Rafał-85 utworzono 31 marca 2009 utworzono 31 marca 2009 wczoraj i dzis atakowalo mnie kilka koni trojanskich(chyba 6), myslalem ze Kaspersky Internet Security 2009 sobie z nimi poradzil, ale jednak ktorys z nich przedarl sie. sprawa wyglada nastepujaco, zaraz po uruchomieniu systemu pojawia sie komunikat ze pulpit jest niedostepny (zalacznim nr 1), pulpit wyglada jak w windowsie 98, nic nie dziala tak jak powinno, nawet nie moge polskich znakow uzywac. probowalem sciagnac HiJackThis ale wyskakuje kolejny komunikat ze przegladarka nie moze sie polaczyc z danym adresem (zalacznik nr 2), przeskanowalem kompa KIS raport w zalaczniku 3, obecnie skanuje komputer Malwarebytes Anti-Malware, ale to jeszcze potrwa. prosze o jaka kolwiek pomoc. kis.txt kis.txt
Rafał-85 komentarz 31 marca 2009 Autor komentarz 31 marca 2009 (edytowane) oto logi z Malwarebytes, popoludniowy ktory cos wykryl i wieczorny "czysty" mbam_log_2009_03_31__14_52_56_.txt mbam_log_2009_03_31__22_36_26_.txt za chwile postaram sie wkleic combofixa combofix ComboFix 09-03-31.01 - Laptop 2009-03-31 22:48:08.2 - NTFSx86Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1250.1.1045.18.2046.1154 [GMT 2:00] Uruchomiony z: D:\ComboFix.exe AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) FW: Kaspersky Internet Security *disabled* * Utworzono nowy punkt przywracania . ((((((((((((((((((((((((( Pliki utworzone od 2009-02-28 do 2009-03-31 ))))))))))))))))))))))))))))))) . 2009-03-31 20:17 . 2009-03-31 20:19 <DIR> d-------- C:\Winamp 2009-03-31 20:15 . 2009-03-31 21:33 <DIR> d-------- C:\Default 2009-03-31 20:10 . 2009-03-31 20:11 <DIR> d-------- C:\Nowe Gadu-Gadu 2009-03-31 10:43 . 2009-03-31 10:48 <DIR> d-------- c:\users\Laptop\Tracing 2009-03-31 10:41 . 2009-03-31 10:41 <DIR> d-------- c:\program files\Microsoft Sync Framework 2009-03-31 10:41 . 2009-02-06 18:08 55,280 --a------ c:\windows\System32\drivers\fssfltr.sys 2009-03-31 10:40 . 2009-03-31 10:40 <DIR> d-------- c:\program files\Microsoft SQL Server Compact Edition 2009-03-31 10:40 . 2006-11-29 13:06 3,426,072 --a------ c:\windows\System32\d3dx9_32.dll 2009-03-31 10:39 . 2009-03-31 10:39 <DIR> d-------- c:\program files\Windows Live SkyDrive 2009-03-31 10:39 . 2009-03-31 10:41 <DIR> d-------- c:\program files\Windows Live 2009-03-31 10:08 . 2009-03-31 10:08 <DIR> d-------- c:\program files\Common Files\Windows Live 2009-03-29 19:14 . 2009-03-29 19:14 <DIR> d-------- c:\users\All Users\WindowsSearch 2009-03-29 19:14 . 2009-03-29 19:14 <DIR> d-------- c:\programdata\WindowsSearch 2009-03-24 23:16 . 2009-03-24 23:16 <DIR> d-------- c:\users\Laptop\AppData\Roaming\Thunderbird 2009-03-24 23:16 . 2009-03-24 23:16 <DIR> d-------- c:\program files\Mozilla Thunderbird 3 Beta 2 2009-03-23 21:48 . 2009-03-23 21:48 <DIR> d-------- c:\users\All Users\Real 2009-03-23 21:48 . 2009-03-23 21:48 <DIR> d-------- c:\program files\Real Alternative 2009-03-18 11:59 . 2009-03-23 12:02 <DIR> d-------- c:\users\Laptop\AppData\Roaming\Desktop Sidebar 2009-03-18 11:58 . 2009-03-18 11:58 <DIR> d-------- c:\program files\Desktop Sidebar 2009-03-11 16:00 . 2009-03-11 16:00 <DIR> d-------- c:\windows\System32\Adobe 2009-03-11 15:13 . 2009-03-11 15:13 <DIR> d-------- c:\users\All Users\Apple Computer 2009-03-11 15:13 . 2009-03-11 15:13 <DIR> d-------- c:\programdata\Apple Computer 2009-03-11 15:13 . 2009-03-11 15:13 <DIR> d-------- c:\program files\QuickTime 2009-03-10 22:24 . 2009-02-09 05:10 2,033,152 --a------ c:\windows\System32\win32k.sys 2009-03-10 22:24 . 2008-11-27 06:43 268,288 --a------ c:\windows\System32\schannel.dll 2009-03-10 18:11 . 2009-03-10 18:11 <DIR> d-------- c:\program files\Common Files\Adobe AIR 2009-03-10 18:11 . 2009-03-10 18:11 <DIR> d-------- c:\program files\Adobe Media Player 2009-03-02 15:36 . 2009-03-02 15:36 <DIR> d-------- c:\program files\PITy 2009-02-25 11:44 . 2008-12-16 05:29 8,147,456 --a------ c:\windows\System32\wmploc.DLL 2009-02-25 11:44 . 2008-12-16 07:31 7,680 --a------ c:\windows\System32\spwmp.dll 2009-02-25 11:44 . 2008-12-16 07:31 4,096 --a------ c:\windows\System32\msdxm.ocx 2009-02-25 11:44 . 2008-12-16 07:31 4,096 --a------ c:\windows\System32\dxmasf.dll 2009-02-24 13:53 . 2009-02-24 13:53 <DIR> d-------- c:\program files\Common Files\Skype 2009-02-24 13:38 . 2009-02-24 13:38 <DIR> d-------- c:\program files\MSECache 2009-02-24 13:20 . 2008-11-06 14:59 2,241,536 --a------ c:\windows\System32\msi.dll 2009-02-24 13:20 . 2008-11-06 14:59 332,800 --a------ c:\windows\System32\msihnd.dll 2009-02-24 13:20 . 2008-11-06 14:58 73,216 --a------ c:\windows\System32\msiexec.exe 2009-02-24 13:20 . 2008-11-06 14:59 16,384 --a------ c:\windows\System32\msisip.dll 2009-02-24 13:20 . 2008-11-06 12:39 2,560 --a------ c:\windows\System32\msimsg.dll 2009-02-23 23:23 . 2009-03-31 14:58 1,845 --a------ c:\windows\System32\%LocalXml% 2009-02-17 23:00 . 2009-02-17 23:00 <DIR> d-------- c:\users\All Users\Nokia 2009-02-17 23:00 . 2009-02-17 23:00 <DIR> d-------- c:\programdata\Nokia 2009-02-17 22:42 . 2009-02-17 22:42 0 --ah----- c:\windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf 2009-02-17 22:42 . 2009-02-17 22:42 0 --ah----- c:\windows\System32\drivers\Msft_Kernel_ccdcmb_01007.Wdf 2009-02-17 22:40 . 2009-02-17 22:40 <DIR> d-------- c:\program files\Common Files\PCSuite 2009-02-17 22:40 . 2009-03-16 23:10 <DIR> d-------- c:\program files\Common Files\Nokia 2009-02-17 22:40 . 2008-08-26 10:26 18,816 --a------ c:\windows\System32\drivers\pccsmcfd.sys 2009-02-17 22:38 . 2009-02-17 22:38 <DIR> d-------- c:\program files\PC Connectivity Solution 2009-02-17 22:36 . 2009-03-16 23:10 <DIR> d-------- c:\program files\Nokia 2009-02-15 22:52 . 2009-02-15 23:08 101,287 --a------ c:\windows\System32\drivers\klin.dat 2009-02-15 22:52 . 2009-02-15 23:08 89,601 --a------ c:\windows\System32\drivers\klick.dat 2009-02-15 22:51 . 2009-03-31 20:35 <DIR> d-------- c:\users\All Users\Kaspersky Lab 2009-02-15 22:51 . 2009-03-31 20:35 <DIR> d-------- c:\programdata\Kaspersky Lab 2009-02-15 22:51 . 2009-02-15 22:51 <DIR> d-------- c:\program files\Kaspersky Lab 2009-02-15 22:51 . 2009-03-31 20:32 3,225,632 --ahs---- c:\windows\System32\drivers\fidbox.dat 2009-02-15 22:51 . 2009-03-31 22:46 614,432 --ahs---- c:\windows\System32\drivers\fidbox2.dat 2009-02-15 22:51 . 2009-03-31 20:32 28,376 --ahs---- c:\windows\System32\drivers\fidbox.idx 2009-02-15 22:51 . 2009-03-31 22:46 5,276 --ahs---- c:\windows\System32\drivers\fidbox2.idx 2009-02-15 22:44 . 2009-02-15 22:44 <DIR> d-------- c:\users\All Users\Kaspersky Lab Setup Files 2009-02-15 22:44 . 2009-02-15 22:44 <DIR> d-------- c:\programdata\Kaspersky Lab Setup Files 2009-02-11 21:42 . 2008-12-05 06:32 428,544 --a------ c:\windows\System32\EncDec.dll 2009-02-11 21:42 . 2008-12-05 06:32 293,376 --a------ c:\windows\System32\psisdecd.dll 2009-02-11 21:42 . 2008-12-05 06:31 217,088 --a------ c:\windows\System32\psisrndr.ax 2009-02-11 21:42 . 2008-12-05 06:31 177,664 --a------ c:\windows\System32\mpg2splt.ax 2009-02-11 21:42 . 2008-12-05 06:31 80,896 --a------ c:\windows\System32\MSNP.ax 2009-02-06 19:57 . 2009-02-06 19:57 308,104 --a------ c:\windows\WLXPGSS.SCR 2009-02-06 18:52 . 2009-02-06 18:52 49,504 --a------ c:\windows\System32\sirenacm.dll 2009-02-06 14:09 . 2009-02-06 14:09 0 --ah----- c:\windows\System32\drivers\Msft_User_PCCSWpdDriver_01_05_00.Wdf 2009-02-06 14:04 . 2009-02-06 14:09 <DIR> d-------- c:\users\Laptop\AppData\Roaming\PC Suite 2009-02-06 14:04 . 2009-02-17 22:47 <DIR> d-------- c:\users\Laptop\AppData\Roaming\Nokia 2009-02-06 14:04 . 2009-02-06 14:09 <DIR> d-------- c:\users\All Users\PC Suite 2009-02-06 14:04 . 2009-02-06 14:09 <DIR> d-------- c:\programdata\PC Suite 2009-02-06 14:02 . 2009-03-31 10:41 <DIR> d----c--- c:\windows\System32\DRVSTORE 2009-02-06 14:02 . 2009-02-06 14:02 <DIR> d-------- c:\program files\DIFX 2009-02-06 14:00 . 2008-02-01 16:17 90,624 --a------ c:\windows\System32\nmwcdcls.dll 2009-02-06 13:48 . 2009-03-16 23:09 <DIR> d-------- c:\users\All Users\Installations 2009-02-06 13:48 . 2009-03-16 23:09 <DIR> d-------- c:\programdata\Installations 2009-02-05 20:39 . 2009-02-05 20:39 17,064 --a------ c:\windows\System32\drivers\SiWinAcc.sys 2009-02-05 20:39 . 2009-02-05 20:39 12,200 --a------ c:\windows\System32\drivers\SiRemFil.sys 2009-02-05 20:38 . 2009-02-05 20:38 212,520 --a------ c:\windows\System32\drivers\Si3531.sys . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-03-31 20:10 --------- d-----w c:\program files\Lx_cats 2009-03-31 18:32 --------- d-----w c:\users\Laptop\AppData\Roaming\Winamp 2009-03-31 18:32 --------- d-----w c:\programdata\HP Product Assistant 2009-03-31 18:32 --------- d-----w c:\program files\Unlocker 2009-03-31 18:32 --------- d-----w c:\program files\Malwarebytes' Anti-Malware 2009-03-31 18:32 --------- d-----w c:\program files\CCleaner 2009-03-31 08:39 --------- d-----w c:\program files\Microsoft 2009-03-26 14:49 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys 2009-03-26 14:49 15,504 ----a-w c:\windows\system32\drivers\mbam.sys 2009-03-22 20:01 --------- d-----w c:\program files\Winamp 2009-03-18 15:30 --------- d-----w c:\users\Laptop\AppData\Roaming\skypePM 2009-03-18 15:30 --------- d-----w c:\users\Laptop\AppData\Roaming\Skype 2009-03-17 20:26 --------- d-----w c:\program files\Common Files\Adobe 2009-03-16 20:58 91,614 ----a-w c:\users\Laptop\AppData\Roaming\nvModes.dat 2009-03-10 20:28 --------- d-----w c:\program files\Windows Mail 2009-03-08 11:34 914,944 ----a-w c:\windows\System32\wininet.dll 2009-03-08 11:34 43,008 ----a-w c:\windows\System32\licmgr10.dll 2009-03-08 11:33 420,352 ----a-w c:\windows\System32\vbscript.dll 2009-03-08 11:33 18,944 ----a-w c:\windows\System32\corpol.dll 2009-03-08 11:33 132,608 ----a-w c:\windows\System32\ieUnatt.exe 2009-03-08 11:33 109,568 ----a-w c:\windows\System32\PDMSetup.exe 2009-03-08 11:33 109,056 ----a-w c:\windows\System32\iesysprep.dll 2009-03-08 11:33 107,520 ----a-w c:\windows\System32\RegisterIEPKEYs.exe 2009-03-08 11:33 107,008 ----a-w c:\windows\System32\SetIEInstalledDate.exe 2009-03-08 11:33 103,936 ----a-w c:\windows\System32\SetDepNx.exe 2009-03-08 11:32 72,704 ----a-w c:\windows\System32\admparse.dll 2009-03-08 11:32 71,680 ----a-w c:\windows\System32\iesetup.dll 2009-03-08 11:32 66,560 ----a-w c:\windows\System32\wextract.exe 2009-03-08 11:32 169,472 ----a-w c:\windows\System32\iexpress.exe 2009-03-08 11:31 48,128 ----a-w c:\windows\System32\mshtmler.dll 2009-03-08 11:31 45,568 ----a-w c:\windows\System32\mshta.exe 2009-03-08 11:31 34,816 ----a-w c:\windows\System32\imgutil.dll 2009-03-08 11:22 156,160 ----a-w c:\windows\System32\msls31.dll 2009-03-05 19:51 --------- d-----w c:\program files\Opera 2009-03-02 22:12 --------- d-----w c:\program files\Google 2009-03-02 15:02 615,424 ----a-w c:\windows\System32\themeui.dll 2009-03-02 15:02 240,128 ----a-w c:\windows\System32\uxtheme.dll 2009-02-26 19:12 --------- d-----w c:\program files\Microsoft Silverlight 2009-02-24 11:53 --------- d-----w c:\programdata\Skype 2009-02-24 11:53 --------- d-----r c:\program files\Skype 2009-02-24 11:38 --------- d-----w c:\program files\Microsoft Works 2009-02-16 18:58 --------- d-----w c:\users\Laptop\AppData\Roaming\BESTplayer 2009-02-15 21:08 33,808 ----a-w c:\windows\system32\drivers\klbg.sys 2009-02-15 20:46 --------- d-----w c:\programdata\Spybot - Search & Destroy 2009-02-15 20:46 --------- d-----w c:\program files\Spybot - Search & Destroy 2009-02-15 14:09 22,328 ----a-w c:\windows\system32\drivers\PnkBstrK.sys 2009-02-15 14:09 103,736 ----a-w c:\windows\System32\PnkBstrB.exe 2009-02-09 22:35 --------- d-----w c:\program files\Nowe Gadu-Gadu 2009-02-06 13:53 --------- d-----w c:\program files\IEPro 2009-02-05 18:38 119,848 ----a-w c:\windows\System32\SilSupp.dll 2009-01-26 20:03 66,872 ----a-w c:\windows\System32\PnkBstrA.exe 2009-01-04 18:02 410,984 ----a-w c:\windows\System32\deploytk.dll 2008-07-09 21:35 56 ---ha-w c:\users\All Users\ezsidmv.dat 2008-07-09 21:35 56 ---ha-w c:\programdata\ezsidmv.dat 2008-01-21 02:43 174 --sha-w c:\program files\desktop.ini 2007-08-12 11:07 557,056 ----a-w c:\program files\lame.exe 2007-08-12 09:26 88,727 ----a-w c:\program files\history.html 2007-06-28 14:41 4,071 ----a-w c:\program files\contributors.html 2007-05-25 13:04 8,074 ----a-w c:\program files\id3.html 2007-05-25 13:04 2,218 ----a-w c:\program files\index.html 2006-04-29 18:46 179 ----a-w c:\program files\Free-Codecs.txt 2005-08-22 10:29 49,511 ----a-w c:\program files\switchs.html 2005-08-09 06:25 4,922 ----a-w c:\program files\basic.html 2005-08-09 06:25 1,705 ----a-w c:\program files\examples.html 2005-07-28 05:11 3,102 ----a-w c:\program files\presets.html 2004-08-27 05:03 2,288 ----a-w c:\program files\modes.html 2001-10-24 11:44 6,967 ----a-w c:\program files\node6.html 2000-12-03 22:00 732 ----a-w c:\program files\lame.css . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Nowe Gadu-Gadu"="c:\program files\Nowe Gadu-Gadu\gg.exe" [2009-02-27 9339496] "Google Update"="c:\users\Laptop\AppData\Local\Google\Update\GoogleUpdate.exe" [2008-12-30 133104] "eMuleAutoStart"="f:\emule\emule.exe" [2009-02-22 5668864] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "OSD"="c:\program files\C&E\OSD\osd.exe" [2007-07-10 557056] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-02-12 174872] "NvSvc"="c:\windows\system32\nvsvc.dll" [2007-05-22 86016] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-05-22 8433664] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-05-22 81920] "LXCCCATS"="c:\windows\system32\spool\DRIVERS\W32X86\3\LXCCtime.dll" [2007-02-22 73728] "lxccmon.exe"="c:\program files\Lexmark 3300 Series\lxccmon.exe" [2007-05-11 205744] "EzPrint"="c:\program files\Lexmark 3300 Series\ezprint.exe" [2007-05-11 103344] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152] "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-04 136600] "AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2009-02-15 206088] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696] "WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-03-09 37888] "RtHDVCpl"="RtHDVCpl.exe" [2007-05-10 c:\windows\RtHDVCpl.exe] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\progra~1\KASPER~1\KASPER~1\mzvkbd.dll c:\progra~1\KASPER~1\KASPER~1\mzvkbd3.dll c:\progra~1\KASPER~1\KASPER~1\adialhk.dll c:\progra~1\KASPER~1\KASPER~1\kloehk.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.i420"= i420vfw.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] --a------ 2006-12-23 19:05 143360 c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2006-01-12 16:40 155648 c:\program files\Common Files\Ahead\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL] --a------ 2006-11-22 11:31 630784 c:\program files\Motorola\SMSERIAL\sm56hlpr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender] --a------ 2008-01-21 04:23 1008184 c:\program files\Windows Defender\MSASCui.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2086174230-4289690797-2513951421-1000] "EnableNotificationsRef"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "TCP Query User{386E2864-7A76-493A-881E-6737B38614CA}c:\\program files\\skype\\phone\\skype.exe"= UDP:c:\program files\skype\phone\skype.exe:Onet.pl - Skype "UDP Query User{00C8230F-1770-40C9-8A41-602FF7907947}c:\\program files\\skype\\phone\\skype.exe"= TCP:c:\program files\skype\phone\skype.exe:Onet.pl - Skype "TCP Query User{52C7F2BB-2BD0-4907-9A40-82E301803BB0}f:\\emule\\emule.exe"= UDP:f:\emule\emule.exe:eMule "UDP Query User{CA5074AB-68C8-4AF7-8D20-9DE78E7DABFC}f:\\emule\\emule.exe"= TCP:f:\emule\emule.exe:eMule "{8E2215DF-3929-438D-BFF9-BECD09ACB510}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\lxccpswx.exe:Printer Status Window "{5D0C88CC-5BF2-40B5-BDEF-A08F27BA68AC}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\lxccpswx.exe:Printer Status Window "{3239DDAF-8E60-4875-83DC-EFF6583CCF42}"= UDP:c:\program files\Winamp Remote\bin\Orb.exe:Orb "{3F0806F9-78B3-42E7-B8FC-B10BB94E6795}"= TCP:c:\program files\Winamp Remote\bin\Orb.exe:Orb "{0AA606EF-4E84-4626-A83D-DBBAAA74BE9E}"= UDP:c:\program files\Winamp Remote\bin\OrbTray.exe:OrbTray "{9EEE64DB-2140-4B6F-9ED1-C8C0AB997CA6}"= TCP:c:\program files\Winamp Remote\bin\OrbTray.exe:OrbTray "{9C1B5F97-A64B-42BB-B7F8-3AD571C9217C}"= UDP:c:\program files\Winamp Remote\bin\OrbIR.exe:OrbIR "{C8548B7C-2FC7-49FF-9244-025E307E9340}"= TCP:c:\program files\Winamp Remote\bin\OrbIR.exe:OrbIR "{69ED2C58-2C25-488D-82D9-DC0D8C71A230}"= UDP:c:\program files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client "{190BACC0-C531-44FD-AA94-6BF5D2ED26BC}"= TCP:c:\program files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client "TCP Query User{286B635F-8FD2-4E73-B23D-49C259755927}c:\\program files\\nowe gadu-gadu\\gg.exe"= UDP:c:\program files\nowe gadu-gadu\gg.exe:Nowe Gadu-Gadu beta "UDP Query User{FD867EBD-3298-4C57-B575-B4E37B088E63}c:\\program files\\nowe gadu-gadu\\gg.exe"= TCP:c:\program files\nowe gadu-gadu\gg.exe:Nowe Gadu-Gadu beta "TCP Query User{69111F47-66E1-492B-83A5-1A53F7881DE6}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer "UDP Query User{615EF356-1308-4137-AB6A-C79D284B24FC}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer "{260A6843-7E36-483B-BE92-BEC06DE8F7CE}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{9890E7EA-2BFF-420A-9E27-9E735220F8DE}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{3C98D4D6-2A27-4D74-B81B-A3344C4747F8}"= c:\program files\Skype\Phone\Skype.exe:Skype "{491E7840-6121-4AED-8717-26EC169FFEA6}"= UDP:c:\windows\System32\lxcccoms.exe:Lexmark Communications System "{9F6D51A8-4E7A-4D87-AA41-3C21BDE12BBF}"= TCP:c:\windows\System32\lxcccoms.exe:Lexmark Communications System "{56A4266E-9D94-45C6-84A9-63A2FE79CE59}"= Disabled:UDP:e:\setup\HPZNUI01.EXE:hpznui01.exe "{187F11DE-7D1B-4C3C-9ACC-9C4D26D53484}"= Disabled:TCP:e:\setup\HPZNUI01.EXE:hpznui01.exe "{AD37D949-D65E-4638-A34B-3A87B5E05E93}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpqtra08.exe:hpqtra08.exe "{DA778BCD-FA86-401D-B0F6-7704F020174A}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpqtra08.exe:hpqtra08.exe "{FD7D6657-BBF2-4DEC-9CA2-E06B4C6DB2A9}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpqste08.exe:hpqste08.exe "{5F46B7DE-9D18-4CE9-9C64-F26409AFC333}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpqste08.exe:hpqste08.exe "{BB6E38CE-8B14-4841-85E1-1CBABD86B25E}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpofxm08.exe:hpofxm08.exe "{964C0714-A8A2-409E-A9EB-13BDB592C6A7}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpofxm08.exe:hpofxm08.exe "{BFF30B9C-3D09-47C1-B0C4-07CF4D3D1EE4}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hposfx08.exe:hposfx08.exe "{6C89C5DB-712A-4CBC-B9BE-EFA6186D0B61}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hposfx08.exe:hposfx08.exe "{48138B62-DD57-4434-AC33-7EFFA35A5783}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hposid01.exe:hposid01.exe "{3A69EA76-C469-4A25-80AE-96A95C6D7F20}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hposid01.exe:hposid01.exe "{46C63F37-FFD6-40BE-99BF-3ABF220F45CE}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpqkygrp.exe:hpqkygrp.exe "{F1035169-11AA-4A41-AC6B-F1F48740C16C}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpqkygrp.exe:hpqkygrp.exe "{8FE3FC4B-71F6-463F-9D1F-763C0844EAD9}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpzwiz01.exe:hpzwiz01.exe "{00B5B898-0615-4073-B554-94F817D71682}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpzwiz01.exe:hpzwiz01.exe "TCP Query User{2767DDDA-C606-4070-A04B-423FF65A3029}c:\\program files\\common files\\ahead\\nero web\\setupx.exe"= UDP:c:\program files\common files\ahead\nero web\setupx.exe:MSI starter "UDP Query User{45F7C29F-7D48-4F45-A26C-B66A32480A54}c:\\program files\\common files\\ahead\\nero web\\setupx.exe"= TCP:c:\program files\common files\ahead\nero web\setupx.exe:MSI starter "TCP Query User{A7A25341-866A-4BBB-B709-006B1EB44AC7}c:\\users\\laptop\\appdata\\local\\temp\\nero web\\setupxu.exe"= UDP:c:\users\laptop\appdata\local\temp\nero web\setupxu.exe:setupxu.exe "UDP Query User{32844D74-0933-4372-AC4E-0245A2DD39C3}c:\\users\\laptop\\appdata\\local\\temp\\nero web\\setupxu.exe"= TCP:c:\users\laptop\appdata\local\temp\nero web\setupxu.exe:setupxu.exe "{EDB24A59-2CBE-453F-8CD8-F001A349D390}"= UDP:c:\program files\ALLPlayer\ALLPlayer.exe:ALLPlayer V3.6 "{71C8888F-189E-4EEF-9440-DC47CD058005}"= TCP:c:\program files\ALLPlayer\ALLPlayer.exe:ALLPlayer V3.6 "TCP Query User{5009CEDA-38E4-4810-B9B8-B8FED604F0A3}c:\\program files\\ipla\\ipla.exe"= Disabled:UDP:c:\program files\ipla\ipla.exe:ipla "UDP Query User{0679F1E3-FF97-43EC-921D-DBEF310C3739}c:\\program files\\ipla\\ipla.exe"= Disabled:TCP:c:\program files\ipla\ipla.exe:ipla "{92A77583-BDB9-4466-959B-D67F93C5D280}"= UDP:d:\dokumenty\SKRÓTY\BESTplayer.exe:BESTplayer "{5DCAC31D-1200-4BE2-B267-832D7FB916D5}"= TCP:d:\dokumenty\SKRÓTY\BESTplayer.exe:BESTplayer "TCP Query User{A8DCA954-131D-4318-84A7-4BA5F836C548}c:\\program files\\common files\\nokia\\service layer\\a\\nsl_host_process.exe"= UDP:c:\program files\common files\nokia\service layer\a\nsl_host_process.exe:Nokia Service Layer Host Process "UDP Query User{FDFF216A-C11F-4A44-A740-82C337A8FE39}c:\\program files\\common files\\nokia\\service layer\\a\\nsl_host_process.exe"= TCP:c:\program files\common files\nokia\service layer\a\nsl_host_process.exe:Nokia Service Layer Host Process "TCP Query User{7CC2DE6C-CB2F-4042-B1DC-5108C4FD5468}c:\\program files\\nokia\\nokia software updater\\nsu_ui_client.exe"= UDP:c:\program files\nokia\nokia software updater\nsu_ui_client.exe:Nokia Software Updater "UDP Query User{F8263D1F-9B0D-424F-BD17-2F198A665650}c:\\program files\\nokia\\nokia software updater\\nsu_ui_client.exe"= TCP:c:\program files\nokia\nokia software updater\nsu_ui_client.exe:Nokia Software Updater "{95CEDC89-82F3-424C-BE48-B3453D508566}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile] "DoNotAllowExceptions"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List] "c:\\Program Files\\IEPro\\MiniDM.exe"= c:\program files\IEPro\MiniDM.exe:*:Enabled:MiniDM R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\System32\drivers\klbg.sys [2008-01-29 33808] R0 Si3531;SiI-3531 SATA Controller;c:\windows\System32\drivers\Si3531.sys [2009-02-05 212520] R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\System32\drivers\klim6.sys [2008-07-09 20496] R2 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656] R3 itecir;ITECIR Infrared Receiver;c:\windows\System32\drivers\itecir.sys [2008-07-03 46592] R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\System32\drivers\klfltdev.sys [2008-03-13 26640] S2 ELOADER;General Purpose USB Driver (adildr.sys);c:\windows\System32\drivers\adildr.sys [2008-07-04 56088] S3 BthAvrcp;Profil AVRCP Bluetooth;c:\windows\System32\drivers\BthAvrcp.sys [2008-07-10 15872] S3 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [2009-03-31 55280] S3 fsssvc;Bezpieczeństwo rodzinne usługi Windows Live;c:\program files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360] S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\System32\drivers\nmwcdnsu.sys [2008-02-01 138112] S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\System32\drivers\nmwcdnsuc.sys [2008-02-01 8320] S3 WSDPrintDevice;Obsługa drukowania WSD za pośrednictwem bloku pamięci górnej;c:\windows\System32\drivers\WSDPrint.sys [2008-01-21 16896] --- Inne Usługi/Sterowniki w Pamięci --- *NewlyCreated* - MBAMSWISSARMY *Deregistered* - MBAMSwissArmy [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc HPService REG_MULTI_SZ HPSLPSVC [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{76383969-fe7a-11dd-8069-b436a4003508}] \shell\AutoRun\command - G:\AutoRun.exe [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP . Zawartość folderu 'Zaplanowane zadania' 2009-03-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2086174230-4289690797-2513951421-1000.job - c:\users\Laptop\AppData\Local\Google\Update\GoogleUpdate.exe [2008-12-30 21:11] 2009-03-31 c:\windows\Tasks\User_Feed_Synchronization-{468D4863-301B-45D7-B757-1A9A8FC3EEAD}.job - c:\windows\system32\msfeedssync.exe [2009-03-08 13:31] . . ------- Skan uzupełniający ------- . uStart Page = hxxp://www.onet.pl/ IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 IE: {{000002a3-84fe-43f1-b958-f2c3ca804f1a} - {CD275D4E-791A-4993-9D4D-6A071EDD2709} - c:\program files\IEPro\iepro.dll TCP: {17FE983C-3C50-4B2E-8E09-EAFD8B44B768} = 194.204.159.1 217.98.63.164 DPF: {1E53EA77-34F2-474E-9046-B2B0C86F1821} - hxxp://www.eska.pl/streamplayers/OggX.ocx FF - ProfilePath - c:\users\Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\kf671xau.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.onet.pl/ FF - component: c:\program files\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll FF - plugin: c:\program files\K-Lite Codec Pack\Media Player Classic\Netscape6\nppl3260.dll FF - plugin: c:\program files\K-Lite Codec Pack\Media Player Classic\Netscape6\nprjplug.dll FF - plugin: c:\program files\K-Lite Codec Pack\Media Player Classic\Netscape6\nprpjplug.dll FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll FF - plugin: c:\program files\Opera\program\plugins\nppl3260.dll FF - plugin: c:\program files\Opera\program\plugins\nprpjplug.dll FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: c:\users\Laptop\AppData\Local\Google\Update\1.2.141.5\npGoogleOneClick7.dll . ************************************************************************** catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-03-31 22:50:56 Windows 6.0.6001 Service Pack 1 NTFS skanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run LXCCCATS = rundll32 c:\windows\system32\spool\DRIVERS\W32X86\3\LXCCtime.dll,_RunDLLEntry@16??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? skanowanie ukrytych plików ... skanowanie pomyślnie ukończone ukryte pliki: 0 ************************************************************************** . Czas ukończenia: 2009-03-31 22:54:09 ComboFix-quarantined-files.txt 2009-03-31 20:54:06 Przed: 14 426 644 480 bajtów wolnych Po: 16,182,116,352 bajtów wolnych Current=1 Default=1 Failed=0 LastKnownGood=10 Sets=1,2,3,4,5,6,7,8,9,10 335 --- E O F --- 2009-03-31 08:43:51 log hijachthis Logfile of Trend Micro HijackThis v2.0.2Scan saved at 23:01:50, on 2009-03-31 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe C:\Windows\system32\spool\DRIVERS\W32X86\3\lxccjswx.exe C:\Windows\system32\conime.exe C:\Windows\Explorer.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Windows\system32\SearchFilterHost.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: Idea2 SidebarBrowserMonitor Class - {45AD732C-2CE2-4666-B366-B2214AD57A49} - C:\Program Files\Desktop Sidebar\sbhelp.dll O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Pomocnik rejestracji usługi Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [OSD] C:\Program Files\C&E\OSD\osd.exe O4 - HKLM\..\Run: [iAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [LXCCCATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\LXCCtime.dll,_RunDLLEntry@16 O4 - HKLM\..\Run: [lxccmon.exe] "C:\Program Files\Lexmark 3300 Series\lxccmon.exe" O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 3300 Series\ezprint.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKCU\..\Run: [Nowe Gadu-Gadu] "C:\Program Files\Nowe Gadu-Gadu\gg.exe" O4 - HKCU\..\Run: [Google Update] "C:\Users\Laptop\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [eMuleAutoStart] F:\eMule\emule.exe -AutoStart O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll O9 - Extra 'Tools' menuitem: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll O9 - Extra button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll O9 - Extra 'Tools' menuitem: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll O9 - Extra button: Statystyki ochrony WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll O9 - Extra button: Wpis w blogu - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Wpis w blogu w Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: Zaznaczanie HP Smart - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O13 - Gopher Prefix: O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab O16 - DPF: {1E53EA77-34F2-474E-9046-B2B0C86F1821} (OggX Control) - http://www.eska.pl/streamplayers/OggX.ocx O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1223054121928 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1223054797661 O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) - http://bok.plusgsm.pl/rnt/rnl/java/RntX.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{17FE983C-3C50-4B2E-8E09-EAFD8B44B768}: NameServer = 194.204.159.1 217.98.63.164 O17 - HKLM\System\CS1\Services\Tcpip\..\{17FE983C-3C50-4B2E-8E09-EAFD8B44B768}: NameServer = 194.204.159.1 217.98.63.164 O17 - HKLM\System\CS3\Services\Tcpip\..\{17FE983C-3C50-4B2E-8E09-EAFD8B44B768}: NameServer = 194.204.159.1 217.98.63.164 O17 - HKLM\System\CS5\Services\Tcpip\..\{17FE983C-3C50-4B2E-8E09-EAFD8B44B768}: NameServer = 194.204.159.1 217.98.63.164 O17 - HKLM\System\CS6\Services\Tcpip\..\{17FE983C-3C50-4B2E-8E09-EAFD8B44B768}: NameServer = 194.204.159.1 217.98.63.164 O17 - HKLM\System\CS8\Services\Tcpip\..\{17FE983C-3C50-4B2E-8E09-EAFD8B44B768}: NameServer = 194.204.159.1 217.98.63.164 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: lxcc_device - - C:\Windows\system32\lxcccoms.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- End of file - 9816 bytes log silent runners "Silent Runners.vbs", revision 59, http://www.silentrunners.org/Operating System: Windows Vista Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} "Nowe Gadu-Gadu" = ""C:\Program Files\Nowe Gadu-Gadu\gg.exe"" ["GG Network S.A."] "Google Update" = ""C:\Users\Laptop\AppData\Local\Google\Update\GoogleUpdate.exe" /c" ["Google Inc."] "eMuleAutoStart" = "F:\eMule\emule.exe -AutoStart" ["http://www.emule-project.net] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "RtHDVCpl" = "RtHDVCpl.exe" ["Realtek Semiconductor"] "OSD" = "C:\Program Files\C&E\OSD\osd.exe" ["C&E"] "IAAnotif" = ""C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"" ["Intel Corporation"] "NvSvc" = "RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart" [MS] "NvCplDaemon" = "RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup" [MS] "NvMediaCenter" = "RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit" [MS] "LXCCCATS" = "rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\LXCCtime.dll,_RunDLLEntry@16" [MS] "lxccmon.exe" = ""C:\Program Files\Lexmark 3300 Series\lxccmon.exe"" ["Lexmark International, Inc."] "EzPrint" = ""C:\Program Files\Lexmark 3300 Series\ezprint.exe"" ["Lexmark International Inc."] "HP Software Update" = "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" ["Hewlett-Packard"] "NeroFilterCheck" = "C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" ["Nero AG"] "SunJavaUpdateSched" = ""C:\Program Files\Java\jre6\bin\jusched.exe"" ["Sun Microsystems, Inc."] "AVP" = ""C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"" ["Kaspersky Lab"] "QuickTime Task" = ""C:\Program Files\QuickTime\QTTask.exe" -atboottime" ["Apple Inc."] "Adobe Reader Speed Launcher" = ""C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"" ["Adobe Systems Incorporated"] "WinampAgent" = ""C:\Program Files\Winamp\winampa.exe"" [null data] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {00011268-E188-40DF-A514-835FCD78B1BF}\(Default) = "IE7Pro" -> {HKLM...CLSID} = "IE7Pro BHO" \InProcServer32\(Default) = "C:\Program Files\IEPro\iepro.dll" ["IE7Pro.com"] {18DF081C-E8AD-4283-A596-FA578C2EBDC3}\(Default) = "AcroIEHelperStub" -> {HKLM...CLSID} = "Adobe PDF Link Helper" \InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll" ["Adobe Systems Incorporated"] {22BF413B-C6D2-4d91-82A9-A0F997BA588C}\(Default) = "Skype add-on (mastermind)" -> {HKLM...CLSID} = "Skype add-on (mastermind)" \InProcServer32\(Default) = "C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll" ["Skype Technologies S.A."] {45AD732C-2CE2-4666-B366-B2214AD57A49}\(Default) = "Idea2 SidebarBrowserMonitor Class" -> {HKLM...CLSID} = "Idea2 SidebarBrowserMonitor Class" \InProcServer32\(Default) = "C:\Program Files\Desktop Sidebar\sbhelp.dll" ["Idea2"] {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}\(Default) = "IEVkbdBHO" -> {HKLM...CLSID} = "IEVkbdBHO Class" \InProcServer32\(Default) = "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll" ["Kaspersky Lab"] {6EBF7485-159F-4bff-A14F-B9E3AAC4465B}\(Default) = "Search Helper" -> {HKLM...CLSID} = "Search Helper" \InProcServer32\(Default) = "C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll" [MS] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided) -> {HKLM...CLSID} = "SSVHelper Class" \InProcServer32\(Default) = "C:\Program Files\Java\jre6\bin\ssv.dll" ["Sun Microsystems, Inc."] {9030D464-4C02-4ABF-8ECC-5164760863C6}\(Default) = (no title provided) -> {HKLM...CLSID} = "Pomocnik rejestracji usługi Windows Live" \InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll" [MS] {DBC80044-A445-435b-BC74-9C25C1C588A9}\(Default) = (no title provided) -> {HKLM...CLSID} = "Java Plug-In 2 SSV Helper" \InProcServer32\(Default) = "C:\Program Files\Java\jre6\bin\jp2ssv.dll" ["Sun Microsystems, Inc."] {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}\(Default) = (no title provided) -> {HKLM...CLSID} = "Windows Live Toolbar Helper" \InProcServer32\(Default) = "C:\Program Files\Windows Live\Toolbar\wltcore.dll" [MS] {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}\(Default) = "HP Smart BHO Class" -> {HKLM...CLSID} = "HP Smart BHO Class" \InProcServer32\(Default) = "C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll" ["Hewlett-Packard Co."] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ "{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class" -> {HKLM...CLSID} = "DesktopContext Class" \InProcServer32\(Default) = "C:\Windows\system32\nvcpl.dll" ["NVIDIA Corporation"] "{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper" -> {HKLM...CLSID} = "NVIDIA CPL Extension" \InProcServer32\(Default) = "C:\Windows\system32\nvcpl.dll" ["NVIDIA Corporation"] "{B327765E-D724-4347-8B16-78AE18552FC3}" = "NeroDigitalIconHandler" -> {HKLM...CLSID} = "NeroDigitalIconHandler Class" \InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"] "{7F1CF152-04F8-453A-B34C-E609530A9DC8}" = "NeroDigitalPropSheetHandler" -> {HKLM...CLSID} = "NeroDigitalPropSheetHandler Class" \InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"] "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] "{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player" -> {HKLM...CLSID} = "RealOne Player Context Menu Class" \InProcServer32\(Default) = "C:\Program Files\K-Lite Codec Pack\Media Player Classic\rpshell.dll" ["RealNetworks, Inc."] "{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}" = "UnlockerShellExtension" -> {HKLM...CLSID} = "UnlockerShellExtension" \InProcServer32\(Default) = "C:\Program Files\Unlocker\UnlockerCOM.dll" [null data] "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" = "OpenOffice.org Column Handler" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = ""C:\Program Files\OpenOffice.ux.pl 3\Basis\program\shlxthdl\shlxthdl.dll"" ["Sun Microsystems, Inc."] "{087B3AE3-E237-4467-B8DB-5A38AB959AC9}" = "OpenOffice.org Infotip Handler" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = ""C:\Program Files\OpenOffice.ux.pl 3\Basis\program\shlxthdl\shlxthdl.dll"" ["Sun Microsystems, Inc."] "{63542C48-9552-494A-84F7-73AA6A7C99C1}" = "OpenOffice.org Property Sheet Handler" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = ""C:\Program Files\OpenOffice.ux.pl 3\Basis\program\shlxthdl\shlxthdl.dll"" ["Sun Microsystems, Inc."] "{3B092F0C-7696-40E3-A80F-68D74DA84210}" = "OpenOffice.org Thumbnail Viewer" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = ""C:\Program Files\OpenOffice.ux.pl 3\Basis\program\shlxthdl\shlxthdl.dll"" ["Sun Microsystems, Inc."] "{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97}" = "Microsoft Office Thumbnail Handler" -> {HKLM...CLSID} = "Microsoft Office Thumbnail Handler" \InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS] "{993BE281-6695-4BA5-8A2A-7AACBFAAB69E}" = "Microsoft Office Metadata Handler" -> {HKLM...CLSID} = "Microsoft Office Metadata Handler" \InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS] "{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\msohevi.dll" [MS] "{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C}" = "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" -> {HKLM...CLSID} = "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\Office12\ONFILTER.DLL" [MS] "{85E0B171-04FA-11D1-B7DA-00A0C90348D6}" = "Statystyki ochrony WWW" -> {HKLM...CLSID} = "Statystyki ochrony WWW" \InProcServer32\(Default) = "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll" ["Kaspersky Lab"] "{416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A}" = "Nokia Phone Browser" -> {HKLM...CLSID} = "Nokia Phone Browser" \InProcServer32\(Default) = "C:\Program Files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll" ["Nokia"] "{F2185E5D-720E-4956-90D9-75F6AC141575}" = "Idea2 SidebarIconHandler Class" -> {HKLM...CLSID} = "SidebarIconHandler Class" \InProcServer32\(Default) = "C:\Program Files\Desktop Sidebar\sbhelp.dll" ["Idea2"] "{11016101-E366-4D22-BC06-4ADA335C892B}" = "IE History and Feeds Shell Data Source for Windows Search" -> {HKLM...CLSID} = "IE History and Feeds Shell Data Source for Windows Search" \InProcServer32\(Default) = "C:\Windows\System32\ieframe.dll" [MS] "{0563DB41-F538-4B37-A92D-4659049B7766}" = "WLMD Message Handler" -> {HKLM...CLSID} = "CLSID_WLMCMimeFilter" \InProcServer32\(Default) = "C:\Program Files\Windows Live\Mail\mailcomm.dll" [MS] "{00F33137-EE26-412F-8D71-F84E4C2C6625}" = (no title provided) -> {HKLM...CLSID} = "Windows Live Photo Gallery Viewer Autoplay Shim" \InProcServer32\(Default) = "C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll" [MS] "{00F346CB-35A4-465B-8B8F-65A29DBAB1F6}" = "Windows Live Photo Gallery Viewer Drop Target Shim" -> {HKLM...CLSID} = "Windows Live Photo Gallery Viewer Shim" \InProcServer32\(Default) = "C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll" [MS] "{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D}" = "Windows Live Photo Gallery Editor Drop Target Shim" -> {HKLM...CLSID} = "Windows Live Photo Gallery Editor Shim" \InProcServer32\(Default) = "C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll" [MS] "{00F30F90-3E96-453B-AFCD-D71989ECC2C7}" = "Windows Live Photo Gallery Autoplay Drop Target Shim" -> {HKLM...CLSID} = "Windows Live Photo Gallery Viewer Autoplay Shim" \InProcServer32\(Default) = "C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll" [MS] HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\ <<!