Dobre pingi - net zamula, czasem komp "zwalnia obrorty&


(Misiek Lim) #1

Czyli prośba o sprawdzenie loga - vista na lapcioku - sporo nowego oprogramwoania, a z kompikiem cos sie zaczyna dziać, nie wiem za bardzo co śmieci, a co nie :stuck_out_tongue:

Z góry dzięki za pomoc.

ComboFix

ComboFix 07-11-08.1 - Gosia 2007-11-10 16:21:14.1 - NTFSx86

(jessica) #2

Te logi są czyste.

Odinstaluj tego zamulacza (pogrubione).

Potem sfiksuj podobne do tego powyższego wpisy:

>>Hijack>>scan(Do a system scan only)>>zaznacz je >> Fix checked.

Możesz dać jeszcze log z ComboFix

jessi


(Misiek Lim) #3

Zauwżyłem małego zonka... log z silenta nie chciał sie wkleić w całości. Teraz pousuwałem parę rzeczy - teraz dam logi z HiJacka, Silenta i ComboFixa. Odrazu mówię, że pewnie będę musiał na 2 posty rozdzielić :wink:

HiJackThis

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 16:14:04, on 2007-11-10

Platform: Windows Vista (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16546)

Boot mode: Normal


Running processes:

C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Hp\QuickPlay\QPService.exe

C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe

C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe

C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\OpenOffice.org 2.2\program\soffice.exe

C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN

C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Windows\system32\conime.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 

O1 - Hosts: ::1 localhost

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"

O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"

O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide

O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"

O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe

O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe

O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R

O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'USŁUGA LOKALNA')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'USŁUGA LOKALNA')

O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'USŁUGA SIECIOWA')

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe

O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm

O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm

O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O13 - Gopher Prefix: 

O17 - HKLM\System\CCS\Services\Tcpip\..\{A039B559-D979-4DC2-8BD7-D1A5B98ABB3A}: NameServer = 85.198.213.1,85.198.212.1

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe

O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe

O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\isPwdSvc.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe

O23 - Service: lxce_device - Lexmark International, Inc. - C:\Windows\system32\lxcecoms.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe


--

End of file - 10601 bytes

SilentRunners

"Silent Runners.vbs", revision 52, http://www.silentrunners.org/

Operating System: Windows Vista

Output limited to non-default values, except where indicated by "{++}"



Startup items buried in registry:

---------------------------------


HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}

"Sidebar" = "C:\Program Files\Windows Sidebar\sidebar.exe /autoRun" [MS]

"Creative Detector" = ""C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R" ["Creative Technology Ltd"]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" = ""C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"" ["Nero AG"]

"WMPNSCFG" = "C:\Program Files\Windows Media Player\WMPNSCFG.exe" [MS]


HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}

"Windows Defender" = "C:\Program Files\Windows Defender\MSASCui.exe -hide"

"SynTPEnh" = "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" ["Synaptics, Inc."]

"HP Software Update" = "C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" ["Hewlett-Packard Co."]

"ccApp" = ""c:\Program Files\Common Files\Symantec Shared\ccApp.exe"" ["Symantec Corporation"]

"QPService" = ""C:\Program Files\HP\QuickPlay\QPService.exe"" ["CyberLink Corp."]

"QlbCtrl" = "C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start"

"HP Health Check Scheduler" = "C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [null data]

"hpWirelessAssistant" = "C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe"

"WAWifiMessage" = "C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe"

"SunJavaUpdateSched" = ""C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"" ["Sun Microsystems, Inc."]

"Symantec PIF AlertEng" = ""C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"" ["Symantec Corporation"]

"NeroFilterCheck" = "C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" ["Nero AG"]

"LogitechQuickCamRibbon" = ""C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide" ["Logitech Inc."]

"LogitechCommunicationsManager" = ""C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"" ["Logitech Inc."]

