x-kom hosting

logi

Mariuszysko
utworzono
utworzono

proszę o sprawdzenie logów

ComboFix 09-02-24.02 - Mariusz 2009-02-25 18:52:36.2 - NTFSx86Microsoft Windows XP Professional  5.1.2600.3.1250.1.1045.18.2047.1577 [GMT 1:00]Uruchomiony z: c:\documents and settings\Mariusz\Pulpit\ComboFix.exeAV: avast! antivirus 4.8.1335 [VPS 090225-1] *On-access scanning disabled* (Updated)AV: Spyware Doctor with AntiVirus *On-access scanning disabled* (Updated)FW: Outpost Firewall Pro *disabled*UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !!.(((((((((((((((((((((((((   Pliki utworzone od 2009-01-25 do 2009-02-25  ))))))))))))))))))))))))))))))).2009-02-25 14:25 . 2009-02-25 14:25	<DIR>	d--h-----	c:\windows\$hf_mig$2009-02-04 19:40 . 2009-02-14 15:58	<DIR>	d--------	c:\documents and settings\Mariusz\Dane aplikacji\TuneUp Software.((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   )))))))))))))))))))))))))))))))))))))))))))))))))))).2009-02-25 17:16	---------	d-----w	c:\documents and settings\Mariusz\Dane aplikacji\uTorrent2009-02-25 13:52	---------	d-----w	c:\program files\Spyware Doctor2009-02-24 13:25	---------	d--h--w	c:\program files\MSBuild2009-02-16 15:40	---------	d-----w	c:\documents and settings\All Users\Dane aplikacji\Microsoft Help2009-02-14 14:58	---------	d-----w	c:\program files\Odkurzacz2009-02-14 14:28	---------	d-----w	c:\program files\TuneUp Utilities 20082009-02-14 14:22	---------	d-----w	c:\program files\Defraggler2009-01-29 11:24	---------	d--h--w	c:\program files\InstallShield Installation Information2009-01-29 11:14	---------	d-----w	c:\program files\Gadu-Gadu2009-01-17 18:20	---------	d-----w	c:\program files\Common Files\Hewlett-Packard2009-01-06 20:23	---------	d-----w	c:\program files\CCleaner2009-01-05 17:05	---------	d-----w	c:\documents and settings\All Users\Dane aplikacji\HP2009-01-05 17:04	---------	d-----w	c:\program files\Common Files\HP2009-01-03 12:15	---------	d-----w	c:\documents and settings\Mariusz\Dane aplikacji\smc2009-01-01 12:48	---------	d-----w	c:\documents and settings\Mariusz\Dane aplikacji\Cambridge2008-12-26 20:31	25,992	-c--a-w	c:\windows\system32\pgdfgsvc.exe2008-12-20 23:03	826,368	----a-w	c:\windows\system32\wininet.dll2008-09-28 19:55	0	-c--a-w	c:\documents and settings\Mariusz\jagex_runescape_preferences.dat2008-09-11 17:57	23	--sha-w	c:\windows\system32\acbbd4_z.dll2008-09-18 22:10	32,768	-csha-w	c:\windows\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\MSHist012008091920080920\index.dat.------- Sigcheck -------2008-04-14 18:21  977408  f042e3426d45d86d9bb55f6a79ab441a	c:\windows\explorer.exe2008-04-14 18:21  977408  f042e3426d45d86d9bb55f6a79ab441a	c:\windows\ServicePackFiles\i386\explorer.exe.(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))..*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]"Gadu-Gadu"="c:\program files\Gadu-Gadu\gg.exe" [2008-03-20 2127296][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13574144]"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]c:\documents and settings\Mariusz\Menu Start\Programy\Autostart\RocketDock.lnk - c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-18 630784]c:\documents and settings\All Users\Menu Start\Programy\Autostart\HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-01-02 210520][hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128][HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]--a------ 2008-09-17 08:55 13574144 c:\windows\system32\nvcpl.dll[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]"Bonjour Service"=2 (0x2)"ose"=3 (0x3)"odserv"=3 (0x3)"helpsvc"=2 (0x2)"clr_optimization_v2.0.50727_32"=3 (0x3)"aspnet_state"=3 (0x3)"WSearch"=2 (0x2)"TapiSrv"=3 (0x3)"TuneUp.Defrag"=3 (0x3)"Microsoft Office Groove Audit Service"=3 (0x3)[HKEY_LOCAL_MACHINE\software\microsoft\security center]"AntiVirusOverride"=dword:00000001[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"c:\\Program Files\\uTorrent\\uTorrent.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe"="c:\\Program Files\\Gadu-Gadu\\gg.exe"="c:\\WINDOWS\\system32\\sessmgr.exe"="c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="%windir%\\system32\\sessmgr.exe"="d:\\Metin 2\\metin2.bin"=R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-10-16 114768]R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-10-16 20560]R2 NIOC;NIOC Service;c:\windows\system32\NIOC.sys [2002-09-27 22912]R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\l151x86.sys [2008-09-13 36864]S1 SuperMounter;SuperMounter; [x]S2 WZCBDLService;WZCBDL Service; [x]S3 EverestDriver;Lavalys EVEREST Kernel Driver;\??