x-kom hosting

Mega problem, kon trojanski chyba

Rafał-85
utworzono
utworzono

wczoraj i dzis atakowalo mnie kilka koni trojanskich(chyba 6), myslalem ze Kaspersky Internet Security 2009 sobie z nimi poradzil, ale jednak ktorys z nich przedarl sie.

sprawa wyglada nastepujaco, zaraz po uruchomieniu systemu pojawia sie komunikat ze pulpit jest niedostepny (zalacznim nr 1), pulpit wyglada jak w windowsie 98, nic nie dziala tak jak powinno, nawet nie moge polskich znakow uzywac. probowalem sciagnac HiJackThis ale wyskakuje kolejny komunikat ze przegladarka nie moze sie polaczyc z danym adresem (zalacznik nr 2), przeskanowalem kompa KIS raport w zalaczniku 3, obecnie skanuje komputer Malwarebytes Anti-Malware, ale to jeszcze potrwa.

prosze o jaka kolwiek pomoc.

1.jpg

2.jpg

kis.txt

post-3202-1238527666_thumb.jpg

post-3202-1238527686_thumb.jpg

kis.txt

Psycholandia
komentarz
komentarz

Daj loga z programu Combofix.

Rafał-85
komentarz
komentarz (edytowane)

oto logi z Malwarebytes, popoludniowy ktory cos wykryl i wieczorny "czysty"

mbam_log_2009_03_31__14_52_56_.txt

mbam_log_2009_03_31__22_36_26_.txt

za chwile postaram sie wkleic combofixa

combofix

ComboFix 09-03-31.01 - Laptop 2009-03-31 22:48:08.2 - NTFSx86

Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1250.1.1045.18.2046.1154 [GMT 2:00]

Uruchomiony z: D:\ComboFix.exe

AV: Kaspersky Internet Security *On-access scanning disabled* (Updated)

FW: Kaspersky Internet Security *disabled*

* Utworzono nowy punkt przywracania

.

((((((((((((((((((((((((( Pliki utworzone od 2009-02-28 do 2009-03-31 )))))))))))))))))))))))))))))))

.

2009-03-31 20:17 . 2009-03-31 20:19 <DIR> d-------- C:\Winamp

2009-03-31 20:15 . 2009-03-31 21:33 <DIR> d-------- C:\Default

2009-03-31 20:10 . 2009-03-31 20:11 <DIR> d-------- C:\Nowe Gadu-Gadu

2009-03-31 10:43 . 2009-03-31 10:48 <DIR> d-------- c:\users\Laptop\Tracing

2009-03-31 10:41 . 2009-03-31 10:41 <DIR> d-------- c:\program files\Microsoft Sync Framework

2009-03-31 10:41 . 2009-02-06 18:08 55,280 --a------ c:\windows\System32\drivers\fssfltr.sys

2009-03-31 10:40 . 2009-03-31 10:40 <DIR> d-------- c:\program files\Microsoft SQL Server Compact Edition

2009-03-31 10:40 . 2006-11-29 13:06 3,426,072 --a------ c:\windows\System32\d3dx9_32.dll

2009-03-31 10:39 . 2009-03-31 10:39 <DIR> d-------- c:\program files\Windows Live SkyDrive

2009-03-31 10:39 . 2009-03-31 10:41 <DIR> d-------- c:\program files\Windows Live

2009-03-31 10:08 . 2009-03-31 10:08 <DIR> d-------- c:\program files\Common Files\Windows Live

2009-03-29 19:14 . 2009-03-29 19:14 <DIR> d-------- c:\users\All Users\WindowsSearch

2009-03-29 19:14 . 2009-03-29 19:14 <DIR> d-------- c:\programdata\WindowsSearch

2009-03-24 23:16 . 2009-03-24 23:16 <DIR> d-------- c:\users\Laptop\AppData\Roaming\Thunderbird

2009-03-24 23:16 . 2009-03-24 23:16 <DIR> d-------- c:\program files\Mozilla Thunderbird 3 Beta 2

2009-03-23 21:48 . 2009-03-23 21:48 <DIR> d-------- c:\users\All Users\Real

2009-03-23 21:48 . 2009-03-23 21:48 <DIR> d-------- c:\program files\Real Alternative

2009-03-18 11:59 . 2009-03-23 12:02 <DIR> d-------- c:\users\Laptop\AppData\Roaming\Desktop Sidebar

2009-03-18 11:58 . 2009-03-18 11:58 <DIR> d-------- c:\program files\Desktop Sidebar

2009-03-11 16:00 . 2009-03-11 16:00 <DIR> d-------- c:\windows\System32\Adobe

2009-03-11 15:13 . 2009-03-11 15:13 <DIR> d-------- c:\users\All Users\Apple Computer

2009-03-11 15:13 . 2009-03-11 15:13 <DIR> d-------- c:\programdata\Apple Computer

2009-03-11 15:13 . 2009-03-11 15:13 <DIR> d-------- c:\program files\QuickTime

2009-03-10 22:24 . 2009-02-09 05:10 2,033,152 --a------ c:\windows\System32\win32k.sys

2009-03-10 22:24 . 2008-11-27 06:43 268,288 --a------ c:\windows\System32\schannel.dll

2009-03-10 18:11 . 2009-03-10 18:11 <DIR> d-------- c:\program files\Common Files\Adobe AIR

2009-03-10 18:11 . 2009-03-10 18:11 <DIR> d-------- c:\program files\Adobe Media Player

2009-03-02 15:36 . 2009-03-02 15:36 <DIR> d-------- c:\program files\PITy

2009-02-25 11:44 . 2008-12-16 05:29 8,147,456 --a------ c:\windows\System32\wmploc.DLL

2009-02-25 11:44 . 2008-12-16 07:31 7,680 --a------ c:\windows\System32\spwmp.dll

2009-02-25 11:44 . 2008-12-16 07:31 4,096 --a------ c:\windows\System32\msdxm.ocx

2009-02-25 11:44 . 2008-12-16 07:31 4,096 --a------ c:\windows\System32\dxmasf.dll

2009-02-24 13:53 . 2009-02-24 13:53 <DIR> d-------- c:\program files\Common Files\Skype

2009-02-24 13:38 . 2009-02-24 13:38 <DIR> d-------- c:\program files\MSECache

2009-02-24 13:20 . 2008-11-06 14:59 2,241,536 --a------ c:\windows\System32\msi.dll

2009-02-24 13:20 . 2008-11-06 14:59 332,800 --a------ c:\windows\System32\msihnd.dll

2009-02-24 13:20 . 2008-11-06 14:58 73,216 --a------ c:\windows\System32\msiexec.exe

2009-02-24 13:20 . 2008-11-06 14:59 16,384 --a------ c:\windows\System32\msisip.dll

2009-02-24 13:20 . 2008-11-06 12:39 2,560 --a------ c:\windows\System32\msimsg.dll

2009-02-23 23:23 . 2009-03-31 14:58 1,845 --a------ c:\windows\System32\%LocalXml%

2009-02-17 23:00 . 2009-02-17 23:00 <DIR> d-------- c:\users\All Users\Nokia

2009-02-17 23:00 . 2009-02-17 23:00 <DIR> d-------- c:\programdata\Nokia

2009-02-17 22:42 . 2009-02-17 22:42 0 --ah----- c:\windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf

2009-02-17 22:42 . 2009-02-17 22:42 0 --ah----- c:\windows\System32\drivers\Msft_Kernel_ccdcmb_01007.Wdf

2009-02-17 22:40 . 2009-02-17 22:40 <DIR> d-------- c:\program files\Common Files\PCSuite

2009-02-17 22:40 . 2009-03-16 23:10 <DIR> d-------- c:\program files\Common Files\Nokia

2009-02-17 22:40 . 2008-08-26 10:26 18,816 --a------ c:\windows\System32\drivers\pccsmcfd.sys

2009-02-17 22:38 . 2009-02-17 22:38 <DIR> d-------- c:\program files\PC Connectivity Solution

2009-02-17 22:36 . 2009-03-16 23:10 <DIR> d-------- c:\program files\Nokia

2009-02-15 22:52 . 2009-02-15 23:08 101,287 --a------ c:\windows\System32\drivers\klin.dat

2009-02-15 22:52 . 2009-02-15 23:08 89,601 --a------ c:\windows\System32\drivers\klick.dat

2009-02-15 22:51 . 2009-03-31 20:35 <DIR> d-------- c:\users\All Users\Kaspersky Lab

2009-02-15 22:51 . 2009-03-31 20:35 <DIR> d-------- c:\programdata\Kaspersky Lab

2009-02-15 22:51 . 2009-02-15 22:51 <DIR> d-------- c:\program files\Kaspersky Lab

2009-02-15 22:51 . 2009-03-31 20:32 3,225,632 --ahs---- c:\windows\System32\drivers\fidbox.dat

2009-02-15 22:51 . 2009-03-31 22:46 614,432 --ahs---- c:\windows\System32\drivers\fidbox2.dat

2009-02-15 22:51 . 2009-03-31 20:32 28,376 --ahs---- c:\windows\System32\drivers\fidbox.idx

2009-02-15 22:51 . 2009-03-31 22:46 5,276 --ahs---- c:\windows\System32\drivers\fidbox2.idx

2009-02-15 22:44 . 2009-02-15 22:44 <DIR> d-------- c:\users\All Users\Kaspersky Lab Setup Files

2009-02-15 22:44 . 2009-02-15 22:44 <DIR> d-------- c:\programdata\Kaspersky Lab Setup Files

2009-02-11 21:42 . 2008-12-05 06:32 428,544 --a------ c:\windows\System32\EncDec.dll

2009-02-11 21:42 . 2008-12-05 06:32 293,376 --a------ c:\windows\System32\psisdecd.dll

2009-02-11 21:42 . 2008-12-05 06:31 217,088 --a------ c:\windows\System32\psisrndr.ax

2009-02-11 21:42 . 2008-12-05 06:31 177,664 --a------ c:\windows\System32\mpg2splt.ax

2009-02-11 21:42 . 2008-12-05 06:31 80,896 --a------ c:\windows\System32\MSNP.ax

2009-02-06 19:57 . 2009-02-06 19:57 308,104 --a------ c:\windows\WLXPGSS.SCR

2009-02-06 18:52 . 2009-02-06 18:52 49,504 --a------ c:\windows\System32\sirenacm.dll

2009-02-06 14:09 . 2009-02-06 14:09 0 --ah----- c:\windows\System32\drivers\Msft_User_PCCSWpdDriver_01_05_00.Wdf

2009-02-06 14:04 . 2009-02-06 14:09 <DIR> d-------- c:\users\Laptop\AppData\Roaming\PC Suite

2009-02-06 14:04 . 2009-02-17 22:47 <DIR> d-------- c:\users\Laptop\AppData\Roaming\Nokia

2009-02-06 14:04 . 2009-02-06 14:09 <DIR> d-------- c:\users\All Users\PC Suite

2009-02-06 14:04 . 2009-02-06 14:09 <DIR> d-------- c:\programdata\PC Suite

2009-02-06 14:02 . 2009-03-31 10:41 <DIR> d----c--- c:\windows\System32\DRVSTORE

2009-02-06 14:02 . 2009-02-06 14:02 <DIR> d-------- c:\program files\DIFX

2009-02-06 14:00 . 2008-02-01 16:17 90,624 --a------ c:\windows\System32\nmwcdcls.dll

2009-02-06 13:48 . 2009-03-16 23:09 <DIR> d-------- c:\users\All Users\Installations

2009-02-06 13:48 . 2009-03-16 23:09 <DIR> d-------- c:\programdata\Installations

2009-02-05 20:39 . 2009-02-05 20:39 17,064 --a------ c:\windows\System32\drivers\SiWinAcc.sys

2009-02-05 20:39 . 2009-02-05 20:39 12,200 --a------ c:\windows\System32\drivers\SiRemFil.sys

2009-02-05 20:38 . 2009-02-05 20:38 212,520 --a------ c:\windows\System32\drivers\Si3531.sys

.

(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-03-31 20:10 --------- d-----w c:\program files\Lx_cats

2009-03-31 18:32 --------- d-----w c:\users\Laptop\AppData\Roaming\Winamp

2009-03-31 18:32 --------- d-----w c:\programdata\HP Product Assistant

2009-03-31 18:32 --------- d-----w c:\program files\Unlocker

2009-03-31 18:32 --------- d-----w c:\program files\Malwarebytes' Anti-Malware

2009-03-31 18:32 --------- d-----w c:\program files\CCleaner

2009-03-31 08:39 --------- d-----w c:\program files\Microsoft

2009-03-26 14:49 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys

2009-03-26 14:49 15,504 ----a-w c:\windows\system32\drivers\mbam.sys

2009-03-22 20:01 --------- d-----w c:\program files\Winamp

2009-03-18 15:30 --------- d-----w c:\users\Laptop\AppData\Roaming\skypePM

2009-03-18 15:30 --------- d-----w c:\users\Laptop\AppData\Roaming\Skype

2009-03-17 20:26 --------- d-----w c:\program files\Common Files\Adobe

2009-03-16 20:58 91,614 ----a-w c:\users\Laptop\AppData\Roaming\nvModes.dat

2009-03-10 20:28 --------- d-----w c:\program files\Windows Mail

2009-03-08 11:34 914,944 ----a-w c:\windows\System32\wininet.dll

2009-03-08 11:34 43,008 ----a-w c:\windows\System32\licmgr10.dll

2009-03-08 11:33 420,352 ----a-w c:\windows\System32\vbscript.dll

2009-03-08 11:33 18,944 ----a-w c:\windows\System32\corpol.dll

2009-03-08 11:33 132,608 ----a-w c:\windows\System32\ieUnatt.exe

2009-03-08 11:33 109,568 ----a-w c:\windows\System32\PDMSetup.exe

2009-03-08 11:33 109,056 ----a-w c:\windows\System32\iesysprep.dll

2009-03-08 11:33 107,520 ----a-w c:\windows\System32\RegisterIEPKEYs.exe

2009-03-08 11:33 107,008 ----a-w c:\windows\System32\SetIEInstalledDate.exe

2009-03-08 11:33 103,936 ----a-w c:\windows\System32\SetDepNx.exe

2009-03-08 11:32 72,704 ----a-w c:\windows\System32\admparse.dll

2009-03-08 11:32 71,680 ----a-w c:\windows\System32\iesetup.dll

2009-03-08 11:32 66,560 ----a-w c:\windows\System32\wextract.exe

2009-03-08 11:32 169,472 ----a-w c:\windows\System32\iexpress.exe

2009-03-08 11:31 48,128 ----a-w c:\windows\System32\mshtmler.dll

2009-03-08 11:31 45,568 ----a-w c:\windows\System32\mshta.exe

2009-03-08 11:31 34,816 ----a-w c:\windows\System32\imgutil.dll

2009-03-08 11:22 156,160 ----a-w c:\windows\System32\msls31.dll

2009-03-05 19:51 --------- d-----w c:\program files\Opera

2009-03-02 22:12 --------- d-----w c:\program files\Google

2009-03-02 15:02 615,424 ----a-w c:\windows\System32\themeui.dll

2009-03-02 15:02 240,128 ----a-w c:\windows\System32\uxtheme.dll

2009-02-26 19:12 --------- d-----w c:\program files\Microsoft Silverlight

2009-02-24 11:53 --------- d-----w c:\programdata\Skype

2009-02-24 11:53 --------- d-----r c:\program files\Skype

2009-02-24 11:38 --------- d-----w c:\program files\Microsoft Works

2009-02-16 18:58 --------- d-----w c:\users\Laptop\AppData\Roaming\BESTplayer

2009-02-15 21:08 33,808 ----a-w c:\windows\system32\drivers\klbg.sys

2009-02-15 20:46 --------- d-----w c:\programdata\Spybot - Search & Destroy

2009-02-15 20:46 --------- d-----w c:\program files\Spybot - Search & Destroy

2009-02-15 14:09 22,328 ----a-w c:\windows\system32\drivers\PnkBstrK.sys

2009-02-15 14:09 103,736 ----a-w c:\windows\System32\PnkBstrB.exe

2009-02-09 22:35 --------- d-----w c:\program files\Nowe Gadu-Gadu

2009-02-06 13:53 --------- d-----w c:\program files\IEPro

2009-02-05 18:38 119,848 ----a-w c:\windows\System32\SilSupp.dll

2009-01-26 20:03 66,872 ----a-w c:\windows\System32\PnkBstrA.exe

2009-01-04 18:02 410,984 ----a-w c:\windows\System32\deploytk.dll

2008-07-09 21:35 56 ---ha-w c:\users\All Users\ezsidmv.dat

2008-07-09 21:35 56 ---ha-w c:\programdata\ezsidmv.dat

2008-01-21 02:43 174 --sha-w c:\program files\desktop.ini

2007-08-12 11:07 557,056 ----a-w c:\program files\lame.exe

2007-08-12 09:26 88,727 ----a-w c:\program files\history.html

2007-06-28 14:41 4,071 ----a-w c:\program files\contributors.html

2007-05-25 13:04 8,074 ----a-w c:\program files\id3.html

2007-05-25 13:04 2,218 ----a-w c:\program files\index.html

2006-04-29 18:46 179 ----a-w c:\program files\Free-Codecs.txt

2005-08-22 10:29 49,511 ----a-w c:\program files\switchs.html

2005-08-09 06:25 4,922 ----a-w c:\program files\basic.html

2005-08-09 06:25 1,705 ----a-w c:\program files\examples.html

2005-07-28 05:11 3,102 ----a-w c:\program files\presets.html

2004-08-27 05:03 2,288 ----a-w c:\program files\modes.html

2001-10-24 11:44 6,967 ----a-w c:\program files\node6.html

2000-12-03 22:00 732 ----a-w c:\program files\lame.css

.

((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Nowe Gadu-Gadu"="c:\program files\Nowe Gadu-Gadu\gg.exe" [2009-02-27 9339496]

"Google Update"="c:\users\Laptop\AppData\Local\Google\Update\GoogleUpdate.exe" [2008-12-30 133104]

"eMuleAutoStart"="f:\emule\emule.exe" [2009-02-22 5668864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"OSD"="c:\program files\C&E\OSD\osd.exe" [2007-07-10 557056]

"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-02-12 174872]

"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-05-22 86016]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-05-22 8433664]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-05-22 81920]

"LXCCCATS"="c:\windows\system32\spool\DRIVERS\W32X86\3\LXCCtime.dll" [2007-02-22 73728]

"lxccmon.exe"="c:\program files\Lexmark 3300 Series\lxccmon.exe" [2007-05-11 205744]

"EzPrint"="c:\program files\Lexmark 3300 Series\ezprint.exe" [2007-05-11 103344]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152]

"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-04 136600]

"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2009-02-15 206088]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]

"WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-03-09 37888]

"RtHDVCpl"="RtHDVCpl.exe" [2007-05-10 c:\windows\RtHDVCpl.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\progra~1\KASPER~1\KASPER~1\mzvkbd.dll c:\progra~1\KASPER~1\KASPER~1\mzvkbd3.dll c:\progra~1\KASPER~1\KASPER~1\adialhk.dll c:\progra~1\KASPER~1\KASPER~1\kloehk.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"vidc.i420"= i420vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

--a------ 2006-12-23 19:05 143360 c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

--a------ 2006-01-12 16:40 155648 c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]

--a------ 2006-11-22 11:31 630784 c:\program files\Motorola\SMSERIAL\sm56hlpr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]

--a------ 2008-01-21 04:23 1008184 c:\program files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2086174230-4289690797-2513951421-1000]

"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"TCP Query User{386E2864-7A76-493A-881E-6737B38614CA}c:\\program files\\skype\\phone\\skype.exe"= UDP:c:\program files\skype\phone\skype.exe:Onet.pl - Skype

"UDP Query User{00C8230F-1770-40C9-8A41-602FF7907947}c:\\program files\\skype\\phone\\skype.exe"= TCP:c:\program files\skype\phone\skype.exe:Onet.pl - Skype

"TCP Query User{52C7F2BB-2BD0-4907-9A40-82E301803BB0}f:\\emule\\emule.exe"= UDP:f:\emule\emule.exe:eMule

"UDP Query User{CA5074AB-68C8-4AF7-8D20-9DE78E7DABFC}f:\\emule\\emule.exe"= TCP:f:\emule\emule.exe:eMule

"{8E2215DF-3929-438D-BFF9-BECD09ACB510}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\lxccpswx.exe:Printer Status Window

"{5D0C88CC-5BF2-40B5-BDEF-A08F27BA68AC}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\lxccpswx.exe:Printer Status Window

"{3239DDAF-8E60-4875-83DC-EFF6583CCF42}"= UDP:c:\program files\Winamp Remote\bin\Orb.exe:Orb

"{3F0806F9-78B3-42E7-B8FC-B10BB94E6795}"= TCP:c:\program files\Winamp Remote\bin\Orb.exe:Orb

"{0AA606EF-4E84-4626-A83D-DBBAAA74BE9E}"= UDP:c:\program files\Winamp Remote\bin\OrbTray.exe:OrbTray

"{9EEE64DB-2140-4B6F-9ED1-C8C0AB997CA6}"= TCP:c:\program files\Winamp Remote\bin\OrbTray.exe:OrbTray

"{9C1B5F97-A64B-42BB-B7F8-3AD571C9217C}"= UDP:c:\program files\Winamp Remote\bin\OrbIR.exe:OrbIR

"{C8548B7C-2FC7-49FF-9244-025E307E9340}"= TCP:c:\program files\Winamp Remote\bin\OrbIR.exe:OrbIR

"{69ED2C58-2C25-488D-82D9-DC0D8C71A230}"= UDP:c:\program files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client

"{190BACC0-C531-44FD-AA94-6BF5D2ED26BC}"= TCP:c:\program files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client

"TCP Query User{286B635F-8FD2-4E73-B23D-49C259755927}c:\\program files\\nowe gadu-gadu\\gg.exe"= UDP:c:\program files\nowe gadu-gadu\gg.exe:Nowe Gadu-Gadu beta

"UDP Query User{FD867EBD-3298-4C57-B575-B4E37B088E63}c:\\program files\\nowe gadu-gadu\\gg.exe"= TCP:c:\program files\nowe gadu-gadu\gg.exe:Nowe Gadu-Gadu beta

"TCP Query User{69111F47-66E1-492B-83A5-1A53F7881DE6}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer

"UDP Query User{615EF356-1308-4137-AB6A-C79D284B24FC}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer

"{260A6843-7E36-483B-BE92-BEC06DE8F7CE}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{9890E7EA-2BFF-420A-9E27-9E735220F8DE}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{3C98D4D6-2A27-4D74-B81B-A3344C4747F8}"= c:\program files\Skype\Phone\Skype.exe:Skype

"{491E7840-6121-4AED-8717-26EC169FFEA6}"= UDP:c:\windows\System32\lxcccoms.exe:Lexmark Communications System

"{9F6D51A8-4E7A-4D87-AA41-3C21BDE12BBF}"= TCP:c:\windows\System32\lxcccoms.exe:Lexmark Communications System

"{56A4266E-9D94-45C6-84A9-63A2FE79CE59}"= Disabled:UDP:e:\setup\HPZNUI01.EXE:hpznui01.exe

"{187F11DE-7D1B-4C3C-9ACC-9C4D26D53484}"= Disabled:TCP:e:\setup\HPZNUI01.EXE:hpznui01.exe

"{AD37D949-D65E-4638-A34B-3A87B5E05E93}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpqtra08.exe:hpqtra08.exe

"{DA778BCD-FA86-401D-B0F6-7704F020174A}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpqtra08.exe:hpqtra08.exe

"{FD7D6657-BBF2-4DEC-9CA2-E06B4C6DB2A9}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpqste08.exe:hpqste08.exe

"{5F46B7DE-9D18-4CE9-9C64-F26409AFC333}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpqste08.exe:hpqste08.exe

