Błagam o sprawdzenie loga – RESET KOMPA CO 60 SEKUND!!!
Witam!
Jestem nowy,mam nowiutkiego kompa i pierwszy raz taki problem.Wczoraj szukając seriala do Warcrafta załapałem jakiegoś syfa.Od tej pory po uruchomieniu komputera pojawia sie taki komunikat:
http://img219.imageshack.us/my.php?image=untitled16wm.jpg
Obojętnie co sie nacisnie to zaczyna sie odliczanie i zamkniecie kompa,nie da sie nic zrobic.Dopoki sie nic nie nacisnie to sie nie resetuje,ale wystarczy dac uruchom ponownie czy zrobic cos innego a juz odliczanko i reset.Szukalem wszedzie i znalazlem kilka postow z takim problemem,ale zaden nie zostal rozwiazany.Podaje loga z HiJacka,BŁAGAM O POMOC!!!:
Logfile of HijackThis v1.99.1
Scan saved at 16:25:45, on 2006–01–23
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
D:\WINDOWS\system32\LEXBCES.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\system32\LEXPPS.EXE
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\Explorer.EXE
D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
D:\Program Files\Alwil Software\Avast4\ashServ.exe
D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
D:\WINDOWS\helper.exe
D:\Program Files\Opera\Opera.exe
D:\WINDOWS\system32\rundll32.exe
D:\Documents and Settings\Boorak\Moje dokumenty\NIEDZIELA\hijackthis\HijackThis.exe
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 – BHO: MSX – {037CE595–57CB–4EB5–9775–97BC112F3BB3} –
D:\WINDOWS\system32\msx.dll
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} –
D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 – BHO: (no name) – {31FF080D–12A3–439A–A2EF–4BA95A3148E8} – (no file)
O2 – BHO: SSVHelper Class – {761497BB–D6F0–462C–B6EB–D4DAF1D92D43} – D:\Program
Files\Java\jre1.5.0_06\bin\ssv.dll
O2 – BHO: IE Agent – {CC56A1F3–9B83–45FF–8CB6–D58959492F0F} –
D:\WINDOWS\system32\kaboom.dll
O3 – Toolbar: YourSiteBar – {86227D9C–0EFE–4f8a–AA55–30386A3F5686} – D:\Program
Files\YourSiteBar\ysb.dll (file missing)
O3 – Toolbar: 180search Toolbar – {93CECBB2–6B1B–448D–91B9–72604EF70105} –
D:\Program Files\180search Assistant Programs\180search Toolbar\180ST.dll (file missing)
O4 – HKLM\..\Run: [ATIPTA] D:\Program Files\ATI Technologies\ATI Control
Panel\atiptaxx.exe
O4 – HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 – HKLM\..\Run: [MSConfig] D:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe
/auto
O8 – Extra context menu item: Download with GetRight –
I:\DC++\Downloads\GetRight\GRdownload.htm
O8 – Extra context menu item: E&ksport do programu Microsoft Excel –
res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 – Extra context menu item: Open with GetRight Browser –
I:\DC++\Downloads\GetRight\GRbrowse.htm
O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – D:\Program
Files\Java\jre1.5.0_06\bin\ssv.dll
O9 – Extra 'Tools' menuitem: Sun Java Console –
{08B0E5C0–4FCB–11CF–AAA5–00401C608501} – D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 – Extra button: SideFind – {10E42047–DEB9–4535–A118–B3F6EC39B807} – D:\Program
Files\SideFind\sidefind.dll (file missing)
O9 – Extra button: Badanie – {92780B25–18CC–41C8–B9BE–3C9C571A8263} –
D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 – Extra button: Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – D:\Program
Files\Messenger\msmsgs.exe
O9 – Extra 'Tools' menuitem: Windows Messenger –
{FB5F1910–F110–11d2–BB9E–00C04F795683} – D:\Program Files\Messenger\msmsgs.exe
O12 – Plugin for .htm: D:\Program Files\Netscape\Netscape Browser\PLUGINS\npTrident.dll
O16 – DPF: {42F2C9BA–614F–47C0–B3E3–ECFD34EED658} (Installer Class) –
http://www.ysbweb.com/ist/softwares/v4.0/ysb_regular.cab
O16 – DPF: {8FCDF9D9–A28B–480F–8C3D–581F119A8AB8} (MediaGatewayX) –
http://static.zangocash.com/cab/180solutions/ie/bridge–c266.cab
O17 –
HKLM\System\CCS\Services\Tcpip\..\{78E18272–C324–4A1D–A2B5–AB59ADABD7FA}:
NameServer = 217.30.129.149,217.30.137.200
O21 – SSODL: seclogon – {A39A606A–2F81–D7D1–DC19–AE0FEBC641E5} –
D:\WINDOWS\help\sysrestore.hlp
O23 – Service: avast! iAVS4 Control Service (aswUpdSv) – Unknown owner – D:\Program
Files\Alwil Software\Avast4\aswUpdSv.exe
O23 – Service: Ati HotKey Poller – ATI Technologies Inc. –
D:\WINDOWS\system32\Ati2evxx.exe
O23 – Service: ATI Smart – Unknown owner – D:\WINDOWS\system32\ati2sgag.exe
O23 – Service: avast! Antivirus – Unknown owner – D:\Program Files\Alwil
Software\Avast4\ashServ.exe
O23 – Service: avast! Mail Scanner – Unknown owner – D:\Program Files\Alwil
Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 – Service: avast! Web Scanner – Unknown owner – D:\Program Files\Alwil
Software\Avast4\ashWebSv.exe" /service (file missing)
O23 – Service: InstallDriver Table Manager (IDriverT) – Macrovision Corporation – D:\Program
Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 – Service: LexBce Server (LexBceS) – Lexmark International, Inc. –
D:\WINDOWS\system32\LEXBCES.EXE
O23 – Service: RadClock – Unknown owner – D:\WINDOWS\system32\RadClock.exe
O23 – Service: StyleXPService – Unknown owner – D:\Program
Files\TGTSoft\StyleXP\StyleXPService.exe
