zlob.aty , restart kompa. log control

[andrzejek71]

Kod: Zaznacz wszystko

Logfile of HijackThis v1.99.1
Scan saved at 17:52:57, on 2006-11-24
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\csrss.exe
D:\WINDOWS\SYSTEM32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\savedump.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
D:\Program Files\Alwil Software\Avast4\ashServ.exe
D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\WINDOWS\System32\RUNDLL32.EXE
D:\Program Files\Winamp\winampa.exe
D:\WINDOWS\System32\LVCOMSX.EXE
D:\Program Files\ewido anti-spyware 4.0\guard.exe
D:\Program Files\Gadu-Gadu\gg.exe
D:\WINDOWS\System32\nvsvc32.exe
D:\WINDOWS\System32\wdfmgr.exe
D:\Program Files\Opera\Opera.exe
D:\Program Files\eMule\emule.exe
D:\PROGRA~1\INCRED~1\bin\IMApp.exe
D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
D:\WINDOWS\System32\wuauclt.exe
D:\Documents and Settings\Andrzej\Moje dokumenty\Nowy folder\hijackthis\HijackThis.exe

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WinampAgent] D:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [LVCOMSX] D:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [CloneCDTray] "D:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKCU\..\Run: [Gadu-Gadu] "D:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [IncrediMail] D:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - Startup: eMule.lnk = D:\Program Files\eMule\emule.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - D:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O16 - DPF: {1A781DED-C22D-4153-3213-A3211E29DF13} (GameDesire Card Games) - http://67.15.101.3/g_bin/pl/cards_2_0_0_71.cab
O16 - DPF: {41ACD49D-1974-791A-0981-AA9872721044} (Ganymede Board Games) - http://67.15.101.3/g_bin/pl/boards_2_0_0_30.cab
O16 - DPF: {4B4513E2-4E57-43DF-9496-FCD37E9DFA64} (GameDesire Sea Battle) - http://67.15.101.3/g_bin/pl/navy_2_0_0_23.cab
O16 - DPF: {5A09E43F-A0A7-4ABF-AF80-11367CF1DC8F} (MainControl Class) - http://mks.com.pl/skaner/SkanerOnline.cab
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {BFA1F11D-3121-AFE1-4112-983219421AEF} (GameDesire 1Player Word Games) - http://67.15.101.3/g_bin/pl/wordssingle_2_0_0_43.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Web Scanner - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Strażnik AVK (AVKWCtl) - G DATA Software AG - (no file)
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - D:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum - D:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe

"Silent Runners.vbs", revision 46, http://www.silentrunners.org/
Operating System: Windows XP
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"Gadu-Gadu" = ""D:\Program Files\Gadu-Gadu\gg.exe" /tray" ["Gadu-Gadu Sp. z oo"]
"IncrediMail" = "D:\Program Files\IncrediMail\bin\IncMail.exe /c" ["IncrediMail, Ltd."]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"Cmaudio" = "RunDll32 cmicnfg.cpl,CMICtrlWnd" [MS]
"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]
"avast!" = "D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [null data]
"NvCplDaemon" = "RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup" [MS]
"NvMediaCenter" = "RUNDLL32.EXE D:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit" [MS]
"NeroFilterCheck" = "D:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]
"WinampAgent" = "D:\Program Files\Winamp\winampa.exe" [null data]
"LVCOMSX" = "D:\WINDOWS\System32\LVCOMSX.EXE" ["Logitech Inc."]
"CloneCDTray" = ""D:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s" ["SlySoft, Inc."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
  -> {HKLM...CLSID} = (no title provided)
                   \InProcServer32\(Default) = "D:\Program Files\Spybot - Search & Destroy\SDHelper.dll" ["Safer Networking Limited"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
  -> {HKLM...CLSID} = "WinRAR"
                   \InProcServer32\(Default) = "D:\Program Files\WinRAR\rarext.dll" [null data]
"{52B87208-9CCF-42C9-B88E-069281105805}" = "Trojan Remover Shell Extension"
  -> {HKLM...CLSID} = "Trojan Remover Shell Extension"
                   \InProcServer32\(Default) = "D:\PROGRA~1\TROJAN~1\Trshlex.dll" ["Simply Super Software"]
"{400CFEE2-39D0-46DC-96DF-E0BB5A4324B3}" = "My Logitech Pictures"
  -> {HKLM...CLSID} = "My Logitech Pictures"
                   \InProcServer32\(Default) = "D:\Program Files\Logitech\Video\Namespc2.dll" ["Logitech Inc."]
"{2D7E38A6-A604-45AE-9A87-4F5F25760650}" = "USBExtExt Extension"
  -> {HKLM...CLSID} = "USBExt Class"
                   \InProcServer32\(Default) = "D:\WINDOWS\System32\winsdrv.dll" [null data]
"{D3796116-94D3-4009-96D7-51578411CC7D}" = "Outpost Shell Extension"
  -> {HKLM...CLSID} = "oshdlr.ShellHandler"
                   \InProcServer32\(Default) = "D:\PROGRA~1\Agnitum\OUTPOS~1.0\oshdlr.dll" ["Agnitum Ltd."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
INFECTION WARNING! "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}" = "ewido anti-spyware 4.0"
  -> {HKLM...CLSID} = "CShellExecuteHookImpl Object"
                   \InProcServer32\(Default) = "D:\Program Files\ewido anti-spyware 4.0\shellexecutehook.dll" [file not found]

