04.04.2008, 22:33
Witam,
Od pewnego czasu, zawsze o północy, samoczynnie otwiera mi się katalog ''system32''.
Ponadto jakiś syf udaje Nortona i co jakiś czas sam się odpala próbując robić skanowanie. Nie przypominam sobie, żebym kiedykolwiek instalowała Nortona.
Dzięki za pomoc.
Od pewnego czasu, zawsze o północy, samoczynnie otwiera mi się katalog ''system32''.
Ponadto jakiś syf udaje Nortona i co jakiś czas sam się odpala próbując robić skanowanie. Nie przypominam sobie, żebym kiedykolwiek instalowała Nortona.
Dzięki za pomoc.
Kod:
Logfile of HijackThis v1.99.1
Scan saved at 22:16:42, on 2008-04-04
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe
C:Program FilesAlwil SoftwareAvast4ashServ.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe
C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE
C:Program FilesSystemGuards.comSystemGuardssgScheduleService.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe
C:Program FilesAlwil SoftwareAvast4ashWebSv.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSExplorer.EXE
C:PROGRA~1ALWILS~1Avast4ashDisp.exe
C:Program FilesNokiaNokia Software LauncherNSLauncher.exe
C:Program FilesJavajre1.6.0_02binjusched.exe
C:Program FilesCommon FilesRealUpdate_OBrealsched.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesCommon FilesPCSuiteServicesServiceLayer.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesKodakKODAK Software Updater7288971ProgramKodak Software Updater.exe
C:Program FilesKodakKodak EasyShare softwarebinEasyShare.exe
C:Program FilesOperaOpera.exe
D:instalkiHJHijackThis.exe
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.onet.pl/
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.html
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sp/*http://uk.search.yahoo.com/
R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = 127.0.0.1
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:Program FilesYahoo!CompanionInstallscpn0yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:Program FilesYahoo!CompanionInstallscpn0yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll
O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:Program FilesWinamp Toolbarwinamptb.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:Program FilesBitComettoolsBitCometBHO_1.1.7.4.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:PROGRA~1SPYBOT~1SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:PROGRA~1Yahoo!Commonyiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre1.6.0_02binssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:Program FilesCommon FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:Program FilesAskSBarbar1.binASKSBAR.DLL
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:Program FilesYahoo!browserYSidebarIEBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:Program FilesYahoo!CompanionInstallscpn0yt.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:Program FilesWinamp Toolbarwinamptb.dll
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:Program FilesAskSBarbar1.binASKSBAR.DLL
O4 - HKLM..Run: [avast!] C:PROGRA~1ALWILS~1Avast4ashDisp.exe
O4 - HKLM..Run: [NSLauncher] C:Program FilesNokiaNokia Software LauncherNSLauncher.exe /startup
O4 - HKLM..Run: [Adobe Reader Speed Launcher] "C:Program FilesAdobeReader 8.0ReaderReader_sl.exe"
O4 - HKLM..Run: [SunJavaUpdateSched] "C:Program FilesJavajre1.6.0_02binjusched.exe"
O4 - HKLM..Run: [QuickTime Task] "C:Program FilesQuickTimeQTTask.exe" -atboottime
O4 - HKLM..Run: [Onet.pl AutoUpdate] "C:Program FilesCommon FilesOnet.plAutoUpdate.exe" /tsr
O4 - HKLM..Run: [System Guards] C:Program FilesSystemGuards.comSystemGuardsSysGuards.exe
O4 - HKLM..Run: [TkBellExe] "C:Program FilesCommon FilesRealUpdate_OBrealsched.exe"-osboot
O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 - HKCU..Run: [AdobeUpdater] C:Program FilesCommon FilesAdobeUpdater5AdobeUpdater.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:Program FilesKodakKODAK Software Updater7288971ProgramKodak Software Updater.exe