\f:\everestultimate450\kerneld.wnt --> f:\everestultimate450\kerneld.wnt [?]S3 NETDLWL;D-Link Air Wireless Adapter(DL) NT Driver;c:\windows\system32\drivers\NETDLWL.sys [2008-05-08 159104]S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2008-11-11 356920]S3 w200bus;Sony Ericsson W200 driver (WDM);c:\windows\system32\drivers\w200bus.sys [2008-06-04 61504]S3 w200mdfl;Sony Ericsson W200 USB WMC Modem Filter;c:\windows\system32\drivers\w200mdfl.sys [2008-08-01 9328]S3 w200mdm;Sony Ericsson W200 USB WMC Modem Driver;c:\windows\system32\drivers\w200mdm.sys [2008-08-01 97056]S3 w200mgmt;Sony Ericsson W200 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\w200mgmt.sys [2008-08-01 88560]S3 w200obex;Sony Ericsson W200 USB WMC OBEX Interface;c:\windows\system32\drivers\w200obex.sys [2008-08-01 86368]S3 XDva076;XDva076;\??\c:\windows\system32\XDva076.sys --> c:\windows\system32\XDva076.sys [?]--- Inne Usługi/Sterowniki w Pamięci ---*Deregistered* - mchInjDrv[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvcHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcsUxTuneUp[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4fe3abe2-d752-11dd-99a3-001fc61f90b4}]\Shell\AutoRun\command - F:\Setup.exe..------- Skan uzupełniający -------.mStart Page = about:blankTrusted Zone: mks.com.pl\wwwDPF: {68282C51-9459-467B-95BF-3C0E89627E55} - hxxp://www.mks.com.pl/skaner/SkanerOnline.cabFF - ProfilePath - c:\documents and settings\Mariusz\Dane aplikacji\Mozilla\Firefox\Profiles\kagdt8pi.default\FF - prefs.js: browser.startup.homepage - google.pl---- FIREFOX - SPOSÓB POSTĘPOWANIA ----FF - user.js: network.http.max-connections-per-server - 6FF - user.js: network.http.max-persistent-connections-per-server - 3FF - user.js: content.max.tokenizing.time - 2250000FF - user.js: content.notify.interval - 750000FF - user.js: nglayout.initialpaint.delay - 750FF - user.js: content.switch.threshold - 750000FF - user.js: browser.urlbar.hideGoButton - falseFF - user.js: browser.tabs.closeButtons - 1FF - user.js: browser.tabs.tabMinWidth - 125.**************************************************************************catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2009-02-25 18:53:11Windows 5.1.2600 Dodatek Service Pack 3 NTFSskanowanie ukrytych procesów ...  skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ...  skanowanie pomyślnie ukończoneukryte pliki: 0**************************************************************************[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EverestDriver]"ImagePath"="\??\f:\everestultimate450\kerneld.wnt".--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------[HKEY_USERS\S-1-5-21-1229272821-492894223-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{D5CC8978-A047-7D0D-D30D-74AD62B03C31}*]@Allowed: (Read) (RestrictedCode)@Allowed: (Read) (RestrictedCode)"oaaohkkbhpiedjjiphhfmclnnodpfp"=hex:6b,61,65,6e,64,63,67,6c,61,69,62,6a,6d,68,   6e,64,6e,64,66,64,68,6d,00,00"nagmjlclocplecjcbbhbilfllaml"=hex:6b,61,65,6e,64,63,67,6c,61,69,62,6a,6d,68,   6e,64,6e,64,66,64,68,6d,00,00[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]"OODEFRAG10.00.00.01WORKSTATION"="AF4372ADDAC4358DB1FB02CBEBAA1FCEF964555193F427DC34023A1ADB3F6F08CE5F063E9DF3B02B31EDEF0FA87DBB22C2F6B016A5FC4D64B71D8330D995A7173E73EBB3AFC78BC26F994CA295D970129074CEF728559B9B2CEC227AAF8E7BC476417BA1EFC15DB0FC6CF58D3E3B6937321433907214747E3C8D5B41A37822119B6F6222B18AD2109FB39D5AA3C267F12BEB347AD370CDCC48814CD06EC5E33B0D09A054BA6B2A465125CB98B732BD64B17AFBD48CC92F0A62ADE4F8BF8AA1C75A7B8AD8475436F53F57D7FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79338EDD5E5BE2F6E667BA7FD869164D6794FEBC9E127BECC74C706BA413F31B978E5F9A2D88654435A12958C6E36D2C2EBAAE46AF89FE062A86762E76F8138E10894E12593BD0FA23BA81862B23D4C13E6625DDD0E0F52C8DEB64294BDDAABAE445728054EEF25CA25E782003D95C70A23D1ED68E9C891BBCFAA5C11016D8EA5E0E8757E3F088CF235F35461067025913B6561FC2529A505B702352D60DFD1B25844A00731E95EDF8E3E80CB5BF09D3AC9E0D1569AC4C036D5ACF295441407B491DFDD291EADE8459E4C47B7BEAF8EAEF928590246787965C9DA007E3C309703C21E421F2DEED1561317F8E0D879C5C408687D9B7D2772974720EA383BC0492D42D4C2C6B9413558F69D536BAC2031B663F5EAD8DD68D8969E392A655E4A22FCB327FABF73CDEAF4884035578E3004C10595ABCB06A7CBBCF5232309D0B1CC54275514BB71828BED1CACB46DDC02A4C4BC2CE2CD31DBD7620EFEED24791660BB88E9629EB0008D6595BF6D227C5DCA90F3F9395CB0E0C25B847521360EE4167976A29D87D5F5D7D6BA64FBCB4F4B725B164838591726967DAB16AEA1A2C2DF7A6CAE761F4354BE97E74223609E01DB6F01D017CBF161912AC60C448CBE9ED0D9544333D8394B68B685CC268CDB3B488ECA96B719A53A2ABB555790F6DD70E2B76BF70DB7AA5C983E44D87704D286979299AAD4A051E53EF64EA1E131F3E5B0BBF790A21D1A273A71289CC5B788E6A9B8F5832E787F93A4D0ACAD11F2076E4984D81ED62245B65017526EE30E1CA2B35E91CE8185080ACE8DC76B3F1D8ED02F55BBD0D6B303395CC750DD1E4C35762C1EBF6C5A1305E419A7440E8BC5229C9740E665CFA5920BD7C5DFADB67F73E8AED284940BC9BD6556BD0CF1AA539BC1B20E989D7C425305E37DC8377167EA0649F184B5397AB3D899C51227446615316345B857A6F4000B5D4088B9345FCB272699608FED19C7BC0A2BA06A72E3F2BA09FAF12C817F7444EE3544D233EB93D7B98E45D4701510FA2A239A0E8DDED16630999B546C740C36FA59ED59CBB219C0BAAA6FEB3ADCB891E7AD76870CCAA7CCB".Czas ukończenia: 2009-02-25 18:53:58ComboFix-quarantined-files.txt  2009-02-25 17:53:56ComboFix2.txt  2009-02-25 17:51:38Przed: 74 963 501 056 bajtów wolnychPo: 74,954,346,496 bajtów wolnych158	--- E O F ---	2009-02-25 16:45:08