Jestem nowy,mam nowiutkiego kompa i pierwszy raz taki problem.Wczoraj szukając seriala do Warcrafta załapałem jakiegoś syfa.Od tej pory po uruchomieniu komputera pojawia sie taki komunikat:
http://img219.imageshack.us/my.php?image=untitled16wm.jpg
Obojętnie co sie nacisnie to zaczyna sie odliczanie i zamkniecie kompa,nie da sie nic zrobic.Dopoki sie nic nie nacisnie to sie nie resetuje,ale wystarczy dac uruchom ponownie czy zrobic cos innego a juz odliczanko i reset.Szukalem wszedzie i znalazlem kilka postow z takim problemem,ale zaden nie zostal rozwiazany.Podaje loga z HiJacka,BŁAGAM O POMOC!!!:
Logfile of HijackThis v1.99.1
Scan saved at 16:25:45, on 2006–01–23
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
D:\WINDOWS\system32\LEXBCES.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\system32\LEXPPS.EXE
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\Explorer.EXE
D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
D:\Program Files\Alwil Software\Avast4\ashServ.exe
D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
D:\WINDOWS\helper.exe
D:\Program Files\Opera\Opera.exe
D:\WINDOWS\system32\rundll32.exe
D:\Documents and Settings\Boorak\Moje dokumenty\NIEDZIELA\hijackthis\HijackThis.exe
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 – BHO: MSX – {037CE595–57CB–4EB5–9775–97BC112F3BB3} –
D:\WINDOWS\system32\msx.dll
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} –
D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 – BHO: (no name) – {31FF080D–12A3–439A–A2EF–4BA95A3148E8} – (no file)
O2 – BHO: SSVHelper Class – {761497BB–D6F0–462C–B6EB–D4DAF1D92D43} – D:\Program
Files\Java\jre1.5.0_06\bin\ssv.dll
O2 – BHO: IE Agent – {CC56A1F3–9B83–45FF–8CB6–D58959492F0F} –
D:\WINDOWS\system32\kaboom.dll
O3 – Toolbar: YourSiteBar – {86227D9C–0EFE–4f8a–AA55–30386A3F5686} – D:\Program
Files\YourSiteBar\ysb.dll (file missing)
O3 – Toolbar: 180search Toolbar – {93CECBB2–6B1B–448D–91B9–72604EF70105} –
D:\Program Files\180search Assistant Programs\180search Toolbar\180ST.dll (file missing)
O4 – HKLM\..\Run: [ATIPTA] D:\Program Files\ATI Technologies\ATI Control
Panel\atiptaxx.exe
O4 – HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 – HKLM\..\Run: [MSConfig] D:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe
/auto
O8 – Extra context menu item: Download with GetRight –
I:\DC++\Downloads\GetRight\GRdownload.htm
O8 – Extra context menu item: E&ksport do programu Microsoft Excel –
res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 – Extra context menu item: Open with GetRight Browser –
I:\DC++\Downloads\GetRight\GRbrowse.htm
O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – D:\Program
Files\Java\jre1.5.0_06\bin\ssv.dll
O9 – Extra 'Tools' menuitem: Sun Java Console –
{08B0E5C0–4FCB–11CF–AAA5–00401C608501} – D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 – Extra button: SideFind – {10E42047–DEB9–4535–A118–B3F6EC39B807} – D:\Program
Files\SideFind\sidefind.dll (file missing)
O9 – Extra button: Badanie – {92780B25–18CC–41C8–B9BE–3C9C571A8263} –
D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 – Extra button: Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – D:\Program
Files\Messenger\msmsgs.exe
O9 – Extra 'Tools' menuitem: Windows Messenger –
{FB5F1910–F110–11d2–BB9E–00C04F795683} – D:\Program Files\Messenger\msmsgs.exe
O12 – Plugin for .htm: D:\Program Files\Netscape\Netscape Browser\PLUGINS\npTrident.dll
O16 – DPF: {42F2C9BA–614F–47C0–B3E3–ECFD34EED658} (Installer Class) –
http://www.ysbweb.com/ist/softwares/v4.0/ysb_regular.cab
O16 – DPF: {8FCDF9D9–A28B–480F–8C3D–581F119A8AB8} (MediaGatewayX) –
http://static.zangocash.com/cab/180solutions/ie/bridge–c266.cab
O17 –
HKLM\System\CCS\Services\Tcpip\..\{78E18272–C324–4A1D–A2B5–AB59ADABD7FA}:
NameServer = 217.30.129.149,217.30.137.200
O21 – SSODL: seclogon – {A39A606A–2F81–D7D1–DC19–AE0FEBC641E5} –
D:\WINDOWS\help\sysrestore.hlp
O23 – Service: avast! iAVS4 Control Service (aswUpdSv) – Unknown owner – D:\Program
Files\Alwil Software\Avast4\aswUpdSv.exe
O23 – Service: Ati HotKey Poller – ATI Technologies Inc. –
D:\WINDOWS\system32\Ati2evxx.exe
O23 – Service: ATI Smart – Unknown owner – D:\WINDOWS\system32\ati2sgag.exe
O23 – Service: avast! Antivirus – Unknown owner – D:\Program Files\Alwil
Software\Avast4\ashServ.exe
O23 – Service: avast! Mail Scanner – Unknown owner – D:\Program Files\Alwil
Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 – Service: avast! Web Scanner – Unknown owner – D:\Program Files\Alwil
Software\Avast4\ashWebSv.exe" /service (file missing)
O23 – Service: InstallDriver Table Manager (IDriverT) – Macrovision Corporation – D:\Program
Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 – Service: LexBce Server (LexBceS) – Lexmark International, Inc. –
D:\WINDOWS\system32\LEXBCES.EXE
O23 – Service: RadClock – Unknown owner – D:\WINDOWS\system32\RadClock.exe
O23 – Service: StyleXPService – Unknown owner – D:\Program
Files\TGTSoft\StyleXP\StyleXPService.exe
Odpowiedzi: 7
Jeźeli obaj macie to co myślę to chyba przyda się Rootkit Revealer. Powinien znaleźć sysbus32.