"{BB6E38CE-8B14-4841-85E1-1CBABD86B25E}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpofxm08.exe:hpofxm08.exe

"{964C0714-A8A2-409E-A9EB-13BDB592C6A7}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpofxm08.exe:hpofxm08.exe

"{BFF30B9C-3D09-47C1-B0C4-07CF4D3D1EE4}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hposfx08.exe:hposfx08.exe

"{6C89C5DB-712A-4CBC-B9BE-EFA6186D0B61}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hposfx08.exe:hposfx08.exe

"{48138B62-DD57-4434-AC33-7EFFA35A5783}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hposid01.exe:hposid01.exe

"{3A69EA76-C469-4A25-80AE-96A95C6D7F20}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hposid01.exe:hposid01.exe

"{46C63F37-FFD6-40BE-99BF-3ABF220F45CE}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpqkygrp.exe:hpqkygrp.exe

"{F1035169-11AA-4A41-AC6B-F1F48740C16C}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpqkygrp.exe:hpqkygrp.exe

"{8FE3FC4B-71F6-463F-9D1F-763C0844EAD9}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpzwiz01.exe:hpzwiz01.exe

"{00B5B898-0615-4073-B554-94F817D71682}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpzwiz01.exe:hpzwiz01.exe

"TCP Query User{2767DDDA-C606-4070-A04B-423FF65A3029}c:\\program files\\common files\\ahead\\nero web\\setupx.exe"= UDP:c:\program files\common files\ahead\nero web\setupx.exe:MSI starter

"UDP Query User{45F7C29F-7D48-4F45-A26C-B66A32480A54}c:\\program files\\common files\\ahead\\nero web\\setupx.exe"= TCP:c:\program files\common files\ahead\nero web\setupx.exe:MSI starter

"TCP Query User{A7A25341-866A-4BBB-B709-006B1EB44AC7}c:\\users\\laptop\\appdata\\local\\temp\\nero web\\setupxu.exe"= UDP:c:\users\laptop\appdata\local\temp\nero web\setupxu.exe:setupxu.exe

"UDP Query User{32844D74-0933-4372-AC4E-0245A2DD39C3}c:\\users\\laptop\\appdata\\local\\temp\\nero web\\setupxu.exe"= TCP:c:\users\laptop\appdata\local\temp\nero web\setupxu.exe:setupxu.exe

"{EDB24A59-2CBE-453F-8CD8-F001A349D390}"= UDP:c:\program files\ALLPlayer\ALLPlayer.exe:ALLPlayer V3.6

"{71C8888F-189E-4EEF-9440-DC47CD058005}"= TCP:c:\program files\ALLPlayer\ALLPlayer.exe:ALLPlayer V3.6

"TCP Query User{5009CEDA-38E4-4810-B9B8-B8FED604F0A3}c:\\program files\\ipla\\ipla.exe"= Disabled:UDP:c:\program files\ipla\ipla.exe:ipla

"UDP Query User{0679F1E3-FF97-43EC-921D-DBEF310C3739}c:\\program files\\ipla\\ipla.exe"= Disabled:TCP:c:\program files\ipla\ipla.exe:ipla

"{92A77583-BDB9-4466-959B-D67F93C5D280}"= UDP:d:\dokumenty\SKRÓTY\BESTplayer.exe:BESTplayer

"{5DCAC31D-1200-4BE2-B267-832D7FB916D5}"= TCP:d:\dokumenty\SKRÓTY\BESTplayer.exe:BESTplayer

"TCP Query User{A8DCA954-131D-4318-84A7-4BA5F836C548}c:\\program files\\common files\\nokia\\service layer\\a\\nsl_host_process.exe"= UDP:c:\program files\common files\nokia\service layer\a\nsl_host_process.exe:Nokia Service Layer Host Process

"UDP Query User{FDFF216A-C11F-4A44-A740-82C337A8FE39}c:\\program files\\common files\\nokia\\service layer\\a\\nsl_host_process.exe"= TCP:c:\program files\common files\nokia\service layer\a\nsl_host_process.exe:Nokia Service Layer Host Process

"TCP Query User{7CC2DE6C-CB2F-4042-B1DC-5108C4FD5468}c:\\program files\\nokia\\nokia software updater\\nsu_ui_client.exe"= UDP:c:\program files\nokia\nokia software updater\nsu_ui_client.exe:Nokia Software Updater

"UDP Query User{F8263D1F-9B0D-424F-BD17-2F198A665650}c:\\program files\\nokia\\nokia software updater\\nsu_ui_client.exe"= TCP:c:\program files\nokia\nokia software updater\nsu_ui_client.exe:Nokia Software Updater

"{95CEDC89-82F3-424C-BE48-B3453D508566}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]

"DoNotAllowExceptions"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]

"c:\\Program Files\\IEPro\\MiniDM.exe"= c:\program files\IEPro\MiniDM.exe:*:Enabled:MiniDM

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\System32\drivers\klbg.sys [2008-01-29 33808]

R0 Si3531;SiI-3531 SATA Controller;c:\windows\System32\drivers\Si3531.sys [2009-02-05 212520]

R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\System32\drivers\klim6.sys [2008-07-09 20496]

R2 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]

R3 itecir;ITECIR Infrared Receiver;c:\windows\System32\drivers\itecir.sys [2008-07-03 46592]

R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\System32\drivers\klfltdev.sys [2008-03-13 26640]

S2 ELOADER;General Purpose USB Driver (adildr.sys);c:\windows\System32\drivers\adildr.sys [2008-07-04 56088]

S3 BthAvrcp;Profil AVRCP Bluetooth;c:\windows\System32\drivers\BthAvrcp.sys [2008-07-10 15872]

S3 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [2009-03-31 55280]

S3 fsssvc;Bezpieczeństwo rodzinne usługi Windows Live;c:\program files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360]

S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\System32\drivers\nmwcdnsu.sys [2008-02-01 138112]

S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\System32\drivers\nmwcdnsuc.sys [2008-02-01 8320]

S3 WSDPrintDevice;Obsługa drukowania WSD za pośrednictwem bloku pamięci górnej;c:\windows\System32\drivers\WSDPrint.sys [2008-01-21 16896]

--- Inne Usługi/Sterowniki w Pamięci ---

*NewlyCreated* - MBAMSWISSARMY

*Deregistered* - MBAMSwissArmy

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

bthsvcs REG_MULTI_SZ BthServ

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

HPService REG_MULTI_SZ HPSLPSVC

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{76383969-fe7a-11dd-8069-b436a4003508}]

\shell\AutoRun\command - G:\AutoRun.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]

"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

.

Zawartość folderu 'Zaplanowane zadania'

2009-03-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2086174230-4289690797-2513951421-1000.job

- c:\users\Laptop\AppData\Local\Google\Update\GoogleUpdate.exe [2008-12-30 21:11]

2009-03-31 c:\windows\Tasks\User_Feed_Synchronization-{468D4863-301B-45D7-B757-1A9A8FC3EEAD}.job

- c:\windows\system32\msfeedssync.exe [2009-03-08 13:31]

.

.

------- Skan uzupełniający -------

.

uStart Page = hxxp://www.onet.pl/

IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

IE: {{000002a3-84fe-43f1-b958-f2c3ca804f1a} - {CD275D4E-791A-4993-9D4D-6A071EDD2709} - c:\program files\IEPro\iepro.dll

TCP: {17FE983C-3C50-4B2E-8E09-EAFD8B44B768} = 194.204.159.1 217.98.63.164

DPF: {1E53EA77-34F2-474E-9046-B2B0C86F1821} - hxxp://www.eska.pl/streamplayers/OggX.ocx

FF - ProfilePath - c:\users\Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\kf671xau.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.onet.pl/

FF - component: c:\program files\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll

FF - plugin: c:\program files\K-Lite Codec Pack\Media Player Classic\Netscape6\nppl3260.dll

FF - plugin: c:\program files\K-Lite Codec Pack\Media Player Classic\Netscape6\nprjplug.dll

FF - plugin: c:\program files\K-Lite Codec Pack\Media Player Classic\Netscape6\nprpjplug.dll

FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll

FF - plugin: c:\program files\Opera\program\plugins\nppl3260.dll

FF - plugin: c:\program files\Opera\program\plugins\nprpjplug.dll

FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: c:\users\Laptop\AppData\Local\Google\Update\1.2.141.5\npGoogleOneClick7.dll

.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-03-31 22:50:56

Windows 6.0.6001 Service Pack 1 NTFS

skanowanie ukrytych procesów ...

skanowanie ukrytych wpisów autostartu ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

LXCCCATS = rundll32 c:\windows\system32\spool\DRIVERS\W32X86\3\LXCCtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

skanowanie ukrytych plików ...

skanowanie pomyślnie ukończone

ukryte pliki: 0

**************************************************************************

.

Czas ukończenia: 2009-03-31 22:54:09

ComboFix-quarantined-files.txt 2009-03-31 20:54:06

Przed: 14 426 644 480 bajtów wolnych

Po: 16,182,116,352 bajtów wolnych

Current=1 Default=1 Failed=0 LastKnownGood=10 Sets=1,2,3,4,5,6,7,8,9,10

335 --- E O F --- 2009-03-31 08:43:51

log hijachthis

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 23:01:50, on 2009-03-31

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe

C:\Windows\system32\spool\DRIVERS\W32X86\3\lxccjswx.exe

C:\Windows\system32\conime.exe

C:\Windows\Explorer.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\Windows\system32\SearchFilterHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: Idea2 SidebarBrowserMonitor Class - {45AD732C-2CE2-4666-B366-B2214AD57A49} - C:\Program Files\Desktop Sidebar\sbhelp.dll

O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: Pomocnik rejestracji usługi Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [OSD] C:\Program Files\C&E\OSD\osd.exe

O4 - HKLM\..\Run: [iAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"

O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [LXCCCATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\LXCCtime.dll,_RunDLLEntry@16

O4 - HKLM\..\Run: [lxccmon.exe] "C:\Program Files\Lexmark 3300 Series\lxccmon.exe"

O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 3300 Series\ezprint.exe"

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"

O4 - HKCU\..\Run: [Nowe Gadu-Gadu] "C:\Program Files\Nowe Gadu-Gadu\gg.exe"

O4 - HKCU\..\Run: [Google Update] "C:\Users\Laptop\AppData\Local\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [eMuleAutoStart] F:\eMule\emule.exe -AutoStart

O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O9 - Extra button: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll

O9 - Extra 'Tools' menuitem: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll

O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll

O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll

O9 - Extra button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll

O9 - Extra 'Tools' menuitem: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll

O9 - Extra button: Statystyki ochrony WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll

O9 - Extra button: Wpis w blogu - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Wpis w blogu w Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O9 - Extra button: Zaznaczanie HP Smart - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O13 - Gopher Prefix:

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab

O16 - DPF: {1E53EA77-34F2-474E-9046-B2B0C86F1821} (OggX Control) - http://www.eska.pl/streamplayers/OggX.ocx

O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1223054121928

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1223054797661

O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) - http://bok.plusgsm.pl/rnt/rnl/java/RntX.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{17FE983C-3C50-4B2E-8E09-EAFD8B44B768}: NameServer = 194.204.159.1 217.98.63.164

O17 - HKLM\System\CS1\Services\Tcpip\..\{17FE983C-3C50-4B2E-8E09-EAFD8B44B768}: NameServer = 194.204.159.1 217.98.63.164

O17 - HKLM\System\CS3\Services\Tcpip\..\{17FE983C-3C50-4B2E-8E09-EAFD8B44B768}: NameServer = 194.204.159.1 217.98.63.164

O17 - HKLM\System\CS5\Services\Tcpip\..\{17FE983C-3C50-4B2E-8E09-EAFD8B44B768}: NameServer = 194.204.159.1 217.98.63.164

O17 - HKLM\System\CS6\Services\Tcpip\..\{17FE983C-3C50-4B2E-8E09-EAFD8B44B768}: NameServer = 194.204.159.1 217.98.63.164

O17 - HKLM\System\CS8\Services\Tcpip\..\{17FE983C-3C50-4B2E-8E09-EAFD8B44B768}: NameServer = 194.204.159.1 217.98.63.164

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll

O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: lxcc_device - - C:\Windows\system32\lxcccoms.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--

End of file - 9816 bytes

log silent runners

"Silent Runners.vbs", revision 59, http://www.silentrunners.org/

Operating System: Windows Vista

Output limited to non-default values, except where indicated by "{++}"

Startup items buried in registry:

---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}

"Nowe Gadu-Gadu" = ""C:\Program Files\Nowe Gadu-Gadu\gg.exe"" ["GG Network S.A."]

"Google Update" = ""C:\Users\Laptop\AppData\Local\Google\Update\GoogleUpdate.exe" /c" ["Google Inc."]

"eMuleAutoStart" = "F:\eMule\emule.exe -AutoStart" ["http://www.emule-project.net]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}

"RtHDVCpl" = "RtHDVCpl.exe" ["Realtek Semiconductor"]

"OSD" = "C:\Program Files\C&E\OSD\osd.exe" ["C&E"]

"IAAnotif" = ""C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"" ["Intel Corporation"]

"NvSvc" = "RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart" [MS]

"NvCplDaemon" = "RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup" [MS]

"NvMediaCenter" = "RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit" [MS]

"LXCCCATS" = "rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\LXCCtime.dll,_RunDLLEntry@16" [MS]

"lxccmon.exe" = ""C:\Program Files\Lexmark 3300 Series\lxccmon.exe"" ["Lexmark International, Inc."]

"EzPrint" = ""C:\Program Files\Lexmark 3300 Series\ezprint.exe"" ["Lexmark International Inc."]

"HP Software Update" = "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" ["Hewlett-Packard"]

"NeroFilterCheck" = "C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" ["Nero AG"]

"SunJavaUpdateSched" = ""C:\Program Files\Java\jre6\bin\jusched.exe"" ["Sun Microsystems, Inc."]

"AVP" = ""C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"" ["Kaspersky Lab"]

"QuickTime Task" = ""C:\Program Files\QuickTime\QTTask.exe" -atboottime" ["Apple Inc."]

"Adobe Reader Speed Launcher" = ""C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"" ["Adobe Systems Incorporated"]

"WinampAgent" = ""C:\Program Files\Winamp\winampa.exe"" [null data]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{00011268-E188-40DF-A514-835FCD78B1BF}\(Default) = "IE7Pro"

-> {HKLM...CLSID} = "IE7Pro BHO"

\InProcServer32\(Default) = "C:\Program Files\IEPro\iepro.dll" ["IE7Pro.com"]

{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\(Default) = "AcroIEHelperStub"

-> {HKLM...CLSID} = "Adobe PDF Link Helper"

\InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll" ["Adobe Systems Incorporated"]

{22BF413B-C6D2-4d91-82A9-A0F997BA588C}\(Default) = "Skype add-on (mastermind)"

-> {HKLM...CLSID} = "Skype add-on (mastermind)"

\InProcServer32\(Default) = "C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll" ["Skype Technologies S.A."]

{45AD732C-2CE2-4666-B366-B2214AD57A49}\(Default) = "Idea2 SidebarBrowserMonitor Class"

-> {HKLM...CLSID} = "Idea2 SidebarBrowserMonitor Class"

\InProcServer32\(Default) = "C:\Program Files\Desktop Sidebar\sbhelp.dll" ["Idea2"]

{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}\(Default) = "IEVkbdBHO"

-> {HKLM...CLSID} = "IEVkbdBHO Class"

\InProcServer32\(Default) = "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll" ["Kaspersky Lab"]

{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}\(Default) = "Search Helper"

-> {HKLM...CLSID} = "Search Helper"

\InProcServer32\(Default) = "C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll" [MS]

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)

-> {HKLM...CLSID} = "SSVHelper Class"

\InProcServer32\(Default) = "C:\Program Files\Java\jre6\bin\ssv.dll" ["Sun Microsystems, Inc."]

{9030D464-4C02-4ABF-8ECC-5164760863C6}\(Default) = (no title provided)

-> {HKLM...CLSID} = "Pomocnik rejestracji usługi Windows Live"

\InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll" [MS]

{DBC80044-A445-435b-BC74-9C25C1C588A9}\(Default) = (no title provided)

-> {HKLM...CLSID} = "Java Plug-In 2 SSV Helper"

\InProcServer32\(Default) = "C:\Program Files\Java\jre6\bin\jp2ssv.dll" ["Sun Microsystems, Inc."]

{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}\(Default) = (no title provided)

-> {HKLM...CLSID} = "Windows Live Toolbar Helper"

\InProcServer32\(Default) = "C:\Program Files\Windows Live\Toolbar\wltcore.dll" [MS]

{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}\(Default) = "HP Smart BHO Class"

-> {HKLM...CLSID} = "HP Smart BHO Class"

\InProcServer32\(Default) = "C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll" ["Hewlett-Packard Co."]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"

-> {HKLM...CLSID} = "DesktopContext Class"

\InProcServer32\(Default) = "C:\Windows\system32\nvcpl.dll" ["NVIDIA Corporation"]

"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"

-> {HKLM...CLSID} = "NVIDIA CPL Extension"

\InProcServer32\(Default) = "C:\Windows\system32\nvcpl.dll" ["NVIDIA Corporation"]

"{B327765E-D724-4347-8B16-78AE18552FC3}" = "NeroDigitalIconHandler"

-> {HKLM...CLSID} = "NeroDigitalIconHandler Class"

\InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]

"{7F1CF152-04F8-453A-B34C-E609530A9DC8}" = "NeroDigitalPropSheetHandler"

-> {HKLM...CLSID} = "NeroDigitalPropSheetHandler Class"

\InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]

"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"

-> {HKLM...CLSID} = "RealOne Player Context Menu Class"

\InProcServer32\(Default) = "C:\Program Files\K-Lite Codec Pack\Media Player Classic\rpshell.dll" ["RealNetworks, Inc."]

"{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}" = "UnlockerShellExtension"

-> {HKLM...CLSID} = "UnlockerShellExtension"

\InProcServer32\(Default) = "C:\Program Files\Unlocker\UnlockerCOM.dll" [null data]

"{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" = "OpenOffice.org Column Handler"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = ""C:\Program Files\OpenOffice.ux.pl 3\Basis\program\shlxthdl\shlxthdl.dll"" ["Sun Microsystems, Inc."]

"{087B3AE3-E237-4467-B8DB-5A38AB959AC9}" = "OpenOffice.org Infotip Handler"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = ""C:\Program Files\OpenOffice.ux.pl 3\Basis\program\shlxthdl\shlxthdl.dll"" ["Sun Microsystems, Inc."]

"{63542C48-9552-494A-84F7-73AA6A7C99C1}" = "OpenOffice.org Property Sheet Handler"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = ""C:\Program Files\OpenOffice.ux.pl 3\Basis\program\shlxthdl\shlxthdl.dll"" ["Sun Microsystems, Inc."]

"{3B092F0C-7696-40E3-A80F-68D74DA84210}" = "OpenOffice.org Thumbnail Viewer"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = ""C:\Program Files\OpenOffice.ux.pl 3\Basis\program\shlxthdl\shlxthdl.dll"" ["Sun Microsystems, Inc."]

"{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97}" = "Microsoft Office Thumbnail Handler"

-> {HKLM...CLSID} = "Microsoft Office Thumbnail Handler"

\InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS]

"{993BE281-6695-4BA5-8A2A-7AACBFAAB69E}" = "Microsoft Office Metadata Handler"

-> {HKLM...CLSID} = "Microsoft Office Metadata Handler"

\InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS]

"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\msohevi.dll" [MS]

"{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C}" = "Microsoft Office OneNote Namespace Extension for Windows Desktop Search"

-> {HKLM...CLSID} = "Microsoft Office OneNote Namespace Extension for Windows Desktop Search"

\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\Office12\ONFILTER.DLL" [MS]

"{85E0B171-04FA-11D1-B7DA-00A0C90348D6}" = "Statystyki ochrony WWW"

-> {HKLM...CLSID} = "Statystyki ochrony WWW"

\InProcServer32\(Default) = "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll" ["Kaspersky Lab"]

"{416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A}" = "Nokia Phone Browser"

-> {HKLM...CLSID} = "Nokia Phone Browser"

\InProcServer32\(Default) = "C:\Program Files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll" ["Nokia"]

"{F2185E5D-720E-4956-90D9-75F6AC141575}" = "Idea2 SidebarIconHandler Class"

-> {HKLM...CLSID} = "SidebarIconHandler Class"

\InProcServer32\(Default) = "C:\Program Files\Desktop Sidebar\sbhelp.dll" ["Idea2"]

"{11016101-E366-4D22-BC06-4ADA335C892B}" = "IE History and Feeds Shell Data Source for Windows Search"

-> {HKLM...CLSID} = "IE History and Feeds Shell Data Source for Windows Search"

\InProcServer32\(Default) = "C:\Windows\System32\ieframe.dll" [MS]

"{0563DB41-F538-4B37-A92D-4659049B7766}" = "WLMD Message Handler"

-> {HKLM...CLSID} = "CLSID_WLMCMimeFilter"

\InProcServer32\(Default) = "C:\Program Files\Windows Live\Mail\mailcomm.dll" [MS]

"{00F33137-EE26-412F-8D71-F84E4C2C6625}" = (no title provided)

-> {HKLM...CLSID} = "Windows Live Photo Gallery Viewer Autoplay Shim"

\InProcServer32\(Default) = "C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll" [MS]

"{00F346CB-35A4-465B-8B8F-65A29DBAB1F6}" = "Windows Live Photo Gallery Viewer Drop Target Shim"

-> {HKLM...CLSID} = "Windows Live Photo Gallery Viewer Shim"

\InProcServer32\(Default) = "C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll" [MS]

"{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D}" = "Windows Live Photo Gallery Editor Drop Target Shim"

-> {HKLM...CLSID} = "Windows Live Photo Gallery Editor Shim"

\InProcServer32\(Default) = "C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll" [MS]

"{00F30F90-3E96-453B-AFCD-D71989ECC2C7}" = "Windows Live Photo Gallery Autoplay Drop Target Shim"

-> {HKLM...CLSID} = "Windows Live Photo Gallery Viewer Autoplay Shim"

\InProcServer32\(Default) = "C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll" [MS]

HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\

<<!>> text/xml\CLSID = "{807563E5-5146-11D5-A672-00B0D022E945}"

-> {HKLM...CLSID} = "Microsoft Office InfoPath XML Mime Filter"

\InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL" [MS]

HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\

{7D4D6379-F301-4311-BEBA-E26EB0561882}\(Default) = "NeroDigitalExt.NeroDigitalColumnHandler"

-> {HKLM...CLSID} = "NeroDigitalColumnHandler Class"

\InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]

{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\(Default) = "OpenOffice.org Column Handler"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = ""C:\Program Files\OpenOffice.ux.pl 3\Basis\program\shlxthdl\shlxthdl.dll"" ["Sun Microsystems, Inc."]

{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"

-> {HKLM...CLSID} = "PDF Shell Extension"

\InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]

HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\

Kaspersky Anti-Virus\(Default) = "{dd230880-495a-11d1-b064-008048ec2fc5}"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ShellEx.dll" ["Kaspersky Lab"]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\

Kaspersky Anti-Virus\(Default) = "{dd230880-495a-11d1-b064-008048ec2fc5}"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ShellEx.dll" ["Kaspersky Lab"]

MBAMShlExt\(Default) = "{57CE581A-0CB6-4266-9CA0-19364C90A0B3}"

-> {HKLM...CLSID} = "MBAMShlExt Class"

\InProcServer32\(Default) = "C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll" ["Malwarebytes Corporation"]

UnlockerShellExtension\(Default) = "{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}"

-> {HKLM...CLSID} = "UnlockerShellExtension"

\InProcServer32\(Default) = "C:\Program Files\Unlocker\UnlockerCOM.dll" [null data]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\

MBAMShlExt\(Default) = "{57CE581A-0CB6-4266-9CA0-19364C90A0B3}"

-> {HKLM...CLSID} = "MBAMShlExt Class"

\InProcServer32\(Default) = "C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll" ["Malwarebytes Corporation"]

UnlockerShellExtension\(Default) = "{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}"

-> {HKLM...CLSID} = "UnlockerShellExtension"

\InProcServer32\(Default) = "C:\Program Files\Unlocker\UnlockerCOM.dll" [null data]

Default executables:

--------------------

<<!>> HKLM\SOFTWARE\Classes\.com\(Default) = "ComFile"

Group Policies {GPedit.msc branch and setting}:

-----------------------------------------------

Note: detected settings may not have any effect.

