Skocz do zawartości


Zdjęcie

Logi - Wykryto trojany

Rozpoczęty przez rafal194 , 01 12 2008 22:24

  • Zamknięty Temat jest zamknięty
2 odpowiedzi w tym temacie

#1 rafal194

rafal194

    Zaawansowany użytkownik

  • 413 postów

Napisano 01 12 2008 - 22:24

Wczoraj wykryłem 3 trojany.
Logi są do tematu.Defragmentacjia ...







hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:13:13, on 2008-12-01
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\VisualTaskTips\VisualTaskTips.exe
C:\Program Files\Nowe Gadu-Gadu\gg.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\PrevxCSI\prevxcsi.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\SAGEM WiFi manager\WLANUTL.exe
C:\Documents and Settings\rafal\Menu Start\Programy\Autostart\Hard Drive Inspector Updater.exe
C:\Program Files\Common Files\BinarySense\hldasvc.exe
C:\Program Files\Common Files\BinarySense\hldasvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\PrevxCSI\prevxcsi.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\ntvdm.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [VisualTaskTips] C:\Program Files\VisualTaskTips\VisualTaskTips.exe
O4 - HKCU\..\Run: [Nowe Gadu-Gadu] "C:\Program Files\Nowe Gadu-Gadu\gg.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Hard Drive Inspector Updater.exe
O4 - Startup: nero.bat.lnk = C:\WINDOWS\system32\nero.bat
O4 - Startup: Skrót do winword.lnk = C:\WINDOWS\system32\winword.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Program sieciowy dla SAGEM Wi-Fi 11g USB adapter.lnk = ?
O9 - Extra button: Kolekcja wycinków HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Zaznaczanie HP Smart - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab
O18 - Protocol: hddlife - {BD758015-47D9-477A-8873-4B688A2BC0E2} - "C:\Program Files\Common Files\BinarySense\hlAPP.dll" (file missing)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: CSIScanner - Prevx - C:\Program Files\PrevxCSI\prevxcsi.exe
O23 - Service: HDDlife HDD Access service - BinarySense, Inc. - C:\Program Files\Common Files\BinarySense\hldasvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 8816 bytes






Combofix



ComboFix 08-11-09.03 - rafal 2008-12-01 21:14:52.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.495 [GMT 1:00]
Uruchomiony z: e:\programy\Antywirusy itp\do tworzenia logów\combo\ComboFix.exe
* Utworzono nowy punkt przywracania

UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA Dołączona grafika
.
- TRYB ZREDUKOWANEJ FUNKCJONALNOŚCI -
.

((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\a3kebook.ini
c:\windows\akebook.ini
c:\windows\ANS2000.INI

.
((((((((((((((((((((((((( Pliki utworzone od 2008-11-01 do 2008-12-01 )))))))))))))))))))))))))))))))
.

