KOCHAM SYNTHOL Opublikowano 3 Kwietnia 2009 Zgłoś Opublikowano 3 Kwietnia 2009 (edytowane) od 2-3 dni randomowo zawiesza mi sie komputer, wyglada na to jakby explorer przestal odpowiadac, czasami da sie jeszcze ruszyc myszka albo kliknac w 'start' (wtedy wysuwa sie glowne menu start na 50% widocznosci [przeswitujace, wiec pewnie nie zdazylo sie jeszcze w pelni zaladowac], czasami tez w momencie zawieszki slysze glosny piiiiiiiiiiik (ciagly) z plyty glownej. PC przestaje odpowiadac w roznych momentach, granie, foobar, przegladarka, w ciagu 5-45 minut od wlaczenia pc. w dzienniku zdarzen zadnych wskazowek, calosc zaczela sie chyba po instalacji / skanie / deinstalacji miliona antywirusow, mozliwe ze usunely cos waznego? co sie dzieje? :< prosze o pomoc. btw, system to xp sp3. » Naciśnij aby pokazać/ukryć tekst oznaczony jako spoiler « - "combo" ComboFix 09-04-01.01 - patryk 2009-04-03 14:50:54.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1250.48.1045.18.2047.1554 [GMT 2:00] Uruchomiony z: c:\documents and settings\patryk\Pulpit\temp\ComboFix.exe UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !! . ((((((((((((((((((((((((( Pliki utworzone od 2009-03-03 do 2009-04-03 ))))))))))))))))))))))))))))))) . 2009-04-02 15:44 . 2009-03-03 20:18 73,728 --a------ c:\windows\system32\RtNicProp32.dll 2009-04-02 14:33 . 2009-04-02 14:33 <DIR> d-------- c:\program files\Microsoft Bootvis 2009-04-02 14:30 . 2009-04-02 14:30 <DIR> d-------- c:\program files\UPHClean 2009-04-02 14:21 . 2009-04-02 14:21 <DIR> d-------- c:\program files\Ashampoo 2009-04-02 14:19 . 2009-04-02 14:19 <DIR> d-------- c:\program files\RegCleaner 2009-04-02 05:42 . 2009-04-02 05:42 1,891 --a------ c:\windows\imsins.BAK 2009-04-02 04:13 . 2009-04-02 04:30 <DIR> d-------- C:\Downloads 2009-04-02 04:12 . 2009-04-02 04:46 <DIR> d-------- c:\program files\BitComet 2009-04-02 01:29 . 2008-07-14 05:09 205,560 --a------ c:\windows\UNBOC.EXE 2009-04-02 01:29 . 2008-04-14 23:51 24,064 --a------ c:\windows\system32\wsock32.dlb 2009-04-02 01:28 . 2009-04-02 01:28 <DIR> d-------- c:\program files\Comodo 2009-04-02 01:28 . 2009-04-02 01:47 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\BOC427 2009-04-02 01:28 . 2008-07-14 05:09 212,728 --a------ c:\windows\CMDLIC.DLL 2009-04-02 01:28 . 2009-04-02 15:13 11,465 --a------ c:\windows\BOC427.INI 2009-04-01 23:58 . 2009-04-01 23:58 <DIR> d-------- C:\pebuilder3110a 2009-04-01 22:10 . 2009-04-01 22:10 <DIR> d-------- c:\program files\Alwil Software 2009-04-01 22:10 . 2003-03-18 21:20 1,060,864 --a------ c:\windows\system32\MFC71.dll 2009-04-01 21:31 . 2009-04-01 21:31 7,168 --ahs---- c:\windows\Thumbs.db 2009-04-01 21:31 . 2009-04-01 21:31 6,144 --ahs---- C:\Thumbs.db 2009-04-01 19:51 . 2009-04-01 19:51 <DIR> d-------- C:\fsaua.data 2009-03-26 17:56 . 2009-03-26 18:08 <DIR> d-------- c:\documents and settings\patryk\Dane aplikacji\Creative 2009-03-26 17:30 . 2009-03-26 18:00 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\Creative 2009-03-26 17:27 . 2009-03-26 17:27 <DIR> d-------- c:\program files\Common Files\Creative Labs Shared 2009-03-26 17:27 . 2009-03-26 17:27 413,696 --a------ c:\windows\system32\wrap_oal.dll 2009-03-26 17:27 . 2009-03-26 17:27 110,592 --a------ c:\windows\system32\OpenAL32.dll 2009-03-26 17:27 . 2003-06-13 00:25 7,062 --a------ c:\windows\system32\audiopid.vxd 2009-03-26 17:26 . 2009-03-26 17:55 <DIR> d-------- c:\program files\Creative 2009-03-26 17:26 . 2008-12-03 16:04 189,440 --a------ c:\windows\system32\KSXPPI32.dll 2009-03-26 17:26 . 2008-12-01 15:14 33,126 --a------ c:\windows\system32\kschimp.ini 2009-03-26 17:26 . 2007-12-11 19:47 23,292 --a------ c:\windows\ksaudENG.reg 2009-03-26 17:26 . 2008-11-06 19:41 7,556 --a------ c:\windows\system32\MixerDefaultXP.reg 2009-03-26 17:26 . 2008-08-29 00:02 3,556 --a------ c:\windows\system32\DeviceDefaultsXP.reg 2009-03-26 17:26 . 2007-07-05 11:27 2,630 --a------ c:\windows\MixerName.reg 2009-03-26 17:26 . 2009-03-26 17:26 268 -rah----- c:\windows\ctfile.rfc 2009-03-26 17:10 . 2008-04-14 01:15 60,032 --a------ c:\windows\system32\drivers\USBAUDIO.sys 2009-03-26 17:10 . 2008-04-14 01:15 60,032 --a--c--- c:\windows\system32\dllcache\usbaudio.sys 2009-03-23 23:43 . 2009-03-23 23:43 <DIR> d-------- c:\program files\ElcomSoft 2009-03-23 23:18 . 2009-03-23 23:18 <DIR> d-------- c:\program files\Intelore 2009-03-23 19:03 . 2009-03-24 03:00 <DIR> d-------- c:\windows\BDOSCAN8 2009-03-23 12:58 . 2009-03-23 12:58 34,288,020 --a------ C:\rzr-gt42.o01 2009-03-23 12:56 . 2009-03-23 12:57 34,288,020 --a------ C:\rzr-gt42.o00 2009-03-23 12:52 . 2009-03-23 12:52 34,288,020 --a------ C:\rzr-gt42.out 2009-03-23 01:21 . 2009-03-23 01:21 <DIR> d-------- c:\program files\iTunes Library Updater 2009-03-23 00:40 . 2009-03-23 00:56 <DIR> d-------- c:\program files\Songbird 2009-03-23 00:40 . 2009-03-23 00:40 <DIR> d-------- c:\documents and settings\patryk\Dane aplikacji\Songbird2 2009-03-20 03:03 . 2009-04-03 14:31 <DIR> d-------- c:\program files\Mozilla Firefox 3.1 Beta 3 2009-03-16 01:31 . 2009-03-16 01:31 <DIR> d-------- c:\program files\Budzik 2009-03-15 23:13 . 2009-03-15 23:13 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\Blizzard 2009-03-13 17:39 . 2009-03-13 17:42 <DIR> d-------- c:\program files\UDPixel 2009-03-13 16:34 . 2009-03-13 16:34 <DIR> d-------- c:\program files\Hewlett-Packard 2009-03-13 16:33 . 2009-03-13 16:33 <DIR> d-------- C:\Swsetup 2009-03-12 19:05 . 2009-04-02 17:58 189,784 --a------ c:\windows\system32\PnkBstrB.xtr 2009-03-12 15:50 . 2009-03-12 15:50 <DIR> d-------- c:\program files\Trend Micro 2009-03-09 17:29 . 2009-03-09 17:38 <DIR> d-------- c:\program files\BitLord 2009-03-08 20:48 . 2009-03-08 20:48 <DIR> d--hs---- c:\documents and settings\patryk\PrivacIE 2009-03-08 20:48 . 2009-03-08 20:48 <DIR> d--hs---- c:\documents and settings\patryk\IETldCache 2009-03-08 20:41 . 2009-03-08 20:41 <DIR> d-------- c:\documents and settings\patryk\Dane aplikacji\Malwarebytes 2009-03-08 20:41 . 2009-03-26 16:49 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2009-03-08 20:41 . 2009-03-26 16:49 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2009-03-08 20:40 . 2009-04-01 18:22 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware 2009-03-08 20:40 . 2009-03-08 20:40 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\Malwarebytes 2009-03-08 20:32 . 