HijackThis
- Kod: Zaznacz wszystko
Logfile of HijackThis v1.99.1
Scan saved at 12:23:23, on 2007-05-13
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\USER\Pulpit\nod32.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\USER\Pulpit\Nowy folder\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wp.pl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F707E3E3-10A7-4FB6-BA4E-BB0A3B46D17C}: NameServer = 213.241.79.37 83.238.255.76
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
ComboFix
- Kod: Zaznacz wszystko
"USER" - 2007-05-13 12:31:25 Dodatek Service Pack. 1
ComboFix 07-05.13.V - Running from: "C:\Documents and Settings\USER\Pulpit\Nowy folder\"
(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\system32\taskmgr.com
C:\WINDOWS\regedit.com
((((((((((((((((((((((((((((((( Files Created from 2007-04-05 to 2007-05-13 ))))))))))))))))))))))))))))))))))
2007-05-11 21:25 <DIR> d-------- C:\Program Files\TGTSoft
2007-05-11 19:44 <DIR> d-------- C:\DOCUME~1\USER\DANEAP~1\GetRightToGo
2007-05-11 17:27 971,776 --a------ C:\WINDOWS\system32\msgina.dll
2007-05-11 17:27 945,664 --a------ C:\WINDOWS\system32\syssetup.dll
2007-05-11 17:27 88,576 --a------ C:\WINDOWS\system32\mydocs.dll
2007-05-11 17:27 80,896 --a------ C:\WINDOWS\system32\cabview.dll
2007-05-11 17:27 765,440 --a------ C:\WINDOWS\system32\WINNTBBU.DLL
2007-05-11 17:27 67,072 --a------ C:\WINDOWS\notepad.exe
2007-05-11 17:27 66,560 --a------ C:\WINDOWS\system32\console.dll
2007-05-11 17:27 649,216 --a------ C:\WINDOWS\system32\rasdlg.dll
2007-05-11 17:27 62,464 --a------ C:\WINDOWS\system32\cleanmgr.exe
2007-05-11 17:27 598,016 --a------ C:\WINDOWS\system32\mstscax.dll
2007-05-11 17:27 562,688 --a------ C:\WINDOWS\system32\shdoclc.dll
2007-05-11 17:27 530,432 --a------ C:\WINDOWS\system32\printui.dll
2007-05-11 17:27 504,832 --a------ C:\WINDOWS\system32\logonui.exe
2007-05-11 17:27 421,888 --a------ C:\WINDOWS\system32\shimgvw.dll
2007-05-11 17:27 416,768 --a------ C:\WINDOWS\system32\wiaacmgr.exe
2007-05-11 17:27 387,072 --a------ C:\WINDOWS\system32\themeui.dll
2007-05-11 17:27 382,976 --a------ C:\WINDOWS\system32\cmd.exe
2007-05-11 17:27 363,008 --a------ C:\WINDOWS\system32\fontext.dll
2007-05-11 17:27 342,016 --a------ C:\WINDOWS\system32\mspaint.exe
2007-05-11 17:27 329,216 --a------ C:\WINDOWS\system32\cmdial32.dll
2007-05-11 17:27 317,440 --a------ C:\WINDOWS\system32\zipfldr.dll
2007-05-11 17:27 276,992 --a------ C:\WINDOWS\system32\winsrv.dll
2007-05-11 17:27 253,952 --a------ C:\WINDOWS\system32\mstask.dll
2007-05-11 17:27 240,128 --a------ C:\WINDOWS\system32\newdev.dll
2007-05-11 17:27 219,648 --a------ C:\WINDOWS\system32\logon.scr
2007-05-11 17:27 210,944 --a------ C:\WINDOWS\system32\moricons.dll
2007-05-11 17:27 2,015,232 --a------ C:\WINDOWS\system32\wmploc.dll
2007-05-11 17:27 159,744 --a------ C:\WINDOWS\system32\credui.dll
2007-05-11 17:27 147,968 --a------ C:\WINDOWS\system32\keymgr.dll
2007-05-11 17:27 139,264 --a------ C:\WINDOWS\system32\sndvol32.exe
2007-05-11 17:27 138,752 --a------ C:\WINDOWS\system32\ntshrui.dll