O4 - Global Startup: Oprogramowanie Kodak EasyShare.lnk = C:Program FilesKodakKodak EasyShare softwarebinEasyShare.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:Program FilesBitCometBitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:Program FilesBitCometBitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:Program FilesBitCometBitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Winamp Toolbar Search - C:Documents and SettingsAll UsersDane aplikacjiWinamp ToolbarieToolbarresourcesen-USlocalsearch.html
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:PROGRA~1MICROS~2Office10EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_02binssv.dll
O9 - Extra ''Tools'' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_02binssv.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:Program FilesBitComettoolsBitCometBHO_1.1.7.4.dll
O9 - Extra button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:PROGRA~1Yahoo!Commonyiesrvc.dll
O15 - Trusted Zone: http://www.mks.com.pl
O15 - Trusted Zone: http://bezpieczenstwo.onet.pl
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:Program FilesYahoo!commonyinsthelper.dll
O16 - DPF: {3D8700FB-86A4-4CB4-B738-6F0FC016AC7D} (MainControl Class) - http://slimak.onet.pl/_m/wirusy/ArcaOnline.cab
O16 - DPF: {5A09E43F-A0A7-4ABF-AF80-11367CF1DC8F} - http://mks.com.pl/skaner/SkanerOnline.cab
O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} - http://www.mks.com.pl/skaner/SkanerOnline.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:PROGRA~1MSNMES~1MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:PROGRA~1MSNMES~1MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:PROGRA~1COMMON~1SkypeSKYPE4~1.DLL
O20 - Winlogon Notify: WgaLogon - WgaLogon.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:WINDOWSsystem32WPDShServiceObj.dll
O23 - Service: Urządzenie mobilne Apple (Apple Mobile Device) - Apple, Inc. - C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:WINDOWSsystem32Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:Program FilesAlwil SoftwareAvast4ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:Program FilesAlwil SoftwareAvast4ashWebSv.exe" /service (file missing)
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:Program FilesSpyware Doctorsvcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:Program FilesSpyware Doctorswdsvc.exe
O23 - Service: ServiceLayer - Nokia. - C:Program FilesCommon FilesPCSuiteServicesServiceLayer.exe
O23 - Service: sgSchedulerService - Unknown owner - C:Program FilesSystemGuards.comSystemGuardssgScheduleService.exe
O23 - Service: YPCService - Yahoo! Inc. - C:WINDOWSsystem32YPCSER~1.EXE
Kod:
"Silent Runners.vbs", revision 56, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKCUSoftwareMicrosoftWindowsCurrentVersionRun {++}
"ctfmon.exe" = "C:WINDOWSsystem32ctfmon.exe" [MS]
"AdobeUpdater" = "C:Program FilesCommon FilesAdobeUpdater5AdobeUpdater.exe" ["Adobe Systems Incorporated"]
HKLMSOFTWAREMicrosoftWindowsCurrentVersionRun {++}
"avast!" = "C:PROGRA~1ALWILS~1Avast4ashDisp.exe" ["ALWIL Software"]
"NSLauncher" = "C:Program FilesNokiaNokia Software LauncherNSLauncher.exe /startup" [null data]
"Adobe Reader Speed Launcher" = ""C:Program FilesAdobeReader 8.0ReaderReader_sl.exe"" ["Adobe Systems Incorporated"]
"SunJavaUpdateSched" = ""C:Program FilesJavajre1.6.0_02binjusched.exe"" ["Sun Microsystems, Inc."]
"QuickTime Task" = ""C:Program FilesQuickTimeQTTask.exe" -atboottime" ["Apple Inc."]
"Onet.pl AutoUpdate" = ""C:Program FilesCommon FilesOnet.plAutoUpdate.exe" /tsr" [file not found]
"System Guards" = "C:Program FilesSystemGuards.comSystemGuardsSysGuards.exe" ["SystemGuards.com"]
"TkBellExe" = ""C:Program FilesCommon FilesRealUpdate_OBrealsched.exe"-osboot" ["RealNetworks, Inc."]
HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects
{02478D38-C3F9-4EFB-9B51-7695ECA05670}(Default) = (no title provided)
-> {HKLM...CLSID} = "Yahoo! Toolbar Helper"
InProcServer32(Default) = "C:Program FilesYahoo!CompanionInstallscpn0yt.dll" ["Yahoo! Inc."]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided)
-> {HKLM...CLSID} = "Adobe PDF Reader Link Helper"
InProcServer32(Default) = "C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll" ["Adobe Systems Incorporated"]
{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}(Default) = "Winamp Toolbar BHO"
-> {HKLM...CLSID} = "Winamp Toolbar BHO"
InProcServer32(Default) = "C:Program FilesWinamp Toolbarwinamptb.dll" ["AOL LLC"]
{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}(Default) = "BitComet ClickCapture"
-> {HKLM...CLSID} = "BitComet Helper"
InProcServer32(Default) = "C:Program FilesBitComettoolsBitCometBHO_1.1.7.4.dll" ["BitComet"]
{53707962-6F74-2D53-2644-206D7942484F}(Default) = (no title provided)
-> {HKLM...CLSID} = (no title provided)
InProcServer32(Default) = "C:PROGRA~1SPYBOT~1SDHelper.dll" ["Safer Networking Limited"]
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}(Default) = (no title provided)
-> {HKLM...CLSID} = "Yahoo! IE Services Button"
InProcServer32(Default) = "C:PROGRA~1Yahoo!Commonyiesrvc.dll" ["Yahoo! Inc."]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}(Default) = (no title provided)
-> {HKLM...CLSID} = "SSVHelper Class"
InProcServer32(Default) = "C:Program FilesJavajre1.6.0_02binssv.dll" ["Sun Microsystems, Inc."]
{9030D464-4C02-4ABF-8ECC-5164760863C6}(Default) = (no title provided)
-> {HKLM...CLSID} = "Windows Live Sign-in Helper"
InProcServer32(Default) = "C:Program FilesCommon FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll" [MS]
{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}(Default) = "Ask Toolbar BHO"
-> {HKLM...CLSID} = "Ask Toolbar BHO"
InProcServer32(Default) = "C:Program FilesAskSBarbar1.binASKSBAR.DLL" ["Ask.com"]
{F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D}(Default) = (no title provided)
-> {HKLM...CLSID} = "SidebarAutoLaunch Class"
InProcServer32(Default) = "C:Program FilesYahoo!browserYSidebarIEBHO.dll" ["Yahoo! Inc."]
HKLMSOFTWAREMicrosoftWindowsCurrentVersionShell ExtensionsApproved
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"
-> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"
InProcServer32(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
InProcServer32(Default) = "C:WINDOWSSystem32hticons.dll" ["Hilgraeve, Inc."]
"{2F603045-309F-11CF-9774-0020AFD0CFF6}" = "Synaptics Control Panel"
-> {HKLM...CLSID} = (no title provided)
InProcServer32(Default) = "C:Program FilesSynapticsSynTPSynTPCpl.dll" ["Synaptics, Inc."]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"
-> {HKLM...CLSID} = "Rozszerzenie ikon plików programu Outlook"
InProcServer32(Default) = "C:Program FilesMicrosoft OfficeOffice10OLKFSTUB.DLL" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
InProcServer32(Default) = "C:Program FilesMicrosoft OfficeOffice10msohev.dll" [MS]
"{20082881-FC36-4E47-9A7A-644C95FF749F}" = "IntelliPoint Wireless Control Panel Property Page"
-> {HKLM...CLSID} = "Wireless Property Page"
InProcServer32(Default) = ""C:Program FilesMicrosoft IntelliPointipcplwir.dll"" [MS]
"{AF90F543-6A3A-4C1B-8B16-ECEC073E69BE}" = "IntelliPoint Wheel Control Panel Property Page"
-> {HKLM...CLSID} = "Wheel Property Page"
InProcServer32(Default) = ""C:Program FilesMicrosoft IntelliPointipcplwhl.dll"" [MS]
"{653DCCC2-13DB-45B2-A389-427885776CFE}" = "IntelliPoint Activities Control Panel Property Page"
-> {HKLM...CLSID} = "Activities Property Page"
InProcServer32(Default) = ""C:Program FilesMicrosoft IntelliPointipcplact.dll"" [MS]
"{124597D8-850A-41AE-849C-017A4FA99CA2}" = "IntelliPoint Buttons Control Panel Property Page"
-> {HKLM...CLSID} = "Buttons Property Page"
InProcServer32(Default) = ""C:Program FilesMicrosoft IntelliPointipcplbtn.dll"" [MS]
"{400CFEE2-39D0-46DC-96DF-E0BB5A4324B3}" = "My Labtec Pictures"
-> {HKLM...CLSID} = "My Labtec Pictures"
InProcServer32(Default) = "C:Program FilesLogitechVideoNamespc2.dll" ["Labtec Inc."]