Nim to jednak zrobicie szybka akcja, uruchomić konsolę odzyskiwania i wpisac:
disable sysbus32
cd C:\WINDOWS\system32\drivers
del sysbus32.sys
Nim to jednak zrobicie szybka akcja, uruchomić konsolę odzyskiwania i wpisac:
disable sysbus32
cd C:\WINDOWS\system32\drivers
del sysbus32.sys
wyglada na czysty
witam, mam identyczny problem co hastla, z tym ze u mnie to efekt falszywej tapety i spysheriffa. calosc usunalem i zostalo jedynie wylaczanie kompa zaraz po starcie i zaladowaniu wszystkich programow poprzedzone identycznym komunikatem: http://img219.imageshack.us/my.php?image=untitled16wm.jpg
bardzo prosze o zerkniecie na loga i pomoc bo juz ku*wicy dostaje!!
Logfile of HijackThis v1.99.1
Scan saved at 15:11:29, on 2006–01–24
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\OBJECT~1\WindowFX\wfxload.exe
C:\Program Files\Gadu–Gadu\gg.exe
C:\Program Files\Pogoda\pogoda.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Winamp\winamp.exe
C:\Documents and Settings\xpsp2\Pulpit\hijack this\HijackThis.exe
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 – BHO: SSVHelper Class – {761497BB–D6F0–462C–B6EB–D4DAF1D92D43} – C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 – BHO: QUICKfind BHO Object – {C08DF07A–3E49–4E25–9AB0–D3882835F153} – C:\PROGRA~1\TEXTware\QUICKF~1\PlugIns\IEHelp.dll
O4 – HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 – HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" –osboot
O4 – HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
O4 – HKLM\..\Run: [DXDllRegExe] dxdllreg.exe
O4 – HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 – HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" –atboottime
O4 – HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 – HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 – HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 – HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 – HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 –u
O4 – HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 – HKCU\..\Run: [RssReader] C:\Program Files\RssReader\RssReader.exe
O4 – HKCU\..\Run: [WindowFX] C:\PROGRA~1\OBJECT~1\WindowFX\\wfxload.exe
O4 – HKCU\..\Run: [Gadu–Gadu] "C:\Program Files\Gadu–Gadu\gg.exe" /tray
O4 – HKCU\..\Run: [tray] C:\Program Files\Pogoda\pogoda.exe /tray
O4 – Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 – Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 – Extra context menu item: E&ksport do programu Microsoft Excel – res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 – Extra 'Tools' menuitem: Sun Java Console – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 – Extra button: Badanie – {92780B25–18CC–41C8–B9BE–3C9C571A8263} – C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 – Extra button: Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O9 – Extra 'Tools' menuitem: Windows Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O18 – Protocol: msnim – {828030A1–22C1–4009–854F–8E305202313F} – "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 – Service: Adobe LM Service – Adobe Systems – C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 – Service: avast! iAVS4 Control Service (aswUpdSv) – Unknown owner – C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 – Service: avast! Antivirus – Unknown owner – C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 – Service: avast! Mail Scanner – Unknown owner – C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 – Service: avast! Web Scanner – Unknown owner – C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 – Service: GhostStartService – Symantec Corporation – C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
O23 – Service: InstallDriver Table Manager (IDriverT) – Macrovision Corporation – C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 – Service: iPodService – Apple Computer, Inc. – C:\Program Files\iPod\bin\iPodService.exe
O23 – Service: Pml Driver HPZ12 – HP – C:\WINDOWS\system32\HPZipm12.exe
bardzo prosze o zerkniecie na loga i pomoc bo juz ku*wicy dostaje!!
