x-kom hosting

Logi w sprawie spowolnienia systemu

cichy133
utworzono
utworzono
ComboFix 09-06-15.06 - Cichy 2009-06-16 10:59.1 - NTFSx86Microsoft Windows XP Professional  5.1.2600.2.1250.1.1045.18.3071.2487 [GMT 2:00]Uruchomiony z: C:\ComboFix.exeUWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !!.(((((((((((((((((((((((((((((((((((((((   Usunięto   ))))))))))))))))))))))))))))))))))))))))))))))))).c:\windows\system32\explorer.exe.(((((((((((((((((((((((((   Pliki utworzone od 2009-05-16 do 2009-06-16  ))))))))))))))))))))))))))))))).2009-06-16 08:11 . 2009-06-16 08:11	3027474	-c--a-r-	C:\ComboFix.exe2009-06-11 22:29 . 2009-06-11 22:29	41808	-c--a-w-	c:\windows\system32\xfcodec.dll2009-05-23 15:44 . 2008-12-11 06:38	159600	----a-w-	c:\windows\system32\drivers\pctgntdi.sys2009-05-23 15:43 . 2009-04-03 09:18	130936	----a-w-	c:\windows\system32\drivers\PCTCore.sys2009-05-23 15:43 . 2008-12-18 10:16	73840	----a-w-	c:\windows\system32\drivers\PCTAppEvent.sys2009-05-23 15:43 . 2009-05-23 15:47	--------	dc----w-	c:\program files\Common Files\PC Tools2009-05-23 15:43 . 2008-12-10 09:36	64392	----a-w-	c:\windows\system32\drivers\pctplsg.sys2009-05-23 15:43 . 2009-05-23 15:43	--------	dc----w-	c:\documents and settings\Cichy\Dane aplikacji\PC Tools2009-05-23 15:43 . 2009-05-23 15:43	--------	dc----w-	c:\documents and settings\All Users\Dane aplikacji\PC Tools.((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   )))))))))))))))))))))))))))))))))))))))))))))))))))).2009-06-16 08:57 . 2009-01-08 17:01	--------	dc----w-	c:\documents and settings\Cichy\Dane aplikacji\Xfire2009-06-16 08:36 . 2009-05-10 09:09	--------	dc----w-	c:\program files\abgx3602009-06-16 08:00 . 2008-09-04 19:24	--------	d-----w-	c:\program files\Xfire2009-06-15 22:20 . 2008-09-04 19:14	--------	d-----w-	c:\program files\FlashGet2009-06-15 19:30 . 2008-09-04 20:07	--------	dc--a-w-	c:\documents and settings\All Users\Dane aplikacji\TEMP2009-06-15 15:23 . 2008-09-04 20:07	--------	d-----w-	c:\program files\Spyware Doctor2009-06-05 20:16 . 2009-02-08 18:19	--------	dc----w-	c:\documents and settings\Cichy\Dane aplikacji\BESTplayer2009-05-30 16:42 . 2008-09-04 19:12	--------	dc----w-	c:\program files\DC++2009-04-21 13:51 . 2009-04-21 13:51	--------	dc----w-	c:\documents and settings\All Users\Dane aplikacji\Codemasters2009-04-18 18:39 . 2009-04-18 18:39	--------	dc----w-	c:\documents and settings\Cichy\Dane aplikacji\Corel2009-04-18 18:38 . 2009-01-08 18:45	17608	-c--a-w-	c:\documents and settings\Cichy\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT2009-04-18 17:32 . 2009-04-18 17:31	--------	dc----w-	c:\program files\Corel2009-04-18 16:49 . 2008-09-04 20:11	--------	d-----w-	c:\program files\Spybot - Search & Destroy2009-04-17 13:12 . 2008-09-04 20:11	--------	dc----w-	c:\documents and settings\All Users\Dane aplikacji\Spybot - Search & Destroy2009-04-16 20:48 . 2001-10-26 14:15	84676	----a-w-	c:\windows\system32\perfc015.dat2009-04-16 20:48 . 2001-10-26 14:15	492722	----a-w-	c:\windows\system32\perfh015.dat2009-04-01 13:18 . 2009-04-01 13:18	152576	-c--a-w-	c:\documents and settings\Cichy\Dane aplikacji\Sun\Java\jre1.6.0_13\lzma.dll2009-03-25 21:32 . 2008-10-31 22:19	72504	-c--a-w-	c:\documents and settings\LocalService\Ustawienia lokalne\Dane aplikacji\FontCache3.0.0.0.dat2009-03-23 08:27 . 2009-03-23 08:27	747566	----a-w-	c:\windows\system32\abgx360.exe2009-03-20 13:33 . 2009-02-24 14:37	22328	-c--a-w-	c:\documents and settings\Cichy\Dane aplikacji\PnkBstrK.sys2009-03-20 13:33 . 2009-02-24 14:37	22328	-c--a-w-	c:\documents and settings\Cichy\Dane aplikacji\PnkBstrK.sys2009-03-20 13:33 . 2008-11-22 19:24	22328	-c--a-w-	c:\windows\system32\drivers\PnkBstrK.sys2009-03-20 13:33 . 2008-11-22 19:23	107832	-c--a-w-	c:\windows\system32\PnkBstrB.exe2009-03-20 13:33 . 2009-02-24 14:37	2246144	----a-w-	c:\windows\system32\pbsvc.exe2009-03-20 13:29 . 2008-11-22 19:24	66872	-c--a-w-	c:\windows\system32\PnkBstrA.exe.