"{E0D79300-84BE-11CE-9641-444553540000}" = "WinZip"
-> {HKLM...CLSID} = "WinZip"
InProcServer32(Default) = "C:PROGRA~1WinZipwzshlext.dll" [null data]
"{E0D79301-84BE-11CE-9641-444553540000}" = "WinZip"
-> {HKLM...CLSID} = "WinZip"
InProcServer32(Default) = "C:PROGRA~1WinZipwzshlext.dll" [null data]
"{E0D79302-84BE-11CE-9641-444553540000}" = "WinZip"
-> {HKLM...CLSID} = "WinZip"
InProcServer32(Default) = "C:PROGRA~1WinZipwzshlext.dll" [null data]
"{B327765E-D724-4347-8B16-78AE18552FC3}" = "NeroDigitalIconHandler"
-> {HKLM...CLSID} = "NeroDigitalIconHandler Class"
InProcServer32(Default) = "C:Program FilesCommon FilesAheadlibNeroDigitalExt.dll" ["Nero AG"]
"{7F1CF152-04F8-453A-B34C-E609530A9DC8}" = "NeroDigitalPropSheetHandler"
-> {HKLM...CLSID} = "NeroDigitalPropSheetHandler Class"
InProcServer32(Default) = "C:Program FilesCommon FilesAheadlibNeroDigitalExt.dll" ["Nero AG"]
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
-> {HKLM...CLSID} = "RealOne Player Context Menu Class"
InProcServer32(Default) = "C:Program FilesRealRealPlayerrpshell.dll" ["RealNetworks, Inc."]
"{967B2D40-8B7D-4127-9049-61EA0C2C6DCE}" = "PowerISO"
-> {HKLM...CLSID} = "PowerISO"
InProcServer32(Default) = "C:Program FilesPowerISOPWRISOSH.DLL" ["PowerISO Computing, Inc."]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
InProcServer32(Default) = "C:Program FilesWinRARrarext.dll" [null data]
"{5464D816-CF16-4784-B9F3-75C0DB52B499}" = "Yahoo! Mail"
-> {HKLM...CLSID} = "YMailShellExt Class"
InProcServer32(Default) = "C:PROGRA~1Yahoo!Commonymmapi.dll" ["Yahoo! Inc."]
"{472083B0-C522-11CF-8763-00608CC02F24}" = "avast"
-> {HKLM...CLSID} = "avast"
InProcServer32(Default) = "C:Program FilesAlwil SoftwareAvast4ashShell.dll" ["ALWIL Software"]
"{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D}" = "Messenger Sharing Folders"
-> {HKLM...CLSID} = "Moje foldery udostępniania"
InProcServer32(Default) = "C:Program FilesMSN Messengerfsshext.8.1.0178.00.dll" [MS]
"{416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A}" = "PhoneBrowser"
-> {HKLM...CLSID} = "Nokia Phone Browser"
InProcServer32(Default) = "C:Program FilesNokiaNokia PC Suite 6PhoneBrowser.dll" ["Nokia"]
HKLMSOFTWAREMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoad
"WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
-> {HKLM...CLSID} = "WPDShServiceObj Class"
InProcServer32(Default) = "C:WINDOWSsystem32WPDShServiceObj.dll" [MS]
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotify
<<!>> AtiExtEventDLLName = "Ati2evxx.dll" ["ATI Technologies Inc."]
