Problem z iexplore.exe i hasłami logującymi
Witam.Piszę do Ciebie wiadomość bo komputer nie pozwala mi wysłać wiadomości a Forum. Kiedy chce sie zalogować do np.poczty na onecie wpisuje hasło (poprawne)i klikam enter.wtedy zamyka mi się okno internetu ipo zabawie. Czasem pokazuje się komunikat źe pamięć jest nie moźe być written. Zupełnie nie wiem co począć. Kiedy logowałam sie do forum równieź to wystapiło i na dodatek kieduy za 2–im podejściem sie zalogowałam to nie mogę wysłać nic na Forum. zauwaźyłam źe to się pojawia tylko na stronkach kiedy trzeba się zalogować. Na onecie przewaźnie za 2–gim lu 3–im razem mogę sprawdzić pocztę. Co mam zrobić? moźe loga posłać. nie wim czy go dobrze zrobiłam. Nie chciałabym formatować komputera bo mam teraz dwa systemy zainstalowane (win98 i XP)a się obawiam źe sama sobie nie poradzę.
Odpowiedzi: 7
Mylisz sie. Instalowalas Service Pack a nie zapore. Zapora jest w XP od samego poczatku.Basia:
...przez .... 45min.... instalowałam zapore SP2.
Otwierasz zapore i masz zaznaczone pole "Wlacz" ? Sprawdz w zakladce Zaawansowane pola wyboru w gornym okienku oznaczajace zalaczenie badz wylaczenie zapory.
Sprawdz ponownie system HiJackiem.
Mylisz sie. Instalowalas Service Pack a nie zapore. Zapora jest w XP od samego poczatku....przez .... 45min.... instalowałam zapore SP2.
Otwierasz zapore i masz zaznaczone pole "Wlacz" ? Sprawdz w zakladce Zaawansowane pola wyboru w gornym okienku oznaczajace zalaczenie badz wylaczenie zapory.
Sprawdz ponownie system HiJackiem.
Mylisz sie. Instalowalas Service Pack a nie zapore. Zapora jest w XP od samego poczatku....przez .... 45min.... instalowałam zapore SP2.
Otwierasz zapore i masz zaznaczone pole "Wlacz" ? Sprawdz w zakladce Zaawansowane pola wyboru w gornym okienku oznaczajace zalaczenie badz wylaczenie zapory.
Sprawdz ponownie system HiJackiem.
No i chyba coś nakopałam. Jeszce przed południem skakałam z radości uruchomienia kompa co Tobie Bobi w pełni zawdzięczam! Postanowiłam sobie polepszyć jeszcze bardziej i przez .... 45min.... instalowałam zapore SP2. Wszystko poszło perfekcyjnie. Nie wyświetlały sie źadne komunikaty o błędach. Ale teraz tak ..w..o..l..n..o.. chodzi mi przeglądanie stron ze zaczynam źałować. Pozatym jak to jest moźliwe źeby równocześnie w panelu sterowania/zapora systemu Windows była wyłączona a jak klikne na pasku traya w to coś czerwone to pisze na zielono zapora włączona(równocześnie) Mam załączone GG i Tlen i eMula i to wszystko. Moźe mam za wolny komputer dla tego SP2? Juz nawet unieruchomiłam Nortona źeby szybciej przegladać ale nic.Co robić? Odinstalować SP2 ??
Fajnie, ze mogłem pomóc. Widze, ze do SP2 przekonałem, ale jak szalec to szaleć, Operę albo Firefoxa wypróbuj, a nie będziesz załowała :mrgreen:
Zapomniałbym, log czyściutki.
Pozdrawiam
Zapomniałbym, log czyściutki.
Pozdrawiam
Bobi jesteś dokonały! Chylę przed Tobą nisko czoło. Faktycznie pousuwałam to co kazałeś tzn. prawie wszystko bo wczoraj jeszcze załączyłam online mks vir i juź część tego mi samoczynnie się wykasowało. Komputer śmiga jak po nowej instalacji. A stronki internetowe otwierają się dwa razy szybciej. Dziękuje! Mam juź ten skrypt Silent Runners i log. Co prawda mało co z tego rozumiem ale jest . Pyzatym dzisiaj właśnie zgodnie z Twoja propozycją zamierzam zainstalować SP2. Mam Internet od niecałych 3 ech miesięcy i pewne rzeczy są jeszcze dla mnie mało przyswajalne ale... uczę się.