2009-03-08 20:32 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\ESET 2009-03-08 14:31 . 2009-03-08 14:31 <DIR> d-------- c:\documents and settings\patryk\Dane aplikacji\Disney Interactive Studios 2009-03-05 16:45 . 2009-03-05 16:58 995 --a------ c:\windows\disney.ini 2009-03-05 01:15 . 2009-03-05 01:16 <DIR> d--h-c--- c:\windows\ie8 . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-04-02 17:37 --------- d-----w c:\documents and settings\patryk\Dane aplikacji\uTorrent 2009-04-02 15:58 189,784 ----a-w c:\windows\system32\PnkBstrB.exe 2009-04-02 15:58 138,944 ----a-w c:\windows\system32\drivers\PnkBstrK.sys 2009-04-02 13:44 --------- d--h--w c:\program files\InstallShield Installation Information 2009-04-02 13:44 --------- d-----w c:\program files\Realtek 2009-04-02 13:33 75,064 ----a-w c:\windows\system32\PnkBstrA.exe 2009-04-02 12:33 --------- d-----w c:\documents and settings\patryk\Dane aplikacji\OpenOffice.org2 2009-04-02 05:12 --------- d-----w c:\program files\ATI Technologies 2009-04-02 05:02 --------- d-----w c:\program files\Common Files\Wise Installation Wizard 2009-04-02 04:40 --------- d-----w c:\program files\Hamachi 2009-04-01 22:19 --------- d-----w c:\program files\Beneton Movie GIF 2009-04-01 22:07 --------- d---a-w c:\documents and settings\All Users\Dane aplikacji\TEMP 2009-04-01 22:07 --------- d-----w c:\program files\Spyware Terminator 2009-04-01 21:31 --------- d-----w c:\program files\uTorrent 2009-04-01 20:26 --------- d-----w c:\program files\foobar2000 2009-04-01 14:41 --------- d-----w c:\program files\Java 2009-03-26 16:19 22,328 ----a-w c:\documents and settings\patryk\Dane aplikacji\PnkBstrK.sys 2009-03-26 16:18 2,246,144 ----a-w c:\windows\system32\pbsvc.exe 2009-03-23 18:06 130,688 ----a-w c:\windows\system32\drivers\Rtenicxp.sys 2009-03-15 14:11 --------- d-----w c:\program files\Gadu-Gadu 2009-03-11 00:26 --------- d-----w c:\program files\Mozilla Thunderbird 2009-03-09 03:19 410,984 ----a-w c:\windows\system32\deploytk.dll 2009-03-08 22:32 --------- d-----w c:\documents and settings\patryk\Dane aplikacji\Desktopicon 2009-03-08 18:38 --------- d-----w c:\program files\CCleaner 2009-03-03 17:33 --------- d-----w c:\program files\MSI 2009-03-03 17:31 --------- d-----w c:\program files\Setup Files 2009-02-25 08:20 --------- d-----w c:\documents and settings\patryk\Dane aplikacji\id Software 2009-02-25 07:49 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\id Software 2009-02-11 15:28 --------- d-----w c:\program files\Common Files\NSV 2009-02-11 10:15 --------- d-----w c:\program files\WMCap 2009-02-11 10:13 --------- d-----w c:\program files\WMR11 2009-02-11 09:55 --------- d-----w c:\program files\StreamDown v6.4.3 2009-02-11 03:11 --------- d-----w c:\program files\Ultra Video Splitter 2009-02-07 11:59 --------- d-----w c:\program files\Electronic Arts 2009-02-07 11:58 4,692 ----a-w c:\windows\system32\ealregsnapshot1.reg 2009-01-15 01:05 911,872 ----a-w c:\windows\system32\wininet.dll 2009-01-15 01:05 43,008 ----a-w c:\windows\system32\licmgr10.dll 2009-01-15 01:04 18,944 ----a-w c:\windows\system32\corpol.dll 2009-01-15 01:03 72,704 ----a-w c:\windows\system32\admparse.dll 2009-01-15 01:03 71,680 ----a-w c:\windows\system32\iesetup.dll 2009-01-15 01:03 420,352 ----a-w c:\windows\system32\vbscript.dll 2009-01-15 01:01 34,304 ----a-w c:\windows\system32\imgutil.dll 2009-01-15 01:00 48,128 ----a-w c:\windows\system32\mshtmler.dll 2009-01-15 01:00 45,568 ----a-w c:\windows\system32\mshta.exe 2009-01-15 00:50 156,160 ----a-w c:\windows\system32\msls31.dll 2008-02-14 21:01 32 ----a-w c:\documents and settings\All Users\Dane aplikacji\ezsid.dat 2008-06-01 09:38 66,936 --sha-w c:\windows\dlinfo_0.drv . ------- Sigcheck ------- 2004-08-04 00:44 14336 ba98327e90022dbd6ee76490e0622e2e c:\windows\$NtServicePackUninstall$\svchost.exe 2008-04-14 23:51 14336 8607d35d92528e2df386f19a960d23ce c:\windows\ServicePackFiles\i386\svchost.exe 2008-04-14 23:51 14336 8607d35d92528e2df386f19a960d23ce c:\windows\system32\svchost.exe 2004-08-04 00:44 578560 0c81764f50f32d376e6e4b9e9f4b01a0 c:\windows\$NtServicePackUninstall$\user32.dll 2008-04-14 23:50 580096 a435c5c069afd901751ac323ad238793 c:\windows\ServicePackFiles\i386\user32.dll 2008-04-14 23:50 580096 a435c5c069afd901751ac323ad238793 c:\windows\system32\user32.dll 2004-08-04 00:44 82944 ab82237486b727dd7dab36a76f38a3a2 c:\windows\$NtServicePackUninstall$\ws2_32.dll 2008-04-14 23:51 82432 c0aa2ab856680c44739b41e01f5bd4e9 c:\windows\ServicePackFiles\i386\ws2_32.dll 2008-04-14 23:51 82432 c0aa2ab856680c44739b41e01f5bd4e9 c:\windows\system32\ws2_32.dll 2004-08-04 00:44 658944 d37dafb534ac8343d59a1b501abe852c c:\windows\$NtServicePackUninstall$\wininet.dll 2008-04-14 23:50 668672 0457f0afd6ee10445d8cf721fb5fa4eb c:\windows\ie8\wininet.dll 2008-04-14 23:50 668672 0457f0afd6ee10445d8cf721fb5fa4eb c:\windows\ServicePackFiles\i386\wininet.dll 2009-01-15 03:05 911872 203c05a174a45270a30cdd593092d91e c:\windows\system32\wininet.dll 2009-01-15 03:05 911872 203c05a174a45270a30cdd593092d91e c:\windows\system32\dllcache\wininet.dll 2004-08-03 23:14 359040 9f4b36614a0fc234525ba224957de55c c:\windows\$NtServicePackUninstall$\tcpip.sys 2008-04-14 01:50 361344 93ea8d04ec73a85db02eb8805988f733 c:\windows\ServicePackFiles\i386\tcpip.sys 2008-04-14 01:50 361344 93ea8d04ec73a85db02eb8805988f733 c:\windows\system32\drivers\tcpip.sys 2004-08-04 00:44 504832 0344407089b08548d4feba62bb0f32d0 c:\windows\$NtServicePackUninstall$\winlogon.exe 2008-04-14 23:51 510464 51fd2e13d723857b9ca239ae77150f48 c:\windows\ServicePackFiles\i386\winlogon.exe 2008-04-14 23:51 510464 51fd2e13d723857b9ca239ae77150f48 c:\windows\system32\winlogon.exe 2004-08-03 23:14 182912 558635d3af1c7546d26067d5d9b6959e c:\windows\$NtServicePackUninstall$\ndis.sys 2008-04-14 01:50 182656 1df7f42665c94b825322fae71721130d c:\windows\ServicePackFiles\i386\ndis.sys 2008-04-14 01:50 182656 1df7f42665c94b825322fae71721130d c:\windows\system32\drivers\ndis.sys 2004-08-03 23:00 29056 4448006b6bc60e6c027932cfc38d6855 c:\windows\$NtServicePackUninstall$\ip6fw.sys 2008-04-14 01:23 36608 3bb22519a194418d5fec05d800a19ad0 c:\windows\ServicePackFiles\i386\ip6fw.sys 2008-04-14 01:23 36608 3bb22519a194418d5fec05d800a19ad0 c:\windows\system32\drivers\ip6fw.sys 2004-08-04 00:54 2016768 