------- Sigcheck -------[-] 2008-06-23 16:16	669696	BC26F2968396842367B02730435DD588	c:\windows\$hf_mig$\KB953838\SP2QFE\wininet.dll[-] 2008-06-23 15:13	668672	28FA0FD33916EBEBC3E0DC1410F48651	c:\windows\$hf_mig$\KB953838\SP3GDR\wininet.dll[-] 2008-06-23 14:57	669184	9EA369835E233F077C0D832676A29D40	c:\windows\$hf_mig$\KB953838\SP3QFE\wininet.dll[-] 2008-06-23 15:41	827904	E02939EBF940D5EB274903F58154DC56	c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\wininet.dll[-] 2008-08-26 09:12	827904	58E22C5E87ADBAE5D75A6C7FAD0FD3F7	c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\wininet.dll[-] 2008-06-23 15:41	662016	32DC67B19496A88850C892CADF8366E3	c:\windows\ie7\wininet.dll[-] 2007-08-13 16:54	809472	F284A6225A3057A1E19985E1D4B47ADA	c:\windows\ie7updates\KB953838-IE7\wininet.dll[-] 2008-06-23 16:42	826368	15C09E8A74A0988FB2F24EFF9D68D886	c:\windows\ie7updates\KB956390-IE7\wininet.dll[-] 2004-08-03 22:44	693248	7D46293106E58CA7878509CCC4071F2F	c:\windows\system32\wininet.dll[-] 2004-08-03 22:44	693248	7D46293106E58CA7878509CCC4071F2F	c:\windows\system32\dllcache\wininet.dll[-] 2008-06-20 10:44	360960	744E57C99232201AE98C49168B918F48	c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys[-] 2008-06-20 11:51	361600	9AEFA14BD6B182D61E3119FA5F436D3D	c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys[-] 2008-06-20 11:59	361600	AD978A1B783B5719720CFF204B666C8E	c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys[7] 2004-08-03 21:14	359040	9F4B36614A0FC234525BA224957DE55C	c:\windows\$NtUninstallKB951748_0$\tcpip.sys[7] 2004-08-03 21:14	359040	9F4B36614A0FC234525BA224957DE55C	c:\windows\system32\dllcache\tcpip.sys[-] 2004-08-03 21:14	359040	6A603809F598332DBEDD535BDBCE313E	c:\windows\system32\drivers\tcpip.sys[-] 2004-08-03 22:44	975872	196C130D31317FE53DE984220B5E13B9	c:\windows\explorer.exe[-] 2004-08-03 22:44	975872	196C130D31317FE53DE984220B5E13B9	c:\windows\system32\dllcache\explorer.exe[-] 2004-08-03 22:44	101888	6DB9EBC8D26603F3B04C7C2809AAF935	c:\windows\system32\wuauclt.exe[-] 2004-08-03 22:44	101888	6DB9EBC8D26603F3B04C7C2809AAF935	c:\windows\system32\dllcache\wuauclt.exe.(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))..*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Gadu-Gadu"="c:\program files\Gadu-Gadu\gg.exe" [2007-11-14 2131392]"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]"wsctf.exe"="wsctf.exe" [bU][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-25 13680640]"ATITool"="c:\program files\ATITool\ATITool.exe" [2007-11-28 3182544]"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 32768]"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-25 86016]"Flashget"="c:\program files\FlashGet\flashget.exe" [2007-06-29 1990704]"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-12-25 1657376]"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-03-21 16126464][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]c:\documents and settings\Administrator\Menu Start\Programy\Autostart\RocketDock.lnk - c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-3-19 630784]TransBar.lnk - c:\windows\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe [2005-6-1 65536]UberIcon.lnk - c:\windows\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe [2006-5-21 180224]Xfire.lnk - c:\program files\Xfire\xfire.exe [2009-6-12 3182928]Y'z Shadow.lnk - c:\windows\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe [2006-5-21 155648]c:\documents and settings\Cichy\Menu Start\Programy\Autostart\RocketDock.lnk - c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-3-19 630784]TransBar.lnk - c:\windows\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe [2005-6-1 65536]UberIcon.lnk - c:\windows\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe [2006-5-21 180224]Xfire.lnk - c:\program files\Xfire\xfire.exe [2009-6-12 3182928]Y'z Shadow.lnk - c:\windows\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe [2006-5-21 155648][HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]"MemCheckBoxInRunDlg"= 0 (0x0)[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]"NoSMHelp"= 1 (0x1)"MemCheckBoxInRunDlg"= 0 (0x0)"NoResolveTrack"= 1 (0x1)
Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:06, on 2009-06-16Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Lavasoft\Ad-Aware\aawservice.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\DAEMON Tools Lite\daemon.exeC:\Program Files\RocketDock\RocketDock.exeC:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exeC:\WINDOWS\system32\wscntfy.exeC:\WINDOWS\explorer.exeC:\Fraps\fraps.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Xfire\xfire.exeC:\Program Files\Java\jre6\bin\java.exeC:\Program Files\Java\jre6\bin\javaw.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = ŁączaO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dllO2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dllO2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dllO2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dllO2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dllO2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\Flashget\getflash.dllO3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dllO4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exeO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [ATITool] "C:\Program Files\ATITool\ATITool.exe" -sO4 - HKLM\..\Run: [nwiz] nwiz.exe /installO4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXEO4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInitO4 - HKLM\..\Run: [Flashget] C:\Program Files\FlashGet\flashget.exe /minO4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /trayO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorunO4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"O4 - HKCU\..\Run: [wsctf.exe] wsctf.exeO4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exeO4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exeO4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exeO4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exeO4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exeO8 - Extra context menu item: &Ściągnij przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_link.htmO8 - Extra context menu item: &Ściągnij wszystko przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_all.htmO9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dllO9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\Flashget\FlashGet.exeO9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\Flashget\FlashGet.exeO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exeO23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exeO23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exeO23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exeO23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exeO23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exeO23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe--End of file - 6349 bytes
"Silent Runners.vbs", revision 59, http://www.silentrunners.org/Operating System: Windows XP SP2Output limited to non-default values, except where indicated by "{++}"Startup items buried in registry:---------------------------------HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}"Gadu-Gadu" = ""C:\Program Files\Gadu-Gadu\gg.exe" /tray" ["Gadu-Gadu S.A."]"ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS]"DAEMON Tools Lite" = ""C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun" ["DT Soft Ltd"]"RocketDock" = ""C:\Program Files\RocketDock\RocketDock.exe"" [null data]"wsctf.exe" = "wsctf.exe" [file not found]HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}"NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]"ATITool" = ""C:\Program Files\ATITool\ATITool.exe" -s" ["http://atitool.techpowerup.com"]"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]"RemoteControl" = ""C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"" ["Cyberlink Corp."]"Adobe Reader Speed Launcher" = ""C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"" ["Adobe Systems Incorporated"]"RTHDCPL" = "RTHDCPL.EXE" ["Realtek Semiconductor Corp."]"NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit" [MS]"Flashget" = "C:\Program Files\FlashGet\flashget.exe /min" ["FlashGet.com"]"SunJavaUpdateSched" = ""C:\Program Files\Java\jre6\bin\jusched.exe"" ["Sun