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\

"NoDrives" = (REG_DWORD) dword:0x00000000

{unrecognized setting}

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\

"NoDrives" = (REG_DWORD) dword:0x00000000

{unrecognized setting}

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\

"ConsentPromptBehaviorAdmin" = (REG_DWORD) dword:0x00000000

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

User Account Control: Behavior Of The Elevation Prompt For Administrators In Admin Approval Mode}

"ConsentPromptBehaviorUser" = (REG_DWORD) dword:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

User Account Control: Behavior Of The Elevation Prompt For Standard Users}

"EnableInstallerDetection" = (REG_DWORD) dword:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

User Account Control: Detect Application Installations And Prompt For Elevation}

"EnableLUA" = (REG_DWORD) dword:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

User Account Control: Run All Administrators In Admin Approval Mode}

"EnableSecureUIAPaths" = (REG_DWORD) dword:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

User Account Control: Only elevate UIAccess applications that are installed in secure locations}

"EnableVirtualization" = (REG_DWORD) dword:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

User Account Control: Virtualize file and registry write failures to per-user locations}

"PromptOnSecureDesktop" = (REG_DWORD) dword:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

User Account Control: Switch to the secure desktop when prompting for elevation}

"shutdownwithoutlogon" = (REG_DWORD) dword:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

Shutdown: Allow system to be shut down without having to log on}

"undockwithoutlogon" = (REG_DWORD) dword:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

Devices: Allow undock without having to log on}

"FilterAdministratorToken" = (REG_DWORD) dword:0x00000000

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

User Account Control: Admin Approval Mode for the Built-in Administrator Account}

"EnableUIADesktopToggle" = (REG_DWORD) dword:0x00000000

{unrecognized setting}

"DisableRegistryTools" = (REG_DWORD) dword:0x00000000

{unrecognized setting}

Active Desktop and Wallpaper:

-----------------------------

Active Desktop may be disabled at this entry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:

HKCU\Software\Microsoft\Internet Explorer\Desktop\General\

"Wallpaper" = "C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows Photo Gallery\Tapeta z Galerii fotografii systemu Windows.jpg"

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:

HKCU\Control Panel\Desktop\

"Wallpaper" = "C:\Users\Laptop\AppData\Roaming\Microsoft\Windows Photo Gallery\Tapeta z Galerii fotografii systemu Windows.jpg"

Windows Portable Device AutoPlay Handlers

-----------------------------------------

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\

LightScribeOnArrivalAP\

"Provider" = "LightScribe Direct Disc Labeling"

"InvokeProgID" = "LightScribe.AutoPlayHandler"

"InvokeVerb" = "LabelLightScribeDisc"

HKLM\SOFTWARE\Classes\LightScribe.AutoPlayHandler\shell\LabelLightScribeDisc\command\(Default) = "C:\Program Files\Common Files\LightScribe\LsLauncher.exe" ["Hewlett-Packard Company"]

MPCPlayCDAudioOnArrival\

"Provider" = "Media Player Classic"

"InvokeProgID" = "MediaPlayerClassic.Autorun"

"InvokeVerb" = "PlayCDAudio"

HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayCDAudio\command\(Default) = ""C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe" %1 /cd" ["Gabest"]

MPCPlayDVDMovieOnArrival\

"Provider" = "Media Player Classic"

"InvokeProgID" = "MediaPlayerClassic.Autorun"

"InvokeVerb" = "PlayDVDMovie"

HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayDVDMovie\command\(Default) = ""C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe" %1 /dvd" ["Gabest"]

MPCPlayMusicFilesOnArrival\

"Provider" = "Media Player Classic"

"InvokeProgID" = "MediaPlayerClassic.Autorun"

"InvokeVerb" = "PlayMusicFiles"

HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayMusicFiles\command\(Default) = ""C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe" %1" ["Gabest"]

MPCPlayVideoFilesOnArrival\

"Provider" = "Media Player Classic"

"InvokeProgID" = "MediaPlayerClassic.Autorun"

"InvokeVerb" = "PlayVideoFiles"

HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayVideoFiles\command\(Default) = ""C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe" %1" ["Gabest"]

MSLivePhotoAcqHWEventHandler\

"Provider" = "@%ProgramFiles%\Windows Live\Photo Gallery\regres.dll,-10;pl-pl.8064.0206"

"ProgID" = "Microsoft.LivePhotoAcqHWEventHandler"

HKLM\SOFTWARE\Classes\Microsoft.LivePhotoAcqHWEventHandler\CLSID\(Default) = "{3BD0ACD1-71CA-4475-92CC-E0AA0AAF843F}"

-> {HKLM...CLSID} = (no title provided)

\LocalServer32\(Default) = "C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe" [MS]

MSLivePhotoAcquireDropHandler\

"Provider" = "@%ProgramFiles%\Windows Live\Photo Gallery\regres.dll,-10;pl-pl.8064.0206"

"InvokeProgID" = "Microsoft.LivePhotoAcqDTShim.1"

"InvokeVerb" = "open"

HKLM\SOFTWARE\Classes\Microsoft.LivePhotoAcqDTShim.1\shell\open\DropTarget\CLSID = "{00F33137-EE26-412F-8D71-F84E4C2C6625}"

-> {HKLM...CLSID} = "Windows Live Photo Gallery Viewer Autoplay Shim"

\InProcServer32\(Default) = "C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll" [MS]

MSLiveShowPicturesOnArrival\

"Provider" = "@%ProgramFiles%\Windows Live\Photo Gallery\regres.dll,-10;pl-pl.8064.0206"

"InvokeProgID" = "Microsoft.Photos.LiveAutoplayShim.1"

"InvokeVerb" = "open"

HKLM\SOFTWARE\Classes\Microsoft.Photos.LiveAutoplayShim.1\shell\open\DropTarget\CLSID = "{00F30F90-3E96-453B-AFCD-D71989ECC2C7}"

-> {HKLM...CLSID} = "Windows Live Photo Gallery Viewer Autoplay Shim"

\InProcServer32\(Default) = "C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll" [MS]

MSLiveVideoCameraArrivalCaptureWizard\

"Provider" = "@%ProgramFiles%\Windows Live\Photo Gallery\regres.dll,-10"

"ProgID" = "WLXAutoPlayMgr.WLXHWEventHandler"

"InitCmdLine" = "WLXVideoAcquireWizard"

HKLM\SOFTWARE\Classes\WLXAutoPlayMgr.WLXHWEventHandler\CLSID\(Default) = "{9B5C97F6-B3A5-4A6D-8B03-993EC7291A22}"

-> {HKLM...CLSID} = "WLXWEventHandler Class"

\LocalServer32\(Default) = ""C:\Program Files\Windows Live\Photo Gallery\WLXVideoCameraAutoPlayManager.exe"" [MS]

MSPlayCDAudioOnArrival\

"Provider" = "ALLPlayer"

"InvokeProgID" = "AllPlayerFile"

"InvokeVerb" = "play"

HKLM\SOFTWARE\Classes\AllPlayerFile\shell\play\command\(Default) = ""C:\Program Files\ALLPlayer\ALLPlayer.exe" "%1"" ["ALLPlayer"]

NeroAutoPlay7CDAudio\

"Provider" = "Nero Express Essentials"

"InvokeProgID" = "Nero.AutoPlay7"

"InvokeVerb" = "CDAudio_HandleCDBurningOnArrival"

HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\CDAudio_HandleCDBurningOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Core\nero.exe -w /New:AudioCD" ["Nero AG"]

NeroAutoPlay7CopyCD\

"Provider" = "Nero Express Essentials"

"InvokeProgID" = "Nero.AutoPlay7"

"InvokeVerb" = "CopyCD_PlayMusicFilesOnArrival"

HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\CopyCD_PlayMusicFilesOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Core\nero.exe -w /New:DiscCopy" ["Nero AG"]

NeroAutoPlay7DataDisc\

"Provider" = "Nero Express Essentials"

"InvokeProgID" = "Nero.AutoPlay7"

"InvokeVerb" = "DataDisc_HandleCDBurningOnArrival"

HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\DataDisc_HandleCDBurningOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Core\nero.exe -w /New:ISODisc" ["Nero AG"]

NeroAutoPlay7LaunchNeroStartSmart\

"Provider" = "Nero StartSmart Essentials"

"InvokeProgID" = "Nero.AutoPlay7"

"InvokeVerb" = "LaunchNeroStartSmart_HandleCDBurningOnArrival"

HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\LaunchNeroStartSmart_HandleCDBurningOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Nero StartSmart\NeroStartSmart.exe /AutoPlay" ["Nero AG"]

NeroAutoPlay7PlayAudioCD\

"Provider" = "Nero ShowTime Essentials"

"InvokeProgID" = "Nero.AutoPlay7"

"InvokeVerb" = "PlayAudioCD_PlayMusicFilesOnArrival"

HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\PlayAudioCD_PlayMusicFilesOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe /Play %L" ["Nero AG"]

NeroAutoPlay7PlayDVD\

"Provider" = "Nero ShowTime Essentials"

"InvokeProgID" = "Nero.AutoPlay7"

"InvokeVerb" = "PlayDVD_PlayVideoFilesOnArrival"

HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\PlayDVD_PlayVideoFilesOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe /Play %L" ["Nero AG"]

NeroAutoPlay7TranscodeVideo\

"Provider" = "Nero Recode Essentials"

"InvokeProgID" = "Nero.AutoPlay7"

"InvokeVerb" = "TranscodeVideo_PlayDVDMovieOnArrival"

HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\TranscodeVideo_PlayDVDMovieOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Nero Recode\Recode.exe /New:CopyDVDVideo" ["Nero AG"]

NeroAutoPlay7VideoCapture\

"Provider" = "Nero Vision Essentials"

"ProgID" = "Shell.HWEventHandlerShellExecute"

"InitCmdLine" = ""C:\Program Files\Nero\Nero 7\Nero Vision\NeroVision.exe" /New:VideoCapture"

HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = "{FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}"

-> {HKLM...CLSID} = "Shell Execute Hardware Event Handler"

\LocalServer32\(Default) = "C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" [MS]

NeroAutoPlay7ViewPhotos\

"Provider" = "Nero PhotoSnap Viewer Essentials"

"InvokeProgID" = "Nero.AutoPlay7"

"InvokeVerb" = "ViewPhotos_ShowPicturesOnArrival"

HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\ViewPhotos_ShowPicturesOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Nero PhotoSnap\PhotoSnapViewer.exe /" ["Nero AG"]

NMMPlayCDAudioOnArrival\

"Provider" = "Nokia Music Manager"

"InvokeProgID" = "NokiaMusicManager"

"InvokeVerb" = "NMMPlayCD"

HKLM\SOFTWARE\Classes\NokiaMusicManager\shell\NMMPlayCD\command\(Default) = "C:\Program Files\Nokia\Nokia PC Suite 7\MusicManager.exe /playCD "%L"" ["Nokia"]

NMMRipCDAudioOnArrival\

"Provider" = "Nokia Music Manager"

"InvokeProgID" = "NokiaMusicManager"

"InvokeVerb" = "NMMRipCD"

HKLM\SOFTWARE\Classes\NokiaMusicManager\shell\NMMRipCD\command\(Default) = "C:\Program Files\Nokia\Nokia PC Suite 7\MusicManager.exe /ripCD "%L"" ["Nokia"]

NTIBurner\

"Provider" = "NTI CD-Maker"

"InvokeProgID" = "NTIBurnerOpen"

"InvokeVerb" = "open"

HKLM\SOFTWARE\Classes\NTIBurnerOpen\shell\open\command\(Default) = ""C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\Cdmkr32.exe"" ["NewTech Infosystems, Inc."]

WinampMTPHandler\

"Provider" = "Winamp"

"ProgID" = "Shell.HWEventHandlerShellExecute"

"InitCmdLine" = "C:\Program Files\Winamp\winamp.exe"

HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = "{FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}"

-> {HKLM...CLSID} = "Shell Execute Hardware Event Handler"

\LocalServer32\(Default) = "C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" [MS]

WinampPlayMediaOnArrival\

"Provider" = "Winamp"

"InvokeProgID" = "Winamp.File"

"InvokeVerb" = "Play"

HKLM\SOFTWARE\Classes\Winamp.File\shell\Play\command\(Default) = ""C:\Program Files\Winamp\winamp.exe" "%1"" ["Nullsoft"]

HKLM\SOFTWARE\Classes\Winamp.File\shell\Play\DropTarget\CLSID = "{46986115-84D6-459c-8F95-52DD653E532E}"

-> {HKLM...CLSID} = (no title provided)

\LocalServer32\(Default) = ""C:\Program Files\Winamp\winamp.exe"" ["Nullsoft"]

mbam_log_2009_03_31__14_52_56_.txt

mbam_log_2009_03_31__22_36_26_.txt

Gość
komentarz
komentarz

W logach nic nie ma ciekawego.

Do Notatnika wklej:

Windows Registry Editor Version 5.00[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"=-"EnableUIADesktopToggle"=-

Z menu Notatnika >>> Plik >>> Zapisz jako >>> Ustaw rozszerzenie na: "Wszystkie pliki" >>> Zapisz jako FIX.REG>>>

plik uruchom (dwuklik i OK- zgódź się na dodanie do Rejestru).

Zrestartuj komputer.

Wykonaj optymalizację systemu

.

Rafał-85
komentarz
komentarz (edytowane)

To juz przestaje byc smieszne, moze to ten zmasowany atak wirusow na 1 kwietnia.

co drugie uruchomienie komputera jest dobre, a jak nie jest dobre to znowu wyglad Windowsa 98, komunikat nr 1 z pierwszego postu... same problemy.

programy startowe po odznaczeniu wrciy po ponownym uruchomieniu systemu:(

Gość
komentarz
komentarz

Nie możliwe, żeby Conficker to zrobił, w logu z ComboFixa widać było by jego ślady, a ich nie ma.

Przeskanuj tym: Dr.WEB CureIt!.

.

Rafał-85
komentarz
komentarz

najnowszy log Combofix'a

ComboFix 09-03-31.02 - Laptop 2009-04-01 9:57:05.3 - NTFSx86

Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1250.1.1045.18.2046.1305 [GMT 2:00]

Uruchomiony z: D:\ComboFix.exe

AV: Kaspersky Internet Security *On-access scanning disabled* (Updated)

FW: Kaspersky Internet Security *disabled*

* Utworzono nowy punkt przywracania

.

((((((((((((((((((((((((( Pliki utworzone od 2009-03-01 do 2009-04-01 )))))))))))))))))))))))))))))))

.

2009-03-31 20:17 . 2009-03-31 20:19 <DIR> d-------- C:\Winamp

2009-03-31 20:15 . 2009-04-01 09:53 <DIR> d-------- C:\Default

2009-03-31 20:10 . 2009-03-31 20:11 <DIR> d-------- C:\Nowe Gadu-Gadu

2009-03-31 10:43 . 2009-03-31 10:48 <DIR> d-------- c:\users\Laptop\Tracing

2009-03-31 10:41 . 2009-03-31 10:41 <DIR> d-------- c:\program files\Microsoft Sync Framework

2009-03-31 10:41 . 2009-02-06 18:08 55,280 --a------ c:\windows\System32\drivers\fssfltr.sys

2009-03-31 10:40 . 2009-03-31 10:40 <DIR> d-------- c:\program files\Microsoft SQL Server Compact Edition

2009-03-31 10:40 . 2006-11-29 13:06 3,426,072 --a------ c:\windows\System32\d3dx9_32.dll

2009-03-31 10:39 . 2009-03-31 10:39 <DIR> d-------- c:\program files\Windows Live SkyDrive

2009-03-31 10:39 . 2009-03-31 10:41 <DIR> d-------- c:\program files\Windows Live

2009-03-31 10:08 . 2009-03-31 10:08 <DIR> d-------- c:\program files\Common Files\Windows Live

2009-03-29 19:14 . 2009-03-29 19:14 <DIR> d-------- c:\users\All Users\WindowsSearch

2009-03-29 19:14 . 2009-03-29 19:14 <DIR> d-------- c:\programdata\WindowsSearch

2009-03-24 23:16 . 2009-03-24 23:16 <DIR> d-------- c:\users\Laptop\AppData\Roaming\Thunderbird

2009-03-24 23:16 . 2009-03-24 23:16 <DIR> d-------- c:\program files\Mozilla Thunderbird 3 Beta 2

2009-03-23 21:48 . 2009-03-23 21:48 <DIR> d-------- c:\users\All Users\Real

2009-03-23 21:48 . 2009-03-23 21:48 <DIR> d-------- c:\program files\Real Alternative

2009-03-18 11:59 . 2009-03-23 12:02 <DIR> d-------- c:\users\Laptop\AppData\Roaming\Desktop Sidebar

2009-03-18 11:58 . 2009-03-18 11:58 <DIR> d-------- c:\program files\Desktop Sidebar

2009-03-11 16:00 . 2009-03-11 16:00 <DIR> d-------- c:\windows\System32\Adobe

2009-03-11 15:13 . 2009-03-11 15:13 <DIR> d-------- c:\users\All Users\Apple Computer

2009-03-11 15:13 . 2009-03-11 15:13 <DIR> d-------- c:\programdata\Apple Computer

2009-03-11 15:13 . 2009-03-11 15:13 <DIR> d-------- c:\program files\QuickTime

2009-03-10 22:24 . 2009-02-09 05:10 2,033,152 --a------ c:\windows\System32\win32k.sys

2009-03-10 22:24 . 2008-11-27 06:43 268,288 --a------ c:\windows\System32\schannel.dll

2009-03-10 18:11 . 2009-03-10 18:11 <DIR> d-------- c:\program files\Common Files\Adobe AIR

2009-03-10 18:11 . 2009-03-10 18:11 <DIR> d-------- c:\program files\Adobe Media Player

2009-03-02 15:36 . 2009-03-02 15:36 <DIR> d-------- c:\program files\PITy

.

(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-04-01 07:47 --------- d-----w c:\programdata\Kaspersky Lab

2009-04-01 07:43 614,432 --sha-w c:\windows\system32\drivers\fidbox2.dat

2009-04-01 07:43 5,276 --sha-w c:\windows\system32\drivers\fidbox2.idx

2009-04-01 07:43 3,225,632 --sha-w c:\windows\system32\drivers\fidbox.dat

2009-04-01 07:43 28,376 --sha-w c:\windows\system32\drivers\fidbox.idx

2009-04-01 06:30 --------- d-----w c:\users\Laptop\AppData\Roaming\Winamp

2009-03-31 20:10 --------- d-----w c:\program files\Lx_cats

2009-03-31 18:32 --------- d-----w c:\programdata\HP Product Assistant

2009-03-31 18:32 --------- d-----w c:\program files\Unlocker

2009-03-31 18:32 --------- d-----w c:\program files\Malwarebytes' Anti-Malware

2009-03-31 18:32 --------- d-----w c:\program files\CCleaner

2009-03-31 08:39 --------- d-----w c:\program files\Microsoft

2009-03-26 14:49 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys

2009-03-26 14:49 15,504 ----a-w c:\windows\system32\drivers\mbam.sys

2009-03-22 20:01 --------- d-----w c:\program files\Winamp

2009-03-18 15:30 --------- d-----w c:\users\Laptop\AppData\Roaming\skypePM

2009-03-18 15:30 --------- d-----w c:\users\Laptop\AppData\Roaming\Skype

2009-03-17 20:26 --------- d-----w c:\program files\Common Files\Adobe

2009-03-16 21:10 --------- d-----w c:\program files\Nokia

2009-03-16 21:10 --------- d-----w c:\program files\Common Files\Nokia

2009-03-16 21:09 --------- d-----w c:\programdata\Installations

2009-03-16 20:58 91,614 ----a-w c:\users\Laptop\AppData\Roaming\nvModes.dat

2009-03-10 20:28 --------- d-----w c:\program files\Windows Mail

2009-03-08 11:34 914,944 ----a-w c:\windows\System32\wininet.dll

2009-03-08 11:34 43,008 ----a-w c:\windows\System32\licmgr10.dll

2009-03-08 11:33 420,352 ----a-w c:\windows\System32\vbscript.dll

2009-03-08 11:33 18,944 ----a-w c:\windows\System32\corpol.dll

2009-03-08 11:33 132,608 ----a-w c:\windows\System32\ieUnatt.exe

2009-03-08 11:33 109,568 ----a-w c:\windows\System32\PDMSetup.exe

2009-03-08 11:33 109,056 ----a-w c:\windows\System32\iesysprep.dll

2009-03-08 11:33 107,520 ----a-w c:\windows\System32\RegisterIEPKEYs.exe

2009-03-08 11:33 107,008 ----a-w c:\windows\System32\SetIEInstalledDate.exe

2009-03-08 11:33 103,936 ----a-w c:\windows\System32\SetDepNx.exe

2009-03-08 11:32 72,704 ----a-w c:\windows\System32\admparse.dll

2009-03-08 11:32 71,680 ----a-w c:\windows\System32\iesetup.dll

2009-03-08 11:32 66,560 ----a-w c:\windows\System32\wextract.exe

2009-03-08 11:32 169,472 ----a-w c:\windows\System32\iexpress.exe

2009-03-08 11:31 48,128 ----a-w c:\windows\System32\mshtmler.dll

2009-03-08 11:31 45,568 ----a-w c:\windows\System32\mshta.exe

2009-03-08 11:31 34,816 ----a-w c:\windows\System32\imgutil.dll

2009-03-08 11:22 156,160 ----a-w c:\windows\System32\msls31.dll

2009-03-05 19:51 --------- d-----w c:\program files\Opera

2009-03-02 22:12 --------- d-----w c:\program files\Google

2009-03-02 15:02 615,424 ----a-w c:\windows\System32\themeui.dll

2009-03-02 15:02 240,128 ----a-w c:\windows\System32\uxtheme.dll

2009-02-26 19:12 --------- d-----w c:\program files\Microsoft Silverlight

2009-02-24 11:53 --------- d-----w c:\programdata\Skype

2009-02-24 11:53 --------- d-----w c:\program files\Common Files\Skype

2009-02-24 11:53 --------- d-----r c:\program files\Skype

2009-02-24 11:38 --------- d-----w c:\program files\MSECache

2009-02-24 11:38 --------- d-----w c:\program files\Microsoft Works

2009-02-17 21:00 --------- d-----w c:\programdata\Nokia

2009-02-17 20:47 --------- d-----w c:\users\Laptop\AppData\Roaming\Nokia

2009-02-17 20:42 0 ---ha-w c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf

2009-02-17 20:42 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf

2009-02-17 20:40 --------- d-----w c:\program files\Common Files\PCSuite

2009-02-17 20:38 --------- d-----w c:\program files\PC Connectivity Solution

2009-02-16 18:58 --------- d-----w c:\users\Laptop\AppData\Roaming\BESTplayer

2009-02-15 21:08 89,601 ----a-w c:\windows\system32\drivers\klick.dat

2009-02-15 21:08 33,808 ----a-w c:\windows\system32\drivers\klbg.sys

2009-02-15 21:08 101,287 ----a-w c:\windows\system32\drivers\klin.dat

2009-02-15 20:51 --------- d-----w c:\program files\Kaspersky Lab

2009-02-15 20:46 --------- d-----w c:\programdata\Spybot - Search & Destroy

2009-02-15 20:46 --------- d-----w c:\program files\Spybot - Search & Destroy

2009-02-15 20:44 --------- d-----w c:\programdata\Kaspersky Lab Setup Files

2009-02-15 14:09 22,328 ----a-w c:\windows\system32\drivers\PnkBstrK.sys

2009-02-15 14:09 103,736 ----a-w c:\windows\System32\PnkBstrB.exe

2009-02-09 22:35 --------- d-----w c:\program files\Nowe Gadu-Gadu

2009-02-06 17:57 308,104 ----a-w c:\windows\WLXPGSS.SCR

2009-02-06 16:52 49,504 ----a-w c:\windows\System32\sirenacm.dll

2009-02-06 13:53 --------- d-----w c:\program files\IEPro

2009-02-06 12:09 0 ---ha-w c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_05_00.Wdf

2009-02-06 12:09 --------- d-----w c:\users\Laptop\AppData\Roaming\PC Suite

2009-02-06 12:09 --------- d-----w c:\programdata\PC Suite

2009-02-06 12:02 --------- d-----w c:\program files\DIFX

2009-02-05 18:39 17,064 ----a-w c:\windows\system32\drivers\SiWinAcc.sys

2009-02-05 18:39 12,200 ----a-w c:\windows\system32\drivers\SiRemFil.sys

2009-02-05 18:38 212,520 ----a-w c:\windows\system32\drivers\Si3531.sys

2009-02-05 18:38 119,848 ----a-w c:\windows\System32\SilSupp.dll

2009-01-26 20:03 66,872 ----a-w c:\windows\System32\PnkBstrA.exe

2009-01-04 18:02 410,984 ----a-w c:\windows\System32\deploytk.dll

2008-07-09 21:35 56 ---ha-w c:\users\All Users\ezsidmv.dat

2008-07-09 21:35 56 ---ha-w c:\programdata\ezsidmv.dat

2008-01-21 02:43 174 --sha-w c:\program files\desktop.ini

2007-08-12 11:07 557,056 ----a-w c:\program files\lame.exe

2007-08-12 09:26 88,727 ----a-w c:\program files\history.html

2007-06-28 14:41 4,071 ----a-w c:\program files\contributors.html

2007-05-25 13:04 8,074 ----a-w c:\program files\id3.html

2007-05-25 13:04 2,218 ----a-w c:\program files\index.html

2006-04-29 18:46 179 ----a-w c:\program files\Free-Codecs.txt

2005-08-22 10:29 49,511 ----a-w c:\program files\switchs.html

2005-08-09 06:25 4,922 ----a-w c:\program files\basic.html

2005-08-09 06:25 1,705 ----a-w c:\program files\examples.html

2005-07-28 05:11 3,102 ----a-w c:\program files\presets.html

2004-08-27 05:03 2,288 ----a-w c:\program files\modes.html

2001-10-24 11:44 6,967 ----a-w c:\program files\node6.html

2000-12-03 22:00 732 ----a-w c:\program files\lame.css

.