2007-05-11 17:27 137,216 --a------ C:\WINDOWS\regedit.exe
2007-05-11 17:27 136,704 --a------ C:\WINDOWS\system32\netid.dll
2007-05-11 17:27 132,608 --a------ C:\WINDOWS\system32\taskmgr.exe
2007-05-11 17:27 125,440 --a------ C:\WINDOWS\system32\sndrec32.exe
2007-05-11 17:27 118,272 --a------ C:\WINDOWS\system32\stobject.dll
2007-05-11 17:27 117,760 --a------ C:\WINDOWS\system32\inetcplc.dll
2007-05-11 17:27 115,200 --a------ C:\WINDOWS\system32\calc.exe
2007-05-11 17:27 104,448 --a------ C:\WINDOWS\system32\sysocmgr.exe
2007-05-11 17:27 1,629,184 --a------ C:\WINDOWS\system32\netshell.dll
2007-05-11 17:27 1,005,568 --a------ C:\WINDOWS\explorer.exe
2007-05-11 17:15 47,146 --a------ C:\WINDOWS\BricoPackUninst.cmd
2007-05-11 17:15 204,288 --a------ C:\WINDOWS\system32\uxtheme.dll
2007-05-11 16:54 2,145 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd
2007-05-11 16:53 <DIR> d-------- C:\WINDOWS\BricoPacks
2007-05-11 16:05 <DIR> d-------- C:\Program Files\Sunbelt Software
2007-05-11 15:28 <DIR> d-------- C:\WINDOWS\system32\appmgmt
2007-05-11 15:17 <DIR> d-a------ C:\WINDOWS\zts2.exe
2007-05-11 15:17 <DIR> d-a------ C:\WINDOWS\system32\vcmgcd32.dll
2007-05-11 15:17 <DIR> d-a------ C:\WINDOWS\system32\iifgfgf.dll
2007-05-11 15:17 <DIR> d-a------ C:\WINDOWS\rundll16.exe
2007-05-11 15:17 <DIR> d-a------ C:\WINDOWS\rundl132.dll
2007-05-11 15:17 <DIR> d-a------ C:\WINDOWS\logo1_.exe
2007-05-11 15:15 137,216 --a------ C:\WINDOWS\R.COM
2007-05-11 15:15 132,608 --a------ C:\WINDOWS\system32\T.COM
2007-05-09 07:25 <DIR> d--h----- C:\Program Files\WindowsUpdate
2007-05-07 14:44 <DIR> d-------- C:\Program Files\MyGlobalSearch
2007-05-07 14:44 <DIR> d-------- C:\Program Files\BearShare
2007-05-07 14:44 <DIR> d-------- C:\My Downloads
2007-05-05 22:26 <DIR> d-------- C:\Program Files\XP Repair Pro
2007-05-05 18:53 81,408 --a------ C:\WINDOWS\system32\dc210usd.dll
2007-05-05 18:53 6,912 --a------ C:\WINDOWS\system32\drivers\serscan.sys
2007-05-05 18:53 25,600 --a------ C:\WINDOWS\system32\dc210_32.dll
2007-05-04 16:21 <DIR> d---s---- C:\WINDOWS\Downloaded Program Files
2007-05-04 13:28 <DIR> d-------- C:\Program Files\Tibia7.6
2007-05-02 11:30 <DIR> d-------- C:\DOCUME~1\USER\DANEAP~1\TrojanHunter
2007-05-01 00:54 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DANEAP~1\Spybot - Search & Destroy
2007-04-30 20:03 575,264 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-04-30 20:03 18,976 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2007-04-30 18:11 <DIR> d-------- C:\DOCUME~1\USER\DANEAP~1\Gadu-Gadu
2007-04-28 21:39 997,888 --a------ C:\WINDOWS\system32\wmvdmoe2.dll
2007-04-28 21:39 981,504 --a------ C:\WINDOWS\system32\wmnetmgr.dll
2007-04-28 21:39 892,416 --a------ C:\WINDOWS\system32\wmspdmoe.dll
2007-04-28 21:39 816,264 --a------ C:\WINDOWS\system32\wmvdmod.dll
2007-04-28 21:39 81,408 --a------ C:\WINDOWS\system32\logagent.exe
2007-04-28 21:39 760,968 --a------ C:\WINDOWS\system32\wmsdmod.dll
2007-04-28 21:39 670,208 --a------ C:\WINDOWS\system32\wmadmoe.dll