>> text/xml\CLSID = "{807563E5-5146-11D5-A672-00B0D022E945}" -> {HKLM...CLSID} = "Microsoft Office InfoPath XML Mime Filter" \InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL" [MS] HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\ {7D4D6379-F301-4311-BEBA-E26EB0561882}\(Default) = "NeroDigitalExt.NeroDigitalColumnHandler" -> {HKLM...CLSID} = "NeroDigitalColumnHandler Class" \InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"] {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\(Default) = "OpenOffice.org Column Handler" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = ""C:\Program Files\OpenOffice.ux.pl 3\Basis\program\shlxthdl\shlxthdl.dll"" ["Sun Microsystems, Inc."] {F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info" -> {HKLM...CLSID} = "PDF Shell Extension" \InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."] HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\ Kaspersky Anti-Virus\(Default) = "{dd230880-495a-11d1-b064-008048ec2fc5}" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ShellEx.dll" ["Kaspersky Lab"] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\ Kaspersky Anti-Virus\(Default) = "{dd230880-495a-11d1-b064-008048ec2fc5}" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ShellEx.dll" ["Kaspersky Lab"] MBAMShlExt\(Default) = "{57CE581A-0CB6-4266-9CA0-19364C90A0B3}" -> {HKLM...CLSID} = "MBAMShlExt Class" \InProcServer32\(Default) = "C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll" ["Malwarebytes Corporation"] UnlockerShellExtension\(Default) = "{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}" -> {HKLM...CLSID} = "UnlockerShellExtension" \InProcServer32\(Default) = "C:\Program Files\Unlocker\UnlockerCOM.dll" [null data] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\ MBAMShlExt\(Default) = "{57CE581A-0CB6-4266-9CA0-19364C90A0B3}" -> {HKLM...CLSID} = "MBAMShlExt Class" \InProcServer32\(Default) = "C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll" ["Malwarebytes Corporation"] UnlockerShellExtension\(Default) = "{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}" -> {HKLM...CLSID} = "UnlockerShellExtension" \InProcServer32\(Default) = "C:\Program Files\Unlocker\UnlockerCOM.dll" [null data] Default executables: -------------------- <<!>> HKLM\SOFTWARE\Classes\.com\(Default) = "ComFile" Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\ "NoDrives" = (REG_DWORD) dword:0x00000000 {unrecognized setting} HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ "NoDrives" = (REG_DWORD) dword:0x00000000 {unrecognized setting} HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ "ConsentPromptBehaviorAdmin" = (REG_DWORD) dword:0x00000000 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| User Account Control: Behavior Of The Elevation Prompt For Administrators In Admin Approval Mode} "ConsentPromptBehaviorUser" = (REG_DWORD) dword:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| User Account Control: Behavior Of The Elevation Prompt For Standard Users} "EnableInstallerDetection" = (REG_DWORD) dword:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| User Account Control: Detect Application Installations And Prompt For Elevation} "EnableLUA" = (REG_DWORD) dword:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| User Account Control: Run All Administrators In Admin Approval Mode} "EnableSecureUIAPaths" = (REG_DWORD) dword:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| User Account Control: Only elevate UIAccess applications that are installed in secure locations} "EnableVirtualization" = (REG_DWORD) dword:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| User Account Control: Virtualize file and registry write failures to per-user locations} "PromptOnSecureDesktop" = (REG_DWORD) dword:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| User Account Control: Switch to the secure desktop when prompting for elevation} "shutdownwithoutlogon" = (REG_DWORD) dword:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Shutdown: Allow system to be shut down without having to log on} "undockwithoutlogon" = (REG_DWORD) dword:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Devices: Allow undock without having to log on} "FilterAdministratorToken" = (REG_DWORD) dword:0x00000000 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| User Account Control: Admin Approval Mode for the Built-in Administrator Account} "EnableUIADesktopToggle" = (REG_DWORD) dword:0x00000000 {unrecognized setting} "DisableRegistryTools" = (REG_DWORD) dword:0x00000000 {unrecognized setting} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ "Wallpaper" = "C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows Photo Gallery\Tapeta z Galerii fotografii systemu Windows.jpg" Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ "Wallpaper" = "C:\Users\Laptop\AppData\Roaming\Microsoft\Windows Photo Gallery\Tapeta z Galerii fotografii systemu Windows.jpg" Windows Portable Device AutoPlay Handlers ----------------------------------------- HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ LightScribeOnArrivalAP\ "Provider" = "LightScribe Direct Disc Labeling" "InvokeProgID" = "LightScribe.AutoPlayHandler" "InvokeVerb" = "LabelLightScribeDisc" HKLM\SOFTWARE\Classes\LightScribe.AutoPlayHandler\shell\LabelLightScribeDisc\command\(Default) = "C:\Program Files\Common Files\LightScribe\LsLauncher.exe" ["Hewlett-Packard Company"] MPCPlayCDAudioOnArrival\ "Provider" = "Media Player Classic" "InvokeProgID" = "MediaPlayerClassic.Autorun" "InvokeVerb" = "PlayCDAudio" HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayCDAudio\command\(Default) = ""C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe" %1 /cd" ["Gabest"] MPCPlayDVDMovieOnArrival\ "Provider" = "Media Player Classic" "InvokeProgID" = "MediaPlayerClassic.Autorun" "InvokeVerb" = "PlayDVDMovie" HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayDVDMovie\command\(Default) = ""C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe" %1 /dvd" ["Gabest"] MPCPlayMusicFilesOnArrival\ "Provider" = "Media Player Classic" "InvokeProgID" = "MediaPlayerClassic.Autorun" "InvokeVerb" = "PlayMusicFiles" HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayMusicFiles\command\(Default) = ""C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe" %1" ["Gabest"] MPCPlayVideoFilesOnArrival\ "Provider" = "Media Player Classic" "InvokeProgID" = "MediaPlayerClassic.Autorun" "InvokeVerb" = "PlayVideoFiles" HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayVideoFiles\command\(Default) = ""C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe" %1" ["Gabest"] MSLivePhotoAcqHWEventHandler\ "Provider" = "@%ProgramFiles%\Windows Live\Photo Gallery\regres.dll,-10;pl-pl.8064.0206" "ProgID" = "Microsoft.LivePhotoAcqHWEventHandler" HKLM\SOFTWARE\Classes\Microsoft.LivePhotoAcqHWEventHandler\CLSID\(Default) = "{3BD0ACD1-71CA-4475-92CC-E0AA0AAF843F}" -> {HKLM...CLSID} = (no title provided) \LocalServer32\(Default) = "C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe" [MS] MSLivePhotoAcquireDropHandler\ "Provider" = "@%ProgramFiles%\Windows Live\Photo Gallery\regres.dll,-10;pl-pl.8064.0206" "InvokeProgID" = "Microsoft.LivePhotoAcqDTShim.1" "InvokeVerb" = "open" HKLM\SOFTWARE\Classes\Microsoft.LivePhotoAcqDTShim.1\shell\open\DropTarget\CLSID = "{00F33137-EE26-412F-8D71-F84E4C2C6625}" -> {HKLM...CLSID} = "Windows Live Photo Gallery Viewer Autoplay Shim" \InProcServer32\(Default) = "C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll" [MS] MSLiveShowPicturesOnArrival\ "Provider" = "@%ProgramFiles%\Windows Live\Photo Gallery\regres.dll,-10;pl-pl.8064.0206" "InvokeProgID" = "Microsoft.Photos.LiveAutoplayShim.1" "InvokeVerb" = "open" HKLM\SOFTWARE\Classes\Microsoft.Photos.LiveAutoplayShim.1\shell\open\DropTarget\CLSID = "{00F30F90-3E96-453B-AFCD-D71989ECC2C7}" -> {HKLM...CLSID} = "Windows Live Photo Gallery Viewer Autoplay Shim" \InProcServer32\(Default) = "C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll" [MS] MSLiveVideoCameraArrivalCaptureWizard\ "Provider" = "@%ProgramFiles%\Windows Live\Photo Gallery\regres.dll,-10" "ProgID" = "WLXAutoPlayMgr.WLXHWEventHandler" "InitCmdLine" = "WLXVideoAcquireWizard" HKLM\SOFTWARE\Classes\WLXAutoPlayMgr.WLXHWEventHandler\CLSID\(Default) = "{9B5C97F6-B3A5-4A6D-8B03-993EC7291A22}" -> {HKLM...CLSID} = "WLXWEventHandler Class" \LocalServer32\(Default) = ""C:\Program Files\Windows Live\Photo Gallery\WLXVideoCameraAutoPlayManager.exe"" [MS] MSPlayCDAudioOnArrival\ "Provider" = "ALLPlayer" "InvokeProgID" = "AllPlayerFile" "InvokeVerb" = "play" HKLM\SOFTWARE\Classes\AllPlayerFile\shell\play\command\(Default) = ""C:\Program Files\ALLPlayer\ALLPlayer.exe" "%1"" ["ALLPlayer"] NeroAutoPlay7CDAudio\ "Provider" = "Nero Express Essentials" "InvokeProgID" = "Nero.AutoPlay7" "InvokeVerb" = "CDAudio_HandleCDBurningOnArrival" HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\CDAudio_HandleCDBurningOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Core\nero.exe -w /New:AudioCD" ["Nero AG"] NeroAutoPlay7CopyCD\ "Provider" = "Nero Express Essentials" "InvokeProgID" = "Nero.AutoPlay7" "InvokeVerb" = "CopyCD_PlayMusicFilesOnArrival" HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\CopyCD_PlayMusicFilesOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Core\nero.exe -w /New:DiscCopy" ["Nero AG"] NeroAutoPlay7DataDisc\ "Provider" = "Nero Express Essentials" "InvokeProgID" = "Nero.AutoPlay7" "InvokeVerb" = "DataDisc_HandleCDBurningOnArrival" HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\DataDisc_HandleCDBurningOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Core\nero.exe -w /New:ISODisc" ["Nero AG"] NeroAutoPlay7LaunchNeroStartSmart\ "Provider" = "Nero StartSmart Essentials" "InvokeProgID" = "Nero.AutoPlay7" "InvokeVerb" = "LaunchNeroStartSmart_HandleCDBurningOnArrival" HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\LaunchNeroStartSmart_HandleCDBurningOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Nero StartSmart\NeroStartSmart.exe /AutoPlay" ["Nero AG"] NeroAutoPlay7PlayAudioCD\ "Provider" = "Nero ShowTime Essentials" "InvokeProgID" = "Nero.AutoPlay7" "InvokeVerb" = "PlayAudioCD_PlayMusicFilesOnArrival" HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\PlayAudioCD_PlayMusicFilesOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe /Play %L" ["Nero AG"] NeroAutoPlay7PlayDVD\ "Provider" = "Nero ShowTime Essentials" "InvokeProgID" = "Nero.AutoPlay7" "InvokeVerb" = "PlayDVD_PlayVideoFilesOnArrival" HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\PlayDVD_PlayVideoFilesOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe /Play %L" ["Nero AG"] NeroAutoPlay7TranscodeVideo\ "Provider" = "Nero Recode Essentials" "InvokeProgID" = "Nero.AutoPlay7" "InvokeVerb" = "TranscodeVideo_PlayDVDMovieOnArrival" HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\TranscodeVideo_PlayDVDMovieOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Nero Recode\Recode.exe /New:CopyDVDVideo" ["Nero AG"] NeroAutoPlay7VideoCapture\ "Provider" = "Nero Vision Essentials" "ProgID" = "Shell.HWEventHandlerShellExecute" "InitCmdLine" = ""C:\Program Files\Nero\Nero 7\Nero Vision\NeroVision.exe" /New:VideoCapture" HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = "{FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" -> {HKLM...CLSID} = "Shell Execute Hardware Event Handler" \LocalServer32\(Default) = "C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" [MS] NeroAutoPlay7ViewPhotos\ "Provider" = "Nero PhotoSnap Viewer Essentials" "InvokeProgID" = "Nero.AutoPlay7" "InvokeVerb" = "ViewPhotos_ShowPicturesOnArrival" HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\ViewPhotos_ShowPicturesOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Nero PhotoSnap\PhotoSnapViewer.exe /" ["Nero AG"] NMMPlayCDAudioOnArrival\ "Provider" = "Nokia Music Manager" "InvokeProgID" = "NokiaMusicManager" "InvokeVerb" = "NMMPlayCD" HKLM\SOFTWARE\Classes\NokiaMusicManager\shell\NMMPlayCD\command\(Default) = "C:\Program Files\Nokia\Nokia PC Suite 7\MusicManager.exe /playCD "%L"" ["Nokia"] NMMRipCDAudioOnArrival\ "Provider" = "Nokia Music Manager" "InvokeProgID" = "NokiaMusicManager" "InvokeVerb" = "NMMRipCD" HKLM\SOFTWARE\Classes\NokiaMusicManager\shell\NMMRipCD\command\(Default) = "C:\Program Files\Nokia\Nokia PC Suite 7\MusicManager.exe /ripCD "%L"" ["Nokia"] NTIBurner\ "Provider" = "NTI CD-Maker" "InvokeProgID" = "NTIBurnerOpen" "InvokeVerb" = "open" HKLM\SOFTWARE\Classes\NTIBurnerOpen\shell\open\command\(Default) = ""C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\Cdmkr32.exe"" ["NewTech Infosystems, Inc."] WinampMTPHandler\ "Provider" = "Winamp" "ProgID" = "Shell.HWEventHandlerShellExecute" "InitCmdLine" = "C:\Program Files\Winamp\winamp.exe" HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = "{FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" -> {HKLM...CLSID} = "Shell Execute Hardware Event Handler" \LocalServer32\(Default) = "C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" [MS] WinampPlayMediaOnArrival\ "Provider" = "Winamp" "InvokeProgID" = "Winamp.File" "InvokeVerb" = "Play" HKLM\SOFTWARE\Classes\Winamp.File\shell\Play\command\(Default) = ""C:\Program Files\Winamp\winamp.exe" "%1"" ["Nullsoft"] HKLM\SOFTWARE\Classes\Winamp.File\shell\Play\DropTarget\CLSID = "{46986115-84D6-459c-8F95-52DD653E532E}" -> {HKLM...CLSID} = (no title provided) \LocalServer32\(Default) = ""C:\Program Files\Winamp\winamp.exe"" ["Nullsoft"] mbam_log_2009_03_31__14_52_56_.txt mbam_log_2009_03_31__22_36_26_.txt
Gość komentarz 1 kwietnia 2009 komentarz 1 kwietnia 2009 W logach nic nie ma ciekawego. Do Notatnika wklej: Windows Registry Editor Version 5.00[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"=-"EnableUIADesktopToggle"=- Z menu Notatnika >>> Plik >>> Zapisz jako >>> Ustaw rozszerzenie na: "Wszystkie pliki" >>> Zapisz jako FIX.REG>>> plik uruchom (dwuklik i OK- zgódź się na dodanie do Rejestru). Zrestartuj komputer. Wykonaj optymalizację systemu .
Rafał-85 komentarz 1 kwietnia 2009 Autor komentarz 1 kwietnia 2009 (edytowane) To juz przestaje byc smieszne, moze to ten zmasowany atak wirusow na 1 kwietnia. co drugie uruchomienie komputera jest dobre, a jak nie jest dobre to znowu wyglad Windowsa 98, komunikat nr 1 z pierwszego postu... same problemy. programy startowe po odznaczeniu wrciy po ponownym uruchomieniu systemu:(
Gość komentarz 1 kwietnia 2009 komentarz 1 kwietnia 2009 Nie możliwe, żeby Conficker to zrobił, w logu z ComboFixa widać było by jego ślady, a ich nie ma. Przeskanuj tym: Dr.WEB CureIt!. .
Rafał-85 komentarz 1 kwietnia 2009 Autor komentarz 1 kwietnia 2009 najnowszy log Combofix'a ComboFix 09-03-31.02 - Laptop 2009-04-01 9:57:05.3 - NTFSx86Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1250.1.1045.18.2046.1305 [GMT 2:00] Uruchomiony z: D:\ComboFix.exe AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) FW: Kaspersky Internet Security *disabled* * Utworzono nowy punkt przywracania . ((((((((((((((((((((((((( Pliki utworzone od 2009-03-01 do 2009-04-01 ))))))))))))))))))))))))))))))) . 2009-03-31 20:17 . 2009-03-31 20:19 <DIR> d-------- C:\Winamp 2009-03-31 20:15 . 2009-04-01 09:53 <DIR> d-------- C:\Default 2009-03-31 20:10 . 2009-03-31 20:11 <DIR> d-------- C:\Nowe Gadu-Gadu 2009-03-31 10:43 . 2009-03-31 10:48 <DIR> d-------- c:\users\Laptop\Tracing 2009-03-31 10:41 . 2009-03-31 10:41 <DIR> d-------- c:\program files\Microsoft Sync Framework 2009-03-31 10:41 . 2009-02-06 18:08 55,280 --a------ c:\windows\System32\drivers\fssfltr.sys 2009-03-31 10:40 . 2009-03-31 10:40 <DIR> d-------- c:\program files\Microsoft SQL Server Compact Edition 2009-03-31 10:40 . 2006-11-29 13:06 3,426,072 --a------ c:\windows\System32\d3dx9_32.dll 2009-03-31 10:39 . 2009-03-31 10:39 <DIR> d-------- c:\program files\Windows Live SkyDrive 2009-03-31 10:39 . 2009-03-31 10:41 <DIR> d-------- c:\program files\Windows Live 2009-03-31 10:08 . 2009-03-31 10:08 <DIR> d-------- c:\program files\Common Files\Windows Live 2009-03-29 19:14 . 2009-03-29 19:14 <DIR> d-------- c:\users\All Users\WindowsSearch 2009-03-29 19:14 . 2009-03-29 19:14 <DIR> d-------- c:\programdata\WindowsSearch 2009-03-24 23:16 . 2009-03-24 23:16 <DIR> d-------- c:\users\Laptop\AppData\Roaming\Thunderbird 2009-03-24 23:16 . 2009-03-24 23:16 <DIR> d-------- c:\program files\Mozilla Thunderbird 3 Beta 2 2009-03-23 21:48 . 2009-03-23 21:48 <DIR> d-------- c:\users\All Users\Real 2009-03-23 21:48 . 2009-03-23 21:48 <DIR> d-------- c:\program files\Real Alternative 2009-03-18 11:59 . 2009-03-23 12:02 <DIR> d-------- c:\users\Laptop\AppData\Roaming\Desktop Sidebar 2009-03-18 11:58 . 2009-03-18 11:58 <DIR> d-------- c:\program files\Desktop Sidebar 2009-03-11 16:00 . 2009-03-11 16:00 <DIR> d-------- c:\windows\System32\Adobe 2009-03-11 15:13 . 2009-03-11 15:13 <DIR> d-------- c:\users\All Users\Apple Computer 2009-03-11 15:13 . 2009-03-11 15:13 <DIR> d-------- c:\programdata\Apple Computer 2009-03-11 15:13 . 2009-03-11 15:13 <DIR> d-------- c:\program files\QuickTime 2009-03-10 22:24 . 2009-02-09 05:10 2,033,152 --a------ c:\windows\System32\win32k.sys 2009-03-10 22:24 . 2008-11-27 06:43 268,288 --a------ c:\windows\System32\schannel.dll 2009-03-10 18:11 . 2009-03-10 18:11 <DIR> d-------- c:\program files\Common Files\Adobe AIR 2009-03-10 18:11 . 2009-03-10 18:11 <DIR> d-------- c:\program files\Adobe Media Player 2009-03-02 15:36 . 2009-03-02 15:36 <DIR> d-------- c:\program files\PITy . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-04-01 07:47 --------- d-----w c:\programdata\Kaspersky Lab 2009-04-01 07:43 614,432 --sha-w c:\windows\system32\drivers\fidbox2.dat 2009-04-01 07:43 5,276 --sha-w c:\windows\system32\drivers\fidbox2.idx 2009-04-01 07:43 3,225,632 --sha-w c:\windows\system32\drivers\fidbox.dat 2009-04-01 07:43 28,376 --sha-w c:\windows\system32\drivers\fidbox.idx 2009-04-01 06:30 --------- d-----w c:\users\Laptop\AppData\Roaming\Winamp 2009-03-31 20:10 --------- d-----w c:\program files\Lx_cats 2009-03-31 18:32 --------- d-----w c:\programdata\HP Product Assistant 2009-03-31 18:32 --------- d-----w c:\program files\Unlocker 2009-03-31 18:32 --------- d-----w c:\program files\Malwarebytes' Anti-Malware 2009-03-31 18:32 --------- d-----w c:\program files\CCleaner 2009-03-31 08:39 --------- d-----w c:\program files\Microsoft 2009-03-26 14:49 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys 2009-03-26 14:49 15,504 ----a-w c:\windows\system32\drivers\mbam.sys 2009-03-22 20:01 --------- d-----w c:\program files\Winamp 2009-03-18 15:30 --------- d-----w c:\users\Laptop\AppData\Roaming\skypePM 2009-03-18 15:30 --------- d-----w c:\users\Laptop\AppData\Roaming\Skype 2009-03-17 20:26 --------- d-----w c:\program files\Common Files\Adobe 2009-03-16 21:10 --------- d-----w c:\program files\Nokia 2009-03-16 21:10 --------- d-----w c:\program files\Common Files\Nokia 2009-03-16 21:09 --------- d-----w c:\programdata\Installations 2009-03-16 20:58 91,614 ----a-w c:\users\Laptop\AppData\Roaming\nvModes.dat 2009-03-10 20:28 --------- d-----w c:\program files\Windows Mail 2009-03-08 11:34 914,944 ----a-w c:\windows\System32\wininet.dll 2009-03-08 11:34 43,008 ----a-w c:\windows\System32\licmgr10.dll 2009-03-08 11:33 420,352 ----a-w c:\windows\System32\vbscript.dll 2009-03-08 11:33 18,944 ----a-w c:\windows\System32\corpol.dll 2009-03-08 11:33 132,608 ----a-w c:\windows\System32\ieUnatt.exe 2009-03-08 11:33 109,568 ----a-w c:\windows\System32\PDMSetup.exe 2009-03-08 11:33 109,056 ----a-w c:\windows\System32\iesysprep.dll 2009-03-08 11:33 107,520 ----a-w c:\windows\System32\RegisterIEPKEYs.exe 2009-03-08 11:33 107,008 ----a-w c:\windows\System32\SetIEInstalledDate.exe 2009-03-08 11:33 103,936 ----a-w c:\windows\System32\SetDepNx.exe 2009-03-08 11:32 72,704 ----a-w c:\windows\System32\admparse.dll 2009-03-08 11:32 71,680 ----a-w c:\windows\System32\iesetup.dll 2009-03-08 11:32 66,560 ----a-w c:\windows\System32\wextract.exe 2009-03-08 11:32 169,472 ----a-w c:\windows\System32\iexpress.exe 2009-03-08 11:31 48,128 ----a-w c:\windows\System32\mshtmler.dll 2009-03-08 11:31 45,568 ----a-w c:\windows\System32\mshta.exe 2009-03-08 11:31 34,816 ----a-w c:\windows\System32\imgutil.dll 2009-03-08 11:22 156,160 ----a-w c:\windows\System32\msls31.dll 2009-03-05 19:51 --------- d-----w c:\program files\Opera 2009-03-02 22:12 --------- d-----w c:\program files\Google 2009-03-02 15:02 615,424 ----a-w c:\windows\System32\themeui.dll 2009-03-02 15:02 240,128 ----a-w c:\windows\System32\uxtheme.dll 2009-02-26 19:12 --------- d-----w c:\program files\Microsoft Silverlight 2009-02-24 11:53 --------- d-----w c:\programdata\Skype 2009-02-24 11:53 --------- d-----w c:\program files\Common Files\Skype 2009-02-24 11:53 --------- d-----r c:\program files\Skype 2009-02-24 11:38 --------- d-----w c:\program files\MSECache 2009-02-24 11:38 --------- d-----w c:\program files\Microsoft Works 2009-02-17 21:00 --------- d-----w c:\programdata\Nokia 2009-02-17 20:47 --------- d-----w c:\users\Laptop\AppData\Roaming\Nokia 2009-02-17 20:42 0 ---ha-w c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf 2009-02-17 20:42 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf 2009-02-17 20:40 --------- d-----w c:\program files\Common Files\PCSuite 2009-02-17 20:38 --------- d-----w c:\program files\PC Connectivity Solution 2009-02-16 18:58 --------- d-----w c:\users\Laptop\AppData\Roaming\BESTplayer 2009-02-15 21:08 89,601 ----a-w c:\windows\system32\drivers\klick.dat 2009-02-15 21:08 33,808 ----a-w c:\windows\system32\drivers\klbg.sys 2009-02-15 21:08 101,287 ----a-w c:\windows\system32\drivers\klin.dat 2009-02-15 20:51 --------- d-----w c:\program files\Kaspersky Lab 2009-02-15 20:46 --------- d-----w c:\programdata\Spybot - Search & Destroy 2009-02-15 20:46 --------- d-----w c:\program files\Spybot - Search & Destroy 2009-02-15 20:44 --------- d-----w c:\programdata\Kaspersky Lab Setup Files 2009-02-15 14:09 22,328 ----a-w c:\windows\system32\drivers\PnkBstrK.sys 2009-02-15 14:09 103,736 ----a-w c:\windows\System32\PnkBstrB.exe 2009-02-09 22:35 --------- d-----w c:\program files\Nowe Gadu-Gadu 2009-02-06 17:57 308,104 ----a-w c:\windows\WLXPGSS.SCR 2009-02-06 16:52 49,504 ----a-w c:\windows\System32\sirenacm.dll 2009-02-06 13:53 --------- d-----w c:\program files\IEPro 2009-02-06 12:09 0 ---ha-w c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_05_00.Wdf 2009-02-06 12:09 --------- d-----w c:\users\Laptop\AppData\Roaming\PC Suite 2009-02-06 12:09 --------- d-----w c:\programdata\PC Suite 2009-02-06 12:02 --------- d-----w c:\program files\DIFX 2009-02-05 18:39 17,064 ----a-w c:\windows\system32\drivers\SiWinAcc.sys 2009-02-05 18:39 12,200 ----a-w c:\windows\system32\drivers\SiRemFil.sys 2009-02-05 18:38 212,520 ----a-w c:\windows\system32\drivers\Si3531.sys 2009-02-05 18:38 119,848 ----a-w c:\windows\System32\SilSupp.dll 2009-01-26 20:03 66,872 ----a-w c:\windows\System32\PnkBstrA.exe 2009-01-04 18:02 410,984 ----a-w c:\windows\System32\deploytk.dll 2008-07-09 21:35 56 ---ha-w c:\users\All Users\ezsidmv.dat 2008-07-09 21:35 56 ---ha-w c:\programdata\ezsidmv.dat 2008-01-21 02:43 174 --sha-w c:\program files\desktop.ini 2007-08-12 11:07 557,056 ----a-w c:\program files\lame.exe 2007-08-12 09:26 88,727 ----a-w c:\program files\history.html 2007-06-28 14:41 4,071 ----a-w c:\program files\contributors.html 2007-05-25 13:04 8,074 ----a-w c:\program files\id3.html 2007-05-25 13:04 2,218 ----a-w c:\program files\index.html 2006-04-29 18:46 179 ----a-w c:\program files\Free-Codecs.txt 2005-08-22 10:29 49,511 ----a-w c:\program files\switchs.html 2005-08-09 06:25 4,922 ----a-w c:\program files\basic.html 2005-08-09 06:25 1,705 ----a-w c:\program files\examples.html 2005-07-28 05:11 3,102 ----a-w c:\program files\presets.html 2004-08-27 05:03 2,288 ----a-w c:\program files\modes.html 2001-10-24 11:44 6,967 ----a-w c:\program files\node6.html 2000-12-03 22:00 732 ----a-w c:\program files\lame.css . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Nowe Gadu-Gadu"="c:\program files\Nowe Gadu-Gadu\gg.exe" [2009-02-27 9339496] "eMuleAutoStart"="f:\emule\emule.exe" [2009-02-22 5668864] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "OSD"="c:\program files\C&E\OSD\osd.exe" [2007-07-10 557056] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-02-12 174872] "NvSvc"="c:\windows\system32\nvsvc.dll" [2007-05-22 86016] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-05-22 8433664] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-05-22 81920] "LXCCCATS"="c:\windows\system32\spool\DRIVERS\W32X86\3\LXCCtime.dll" [2007-02-22 73728] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-04 136600] "AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2009-02-15 206088] "WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-03-09 37888] "RtHDVCpl"="RtHDVCpl.exe" [2007-05-10 c:\windows\RtHDVCpl.exe] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\progra~1\KASPER~1\KASPER~1\mzvkbd.dll c:\progra~1\KASPER~1\KASPER~1\mzvkbd3.dll c:\progra~1\KASPER~1\KASPER~1\adialhk.dll c:\progra~1\KASPER~1\KASPER~1\kloehk.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.i420"= i420vfw.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] --a------ 2009-02-27 18:10 35696 c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] --a------ 2006-12-23 19:05 143360 c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint] --a------ 2007-05-11 08:58 103344 c:\program files\Lexmark 3300 Series\ezprint.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update] --a----t- 2008-12-30 21:11 133104 c:\users\Laptop\AppData\Local\Google\Update\GoogleUpdate.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] --a------ 2007-10-14 22:17 49152 c:\program files\HP\HP Software Update\hpwuSchd2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxccmon.exe] --a------ 2007-05-11 08:58 205744 c:\program files\Lexmark 3300 Series\lxccmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2006-01-12 16:40 155648 c:\program files\Common Files\Ahead\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2009-01-05 17:18 413696 c:\program files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL] --a------ 2006-11-22 11:31 630784 c:\program files\Motorola\SMSERIAL\sm56hlpr.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2086174230-4289690797-2513951421-1000] "EnableNotificationsRef"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "TCP Query User{386E2864-7A76-493A-881E-6737B38614CA}c:\\program files\\skype\\phone\\skype.exe"= UDP:c:\program files\skype\phone\skype.exe:Onet.pl - Skype "UDP Query User{00C8230F-1770-40C9-8A41-602FF7907947}c:\\program files\\skype\\phone\\skype.exe"= TCP:c:\program files\skype\phone\skype.exe:Onet.pl - Skype "TCP Query User{52C7F2BB-2BD0-4907-9A40-82E301803BB0}f:\\emule\\emule.exe"= UDP:f:\emule\emule.exe:eMule "UDP Query User{CA5074AB-68C8-4AF7-8D20-9DE78E7DABFC}f:\\emule\\emule.exe"= TCP:f:\emule\emule.exe:eMule "{8E2215DF-3929-438D-BFF9-BECD09ACB510}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\lxccpswx.exe:Printer Status Window "{5D0C88CC-5BF2-40B5-BDEF-A08F27BA68AC}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\lxccpswx.exe:Printer Status Window "{3239DDAF-8E60-4875-83DC-EFF6583CCF42}"= UDP:c:\program files\Winamp Remote\bin\Orb.exe:Orb "{3F0806F9-78B3-42E7-B8FC-B10BB94E6795}"= TCP:c:\program files\Winamp Remote\bin\Orb.exe:Orb "{0AA606EF-4E84-4626-A83D-DBBAAA74BE9E}"= UDP:c:\program files\Winamp Remote\bin\OrbTray.exe:OrbTray "{9EEE64DB-2140-4B6F-9ED1-C8C0AB997CA6}"= TCP:c:\program files\Winamp Remote\bin\OrbTray.exe:OrbTray "{9C1B5F97-A64B-42BB-B7F8-3AD571C9217C}"= UDP:c:\program files\Winamp Remote\bin\OrbIR.exe:OrbIR "{C8548B7C-2FC7-49FF-9244-025E307E9340}"= TCP:c:\program files\Winamp Remote\bin\OrbIR.exe:OrbIR "{69ED2C58-2C25-488D-82D9-DC0D8C71A230}"= UDP:c:\program files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client "{190BACC0-C531-44FD-AA94-6BF5D2ED26BC}"= TCP:c:\program files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client "TCP Query User{286B635F-8FD2-4E73-B23D-49C259755927}c:\\program files\\nowe gadu-gadu\\gg.exe"= UDP:c:\program files\nowe gadu-gadu\gg.exe:Nowe Gadu-Gadu beta "UDP Query User{FD867EBD-3298-4C57-B575-B4E37B088E63}c:\\program files\\nowe gadu-gadu\\gg.exe"= TCP:c:\program files\nowe gadu-gadu\gg.exe:Nowe Gadu-Gadu beta "TCP Query User{69111F47-66E1-492B-83A5-1A53F7881DE6}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer "UDP Query User{615EF356-1308-4137-AB6A-C79D284B24FC}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer "{260A6843-7E36-483B-BE92-BEC06DE8F7CE}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{9890E7EA-2BFF-420A-9E27-9E735220F8DE}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{3C98D4D6-2A27-4D74-B81B-A3344C4747F8}"= c:\program files\Skype\Phone\Skype.exe:Skype "{491E7840-6121-4AED-8717-26EC169FFEA6}"= UDP:c:\windows\System32\lxcccoms.exe:Lexmark Communications System "{9F6D51A8-4E7A-4D87-AA41-3C21BDE12BBF}"= TCP:c:\windows\System32\lxcccoms.exe:Lexmark Communications System "{56A4266E-9D94-45C6-84A9-63A2FE79CE59}"= Disabled:UDP:e:\setup\HPZNUI01.EXE:hpznui01.exe "{187F11DE-7D1B-4C3C-9ACC-9C4D26D53484}"= Disabled:TCP:e:\setup\HPZNUI01.EXE:hpznui01.exe "{AD37D949-D65E-4638-A34B-3A87B5E05E93}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpqtra08.exe:hpqtra08.exe "{DA778BCD-FA86-401D-B0F6-7704F020174A}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpqtra08.exe:hpqtra08.exe "{FD7D6657-BBF2-4DEC-9CA2-E06B4C6DB2A9}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpqste08.exe:hpqste08.exe "{5F46B7DE-9D18-4CE9-9C64-F26409AFC333}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpqste08.exe:hpqste08.exe "{BB6E38CE-8B14-4841-85E1-1CBABD86B25E}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpofxm08.exe:hpofxm08.exe "{964C0714-A8A2-409E-A9EB-13BDB592C6A7}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpofxm08.exe:hpofxm08.exe "{BFF30B9C-3D09-47C1-B0C4-07CF4D3D1EE4}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hposfx08.exe:hposfx08.exe "{6C89C5DB-712A-4CBC-B9BE-EFA6186D0B61}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hposfx08.exe:hposfx08.exe "{48138B62-DD57-4434-AC33-7EFFA35A5783}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hposid01.exe:hposid01.exe "{3A69EA76-C469-4A25-80AE-96A95C6D7F20}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hposid01.exe:hposid01.exe "{46C63F37-FFD6-40BE-99BF-3ABF220F45CE}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpqkygrp.exe:hpqkygrp.exe "{F1035169-11AA-4A41-AC6B-F1F48740C16C}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpqkygrp.exe:hpqkygrp.exe "{8FE3FC4B-71F6-463F-9D1F-763C0844EAD9}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpzwiz01.exe:hpzwiz01.exe "{00B5B898-0615-4073-B554-94F817D71682}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpzwiz01.exe:hpzwiz01.exe "TCP Query User{2767DDDA-C606-4070-A04B-423FF65A3029}c:\\program files\\common files\\ahead\\nero web\\setupx.exe"= UDP:c:\program files\common files\ahead\nero web\setupx.exe:MSI starter "UDP Query User{45F7C29F-7D48-4F45-A26C-B66A32480A54}c:\\program files\\common files\\ahead\\nero web\\setupx.exe"= TCP:c:\program files\common files\ahead\nero web\setupx.exe:MSI starter "TCP Query User{A7A25341-866A-4BBB-B709-006B1EB44AC7}c:\\users\\laptop\\appdata\\local\\temp\\nero web\\setupxu.exe"= UDP:c:\users\laptop\appdata\local\temp\nero web\setupxu.exe:setupxu.exe "UDP Query User{32844D74-0933-4372-AC4E-0245A2DD39C3}c:\\users\\laptop\\appdata\\local\\temp\\nero web\\setupxu.exe"= TCP:c:\users\laptop\appdata\local\temp\nero web\setupxu.exe:setupxu.exe "{EDB24A59-2CBE-453F-8CD8-F001A349D390}"= UDP:c:\program files\ALLPlayer\ALLPlayer.exe:ALLPlayer V3.6 "{71C8888F-189E-4EEF-9440-DC47CD058005}"= TCP:c:\program files\ALLPlayer\ALLPlayer.exe:ALLPlayer V3.6 "TCP Query User{5009CEDA-38E4-4810-B9B8-B8FED604F0A3}c:\\program files\\ipla\\ipla.exe"= Disabled:UDP:c:\program files\ipla\ipla.exe:ipla "UDP Query User{0679F1E3-FF97-43EC-921D-DBEF310C3739}c:\\program files\\ipla\\ipla.exe"= Disabled:TCP:c:\program files\ipla\ipla.exe:ipla "{92A77583-BDB9-4466-959B-D67F93C5D280}"= UDP:d:\dokumenty\SKRÓTY\BESTplayer.exe:BESTplayer "{5DCAC31D-1200-4BE2-B267-832D7FB916D5}"= TCP:d:\dokumenty\SKRÓTY\BESTplayer.exe:BESTplayer "TCP Query User{A8DCA954-131D-4318-84A7-4BA5F836C548}c:\\program files\\common files\\nokia\\service layer\\a\\nsl_host_process.exe"= UDP:c:\program files\common files\nokia\service layer\a\nsl_host_process.exe:Nokia Service Layer Host Process "UDP Query User{FDFF216A-C11F-4A44-A740-82C337A8FE39}c:\\program files\\common files\\nokia\\service layer\\a\\nsl_host_process.exe"= TCP:c:\program files\common files\nokia\service layer\a\nsl_host_process.exe:Nokia Service Layer Host Process "TCP Query User{7CC2DE6C-CB2F-4042-B1DC-5108C4FD5468}c:\\program files\\nokia\\nokia software updater\\nsu_ui_client.exe"= UDP:c:\program files\nokia\nokia software updater\nsu_ui_client.exe:Nokia Software Updater "UDP Query User{F8263D1F-9B0D-424F-BD17-2F198A665650}c:\\program files\\nokia\\nokia software updater\\nsu_ui_client.exe"= TCP:c:\program files\nokia\nokia software updater\nsu_ui_client.exe:Nokia Software Updater "{95CEDC89-82F3-424C-BE48-B3453D508566}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile] "DoNotAllowExceptions"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List] "c:\\Program Files\\IEPro\\MiniDM.exe"= c:\program files\IEPro\MiniDM.exe:*:Enabled:MiniDM R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\System32\drivers\klbg.sys [2008-01-29 33808] R0 Si3531;SiI-3531 SATA Controller;c:\windows\System32\drivers\Si3531.sys [2009-02-05 212520] R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\System32\drivers\klim6.sys [2008-07-09 20496] R2 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656] R3 itecir;ITECIR Infrared Receiver;c:\windows\System32\drivers\itecir.sys [2008-07-03 46592] R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\System32\drivers\klfltdev.sys [2008-03-13 26640] S2 ELOADER;General Purpose USB Driver (adildr.sys);c:\windows\System32\drivers\adildr.sys [2008-07-04 56088] S3 BthAvrcp;Profil AVRCP Bluetooth;c:\windows\System32\drivers\BthAvrcp.sys [2008-07-10 15872] S3 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [2009-03-31 55280] S3 fsssvc;Bezpieczeństwo rodzinne usługi Windows Live;c:\program files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360] S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\System32\drivers\nmwcdnsu.sys [2008-02-01 138112] S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\System32\drivers\nmwcdnsuc.sys [2008-02-01 8320] S3 WSDPrintDevice;Obsługa drukowania WSD za pośrednictwem bloku pamięci górnej;c:\windows\System32\drivers\WSDPrint.sys [2008-01-21 16896] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc HPService REG_MULTI_SZ HPSLPSVC [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{76383969-fe7a-11dd-8069-b436a4003508}] \shell\AutoRun\command - G:\AutoRun.exe [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP . Zawartość folderu 'Zaplanowane zadania' 2009-03-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2086174230-4289690797-2513951421-1000.job - c:\users\Laptop\AppData\Local\Google\Update\GoogleUpdate.exe [2008-12-30 21:11] 2009-04-01 c:\windows\Tasks\User_Feed_Synchronization-{468D4863-301B-45D7-B757-1A9A8FC3EEAD}.job - c:\windows\system32\msfeedssync.exe [2009-03-08 13:31] . . ------- Skan uzupełniający ------- . uStart Page = hxxp://www.onet.pl/ IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 IE: {{000002a3-84fe-43f1-b958-f2c3ca804f1a} - {CD275D4E-791A-4993-9D4D-6A071EDD2709} - c:\program files\IEPro\iepro.dll TCP: {17FE983C-3C50-4B2E-8E09-EAFD8B44B768} = 194.204.159.1 217.98.63.164 DPF: {1E53EA77-34F2-474E-9046-B2B0C86F1821} - hxxp://www.eska.pl/streamplayers/OggX.ocx FF - ProfilePath - c:\users\Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\kf671xau.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.onet.pl/ FF - component: c:\program files\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll FF - plugin: c:\program files\K-Lite Codec Pack\Media Player Classic\Netscape6\nppl3260.dll FF - plugin: c:\program files\K-Lite Codec Pack\Media Player Classic\Netscape6\nprjplug.dll FF - plugin: c:\program files\K-Lite Codec Pack\Media Player Classic\Netscape6\nprpjplug.dll FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll FF - plugin: c:\program files\Opera\program\plugins\nppl3260.dll FF - plugin: c:\program files\Opera\program\plugins\nprpjplug.dll FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: c:\users\Laptop\AppData\Local\Google\Update\1.2.141.5\npGoogleOneClick7.dll . ************************************************************************** catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-04-01 09:59:09 Windows 6.0.6001 Service Pack 1 NTFS skanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run LXCCCATS = rundll32 c:\windows\system32\spool\DRIVERS\W32X86\3\LXCCtime.dll,_RunDLLEntry@16??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? skanowanie ukrytych plików ... skanowanie pomyślnie ukończone ukryte pliki: 0 ************************************************************************** . Czas ukończenia: 2009-04-01 10:01:52 ComboFix-quarantined-files.txt 2009-04-01 08:01:50 Przed: 16 166 105 088 bajtów wolnych Po: 15,686,594,560 bajtów wolnych Current=1 Default=1 Failed=0 LastKnownGood=10 Sets=1,2,3,4,5,6,7,8,9,10 309 --- E O F --- 2009-03-31 08:43:51
Gość komentarz 1 kwietnia 2009 komentarz 1 kwietnia 2009 Wklej do Notatnika: Registry::[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{76383969-fe7a-11dd-8069-b436a4003508}][-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] >>Plik>>Zapisz jako... >>> CFScript Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe --> Ma się rozpocząć usuwanie. (i powstanie log).Daj ten log, który powstanie w trakcie usuwania. Jeśli pójdzie dobrze, to: Po restarcie usuń ręcznie folder C:\Qoobox. .