33fdad88eec315ee4cfb147fb19fd2b6 c:\windows\$NtServicePackUninstall$\ntkrnlpa.exe 2008-04-14 22:59 2067200 4bba965664faa56b187c27f4cad7e7c5 c:\windows\ServicePackFiles\i386\ntkrnlpa.exe 2008-04-14 22:59 2025472 280cd53ba94a32bca61b5ea01753aed8 c:\windows\system32\ntkrnlpa.exe 2004-08-04 00:38 2149888 a1b8225d45ef88fa294fe1e371bb594a c:\windows\$NtServicePackUninstall$\ntoskrnl.exe 2008-04-14 23:00 2190336 8ca14ecf04594eabbe93c9ff2e3cbfb1 c:\windows\ServicePackFiles\i386\ntoskrnl.exe 2008-04-14 22:59 2146816 1b4b41ac8cdaa66ded8999a7de212d3e c:\windows\system32\ntoskrnl.exe 2008-04-14 23:51 1035264 c791ed9eac5e76d9525e157b1d7a599a c:\windows\explorer.exe 2004-08-04 00:44 1033728 379098a96e6c165b659de7e4328010ea c:\windows\$NtServicePackUninstall$\explorer.exe 2008-04-14 23:51 1035264 c791ed9eac5e76d9525e157b1d7a599a c:\windows\ServicePackFiles\i386\explorer.exe 2004-08-04 00:44 108544 3da8d964d2cc12ef8e8c342471a37917 c:\windows\$NtServicePackUninstall$\services.exe 2008-04-14 23:51 109056 3e3ae424e27c4cefe4cab368c7b570ea c:\windows\ServicePackFiles\i386\services.exe 2008-04-14 23:51 109056 3e3ae424e27c4cefe4cab368c7b570ea c:\windows\system32\services.exe 2004-08-04 00:44 13312 f485fefc8cc4fd29243d800be5d275d1 c:\windows\$NtServicePackUninstall$\lsass.exe 2008-04-14 23:51 13312 88296f7943f30a1ee3af735440b92268 c:\windows\ServicePackFiles\i386\lsass.exe 2008-04-14 23:51 13312 88296f7943f30a1ee3af735440b92268 c:\windows\system32\lsass.exe 2004-08-04 00:44 15360 cbfa30492d70ce3938d8a7783d0c0436 c:\windows\$NtServicePackUninstall$\ctfmon.exe 2008-04-14 23:51 15360 1bd41eda5b869afc99895c39a8de36e1 c:\windows\ServicePackFiles\i386\ctfmon.exe 2008-04-14 23:51 15360 1bd41eda5b869afc99895c39a8de36e1 c:\windows\system32\ctfmon.exe 2004-08-04 00:44 57856 bebe8a85954ff460374fd5a0cd21e19b c:\windows\$NtServicePackUninstall$\spoolsv.exe 2008-04-14 23:51 57856 dd69ec597ab942c39b950d9c3ce1375d c:\windows\ServicePackFiles\i386\spoolsv.exe 2008-04-14 23:51 57856 dd69ec597ab942c39b950d9c3ce1375d c:\windows\system32\spoolsv.exe 2004-08-04 00:44 112128 ebf4ac22004504c422fc8b5ee5b6ffd1 c:\windows\$NtServicePackUninstall$\wuauclt.exe 2008-04-14 23:51 112128 9a19ba6d99b8ec3db5b3eff71b0a0bb5 c:\windows\ServicePackFiles\i386\wuauclt.exe 2008-10-16 14:09 51224 e654b78d2f1d791b30d0ed9a8195ec22 c:\windows\SoftwareDistribution\SelfUpdate\wuauclt.exe 2008-04-14 23:51 112128 9a19ba6d99b8ec3db5b3eff71b0a0bb5 c:\windows\system32\wuauclt.exe 2004-08-04 00:44 25088 bd768099b4c44aa631728cb74eb54396 c:\windows\$NtServicePackUninstall$\userinit.exe 2008-04-14 23:51 26624 2a5b37d520508be6570a3ea79695f5b5 c:\windows\ServicePackFiles\i386\userinit.exe 2008-04-14 23:51 26624 2a5b37d520508be6570a3ea79695f5b5 c:\windows\system32\userinit.exe 2004-08-04 00:44 296448 2c28157229925280916b3041ccc5fe4b c:\windows\$NtServicePackUninstall$\termsrv.dll 2008-04-14 23:50 296448 52e0505408edd4ab5ccc7f83b67b4299 c:\windows\ServicePackFiles\i386\termsrv.dll 2008-04-14 23:50 296448 52e0505408edd4ab5ccc7f83b67b4299 c:\windows\system32\termsrv.dll 2004-08-04 00:44 1012224 578bb2f44597cb53451ded99013573f3 c:\windows\$NtServicePackUninstall$\kernel32.dll 2008-04-14 23:50 1018368 fce4ecc34a36edacf03dbe8de5e28910 c:\windows\ServicePackFiles\i386\kernel32.dll 2008-04-14 23:50 1018368 fce4ecc34a36edacf03dbe8de5e28910 c:\windows\system32\kernel32.dll 2004-08-04 00:44 17408 b20bb2a65349ef132fa7f2eb51a29e5c c:\windows\$NtServicePackUninstall$\powrprof.dll 2008-04-14 23:50 17408 414c17a2958aedac700bbaafbf999f94 c:\windows\ServicePackFiles\i386\powrprof.dll 2008-04-14 23:50 17408 414c17a2958aedac700bbaafbf999f94 c:\windows\system32\powrprof.dll 2004-08-04 00:44 110080 bdb679c04273b19bf46bd0d591fdeec3 c:\windows\$NtServicePackUninstall$\imm32.dll 2008-04-14 23:50 110080 2e9a03268e609917b83921ee16fd9cfb c:\windows\ServicePackFiles\i386\imm32.dll 2008-04-14 23:50 110080 2e9a03268e609917b83921ee16fd9cfb c:\windows\system32\imm32.dll . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936] "MSConfig"="c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2008-04-14 171520] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk] path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnk backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^patryk^Menu Start^Programy^Autostart^hamachi.lnk] path=c:\documents and settings\patryk\Menu Start\Programy\Autostart\hamachi.lnk backup=c:\windows\pss\hamachi.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^patryk^Menu Start^Programy^Autostart^OpenOffice.org 2.4.lnk] path=c:\documents and settings\patryk\Menu Start\Programy\Autostart\OpenOffice.org 2.4.lnk backup=c:\windows\pss\OpenOffice.org 2.4.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!1_pgaccount] --a------ 2005-01-20 15:14 184320 c:\program files\ProcessGuard\pgaccount.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!1_ProcessGuard_Startup] --a------ 2005-01-20 15:24 280064 c:\program files\ProcessGuard\procguard.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader] -ra------ 2007-11-05 06:32 61440 c:\program files\Adobe\Adobe Photoshop Lightroom 1.3\apdproxy.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager] --a------ 2008-08-14 08:58 611712 c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe_ID0ENQBO] --a------ 2008-08-15 06:46 378224 c:\progra~1\COMMON~1\Adobe\ADOBEV~2\Server\bin\VERSIO~2.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6] --a------ 2007-04-27 23:17 50736 c:\program files\AIM6\aim6.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] --a------ 2006-11-16 19:04 139264 c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools] --a------ 2007-08-16 13:24 167368 d:\soft\DAEMON Tools\daemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core] --a------ 2008-07-22 13:34 2772992 c:\program files\Electronic Arts\EADM\Core.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Galert] --a------ 2007-12-22 16:50 969728 c:\program files\MassGrid\Galert\Galert.