((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Nowe Gadu-Gadu"="c:\program files\Nowe Gadu-Gadu\gg.exe" [2009-02-27 9339496]

"eMuleAutoStart"="f:\emule\emule.exe" [2009-02-22 5668864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"OSD"="c:\program files\C&E\OSD\osd.exe" [2007-07-10 557056]

"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-02-12 174872]

"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-05-22 86016]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-05-22 8433664]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-05-22 81920]

"LXCCCATS"="c:\windows\system32\spool\DRIVERS\W32X86\3\LXCCtime.dll" [2007-02-22 73728]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-04 136600]

"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2009-02-15 206088]

"WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-03-09 37888]

"RtHDVCpl"="RtHDVCpl.exe" [2007-05-10 c:\windows\RtHDVCpl.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\progra~1\KASPER~1\KASPER~1\mzvkbd.dll c:\progra~1\KASPER~1\KASPER~1\mzvkbd3.dll c:\progra~1\KASPER~1\KASPER~1\adialhk.dll c:\progra~1\KASPER~1\KASPER~1\kloehk.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"vidc.i420"= i420vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

--a------ 2009-02-27 18:10 35696 c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

--a------ 2006-12-23 19:05 143360 c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint]

--a------ 2007-05-11 08:58 103344 c:\program files\Lexmark 3300 Series\ezprint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]

--a----t- 2008-12-30 21:11 133104 c:\users\Laptop\AppData\Local\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

--a------ 2007-10-14 22:17 49152 c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxccmon.exe]

--a------ 2007-05-11 08:58 205744 c:\program files\Lexmark 3300 Series\lxccmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

--a------ 2006-01-12 16:40 155648 c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

--a------ 2009-01-05 17:18 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]

--a------ 2006-11-22 11:31 630784 c:\program files\Motorola\SMSERIAL\sm56hlpr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2086174230-4289690797-2513951421-1000]

"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"TCP Query User{386E2864-7A76-493A-881E-6737B38614CA}c:\\program files\\skype\\phone\\skype.exe"= UDP:c:\program files\skype\phone\skype.exe:Onet.pl - Skype

"UDP Query User{00C8230F-1770-40C9-8A41-602FF7907947}c:\\program files\\skype\\phone\\skype.exe"= TCP:c:\program files\skype\phone\skype.exe:Onet.pl - Skype

"TCP Query User{52C7F2BB-2BD0-4907-9A40-82E301803BB0}f:\\emule\\emule.exe"= UDP:f:\emule\emule.exe:eMule

"UDP Query User{CA5074AB-68C8-4AF7-8D20-9DE78E7DABFC}f:\\emule\\emule.exe"= TCP:f:\emule\emule.exe:eMule

"{8E2215DF-3929-438D-BFF9-BECD09ACB510}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\lxccpswx.exe:Printer Status Window

"{5D0C88CC-5BF2-40B5-BDEF-A08F27BA68AC}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\lxccpswx.exe:Printer Status Window

"{3239DDAF-8E60-4875-83DC-EFF6583CCF42}"= UDP:c:\program files\Winamp Remote\bin\Orb.exe:Orb

"{3F0806F9-78B3-42E7-B8FC-B10BB94E6795}"= TCP:c:\program files\Winamp Remote\bin\Orb.exe:Orb

"{0AA606EF-4E84-4626-A83D-DBBAAA74BE9E}"= UDP:c:\program files\Winamp Remote\bin\OrbTray.exe:OrbTray

"{9EEE64DB-2140-4B6F-9ED1-C8C0AB997CA6}"= TCP:c:\program files\Winamp Remote\bin\OrbTray.exe:OrbTray

"{9C1B5F97-A64B-42BB-B7F8-3AD571C9217C}"= UDP:c:\program files\Winamp Remote\bin\OrbIR.exe:OrbIR

"{C8548B7C-2FC7-49FF-9244-025E307E9340}"= TCP:c:\program files\Winamp Remote\bin\OrbIR.exe:OrbIR

"{69ED2C58-2C25-488D-82D9-DC0D8C71A230}"= UDP:c:\program files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client

"{190BACC0-C531-44FD-AA94-6BF5D2ED26BC}"= TCP:c:\program files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client

"TCP Query User{286B635F-8FD2-4E73-B23D-49C259755927}c:\\program files\\nowe gadu-gadu\\gg.exe"= UDP:c:\program files\nowe gadu-gadu\gg.exe:Nowe Gadu-Gadu beta

"UDP Query User{FD867EBD-3298-4C57-B575-B4E37B088E63}c:\\program files\\nowe gadu-gadu\\gg.exe"= TCP:c:\program files\nowe gadu-gadu\gg.exe:Nowe Gadu-Gadu beta

"TCP Query User{69111F47-66E1-492B-83A5-1A53F7881DE6}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer

"UDP Query User{615EF356-1308-4137-AB6A-C79D284B24FC}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer

"{260A6843-7E36-483B-BE92-BEC06DE8F7CE}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{9890E7EA-2BFF-420A-9E27-9E735220F8DE}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{3C98D4D6-2A27-4D74-B81B-A3344C4747F8}"= c:\program files\Skype\Phone\Skype.exe:Skype

"{491E7840-6121-4AED-8717-26EC169FFEA6}"= UDP:c:\windows\System32\lxcccoms.exe:Lexmark Communications System

"{9F6D51A8-4E7A-4D87-AA41-3C21BDE12BBF}"= TCP:c:\windows\System32\lxcccoms.exe:Lexmark Communications System

"{56A4266E-9D94-45C6-84A9-63A2FE79CE59}"= Disabled:UDP:e:\setup\HPZNUI01.EXE:hpznui01.exe

"{187F11DE-7D1B-4C3C-9ACC-9C4D26D53484}"= Disabled:TCP:e:\setup\HPZNUI01.EXE:hpznui01.exe

"{AD37D949-D65E-4638-A34B-3A87B5E05E93}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpqtra08.exe:hpqtra08.exe

"{DA778BCD-FA86-401D-B0F6-7704F020174A}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpqtra08.exe:hpqtra08.exe

"{FD7D6657-BBF2-4DEC-9CA2-E06B4C6DB2A9}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpqste08.exe:hpqste08.exe

"{5F46B7DE-9D18-4CE9-9C64-F26409AFC333}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpqste08.exe:hpqste08.exe

"{BB6E38CE-8B14-4841-85E1-1CBABD86B25E}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpofxm08.exe:hpofxm08.exe

"{964C0714-A8A2-409E-A9EB-13BDB592C6A7}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpofxm08.exe:hpofxm08.exe

"{BFF30B9C-3D09-47C1-B0C4-07CF4D3D1EE4}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hposfx08.exe:hposfx08.exe

"{6C89C5DB-712A-4CBC-B9BE-EFA6186D0B61}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hposfx08.exe:hposfx08.exe

"{48138B62-DD57-4434-AC33-7EFFA35A5783}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hposid01.exe:hposid01.exe

"{3A69EA76-C469-4A25-80AE-96A95C6D7F20}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hposid01.exe:hposid01.exe

"{46C63F37-FFD6-40BE-99BF-3ABF220F45CE}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpqkygrp.exe:hpqkygrp.exe

"{F1035169-11AA-4A41-AC6B-F1F48740C16C}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpqkygrp.exe:hpqkygrp.exe

"{8FE3FC4B-71F6-463F-9D1F-763C0844EAD9}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpzwiz01.exe:hpzwiz01.exe

"{00B5B898-0615-4073-B554-94F817D71682}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpzwiz01.exe:hpzwiz01.exe

"TCP Query User{2767DDDA-C606-4070-A04B-423FF65A3029}c:\\program files\\common files\\ahead\\nero web\\setupx.exe"= UDP:c:\program files\common files\ahead\nero web\setupx.exe:MSI starter

"UDP Query User{45F7C29F-7D48-4F45-A26C-B66A32480A54}c:\\program files\\common files\\ahead\\nero web\\setupx.exe"= TCP:c:\program files\common files\ahead\nero web\setupx.exe:MSI starter

"TCP Query User{A7A25341-866A-4BBB-B709-006B1EB44AC7}c:\\users\\laptop\\appdata\\local\\temp\\nero web\\setupxu.exe"= UDP:c:\users\laptop\appdata\local\temp\nero web\setupxu.exe:setupxu.exe

"UDP Query User{32844D74-0933-4372-AC4E-0245A2DD39C3}c:\\users\\laptop\\appdata\\local\\temp\\nero web\\setupxu.exe"= TCP:c:\users\laptop\appdata\local\temp\nero web\setupxu.exe:setupxu.exe

"{EDB24A59-2CBE-453F-8CD8-F001A349D390}"= UDP:c:\program files\ALLPlayer\ALLPlayer.exe:ALLPlayer V3.6

"{71C8888F-189E-4EEF-9440-DC47CD058005}"= TCP:c:\program files\ALLPlayer\ALLPlayer.exe:ALLPlayer V3.6

"TCP Query User{5009CEDA-38E4-4810-B9B8-B8FED604F0A3}c:\\program files\\ipla\\ipla.exe"= Disabled:UDP:c:\program files\ipla\ipla.exe:ipla

"UDP Query User{0679F1E3-FF97-43EC-921D-DBEF310C3739}c:\\program files\\ipla\\ipla.exe"= Disabled:TCP:c:\program files\ipla\ipla.exe:ipla

"{92A77583-BDB9-4466-959B-D67F93C5D280}"= UDP:d:\dokumenty\SKRÓTY\BESTplayer.exe:BESTplayer

"{5DCAC31D-1200-4BE2-B267-832D7FB916D5}"= TCP:d:\dokumenty\SKRÓTY\BESTplayer.exe:BESTplayer

"TCP Query User{A8DCA954-131D-4318-84A7-4BA5F836C548}c:\\program files\\common files\\nokia\\service layer\\a\\nsl_host_process.exe"= UDP:c:\program files\common files\nokia\service layer\a\nsl_host_process.exe:Nokia Service Layer Host Process

"UDP Query User{FDFF216A-C11F-4A44-A740-82C337A8FE39}c:\\program files\\common files\\nokia\\service layer\\a\\nsl_host_process.exe"= TCP:c:\program files\common files\nokia\service layer\a\nsl_host_process.exe:Nokia Service Layer Host Process

"TCP Query User{7CC2DE6C-CB2F-4042-B1DC-5108C4FD5468}c:\\program files\\nokia\\nokia software updater\\nsu_ui_client.exe"= UDP:c:\program files\nokia\nokia software updater\nsu_ui_client.exe:Nokia Software Updater

"UDP Query User{F8263D1F-9B0D-424F-BD17-2F198A665650}c:\\program files\\nokia\\nokia software updater\\nsu_ui_client.exe"= TCP:c:\program files\nokia\nokia software updater\nsu_ui_client.exe:Nokia Software Updater

"{95CEDC89-82F3-424C-BE48-B3453D508566}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]

"DoNotAllowExceptions"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]

"c:\\Program Files\\IEPro\\MiniDM.exe"= c:\program files\IEPro\MiniDM.exe:*:Enabled:MiniDM

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\System32\drivers\klbg.sys [2008-01-29 33808]

R0 Si3531;SiI-3531 SATA Controller;c:\windows\System32\drivers\Si3531.sys [2009-02-05 212520]

R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\System32\drivers\klim6.sys [2008-07-09 20496]

R2 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]

R3 itecir;ITECIR Infrared Receiver;c:\windows\System32\drivers\itecir.sys [2008-07-03 46592]

R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\System32\drivers\klfltdev.sys [2008-03-13 26640]

S2 ELOADER;General Purpose USB Driver (adildr.sys);c:\windows\System32\drivers\adildr.sys [2008-07-04 56088]

S3 BthAvrcp;Profil AVRCP Bluetooth;c:\windows\System32\drivers\BthAvrcp.sys [2008-07-10 15872]

S3 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [2009-03-31 55280]

S3 fsssvc;Bezpieczeństwo rodzinne usługi Windows Live;c:\program files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360]

S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\System32\drivers\nmwcdnsu.sys [2008-02-01 138112]

S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\System32\drivers\nmwcdnsuc.sys [2008-02-01 8320]

S3 WSDPrintDevice;Obsługa drukowania WSD za pośrednictwem bloku pamięci górnej;c:\windows\System32\drivers\WSDPrint.sys [2008-01-21 16896]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

bthsvcs REG_MULTI_SZ BthServ

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

HPService REG_MULTI_SZ HPSLPSVC

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{76383969-fe7a-11dd-8069-b436a4003508}]

\shell\AutoRun\command - G:\AutoRun.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]

"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

.

Zawartość folderu 'Zaplanowane zadania'

2009-03-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2086174230-4289690797-2513951421-1000.job

- c:\users\Laptop\AppData\Local\Google\Update\GoogleUpdate.exe [2008-12-30 21:11]

2009-04-01 c:\windows\Tasks\User_Feed_Synchronization-{468D4863-301B-45D7-B757-1A9A8FC3EEAD}.job

- c:\windows\system32\msfeedssync.exe [2009-03-08 13:31]

.

.

------- Skan uzupełniający -------

.

uStart Page = hxxp://www.onet.pl/

IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

IE: {{000002a3-84fe-43f1-b958-f2c3ca804f1a} - {CD275D4E-791A-4993-9D4D-6A071EDD2709} - c:\program files\IEPro\iepro.dll

TCP: {17FE983C-3C50-4B2E-8E09-EAFD8B44B768} = 194.204.159.1 217.98.63.164

DPF: {1E53EA77-34F2-474E-9046-B2B0C86F1821} - hxxp://www.eska.pl/streamplayers/OggX.ocx

FF - ProfilePath - c:\users\Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\kf671xau.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.onet.pl/

FF - component: c:\program files\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll

FF - plugin: c:\program files\K-Lite Codec Pack\Media Player Classic\Netscape6\nppl3260.dll

FF - plugin: c:\program files\K-Lite Codec Pack\Media Player Classic\Netscape6\nprjplug.dll

FF - plugin: c:\program files\K-Lite Codec Pack\Media Player Classic\Netscape6\nprpjplug.dll

FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll

FF - plugin: c:\program files\Opera\program\plugins\nppl3260.dll

FF - plugin: c:\program files\Opera\program\plugins\nprpjplug.dll

FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: c:\users\Laptop\AppData\Local\Google\Update\1.2.141.5\npGoogleOneClick7.dll

.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-04-01 09:59:09

Windows 6.0.6001 Service Pack 1 NTFS

skanowanie ukrytych procesów ...

skanowanie ukrytych wpisów autostartu ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

LXCCCATS = rundll32 c:\windows\system32\spool\DRIVERS\W32X86\3\LXCCtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

skanowanie ukrytych plików ...

skanowanie pomyślnie ukończone

ukryte pliki: 0

**************************************************************************

.

Czas ukończenia: 2009-04-01 10:01:52

ComboFix-quarantined-files.txt 2009-04-01 08:01:50

Przed: 16 166 105 088 bajtów wolnych

Po: 15,686,594,560 bajtów wolnych

Current=1 Default=1 Failed=0 LastKnownGood=10 Sets=1,2,3,4,5,6,7,8,9,10

309 --- E O F --- 2009-03-31 08:43:51

Gość
komentarz
komentarz

Wklej do Notatnika:

Registry::[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{76383969-fe7a-11dd-8069-b436a4003508}][-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]

>>Plik>>Zapisz jako... >>> CFScript

Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe

-->cfscriptb5b4me3.gif

Ma się rozpocząć usuwanie. (i powstanie log).Daj ten log, który powstanie w trakcie usuwania.

Jeśli pójdzie dobrze, to: Po restarcie usuń ręcznie folder C:\Qoobox.

.

Rafał-85
komentarz
komentarz

djarta najnajnowszy log Combofix

ComboFix 09-03-31.03 - Laptop 2009-04-01 14:58:46.5 - NTFSx86

Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1250.1.1045.18.2046.1209 [GMT 2:00]

Uruchomiony z: D:\ComboFix.exe

Użyto następujących komend :: D:\CFScript.txt

AV: Kaspersky Internet Security *On-access scanning disabled* (Updated)

FW: Kaspersky Internet Security *disabled*

* Utworzono nowy punkt przywracania

.

((((((((((((((((((((((((( Pliki utworzone od 2009-03-01 do 2009-04-01 )))))))))))))))))))))))))))))))

.

2009-04-01 14:33 . 2009-04-01 14:33 <DIR> d-------- c:\program files\A4Tech

2009-04-01 10:18 . 2009-04-01 10:18 <DIR> d-------- c:\users\Laptop\DoctorWeb

2009-03-31 20:17 . 2009-03-31 20:19 <DIR> d-------- C:\Winamp

2009-03-31 20:15 . 2009-04-01 09:53 <DIR> d-------- C:\Default

2009-03-31 20:10 . 2009-03-31 20:11 <DIR> d-------- C:\Nowe Gadu-Gadu

2009-03-31 10:43 . 2009-03-31 10:48 <DIR> d-------- c:\users\Laptop\Tracing

2009-03-31 10:41 . 2009-03-31 10:41 <DIR> d-------- c:\program files\Microsoft Sync Framework

2009-03-31 10:41 . 2009-02-06 18:08 55,280 --a------ c:\windows\System32\drivers\fssfltr.sys

2009-03-31 10:40 . 2009-03-31 10:40 <DIR> d-------- c:\program files\Microsoft SQL Server Compact Edition

2009-03-31 10:40 . 2006-11-29 13:06 3,426,072 --a------ c:\windows\System32\d3dx9_32.dll

2009-03-31 10:39 . 2009-03-31 10:39 <DIR> d-------- c:\program files\Windows Live SkyDrive

2009-03-31 10:39 . 2009-03-31 10:41 <DIR> d-------- c:\program files\Windows Live

2009-03-31 10:08 . 2009-03-31 10:08 <DIR> d-------- c:\program files\Common Files\Windows Live

2009-03-29 19:14 . 2009-03-29 19:14 <DIR> d-------- c:\users\All Users\WindowsSearch

2009-03-29 19:14 . 2009-03-29 19:14 <DIR> d-------- c:\programdata\WindowsSearch

2009-03-24 23:16 . 2009-03-24 23:16 <DIR> d-------- c:\users\Laptop\AppData\Roaming\Thunderbird

2009-03-24 23:16 . 2009-03-24 23:16 <DIR> d-------- c:\program files\Mozilla Thunderbird 3 Beta 2

2009-03-23 21:48 . 2009-03-23 21:48 <DIR> d-------- c:\users\All Users\Real

2009-03-23 21:48 . 2009-03-23 21:48 <DIR> d-------- c:\program files\Real Alternative

2009-03-18 11:59 . 2009-03-23 12:02 <DIR> d-------- c:\users\Laptop\AppData\Roaming\Desktop Sidebar

2009-03-18 11:58 . 2009-03-18 11:58 <DIR> d-------- c:\program files\Desktop Sidebar

2009-03-11 16:00 . 2009-03-11 16:00 <DIR> d-------- c:\windows\System32\Adobe

2009-03-11 15:13 . 2009-03-11 15:13 <DIR> d-------- c:\users\All Users\Apple Computer

2009-03-11 15:13 . 2009-03-11 15:13 <DIR> d-------- c:\programdata\Apple Computer

2009-03-11 15:13 . 2009-03-11 15:13 <DIR> d-------- c:\program files\QuickTime

2009-03-10 22:24 . 2009-02-09 05:10 2,033,152 --a------ c:\windows\System32\win32k.sys

2009-03-10 22:24 . 2008-11-27 06:43 268,288 --a------ c:\windows\System32\schannel.dll

2009-03-10 18:11 . 2009-03-10 18:11 <DIR> d-------- c:\program files\Common Files\Adobe AIR

2009-03-10 18:11 . 2009-03-10 18:11 <DIR> d-------- c:\program files\Adobe Media Player

2009-03-02 15:36 . 2009-03-02 15:36 <DIR> d-------- c:\program files\PITy

.