Microsystems, Inc."]HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)  -> {HKLM...CLSID} = "Adobe PDF Reader Link Helper"				   \InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}\(Default) = "flashget urlcatch"  -> {HKLM...CLSID} = "FGCatchUrl"				   \InProcServer32\(Default) = "C:\Program Files\FlashGet\jccatch.dll" ["www.flashget.com"]{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}\(Default) = "BitComet ClickCapture"  -> {HKLM...CLSID} = "BitComet Helper"				   \InProcServer32\(Default) = "C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll" ["BitComet"]{DBC80044-A445-435b-BC74-9C25C1C588A9}\(Default) = (no title provided)  -> {HKLM...CLSID} = "Java Plug-In 2 SSV Helper"				   \InProcServer32\(Default) = "C:\Program Files\Java\jre6\bin\jp2ssv.dll" ["Sun Microsystems, Inc."]{E7E6F031-17CE-4C07-BC86-EABFE594F69C}\(Default) = "JQSIEStartDetectorImpl"  -> {HKLM...CLSID} = "JQSIEStartDetectorImpl Class"				   \InProcServer32\(Default) = "C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll" ["Sun Microsystems, Inc."]{F156768E-81EF-470C-9057-481BA8380DBA}\(Default) = (no title provided)  -> {HKLM...CLSID} = "FlashGet GetFlash Class"				   \InProcServer32\(Default) = "C:\Program Files\Flashget\getflash.dll" ["www.flashget.com"]HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"  -> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"				   \InProcServer32\(Default) = "deskpan.dll" [file not found]"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"  -> {HKLM...CLSID} = "HyperTerminal Icon Ext"				   \InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"  -> {HKLM...CLSID} = "WinRAR"				   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"  -> {HKLM...CLSID} = "DesktopContext Class"				   \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"  -> {HKLM...CLSID} = "Desktop Explorer"				   \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"  -> {HKLM...CLSID} = (no title provided)				   \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"  -> {HKLM...CLSID} = "nView Desktop Context Menu"				   \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]"{23170F69-40C1-278A-1000-000100020000}" = "7-Zip Shell Extension"  -> {HKLM...CLSID} = "7-Zip Shell Extension"				   \InProcServer32\(Default) = "C:\Program Files\7-Zip\7-zip.dll" ["Igor Pavlov"]"{BB7DF450-F119-11CD-8465-00AA00425D90}" = "Microsoft Access Custom Icon Handler"  -> {HKLM...CLSID} = (no title provided)				   \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office\soa800.dll" [MS]"{59850401-6664-101B-B21C-00AA004BA90B}" = "Microsoft Office Binder Explode"  -> {HKLM...CLSID} = "Microsoft Office Binder Explode"				   \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office\UNBIND.DLL" [MS]"{32020A01-506E-484D-A2A8-BE3CF17601C3}" = "AlcoholShellEx"  -> {HKLM...CLSID} = "AlcoholShellEx"				   \InProcServer32\(Default) = "C:\PROGRA~1\Alcohol Soft\Alcohol 120\AxShlex.dll" ["Alcohol Soft Development Team"]"{AD392E40-428C-459F-961E-9B147782D099}" = "UltraISO"  -> {HKLM...CLSID} = "UIContextMenu Class"				   \InProcServer32\(Default) = "C:\Program Files\UltraISO\isoshell.dll" ["EZB Systems, Inc."]"{ABC70703-32AF-11d4-90C4-D483A70F4825}" = "CMenuExtender"  -> {HKLM...CLSID} = "CMenuExtender"				   \InProcServer32\(Default) = "C:\WINDOWS\BricoPacks\Vista Inspirat 2\iColorFolder\CMExt.dll" ["Revenger inc."]"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"  -> {HKLM...CLSID} = "NVIDIA CPL Extension"				   \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\<<!