Logfile of HijackThis v1.99.1
Scan saved at 15:11:29, on 2006–01–24
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\OBJECT~1\WindowFX\wfxload.exe
C:\Program Files\Gadu–Gadu\gg.exe
C:\Program Files\Pogoda\pogoda.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Winamp\winamp.exe
C:\Documents and Settings\xpsp2\Pulpit\hijack this\HijackThis.exe
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 – BHO: SSVHelper Class – {761497BB–D6F0–462C–B6EB–D4DAF1D92D43} – C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 – BHO: QUICKfind BHO Object – {C08DF07A–3E49–4E25–9AB0–D3882835F153} – C:\PROGRA~1\TEXTware\QUICKF~1\PlugIns\IEHelp.dll
O4 – HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 – HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" –osboot
O4 – HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
O4 – HKLM\..\Run: [DXDllRegExe] dxdllreg.exe
O4 – HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 – HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" –atboottime
O4 – HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 – HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 – HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 – HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 – HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 –u
O4 – HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 – HKCU\..\Run: [RssReader] C:\Program Files\RssReader\RssReader.exe
O4 – HKCU\..\Run: [WindowFX] C:\PROGRA~1\OBJECT~1\WindowFX\\wfxload.exe
O4 – HKCU\..\Run: [Gadu–Gadu] "C:\Program Files\Gadu–Gadu\gg.exe" /tray
O4 – HKCU\..\Run: [tray] C:\Program Files\Pogoda\pogoda.exe /tray
O4 – Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 – Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 – Extra context menu item: E&ksport do programu Microsoft Excel – res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 – Extra 'Tools' menuitem: Sun Java Console – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 – Extra button: Badanie – {92780B25–18CC–41C8–B9BE–3C9C571A8263} – C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 – Extra button: Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O9 – Extra 'Tools' menuitem: Windows Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O18 – Protocol: msnim – {828030A1–22C1–4009–854F–8E305202313F} – "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 – Service: Adobe LM Service – Adobe Systems – C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 – Service: avast! iAVS4 Control Service (aswUpdSv) – Unknown owner – C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 – Service: avast! Antivirus – Unknown owner – C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 – Service: avast! Mail Scanner – Unknown owner – C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 – Service: avast! Web Scanner – Unknown owner – C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 – Service: GhostStartService – Symantec Corporation – C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
O23 – Service: InstallDriver Table Manager (IDriverT) – Macrovision Corporation – C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 – Service: iPodService – Apple Computer, Inc. – C:\Program Files\iPod\bin\iPodService.exe
O23 – Service: Pml Driver HPZ12 – HP – C:\WINDOWS\system32\HPZipm12.exe
Nic tu nie widze oprócz:
Uzyj debuggera z przyklejonego tematu gusia w dziele XP. W czasie odliczania w uruchom wpis: shutdown –a
To da Ci więcej czasu.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{86227D9C–0EFE–4F8A–AA55–30386A3F5686}" = "YourSiteBar" [from CLSID]
–> {CLSID}\InProcServer32\(Default) = "D:\Program Files\YourSiteBar\ysb.dll" [file not found]
Uzyj debuggera z przyklejonego tematu gusia w dziele XP. W czasie odliczania w uruchom wpis: shutdown –a
To da Ci więcej czasu.
No wiec podaje teraz loga z Hi Jacka i Silent Runners :
(przypominam,ze resetuje sie komp,jest to odliczanie,nie mam ani jakiejs tapetki ani zuzycia procesora na 100%)
Hi Jack:
Logfile of HijackThis v1.99.1
Scan saved at 00:39:57, on 2006–01–24
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\Documents and Settings\Boorak\Moje dokumenty\NIEDZIELA\hijackthis\HijackThis.exe
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 – Default URLSearchHook is missing
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 – BHO: (no name) – {31FF080D–12A3–439A–A2EF–4BA95A3148E8} – (no file)
O2 – BHO: SSVHelper Class – {761497BB–D6F0–462C–B6EB–D4DAF1D92D43} – D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 – HKLM\..\Run: [ATIPTA] D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 – HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 – HKLM\..\Run: [MSConfig] D:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 – HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 –u
O4 – HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE
O4 – HKCU\..\RunOnce: [NeroHomeFirstStart] D:\Program Files\Common Files\Ahead\Lib\NeroScoutOptions.exe
O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – D:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 – Extra 'Tools' menuitem: Sun Java Console – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – D:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 – Extra button: Badanie – {92780B25–18CC–41C8–B9BE–3C9C571A8263} – D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 – Extra button: Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – D:\Program Files\Messenger\msmsgs.exe
O9 – Extra 'Tools' menuitem: Windows Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – D:\Program Files\Messenger\msmsgs.exe
O12 – Plugin for .htm: D:\Program Files\Netscape\Netscape Browser\PLUGINS\npTrident.dll
O17 – HKLM\System\CCS\Services\Tcpip\..\{78E18272–C324–4A1D–A2B5–AB59ADABD7FA}: NameServer = 217.30.129.149,217.30.137.200
O23 – Service: avast! iAVS4 Control Service (aswUpdSv) – Unknown owner – D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 – Service: Ati HotKey Poller – ATI Technologies Inc. – D:\WINDOWS\system32\Ati2evxx.exe
O23 – Service: ATI Smart – Unknown owner – D:\WINDOWS\system32\ati2sgag.exe
O23 – Service: avast! Antivirus – Unknown owner – D:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 – Service: avast! Mail Scanner – Unknown owner – D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 – Service: avast! Web Scanner – Unknown owner – D:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 – Service: InstallDriver Table Manager (IDriverT) – Macrovision Corporation – D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 – Service: LexBce Server (LexBceS) – Lexmark International, Inc. – D:\WINDOWS\system32\LEXBCES.EXE
O23 – Service: RadClock – Unknown owner – D:\WINDOWS\system32\RadClock.exe
O23 – Service: StyleXPService – Unknown owner – D:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
I z Silent Runners:
"Silent Runners.vbs", revision 43, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non–default values, except where indicated by "{++}"
Startup items buried in registry:
–––––––––––––––––––––––––––––––––
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"ATIPTA" = "D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" ["ATI Technologies, Inc."]