"Silent Runners.vbs", revision 41, http://www.silentrunners.org/
Operating System: Windows XP
Output limited to non–default values, except where indicated by "{++}"
Startup items buried in registry:
–––––––––––––––––––––––––––––––––
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"CTFMON.EXE" = "D:\WINDOWS\System32\ctfmon.exe" [MS]
"Gadu–Gadu" = ""D:\Program Files\Gadu–Gadu\gg.exe" /tray" ["Gadu–Gadu Sp. z oo"]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"NvCplDaemon" = "RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup" [MS]
"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]
"LWBMOUSE" = "D:\Program Files\Tech\Wheel Mouse\5.3\MOUSE32A.EXE" [empty string]
"WooCnxMon" = "D:\PROGRA~1\NEOSTR~1\CnxMon.exe" [empty string]
"SpeedTouch USB Diagnostics" = ""D:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon" ["THOMSON Telecom Belgium"]
"WOOWATCH" = "D:\PROGRA~1\NEOSTR~1\Watch.exe" ["France Tlcom R&D"]
"WOOTASKBARICON" = "D:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe" ["France Tlcom R&D"]
"ccApp" = ""D:\Program Files\Common Files\Symantec Shared\ccApp.exe"" ["Symantec Corporation"]
"SSC_UserPrompt" = "D:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe" ["Symantec Corporation"]
"Symantec NetDriver Monitor" = "D:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer" ["Symantec Corporation"]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F–C8D7–4D59–B87D–784B7D6BE0B3}\(Default) = "AcroIEHlprObj Class" [from CLSID]
–> {CLSID}\InProcServer32\(Default) = "D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{53707962–6F74–2D53–2644–206D7942484F}\(Default) = (no title provided)
–> {CLSID}\InProcServer32\(Default) = "D:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]
{BDF3E430–B101–42AD–A544–FADC6B084872}\(Default) = "NAV Helper"
–> {CLSID}\InProcServer32\(Default) = "D:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{88895560–9AA2–1069–930E–00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"
–> {CLSID}\InProcServer32\(Default) = "D:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{1CDB2949–8F65–4355–8456–263E7C208A5D}" = "Eksplorator pulpitów"
–> {CLSID}\InProcServer32\(Default) = "D:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB–F9E5–4718–997B–B8DA88302A47}" = "Desktop Explorer Menu"
–> {CLSID}\InProcServer32\(Default) = "D:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{F0CB00CD–5A07–4D91–97F5–A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
–> {CLSID}\InProcServer32\(Default) = "D:\Program Files\K–Lite Codec Pack\Real\rpshell.dll" ["RealNetworks, Inc."]
"{00DF1F20–0849–A4D1–0239–00D0AF3E9CB0}" = "TuneUp Shredder Shell Context Menu Extension"
–> {CLSID}\InProcServer32\(Default) = "D:\Program Files\TuneUp Utilities\sdshelex.dll" ["TuneUp Software GmbH"]
"{EB54AA93–27B6–452E–8EE7–ABDCB4229837}" = "Firegraphic XP"
–> {CLSID}\InProcServer32\(Default) = "D:\Program Files\Firegraphic\Firegraphic XP\Firegrxp.dll" ["Firegraphic"]
"{E0D79304–84BE–11CE–9641–444553540000}" = "WinZip"
–> {CLSID}\InProcServer32\(Default) = "D:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{E0D79305–84BE–11CE–9641–444553540000}" = "WinZip"
–> {CLSID}\InProcServer32\(Default) = "D:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{E0D79306–84BE–11CE–9641–444553540000}" = "WinZip"
–> {CLSID}\InProcServer32\(Default) = "D:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{E0D79307–84BE–11CE–9641–444553540000}" = "WinZip"