Rafał-85 komentarz 1 kwietnia 2009 Autor komentarz 1 kwietnia 2009 djarta najnajnowszy log Combofix ComboFix 09-03-31.03 - Laptop 2009-04-01 14:58:46.5 - NTFSx86Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1250.1.1045.18.2046.1209 [GMT 2:00] Uruchomiony z: D:\ComboFix.exe Użyto następujących komend :: D:\CFScript.txt AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) FW: Kaspersky Internet Security *disabled* * Utworzono nowy punkt przywracania . ((((((((((((((((((((((((( Pliki utworzone od 2009-03-01 do 2009-04-01 ))))))))))))))))))))))))))))))) . 2009-04-01 14:33 . 2009-04-01 14:33 <DIR> d-------- c:\program files\A4Tech 2009-04-01 10:18 . 2009-04-01 10:18 <DIR> d-------- c:\users\Laptop\DoctorWeb 2009-03-31 20:17 . 2009-03-31 20:19 <DIR> d-------- C:\Winamp 2009-03-31 20:15 . 2009-04-01 09:53 <DIR> d-------- C:\Default 2009-03-31 20:10 . 2009-03-31 20:11 <DIR> d-------- C:\Nowe Gadu-Gadu 2009-03-31 10:43 . 2009-03-31 10:48 <DIR> d-------- c:\users\Laptop\Tracing 2009-03-31 10:41 . 2009-03-31 10:41 <DIR> d-------- c:\program files\Microsoft Sync Framework 2009-03-31 10:41 . 2009-02-06 18:08 55,280 --a------ c:\windows\System32\drivers\fssfltr.sys 2009-03-31 10:40 . 2009-03-31 10:40 <DIR> d-------- c:\program files\Microsoft SQL Server Compact Edition 2009-03-31 10:40 . 2006-11-29 13:06 3,426,072 --a------ c:\windows\System32\d3dx9_32.dll 2009-03-31 10:39 . 2009-03-31 10:39 <DIR> d-------- c:\program files\Windows Live SkyDrive 2009-03-31 10:39 . 2009-03-31 10:41 <DIR> d-------- c:\program files\Windows Live 2009-03-31 10:08 . 2009-03-31 10:08 <DIR> d-------- c:\program files\Common Files\Windows Live 2009-03-29 19:14 . 2009-03-29 19:14 <DIR> d-------- c:\users\All Users\WindowsSearch 2009-03-29 19:14 . 2009-03-29 19:14 <DIR> d-------- c:\programdata\WindowsSearch 2009-03-24 23:16 . 2009-03-24 23:16 <DIR> d-------- c:\users\Laptop\AppData\Roaming\Thunderbird 2009-03-24 23:16 . 2009-03-24 23:16 <DIR> d-------- c:\program files\Mozilla Thunderbird 3 Beta 2 2009-03-23 21:48 . 2009-03-23 21:48 <DIR> d-------- c:\users\All Users\Real 2009-03-23 21:48 . 2009-03-23 21:48 <DIR> d-------- c:\program files\Real Alternative 2009-03-18 11:59 . 2009-03-23 12:02 <DIR> d-------- c:\users\Laptop\AppData\Roaming\Desktop Sidebar 2009-03-18 11:58 . 2009-03-18 11:58 <DIR> d-------- c:\program files\Desktop Sidebar 2009-03-11 16:00 . 2009-03-11 16:00 <DIR> d-------- c:\windows\System32\Adobe 2009-03-11 15:13 . 2009-03-11 15:13 <DIR> d-------- c:\users\All Users\Apple Computer 2009-03-11 15:13 . 2009-03-11 15:13 <DIR> d-------- c:\programdata\Apple Computer 2009-03-11 15:13 . 2009-03-11 15:13 <DIR> d-------- c:\program files\QuickTime 2009-03-10 22:24 . 2009-02-09 05:10 2,033,152 --a------ c:\windows\System32\win32k.sys 2009-03-10 22:24 . 2008-11-27 06:43 268,288 --a------ c:\windows\System32\schannel.dll 2009-03-10 18:11 . 2009-03-10 18:11 <DIR> d-------- c:\program files\Common Files\Adobe AIR 2009-03-10 18:11 . 2009-03-10 18:11 <DIR> d-------- c:\program files\Adobe Media Player 2009-03-02 15:36 . 2009-03-02 15:36 <DIR> d-------- c:\program files\PITy . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-04-01 12:31 --------- d-----w c:\programdata\Kaspersky Lab 2009-04-01 07:43 614,432 --sha-w c:\windows\system32\drivers\fidbox2.dat 2009-04-01 07:43 5,276 --sha-w c:\windows\system32\drivers\fidbox2.idx 2009-04-01 07:43 3,225,632 --sha-w c:\windows\system32\drivers\fidbox.dat 2009-04-01 07:43 28,376 --sha-w c:\windows\system32\drivers\fidbox.idx 2009-04-01 06:30 --------- d-----w c:\users\Laptop\AppData\Roaming\Winamp 2009-03-31 20:10 --------- d-----w c:\program files\Lx_cats 2009-03-31 18:32 --------- d-----w c:\programdata\HP Product Assistant 2009-03-31 18:32 --------- d-----w c:\program files\Unlocker 2009-03-31 18:32 --------- d-----w c:\program files\Malwarebytes' Anti-Malware 2009-03-31 18:32 --------- d-----w c:\program files\CCleaner 2009-03-31 08:39 --------- d-----w c:\program files\Microsoft 2009-03-26 14:49 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys 2009-03-26 14:49 15,504 ----a-w c:\windows\system32\drivers\mbam.sys 2009-03-22 20:01 --------- d-----w c:\program files\Winamp 2009-03-18 15:30 --------- d-----w c:\users\Laptop\AppData\Roaming\skypePM 2009-03-18 15:30 --------- d-----w c:\users\Laptop\AppData\Roaming\Skype 2009-03-17 20:26 --------- d-----w c:\program files\Common Files\Adobe 2009-03-16 21:10 --------- d-----w c:\program files\Nokia 2009-03-16 21:10 --------- d-----w c:\program files\Common Files\Nokia 2009-03-16 21:09 --------- d-----w c:\programdata\Installations 2009-03-16 20:58 91,614 ----a-w c:\users\Laptop\AppData\Roaming\nvModes.dat 2009-03-10 20:28 --------- d-----w c:\program files\Windows Mail 2009-03-08 11:34 914,944 ----a-w c:\windows\System32\wininet.dll 2009-03-08 11:34 43,008 ----a-w c:\windows\System32\licmgr10.dll 2009-03-08 11:33 420,352 ----a-w c:\windows\System32\vbscript.dll 2009-03-08 11:33 18,944 ----a-w c:\windows\System32\corpol.dll 2009-03-08 11:33 132,608 ----a-w c:\windows\System32\ieUnatt.exe 2009-03-08 11:33 109,568 ----a-w c:\windows\System32\PDMSetup.exe 2009-03-08 11:33 109,056 ----a-w c:\windows\System32\iesysprep.dll 2009-03-08 11:33 107,520 ----a-w c:\windows\System32\RegisterIEPKEYs.exe 2009-03-08 11:33 107,008 ----a-w c:\windows\System32\SetIEInstalledDate.exe 2009-03-08 11:33 103,936 ----a-w c:\windows\System32\SetDepNx.exe 2009-03-08 11:32 72,704 ----a-w c:\windows\System32\admparse.dll 2009-03-08 11:32 71,680 ----a-w c:\windows\System32\iesetup.dll 2009-03-08 11:32 66,560 ----a-w c:\windows\System32\wextract.exe 2009-03-08 11:32 169,472 ----a-w c:\windows\System32\iexpress.exe 2009-03-08 11:31 48,128 ----a-w c:\windows\System32\mshtmler.dll 2009-03-08 11:31 45,568 ----a-w c:\windows\System32\mshta.exe 2009-03-08 11:31 34,816 ----a-w c:\windows\System32\imgutil.dll 2009-03-08 11:22 156,160 ----a-w c:\windows\System32\msls31.dll 2009-03-05 19:51 --------- d-----w c:\program files\Opera 2009-03-02 22:12 --------- d-----w c:\program files\Google 2009-03-02 15:02 615,424 ----a-w c:\windows\System32\themeui.dll 2009-03-02 15:02 240,128 ----a-w c:\windows\System32\uxtheme.dll 2009-02-26 19:12 --------- d-----w c:\program files\Microsoft Silverlight 2009-02-24 11:53 --------- d-----w c:\programdata\Skype 2009-02-24 11:53 --------- d-----w c:\program files\Common Files\Skype 2009-02-24 11:53 --------- d-----r c:\program files\Skype 2009-02-24 11:38 --------- d-----w c:\program files\MSECache 2009-02-24 11:38 --------- d-----w c:\program files\Microsoft Works 2009-02-17 21:00 --------- d-----w c:\programdata\Nokia 2009-02-17 20:47 --------- d-----w c:\users\Laptop\AppData\Roaming\Nokia 2009-02-17 20:42 0 ---ha-w c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf 2009-02-17 20:42 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf 2009-02-17 20:40 --------- d-----w c:\program files\Common Files\PCSuite 2009-02-17 20:38 --------- d-----w c:\program files\PC Connectivity Solution 2009-02-16 18:58 --------- d-----w c:\users\Laptop\AppData\Roaming\BESTplayer 2009-02-15 21:08 89,601 ----a-w c:\windows\system32\drivers\klick.dat 2009-02-15 21:08 33,808 ----a-w c:\windows\system32\drivers\klbg.sys 2009-02-15 21:08 101,287 ----a-w c:\windows\system32\drivers\klin.dat 2009-02-15 20:51 --------- d-----w c:\program files\Kaspersky Lab 2009-02-15 20:46 --------- d-----w c:\programdata\Spybot - Search & Destroy 2009-02-15 20:46 --------- d-----w c:\program files\Spybot - Search & Destroy 2009-02-15 20:44 --------- d-----w c:\programdata\Kaspersky Lab Setup Files 2009-02-15 14:09 22,328 ----a-w c:\windows\system32\drivers\PnkBstrK.sys 2009-02-15 14:09 103,736 ----a-w c:\windows\System32\PnkBstrB.exe 2009-02-09 22:35 --------- d-----w c:\program files\Nowe Gadu-Gadu 2009-02-06 17:57 308,104 ----a-w c:\windows\WLXPGSS.SCR 2009-02-06 16:52 49,504 ----a-w c:\windows\System32\sirenacm.dll 2009-02-06 13:53 --------- d-----w c:\program files\IEPro 2009-02-06 12:09 0 ---ha-w c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_05_00.Wdf 2009-02-06 12:09 --------- d-----w c:\users\Laptop\AppData\Roaming\PC Suite 2009-02-06 12:09 --------- d-----w c:\programdata\PC Suite 2009-02-06 12:02 --------- d-----w c:\program files\DIFX 2009-02-05 18:39 17,064 ----a-w c:\windows\system32\drivers\SiWinAcc.sys 2009-02-05 18:39 12,200 ----a-w c:\windows\system32\drivers\SiRemFil.sys 2009-02-05 18:38 212,520 ----a-w c:\windows\system32\drivers\Si3531.sys 2009-02-05 18:38 119,848 ----a-w c:\windows\System32\SilSupp.dll 2009-01-26 20:03 66,872 ----a-w c:\windows\System32\PnkBstrA.exe 2009-01-04 18:02 410,984 ----a-w c:\windows\System32\deploytk.dll 2008-07-09 21:35 56 ---ha-w c:\users\All Users\ezsidmv.dat 2008-07-09 21:35 56 ---ha-w c:\programdata\ezsidmv.dat 2008-01-21 02:43 174 --sha-w c:\program files\desktop.ini 2007-08-12 11:07 557,056 ----a-w c:\program files\lame.exe 2007-08-12 09:26 88,727 ----a-w c:\program files\history.html 2007-06-28 14:41 4,071 ----a-w c:\program files\contributors.html 2007-05-25 13:04 8,074 ----a-w c:\program files\id3.html 2007-05-25 13:04 2,218 ----a-w c:\program files\index.html 2006-04-29 18:46 179 ----a-w c:\program files\Free-Codecs.txt 2005-08-22 10:29 49,511 ----a-w c:\program files\switchs.html 2005-08-09 06:25 4,922 ----a-w c:\program files\basic.html 2005-08-09 06:25 1,705 ----a-w c:\program files\examples.html 2005-07-28 05:11 3,102 ----a-w c:\program files\presets.html 2004-08-27 05:03 2,288 ----a-w c:\program files\modes.html 2001-10-24 11:44 6,967 ----a-w c:\program files\node6.html 2000-12-03 22:00 732 ----a-w c:\program files\lame.css . ((((((((((((((((((((((((((((( SnapShot_2009-04-01_14.47.37,41 ))))))))))))))))))))))))))))))))))))))))) . - 2009-04-01 12:36:10 101,250 ----a-w c:\windows\System32\perfc009.dat + 2009-04-01 12:55:48 101,250 ----a-w c:\windows\System32\perfc009.dat - 2009-04-01 12:36:10 126,908 ----a-w c:\windows\System32\perfc015.dat + 2009-04-01 12:55:48 126,908 ----a-w c:\windows\System32\perfc015.dat - 2009-04-01 12:36:10 587,178 ----a-w c:\windows\System32\perfh009.dat + 2009-04-01 12:55:48 587,178 ----a-w c:\windows\System32\perfh009.dat - 2009-04-01 12:36:10 662,056 ----a-w c:\windows\System32\perfh015.dat + 2009-04-01 12:55:48 662,056 ----a-w c:\windows\System32\perfh015.dat . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Nowe Gadu-Gadu"="c:\program files\Nowe Gadu-Gadu\gg.exe" [2009-02-27 9339496] "eMuleAutoStart"="f:\emule\emule.exe" [2009-02-22 5668864] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "OSD"="c:\program files\C&E\OSD\osd.exe" [2007-07-10 557056] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-02-12 174872] "NvSvc"="c:\windows\system32\nvsvc.dll" [2007-05-22 86016] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-05-22 8433664] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-05-22 81920] "LXCCCATS"="c:\windows\system32\spool\DRIVERS\W32X86\3\LXCCtime.dll" [2007-02-22 73728] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-04 136600] "AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2009-02-15 206088] "WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-03-09 37888] "WheelMouse"="c:\program files\A4Tech\Mouse\Amoumain.exe" [2008-03-06 241664] "RtHDVCpl"="RtHDVCpl.exe" [2007-05-10 c:\windows\RtHDVCpl.exe] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\progra~1\KASPER~1\KASPER~1\mzvkbd.dll c:\progra~1\KASPER~1\KASPER~1\mzvkbd3.dll c:\progra~1\KASPER~1\KASPER~1\adialhk.dll c:\progra~1\KASPER~1\KASPER~1\kloehk.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.i420"= i420vfw.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] --a------ 2009-02-27 18:10 35696 c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] --a------ 2006-12-23 19:05 143360 c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint] --a------ 2007-05-11 08:58 103344 c:\program files\Lexmark 3300 Series\ezprint.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update] --a----t- 2008-12-30 21:11 133104 c:\users\Laptop\AppData\Local\Google\Update\GoogleUpdate.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] --a------ 2007-10-14 22:17 49152 c:\program files\HP\HP Software Update\hpwuSchd2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxccmon.exe] --a------ 2007-05-11 08:58 205744 c:\program files\Lexmark 3300 Series\lxccmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2006-01-12 16:40 155648 c:\program files\Common Files\Ahead\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2009-01-05 17:18 413696 c:\program files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL] --a------ 2006-11-22 11:31 630784 c:\program files\Motorola\SMSERIAL\sm56hlpr.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2086174230-4289690797-2513951421-1000] "EnableNotificationsRef"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "TCP Query User{386E2864-7A76-493A-881E-6737B38614CA}c:\\program files\\skype\\phone\\skype.exe"= UDP:c:\program files\skype\phone\skype.exe:Onet.pl - Skype "UDP Query User{00C8230F-1770-40C9-8A41-602FF7907947}c:\\program files\\skype\\phone\\skype.exe"= TCP:c:\program files\skype\phone\skype.exe:Onet.pl - Skype "TCP Query User{52C7F2BB-2BD0-4907-9A40-82E301803BB0}f:\\emule\\emule.exe"= UDP:f:\emule\emule.exe:eMule "UDP Query User{CA5074AB-68C8-4AF7-8D20-9DE78E7DABFC}f:\\emule\\emule.exe"= TCP:f:\emule\emule.exe:eMule "{8E2215DF-3929-438D-BFF9-BECD09ACB510}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\lxccpswx.exe:Printer Status Window "{5D0C88CC-5BF2-40B5-BDEF-A08F27BA68AC}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\lxccpswx.exe:Printer Status Window "{3239DDAF-8E60-4875-83DC-EFF6583CCF42}"= UDP:c:\program files\Winamp Remote\bin\Orb.exe:Orb "{3F0806F9-78B3-42E7-B8FC-B10BB94E6795}"= TCP:c:\program files\Winamp Remote\bin\Orb.exe:Orb "{0AA606EF-4E84-4626-A83D-DBBAAA74BE9E}"= UDP:c:\program files\Winamp Remote\bin\OrbTray.exe:OrbTray "{9EEE64DB-2140-4B6F-9ED1-C8C0AB997CA6}"= TCP:c:\program files\Winamp Remote\bin\OrbTray.exe:OrbTray "{9C1B5F97-A64B-42BB-B7F8-3AD571C9217C}"= UDP:c:\program files\Winamp Remote\bin\OrbIR.exe:OrbIR "{C8548B7C-2FC7-49FF-9244-025E307E9340}"= TCP:c:\program files\Winamp Remote\bin\OrbIR.exe:OrbIR "{69ED2C58-2C25-488D-82D9-DC0D8C71A230}"= UDP:c:\program files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client "{190BACC0-C531-44FD-AA94-6BF5D2ED26BC}"= TCP:c:\program files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client "TCP Query User{286B635F-8FD2-4E73-B23D-49C259755927}c:\\program files\\nowe gadu-gadu\\gg.exe"= UDP:c:\program files\nowe gadu-gadu\gg.exe:Nowe Gadu-Gadu beta "UDP Query User{FD867EBD-3298-4C57-B575-B4E37B088E63}c:\\program files\\nowe gadu-gadu\\gg.exe"= TCP:c:\program files\nowe gadu-gadu\gg.exe:Nowe Gadu-Gadu beta "TCP Query User{69111F47-66E1-492B-83A5-1A53F7881DE6}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer "UDP Query User{615EF356-1308-4137-AB6A-C79D284B24FC}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer "{260A6843-7E36-483B-BE92-BEC06DE8F7CE}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{9890E7EA-2BFF-420A-9E27-9E735220F8DE}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{3C98D4D6-2A27-4D74-B81B-A3344C4747F8}"= c:\program files\Skype\Phone\Skype.exe:Skype "{491E7840-6121-4AED-8717-26EC169FFEA6}"= UDP:c:\windows\System32\lxcccoms.exe:Lexmark Communications System "{9F6D51A8-4E7A-4D87-AA41-3C21BDE12BBF}"= TCP:c:\windows\System32\lxcccoms.exe:Lexmark Communications System "{56A4266E-9D94-45C6-84A9-63A2FE79CE59}"= Disabled:UDP:e:\setup\HPZNUI01.EXE:hpznui01.exe "{187F11DE-7D1B-4C3C-9ACC-9C4D26D53484}"= Disabled:TCP:e:\setup\HPZNUI01.EXE:hpznui01.exe "{AD37D949-D65E-4638-A34B-3A87B5E05E93}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpqtra08.exe:hpqtra08.exe "{DA778BCD-FA86-401D-B0F6-7704F020174A}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpqtra08.exe:hpqtra08.exe "{FD7D6657-BBF2-4DEC-9CA2-E06B4C6DB2A9}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpqste08.exe:hpqste08.exe "{5F46B7DE-9D18-4CE9-9C64-F26409AFC333}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpqste08.exe:hpqste08.exe "{BB6E38CE-8B14-4841-85E1-1CBABD86B25E}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpofxm08.exe:hpofxm08.exe "{964C0714-A8A2-409E-A9EB-13BDB592C6A7}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpofxm08.exe:hpofxm08.exe "{BFF30B9C-3D09-47C1-B0C4-07CF4D3D1EE4}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hposfx08.exe:hposfx08.exe "{6C89C5DB-712A-4CBC-B9BE-EFA6186D0B61}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hposfx08.exe:hposfx08.exe "{48138B62-DD57-4434-AC33-7EFFA35A5783}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hposid01.exe:hposid01.exe "{3A69EA76-C469-4A25-80AE-96A95C6D7F20}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hposid01.exe:hposid01.exe "{46C63F37-FFD6-40BE-99BF-3ABF220F45CE}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpqkygrp.exe:hpqkygrp.exe "{F1035169-11AA-4A41-AC6B-F1F48740C16C}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpqkygrp.exe:hpqkygrp.exe "{8FE3FC4B-71F6-463F-9D1F-763C0844EAD9}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpzwiz01.exe:hpzwiz01.exe "{00B5B898-0615-4073-B554-94F817D71682}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpzwiz01.exe:hpzwiz01.exe "TCP Query User{2767DDDA-C606-4070-A04B-423FF65A3029}c:\\program files\\common files\\ahead\\nero web\\setupx.exe"= UDP:c:\program files\common files\ahead\nero web\setupx.exe:MSI starter "UDP Query User{45F7C29F-7D48-4F45-A26C-B66A32480A54}c:\\program files\\common files\\ahead\\nero web\\setupx.exe"= TCP:c:\program files\common files\ahead\nero web\setupx.exe:MSI starter "TCP Query User{A7A25341-866A-4BBB-B709-006B1EB44AC7}c:\\users\\laptop\\appdata\\local\\temp\\nero web\\setupxu.exe"= UDP:c:\users\laptop\appdata\local\temp\nero web\setupxu.exe:setupxu.exe "UDP Query User{32844D74-0933-4372-AC4E-0245A2DD39C3}c:\\users\\laptop\\appdata\\local\\temp\\nero web\\setupxu.exe"= TCP:c:\users\laptop\appdata\local\temp\nero web\setupxu.exe:setupxu.exe "{EDB24A59-2CBE-453F-8CD8-F001A349D390}"= UDP:c:\program files\ALLPlayer\ALLPlayer.exe:ALLPlayer V3.6 "{71C8888F-189E-4EEF-9440-DC47CD058005}"= TCP:c:\program files\ALLPlayer\ALLPlayer.exe:ALLPlayer V3.6 "TCP Query User{5009CEDA-38E4-4810-B9B8-B8FED604F0A3}c:\\program files\\ipla\\ipla.exe"= Disabled:UDP:c:\program files\ipla\ipla.exe:ipla "UDP Query User{0679F1E3-FF97-43EC-921D-DBEF310C3739}c:\\program files\\ipla\\ipla.exe"= Disabled:TCP:c:\program files\ipla\ipla.exe:ipla "{92A77583-BDB9-4466-959B-D67F93C5D280}"= UDP:d:\dokumenty\SKRÓTY\BESTplayer.exe:BESTplayer "{5DCAC31D-1200-4BE2-B267-832D7FB916D5}"= TCP:d:\dokumenty\SKRÓTY\BESTplayer.exe:BESTplayer "TCP Query User{A8DCA954-131D-4318-84A7-4BA5F836C548}c:\\program files\\common files\\nokia\\service layer\\a\\nsl_host_process.exe"= UDP:c:\program files\common files\nokia\service layer\a\nsl_host_process.exe:Nokia Service Layer Host Process "UDP Query User{FDFF216A-C11F-4A44-A740-82C337A8FE39}c:\\program files\\common files\\nokia\\service layer\\a\\nsl_host_process.exe"= TCP:c:\program files\common files\nokia\service layer\a\nsl_host_process.exe:Nokia Service Layer Host Process "TCP Query User{7CC2DE6C-CB2F-4042-B1DC-5108C4FD5468}c:\\program files\\nokia\\nokia software updater\\nsu_ui_client.exe"= UDP:c:\program files\nokia\nokia software updater\nsu_ui_client.exe:Nokia Software Updater "UDP Query User{F8263D1F-9B0D-424F-BD17-2F198A665650}c:\\program files\\nokia\\nokia software updater\\nsu_ui_client.exe"= TCP:c:\program files\nokia\nokia software updater\nsu_ui_client.exe:Nokia Software Updater "{95CEDC89-82F3-424C-BE48-B3453D508566}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile] "DoNotAllowExceptions"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List] "c:\\Program Files\\IEPro\\MiniDM.exe"= c:\program files\IEPro\MiniDM.exe:*:Enabled:MiniDM R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\System32\drivers\klbg.sys [2008-01-29 33808] R0 Si3531;SiI-3531 SATA Controller;c:\windows\System32\drivers\Si3531.sys [2009-02-05 212520] R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\System32\drivers\klim6.sys [2008-07-09 20496] R2 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656] R3 itecir;ITECIR Infrared Receiver;c:\windows\System32\drivers\itecir.sys [2008-07-03 46592] R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\System32\drivers\klfltdev.sys [2008-03-13 26640] S2 ELOADER;General Purpose USB Driver (adildr.sys);c:\windows\System32\drivers\adildr.sys [2008-07-04 56088] S3 BthAvrcp;Profil AVRCP Bluetooth;c:\windows\System32\drivers\BthAvrcp.sys [2008-07-10 15872] S3 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [2009-03-31 55280] S3 fsssvc;Bezpieczeństwo rodzinne usługi Windows Live;c:\program files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360] S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\System32\drivers\nmwcdnsu.sys [2008-02-01 138112] S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\System32\drivers\nmwcdnsuc.sys [2008-02-01 8320] S3 WSDPrintDevice;Obsługa drukowania WSD za pośrednictwem bloku pamięci górnej;c:\windows\System32\drivers\WSDPrint.sys [2008-01-21 16896] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc HPService REG_MULTI_SZ HPSLPSVC . Zawartość folderu 'Zaplanowane zadania' 2009-03-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2086174230-4289690797-2513951421-1000.job - c:\users\Laptop\AppData\Local\Google\Update\GoogleUpdate.exe [2008-12-30 21:11] 2009-04-01 c:\windows\Tasks\User_Feed_Synchronization-{468D4863-301B-45D7-B757-1A9A8FC3EEAD}.job - c:\windows\system32\msfeedssync.exe [2009-03-08 13:31] . . ------- Skan uzupełniający ------- . uStart Page = hxxp://www.onet.pl/ IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 IE: {{000002a3-84fe-43f1-b958-f2c3ca804f1a} - {CD275D4E-791A-4993-9D4D-6A071EDD2709} - c:\program files\IEPro\iepro.dll TCP: {17FE983C-3C50-4B2E-8E09-EAFD8B44B768} = 194.204.159.1 217.98.63.164 DPF: {1E53EA77-34F2-474E-9046-B2B0C86F1821} - hxxp://www.eska.pl/streamplayers/OggX.ocx FF - ProfilePath - c:\users\Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\kf671xau.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.onet.pl/ FF - component: c:\program files\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll FF - plugin: c:\program files\K-Lite Codec Pack\Media Player Classic\Netscape6\nppl3260.dll FF - plugin: c:\program files\K-Lite Codec Pack\Media Player Classic\Netscape6\nprjplug.dll FF - plugin: c:\program files\K-Lite Codec Pack\Media Player Classic\Netscape6\nprpjplug.dll FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll FF - plugin: c:\program files\Opera\program\plugins\nppl3260.dll FF - plugin: c:\program files\Opera\program\plugins\nprpjplug.dll FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: c:\users\Laptop\AppData\Local\Google\Update\1.2.141.5\npGoogleOneClick7.dll . ************************************************************************** catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-04-01 15:00:42 Windows 6.0.6001 Service Pack 1 NTFS skanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run LXCCCATS = rundll32 c:\windows\system32\spool\DRIVERS\W32X86\3\LXCCtime.dll,_RunDLLEntry@16??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? skanowanie ukrytych plików ... skanowanie pomyślnie ukończone ukryte pliki: 0 ************************************************************************** . Czas ukończenia: 2009-04-01 15:03:35 ComboFix-quarantined-files.txt 2009-04-01 13:03:32 ComboFix2.txt 2009-04-01 12:49:53 ComboFix3.txt 2009-04-01 08:01:54 Przed: 15 097 524 224 bajtów wolnych Po: 14,828,212,224 bajtów wolnych Current=1 Default=1 Failed=0 LastKnownGood=10 Sets=1,2,3,4,5,6,7,8,9,10 322 --- E O F --- 2009-03-31 08:43:51 wrzucam końcowy screen po przeskanowaniu DR Web co teraz mam zrobić??