(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-04-01 12:31 --------- d-----w c:\programdata\Kaspersky Lab

2009-04-01 07:43 614,432 --sha-w c:\windows\system32\drivers\fidbox2.dat

2009-04-01 07:43 5,276 --sha-w c:\windows\system32\drivers\fidbox2.idx

2009-04-01 07:43 3,225,632 --sha-w c:\windows\system32\drivers\fidbox.dat

2009-04-01 07:43 28,376 --sha-w c:\windows\system32\drivers\fidbox.idx

2009-04-01 06:30 --------- d-----w c:\users\Laptop\AppData\Roaming\Winamp

2009-03-31 20:10 --------- d-----w c:\program files\Lx_cats

2009-03-31 18:32 --------- d-----w c:\programdata\HP Product Assistant

2009-03-31 18:32 --------- d-----w c:\program files\Unlocker

2009-03-31 18:32 --------- d-----w c:\program files\Malwarebytes' Anti-Malware

2009-03-31 18:32 --------- d-----w c:\program files\CCleaner

2009-03-31 08:39 --------- d-----w c:\program files\Microsoft

2009-03-26 14:49 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys

2009-03-26 14:49 15,504 ----a-w c:\windows\system32\drivers\mbam.sys

2009-03-22 20:01 --------- d-----w c:\program files\Winamp

2009-03-18 15:30 --------- d-----w c:\users\Laptop\AppData\Roaming\skypePM

2009-03-18 15:30 --------- d-----w c:\users\Laptop\AppData\Roaming\Skype

2009-03-17 20:26 --------- d-----w c:\program files\Common Files\Adobe

2009-03-16 21:10 --------- d-----w c:\program files\Nokia

2009-03-16 21:10 --------- d-----w c:\program files\Common Files\Nokia

2009-03-16 21:09 --------- d-----w c:\programdata\Installations

2009-03-16 20:58 91,614 ----a-w c:\users\Laptop\AppData\Roaming\nvModes.dat

2009-03-10 20:28 --------- d-----w c:\program files\Windows Mail

2009-03-08 11:34 914,944 ----a-w c:\windows\System32\wininet.dll

2009-03-08 11:34 43,008 ----a-w c:\windows\System32\licmgr10.dll

2009-03-08 11:33 420,352 ----a-w c:\windows\System32\vbscript.dll

2009-03-08 11:33 18,944 ----a-w c:\windows\System32\corpol.dll

2009-03-08 11:33 132,608 ----a-w c:\windows\System32\ieUnatt.exe

2009-03-08 11:33 109,568 ----a-w c:\windows\System32\PDMSetup.exe

2009-03-08 11:33 109,056 ----a-w c:\windows\System32\iesysprep.dll

2009-03-08 11:33 107,520 ----a-w c:\windows\System32\RegisterIEPKEYs.exe

2009-03-08 11:33 107,008 ----a-w c:\windows\System32\SetIEInstalledDate.exe

2009-03-08 11:33 103,936 ----a-w c:\windows\System32\SetDepNx.exe

2009-03-08 11:32 72,704 ----a-w c:\windows\System32\admparse.dll

2009-03-08 11:32 71,680 ----a-w c:\windows\System32\iesetup.dll

2009-03-08 11:32 66,560 ----a-w c:\windows\System32\wextract.exe

2009-03-08 11:32 169,472 ----a-w c:\windows\System32\iexpress.exe

2009-03-08 11:31 48,128 ----a-w c:\windows\System32\mshtmler.dll

2009-03-08 11:31 45,568 ----a-w c:\windows\System32\mshta.exe

2009-03-08 11:31 34,816 ----a-w c:\windows\System32\imgutil.dll

2009-03-08 11:22 156,160 ----a-w c:\windows\System32\msls31.dll

2009-03-05 19:51 --------- d-----w c:\program files\Opera

2009-03-02 22:12 --------- d-----w c:\program files\Google

2009-03-02 15:02 615,424 ----a-w c:\windows\System32\themeui.dll

2009-03-02 15:02 240,128 ----a-w c:\windows\System32\uxtheme.dll

2009-02-26 19:12 --------- d-----w c:\program files\Microsoft Silverlight

2009-02-24 11:53 --------- d-----w c:\programdata\Skype

2009-02-24 11:53 --------- d-----w c:\program files\Common Files\Skype

2009-02-24 11:53 --------- d-----r c:\program files\Skype

2009-02-24 11:38 --------- d-----w c:\program files\MSECache

2009-02-24 11:38 --------- d-----w c:\program files\Microsoft Works

2009-02-17 21:00 --------- d-----w c:\programdata\Nokia

2009-02-17 20:47 --------- d-----w c:\users\Laptop\AppData\Roaming\Nokia

2009-02-17 20:42 0 ---ha-w c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf

2009-02-17 20:42 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf

2009-02-17 20:40 --------- d-----w c:\program files\Common Files\PCSuite

2009-02-17 20:38 --------- d-----w c:\program files\PC Connectivity Solution

2009-02-16 18:58 --------- d-----w c:\users\Laptop\AppData\Roaming\BESTplayer

2009-02-15 21:08 89,601 ----a-w c:\windows\system32\drivers\klick.dat

2009-02-15 21:08 33,808 ----a-w c:\windows\system32\drivers\klbg.sys

2009-02-15 21:08 101,287 ----a-w c:\windows\system32\drivers\klin.dat

2009-02-15 20:51 --------- d-----w c:\program files\Kaspersky Lab

2009-02-15 20:46 --------- d-----w c:\programdata\Spybot - Search & Destroy

2009-02-15 20:46 --------- d-----w c:\program files\Spybot - Search & Destroy

2009-02-15 20:44 --------- d-----w c:\programdata\Kaspersky Lab Setup Files

2009-02-15 14:09 22,328 ----a-w c:\windows\system32\drivers\PnkBstrK.sys

2009-02-15 14:09 103,736 ----a-w c:\windows\System32\PnkBstrB.exe

2009-02-09 22:35 --------- d-----w c:\program files\Nowe Gadu-Gadu

2009-02-06 17:57 308,104 ----a-w c:\windows\WLXPGSS.SCR

2009-02-06 16:52 49,504 ----a-w c:\windows\System32\sirenacm.dll

2009-02-06 13:53 --------- d-----w c:\program files\IEPro

2009-02-06 12:09 0 ---ha-w c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_05_00.Wdf

2009-02-06 12:09 --------- d-----w c:\users\Laptop\AppData\Roaming\PC Suite

2009-02-06 12:09 --------- d-----w c:\programdata\PC Suite

2009-02-06 12:02 --------- d-----w c:\program files\DIFX

2009-02-05 18:39 17,064 ----a-w c:\windows\system32\drivers\SiWinAcc.sys

2009-02-05 18:39 12,200 ----a-w c:\windows\system32\drivers\SiRemFil.sys

2009-02-05 18:38 212,520 ----a-w c:\windows\system32\drivers\Si3531.sys

2009-02-05 18:38 119,848 ----a-w c:\windows\System32\SilSupp.dll

2009-01-26 20:03 66,872 ----a-w c:\windows\System32\PnkBstrA.exe

2009-01-04 18:02 410,984 ----a-w c:\windows\System32\deploytk.dll

2008-07-09 21:35 56 ---ha-w c:\users\All Users\ezsidmv.dat

2008-07-09 21:35 56 ---ha-w c:\programdata\ezsidmv.dat

2008-01-21 02:43 174 --sha-w c:\program files\desktop.ini

2007-08-12 11:07 557,056 ----a-w c:\program files\lame.exe

2007-08-12 09:26 88,727 ----a-w c:\program files\history.html

2007-06-28 14:41 4,071 ----a-w c:\program files\contributors.html

2007-05-25 13:04 8,074 ----a-w c:\program files\id3.html

2007-05-25 13:04 2,218 ----a-w c:\program files\index.html

2006-04-29 18:46 179 ----a-w c:\program files\Free-Codecs.txt

2005-08-22 10:29 49,511 ----a-w c:\program files\switchs.html

2005-08-09 06:25 4,922 ----a-w c:\program files\basic.html

2005-08-09 06:25 1,705 ----a-w c:\program files\examples.html

2005-07-28 05:11 3,102 ----a-w c:\program files\presets.html

2004-08-27 05:03 2,288 ----a-w c:\program files\modes.html

2001-10-24 11:44 6,967 ----a-w c:\program files\node6.html

2000-12-03 22:00 732 ----a-w c:\program files\lame.css

.

((((((((((((((((((((((((((((( SnapShot_2009-04-01_14.47.37,41 )))))))))))))))))))))))))))))))))))))))))

.

- 2009-04-01 12:36:10 101,250 ----a-w c:\windows\System32\perfc009.dat

+ 2009-04-01 12:55:48 101,250 ----a-w c:\windows\System32\perfc009.dat

- 2009-04-01 12:36:10 126,908 ----a-w c:\windows\System32\perfc015.dat

+ 2009-04-01 12:55:48 126,908 ----a-w c:\windows\System32\perfc015.dat

- 2009-04-01 12:36:10 587,178 ----a-w c:\windows\System32\perfh009.dat

+ 2009-04-01 12:55:48 587,178 ----a-w c:\windows\System32\perfh009.dat

- 2009-04-01 12:36:10 662,056 ----a-w c:\windows\System32\perfh015.dat

+ 2009-04-01 12:55:48 662,056 ----a-w c:\windows\System32\perfh015.dat

.

((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Nowe Gadu-Gadu"="c:\program files\Nowe Gadu-Gadu\gg.exe" [2009-02-27 9339496]

"eMuleAutoStart"="f:\emule\emule.exe" [2009-02-22 5668864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"OSD"="c:\program files\C&E\OSD\osd.exe" [2007-07-10 557056]

"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-02-12 174872]

"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-05-22 86016]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-05-22 8433664]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-05-22 81920]

"LXCCCATS"="c:\windows\system32\spool\DRIVERS\W32X86\3\LXCCtime.dll" [2007-02-22 73728]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-04 136600]

"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2009-02-15 206088]

"WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-03-09 37888]

"WheelMouse"="c:\program files\A4Tech\Mouse\Amoumain.exe" [2008-03-06 241664]

"RtHDVCpl"="RtHDVCpl.exe" [2007-05-10 c:\windows\RtHDVCpl.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\progra~1\KASPER~1\KASPER~1\mzvkbd.dll c:\progra~1\KASPER~1\KASPER~1\mzvkbd3.dll c:\progra~1\KASPER~1\KASPER~1\adialhk.dll c:\progra~1\KASPER~1\KASPER~1\kloehk.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"vidc.i420"= i420vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

--a------ 2009-02-27 18:10 35696 c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

--a------ 2006-12-23 19:05 143360 c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint]

--a------ 2007-05-11 08:58 103344 c:\program files\Lexmark 3300 Series\ezprint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]

--a----t- 2008-12-30 21:11 133104 c:\users\Laptop\AppData\Local\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

--a------ 2007-10-14 22:17 49152 c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxccmon.exe]

--a------ 2007-05-11 08:58 205744 c:\program files\Lexmark 3300 Series\lxccmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

--a------ 2006-01-12 16:40 155648 c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

--a------ 2009-01-05 17:18 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]

--a------ 2006-11-22 11:31 630784 c:\program files\Motorola\SMSERIAL\sm56hlpr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2086174230-4289690797-2513951421-1000]

"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"TCP Query User{386E2864-7A76-493A-881E-6737B38614CA}c:\\program files\\skype\\phone\\skype.exe"= UDP:c:\program files\skype\phone\skype.exe:Onet.pl - Skype

"UDP Query User{00C8230F-1770-40C9-8A41-602FF7907947}c:\\program files\\skype\\phone\\skype.exe"= TCP:c:\program files\skype\phone\skype.exe:Onet.pl - Skype

"TCP Query User{52C7F2BB-2BD0-4907-9A40-82E301803BB0}f:\\emule\\emule.exe"= UDP:f:\emule\emule.exe:eMule

"UDP Query User{CA5074AB-68C8-4AF7-8D20-9DE78E7DABFC}f:\\emule\\emule.exe"= TCP:f:\emule\emule.exe:eMule

"{8E2215DF-3929-438D-BFF9-BECD09ACB510}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\lxccpswx.exe:Printer Status Window

"{5D0C88CC-5BF2-40B5-BDEF-A08F27BA68AC}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\lxccpswx.exe:Printer Status Window

"{3239DDAF-8E60-4875-83DC-EFF6583CCF42}"= UDP:c:\program files\Winamp Remote\bin\Orb.exe:Orb

"{3F0806F9-78B3-42E7-B8FC-B10BB94E6795}"= TCP:c:\program files\Winamp Remote\bin\Orb.exe:Orb

"{0AA606EF-4E84-4626-A83D-DBBAAA74BE9E}"= UDP:c:\program files\Winamp Remote\bin\OrbTray.exe:OrbTray

"{9EEE64DB-2140-4B6F-9ED1-C8C0AB997CA6}"= TCP:c:\program files\Winamp Remote\bin\OrbTray.exe:OrbTray

"{9C1B5F97-A64B-42BB-B7F8-3AD571C9217C}"= UDP:c:\program files\Winamp Remote\bin\OrbIR.exe:OrbIR

"{C8548B7C-2FC7-49FF-9244-025E307E9340}"= TCP:c:\program files\Winamp Remote\bin\OrbIR.exe:OrbIR

"{69ED2C58-2C25-488D-82D9-DC0D8C71A230}"= UDP:c:\program files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client

"{190BACC0-C531-44FD-AA94-6BF5D2ED26BC}"= TCP:c:\program files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client

"TCP Query User{286B635F-8FD2-4E73-B23D-49C259755927}c:\\program files\\nowe gadu-gadu\\gg.exe"= UDP:c:\program files\nowe gadu-gadu\gg.exe:Nowe Gadu-Gadu beta

"UDP Query User{FD867EBD-3298-4C57-B575-B4E37B088E63}c:\\program files\\nowe gadu-gadu\\gg.exe"= TCP:c:\program files\nowe gadu-gadu\gg.exe:Nowe Gadu-Gadu beta

"TCP Query User{69111F47-66E1-492B-83A5-1A53F7881DE6}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer

"UDP Query User{615EF356-1308-4137-AB6A-C79D284B24FC}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer

"{260A6843-7E36-483B-BE92-BEC06DE8F7CE}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{9890E7EA-2BFF-420A-9E27-9E735220F8DE}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{3C98D4D6-2A27-4D74-B81B-A3344C4747F8}"= c:\program files\Skype\Phone\Skype.exe:Skype

"{491E7840-6121-4AED-8717-26EC169FFEA6}"= UDP:c:\windows\System32\lxcccoms.exe:Lexmark Communications System

"{9F6D51A8-4E7A-4D87-AA41-3C21BDE12BBF}"= TCP:c:\windows\System32\lxcccoms.exe:Lexmark Communications System

"{56A4266E-9D94-45C6-84A9-63A2FE79CE59}"= Disabled:UDP:e:\setup\HPZNUI01.EXE:hpznui01.exe

"{187F11DE-7D1B-4C3C-9ACC-9C4D26D53484}"= Disabled:TCP:e:\setup\HPZNUI01.EXE:hpznui01.exe

"{AD37D949-D65E-4638-A34B-3A87B5E05E93}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpqtra08.exe:hpqtra08.exe

"{DA778BCD-FA86-401D-B0F6-7704F020174A}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpqtra08.exe:hpqtra08.exe

"{FD7D6657-BBF2-4DEC-9CA2-E06B4C6DB2A9}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpqste08.exe:hpqste08.exe

"{5F46B7DE-9D18-4CE9-9C64-F26409AFC333}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpqste08.exe:hpqste08.exe

"{BB6E38CE-8B14-4841-85E1-1CBABD86B25E}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpofxm08.exe:hpofxm08.exe

"{964C0714-A8A2-409E-A9EB-13BDB592C6A7}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpofxm08.exe:hpofxm08.exe

"{BFF30B9C-3D09-47C1-B0C4-07CF4D3D1EE4}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hposfx08.exe:hposfx08.exe

"{6C89C5DB-712A-4CBC-B9BE-EFA6186D0B61}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hposfx08.exe:hposfx08.exe

"{48138B62-DD57-4434-AC33-7EFFA35A5783}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hposid01.exe:hposid01.exe

"{3A69EA76-C469-4A25-80AE-96A95C6D7F20}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hposid01.exe:hposid01.exe

"{46C63F37-FFD6-40BE-99BF-3ABF220F45CE}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpqkygrp.exe:hpqkygrp.exe

"{F1035169-11AA-4A41-AC6B-F1F48740C16C}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpqkygrp.exe:hpqkygrp.exe

"{8FE3FC4B-71F6-463F-9D1F-763C0844EAD9}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpzwiz01.exe:hpzwiz01.exe

"{00B5B898-0615-4073-B554-94F817D71682}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpzwiz01.exe:hpzwiz01.exe

"TCP Query User{2767DDDA-C606-4070-A04B-423FF65A3029}c:\\program files\\common files\\ahead\\nero web\\setupx.exe"= UDP:c:\program files\common files\ahead\nero web\setupx.exe:MSI starter

"UDP Query User{45F7C29F-7D48-4F45-A26C-B66A32480A54}c:\\program files\\common files\\ahead\\nero web\\setupx.exe"= TCP:c:\program files\common files\ahead\nero web\setupx.exe:MSI starter

"TCP Query User{A7A25341-866A-4BBB-B709-006B1EB44AC7}c:\\users\\laptop\\appdata\\local\\temp\\nero web\\setupxu.exe"= UDP:c:\users\laptop\appdata\local\temp\nero web\setupxu.exe:setupxu.exe

"UDP Query User{32844D74-0933-4372-AC4E-0245A2DD39C3}c:\\users\\laptop\\appdata\\local\\temp\\nero web\\setupxu.exe"= TCP:c:\users\laptop\appdata\local\temp\nero web\setupxu.exe:setupxu.exe

"{EDB24A59-2CBE-453F-8CD8-F001A349D390}"= UDP:c:\program files\ALLPlayer\ALLPlayer.exe:ALLPlayer V3.6

"{71C8888F-189E-4EEF-9440-DC47CD058005}"= TCP:c:\program files\ALLPlayer\ALLPlayer.exe:ALLPlayer V3.6

"TCP Query User{5009CEDA-38E4-4810-B9B8-B8FED604F0A3}c:\\program files\\ipla\\ipla.exe"= Disabled:UDP:c:\program files\ipla\ipla.exe:ipla

"UDP Query User{0679F1E3-FF97-43EC-921D-DBEF310C3739}c:\\program files\\ipla\\ipla.exe"= Disabled:TCP:c:\program files\ipla\ipla.exe:ipla

"{92A77583-BDB9-4466-959B-D67F93C5D280}"= UDP:d:\dokumenty\SKRÓTY\BESTplayer.exe:BESTplayer

"{5DCAC31D-1200-4BE2-B267-832D7FB916D5}"= TCP:d:\dokumenty\SKRÓTY\BESTplayer.exe:BESTplayer

"TCP Query User{A8DCA954-131D-4318-84A7-4BA5F836C548}c:\\program files\\common files\\nokia\\service layer\\a\\nsl_host_process.exe"= UDP:c:\program files\common files\nokia\service layer\a\nsl_host_process.exe:Nokia Service Layer Host Process

"UDP Query User{FDFF216A-C11F-4A44-A740-82C337A8FE39}c:\\program files\\common files\\nokia\\service layer\\a\\nsl_host_process.exe"= TCP:c:\program files\common files\nokia\service layer\a\nsl_host_process.exe:Nokia Service Layer Host Process

"TCP Query User{7CC2DE6C-CB2F-4042-B1DC-5108C4FD5468}c:\\program files\\nokia\\nokia software updater\\nsu_ui_client.exe"= UDP:c:\program files\nokia\nokia software updater\nsu_ui_client.exe:Nokia Software Updater

"UDP Query User{F8263D1F-9B0D-424F-BD17-2F198A665650}c:\\program files\\nokia\\nokia software updater\\nsu_ui_client.exe"= TCP:c:\program files\nokia\nokia software updater\nsu_ui_client.exe:Nokia Software Updater

"{95CEDC89-82F3-424C-BE48-B3453D508566}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]

"DoNotAllowExceptions"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]

"c:\\Program Files\\IEPro\\MiniDM.exe"= c:\program files\IEPro\MiniDM.exe:*:Enabled:MiniDM

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\System32\drivers\klbg.sys [2008-01-29 33808]

R0 Si3531;SiI-3531 SATA Controller;c:\windows\System32\drivers\Si3531.sys [2009-02-05 212520]

R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\System32\drivers\klim6.sys [2008-07-09 20496]

R2 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]

R3 itecir;ITECIR Infrared Receiver;c:\windows\System32\drivers\itecir.sys [2008-07-03 46592]

R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\System32\drivers\klfltdev.sys [2008-03-13 26640]

S2 ELOADER;General Purpose USB Driver (adildr.sys);c:\windows\System32\drivers\adildr.sys [2008-07-04 56088]

S3 BthAvrcp;Profil AVRCP Bluetooth;c:\windows\System32\drivers\BthAvrcp.sys [2008-07-10 15872]

S3 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [2009-03-31 55280]

S3 fsssvc;Bezpieczeństwo rodzinne usługi Windows Live;c:\program files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360]

S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\System32\drivers\nmwcdnsu.sys [2008-02-01 138112]

S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\System32\drivers\nmwcdnsuc.sys [2008-02-01 8320]

S3 WSDPrintDevice;Obsługa drukowania WSD za pośrednictwem bloku pamięci górnej;c:\windows\System32\drivers\WSDPrint.sys [2008-01-21 16896]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

bthsvcs REG_MULTI_SZ BthServ

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

HPService REG_MULTI_SZ HPSLPSVC

.

Zawartość folderu 'Zaplanowane zadania'

2009-03-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2086174230-4289690797-2513951421-1000.job

- c:\users\Laptop\AppData\Local\Google\Update\GoogleUpdate.exe [2008-12-30 21:11]

2009-04-01 c:\windows\Tasks\User_Feed_Synchronization-{468D4863-301B-45D7-B757-1A9A8FC3EEAD}.job

- c:\windows\system32\msfeedssync.exe [2009-03-08 13:31]

.

.

------- Skan uzupełniający -------

.

uStart Page = hxxp://www.onet.pl/

IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

IE: {{000002a3-84fe-43f1-b958-f2c3ca804f1a} - {CD275D4E-791A-4993-9D4D-6A071EDD2709} - c:\program files\IEPro\iepro.dll

TCP: {17FE983C-3C50-4B2E-8E09-EAFD8B44B768} = 194.204.159.1 217.98.63.164

DPF: {1E53EA77-34F2-474E-9046-B2B0C86F1821} - hxxp://www.eska.pl/streamplayers/OggX.ocx

FF - ProfilePath - c:\users\Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\kf671xau.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.onet.pl/

FF - component: c:\program files\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll

FF - plugin: c:\program files\K-Lite Codec Pack\Media Player Classic\Netscape6\nppl3260.dll

FF - plugin: c:\program files\K-Lite Codec Pack\Media Player Classic\Netscape6\nprjplug.dll

FF - plugin: c:\program files\K-Lite Codec Pack\Media Player Classic\Netscape6\nprpjplug.dll

FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll

FF - plugin: c:\program files\Opera\program\plugins\nppl3260.dll

FF - plugin: c:\program files\Opera\program\plugins\nprpjplug.dll

FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: c:\users\Laptop\AppData\Local\Google\Update\1.2.141.5\npGoogleOneClick7.dll

.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-04-01 15:00:42

Windows 6.0.6001 Service Pack 1 NTFS

skanowanie ukrytych procesów ...

skanowanie ukrytych wpisów autostartu ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

LXCCCATS = rundll32 c:\windows\system32\spool\DRIVERS\W32X86\3\LXCCtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

skanowanie ukrytych plików ...

skanowanie pomyślnie ukończone

ukryte pliki: 0

**************************************************************************

.

Czas ukończenia: 2009-04-01 15:03:35

ComboFix-quarantined-files.txt 2009-04-01 13:03:32

ComboFix2.txt 2009-04-01 12:49:53

ComboFix3.txt 2009-04-01 08:01:54

Przed: 15 097 524 224 bajtów wolnych

Po: 14,828,212,224 bajtów wolnych

Current=1 Default=1 Failed=0 LastKnownGood=10 Sets=1,2,3,4,5,6,7,8,9,10

322 --- E O F --- 2009-03-31 08:43:51

wrzucam końcowy screen po przeskanowaniu DR Web

dr_web.jpg

co teraz mam zrobić??

post-3202-1238604238_thumb.jpg

Gość
komentarz
komentarz

Zostawić, to na pewno nie wirusy.

.