"avast!" = "D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [null data]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F–C8D7–4D59–B87D–784B7D6BE0B3}\(Default) = "AcroIEHlprObj Class" [from CLSID]
–> {CLSID}\InProcServer32\(Default) = "D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{761497BB–D6F0–462C–B6EB–D4DAF1D92D43}\(Default) = "SSVHelper Class" [from CLSID]
–> {CLSID}\InProcServer32\(Default) = "D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714–76d4–11d1–8b24–00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"
–> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560–9AA2–1069–930E–00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"
–> {CLSID}\InProcServer32\(Default) = "D:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
"{B41DB860–8EE4–11D2–9906–E49FADC173CA}" = "WinRAR shell extension"
–> {CLSID}\InProcServer32\(Default) = "D:\Program Files\WinRAR\rarext.dll" [null data]
"{472083B0–C522–11CF–8763–00608CC02F24}" = "avast"
–> {CLSID}\InProcServer32\(Default) = "D:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
"{32020A01–506E–484D–A2A8–BE3CF17601C3}" = "AlcoholShellEx"
–> {CLSID}\InProcServer32\(Default) = "D:\PROGRA~1\ALCOHO~1\ALCOHO~1\AXShlEx.dll" ["Alcohol Soft Development Team"]
"{4EFE464B–3D0B–4800–A5DE–2321283A3256}" = "QCD IconHandler"
–> {CLSID}\InProcServer32\(Default) = "D:\Program Files\Quintessential Player\QCDIcons.dll" [empty string]
"{E0D79304–84BE–11CE–9641–444553540000}" = "WinZip"
–> {CLSID}\InProcServer32\(Default) = "D:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{E0D79305–84BE–11CE–9641–444553540000}" = "WinZip"
–> {CLSID}\InProcServer32\(Default) = "D:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{E0D79306–84BE–11CE–9641–444553540000}" = "WinZip"
–> {CLSID}\InProcServer32\(Default) = "D:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{E0D79307–84BE–11CE–9641–444553540000}" = "WinZip"
–> {CLSID}\InProcServer32\(Default) = "D:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{B327765E–D724–4347–8B16–78AE18552FC3}" = "NeroDigitalIconHandler"
–> {CLSID}\InProcServer32\(Default) = "D:\Program Files\Common Files\Ahead\lib\NeroDigitalExt.dll" ["Nero AG"]
"{7F1CF152–04F8–453A–B34C–E609530A9DC8}" = "NeroDigitalPropSheetHandler"
–> {CLSID}\InProcServer32\(Default) = "D:\Program Files\Common Files\Ahead\lib\NeroDigitalExt.dll" ["Nero AG"]
"{42042206–2D85–11D3–8CFF–005004838597}" = "Microsoft Office HTML Icon Handler"
–> {CLSID}\InProcServer32\(Default) = "D:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS]
"{21569614–B795–46b1–85F4–E737A8DC09AD}" = "Shell Search Band"
–> {CLSID}\InProcServer32\(Default) = "D:\WINDOWS\system32\browseui.dll" [MS]
"{36518101–49AC–42CB–8E4C–40C1F328A565}" = "Rad2 Extension"
–> {CLSID}\InProcServer32\(Default) = "D:\WINDOWS\system32\Rad.dll" [empty string]
"{5380C14E–C0A1–4D66–87DB–5995E6FF4623}" = "Rad Extension"
–> {CLSID}\InProcServer32\(Default) = "D:\WINDOWS\system32\Rad.dll" [empty string]
"{75B8D633–9021–442C–9EA4–FF4BE72CE20F}" = "NRad2 Extension"
–> {CLSID}\InProcServer32\(Default) = "D:\WINDOWS\system32\NRad.dll" ["ChrisW"]
"{C6844A1E–2C59–415A–84B3–C6A458372779}" = "RadType Extension"
–> {CLSID}\InProcServer32\(Default) = "D:\WINDOWS\system32\RadType.dll" [empty string]
"{D00900BC–23F7–4FD6–BFA2–8232112C5C49}" = "NRad Extension"
–> {CLSID}\InProcServer32\(Default) = "D:\WINDOWS\system32\NRad.dll" ["ChrisW"]
"{D2FD83AE–994A–4D4B–9097–2C9E11ED85F0}" = "RadClkr Extension"
–> {CLSID}\InProcServer32\(Default) = "D:\WINDOWS\system32\RadClkR.dll" [empty string]
"{7700EB62–DB7C–47AF–A092–04376CA1D24C}" = "RadMnu Extension"
–> {CLSID}\InProcServer32\(Default) = "D:\WINDOWS\system32\RadMnu.dll" [empty string]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
INFECTION WARNING! "{35B2861B–2B26–4691–9FF0–09083722C736}" = "RadExe Extension"
–> {CLSID}\InProcServer32\(Default) = "D:\WINDOWS\system32\RadExe.dll" [empty string]
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
INFECTION WARNING! AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."]
HKLM\Software\Classes\PROTOCOLS\Filter\
INFECTION WARNING! text/xml\CLSID = "{807553E5–5146–11D5–A672–00B0D022E945}"
–> {CLSID}\InProcServer32\(Default) = "D:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]
HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
avast\(Default) = "{472083B0–C522–11CF–8763–00608CC02F24}"
–> {CLSID}\InProcServer32\(Default) = "D:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
WinRAR\(Default) = "{B41DB860–8EE4–11D2–9906–E49FADC173CA}"
–> {CLSID}\InProcServer32\(Default) = "D:\Program Files\WinRAR\rarext.dll" [null data]
WinZip\(Default) = "{E0D79304–84BE–11CE–9641–444553540000}"
–> {CLSID}\InProcServer32\(Default) = "D:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
WinRAR\(Default) = "{B41DB860–8EE4–11D2–9906–E49FADC173CA}"
–> {CLSID}\InProcServer32\(Default) = "D:\Program Files\WinRAR\rarext.dll" [null data]
WinZip\(Default) = "{E0D79304–84BE–11CE–9641–444553540000}"
–> {CLSID}\InProcServer32\(Default) = "D:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
avast\(Default) = "{472083B0–C522–11CF–8763–00608CC02F24}"
–> {CLSID}\InProcServer32\(Default) = "D:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
WinRAR\(Default) = "{B41DB860–8EE4–11D2–9906–E49FADC173CA}"
–> {CLSID}\InProcServer32\(Default) = "D:\Program Files\WinRAR\rarext.dll" [null data]
WinZip\(Default) = "{E0D79304–84BE–11CE–9641–444553540000}"
–> {CLSID}\InProcServer32\(Default) = "D:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
Active Desktop and Wallpaper:
–––––––––––––––––––––––––––––
Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
HKCU\Control Panel\Desktop\
"Wallpaper" = "D:\Documents and Settings\Boorak\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"
Enabled Scheduled Tasks:
––––––––––––––––––––––––
"Azureus" –> launches: "D:\PROGRA~1\Azureus\Azureus.exe" [null data]
Winsock2 Service Provider DLLs:
–––––––––––––––––––––––––––––––
Namespace Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
Transport Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 – 03, 06 – 13
%SystemRoot%\system32\rsvpsp.dll [MS], 04 – 05
Toolbars, Explorer Bars, Extensions:
––––––––––––––––––––––––––––––––––––
Toolbars
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{86227D9C–0EFE–4F8A–AA55–30386A3F5686}" = "YourSiteBar" [from CLSID]
–> {CLSID}\InProcServer32\(Default) = "D:\Program Files\YourSiteBar\ysb.dll" [file not found]
Extensions (Tools menu items, main toolbar menu buttons)
HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0–4FCB–11CF–AAA5–00401C608501}\
"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{CAFEEFAC–0015–0000–0006–ABCDEFFEDCBC}"
–> {CLSID}\InProcServer32\(Default) = "D:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll" ["Sun Microsystems, Inc."]