–> {CLSID}\InProcServer32\(Default) = "D:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{59850401–6664–101B–B21C–00AA004BA90B}" = "Microsoft Office Binder Unbind"
–> {CLSID}\InProcServer32\(Default) = "D:\PROGRA~1\MICROS~2\Office\1045\UNBIND.DLL" [MS]
"{B41DB860–8EE4–11D2–9906–E49FADC173CA}" = "WinRAR shell extension"
–> {CLSID}\InProcServer32\(Default) = "D:\Program Files\WinRAR\rarext.dll" [null data]
"{0006F045–0000–0000–C000–000000000046}" = "Microsoft Outlook Custom Icon Handler"
–> {CLSID}\InProcServer32\(Default) = "D:\Program Files\Microsoft Office\Office10\OLKFSTUB.DLL" [MS]
"{42042206–2D85–11D3–8CFF–005004838597}" = "Microsoft Office HTML Icon Handler"
–> {CLSID}\InProcServer32\(Default) = "D:\Program Files\Microsoft Office\Office10\msohev.dll" [MS]
"{640167b4–59b0–47a6–b335–a6b3c0695aea}" = "Portable Media Devices"
–> {CLSID}\InProcServer32\(Default) = "D:\WINDOWS\System32\Audiodev.dll" [MS]
"{cc86590a–b60a–48e6–996b–41d25ed39a1e}" = "Portable Media Devices Menu"
–> {CLSID}\InProcServer32\(Default) = "D:\WINDOWS\System32\Audiodev.dll" [MS]
HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
FiregraphicXPShlExt\(Default) = "{EB54AA93–27B6–452E–8EE7–ABDCB4229837}"
–> {CLSID}\InProcServer32\(Default) = "D:\Program Files\Firegraphic\Firegraphic XP\Firegrxp.dll" ["Firegraphic"]
HexWorkshopContextMenu\(Default) = "{DB34D5DC–D41A–482E–A5EF–8FA0F88761DA}"
–> {CLSID}\InProcServer32\(Default) = "D:\Program Files\BreakPoint Software\Hex Workshop 4.1\hwext.dll" ["BreakPoint Software, Inc."]
Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{5345A4D5–41EB–4A2F–9616–CE1D4F6C35B2}"
–> {CLSID}\InProcServer32\(Default) = "D:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]
TuneUp Shredder\(Default) = "{00DF1F20–0849–A4D1–0239–00D0AF3E9CB0}"
–> {CLSID}\InProcServer32\(Default) = "D:\Program Files\TuneUp Utilities\sdshelex.dll" ["TuneUp Software GmbH"]
WinRAR\(Default) = "{B41DB860–8EE4–11D2–9906–E49FADC173CA}"
–> {CLSID}\InProcServer32\(Default) = "D:\Program Files\WinRAR\rarext.dll" [null data]
WinZip\(Default) = "{E0D79304–84BE–11CE–9641–444553540000}"
–> {CLSID}\InProcServer32\(Default) = "D:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
TuneUp Shredder\(Default) = "{00DF1F20–0849–A4D1–0239–00D0AF3E9CB0}"
–> {CLSID}\InProcServer32\(Default) = "D:\Program Files\TuneUp Utilities\sdshelex.dll" ["TuneUp Software GmbH"]
WinRAR\(Default) = "{B41DB860–8EE4–11D2–9906–E49FADC173CA}"
–> {CLSID}\InProcServer32\(Default) = "D:\Program Files\WinRAR\rarext.dll" [null data]
WinZip\(Default) = "{E0D79304–84BE–11CE–9641–444553540000}"
–> {CLSID}\InProcServer32\(Default) = "D:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
FiregraphicXPShlExt\(Default) = "{EB54AA93–27B6–452E–8EE7–ABDCB4229837}"
–> {CLSID}\InProcServer32\(Default) = "D:\Program Files\Firegraphic\Firegraphic XP\Firegrxp.dll" ["Firegraphic"]
Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{5345A4D5–41EB–4A2F–9616–CE1D4F6C35B2}"
–> {CLSID}\InProcServer32\(Default) = "D:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]
WinRAR\(Default) = "{B41DB860–8EE4–11D2–9906–E49FADC173CA}"
–> {CLSID}\InProcServer32\(Default) = "D:\Program Files\WinRAR\rarext.dll" [null data]
WinZip\(Default) = "{E0D79304–84BE–11CE–9641–444553540000}"
–> {CLSID}\InProcServer32\(Default) = "D:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
Active Desktop and Wallpaper:
–––––––––––––––––––––––––––––
Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
Startup items in "BAS" & "All Users" startup folders:
––––––––––––––––––––––––––––––––––––––––––––––––––––––––––
D:\Documents and Settings\All Users\Menu Start\Programy\Autostart
"Microsoft Office" –> shortcut to: "D:\Program Files\Microsoft Office\Office10\OSA.EXE –b –l" [MS]
"Adobe Reader Speed Launch" –> shortcut to: "D:\WINDOWS\Installer\{AC76BA86–7AD7–1033–7B44–A70001000000}\SC_Reader.exe" [null data]
Enabled Scheduled Tasks:
––––––––––––––––––––––––
"Norton AntiVirus – Skanuj komputer – BAS" –> launches: "D:\PROGRA~1\NORTON~1\Navw32.exe /task:"D:\Documents and Settings\All Users\Dane aplikacji\Symantec\Norton AntiVirus\Tasks\mycomp.sca"" ["Symantec Corporation"]
"Symantec NetDetect" –> launches: "D:\Program Files\Symantec\LiveUpdate\NDETECT.EXE" ["Symantec Corporation"]
Winsock2 Service Provider DLLs:
–––––––––––––––––––––––––––––––
Namespace Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
Transport Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 – 03, 06 – 17
%SystemRoot%\system32\rsvpsp.dll [MS], 04 – 05
Toolbars, Explorer Bars, Extensions:
––––––––––––––––––––––––––––––––––––
Toolbars
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{42CDD1BF–3FFB–4238–8AD1–7859DF00B1D6}" = "Norton AntiVirus" [from CLSID]
–> {CLSID}\InProcServer32\(Default) = "D:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]
HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{42CDD1BF–3FFB–4238–8AD1–7859DF00B1D6}" = "Norton AntiVirus"
–> {CLSID}\InProcServer32\(Default) = "D:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]
Miscellaneous IE Hijack Points
––––––––––––––––––––––––––––––
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\
Missing lines (compared with English–language version):
"{08C06D61–F1F3–4799–86F8–BE1A89362C85}" = "Search Class" [from CLSID]
–> {CLSID}\InProcServer32\(Default) = "D:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL" [empty string]
Running Services (Display Name, Service Name, Path {Service DLL}):
––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––
Norton AntiVirus Auto–Protect Service, navapsvc, ""D:\Program Files\Norton AntiVirus\navapsvc.exe"" ["Symantec Corporation"]
Norton AntiVirus Firewall Monitor Service, NPFMntor, "D:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe" ["Symantec Corporation"]
NVIDIA Driver Helper Service, NVSvc, "D:\WINDOWS\System32\nvsvc32.exe" ["NVIDIA Corporation"]
Symantec Core LC, Symantec Core LC, "D:\Program Files\Common Files\Symantec Shared\CCPD–LC\symlcsvc.exe" ["Symantec Corporation"]
Symantec Event Manager, ccEvtMgr, ""D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"" ["Symantec Corporation"]
Symantec Network Drivers Service, SNDSrvc, "D:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe" ["Symantec Corporation"]
Symantec Settings Manager, ccSetMgr, ""D:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"" ["Symantec Corporation"]
Symantec SPBBCSvc, SPBBCSvc, "D:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe" ["Symantec Corporation"]
Windows User Mode Driver Framework, UMWdf, "D:\WINDOWS\System32\wdfmgr.exe" [MS]
––––––––––
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the –all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points and all Registry CLSIDs for dormant Explorer Bars,
use the –supp parameter or answer "No" at the first message box.
