x-kom hosting

Sprawdźcie mi loga

Mariuszysko
utworzono
utworzono

O to logi

Logfile of Trend Micro HijackThis v2.0.2Scan saved at 10:49:56, on 2008-07-31Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16674)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\ESET\ESET NOD32 Antivirus\egui.exeC:\WINDOWS\RTHDCPL.EXEC:\WINDOWS\system32\ctfmon.exeC:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\msiexec.exeC:\Documents and Settings\Mariusz\Pulpit\Programy\HiJackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.pl/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.localR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = ŁączaR3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLLO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dllO4 - HKLM\..\Run: [skyTel] SkyTel.EXEO4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitserviceO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXEO4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /trayO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dllO9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dllO9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLLO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dllO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cabO18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLLO18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exeO23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exeO23 - Service: FLEXnet Licensing Service - Unknown owner - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (file missing)O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe--End of file - 4892 bytesComboFix 08-07-24.1 - Mariusz 2008-07-31 10:53:16.3 - NTFSx86Microsoft Windows XP Professional  5.1.2600.2.1250.1.1045.18.1548 [GMT 2:00]Running from: C:\Documents and Settings\Mariusz\Pulpit\Programy\ComboFix.exe * Resident AV is active[b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b].(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))..---- Previous Run -------.C:\WINDOWS\system32\edbdbebb_z.dll.(((((((((((((((((((((((((   Files Created from 2008-06-28 to 2008-07-31  ))))))))))))))))))))))))))))))).2008-07-30 21:18 . 2008-07-30 21:18	<DIR>	d--------	C:\Program Files\Realtek2008-07-30 21:18 . 2008-07-30 21:01	520,192	--a------	C:\WINDOWS\RtlExUpd.dll2008-07-30 21:12 . 2008-07-30 21:01	16,844,800	-ra------	C:\WINDOWS\SET913.tmp2008-07-29 22:43 . 2008-07-29 22:43	<DIR>	d--------	C:\WINDOWS\Driver Cache2008-07-29 10:15 . 2008-07-29 10:15	8	--a------	C:\WINDOWS\Kernel32.cdd2008-07-27 21:03 . 2008-07-27 21:03	639,224	--a------	C:\WINDOWS\system32\drivers\sptd.sys2008-07-27 20:12 . 2008-07-30 18:00	<DIR>	d--------	C:\Program Files\UltraISO2008-07-27 13:50 . 2008-07-27 13:50	<DIR>	d--h-----	C:\Program Files\MSBuild2008-07-27 13:50 . 2008-07-27 13:50	<DIR>	d--h-----	C:\Program Files\Microsoft Works2008-07-27 13:49 . 2008-07-27 13:49	<DIR>	d--h-----	C:\Program Files\Microsoft.NET2008-07-27 13:47 . 2008-07-27 13:49	<DIR>	d--------	C:\WINDOWS\SHELLNEW2008-07-27 13:47 . 2008-07-27 13:47	<DIR>	d--h-----	C:\Program Files\Microsoft Visual Studio 82008-07-27 13:46 . 2008-07-27 13:46	<DIR>	dr-h-----	C:\MSOCache2008-07-27 13:33 . 2006-10-26 19:56	32,592	--a------	C:\WINDOWS\system32\msonpmon.dll2008-07-27 13:29 . 2008-07-27 13:51	<DIR>	d--------	C:\Documents and Settings\All Users\Dane aplikacji\Microsoft Help2008-07-26 22:08 . 2008-07-30 11:26	45	--a------	C:\WINDOWS\system32\initdebug.nfo2008-07-25 19:16 . 2008-07-25 19:16	2,560	--a------	C:\WINDOWS\_MSRSTRT.EXE2008-07-25 17:52 . 2008-07-25 17:52	0	---------	C:\WINDOWS\WB.ini2008-07-25 17:50 . 2008-04-26 16:14	42,672	---------	C:\WINDOWS\system32\wbsys.dll2008-07-25 11:11 . 2008-07-25 11:11	23	--a------	C:\WINDOWS\system32\dbedc0_z.ocx2008-07-24 13:11 . 2008-07-24 13:11	<DIR>	d--------	C:\WINDOWS\nview2008-07-24 13:11 . 2008-05-16 11:48	446,464	--a------	C:\WINDOWS\system32\NVUNINST.EXE2008-07-24 13:11 . 2008-05-16 14:01	446,464	--a------	C:\WINDOWS\system32\nvudisp.exe2008-07-24 13:11 . 