Lucasinho utworzono 12 listopada 2008 utworzono 12 listopada 2008 Mam taki problem... do wczoraj mój komputer chodził elegancko, lecz nagle podczas gry wszystko zaczęło się przycinać. No to wyłączyłem grę, ale okazało się że to cały komp spowolnił :/ Ma co kilkanaście sekund zwiechy. Skanowałem Nortonem - nic nie wykrył, Spyware Doctor - również nic nie wykrył, a rejestr jest regularnie czyszczony CCleanerem. Ponadto dołączam log z Combofixa: ComboFix 08-11-11.01 - K1 2008-11-12 15:22:13.1 - NTFSx86Microsoft Windows XP Professional 5.1.2600.3.1250.1.1045.18.1528 [GMT 1:00]Uruchomiony z: f:\ściągnięte\ComboFix.exe * Utworzono nowy punkt przywracania.((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))).C:\Autorun.infc:\documents and settings\K1\Dane aplikacji\.#c:\windows\system32\AutoRun.infc:\windows\system32\ff_liba52.dllc:\windows\system32\ff_libfaad2.dllc:\windows\system32\ff_samplerate.dllc:\windows\system32\ff_unrar.dllc:\windows\system32\libavcodec.dllc:\windows\system32\libmplayer.dllc:\windows\system32\tdssservers.datE:\Autorun.infF:\Autorun.inf.((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi ))))))))))))))))))))))))))))))))))))))))))))))))).-------\Legacy_NPF((((((((((((((((((((((((( Pliki utworzone od 2008-10-12 do 2008-11-12 ))))))))))))))))))))))))))))))).2008-11-11 17:57 . 2007-10-04 00:36 25,600 --a------ c:\windows\system32\WS2Fix.exe2008-11-11 16:51 . 2008-11-11 16:51 <DIR> d-------- c:\program files\Windows Sidebar2008-11-11 16:51 . 2008-11-12 14:53 <DIR> d-------- c:\program files\Norton AntiVirus2008-11-11 16:50 . 2008-11-11 17:27 <DIR> d-------- c:\program files\Symantec2008-11-11 16:50 . 2008-11-11 17:27 123,952 --a------ c:\windows\system32\drivers\SYMEVENT.SYS2008-11-11 16:50 . 2008-11-11 17:27 60,800 --a------ c:\windows\system32\S32EVNT1.DLL2008-11-11 16:50 . 2008-11-11 17:27 10,671 --a------ c:\windows\system32\drivers\SYMEVENT.CAT2008-11-11 16:50 . 2008-11-11 17:27 805 --a------ c:\windows\system32\drivers\SYMEVENT.INF2008-11-10 18:40 . 2008-11-10 18:40 <DIR> d-------- c:\program files\MySecretFolder XP2008-11-10 18:13 . 2008-11-10 18:43 <DIR> d-------- c:\program files\Folder Lock2008-11-10 18:13 . 2008-11-10 18:43 20 --a------ C:\sccfg.sys2008-11-09 17:14 . 2008-11-09 17:14 <DIR> d-------- c:\program files\Activision2008-11-09 16:55 . 2006-09-01 18:10 143,360 --a------ c:\windows\system32\ImageDrive.cpl2008-11-09 13:17 . 2008-11-09 13:18 <DIR> d-------- c:\documents and settings\K1\Dane aplikacji\zweitgeist2008-11-09 13:15 . 2008-11-09 17:24 <DIR> d-------- c:\program files\DAEMON Tools Toolbar2008-11-04 17:17 . 2008-11-04 17:17 <DIR> d-------- C:\games2008-11-04 14:44 . 2008-11-04 14:44 <DIR> d-------- c:\windows\system32\xlive2008-11-02 04:07 . 2008-11-02 04:07 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\Sports Interactive2008-11-01 15:59 . 2008-11-01 16:47 <DIR> d-------- c:\documents and settings\K1\Dane aplikacji\BESTplayer2008-10-31 20:17 . 2008-10-31 20:23 23 --a------ c:\windows\BlendSettings.ini2008-10-29 21:16 . 2008-11-09 11:54 <DIR> d-------- c:\program files\DNA2008-10-29 21:16 . 2008-10-29 21:16 <DIR> d-------- c:\program files\BitTorrent2008-10-29 15:19 . 2007-02-27 20:39 1,040,384 --a------ c:\windows\system32\libeay32.dll2008-10-29 15:19 . 2007-02-27 20:40 196,608 --a------ c:\windows\system32\ssleay32.dll2008-10-29 15:19 . 2008-10-29 15:19 196,608 --a------ c:\windows\system32\libssl32.dll2008-10-26 17:07 . 2008-10-26 17:07 22,328 --a------ c:\windows\system32\drivers\PnkBstrK.sys2008-10-26 17:06 . 2008-10-26 17:06 2,250,024 --a------ c:\windows\system32\pbsvc.exe2008-10-26 17:06 . 2008-10-26 17:06 107,832 --a------ c:\windows\system32\PnkBstrB.exe2008-10-26 17:06 . 2008-10-26 17:06 66,872 --a------ c:\windows\system32\PnkBstrA.exe2008-10-25 10:53 . 2008-10-25 10:53 78 --a------ C:\autorun.inf.vir2008-10-19 18:11 . 2008-07-12 08:18 3,851,784 --a------ c:\windows\system32\D3DX9_39.dll2008-10-19 18:11 . 2008-07-12 08:18 1,493,528 --a------ c:\windows\system32\D3DCompiler_39.dll2008-10-19 18:11 . 2008-07-31 10:40 509,448 --a------ c:\windows\system32\XAudio2_2.dll2008-10-19 18:11 . 2008-07-12 08:18 467,984 --a------ c:\windows\system32\d3dx10_39.dll2008-10-19 18:11 . 2008-07-31 10:41 238,088 --a------ c:\windows\system32\xactengine3_2.dll2008-10-19 18:11 . 2008-07-31 10:41 68,616 --a------ c:\windows\system32\XAPOFX1_1.dll2008-10-19 18:10 . 2008-10-26 09:54 413,696 --a------ c:\windows\system32\wrap_oal.dll2008-10-19 18:10 . 2008-10-26 09:54 110,592 --a------ c:\windows\system32\OpenAL32.dll2008-10-19 18:07 . 2008-10-19 18:07 <DIR> d-------- c:\windows\95FC26FB19FD4A96BBB1B1062E8648F5.TMP2008-10-17 17:40 . 2008-10-17 17:40 46,130 --a------ C:\Autorun.exe.vir2008-10-16 14:21 . 2008-10-16 14:21 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\KONAMI2008-10-15 13:43 . 2008-08-14 14:26 2,190,464 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe2008-10-15 13:43 . 2008-08-14 14:26 2,146,816 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe2008-10-15 13:43 . 2008-08-14 14:26 2,067,328 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe2008-10-15 13:43 . 2008-08-14 14:26 2,025,472 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe2008-10-12 14:40 . 2008-10-12 14:40 <DIR> dr-h----- c:\documents and settings\K1\Dane aplikacji\SecuROM.(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))).2008-11-12 14:09 --------- d-----w c:\program files\Common Files\Symantec Shared2008-11-12 13:59 --------- d-----w c:\documents and settings\K1\Dane aplikacji\DMCache2008-11-11 16:16 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Symantec2008-11-11 15:53 --------- d---a-w c:\documents and settings\All Users\Dane aplikacji\TEMP2008-11-11 15:53 --------- d-----w c:\program files\Spyware Doctor2008-11-11 12:25 --------- d--h--w c:\program files\InstallShield Installation Information2008-11-11 08:54 --------- d-----w c:\documents and settings\K1\Dane aplikacji\Vso2008-11-09 10:53 --------- d-----w c:\program files\AviSynth 2.52008-11-07 22:42 --------- d-----w c:\documents and settings\K1\Dane aplikacji\BitTorrent2008-11-02 10:04 --------- d-----w c:\documents and settings\K1\Dane aplikacji\Hamachi2008-11-02 03:07 --------- d-----w c:\documents and settings\K1\Dane aplikacji\Sports Interactive2008-11-01 14:46 --------- d-----w c:\documents and settings\K1\Dane aplikacji\temp2008-10-31 20:00 --------- d-----w c:\program