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\
INFECTION WARNING! "System" = "kdanj.exe" [null data]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
  -> {HKLM...CLSID} = "avast"
                   \InProcServer32\(Default) = "D:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
CopyToCD\(Default) = "{2AA59FC0-31E8-42DA-9D3C-E9A52953853B}"
  -> {HKLM...CLSID} = "CopyToCD shell extension"
                   \InProcServer32\(Default) = "D:\PROGRA~1\VSO\COPYTO~1\CTCDSH~1.DLL" ["VSO Software"]
ewido anti-spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"
  -> {HKLM...CLSID} = "CContextScan Object"
                   \InProcServer32\(Default) = "D:\Program Files\ewido anti-spyware 4.0\context.dll" ["Anti-Malware Development a.s."]
IMMenuShellExt\(Default) = "{F8984111-38B6-11D5-8725-0050DA2761C4}"
  -> {HKLM...CLSID} = "IMMenuShellExt Class"
                   \InProcServer32\(Default) = "D:\Program Files\IncrediMail\bin\IMShExt.dll" ["IncrediMail, Ltd."]
Trojan Remover\(Default) = "{52B87208-9CCF-42C9-B88E-069281105805}"
  -> {HKLM...CLSID} = "Trojan Remover Shell Extension"
                   \InProcServer32\(Default) = "D:\PROGRA~1\TROJAN~1\Trshlex.dll" ["Simply Super Software"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
  -> {HKLM...CLSID} = "WinRAR"
                   \InProcServer32\(Default) = "D:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
CopyToCD\(Default) = "{2AA59FC0-31E8-42DA-9D3C-E9A52953853B}"
  -> {HKLM...CLSID} = "CopyToCD shell extension"
                   \InProcServer32\(Default) = "D:\PROGRA~1\VSO\COPYTO~1\CTCDSH~1.DLL" ["VSO Software"]
ewido anti-spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"
  -> {HKLM...CLSID} = "CContextScan Object"
                   \InProcServer32\(Default) = "D:\Program Files\ewido anti-spyware 4.0\context.dll" ["Anti-Malware Development a.s."]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
  -> {HKLM...CLSID} = "WinRAR"
                   \InProcServer32\(Default) = "D:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
  -> {HKLM...CLSID} = "avast"
                   \InProcServer32\(Default) = "D:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
CopyToCD\(Default) = "{2AA59FC0-31E8-42DA-9D3C-E9A52953853B}"
  -> {HKLM...CLSID} = "CopyToCD shell extension"
                   \InProcServer32\(Default) = "D:\PROGRA~1\VSO\COPYTO~1\CTCDSH~1.DLL" ["VSO Software"]
Trojan Remover\(Default) = "{52B87208-9CCF-42C9-B88E-069281105805}"
  -> {HKLM...CLSID} = "Trojan Remover Shell Extension"
                   \InProcServer32\(Default) = "D:\PROGRA~1\TROJAN~1\Trshlex.dll" ["Simply Super Software"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
  -> {HKLM...CLSID} = "WinRAR"
                   \InProcServer32\(Default) = "D:\Program Files\WinRAR\rarext.dll" [null data]