>> "BootExecute" = "autocheck autochk *"|"lsdelete" [null data]HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"  -> {HKLM...CLSID} = "PDF Shell Extension"				   \InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\7-Zip\(Default) = "{23170F69-40C1-278A-1000-000100020000}"  -> {HKLM...CLSID} = "7-Zip Shell Extension"				   \InProcServer32\(Default) = "C:\Program Files\7-Zip\7-zip.dll" ["Igor Pavlov"]WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"  -> {HKLM...CLSID} = "WinRAR"				   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\7-Zip\(Default) = "{23170F69-40C1-278A-1000-000100020000}"  -> {HKLM...CLSID} = "7-Zip Shell Extension"				   \InProcServer32\(Default) = "C:\Program Files\7-Zip\7-zip.dll" ["Igor Pavlov"]CMenuExtender\(Default) = "{ABC70703-32AF-11d4-90C4-D483A70F4825}"  -> {HKLM...CLSID} = "CMenuExtender"				   \InProcServer32\(Default) = "C:\WINDOWS\BricoPacks\Vista Inspirat 2\iColorFolder\CMExt.dll" ["Revenger inc."]UltraISO\(Default) = "{AD392E40-428C-459F-961E-9B147782D099}"  -> {HKLM...CLSID} = "UIContextMenu Class"				   \InProcServer32\(Default) = "C:\Program Files\UltraISO\isoshell.dll" ["EZB Systems, Inc."]WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"  -> {HKLM...CLSID} = "WinRAR"				   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\UltraISO\(Default) = "{AD392E40-428C-459F-961E-9B147782D099}"  -> {HKLM...CLSID} = "UIContextMenu Class"				   \InProcServer32\(Default) = "C:\Program Files\UltraISO\isoshell.dll" ["EZB Systems, Inc."]WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"  -> {HKLM...CLSID} = "WinRAR"				   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]Default executables:--------------------<<!>> HKLM\SOFTWARE\Classes\.com\(Default) = "ComFile"Group Policies {GPedit.msc branch and setting}:-----------------------------------------------Note: detected settings may not have any effect.HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\"NoRecentDocsMenu" = (REG_DWORD) dword:0x00000001{unrecognized setting}"NoSMHelp" = (REG_DWORD) dword:0x00000001{User Configuration|Administrative Templates|Start Menu and Taskbar|Remove Help menu from Start Menu}"NoCDBurning" = (REG_DWORD) dword:0x00000001{unrecognized setting}"MemCheckBoxInRunDlg" = (REG_DWORD) dword:0x00000000{unrecognized setting}"NoResolveSearch" = (REG_DWORD) dword:0x00000001{unrecognized setting}"NoResolveTrack" = (REG_DWORD) dword:0x00000001{unrecognized setting}"NoDrives" = (REG_DWORD) dword:0x00000000{unrecognized setting}HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\"NoCDBurning" = (REG_DWORD) dword:0x00000001{unrecognized setting}"MemCheckBoxInRunDlg" = (REG_DWORD) dword:0x00000000{unrecognized setting}"NoDrives" = (REG_DWORD) dword:0x00000000{unrecognized setting}HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\"shutdownwithoutlogon" = (REG_DWORD) dword:0x00000001{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|Shutdown: Allow system to be shut down without having to log on}"undockwithoutlogon" = (REG_DWORD) dword:0x00000001{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|Devices: Allow undock without having to log on}"DisableRegistryTools" = (REG_DWORD) dword:0x00000000{unrecognized setting}Active Desktop and Wallpaper:-----------------------------Active Desktop may be disabled at this entry:HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellStateDisplayed if Active Desktop enabled and wallpaper not set by Group Policy:HKCU\Software\Microsoft\Internet Explorer\Desktop\General\"Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"Displayed if Active Desktop disabled and wallpaper not set by Group Policy:HKCU\Control Panel\Desktop\"Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"Windows Portable Device AutoPlay Handlers-----------------------------------------HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\AlcoholAutoPlayV2.BurnDisc\"Provider" = "Alcohol 120%""InvokeProgID" = "AlcoholAutoPlayV2""InvokeVerb" = "BurnDisc"HKLM\SOFTWARE\Classes\AlcoholAutoPlayV2\shell\BurnDisc\command\(Default) = ""C:\Program Files\Alcohol Soft\Alcohol 120\Alcohol.exe" %1" ["Alcohol Soft Development Team"]AlcoholAutoPlayV2.ReadDisc\"Provider" = "Alcohol 120%""InvokeProgID" = "AlcoholAutoPlayV2""InvokeVerb" = "ReadDisc"HKLM\SOFTWARE\Classes\AlcoholAutoPlayV2\shell\ReadDisc\command\(Default) = ""C:\Program Files\Alcohol Soft\Alcohol 120\Alcohol.exe" %1" ["Alcohol Soft Development Team"]ImgBurnBluRayBurningOnArrival_BuildImage\"Provider" = "ImgBurn""InvokeProgID" = "ImgBurn.AutoPlay.1""InvokeVerb" = "HandleBluRayBurningOnArrival_BuildImage"HKLM\SOFTWARE\Classes\ImgBurn.AutoPlay.1\shell\HandleBluRayBurningOnArrival_BuildImage\Command\(Default) = ""C:\Program