2008-07-31 09:36	186,097	--a------	C:\WINDOWS\system32\nvapps.xml2008-07-24 13:11 . 2008-05-16 14:01	18,070	--a------	C:\WINDOWS\system32\nvdisp.nvu2008-07-24 11:02 . 2008-07-24 11:02	<DIR>	d--------	C:\Documents and Settings\Mariusz\Dane aplikacji\Promixis2008-07-23 20:15 . 2008-07-23 20:15	38	--a------	C:\WINDOWS\avisplitter.INI2008-07-23 12:39 . 2008-07-23 12:39	<DIR>	d--------	C:\Documents and Settings\All Users\Dane aplikacji\Uniblue2008-07-23 11:55 . 2008-07-23 12:39	<DIR>	d--------	C:\Program Files\Uniblue2008-07-23 11:55 . 2008-07-23 12:39	<DIR>	d--------	C:\Documents and Settings\Mariusz\Dane aplikacji\Uniblue2008-07-22 18:58 . 2008-07-22 18:58	49	--a------	C:\WINDOWS\transp.gif2008-07-22 18:55 . 2008-07-22 19:11	153	--a------	C:\WINDOWS\ODBC.INI2008-07-22 18:04 . 2008-07-22 18:04	<DIR>	d--------	C:\Documents and Settings\Mariusz\Dane aplikacji\Media Player Classic2008-07-22 17:56 . 2008-07-22 17:56	<DIR>	d--h-----	C:\Program Files\microsoft frontpage2008-07-22 12:12 . 2008-07-22 12:12	217	--a------	C:\WINDOWS\DelDir.BEN2008-07-22 12:07 . 2000-06-23 15:21	61,440	--a------	C:\WINDOWS\UnInst32.EXE2008-06-08 21:47 . 2008-06-08 21:47	151	--a------	C:\WINDOWS\PhotoSnapViewer.INI2008-06-08 21:32 . 2008-07-18 19:30	<DIR>	d--------	C:\WINDOWS\system32\NtmsData2008-06-07 10:50 . 2008-03-03 14:25	5,702	--ah-----	C:\WINDOWS\nod32restoretemdono.reg2008-06-07 10:50 . 2008-03-03 18:21	568	--ah-----	C:\WINDOWS\nod32fixtemdono.reg2008-06-07 10:49 . 2008-06-07 10:49	<DIR>	d--------	C:\Program Files\ESET2008-06-07 10:49 . 2008-06-07 10:49	<DIR>	d--------	C:\Documents and Settings\All Users\Dane aplikacji\ESET2008-06-06 20:12 . 2004-08-04 00:44	221,184	--a------	C:\WINDOWS\system32\wmpns.dll2008-06-06 16:47 . 2008-07-28 19:50	<DIR>	d--------	C:\Program Files\CCleaner2008-06-06 11:21 . 2008-06-06 11:21	0	--ah-----	C:\WINDOWS\system32\sx.inf2008-06-05 12:55 . 2008-06-05 12:59	18	--a------	C:\WINDOWS\sys.dat2008-06-04 22:27 . 2006-11-07 10:42	61,504	-ra------	C:\WINDOWS\system32\drivers\w200bus.sys2008-06-04 22:27 . 2004-08-03 23:08	31,616	--a------	C:\WINDOWS\system32\drivers\usbccgp.sys2008-06-04 22:27 . 2006-11-07 10:42	5,840	-ra------	C:\WINDOWS\system32\drivers\w200whnt.sys2008-06-04 22:27 . 2006-11-07 10:42	5,840	-ra------	C:\WINDOWS\system32\drivers\w200wh.sys2008-06-04 16:29 . 2008-06-14 20:01	273,024	---------	C:\WINDOWS\system32\drivers\bthport.sys2008-06-02 22:01 . 2008-06-02 22:01	<DIR>	d--------	C:\Program Files\K-Lite Codec Pack2008-06-02 21:45 . 2008-07-23 20:10	<DIR>	d--------	C:\Program Files\NAPI-PROJEKT2008-06-02 21:39 . 2008-06-02 21:39	<DIR>	d--------	C:\WINDOWS\Sun2008-06-02 18:10 . 2008-07-22 15:50	<DIR>	d--------	C:\WINDOWS\SxsCaPendDel2008-06-02 13:46 . 2008-07-23 23:42	<DIR>	d--------	C:\Documents and Settings\All Users\Dane aplikacji\FLEXnet2008-06-01 09:49 . 2008-06-01 09:49	<DIR>	d--------	C:\Program Files\uTorrent.((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))).2008-07-31 08:49	---------	d-----w	C:\Documents and Settings\Mariusz\Dane aplikacji\uTorrent2008-07-30 19:18	---------	d--h--w	C:\Program Files\InstallShield Installation Information2008-07-30 19:01	9,715,200	----a-w	C:\WINDOWS\RTLCPL.exe2008-07-30 19:01	86,016	----a-w	C:\WINDOWS\SoundMan.exe2008-07-30 19:01	69,632	----a-w	C:\WINDOWS\Alcmtr.exe2008-07-30 19:01	49,152	----a-w	C:\WINDOWS\system32\ChCfg.exe2008-07-30 19:01	4,613,120	----a-w	C:\WINDOWS\system32\drivers\RtkHDAud.sys2008-07-30 19:01	2,808,832	----a-w	C:\WINDOWS\alcwzrd.exe2008-07-30 19:01	2,165,760	----a-w	C:\WINDOWS\MicCal.exe2008-07-30 19:01	16,844,800	----a-w	C:\WINDOWS\RTHDCPL.exe2008-07-30 19:01	1,826,816	----a-w	C:\WINDOWS\SkyTel.exe2008-07-30 19:01	1,191,936	----a-w	C:\WINDOWS\RtlUpd.exe2008-07-30 16:02	---------	d-----w	C:\Program Files\Odkurzacz2008-07-28 18:07	---------	d-----w	C:\Program Files\Common Files\Adobe2008-07-28 16:06	---------	d-----w	C:\Program Files\Paint.NET2008-07-25 08:00	158,208	----a-w	C:\WINDOWS\pchealth\helpctr\binaries\msconfig.exe2008-06-20 17:42	246,784	----a-w	C:\WINDOWS\system32\mswsock.dll2008-06-20 