Mariuszysko utworzono 31 lipca 2008 utworzono 31 lipca 2008 O to logi Logfile of Trend Micro HijackThis v2.0.2Scan saved at 10:49:56, on 2008-07-31Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16674)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\ESET\ESET NOD32 Antivirus\egui.exeC:\WINDOWS\RTHDCPL.EXEC:\WINDOWS\system32\ctfmon.exeC:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\msiexec.exeC:\Documents and Settings\Mariusz\Pulpit\Programy\HiJackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.pl/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.localR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = ŁączaR3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLLO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dllO4 - HKLM\..\Run: [skyTel] SkyTel.EXEO4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitserviceO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXEO4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /trayO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dllO9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dllO9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLLO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dllO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cabO18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLLO18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exeO23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exeO23 - Service: FLEXnet Licensing Service - Unknown owner - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (file missing)O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe--End of file - 4892 bytesComboFix 08-07-24.1 - Mariusz 2008-07-31 10:53:16.3 - NTFSx86Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.1548 [GMT 2:00]Running from: C:\Documents and Settings\Mariusz\Pulpit\Programy\ComboFix.exe * Resident AV is active[b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b].((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..---- Previous Run -------.C:\WINDOWS\system32\edbdbebb_z.dll.((((((((((((((((((((((((( Files Created from 2008-06-28 to 2008-07-31 ))))))))))))))))))))))))))))))).2008-07-30 21:18 . 2008-07-30 21:18 <DIR> d-------- C:\Program Files\Realtek2008-07-30 21:18 . 2008-07-30 21:01 520,192 --a------ C:\WINDOWS\RtlExUpd.dll2008-07-30 21:12 . 2008-07-30 21:01 16,844,800 -ra------ C:\WINDOWS\SET913.tmp2008-07-29 22:43 . 2008-07-29 22:43 <DIR> d-------- C:\WINDOWS\Driver Cache2008-07-29 10:15 . 2008-07-29 10:15 8 --a------ C:\WINDOWS\Kernel32.cdd2008-07-27 21:03 . 2008-07-27 21:03 639,224 --a------ C:\WINDOWS\system32\drivers\sptd.sys2008-07-27 20:12 . 2008-07-30 18:00 <DIR> d-------- C:\Program Files\UltraISO2008-07-27 13:50 . 2008-07-27 13:50 <DIR> d--h----- C:\Program Files\MSBuild2008-07-27 13:50 . 2008-07-27 13:50 <DIR> d--h----- C:\Program Files\Microsoft Works2008-07-27 13:49 . 2008-07-27 13:49 <DIR> d--h----- C:\Program Files\Microsoft.NET2008-07-27 13:47 . 2008-07-27 13:49 <DIR> d-------- C:\WINDOWS\SHELLNEW2008-07-27 13:47 . 2008-07-27 13:47 <DIR> d--h----- C:\Program Files\Microsoft Visual Studio 82008-07-27 13:46 . 2008-07-27 13:46 <DIR> dr-h----- C:\MSOCache2008-07-27 13:33 . 2006-10-26 19:56 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll2008-07-27 13:29 . 2008-07-27 13:51 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Microsoft Help2008-07-26 22:08 . 2008-07-30 11:26 45 --a------ C:\WINDOWS\system32\initdebug.nfo2008-07-25 19:16 . 2008-07-25 19:16 2,560 --a------ C:\WINDOWS\_MSRSTRT.EXE2008-07-25 17:52 . 2008-07-25 17:52 0 --------- C:\WINDOWS\WB.ini2008-07-25 17:50 . 2008-04-26 16:14 42,672 --------- C:\WINDOWS\system32\wbsys.dll2008-07-25 11:11 . 2008-07-25 11:11 23 --a------ C:\WINDOWS\system32\dbedc0_z.ocx2008-07-24 13:11 . 2008-07-24 13:11 <DIR> d-------- C:\WINDOWS\nview2008-07-24 13:11 . 