2008-12-01 21:10 . 2008-12-01 21:10 0 --a------ C:\TP152F1E.$$$
2008-12-01 21:10 . 2008-12-01 21:10 0 --a------ C:\TP152EA7.$$$
2008-12-01 21:09 . 2008-12-01 21:09 <DIR> d-------- c:\program files\TP
2008-12-01 21:09 . 1999-03-23 09:12 299,520 --a------ c:\windows\uninst.exe
2008-12-01 15:20 . 2008-12-01 15:20 <DIR> d-------- c:\program files\Saqqarah
2008-12-01 00:35 . 2008-12-01 00:35 <DIR> d-------- c:\program files\Yahoo!
2008-11-30 16:11 . 2008-10-16 11:56 1,960,448 --a------ c:\windows\system32\winword.exe
2008-11-30 12:07 . 2008-12-01 00:16 <DIR> d-------- c:\program files\SkanerOnline
2008-11-30 10:07 . 2008-12-01 00:16 <DIR> d-------- c:\program files\PrevxCSI
2008-11-30 10:07 . 2008-11-30 12:02 26,680 --a------ c:\windows\system32\drivers\pxark.sys
2008-11-30 10:06 . 2008-12-01 00:16 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\PrevxCSI
2008-11-29 23:32 . 2008-12-01 09:32 <DIR> d-------- c:\program files\temp
2008-11-29 18:14 . 2008-11-29 18:14 <DIR> d-------- c:\program files\Windows Media Connect 2
2008-11-29 18:13 . 2008-11-29 18:13 <DIR> d-------- c:\windows\system32\LogFiles
2008-11-29 18:13 . 2008-11-29 18:14 <DIR> d-------- c:\windows\system32\drivers\UMDF
2008-11-29 11:14 . 2006-12-07 15:01 20,480 --a------ c:\windows\system32\DreamSaver.scr
2008-11-29 10:50 . 2008-11-29 10:50 <DIR> d-------- c:\documents and settings\rafal\WINDOWS
2008-11-28 22:30 . 2008-11-28 22:30 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\JollyBear
2008-11-26 20:40 . 2007-08-15 12:09 417,792 --a------ c:\windows\system32\vbalCmdBar6.ocx
2008-11-26 20:40 . 2007-08-15 12:09 262,144 --a------ c:\windows\system32\lst_v.ocx
2008-11-26 20:40 . 2007-08-15 12:09 159,744 --a------ c:\windows\system32\wt_menu.dll
2008-11-26 20:40 . 2007-08-15 12:09 94,208 --a------ c:\windows\system32\img_lst.ocx
2008-11-26 17:32 . 2008-11-26 17:39 <DIR> d-------- c:\documents and settings\rafal\Dane aplikacji\Ancient Quest of Saqqarah__cminion
2008-11-26 17:24 . 2008-11-26 17:24 <DIR> d-------- c:\documents and settings\rafal\Dane aplikacji\Saqqarah
2008-11-25 22:29 . 2008-11-25 22:29 25 --a------ c:\windows\cdplayer.ini
2008-11-25 22:28 . 2008-11-25 23:11 <DIR> d-------- c:\program files\Common Files\Real
2008-11-25 21:24 . 2008-11-25 21:34 <DIR> d-------- c:\documents and settings\rafal\Dane aplikacji\Ancient Quest of Saqqarah__real
2008-11-25 20:46 . 2008-11-26 20:31 <DIR> d-------- c:\program files\K-Lite Codec Pack
2008-11-24 20:21 . 2008-11-24 20:22 <DIR> d-------- c:\documents and settings\rafal\Dane aplikacji\TuxPaint
2008-11-24 17:43 . 2008-11-29 14:02 69 --a------ c:\windows\NeroDigital.ini
2008-11-23 12:25 . 2006-06-29 13:07 14,048 --------- c:\windows\system32\spmsg2.dll
2008-11-23 12:23 . 2008-11-23 12:25 <DIR> d-------- c:\windows\system32\XPSViewer
2008-11-23 12:23 . 2008-11-23 12:23 <DIR> d-------- c:\program files\MSBuild
2008-11-23 12:23 . 2008-07-06 13:06 1,676,288 --------- c:\windows\system32\xpssvcs.dll
2008-11-23 12:23 . 2008-07-06 13:06 1,676,288 -----c--- c:\windows\system32\dllcache\xpssvcs.dll
2008-11-23 12:23 . 2008-07-06 11:50 597,504 -----c--- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2008-11-23 12:23 . 2008-07-06 13:06 575,488 --------- c:\windows\system32\xpsshhdr.dll
2008-11-23 12:23 . 2008-07-06 13:06 575,488 -----c--- c:\windows\system32\dllcache\xpsshhdr.dll
2008-11-23 12:23 . 2008-07-06 13:06 117,760 --------- c:\windows\system32\prntvpt.dll
2008-11-23 12:23 . 2008-07-06 13:06 89,088 -----c--- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2008-11-23 12:21 . 2008-11-23 12:21 <DIR> d-------- c:\program files\MSXML 6.0
2008-11-23 12:15 . 2008-11-23 23:04 <DIR> d-------- c:\program files\NeoSmart Technologies
2008-11-23 10:56 . 2008-11-23 10:56 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\LightScribe
2008-11-23 10:51 . 2008-11-23 10:51 <DIR> d-------- c:\program files\Philips
2008-11-23 10:51 . 2008-11-23 10:51 <DIR> d-------- c:\program files\Common Files\LightScribe
2008-11-23 10:50 . 2008-11-23 10:56 <DIR> d-------- c:\documents and settings\rafal\Dane aplikacji\Ahead
2008-11-23 10:49 . 2008-11-23 10:49 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\Ahead
2008-11-23 10:45 . 2008-11-23 10:45 <DIR> d-------- c:\program files\Nero
2008-11-23 10:45 . 2008-11-23 10:49 <DIR> d-------- c:\program files\Common Files\Ahead
2008-11-23 10:45 . 2008-11-23 10:45 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\Nero
2008-11-22 23:27 . 2008-01-18 23:45 333,203 -rahs---- C:\bootmgr
2008-11-22 09:11 . 2008-11-22 09:11 1,607 --a------ c:\windows\system32\Load.ini
2008-11-20 20:50 . 2008-11-20 20:50 180 --a------ c:\windows\system32\nero.bat
2008-11-18 19:44 . 2008-11-18 19:53 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\BVRP Software
2008-11-18 13:56 . 2008-11-18 13:56 <DIR> d-------- c:\program files\Common Files\Motorola Shared
2008-11-17 23:23 . 2008-11-17 23:23 <DIR> d-------- c:\documents and settings\rafal\Dane aplikacji\Pogo Games
2008-11-17 23:18 . 2008-11-17 23:18 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\Oberon Games
2008-11-17 22:31 . 2008-11-17 22:36 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\FarmFrenzy2
2008-11-17 21:46 . 2008-11-17 21:46 <DIR> d-------- c:\program files\Deluxe Ski Jump 3
2008-11-16 13:00 . 2008-11-16 13:00 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\nView_Profiles
2008-11-16 12:57 . 2008-12-01 00:16 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-11-16 12:56 . 2008-11-16 12:58 <DIR> d-------- c:\windows\NV3408236.TMP
2008-11-16 12:56 . 2008-10-07 13:33 201,157 --a------ c:\windows\system32\nvapps.nvb
2008-11-16 12:55 . 2008-11-16 12:55 <DIR> d-------- C:\NVIDIA
2008-11-16 12:28 . 2008-11-26 23:30 <DIR> d-------- c:\program files\SystemRequirementsLab
2008-11-16 12:28 . 2008-11-26 23:30 <DIR> d-------- c:\documents and settings\rafal\SystemRequirementsLab
2008-11-16 11:23 . 2008-11-16 11:23 <DIR> d-------- c:\documents and settings\rafal\Dane aplikacji\AltrixSoft
2008-11-15 10:50 . 2004-08-03 23:44 221,184 --a------ c:\windows\system32\wmpns.dll
2008-11-14 16:11 . 2008-11-14 16:16 <DIR> d-------- c:\program files\Winamp
2008-11-14 16:11 . 2008-11-14 16:20 <DIR> d-------- c:\documents and settings\rafal\Dane aplikacji\Winamp
2008-11-12 20:52 . 2008-11-12 20:52 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\MythPeople
2008-11-11 23:02 . 2008-11-11 23:02 <DIR> d-------- c:\documents and settings\rafal\Dane aplikacji\Media Player Classic
2008-11-11 16:06 . 2008-11-11 17:55 430 --a------ c:\windows\gmer.ini
2008-11-11 09:07 . 2008-11-11 09:07 393 --a------ c:\documents and settings\Skrót do Documents and Settings.lnk
2008-11-10 22:59 . 2008-11-10 23:55 <DIR> d-------- c:\program files\jv16 PowerTools 2008
2008-11-10 22:59 . 2008-11-10 22:59 23 --a------ c:\windows\system32\cedfaf_z.ocx
2008-11-10 14:48 . 2008-11-10 14:48 4,096 --a------ c:\windows\d3dx.dat
2008-11-09 15:28 . 2008-11-09 15:28 <DIR> d-------- c:\documents and settings\rafal\Dane aplikacji\Malwarebytes
2008-11-09 15:28 . 2008-11-09 15:28 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\Malwarebytes
2008-11-08 16:07 . 2008-11-08 16:09 <DIR> d-------- c:\documents and settings\rafal\Dane aplikacji\Real Desktop
2008-11-06 06:02 . 2008-11-06 06:02 <DIR> d-------- c:\windows\system32\Addons
2008-11-05 19:40 . 2008-11-05 19:40 <DIR> d-------- c:\windows\system32\captcha
2008-11-05 17:54 . 2008-11-05 17:54 <DIR> d-------- c:\documents and settings\rafal\Dane aplikacji\URSoft
2008-11-04 22:23 . 2008-11-04 22:23 <DIR> d----c--- c:\documents and settings\All Users\Dane aplikacji\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}
2008-11-04 22:18 . 2008-11-04 22:18 <DIR> d-------- c:\documents and settings\rafal\Dane aplikacji\uniblue
2008-11-04 22:10 . 2008-11-04 22:10 <DIR> d-------- c:\program files\Trend Micro
2008-11-04 22:07 . 2008-11-04 22:07 <DIR> d-------- c:\program files\Uniblue
2008-11-04 22:05 . 2008-11-04 22:05 <DIR> d-------- c:\program files\Reference Assemblies
2008-11-04 22:04 . 2004-03-09 00:00 212,240 --a------ c:\windows\system32\RICHTX32.OCX
2008-11-04 22:04 . 2007-08-15 12:09 167,683 --a------ c:\windows\system32\COMCT232.OCX
2008-11-04 22:04 . 2007-08-15 12:09 40,960 --a------ c:\windows\system32\ssubtmr6.dll
2008-11-04 22:01 . 2008-11-04 22:01 <DIR> dr-h----- C:\AHCache
2008-11-04 21:22 . 2008-11-04 21:22 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\Innovative Solutions
2008-11-04 21:18 . 2008-11-06 21:02 <DIR> d-------- c:\program files\Ice Cream Mania.exe
2008-11-04 20:20 . 2008-11-05 19:40 <DIR> d-------- c:\windows\system32\Plugins
2008-11-04 20:20 . 2008-11-04 20:20 <DIR> d-------- c:\windows\system32\ocr
2008-11-04 20:20 . 2008-11-04 20:20 <DIR> d-------- c:\windows\system32\Data
2008-11-04 19:56 . 2008-11-04 19:56 <DIR> d-------- c:\program files\Play
2008-11-04 19:56 . 2008-12-01 00:26 263 --a------ c:\windows\Mouse_Boy.iix
2008-11-04 18:41 . 2008-11-04 18:43 48 --a------ c:\windows\iltwain.ini
2008-11-04 18:36 . 2008-11-04 18:39 <DIR> d-------- c:\documents and settings\rafal\Dane aplikacji\IconTweaker
2008-11-04 18:36 . 2008-11-04 18:39 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\IconTweaker
2008-11-04 18:25 . 2008-11-04 18:31 38 --a------ c:\windows\Cfg.cfg
2008-11-04 18:25 . 2008-11-04 18:31 23 --a------ c:\windows\Tips.ini
2008-11-03 23:02 . 2008-11-30 02:00 46 --a------ c:\windows\Resecik.ini
2008-11-03 20:54 . 2008-11-06 21:03 <DIR> d-------- c:\program files\Roller Rush
2008-11-03 14:24 . 2008-11-06 21:04 <DIR> d-------- c:\program files\Burger Island
2008-11-03 14:24 . 2008-11-03 14:24 <DIR> d-------- c:\documents and settings\rafal\Dane aplikacji\Sandlot Games
2008-11-02 22:40 . 2008-11-18 23:33 <DIR> d-------- c:\program files\Plantasia
2008-11-02 22:24 . 2008-11-09 21:45 <DIR> d-------- c:\windows\system32\Adobe
2008-11-02 22:23 . 2008-11-02 22:23 698 --a------ c:\windows\DigbysDonuts.ini
2008-11-02 22:21 . 2008-11-02 22:21 <DIR> d-------- c:\program files\Digby's Donuts
2008-11-02 20:32 . 2008-11-02 20:32 <DIR> d-------- c:\program files\Kran.Simulator.2009.GERMAN-0x0007
2008-11-02 15:27 . 2008-11-02 15:27 <DIR> d-------- c:\program files\AmitySource
2008-11-02 14:14 . 2008-11-02 14:16 <DIR> d-------- c:\program files\Kransimulator 2009
2008-11-02 14:11 . 2008-11-02 14:11 <DIR> d-------- c:\windows\system32\AGEIA
2008-11-02 14:11 . 2008-11-17 00:00 <DIR> d-------- c:\program files\AGEIA Technologies
2008-11-02 14:03 . 2008-11-04 19:55 <DIR> d-------- c:\windows\Logs
2008-11-02 14:02 . 2008-11-02 14:02 <DIR> d--hs---- c:\windows\ftpcache