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GreedyTorrent] --a------ 2007-03-08 12:09 2526661 c:\program files\GreedyTorrent\GTor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] --a------ 2008-09-10 17:40 289576 c:\program files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LiveMonitor] --a------ 2008-04-30 19:30 498176 c:\program files\MSI\Live Update 3\LMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] --------- 2008-04-14 23:51 1695232 c:\program files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] --a------ 2005-06-14 18:05 6856704 c:\program files\MSN Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2006-01-12 15:40 155648 c:\program files\Common Files\Ahead\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2008-09-06 15:09 413696 c:\program files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] -ra------ 2008-02-06 19:21 21898024 c:\program files\Skype\Phone\Skype.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam] --a------ 2008-12-22 12:52 1410296 c:\program files\Steam\Steam.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2009-03-09 05:19 148888 c:\program files\Java\jre6\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TalkAndWrite] --a------ 2007-11-06 20:56 3042816 c:\documents and settings\All Users\Dane aplikacji\Skype\Plugins\Plugins\1163D2B46CC742E5A3CC9E4157887751\TalkAndWrite.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant] --a------ 2008-05-02 06:15 15872 c:\program files\Unlocker\UnlockerAssistant.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr] --a------ 2008-06-19 16:20 57344 c:\windows\Alcmtr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL] --a------ 2008-07-16 19:14 16806400 c:\windows\RTHDCPL.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "TabletServicePen"=2 (0x2) "sdCoreService"=3 (0x3) "sdAuxService"=3 (0x3) "mi-raysat_3dsMax2008_32"=2 (0x2) "aawservice"=2 (0x2) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Gadu-Gadu\\gg.exe"= "c:\\Program Files\\Autodesk\\backburner\\monitor.exe"= "c:\\Program Files\\Autodesk\\backburner\\manager.exe"= "c:\\Program Files\\Autodesk\\backburner\\server.exe"= "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Electronic Arts\\Medal of Honor Airborne\\UnrealEngine3\\Binaries\\MOHA.exe"= "d:\\soft\\FlashGet\\flashget.exe"= "d:\\soft\\Autodesk\\3ds Max 2008\\3dsmax.exe"= "c:\\WINDOWS\\system32\\PnkBstrA.exe"= "c:\\WINDOWS\\system32\\PnkBstrB.exe"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Program Files\\GreedyTorrent\\GTor.exe"= "d:\\soft\\totalcmd\\TOTALCMD.EXE"= "c:\\Program Files\\Java\\jre1.6.0_03\\bin\\javaw.exe"= "d:\\soft\\mIRC\\mirc.exe"= "c:\\Program Files\\Java\\jre1.6.0_04\\bin\\javaw.exe"= "c:\\Program Files\\Steam\\steamapps\\kosapl\\counter-strike source\\hl2.exe"= "e:\\Program Files\\Unreal Tournament 3\\Binaries\\UT3.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"= "e:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\LaunchGTAIV.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"= "c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS4\\Server\\bin\\VersionCueCS4.exe"= "e:\\Program Files\\WBGames\\Monolith Productions\\F.E.A.R. 2 SP Demo\\FEAR2SPDemo.exe"= "e:\\Program Files\\Electronic Arts\\Burnout Paradise The Ultimate Box\\BurnoutLauncher.exe"= "e:\\Program Files\\Electronic Arts\\Burnout Paradise The Ultimate Box\\BurnoutConfigTool.exe"= "e:\\Program Files\\Electronic Arts\\Burnout Paradise The Ultimate Box\\BurnoutParadise.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3724:TCP"= 3724:TCP:Blizzard Downloader: 3724 "8461:TCP"= 8461:TCP:GoD High Port "8462:TCP"= 8462:TCP:GoD Low Port "5353:TCP"= 5353:TCP:Adobe CSI CS4 "3703:TCP"= 3703:TCP:Adobe Version Cue CS4 Server "3704:TCP"= 3704:TCP:Adobe Version Cue CS4 Server "51000:TCP"= 51000:TCP:Adobe Version Cue CS4 Server "51001:TCP"= 51001:TCP:Adobe Version Cue CS4 Server R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2008-11-03 28544] R2 procguard;procguard;c:\windows\system32\drivers\procguard.sys [2007-10-31 24911] R3 ksaud;Creative USB Audio Driver;c:\windows\system32\drivers\ksaud.sys [2008-12-11 768768] R3 ksaudfl;ksaudfl;c:\windows\system32\drivers\ksaudfl.sys [2008-10-24 1830912] R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.12.1;c:\windows\system32\drivers\libusb0.sys [2008-08-08 28672] S1 aswSP;avast! Self Protection; [x] S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys --> c:\windows\system32\DRIVERS\aswFsBlk.sys [?] S3 birz;birz;\??\c:\documents and settings\patryk\Pulpit\birz.sys --> c:\documents and settings\patryk\Pulpit\birz.sys [?] S3 btreaki;btreaki;\??\c:\documents and settings\patryk\Pulpit\btreaki.sys --> c:\documents and settings\patryk\Pulpit\btreaki.sys [?] S3 cewvnogv;cewvnogv;\??\d:\glider2\cewvnogv.sys --> d:\glider2\cewvnogv.sys [?] S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2009-03-26 79360] S3 fjrpcljvr;fjrpcljvr;\??\d:\a\a\a1\fjrpcljvr.sys --> d:\a\a\a1\fjrpcljvr.sys [?] S3 geysbvszzw;geysbvszzw;\??\d:\glider2\geysbvszzw.sys --> d:\glider2\geysbvszzw.sys [?] S3 good;good;\??\c:\documents and settings\patryk\Pulpit\BGpather\good.sys --> c:\documents and settings\patryk\Pulpit\BGpather\good.sys [?] S3 gqs;gqs;\??\c:\documents and settings\patryk\Pulpit\gqs.sys --> c:\documents and settings\patryk\Pulpit\gqs.sys [?] S3 MrShadov;MrShadov;\??\d:\g\a\a1\MrShadov.sys --> d:\g\a\a1\MrShadov.sys [?] S3 nkgzi;nkgzi;\??\d:\glider snup\nkgzi.sys --> d:\glider snup\nkgzi.sys [?] S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-01-25 42000] S3 oinpmgxzsf;oinpmgxzsf;\??\d:\glider2\oinpmgxzsf.sys --> d:\glider2\oinpmgxzsf.sys [?] S3 ooqzxhan;ooqzxhan;\??\d:\glider2\ooqzxhan.sys --> d:\glider2\ooqzxhan.sys [?] S3 oorrvdqf;oorrvdqf;\??\c:\documents and settings\patryk\Pulpit\-up_dJnOfE\oorrvdqf.sys --> c:\documents and settings\patryk\Pulpit\-up_dJnOfE\oorrvdqf.sys [?] S3 pwbnaslutw;pwbnaslutw;\??\c:\documents and settings\patryk\Pulpit\pwbnaslutw.sys --> c:\documents and settings\patryk\Pulpit\pwbnaslutw.sys [?] S3 qqrbfynthm;qqrbfynthm;\??\d:\glider2\qqrbfynthm.sys --> d:\glider2\qqrbfynthm.sys [?] S3 raeyf;raeyf;\??\c:\documents and settings\patryk\Pulpit\raeyf.sys --> c:\documents and settings\patryk\Pulpit\raeyf.sys [?] S3 SDTHOOK;SDTHOOK;c:\windows\system32\drivers\SDTHOOK.SYS [2008-01-18 44928] S3 slhkbbes;slhkbbes;\??\d:\fuxxy\slhkbbes.sys --> d:\fuxxy\slhkbbes.sys [?] S3 suzaxf;suzaxf;\??\c:\documents and settings\patryk\Pulpit\suzaxf.sys --> c:\documents and settings\patryk\Pulpit\suzaxf.sys [?] S3 tmr;tmr;\??\c:\documents and settings\patryk\Pulpit\tmr.sys --> c:\documents and settings\patryk\Pulpit\tmr.sys [?] S3 tylbtrxyq;tylbtrxyq;\??