"IgfxTray" = "C:\Windows\system32\igfxtray.exe" ["Intel Corporation"]

"HotKeysCmds" = "C:\Windows\system32\hkcmd.exe" ["Intel Corporation"]

"Persistence" = "C:\Windows\system32\igfxpers.exe" ["Intel Corporation"]

"SynTPStart" = "C:\Program Files\Synaptics\SynTP\SynTPStart.exe" ["Synaptics, Inc."]


HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\ {++}

"Launcher" = "C:\Windows\SMINST\launcher.exe"


HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)

  -> {HKLM...CLSID} = "Adobe PDF Reader Link Helper"

                   \InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]

{1E8A6170-7264-4D0F-BEAE-D42A53123C75}\(Default) = (no title provided)

  -> {HKLM...CLSID} = (no title provided)

                   \InProcServer32\(Default) = "c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll" ["Symantec Corporation"]

{22BF413B-C6D2-4d91-82A9-A0F997BA588C}\(Default) = "Skype add-on (mastermind)"

  -> {HKLM...CLSID} = "Skype add-on (mastermind)"

                   \InProcServer32\(Default) = "C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll" ["Skype Technologies S.A."]

{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}\(Default) = "BitComet ClickCapture"

  -> {HKLM...CLSID} = "BitComet Helper"

                   \InProcServer32\(Default) = "C:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll" ["BitComet"]

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)

  -> {HKLM...CLSID} = "SSVHelper Class"

                   \InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll" ["Sun Microsystems, Inc."]


HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

"{E7DE9B1A-7533-4556-9484-B26FB486475E}" = (no title provided)

  -> {HKLM...CLSID} = "Network Map"

                   \InProcServer32\(Default) = "C:\Windows\system32\shdocvw.dll" [MS]

"{4A1E5ACD-A108-4100-9E26-D2FAFA1BA486}" = "IGD Property Sheet Handler"

  -> {HKLM...CLSID} = "IGD Property Page"

                   \InProcServer32\(Default) = "C:\Windows\System32\icsigd.dll" [MS]

"{8856f961-340a-11d0-a96b-00c04fd705a2}" = "Microsoft Web Browser"

  -> {HKLM...CLSID} = "Microsoft Web Browser"

                   \InProcServer32\(Default) = "C:\Windows\system32\ieframe.dll" [MS]

"{3050f3d9-98b5-11cf-bb82-00aa00bdce0b}" = "MSHTML Document"

  -> {HKLM...CLSID} = "MHTML Document"

                   \InProcServer32\(Default) = "C:\Windows\system32\mshtml.dll" [MS]

"{25336920-03f9-11cf-8fd0-00aa00686f13}" = "HTML Document"

  -> {HKLM...CLSID} = "HTML Document"

                   \InProcServer32\(Default) = "C:\Windows\system32\mshtml.dll" [MS]

"{74246bfc-4c96-11d0-abef-0020af6b0b7a}" = "Device Manager"

  -> {HKLM...CLSID} = "Device Manager"

                   \InProcServer32\(Default) = "C:\Windows\System32\devmgr.dll" [MS]

"{44f3dab6-4392-4186-bb7b-6282ccb7a9f6}" = "MyDocuments menu and properties"

  -> {HKLM...CLSID} = "MyDocuments menu and properties"

                   \InProcServer32\(Default) = "C:\Windows\system32\mydocs.dll" [MS]

"{D34A6CA6-62C2-4C34-8A7C-14709C1AD938}" = "Common Places Folder"

  -> {HKLM...CLSID} = "Common Places FS Folder"

                   \InProcServer32\(Default) = "C:\Windows\System32\shdocvw.dll" [MS]

"{865e5e76-ad83-4dca-a109-50dc2113ce9a}" = "Programs Folder and Fast Items"

  -> {HKLM...CLSID} = "Programs Folder and Fast Items"

                   \InProcServer32\(Default) = "C:\Windows\system32\shell32.dll" [MS]

"{21ec2020-3aea-1069-a2dd-08002b30309d}" = "Control Panel"

  -> {HKLM...CLSID} = "Control Panel"

                   \InProcServer32\(Default) = "shell32.dll" [MS]

"{25585dc7-4da0-438d-ad04-e42c8d2d64b9}" = "Client application shell extension"