2008-05-16 11:48 446,464 --a------ C:\WINDOWS\system32\NVUNINST.EXE2008-07-24 13:11 . 2008-05-16 14:01 446,464 --a------ C:\WINDOWS\system32\nvudisp.exe2008-07-24 13:11 . 2008-07-31 09:36 186,097 --a------ C:\WINDOWS\system32\nvapps.xml2008-07-24 13:11 . 2008-05-16 14:01 18,070 --a------ C:\WINDOWS\system32\nvdisp.nvu2008-07-24 11:02 . 2008-07-24 11:02 <DIR> d-------- C:\Documents and Settings\Mariusz\Dane aplikacji\Promixis2008-07-23 20:15 . 2008-07-23 20:15 38 --a------ C:\WINDOWS\avisplitter.INI2008-07-23 12:39 . 2008-07-23 12:39 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Uniblue2008-07-23 11:55 . 2008-07-23 12:39 <DIR> d-------- C:\Program Files\Uniblue2008-07-23 11:55 . 2008-07-23 12:39 <DIR> d-------- C:\Documents and Settings\Mariusz\Dane aplikacji\Uniblue2008-07-22 18:58 . 2008-07-22 18:58 49 --a------ C:\WINDOWS\transp.gif2008-07-22 18:55 . 2008-07-22 19:11 153 --a------ C:\WINDOWS\ODBC.INI2008-07-22 18:04 . 2008-07-22 18:04 <DIR> d-------- C:\Documents and Settings\Mariusz\Dane aplikacji\Media Player Classic2008-07-22 17:56 . 2008-07-22 17:56 <DIR> d--h----- C:\Program Files\microsoft frontpage2008-07-22 12:12 . 2008-07-22 12:12 217 --a------ C:\WINDOWS\DelDir.BEN2008-07-22 12:07 . 2000-06-23 15:21 61,440 --a------ C:\WINDOWS\UnInst32.EXE2008-06-08 21:47 . 2008-06-08 21:47 151 --a------ C:\WINDOWS\PhotoSnapViewer.INI2008-06-08 21:32 . 2008-07-18 19:30 <DIR> d-------- C:\WINDOWS\system32\NtmsData2008-06-07 10:50 . 2008-03-03 14:25 5,702 --ah----- C:\WINDOWS\nod32restoretemdono.reg2008-06-07 10:50 . 2008-03-03 18:21 568 --ah----- C:\WINDOWS\nod32fixtemdono.reg2008-06-07 10:49 . 2008-06-07 10:49 <DIR> d-------- C:\Program Files\ESET2008-06-07 10:49 . 2008-06-07 10:49 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\ESET2008-06-06 20:12 . 2004-08-04 00:44 221,184 --a------ C:\WINDOWS\system32\wmpns.dll2008-06-06 16:47 . 2008-07-28 19:50 <DIR> d-------- C:\Program Files\CCleaner2008-06-06 11:21 . 2008-06-06 11:21 0 --ah----- C:\WINDOWS\system32\sx.inf2008-06-05 12:55 . 2008-06-05 12:59 18 --a------ C:\WINDOWS\sys.dat2008-06-04 22:27 . 2006-11-07 10:42 61,504 -ra------ C:\WINDOWS\system32\drivers\w200bus.sys2008-06-04 22:27 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys2008-06-04 22:27 . 2006-11-07 10:42 5,840 -ra------ C:\WINDOWS\system32\drivers\w200whnt.sys2008-06-04 22:27 . 2006-11-07 10:42 5,840 -ra------ C:\WINDOWS\system32\drivers\w200wh.sys2008-06-04 16:29 . 2008-06-14 20:01 273,024 --------- C:\WINDOWS\system32\drivers\bthport.sys2008-06-02 22:01 . 2008-06-02 22:01 <DIR> d-------- C:\Program Files\K-Lite Codec Pack2008-06-02 21:45 . 2008-07-23 20:10 <DIR> d-------- C:\Program Files\NAPI-PROJEKT2008-06-02 21:39 . 2008-06-02 21:39 <DIR> d-------- C:\WINDOWS\Sun2008-06-02 18:10 . 2008-07-22 15:50 <DIR> d-------- C:\WINDOWS\SxsCaPendDel2008-06-02 13:46 . 2008-07-23 23:42 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\FLEXnet2008-06-01 09:49 . 2008-06-01 09:49 <DIR> d-------- C:\Program Files\uTorrent.(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2008-07-31 08:49 --------- d-----w C:\Documents and Settings\Mariusz\Dane aplikacji\uTorrent2008-07-30 19:18 --------- d--h--w C:\Program Files\InstallShield Installation Information2008-07-30 19:01 9,715,200 ----a-w C:\WINDOWS\RTLCPL.exe2008-07-30 19:01 86,016 ----a-w C:\WINDOWS\SoundMan.exe2008-07-30 19:01 69,632 ----a-w C:\WINDOWS\Alcmtr.exe2008-07-30 19:01 49,152 ----a-w C:\WINDOWS\system32\ChCfg.exe2008-07-30 19:01 4,613,120 ----a-w C:\WINDOWS\system32\drivers\RtkHDAud.sys2008-07-30 19:01 2,808,832 ----a-w C:\WINDOWS\alcwzrd.exe2008-07-30 19:01 2,165,760 ----a-w C:\WINDOWS\MicCal.exe2008-07-30 19:01 16,844,800 ----a-w C:\WINDOWS\RTHDCPL.exe2008-07-30 19:01 1,826,816 ----a-w C:\WINDOWS\SkyTel.exe2008-07-30 19:01 1,191,936 ----a-w C:\WINDOWS\RtlUpd.exe2008-07-30 16:02 --------- d-----w C:\Program Files\Odkurzacz2008-07-28 18:07 --------- d-----w C:\Program Files\Common Files\Adobe2008-07-28 16:06 --------- d-----w C:\Program Files\Paint.NET2008-07-25 08:00 158,208 ----a-w C:\WINDOWS\pchealth\helpctr\binaries\msconfig.exe2008-06-20 17:42 246,784 ----a-w C:\WINDOWS\system32\mswsock.dll2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys2008-06-02 16:09 --------- d-----w C:\Program Files\Java2008-05-30 18:09 --------- d-----w C:\Documents and Settings\Mariusz\Dane aplikacji\Ahead2008-05-27 15:40 6,118 ----a-w C:\WINDOWS\BricoPackFoldersDelete.cmd2008-05-27 15:40 51,850 ----a-w C:\WINDOWS\BricoPackUninst.cmd2008-05-27 15:40 219,648 ----a-w C:\WINDOWS\system32\uxtheme.dll2008-05-08 16:42 315,392 ----a-w C:\WINDOWS\HideWin.exe2008-05-07 05:16 1,291,264 ----a-w C:\WINDOWS\system32\quartz.dll2008-04-23 07:20 826,368 ----a-w C:\WINDOWS\system32\wininet.dll2004-08-03 22:44 60,928 --sha-w C:\WINDOWS\BricoPacks\SysFiles\80_msimn.exe.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2008-03-20 12:04 2127296]"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:44 15360][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-02-20 11:06 1443072]"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-16 14:01 13529088]"SkyTel"="SkyTel.EXE" [2008-07-30 21:01 1826816 C:\WINDOWS\SkyTel.exe]"RTHDCPL"="RTHDCPL.EXE" [2008-07-30 21:01 16844800 C:\WINDOWS\RTHDCPL.exe][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:44 15360][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]"VIDC.YV12"= yv12vfw.dll[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]--a------ 2008-05-16 14:01 13529088 C:\WINDOWS\system32\nvcpl.dll[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"C:\\Program Files\\uTorrent\\uTorrent.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe"="C:\\Program Files\\Gadu-Gadu\\gg.exe"="C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-02-20 11:11]R2 NIOC;NIOC Service;C:\WINDOWS\system32\NIOC.SYS [2002-09-27 18:21]R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;C:\WINDOWS\system32\DRIVERS\l151x86.sys [2007-11-01 08:56]S2 NOD32FiXTemDono;Eset Nod32 Boot;C:\WINDOWS\system32\regedt32.exe [2002-09-23 14:00]S3 NETDLWL;D-Link Air Wireless Adapter(DL) NT Driver;C:\WINDOWS\system32\DRIVERS\NETDLWL.SYS [2003-07-14 12:45]S3 w200bus;Sony Ericsson W200 driver (WDM);C:\WINDOWS\system32\DRIVERS\w200bus.sys [2006-11-07 10:42]S3 XDva076;XDva076;C:\WINDOWS\system32\XDva076.sys [].Contents of the 'Scheduled Tasks' folder"2008-07-23 10:11:22 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job"- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe"2008-07-23 10:11:21 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe"2008-07-23 10:43:49 C:\WINDOWS\Tasks\Uniblue SpyEraser.job"- C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe..------- Supplementary Scan -------.R0 -: HKCU-Main,Start Page = hxxp://google.pl/R1 -: HKCU-Internet Settings,ProxyOverride = *.localO8 -: E&ksportuj do programu Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000"Silent Runners.vbs", revision 58, http://www.silentrunners.org/Operating System: Windows XP SP2Output limited to non-default values, except where indicated by "{++}"Startup items buried in registry:---------------------------------HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}"Gadu-Gadu" = ""C:\Program Files\Gadu-Gadu\gg.exe" /tray" ["Gadu-Gadu S.A."]"ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS]HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}"SkyTel" = "SkyTel.EXE" ["Realtek Semiconductor Corp."]"egui" = ""C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice" ["ESET"]"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]"RTHDCPL" = "RTHDCPL.EXE" ["Realtek Semiconductor Corp."]HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}\(Default) = "Internet Explorer" \StubPath = "C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig" [MS]>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}\(Default) = "Outlook Express" \StubPath = "C:\WINDOWS\system32\shmgrate.exe OCInstallUserConfigOE" [MS]{44BBA842-CC51-11CF-AAFA-00AA00B6015B}\(Default) = "NetMeeting 3.01" \StubPath = "rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Remove.PerUser.NT" [MS]HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided) -> {HKLM...CLSID} = "Adobe PDF Reader Link Helper" \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]{72853161-30C5-4D22-B7F9-0BBC1D38A37E}\(Default) = (no title provided) -> {HKLM...CLSID} = "Groove GFS Browser Helper" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided) -> {HKLM...CLSID} = "SSVHelper Class" \InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."]HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania" -> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania" \InProcServer32\(Default) = "deskpan.dll" [file not found]"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu" -> {HKLM...CLSID} = "HyperTerminal Icon Ext" \InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]"{B327765E-D724-4347-8B16-78AE18552FC3}" = "NeroDigitalIconHandler" -> {HKLM...CLSID} = "NeroDigitalIconHandler Class" \InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]"{7F1CF152-04F8-453A-B34C-E609530A9DC8}" = "NeroDigitalPropSheetHandler" -> {HKLM...CLSID} = "NeroDigitalPropSheetHandler Class" \InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]"{B089FE88-FB52-11D3-BDF1-0050DA34150D}" = "Eset Smart Security - Context Menu Shell Extension" -> {HKLM...CLSID} = "Eset Smart Security - Context Menu Shell Extension" \InProcServer32\(Default) = "C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll" ["ESET"]"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class" -> {HKLM...CLSID} = "DesktopContext Class" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper" -> {HKLM...CLSID} = "NVIDIA CPL Extension" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer" -> {HKLM...CLSID} = "Desktop Explorer" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu" -> {HKLM...CLSID} = "nView Desktop Context Menu" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}" = "Groove GFS Browser Helper" -> {HKLM...CLSID} = "Groove GFS Browser Helper" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}" = "Groove GFS Explorer Bar" -> {HKLM...CLSID} = "Groove Folder Synchronization" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]"{A449600E-1DC6-4232-B948-9BD794D62056}" = "Groove GFS Stub Icon Handler" -> {HKLM...CLSID} = "Groove GFS Stub Icon Handler" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}" = "Groove GFS Stub Execution Hook" -> {HKLM...CLSID} = "Groove GFS Stub Execution Hook" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]"{6C467336-8281-4E60-8204-430CED96822D}" = "Groove GFS Context Menu Handler" -> {HKLM...CLSID} = "Groove GFS Context Menu Handler" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]"{387E725D-DC16-4D76-B310-2C93ED4752A0}" = "Groove XML Icon Handler" -> {HKLM...CLSID} = "Groove XML Icon Handler" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]"{16F3DD56-1AF5-4347-846D-7C10C4192619}" = "Groove Explorer Icon Overlay 3 (GFS Folder)" -> {HKLM...CLSID} = "Groove Explorer Icon Overlay 3 (GFS Folder)" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]"{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC}" = "Groove Explorer Icon Overlay 2 (GFS Stub)" -> {HKLM...CLSID} = "Groove Explorer Icon Overlay 2 (GFS