.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-01 20:02 --------- d-----w c:\documents and settings\rafal\Dane aplikacji\Skype
2008-12-01 15:02 --------- d-----w c:\documents and settings\rafal\Dane aplikacji\skypePM
2008-12-01 14:17 --------- d-----w c:\program files\Zylom Games
2008-12-01 08:31 --------- d---a-w c:\documents and settings\All Users\Dane aplikacji\TEMP
2008-11-30 23:16 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-28 22:52 --------- d-----w c:\documents and settings\rafal\Dane aplikacji\Zylom
2008-11-26 12:17 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Zylom
2008-11-25 19:43 --------- d-----w c:\program files\Gigabyte
2008-11-25 19:09 8,059 ----a-w c:\windows\gdrv.sys
2008-11-25 14:21 24,944 ----a-w c:\windows\system32\drivers\GVTDrv.sys
2008-11-24 14:32 57,344 ----a-w c:\windows\system32\ff_vfw.dll
2008-11-22 20:39 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\HP Product Assistant
2008-11-21 20:15 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\HP
2008-11-12 18:16 --------- d-----w c:\program files\PerformanceTest
2008-11-12 18:09 --------- d-----w c:\program files\SAGEM WiFi manager
2008-11-12 18:09 --------- d-----w c:\program files\HD Tune Pro
2008-11-09 23:18 --------- d-----w c:\program files\Unlocker
2008-11-09 21:55 --------- d-----w c:\program files\Common Files\Adobe
2008-11-09 00:22 --------- d-----w c:\program files\Common Files\EZB Systems
2008-11-03 13:24 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Sandlot Games
2008-11-02 21:40 --------- d-----w c:\documents and settings\rafal\Dane aplikacji\PlayFirst
2008-10-31 13:45 --------- d-----w c:\documents and settings\rafal\Dane aplikacji\Nowe Gadu-Gadu
2008-10-31 13:44 --------- d-----w c:\program files\Gadu-Gadu
2008-10-31 13:41 --------- d-----w c:\program files\Nowe Gadu-Gadu
2008-10-28 22:35 684,032 ----a-w c:\windows\system32\divx.dll
2008-10-28 17:36 --------- d-----w c:\program files\PowerQuest
2008-10-27 17:49 410,976 ----a-w c:\windows\system32\deploytk.dll
2008-10-27 17:49 --------- d-----w c:\program files\Java
2008-10-26 16:41 --------- d-----w c:\program files\MCS Studios
2008-10-25 21:10 --------- d-----w c:\program files\Realtek
2008-10-25 21:06 --------- d-----w c:\program files\Common Files\InstallShield
2008-10-25 21:06 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\InstallShield
2008-10-25 15:21 --------- d-----w c:\program files\CheckIt
2008-10-25 14:13 --------- d-----w c:\program files\Microsoft Silverlight
2008-10-25 13:55 --------- d-----w c:\program files\My Drivers
2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-23 20:22 --------- d-----w c:\program files\SymplisIT
2008-10-23 18:51 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\PlayFirst
2008-10-23 18:11 --------- d-----w c:\program files\Supercow
2008-10-23 18:11 --------- d-----w c:\documents and settings\rafal\Dane aplikacji\Super-Cow
2008-10-23 18:09 --------- d-----w c:\program files\ReflexiveArcade
2008-10-23 17:01 --------- d-----w c:\program files\UltraISO
2008-10-22 17:10 --------- d-----w c:\documents and settings\rafal\Dane aplikacji\HP
2008-10-21 19:42 --------- d-----w c:\documents and settings\rafal\Dane aplikacji\GanymedeNet
2008-10-21 18:24 --------- d-----w c:\program files\VisualTaskTips
2008-10-21 18:14 --------- d-----w c:\program files\CCleaner
2008-10-21 16:48 --------- d-----w c:\program files\Common Files\BinarySense
2008-10-21 16:48 --------- d-----w c:\program files\BinarySense
2008-10-21 16:48 --------- d-----w c:\documents and settings\rafal\Dane aplikacji\BinarySense
2008-10-21 16:35 --------- d-----w c:\program files\Common Files\Skype
2008-10-21 16:35 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Skype
2008-10-21 16:35 --------- d-----r c:\program files\Skype
2008-10-21 14:20 --------- d-----w c:\program files\IrfanView
2008-10-21 14:18 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Office Genuine Advantage
2008-10-21 14:06 319,488 ----a-w c:\windows\HideWin.exe
2008-10-21 12:43 --------- d-----w c:\program files\Intel
2008-10-21 11:23 --------- d-----w c:\documents and settings\rafal\Dane aplikacji\Xentient
2008-10-21 08:16 --------- d-----w c:\program files\Xentient
2008-10-21 08:08 --------- d-----w c:\program files\Lavalys
2008-10-21 07:17 --------- d-----w c:\program files\OpenOffice.org 3
2008-10-21 07:17 --------- d-----w c:\documents and settings\rafal\Dane aplikacji\OpenOffice.org
2008-10-21 07:10 --------- d-----w c:\program files\Opera
2008-10-21 06:56 --------- d-----w c:\program files\Alwil Software
2008-10-21 06:50 --------- d-----w c:\program files\SAGEM
2008-10-21 06:50 --------- d-----w c:\documents and settings\rafal\Dane aplikacji\InstallShield
2008-10-21 06:44 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\WEBREG
2008-10-21 06:43 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Hewlett-Packard
2008-10-21 06:41 --------- d-----w c:\program files\HP
2008-10-21 06:41 --------- d-----w c:\documents and settings\rafal\Dane aplikacji\HPAppData
2008-10-21 06:41 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\HPSSUPPLY
2008-10-21 06:40 --------- d-----w c:\program files\Common Files\HP
2008-10-21 06:39 --------- d-----w c:\program files\Common Files\Hewlett-Packard
2008-10-21 06:23 --------- d-----w c:\program files\microsoft frontpage
2008-10-21 06:22 --------- d-----w c:\program files\Usługi online
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-02 09:07 453,152 ----a-w c:\windows\system32\NVUNINST.EXE
2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-25 08:03 81,920 ----a-w c:\windows\system32\dpl100.dll
2008-09-19 21:57 3,596,288 ----a-w c:\windows\system32\qt-dx331.dll
2008-09-15 15:40 1,846,272 ----a-w c:\windows\system32\win32k.sys
2008-09-04 16:46 1,106,944 ----a-w c:\windows\system32\msxml3.dll
2008-09-04 08:31 288,024 ----a-w c:\windows\system32\PhysXCplUI.exe
2002-07-01 14:13 224 --sha-w c:\documents and settings\rafal\Dane aplikacji\maildriver32.dat
.