Rafał-85 komentarz 2 kwietnia 2009 Autor komentarz 2 kwietnia 2009 (edytowane) Usunąłem C:\Qoobox ogólnie nie wygląda źle, ale np. czasami jak coś robię w folderach (kopiuję, zaznaczam i skanuję antywirusem) to wyskakuje komunikat że Eksplorator Windows przestał działać i uruchamia się ponownie ten Eksplorator(folder) wcześniej takie coś się raczej nie zdarzało. czy coś jeszcze mam usunąć (Combofix itd)? przeprowadziłem już małą optymalizację. cofam to co napisalem wczesniej!!! problem powrocil jak bumerang, przy okazji zauwazylem ze nie dziala firefox ktory jest moja domyslna przegladarka, word tez nie chce sie uruchomic. ponizej screen sprzed kilku minut w przypadku worda przy probie zamkniecia tego co zaczelo sie uruchamiac wyskakuje taki komunikat najlepsze jest to, że raz Windows uruchamia się i działa normalnie, a po restarcie znowu jest źle. Wczoraj wieczorem restartowałem chyba 4 razy i ciągle było źle a dziś włączyłem i za pierwszym razem ok.
Gość komentarz 3 kwietnia 2009 komentarz 3 kwietnia 2009 Użyj Przywracania Systemu do wybranej daty, wtedy gdy jeszcze nie było tych problemów. .
Rafał-85 komentarz 10 kwietnia 2009 Autor komentarz 10 kwietnia 2009 (edytowane) Użyj Przywracania Systemu do wybranej daty, wtedy gdy jeszcze nie było tych problemów. zapomniałem wspomnieć że próbowałem użyć już tej funkcji, ale komputer restartuje się ale potem wyskakuje komunikat, że przywracanie systemu nie może zostać dokończone. Problem nadal istnieje dzisiejszy skan kaspersky'm Pełne skanowanie: zakończono 2009-04-07 15:46:50 (zdarzeń: 13, obiektów: 369167, czas: 00:29:49) 2009-04-07 15:17:01 Zadanie zostało uruchomione 2009-04-07 15:17:05 Zagrożenie Luka http://www.viruslist.com/pl/advisories/34012 Niski poziom bezpieczeństwa Dokładne C:\Windows\system32\Macromed\Flash\NPSWF32.dll 2009-04-07 15:17:27 Zagrożenie Luka http://www.viruslist.com/pl/advisories/27620 Niski poziom bezpieczeństwa Dokładne C:\program files\k-lite codec pack\media player classic\realplay.exe 2009-04-07 15:20:17 Zagrożenie Luka http://www.viruslist.com/pl/advisories/34451 Niski poziom bezpieczeństwa Dokładne C:\program files\Java\jre6\bin\java.exe 2009-04-07 15:20:26 Zagrożenie Luka http://www.viruslist.com/pl/advisories/27620 Niski poziom bezpieczeństwa Dokładne C:\program files\k-lite codec pack\media player classic\realplay.exe 2009-04-07 15:23:42 Zagrożenie Luka http://www.viruslist.com/pl/advisories/34012 Niski poziom bezpieczeństwa Dokładne C:\program files\Opera\program\plugins\NPSWF32.dll 2009-04-07 15:26:44 Zagrożenie Luka http://www.viruslist.com/pl/advisories/29434 Niski poziom bezpieczeństwa Dokładne C:\ProgramData\{83C91755-2546-441D-AC40-9A6B4B860800}\mia.lib 2009-04-07 15:26:53 Zagrożenie Luka http://www.viruslist.com/pl/advisories/29434 Niski poziom bezpieczeństwa Dokładne C:\Users\All Users\{83C91755-2546-441D-AC40-9A6B4B860800}\mia.lib 2009-04-07 15:31:39 Zagrożenie Luka http://www.viruslist.com/pl/advisories/34451 Niski poziom bezpieczeństwa Dokładne C:\Windows\system32\java.exe 2009-04-07 15:35:40 Zagrożenie Luka http://www.viruslist.com/pl/advisories/34012 Niski poziom bezpieczeństwa Dokładne C:\Windows\system32\Macromed\Flash\Flash9b.ocx 2009-04-07 15:35:40 Zagrożenie Luka http://www.viruslist.com/pl/advisories/34012 Niski poziom bezpieczeństwa Dokładne C:\Windows\system32\Macromed\Flash\NPSWF32.dll 2009-04-07 15:35:40 Zagrożenie Luka http://www.viruslist.com/pl/advisories/34012 Niski poziom bezpieczeństwa Dokładne C:\Windows\system32\Macromed\Flash\Flash10a.ocx 2009-04-07 15:46:50 Zadanie zostało zakończone a to wynik skanowania AD-aware, chyba te wirusy zostały usunięte, ponieważ kolejne skanowanie było czyste Dzisiejsze logi. Dodam tylko że jak nie potraficie mi pomóc to w święta przeinstaluję vistę. Combofix ComboFix 09-04-04.01 - Laptop 2009-04-10 21:18:49.6 - NTFSx86Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1250.1.1045.18.2046.1306 [GMT 2:00] Uruchomiony z: D:\ComboFix.exe AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) FW: Kaspersky Internet Security *disabled* * Utworzono nowy punkt przywracania . ((((((((((((((((((((((((( Pliki utworzone od 2009-03-10 do 2009-04-10 ))))))))))))))))))))))))))))))) . 2009-04-09 10:19 . 2009-04-09 10:19 <DIR> d-------- c:\users\Laptop\AppData\Roaming\GlarySoft 2009-04-09 10:13 . 2009-04-09 10:13 <DIR> d-------- c:\program files\Glary Utilities 2009-04-09 09:39 . 2009-04-09 09:39 <DIR> d-------- C:\CircleDock 2009-04-07 17:56 . 2009-04-07 17:56 <DIR> d-------- c:\users\Laptop\DoctorWeb 2009-04-07 13:23 . 2009-04-07 13:23 <DIR> d-------- c:\program files\A4Tech 2009-04-07 13:13 . 2009-04-07 13:14 <DIR> d-------- C:\Nowe Gadu-Gadu 2009-04-06 11:36 . 2009-04-06 11:01 15,688 --a------ c:\windows\System32\lsdelete.exe 2009-04-06 11:01 . 2009-04-06 11:01 64,160 --a------ c:\windows\System32\drivers\Lbd.sys 2009-04-06 10:55 . 2009-04-06 10:55 <DIR> d--h-c--- c:\users\All Users\{83C91755-2546-441D-AC40-9A6B4B860800} 2009-04-06 10:55 . 2009-04-06 10:55 <DIR> d--h-c--- c:\programdata\{83C91755-2546-441D-AC40-9A6B4B860800} 2009-04-06 08:18 . 2009-04-06 10:55 <DIR> d-------- c:\users\All Users\Lavasoft 2009-04-06 08:18 . 2009-04-06 10:55 <DIR> d-------- c:\programdata\Lavasoft 2009-04-06 08:18 . 2009-04-06 10:55 <DIR> d-------- c:\program files\Lavasoft 2009-03-31 20:15 . 2009-04-01 09:53 <DIR> d-------- C:\Default 2009-03-31 10:41 . 2009-03-31 10:41 <DIR> d-------- c:\program files\Microsoft Sync Framework 2009-03-31 10:41 . 2009-02-06 18:08 55,280 --a------ c:\windows\System32\drivers\fssfltr.sys 2009-03-31 10:40 . 2009-03-31 10:40 <DIR> d-------- c:\program files\Microsoft SQL Server Compact Edition 2009-03-31 10:40 . 2006-11-29 13:06 3,426,072 --a------ c:\windows\System32\d3dx9_32.dll 2009-03-31 10:39 . 2009-03-31 10:39 <DIR> d-------- c:\program files\Windows Live SkyDrive 2009-03-31 10:39 . 2009-03-31 10:41 <DIR> d-------- c:\program files\Windows Live 2009-03-31 10:08 . 2009-03-31 10:08 <DIR> d-------- c:\program files\Common Files\Windows Live 2009-03-29 19:14 . 2009-03-29 19:14 <DIR> d-------- c:\users\All Users\WindowsSearch 2009-03-29 19:14 . 2009-03-29 19:14 <DIR> d-------- c:\programdata\WindowsSearch 2009-03-24 23:16 . 2009-03-24 23:16 <DIR> d-------- c:\users\Laptop\AppData\Roaming\Thunderbird 2009-03-24 23:16 . 2009-03-24 23:16 <DIR> d-------- c:\program files\Mozilla Thunderbird 3 Beta 2 2009-03-23 21:48 . 2009-03-23 21:48 <DIR> d-------- c:\users\All Users\Real 2009-03-23 21:48 . 2009-03-23 21:48 <DIR> d-------- c:\program files\Real Alternative 2009-03-18 11:59 . 2009-03-23 12:02 <DIR> d-------- c:\users\Laptop\AppData\Roaming\Desktop Sidebar 2009-03-18 11:58 . 2009-03-18 11:58 <DIR> d-------- c:\program files\Desktop Sidebar 2009-03-11 16:00 . 2009-03-11 16:00 <DIR> d-------- c:\windows\System32\Adobe 2009-03-11 15:13 . 2009-03-11 15:13 <DIR> d-------- c:\users\All Users\Apple Computer 2009-03-11 15:13 . 2009-03-11 15:13 <DIR> d-------- c:\programdata\Apple Computer 2009-03-11 15:13 . 2009-03-11 15:13 <DIR> d-------- c:\program files\QuickTime 2009-03-10 22:24 . 2009-02-09 05:10 2,033,152 --a------ c:\windows\System32\win32k.sys 2009-03-10 22:24 . 2008-11-27 06:43 268,288 --a------ c:\windows\System32\schannel.dll 2009-03-10 18:11 . 2009-03-10 18:11 <DIR> d-------- c:\program files\Common Files\Adobe AIR 2009-03-10 18:11 . 2009-03-10 18:11 <DIR> d-------- c:\program files\Adobe Media Player . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-04-10 19:07 --------- d-----w c:\programdata\Kaspersky Lab 2009-04-10 19:05 622,624 --sha-w c:\windows\system32\drivers\fidbox2.dat 2009-04-10 19:05 5,304 --sha-w c:\windows\system32\drivers\fidbox2.idx 2009-04-10 19:05 3,225,632 --sha-w c:\windows\system32\drivers\fidbox.dat 2009-04-10 19:05 28,376 --sha-w c:\windows\system32\drivers\fidbox.idx 2009-04-09 08:28 --------- d-----w c:\users\Laptop\AppData\Roaming\Skype 2009-04-09 08:27 --------- d-----w c:\program files\ALLPlayer 2009-04-07 18:51 --------- d-----w c:\users\Laptop\AppData\Roaming\Winamp 2009-04-06 17:00 91,614 ----a-w c:\users\Laptop\AppData\Roaming\nvModes.dat 2009-04-06 08:39 --------- d-----w c:\programdata\Spybot - Search & Destroy 2009-03-31 18:32 --------- d-----w c:\programdata\HP Product Assistant 2009-03-31 18:32 --------- d-----w c:\program files\Unlocker 2009-03-31 18:32 --------- d-----w c:\program files\Malwarebytes' Anti-Malware 2009-03-31 18:32 --------- d-----w c:\program files\CCleaner 2009-03-31 08:39 --------- d-----w c:\program files\Microsoft 2009-03-26 14:49 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys 2009-03-26 14:49 15,504 ----a-w c:\windows\system32\drivers\mbam.sys 2009-03-22 20:01 --------- d-----w c:\program files\Winamp 2009-03-18 15:30 --------- d-----w c:\users\Laptop\AppData\Roaming\skypePM 2009-03-17 20:26 --------- d-----w c:\program files\Common Files\Adobe 2009-03-16 21:10 --------- d-----w c:\program files\Nokia 2009-03-16 21:10 --------- d-----w c:\program files\Common Files\Nokia 2009-03-16 21:09 --------- d-----w c:\programdata\Installations 2009-03-10 20:28 --------- d-----w c:\program files\Windows Mail 2009-03-08 11:34 914,944 ----a-w c:\windows\System32\wininet.dll 2009-03-08 11:34 43,008 ----a-w c:\windows\System32\licmgr10.dll 2009-03-08 11:33 420,352 ----a-w c:\windows\System32\vbscript.dll 2009-03-08 11:33 18,944 ----a-w c:\windows\System32\corpol.dll 2009-03-08 11:33 132,608 ----a-w c:\windows\System32\ieUnatt.exe 2009-03-08 11:33 109,568 ----a-w c:\windows\System32\PDMSetup.exe 2009-03-08 11:33 109,056 ----a-w c:\windows\System32\iesysprep.dll 2009-03-08 11:33 107,520 ----a-w c:\windows\System32\RegisterIEPKEYs.exe 2009-03-08 11:33 107,008 ----a-w c:\windows\System32\SetIEInstalledDate.exe 2009-03-08 11:33 103,936 ----a-w c:\windows\System32\SetDepNx.exe 2009-03-08 11:32 72,704 ----a-w c:\windows\System32\admparse.dll 2009-03-08 11:32 71,680 ----a-w c:\windows\System32\iesetup.dll 2009-03-08 11:32 66,560 ----a-w c:\windows\System32\wextract.exe 2009-03-08 11:32 169,472 ----a-w c:\windows\System32\iexpress.exe 2009-03-08 11:31 48,128 ----a-w c:\windows\System32\mshtmler.dll 2009-03-08 11:31 45,568 ----a-w c:\windows\System32\mshta.exe 2009-03-08 11:31 34,816 ----a-w c:\windows\System32\imgutil.dll 2009-03-08 11:22 156,160 ----a-w c:\windows\System32\msls31.dll 2009-03-05 19:51 --------- d-----w c:\program files\Opera 2009-03-02 22:12 --------- d-----w c:\program files\Google 2009-03-02 15:02 615,424 ----a-w c:\windows\System32\themeui.dll 2009-03-02 15:02 240,128 ----a-w c:\windows\System32\uxtheme.dll 2009-03-02 13:36 --------- d-----w c:\program files\PITy 2009-02-26 19:12 --------- d-----w c:\program files\Microsoft Silverlight 2009-02-24 11:53 --------- d-----w c:\programdata\Skype 2009-02-24 11:53 --------- d-----w c:\program files\Common Files\Skype 2009-02-24 11:53 --------- d-----r c:\program files\Skype 2009-02-24 11:38 --------- d-----w c:\program files\MSECache 2009-02-24 11:38 --------- d-----w c:\program files\Microsoft Works 2009-02-17 21:00 --------- d-----w c:\programdata\Nokia 2009-02-17 20:47 --------- d-----w c:\users\Laptop\AppData\Roaming\Nokia 2009-02-17 20:40 --------- d-----w c:\program files\Common Files\PCSuite 2009-02-17 20:38 --------- d-----w c:\program files\PC Connectivity Solution 2009-02-16 18:58 --------- d-----w c:\users\Laptop\AppData\Roaming\BESTplayer 2009-02-15 21:08 89,601 ----a-w c:\windows\system32\drivers\klick.dat 2009-02-15 21:08 33,808 ----a-w c:\windows\system32\drivers\klbg.sys 2009-02-15 21:08 101,287 ----a-w c:\windows\system32\drivers\klin.dat 2009-02-15 20:51 --------- d-----w c:\program files\Kaspersky Lab 2009-02-15 20:44 --------- d-----w c:\programdata\Kaspersky Lab Setup Files 2009-02-15 14:09 22,328 ----a-w c:\windows\system32\drivers\PnkBstrK.sys 2009-02-15 14:09 103,736 ----a-w c:\windows\System32\PnkBstrB.exe 2009-02-06 17:57 308,104 ----a-w c:\windows\WLXPGSS.SCR 2009-02-06 16:52 49,504 ----a-w c:\windows\System32\sirenacm.dll 2009-02-05 18:38 119,848 ----a-w c:\windows\System32\SilSupp.dll 2009-01-26 20:03 66,872 ----a-w c:\windows\System32\PnkBstrA.exe 2008-07-09 21:35 56 ---ha-w c:\users\All Users\ezsidmv.dat 2008-07-09 21:35 56 ---ha-w c:\programdata\ezsidmv.dat 2008-01-21 02:43 174 --sha-w c:\program files\desktop.ini 2007-08-12 11:07 557,056 ----a-w c:\program files\lame.exe 2007-08-12 09:26 88,727 ----a-w c:\program files\history.html 2007-06-28 14:41 4,071 ----a-w c:\program files\contributors.html 2007-05-25 13:04 8,074 ----a-w c:\program files\id3.html 2007-05-25 13:04 2,218 ----a-w c:\program files\index.html 2006-04-29 18:46 179 ----a-w c:\program files\Free-Codecs.txt 2005-08-22 10:29 49,511 ----a-w c:\program files\switchs.html 2005-08-09 06:25 4,922 ----a-w c:\program files\basic.html 2005-08-09 06:25 1,705 ----a-w c:\program files\examples.html 2005-07-28 05:11 3,102 ----a-w c:\program files\presets.html 2004-08-27 05:03 2,288 ----a-w c:\program files\modes.html 2001-10-24 11:44 6,967 ----a-w c:\program files\node6.html 2000-12-03 22:00 732 ----a-w c:\program files\lame.css . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Nowe Gadu-Gadu"="c:\program files\Nowe Gadu-Gadu\gg.exe" [2009-02-27 9339496] "eMuleAutoStart"="f:\emule\emule.exe" [2009-02-22 5668864] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "OSD"="c:\program files\C&E\OSD\osd.exe" [2007-07-10 557056] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-02-12 174872] "NvSvc"="c:\windows\system32\nvsvc.dll" [2007-05-22 86016] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-05-22 8433664] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-05-22 81920] "LXCCCATS"="c:\windows\system32\spool\DRIVERS\W32X86\3\LXCCtime.dll" [2007-02-22 73728] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-04 136600] "AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2009-02-15 206088] "Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-04-06 515416] "WheelMouse"="c:\program files\A4Tech\Mouse\Amoumain.exe" [2008-03-06 241664] "WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-03-09 37888] "RtHDVCpl"="RtHDVCpl.exe" [2007-05-10 c:\windows\RtHDVCpl.exe] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\progra~1\KASPER~1\KASPER~1\mzvkbd.dll c:\progra~1\KASPER~1\KASPER~1\mzvkbd3.dll c:\progra~1\KASPER~1\KASPER~1\adialhk.dll c:\progra~1\KASPER~1\KASPER~1\kloehk.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.i420"= i420vfw.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] --a------ 2009-02-27 18:10 35696 c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] --a------ 2006-12-23 19:05 143360 c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint] --a------ 2007-05-11 08:58 103344 c:\program files\Lexmark 3300 Series\ezprint.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update] --a----t- 2008-12-30 21:11 133104 c:\users\Laptop\AppData\Local\Google\Update\GoogleUpdate.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] --a------ 2007-10-14 22:17 49152 c:\program files\HP\HP Software Update\hpwuSchd2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxccmon.exe] --a------ 2007-05-11 08:58 205744 c:\program files\Lexmark 3300 Series\lxccmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2006-01-12 16:40 155648 c:\program files\Common Files\Ahead\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2009-01-05 17:18 413696 c:\program files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL] --a------ 2006-11-22 11:31 630784 c:\program files\Motorola\SMSERIAL\sm56hlpr.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2086174230-4289690797-2513951421-1000] "EnableNotificationsRef"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "TCP Query User{386E2864-7A76-493A-881E-6737B38614CA}c:\\program files\\skype\\phone\\skype.exe"= UDP:c:\program files\skype\phone\skype.exe:Onet.pl - Skype "UDP Query User{00C8230F-1770-40C9-8A41-602FF7907947}c:\\program files\\skype\\phone\\skype.exe"= TCP:c:\program files\skype\phone\skype.exe:Onet.pl - Skype "TCP Query User{52C7F2BB-2BD0-4907-9A40-82E301803BB0}f:\\emule\\emule.exe"= UDP:f:\emule\emule.exe:eMule "UDP Query User{CA5074AB-68C8-4AF7-8D20-9DE78E7DABFC}f:\\emule\\emule.exe"= TCP:f:\emule\emule.exe:eMule "{8E2215DF-3929-438D-BFF9-BECD09ACB510}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\lxccpswx.exe:Printer Status Window "{5D0C88CC-5BF2-40B5-BDEF-A08F27BA68AC}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\lxccpswx.exe:Printer Status Window "{3239DDAF-8E60-4875-83DC-EFF6583CCF42}"= UDP:c:\program files\Winamp Remote\bin\Orb.exe:Orb "{3F0806F9-78B3-42E7-B8FC-B10BB94E6795}"= TCP:c:\program files\Winamp Remote\bin\Orb.exe:Orb "{0AA606EF-4E84-4626-A83D-DBBAAA74BE9E}"= UDP:c:\program files\Winamp Remote\bin\OrbTray.exe:OrbTray "{9EEE64DB-2140-4B6F-9ED1-C8C0AB997CA6}"= TCP:c:\program files\Winamp Remote\bin\OrbTray.exe:OrbTray "{9C1B5F97-A64B-42BB-B7F8-3AD571C9217C}"= UDP:c:\program files\Winamp Remote\bin\OrbIR.exe:OrbIR "{C8548B7C-2FC7-49FF-9244-025E307E9340}"= TCP:c:\program files\Winamp Remote\bin\OrbIR.exe:OrbIR "{69ED2C58-2C25-488D-82D9-DC0D8C71A230}"= UDP:c:\program files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client "{190BACC0-C531-44FD-AA94-6BF5D2ED26BC}"= TCP:c:\program files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client "TCP Query User{286B635F-8FD2-4E73-B23D-49C259755927}c:\\program files\\nowe gadu-gadu\\gg.exe"= UDP:c:\program files\nowe gadu-gadu\gg.exe:Nowe Gadu-Gadu beta "UDP Query User{FD867EBD-3298-4C57-B575-B4E37B088E63}c:\\program files\\nowe gadu-gadu\\gg.exe"= TCP:c:\program files\nowe gadu-gadu\gg.exe:Nowe Gadu-Gadu beta "TCP Query User{69111F47-66E1-492B-83A5-1A53F7881DE6}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer "UDP Query User{615EF356-1308-4137-AB6A-C79D284B24FC}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer "{260A6843-7E36-483B-BE92-BEC06DE8F7CE}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{9890E7EA-2BFF-420A-9E27-9E735220F8DE}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{3C98D4D6-2A27-4D74-B81B-A3344C4747F8}"= c:\program files\Skype\Phone\Skype.exe:Skype "{491E7840-6121-4AED-8717-26EC169FFEA6}"= UDP:c:\windows\System32\lxcccoms.exe:Lexmark Communications System "{9F6D51A8-4E7A-4D87-AA41-3C21BDE12BBF}"= TCP:c:\windows\System32\lxcccoms.exe:Lexmark Communications System "{56A4266E-9D94-45C6-84A9-63A2FE79CE59}"= Disabled:UDP:e:\setup\HPZNUI01.EXE:hpznui01.exe "{187F11DE-7D1B-4C3C-9ACC-9C4D26D53484}"= Disabled:TCP:e:\setup\HPZNUI01.EXE:hpznui01.exe "{AD37D949-D65E-4638-A34B-3A87B5E05E93}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpqtra08.exe:hpqtra08.exe "{DA778BCD-FA86-401D-B0F6-7704F020174A}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpqtra08.exe:hpqtra08.exe "{FD7D6657-BBF2-4DEC-9CA2-E06B4C6DB2A9}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpqste08.exe:hpqste08.exe "{5F46B7DE-9D18-4CE9-9C64-F26409AFC333}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpqste08.exe:hpqste08.exe "{BB6E38CE-8B14-4841-85E1-1CBABD86B25E}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpofxm08.exe:hpofxm08.exe "{964C0714-A8A2-409E-A9EB-13BDB592C6A7}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpofxm08.exe:hpofxm08.exe "{BFF30B9C-3D09-47C1-B0C4-07CF4D3D1EE4}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hposfx08.exe:hposfx08.exe "{6C89C5DB-712A-4CBC-B9BE-EFA6186D0B61}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hposfx08.exe:hposfx08.exe "{48138B62-DD57-4434-AC33-7EFFA35A5783}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hposid01.exe:hposid01.exe "{3A69EA76-C469-4A25-80AE-96A95C6D7F20}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hposid01.exe:hposid01.exe "{46C63F37-FFD6-40BE-99BF-3ABF220F45CE}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpqkygrp.exe:hpqkygrp.exe "{F1035169-11AA-4A41-AC6B-F1F48740C16C}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpqkygrp.exe:hpqkygrp.exe "{8FE3FC4B-71F6-463F-9D1F-763C0844EAD9}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpzwiz01.exe:hpzwiz01.exe "{00B5B898-0615-4073-B554-94F817D71682}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpzwiz01.exe:hpzwiz01.exe "TCP Query User{2767DDDA-C606-4070-A04B-423FF65A3029}c:\\program files\\common files\\ahead\\nero web\\setupx.exe"= UDP:c:\program files\common files\ahead\nero web\setupx.exe:MSI starter "UDP Query User{45F7C29F-7D48-4F45-A26C-B66A32480A54}c:\\program files\\common files\\ahead\\nero web\\setupx.exe"= TCP:c:\program files\common files\ahead\nero web\setupx.exe:MSI starter "TCP Query