Stub)" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]"{2916C86E-86A6-43FE-8112-43ABE6BF8DCC}" = "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" -> {HKLM...CLSID} = "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]"{99FD978C-D287-4F50-827F-B2C658EDA8E7}" = "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" -> {HKLM...CLSID} = "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]"{920E6DB1-9907-4370-B3A0-BAFC03D81399}" = "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" -> {HKLM...CLSID} = "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler" -> {HKLM...CLSID} = "Outlook File Icon Extension" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\OLKFSTUB.DLL" [MS]"{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler" -> {HKLM...CLSID} = "Microsoft Office Outlook" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\MLSHEXT.DLL" [MS]"{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C}" = "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" -> {HKLM...CLSID} = "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL" [MS]"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\msohevi.dll" [MS]"{993BE281-6695-4BA5-8A2A-7AACBFAAB69E}" = "Microsoft Office Metadata Handler" -> {HKLM...CLSID} = "Microsoft Office Metadata Handler" \InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS]"{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97}" = "Microsoft Office Thumbnail Handler" -> {HKLM...CLSID} = "Microsoft Office Thumbnail Handler" \InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS]"{AD392E40-428C-459F-961E-9B147782D099}" = "UltraISO" -> {HKLM...CLSID} = "UIContextMenu Class" \InProcServer32\(Default) = "C:\Program Files\UltraISO\isoshell.dll" ["EZB Systems, Inc."]HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\<<!>> "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}" = "Groove GFS Stub Execution Hook" -> {HKLM...CLSID} = "Groove GFS Stub Execution Hook" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\"WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}" -> {HKLM...CLSID} = "WPDShServiceObj Class" \InProcServer32\(Default) = "C:\WINDOWS\system32\WPDShServiceObj.dll" [MS]HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\<<!>> text/xml\CLSID = "{807563E5-5146-11D5-A672-00B0D022E945}" -> {HKLM...CLSID} = "Microsoft Office InfoPath XML Mime Filter" \InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL" [MS]HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{7D4D6379-F301-4311-BEBA-E26EB0561882}\(Default) = "NeroDigitalExt.NeroDigitalColumnHandler" -> {HKLM...CLSID} = "NeroDigitalColumnHandler Class" \InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info" -> {HKLM...CLSID} = "PDF Shell Extension" \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\Eset Smart Security - Context Menu Shell Extension\(Default) = "{B089FE88-FB52-11D3-BDF1-0050DA34150D}" -> {HKLM...CLSID} = "Eset Smart Security - Context Menu Shell Extension" \InProcServer32\(Default) = "C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll" ["ESET"]WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]XXX Groove GFS Context Menu Handler XXX\(Default) = "{6C467336-8281-4E60-8204-430CED96822D}" -> {HKLM...CLSID} = "Groove GFS Context Menu Handler" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\UltraISO\(Default) = "{AD392E40-428C-459F-961E-9B147782D099}" -> {HKLM...CLSID} = "UIContextMenu Class" \InProcServer32\(Default) = "C:\Program Files\UltraISO\isoshell.dll" ["EZB Systems, Inc."]WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]XXX Groove GFS Context Menu Handler XXX\(Default) = "{6C467336-8281-4E60-8204-430CED96822D}" -> {HKLM...CLSID} = "Groove GFS Context Menu Handler" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\Eset Smart Security - Context Menu Shell Extension\(Default) = "{B089FE88-FB52-11D3-BDF1-0050DA34150D}" -> {HKLM...CLSID} = "Eset Smart Security - Context Menu Shell Extension" \InProcServer32\(Default) = "C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll" ["ESET"]UltraISO\(Default) = "{AD392E40-428C-459F-961E-9B147782D099}" -> {HKLM...CLSID} = "UIContextMenu