{92780B25–18CC–41C8–B9BE–3C9C571A8263}\
"ButtonText" = "Badanie"
{FB5F1910–F110–11D2–BB9E–00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "D:\Program Files\Messenger\msmsgs.exe" [MS]
Running Services (Display Name, Service Name, Path {Service DLL}):
––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––
Ati HotKey Poller, Ati HotKey Poller, "D:\WINDOWS\system32\Ati2evxx.exe" ["ATI Technologies Inc."]
avast! Antivirus, avast! Antivirus, ""D:\Program Files\Alwil Software\Avast4\ashServ.exe"" [null data]
avast! iAVS4 Control Service, aswUpdSv, ""D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"" [null data]
avast! Mail Scanner, avast! Mail Scanner, ""D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service" ["ALWIL Software"]
avast! Web Scanner, avast! Web Scanner, ""D:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service" ["ALWIL Software"]
LexBce Server, LexBceS, "D:\WINDOWS\system32\LEXBCES.EXE" ["Lexmark International, Inc."]
Machine Debug Manager, MDM, ""D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE"" [MS]
StyleXPService, StyleXPService, ""D:\Program Files\TGTSoft\StyleXP\StyleXPService.exe"" [empty string]
Print Monitors:
–––––––––––––––
HKLM\System\CurrentControlSet\Control\Print\Monitors\
Lexmark Network Port\Driver = "LEXLMPM.DLL" ["Lexmark International, Inc."]
Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS]
––––––––––
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the –all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points and all Registry CLSIDs for dormant Explorer Bars,
use the –supp parameter or answer "No" at the first message box.
–––––––––– (total run time: 27 seconds, including 5 seconds for message boxes)
(przypominam,ze resetuje sie komp,jest to odliczanie,nie mam ani jakiejs tapetki ani zuzycia procesora na 100%)
Hi Jack:
Logfile of HijackThis v1.99.1
Scan saved at 00:39:57, on 2006–01–24
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\Documents and Settings\Boorak\Moje dokumenty\NIEDZIELA\hijackthis\HijackThis.exe
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 – Default URLSearchHook is missing
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 – BHO: (no name) – {31FF080D–12A3–439A–A2EF–4BA95A3148E8} – (no file)
O2 – BHO: SSVHelper Class – {761497BB–D6F0–462C–B6EB–D4DAF1D92D43} – D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 – HKLM\..\Run: [ATIPTA] D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 – HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 – HKLM\..\Run: [MSConfig] D:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 – HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 –u
O4 – HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE
O4 – HKCU\..\RunOnce: [NeroHomeFirstStart] D:\Program Files\Common Files\Ahead\Lib\NeroScoutOptions.exe
O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – D:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 – Extra 'Tools' menuitem: Sun Java Console – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – D:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 – Extra button: Badanie – {92780B25–18CC–41C8–B9BE–3C9C571A8263} – D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 – Extra button: Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – D:\Program Files\Messenger\msmsgs.exe
O9 – Extra 'Tools' menuitem: Windows Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – D:\Program Files\Messenger\msmsgs.exe
O12 – Plugin for .htm: D:\Program Files\Netscape\Netscape Browser\PLUGINS\npTrident.dll
O17 – HKLM\System\CCS\Services\Tcpip\..\{78E18272–C324–4A1D–A2B5–AB59ADABD7FA}: NameServer = 217.30.129.149,217.30.137.200
O23 – Service: avast! iAVS4 Control Service (aswUpdSv) – Unknown owner – D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 – Service: Ati HotKey Poller – ATI Technologies Inc. – D:\WINDOWS\system32\Ati2evxx.exe
O23 – Service: ATI Smart – Unknown owner – D:\WINDOWS\system32\ati2sgag.exe
O23 – Service: avast! Antivirus – Unknown owner – D:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 – Service: avast! Mail Scanner – Unknown owner – D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 – Service: avast! Web Scanner – Unknown owner – D:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 – Service: InstallDriver Table Manager (IDriverT) – Macrovision Corporation – D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 – Service: LexBce Server (LexBceS) – Lexmark International, Inc. – D:\WINDOWS\system32\LEXBCES.EXE
O23 – Service: RadClock – Unknown owner – D:\WINDOWS\system32\RadClock.exe
O23 – Service: StyleXPService – Unknown owner – D:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
I z Silent Runners:
"Silent Runners.vbs", revision 43, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non–default values, except where indicated by "{++}"
Startup items buried in registry:
–––––––––––––––––––––––––––––––––
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"ATIPTA" = "D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" ["ATI Technologies, Inc."]