Logfile of Trend Micro HijackThis v2.0.2Scan saved at 18:54:38, on 2009-02-25Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16791)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Alwil Software\Avast4\ashServ.exeC:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeC:\Program Files\HP\HP Software Update\HPWuSchd2.exeC:\WINDOWS\system32\ctfmon.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\HP\Digital Imaging\bin\hpqtra08.exeC:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exeC:\WINDOWS\explorer.exeC:\Documents and Settings\Mariusz\Pulpit\Programy\OC\HiJackThis.exeR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blankR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = ŁączaO2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dllO2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dllO2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllO2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dllO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeO4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exeO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /trayO4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exeO4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exeO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dllO9 - Extra button: Kolekcja wycinków HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dllO9 - Extra button: Zaznaczanie HP Smart - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLLO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO15 - Trusted Zone: http://www.mks.com.plO16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} - http://www.mks.com.pl/skaner/SkanerOnline.cabO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cabO18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dllO23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exeO23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exeO23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exeO23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exeO23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exeO23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exeO23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exeO23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe--End of file - 5563 bytes
"Silent Runners.vbs", revision 59, http://www.silentrunners.org/Operating System: Windows XPOutput limited to non-default values, except where indicated by "{++}"Startup items buried in registry:---------------------------------HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}"ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS]"Gadu-Gadu" = ""C:\Program Files\Gadu-Gadu\gg.exe" /tray" ["Gadu-Gadu S.A."]HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]"avast!" = "C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" ["ALWIL Software"]"HP Software Update" = "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" ["Hewlett-Packard Co."]HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}\(Default) = "Internet Explorer"										\StubPath   = "C:\WINDOWS\system32\shmgrate.exe OCInstallUserConfigIE" [MS]>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}\(Default) = "Outlook Express"										\StubPath   = "C:\WINDOWS\system32\shmgrate.exe OCInstallUserConfigOE" [MS]{44BBA842-CC51-11CF-AAFA-00AA00B6015B}\(Default) = "NetMeeting 3.01"									   \StubPath   = "rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Remove.PerUser.NT" [MS]HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}\(Default) = "HP Print Enhancer"  -> {HKLM...CLSID} = "HP Print Enhancer"				   \InProcServer32\(Default) = "C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll" ["Hewlett-Packard Co."]{053F9267-DC04-4294-A72C-58F732D338C0}\(Default) = (no title provided)  -> {HKLM...CLSID} = "HP Print Clips"				   \InProcServer32\(Default) = "C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll" ["Hewlett-Packard Co."]