–––––––––– (total run time: 149 seconds, including 18 seconds for message boxes)
"Silent Runners.vbs", revision 41, http://www.silentrunners.org/
Operating System: Windows XP
Output limited to non–default values, except where indicated by "{++}"
Startup items buried in registry:
–––––––––––––––––––––––––––––––––
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"CTFMON.EXE" = "D:\WINDOWS\System32\ctfmon.exe" [MS]
"Gadu–Gadu" = ""D:\Program Files\Gadu–Gadu\gg.exe" /tray" ["Gadu–Gadu Sp. z oo"]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"NvCplDaemon" = "RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup" [MS]
"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]
"LWBMOUSE" = "D:\Program Files\Tech\Wheel Mouse\5.3\MOUSE32A.EXE" [empty string]
"WooCnxMon" = "D:\PROGRA~1\NEOSTR~1\CnxMon.exe" [empty string]
"SpeedTouch USB Diagnostics" = ""D:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon" ["THOMSON Telecom Belgium"]
"WOOWATCH" = "D:\PROGRA~1\NEOSTR~1\Watch.exe" ["France Tlcom R&D"]
"WOOTASKBARICON" = "D:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe" ["France Tlcom R&D"]
"ccApp" = ""D:\Program Files\Common Files\Symantec Shared\ccApp.exe"" ["Symantec Corporation"]
"SSC_UserPrompt" = "D:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe" ["Symantec Corporation"]
"Symantec NetDriver Monitor" = "D:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer" ["Symantec Corporation"]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F–C8D7–4D59–B87D–784B7D6BE0B3}\(Default) = "AcroIEHlprObj Class" [from CLSID]
–> {CLSID}\InProcServer32\(Default) = "D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{53707962–6F74–2D53–2644–206D7942484F}\(Default) = (no title provided)
–> {CLSID}\InProcServer32\(Default) = "D:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]
{BDF3E430–B101–42AD–A544–FADC6B084872}\(Default) = "NAV Helper"
–> {CLSID}\InProcServer32\(Default) = "D:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{88895560–9AA2–1069–930E–00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"
–> {CLSID}\InProcServer32\(Default) = "D:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{1CDB2949–8F65–4355–8456–263E7C208A5D}" = "Eksplorator pulpitów"
–> {CLSID}\InProcServer32\(Default) = "D:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB–F9E5–4718–997B–B8DA88302A47}" = "Desktop Explorer Menu"
–> {CLSID}\InProcServer32\(Default) = "D:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{F0CB00CD–5A07–4D91–97F5–A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
–> {CLSID}\InProcServer32\(Default) = "D:\Program Files\K–Lite Codec Pack\Real\rpshell.dll" ["RealNetworks, Inc."]
"{00DF1F20–0849–A4D1–0239–00D0AF3E9CB0}" = "TuneUp Shredder Shell Context Menu Extension"
–> {CLSID}\InProcServer32\(Default) = "D:\Program Files\TuneUp Utilities\sdshelex.dll" ["TuneUp Software GmbH"]
"{EB54AA93–27B6–452E–8EE7–ABDCB4229837}" = "Firegraphic XP"
–> {CLSID}\InProcServer32\(Default) = "D:\Program Files\Firegraphic\Firegraphic XP\Firegrxp.dll" ["Firegraphic"]
"{E0D79304–84BE–11CE–9641–444553540000}" = "WinZip"
–> {CLSID}\InProcServer32\(Default) = "D:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{E0D79305–84BE–11CE–9641–444553540000}" = "WinZip"
–> {CLSID}\InProcServer32\(Default) = "D:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{E0D79306–84BE–11CE–9641–444553540000}" = "WinZip"
–> {CLSID}\InProcServer32\(Default) = "D:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{E0D79307–84BE–11CE–9641–444553540000}" = "WinZip"
–> {CLSID}\InProcServer32\(Default) = "D:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{59850401–6664–101B–B21C–00AA004BA90B}" = "Microsoft Office Binder Unbind"
–> {CLSID}\InProcServer32\(Default) = "D:\PROGRA~1\MICROS~2\Office\1045\UNBIND.DLL" [MS]
"{B41DB860–8EE4–11D2–9906–E49FADC173CA}" = "WinRAR shell extension"
–> {CLSID}\InProcServer32\(Default) = "D:\Program Files\WinRAR\rarext.dll" [null data]
"{0006F045–0000–0000–C000–000000000046}" = "Microsoft Outlook Custom Icon Handler"
–> {CLSID}\InProcServer32\(Default) = "D:\Program Files\Microsoft Office\Office10\OLKFSTUB.DLL" [MS]
"{42042206–2D85–11D3–8CFF–005004838597}" = "Microsoft Office HTML Icon Handler"
–> {CLSID}\InProcServer32\(Default) = "D:\Program Files\Microsoft Office\Office10\msohev.dll" [MS]
"{640167b4–59b0–47a6–b335–a6b3c0695aea}" = "Portable Media Devices"
–> {CLSID}\InProcServer32\(Default) = "D:\WINDOWS\System32\Audiodev.dll" [MS]
"{cc86590a–b60a–48e6–996b–41d25ed39a1e}" = "Portable Media Devices Menu"
–> {CLSID}\InProcServer32\(Default) = "D:\WINDOWS\System32\Audiodev.dll" [MS]
HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
FiregraphicXPShlExt\(Default) = "{EB54AA93–27B6–452E–8EE7–ABDCB4229837}"
–> {CLSID}\InProcServer32\(Default) = "D:\Program Files\Firegraphic\Firegraphic XP\Firegrxp.dll" ["Firegraphic"]
HexWorkshopContextMenu\(Default) = "{DB34D5DC–D41A–482E–A5EF–8FA0F88761DA}"
–> {CLSID}\InProcServer32\(Default) = "D:\Program Files\BreakPoint Software\Hex Workshop 4.1\hwext.dll" ["BreakPoint Software, Inc."]
Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{5345A4D5–41EB–4A2F–9616–CE1D4F6C35B2}"
–> {CLSID}\InProcServer32\(Default) = "D:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]
TuneUp Shredder\(Default) = "{00DF1F20–0849–A4D1–0239–00D0AF3E9CB0}"
–> {CLSID}\InProcServer32\(Default) = "D:\Program Files\TuneUp Utilities\sdshelex.dll" ["TuneUp Software GmbH"]
WinRAR\(Default) = "{B41DB860–8EE4–11D2–9906–E49FADC173CA}"
–> {CLSID}\InProcServer32\(Default) = "D:\Program Files\WinRAR\rarext.dll" [null data]
WinZip\(Default) = "{E0D79304–84BE–11CE–9641–444553540000}"
–> {CLSID}\InProcServer32\(Default) = "D:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
TuneUp Shredder\(Default) = "{00DF1F20–0849–A4D1–0239–00D0AF3E9CB0}"
–> {CLSID}\InProcServer32\(Default) = "D:\Program Files\TuneUp Utilities\sdshelex.dll" ["TuneUp Software GmbH"]
WinRAR\(Default) = "{B41DB860–8EE4–11D2–9906–E49FADC173CA}"
–> {CLSID}\InProcServer32\(Default) = "D:\Program Files\WinRAR\rarext.dll" [null data]
WinZip\(Default) = "{E0D79304–84BE–11CE–9641–444553540000}"
–> {CLSID}\InProcServer32\(Default) = "D:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
FiregraphicXPShlExt\(Default) = "{EB54AA93–27B6–452E–8EE7–ABDCB4229837}"
–> {CLSID}\InProcServer32\(Default) = "D:\Program Files\Firegraphic\Firegraphic XP\Firegrxp.dll" ["Firegraphic"]
Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{5345A4D5–41EB–4A2F–9616–CE1D4F6C35B2}"
–> {CLSID}\InProcServer32\(Default) = "D:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]
WinRAR\(Default) = "{B41DB860–8EE4–11D2–9906–E49FADC173CA}"
–> {CLSID}\InProcServer32\(Default) = "D:\Program Files\WinRAR\rarext.dll" [null data]
WinZip\(Default) = "{E0D79304–84BE–11CE–9641–444553540000}"
–> {CLSID}\InProcServer32\(Default) = "D:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
Active Desktop and Wallpaper:
–––––––––––––––––––––––––––––
Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
Startup items in "BAS" & "All Users" startup folders:
––––––––––––––––––––––––––––––––––––––––––––––––––––––––––
D:\Documents and Settings\All Users\Menu Start\Programy\Autostart
"Microsoft Office" –> shortcut to: "D:\Program Files\Microsoft Office\Office10\OSA.EXE –b –l" [MS]
"Adobe Reader Speed Launch" –> shortcut to: "D:\WINDOWS\Installer\{AC76BA86–7AD7–1033–7B44–A70001000000}\SC_Reader.exe" [null data]
Enabled Scheduled Tasks:
––––––––––––––––––––––––
"Norton AntiVirus – Skanuj komputer – BAS" –> launches: "D:\PROGRA~1\NORTON~1\Navw32.exe /task:"D:\Documents and Settings\All Users\Dane aplikacji\Symantec\Norton AntiVirus\Tasks\mycomp.sca"" ["Symantec Corporation"]
"Symantec NetDetect" –> launches: "D:\Program Files\Symantec\LiveUpdate\NDETECT.EXE" ["Symantec Corporation"]
Winsock2 Service Provider DLLs:
–––––––––––––––––––––––––––––––
Namespace Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
Transport Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 – 03, 06 – 17
%SystemRoot%\system32\rsvpsp.dll [MS], 04 – 05
Toolbars, Explorer Bars, Extensions:
––––––––––––––––––––––––––––––––––––
Toolbars
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{42CDD1BF–3FFB–4238–8AD1–7859DF00B1D6}" = "Norton AntiVirus" [from CLSID]
–> {CLSID}\InProcServer32\(Default) = "D:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]
HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{42CDD1BF–3FFB–4238–8AD1–7859DF00B1D6}" = "Norton AntiVirus"
–> {CLSID}\InProcServer32\(Default) = "D:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]
Miscellaneous IE Hijack Points
––––––––––––––––––––––––––––––
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\
Missing lines (compared with English–language version):
"{08C06D61–F1F3–4799–86F8–BE1A89362C85}" = "Search Class" [from CLSID]
–> {CLSID}\InProcServer32\(Default) = "D:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL" [empty string]
Running Services (Display Name, Service Name, Path {Service DLL}):
––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––
Norton AntiVirus Auto–Protect Service, navapsvc, ""D:\Program Files\Norton AntiVirus\navapsvc.exe"" ["Symantec Corporation"]
Norton AntiVirus Firewall Monitor Service, NPFMntor, "D:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe" ["Symantec Corporation"]
NVIDIA Driver Helper Service, NVSvc, "D:\WINDOWS\System32\nvsvc32.exe" ["NVIDIA Corporation"]
Symantec Core LC, Symantec Core LC, "D:\Program Files\Common Files\Symantec Shared\CCPD–LC\symlcsvc.exe" ["Symantec Corporation"]
Symantec Event Manager, ccEvtMgr, ""D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"" ["Symantec Corporation"]
Symantec Network Drivers Service, SNDSrvc, "D:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe" ["Symantec Corporation"]
Symantec Settings Manager, ccSetMgr, ""D:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"" ["Symantec Corporation"]
Symantec SPBBCSvc, SPBBCSvc, "D:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe" ["Symantec Corporation"]
Windows User Mode Driver Framework, UMWdf, "D:\WINDOWS\System32\wdfmgr.exe" [MS]
––––––––––
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the –all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points and all Registry CLSIDs for dormant Explorer Bars,
use the –supp parameter or answer "No" at the first message box.
–––––––––– (total run time: 149 seconds, including 18 seconds for message boxes)
– wyłącz przywracanie
– zakończ proces:
helper.exe
– usuń:
Ten niby wygaszasz który startuje z Runa to spyware.
W bezpieczeństwie masz FAQ, a w nim opis Silent Runners, wygeneruj log i pokaź go.
BTW, Nie zasnawawiałaś się nad zainstalowaniem SP2 i/lub przejściem na Operę/Firefoxa?
– zakończ proces:
helper.exe
– usuń:
F2 – REG:system.ini: Shell=explorer.exe "D:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe"
O2 – BHO: (no name) – {2BCE6A6A–9F26–4A77–A9A7–A68A6C17068D} – D:\WINDOWS\System32\xodab.dll
O4 – HKLM\..\Run: [AQ3HelperStartUp] D:\PROGRA~1\AQUATI~1\AQ3HEL~1.EXE /partner AQ3
O4 – HKCU\..\Run: [Shell] "D:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe"
O9 – Extra button: Related – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – D:\WINDOWS\web\related.htm
O9 – Extra 'Tools' menuitem: Show &Related Links – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – D:\WINDOWS\web\related.htm
O21 – SSODL: W32Time – {911EAC3B–1EE8–60A2–F280–207754569454} – D:\WINDOWS\help\charmap.hlp
Ten niby wygaszasz który startuje z Runa to spyware.
W bezpieczeństwie masz FAQ, a w nim opis Silent Runners, wygeneruj log i pokaź go.
BTW, Nie zasnawawiałaś się nad zainstalowaniem SP2 i/lub przejściem na Operę/Firefoxa?
Strona 1 / 1