2007-04-28 21:39 6,656 --a------ C:\WINDOWS\system32\laprxy.dll
2007-04-28 21:39 486,536 --a------ C:\WINDOWS\system32\wmspdmod.dll
2007-04-28 21:39 410,248 --a------ C:\WINDOWS\system32\wmadmod.dll
2007-04-28 21:39 384,512 --a------ C:\WINDOWS\system32\mp4sdmod.dll
2007-04-28 21:39 316,040 --a------ C:\WINDOWS\system32\mp43dmod.dll
2007-04-28 21:39 241,664 --a------ C:\WINDOWS\system32\qasf.dll
2007-04-28 21:39 241,664 --a------ C:\WINDOWS\system32\mpg4dmod.dll
2007-04-28 21:39 143,360 --a------ C:\WINDOWS\system32\wmidx.dll
2007-04-28 21:39 1,111,040 --a------ C:\WINDOWS\system32\wmsdmoe2.dll
2007-04-28 21:39 <DIR> d-------- C:\Program Files\Common Files\Vbox
2007-04-28 21:38 82,432 --a------ C:\WINDOWS\system32\drmstor.dll
2007-04-28 21:38 678,912 --a------ C:\WINDOWS\system32\drmv2clt.dll
2007-04-28 21:38 301,712 --a------ C:\WINDOWS\system32\drmclien.dll
2007-04-28 21:38 253,952 --a------ C:\WINDOWS\system32\msnetobj.dll
2007-04-28 21:38 232,960 --a------ C:\WINDOWS\system32\blackbox.dll
2007-04-28 10:51 512,096 --a------ C:\WINDOWS\system32\drivers\amon.sys
2007-04-28 10:51 298,104 --a------ C:\WINDOWS\system32\imon.dll
2007-04-28 10:51 15,424 --a------ C:\WINDOWS\system32\drivers\nod32drv.sys
2007-04-27 19:16 2,560 --a------ C:\WINDOWS\_MSRSTRT.EXE
2007-04-27 15:54 <DIR> d---s---- C:\DOCUME~1\USER\UserData
2007-04-26 16:47 2,043,520 --a------ C:\WINDOWS\system32\kernel1.exe
2007-04-26 15:58 111,104 --a------ C:\WINDOWS\system32\uharc.exe
2007-04-26 13:45 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2007-04-26 13:44 <DIR> d-------- C:\WINDOWS\Internet Logs
2007-04-24 17:16 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-04-23 15:32 <DIR> d-------- C:\WINDOWS\speech
2007-04-18 21:22 <DIR> d-------- C:\Program Files\Tibia Auto
2007-04-18 21:21 <DIR> d-------- C:\Python24
2007-04-17 16:50 36,528 --------- C:\WINDOWS\system32\drivers\PxHelp20.sys
2007-04-17 16:50 2,560 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-04-17 16:50 2,432 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-04-17 16:50 129,784 --------- C:\WINDOWS\system32\pxafs.dll
2007-04-17 16:50 115,880 --------- C:\WINDOWS\system32\pxinsi64.exe
2007-04-17 16:50 <DIR> d-------- C:\Program Files\Winamp
2007-04-16 21:35 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DANEAP~1\Kaspersky Lab
2007-04-16 12:00 <DIR> d-------- C:\DOCUME~1\USER\DANEAP~1\PC Tools
2007-04-15 20:17 524,288 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT
2007-04-15 20:17 <DIR> dr-h----- C:\DOCUME~1\ADMINI~1\Dane aplikacji
2007-04-15 20:17 <DIR> dr------- C:\DOCUME~1\ADMINI~1\Menu Start
2007-04-15 20:17 <DIR> d--h----- C:\DOCUME~1\ADMINI~1\Ustawienia lokalne
2007-04-15 20:17 <DIR> d--h----- C:\DOCUME~1\ADMINI~1\Szablony
2007-04-15 20:17 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Ulubione
2007-04-15 20:17 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Pulpit
2007-04-15 20:17 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Moje dokumenty
2007-04-15 16:53 70,688 --a------ C:\WINDOWS\system32\drivers\alcaudsl.sys