((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-10-10 25795368]
"VisualTaskTips"="c:\program files\VisualTaskTips\VisualTaskTips.exe" [2008-06-22 65536]
"Nowe Gadu-Gadu"="c:\program files\Nowe Gadu-Gadu\gg.exe" [2008-10-10 6500960]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-03 1667584]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-08-23 455968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-17 81920]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-10-27 136600]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2005-02-17 221184]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-04 36352]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"RTHDCPL"="RTHDCPL.EXE" [2007-07-05 c:\windows\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2007-06-15 c:\windows\SkyTel.exe]
"nwiz"="nwiz.exe" [2008-10-07 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]

c:\documents and settings\rafal\Menu Start\Programy\Autostart\
Hard Drive Inspector Updater.exe [2008-10-30 29228]
nero.bat.lnk - c:\windows\system32\nero.bat [2008-11-20 180]
Skr˘t do winword.lnk - c:\windows\system32\winword.exe [2008-11-30 1960448]

c:\documents and settings\All Users\Menu Start\Programy\Autostart\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 210520]
Program sieciowy dla SAGEM Wi-Fi 11g USB adapter.lnk - c:\program files\SAGEM WiFi manager\WLANUTL.exe [2008-10-21 950272]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8461:TCP"= 8461:TCP:GoD High Port
"8462:TCP"= 8462:TCP:GoD Low Port