Rafał-85
komentarz
komentarz (edytowane)

Usunąłem C:\Qoobox

ogólnie nie wygląda źle, ale np. czasami jak coś robię w folderach (kopiuję, zaznaczam i skanuję antywirusem) to wyskakuje komunikat że Eksplorator Windows przestał działać i uruchamia się ponownie ten Eksplorator(folder) wcześniej takie coś się raczej nie zdarzało.

czy coś jeszcze mam usunąć (Combofix itd)? przeprowadziłem już małą optymalizację.

cofam to co napisalem wczesniej!!! problem powrocil jak bumerang, przy okazji zauwazylem ze nie dziala firefox ktory jest moja domyslna przegladarka, word tez nie chce sie uruchomic.

ponizej screen sprzed kilku minut

01.04.2009.jpg

w przypadku worda przy probie zamkniecia tego co zaczelo sie uruchamiac wyskakuje taki komunikat

01.04.2009word.jpg

najlepsze jest to, że raz Windows uruchamia się i działa normalnie, a po restarcie znowu jest źle. Wczoraj wieczorem restartowałem chyba 4 razy i ciągle było źle a dziś włączyłem i za pierwszym razem ok.

:beksa::(

post-3202-1238612197_thumb.jpg

post-3202-1238612553_thumb.jpg

Gość
komentarz
komentarz

Użyj Przywracania Systemu do wybranej daty, wtedy gdy jeszcze nie było tych problemów.

.

Rafał-85
komentarz
komentarz (edytowane)
Użyj Przywracania Systemu do wybranej daty, wtedy gdy jeszcze nie było tych problemów.

zapomniałem wspomnieć że próbowałem użyć już tej funkcji, ale komputer restartuje się ale potem wyskakuje komunikat, że przywracanie systemu nie może zostać dokończone.

Problem nadal istnieje :(

dzisiejszy skan kaspersky'm

Pełne skanowanie: zakończono 2009-04-07 15:46:50 (zdarzeń: 13, obiektów: 369167, czas: 00:29:49)

2009-04-07 15:17:01 Zadanie zostało uruchomione

2009-04-07 15:17:05 Zagrożenie Luka http://www.viruslist.com/pl/advisories/34012 Niski poziom bezpieczeństwa Dokładne C:\Windows\system32\Macromed\Flash\NPSWF32.dll

2009-04-07 15:17:27 Zagrożenie Luka http://www.viruslist.com/pl/advisories/27620 Niski poziom bezpieczeństwa Dokładne C:\program files\k-lite codec pack\media player classic\realplay.exe

2009-04-07 15:20:17 Zagrożenie Luka http://www.viruslist.com/pl/advisories/34451 Niski poziom bezpieczeństwa Dokładne C:\program files\Java\jre6\bin\java.exe

2009-04-07 15:20:26 Zagrożenie Luka http://www.viruslist.com/pl/advisories/27620 Niski poziom bezpieczeństwa Dokładne C:\program files\k-lite codec pack\media player classic\realplay.exe

2009-04-07 15:23:42 Zagrożenie Luka http://www.viruslist.com/pl/advisories/34012 Niski poziom bezpieczeństwa Dokładne C:\program files\Opera\program\plugins\NPSWF32.dll

2009-04-07 15:26:44 Zagrożenie Luka http://www.viruslist.com/pl/advisories/29434 Niski poziom bezpieczeństwa Dokładne C:\ProgramData\{83C91755-2546-441D-AC40-9A6B4B860800}\mia.lib

2009-04-07 15:26:53 Zagrożenie Luka http://www.viruslist.com/pl/advisories/29434 Niski poziom bezpieczeństwa Dokładne C:\Users\All Users\{83C91755-2546-441D-AC40-9A6B4B860800}\mia.lib

2009-04-07 15:31:39 Zagrożenie Luka http://www.viruslist.com/pl/advisories/34451 Niski poziom bezpieczeństwa Dokładne C:\Windows\system32\java.exe

2009-04-07 15:35:40 Zagrożenie Luka http://www.viruslist.com/pl/advisories/34012 Niski poziom bezpieczeństwa Dokładne C:\Windows\system32\Macromed\Flash\Flash9b.ocx

2009-04-07 15:35:40 Zagrożenie Luka http://www.viruslist.com/pl/advisories/34012 Niski poziom bezpieczeństwa Dokładne C:\Windows\system32\Macromed\Flash\NPSWF32.dll

2009-04-07 15:35:40 Zagrożenie Luka http://www.viruslist.com/pl/advisories/34012 Niski poziom bezpieczeństwa Dokładne C:\Windows\system32\Macromed\Flash\Flash10a.ocx

2009-04-07 15:46:50 Zadanie zostało zakończone

a to wynik skanowania AD-aware, chyba te wirusy zostały usunięte, ponieważ kolejne skanowanie było czyste

efgh.jpg

Dzisiejsze logi. Dodam tylko że jak nie potraficie mi pomóc to w święta przeinstaluję vistę.

Combofix

ComboFix 09-04-04.01 - Laptop 2009-04-10 21:18:49.6 - NTFSx86

Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1250.1.1045.18.2046.1306 [GMT 2:00]

Uruchomiony z: D:\ComboFix.exe

AV: Kaspersky Internet Security *On-access scanning disabled* (Updated)

FW: Kaspersky Internet Security *disabled*

* Utworzono nowy punkt przywracania

.

((((((((((((((((((((((((( Pliki utworzone od 2009-03-10 do 2009-04-10 )))))))))))))))))))))))))))))))

.

2009-04-09 10:19 . 2009-04-09 10:19 <DIR> d-------- c:\users\Laptop\AppData\Roaming\GlarySoft

2009-04-09 10:13 . 2009-04-09 10:13 <DIR> d-------- c:\program files\Glary Utilities

2009-04-09 09:39 . 2009-04-09 09:39 <DIR> d-------- C:\CircleDock

2009-04-07 17:56 . 2009-04-07 17:56 <DIR> d-------- c:\users\Laptop\DoctorWeb

2009-04-07 13:23 . 2009-04-07 13:23 <DIR> d-------- c:\program files\A4Tech

2009-04-07 13:13 . 2009-04-07 13:14 <DIR> d-------- C:\Nowe Gadu-Gadu

2009-04-06 11:36 . 2009-04-06 11:01 15,688 --a------ c:\windows\System32\lsdelete.exe

2009-04-06 11:01 . 2009-04-06 11:01 64,160 --a------ c:\windows\System32\drivers\Lbd.sys

2009-04-06 10:55 . 2009-04-06 10:55 <DIR> d--h-c--- c:\users\All Users\{83C91755-2546-441D-AC40-9A6B4B860800}

2009-04-06 10:55 . 2009-04-06 10:55 <DIR> d--h-c--- c:\programdata\{83C91755-2546-441D-AC40-9A6B4B860800}

2009-04-06 08:18 . 2009-04-06 10:55 <DIR> d-------- c:\users\All Users\Lavasoft

2009-04-06 08:18 . 2009-04-06 10:55 <DIR> d-------- c:\programdata\Lavasoft

2009-04-06 08:18 . 2009-04-06 10:55 <DIR> d-------- c:\program files\Lavasoft

2009-03-31 20:15 . 2009-04-01 09:53 <DIR> d-------- C:\Default

2009-03-31 10:41 . 2009-03-31 10:41 <DIR> d-------- c:\program files\Microsoft Sync Framework

2009-03-31 10:41 . 2009-02-06 18:08 55,280 --a------ c:\windows\System32\drivers\fssfltr.sys

2009-03-31 10:40 . 2009-03-31 10:40 <DIR> d-------- c:\program files\Microsoft SQL Server Compact Edition

2009-03-31 10:40 . 2006-11-29 13:06 3,426,072 --a------ c:\windows\System32\d3dx9_32.dll

2009-03-31 10:39 . 2009-03-31 10:39 <DIR> d-------- c:\program files\Windows Live SkyDrive

2009-03-31 10:39 . 2009-03-31 10:41 <DIR> d-------- c:\program files\Windows Live

2009-03-31 10:08 . 2009-03-31 10:08 <DIR> d-------- c:\program files\Common Files\Windows Live

2009-03-29 19:14 . 2009-03-29 19:14 <DIR> d-------- c:\users\All Users\WindowsSearch

2009-03-29 19:14 . 2009-03-29 19:14 <DIR> d-------- c:\programdata\WindowsSearch

2009-03-24 23:16 . 2009-03-24 23:16 <DIR> d-------- c:\users\Laptop\AppData\Roaming\Thunderbird

2009-03-24 23:16 . 2009-03-24 23:16 <DIR> d-------- c:\program files\Mozilla Thunderbird 3 Beta 2

2009-03-23 21:48 . 2009-03-23 21:48 <DIR> d-------- c:\users\All Users\Real

2009-03-23 21:48 . 2009-03-23 21:48 <DIR> d-------- c:\program files\Real Alternative

2009-03-18 11:59 . 2009-03-23 12:02 <DIR> d-------- c:\users\Laptop\AppData\Roaming\Desktop Sidebar

2009-03-18 11:58 . 2009-03-18 11:58 <DIR> d-------- c:\program files\Desktop Sidebar

2009-03-11 16:00 . 2009-03-11 16:00 <DIR> d-------- c:\windows\System32\Adobe

2009-03-11 15:13 . 2009-03-11 15:13 <DIR> d-------- c:\users\All Users\Apple Computer

2009-03-11 15:13 . 2009-03-11 15:13 <DIR> d-------- c:\programdata\Apple Computer

2009-03-11 15:13 . 2009-03-11 15:13 <DIR> d-------- c:\program files\QuickTime

2009-03-10 22:24 . 2009-02-09 05:10 2,033,152 --a------ c:\windows\System32\win32k.sys

2009-03-10 22:24 . 2008-11-27 06:43 268,288 --a------ c:\windows\System32\schannel.dll

2009-03-10 18:11 . 2009-03-10 18:11 <DIR> d-------- c:\program files\Common Files\Adobe AIR

2009-03-10 18:11 . 2009-03-10 18:11 <DIR> d-------- c:\program files\Adobe Media Player

.

(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-04-10 19:07 --------- d-----w c:\programdata\Kaspersky Lab

2009-04-10 19:05 622,624 --sha-w c:\windows\system32\drivers\fidbox2.dat

2009-04-10 19:05 5,304 --sha-w c:\windows\system32\drivers\fidbox2.idx

2009-04-10 19:05 3,225,632 --sha-w c:\windows\system32\drivers\fidbox.dat

2009-04-10 19:05 28,376 --sha-w c:\windows\system32\drivers\fidbox.idx

2009-04-09 08:28 --------- d-----w c:\users\Laptop\AppData\Roaming\Skype

2009-04-09 08:27 --------- d-----w c:\program files\ALLPlayer

2009-04-07 18:51 --------- d-----w c:\users\Laptop\AppData\Roaming\Winamp

2009-04-06 17:00 91,614 ----a-w c:\users\Laptop\AppData\Roaming\nvModes.dat

2009-04-06 08:39 --------- d-----w c:\programdata\Spybot - Search & Destroy

2009-03-31 18:32 --------- d-----w c:\programdata\HP Product Assistant

2009-03-31 18:32 --------- d-----w c:\program files\Unlocker

2009-03-31 18:32 --------- d-----w c:\program files\Malwarebytes' Anti-Malware

2009-03-31 18:32 --------- d-----w c:\program files\CCleaner

2009-03-31 08:39 --------- d-----w c:\program files\Microsoft

2009-03-26 14:49 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys

2009-03-26 14:49 15,504 ----a-w c:\windows\system32\drivers\mbam.sys

2009-03-22 20:01 --------- d-----w c:\program files\Winamp

2009-03-18 15:30 --------- d-----w c:\users\Laptop\AppData\Roaming\skypePM

2009-03-17 20:26 --------- d-----w c:\program files\Common Files\Adobe

2009-03-16 21:10 --------- d-----w c:\program files\Nokia

2009-03-16 21:10 --------- d-----w c:\program files\Common Files\Nokia

2009-03-16 21:09 --------- d-----w c:\programdata\Installations

2009-03-10 20:28 --------- d-----w c:\program files\Windows Mail

2009-03-08 11:34 914,944 ----a-w c:\windows\System32\wininet.dll

2009-03-08 11:34 43,008 ----a-w c:\windows\System32\licmgr10.dll

2009-03-08 11:33 420,352 ----a-w c:\windows\System32\vbscript.dll

2009-03-08 11:33 18,944 ----a-w c:\windows\System32\corpol.dll

2009-03-08 11:33 132,608 ----a-w c:\windows\System32\ieUnatt.exe

2009-03-08 11:33 109,568 ----a-w c:\windows\System32\PDMSetup.exe

2009-03-08 11:33 109,056 ----a-w c:\windows\System32\iesysprep.dll

2009-03-08 11:33 107,520 ----a-w c:\windows\System32\RegisterIEPKEYs.exe

2009-03-08 11:33 107,008 ----a-w c:\windows\System32\SetIEInstalledDate.exe

2009-03-08 11:33 103,936 ----a-w c:\windows\System32\SetDepNx.exe

2009-03-08 11:32 72,704 ----a-w c:\windows\System32\admparse.dll

2009-03-08 11:32 71,680 ----a-w c:\windows\System32\iesetup.dll

2009-03-08 11:32 66,560 ----a-w c:\windows\System32\wextract.exe

2009-03-08 11:32 169,472 ----a-w c:\windows\System32\iexpress.exe

2009-03-08 11:31 48,128 ----a-w c:\windows\System32\mshtmler.dll

2009-03-08 11:31 45,568 ----a-w c:\windows\System32\mshta.exe

2009-03-08 11:31 34,816 ----a-w c:\windows\System32\imgutil.dll

2009-03-08 11:22 156,160 ----a-w c:\windows\System32\msls31.dll

2009-03-05 19:51 --------- d-----w c:\program files\Opera

2009-03-02 22:12 --------- d-----w c:\program files\Google

2009-03-02 15:02 615,424 ----a-w c:\windows\System32\themeui.dll

2009-03-02 15:02 240,128 ----a-w c:\windows\System32\uxtheme.dll

2009-03-02 13:36 --------- d-----w c:\program files\PITy

2009-02-26 19:12 --------- d-----w c:\program files\Microsoft Silverlight

2009-02-24 11:53 --------- d-----w c:\programdata\Skype

2009-02-24 11:53 --------- d-----w c:\program files\Common Files\Skype

2009-02-24 11:53 --------- d-----r c:\program files\Skype

2009-02-24 11:38 --------- d-----w c:\program files\MSECache

2009-02-24 11:38 --------- d-----w c:\program files\Microsoft Works

2009-02-17 21:00 --------- d-----w c:\programdata\Nokia

2009-02-17 20:47 --------- d-----w c:\users\Laptop\AppData\Roaming\Nokia

2009-02-17 20:40 --------- d-----w c:\program files\Common Files\PCSuite

2009-02-17 20:38 --------- d-----w c:\program files\PC Connectivity Solution

2009-02-16 18:58 --------- d-----w c:\users\Laptop\AppData\Roaming\BESTplayer

2009-02-15 21:08 89,601 ----a-w c:\windows\system32\drivers\klick.dat

2009-02-15 21:08 33,808 ----a-w c:\windows\system32\drivers\klbg.sys

2009-02-15 21:08 101,287 ----a-w c:\windows\system32\drivers\klin.dat

2009-02-15 20:51 --------- d-----w c:\program files\Kaspersky Lab

2009-02-15 20:44 --------- d-----w c:\programdata\Kaspersky Lab Setup Files

2009-02-15 14:09 22,328 ----a-w c:\windows\system32\drivers\PnkBstrK.sys

2009-02-15 14:09 103,736 ----a-w c:\windows\System32\PnkBstrB.exe

2009-02-06 17:57 308,104 ----a-w c:\windows\WLXPGSS.SCR

2009-02-06 16:52 49,504 ----a-w c:\windows\System32\sirenacm.dll

2009-02-05 18:38 119,848 ----a-w c:\windows\System32\SilSupp.dll

2009-01-26 20:03 66,872 ----a-w c:\windows\System32\PnkBstrA.exe

2008-07-09 21:35 56 ---ha-w c:\users\All Users\ezsidmv.dat

2008-07-09 21:35 56 ---ha-w c:\programdata\ezsidmv.dat

2008-01-21 02:43 174 --sha-w c:\program files\desktop.ini

2007-08-12 11:07 557,056 ----a-w c:\program files\lame.exe

2007-08-12 09:26 88,727 ----a-w c:\program files\history.html

2007-06-28 14:41 4,071 ----a-w c:\program files\contributors.html

2007-05-25 13:04 8,074 ----a-w c:\program files\id3.html

2007-05-25 13:04 2,218 ----a-w c:\program files\index.html

2006-04-29 18:46 179 ----a-w c:\program files\Free-Codecs.txt

2005-08-22 10:29 49,511 ----a-w c:\program files\switchs.html

2005-08-09 06:25 4,922 ----a-w c:\program files\basic.html

2005-08-09 06:25 1,705 ----a-w c:\program files\examples.html

2005-07-28 05:11 3,102 ----a-w c:\program files\presets.html

2004-08-27 05:03 2,288 ----a-w c:\program files\modes.html

2001-10-24 11:44 6,967 ----a-w c:\program files\node6.html

2000-12-03 22:00 732 ----a-w c:\program files\lame.css

.

((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Nowe Gadu-Gadu"="c:\program files\Nowe Gadu-Gadu\gg.exe" [2009-02-27 9339496]

"eMuleAutoStart"="f:\emule\emule.exe" [2009-02-22 5668864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"OSD"="c:\program files\C&E\OSD\osd.exe" [2007-07-10 557056]

"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-02-12 174872]

"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-05-22 86016]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-05-22 8433664]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-05-22 81920]

"LXCCCATS"="c:\windows\system32\spool\DRIVERS\W32X86\3\LXCCtime.dll" [2007-02-22 73728]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-04 136600]

"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2009-02-15 206088]

"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-04-06 515416]

"WheelMouse"="c:\program files\A4Tech\Mouse\Amoumain.exe" [2008-03-06 241664]

"WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-03-09 37888]

"RtHDVCpl"="RtHDVCpl.exe" [2007-05-10 c:\windows\RtHDVCpl.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\progra~1\KASPER~1\KASPER~1\mzvkbd.dll c:\progra~1\KASPER~1\KASPER~1\mzvkbd3.dll c:\progra~1\KASPER~1\KASPER~1\adialhk.dll c:\progra~1\KASPER~1\KASPER~1\kloehk.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"vidc.i420"= i420vfw.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

--a------ 2009-02-27 18:10 35696 c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

--a------ 2006-12-23 19:05 143360 c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint]

--a------ 2007-05-11 08:58 103344 c:\program files\Lexmark 3300 Series\ezprint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]

--a----t- 2008-12-30 21:11 133104 c:\users\Laptop\AppData\Local\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

--a------ 2007-10-14 22:17 49152 c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxccmon.exe]

--a------ 2007-05-11 08:58 205744 c:\program files\Lexmark 3300 Series\lxccmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

--a------ 2006-01-12 16:40 155648 c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

--a------ 2009-01-05 17:18 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]

--a------ 2006-11-22 11:31 630784 c:\program files\Motorola\SMSERIAL\sm56hlpr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2086174230-4289690797-2513951421-1000]

"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"TCP Query User{386E2864-7A76-493A-881E-6737B38614CA}c:\\program files\\skype\\phone\\skype.exe"= UDP:c:\program files\skype\phone\skype.exe:Onet.pl - Skype

"UDP Query User{00C8230F-1770-40C9-8A41-602FF7907947}c:\\program files\\skype\\phone\\skype.exe"= TCP:c:\program files\skype\phone\skype.exe:Onet.pl - Skype

"TCP Query User{52C7F2BB-2BD0-4907-9A40-82E301803BB0}f:\\emule\\emule.exe"= UDP:f:\emule\emule.exe:eMule

"UDP Query User{CA5074AB-68C8-4AF7-8D20-9DE78E7DABFC}f:\\emule\\emule.exe"= TCP:f:\emule\emule.exe:eMule

"{8E2215DF-3929-438D-BFF9-BECD09ACB510}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\lxccpswx.exe:Printer Status Window

"{5D0C88CC-5BF2-40B5-BDEF-A08F27BA68AC}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\lxccpswx.exe:Printer Status Window

"{3239DDAF-8E60-4875-83DC-EFF6583CCF42}"= UDP:c:\program files\Winamp Remote\bin\Orb.exe:Orb

"{3F0806F9-78B3-42E7-B8FC-B10BB94E6795}"= TCP:c:\program files\Winamp Remote\bin\Orb.exe:Orb

"{0AA606EF-4E84-4626-A83D-DBBAAA74BE9E}"= UDP:c:\program files\Winamp Remote\bin\OrbTray.exe:OrbTray

"{9EEE64DB-2140-4B6F-9ED1-C8C0AB997CA6}"= TCP:c:\program files\Winamp Remote\bin\OrbTray.exe:OrbTray

"{9C1B5F97-A64B-42BB-B7F8-3AD571C9217C}"= UDP:c:\program files\Winamp Remote\bin\OrbIR.exe:OrbIR

"{C8548B7C-2FC7-49FF-9244-025E307E9340}"= TCP:c:\program files\Winamp Remote\bin\OrbIR.exe:OrbIR

"{69ED2C58-2C25-488D-82D9-DC0D8C71A230}"= UDP:c:\program files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client

"{190BACC0-C531-44FD-AA94-6BF5D2ED26BC}"= TCP:c:\program files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client

"TCP Query User{286B635F-8FD2-4E73-B23D-49C259755927}c:\\program files\\nowe gadu-gadu\\gg.exe"= UDP:c:\program files\nowe gadu-gadu\gg.exe:Nowe Gadu-Gadu beta

"UDP Query User{FD867EBD-3298-4C57-B575-B4E37B088E63}c:\\program files\\nowe gadu-gadu\\gg.exe"= TCP:c:\program files\nowe gadu-gadu\gg.exe:Nowe Gadu-Gadu beta

"TCP Query User{69111F47-66E1-492B-83A5-1A53F7881DE6}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer

"UDP Query User{615EF356-1308-4137-AB6A-C79D284B24FC}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer

"{260A6843-7E36-483B-BE92-BEC06DE8F7CE}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{9890E7EA-2BFF-420A-9E27-9E735220F8DE}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{3C98D4D6-2A27-4D74-B81B-A3344C4747F8}"= c:\program files\Skype\Phone\Skype.exe:Skype

"{491E7840-6121-4AED-8717-26EC169FFEA6}"= UDP:c:\windows\System32\lxcccoms.exe:Lexmark Communications System

"{9F6D51A8-4E7A-4D87-AA41-3C21BDE12BBF}"= TCP:c:\windows\System32\lxcccoms.exe:Lexmark Communications System

"{56A4266E-9D94-45C6-84A9-63A2FE79CE59}"= Disabled:UDP:e:\setup\HPZNUI01.EXE:hpznui01.exe

"{187F11DE-7D1B-4C3C-9ACC-9C4D26D53484}"= Disabled:TCP:e:\setup\HPZNUI01.EXE:hpznui01.exe

"{AD37D949-D65E-4638-A34B-3A87B5E05E93}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpqtra08.exe:hpqtra08.exe

"{DA778BCD-FA86-401D-B0F6-7704F020174A}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpqtra08.exe:hpqtra08.exe

"{FD7D6657-BBF2-4DEC-9CA2-E06B4C6DB2A9}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpqste08.exe:hpqste08.exe

"{5F46B7DE-9D18-4CE9-9C64-F26409AFC333}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpqste08.exe:hpqste08.exe

"{BB6E38CE-8B14-4841-85E1-1CBABD86B25E}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpofxm08.exe:hpofxm08.exe

"{964C0714-A8A2-409E-A9EB-13BDB592C6A7}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpofxm08.exe:hpofxm08.exe

"{BFF30B9C-3D09-47C1-B0C4-07CF4D3D1EE4}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hposfx08.exe:hposfx08.exe