files\Hamachi2008-10-31 19:59 25,280 ----a-w c:\windows\system32\drivers\hamachi.sys2008-10-26 16:07 22,328 ----a-w c:\documents and settings\K1\Dane aplikacji\PnkBstrK.sys2008-10-21 20:47 --------- d-----w c:\documents and settings\K1\Dane aplikacji\IDM2008-10-19 17:07 --------- d-----w c:\program files\Common Files\Wise Installation Wizard2008-10-12 10:25 --------- d-----w c:\program files\AGEIA Technologies2008-10-09 20:33 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Microsoft Help2008-10-02 16:46 --------- d-----w c:\documents and settings\K1\Dane aplikacji\Leadertech2008-09-28 10:00 --------- d-----w c:\program files\Google2008-09-27 13:41 --------- d-----w c:\program files\Trojan Remover2008-09-27 13:41 --------- d-----w c:\documents and settings\K1\Dane aplikacji\Simply Super Software2008-09-27 13:41 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Simply Super Software2008-09-27 10:43 --------- d-----w c:\program files\TuneUp Portable 20082008-09-27 09:25 --------- d-----w c:\program files\Common Files\PC Tools2008-09-27 09:19 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\PC Tools2008-09-22 18:21 --------- d-----w c:\program files\MegauploadToolbar2008-09-22 18:21 --------- d-----w c:\program files\AIMP22008-09-22 18:19 --------- d-----w c:\program files\TuneUp Utilities 20082008-09-20 21:13 --------- dc-h--w c:\documents and settings\All Users\Dane aplikacji\{0691F710-1ECA-4B5A-9727-25554F1BFDC6}2008-09-19 13:24 279,712 ----a-w c:\windows\system32\drivers\atksgt.sys2008-09-19 13:24 25,888 ----a-w c:\windows\system32\drivers\lirsgt.sys2008-09-19 12:43 --------- d-----w c:\documents and settings\K1\Dane aplikacji\HP2008-09-19 12:43 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\HP2008-09-17 19:01 --------- d-----w c:\program files\Easy RealMedia Tools2008-09-04 20:34 315,392 ----a-w c:\windows\HideWin.exe2008-08-26 09:09 71,489 ----a-w c:\windows\BricoPackUninst.cmd2008-08-26 09:09 5,411 ----a-w c:\windows\BricoPackFoldersDelete.cmd2008-04-04 11:51 87,608 ----a-w c:\documents and settings\K1\Dane aplikacji\ezpinst.exe2008-04-04 11:51 47,360 ----a-w c:\documents and settings\K1\Dane aplikacji\pcouffin.sys2006-06-23 22:48 32,768 ----a-r c:\windows\inf\UpdateUSB.exe.((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))..*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"RocketDock"="c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe" [2007-03-18 630784]"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]"MSF_Monitor"="c:\progra~1\MYSECR~1\MSFMON.exe" [2007-01-25 99920]"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]"osCheck"="c:\program files\Norton AntiVirus\osCheck.exe" [2007-08-24 714608][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]"nltide_2"="shell32" [X]"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-04 44544]"nltide_3"="advpack.dll" [2008-08-26 c:\windows\system32\advpack.dll]c:\documents and settings\All Users\Menu Start\Programy\Autostart\HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 210520][HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"DisableStatusMessages"= 1 (0x1)[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]"NoSMMyPictures"= 1 (0x1)"NoSMConfigurePrograms"= 1 (0x1)[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]"NoSMMyPictures"= 1 (0x1)"NoSMConfigurePrograms"= 1 (0x1)"NoSMHelp"= 1 (0x1)[HKLM\~\startupfolder\C:^Documents and Settings^K1^Menu Start^Programy^Autostart^RocketDock.lnk]path=c:\documents and settings\K1\Menu Start\Programy\Autostart\RocketDock.lnkbackup=c:\windows\pss\RocketDock.lnkStartup[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]--a------ 2008-04-14 21:51 15360 c:\windows\system32\ctfmon.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]--a------ 2008-04-20 16:31 1838592 c:\program files\Google\Google Desktop Search\GoogleDesktop.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]--a------ 2007-08-24 06:00 33648 c:\program files\Microsoft Office\Office12\GrooveMonitor.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]--a------ 2006-12-05 21:55 54832 c:\program files\CyberLink\PowerDVD\Language\Language.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]--a------ 2008-02-22 03:25 144784 c:\program files\Java\jre1.6.0_05\bin\jusched.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]-r------- 2005-05-03 11:43 69632 c:\windows\Alcmtr.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]"avast! Mail Scanner"=3 (0x3)[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]"DisableMonitoring"=dword:00000001[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]"DisableMonitoring"=dword:00000001[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]"DisableMonitoring"=dword:00000001[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]"EnableFirewall"= 0 (0x0)[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\system32\\sessmgr.exe"="c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="c:\\Program Files\\SopCast\\adv\\SopAdver.exe"="c:\\Program Files\\SopCast\\SopCast.exe"="c:\\Program Files\\Gadu-Gadu\\gg.exe"="c:\\Documents and Settings\\K1\\Dane aplikacji\\Thinstall\\APCS3E\\4000005700003i\\mDNSResponder.exe"="c:\\Program Files\\BitTorrent\\bittorrent.exe"="e:\\Gry\\PES 2008\\PES2008.exe"="c:\\WINDOWS\\system32\\PnkBstrA.exe"="c:\\WINDOWS\\system32\\PnkBstrB.exe"="c:\\Program Files\\Java\\jre1.6.0_05\\launch4j-tmp\\JDownloader.exe"="c:\\WINDOWS\\system32\\java.exe"="c:\\Program Files\\Winamp Remote\\bin\\Orb.exe"="c:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"="c:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"="c:\\WINDOWS\\system32\\dplaysvr.exe"="e:\\Gry\\Football Manager 2008\\fm.exe"="c:\\Program Files\\Java\\jre1.6.0_05\\bin\\javaw.exe"="c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="f:\\udostep\\Heroes 3 Full\\Heroes3.