\d:\glider rogue\tylbtrxyq.sys --> d:\glider rogue\tylbtrxyq.sys [?] S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [2008-07-01 15144] S3 wfk;wfk;\??\c:\documents and settings\patryk\Pulpit\wfk.sys --> c:\documents and settings\patryk\Pulpit\wfk.sys [?] S3 ymrm;ymrm;\??\c:\documents and settings\patryk\Pulpit\ymrm.sys --> c:\documents and settings\patryk\Pulpit\ymrm.sys [?] S4 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-08-15 284016] S4 BOCore;BOCore;c:\program files\Comodo\CBOClean\BOCore.exe [2009-04-02 73464] S4 DCSPGSRV;DiamondCS Process Guard Service v3.000;c:\program files\ProcessGuard\DCSUserProt.exe [2007-10-31 69632] S4 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe --> c:\program files\Spyware Doctor\pctsAuxs.exe [?] --- Inne Usługi/Sterowniki w Pamięci --- *Deregistered* - uphcleanhlp [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{0A22FE68-C5FD-1BFA-0706-050506040008}] c:\windows\xfire.exe . Zawartość folderu 'Zaplanowane zadania' 2009-03-26 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34] . . ------- Skan uzupełniający ------- . TCP: {6055CF40-3803-4256-A3B0-63B1993F8405} = 62.21.99.95 FF - ProfilePath - c:\documents and settings\patryk\Dane aplikacji\Mozilla\Firefox\Profiles\izh8chf2.nowy\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FF - plugin: c:\documents and settings\All Users\Dane aplikacji\id Software\QuakeLive\npquakezero.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np32dsw.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeploytk.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npnul32.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\nppdf32.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\nppl3260.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin2.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin3.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin4.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin5.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin6.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin7.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\nprpjplug.dll FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ---- FIREFOX - SPOSÓB POSTĘPOWANIA ---- c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("media.enforce_same_site_origin", false); c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("media.ogg.enabled", true); c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("media.wave.enabled", true); c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("media.autoplay.enabled", true); c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true); c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess"); c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("network.http.prompt-temp-redirect", true); c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("network.tcp.sendbuffer", 131072); c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2); c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~"); c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0); c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2); c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror"); c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false); c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false); . ************************************************************************** catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-04-03 14:53:18 Windows 5.1.2600 Dodatek Service Pack 3 NTFS skanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ... skanowanie pomyślnie ukończone ukryte pliki: 0 ************************************************************************** . --------------------- ZABLOKOWANE KLUCZE REJESTRU --------------------- [HKEY_USERS\S-1-5-21-1614895754-287218729-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{1C88D0AB-01BA-089B-339F-FD2457C5D28C}*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) "nacbmpljpdjepmaljdmjgkndifkb"=hex:6a,61,6c,70,6e,62,66,6d,62,6b,67,68,6a,6c, 64,64,64,6d,65,63,00,f5 "maacognhohklohhgmdoejkghfn"=hex:69,61,67,6f,6e,61,67,68,66,64,6a,61,66,6c,66, 70,67,6b,00,00 [HKEY_USERS\S-1-5-21-1614895754-287218729-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E519B1D2-EBBD-7292-668C-F4D6CA25E530}*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) "namjhhbhnejgilnaclbcoaciopoc"=hex:6b,61,6a,6d,63,6a,69,64,62,68,6b,62,6d,6e, 63,62,64,69,6f,6e,64,62,00,00 "maojjkgfibpmaokgmcikpaomib"=hex:6a,61,69,6d,70,68,66,6c,6b,63,63,68,6d,6f,63, 6b,6a,6d,68,64,00,00 [HKEY_USERS\S-1-5-21-1614895754-287218729-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:7d,c7,20,3e,07,88,a2,74,9f,f3,bb,8e,c4,3e,23,dc,e0,d6,10,1e,7c,75,40, 08,8b,6d,74,7d,82,c9,67,97,87,d0,82,de,c3,96,7b,e4,7d,64,f6,26,af,f9,42,b4,\ "??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50 [HKEY_USERS\S-1-5-21-1614895754-287218729-839522115-1003\Software\SecuROM\License information*] "datasecu"=hex:c3,95,db,30,35,02,14,c3,8f,60,8b,d4,4b,dd,5d,6a,60,b0,a5,b1,05, e9,7b,c5,b0,65,49,ed,f0,f1,15,74,56,60,f1,3d,3d,db,19,8c,11,bd,dd,be,d8,80,\ "rkeysecu"=hex:4a,6d,5f,ab,d4,e3,08,d2,35,74,6e,8e,73,a6,53,ac . --------------------- Pliki DLL ładowane pod uruchomionymi procesami --------------------- - - - - - - - > 'winlogon.exe'(924) c:\windows\system32\GTGina.dll c:\windows\system32\Ati2evxx.dll c:\windows\system32\COMRes.dll . Czas ukończenia: 2009-04-03 14:55:06 ComboFix-quarantined-files.txt 2009-04-03 12:54:24 ComboFix2.txt 2009-04-02 16:37:40 Przed: 3,790,569,472 bajtów wolnych Po: 3,789,737,984 bajtów wolnych Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4 442 » Naciśnij aby pokazać/ukryć tekst oznaczony jako spoiler « - "hijack" Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:50:12, on 4/3/2009 Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18372) Boot mode: Normal Running processes: C:\windows\System32\smss.exe C:\windows\system32\winlogon.exe C:\windows\system32\services.exe C:\windows\system32\lsass.exe C:\windows\system32\svchost.exe C:\windows\system32\svchost.exe C:\windows\system32\spoolsv.exe C:\Program Files\Creative\Shared Files\CTAudSvc.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\system32\PnkBstrA.exe C:\windows\system32\PnkBstrB.exe C:\windows\system32\svchost.exe C:\Program Files\UPHClean\uphclean.exe C:\windows\Explorer.EXE C:\Program Files\Mozilla Firefox\firefox.exe C:\windows\system32\wuauclt.exe C:\windows\system32\NOTEPAD.EXE C:\windows\system32\NOTEPAD.