2007-04-15 16:53 5,606 --a------ C:\WINDOWS\system32\stci.dll
2007-04-15 16:53 5,280 --a------ C:\WINDOWS\system32\drivers\alcawh.sys
2007-04-15 16:53 3,968 --a------ C:\WINDOWS\system32\drivers\alcacr.sys
2007-04-15 16:53 <DIR> d-------- C:\Program Files\Thomson
2007-04-15 13:34 <DIR> d--h----- C:\WINDOWS\PIF
2007-04-13 22:38 499,712 --a------ C:\WINDOWS\system32\MSVCP71.dll
2007-04-13 22:38 348,160 --a------ C:\WINDOWS\system32\MSVCR71.dll
2007-04-13 22:38 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2007-04-13 21:06 41,474 --ahs---- C:\WINDOWS\system32\smsc.exe
2007-04-13 13:13 <DIR> d-------- C:\DOCUME~1\USER\DANEAP~1\Help
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-05-12 20:10:44 -------- d-----w C:\Program Files\Tibia
2007-04-30 16:11:29 -------- d-----w C:\Program Files\Gadu-Gadu
2007-04-27 17:16:08 2,560 ----a-w C:\WINDOWS\_MSRSTRT.EXE
2007-04-17 09:59:49 49,492 ----a-w C:\WINDOWS\system32\perfc015.dat
2007-04-17 09:59:49 355,486 ----a-w C:\WINDOWS\system32\perfh015.dat
2007-04-12 14:31:14 1,168 ----a-w C:\WINDOWS\mozver.dat
2007-04-12 14:23:28 -------- d-----w C:\DOCUME~1\USER\DANEAP~1\Lavasoft
2007-04-12 14:08:33 -------- d-----w C:\Program Files\Common Files\ODBC
2007-04-12 14:08:30 -------- d-----w C:\Program Files\Common Files\SpeechEngines
2007-04-12 13:54:47 0 ----a-w C:\WINDOWS\nsreg.dat
2007-04-12 13:54:03 -------- d-----w C:\Program Files\Lavasoft
2007-04-12 13:51:44 -------- d-----w C:\Program Files\ATI Technologies
2007-04-12 13:51:07 -------- d-----w C:\Program Files\Common Files\InstallShield
2007-04-12 13:48:09 -------- d-----w C:\Program Files\Realtek AC97
2007-04-12 13:18:00 -------- d-----w C:\Program Files\microsoft frontpage
2007-04-12 13:17:40 0 --sha-r C:\MSDOS.SYS
2007-04-12 13:17:40 0 --sha-r C:\IO.SYS
2007-04-12 13:17:40 0 ----a-w C:\CONFIG.SYS
2007-04-12 13:17:40 0 ------w C:\AUTOEXEC.BAT
2007-04-12 13:16:20 -------- d-----w C:\Program Files\Usługi online
2007-04-12 13:15:53 -------- d-----w C:\Program Files\Movie Maker
2007-04-12 13:15:24 -------- d-----w C:\Program Files\Common Files\MSSoap
2007-04-12 13:14:39 21,856 ----a-w C:\WINDOWS\system32\emptyregdb.dat
2007-04-12 13:14:14 -------- d-----w C:\Program Files\Messenger
2007-04-12 13:14:08 -------- d-----w C:\Program Files\MSN Gaming Zone
2007-04-12 13:14:06 -------- d-----w C:\Program Files\Windows NT
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{C333CF63-767F-4831-94AC-E683D962C63C}=C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll [2006-05-10 01:13]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages msv1_0\0\0
Security Packages kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages scecli\0\0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService DnsCache\0\0
rpcss RpcSs\0\0
imgsvc StiSvc\0\0
termsvcs TermService\0\0
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost
********************************************************************
catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-05-13 12:34:26
Windows 5.1.2600 Dodatek Service Pack. 1 NTFS
scanning hidden processes ...