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"="c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]"26544:TCP"= 26544:TCP:BitComet 26544 TCP"26544:UDP"= 26544:UDP:BitComet 26544 UDP"8461:TCP"= 8461:TCP:GoD High Port"8462:TCP"= 8462:TCP:GoD Low PortR0 mv61xx;mv61xx;c:\windows\system32\DRIVERS\mv61xx.sys [2007-10-17 91520]R1 pctfw2;pctfw2;c:\windows\system32\drivers\pctfw2.sys [2008-07-28 160792]R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};c:\program files\CyberLink\PowerDVD\[u]0[/u]00.fcl [2006-11-02 15:51 13560]R2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2008-01-23 501560]R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\ccSvcHst.exe [2008-10-17 149352]R2 MSF32;MSF32;c:\program files\MySecretFolder XP\MSF32.SYS [2007-01-25 39424]S2 UxTuneUp;TuneUp Theme Extension;c:\windows\System32\svchost.exe [2008-04-14 14336]S3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\DRIVERS\atl01_xp.sys [2007-10-17 38656]S3 COH_Mon;COH_Mon;c:\windows\system32\Drivers\COH_Mon.sys [2008-07-30 23888]S3 TuneUp.Defrag;TuneUp Drive Defrag Service;c:\windows\System32\TuneUpDefragService.exe [2008-04-20 307968]S3 usbscan;Sterownik skanera USB;c:\windows\system32\DRIVERS\usbscan.sys [2008-04-13 15104]S3 USBSTOR;Sterownik magazynu masowego USB;c:\windows\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc.Zawartość folderu 'Zaplanowane zadania'2008-11-07 c:\windows\Tasks\1-Klik Konserwacja.job- c:\program files\TuneUp Portable 2008\TuneUp\OneClick.exe [2007-12-21 20:17]2008-11-11 c:\windows\Tasks\Norton AntiVirus - Uruchom pełne skanowanie systemu - K1.job- c:\program files\Norton AntiVirus\Navw32.exe [2007-08-26 18:19].- - - - USUNIĘTO PUSTE WPISY - - - -MSConfigStartUp-AlcoholAutomount - c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe.------- Skan uzupełniający -------.FireFox -: Profile - c:\documents and settings\K1\Dane aplikacji\Mozilla\Firefox\Profiles\yysy0x0d.default\FireFox -: prefs.js - STARTUP.HOMEPAGE - onet.plFF -: plugin - c:\program files\Mozilla Firefox\plugins\npbittorrent.dllFF -: plugin - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll.**************************************************************************catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2008-11-12 15:25:34Windows 5.1.2600 Dodatek Service Pack 3 NTFSskanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ...skanowanie ukrytych plików ... skanowanie pomyślnie ukończoneukryte pliki: 0**************************************************************************[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\[u]0[/u]00.fcl".--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------PROCES: c:\windows\explorer.exe-> c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.dll.------------------------ Pozostałe uruchomione procesy ------------------------.c:\windows\system32\ati2evxx.exec:\windows\system32\ati2evxx.exec:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exec:\windows\system32\PnkBstrA.exec:\windows\system32\PnkBstrB.exec:\program files\CyberLink\Shared Files\RichVideo.exec:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exec:\program files\HP\Digital Imaging\bin\hpqste08.exe.**************************************************************************.Czas ukończenia: 2008-11-12 15:27:55 - komputer został uruchomiony ponownieComboFix-quarantined-files.txt 2008-11-12 14:27:51Przed: 36 227 940 352 bajtów wolnychPo: 36,463,857,664 bajtów wolnychWindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe[boot loader]timeout=2default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS[operating systems]c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdconsmulti(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer279 --- E O F --- 2008-10-24 15:01:31 Jeszcze log z Hijackthis: Logfile of Trend Micro HijackThis v2.0.2Scan saved at 15:40:10, on 2008-11-12Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.20900)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\MYSECR~1\MSFMON.exeC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\HP\Digital Imaging\bin\hpqtra08.exeC:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\PnkBstrA.exeC:\WINDOWS\system32\PnkBstrB.exeC:\Program Files\CyberLink\Shared Files\RichVideo.exeC:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exeC:\WINDOWS\system32\wuauclt.exeC:\WINDOWS\explorer.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Internet Download Manager\IDMan.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = ŁączaR3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)O2 - BHO: IDMIEHlprObj Class - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dllO2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dllO2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dllO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dllO2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dllO2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dllO2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exeO4 - HKLM\..\Run: [MSF_Monitor] C:\PROGRA~1\MYSECR~1\MSFMON.exe /StartO4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"O4 - HKCU\..\Run: [RocketDock] "C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe"O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'USŁUGA LOKALNA')O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'USŁUGA SIECIOWA')O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exeO8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Dane aplikacji\Winamp Toolbar\ieToolbar\resources\en-US\local\search.htmlO8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000O8 - Extra context menu item: Ściągnij przez IDM - C:\Program Files\Internet Download Manager\IEExt.htmO8 - Extra context menu item: Ściągnij wszystkie linki przez IDM - C:\Program Files\Internet Download Manager\IEGetAll.htmO8 - Extra context menu item: Ściągnij zawartość wideo FLV przez IDM - C:\Program Files\Internet Download Manager\IEGetVL.htmO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dllO9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dllO9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dllO9 - Extra button: Kolekcja wycinków HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dllO9 - Extra button: Zaznaczanie HP Smart - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLLO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cabO18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dllO23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exeO23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exeO23 - Service: Harmonogram automatycznej usługi LiveUpdate (Automatic LiveUpdate