Default) = "deskpan.dll" [file not found]

"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"

  -> {HKLM...CLSID} = "HyperTerminal Icon Ext"

                   \InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]

"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"

  -> {HKLM...CLSID} = "Desktop Explorer"

                   \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]

"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"

  -> {HKLM...CLSID} = (no title provided)

                   \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]

"{1CAA843A-6DBD-40EF-AB71-8F7B209997C0}" = "IntelliType Pro Key Settings Control Panel Property Page"

  -> {HKLM...CLSID} = "ITPropertyPage Class"

                   \InProcServer32\(Default) = "C:\Program Files\Microsoft Hardware\Keyboard\itcpl.dll" [MS]

"{FEB7DAE0-E111-11D0-BFD7-444553540000}" = "ICEOWS"

  -> {HKLM...CLSID} = "Folder Iceows"

                   \InProcServer32\(Default) = "C:\WINDOWS\system32\ShellExt\IceGUI.dll" ["Raphaël MOUNIER"]

"{519297D8-1DD5-4011-813A-CDD32BDCE8DF}" = "MP3 Hint"

  -> {HKLM...CLSID} = "MP3InfoTip Object"

                   \InProcServer32\(Default) = "C:\WINDOWS\system\mp3hint.dll" ["Piotr Chodziński"]

"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"

  -> {HKLM...CLSID} = "DesktopContext Class"

                   \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]

"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"

  -> {HKLM...CLSID} = "nView Desktop Context Menu"

                   \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]

"{21569614-B795-46b1-85F4-E737A8DC09AD}" = "Shell Search Band"

  -> {HKLM...CLSID} = "Shell Search Band"

                   \InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]

"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"

  -> {HKLM...CLSID} = "NVIDIA CPL Extension"

                   \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]

"{B327765E-D724-4347-8B16-78AE18552FC3}" = "NeroDigitalIconHandler"

  -> {HKLM...CLSID} = "NeroDigitalIconHandler Class"

                   \InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\lib\NeroDigitalExt.dll" ["Nero AG"]

"{7F1CF152-04F8-453A-B34C-E609530A9DC8}" = "NeroDigitalPropSheetHandler"

  -> {HKLM...CLSID} = "NeroDigitalPropSheetHandler Class"

                   \InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\lib\NeroDigitalExt.dll" ["Nero AG"]

"{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"

  -> {HKLM...CLSID} = "Portable Media Devices"

                   \InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]

"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"

  -> {HKLM...CLSID} = "Portable Media Devices Menu"

                   \InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]

"{EE75AC21-B24F-11d3-BA80-00C0CA16AA37}" = "Siemens Device"

  -> {HKLM...CLSID} = "Siemens Device"

                   \InProcServer32\(Default) = "C:\Program Files\Mobile Phone Manager\bin\PhoneExplorer.dll" [file not found]

"{EE75AC22-B24F-11d3-BA80-00C0CA16AA37}" = "Siemens Device ContextMenuHandler"

  -> {HKLM...CLSID} = "Siemens Device ContextMenuHandler"

                   \InProcServer32\(Default) = "C:\Program Files\Mobile Phone Manager\bin\PhoneExplorer.dll" [file not found]

"{EE75AC23-B24F-11d3-BA80-00C0CA16AA37}" = "Siemens Device PropertySheetHandlers"

  -> {HKLM...CLSID} = "Siemens Device PropertySheetHandler"

                   \InProcServer32\(Default) = "C:\Program Files\Mobile Phone Manager\bin\PhoneExplorer.dll" [file not found]

"{73B24247-042E-4EF5-ADC2-42F62E6FD654}" = "ICQ Lite Shell Extension"

  -> {HKLM...CLSID} = "MCLiteShellExt Class"

                   \InProcServer32\(Default) = "C:\Program Files\ICQ-PL\ICQLiteShell.dll" [empty string]

"{e82a2d71-5b2f-43a0-97b8-81be15854de8}" = "ShellLink for Application References"

  -> {HKLM...CLSID} = "ShellLink for Application References"

                   \InProcServer32\(Default) = "C:\WINDOWS\system32\dfshim.dll" [MS]

"{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75}" = "Shell Icon Handler for Application References"

  -> {HKLM...CLSID} = "Shell Icon Handler for Application References"

                   \InProcServer32\(Default) = "C:\WINDOWS\system32\dfshim.dll" [MS]

"{57380477-F4AB-463e-8E7F-9BEBABE1B703}" = "Active@ Eraser"

  -> {HKLM...CLSID} = (no title provided)