? [3792]
scanning hidden services ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 1
hidden services: 0
hidden files: 0
********************************************************************
Completion time: 2007-05-13 12:34:28
C:\ComboFix-quarantined-files.txt ... 2007-05-13 12:34
Silent Runners
- Kod: Zaznacz wszystko
"Silent Runners.vbs", revision R50, http://www.silentrunners.org/
Operating System: Windows XP
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKLM\Software\Microsoft\Active Setup\Installed Components\
{306D6C21-C1B6-4629-986C-E59E1875B8AF}\(Default) = (no title provided)
\StubPath = ""C:\WINDOWS\System32\rundll32.exe" "C:\Program Files\Messenger\msgsc.dll",ShowIconsUser" [MS]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{C333CF63-767F-4831-94AC-E683D962C63C}\(Default) = "TGTSoft Explorer Toolbar Changer"
-> {HKLM...CLSID} = "CoTGT_BHO Class"
\InProcServer32\(Default) = "C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll" [null data]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
"{B089FE88-FB52-11D3-BDF1-0050DA34150D}" = "NOD32 Context Menu Shell Extension"
-> {HKLM...CLSID} = "NOD32 Context Menu Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Eset\nodshex.dll" [null data]
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
<<!>> AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."]
HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
NOD32 Context Menu Shell Extension\(Default) = "{B089FE88-FB52-11D3-BDF1-0050DA34150D}"
-> {HKLM...CLSID} = "NOD32 Context Menu Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Eset\nodshex.dll" [null data]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
NOD32 Context Menu Shell Extension\(Default) = "{B089FE88-FB52-11D3-BDF1-0050DA34150D}"
-> {HKLM...CLSID} = "NOD32 Context Menu Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Eset\nodshex.dll" [null data]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------
Note: detected settings may not have any effect.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\
"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}
"undockwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}
Active Desktop and Wallpaper:
-----------------------------
Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\Documents and Settings\USER\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"
Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\USER\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"
Winsock2 Service Provider DLLs:
-------------------------------
Namespace Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
Transport Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
C:\WINDOWS\System32\imon.dll ["Eset "], 01 - 05, 11
%SystemRoot%\system32\mswsock.dll [MS], 06 - 08, 12 - 21
%SystemRoot%\system32\rsvpsp.dll [MS], 09 - 10
Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------
Ati HotKey Poller, Ati HotKey Poller, "C:\WINDOWS\System32\Ati2evxx.exe" ["ATI Technologies Inc."]
NOD32 Kernel Service, NOD32krn, ""C:\Program Files\Eset\nod32krn.exe"" ["Eset "]
StyleXPService, StyleXPService, ""C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe"" [empty string]
----------
<<!>>: Suspicious data at a malware launch point.
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points, use the -supp parameter or answer "No" at the
first message box and "Yes" at the second message box.
---------- (total run time: 413 seconds, including 29 seconds for message boxes)