Scheduler) - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exeO23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeO23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeO23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeO23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exeO23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXEO23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeO23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exeO23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exeO23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exeO23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exeO23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exeO23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exeO23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exeO23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exeO23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe--End of file - 8705 bytes oraz Silent Runners: "Silent Runners.vbs", revision 58, http://www.silentrunners.org/Operating System: Windows XPOutput limited to non-default values, except where indicated by "{++}"Startup items buried in registry:---------------------------------HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}"RocketDock" = ""C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe"" [null data]"ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS]HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}"hpqSRMon" = "C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe" ["Hewlett-Packard"]"MSF_Monitor" = "C:\PROGRA~1\MYSECR~1\MSFMON.exe /Start" ["WinAbility® Software Corporation"]"ccApp" = ""C:\Program Files\Common Files\Symantec Shared\ccApp.exe"" ["Symantec Corporation"]"osCheck" = ""C:\Program Files\Norton AntiVirus\osCheck.exe"" ["Symantec Corporation"]HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}\(Default) = (no title provided) -> {HKLM...CLSID} = "IDMIEHlprObj Class" \InProcServer32\(Default) = "C:\Program Files\Internet Download Manager\IDMIECC.dll" ["Tonec Inc."]{0347C33E-8762-4905-BF09-768834316C61}\(Default) = "HP Print Enhancer" -> {HKLM...CLSID} = "HP Print Enhancer" \InProcServer32\(Default) = "C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll" ["Hewlett-Packard Co."]{053F9267-DC04-4294-A72C-58F732D338C0}\(Default) = (no title provided) -> {HKLM...CLSID} = "HP Print Clips" \InProcServer32\(Default) = "C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll" ["Hewlett-Packard Co."]{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided) -> {HKLM...CLSID} = "Adobe PDF Reader Link Helper" \InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]{6D53EC84-6AAE-4787-AEEE-F4628F01010C}\(Default) = "Symantec Intrusion Prevention" -> {HKLM...CLSID} = "Symantec Intrusion Prevention" \InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll" ["Symantec Corporation"]{72853161-30C5-4D22-B7F9-0BBC1D38A37E}\(Default) = (no title provided) -> {HKLM...CLSID} = "Groove GFS Browser Helper" \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll" [MS]{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided) -> {HKLM...CLSID} = "SSVHelper Class" \InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll" ["Sun Microsystems, Inc."]{9030D464-4C02-4ABF-8ECC-5164760863C6}\(Default) = (no title provided) -> {HKLM...CLSID} = "Windows Live Sign-in Helper" \InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll" [MS]HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania" -> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania" \InProcServer32\(Default) = "deskpan.dll" [file not found]"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu" -> {HKLM...CLSID} = "HyperTerminal Icon Ext" \InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]"{3028902F-6374-48b2-8DC6-9725E775B926}" = "IE Microsoft AutoComplete" -> {HKLM...CLSID} = "IE Microsoft AutoComplete" \InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]"{EFA24E62-B078-11d0-89E4-00C04FC9E26E}" = "History Band" -> {HKLM...CLSID} = "History Band" \InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}" = "Groove GFS Browser Helper" -> {HKLM...CLSID} = "Groove GFS Browser Helper" \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll" [MS]"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}" = "Groove GFS Explorer Bar" -> {HKLM...CLSID} = "Groove Folder Synchronization" \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll" [MS]"{A449600E-1DC6-4232-B948-9BD794D62056}" = "Groove GFS Stub Icon Handler" -> {HKLM...CLSID} = "Groove GFS Stub Icon Handler" \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll" [MS]"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}" = "Groove GFS Stub Execution Hook" -> {HKLM...CLSID} = "Groove GFS Stub Execution Hook" \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll" [MS]"{6C467336-8281-4E60-8204-430CED96822D}" = "Groove GFS Context Menu Handler" -> {HKLM...CLSID} = "Groove GFS Context Menu Handler" \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll" [MS]"{387E725D-DC16-4D76-B310-2C93ED4752A0}" = "Groove XML Icon Handler" -> {HKLM...CLSID} = "Groove XML Icon Handler" \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll" [MS]"{16F3DD56-1AF5-4347-846D-7C10C4192619}" = "Groove Explorer Icon Overlay 3 (GFS Folder)" -> {HKLM...CLSID} = "Groove Explorer Icon Overlay 3 (GFS Folder)" \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll" [MS]"{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC}" = "Groove Explorer Icon Overlay 2 (GFS Stub)" -> {HKLM...CLSID} = "Groove Explorer Icon Overlay 2 (GFS Stub)" \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll" [MS]"{2916C86E-86A6-43FE-8112-43ABE6BF8DCC}" = "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" -> {HKLM...CLSID} = "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll" [MS]"{99FD978C-D287-4F50-827F-B2C658EDA8E7}" = "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" -> {HKLM...CLSID} = "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll" [MS]"{920E6DB1-9907-4370-B3A0-BAFC03D81399}" = "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" -> {HKLM...CLSID} = "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll" [MS]"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler" -> {HKLM...CLSID} = "Outlook File Icon Extension" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~1\Office12\OLKFSTUB.DLL" [MS]"{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler" -> {HKLM...CLSID} = "Microsoft Office Outlook" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~1\Office12\MLSHEXT.DLL" [MS]"{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C}" = "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" -> {HKLM...CLSID} = "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~1\Office12\ONFILTER.DLL" [MS]"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\msohevi.dll" [MS]"{993BE281-6695-4BA5-8A2A-7AACBFAAB69E}" = "Microsoft