10:45	360,320	----a-w	C:\WINDOWS\system32\drivers\tcpip.sys2008-06-20 10:44	138,368	----a-w	C:\WINDOWS\system32\drivers\afd.sys2008-06-20 09:52	225,920	----a-w	C:\WINDOWS\system32\drivers\tcpip6.sys2008-06-02 16:09	---------	d-----w	C:\Program Files\Java2008-05-30 18:09	---------	d-----w	C:\Documents and Settings\Mariusz\Dane aplikacji\Ahead2008-05-27 15:40	6,118	----a-w	C:\WINDOWS\BricoPackFoldersDelete.cmd2008-05-27 15:40	51,850	----a-w	C:\WINDOWS\BricoPackUninst.cmd2008-05-27 15:40	219,648	----a-w	C:\WINDOWS\system32\uxtheme.dll2008-05-08 16:42	315,392	----a-w	C:\WINDOWS\HideWin.exe2008-05-07 05:16	1,291,264	----a-w	C:\WINDOWS\system32\quartz.dll2008-04-23 07:20	826,368	----a-w	C:\WINDOWS\system32\wininet.dll2004-08-03 22:44	60,928	--sha-w	C:\WINDOWS\BricoPacks\SysFiles\80_msimn.exe.(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2008-03-20 12:04 2127296]"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:44 15360][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-02-20 11:06 1443072]"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-16 14:01 13529088]"SkyTel"="SkyTel.EXE" [2008-07-30 21:01 1826816 C:\WINDOWS\SkyTel.exe]"RTHDCPL"="RTHDCPL.EXE" [2008-07-30 21:01 16844800 C:\WINDOWS\RTHDCPL.exe][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:44 15360][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]"VIDC.YV12"= yv12vfw.dll[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]--a------ 2008-05-16 14:01 13529088 C:\WINDOWS\system32\nvcpl.dll[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"C:\\Program Files\\uTorrent\\uTorrent.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe"="C:\\Program Files\\Gadu-Gadu\\gg.exe"="C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-02-20 11:11]R2 NIOC;NIOC Service;C:\WINDOWS\system32\NIOC.SYS [2002-09-27 18:21]R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;C:\WINDOWS\system32\DRIVERS\l151x86.sys [2007-11-01 08:56]S2 NOD32FiXTemDono;Eset Nod32 Boot;C:\WINDOWS\system32\regedt32.exe [2002-09-23 14:00]S3 NETDLWL;D-Link Air Wireless Adapter(DL) NT Driver;C:\WINDOWS\system32\DRIVERS\NETDLWL.SYS [2003-07-14 12:45]S3 w200bus;Sony Ericsson W200 driver (WDM);C:\WINDOWS\system32\DRIVERS\w200bus.sys [2006-11-07 10:42]S3 XDva076;XDva076;C:\WINDOWS\system32\XDva076.sys [].Contents of the 'Scheduled Tasks' folder"2008-07-23 10:11:22 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job"- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe"2008-07-23 10:11:21 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe"2008-07-23 10:43:49 C:\WINDOWS\Tasks\Uniblue SpyEraser.job"- C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe..------- Supplementary Scan -------.R0 -: HKCU-Main,Start Page = hxxp://google.pl/R1 -: HKCU-Internet Settings,ProxyOverride = *.localO8 -: E&ksportuj do programu Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000"Silent Runners.vbs", revision 58, http://www.silentrunners.org/Operating System: Windows XP SP2Output limited to non-default values, except where indicated by "{++}"Startup items buried in registry:---------------------------------HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}"Gadu-Gadu" = ""C:\Program Files\Gadu-Gadu\gg.exe" /tray" ["Gadu-Gadu S.A."]"ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS]HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}"SkyTel" = "SkyTel.EXE" ["Realtek Semiconductor Corp."]"egui" = ""C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice" ["ESET"]"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]"RTHDCPL" = "RTHDCPL.EXE" ["Realtek Semiconductor Corp."]HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}\(Default) = "Internet Explorer"										\StubPath   = "C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig" [MS]>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}\(Default) = "Outlook Express"										\StubPath   = "C:\WINDOWS\system32\shmgrate.exe OCInstallUserConfigOE" [MS]{44BBA842-CC51-11CF-AAFA-00AA00B6015B}\(Default) = "NetMeeting 3.01"									   \StubPath   = "rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Remove.PerUser.NT" [MS]HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)  -> {HKLM...CLSID} = "Adobe PDF Reader Link Helper"				   \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]{72853161-30C5-4D22-B7F9-0BBC1D38A37E}\(Default) = (no title provided)  -> {HKLM...CLSID} = "Groove GFS Browser Helper"				   \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)  -> {HKLM...CLSID} = "SSVHelper Class"				   \InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."]HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"  -> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"				   \InProcServer32\(Default) = "deskpan.dll" [file not found]"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"  -> {HKLM...CLSID} = "HyperTerminal Icon Ext"				   \InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]"{B327765E-D724-4347-8B16-78AE18552FC3}" = "NeroDigitalIconHandler"  -> {HKLM...CLSID} = "NeroDigitalIconHandler Class"				   \InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]"{7F1CF152-04F8-453A-B34C-E609530A9DC8}" = "NeroDigitalPropSheetHandler"  -> {HKLM...CLSID} = "NeroDigitalPropSheetHandler Class"				   \InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]"{B089FE88-FB52-11D3-BDF1-0050DA34150D}" = "Eset Smart Security - Context Menu Shell Extension"  -> {HKLM...CLSID} = "Eset Smart Security - Context Menu Shell Extension"				   \InProcServer32\(Default) = "C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll" ["ESET"]"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"  -> {HKLM...CLSID} = "WinRAR"				   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"  -> {HKLM...CLSID} = "DesktopContext Class"				   \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"  -> {HKLM...CLSID} = "NVIDIA CPL Extension"				   \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"  -> {HKLM...CLSID} = "Desktop Explorer"				   \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"  -> {HKLM...CLSID} = (no title provided)				   \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"  -> {HKLM...CLSID} = "nView Desktop Context Menu"				   \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}" = "Groove GFS Browser Helper"  -> {HKLM...CLSID} = "Groove GFS Browser Helper"				   \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}" = "Groove GFS Explorer Bar"  -> {HKLM...CLSID} = "Groove Folder Synchronization"				   \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]"{A449600E-1DC6-4232-B948-9BD794D62056}" = "Groove GFS Stub Icon Handler"  -> {HKLM...CLSID} = "Groove GFS Stub Icon Handler"				   \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}" = "Groove GFS Stub Execution Hook"  -> {HKLM...CLSID} = "Groove GFS Stub Execution Hook"				   \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]"{6C467336-8281-4E60-8204-430CED96822D}" = "Groove GFS Context Menu Handler"  -> {HKLM...CLSID} = "Groove GFS Context Menu Handler"				   \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]"{387E725D-DC16-4D76-B310-2C93ED4752A0}" = "Groove XML Icon Handler"  -> {HKLM...CLSID} = "Groove XML Icon Handler"				   \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]"{16F3DD56-1AF5-4347-846D-7C10C4192619}" = "Groove Explorer Icon Overlay 3 (GFS Folder)"  -> {HKLM...CLSID} = "Groove Explorer Icon Overlay 3 (GFS Folder)"				   \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]"{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC}" = "Groove Explorer Icon Overlay 2 (GFS Stub)"  -> {HKLM...CLSID} = "Groove Explorer Icon Overlay 2 (GFS Stub)"				   \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]"{2916C86E-86A6-43FE-8112-43ABE6BF8DCC}" = "Groove Explorer Icon Overlay 4 (GFS Unread Mark)"  -> {HKLM...CLSID} = "Groove Explorer Icon Overlay 4 (GFS Unread Mark)"				   \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]"{99FD978C-D287-4F50-827F-B2C658EDA8E7}" = "Groove Explorer Icon Overlay 1 (GFS Unread Stub)"  -> {HKLM...CLSID} = "Groove Explorer Icon Overlay 1 (GFS Unread Stub)"				   \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]"{920E6DB1-9907-4370-B3A0-BAFC03D81399}" = "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)"  -> {HKLM...CLSID} = "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)"				   \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"  -> {HKLM...CLSID} = "Outlook File Icon Extension"				   \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\OLKFSTUB.DLL" [MS]"{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"  -> {HKLM...CLSID} = "Microsoft Office Outlook"				   \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\MLSHEXT.DLL" [MS]"{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C}" = "Microsoft Office OneNote Namespace Extension for Windows Desktop Search"  -> {HKLM...CLSID} = "Microsoft Office OneNote Namespace Extension for Windows Desktop Search"				   \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL" [MS]"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"  -> {HKLM...CLSID} = (no title provided)				   \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\msohevi.dll" [MS]"{993BE281-6695-4BA5-8A2A-7AACBFAAB69E}" = "Microsoft Office Metadata Handler"  -> {HKLM...CLSID} = "Microsoft Office Metadata Handler"				   \InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS]"{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97}" = "Microsoft Office Thumbnail Handler"  -> {HKLM...CLSID} = "Microsoft Office Thumbnail Handler"				   \InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS]"{AD392E40-428C-459F-961E-9B147782D099}" = "UltraISO"  -> {HKLM...CLSID} = "UIContextMenu Class"				   \InProcServer32\(Default) = "C:\Program Files\UltraISO\isoshell.dll" ["EZB Systems, Inc."]HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\<<!>> "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}" = "Groove GFS Stub Execution Hook"  -> {HKLM...CLSID} = "Groove GFS Stub Execution Hook"				   \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\"WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"  -> {HKLM...CLSID} = "WPDShServiceObj Class"				   \InProcServer32\(Default) = "C:\WINDOWS\system32\WPDShServiceObj.dll" [MS]HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\<<!>> text/xml\CLSID = "{807563E5-5146-11D5-A672-00B0D022E945}"  -> {HKLM...CLSID} = "Microsoft Office InfoPath XML Mime Filter"				   \InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL" [MS]HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{7D4D6379-F301-4311-BEBA-E26EB0561882}\(Default) = "NeroDigitalExt.NeroDigitalColumnHandler"  -> {HKLM...CLSID} = "NeroDigitalColumnHandler Class"				   \InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"  -> {HKLM...CLSID} = "PDF Shell Extension"				   \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\Eset Smart Security - Context Menu Shell Extension\(Default) = "{B089FE88-FB52-11D3-BDF1-0050DA34150D}"  -> {HKLM...CLSID} = "Eset Smart Security - Context Menu Shell Extension"				   \InProcServer32\(Default) = "C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll" ["ESET"]WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"  -> {HKLM...CLSID} = "WinRAR"				   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]XXX Groove GFS Context Menu Handler XXX\(Default) = "{6C467336-8281-4E60-8204-430CED96822D}"  -> {HKLM...CLSID} = "Groove GFS Context Menu Handler"				   \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\UltraISO\(Default) = "{AD392E40-428C-459F-961E-9B147782D099}"  -> {HKLM...CLSID} = "UIContextMenu Class"				   \InProcServer32\(Default) = "C:\Program Files\UltraISO\isoshell.dll" ["EZB Systems, Inc."]WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"  -> {HKLM...CLSID} = "WinRAR"				   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]XXX Groove GFS Context Menu Handler XXX\(Default) = "{6C467336-8281-4E60-8204-430CED96822D}"  -> {HKLM...CLSID} = "Groove GFS Context Menu Handler"				   \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\Eset Smart Security - Context Menu Shell Extension\(Default) = "{B089FE88-FB52-11D3-BDF1-0050DA34150D}"  -> {HKLM...CLSID} = "Eset Smart Security - Context Menu Shell Extension"				   \InProcServer32\(Default) = "C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll" ["ESET"]UltraISO\(Default) = "{AD392E40-428C-459F-961E-9B147782D099}"  -> {HKLM...CLSID} = "UIContextMenu Class"				   \InProcServer32\(Default) = "C:\Program Files\UltraISO\isoshell.dll" ["EZB Systems, Inc."]WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"  -> {HKLM...CLSID} = "WinRAR"				   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]XXX Groove GFS Context Menu Handler XXX\(Default) = "{6C467336-8281-4E60-8204-430CED96822D}"  -> {HKLM...CLSID} = "Groove GFS Context Menu Handler"				   \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\XXX Groove GFS Context Menu Handler XXX\(Default) = "{6C467336-8281-4E60-8204-430CED96822D}"  -> {HKLM...CLSID} = "Groove GFS Context Menu Handler"				   \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]Default executables:--------------------<<!>> HKLM\SOFTWARE\Classes\.com\(Default) = "ComFile"Group Policies {GPedit.msc branch and setting}:-----------------------------------------------Note: detected settings may not have any effect.HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\"NoDrives" = (REG_DWORD) dword:0x00000000{unrecognized setting}HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\"NoDrives" = (REG_DWORD) dword:0x00000000{unrecognized setting}HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\"HideLegacyLogonScripts" = (REG_DWORD) dword:0x00000000{unrecognized setting}"HideLogoffScripts" = (REG_DWORD) dword:0x00000000{unrecognized setting}"RunLogonScriptSync" = (REG_DWORD) dword:0x00000001{unrecognized setting}"RunStartupScriptSync" = (REG_DWORD) dword:0x00000000{unrecognized setting}"HideStartupScripts" = (REG_DWORD) dword:0x00000000{unrecognized setting}HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\"shutdownwithoutlogon" = (REG_DWORD) dword:0x00000001{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|Shutdown: Allow system to be shut down without having to log on}"undockwithoutlogon" = (REG_DWORD) dword:0x00000001{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|Devices: Allow undock without having to log on}"DisableRegistryTools" = (REG_DWORD) dword:0x00000000{unrecognized setting}"HideLegacyLogonScripts" = (REG_DWORD) dword:0x00000000{unrecognized setting}"HideLogoffScripts" = (REG_DWORD) dword:0x00000000{unrecognized setting}"RunLogonScriptSync" = (REG_DWORD) dword:0x00000001{unrecognized setting}"RunStartupScriptSync" = (REG_DWORD) dword:0x00000000{unrecognized setting}"HideStartupScripts" = (REG_DWORD) dword:0x00000000{unrecognized setting}Active Desktop and Wallpaper:-----------------------------Active Desktop may be disabled at this entry:HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellStateDisplayed if Active Desktop enabled and wallpaper not set by Group Policy:HKCU\Software\Microsoft\Internet Explorer\Desktop\General\"Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"Displayed if Active Desktop disabled and wallpaper not set by Group Policy:HKCU\Control Panel\Desktop\"Wallpaper" = "C:\Documents and Settings\Mariusz\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"Windows Portable Device AutoPlay Handlers-----------------------------------------HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\MPCPlayCDAudioOnArrival\"Provider" = "Media Player Classic""InvokeProgID" = "MediaPlayerClassic.Autorun""InvokeVerb" = "PlayCDAudio"HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayCDAudio\command\(Default) = ""C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe" %1 /cd" ["Gabest"]MPCPlayDVDMovieOnArrival\"Provider" = "Media Player Classic""InvokeProgID" = "MediaPlayerClassic.Autorun""InvokeVerb" = "PlayDVDMovie"HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayDVDMovie\command\(Default) = ""C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe" %1 /dvd" ["Gabest"]MPCPlayMusicFilesOnArrival\"Provider" = "Media Player