Class" \InProcServer32\(Default) = "C:\Program Files\UltraISO\isoshell.dll" ["EZB Systems, Inc."]WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]XXX Groove GFS Context Menu Handler XXX\(Default) = "{6C467336-8281-4E60-8204-430CED96822D}" -> {HKLM...CLSID} = "Groove GFS Context Menu Handler" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\XXX Groove GFS Context Menu Handler XXX\(Default) = "{6C467336-8281-4E60-8204-430CED96822D}" -> {HKLM...CLSID} = "Groove GFS Context Menu Handler" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]Default executables:--------------------<<!>> HKLM\SOFTWARE\Classes\.com\(Default) = "ComFile"Group Policies {GPedit.msc branch and setting}:-----------------------------------------------Note: detected settings may not have any effect.HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\"NoDrives" = (REG_DWORD) dword:0x00000000{unrecognized setting}HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\"NoDrives" = (REG_DWORD) dword:0x00000000{unrecognized setting}HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\"HideLegacyLogonScripts" = (REG_DWORD) dword:0x00000000{unrecognized setting}"HideLogoffScripts" = (REG_DWORD) dword:0x00000000{unrecognized setting}"RunLogonScriptSync" = (REG_DWORD) dword:0x00000001{unrecognized setting}"RunStartupScriptSync" = (REG_DWORD) dword:0x00000000{unrecognized setting}"HideStartupScripts" = (REG_DWORD) dword:0x00000000{unrecognized setting}HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\"shutdownwithoutlogon" = (REG_DWORD) dword:0x00000001{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|Shutdown: Allow system to be shut down without having to log on}"undockwithoutlogon" = (REG_DWORD) dword:0x00000001{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|Devices: Allow undock without having to log on}"DisableRegistryTools" = (REG_DWORD) dword:0x00000000{unrecognized setting}"HideLegacyLogonScripts" = (REG_DWORD) dword:0x00000000{unrecognized setting}"HideLogoffScripts" = (REG_DWORD) dword:0x00000000{unrecognized setting}"RunLogonScriptSync" = (REG_DWORD) dword:0x00000001{unrecognized setting}"RunStartupScriptSync" = (REG_DWORD) dword:0x00000000{unrecognized setting}"HideStartupScripts" = (REG_DWORD) dword:0x00000000{unrecognized setting}Active Desktop and Wallpaper:-----------------------------Active Desktop may be disabled at this entry:HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellStateDisplayed if Active Desktop enabled and wallpaper not set by Group Policy:HKCU\Software\Microsoft\Internet Explorer\Desktop\General\"Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"Displayed if Active Desktop disabled and wallpaper not set by Group Policy:HKCU\Control Panel\Desktop\"Wallpaper" = "C:\Documents and Settings\Mariusz\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"Windows Portable Device AutoPlay Handlers-----------------------------------------HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\MPCPlayCDAudioOnArrival\"Provider" = "Media Player Classic""InvokeProgID" = "MediaPlayerClassic.Autorun""InvokeVerb" = "PlayCDAudio"HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayCDAudio\command\(Default) = ""C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe" %1 /cd" ["Gabest"]MPCPlayDVDMovieOnArrival\"Provider" = "Media Player Classic""InvokeProgID" = "MediaPlayerClassic.Autorun""InvokeVerb" = "PlayDVDMovie"HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayDVDMovie\command\(Default) = ""C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe" %1 /dvd" ["Gabest"]MPCPlayMusicFilesOnArrival\"Provider" = "Media Player Classic""InvokeProgID" = "MediaPlayerClassic.Autorun""InvokeVerb" = "PlayMusicFiles"HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayMusicFiles\command\(Default) = ""C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe" %1" ["Gabest"]MPCPlayVideoFilesOnArrival\"Provider" = "Media