Active Desktop and Wallpaper:
-----------------------------

Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

HKCU\Control Panel\Desktop\
"Wallpaper" = "D:\WINDOWS\web\wallpaper\Idylla.bmp"


Enabled Screen Saver:
---------------------

HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "D:\WINDOWS\System32\logon.scr" [MS]


DESKTOP.INI DLL launch in local fixed drive directories:
--------------------------------------------------------
C:\Documents and Settings\Andrzej\Ustawienia lokalne\Historia\DESKTOP.INI -- cannot be opened!
C:\Documents and Settings\Andrzej\Ustawienia lokalne\Historia\History.IE5\DESKTOP.INI -- cannot be opened!
C:\Documents and Settings\Andrzej\Ustawienia lokalne\Temporary Internet Files\DESKTOP.INI -- cannot be opened!
C:\Documents and Settings\Andrzej\Ustawienia lokalne\Temporary Internet Files\Content.IE5\DESKTOP.INI -- cannot be opened!
C:\Documents and Settings\Andrzej\Ustawienia lokalne\Temporary Internet Files\Content.IE5\5VTVL58P\DESKTOP.INI -- cannot be opened!
C:\Documents and Settings\Andrzej\Ustawienia lokalne\Temporary Internet Files\Content.IE5\C9EBOHER\DESKTOP.INI -- cannot be opened!
C:\Documents and Settings\Andrzej\Ustawienia lokalne\Temporary Internet Files\Content.IE5\RUVCBH7Z\DESKTOP.INI -- cannot be opened!
C:\Documents and Settings\Andrzej\Ustawienia lokalne\Temporary Internet Files\Content.IE5\UFY59R6K\DESKTOP.INI -- cannot be opened!


[MISTEJK]

napisz co sie dzieje z komputerem

[andrzejek71]

resetuje się co jakiś czas,muli sie a po chwili lata jak złoto.jednym słowem świruje.

[jeff]

log z Silenta obciety ,zaczekaj cierpliwie i podeslij

[andrzejek71]

prosze bardzo.

Kod: Zaznacz wszystko

"Silent Runners.vbs", revision 46, http://www.silentrunners.org/
Operating System: Windows XP
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"Gadu-Gadu" = ""D:\Program Files\Gadu-Gadu\gg.exe" /tray" ["Gadu-Gadu Sp. z oo"]
"IncrediMail" = "D:\Program Files\IncrediMail\bin\IncMail.exe /c" ["IncrediMail, Ltd."]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"Cmaudio" = "RunDll32 cmicnfg.cpl,CMICtrlWnd" [MS]
"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]
"avast!" = "D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [null data]
"NvCplDaemon" = "RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup" [MS]
"NvMediaCenter" = "RUNDLL32.EXE D:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit" [MS]
"NeroFilterCheck" = "D:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]
"WinampAgent" = "D:\Program Files\Winamp\winampa.exe" [null data]
"LVCOMSX" = "D:\WINDOWS\System32\LVCOMSX.EXE" ["Logitech Inc."]
"CloneCDTray" = ""D:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s" ["SlySoft, Inc."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
  -> {HKLM...CLSID} = (no title provided)
                   \InProcServer32\(Default) = "D:\Program Files\Spybot - Search & Destroy\SDHelper.dll" ["Safer Networking Limited"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
  -> {HKLM...CLSID} = "WinRAR"
                   \InProcServer32\(Default) = "D:\Program Files\WinRAR\rarext.dll" [null data]
"{52B87208-9CCF-42C9-B88E-069281105805}" = "Trojan Remover Shell Extension"
  -> {HKLM...CLSID} = "Trojan Remover Shell Extension"
                   \InProcServer32\(Default) = "D:\PROGRA~1\TROJAN~1\Trshlex.dll" ["Simply Super Software"]
"{400CFEE2-39D0-46DC-96DF-E0BB5A4324B3}" = "My Logitech Pictures"
  -> {HKLM...CLSID} = "My Logitech Pictures"
                   \InProcServer32\(Default) = "D:\Program Files\Logitech\Video\Namespc2.dll" ["Logitech Inc."]
"{2D7E38A6-A604-45AE-9A87-4F5F25760650}" = "USBExtExt Extension"
  -> {HKLM...CLSID} = "USBExt Class"
                   \InProcServer32\(Default) = "D:\WINDOWS\System32\winsdrv.dll" [null data]
"{D3796116-94D3-4009-96D7-51578411CC7D}" = "Outpost Shell Extension"
  -> {HKLM...CLSID} = "oshdlr.ShellHandler"
                   \InProcServer32\(Default) = "D:\PROGRA~1\Agnitum\OUTPOS~1.0\oshdlr.dll" ["Agnitum Ltd."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
INFECTION WARNING! "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}" = "ewido anti-spyware 4.0"
  -> {HKLM...CLSID} = "CShellExecuteHookImpl Object"
                   \InProcServer32\(Default) = "D:\Program Files\ewido anti-spyware 4.0\shellexecutehook.dll" [file not found]