Files\ImgBurn\ImgBurn.exe" /MODE BUILD /BUILDMODE DEVICE /DEST "%1"" ["LIGHTNING UK!"]ImgBurnBluRayBurningOnArrival_BurnImage\"Provider" = "ImgBurn""InvokeProgID" = "ImgBurn.AutoPlay.1""InvokeVerb" = "HandleBluRayBurningOnArrival_BurnImage"HKLM\SOFTWARE\Classes\ImgBurn.AutoPlay.1\shell\HandleBluRayBurningOnArrival_BurnImage\Command\(Default) = ""C:\Program Files\ImgBurn\ImgBurn.exe" /MODE WRITE /DEST "%1"" ["LIGHTNING UK!"]ImgBurnCDBurningOnArrival_BuildImage\"Provider" = "ImgBurn""InvokeProgID" = "ImgBurn.AutoPlay.1""InvokeVerb" = "HandleCDBurningOnArrival_BuildImage"HKLM\SOFTWARE\Classes\ImgBurn.AutoPlay.1\shell\HandleCDBurningOnArrival_BuildImage\Command\(Default) = ""C:\Program Files\ImgBurn\ImgBurn.exe" /MODE BUILD /BUILDMODE DEVICE /DEST "%1"" ["LIGHTNING UK!"]ImgBurnCDBurningOnArrival_BurnImage\"Provider" = "ImgBurn""InvokeProgID" = "ImgBurn.AutoPlay.1""InvokeVerb" = "HandleCDBurningOnArrival_BurnImage"HKLM\SOFTWARE\Classes\ImgBurn.AutoPlay.1\shell\HandleCDBurningOnArrival_BurnImage\Command\(Default) = ""C:\Program Files\ImgBurn\ImgBurn.exe" /MODE WRITE /DEST "%1"" ["LIGHTNING UK!"]ImgBurnDVDBurningOnArrival_BuildImage\"Provider" = "ImgBurn""InvokeProgID" = "ImgBurn.AutoPlay.1""InvokeVerb" = "HandleDVDBurningOnArrival_BuildImage"HKLM\SOFTWARE\Classes\ImgBurn.AutoPlay.1\shell\HandleDVDBurningOnArrival_BuildImage\Command\(Default) = ""C:\Program Files\ImgBurn\ImgBurn.exe" /MODE BUILD /BUILDMODE DEVICE /DEST "%1"" ["LIGHTNING UK!"]ImgBurnDVDBurningOnArrival_BurnImage\"Provider" = "ImgBurn""InvokeProgID" = "ImgBurn.AutoPlay.1""InvokeVerb" = "HandleDVDBurningOnArrival_BurnImage"HKLM\SOFTWARE\Classes\ImgBurn.AutoPlay.1\shell\HandleDVDBurningOnArrival_BurnImage\Command\(Default) = ""C:\Program Files\ImgBurn\ImgBurn.exe" /MODE WRITE /DEST "%1"" ["LIGHTNING UK!"]ImgBurnHDDVDBurningOnArrival_BuildImage\"Provider" = "ImgBurn""InvokeProgID" = "ImgBurn.AutoPlay.1""InvokeVerb" = "HandleHDDVDBurningOnArrival_BuildImage"HKLM\SOFTWARE\Classes\ImgBurn.AutoPlay.1\shell\HandleHDDVDBurningOnArrival_BuildImage\Command\(Default) = ""C:\Program Files\ImgBurn\ImgBurn.exe" /MODE BUILD /BUILDMODE DEVICE /DEST "%1"" ["LIGHTNING UK!"]ImgBurnHDDVDBurningOnArrival_BurnImage\"Provider" = "ImgBurn""InvokeProgID" = "ImgBurn.AutoPlay.1""InvokeVerb" = "HandleHDDVDBurningOnArrival_BurnImage"HKLM\SOFTWARE\Classes\ImgBurn.AutoPlay.1\shell\HandleHDDVDBurningOnArrival_BurnImage\Command\(Default) = ""C:\Program Files\ImgBurn\ImgBurn.exe" /MODE WRITE /DEST "%1"" ["LIGHTNING UK!"]ImgBurnPlayBluRayOnArrival_ReadDisc\"Provider" = "ImgBurn""InvokeProgID" = "ImgBurn.AutoPlay.1""InvokeVerb" = "PlayBluRayOnArrival_ReadDisc"HKLM\SOFTWARE\Classes\ImgBurn.AutoPlay.1\shell\PlayBluRayOnArrival_ReadDisc\Command\(Default) = ""C:\Program Files\ImgBurn\ImgBurn.exe" /MODE READ /SRC "%1"" ["LIGHTNING UK!"]ImgBurnPlayCDAudioOnArrival_ReadDisc\"Provider" = "ImgBurn""InvokeProgID" = "ImgBurn.AutoPlay.1""InvokeVerb" = "PlayCDAudioOnArrival_ReadDisc"HKLM\SOFTWARE\Classes\ImgBurn.AutoPlay.1\shell\PlayCDAudioOnArrival_ReadDisc\Command\(Default) = ""C:\Program Files\ImgBurn\ImgBurn.exe" /MODE READ /SRC "%1"" ["LIGHTNING UK!"]ImgBurnPlayDVDMovieOnArrival_ReadDisc\"Provider" = "ImgBurn""InvokeProgID" = "ImgBurn.AutoPlay.1""InvokeVerb" = "PlayDVDMovieOnArrival_ReadDisc"HKLM\SOFTWARE\Classes\ImgBurn.AutoPlay.1\shell\PlayDVDMovieOnArrival_ReadDisc\Command\(Default) = ""C:\Program Files\ImgBurn\ImgBurn.exe" /MODE READ /SRC "%1"" ["LIGHTNING UK!"]ImgBurnPlayHDDVDOnArrival_ReadDisc\"Provider" = "ImgBurn""InvokeProgID" = "ImgBurn.AutoPlay.1""InvokeVerb" = "PlayHDDVDOnArrival_ReadDisc"HKLM\SOFTWARE\Classes\ImgBurn.AutoPlay.1\shell\PlayHDDVDOnArrival_ReadDisc\Command\(Default) = ""C:\Program Files\ImgBurn\ImgBurn.exe" /MODE READ /SRC "%1"" ["LIGHTNING UK!"]MPCPlayCDAudioOnArrival\"Provider" = "Media Player Classic""InvokeProgID" = "MediaPlayerClassic.Autorun""InvokeVerb" = "PlayCDAudio"HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayCDAudio\command\(Default) = ""C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe" %1 /cd" ["Gabest"]MPCPlayDVDMovieOnArrival\"Provider" = "Media Player Classic""InvokeProgID" = "MediaPlayerClassic.Autorun""InvokeVerb" = "PlayDVDMovie"HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayDVDMovie\command\(Default) = ""C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe" %1 /dvd" ["Gabest"]MPCPlayMusicFilesOnArrival\"Provider" = "Media Player Classic""InvokeProgID" = "MediaPlayerClassic.Autorun""InvokeVerb" = "PlayMusicFiles"HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayMusicFiles\command\(Default) = ""C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe" %1" ["Gabest"]MPCPlayVideoFilesOnArrival\"Provider" = "Media Player Classic""InvokeProgID" = "MediaPlayerClassic.Autorun""InvokeVerb" = "PlayVideoFiles"HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayVideoFiles\command\(Default) = ""C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe" %1" ["Gabest"]NeroAutoPlay2CDAudio\"Provider" = "Nero Express""InvokeProgID" = "Nero.AutoPlay2""InvokeVerb" = "HandleCDBurningOnArrival_CDAudio"HKLM\SOFTWARE\Classes\Nero.AutoPlay2\shell\HandleCDBurningOnArrival_CDAudio\command\(Default) = "C:\Program Files\Ahead\nero\nero.exe /w /New:AudioCD /Drive:%L" ["Ahead Software AG"]NeroAutoPlay2CopyCD\"Provider" = "Nero Express""InvokeProgID" = "Nero.AutoPlay2""InvokeVerb" = "PlayCDAudioOnArrival_CopyCD"HKLM\SOFTWARE\Classes\Nero.AutoPlay2\shell\PlayCDAudioOnArrival_CopyCD\command\(Default) = "C:\Program Files\Ahead\nero\nero.exe /w /Dialog:DiscCopy /Drive:%L" ["Ahead Software AG"]NeroAutoPlay2DataDisc\"Provider" = "Nero Express""InvokeProgID" = "Nero.AutoPlay2""InvokeVerb" = "HandleCDBurningOnArrival_DataDisc"HKLM\SOFTWARE\Classes\Nero.AutoPlay2\shell\HandleCDBurningOnArrival_DataDisc\command\(Default) = "C:\Program Files\Ahead\nero\nero.exe /w /New:ISODisc /Drive:%L" ["Ahead Software AG"]NeroAutoPlay2LaunchNeroStartSmart\"Provider" = "Nero StartSmart""InvokeProgID" = "Nero.AutoPlay2""InvokeVerb" = "HandleCDBurningOnArrival_LaunchNeroStartSmart"HKLM\SOFTWARE\Classes\Nero.AutoPlay2\shell\HandleCDBurningOnArrival_LaunchNeroStartSmart\command\(Default) = "C:\Program Files\Ahead\Nero StartSmart\NeroStartSmart.exe /AutoPlay /Drive:%L" ["Ahead Software AG"]PDVDPlayDVDMovieOnArrival\"Provider" = "PowerDVD""InvokeProgID" = "DVD""InvokeVerb" = "PlayWithPowerDVD"HKLM\SOFTWARE\Classes\DVD\shell\PlayWithPowerDVD\Command\(Default) = ""C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe" "%l"" ["CyberLink Corp."]Startup items in "Cichy" & "All Users" startup folders:-------------------------------------------------------C:\Documents and Settings\Cichy\Menu Start\Programy\Autostart"RocketDock" -> shortcut to: "C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe" [null data]"TransBar" -> shortcut to: "C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe /s" ["AKSoftware"]"UberIcon" -> shortcut to: "C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe" [null data]"Xfire" -> shortcut to: "C:\Program Files\Xfire\xfire.exe" ["Xfire Inc."]"Y'z Shadow" -> shortcut to: "C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe" ["Y'z@Home"]Winsock2 Service Provider DLLs:-------------------------------Namespace Service ProvidersHKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]Transport Service ProvidersHKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 15%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05Toolbars, Explorer Bars, Extensions:------------------------------------ToolbarsHKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\"{E0E899AB-F487-11D5-8D29-0050BA6940E3}" = "FlashGet Bar"  -> {HKLM...CLSID} = "FlashGet Bar"				   \InProcServer32\(Default) = "C:\PROGRA~1\FlashGet\fgiebar.dll" ["Amaze Soft"]Explorer BarsHKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\HKLM\SOFTWARE\Classes\CLSID\{E7A829CC-671F-4C3D-B590-8C0AEA72E6B2}\(Default) = "BitComet Search"Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]InProcServer32\(Default) = "C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll" ["BitComet"]Extensions (Tools menu items, main toolbar menu