{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\(Default) = "AcroIEHelperStub"  -> {HKLM...CLSID} = "Adobe PDF Link Helper"				   \InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll" ["Adobe Systems Incorporated"]{72853161-30C5-4D22-B7F9-0BBC1D38A37E}\(Default) = (no title provided)  -> {HKLM...CLSID} = "Groove GFS Browser Helper"				   \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll" [MS]{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)  -> {HKLM...CLSID} = "SSVHelper Class"				   \InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll" ["Sun Microsystems, Inc."]HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"  -> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"				   \InProcServer32\(Default) = "deskpan.dll" [file not found]"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"  -> {HKLM...CLSID} = "HyperTerminal Icon Ext"				   \InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]"{B327765E-D724-4347-8B16-78AE18552FC3}" = "NeroDigitalIconHandler"  -> {HKLM...CLSID} = "NeroDigitalIconHandler Class"				   \InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]"{7F1CF152-04F8-453A-B34C-E609530A9DC8}" = "NeroDigitalPropSheetHandler"  -> {HKLM...CLSID} = "NeroDigitalPropSheetHandler Class"				   \InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"  -> {HKLM...CLSID} = "WinRAR"				   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"  -> {HKLM...CLSID} = "DesktopContext Class"				   \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"  -> {HKLM...CLSID} = "Desktop Explorer"				   \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"  -> {HKLM...CLSID} = (no title provided)				   \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"  -> {HKLM...CLSID} = "nView Desktop Context Menu"				   \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]"{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}" = "UnlockerShellExtension"  -> {HKLM...CLSID} = "UnlockerShellExtension"				   \InProcServer32\(Default) = "C:\Program Files\Unlocker\UnlockerCOM.dll" [null data]"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}" = "Groove GFS Browser Helper"  -> {HKLM...CLSID} = "Groove GFS Browser Helper"				   \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll" [MS]"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}" = "Groove GFS Explorer Bar"  -> {HKLM...CLSID} = "Groove Folder Synchronization"				   \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll" [MS]"{A449600E-1DC6-4232-B948-9BD794D62056}" = "Groove GFS Stub Icon Handler"  -> {HKLM...CLSID} = "Groove GFS Stub Icon Handler"				   \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll" [MS]"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}" = "Groove GFS Stub Execution Hook"  -> {HKLM...CLSID} = "Groove GFS Stub Execution Hook"				   \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll" [MS]"{6C467336-8281-4E60-8204-430CED96822D}" = "Groove GFS Context Menu Handler"  -> {HKLM...CLSID} = "Groove GFS Context Menu Handler"				   \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll" [MS]"{387E725D-DC16-4D76-B310-2C93ED4752A0}" = "Groove XML Icon Handler"  -> {HKLM...CLSID} = "Groove XML Icon Handler"				   \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll" [MS]"{16F3DD56-1AF5-4347-846D-7C10C4192619}" = "Groove Explorer Icon Overlay 3 (GFS Folder)"  -> {HKLM...CLSID} = "Groove Explorer Icon Overlay 3 (GFS Folder)"				   \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll" [MS]"{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC}" = "Groove Explorer Icon Overlay 2 (GFS Stub)"  -> {HKLM...CLSID} = "Groove Explorer Icon Overlay 2 (GFS Stub)"				   \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll" [MS]"{2916C86E-86A6-43FE-8112-43ABE6BF8DCC}" = "Groove Explorer Icon Overlay 4 (GFS Unread Mark)"  -> {HKLM...CLSID} = "Groove Explorer Icon Overlay 4 (GFS Unread Mark)"				   \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll" [MS]"{99FD978C-D287-4F50-827F-B2C658EDA8E7}" = "Groove Explorer Icon Overlay 1 (GFS Unread Stub)"  -> {HKLM...CLSID} = "Groove Explorer Icon Overlay 1 (GFS Unread Stub)"				   \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll" [MS]"{920E6DB1-9907-4370-B3A0-BAFC03D81399}" = "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)"  -> {HKLM...CLSID} = "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)"				   \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll" [MS]"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"  -> {HKLM...CLSID} = "Outlook File Icon Extension"				   \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\OLKFSTUB.DLL" [MS]"{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C}" = "Microsoft