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\
INFECTION WARNING! "System" = "kdanj.exe" [null data]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
  -> {HKLM...CLSID} = "avast"
                   \InProcServer32\(Default) = "D:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
CopyToCD\(Default) = "{2AA59FC0-31E8-42DA-9D3C-E9A52953853B}"
  -> {HKLM...CLSID} = "CopyToCD shell extension"
                   \InProcServer32\(Default) = "D:\PROGRA~1\VSO\COPYTO~1\CTCDSH~1.DLL" ["VSO Software"]
ewido anti-spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"
  -> {HKLM...CLSID} = "CContextScan Object"
                   \InProcServer32\(Default) = "D:\Program Files\ewido anti-spyware 4.0\context.dll" ["Anti-Malware Development a.s."]
IMMenuShellExt\(Default) = "{F8984111-38B6-11D5-8725-0050DA2761C4}"
  -> {HKLM...CLSID} = "IMMenuShellExt Class"
                   \InProcServer32\(Default) = "D:\Program Files\IncrediMail\bin\IMShExt.dll" ["IncrediMail, Ltd."]
Trojan Remover\(Default) = "{52B87208-9CCF-42C9-B88E-069281105805}"
  -> {HKLM...CLSID} = "Trojan Remover Shell Extension"
                   \InProcServer32\(Default) = "D:\PROGRA~1\TROJAN~1\Trshlex.dll" ["Simply Super Software"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
  -> {HKLM...CLSID} = "WinRAR"
                   \InProcServer32\(Default) = "D:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
CopyToCD\(Default) = "{2AA59FC0-31E8-42DA-9D3C-E9A52953853B}"
  -> {HKLM...CLSID} = "CopyToCD shell extension"
                   \InProcServer32\(Default) = "D:\PROGRA~1\VSO\COPYTO~1\CTCDSH~1.DLL" ["VSO Software"]
ewido anti-spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"
  -> {HKLM...CLSID} = "CContextScan Object"
                   \InProcServer32\(Default) = "D:\Program Files\ewido anti-spyware 4.0\context.dll" ["Anti-Malware Development a.s."]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
  -> {HKLM...CLSID} = "WinRAR"
                   \InProcServer32\(Default) = "D:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
  -> {HKLM...CLSID} = "avast"
                   \InProcServer32\(Default) = "D:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
CopyToCD\(Default) = "{2AA59FC0-31E8-42DA-9D3C-E9A52953853B}"
  -> {HKLM...CLSID} = "CopyToCD shell extension"
                   \InProcServer32\(Default) = "D:\PROGRA~1\VSO\COPYTO~1\CTCDSH~1.DLL" ["VSO Software"]
Trojan Remover\(Default) = "{52B87208-9CCF-42C9-B88E-069281105805}"
  -> {HKLM...CLSID} = "Trojan Remover Shell Extension"
                   \InProcServer32\(Default) = "D:\PROGRA~1\TROJAN~1\Trshlex.dll" ["Simply Super Software"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
  -> {HKLM...CLSID} = "WinRAR"
                   \InProcServer32\(Default) = "D:\Program Files\WinRAR\rarext.dll" [null data]