User{A7A25341-866A-4BBB-B709-006B1EB44AC7}c:\\users\\laptop\\appdata\\local\\temp\\nero web\\setupxu.exe"= UDP:c:\users\laptop\appdata\local\temp\nero web\setupxu.exe:setupxu.exe "UDP Query User{32844D74-0933-4372-AC4E-0245A2DD39C3}c:\\users\\laptop\\appdata\\local\\temp\\nero web\\setupxu.exe"= TCP:c:\users\laptop\appdata\local\temp\nero web\setupxu.exe:setupxu.exe "{EDB24A59-2CBE-453F-8CD8-F001A349D390}"= UDP:c:\program files\ALLPlayer\ALLPlayer.exe:ALLPlayer V3.6 "{71C8888F-189E-4EEF-9440-DC47CD058005}"= TCP:c:\program files\ALLPlayer\ALLPlayer.exe:ALLPlayer V3.6 "TCP Query User{5009CEDA-38E4-4810-B9B8-B8FED604F0A3}c:\\program files\\ipla\\ipla.exe"= Disabled:UDP:c:\program files\ipla\ipla.exe:ipla "UDP Query User{0679F1E3-FF97-43EC-921D-DBEF310C3739}c:\\program files\\ipla\\ipla.exe"= Disabled:TCP:c:\program files\ipla\ipla.exe:ipla "{92A77583-BDB9-4466-959B-D67F93C5D280}"= UDP:d:\dokumenty\SKRÓTY\BESTplayer.exe:BESTplayer "{5DCAC31D-1200-4BE2-B267-832D7FB916D5}"= TCP:d:\dokumenty\SKRÓTY\BESTplayer.exe:BESTplayer "TCP Query User{A8DCA954-131D-4318-84A7-4BA5F836C548}c:\\program files\\common files\\nokia\\service layer\\a\\nsl_host_process.exe"= UDP:c:\program files\common files\nokia\service layer\a\nsl_host_process.exe:Nokia Service Layer Host Process "UDP Query User{FDFF216A-C11F-4A44-A740-82C337A8FE39}c:\\program files\\common files\\nokia\\service layer\\a\\nsl_host_process.exe"= TCP:c:\program files\common files\nokia\service layer\a\nsl_host_process.exe:Nokia Service Layer Host Process "TCP Query User{7CC2DE6C-CB2F-4042-B1DC-5108C4FD5468}c:\\program files\\nokia\\nokia software updater\\nsu_ui_client.exe"= UDP:c:\program files\nokia\nokia software updater\nsu_ui_client.exe:Nokia Software Updater "UDP Query User{F8263D1F-9B0D-424F-BD17-2F198A665650}c:\\program files\\nokia\\nokia software updater\\nsu_ui_client.exe"= TCP:c:\program files\nokia\nokia software updater\nsu_ui_client.exe:Nokia Software Updater "{95CEDC89-82F3-424C-BE48-B3453D508566}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile] "DoNotAllowExceptions"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List] "c:\\Program Files\\IEPro\\MiniDM.exe"= c:\program files\IEPro\MiniDM.exe:*:Enabled:MiniDM R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\System32\drivers\klbg.sys [2008-01-29 33808] R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [2009-04-06 64160] R0 Si3531;SiI-3531 SATA Controller;c:\windows\System32\drivers\Si3531.sys [2009-02-05 212520] R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\System32\drivers\klim6.sys [2008-07-09 20496] R2 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656] R3 itecir;ITECIR Infrared Receiver;c:\windows\System32\drivers\itecir.sys [2008-07-03 46592] R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\System32\drivers\klfltdev.sys [2008-03-13 26640] S2 ELOADER;General Purpose USB Driver (adildr.sys);c:\windows\System32\drivers\adildr.sys [2008-07-04 56088] S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-01-18 951632] S3 BthAvrcp;Profil AVRCP Bluetooth;c:\windows\System32\drivers\BthAvrcp.sys [2008-07-10 15872] S3 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [2009-03-31 55280] S3 fsssvc;Bezpieczeństwo rodzinne usługi Windows Live;c:\program files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360] S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\System32\drivers\nmwcdnsu.sys [2008-02-01 138112] S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\System32\drivers\nmwcdnsuc.sys [2008-02-01 8320] S3 WSDPrintDevice;Obsługa drukowania WSD za pośrednictwem bloku pamięci górnej;c:\windows\System32\drivers\WSDPrint.sys [2008-01-21 16896] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc HPService REG_MULTI_SZ HPSLPSVC . Zawartość folderu 'Zaplanowane zadania' 2009-04-06 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-04-06 11:00] 2009-04-10 c:\windows\Tasks\GlaryInitialize.job - c:\program files\Glary Utilities\initialize.exe [2009-03-23 09:49] 2009-04-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2086174230-4289690797-2513951421-1000.job - c:\users\Laptop\AppData\Local\Google\Update\GoogleUpdate.exe [2008-12-30 21:11] 2009-04-10 c:\windows\Tasks\User_Feed_Synchronization-{468D4863-301B-45D7-B757-1A9A8FC3EEAD}.job - c:\windows\system32\msfeedssync.exe [2009-03-08 13:31] . . ------- Skan uzupełniający ------- . uStart Page = hxxp://www.onet.pl/ IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 IE: {{000002a3-84fe-43f1-b958-f2c3ca804f1a} - {CD275D4E-791A-4993-9D4D-6A071EDD2709} - c:\program files\IEPro\iepro.dll TCP: {17FE983C-3C50-4B2E-8E09-EAFD8B44B768} = 194.204.159.1 217.98.63.164 DPF: {1E53EA77-34F2-474E-9046-B2B0C86F1821} - hxxp://www.eska.pl/streamplayers/OggX.ocx FF - ProfilePath - c:\users\Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\kf671xau.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.onet.pl/ FF - component: c:\program files\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll FF - plugin: c:\program files\K-Lite Codec Pack\Media Player Classic\Netscape6\nppl3260.dll FF - plugin: c:\program files\K-Lite Codec Pack\Media Player Classic\Netscape6\nprjplug.dll FF - plugin: c:\program files\K-Lite Codec Pack\Media Player Classic\Netscape6\nprpjplug.dll FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll FF - plugin: c:\program files\Opera\program\plugins\nppl3260.dll FF - plugin: c:\program files\Opera\program\plugins\nprpjplug.dll FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: c:\users\Laptop\AppData\Local\Google\Update\1.2.141.5\npGoogleOneClick7.dll . ************************************************************************** catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-04-10 21:20:44 Windows 6.0.6001 Service Pack 1 NTFS skanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run LXCCCATS = rundll32 c:\windows\system32\spool\DRIVERS\W32X86\3\LXCCtime.dll,_RunDLLEntry@16??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? skanowanie ukrytych plików ... skanowanie pomyślnie ukończone ukryte pliki: 0 ************************************************************************** . Czas ukończenia: 2009-04-10 21:23:09 ComboFix-quarantined-files.txt 2009-04-10 19:23:06 Przed: 16 620 965 888 bajtów wolnych Po: 16,360,943,616 bajtów wolnych 311 --- E O F --- 2009-04-05 20:19:52 hijackthis Logfile of Trend Micro HijackThis v2.0.2Scan saved at 23:01:50, on 2009-03-31 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe C:\Windows\system32\spool\DRIVERS\W32X86\3\lxccjswx.exe C:\Windows\system32\conime.exe C:\Windows\Explorer.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Windows\system32\SearchFilterHost.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: Idea2 SidebarBrowserMonitor Class - {45AD732C-2CE2-4666-B366-B2214AD57A49} - C:\Program Files\Desktop Sidebar\sbhelp.dll O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Pomocnik rejestracji usługi Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [OSD] C:\Program Files\C&E\OSD\osd.exe O4 - HKLM\..\Run: [iAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [LXCCCATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\LXCCtime.dll,_RunDLLEntry@16 O4 - HKLM\..\Run: [lxccmon.exe] "C:\Program Files\Lexmark 3300 Series\lxccmon.exe" O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 3300 Series\ezprint.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKCU\..\Run: [Nowe Gadu-Gadu] "C:\Program Files\Nowe Gadu-Gadu\gg.exe" O4 - HKCU\..\Run: [Google Update] "C:\Users\Laptop\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [eMuleAutoStart] F:\eMule\emule.exe -AutoStart O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll O9 - Extra 'Tools' menuitem: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll O9 - Extra button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll O9 - Extra 'Tools' menuitem: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll O9 - Extra button: Statystyki ochrony WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll O9 - Extra button: Wpis w blogu - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Wpis w blogu w Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: Zaznaczanie HP Smart - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O13 - Gopher Prefix: O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab O16 - DPF: {1E53EA77-34F2-474E-9046-B2B0C86F1821} (OggX Control) - http://www.eska.pl/streamplayers/OggX.ocx O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1223054121928 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1223054797661 O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) - http://bok.plusgsm.pl/rnt/rnl/java/RntX.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{17FE983C-3C50-4B2E-8E09-EAFD8B44B768}: NameServer = 194.204.159.1 217.98.63.164 O17 - HKLM\System\CS1\Services\Tcpip\..\{17FE983C-3C50-4B2E-8E09-EAFD8B44B768}: NameServer = 194.204.159.1 217.98.63.164 O17 - HKLM\System\CS3\Services\Tcpip\..\{17FE983C-3C50-4B2E-8E09-EAFD8B44B768}: NameServer = 194.204.159.1 217.98.63.164 O17 - HKLM\System\CS5\Services\Tcpip\..\{17FE983C-3C50-4B2E-8E09-EAFD8B44B768}: NameServer = 194.204.159.1 217.98.63.164 O17 - HKLM\System\CS6\Services\Tcpip\..\{17FE983C-3C50-4B2E-8E09-EAFD8B44B768}: NameServer = 194.204.159.1 217.98.63.164 O17 - HKLM\System\CS8\Services\Tcpip\..\{17FE983C-3C50-4B2E-8E09-EAFD8B44B768}: NameServer = 194.204.159.1 217.98.63.164 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: lxcc_device - - C:\Windows\system32\lxcccoms.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- End of file - 9816 bytes Silent "Silent Runners.vbs", revision 59, http://www.silentrunners.org/Operating System: Windows Vista Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} "Nowe Gadu-Gadu" = ""C:\Program Files\Nowe Gadu-Gadu\gg.exe"" ["GG Network S.A."] "eMuleAutoStart" = "F:\eMule\emule.exe -AutoStart" ["http://www.emule-project.net] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "RtHDVCpl" = "RtHDVCpl.exe" ["Realtek Semiconductor"] "OSD" = "C:\Program Files\C&E\OSD\osd.exe" ["C&E"] "IAAnotif" = ""C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"" ["Intel Corporation"] "NvSvc" = "RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart" [MS] "NvCplDaemon" = "RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup" [MS] "NvMediaCenter" = "RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit" [MS] "LXCCCATS" = "rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\LXCCtime.dll,_RunDLLEntry@16" [MS] "SunJavaUpdateSched" = ""C:\Program Files\Java\jre6\bin\jusched.exe"" ["Sun Microsystems, Inc."] "AVP" = ""C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"" ["Kaspersky Lab"] "Ad-Watch" = "C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe" ["Lavasoft"] "WheelMouse" = "C:\Program Files\A4Tech\Mouse\Amoumain.exe" ["A4Tech Co.,Ltd."] "WinampAgent" = ""C:\Program Files\Winamp\winampa.exe"" [null data] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {00011268-E188-40DF-A514-835FCD78B1BF}\(Default) = "IE7Pro" -> {HKLM...CLSID} = "IE7Pro BHO" \InProcServer32\(Default) = "C:\Program Files\IEPro\iepro.dll" ["IE7Pro.com"] {18DF081C-E8AD-4283-A596-FA578C2EBDC3}\(Default) = "AcroIEHelperStub" -> {HKLM...CLSID} = "Adobe PDF Link Helper" \InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll" ["Adobe Systems Incorporated"] {22BF413B-C6D2-4d91-82A9-A0F997BA588C}\(Default) = "Skype add-on (mastermind)" -> {HKLM...CLSID} = "Skype add-on (mastermind)" \InProcServer32\(Default) = "C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll" ["Skype Technologies S.A."] {45AD732C-2CE2-4666-B366-B2214AD57A49}\(Default) = "Idea2 SidebarBrowserMonitor Class" -> {HKLM...CLSID} = "Idea2 SidebarBrowserMonitor Class" \InProcServer32\(Default) = "C:\Program Files\Desktop Sidebar\sbhelp.dll" ["Idea2"] {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}\(Default) = "IEVkbdBHO" -> {HKLM...CLSID} = "IEVkbdBHO Class" \InProcServer32\(Default) = "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll" ["Kaspersky Lab"] {6EBF7485-159F-4bff-A14F-B9E3AAC4465B}\(Default) = "Search Helper" -> {HKLM...CLSID} = "Search Helper" \InProcServer32\(Default) = "C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll" [MS] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided) -> {HKLM...CLSID} = "SSVHelper Class" \InProcServer32\(Default) = "C:\Program Files\Java\jre6\bin\ssv.dll" ["Sun Microsystems, Inc."] {9030D464-4C02-4ABF-8ECC-5164760863C6}\(Default) = (no title provided) -> {HKLM...CLSID} = "Pomocnik rejestracji usługi Windows Live" \InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll" [MS] {DBC80044-A445-435b-BC74-9C25C1C588A9}\(Default) = (no title provided) -> {HKLM...CLSID} = "Java Plug-In 2 SSV Helper" \InProcServer32\(Default) = "C:\Program Files\Java\jre6\bin\jp2ssv.dll" ["Sun Microsystems, Inc."] {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}\(Default) = (no title provided) -> {HKLM...CLSID} = "Windows Live Toolbar Helper" \InProcServer32\(Default) = "C:\Program Files\Windows Live\Toolbar\wltcore.dll" [MS] {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}\(Default) = "HP Smart BHO Class" -> {HKLM...CLSID} = "HP Smart BHO Class" \InProcServer32\(Default) = "C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll" ["Hewlett-Packard Co."] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ "{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class" -> {HKLM...CLSID} = "DesktopContext Class" \InProcServer32\(Default) = "C:\Windows\system32\nvcpl.dll" ["NVIDIA Corporation"] "{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper" -> {HKLM...CLSID} = "NVIDIA CPL Extension" \InProcServer32\(Default) = "C:\Windows\system32\nvcpl.dll" ["NVIDIA Corporation"] "{B327765E-D724-4347-8B16-78AE18552FC3}" = "NeroDigitalIconHandler" -> {HKLM...CLSID} = "NeroDigitalIconHandler Class" \InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"] "{7F1CF152-04F8-453A-B34C-E609530A9DC8}" = "NeroDigitalPropSheetHandler" -> {HKLM...CLSID} = "NeroDigitalPropSheetHandler Class" \InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"] "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] "{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player" -> {HKLM...CLSID} = "RealOne Player Context Menu Class" \InProcServer32\(Default) = "C:\Program Files\K-Lite Codec Pack\Media Player Classic\rpshell.dll" ["RealNetworks, Inc."] "{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}" = "UnlockerShellExtension" -> {HKLM...CLSID} = "UnlockerShellExtension" \InProcServer32\(Default) = "C:\Program Files\Unlocker\UnlockerCOM.dll" [null data] "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" = "OpenOffice.org Column Handler" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = ""C:\Program Files\OpenOffice.ux.pl 3\Basis\program\shlxthdl\shlxthdl.dll"" ["Sun Microsystems, Inc."] "{087B3AE3-E237-4467-B8DB-5A38AB959AC9}" = "OpenOffice.org Infotip Handler" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = ""C:\Program Files\OpenOffice.ux.pl 3\Basis\program\shlxthdl\shlxthdl.dll"" ["Sun Microsystems, Inc."] "{63542C48-9552-494A-84F7-73AA6A7C99C1}" = "OpenOffice.org Property Sheet Handler" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = ""C:\Program Files\OpenOffice.ux.pl 3\Basis\program\shlxthdl\shlxthdl.dll"" ["Sun Microsystems, Inc."] "{3B092F0C-7696-40E3-A80F-68D74DA84210}" = "OpenOffice.org Thumbnail Viewer" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = ""C:\Program Files\OpenOffice.ux.pl 3\Basis\program\shlxthdl\shlxthdl.dll"" ["Sun Microsystems, Inc."] "{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97}" = "Microsoft Office Thumbnail Handler" -> {HKLM...CLSID} = "Microsoft Office Thumbnail Handler" \InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS] "{993BE281-6695-4BA5-8A2A-7AACBFAAB69E}" = "Microsoft Office Metadata Handler" -> {HKLM...CLSID} = "Microsoft Office Metadata Handler" \InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS] "{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\msohevi.dll" [MS] "{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C}" = "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" -> {HKLM...CLSID} = "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\Office12\ONFILTER.DLL" [MS] "{85E0B171-04FA-11D1-B7DA-00A0C90348D6}" = "Statystyki ochrony WWW" -> {HKLM...CLSID} = "Statystyki ochrony WWW" \InProcServer32\(Default) = "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll" ["Kaspersky Lab"] "{416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A}" = "Nokia Phone Browser" -> {HKLM...CLSID} = "Nokia Phone Browser" \InProcServer32\(Default) = "C:\Program Files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll" ["Nokia"] "{F2185E5D-720E-4956-90D9-75F6AC141575}" = "Idea2 SidebarIconHandler Class" -> {HKLM...CLSID} = "SidebarIconHandler Class" \InProcServer32\(Default) = "C:\Program Files\Desktop Sidebar\sbhelp.dll" ["Idea2"] "{11016101-E366-4D22-BC06-4ADA335C892B}" = "IE History and Feeds Shell Data Source for Windows Search" -> {HKLM...CLSID} = "IE History and Feeds Shell Data Source for Windows Search" \InProcServer32\(Default) = "C:\Windows\System32\ieframe.dll" [MS] "{0563DB41-F538-4B37-A92D-4659049B7766}" = "WLMD Message Handler" -> {HKLM...CLSID} = "CLSID_WLMCMimeFilter" \InProcServer32\(Default) = "C:\Program Files\Windows Live\Mail\mailcomm.dll" [MS] "{00F33137-EE26-412F-8D71-F84E4C2C6625}" = (no title provided) -> {HKLM...CLSID} = "Windows Live Photo Gallery Viewer Autoplay Shim" \InProcServer32\(Default) = "C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll" [MS] "{00F346CB-35A4-465B-8B8F-65A29DBAB1F6}" = "Windows Live Photo Gallery Viewer Drop Target Shim" -> {HKLM...CLSID} = "Windows Live Photo Gallery Viewer Shim" \InProcServer32\(Default) = "C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll" [MS] "{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D}" = "Windows Live Photo Gallery Editor Drop Target Shim" -> {HKLM...CLSID} = "Windows Live Photo Gallery Editor Shim" \InProcServer32\(Default) = "C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll" [MS] "{00F30F90-3E96-453B-AFCD-D71989ECC2C7}" = "Windows Live Photo Gallery Autoplay Drop Target Shim" -> {HKLM...CLSID} = "Windows Live Photo Gallery Viewer Autoplay Shim" \InProcServer32\(Default) = "C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll" [MS] "{72923739-5A47-40A3-9895-25AF0DFBB9E4}" = "Glary Utilities Context Menu Shell Extension" -> {HKLM...CLSID} = "Glary Utilities Context Menu Shell Extension" \InProcServer32\(Default) = "C:\PROGRA~1\GLARYU~1\CONTEX~1.DLL" ["Glarysoft Ltd"] HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\ <<!>> "BootExecute" = "autocheck autochk *"|"lsdelete" [null data] HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\ <<!>> text/xml\CLSID = "{807563E5-5146-11D5-A672-00B0D022E945}" -> {HKLM...CLSID} = "Microsoft Office InfoPath XML Mime Filter" \InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL" [MS] HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\ {7D4D6379-F301-4311-BEBA-E26EB0561882}\(Default) = "NeroDigitalExt.NeroDigitalColumnHandler" -> {HKLM...CLSID} = "NeroDigitalColumnHandler Class" \InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"] {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\(Default) = "OpenOffice.org Column Handler" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = ""C:\Program Files\OpenOffice.ux.pl 3\Basis\program\shlxthdl\shlxthdl.dll"" ["Sun Microsystems, Inc."] {F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info" -> {HKLM...CLSID} = "PDF Shell Extension" \InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."] HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\ Glary Utilities\(Default) = "{72923739-5A47-40A3-9895-25AF0DFBB9E4}" -> {HKLM...CLSID} = "Glary Utilities Context Menu Shell Extension" \InProcServer32\(Default) = "C:\PROGRA~1\GLARYU~1\CONTEX~1.DLL" ["Glarysoft Ltd"] Kaspersky Anti-Virus\(Default) = "{dd230880-495a-11d1-b064-008048ec2fc5}" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ShellEx.dll" ["Kaspersky Lab"] LavasoftShellExt\(Default) = "{DCE027F7-16A4-4BEE-9BE7-74F80EE3738F}" -> {HKLM...CLSID} = "Lavasoft Shell Extension" \InProcServer32\(Default) = "C:\Program Files\Lavasoft\Ad-Aware\ShellExt.dll" [null data] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\ Glary Utilities\(Default) = "{72923739-5A47-40A3-9895-25AF0DFBB9E4}" -> {HKLM...CLSID} = "Glary Utilities Context Menu Shell Extension" \InProcServer32\(Default) = "C:\PROGRA~1\GLARYU~1\CONTEX~1.DLL" ["Glarysoft Ltd"] Kaspersky Anti-Virus\(Default) = "{dd230880-495a-11d1-b064-008048ec2fc5}" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ShellEx.dll" ["Kaspersky Lab"] LavasoftShellExt\(Default) = "{DCE027F7-16A4-4BEE-9BE7-74F80EE3738F}" -> {HKLM...CLSID} = "Lavasoft Shell Extension" \InProcServer32\(Default) = "C:\Program Files\Lavasoft\Ad-Aware\ShellExt.dll" [null data] MBAMShlExt\(Default) = "{57CE581A-0CB6-4266-9CA0-19364C90A0B3}" -> {HKLM...CLSID} = "MBAMShlExt Class" \InProcServer32\(Default) = "C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll" ["Malwarebytes Corporation"] UnlockerShellExtension\(Default) = "{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}" -> {HKLM...CLSID} = "UnlockerShellExtension" \InProcServer32\(Default) = "C:\Program Files\Unlocker\UnlockerCOM.dll" [null data] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\ MBAMShlExt\(Default) = "{57CE581A-0CB6-4266-9CA0-19364C90A0B3}" -> {HKLM...CLSID} = "MBAMShlExt Class" \InProcServer32\(Default) = "C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll" ["Malwarebytes Corporation"] UnlockerShellExtension\(Default) = "{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}" -> {HKLM...CLSID} = "UnlockerShellExtension" \InProcServer32\(Default) = "C:\Program Files\Unlocker\UnlockerCOM.dll" [null data] Default executables: -------------------- <<!