"avast!" = "D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [null data]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F–C8D7–4D59–B87D–784B7D6BE0B3}\(Default) = "AcroIEHlprObj Class" [from CLSID]
–> {CLSID}\InProcServer32\(Default) = "D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{761497BB–D6F0–462C–B6EB–D4DAF1D92D43}\(Default) = "SSVHelper Class" [from CLSID]
–> {CLSID}\InProcServer32\(Default) = "D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714–76d4–11d1–8b24–00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"
–> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560–9AA2–1069–930E–00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"
–> {CLSID}\InProcServer32\(Default) = "D:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
"{B41DB860–8EE4–11D2–9906–E49FADC173CA}" = "WinRAR shell extension"
–> {CLSID}\InProcServer32\(Default) = "D:\Program Files\WinRAR\rarext.dll" [null data]
"{472083B0–C522–11CF–8763–00608CC02F24}" = "avast"
–> {CLSID}\InProcServer32\(Default) = "D:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
"{32020A01–506E–484D–A2A8–BE3CF17601C3}" = "AlcoholShellEx"
–> {CLSID}\InProcServer32\(Default) = "D:\PROGRA~1\ALCOHO~1\ALCOHO~1\AXShlEx.dll" ["Alcohol Soft Development Team"]
"{4EFE464B–3D0B–4800–A5DE–2321283A3256}" = "QCD IconHandler"
–> {CLSID}\InProcServer32\(Default) = "D:\Program Files\Quintessential Player\QCDIcons.dll" [empty string]
"{E0D79304–84BE–11CE–9641–444553540000}" = "WinZip"
–> {CLSID}\InProcServer32\(Default) = "D:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{E0D79305–84BE–11CE–9641–444553540000}" = "WinZip"
–> {CLSID}\InProcServer32\(Default) = "D:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{E0D79306–84BE–11CE–9641–444553540000}" = "WinZip"
–> {CLSID}\InProcServer32\(Default) = "D:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{E0D79307–84BE–11CE–9641–444553540000}" = "WinZip"
–> {CLSID}\InProcServer32\(Default) = "D:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{B327765E–D724–4347–8B16–78AE18552FC3}" = "NeroDigitalIconHandler"
–> {CLSID}\InProcServer32\(Default) = "D:\Program Files\Common Files\Ahead\lib\NeroDigitalExt.dll" ["Nero AG"]
"{7F1CF152–04F8–453A–B34C–E609530A9DC8}" = "NeroDigitalPropSheetHandler"
–> {CLSID}\InProcServer32\(Default) = "D:\Program Files\Common Files\Ahead\lib\NeroDigitalExt.dll" ["Nero AG"]
"{42042206–2D85–11D3–8CFF–005004838597}" = "Microsoft Office HTML Icon Handler"
–> {CLSID}\InProcServer32\(Default) = "D:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS]
"{21569614–B795–46b1–85F4–E737A8DC09AD}" = "Shell Search Band"
–> {CLSID}\InProcServer32\(Default) = "D:\WINDOWS\system32\browseui.dll" [MS]
"{36518101–49AC–42CB–8E4C–40C1F328A565}" = "Rad2 Extension"
–> {CLSID}\InProcServer32\(Default) = "D:\WINDOWS\system32\Rad.dll" [empty string]
"{5380C14E–C0A1–4D66–87DB–5995E6FF4623}" = "Rad Extension"
–> {CLSID}\InProcServer32\(Default) = "D:\WINDOWS\system32\Rad.dll" [empty string]
"{75B8D633–9021–442C–9EA4–FF4BE72CE20F}" = "NRad2 Extension"
–> {CLSID}\InProcServer32\(Default) = "D:\WINDOWS\system32\NRad.dll" ["ChrisW"]
"{C6844A1E–2C59–415A–84B3–C6A458372779}" = "RadType Extension"
–> {CLSID}\InProcServer32\(Default) = "D:\WINDOWS\system32\RadType.dll" [empty string]
"{D00900BC–23F7–4FD6–BFA2–8232112C5C49}" = "NRad Extension"
–> {CLSID}\InProcServer32\(Default) = "D:\WINDOWS\system32\NRad.dll" ["ChrisW"]
"{D2FD83AE–994A–4D4B–9097–2C9E11ED85F0}" = "RadClkr Extension"
–> {CLSID}\InProcServer32\(Default) = "D:\WINDOWS\system32\RadClkR.dll" [empty string]
"{7700EB62–DB7C–47AF–A092–04376CA1D24C}" = "RadMnu Extension"
–> {CLSID}\InProcServer32\(Default) = "D:\WINDOWS\system32\RadMnu.dll" [empty string]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
INFECTION WARNING! "{35B2861B–2B26–4691–9FF0–09083722C736}" = "RadExe Extension"
–> {CLSID}\InProcServer32\(Default) = "D:\WINDOWS\system32\RadExe.dll" [empty string]
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
INFECTION WARNING! AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."]