                   \InProcServer32\(Default) = "EraserDemo.dll" ["Active Data Security Solutions"]


HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\

INFECTION WARNING! "{54D9498B-CF93-414F-8984-8CE7FDE0D391}" = "ewido shell guard"

  -> {HKLM...CLSID} = "CShellExecuteHookImpl Object"

                   \InProcServer32\(Default) = "d:\Programy\ewido anti-malware\shellhook.dll" ["TODO: "]


HKLM\Software\Classes\Folder\shellex\ColumnHandlers\

{7D4D6379-F301-4311-BEBA-E26EB0561882}\(Default) = "NeroDigitalExt.NeroDigitalColumnHandler"

  -> {HKLM...CLSID} = "NeroDigitalColumnHandler Class"

                   \InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\lib\NeroDigitalExt.dll" ["Nero AG"]

{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"

  -> {HKLM...CLSID} = "PDF Shell Extension"

                   \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]


HKLM\Software\Classes\*\shellex\ContextMenuHandlers\

Active@ Eraser\(Default) = "{57380477-F4AB-463e-8E7F-9BEBABE1B703}"

  -> {HKLM...CLSID} = (no title provided)

                   \InProcServer32\(Default) = "EraserDemo.dll" ["Active Data Security Solutions"]

ewido\(Default) = "{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E}"

  -> {HKLM...CLSID} = "Ctest Object"

                   \InProcServer32\(Default) = "d:\Programy\ewido anti-malware\context.dll" ["ewido networks"]

ICEOWS\(Default) = "{FEB7DAE0-E111-11D0-BFD7-444553540000}"

  -> {HKLM...CLSID} = "Folder Iceows"

                   \InProcServer32\(Default) = "C:\WINDOWS\system32\ShellExt\IceGUI.dll" ["Raphaël MOUNIER"]

ICQLiteMenu\(Default) = "{73B24247-042E-4EF5-ADC2-42F62E6FD654}"

  -> {HKLM...CLSID} = "MCLiteShellExt Class"

                   \InProcServer32\(Default) = "C:\Program Files\ICQ-PL\ICQLiteShell.dll" [empty string]


HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\

Active@ Eraser\(Default) = "{57380477-F4AB-463e-8E7F-9BEBABE1B703}"

  -> {HKLM...CLSID} = (no title provided)

                   \InProcServer32\(Default) = "EraserDemo.dll" ["Active Data Security Solutions"]

ewido\(Default) = "{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E}"

  -> {HKLM...CLSID} = "Ctest Object"

                   \InProcServer32\(Default) = "d:\Programy\ewido anti-malware\context.dll" ["ewido networks"]

ICEOWS\(Default) = "{FEB7DAE0-E111-11D0-BFD7-444553540000}"

  -> {HKLM...CLSID} = "Folder Iceows"

                   \InProcServer32\(Default) = "C:\WINDOWS\system32\ShellExt\IceGUI.dll" ["Raphaël MOUNIER"]

ICQLiteMenu\(Default) = "{73B24247-042E-4EF5-ADC2-42F62E6FD654}"

  -> {HKLM...CLSID} = "MCLiteShellExt Class"

                   \InProcServer32\(Default) = "C:\Program Files\ICQ-PL\ICQLiteShell.dll" [empty string]



Active Desktop and Wallpaper:

-----------------------------


Active Desktop is disabled at this entry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState


HKCU\Control Panel\Desktop\

"Wallpaper" = "C:\Documents and Settings\ogrodnik\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"



Startup items in "ogrodnik" & "All Users" startup folders:

----------------------------------------------------------


C:\Documents and Settings\All Users\Menu Start\Programy\Autostart

"AOL 9.0 Tray-Symbol" -> shortcut to: "C:\Program Files\AOL 9.0a\aoltray.exe -check" ["America Online, Inc."]

"F-Secure Anti-Virus 2006" -> shortcut to: "C:\Program Files\F-Secure Internet Security\backweb\4476822\Program\fspex.exe -startup" ["F-Secure Internet Security 2005"]



Enabled Scheduled Tasks:

------------------------


"Scheduled scanning task" -> launches: "C:\PROGRA~1\F-SECU~1\ANTI-V~1\fsav.exe /HARD /ARCHIVE /DISINF /SCHED /NOBREAK /REPORT=C:\PROGRA~1\F-SECU~1\ANTI-V~1\report.txt " ["F-Secure Corporation"]



Winsock2 Service Provider DLLs:

-------------------------------


Namespace Service Providers


HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}

000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]

000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]


Transport Service Providers


HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}

0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:

%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 26

%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05



Toolbars, Explorer Bars, Extensions:

------------------------------------


Toolbars


HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\

"{EE5D279F-081B-4404-994D-C6B60AAEBA6D}"

  -> {HKLM...CLSID} = "EPSON Web-To-Page"

                   \InProcServer32\(Default) = "C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll" ["SEIKO EPSON CORPORATION"]


HKLM\Software\Microsoft\Internet Explorer\Toolbar\

"{EE5D279F-081B-4404-994D-C6B60AAEBA6D}" = (no title provided)

  -> {HKLM...CLSID} = "EPSON Web-To-Page"

                   \InProcServer32\(Default) = "C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll" ["SEIKO EPSON CORPORATION"]


Extensions (Tools menu items, main toolbar menu buttons)


HKLM\Software\Microsoft\Internet Explorer\Extensions\

{300DB664-75B5-47C0-8B45-A44ACCF73C00}\

"ButtonText" = "Osłona programu IE"

"MenuText" = "Osłona programu IE..."

"CLSIDExtension" = "{0928F506-07E8-470c-979D-147C296D4879}"

  -> {HKLM...CLSID} = "F-Secure IE Shield COM button"

                   \InProcServer32\(Default) = "C:\Program Files\F-Secure Internet Security\Anti-Spyware\ieshield.dll" ["F-Secure Corporation"]


{B863453A-26C3-4E1F-A54D-A2CD196348E9}\

"ButtonText" = "ICQ Lite"

"MenuText" = "ICQ Lite"

"Exec" = "C:\Program Files\ICQ-PL\ICQLite.exe" ["ICQ Ltd."]



Miscellaneous IE Hijack Points

------------------------------


C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings")


Added lines (compared with English-language version):

[Strings]: START_PAGE_URL=http://www.creative.com


Missing lines (compared with English-language version):

[Strings]: 1 line



Running Services (Display Name, Service Name, Path {Service DLL}):

------------------------------------------------------------------


AOL Connectivity Service, AOL ACS, ""C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe"" ["America Online, Inc."]

ewido security suite control, ewido security suite control, "d:\Programy\ewido anti-malware\ewidoctrl.exe" ["ewido networks"]

F-Secure Anti-Virus 2006, BackWeb Plug-in - 4476822, "C:\PROGRA~1\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE" ["F-Secure Internet Security 2005"]

F-Secure Anti-Virus Firewall Daemon, FSDFWD, ""C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe"" ["F-Secure Corporation"]

F-Secure Management Agent, FSMA, ""C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE"" ["F-Secure Corporation"]

fsbwsys, fsbwsys, ""C:\Program Files\F-Secure Internet Security\backweb\4476822\program\fsbwsys.exe"" ["F-Secure Corp."]

FSGKHS, F-Secure Gatekeeper Handler Starter, ""C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe"" ["F-Secure Corporation"]

NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"]

Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]

WMDM PMSP Service, WMDM PMSP Service, "C:\WINDOWS\system32\MsPMSPSv.exe" [MS]



Keyboard Driver Filters:

------------------------


HKLM\System\CurrentControlSet\Control\Class\{4D36E96B-E325-11CE-BFC1-08002BE10318}\

"UpperFilters" = INFECTION WARNING! "DumaNT" ["Windows (R) 2000 DDK provider"]



Print Monitors:

---------------


HKLM\System\CurrentControlSet\Control\Print\Monitors\

avm:\Driver = "avmprmon.dll" ["AVM Berlin GmbH"]

EPSON Stylus CX6600 Series 2KMonitor5E\Driver = "E_FLM9EE.DLL" ["SEIKO EPSON CORPORATION"]



----------

+ This report excludes default entries except where indicated.

+ To see *everywhere* the script checks and *everything* it finds,

  launch it from a command prompt or a shortcut with the -all parameter.

+ To search all directories of local fixed drives for DESKTOP.INI

  DLL launch points and all Registry CLSIDs for dormant Explorer Bars,

  use the -supp parameter or answer "No" at the first message box.

---------- (total run time: 34 seconds, including 5 seconds for message boxes)[/quote]

Złączono Posta : 03.10.2006 (Wto) 12:40

Chciałem jeszcze dodac ze jak otwieram moj komputer to wszystko sie muli i wyskakuje ze wystapil problem z explorer.exe i musi on byc zamkniety.W podgladzie zdarzen jest napisane:Aplikacja powodujaca blad explorer.exe,wersja 6.0.2900.2180,moduł powodujący błąd divx_c32.ax,wesja 4.1.0.3917,adres błędu 0x000219b0.