  -> {HKLM...CLSID} = "Client application shell extension"

                   \InProcServer32\(Default) = "C:\Windows\system32\shell32.dll" [MS]

"{4d5c8c2a-d075-11d0-b416-00c04fb90376}" = "Microsoft CommBand"

  -> {HKLM...CLSID} = "Microsoft CommBand"

                   \InProcServer32\(Default) = "C:\Windows\system32\browseui.dll" [MS]

"{92337A8C-E11D-11D0-BE48-00C04FC30DF6}" = "OlePrn.PrinterURL"

  -> {HKLM...CLSID} = "prturl Class"

                   \InProcServer32\(Default) = "C:\Windows\system32\oleprn.dll" [MS]

"{16C2C29D-0E5F-45f3-A445-03E03F587B7D}" = "group_wab_auto_file"

  -> {HKLM...CLSID} = ".group shell context menu"

                   \InProcServer32\(Default) = "C:\Program Files\Common Files\System\wab32.dll" [MS]

"{CF67796C-F57F-45F8-92FB-AD698826C602}" = "contact_wab_auto_file"

  -> {HKLM...CLSID} = ".contact shell context menu"

                   \InProcServer32\(Default) = "C:\Program Files\Common Files\System\wab32.dll" [MS]

"{90b9bce2-b6db-4fd3-8451-35917ea1081b}" = "Search Execute Command"

  -> {HKLM...CLSID} = "CLSID_SearchExecute"

                   \InProcServer32\(Default) = "ExplorerFrame.dll" [MS]

"{1a184871-359e-4f67-aad9-5b9905d62232}" = "Microsoft Windows Font File Context Menu Handler"

  -> {HKLM...CLSID} = "Microsoft Windows Font Context Menu Handler"

                   \InProcServer32\(Default) = "fontext.dll" [MS]

"{8a7cae0e-5951-49cb-bf20-ab3fa1e44b01}" = "Microsoft Windows Font Previewer"

  -> {HKLM...CLSID} = "Microsoft Windows Font Preview Handler"

                   \InProcServer32\(Default) = "fontext.dll" [MS]

"{BC65FB43-1958-4349-971A-210290480130}" = "Network Explorer Property Sheet Handler"

  -> {HKLM...CLSID} = "Ncd Property Page"

                   \InProcServer32\(Default) = "C:\Windows\System32\NcdProp.dll" [MS]

"{0a4286ea-e355-44fb-8086-af3df7645bd9}" = "Windows Media Player"

  -> {HKLM...CLSID} = "&Windows Media Player"

                   \InProcServer32\(Default) = "C:\PROGRA~1\WI4EB4~1\wmpband.dll" [MS]

"{BB6B2374-3D79-41DB-87F4-896C91846510}" = "EMDFileProperties"

  -> {HKLM...CLSID} = (no title provided)

                   \InProcServer32\(Default) = "emdmgmt.dll" [MS]

"{7A0F6AB7-ED84-46B6-B47E-02AA159A152B}" = "Sync Center Simple Conflict Presenter"

  -> {HKLM...CLSID} = "Simple Conflict Presenter"

                   \InProcServer32\(Default) = "C:\Windows\System32\SyncCenter.dll" [MS]

"{BE122A0E-4503-11DA-8BDE-F66BAD1E3F3A}" = (no title provided)

  -> {HKLM...CLSID} = "Windows Anytime Upgrade"

                   \InProcServer32\(Default) = "C:\Windows\System32\shdocvw.dll" [MS]

"{00f20eb5-8fd6-4d9d-b75e-36801766c8f1}" = "PhotoAcqDropTarget"

  -> {HKLM...CLSID} = "PhotoAcqDropTarget"

                   \InProcServer32\(Default) = "C:\Program Files\Windows Photo Gallery\PhotoAcq.dll" [MS]

"{91ADC906-6722-4B05-A12B-471ADDCCE132}" = "Touch Band"

  -> {HKLM...CLSID} = "Touch Pointer"