HKLM\Software\Classes\PROTOCOLS\Filter\
INFECTION WARNING! text/xml\CLSID = "{807553E5–5146–11D5–A672–00B0D022E945}"
–> {CLSID}\InProcServer32\(Default) = "D:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]
HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
avast\(Default) = "{472083B0–C522–11CF–8763–00608CC02F24}"
–> {CLSID}\InProcServer32\(Default) = "D:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
WinRAR\(Default) = "{B41DB860–8EE4–11D2–9906–E49FADC173CA}"
–> {CLSID}\InProcServer32\(Default) = "D:\Program Files\WinRAR\rarext.dll" [null data]
WinZip\(Default) = "{E0D79304–84BE–11CE–9641–444553540000}"
–> {CLSID}\InProcServer32\(Default) = "D:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
WinRAR\(Default) = "{B41DB860–8EE4–11D2–9906–E49FADC173CA}"
–> {CLSID}\InProcServer32\(Default) = "D:\Program Files\WinRAR\rarext.dll" [null data]
WinZip\(Default) = "{E0D79304–84BE–11CE–9641–444553540000}"
–> {CLSID}\InProcServer32\(Default) = "D:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
avast\(Default) = "{472083B0–C522–11CF–8763–00608CC02F24}"
–> {CLSID}\InProcServer32\(Default) = "D:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
WinRAR\(Default) = "{B41DB860–8EE4–11D2–9906–E49FADC173CA}"
–> {CLSID}\InProcServer32\(Default) = "D:\Program Files\WinRAR\rarext.dll" [null data]
WinZip\(Default) = "{E0D79304–84BE–11CE–9641–444553540000}"
–> {CLSID}\InProcServer32\(Default) = "D:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
Active Desktop and Wallpaper:
–––––––––––––––––––––––––––––
Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
HKCU\Control Panel\Desktop\
"Wallpaper" = "D:\Documents and Settings\Boorak\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"
Enabled Scheduled Tasks:
––––––––––––––––––––––––
"Azureus" –> launches: "D:\PROGRA~1\Azureus\Azureus.exe" [null data]
Winsock2 Service Provider DLLs:
–––––––––––––––––––––––––––––––
Namespace Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
Transport Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 – 03, 06 – 13
%SystemRoot%\system32\rsvpsp.dll [MS], 04 – 05
Toolbars, Explorer Bars, Extensions:
––––––––––––––––––––––––––––––––––––
Toolbars
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{86227D9C–0EFE–4F8A–AA55–30386A3F5686}" = "YourSiteBar" [from CLSID]
–> {CLSID}\InProcServer32\(Default) = "D:\Program Files\YourSiteBar\ysb.dll" [file not found]
Extensions (Tools menu items, main toolbar menu buttons)
HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0–4FCB–11CF–AAA5–00401C608501}\
"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{CAFEEFAC–0015–0000–0006–ABCDEFFEDCBC}"
–> {CLSID}\InProcServer32\(Default) = "D:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll" ["Sun Microsystems, Inc."]
{92780B25–18CC–41C8–B9BE–3C9C571A8263}\
"ButtonText" = "Badanie"
{FB5F1910–F110–11D2–BB9E–00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "D:\Program Files\Messenger\msmsgs.exe" [MS]
Running Services (Display Name, Service Name, Path {Service DLL}):
––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––
Ati HotKey Poller, Ati HotKey Poller, "D:\WINDOWS\system32\Ati2evxx.exe" ["ATI Technologies Inc."]
avast! Antivirus, avast! Antivirus, ""D:\Program Files\Alwil Software\Avast4\ashServ.exe"" [null data]
avast! iAVS4 Control Service, aswUpdSv, ""D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"" [null data]
avast! Mail Scanner, avast! Mail Scanner, ""D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service" ["ALWIL Software"]
avast! Web Scanner, avast! Web Scanner, ""D:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service" ["ALWIL Software"]
LexBce Server, LexBceS, "D:\WINDOWS\system32\LEXBCES.EXE" ["Lexmark International, Inc."]
Machine Debug Manager, MDM, ""D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE"" [MS]
StyleXPService, StyleXPService, ""D:\Program Files\TGTSoft\StyleXP\StyleXPService.exe"" [empty string]
Print Monitors:
–––––––––––––––
HKLM\System\CurrentControlSet\Control\Print\Monitors\
Lexmark Network Port\Driver = "LEXLMPM.DLL" ["Lexmark International, Inc."]
Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS]
––––––––––
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the –all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points and all Registry CLSIDs for dormant Explorer Bars,
use the –supp parameter or answer "No" at the first message box.
–––––––––– (total run time: 27 seconds, including 5 seconds for message boxes)
gieras, zapomniałes o:
helper i inne procesy pochodne(?) startuje z innego miejsca, którego Hijack nie pokaze, pokaze za to Silent Runners.
Proponuje Ci i z niego log pokazac, zeby sprawę do końca potoczyć.
Ten wpis nieszkodliwy ale nie powinno go być:
BTW, posta wprowadzajacego w błąd juź nie ma.
D:\WINDOWS\helper.exe
O2 – BHO: MSX – {037CE595–57CB–4EB5–9775–97BC112F3BB3} – D:\WINDOWS\system32\msx.dll
O16 – DPF: {8FCDF9D9–A28B–480F–8C3D–581F119A8AB8} (MediaGatewayX) – http://static.zangocash.com/cab/180solutions/ie/bridge–c266.cab
helper i inne procesy pochodne(?) startuje z innego miejsca, którego Hijack nie pokaze, pokaze za to Silent Runners.
Proponuje Ci i z niego log pokazac, zeby sprawę do końca potoczyć.
Ten wpis nieszkodliwy ale nie powinno go być:
O21 – SSODL: seclogon – {A39A606A–2F81–D7D1–DC19–AE0FEBC641E5} – D:\WINDOWS\help\sysrestore.hlp
BTW, posta wprowadzajacego w błąd juź nie ma.
dlaczego kazesz mu usunac wpisy avasta i stylexp ? masz jakies pojecie na ten temat ?
IMO:
IMO:
O2 – BHO: (no name) – {31FF080D–12A3–439A–A2EF–4BA95A3148E8} – (no file)
O2 – BHO: IE Agent – {CC56A1F3–9B83–45FF–8CB6–D58959492F0F} –
O3 – Toolbar: YourSiteBar – {86227D9C–0EFE–4f8a–AA55–30386A3F5686} – D:\Program
O3 – Toolbar: 180search Toolbar – {93CECBB2–6B1B–448D–91B9–72604EF70105} –
O9 – Extra button: SideFind – {10E42047–DEB9–4535–A118–B3F6EC39B807} – D:\Program
O16 – DPF: {42F2C9BA–614F–47C0–B3E3–ECFD34EED658} (Installer Class) –