"{6C89C5DB-712A-4CBC-B9BE-EFA6186D0B61}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hposfx08.exe:hposfx08.exe

"{48138B62-DD57-4434-AC33-7EFFA35A5783}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hposid01.exe:hposid01.exe

"{3A69EA76-C469-4A25-80AE-96A95C6D7F20}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hposid01.exe:hposid01.exe

"{46C63F37-FFD6-40BE-99BF-3ABF220F45CE}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpqkygrp.exe:hpqkygrp.exe

"{F1035169-11AA-4A41-AC6B-F1F48740C16C}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpqkygrp.exe:hpqkygrp.exe

"{8FE3FC4B-71F6-463F-9D1F-763C0844EAD9}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpzwiz01.exe:hpzwiz01.exe

"{00B5B898-0615-4073-B554-94F817D71682}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpzwiz01.exe:hpzwiz01.exe

"TCP Query User{2767DDDA-C606-4070-A04B-423FF65A3029}c:\\program files\\common files\\ahead\\nero web\\setupx.exe"= UDP:c:\program files\common files\ahead\nero web\setupx.exe:MSI starter

"UDP Query User{45F7C29F-7D48-4F45-A26C-B66A32480A54}c:\\program files\\common files\\ahead\\nero web\\setupx.exe"= TCP:c:\program files\common files\ahead\nero web\setupx.exe:MSI starter

"TCP Query User{A7A25341-866A-4BBB-B709-006B1EB44AC7}c:\\users\\laptop\\appdata\\local\\temp\\nero web\\setupxu.exe"= UDP:c:\users\laptop\appdata\local\temp\nero web\setupxu.exe:setupxu.exe

"UDP Query User{32844D74-0933-4372-AC4E-0245A2DD39C3}c:\\users\\laptop\\appdata\\local\\temp\\nero web\\setupxu.exe"= TCP:c:\users\laptop\appdata\local\temp\nero web\setupxu.exe:setupxu.exe

"{EDB24A59-2CBE-453F-8CD8-F001A349D390}"= UDP:c:\program files\ALLPlayer\ALLPlayer.exe:ALLPlayer V3.6

"{71C8888F-189E-4EEF-9440-DC47CD058005}"= TCP:c:\program files\ALLPlayer\ALLPlayer.exe:ALLPlayer V3.6

"TCP Query User{5009CEDA-38E4-4810-B9B8-B8FED604F0A3}c:\\program files\\ipla\\ipla.exe"= Disabled:UDP:c:\program files\ipla\ipla.exe:ipla

"UDP Query User{0679F1E3-FF97-43EC-921D-DBEF310C3739}c:\\program files\\ipla\\ipla.exe"= Disabled:TCP:c:\program files\ipla\ipla.exe:ipla

"{92A77583-BDB9-4466-959B-D67F93C5D280}"= UDP:d:\dokumenty\SKRÓTY\BESTplayer.exe:BESTplayer

"{5DCAC31D-1200-4BE2-B267-832D7FB916D5}"= TCP:d:\dokumenty\SKRÓTY\BESTplayer.exe:BESTplayer

"TCP Query User{A8DCA954-131D-4318-84A7-4BA5F836C548}c:\\program files\\common files\\nokia\\service layer\\a\\nsl_host_process.exe"= UDP:c:\program files\common files\nokia\service layer\a\nsl_host_process.exe:Nokia Service Layer Host Process

"UDP Query User{FDFF216A-C11F-4A44-A740-82C337A8FE39}c:\\program files\\common files\\nokia\\service layer\\a\\nsl_host_process.exe"= TCP:c:\program files\common files\nokia\service layer\a\nsl_host_process.exe:Nokia Service Layer Host Process

"TCP Query User{7CC2DE6C-CB2F-4042-B1DC-5108C4FD5468}c:\\program files\\nokia\\nokia software updater\\nsu_ui_client.exe"= UDP:c:\program files\nokia\nokia software updater\nsu_ui_client.exe:Nokia Software Updater

"UDP Query User{F8263D1F-9B0D-424F-BD17-2F198A665650}c:\\program files\\nokia\\nokia software updater\\nsu_ui_client.exe"= TCP:c:\program files\nokia\nokia software updater\nsu_ui_client.exe:Nokia Software Updater

"{95CEDC89-82F3-424C-BE48-B3453D508566}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]

"DoNotAllowExceptions"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]

"c:\\Program Files\\IEPro\\MiniDM.exe"= c:\program files\IEPro\MiniDM.exe:*:Enabled:MiniDM

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\System32\drivers\klbg.sys [2008-01-29 33808]

R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [2009-04-06 64160]

R0 Si3531;SiI-3531 SATA Controller;c:\windows\System32\drivers\Si3531.sys [2009-02-05 212520]

R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\System32\drivers\klim6.sys [2008-07-09 20496]

R2 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]

R3 itecir;ITECIR Infrared Receiver;c:\windows\System32\drivers\itecir.sys [2008-07-03 46592]

R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\System32\drivers\klfltdev.sys [2008-03-13 26640]

S2 ELOADER;General Purpose USB Driver (adildr.sys);c:\windows\System32\drivers\adildr.sys [2008-07-04 56088]

S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-01-18 951632]

S3 BthAvrcp;Profil AVRCP Bluetooth;c:\windows\System32\drivers\BthAvrcp.sys [2008-07-10 15872]

S3 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [2009-03-31 55280]

S3 fsssvc;Bezpieczeństwo rodzinne usługi Windows Live;c:\program files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360]

S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\System32\drivers\nmwcdnsu.sys [2008-02-01 138112]

S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\System32\drivers\nmwcdnsuc.sys [2008-02-01 8320]

S3 WSDPrintDevice;Obsługa drukowania WSD za pośrednictwem bloku pamięci górnej;c:\windows\System32\drivers\WSDPrint.sys [2008-01-21 16896]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

bthsvcs REG_MULTI_SZ BthServ

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

HPService REG_MULTI_SZ HPSLPSVC

.

Zawartość folderu 'Zaplanowane zadania'

2009-04-06 c:\windows\Tasks\Ad-Aware Update (Weekly).job

- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-04-06 11:00]

2009-04-10 c:\windows\Tasks\GlaryInitialize.job

- c:\program files\Glary Utilities\initialize.exe [2009-03-23 09:49]

2009-04-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2086174230-4289690797-2513951421-1000.job

- c:\users\Laptop\AppData\Local\Google\Update\GoogleUpdate.exe [2008-12-30 21:11]

2009-04-10 c:\windows\Tasks\User_Feed_Synchronization-{468D4863-301B-45D7-B757-1A9A8FC3EEAD}.job

- c:\windows\system32\msfeedssync.exe [2009-03-08 13:31]

.

.

------- Skan uzupełniający -------

.

uStart Page = hxxp://www.onet.pl/

IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

IE: {{000002a3-84fe-43f1-b958-f2c3ca804f1a} - {CD275D4E-791A-4993-9D4D-6A071EDD2709} - c:\program files\IEPro\iepro.dll

TCP: {17FE983C-3C50-4B2E-8E09-EAFD8B44B768} = 194.204.159.1 217.98.63.164

DPF: {1E53EA77-34F2-474E-9046-B2B0C86F1821} - hxxp://www.eska.pl/streamplayers/OggX.ocx

FF - ProfilePath - c:\users\Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\kf671xau.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.onet.pl/

FF - component: c:\program files\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll

FF - plugin: c:\program files\K-Lite Codec Pack\Media Player Classic\Netscape6\nppl3260.dll

FF - plugin: c:\program files\K-Lite Codec Pack\Media Player Classic\Netscape6\nprjplug.dll

FF - plugin: c:\program files\K-Lite Codec Pack\Media Player Classic\Netscape6\nprpjplug.dll

FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll

FF - plugin: c:\program files\Opera\program\plugins\nppl3260.dll

FF - plugin: c:\program files\Opera\program\plugins\nprpjplug.dll

FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: c:\users\Laptop\AppData\Local\Google\Update\1.2.141.5\npGoogleOneClick7.dll

.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-04-10 21:20:44

Windows 6.0.6001 Service Pack 1 NTFS

skanowanie ukrytych procesów ...

skanowanie ukrytych wpisów autostartu ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

LXCCCATS = rundll32 c:\windows\system32\spool\DRIVERS\W32X86\3\LXCCtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

skanowanie ukrytych plików ...

skanowanie pomyślnie ukończone

ukryte pliki: 0

**************************************************************************

.

Czas ukończenia: 2009-04-10 21:23:09

ComboFix-quarantined-files.txt 2009-04-10 19:23:06

Przed: 16 620 965 888 bajtów wolnych

Po: 16,360,943,616 bajtów wolnych

311 --- E O F --- 2009-04-05 20:19:52

hijackthis

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 23:01:50, on 2009-03-31

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe

C:\Windows\system32\spool\DRIVERS\W32X86\3\lxccjswx.exe

C:\Windows\system32\conime.exe

C:\Windows\Explorer.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\Windows\system32\SearchFilterHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: Idea2 SidebarBrowserMonitor Class - {45AD732C-2CE2-4666-B366-B2214AD57A49} - C:\Program Files\Desktop Sidebar\sbhelp.dll

O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: Pomocnik rejestracji usługi Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [OSD] C:\Program Files\C&E\OSD\osd.exe

O4 - HKLM\..\Run: [iAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"

O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [LXCCCATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\LXCCtime.dll,_RunDLLEntry@16

O4 - HKLM\..\Run: [lxccmon.exe] "C:\Program Files\Lexmark 3300 Series\lxccmon.exe"

O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 3300 Series\ezprint.exe"

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"

O4 - HKCU\..\Run: [Nowe Gadu-Gadu] "C:\Program Files\Nowe Gadu-Gadu\gg.exe"

O4 - HKCU\..\Run: [Google Update] "C:\Users\Laptop\AppData\Local\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [eMuleAutoStart] F:\eMule\emule.exe -AutoStart

O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O9 - Extra button: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll

O9 - Extra 'Tools' menuitem: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll

O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll

O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll

O9 - Extra button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll

O9 - Extra 'Tools' menuitem: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll

O9 - Extra button: Statystyki ochrony WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll

O9 - Extra button: Wpis w blogu - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Wpis w blogu w Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O9 - Extra button: Zaznaczanie HP Smart - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O13 - Gopher Prefix:

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab

O16 - DPF: {1E53EA77-34F2-474E-9046-B2B0C86F1821} (OggX Control) - http://www.eska.pl/streamplayers/OggX.ocx

O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1223054121928

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1223054797661

O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) - http://bok.plusgsm.pl/rnt/rnl/java/RntX.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{17FE983C-3C50-4B2E-8E09-EAFD8B44B768}: NameServer = 194.204.159.1 217.98.63.164

O17 - HKLM\System\CS1\Services\Tcpip\..\{17FE983C-3C50-4B2E-8E09-EAFD8B44B768}: NameServer = 194.204.159.1 217.98.63.164

O17 - HKLM\System\CS3\Services\Tcpip\..\{17FE983C-3C50-4B2E-8E09-EAFD8B44B768}: NameServer = 194.204.159.1 217.98.63.164

O17 - HKLM\System\CS5\Services\Tcpip\..\{17FE983C-3C50-4B2E-8E09-EAFD8B44B768}: NameServer = 194.204.159.1 217.98.63.164

O17 - HKLM\System\CS6\Services\Tcpip\..\{17FE983C-3C50-4B2E-8E09-EAFD8B44B768}: NameServer = 194.204.159.1 217.98.63.164

O17 - HKLM\System\CS8\Services\Tcpip\..\{17FE983C-3C50-4B2E-8E09-EAFD8B44B768}: NameServer = 194.204.159.1 217.98.63.164

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll

O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: lxcc_device - - C:\Windows\system32\lxcccoms.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--

End of file - 9816 bytes

Silent

"Silent Runners.vbs", revision 59, http://www.silentrunners.org/

Operating System: Windows Vista

Output limited to non-default values, except where indicated by "{++}"

Startup items buried in registry:

---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}

"Nowe Gadu-Gadu" = ""C:\Program Files\Nowe Gadu-Gadu\gg.exe"" ["GG Network S.A."]

"eMuleAutoStart" = "F:\eMule\emule.exe -AutoStart" ["http://www.emule-project.net]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}

"RtHDVCpl" = "RtHDVCpl.exe" ["Realtek Semiconductor"]

"OSD" = "C:\Program Files\C&E\OSD\osd.exe" ["C&E"]

"IAAnotif" = ""C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"" ["Intel Corporation"]

"NvSvc" = "RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart" [MS]

"NvCplDaemon" = "RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup" [MS]

"NvMediaCenter" = "RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit" [MS]

"LXCCCATS" = "rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\LXCCtime.dll,_RunDLLEntry@16" [MS]

"SunJavaUpdateSched" = ""C:\Program Files\Java\jre6\bin\jusched.exe"" ["Sun Microsystems, Inc."]

"AVP" = ""C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"" ["Kaspersky Lab"]

"Ad-Watch" = "C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe" ["Lavasoft"]

"WheelMouse" = "C:\Program Files\A4Tech\Mouse\Amoumain.exe" ["A4Tech Co.,Ltd."]

"WinampAgent" = ""C:\Program Files\Winamp\winampa.exe"" [null data]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{00011268-E188-40DF-A514-835FCD78B1BF}\(Default) = "IE7Pro"

-> {HKLM...CLSID} = "IE7Pro BHO"

\InProcServer32\(Default) = "C:\Program Files\IEPro\iepro.dll" ["IE7Pro.com"]

{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\(Default) = "AcroIEHelperStub"

-> {HKLM...CLSID} = "Adobe PDF Link Helper"

\InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll" ["Adobe Systems Incorporated"]

{22BF413B-C6D2-4d91-82A9-A0F997BA588C}\(Default) = "Skype add-on (mastermind)"

-> {HKLM...CLSID} = "Skype add-on (mastermind)"

\InProcServer32\(Default) = "C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll" ["Skype Technologies S.A."]

{45AD732C-2CE2-4666-B366-B2214AD57A49}\(Default) = "Idea2 SidebarBrowserMonitor Class"

-> {HKLM...CLSID} = "Idea2 SidebarBrowserMonitor Class"

\InProcServer32\(Default) = "C:\Program Files\Desktop Sidebar\sbhelp.dll" ["Idea2"]

{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}\(Default) = "IEVkbdBHO"

-> {HKLM...CLSID} = "IEVkbdBHO Class"

\InProcServer32\(Default) = "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll" ["Kaspersky Lab"]

{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}\(Default) = "Search Helper"

-> {HKLM...CLSID} = "Search Helper"

\InProcServer32\(Default) = "C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll" [MS]

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)

-> {HKLM...CLSID} = "SSVHelper Class"

\InProcServer32\(Default) = "C:\Program Files\Java\jre6\bin\ssv.dll" ["Sun Microsystems, Inc."]

{9030D464-4C02-4ABF-8ECC-5164760863C6}\(Default) = (no title provided)

-> {HKLM...CLSID} = "Pomocnik rejestracji usługi Windows Live"

\InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll" [MS]

{DBC80044-A445-435b-BC74-9C25C1C588A9}\(Default) = (no title provided)

-> {HKLM...CLSID} = "Java Plug-In 2 SSV Helper"

\InProcServer32\(Default) = "C:\Program Files\Java\jre6\bin\jp2ssv.dll" ["Sun Microsystems, Inc."]

{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}\(Default) = (no title provided)

-> {HKLM...CLSID} = "Windows Live Toolbar Helper"

\InProcServer32\(Default) = "C:\Program Files\Windows Live\Toolbar\wltcore.dll" [MS]

{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}\(Default) = "HP Smart BHO Class"

-> {HKLM...CLSID} = "HP Smart BHO Class"

\InProcServer32\(Default) = "C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll" ["Hewlett-Packard Co."]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"

-> {HKLM...CLSID} = "DesktopContext Class"

\InProcServer32\(Default) = "C:\Windows\system32\nvcpl.dll" ["NVIDIA Corporation"]

"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"

-> {HKLM...CLSID} = "NVIDIA CPL Extension"

\InProcServer32\(Default) = "C:\Windows\system32\nvcpl.dll" ["NVIDIA Corporation"]

"{B327765E-D724-4347-8B16-78AE18552FC3}" = "NeroDigitalIconHandler"

-> {HKLM...CLSID} = "NeroDigitalIconHandler Class"

\InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]

"{7F1CF152-04F8-453A-B34C-E609530A9DC8}" = "NeroDigitalPropSheetHandler"

-> {HKLM...CLSID} = "NeroDigitalPropSheetHandler Class"

\InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]

"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"

-> {HKLM...CLSID} = "RealOne Player Context Menu Class"

\InProcServer32\(Default) = "C:\Program Files\K-Lite Codec Pack\Media Player Classic\rpshell.dll" ["RealNetworks, Inc."]

"{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}" = "UnlockerShellExtension"

-> {HKLM...CLSID} = "UnlockerShellExtension"

\InProcServer32\(Default) = "C:\Program Files\Unlocker\UnlockerCOM.dll" [null data]

"{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" = "OpenOffice.org Column Handler"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = ""C:\Program Files\OpenOffice.ux.pl 3\Basis\program\shlxthdl\shlxthdl.dll"" ["Sun Microsystems, Inc."]

"{087B3AE3-E237-4467-B8DB-5A38AB959AC9}" = "OpenOffice.org Infotip Handler"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = ""C:\Program Files\OpenOffice.ux.pl 3\Basis\program\shlxthdl\shlxthdl.dll"" ["Sun Microsystems, Inc."]

"{63542C48-9552-494A-84F7-73AA6A7C99C1}" = "OpenOffice.org Property Sheet Handler"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = ""C:\Program Files\OpenOffice.ux.pl 3\Basis\program\shlxthdl\shlxthdl.dll"" ["Sun Microsystems, Inc."]

"{3B092F0C-7696-40E3-A80F-68D74DA84210}" = "OpenOffice.org Thumbnail Viewer"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = ""C:\Program Files\OpenOffice.ux.pl 3\Basis\program\shlxthdl\shlxthdl.dll"" ["Sun Microsystems, Inc."]

"{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97}" = "Microsoft Office Thumbnail Handler"

-> {HKLM...CLSID} = "Microsoft Office Thumbnail Handler"

\InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS]

"{993BE281-6695-4BA5-8A2A-7AACBFAAB69E}" = "Microsoft Office Metadata Handler"

-> {HKLM...CLSID} = "Microsoft Office Metadata Handler"

\InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS]

"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\msohevi.dll" [MS]

"{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C}" = "Microsoft Office OneNote Namespace Extension for Windows Desktop Search"

-> {HKLM...CLSID} = "Microsoft Office OneNote Namespace Extension for Windows Desktop Search"

\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\Office12\ONFILTER.DLL" [MS]

"{85E0B171-04FA-11D1-B7DA-00A0C90348D6}" = "Statystyki ochrony WWW"

-> {HKLM...CLSID} = "Statystyki ochrony WWW"

\InProcServer32\(Default) = "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll" ["Kaspersky Lab"]

"{416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A}" = "Nokia Phone Browser"

-> {HKLM...CLSID} = "Nokia Phone Browser"

\InProcServer32\(Default) = "C:\Program Files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll" ["Nokia"]

"{F2185E5D-720E-4956-90D9-75F6AC141575}" = "Idea2 SidebarIconHandler Class"

-> {HKLM...CLSID} = "SidebarIconHandler Class"

\InProcServer32\(Default) = "C:\Program Files\Desktop Sidebar\sbhelp.dll" ["Idea2"]

"{11016101-E366-4D22-BC06-4ADA335C892B}" = "IE History and Feeds Shell Data Source for Windows Search"

-> {HKLM...CLSID} = "IE History and Feeds Shell Data Source for Windows Search"

\InProcServer32\(Default) = "C:\Windows\System32\ieframe.dll" [MS]

"{0563DB41-F538-4B37-A92D-4659049B7766}" = "WLMD Message Handler"

-> {HKLM...CLSID} = "CLSID_WLMCMimeFilter"

\InProcServer32\(Default) = "C:\Program Files\Windows Live\Mail\mailcomm.dll" [MS]

"{00F33137-EE26-412F-8D71-F84E4C2C6625}" = (no title provided)

-> {HKLM...CLSID} = "Windows Live Photo Gallery Viewer Autoplay Shim"

\InProcServer32\(Default) = "C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll" [MS]

"{00F346CB-35A4-465B-8B8F-65A29DBAB1F6}" = "Windows Live Photo Gallery Viewer Drop Target Shim"

-> {HKLM...CLSID} = "Windows Live Photo Gallery Viewer Shim"

\InProcServer32\(Default) = "C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll" [MS]

"{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D}" = "Windows Live Photo Gallery Editor Drop Target Shim"

-> {HKLM...CLSID} = "Windows Live Photo Gallery Editor Shim"

\InProcServer32\(Default) = "C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll" [MS]

"{00F30F90-3E96-453B-AFCD-D71989ECC2C7}" = "Windows Live Photo Gallery Autoplay Drop Target Shim"

-> {HKLM...CLSID} = "Windows Live Photo Gallery Viewer Autoplay Shim"

\InProcServer32\(Default) = "C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll" [MS]

"{72923739-5A47-40A3-9895-25AF0DFBB9E4}" = "Glary Utilities Context Menu Shell Extension"

-> {HKLM...CLSID} = "Glary Utilities Context Menu Shell Extension"

\InProcServer32\(Default) = "C:\PROGRA~1\GLARYU~1\CONTEX~1.DLL" ["Glarysoft Ltd"]

HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\

<<!>> "BootExecute" = "autocheck autochk *"|"lsdelete" [null data]

HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\

<<!>> text/xml\CLSID = "{807563E5-5146-11D5-A672-00B0D022E945}"

-> {HKLM...CLSID} = "Microsoft Office InfoPath XML Mime Filter"

\InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL" [MS]

HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\

{7D4D6379-F301-4311-BEBA-E26EB0561882}\(Default) = "NeroDigitalExt.NeroDigitalColumnHandler"

-> {HKLM...CLSID} = "NeroDigitalColumnHandler Class"

\InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]

{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\(Default) = "OpenOffice.org Column Handler"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = ""C:\Program Files\OpenOffice.ux.pl 3\Basis\program\shlxthdl\shlxthdl.dll"" ["Sun Microsystems, Inc."]

{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"

-> {HKLM...CLSID} = "PDF Shell Extension"

\InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]

HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\

Glary Utilities\(Default) = "{72923739-5A47-40A3-9895-25AF0DFBB9E4}"

-> {HKLM...CLSID} = "Glary Utilities Context Menu Shell Extension"

\InProcServer32\(Default) = "C:\PROGRA~1\GLARYU~1\CONTEX~1.DLL" ["Glarysoft Ltd"]

Kaspersky Anti-Virus\(Default) = "{dd230880-495a-11d1-b064-008048ec2fc5}"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ShellEx.dll" ["Kaspersky Lab"]

LavasoftShellExt\(Default) = "{DCE027F7-16A4-4BEE-9BE7-74F80EE3738F}"

-> {HKLM...CLSID} = "Lavasoft Shell Extension"

\InProcServer32\(Default) = "C:\Program Files\Lavasoft\Ad-Aware\ShellExt.dll" [null data]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\

Glary Utilities\(Default) = "{72923739-5A47-40A3-9895-25AF0DFBB9E4}"

-> {HKLM...CLSID} = "Glary Utilities Context Menu Shell Extension"

\InProcServer32\(Default) = "C:\PROGRA~1\GLARYU~1\CONTEX~1.DLL" ["Glarysoft Ltd"]

Kaspersky Anti-Virus\(Default) = "{dd230880-495a-11d1-b064-008048ec2fc5}"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ShellEx.dll" ["Kaspersky Lab"]

LavasoftShellExt\(Default) = "{DCE027F7-16A4-4BEE-9BE7-74F80EE3738F}"

-> {HKLM...CLSID} = "Lavasoft Shell Extension"

\InProcServer32\(Default) = "C:\Program Files\Lavasoft\Ad-Aware\ShellExt.dll" [null data]

MBAMShlExt\(Default) = "{57CE581A-0CB6-4266-9CA0-19364C90A0B3}"

-> {HKLM...CLSID} = "MBAMShlExt Class"

\InProcServer32\(Default) = "C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll" ["Malwarebytes Corporation"]

UnlockerShellExtension\(Default) = "{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}"

-> {HKLM...CLSID} = "UnlockerShellExtension"

\InProcServer32\(Default) = "C:\Program Files\Unlocker\UnlockerCOM.dll" [null data]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\

MBAMShlExt\(Default) = "{57CE581A-0CB6-4266-9CA0-19364C90A0B3}"

-> {HKLM...CLSID} = "MBAMShlExt Class"

\InProcServer32\(Default) = "C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll" ["Malwarebytes Corporation"]

UnlockerShellExtension\(Default) = "{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}"

-> {HKLM...CLSID} = "UnlockerShellExtension"

\InProcServer32\(Default) = "C:\Program Files\Unlocker\UnlockerCOM.dll" [null data]

Default executables:

--------------------

<<!>> HKLM\SOFTWARE\Classes\.com\(Default) = "ComFile"

Group Policies {GPedit.msc branch and setting}:

-----------------------------------------------

Note: detected settings may not have any effect.