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O17 - HKLM\System\CCS\Services\Tcpip\..\{6055CF40-3803-4256-A3B0-63B1993F8405}: NameServer = 62.21.99.95 O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\windows\system32\PnkBstrB.exe -- End of file - 2584 bytes » Naciśnij aby pokazać/ukryć tekst oznaczony jako spoiler « - "silent runners" "Silent Runners.vbs", revision 59, http://www.silentrunners.org/ Operating System: Windows XP Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "AppleSyncNotifier" = "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" ["Apple Inc."] "MSConfig" = "C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto" [MS] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania" -> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania" \InProcServer32\(Default) = "deskpan.dll" [file not found] "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu" -> {HKLM...CLSID} = "HyperTerminal Icon Ext" \InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."] "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] "{6DEA92E9-8682-4b6a-97DE-354772FE5727}" = "Autodesk DWF Preview" -> {HKLM...CLSID} = "ACDWFTHMBPRXY" \InProcServer32\(Default) = "C:\Program Files\Common Files\Autodesk Shared\AcDwfThmbPrxy16.dll" ["Autodesk"] "{B327765E-D724-4347-8B16-78AE18552FC3}" = "NeroDigitalIconHandler" -> {HKLM...CLSID} = "NeroDigitalIconHandler Class" \InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"] "{7F1CF152-04F8-453A-B34C-E609530A9DC8}" = "NeroDigitalPropSheetHandler" -> {HKLM...CLSID} = "NeroDigitalPropSheetHandler Class" \InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"] "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" = "OpenOffice.org Column Handler" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = ""C:\Program Files\OpenOffice.org 2.4\program\shlxthdl.dll"" ["Sun Microsystems, Inc."] "{087B3AE3-E237-4467-B8DB-5A38AB959AC9}" = "OpenOffice.org Infotip Handler" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = ""C:\Program Files\OpenOffice.org 2.4\program\shlxthdl.dll"" ["Sun Microsystems, Inc."] "{63542C48-9552-494A-84F7-73AA6A7C99C1}" = "OpenOffice.org Property Sheet Handler" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = ""C:\Program Files\OpenOffice.org 2.4\program\shlxthdl.dll"" ["Sun Microsystems, Inc."] "{3B092F0C-7696-40E3-A80F-68D74DA84210}" = "OpenOffice.org Thumbnail Viewer" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = ""C:\Program Files\OpenOffice.org 2.4\program\shlxthdl.dll"" ["Sun Microsystems, Inc."] "{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}" = "iTunes" -> {HKLM...CLSID} = "iTunes" \InProcServer32\(Default) = "C:\Program Files\iTunes\iTunesMiniPlayer.dll" ["Apple Inc."] "{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}" = "UnlockerShellExtension" -> {HKLM...CLSID} = "UnlockerShellExtension" \InProcServer32\(Default) = "C:\Program Files\Unlocker\UnlockerCOM.dll" [null data] "{BD88A479-9623-4897-8546-BC62B9628F44}" = "SPTHandler" -> {HKLM...CLSID} = "SPTHandler" \InProcServer32\(Default) = "C:\Program Files\Spyware Terminator\sptcontmenu.dll" ["Crawler.com"] "{11016101-E366-4D22-BC06-4ADA335C892B}" = "IE History and Feeds Shell Data Source for Windows Search" -> {HKLM...CLSID} = "IE History and Feeds Shell Data Source for Windows Search" \InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS] "{472083B0-C522-11CF-8763-00608CC02F24}" = "avast" -> {HKLM...CLSID} = "avast" \InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"] "{EFA24E62-B078-11d0-89E4-00C04FC9E26E}" = "History Band" -> {HKLM...CLSID} = "History Band" \InProcServer32\(Default) = "C:\windows\system32\Shdocvw.dll" [MS] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ "WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}" -> {HKLM...CLSID} = "WPDShServiceObj Class" \InProcServer32\(Default) = "C:\WINDOWS\system32\WPDShServiceObj.dll" [MS] HKLM\SOFTWA RE\Microsoft\Windows NT\CurrentVersion\Winlogon\ <<!>> "GinaDLL" = "GTGina.dll" ["Gemtek"] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ <<!>> AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."] HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\ {7D4D6379-F301-4311-BEBA-E26EB0561882}\(Default) = "NeroDigitalExt.NeroDigitalColumnHandler" -> {HKLM...CLSID} = "NeroDigitalColumnHandler Class" \InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"] {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\(Default) = "OpenOffice.org Column Handler" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = ""C:\Program Files\OpenOffice.org 2.4\program\shlxthdl.dll"" ["Sun Microsystems, Inc."] {F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info" -> {HKLM...CLSID} = "PDF Shell Extension" \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."] HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\ avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}" -> {HKLM...CLSID} = "avast" \InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"] MagicISO\(Default) = "{DB85C504-C730-49DD-BEC1-7B39C6103B7A}" -> {HKLM...CLSID} = "MShellExtMenu Class" \InProcServer32\(Default) = "C:\Program Files\MagicISO\misosh.dll" ["MagicISO, Inc."] SPTContMenu\(Default) = "{BD88A479-9623-4897-8546-BC62B9628F44}" -> {HKLM...CLSID} = "SPTHandler" \InProcServer32\(Default) = "C:\Program Files\Spyware Terminator\sptcontmenu.dll" ["Crawler.com"] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ MagicISO\(Default) = "{DB85C504-C730-49DD-BEC1-7B39C6103B7A}" -> {HKLM...CLSID} = "MShellExtMenu Class" \InProcServer32\(Default) = "C:\Program Files\MagicISO\misosh.dll" ["MagicISO, Inc."] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\ avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}" -> {HKLM...CLSID} = "avast" \InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"] MagicISO\(Default) = "{DB85C504-C730-49DD-BEC1-7B39C6103B7A}" -> {HKLM...CLSID} = "MShellExtMenu Class" \InProcServer32\(Default) = "C:\Program Files\MagicISO\misosh.dll" ["MagicISO, Inc."] MBAMShlExt\(Default) = "{57CE581A-0CB6-4266-9CA0-19364C90A0B3}" -> {HKLM...CLSID} = "MBAMShlExt Class" \InProcServer32\(Default) = "C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll" ["Malwarebytes Corporation"] SPTContMenu\(Default) = "{BD88A479-9623-4897-8546-BC62B9628F44}" -> {HKLM...CLSID} = "SPTHandler" \InProcServer32\(Default) = "C:\Program Files\Spyware Terminator\sptcontmenu.dll" ["Crawler.com"] UnlockerShellExtension\(Default) = "{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}" -> {HKLM...CLSID} = "UnlockerShellExtension" \InProcServer32\(Default) = "C:\Program Files\Unlocker\UnlockerCOM.dll" [null data] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\ MBAMShlExt\(Default) = "{57CE581A-0CB6-4266-9CA0-19364C90A0B3}" -> {HKLM...CLSID} = "MBAMShlExt Class" \InProcServer32\(Default) = "C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll" ["Malwarebytes Corporation"] SPTContMenu\(Default) = "{BD88A479-9623-4897-8546-BC62B9628F44}" -> {HKLM...CLSID} = "SPTHandler" \InProcServer32\(Default) = "C:\Program Files\Spyware Terminator\sptcontmenu.dll" ["Crawler.com"] UnlockerShellExtension\(Default) = "{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}" -> {HKLM...CLSID} = "UnlockerShellExtension" \InProcServer32\(Default) = "C:\Program Files\Unlocker\UnlockerCOM.dll" [null data] {C95FFEAE-A32E-4122-A5C4-49B5BFB69795}\(Default) = "{C95FFEAE-A32E-4122-A5C4-49B5BFB69795}" -> {HKLM...CLSID} = "Adobe Drive CS4" \InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Adobe Drive CS4\ADFSMenu.dll" ["Adobe Systems Incorporated"] Default executables: -------------------- <<!>> HKLM\SOFTWARE\Classes\.com\(Default) = "ComFile" Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\ "NoDrives" = (REG_DWORD) dword:0x00000000 {unrecognized setting} HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ "NoDrives" = (REG_DWORD) dword:0x00000000 {unrecognized setting} HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ "shutdownwithoutlogon" = (REG_DWORD) dword:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Shutdown: Allow system to be shut down without having to log on} "undockwithoutlogon" = (REG_DWORD) dword:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Devices: Allow undock without having to log on} "DisableRegistryTools" = (REG_DWORD) dword:0x00000000 {unrecognized setting} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ "Wallpaper" = "C:\windows\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp" Windows Portable Device AutoPlay Handlers ----------------------------------------- HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ AdobeOnLocationCS4CameraArrival\ "Provider" = "Adobe OnLocation" "ProgID" = "Shell.HWEventHandlerShellExecute" "InitCmdLine" = ""E:\Adobe\Adobe OnLocation CS4\Adobe OnLocation.exe"" HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = "{FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" -> {HKLM...CLSID} = "ShellExecute HW Event Handler" \LocalServer32\(Default) = "rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" [MS] AdobePremiereProCS4CameraArrival\ "Provider" = "Adobe Premiere Pro" "ProgID" = "Shell.HWEventHandlerShellExecute" "InitCmdLine" = ""E:\Adobe\Adobe Premiere Pro CS4\Adobe Premiere Pro.exe"" HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = "{FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" -> {HKLM...CLSID} = "ShellExecute HW Event Handler" \LocalServer32\(Default) = "rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" [MS] BridgeCS4ImportMediaOnArrival\ "Provider" = "Adobe Bridge CS4" "InvokeProgID" = "Adobe.adobebridgeCS4" "InvokeVerb" = "launch" HKLM\SOFTWARE\Classes\Adobe.adobebridgeCS4\shell\launch\command\(Default) = "C:\Program Files\Adobe\Adobe Bridge CS4\bridgeproxy.exe -v %1" ["Adobe Systems, Inc."] BridgeCS4NonVolumeHandler\ "Provider" = "Adobe Bridge CS4" "ProgID" = "Adobe.adobebridgeMTP_1" HKLM\SOFTWARE\Classes\Adobe.adobebridgeMTP_1\CLSID\(Default) = "{1E6C711B-6D70-4a65-8AB6-745DC19BE2A6}" -> {HKLM...CLSID} = "Adobe Bridge CS4" \LocalServer32\(Default) = "C:\Program Files\Adobe\Adobe Bridge CS4\bridgeproxy.exe -m" ["Adobe Systems, Inc."] iTunesBurnCDOnArrival\ "Provider" = "iTunes" "InvokeProgID" = "iTunes.BurnCD" "InvokeVerb" = "burn" HKLM\SOFTWARE\Classes\iTunes.BurnCD\shell\burn\command\(Default) = ""C:\Program Files\iTunes\iTunes.exe" /AutoPlayBurn "%L"" ["Apple Inc."] iTunesImportSongsOnArrival\ "Provider" = "iTunes" "InvokeProgID" = "iTunes.ImportSongsOnCD" "InvokeVerb" = "import" HKLM\SOFTWARE\Classes\iTunes.ImportSongsOnCD\shell\import\command\(Default) = ""C:\Program Files\iTunes\iTunes.exe" /AutoPlayImportSongs "%L"" ["Apple Inc."] iTunesPlaySongsOnArrival\ "Provider" = "iTunes" "InvokeProgID" = "iTunes.PlaySongsOnCD" "InvokeVerb" = "play" HKLM\SOFTWARE\Classes\iTunes.PlaySongsOnCD\shell\play\command\(Default) = ""C:\Program Files\iTunes\iTunes.exe" /playCD "%L"" ["Apple Inc."] iTunesShowSongsOnArrival\ "Provider" = "iTunes" "InvokeProgID" = "iTunes.ShowSongsOnCD" "InvokeVerb" = "showsongs" HKLM\SOFTWARE\Classes\iTunes.ShowSongsOnCD\shell\showsongs\command\(Default) = ""C:\Program Files\iTunes\iTunes.exe" /AutoPlayShowSongs "%L"" ["Apple Inc."] Lightroom2AutoPlayHandler\ "Provider" = "Adobe Photoshop Lightroom 2.0" "InvokeProgID" = "Adobe.AdobeLightroom" "InvokeVerb" = "open" HKLM\SOFTWARE\Classes\Adobe.AdobeLightroom\shell\open\command\(Default) = "E:\Program Files\Adobe\Adobe Photoshop Lightroom 2\Lightroom.exe "%L"" ["Adobe Systems"] MSWPDShellNamespaceHandler\ "Provider" = "@%SystemRoot%\System32\WPDShextRes.dll,-501" "CLSID" = "{A55803CC-4D53-404c-8557-FD63DBA95D24}" "InitCmdLine" = " " -> {HKLM...CLSID} = "WPDShextAutoplay" \LocalServer32\(Default) = "C:\windows\system32\WPDShextAutoplay.exe" [MS] NeroAutoPlay7CDAudio\ "Provider" = "Nero Express Essentials" "InvokeProgID" = "Nero.AutoPlay7" "InvokeVerb" = "CDAudio_HandleCDBurningOnArrival" HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\CDAudio_HandleCDBurningOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Core\nero.exe -w /New:AudioCD" ["Nero AG"] NeroAutoPlay7CopyCD\ "Provider" = "Nero Express Essentials" "InvokeProgID" = "Nero.AutoPlay7" "InvokeVerb" = "CopyCD_PlayMusicFilesOnArrival" HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\CopyCD_PlayMusicFilesOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Core\nero.exe -w /New:DiscCopy" ["Nero AG"] NeroAutoPlay7DataDisc\ "Provider" = "Nero Express Essentials" "InvokeProgID" = "Nero.AutoPlay7" "InvokeVerb" = "DataDisc_HandleCDBurningOnArrival" HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\DataDisc_HandleCDBurningOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Core\nero.exe -w /New:ISODisc" ["Nero AG"] NeroAutoPlay7LaunchNeroStartSmart\ "Provider" = "Nero StartSmart Essentials" "InvokeProgID" = "Nero.AutoPlay7" "InvokeVerb" = "LaunchNeroStartSmart_HandleCDBurningOnArrival" HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\LaunchNeroStartSmart_HandleCDBurningOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Nero StartSmart\NeroStartSmart.exe /AutoPlay" ["Nero AG"] NeroAutoPlay7PlayAudioCD\ "Provider" = "Nero ShowTime Essentials" "InvokeProgID" = "Nero.AutoPlay7" "InvokeVerb" = "PlayAudioCD_PlayMusicFilesOnArrival" HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\PlayAudioCD_PlayMusicFilesOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe /Play %L" ["Nero AG"] NeroAutoPlay7PlayDVD\ "Provider" = "Nero ShowTime Essentials" "InvokeProgID" = "Nero.AutoPlay7" "InvokeVerb" = "PlayDVD_PlayVideoFilesOnArrival" HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\PlayDVD_PlayVideoFilesOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe /Play %L" ["Nero AG"] NeroAutoPlay7TranscodeVideo\ "Provider" = "Nero Recode Essentials" "InvokeProgID" = "Nero.AutoPlay7" "InvokeVerb" = "TranscodeVideo_PlayDVDMovieOnArrival" HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\TranscodeVideo_PlayDVDMovieOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Nero Recode\Recode.exe /New:CopyDVDVideo" ["Nero AG"] NeroAutoPlay7VideoCapture\ "Provider" = "Nero Vision Essentials" "ProgID" = "Shell.HWEventHandlerShellExecute" "InitCmdLine" = ""C:\Program Files\Nero\Nero 7\Nero Vision\NeroVision.exe" /New:VideoCapture" HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = "{FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" -> {HKLM...CLSID} = "ShellExecute HW Event Handler" \LocalServer32\(Default) = "rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" [MS] NeroAutoPlay7ViewPhotos\ "Provider" = "Nero PhotoSnap Viewer Essentials" "InvokeProgID" = "Nero.AutoPlay7" "InvokeVerb" = "ViewPhotos_ShowPicturesOnArrival" HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\ViewPhotos_ShowPicturesOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Nero PhotoSnap\PhotoSnapViewer.exe /" ["Nero AG"] VLCPlayCDAudioOnArrival\ "Provider" = "VideoLAN VLC media player" "InvokeProgID" = "VLC.CDAudio" "InvokeVerb" = "play" HKLM\SOFTWARE\Classes\VLC.CDAudio\shell\play\command\(Default) = "C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file cdda:%1" ["VideoLAN Team"] VLCPlayDVDMovieOnArrival\ "Provider" = "VideoLAN VLC media player" "InvokeProgID" = "VLC.DVDMovie" "InvokeVerb" = "play" HKLM\SOFTWARE\Classes\VLC.DVDMovie\shell\play\command\(Default) = "C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file dvd:%1" ["VideoLAN Team"] Enabled Scheduled Tasks: ------------------------ "AppleSoftwareUpdate" -> launches: "C:\Program Files\Apple Software Update\SoftwareUpdate.exe -task" ["Apple Inc."] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS] 000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] Transport Service Providers HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 32 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Miscellaneous IE Hijack Points ------------------------------ HKLM\Software\Microsoft\Internet Explorer\Version = (invalid data) The Internet Explorer version cannot be found! C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings") The contents of IERESET.INF cannot be reliably checked! Added lines (compared with English-language version): [strings]: START_PAGE_URL="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome" [strings]: MS_START_PAGE_URL="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome" Missing lines (compared with English-language version): [strings]: 2 lines HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\ <<H>> "NavigationFailure" = "res://ieframe.dll/navcancl.htm" [MS] <<H>> "NavigationCanceled" = "res://ieframe.dll/navcancl.htm" [MS] <<H>> "OfflineInformation" = "res://ieframe.dll/offcancl.htm" [MS] <<H>> "PostNotCached" = "res://ieframe.dll/repost.htm" [MS] <<H>> "Tabs" = "res://ieframe.dll/tabswelcome.htm" [MS] <<H>> "InPrivate" = "res://ieframe.dll/inprivate.htm" [MS] <<H>> "NoAdd-ons" = "res://ieframe.dll/noaddon.htm" [MS] <<H>> "NoAdd-onsInfo" = "res://ieframe.dll/noaddoninfo.htm" [MS] <<H>> "SecurityRisk" = "res://ieframe.dll/securityatrisk.htm" [MS] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ Apple Mobile Device, Apple Mobile Device, ""C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe"" ["Apple Inc."] Creative Audio Service, CTAudSvcService, "C:\Program Files\Creative\Shared Files\CTAudSvc.exe" ["Creative Technology Ltd"] PnkBstrA, PnkBstrA, "C:\WINDOWS\system32\PnkBstrA.exe" [null data] PnkBstrB, PnkBstrB, "C:\windows\system32\PnkBstrB.exe" [null data] User Profile Hive Cleanup, UPHClean, "C:\Program Files\UPHClean\uphclean.exe" [MS] Print Monitors: --------------- HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\ PrintPort\Driver = "emfxp.dll" [null data] ---------- (launch time: 2009-04-03 14:58:53) <<!>>: Suspicious data at a malware launch point. <<H>>: Suspicious data at a browser hijack point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + The search for DESKTOP.INI DLL launch points on all local fixed drives took 395 seconds. ---------- (total run time: 437 seconds) Edytowane 3 Kwietnia 2009 przez KOCHAM SYNTHOL Cytuj Udostępnij tę odpowiedź Odnośnik do odpowiedzi Udostępnij na innych stronach Więcej opcji udostępniania...
KOCHAM SYNTHOL Opublikowano 5 Kwietnia 2009 Zgłoś Opublikowano 5 Kwietnia 2009 ktokolwiek? nie moge korzystsac z komputera. :< Cytuj Udostępnij tę odpowiedź Odnośnik do odpowiedzi Udostępnij na innych stronach Więcej opcji udostępniania...
Kolobos Opublikowano 5 Kwietnia 2009 Zgłoś Opublikowano 5 Kwietnia 2009 Sprawdz sprzet, ram, dysk, zasilacz, temperatury itd. Cytuj Udostępnij tę odpowiedź Odnośnik do odpowiedzi Udostępnij na innych stronach Więcej opcji udostępniania...
KOCHAM SYNTHOL Opublikowano 6 Kwietnia 2009 Zgłoś Opublikowano 6 Kwietnia 2009 nvm, zmusilem sie do reinstalacji windowsa i jak reka odjal. swoja droga nie wiedzialem, ze bootup w czasie ponizej jednej minuty jest mozliwy. : D Cytuj Udostępnij tę odpowiedź Odnośnik do odpowiedzi Udostępnij na innych stronach Więcej opcji udostępniania...