R0 pxark;pxark;c:\windows\system32\drivers\pxark.sys [2008-11-30 26680]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 BCMNTIO;BCMNTIO;c:\progra~1\CheckIt\DIAGNO~1\BCMNTIO.sys [2004-03-05 3744]
R2 CSIScanner;CSIScanner;c:\program files\PrevxCSI\prevxcsi.exe [2008-11-30 920632]
R2 HDDlife HDD Access service;HDDlife HDD Access service;c:\program files\Common Files\BinarySense\hldasvc.exe [2008-02-15 832760]
R2 MAPMEM;MAPMEM;c:\progra~1\CheckIt\DIAGNO~1\MAPMEM.sys [2004-03-05 3904]
R3 SG762_XP;SAGEM 802.11g XG762 1211B Driver;c:\windows\system32\DRIVERS\WlanBZXP.sys [2007-01-10 450560]
S3 ZDCndis5;ZDCndis5 Protocol Driver;c:\windows\system32\ZDCndis5.SYS [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K]
\Shell\AutoRun\command - K:\Launcher.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fcad9646-a2c9-11dd-8c16-806d6172696f}]
\Shell\AutoRun\command - F:\setup.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Zawartość folderu 'Zaplanowane zadania'

2008-12-01 c:\windows\Tasks\User_Feed_Synchronization-{43FE2BCB-29B5-4364-8151-E85CD8753969}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 17:36]
.
.
------- Skan uzupełniający -------
.
FireFox -: Profile - c:\documents and settings\rafal\Dane aplikacji\Mozilla\Firefox\Profiles\w3yvpvto.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - chrome://speeddial/content/speeddial.xul
FF -: plugin - c:\documents and settings\All Users\Dane aplikacji\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npdeploytk.dll
FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npjp2.dll
FF -: plugin - c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF -: plugin - c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF -: plugin - c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npdeploytk.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\NPMAHJONG.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll
FF -: plugin - c:\program files\Opera\program\plugins\nppl3260.dll
FF -: plugin - c:\program files\Opera\program\plugins\nprpjplug.dll
FF -: plugin - c:\program files\Yahoo!\Common\npyaxmpb.dll
FF -: plugin - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-01 21:15:01
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

skanowanie ukrytych procesów ...

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ...

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************
.
Czas ukończenia: 2008-12-01 21:15:47
ComboFix-quarantined-files.txt 2008-12-01 20:15:44

Przed: 30 879 686 656 bajtów wolnych
Po: 30,864,461,824 bajtów wolnych

330 --- E O F --- 2008-11-16 09:40:51




Silent Runners


"Silent Runners.vbs", revision 58, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"Skype" = ""C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized" ["Skype Technologies S.A."]
"VisualTaskTips" = "C:\Program Files\VisualTaskTips\VisualTaskTips.exe" ["VisualTaskTips.com"]
"Nowe Gadu-Gadu" = ""C:\Program Files\Nowe Gadu-Gadu\gg.exe"" ["Gadu-Gadu S.A."]
"MSMSGS" = ""C:\Program Files\Messenger\msmsgs.exe" /background" [MS]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" = ""C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"" ["Nero AG"]
"LightScribe Control Panel" = "C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden" ["Hewlett-Packard Company"]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]
"HP Software Update" = "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" ["Hewlett-Packard Co."]
"RTHDCPL" = "RTHDCPL.EXE" ["Realtek Semiconductor Corp."]
"SkyTel" = "SkyTel.EXE" ["Realtek Semiconductor Corp."]
"ISUSScheduler" = ""C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start" ["InstallShield Software Corporation"]
"SunJavaUpdateSched" = ""C:\Program Files\Java\jre6\bin\jusched.exe"" ["Sun Microsystems, Inc."]
"Adobe Reader Speed Launcher" = ""C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"" ["Adobe Systems Incorporated"]
"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]
"ISUSPM Startup" = "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup" ["InstallShield Software Corporation"]
"WinampAgent" = ""C:\Program Files\Winamp\winampa.exe"" [null data]
"NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit" [MS]
"avast!" = "C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" ["ALWIL Software"]
"NeroFilterCheck" = "C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" ["Nero AG"]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{02478D38-C3F9-4EFB-9B51-7695ECA05670}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Yahoo! Toolbar Helper"
\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."]
{0347C33E-8762-4905-BF09-768834316C61}\(Default) = (no title provided)
-> {HKLM...CLSID} = "HP Print Enhancer"
\InProcServer32\(Default) = "C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll" ["Hewlett-Packard Co."]
{053F9267-DC04-4294-A72C-58F732D338C0}\(Default) = (no title provided)
-> {HKLM...CLSID} = "HP Print Clips"
\InProcServer32\(Default) = "C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll" ["Hewlett-Packard Co."]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Adobe PDF Reader Link Helper"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Java™ Plug-In SSV Helper"
\InProcServer32\(Default) = "C:\Program Files\Java\jre6\bin\ssv.dll" ["Sun Microsystems, Inc."]
{DBC80044-A445-435b-BC74-9C25C1C588A9}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Java™ Plug-In 2 SSV Helper"
\InProcServer32\(Default) = "C:\Program Files\Java\jre6\bin\jp2ssv.dll" ["Sun Microsystems, Inc."]
{E7E6F031-17CE-4C07-BC86-EABFE594F69C}\(Default) = (no title provided)
-> {HKLM...CLSID} = "JQSIEStartDetectorImpl Class"
\InProcServer32\(Default) = "C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll" ["Sun Microsystems, Inc."]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
-> {HKLM...CLSID} = "DesktopContext Class"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
-> {HKLM...CLSID} = "Desktop Explorer"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"
-> {HKLM...CLSID} = "nView Desktop Context Menu"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{472083B0-C522-11CF-8763-00608CC02F24}" = "avast"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
"{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" = "OpenOffice.org Column Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = ""C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll"" ["Sun Microsystems, Inc."]
"{087B3AE3-E237-4467-B8DB-5A38AB959AC9}" = "OpenOffice.org Infotip Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = ""C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll"" ["Sun Microsystems, Inc."]
"{63542C48-9552-494A-84F7-73AA6A7C99C1}" = "OpenOffice.org Property Sheet Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = ""C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll"" ["Sun Microsystems, Inc."]
"{3B092F0C-7696-40E3-A80F-68D74DA84210}" = "OpenOffice.org Thumbnail Viewer"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = ""C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll"" ["Sun Microsystems, Inc."]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" ["Alexander Roshal"]
"{08AB18D7-ACFB-4B59-93BA-81BBEE32D401}" = "Xentient.Thumbs"
-> {HKLM...CLSID} = "Extractor Class"
\InProcServer32\(Default) = "C:\Program Files\Xentient\Thumbnails\thumbs.dll" ["Xentient"]
"{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}" = "UnlockerShellExtension"
-> {HKLM...CLSID} = "UnlockerShellExtension"
\InProcServer32\(Default) = "C:\Program Files\Unlocker\UnlockerCOM.dll" [null data]
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
-> {HKLM...CLSID} = "NVIDIA CPL Extension"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2}" = "NeroCoverEd Live Icons"
-> {HKLM...CLSID} = "NeroCoverEdLiveIcons Class"
\InProcServer32\(Default) = "C:\Program Files\Nero\Nero 7\Nero CoverDesigner\CoverEdExtension.dll" ["Nero AG"]
"{B327765E-D724-4347-8B16-78AE18552FC3}" = "NeroDigitalIconHandler"
-> {HKLM...CLSID} = "NeroDigitalIconHandler Class"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]
"{7F1CF152-04F8-453A-B34C-E609530A9DC8}" = "NeroDigitalPropSheetHandler"
-> {HKLM...CLSID} = "NeroDigitalPropSheetHandler Class"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\
"WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
-> {HKLM...CLSID} = "WPDShServiceObj Class"
\InProcServer32\(Default) = "C:\WINDOWS\system32\WPDShServiceObj.dll" [MS]

HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\
{7D4D6379-F301-4311-BEBA-E26EB0561882}\(Default) = "NeroDigitalExt.NeroDigitalColumnHandler"
-> {HKLM...CLSID} = "NeroDigitalColumnHandler Class"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\(Default) = "OpenOffice.org Column Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = ""C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll"" ["Sun Microsystems, Inc."]
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
-> {HKLM...CLSID} = "PDF Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]

HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\
avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
Cover Designer\(Default) = "{73FCA462-9BD5-4065-A73F-A8E5F6904EF7}"
-> {HKLM...CLSID} = "NeroCoverEdContextMenu Class"
\InProcServer32\(Default) = "C:\Program Files\Nero\Nero 7\Nero CoverDesigner\CoverEdExtension.dll" ["Nero AG"]
MkS_Vir\(Default) = "{E64226E0-9DA1-479E-8265-8D65BA327BD4}"
-> {HKLM...CLSID} = "MkS_Vir Shell Extension"
\InProcServer32\(Default) = "/u\mksshell.dll" [file not found]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" ["Alexander Roshal"]

HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" ["Alexander Roshal"]

HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\
avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
MkS_Vir\(Default) = "{E64226E0-9DA1-479E-8265-8D65BA327BD4}"
-> {HKLM...CLSID} = "MkS_Vir Shell Extension"
\InProcServer32\(Default) = "/u\mksshell.dll" [file not found]
UnlockerShellExtension\(Default) = "{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}"
-> {HKLM...CLSID} = "UnlockerShellExtension"
\InProcServer32\(Default) = "C:\Program Files\Unlocker\UnlockerCOM.dll" [null data]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" ["Alexander Roshal"]

HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\
UnlockerShellExtension\(Default) = "{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}"
-> {HKLM...CLSID} = "UnlockerShellExtension"
\InProcServer32\(Default) = "C:\Program Files\Unlocker\UnlockerCOM.dll" [null data]


Default executables:
--------------------

<<!>> HKLM\SOFTWARE\Classes\.com\(Default) = "ComFile"


Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------

Note: detected settings may not have any effect.

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\

"NoDrives" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\

"NoDrives" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\

"HideLegacyLogonScripts" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"HideLogoffScripts" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"HideStartupScripts" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"RunLogonScriptSync" = (REG_DWORD) dword:0x00000001
{unrecognized setting}

"RunStartupScriptSync" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\

"shutdownwithoutlogon" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}

"undockwithoutlogon" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}

"DisableRegistryTools" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"HideLegacyLogonScripts" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"HideLogoffScripts" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"RunLogonScriptSync" = (REG_DWORD) dword:0x00000001
{unrecognized setting}

"RunStartupScriptSync" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"HideStartupScripts" = (REG_DWORD) dword:0x00000000
{unrecognized setting}


Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\rafal\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"


Windows Portable Device AutoPlay Handlers
-----------------------------------------

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\

HPAutoplayPSE\
"Provider" = "HP Photosmart Essential 2.01"
"InvokeProgID" = "HpqPSApl.Autoplay"
"InvokeVerb" = "Play"
HKLM\SOFTWARE\Classes\HpqPSApl.Autoplay\shell\Play\DropTarget\CLSID = "{A6873065-D632-4615-A3A9-C5F05EE109C1}"
-> {HKLM...CLSID} = (no title provided)
\LocalServer32\(Default) = "C:\Program Files\HP\Digital Imaging\bin\HpqPsApl.exe" ["Hewlett-Packard"]

LightScribeOnArrivalAP\
"Provider" = "LightScribe Direct Disc Labeling"
"InvokeProgID" = "LightScribe.AutoPlayHandler"
"InvokeVerb" = "LabelLightScribeDisc"
HKLM\SOFTWARE\Classes\LightScribe.AutoPlayHandler\shell\LabelLightScribeDisc\command\(Default) = "C:\Program Files\Common Files\LightScribe\LsLauncher.exe" ["Hewlett-Packard Company"]