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\

"NoDrives" = (REG_DWORD) dword:0x00000000

{unrecognized setting}

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\

"NoDrives" = (REG_DWORD) dword:0x00000000

{unrecognized setting}

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\

"ConsentPromptBehaviorUser" = (REG_DWORD) dword:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

User Account Control: Behavior Of The Elevation Prompt For Standard Users}

"EnableInstallerDetection" = (REG_DWORD) dword:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

User Account Control: Detect Application Installations And Prompt For Elevation}

"EnableLUA" = (REG_DWORD) dword:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

User Account Control: Run All Administrators In Admin Approval Mode}

"EnableSecureUIAPaths" = (REG_DWORD) dword:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

User Account Control: Only elevate UIAccess applications that are installed in secure locations}

"EnableVirtualization" = (REG_DWORD) dword:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

User Account Control: Virtualize file and registry write failures to per-user locations}

"PromptOnSecureDesktop" = (REG_DWORD) dword:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

User Account Control: Switch to the secure desktop when prompting for elevation}

"shutdownwithoutlogon" = (REG_DWORD) dword:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

Shutdown: Allow system to be shut down without having to log on}

"undockwithoutlogon" = (REG_DWORD) dword:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

Devices: Allow undock without having to log on}

"FilterAdministratorToken" = (REG_DWORD) dword:0x00000000

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

User Account Control: Admin Approval Mode for the Built-in Administrator Account}

"DisableRegistryTools" = (REG_DWORD) dword:0x00000000

{unrecognized setting}

Active Desktop and Wallpaper:

-----------------------------

Active Desktop may be disabled at this entry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:

HKCU\Software\Microsoft\Internet Explorer\Desktop\General\

"Wallpaper" = "C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows Photo Gallery\Tapeta z Galerii fotografii systemu Windows.jpg"

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:

HKCU\Control Panel\Desktop\

"Wallpaper" = "C:\Users\Laptop\AppData\Roaming\Microsoft\Windows Photo Gallery\Tapeta z Galerii fotografii systemu Windows.jpg"

Windows Portable Device AutoPlay Handlers

-----------------------------------------

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\

LightScribeOnArrivalAP\

"Provider" = "LightScribe Direct Disc Labeling"

"InvokeProgID" = "LightScribe.AutoPlayHandler"

"InvokeVerb" = "LabelLightScribeDisc"

HKLM\SOFTWARE\Classes\LightScribe.AutoPlayHandler\shell\LabelLightScribeDisc\command\(Default) = "C:\Program Files\Common Files\LightScribe\LsLauncher.exe" ["Hewlett-Packard Company"]

MPCPlayCDAudioOnArrival\

"Provider" = "Media Player Classic"

"InvokeProgID" = "MediaPlayerClassic.Autorun"

"InvokeVerb" = "PlayCDAudio"

HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayCDAudio\command\(Default) = ""C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe" %1 /cd" ["Gabest"]

MPCPlayDVDMovieOnArrival\

"Provider" = "Media Player Classic"

"InvokeProgID" = "MediaPlayerClassic.Autorun"

"InvokeVerb" = "PlayDVDMovie"

HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayDVDMovie\command\(Default) = ""C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe" %1 /dvd" ["Gabest"]

MPCPlayMusicFilesOnArrival\

"Provider" = "Media Player Classic"

"InvokeProgID" = "MediaPlayerClassic.Autorun"

"InvokeVerb" = "PlayMusicFiles"

HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayMusicFiles\command\(Default) = ""C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe" %1" ["Gabest"]

MPCPlayVideoFilesOnArrival\

"Provider" = "Media Player Classic"

"InvokeProgID" = "MediaPlayerClassic.Autorun"

"InvokeVerb" = "PlayVideoFiles"

HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayVideoFiles\command\(Default) = ""C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe" %1" ["Gabest"]

MSLivePhotoAcqHWEventHandler\

"Provider" = "@%ProgramFiles%\Windows Live\Photo Gallery\regres.dll,-10;pl-pl.8064.0206"

"ProgID" = "Microsoft.LivePhotoAcqHWEventHandler"

HKLM\SOFTWARE\Classes\Microsoft.LivePhotoAcqHWEventHandler\CLSID\(Default) = "{3BD0ACD1-71CA-4475-92CC-E0AA0AAF843F}"

-> {HKLM...CLSID} = (no title provided)

\LocalServer32\(Default) = "C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe" [MS]

MSLivePhotoAcquireDropHandler\

"Provider" = "@%ProgramFiles%\Windows Live\Photo Gallery\regres.dll,-10;pl-pl.8064.0206"

"InvokeProgID" = "Microsoft.LivePhotoAcqDTShim.1"

"InvokeVerb" = "open"

HKLM\SOFTWARE\Classes\Microsoft.LivePhotoAcqDTShim.1\shell\open\DropTarget\CLSID = "{00F33137-EE26-412F-8D71-F84E4C2C6625}"

-> {HKLM...CLSID} = "Windows Live Photo Gallery Viewer Autoplay Shim"

\InProcServer32\(Default) = "C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll" [MS]

MSLiveShowPicturesOnArrival\

"Provider" = "@%ProgramFiles%\Windows Live\Photo Gallery\regres.dll,-10;pl-pl.8064.0206"

"InvokeProgID" = "Microsoft.Photos.LiveAutoplayShim.1"

"InvokeVerb" = "open"

HKLM\SOFTWARE\Classes\Microsoft.Photos.LiveAutoplayShim.1\shell\open\DropTarget\CLSID = "{00F30F90-3E96-453B-AFCD-D71989ECC2C7}"

-> {HKLM...CLSID} = "Windows Live Photo Gallery Viewer Autoplay Shim"

\InProcServer32\(Default) = "C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll" [MS]

MSLiveVideoCameraArrivalCaptureWizard\

"Provider" = "@%ProgramFiles%\Windows Live\Photo Gallery\regres.dll,-10"

"ProgID" = "WLXAutoPlayMgr.WLXHWEventHandler"

"InitCmdLine" = "WLXVideoAcquireWizard"

HKLM\SOFTWARE\Classes\WLXAutoPlayMgr.WLXHWEventHandler\CLSID\(Default) = "{9B5C97F6-B3A5-4A6D-8B03-993EC7291A22}"

-> {HKLM...CLSID} = "WLXWEventHandler Class"

\LocalServer32\(Default) = ""C:\Program Files\Windows Live\Photo Gallery\WLXVideoCameraAutoPlayManager.exe"" [MS]

MSPlayCDAudioOnArrival\

"Provider" = "ALLPlayer"

"InvokeProgID" = "AllPlayerFile"

"InvokeVerb" = "play"

HKCU\Software\Classes\AllPlayerFile\shell\play\command\(Default) = ""C:\Program Files\ALLPlayer\ALLPlayer.exe" "%1"" ["ALLPlayer"]

NeroAutoPlay7CDAudio\

"Provider" = "Nero Express Essentials"

"InvokeProgID" = "Nero.AutoPlay7"

"InvokeVerb" = "CDAudio_HandleCDBurningOnArrival"

HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\CDAudio_HandleCDBurningOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Core\nero.exe -w /New:AudioCD" ["Nero AG"]

NeroAutoPlay7CopyCD\

"Provider" = "Nero Express Essentials"

"InvokeProgID" = "Nero.AutoPlay7"

"InvokeVerb" = "CopyCD_PlayMusicFilesOnArrival"

HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\CopyCD_PlayMusicFilesOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Core\nero.exe -w /New:DiscCopy" ["Nero AG"]

NeroAutoPlay7DataDisc\

"Provider" = "Nero Express Essentials"

"InvokeProgID" = "Nero.AutoPlay7"

"InvokeVerb" = "DataDisc_HandleCDBurningOnArrival"

HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\DataDisc_HandleCDBurningOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Core\nero.exe -w /New:ISODisc" ["Nero AG"]

NeroAutoPlay7LaunchNeroStartSmart\

"Provider" = "Nero StartSmart Essentials"

"InvokeProgID" = "Nero.AutoPlay7"

"InvokeVerb" = "LaunchNeroStartSmart_HandleCDBurningOnArrival"

HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\LaunchNeroStartSmart_HandleCDBurningOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Nero StartSmart\NeroStartSmart.exe /AutoPlay" ["Nero AG"]

NeroAutoPlay7PlayAudioCD\

"Provider" = "Nero ShowTime Essentials"

"InvokeProgID" = "Nero.AutoPlay7"

"InvokeVerb" = "PlayAudioCD_PlayMusicFilesOnArrival"

HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\PlayAudioCD_PlayMusicFilesOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe /Play %L" ["Nero AG"]

NeroAutoPlay7PlayDVD\

"Provider" = "Nero ShowTime Essentials"

"InvokeProgID" = "Nero.AutoPlay7"

"InvokeVerb" = "PlayDVD_PlayVideoFilesOnArrival"

HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\PlayDVD_PlayVideoFilesOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe /Play %L" ["Nero AG"]

NeroAutoPlay7TranscodeVideo\

"Provider" = "Nero Recode Essentials"

"InvokeProgID" = "Nero.AutoPlay7"

"InvokeVerb" = "TranscodeVideo_PlayDVDMovieOnArrival"

HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\TranscodeVideo_PlayDVDMovieOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Nero Recode\Recode.exe /New:CopyDVDVideo" ["Nero AG"]

NeroAutoPlay7VideoCapture\

"Provider" = "Nero Vision Essentials"

"ProgID" = "Shell.HWEventHandlerShellExecute"

"InitCmdLine" = ""C:\Program Files\Nero\Nero 7\Nero Vision\NeroVision.exe" /New:VideoCapture"

HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = "{FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}"

-> {HKLM...CLSID} = "Shell Execute Hardware Event Handler"

\LocalServer32\(Default) = "C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" [MS]

NeroAutoPlay7ViewPhotos\

"Provider" = "Nero PhotoSnap Viewer Essentials"

"InvokeProgID" = "Nero.AutoPlay7"

"InvokeVerb" = "ViewPhotos_ShowPicturesOnArrival"

HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\ViewPhotos_ShowPicturesOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Nero PhotoSnap\PhotoSnapViewer.exe /" ["Nero AG"]

NMMPlayCDAudioOnArrival\

"Provider" = "Nokia Music Manager"

"InvokeProgID" = "NokiaMusicManager"

"InvokeVerb" = "NMMPlayCD"

HKLM\SOFTWARE\Classes\NokiaMusicManager\shell\NMMPlayCD\command\(Default) = "C:\Program Files\Nokia\Nokia PC Suite 7\MusicManager.exe /playCD "%L"" ["Nokia"]

NMMRipCDAudioOnArrival\

"Provider" = "Nokia Music Manager"

"InvokeProgID" = "NokiaMusicManager"

"InvokeVerb" = "NMMRipCD"

HKLM\SOFTWARE\Classes\NokiaMusicManager\shell\NMMRipCD\command\(Default) = "C:\Program Files\Nokia\Nokia PC Suite 7\MusicManager.exe /ripCD "%L"" ["Nokia"]

NTIBurner\

"Provider" = "NTI CD-Maker"

"InvokeProgID" = "NTIBurnerOpen"

"InvokeVerb" = "open"

HKLM\SOFTWARE\Classes\NTIBurnerOpen\shell\open\command\(Default) = ""C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\Cdmkr32.exe"" ["NewTech Infosystems, Inc."]

WinampMTPHandler\

"Provider" = "Winamp"

"ProgID" = "Shell.HWEventHandlerShellExecute"

"InitCmdLine" = "C:\Program Files\Winamp\winamp.exe"

HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = "{FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}"

-> {HKLM...CLSID} = "Shell Execute Hardware Event Handler"

\LocalServer32\(Default) = "C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" [MS]

WinampPlayMediaOnArrival\

"Provider" = "Winamp"

"InvokeProgID" = "Winamp.File"

"InvokeVerb" = "Play"

HKLM\SOFTWARE\Classes\Winamp.File\shell\Play\command\(Default) = ""C:\Program Files\Winamp\winamp.exe" "%1"" ["Nullsoft"]

HKLM\SOFTWARE\Classes\Winamp.File\shell\Play\DropTarget\CLSID = "{46986115-84D6-459c-8F95-52DD653E532E}"

-> {HKLM...CLSID} = (no title provided)

\LocalServer32\(Default) = ""C:\Program Files\Winamp\winamp.exe"" ["Nullsoft"]

Winsock2 Service Provider DLLs:

-------------------------------

Namespace Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}

000000000001\LibraryPath = "%SystemRoot%\system32\NLAapi.dll" [MS]

000000000002\LibraryPath = "%SystemRoot%\system32\napinsp.dll" [MS]

000000000003\LibraryPath = "%SystemRoot%\system32\pnrpnsp.dll" [MS]

000000000004\LibraryPath = "%SystemRoot%\system32\pnrpnsp.dll" [MS]

000000000005\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

000000000006\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]

000000000007\LibraryPath = "%SystemRoot%\system32\wshbth.dll" [MS]

Transport Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}

0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:

%SystemRoot%\system32\mswsock.dll [MS], 01 - 33

Toolbars, Explorer Bars, Extensions:

------------------------------------

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\

"{F2CF5485-4E02-4F68-819C-B92DE9277049}"

-> {HKLM...CLSID} = "&Links"

\InProcServer32\(Default) = "C:\Windows\system32\ieframe.dll" [MS]

"{21FA44EF-376D-4D53-9B0F-8A89D3229068}"

-> {HKLM...CLSID} = "&Windows Live Toolbar"

\InProcServer32\(Default) = "C:\Program Files\Windows Live\Toolbar\wltcore.dll" [MS]

HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\

"{21FA44EF-376D-4D53-9B0F-8A89D3229068}" = (no title provided)

-> {HKLM...CLSID} = "&Windows Live Toolbar"

\InProcServer32\(Default) = "C:\Program Files\Windows Live\Toolbar\wltcore.dll" [MS]

Explorer Bars

HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\

HKLM\SOFTWARE\Classes\CLSID\{85E0B171-04FA-11D1-B7DA-00A0C90348D6}\(Default) = "Statystyki ochrony WWW"

Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]

InProcServer32\(Default) = "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll" ["Kaspersky Lab"]

HKLM\SOFTWARE\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Poszukaj"

Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]

InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL" [MS]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\

{000002A3-84FE-43F1-B958-F2C3CA804F1A}\

"ButtonText" = "IE7Pro Grab and Drag"

"MenuText" = "IE7Pro Grab and Drag"

"CLSIDExtension" = "{CD275D4E-791A-4993-9D4D-6A071EDD2709}"

-> {HKLM...CLSID} = "IE7Pro GrabDragBtn"

\InProcServer32\(Default) = "C:\Program Files\IEPro\iepro.dll" ["IE7Pro.com"]

{0026439F-A980-4F18-8C95-4F1CBBF9C1D8}\

"ButtonText" = "IE7Pro Preferences"

"MenuText" = "IE7Pro Preferences"

"CLSIDExtension" = "{B119EB0C-C021-46CF-85B0-34A760E0D5FE}"

-> {HKLM...CLSID} = "IE7Pro ToolsExt"

\InProcServer32\(Default) = "C:\Program Files\IEPro\iepro.dll" ["IE7Pro.com"]

{09FE188B-6E85-479E-9411-51FB2220DF80}\

"ButtonText" = "Subscribe in Desktop Sidebar"

"MenuText" = "Subscribe in Desktop Sidebar"

"CLSIDExtension" = "{45AD732C-2CE2-4666-B366-B2214AD57A49}"

-> {HKLM...CLSID} = "Idea2 SidebarBrowserMonitor Class"

\InProcServer32\(Default) = "C:\Program Files\Desktop Sidebar\sbhelp.dll" ["Idea2"]

{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E}\

"ButtonText" = "Statystyki ochrony WWW"

{219C3416-8CB2-491A-A3C7-D9FCDDC9D600}\

"ButtonText" = "Wpis w blogu"

"MenuText" = "&Wpis w blogu w Windows Live Writer"

"CLSIDExtension" = "{5F7B1267-94A9-47F5-98DB-E99415F33AEC}"

-> {HKLM...CLSID} = "BlogThisToolbarButton Class"

\InProcServer32\(Default) = "C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll" [MS]

{2670000A-7350-4F3C-8081-5663EE0C6C49}\

"ButtonText" = "Wyślij do programu OneNote"

"MenuText" = "Wyślij &do programu OneNote"

"CLSIDExtension" = "{48E73304-E1D6-4330-914C-F5F514E3486C}"

-> {HKLM...CLSID} = "Send to OneNote from Internet Explorer button"

\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll" [MS]

{77BF5300-1474-4EC7-9980-D32B190E9B07}\

"ButtonText" = "Skype"

"CLSIDExtension" = "{77BF5300-1474-4EC7-9980-D32B190E9B07}"

-> {HKLM...CLSID} = "Skype add-on (button)"

\InProcServer32\(Default) = "C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll" ["Skype Technologies S.A."]

{92780B25-18CC-41C8-B9BE-3C9C571A8263}\

"ButtonText" = "Research"

{DDE87865-83C5-48C4-8357-2F5B1AA84522}\

"ButtonText" = "Zaznaczanie HP Smart"

"CLSIDExtension" = "{DDE87865-83C5-48c4-8357-2F5B1AA84522}"

-> {HKLM...CLSID} = "ClipBookBtn Class"

\InProcServer32\(Default) = "C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll" ["Hewlett-Packard Co."]

Miscellaneous IE Hijack Points

------------------------------

C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings")

<<H>> C:\WINDOWS\INF\IERESET.INF was not found!

HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\

<<H>> "Tabs" = "tbr:res?id=tabs&rep=1" [file not found]

<<H>> "InPrivate" = "res://ieframe.dll/inprivate.htm" [MS]

Running Services (Display Name, Service Name, Path {Service DLL}):

------------------------------------------------------------------

Autokonfiguracja sieci WLAN, Wlansvc, "C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted" {"C:\Windows\System32\wlansvc.dll" [MS]}

Dostęp do urządzeń interfejsu HID, hidserv, "C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted" {"C:\Windows\system32\hidserv.dll" [MS]}

HP Network Devices Support, HPSLPSVC, "C:\Windows\system32\svchost.exe -k HPService" {"C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL" ["Hewlett-Packard Co."]}

hpqcxs08, hpqcxs08, "C:\Windows\system32\svchost.exe -k hpdevmgmt" {"C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll" ["Hewlett-Packard Co."]}

Intel® Matrix Storage Event Monitor, IAANTMON, "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe" ["Intel Corporation"]

Izolacja klucza CNG, KeyIso, "C:\Windows\system32\lsass.exe" [MS]

Kaspersky Internet Security, AVP, ""C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" -r" ["Kaspersky Lab"]

Lavasoft Ad-Aware Service, Lavasoft Ad-Aware Service, ""C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe"" ["Lavasoft"]

LightScribeService Direct Disc Labeling Service, LightScribeService, ""C:\Program Files\Common Files\LightScribe\LSSrvc.exe"" ["Hewlett-Packard Company"]

lxcc_device, lxcc_device, "C:\Windows\system32\lxcccoms.exe -service" [" "]

Moduł wyliczający magistrali PnP-X IP, IPBusEnum, "C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted" {"C:\Windows\system32\ipbusenum.dll" [MS]}

Net Driver HPZ12, Net Driver HPZ12, "C:\Windows\System32\svchost.exe -k HPZ12" {"C:\Windows\system32\HPZinw12.dll" ["Hewlett-Packard"]}

Pml Driver HPZ12, Pml Driver HPZ12, "C:\Windows\System32\svchost.exe -k HPZ12" {"C:\Windows\system32\HPZipm12.dll" ["Hewlett-Packard"]}

PnkBstrA, PnkBstrA, "C:\Windows\system32\PnkBstrA.exe" [null data]

Protokół uwierzytelniania rozszerzonego (EAP), EapHost, "C:\Windows\System32\svchost.exe -k netsvcs" {"C:\Windows\System32\eapsvc.dll" [MS]}

SeaPort, SeaPort, ""C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe"" [MS]

Usługa HP CUE DeviceDiscovery, hpqddsvc, "C:\Windows\system32\svchost.exe -k hpdevmgmt" {"C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll" ["Hewlett-Packard Co."]}

Usługa obsługi Bluetooth, BthServ, "C:\Windows\system32\svchost.exe -k bthsvcs" {"C:\Windows\System32\bthserv.dll" [MS]}

Usługa Protokół SSTP, SstpSvc, "C:\Windows\system32\svchost.exe -k LocalService" {"C:\Windows\system32\sstpsvc.dll" [MS]}

Windows Driver Foundation — User-mode Driver Framework, wudfsvc, "C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted" {"C:\Windows\System32\WUDFSvc.dll" [MS]}

Windows Image Acquisition (WIA), stisvc, "C:\Windows\system32\svchost.exe -k imgsvc" {"C:\Windows\System32\wiaservc.dll" [MS]}

Print Monitors:

---------------

HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\

3300 Series Port\Driver = "lxcclmpm.dll" [" "]

PCL hpz3l5mu\Driver = "hpz3l5mu.dll" ["Hewlett-Packard Company"]

Send To Microsoft OneNote Monitor\Driver = "msonpmon.dll" [MS]

---------- (launch time: 2009-04-10 21:37:14)

<<!>>: Suspicious data at a malware launch point.

<<H>>: Suspicious data at a browser hijack point.

+ This report excludes default entries except where indicated.

+ To see *everywhere* the script checks and *everything* it finds,

launch it from a command prompt or a shortcut with the -all parameter.

+ The search for DESKTOP.INI DLL launch points on all local fixed drives

took 138 seconds.

---------- (total run time: 237 seconds)

post-3202-1239134168_thumb.jpg

Gość
komentarz
komentarz

W logach nic nie ma, infekcje możesz wykluczyć.

.

Rafał-85
komentarz
komentarz
W logach nic nie ma, infekcje możesz wykluczyć.

to jaki może być powód tych "numerów" które co niektóre uruchomienie visty dzieją się?

dodam, że napewno nic nie usunąłem przypadkiem, nie zainstalowałem podejrzanego oprogramowania (chyba że pakiet windows live można podejrzewać)

Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!

Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.

×
×
  • Dodaj nową pozycję...

Powiadomienie o plikach cookie

Strona wykorzystuje pliki cookies w celu prawidłowego świadczenia usług i wygody użytkowników. Warunki przechowywania i dostępu do plików cookies możesz zmienić w ustawieniach przeglądarki.