HKLMSOFTWAREClassesFoldershellexColumnHandlers
{7D4D6379-F301-4311-BEBA-E26EB0561882}(Default) = "NeroDigitalExt.NeroDigitalColumnHandler"
-> {HKLM...CLSID} = "NeroDigitalColumnHandler Class"
InProcServer32(Default) = "C:Program FilesCommon FilesAheadlibNeroDigitalExt.dll" ["Nero AG"]
{F9DB5320-233E-11D1-9F84-707F02C10627}(Default) = "PDF Column Info"
-> {HKLM...CLSID} = "PDF Shell Extension"
InProcServer32(Default) = "C:Program FilesCommon FilesAdobeAcrobatActiveXPDFShell.dll" ["Adobe Systems, Inc."]
HKLMSOFTWAREClasses*shellexContextMenuHandlers
avast(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
-> {HKLM...CLSID} = "avast"
InProcServer32(Default) = "C:Program FilesAlwil SoftwareAvast4ashShell.dll" ["ALWIL Software"]
PowerISO(Default) = "{967B2D40-8B7D-4127-9049-61EA0C2C6DCE}"
-> {HKLM...CLSID} = "PowerISO"
InProcServer32(Default) = "C:Program FilesPowerISOPWRISOSH.DLL" ["PowerISO Computing, Inc."]
WinRAR(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
InProcServer32(Default) = "C:Program FilesWinRARrarext.dll" [null data]
WinZip(Default) = "{E0D79300-84BE-11CE-9641-444553540000}"
-> {HKLM...CLSID} = "WinZip"
InProcServer32(Default) = "C:PROGRA~1WinZipwzshlext.dll" [null data]
Yahoo! Mail(Default) = "{5464D816-CF16-4784-B9F3-75C0DB52B499}"
-> {HKLM...CLSID} = "YMailShellExt Class"
InProcServer32(Default) = "C:PROGRA~1Yahoo!Commonymmapi.dll" ["Yahoo! Inc."]
HKLMSOFTWAREClassesDirectoryshellexContextMenuHandlers
PowerISO(Default) = "{967B2D40-8B7D-4127-9049-61EA0C2C6DCE}"
-> {HKLM...CLSID} = "PowerISO"
InProcServer32(Default) = "C:Program FilesPowerISOPWRISOSH.DLL" ["PowerISO Computing, Inc."]
WinRAR(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
InProcServer32(Default) = "C:Program FilesWinRARrarext.dll" [null data]
WinZip(Default) = "{E0D79300-84BE-11CE-9641-444553540000}"
-> {HKLM...CLSID} = "WinZip"
InProcServer32(Default) = "C:PROGRA~1WinZipwzshlext.dll" [null data]
HKLMSOFTWAREClassesFoldershellexContextMenuHandlers
avast(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
-> {HKLM...CLSID} = "avast"
InProcServer32(Default) = "C:Program FilesAlwil SoftwareAvast4ashShell.dll" ["ALWIL Software"]
PowerISO(Default) = "{967B2D40-8B7D-4127-9049-61EA0C2C6DCE}"
-> {HKLM...CLSID} = "PowerISO"
InProcServer32(Default) = "C:Program FilesPowerISOPWRISOSH.DLL" ["PowerISO Computing, Inc."]
WinRAR(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
InProcServer32(Default) = "C:Program FilesWinRARrarext.dll" [null data]
WinZip(Default) = "{E0D79300-84BE-11CE-9641-444553540000}"
-> {HKLM...CLSID} = "WinZip"
InProcServer32(Default) = "C:PROGRA~1WinZipwzshlext.dll" [null data]
Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------
Note: detected settings may not have any effect.