MPCPlayCDAudioOnArrival\
"Provider" = "Media Player Classic"
"InvokeProgID" = "MediaPlayerClassic.Autorun"
"InvokeVerb" = "PlayCDAudio"
HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayCDAudio\command\(Default) = ""C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe" %1 /cd" ["Gabest"]

MPCPlayDVDMovieOnArrival\
"Provider" = "Media Player Classic"
"InvokeProgID" = "MediaPlayerClassic.Autorun"
"InvokeVerb" = "PlayDVDMovie"
HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayDVDMovie\command\(Default) = ""C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe" %1 /dvd" ["Gabest"]

MPCPlayMusicFilesOnArrival\
"Provider" = "Media Player Classic"
"InvokeProgID" = "MediaPlayerClassic.Autorun"
"InvokeVerb" = "PlayMusicFiles"
HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayMusicFiles\command\(Default) = ""C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe" %1" ["Gabest"]

MPCPlayVideoFilesOnArrival\
"Provider" = "Media Player Classic"
"InvokeProgID" = "MediaPlayerClassic.Autorun"
"InvokeVerb" = "PlayVideoFiles"
HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayVideoFiles\command\(Default) = ""C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe" %1" ["Gabest"]

MSWPDShellNamespaceHandler\
"Provider" = "@%SystemRoot%\System32\WPDShextRes.dll,-501"
"CLSID" = "{A55803CC-4D53-404c-8557-FD63DBA95D24}"
"InitCmdLine" = " "
-> {HKLM...CLSID} = "WPDShextAutoplay"
\LocalServer32\(Default) = "C:\WINDOWS\system32\WPDShextAutoplay.exe" [MS]

NeroAutoPlay7AudioToNeroDigital\
"Provider" = "Nero Burning ROM"
"InvokeProgID" = "Nero.AutoPlay7"
"InvokeVerb" = "AudioToNeroDigital_PlayCDAudioOnArrival"
HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\AudioToNeroDigital_PlayCDAudioOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Core\nero.exe /Dialog:SaveTracks %L" ["Nero AG"]

NeroAutoPlay7CDAudio\
"Provider" = "Nero Express"
"InvokeProgID" = "Nero.AutoPlay7"
"InvokeVerb" = "CDAudio_HandleCDBurningOnArrival"
HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\CDAudio_HandleCDBurningOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Core\nero.exe -w /New:AudioCD" ["Nero AG"]

NeroAutoPlay7CopyCD\
"Provider" = "Nero Burning ROM"
"InvokeProgID" = "Nero.AutoPlay7"
"InvokeVerb" = "CopyCD_PlayMusicFilesOnArrival"
HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\CopyCD_PlayMusicFilesOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Core\nero.exe /Dialog:DiscCopy %L" ["Nero AG"]

NeroAutoPlay7DataDisc\
"Provider" = "Nero Express"
"InvokeProgID" = "Nero.AutoPlay7"
"InvokeVerb" = "DataDisc_HandleCDBurningOnArrival"
HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\DataDisc_HandleCDBurningOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Core\nero.exe -w /New:ISODisc" ["Nero AG"]

NeroAutoPlay7LaunchNeroStartSmart\
"Provider" = "Nero StartSmart"
"InvokeProgID" = "Nero.AutoPlay7"
"InvokeVerb" = "LaunchNeroStartSmart_HandleCDBurningOnArrival"
HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\LaunchNeroStartSmart_HandleCDBurningOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Nero StartSmart\NeroStartSmart.exe /AutoPlay" ["Nero AG"]

NeroAutoPlay7PlayAudioCD\
"Provider" = "Nero ShowTime"
"InvokeProgID" = "Nero.AutoPlay7"
"InvokeVerb" = "PlayAudioCD_PlayMusicFilesOnArrival"
HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\PlayAudioCD_PlayMusicFilesOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe /Play %L" ["Nero AG"]

NeroAutoPlay7PlayDVD\
"Provider" = "Nero ShowTime"
"InvokeProgID" = "Nero.AutoPlay7"
"InvokeVerb" = "PlayDVD_PlayVideoFilesOnArrival"
HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\PlayDVD_PlayVideoFilesOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe /Play %L" ["Nero AG"]

NeroAutoPlay7RipCD\
"Provider" = "Nero Burning ROM"
"InvokeProgID" = "Nero.AutoPlay7"
"InvokeVerb" = "RipCD_PlayCDAudioOnArrival"
HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\RipCD_PlayCDAudioOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Core\nero.exe /Dialog:SaveTracks %L" ["Nero AG"]

NeroAutoPlay7TranscodeVideo\
"Provider" = "Nero Recode"
"InvokeProgID" = "Nero.AutoPlay7"
"InvokeVerb" = "TranscodeVideo_PlayDVDMovieOnArrival"
HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\TranscodeVideo_PlayDVDMovieOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Nero Recode\Recode.exe /New:CopyDVDVideo" ["Nero AG"]

NeroAutoPlay7VideoCapture\
"Provider" = "Nero Vision"
"ProgID" = "Shell.HWEventHandlerShellExecute"
"InitCmdLine" = ""C:\Program Files\Nero\Nero 7\Nero Vision\NeroVision.exe" /New:VideoCapture"
HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = "{FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}"
-> {HKLM...CLSID} = "ShellExecute HW Event Handler"
\LocalServer32\(Default) = "rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" [MS]

NeroAutoPlay7ViewPhotos\
"Provider" = "Nero PhotoSnap Viewer"
"InvokeProgID" = "Nero.AutoPlay7"
"InvokeVerb" = "ViewPhotos_ShowPicturesOnArrival"
HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\ViewPhotos_ShowPicturesOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Nero PhotoSnap\PhotoSnapViewer.exe /" ["Nero AG"]

WinampMTPHandler\
"Provider" = "Winamp"
"ProgID" = "Shell.HWEventHandlerShellExecute"
"InitCmdLine" = "C:\Program Files\Winamp\winamp.exe"
HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = "{FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}"
-> {HKLM...CLSID} = "ShellExecute HW Event Handler"
\LocalServer32\(Default) = "rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" [MS]