Office Metadata Handler" -> {HKLM...CLSID} = "Microsoft Office Metadata Handler" \InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS]"{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97}" = "Microsoft Office Thumbnail Handler" -> {HKLM...CLSID} = "Microsoft Office Thumbnail Handler" \InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS]"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]"{5E2121EE-0300-11D4-8D3B-444553540000}" = "Catalyst Context Menu extension" -> {HKLM...CLSID} = "SimpleShlExt Class" \InProcServer32\(Default) = "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll" [null data]"{1F77B17B-F531-44DB-ACA4-76ABB5010A28}" = "AIMP2: Shell Extention" -> {HKLM...CLSID} = "AIMP Classic Shell" \InProcServer32\(Default) = "F:\udostep\PROGPO~1\PORTAB~1.75(\System\AIMP_S~1.DLL" ["Artem Izmaylov"]"{44440D00-FF19-4AFC-B765-9A0970567D97}" = "TuneUp Theme Extension" -> {HKLM...CLSID} = "TuneUp Theme Extension" \InProcServer32\(Default) = "C:\WINDOWS\System32\uxtuneup.dll" ["TuneUp Software GmbH"]"{4858E7D9-8E12-45a3-B6A3-1CD128C9D403}" = "TuneUp Shredder Shell Extension" -> {HKLM...CLSID} = "TuneUp Shredder Shell Extension" \InProcServer32\(Default) = "C:\Program Files\TuneUp Utilities 2008\SDShelEx-win32.dll" ["TuneUp Software GmbH"]"{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D}" = "Messenger Sharing Folders" -> {HKLM...CLSID} = "My Sharing Folders" \InProcServer32\(Default) = "C:\Program Files\Windows Live\Messenger\fsshext.8.5.1302.1018.dll" [MS]"{ABC70703-32AF-11d4-90C4-D483A70F4825}" = "CMenuExtender" -> {HKLM...CLSID} = "CMenuExtender" \InProcServer32\(Default) = "C:\WINDOWS\BricoPacks\Vista Inspirat 2\iColorFolder\CMExt.dll" ["Revenger inc."]"{0A0F10FC-1743-468b-A5B9-C251B727F6AF}" = "MSF" -> {HKLM...CLSID} = "MSF" \InProcServer32\(Default) = "C:\Program Files\MySecretFolder XP\MSF32.DLL" ["WinAbility® Software Corporation"]HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\<<!>> "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}" = "Groove GFS Stub Execution Hook" -> {HKLM...CLSID} = "Groove GFS Stub Execution Hook" \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll" [MS]HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\"WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}" -> {HKLM...CLSID} = "WPDShServiceObj Class" \InProcServer32\(Default) = "C:\WINDOWS\system32\WPDShServiceObj.dll" [MS]HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\<<!>> AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."]<<!>> dimsntfy\DLLName = "C:\WINDOWS\System32\dimsntfy.dll" [MS]HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\<<!>> text/xml\CLSID = "{807563E5-5146-11D5-A672-00B0D022E945}" -> {HKLM...CLSID} = "Microsoft Office InfoPath XML Mime Filter" \InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL" [MS]HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info" -> {HKLM...CLSID} = "PDF Shell Extension" \InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\AIMPClassic\(Default) = "{1F77B17B-F531-44DB-ACA4-76ABB5010A28}" -> {HKLM...CLSID} = "AIMP Classic Shell" \InProcServer32\(Default) = "F:\udostep\PROGPO~1\PORTAB~1.75(\System\AIMP_S~1.DLL" ["Artem Izmaylov"]MagicISO\(Default) = "{DB85C504-C730-49DD-BEC1-7B39C6103B7A}" -> {HKLM...CLSID} = "MShellExtMenu Class" \InProcServer32\(Default) = "C:\Program Files\MagicISO\misosh.dll" ["MagicISO, Inc."]MSF\(Default) = "{0A0F10FC-1743-468b-A5B9-C251B727F6AF}" -> {HKLM...CLSID} = "MSF" \InProcServer32\(Default) = "C:\Program Files\MySecretFolder XP\MSF32.DLL" ["WinAbility® Software Corporation"]Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{FAD61B3D-699D-49B2-BE16-7F82CB4C59CA}" -> {HKLM...CLSID} = "IEContextMenu Class" \InProcServer32\(Default) = "C:\PROGRA~1\NORTON~1\NavShExt.dll" ["Symantec Corporation"]WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]XXX Groove GFS Context Menu Handler XXX\(Default) = "{6C467336-8281-4E60-8204-430CED96822D}" -> {HKLM...CLSID} = "Groove GFS Context Menu Handler" \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll" [MS]HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\AIMPClassic\(Default) = "{1F77B17B-F531-44DB-ACA4-76ABB5010A28}" -> {HKLM...CLSID} = "AIMP Classic Shell" \InProcServer32\(Default) = "F:\udostep\PROGPO~1\PORTAB~1.75(\System\AIMP_S~1.DLL" ["Artem Izmaylov"]CMenuExtender\(Default) = "{ABC70703-32AF-11d4-90C4-D483A70F4825}" -> {HKLM...CLSID} = "CMenuExtender" \InProcServer32\(Default) = "C:\WINDOWS\BricoPacks\Vista Inspirat 2\iColorFolder\CMExt.dll" ["Revenger inc."]MagicISO\(Default) = "{DB85C504-C730-49DD-BEC1-7B39C6103B7A}" -> {HKLM...CLSID} = "MShellExtMenu Class" \InProcServer32\(Default) = "C:\Program Files\MagicISO\misosh.dll" ["MagicISO, Inc."]TuneUp Shredder Shell Extension\(Default) = "{4858E7D9-8E12-45a3-B6A3-1CD128C9D403}" -> {HKLM...CLSID} = "TuneUp Shredder Shell Extension" \InProcServer32\(Default) = "C:\Program Files\TuneUp Utilities 2008\SDShelEx-win32.dll" ["TuneUp Software GmbH"]WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]XXX Groove GFS Context Menu Handler XXX\(Default) = "{6C467336-8281-4E60-8204-430CED96822D}" -> {HKLM...CLSID} = "Groove GFS Context Menu Handler" \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll" [MS]HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\MagicISO\(Default) = "{DB85C504-C730-49DD-BEC1-7B39C6103B7A}" -> {HKLM...CLSID} = "MShellExtMenu Class" \InProcServer32\(Default) = "C:\Program Files\MagicISO\misosh.dll" ["MagicISO, Inc."]MSF\(Default) = "{0A0F10FC-1743-468b-A5B9-C251B727F6AF}" -> {HKLM...CLSID} = "MSF" \InProcServer32\(Default) = "C:\Program Files\MySecretFolder XP\MSF32.DLL" ["WinAbility® Software Corporation"]Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{FAD61B3D-699D-49B2-BE16-7F82CB4C59CA}" -> {HKLM...CLSID} = "IEContextMenu Class" \InProcServer32\(Default) = "C:\PROGRA~1\NORTON~1\NavShExt.dll" ["Symantec Corporation"]WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]XXX Groove GFS Context Menu Handler XXX\(Default) = "{6C467336-8281-4E60-8204-430CED96822D}" -> {HKLM...CLSID} = "Groove GFS Context Menu Handler" \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll" [MS]HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\XXX Groove GFS Context Menu Handler XXX\(Default) = "{6C467336-8281-4E60-8204-430CED96822D}" -> {HKLM...CLSID} = "Groove GFS Context Menu Handler" \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll" [MS]Default executables:--------------------<<!