>> HKLM\SOFTWARE\Classes\.com\(Default) = "ComFile" Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\ "NoDrives" = (REG_DWORD) dword:0x00000000 {unrecognized setting} HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ "NoDrives" = (REG_DWORD) dword:0x00000000 {unrecognized setting} HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ "ConsentPromptBehaviorUser" = (REG_DWORD) dword:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| User Account Control: Behavior Of The Elevation Prompt For Standard Users} "EnableInstallerDetection" = (REG_DWORD) dword:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| User Account Control: Detect Application Installations And Prompt For Elevation} "EnableLUA" = (REG_DWORD) dword:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| User Account Control: Run All Administrators In Admin Approval Mode} "EnableSecureUIAPaths" = (REG_DWORD) dword:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| User Account Control: Only elevate UIAccess applications that are installed in secure locations} "EnableVirtualization" = (REG_DWORD) dword:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| User Account Control: Virtualize file and registry write failures to per-user locations} "PromptOnSecureDesktop" = (REG_DWORD) dword:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| User Account Control: Switch to the secure desktop when prompting for elevation} "shutdownwithoutlogon" = (REG_DWORD) dword:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Shutdown: Allow system to be shut down without having to log on} "undockwithoutlogon" = (REG_DWORD) dword:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Devices: Allow undock without having to log on} "FilterAdministratorToken" = (REG_DWORD) dword:0x00000000 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| User Account Control: Admin Approval Mode for the Built-in Administrator Account} "DisableRegistryTools" = (REG_DWORD) dword:0x00000000 {unrecognized setting} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ "Wallpaper" = "C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows Photo Gallery\Tapeta z Galerii fotografii systemu Windows.jpg" Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ "Wallpaper" = "C:\Users\Laptop\AppData\Roaming\Microsoft\Windows Photo Gallery\Tapeta z Galerii fotografii systemu Windows.jpg" Windows Portable Device AutoPlay Handlers ----------------------------------------- HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ LightScribeOnArrivalAP\ "Provider" = "LightScribe Direct Disc Labeling" "InvokeProgID" = "LightScribe.AutoPlayHandler" "InvokeVerb" = "LabelLightScribeDisc" HKLM\SOFTWARE\Classes\LightScribe.AutoPlayHandler\shell\LabelLightScribeDisc\command\(Default) = "C:\Program Files\Common Files\LightScribe\LsLauncher.exe" ["Hewlett-Packard Company"] MPCPlayCDAudioOnArrival\ "Provider" = "Media Player Classic" "InvokeProgID" = "MediaPlayerClassic.Autorun" "InvokeVerb" = "PlayCDAudio" HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayCDAudio\command\(Default) = ""C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe" %1 /cd" ["Gabest"] MPCPlayDVDMovieOnArrival\ "Provider" = "Media Player Classic" "InvokeProgID" = "MediaPlayerClassic.Autorun" "InvokeVerb" = "PlayDVDMovie" HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayDVDMovie\command\(Default) = ""C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe" %1 /dvd" ["Gabest"] MPCPlayMusicFilesOnArrival\ "Provider" = "Media Player Classic" "InvokeProgID" = "MediaPlayerClassic.Autorun" "InvokeVerb" = "PlayMusicFiles" HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayMusicFiles\command\(Default) = ""C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe" %1" ["Gabest"] MPCPlayVideoFilesOnArrival\ "Provider" = "Media Player Classic" "InvokeProgID" = "MediaPlayerClassic.Autorun" "InvokeVerb" = "PlayVideoFiles" HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayVideoFiles\command\(Default) = ""C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe" %1" ["Gabest"] MSLivePhotoAcqHWEventHandler\ "Provider" = "@%ProgramFiles%\Windows Live\Photo Gallery\regres.dll,-10;pl-pl.8064.0206" "ProgID" = "Microsoft.LivePhotoAcqHWEventHandler" HKLM\SOFTWARE\Classes\Microsoft.LivePhotoAcqHWEventHandler\CLSID\(Default) = "{3BD0ACD1-71CA-4475-92CC-E0AA0AAF843F}" -> {HKLM...CLSID} = (no title provided) \LocalServer32\(Default) = "C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe" [MS] MSLivePhotoAcquireDropHandler\ "Provider" = "@%ProgramFiles%\Windows Live\Photo Gallery\regres.dll,-10;pl-pl.8064.0206" "InvokeProgID" = "Microsoft.LivePhotoAcqDTShim.1" "InvokeVerb" = "open" HKLM\SOFTWARE\Classes\Microsoft.LivePhotoAcqDTShim.1\shell\open\DropTarget\CLSID = "{00F33137-EE26-412F-8D71-F84E4C2C6625}" -> {HKLM...CLSID} = "Windows Live Photo Gallery Viewer Autoplay Shim" \InProcServer32\(Default) = "C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll" [MS] MSLiveShowPicturesOnArrival\ "Provider" = "@%ProgramFiles%\Windows Live\Photo Gallery\regres.dll,-10;pl-pl.8064.0206" "InvokeProgID" = "Microsoft.Photos.LiveAutoplayShim.1" "InvokeVerb" = "open" HKLM\SOFTWARE\Classes\Microsoft.Photos.LiveAutoplayShim.1\shell\open\DropTarget\CLSID = "{00F30F90-3E96-453B-AFCD-D71989ECC2C7}" -> {HKLM...CLSID} = "Windows Live Photo Gallery Viewer Autoplay Shim" \InProcServer32\(Default) = "C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll" [MS] MSLiveVideoCameraArrivalCaptureWizard\ "Provider" = "@%ProgramFiles%\Windows Live\Photo Gallery\regres.dll,-10" "ProgID" = "WLXAutoPlayMgr.WLXHWEventHandler" "InitCmdLine" = "WLXVideoAcquireWizard" HKLM\SOFTWARE\Classes\WLXAutoPlayMgr.WLXHWEventHandler\CLSID\(Default) = "{9B5C97F6-B3A5-4A6D-8B03-993EC7291A22}" -> {HKLM...CLSID} = "WLXWEventHandler Class" \LocalServer32\(Default) = ""C:\Program Files\Windows Live\Photo Gallery\WLXVideoCameraAutoPlayManager.exe"" [MS] MSPlayCDAudioOnArrival\ "Provider" = "ALLPlayer" "InvokeProgID" = "AllPlayerFile" "InvokeVerb" = "play" HKCU\Software\Classes\AllPlayerFile\shell\play\command\(Default) = ""C:\Program Files\ALLPlayer\ALLPlayer.exe" "%1"" ["ALLPlayer"] NeroAutoPlay7CDAudio\ "Provider" = "Nero Express Essentials" "InvokeProgID" = "Nero.AutoPlay7" "InvokeVerb" = "CDAudio_HandleCDBurningOnArrival" HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\CDAudio_HandleCDBurningOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Core\nero.exe -w /New:AudioCD" ["Nero AG"] NeroAutoPlay7CopyCD\ "Provider" = "Nero Express Essentials" "InvokeProgID" = "Nero.AutoPlay7" "InvokeVerb" = "CopyCD_PlayMusicFilesOnArrival" HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\CopyCD_PlayMusicFilesOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Core\nero.exe -w /New:DiscCopy" ["Nero AG"] NeroAutoPlay7DataDisc\ "Provider" = "Nero Express Essentials" "InvokeProgID" = "Nero.AutoPlay7" "InvokeVerb" = "DataDisc_HandleCDBurningOnArrival" HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\DataDisc_HandleCDBurningOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Core\nero.exe -w /New:ISODisc" ["Nero AG"] NeroAutoPlay7LaunchNeroStartSmart\ "Provider" = "Nero StartSmart Essentials" "InvokeProgID" = "Nero.AutoPlay7" "InvokeVerb" = "LaunchNeroStartSmart_HandleCDBurningOnArrival" HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\LaunchNeroStartSmart_HandleCDBurningOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Nero StartSmart\NeroStartSmart.exe /AutoPlay" ["Nero AG"] NeroAutoPlay7PlayAudioCD\ "Provider" = "Nero ShowTime Essentials" "InvokeProgID" = "Nero.AutoPlay7" "InvokeVerb" = "PlayAudioCD_PlayMusicFilesOnArrival" HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\PlayAudioCD_PlayMusicFilesOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe /Play %L" ["Nero AG"] NeroAutoPlay7PlayDVD\ "Provider" = "Nero ShowTime Essentials" "InvokeProgID" = "Nero.AutoPlay7" "InvokeVerb" = "PlayDVD_PlayVideoFilesOnArrival" HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\PlayDVD_PlayVideoFilesOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe /Play %L" ["Nero AG"] NeroAutoPlay7TranscodeVideo\ "Provider" = "Nero Recode Essentials" "InvokeProgID" = "Nero.AutoPlay7" "InvokeVerb" = "TranscodeVideo_PlayDVDMovieOnArrival" HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\TranscodeVideo_PlayDVDMovieOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Nero Recode\Recode.exe /New:CopyDVDVideo" ["Nero AG"] NeroAutoPlay7VideoCapture\ "Provider" = "Nero Vision Essentials" "ProgID" = "Shell.HWEventHandlerShellExecute" "InitCmdLine" = ""C:\Program Files\Nero\Nero 7\Nero Vision\NeroVision.exe" /New:VideoCapture" HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = "{FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" -> {HKLM...CLSID} = "Shell Execute Hardware Event Handler" \LocalServer32\(Default) = "C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" [MS] NeroAutoPlay7ViewPhotos\ "Provider" = "Nero PhotoSnap Viewer Essentials" "InvokeProgID" = "Nero.AutoPlay7" "InvokeVerb" = "ViewPhotos_ShowPicturesOnArrival" HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\ViewPhotos_ShowPicturesOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Nero PhotoSnap\PhotoSnapViewer.exe /" ["Nero AG"] NMMPlayCDAudioOnArrival\ "Provider" = "Nokia Music Manager" "InvokeProgID" = "NokiaMusicManager" "InvokeVerb" = "NMMPlayCD" HKLM\SOFTWARE\Classes\NokiaMusicManager\shell\NMMPlayCD\command\(Default) = "C:\Program Files\Nokia\Nokia PC Suite 7\MusicManager.exe /playCD "%L"" ["Nokia"] NMMRipCDAudioOnArrival\ "Provider" = "Nokia Music Manager" "InvokeProgID" = "NokiaMusicManager" "InvokeVerb" = "NMMRipCD" HKLM\SOFTWARE\Classes\NokiaMusicManager\shell\NMMRipCD\command\(Default) = "C:\Program Files\Nokia\Nokia PC Suite 7\MusicManager.exe /ripCD "%L"" ["Nokia"] NTIBurner\ "Provider" = "NTI CD-Maker" "InvokeProgID" = "NTIBurnerOpen" "InvokeVerb" = "open" HKLM\SOFTWARE\Classes\NTIBurnerOpen\shell\open\command\(Default) = ""C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\Cdmkr32.exe"" ["NewTech Infosystems, Inc."] WinampMTPHandler\ "Provider" = "Winamp" "ProgID" = "Shell.HWEventHandlerShellExecute" "InitCmdLine" = "C:\Program Files\Winamp\winamp.exe" HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = "{FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" -> {HKLM...CLSID} = "Shell Execute Hardware Event Handler" \LocalServer32\(Default) = "C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" [MS] WinampPlayMediaOnArrival\ "Provider" = "Winamp" "InvokeProgID" = "Winamp.File" "InvokeVerb" = "Play" HKLM\SOFTWARE\Classes\Winamp.File\shell\Play\command\(Default) = ""C:\Program Files\Winamp\winamp.exe" "%1"" ["Nullsoft"] HKLM\SOFTWARE\Classes\Winamp.File\shell\Play\DropTarget\CLSID = "{46986115-84D6-459c-8F95-52DD653E532E}" -> {HKLM...CLSID} = (no title provided) \LocalServer32\(Default) = ""C:\Program Files\Winamp\winamp.exe"" ["Nullsoft"] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = "%SystemRoot%\system32\NLAapi.dll" [MS] 000000000002\LibraryPath = "%SystemRoot%\system32\napinsp.dll" [MS] 000000000003\LibraryPath = "%SystemRoot%\system32\pnrpnsp.dll" [MS] 000000000004\LibraryPath = "%SystemRoot%\system32\pnrpnsp.dll" [MS] 000000000005\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000006\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS] 000000000007\LibraryPath = "%SystemRoot%\system32\wshbth.dll" [MS] Transport Service Providers HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 33 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ "{F2CF5485-4E02-4F68-819C-B92DE9277049}" -> {HKLM...CLSID} = "&Links" \InProcServer32\(Default) = "C:\Windows\system32\ieframe.dll" [MS] "{21FA44EF-376D-4D53-9B0F-8A89D3229068}" -> {HKLM...CLSID} = "&Windows Live Toolbar" \InProcServer32\(Default) = "C:\Program Files\Windows Live\Toolbar\wltcore.dll" [MS] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ "{21FA44EF-376D-4D53-9B0F-8A89D3229068}" = (no title provided) -> {HKLM...CLSID} = "&Windows Live Toolbar" \InProcServer32\(Default) = "C:\Program Files\Windows Live\Toolbar\wltcore.dll" [MS] Explorer Bars HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ HKLM\SOFTWARE\Classes\CLSID\{85E0B171-04FA-11D1-B7DA-00A0C90348D6}\(Default) = "Statystyki ochrony WWW" Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32\(Default) = "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll" ["Kaspersky Lab"] HKLM\SOFTWARE\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Poszukaj" Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL" [MS] Extensions (Tools menu items, main toolbar menu buttons) HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\ {000002A3-84FE-43F1-B958-F2C3CA804F1A}\ "ButtonText" = "IE7Pro Grab and Drag" "MenuText" = "IE7Pro Grab and Drag" "CLSIDExtension" = "{CD275D4E-791A-4993-9D4D-6A071EDD2709}" -> {HKLM...CLSID} = "IE7Pro GrabDragBtn" \InProcServer32\(Default) = "C:\Program Files\IEPro\iepro.dll" ["IE7Pro.com"] {0026439F-A980-4F18-8C95-4F1CBBF9C1D8}\ "ButtonText" = "IE7Pro Preferences" "MenuText" = "IE7Pro Preferences" "CLSIDExtension" = "{B119EB0C-C021-46CF-85B0-34A760E0D5FE}" -> {HKLM...CLSID} = "IE7Pro ToolsExt" \InProcServer32\(Default) = "C:\Program Files\IEPro\iepro.dll" ["IE7Pro.com"] {09FE188B-6E85-479E-9411-51FB2220DF80}\ "ButtonText" = "Subscribe in Desktop Sidebar" "MenuText" = "Subscribe in Desktop Sidebar" "CLSIDExtension" = "{45AD732C-2CE2-4666-B366-B2214AD57A49}" -> {HKLM...CLSID} = "Idea2 SidebarBrowserMonitor Class" \InProcServer32\(Default) = "C:\Program Files\Desktop Sidebar\sbhelp.dll" ["Idea2"] {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E}\ "ButtonText" = "Statystyki ochrony WWW" {219C3416-8CB2-491A-A3C7-D9FCDDC9D600}\ "ButtonText" = "Wpis w blogu" "MenuText" = "&Wpis w blogu w Windows Live Writer" "CLSIDExtension" = "{5F7B1267-94A9-47F5-98DB-E99415F33AEC}" -> {HKLM...CLSID} = "BlogThisToolbarButton Class" \InProcServer32\(Default) = "C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll" [MS] {2670000A-7350-4F3C-8081-5663EE0C6C49}\ "ButtonText" = "Wyślij do programu OneNote" "MenuText" = "Wyślij &do programu OneNote" "CLSIDExtension" = "{48E73304-E1D6-4330-914C-F5F514E3486C}" -> {HKLM...CLSID} = "Send to OneNote from Internet Explorer button" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll" [MS] {77BF5300-1474-4EC7-9980-D32B190E9B07}\ "ButtonText" = "Skype" "CLSIDExtension" = "{77BF5300-1474-4EC7-9980-D32B190E9B07}" -> {HKLM...CLSID} = "Skype add-on (button)" \InProcServer32\(Default) = "C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll" ["Skype Technologies S.A."] {92780B25-18CC-41C8-B9BE-3C9C571A8263}\ "ButtonText" = "Research" {DDE87865-83C5-48C4-8357-2F5B1AA84522}\ "ButtonText" = "Zaznaczanie HP Smart" "CLSIDExtension" = "{DDE87865-83C5-48c4-8357-2F5B1AA84522}" -> {HKLM...CLSID} = "ClipBookBtn Class" \InProcServer32\(Default) = "C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll" ["Hewlett-Packard Co."] Miscellaneous IE Hijack Points ------------------------------ C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings") <<H>> C:\WINDOWS\INF\IERESET.INF was not found! HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\ <<H>> "Tabs" = "tbr:res?id=tabs&rep=1" [file not found] <<H>> "InPrivate" = "res://ieframe.dll/inprivate.htm" [MS] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ Autokonfiguracja sieci WLAN, Wlansvc, "C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted" {"C:\Windows\System32\wlansvc.dll" [MS]} Dostęp do urządzeń interfejsu HID, hidserv, "C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted" {"C:\Windows\system32\hidserv.dll" [MS]} HP Network Devices Support, HPSLPSVC, "C:\Windows\system32\svchost.exe -k HPService" {"C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL" ["Hewlett-Packard Co."]} hpqcxs08, hpqcxs08, "C:\Windows\system32\svchost.exe -k hpdevmgmt" {"C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll" ["Hewlett-Packard Co."]} Intel® Matrix Storage Event Monitor, IAANTMON, "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe" ["Intel Corporation"] Izolacja klucza CNG, KeyIso, "C:\Windows\system32\lsass.exe" [MS] Kaspersky Internet Security, AVP, ""C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" -r" ["Kaspersky Lab"] Lavasoft Ad-Aware Service, Lavasoft Ad-Aware Service, ""C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe"" ["Lavasoft"] LightScribeService Direct Disc Labeling Service, LightScribeService, ""C:\Program Files\Common Files\LightScribe\LSSrvc.exe"" ["Hewlett-Packard Company"] lxcc_device, lxcc_device, "C:\Windows\system32\lxcccoms.exe -service" [" "] Moduł wyliczający magistrali PnP-X IP, IPBusEnum, "C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted" {"C:\Windows\system32\ipbusenum.dll" [MS]} Net Driver HPZ12, Net Driver HPZ12, "C:\Windows\System32\svchost.exe -k HPZ12" {"C:\Windows\system32\HPZinw12.dll" ["Hewlett-Packard"]} Pml Driver HPZ12, Pml Driver HPZ12, "C:\Windows\System32\svchost.exe -k HPZ12" {"C:\Windows\system32\HPZipm12.dll" ["Hewlett-Packard"]} PnkBstrA, PnkBstrA, "C:\Windows\system32\PnkBstrA.exe" [null data] Protokół uwierzytelniania rozszerzonego (EAP), EapHost, "C:\Windows\System32\svchost.exe -k netsvcs" {"C:\Windows\System32\eapsvc.dll" [MS]} SeaPort, SeaPort, ""C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe"" [MS] Usługa HP CUE DeviceDiscovery, hpqddsvc, "C:\Windows\system32\svchost.exe -k hpdevmgmt" {"C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll" ["Hewlett-Packard Co."]} Usługa obsługi Bluetooth, BthServ, "C:\Windows\system32\svchost.exe -k bthsvcs" {"C:\Windows\System32\bthserv.dll" [MS]} Usługa Protokół SSTP, SstpSvc, "C:\Windows\system32\svchost.exe -k LocalService" {"C:\Windows\system32\sstpsvc.dll" [MS]} Windows Driver Foundation — User-mode Driver Framework, wudfsvc, "C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted" {"C:\Windows\System32\WUDFSvc.dll" [MS]} Windows Image Acquisition (WIA), stisvc, "C:\Windows\system32\svchost.exe -k imgsvc" {"C:\Windows\System32\wiaservc.dll" [MS]} Print Monitors: --------------- HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\ 3300 Series Port\Driver = "lxcclmpm.dll" [" "] PCL hpz3l5mu\Driver = "hpz3l5mu.dll" ["Hewlett-Packard Company"] Send To Microsoft OneNote Monitor\Driver = "msonpmon.dll" [MS] ---------- (launch time: 2009-04-10 21:37:14) <<!>>: Suspicious data at a malware launch point. <<H>>: Suspicious data at a browser hijack point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + The search for DESKTOP.INI DLL launch points on all local fixed drives took 138 seconds. ---------- (total run time: 237 seconds)
Gość komentarz 11 kwietnia 2009 komentarz 11 kwietnia 2009 W logach nic nie ma, infekcje możesz wykluczyć. .
Rafał-85 komentarz 11 kwietnia 2009 Autor komentarz 11 kwietnia 2009 W logach nic nie ma, infekcje możesz wykluczyć. to jaki może być powód tych "numerów" które co niektóre uruchomienie visty dzieją się? dodam, że napewno nic nie usunąłem przypadkiem, nie zainstalowałem podejrzanego oprogramowania (chyba że pakiet windows live można podejrzewać)
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.