Classic""InvokeProgID" = "MediaPlayerClassic.Autorun""InvokeVerb" = "PlayMusicFiles"HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayMusicFiles\command\(Default) = ""C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe" %1" ["Gabest"]MPCPlayVideoFilesOnArrival\"Provider" = "Media Player Classic""InvokeProgID" = "MediaPlayerClassic.Autorun""InvokeVerb" = "PlayVideoFiles"HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayVideoFiles\command\(Default) = ""C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe" %1" ["Gabest"]MSWPDShellNamespaceHandler\"Provider" = "@%SystemRoot%\System32\WPDShextRes.dll,-501""CLSID" = "{A55803CC-4D53-404c-8557-FD63DBA95D24}""InitCmdLine" = " "  -> {HKLM...CLSID} = "WPDShextAutoplay"				   \LocalServer32\(Default) = "C:\WINDOWS\system32\WPDShextAutoplay.exe" [MS]NeroAutoPlay7CDAudio\"Provider" = "Nero Express Essentials""InvokeProgID" = "Nero.AutoPlay7""InvokeVerb" = "CDAudio_HandleCDBurningOnArrival"HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\CDAudio_HandleCDBurningOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Core\nero.exe -w /New:AudioCD" ["Nero AG"]NeroAutoPlay7CopyCD\"Provider" = "Nero Express Essentials""InvokeProgID" = "Nero.AutoPlay7""InvokeVerb" = "CopyCD_PlayMusicFilesOnArrival"HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\CopyCD_PlayMusicFilesOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Core\nero.exe -w /New:DiscCopy" ["Nero AG"]NeroAutoPlay7DataDisc\"Provider" = "Nero Express Essentials""InvokeProgID" = "Nero.AutoPlay7""InvokeVerb" = "DataDisc_HandleCDBurningOnArrival"HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\DataDisc_HandleCDBurningOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Core\nero.exe -w /New:ISODisc" ["Nero AG"]NeroAutoPlay7LaunchNeroStartSmart\"Provider" = "Nero StartSmart Essentials""InvokeProgID" = "Nero.AutoPlay7""InvokeVerb" = "LaunchNeroStartSmart_HandleCDBurningOnArrival"HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\LaunchNeroStartSmart_HandleCDBurningOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Nero StartSmart\NeroStartSmart.exe /AutoPlay" ["Nero AG"]NeroAutoPlay7PlayAudioCD\"Provider" = "Nero ShowTime Essentials""InvokeProgID" = "Nero.AutoPlay7""InvokeVerb" = "PlayAudioCD_PlayMusicFilesOnArrival"HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\PlayAudioCD_PlayMusicFilesOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe /Play %L" ["Nero AG"]NeroAutoPlay7PlayDVD\"Provider" = "Nero ShowTime Essentials""InvokeProgID" = "Nero.AutoPlay7""InvokeVerb" = "PlayDVD_PlayVideoFilesOnArrival"HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\PlayDVD_PlayVideoFilesOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe /Play %L" ["Nero AG"]NeroAutoPlay7TranscodeVideo\"Provider" = "Nero Recode Essentials""InvokeProgID" = "Nero.AutoPlay7""InvokeVerb" = "TranscodeVideo_PlayDVDMovieOnArrival"HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\TranscodeVideo_PlayDVDMovieOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Nero Recode\Recode.exe /New:CopyDVDVideo" ["Nero AG"]NeroAutoPlay7VideoCapture\"Provider" = "Nero Vision Essentials""ProgID" = "Shell.HWEventHandlerShellExecute""InitCmdLine" = ""C:\Program Files\Nero\Nero 7\Nero Vision\NeroVision.exe" /New:VideoCapture"HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = "{FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}"  -> {HKLM...CLSID} = "ShellExecute HW Event Handler"				   \LocalServer32\(Default) = "rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" [MS]NeroAutoPlay7ViewPhotos\"Provider" = "Nero PhotoSnap Viewer Essentials""InvokeProgID" = "Nero.AutoPlay7""InvokeVerb" = "ViewPhotos_ShowPicturesOnArrival"HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\ViewPhotos_ShowPicturesOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Nero PhotoSnap\PhotoSnapViewer.exe /" ["Nero AG"]Enabled Scheduled Tasks:------------------------"Uniblue SpeedUpMyPC Nag" -> launches: "C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe -s" ["Uniblue Software"]"Uniblue SpeedUpMyPC" -> launches: "C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe -s" ["Uniblue Software"]"Uniblue SpyEraser" -> launches: "C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe -s" ["Uniblue Software"]Winsock2 Service Provider DLLs:-------------------------------Namespace Service ProvidersHKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]Transport Service ProvidersHKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 13%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05Toolbars, Explorer Bars, Extensions:------------------------------------Explorer BarsHKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\HKLM\SOFTWARE\Classes\CLSID\{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}\(Default) = "Groove Folder Synchronization"Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]HKLM\SOFTWARE\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Poszukaj"Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL" [MS]Extensions (Tools menu items, main toolbar menu buttons)HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\"MenuText" = "Sun Java Console""CLSIDExtension" = "{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC}"  -> {HKCU...CLSID} = "Java Plug-in 1.6.0_06"				   \InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."]  -> {HKLM...CLSID} = "Java Plug-in 1.6.0_06"				   \InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_06\bin\npjpi160_06.dll" ["Sun Microsystems, Inc."]{2670000A-7350-4F3C-8081-5663EE0C6C49}\"ButtonText" = "Wyślij do programu OneNote""MenuText" = "Wyślij &do programu OneNote""CLSIDExtension" = "{48E73304-E1D6-4330-914C-F5F514E3486C}"  -> {HKLM...CLSID} = "Send to OneNote from Internet Explorer button"				   \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll" [MS]{92780B25-18CC-41C8-B9BE-3C9C571A8263}\"ButtonText" = "Research"{E2E2DD38-D088-4134-82B7-F2BA38496583}\"MenuText" = "@xpsp3res.dll,-20001""Exec" = "%windir%\Network Diagnostic\xpnetdiag.exe" [MS]Running Services (Display Name, Service Name, Path {Service DLL}):------------------------------------------------------------------Eset Service, ekrn, ""C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe"" ["ESET"]NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"]Print Monitors:---------------HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\Send To Microsoft OneNote Monitor\Driver = "msonpmon.dll" [MS]---------- (launch time: 2008-07-31 10:54:52)<<!>>: Suspicious data at a malware launch point.+ This report excludes default entries except where indicated.+ To see *everywhere* the script checks and *everything* it finds,  launch it from a command prompt or a shortcut with the -all parameter.+ To search all directories of local fixed drives for DESKTOP.INI  DLL launch points, use the -supp parameter or answer "No" at the  first message box and "Yes" at the second message box.---------- (total run time: 24 seconds, including 8 seconds for message boxes)

To były logi z hijack combofix i sillent runer (sory za literowki ale nie wiem jak sie to pisze)

Tylko nie wiem czy dobrze te logi sprawdzilem

Mateusz J.
komentarz
komentarz
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)

Fix w HijackThis.

SR i ComboFix - czysto.

Jaki powód sprawdzania logów?

Mariuszysko
komentarz
komentarz

Po jakis pieciu godzinach od wlaczenia kompa mi sie net spowalnia a po drugie w katalogu C:\Documents and Settings\Mariusz\Ustawienia lokalne\temp antyvir znajduje virusa ktorego nie ma w tym folderze av-test.txt

Mateusz J.
komentarz
komentarz

W tym folderze znajduje av-test.txt?

Usuń całą zawartość folderu: C:\Documents and Settings\Mariusz\Ustawienia lokalne\temp

Mariuszysko
komentarz
komentarz

taktez zrobilem

narazie jest spokoj

Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!

Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.

×
×
  • Dodaj nową pozycję...

Powiadomienie o plikach cookie

Strona wykorzystuje pliki cookies w celu prawidłowego świadczenia usług i wygody użytkowników. Warunki przechowywania i dostępu do plików cookies możesz zmienić w ustawieniach przeglądarki.