HKLMSOFTWAREMicrosoftWindowsCurrentVersionPoliciesSystem
"shutdownwithoutlogon" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}
"undockwithoutlogon" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}
Active Desktop and Wallpaper:
-----------------------------
Active Desktop may be disabled at this entry:
HKCUSoftwareMicrosoftWindowsCurrentVersionExplorerShellState
Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCUSoftwareMicrosoftInternet ExplorerDesktopGeneral
"Wallpaper" = "C:WINDOWSsystem32configsystemprofileUstawienia lokalneDane aplikacjiMicrosoftWallpaper1.bmp"
Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCUControl PanelDesktop
"Wallpaper" = "C:Documents and SettingsDominikaUstawienia lokalneDane aplikacjiMicrosoftWallpaper1.bmp"
Startup items in "Dominika" & "All Users" startup folders:
----------------------------------------------------------
C:Documents and SettingsAll UsersMenu StartProgramyAutostart
"KODAK Software Updater" -> shortcut to: "C:Program FilesKodakKODAK Software Updater7288971ProgramKodak Software Updater.exe" [null data]
"Oprogramowanie Kodak EasyShare" -> shortcut to: "C:Program FilesKodakKodak EasyShare softwarebinEasyShare.exe -hx" ["Eastman Kodak Company"]
Enabled Scheduled Tasks:
------------------------
"AppleSoftwareUpdate" -> launches: "C:Program FilesApple Software UpdateSoftwareUpdate.exe -task" ["Apple Inc."]
"Norton Security Scan" -> launches: "C:Program FilesNorton Security ScanNss.exe /scan-full /scheduled" ["Symantec Corporation"]
Winsock2 Service Provider DLLs:
-------------------------------
Namespace Service Providers
HKLMSYSTEMCurrentControlSetServicesWinsock2ParametersNameSpace_Catalog5Catalog_Entries {++}
000000000001LibraryPath = "%SystemRoot%System32mswsock.dll" [MS]
000000000002LibraryPath = "%SystemRoot%System32winrnr.dll" [MS]
000000000003LibraryPath = "%SystemRoot%System32mswsock.dll" [MS]
Transport Service Providers
HKLMSYSTEMCurrentControlSetServicesWinsock2ParametersProtocol_Catalog9Catalog_Entries {++}
0000000000##PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%system32mswsock.dll [MS], 01 - 03, 06 - 17
%SystemRoot%system32rsvpsp.dll [MS], 04 - 05
Toolbars, Explorer Bars, Extensions:
------------------------------------
Toolbars
HKCUSoftwareMicrosoftInternet ExplorerToolbarWebBrowser
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"
-> {HKLM...CLSID} = "Yahoo! Toolbar"
InProcServer32(Default) = "C:Program FilesYahoo!CompanionInstallscpn0yt.dll" ["Yahoo! Inc."]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"
-> {HKLM...CLSID} = "Winamp Toolbar"
InProcServer32(Default) = "C:Program FilesWinamp Toolbarwinamptb.dll" ["AOL LLC"]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"
-> {HKLM...CLSID} = "Ask Toolbar"
InProcServer32(Default) = "C:Program FilesAskSBarbar1.binASKSBAR.DLL" ["Ask.com"]
HKLMSOFTWAREMicrosoftInternet ExplorerToolbar
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" = (no title provided)
-> {HKLM...CLSID} = "Yahoo! Toolbar"
InProcServer32(Default) = "C:Program FilesYahoo!CompanionInstallscpn0yt.dll" ["Yahoo! Inc."]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}" = "Winamp Toolbar"
-> {HKLM...CLSID} = "Winamp Toolbar"
InProcServer32(Default) = "C:Program FilesWinamp Toolbarwinamptb.dll" ["AOL LLC"]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}" = (no title provided)
-> {HKLM...CLSID} = "Ask Toolbar"
InProcServer32(Default) = "C:Program FilesAskSBarbar1.binASKSBAR.DLL" ["Ask.com"]
Explorer Bars
HKLMSOFTWAREMicrosoftInternet ExplorerExplorer Bars
HKLMSOFTWAREClassesCLSID{51085E3D-A958-42A2-A6BE-A6A9B0BAF276}(Default) = "BT Yahoo! Sidebar"
Implemented Categories{00021493-0000-0000-C000-000000000046} [vertical bar]
InProcServer32(Default) = "C:Program FilesYahoo!browserysidebarIE.dll" ["Yahoo! Inc."]