Active Desktop and Wallpaper:
-----------------------------

Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

HKCU\Control Panel\Desktop\
"Wallpaper" = "D:\WINDOWS\web\wallpaper\Idylla.bmp"


Enabled Screen Saver:
---------------------

HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "D:\WINDOWS\System32\logon.scr" [MS]


DESKTOP.INI DLL launch in local fixed drive directories:
--------------------------------------------------------
C:\Documents and Settings\Andrzej\Ustawienia lokalne\Historia\DESKTOP.INI -- cannot be opened!
C:\Documents and Settings\Andrzej\Ustawienia lokalne\Historia\History.IE5\DESKTOP.INI -- cannot be opened!
C:\Documents and Settings\Andrzej\Ustawienia lokalne\Temporary Internet Files\DESKTOP.INI -- cannot be opened!
C:\Documents and Settings\Andrzej\Ustawienia lokalne\Temporary Internet Files\Content.IE5\DESKTOP.INI -- cannot be opened!
C:\Documents and Settings\Andrzej\Ustawienia lokalne\Temporary Internet Files\Content.IE5\5VTVL58P\DESKTOP.INI -- cannot be opened!
C:\Documents and Settings\Andrzej\Ustawienia lokalne\Temporary Internet Files\Content.IE5\C9EBOHER\DESKTOP.INI -- cannot be opened!
C:\Documents and Settings\Andrzej\Ustawienia lokalne\Temporary Internet Files\Content.IE5\RUVCBH7Z\DESKTOP.INI -- cannot be opened!
C:\Documents and Settings\Andrzej\Ustawienia lokalne\Temporary Internet Files\Content.IE5\UFY59R6K\DESKTOP.INI -- cannot be opened!


Startup items in "Andrzej" & "All Users" startup folders:
---------------------------------------------------------

D:\Documents and Settings\Andrzej\Menu Start\Programy\Autostart
"eMule" -> shortcut to: "D:\Program Files\eMule\emule.exe" ["http://www.emule-project.net"]


Enabled Scheduled Tasks:
------------------------

"ALLPlayer V2" -> launches: "D:\PROGRA~1\MarBit\ALLPLA~1\ALLPLA~1.EXE" ["MarBit"]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 11
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05


Toolbars, Explorer Bars, Extensions:
------------------------------------

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBC}"
  -> {HKLM...CLSID} = "Java Plug-in 1.5.0_03"
                   \InProcServer32\(Default) = "D:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll" ["Sun Microsystems, Inc."]


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

avast! Antivirus, avast! Antivirus, ""D:\Program Files\Alwil Software\Avast4\ashServ.exe"" [null data]
avast! iAVS4 Control Service, aswUpdSv, ""D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"" [null data]
avast! Web Scanner, avast! Web Scanner, ""D:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service" ["ALWIL Software"]
ewido anti-spyware 4.0 guard, ewido anti-spyware 4.0 guard, "D:\Program Files\ewido anti-spyware 4.0\guard.exe" ["Anti-Malware Development a.s."]
NVIDIA Display Driver Service, NVSvc, "D:\WINDOWS\System32\nvsvc32.exe" ["NVIDIA Corporation"]
Windows User Mode Driver Framework, UMWdf, "D:\WINDOWS\System32\wdfmgr.exe" [MS]


----------
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
  launch it from a command prompt or a shortcut with the -all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
  took 54 seconds.
+ The search for all Registry CLSIDs containing dormant Explorer Bars
  took 14 seconds.
---------- (total run time: 117 seconds)