Office OneNote Namespace Extension for Windows Desktop Search"  -> {HKLM...CLSID} = "Microsoft Office OneNote Namespace Extension for Windows Desktop Search"				   \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL" [MS]"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"  -> {HKLM...CLSID} = (no title provided)				   \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\MSOHEVI.DLL" [MS]"{993BE281-6695-4BA5-8A2A-7AACBFAAB69E}" = "Microsoft Office Metadata Handler"  -> {HKLM...CLSID} = "Microsoft Office Metadata Handler"				   \InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS]"{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97}" = "Microsoft Office Thumbnail Handler"  -> {HKLM...CLSID} = "Microsoft Office Thumbnail Handler"				   \InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS]"{97090E2F-3062-4459-855B-014F0D3CDBB1}" = "Windows Search Deskbar"  -> {HKCU...CLSID} = "Pasek pulpitu programu Windows Search"				   \InProcServer32\(Default) = "C:\Program Files\Windows Desktop Search\deskbar.dll" [MS]  -> {HKLM...CLSID} = "Windows Search Deskbar"				   \InProcServer32\(Default) = "C:\Program Files\Windows Desktop Search\deskbar.dll" [MS]"{13E7F612-F261-4391-BEA2-39DF4F3FA311}" = "Windows Desktop Search"  -> {HKLM...CLSID} = "Windows Desktop Search"				   \InProcServer32\(Default) = "C:\Program Files\Windows Desktop Search\msnlExt.dll" [MS]"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"  -> {HKLM...CLSID} = "NVIDIA CPL Extension"				   \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]"{ABC70703-32AF-11d4-90C4-D483A70F4825}" = "CMenuExtender"  -> {HKLM...CLSID} = "CMenuExtender"				   \InProcServer32\(Default) = "C:\WINDOWS\BricoPacks\Vista Inspirat 2\iColorFolder\CMExt.dll" ["Revenger inc."]"{472083B0-C522-11CF-8763-00608CC02F24}" = "avast"  -> {HKLM...CLSID} = "avast"				   \InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]"{4858E7D9-8E12-45a3-B6A3-1CD128C9D403}" = "TuneUp Shredder Shell Extension"  -> {HKLM...CLSID} = "TuneUp Shredder Shell Extension"				   \InProcServer32\(Default) = "C:\PROGRA~1\TUNEUP~1\SDShelEx-win32.dll" ["TuneUp Software GmbH"]"{44440D00-FF19-4AFC-B765-9A0970567D97}" = "TuneUp Theme Extension"  -> {HKLM...CLSID} = "TuneUp Theme Extension"				   \InProcServer32\(Default) = "C:\WINDOWS\System32\uxtuneup.dll" ["TuneUp Software GmbH"]HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\<<!>> "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}" = "Groove GFS Stub Execution Hook"  -> {HKLM...CLSID} = "Groove GFS Stub Execution Hook"				   \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll" [MS]<<!>> "{56F9679E-7826-4C84-81F3-532071A8BCC5}" = (no title provided)  -> {HKLM...CLSID} = "Windows Desktop Search Namespace Manager"				   \InProcServer32\(Default) = "C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll" [MS]HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\"WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"  -> {HKLM...CLSID} = "WPDShServiceObj Class"				   \InProcServer32\(Default) = "C:\WINDOWS\system32\WPDShServiceObj.dll" [MS]HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\<<!>> text/xml\CLSID = "{807563E5-5146-11D5-A672-00B0D022E945}"  -> {HKLM...CLSID} = "Microsoft Office InfoPath XML Mime Filter"				   \InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL" [MS]HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{7D4D6379-F301-4311-BEBA-E26EB0561882}\(Default) = "NeroDigitalExt.NeroDigitalColumnHandler"  -> {HKLM...CLSID} = "NeroDigitalColumnHandler Class"				   \InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"  -> {HKLM...CLSID} = "PDF Shell Extension"				   \InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"  -> {HKLM...CLSID} = "avast"				   \InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]TuneUp Shredder Shell Extension\(Default) = "{4858E7D9-8E12-45a3-B6A3-1CD128C9D403}"  -> {HKLM...CLSID} = "TuneUp Shredder Shell Extension"				   \InProcServer32\(Default) = "C:\PROGRA~1\TUNEUP~1\SDShelEx-win32.dll" ["TuneUp Software GmbH"]WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"  -> {HKLM...CLSID} = "WinRAR"				   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]XXX Groove GFS Context Menu Handler XXX\(Default) = "{6C467336-8281-4E60-8204-430CED96822D}"  -> {HKLM...CLSID} = "Groove GFS Context Menu Handler"				   \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll" [MS]HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\CMenuExtender\(Default) = "{ABC70703-32AF-11d4-90C4-D483A70F4825}"  -> {HKLM...CLSID} = "CMenuExtender"				   \InProcServer32\(Default) = "C:\WINDOWS\BricoPacks\Vista Inspirat 