>> HKLM\SOFTWARE\Classes\.com\(Default) = "ComFile"Group Policies {GPedit.msc branch and setting}:-----------------------------------------------Note: detected settings may not have any effect.HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\"NoSMMyPictures" = (REG_DWORD) dword:0x00000001{User Configuration|Administrative Templates|Start Menu and Taskbar|Remove My Pictures icon from Start Menu}"NoSMConfigurePrograms" = (REG_DWORD) dword:0x00000001{unrecognized setting}"ClearRecentDocsOnExit" = (REG_DWORD) dword:0x00000001{unrecognized setting}"NoRecentDocsMenu" = (REG_DWORD) dword:0x00000001{unrecognized setting}"NoRecentDocsHistory" = (REG_DWORD) dword:0x00000001{unrecognized setting}"NoStartBanner" = (REG_DWORD) dword:0x00000001{Remove "Click here to begin" from Start button}"NoLowDiskSpaceChecks" = (REG_DWORD) dword:0x00000001{unrecognized setting}"NoDrives" = (REG_DWORD) dword:0x00000000{unrecognized setting}HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\"NoDrives" = (REG_DWORD) dword:0x00000000{unrecognized setting}HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\"HideLegacyLogonScripts" = (REG_DWORD) dword:0x00000000{unrecognized setting}"HideLogoffScripts" = (REG_DWORD) dword:0x00000000{unrecognized setting}"HideStartupScripts" = (REG_DWORD) dword:0x00000000{unrecognized setting}"RunLogonScriptSync" = (REG_DWORD) dword:0x00000001{unrecognized setting}"RunStartupScriptSync" = (REG_DWORD) dword:0x00000000{unrecognized setting}HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\"shutdownwithoutlogon" = (REG_DWORD) dword:0x00000001{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|Shutdown: Allow system to be shut down without having to log on}"undockwithoutlogon" = (REG_DWORD) dword:0x00000001{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|Devices: Allow undock without having to log on}"NoInternetOpenWith" = (REG_DWORD) dword:0x00000001{unrecognized setting}"DisableStatusMessages" = (REG_DWORD) dword:0x00000001{unrecognized setting}"VerboseStatus" = (REG_DWORD) dword:0x00000000{unrecognized setting}"DisableRegistryTools" = (REG_DWORD) dword:0x00000000{unrecognized setting}"HideLegacyLogonScripts" = (REG_DWORD) dword:0x00000000{unrecognized setting}"HideLogoffScripts" = (REG_DWORD) dword:0x00000000{unrecognized setting}"RunLogonScriptSync" = (REG_DWORD) dword:0x00000001{unrecognized setting}"RunStartupScriptSync" = (REG_DWORD) dword:0x00000000{unrecognized setting}"HideStartupScripts" = (REG_DWORD) dword:0x00000000{unrecognized setting}Active Desktop and Wallpaper:-----------------------------Active Desktop may be disabled at this entry:HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellStateDisplayed if Active Desktop enabled and wallpaper not set by Group Policy:HKCU\Software\Microsoft\Internet Explorer\Desktop\General\"Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"Displayed if Active Desktop disabled and wallpaper not set by Group Policy:HKCU\Control Panel\Desktop\"Wallpaper" = "C:\Documents and Settings\K1\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"Windows Portable Device AutoPlay Handlers-----------------------------------------HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ACDSee100AcquirePicturesOnArrival\"Provider" = "ACDSee 10 Photo Manager""InvokeProgID" = "ACDSee 10.0.AutoPlayHandlerAcquire""InvokeVerb" = "Acquire"HKLM\SOFTWARE\Classes\ACDSee 10.0.AutoPlayHandlerAcquire\shell\Acquire\command\(Default) = ""C:\Program Files\ACD Systems\ACDSee\10.0\ACDSeeQV10.exe" /detect:%1" ["ACD Systems"]ACDSee100AcquireVideoFilesOnArrival\"Provider" = "ACDSee 10 Photo Manager""InvokeProgID" = "ACDSee 10.0.AutoPlayHandlerAcquire""InvokeVerb" = "Acquire"HKLM\SOFTWARE\Classes\ACDSee 10.0.AutoPlayHandlerAcquire\shell\Acquire\command\(Default) = ""C:\Program Files\ACD Systems\ACDSee\10.0\ACDSeeQV10.exe" /detect:%1" ["ACD Systems"]ACDSee100PlayVideoFilesOnArrival\"Provider" = "ACDSee 10 Photo Manager""InvokeProgID" = "ACDSee 10.0.AutoPlayHandler""InvokeVerb" = "Open"HKLM\SOFTWARE\Classes\ACDSee 10.0.AutoPlayHandler\shell\Open\command\(Default) = ""C:\Program Files\ACD Systems\ACDSee\10.0\ACDSeeQV10.exe" "%1"" ["ACD Systems"]ACDSee100ShowPicturesOnArrival\"Provider" = "ACDSee 10 Photo Manager""InvokeProgID" = "ACDSee 10.0.AutoPlayHandler""InvokeVerb" = "Open"HKLM\SOFTWARE\Classes\ACDSee 10.0.AutoPlayHandler\shell\Open\command\(Default) = ""C:\Program Files\ACD Systems\ACDSee\10.0\ACDSeeQV10.exe" "%1"" ["ACD Systems"]AIMPClassicCDA\"Provider" = "AIMP Classic""InvokeProgID" = "AIMPClassicCDA""InvokeVerb" = "open"HKLM\SOFTWARE\Classes\AIMPClassicCDA\shell\open\Command\(Default) = "F:\udostep\PROGPO~1\PORTAB~1.75(\cAIMP.exe" ["Artem Izmaylov"]AIMPClassicMus\"Provider" = "AIMP Classic""InvokeProgID" = "AIMPClassicMus""InvokeVerb" = "open"HKLM\SOFTWARE\Classes\AIMPClassicMus\shell\open\Command\(Default) = "F:\udostep\PROGPO~1\PORTAB~1.75(\cAIMP.exe" ["Artem Izmaylov"]AIMPClassicRIP\"Provider" = "AIMP Classic""InvokeProgID" = "AIMPClassicRIP""InvokeVerb" = "open"HKLM\SOFTWARE\Classes\AIMPClassicRIP\shell\open\Command\(Default) = "F:\udostep\PROGPO~1\PORTAB~1.75(\AIMP_Utils.exe" ["Artem Izmaylov"]HPAutoplayPSE\"Provider" = "HP Photosmart Essential 3.5""InvokeProgID" = "HpqPSApl.Autoplay""InvokeVerb" = "Play"HKLM\SOFTWARE\Classes\HpqPSApl.Autoplay\shell\Play\DropTarget\CLSID = "{A6873065-D632-4615-A3A9-C5F05EE109C1}" -> {HKLM...CLSID} = (no title provided) \LocalServer32\(Default) = "C:\Program Files\HP\Digital Imaging\bin\HpqPsApl.exe" ["Hewlett-Packard"]MPCPlayCDAudioOnArrival\"Provider" = "Media Player Classic""InvokeProgID" = "MediaPlayerClassic.Autorun""InvokeVerb" = "PlayCDAudio"HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayCDAudio\command\(Default) = ""C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe" %1 /cd" ["Gabest"]MPCPlayDVDMovieOnArrival\"Provider" = "Media Player Classic""InvokeProgID" = "MediaPlayerClassic.Autorun""InvokeVerb" = "PlayDVDMovie"HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayDVDMovie\command\(Default) = ""C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe" %1 /dvd" ["Gabest"]MPCPlayMusicFilesOnArrival\"Provider" = "Media Player