WinampPlayMediaOnArrival\
"Provider" = "Winamp"
"InvokeProgID" = "Winamp.File"
"InvokeVerb" = "Play"
HKLM\SOFTWARE\Classes\Winamp.File\shell\Play\command\(Default) = ""C:\Program Files\Winamp\winamp.exe" "%1"" ["Nullsoft"]
HKLM\SOFTWARE\Classes\Winamp.File\shell\Play\DropTarget\CLSID = "{46986115-84D6-459c-8F95-52DD653E532E}"
-> {HKLM...CLSID} = (no title provided)
\LocalServer32\(Default) = ""C:\Program Files\Winamp\winamp.exe"" ["Nullsoft"]


Startup items in "rafal" & "All Users" startup folders:
-------------------------------------------------------

C:\Documents and Settings\rafal\Menu Start\Programy\Autostart
<<!>> "Hard Drive Inspector Updater.exe" [null data]
"nero.bat" -> shortcut to: "C:\WINDOWS\system32\nero.bat" [null data]
"Skrót do winword" -> shortcut to: "C:\WINDOWS\system32\winword.exe" [empty string]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart
"HP Digital Imaging Monitor" -> shortcut to: "C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" ["Hewlett-Packard Co."]
"Program sieciowy dla SAGEM Wi-Fi 11g USB adapter" -> shortcut to: "C:\Program Files\SAGEM WiFi manager\WLANUTL.exe" [" "]


Enabled Scheduled Tasks:
------------------------

"User_Feed_Synchronization-{43FE2BCB-29B5-4364-8151-E85CD8753969}" -> launches: "C:\WINDOWS\system32\msfeedssync.exe sync" [MS]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 13
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05


Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" = (no title provided)
-> {HKLM...CLSID} = "Yahoo! Toolbar"
\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{58ECB495-38F0-49CB-A538-10282ABF65E7}\
"ButtonText" = "Kolekcja wycinków HP"
"CLSIDExtension" = "{E763472E-A716-4CD9-89BD-DBDA6122F741}"
-> {HKLM...CLSID} = "ClipBookBtn Class"
\InProcServer32\(Default) = "C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll" ["Hewlett-Packard Co."]

{700259D7-1666-479A-93B1-3250410481E8}\
"ButtonText" = "Zaznaczanie HP Smart"
"CLSIDExtension" = "{A93C41D8-01F8-4F8B-B14C-DE20B117E636}"
-> {HKLM...CLSID} = "EnhSelectionBtn Class"
\InProcServer32\(Default) = "C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll" ["Hewlett-Packard Co."]

{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]


Miscellaneous IE Hijack Points
------------------------------

HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\
<<H>> "{EF99BD32-C1FB-11D2-892F-0090271D4F88}" = (no title provided)
-> {HKLM...CLSID} = "Yahoo! Toolbar"
\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."]


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

avast! Antivirus, avast! Antivirus, ""C:\Program Files\Alwil Software\Avast4\ashServ.exe"" ["ALWIL Software"]
avast! iAVS4 Control Service, aswUpdSv, ""C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"" ["ALWIL Software"]
avast! Mail Scanner, avast! Mail Scanner, ""C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service" ["ALWIL Software"]
avast! Web Scanner, avast! Web Scanner, ""C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service" ["ALWIL Software"]
CSIScanner, CSIScanner, ""C:\Program Files\PrevxCSI\prevxcsi.exe" /service" ["Prevx"]
HDDlife HDD Access service, HDDlife HDD Access service, ""C:\Program Files\Common Files\BinarySense\hldasvc.exe"" ["BinarySense, Inc."]
hpqcxs08, hpqcxs08, "C:\WINDOWS\system32\svchost.exe -k hpdevmgmt" {"C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll" ["Hewlett-Packard Co."]}
Java Quick Starter, JavaQuickStarterService, ""C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf"" ["Sun Microsystems, Inc."]
Karta wydajności WMI, WmiApSrv, "C:\WINDOWS\system32\wbem\wmiapsrv.exe" [MS]
LightScribeService Direct Disc Labeling Service, LightScribeService, ""C:\Program Files\Common Files\LightScribe\LSSrvc.exe"" ["Hewlett-Packard Company"]
Net Driver HPZ12, Net Driver HPZ12, "C:\WINDOWS\System32\svchost.exe -k HPZ12" {"C:\WINDOWS\system32\HPZinw12.dll" ["Hewlett-Packard"]}
NMIndexingService, NMIndexingService, ""C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe"" ["Nero AG"]
NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"]
Pml Driver HPZ12, Pml Driver HPZ12, "C:\WINDOWS\System32\svchost.exe -k HPZ12" {"C:\WINDOWS\system32\HPZipm12.dll" ["Hewlett-Packard"]}
Usługa HP CUE DeviceDiscovery, hpqddsvc, "C:\WINDOWS\system32\svchost.exe -k hpdevmgmt" {"C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll" ["Hewlett-Packard Co."]}


Print Monitors:
---------------

HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\
PCL Language Monitor\Driver = "hpz3l5ha.dll" ["Hewlett-Packard Company"]


---------- (launch time: 2008-12-01 21:16:24)
<<!>>: Suspicious data at a malware launch point.
<<H>>: Suspicious data at a browser hijack point.

+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points, use the -supp parameter or answer "No" at the
first message box and "Yes" at the second message box.
---------- (total run time: 24 seconds, including 3 seconds for message boxes)

  • 0

#2 Macsch15

Macsch15

    Profesjonalista

  • 3 705 postów

Napisano 03 12 2008 - 12:12

w hijacku

O4 - Startup: Skrót do winword.lnk = C:\WINDOWS\system32\winword.exe


te powyższe wpisy "sfiksuj"
>>Hijack>>scan(Do a system scan only)>>zaznacz je >>Fix checked.

  • 0

#3 rafal194

rafal194

    Zaawansowany użytkownik

  • 413 postów

Napisano 03 12 2008 - 21:00

Dzięki w końcu koniec z tym winword.exe.

  • 0
Wróć do Bezpieczeństwo (wirusy i trojany)


Użytkownicy przeglądający ten temat: 0

0 użytkowników, 0 gości, 0 anonimowych

  1. Forum Komputerowe Tweaks.pl
  2. Oprogramowanie
  3. Bezpieczeństwo (wirusy i trojany)
  4. Polityka prywatności
  5. Szukaj
  6. Regulamin Forum ·