2\iColorFolder\CMExt.dll" ["Revenger inc."]TuneUp Shredder Shell Extension\(Default) = "{4858E7D9-8E12-45a3-B6A3-1CD128C9D403}"  -> {HKLM...CLSID} = "TuneUp Shredder Shell Extension"				   \InProcServer32\(Default) = "C:\PROGRA~1\TUNEUP~1\SDShelEx-win32.dll" ["TuneUp Software GmbH"]WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"  -> {HKLM...CLSID} = "WinRAR"				   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]XXX Groove GFS Context Menu Handler XXX\(Default) = "{6C467336-8281-4E60-8204-430CED96822D}"  -> {HKLM...CLSID} = "Groove GFS Context Menu Handler"				   \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll" [MS]HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"  -> {HKLM...CLSID} = "avast"				   \InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]UnlockerShellExtension\(Default) = "{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}"  -> {HKLM...CLSID} = "UnlockerShellExtension"				   \InProcServer32\(Default) = "C:\Program Files\Unlocker\UnlockerCOM.dll" [null data]WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"  -> {HKLM...CLSID} = "WinRAR"				   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]XXX Groove GFS Context Menu Handler XXX\(Default) = "{6C467336-8281-4E60-8204-430CED96822D}"  -> {HKLM...CLSID} = "Groove GFS Context Menu Handler"				   \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll" [MS]HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\UnlockerShellExtension\(Default) = "{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}"  -> {HKLM...CLSID} = "UnlockerShellExtension"				   \InProcServer32\(Default) = "C:\Program Files\Unlocker\UnlockerCOM.dll" [null data]XXX Groove GFS Context Menu Handler XXX\(Default) = "{6C467336-8281-4E60-8204-430CED96822D}"  -> {HKLM...CLSID} = "Groove GFS Context Menu Handler"				   \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll" [MS]Default executables:--------------------<<!>> HKLM\SOFTWARE\Classes\.com\(Default) = "ComFile"Group Policies {GPedit.msc branch and setting}:-----------------------------------------------Note: detected settings may not have any effect.HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\"NoDrives" = (REG_DWORD) dword:0x00000000{unrecognized setting}HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\"NoDrives" = (REG_DWORD) dword:0x00000000{unrecognized setting}"HonorAutoRunSetting" = (REG_DWORD) dword:0x00000001{unrecognized setting}HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\"shutdownwithoutlogon" = (REG_DWORD) dword:0x00000001{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|Shutdown: Allow system to be shut down without having to log on}"undockwithoutlogon" = (REG_DWORD) dword:0x00000001{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|Devices: Allow undock without having to log on}"DisableRegistryTools" = (REG_DWORD) dword:0x00000000{unrecognized setting}Active Desktop and Wallpaper:-----------------------------Active Desktop may be disabled at this entry:HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellStateDisplayed if Active Desktop enabled and wallpaper not set by Group Policy:HKCU\Software\Microsoft\Internet Explorer\Desktop\General\"Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"Displayed if Active Desktop disabled and wallpaper not set by Group Policy:HKCU\Control Panel\Desktop\"Wallpaper" = "C:\Documents and Settings\Mariusz\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"Windows Portable Device AutoPlay Handlers-----------------------------------------HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\BridgeCS3ImportMediaOnArrival\"Provider" = "Adobe Bridge CS3""InvokeProgID" = "Adobe.adobebridge""InvokeVerb" = "launch"HKLM\SOFTWARE\Classes\Adobe.adobebridge\shell\launch\command\(Default) = "C:\Program Files\Adobe\Adobe Bridge CS3\bridgeproxy.exe -v %1" ["Adobe Systems, Inc."]FunMultiMediaHandler\"Provider" = "MultiMedia Manager""ProgID" = "FUNBOX.Autoplay"HKLM\SOFTWARE\Classes\FUNBOX.Autoplay\CLSID\(Default) = "{DF866F1F-10DF-4694-94A9-7F526FC8800A}"  -> {HKLM...CLSID} = "FUNBOX Autoplay Sample 2"				   \LocalServer32\(Default) = "C:\Program Files\Samsung\Samsung PC Studio 3\Share_autoplay.exe" ["TODO: <** **>" (unwritable string)]MPCPlayCDAudioOnArrival\"Provider" = "Media Player Classic""InvokeProgID" = "MediaPlayerClassic.Autorun""InvokeVerb" = "PlayCDAudio"HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayCDAudio\command\(Default) = ""C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe" %1 /cd" ["Gabest"]MPCPlayDVDMovieOnArrival\"Provider" = "Media Player