Classic""InvokeProgID" = "MediaPlayerClassic.Autorun""InvokeVerb" = "PlayMusicFiles"HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayMusicFiles\command\(Default) = ""C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe" %1" ["Gabest"]MPCPlayVideoFilesOnArrival\"Provider" = "Media Player Classic""InvokeProgID" = "MediaPlayerClassic.Autorun""InvokeVerb" = "PlayVideoFiles"HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayVideoFiles\command\(Default) = ""C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe" %1" ["Gabest"]MSWPDShellNamespaceHandler\"Provider" = "@%SystemRoot%\System32\WPDShextRes.dll,-501""CLSID" = "{A55803CC-4D53-404c-8557-FD63DBA95D24}""InitCmdLine" = " " -> {HKLM...CLSID} = "WPDShextAutoplay" \LocalServer32\(Default) = "C:\WINDOWS\system32\WPDShextAutoplay.exe" [MS]NeroAutoPlay7AudioToNeroDigital\"Provider" = "Nero Burning ROM""InvokeProgID" = "Nero.AutoPlay7""InvokeVerb" = "AudioToNeroDigital_PlayCDAudioOnArrival"HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\AudioToNeroDigital_PlayCDAudioOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Core\nero.exe /Dialog:SaveTracks %L" ["Nero AG"]NeroAutoPlay7CDAudio\"Provider" = "Nero Express""InvokeProgID" = "Nero.AutoPlay7""InvokeVerb" = "CDAudio_HandleCDBurningOnArrival"HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\CDAudio_HandleCDBurningOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Core\nero.exe -w /New:AudioCD" ["Nero AG"]NeroAutoPlay7CopyCD\"Provider" = "Nero Burning ROM""InvokeProgID" = "Nero.AutoPlay7""InvokeVerb" = "CopyCD_PlayMusicFilesOnArrival"HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\CopyCD_PlayMusicFilesOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Core\nero.exe /Dialog:DiscCopy %L" ["Nero AG"]NeroAutoPlay7DataDisc\"Provider" = "Nero Express""InvokeProgID" = "Nero.AutoPlay7""InvokeVerb" = "DataDisc_HandleCDBurningOnArrival"HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\DataDisc_HandleCDBurningOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Core\nero.exe -w /New:ISODisc" ["Nero AG"]NeroAutoPlay7LaunchNeroStartSmart\"Provider" = "Nero StartSmart""InvokeProgID" = "Nero.AutoPlay7""InvokeVerb" = "LaunchNeroStartSmart_HandleCDBurningOnArrival"HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\LaunchNeroStartSmart_HandleCDBurningOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Nero StartSmart\NeroStartSmart.exe /AutoPlay" ["Nero AG"]NeroAutoPlay7PlayAudioCD\"Provider" = "Nero ShowTime""InvokeProgID" = "Nero.AutoPlay7""InvokeVerb" = "PlayAudioCD_PlayMusicFilesOnArrival"HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\PlayAudioCD_PlayMusicFilesOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe /Play %L" ["Nero AG"]NeroAutoPlay7PlayDVD\"Provider" = "Nero ShowTime""InvokeProgID" = "Nero.AutoPlay7""InvokeVerb" = "PlayDVD_PlayVideoFilesOnArrival"HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\PlayDVD_PlayVideoFilesOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe /Play %L" ["Nero AG"]NeroAutoPlay7RipCD\"Provider" = "Nero Burning ROM""InvokeProgID" = "Nero.AutoPlay7""InvokeVerb" = "RipCD_PlayCDAudioOnArrival"HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\RipCD_PlayCDAudioOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Core\nero.exe /Dialog:SaveTracks %L" ["Nero AG"]NeroAutoPlay7TranscodeVideo\"Provider" = "Nero Recode""InvokeProgID" = "Nero.AutoPlay7""InvokeVerb" = "TranscodeVideo_PlayDVDMovieOnArrival"HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\TranscodeVideo_PlayDVDMovieOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Nero Recode\Recode.exe /New:CopyDVDVideo" ["Nero AG"]NeroAutoPlay7VideoCapture\"Provider" = "Nero Vision""ProgID" = "Shell.HWEventHandlerShellExecute""InitCmdLine" = ""C:\Program Files\Nero\Nero 7\Nero Vision\NeroVision.exe" /New:VideoCapture"HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = "{FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" -> {HKLM...CLSID} = "ShellExecute HW Event Handler" \LocalServer32\(Default) = "rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" [MS]NeroAutoPlay7ViewPhotos\"Provider" = "Nero PhotoSnap Viewer""InvokeProgID" = "Nero.AutoPlay7""InvokeVerb" = "ViewPhotos_ShowPicturesOnArrival"HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\ViewPhotos_ShowPicturesOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Nero PhotoSnap\PhotoSnapViewer.exe /" ["Nero AG"]PDVDPlayCDAudioOnArrival\"Provider" = "PowerDVD""InvokeProgID" = "AudioCD""InvokeVerb" = "PlayWithPowerDVD"HKLM\SOFTWARE\Classes\AudioCD\shell\PlayWithPowerDVD\Command\(Default) = ""C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe" "%L"" ["CyberLink Corp."]PDVDPlayDVDMovieOnArrival\"Provider" = "PowerDVD""InvokeProgID" = "DVD""InvokeVerb" = "PlayWithPowerDVD"HKLM\SOFTWARE\Classes\DVD\shell\PlayWithPowerDVD\Command\(Default) = ""C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe" "%l"" ["CyberLink Corp."]PDVDPlayVCDMovieOnArrival\"Provider" = "PowerDVD""InvokeProgID" = "VCD""InvokeVerb" = "PlayWithPowerDVD"HKLM\SOFTWARE\Classes\VCD\shell\PlayWithPowerDVD\Command\(Default) = ""C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe" "%l"" ["CyberLink Corp."]TVPPlayDVDMovieOnArrival\"Provider" = "Total Video Player""InvokeProgID" = "totalplayer.dvd""InvokeVerb" = "open"HKLM\SOFTWARE\Classes\totalplayer.dvd\shell\open\command\(Default) = "C:\Program Files\Total Video Converter\tvp.exe -dvd %1" [empty string]WinampMTPHandler\"Provider" = "Winamp""ProgID" = "Shell.HWEventHandlerShellExecute""InitCmdLine" = "C:\Program Files\Winamp\winamp.exe"HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = "{FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" -> {HKLM...CLSID} = "ShellExecute HW Event Handler" \LocalServer32\(Default) = "rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" [MS]WinampPlayMediaOnArrival\"Provider" = "Winamp""InvokeProgID" = "Winamp.File""InvokeVerb" = "Play"HKLM\SOFTWARE\Classes\Winamp.File\shell\Play\command\(Default) = ""C:\Program Files\Winamp\winamp.exe" "%1"" ["Nullsoft"]HKLM\SOFTWARE\Classes\Winamp.File\shell\Play\DropTarget\CLSID = "{46986115-84D6-459c-8F95-52DD653E532E}" -> {HKLM...CLSID} = (no title provided) \LocalServer32\(Default) = ""C:\Program Files\Winamp\winamp.exe"" ["Nullsoft"]Startup items in "K1" & "All Users" startup folders:----------------------------------------------------C:\Documents and Settings\All Users\Menu Start\Programy\Autostart"HP Digital Imaging Monitor" -> shortcut