Player Classic""InvokeProgID" = "MediaPlayerClassic.Autorun""InvokeVerb" = "PlayVideoFiles"HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayVideoFiles\command\(Default) = ""C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe" %1" ["Gabest"]MSWPDShellNamespaceHandler\"Provider" = "@%SystemRoot%\System32\WPDShextRes.dll,-501""CLSID" = "{A55803CC-4D53-404c-8557-FD63DBA95D24}""InitCmdLine" = " " -> {HKLM...CLSID} = "WPDShextAutoplay" \LocalServer32\(Default) = "C:\WINDOWS\system32\WPDShextAutoplay.exe" [MS]NeroAutoPlay7CDAudio\"Provider" = "Nero Express Essentials""InvokeProgID" = "Nero.AutoPlay7""InvokeVerb" = "CDAudio_HandleCDBurningOnArrival"HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\CDAudio_HandleCDBurningOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Core\nero.exe -w /New:AudioCD" ["Nero AG"]NeroAutoPlay7CopyCD\"Provider" = "Nero Express Essentials""InvokeProgID" = "Nero.AutoPlay7""InvokeVerb" = "CopyCD_PlayMusicFilesOnArrival"HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\CopyCD_PlayMusicFilesOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Core\nero.exe -w /New:DiscCopy" ["Nero AG"]NeroAutoPlay7DataDisc\"Provider" = "Nero Express Essentials""InvokeProgID" = "Nero.AutoPlay7""InvokeVerb" = "DataDisc_HandleCDBurningOnArrival"HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\DataDisc_HandleCDBurningOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Core\nero.exe -w /New:ISODisc" ["Nero AG"]NeroAutoPlay7LaunchNeroStartSmart\"Provider" = "Nero StartSmart Essentials""InvokeProgID" = "Nero.AutoPlay7""InvokeVerb" = "LaunchNeroStartSmart_HandleCDBurningOnArrival"HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\LaunchNeroStartSmart_HandleCDBurningOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Nero StartSmart\NeroStartSmart.exe /AutoPlay" ["Nero AG"]NeroAutoPlay7PlayAudioCD\"Provider" = "Nero ShowTime Essentials""InvokeProgID" = "Nero.AutoPlay7""InvokeVerb" = "PlayAudioCD_PlayMusicFilesOnArrival"HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\PlayAudioCD_PlayMusicFilesOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe /Play %L" ["Nero AG"]NeroAutoPlay7PlayDVD\"Provider" = "Nero ShowTime Essentials""InvokeProgID" = "Nero.AutoPlay7""InvokeVerb" = "PlayDVD_PlayVideoFilesOnArrival"HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\PlayDVD_PlayVideoFilesOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe /Play %L" ["Nero AG"]NeroAutoPlay7TranscodeVideo\"Provider" = "Nero Recode Essentials""InvokeProgID" = "Nero.AutoPlay7""InvokeVerb" = "TranscodeVideo_PlayDVDMovieOnArrival"HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\TranscodeVideo_PlayDVDMovieOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Nero Recode\Recode.exe /New:CopyDVDVideo" ["Nero AG"]NeroAutoPlay7VideoCapture\"Provider" = "Nero Vision Essentials""ProgID" = "Shell.HWEventHandlerShellExecute""InitCmdLine" = ""C:\Program Files\Nero\Nero 7\Nero Vision\NeroVision.exe" /New:VideoCapture"HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = "{FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" -> {HKLM...CLSID} = "ShellExecute HW Event Handler" \LocalServer32\(Default) = "rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" [MS]NeroAutoPlay7ViewPhotos\"Provider" = "Nero PhotoSnap Viewer Essentials""InvokeProgID" = "Nero.AutoPlay7""InvokeVerb" = "ViewPhotos_ShowPicturesOnArrival"HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\ViewPhotos_ShowPicturesOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Nero PhotoSnap\PhotoSnapViewer.exe /" ["Nero AG"]Enabled Scheduled Tasks:------------------------"Uniblue SpeedUpMyPC Nag" -> launches: "C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe -s" ["Uniblue Software"]"Uniblue SpeedUpMyPC" -> launches: "C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe -s" ["Uniblue Software"]"Uniblue SpyEraser" -> launches: "C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe -s" ["Uniblue Software"]Winsock2 Service Provider DLLs:-------------------------------Namespace Service ProvidersHKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]Transport Service ProvidersHKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 13%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05Toolbars, Explorer Bars, Extensions:------------------------------------Explorer BarsHKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\HKLM\SOFTWARE\Classes\CLSID\{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}\(Default) = "Groove Folder Synchronization"Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]HKLM\SOFTWARE\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Poszukaj"Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL" [MS]Extensions (Tools menu items, main toolbar menu buttons)HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\"MenuText" = "Sun Java Console""CLSIDExtension" = "{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC}" -> {HKCU...CLSID} = "Java Plug-in 1.6.0_06" \InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."] -> {HKLM...CLSID} = "Java Plug-in 1.6.0_06" \InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_06\bin\npjpi160_06.dll" ["Sun Microsystems, Inc."]{2670000A-7350-4F3C-8081-5663EE0C6C49}\"ButtonText" = "Wyślij do programu OneNote""MenuText" = "Wyślij &do programu OneNote""CLSIDExtension" = "{48E73304-E1D6-4330-914C-F5F514E3486C}" -> {HKLM...CLSID} = "Send to OneNote from Internet Explorer button" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll" [MS]{92780B25-18CC-41C8-B9BE-3C9C571A8263}\"ButtonText" = "Research"{E2E2DD38-D088-4134-82B7-F2BA38496583}\"MenuText" = "@xpsp3res.dll,-20001""Exec" = "%windir%\Network Diagnostic\xpnetdiag.exe" [MS]Running Services (Display Name, Service Name, Path {Service DLL}):------------------------------------------------------------------Eset Service, ekrn, ""C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe"" ["ESET"]NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"]Print Monitors:---------------HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\Send To Microsoft OneNote Monitor\Driver = "msonpmon.dll" [MS]---------- (launch time: 2008-07-31 10:54:52)<<!>>: Suspicious data at a malware launch point.+ This report excludes default entries except where indicated.+ To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter.+ To search all directories of local fixed drives for DESKTOP.INI DLL launch points, use the -supp parameter or answer "No" at the first message box and "Yes" at the second message box.---------- (total run time: 24 seconds, including 8 seconds for message boxes) To były logi z hijack combofix i sillent runer (sory za literowki ale nie wiem jak sie to pisze) Tylko nie wiem czy dobrze te logi sprawdzilem
Mateusz J. komentarz 31 lipca 2008 komentarz 31 lipca 2008 R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file) Fix w HijackThis. SR i ComboFix - czysto. Jaki powód sprawdzania logów?
Mariuszysko komentarz 31 lipca 2008 Autor komentarz 31 lipca 2008 Po jakis pieciu godzinach od wlaczenia kompa mi sie net spowalnia a po drugie w katalogu C:\Documents and Settings\Mariusz\Ustawienia lokalne\temp antyvir znajduje virusa ktorego nie ma w tym folderze av-test.txt
Mateusz J. komentarz 31 lipca 2008 komentarz 31 lipca 2008 W tym folderze znajduje av-test.txt? Usuń całą zawartość folderu: C:\Documents and Settings\Mariusz\Ustawienia lokalne\temp
Mariuszysko komentarz 31 lipca 2008 Autor komentarz 31 lipca 2008 taktez zrobilem narazie jest spokoj
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.