Classic""InvokeProgID" = "MediaPlayerClassic.Autorun""InvokeVerb" = "PlayDVDMovie"HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayDVDMovie\command\(Default) = ""C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe" %1 /dvd" ["Gabest"]MPCPlayMusicFilesOnArrival\"Provider" = "Media Player Classic""InvokeProgID" = "MediaPlayerClassic.Autorun""InvokeVerb" = "PlayMusicFiles"HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayMusicFiles\command\(Default) = ""C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe" %1" ["Gabest"]MPCPlayVideoFilesOnArrival\"Provider" = "Media Player Classic""InvokeProgID" = "MediaPlayerClassic.Autorun""InvokeVerb" = "PlayVideoFiles"HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayVideoFiles\command\(Default) = ""C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe" %1" ["Gabest"]MSWPDShellNamespaceHandler\"Provider" = "@%SystemRoot%\System32\WPDShextRes.dll,-501""CLSID" = "{A55803CC-4D53-404c-8557-FD63DBA95D24}""InitCmdLine" = " "  -> {HKLM...CLSID} = "WPDShextAutoplay"				   \LocalServer32\(Default) = "C:\WINDOWS\system32\WPDShextAutoplay.exe" [MS]NeroAutoPlay7CDAudio\"Provider" = "Nero Express Essentials""InvokeProgID" = "Nero.AutoPlay7""InvokeVerb" = "CDAudio_HandleCDBurningOnArrival"HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\CDAudio_HandleCDBurningOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Core\nero.exe -w /New:AudioCD" ["Nero AG"]NeroAutoPlay7CopyCD\"Provider" = "Nero Express Essentials""InvokeProgID" = "Nero.AutoPlay7""InvokeVerb" = "CopyCD_PlayMusicFilesOnArrival"HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\CopyCD_PlayMusicFilesOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Core\nero.exe -w /New:DiscCopy" ["Nero AG"]NeroAutoPlay7DataDisc\"Provider" = "Nero Express Essentials""InvokeProgID" = "Nero.AutoPlay7""InvokeVerb" = "DataDisc_HandleCDBurningOnArrival"HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\DataDisc_HandleCDBurningOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Core\nero.exe -w /New:ISODisc" ["Nero AG"]NeroAutoPlay7LaunchNeroStartSmart\"Provider" = "Nero StartSmart Essentials""InvokeProgID" = "Nero.AutoPlay7""InvokeVerb" = "LaunchNeroStartSmart_HandleCDBurningOnArrival"HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\LaunchNeroStartSmart_HandleCDBurningOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Nero StartSmart\NeroStartSmart.exe /AutoPlay" ["Nero AG"]NeroAutoPlay7PlayAudioCD\"Provider" = "Nero ShowTime Essentials""InvokeProgID" = "Nero.AutoPlay7""InvokeVerb" = "PlayAudioCD_PlayMusicFilesOnArrival"HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\PlayAudioCD_PlayMusicFilesOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe /Play %L" ["Nero AG"]NeroAutoPlay7PlayDVD\"Provider" = "Nero ShowTime Essentials""InvokeProgID" = "Nero.AutoPlay7""InvokeVerb" = "PlayDVD_PlayVideoFilesOnArrival"HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\PlayDVD_PlayVideoFilesOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe /Play %L" ["Nero AG"]NeroAutoPlay7TranscodeVideo\"Provider" = "Nero Recode Essentials""InvokeProgID" = "Nero.AutoPlay7""InvokeVerb" = "TranscodeVideo_PlayDVDMovieOnArrival"HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\TranscodeVideo_PlayDVDMovieOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Nero Recode\Recode.exe /New:CopyDVDVideo" ["Nero AG"]NeroAutoPlay7VideoCapture\"Provider" = "Nero Vision Essentials""ProgID" = "Shell.HWEventHandlerShellExecute""InitCmdLine" = ""C:\Program Files\Nero\Nero 7\Nero Vision\NeroVision.exe" /New:VideoCapture"HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = "{FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}"  -> {HKLM...CLSID} = "ShellExecute HW Event Handler"				   \LocalServer32\(Default) = "rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" [MS]NeroAutoPlay7ViewPhotos\"Provider" = "Nero PhotoSnap Viewer Essentials""InvokeProgID" = "Nero.AutoPlay7""InvokeVerb" = "ViewPhotos_ShowPicturesOnArrival"HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\ViewPhotos_ShowPicturesOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Nero PhotoSnap\PhotoSnapViewer.exe /" ["Nero AG"]Startup items in "Mariusz" & "All Users" startup folders:---------------------------------------------------------C:\Documents and Settings\Mariusz\Menu Start\Programy\Autostart"RocketDock" -> shortcut to: "C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe" [null data]C:\Documents and Settings\All Users\Menu Start\Programy\Autostart"HP Digital Imaging Monitor" -> shortcut to: "C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" ["Hewlett-Packard Co."]Winsock2 Service Provider DLLs:-------------------------------Namespace Service ProvidersHKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]Transport Service ProvidersHKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 13%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05Toolbars, Explorer Bars, Extensions:------------------------------------Explorer BarsHKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\HKLM\SOFTWARE\Classes\CLSID\{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}\(Default) = "Groove Folder Synchronization"Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll" [MS]HKLM\SOFTWARE\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Poszukaj"Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL" [MS]Extensions (Tools menu items, main toolbar menu buttons)HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\"MenuText" = "Sun Java Console""CLSIDExtension" = "{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC}"  -> {HKCU...CLSID} = "Java Plug-in 1.6.0_07"				   \InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll" ["Sun Microsystems, Inc."]  -> {HKLM...CLSID} = "Java Plug-in 1.6.0_07"				   \InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll" ["Sun Microsystems, Inc."]{58ECB495-38F0-49CB-A538-10282ABF65E7}\"ButtonText" = "Kolekcja wycinków HP""CLSIDExtension" = "{E763472E-A716-4CD9-89BD-DBDA6122F741}"  -> {HKLM...CLSID} = "ClipBookBtn Class"				   \InProcServer32\(Default) = "C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll" ["Hewlett-Packard Co."]{700259D7-1666-479A-93B1-3250410481E8}\"ButtonText" = "Zaznaczanie HP Smart""CLSIDExtension" = "{A93C41D8-01F8-4F8B-B14C-DE20B117E636}"  -> {HKLM...CLSID} = "EnhSelectionBtn Class"				   \InProcServer32\(Default) = "C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll" ["Hewlett-Packard Co."]{92780B25-18CC-41C8-B9BE-3C9C571A8263}\"ButtonText" = "Research"{E2E2DD38-D088-4134-82B7-F2BA38496583}\"MenuText" = "@xpsp3res.dll,-20001""Exec" = "%windir%\Network Diagnostic\xpnetdiag.exe" [MS]Running Services (Display Name, Service Name, Path {Service DLL}):------------------------------------------------------------------avast! Antivirus, avast! Antivirus, ""C:\Program Files\Alwil Software\Avast4\ashServ.exe"" ["ALWIL Software"]avast! iAVS4 Control Service, aswUpdSv, ""C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"" ["ALWIL Software"]hpqcxs08, hpqcxs08, "C:\WINDOWS\system32\svchost.exe -k hpdevmgmt" {"C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll" ["Hewlett-Packard Co."]}Net Driver HPZ12, Net Driver HPZ12, "C:\WINDOWS\System32\svchost.exe -k HPZ12" {"C:\WINDOWS\system32\HPZinw12.dll" ["Hewlett-Packard"]}NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"]Pml Driver HPZ12, Pml Driver HPZ12, "C:\WINDOWS\System32\svchost.exe -k HPZ12" {"C:\WINDOWS\system32\HPZipm12.dll" ["Hewlett-Packard"]}TuneUp Theme Extension, UxTuneUp, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\uxtuneup.dll" ["TuneUp Software GmbH"]}Usługa HP CUE DeviceDiscovery, hpqddsvc, "C:\WINDOWS\system32\svchost.exe -k hpdevmgmt" {"C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll" ["Hewlett-Packard Co."]}Print Monitors:---------------HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\PCL hpz3l4x9\Driver = "hpz3l4x9.dll" ["Hewlett-Packard Company"]Send To Microsoft OneNote Monitor\Driver = "msonpmon.dll" [MS]---------- (launch time: 2009-02-25 18:54:55)<<!>>: Suspicious data at a malware launch point.+ This report excludes default entries except where indicated.+ To see *everywhere* the script checks and *everything* it finds,  launch it from a command prompt or a shortcut with the -all parameter.+ The search for DESKTOP.INI DLL launch points on all local fixed drives  took 6 seconds.---------- (total run time: 48 seconds)

Mateusz J.
komentarz
komentarz
S1 SuperMounter;SuperMounter; [x]S2 WZCBDLService;WZCBDL Service; [x]

Usługi do wyłączenia.

Start => Uruchom => cmd => po każdej komendzie enter

sc stop SuperMounter

sc delete SuperMounter

sc stop WZCBDLService

sc delete WZCBDLService

Zamknij cmd.

Ogólnie czysto, w czym problem?

Mariuszysko
komentarz
komentarz

nie wiem czy działa mi Firewall bo wszędzie pisze ze używam OutPost Firewall Pro a nawet tego na kompie nie mam , a drugi powód zaczął mi trochę net mielić a następnie komp, czyściłem kompa tak jak jest w poradnikach

Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!

Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.

×
×
  • Dodaj nową pozycję...

Powiadomienie o plikach cookie

Strona wykorzystuje pliki cookies w celu prawidłowego świadczenia usług i wygody użytkowników. Warunki przechowywania i dostępu do plików cookies możesz zmienić w ustawieniach przeglądarki.