to: "C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" ["Hewlett-Packard Co."]Enabled Scheduled Tasks:------------------------"1-Klik Konserwacja" -> launches: "C:\Program Files\TuneUp Portable 2008\TuneUp\OneClick.exe /schedulestart" ["TuneUp Software GmbH"]"Norton AntiVirus - Uruchom pełne skanowanie systemu - K1" -> launches: "C:\Program Files\Norton AntiVirus\Navw32.exe /TASK:"C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Norton AntiVirus\Tasks\mycomp.sca"" ["Symantec Corporation"]Winsock2 Service Provider DLLs:-------------------------------Namespace Service ProvidersHKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]Transport Service ProvidersHKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 07 - 26%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll ["PC Tools Research Pty Ltd."], 06Toolbars, Explorer Bars, Extensions:------------------------------------Explorer BarsHKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\HKLM\SOFTWARE\Classes\CLSID\{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}\(Default) = "Groove Folder Synchronization"Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll" [MS]HKLM\SOFTWARE\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Poszukaj"Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]InProcServer32\(Default) = "C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL" [MS]Extensions (Tools menu items, main toolbar menu buttons)HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\"MenuText" = "Sun Java Console""CLSIDExtension" = "{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC}" -> {HKCU...CLSID} = "Java Plug-in 1.6.0_05" \InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll" ["Sun Microsystems, Inc."] -> {HKLM...CLSID} = "Java Plug-in 1.6.0_05" \InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll" ["Sun Microsystems, Inc."]{2670000A-7350-4F3C-8081-5663EE0C6C49}\"ButtonText" = "Wyślij do programu OneNote""MenuText" = "Wyślij &do programu OneNote""CLSIDExtension" = "{48E73304-E1D6-4330-914C-F5F514E3486C}" -> {HKLM...CLSID} = "Send to OneNote from Internet Explorer button" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll" [MS]{58ECB495-38F0-49CB-A538-10282ABF65E7}\"ButtonText" = "Kolekcja wycinków HP""CLSIDExtension" = "{E763472E-A716-4CD9-89BD-DBDA6122F741}" -> {HKLM...CLSID} = "ClipBookBtn Class" \InProcServer32\(Default) = "C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll" ["Hewlett-Packard Co."]{700259D7-1666-479A-93B1-3250410481E8}\"ButtonText" = "Zaznaczanie HP Smart""CLSIDExtension" = "{A93C41D8-01F8-4F8B-B14C-DE20B117E636}" -> {HKLM...CLSID} = "EnhSelectionBtn Class" \InProcServer32\(Default) = "C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll" ["Hewlett-Packard Co."]{92780B25-18CC-41C8-B9BE-3C9C571A8263}\"ButtonText" = "Research"{FB5F1910-F110-11D2-BB9E-00C04F795683}\"ButtonText" = "Messenger""MenuText" = "Windows Messenger""Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]Miscellaneous IE Hijack Points------------------------------HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\<<H>> "DesktopItemNavigationFailure" = "res://shdoclc.dll/navcancl.htm" [MS]<<H>> "NavigationCanceled" = "res://shdoclc.dll/navcancl.htm" [MS]<<H>> "NavigationFailure" = "res://shdoclc.dll/navcancl.htm" [MS]<<H>> "OfflineInformation" = "res://shdoclc.dll/offcancl.htm" [MS]Running Services (Display Name, Service Name, Path {Service DLL}):------------------------------------------------------------------Ati HotKey Poller, Ati HotKey Poller, "C:\WINDOWS\system32\Ati2evxx.exe" ["ATI Technologies Inc."]Cyberlink RichVideo Service(CRVS), RichVideo, ""C:\Program Files\CyberLink\Shared Files\RichVideo.exe"" [empty string]Harmonogram automatycznej usługi LiveUpdate, Automatic LiveUpdate Scheduler, ""C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe"" ["Symantec Corporation"]hpqcxs08, hpqcxs08, "C:\WINDOWS\system32\svchost.exe -k hpdevmgmt" {"C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll" ["Hewlett-Packard Co."]}LiveUpdate Notice, LiveUpdate Notice, ""C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon" ["Symantec Corporation"]Net Driver HPZ12, Net Driver HPZ12, "C:\WINDOWS\System32\svchost.exe -k HPZ12" {"C:\WINDOWS\system32\HPZinw12.dll" ["Hewlett-Packard"]}Pml Driver HPZ12, Pml Driver HPZ12, "C:\WINDOWS\System32\svchost.exe -k HPZ12" {"C:\WINDOWS\system32\HPZipm12.dll" ["Hewlett-Packard"]}PnkBstrA, PnkBstrA, "C:\WINDOWS\system32\PnkBstrA.exe" [null data]PnkBstrB, PnkBstrB, "C:\WINDOWS\system32\PnkBstrB.exe" [null data]StarWind AE Service, StarWindServiceAE, "C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe" ["Rocket Division Software"]Symantec Event Manager, ccEvtMgr, ""C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon" ["Symantec Corporation"]Symantec Lic NetConnect service, CLTNetCnService, ""C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon" ["Symantec Corporation"]Symantec Settings Manager, ccSetMgr, ""C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon" ["Symantec Corporation"]Usługa HP CUE DeviceDiscovery, hpqddsvc, "C:\WINDOWS\system32\svchost.exe -k hpdevmgmt" {"C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll" ["Hewlett-Packard Co."]}Print Monitors:---------------HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\LIDIL hpzll5ha\Driver = "hpzll5ha.dll" ["Hewlett-Packard Company"]Send To Microsoft OneNote Monitor\Driver = "msonpmon.dll" [MS]---------- (launch time: 2008-11-12 15:40:58)<<!>>: Suspicious data at a malware launch point.<<H>>: Suspicious data at a browser hijack point.+ This report excludes default entries except where indicated.+ To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter.+ The search for DESKTOP.INI DLL launch points on all local fixed drives took 27 seconds.---------- (total run time: 74 seconds) Z góry dzięki za pomoc
Mateusz J. komentarz 14 listopada 2008 komentarz 14 listopada 2008 Do notatnika wklej: File::C;\WINDOWS\system32\WS2Fix.exeC:\sccfg.sysC:\autorun.inf.virC:\Autorun.exe.vir W notatniku zakladka Plik ==> Zapisz jako ==> zapisz pod nazwą CFScript.txt i zapisz go w tym katalogu co ściągnięty i zapisany został combofix Na ikonę ComboFix przeciągasz zrobiony plik CFScript.txt Tak jak na obrazku: Rozpocznie się usuwanie i powstanie log , który pokazujesz na forum. Po restarcie usuń ręcznie folder C: \Qoobox.
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.