HKLMSOFTWAREClassesCLSID{E7A829CC-671F-4C3D-B590-8C0AEA72E6B2}(Default) = "BitComet Search"
Implemented Categories{00021493-0000-0000-C000-000000000046} [vertical bar]
InProcServer32(Default) = "C:Program FilesBitComettoolsBitCometBHO_1.1.7.4.dll" ["BitComet"]
Extensions (Tools menu items, main toolbar menu buttons)
HKLMSOFTWAREMicrosoftInternet ExplorerExtensions
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC}"
-> {HKCU...CLSID} = "Java Plug-in 1.6.0_02"
InProcServer32(Default) = "C:Program FilesJavajre1.6.0_02binssv.dll" ["Sun Microsystems, Inc."]
-> {HKLM...CLSID} = "Java Plug-in 1.6.0_02"
InProcServer32(Default) = "C:Program FilesJavajre1.6.0_02binnpjpi160_02.dll" ["Sun Microsystems, Inc."]
{461CC20B-FB6E-4F16-8FE8-C29359DB100E}
"ButtonText" = "BitComet Search"
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}
"ButtonText" = "BT Yahoo! Services"
"CLSIDExtension" = "{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}"
-> {HKLM...CLSID} = "Yahoo! IE Services Button"
InProcServer32(Default) = "C:PROGRA~1Yahoo!Commonyiesrvc.dll" ["Yahoo! Inc."]
Miscellaneous IE Hijack Points
------------------------------
HKCUSoftwareMicrosoftInternet ExplorerURLSearchHooks
<<H>> "{EF99BD32-C1FB-11D2-892F-0090271D4F88}" = (no title provided)
-> {HKLM...CLSID} = "Yahoo! Toolbar"
InProcServer32(Default) = "C:Program FilesYahoo!CompanionInstallscpn0yt.dll" ["Yahoo! Inc."]
Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------
Ati HotKey Poller, Ati HotKey Poller, "C:WINDOWSsystem32Ati2evxx.exe" ["ATI Technologies Inc."]
avast! Antivirus, avast! Antivirus, ""C:Program FilesAlwil SoftwareAvast4ashServ.exe"" ["ALWIL Software"]
avast! iAVS4 Control Service, aswUpdSv, ""C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe"" ["ALWIL Software"]
avast! Mail Scanner, avast! Mail Scanner, ""C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe" /service" ["ALWIL Software"]
avast! Web Scanner, avast! Web Scanner, ""C:Program FilesAlwil SoftwareAvast4ashWebSv.exe" /service" ["ALWIL Software"]
Machine Debug Manager, MDM, ""C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE"" [MS]
ServiceLayer, ServiceLayer, ""C:Program FilesCommon FilesPCSuiteServicesServiceLayer.exe"" ["Nokia."]
sgSchedulerService, sgSchedulerService, "C:Program FilesSystemGuards.comSystemGuardssgScheduleService.exe" [null data]
Urządzenie mobilne Apple, Apple Mobile Device, ""C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe"" ["Apple, Inc."]
---------- (launch time: 2008-04-04 22:17:15)
<<!>>: Suspicious data at a malware launch point.
<<H>>: Suspicious data at a browser hijack point.
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
took 150 seconds.
---------- (total run time: 233 seconds)