buttons)HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{461CC20B-FB6E-4F16-8FE8-C29359DB100E}\"ButtonText" = "BitComet Search"{D6E814A0-E0C5-11D4-8D29-0050BA6940E3}\"ButtonText" = "FlashGet""MenuText" = "FlashGet""Exec" = "C:\Program Files\Flashget\FlashGet.exe" ["FlashGet.com"]{E2E2DD38-D088-4134-82B7-F2BA38496583}\"MenuText" = "@xpsp3res.dll,-20001""Exec" = "%windir%\Network Diagnostic\xpnetdiag.exe" [MS]{FB5F1910-F110-11D2-BB9E-00C04F795683}\"ButtonText" = "Messenger""MenuText" = "Windows Messenger""Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]Miscellaneous IE Hijack Points------------------------------HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\<<H>> "PostNotCached" = "res://ieframe.dll/repost.htm" [MS]<<H>> "NoAdd-ons" = "res://ieframe.dll/noaddon.htm" [MS]<<H>> "NoAdd-onsInfo" = "res://ieframe.dll/noaddoninfo.htm" [MS]<<H>> "SecurityRisk" = "res://ieframe.dll/securityatrisk.htm" [MS]<<H>> "Tabs" = "res://ieframe.dll/tabswelcome.htm" [MS]Running Services (Display Name, Service Name, Path {Service DLL}):------------------------------------------------------------------Lavasoft Ad-Aware Service, aawservice, ""C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe"" ["Lavasoft"]NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"]Print Monitors:---------------HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\hpzsnt09\Driver = "hpzsnt09.dll" ["HP"]---------- (launch time: 2009-06-16 12:08:07)<<!>>: Suspicious data at a malware launch point.<<H>>: Suspicious data at a browser hijack point.+ This report excludes default entries except where indicated.+ To see *everywhere* the script checks and *everything* it finds,  launch it from a command prompt or a shortcut with the -all parameter.+ The search for DESKTOP.INI DLL launch points on all local fixed drives  took 100 seconds.---------- (total run time: 133 seconds)

Z gory dziekuje za pomoc.

Mateusz J.
komentarz
komentarz
c:\documents and settings\Administrator\Menu Start\Programy\Autostart\RocketDock.lnk - c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-3-19 630784]TransBar.lnk - c:\windows\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe [2005-6-1 65536]UberIcon.lnk - c:\windows\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe [2006-5-21 180224]Xfire.lnk - c:\program files\Xfire\xfire.exe [2009-6-12 3182928]Y'z Shadow.lnk - c:\windows\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe [2006-5-21 155648]c:\documents and settings\Cichy\Menu Start\Programy\Autostart\RocketDock.lnk - c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-3-19 630784]TransBar.lnk - c:\windows\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe [2005-6-1 65536]UberIcon.lnk - c:\windows\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe [2006-5-21 180224]Xfire.lnk - c:\program files\Xfire\xfire.exe [2009-6-12 3182928]Y'z Shadow.lnk - c:\windows\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe [2006-5-21 155648]

Vusta Inspirat może spowalniać Twój komputer.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Gadu-Gadu"="c:\program files\Gadu-Gadu\gg.exe" [2007-11-14 2131392]"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]"wsctf.exe"="wsctf.exe" [bU][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-25 13680640]"ATITool"="c:\program files\ATITool\ATITool.exe" [2007-11-28 3182544]"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 32768]"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-25 86016]"Flashget"="c:\program files\FlashGet\flashget.exe" [2007-06-29 1990704]"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-12-25 1657376]"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-03-21 16126464]

To co uważasz za zbędne usuń z autostartu.

Pod względem wirusów czysto.

Usuń folder c:\QooBox.

Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!

Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.

×
×
  • Dodaj nową pozycję...

Powiadomienie o plikach cookie

Strona wykorzystuje pliki cookies w celu prawidłowego świadczenia usług i wygody użytkowników. Warunki przechowywania i dostępu do plików cookies możesz zmienić w ustawieniach przeglądarki.