                   \InProcServer32\(Default) = "C:\Windows\System32\TouchX.dll" [MS]

"{7D4734E6-047E-41e2-AEAA-E763B4739DC4}" = "Windows Media Player Play as Playlist Context Menu Handler"

  -> {HKLM...CLSID} = "WMP Play Folder As Playlist Launcher"

                   \InProcServer32\(Default) = "C:\Windows\system32\wmpshell.dll" [MS]

"{4E5BFBF8-F59A-4e87-9805-1F9B42CC254A}" = "GameUX.RichGameMediaThumbnail"

  -> {HKLM...CLSID} = "RichGameMediaThumbnail Class"

                   \InProcServer32\(Default) = "C:\Windows\System32\gameux.dll" [MS]

"{6b9228da-9c15-419e-856c-19e768a13bdc}" = "Windows gadget DropTarget"

  -> {HKLM...CLSID} = "Windows gadget DropTarget"

                   \InProcServer32\(Default) = "C:\Program Files\Windows Sidebar\sbdrop.dll" [MS]

"{8A734961-C4AA-4741-AC1E-791ACEBF5B39}" = "Windows Media Player Shop Music Context Menu Handler"

  -> {HKLM...CLSID} = (no title provided)

                   \InProcServer32\(Default) = "C:\Windows\system32\wmpshell.dll" [MS]

"{2F603045-309F-11CF-9774-0020AFD0CFF6}" = "Synaptics Control Panel"

  -> {HKLM...CLSID} = (no title provided)

                   \InProcServer32\(Default) = "C:\Program Files\Synaptics\SynTP\SynTPCpl.dll" ["Synaptics, Inc."]

"{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D}" = "Messenger Sharing Folders"

  -> {HKLM...CLSID} = "Moje foldery udostępniania"

                   \InProcServer32\(Default) = "C:\Program Files\MSN Messenger\fsshext.8.1.0178.00.dll" [MS]

"{7F67036B-66F1-411A-AD85-759FB9C5B0DB}" = "ShellViewRTF"

  -> {HKLM...CLSID} = "ShellViewRTF"

                   \InProcServer32\(Default) = "C:\Windows\System32\ShellvRTF.dll" ["XSS"]

"{377BF0A0-F755-4469-BA0C-BEB93AAB5454}" = "MuVo V100 Media Explorer"

  -> {HKLM...CLSID} = "MuVo V100 Media Explorer"

                   \InProcServer32\(Default) = "C:\Program Files\Creative\Creative MuVo V100\MuVo V100 Media Explorer\CTMvnsu.dll" ["Creative Technology Ltd"]

"{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" = "OpenOffice.org Column Handler"

  -> {HKLM...CLSID} = (no title provided)

                   \InProcServer32\(Default) = ""C:\Program Files\OpenOffice.org 2.2\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]

"{087B3AE3-E237-4467-B8DB-5A38AB959AC9}" = "OpenOffice.org Infotip Handler"

  -> {HKLM...CLSID} = (no title provided)

                   \InProcServer32\(Default) = ""C:\Program Files\OpenOffice.org 2.2\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]

"{63542C48-9552-494A-84F7-73AA6A7C99C1}" = "OpenOffice.org Property Sheet Handler"

  -> {HKLM...CLSID} = (no title provided)

                   \InProcServer32\(Default) = ""C:\Program Files\OpenOffice.org 2.2\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]

"{3B092F0C-7696-40E3-A80F-68D74DA84210}" = "OpenOffice.org Thumbnail Viewer"

  -> {HKLM...CLSID} = (no title provided)

                   \InProcServer32\(Default) = ""C:\Program Files\OpenOffice.org 2.2\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]

"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

"{97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2}" = "NeroCoverEd Live Icons"

  -> {HKLM...CLSID} = "NeroCoverEdLiveIcons Class"

                   \InProcServer32\(Default) = "C:\Program Files\Nero\Nero 7\Nero CoverDesigner\CoverEdExtension.dll" ["Nero AG"]

"{B327765E-D724-4347-8B16-78AE18552FC3}" = "NeroDigitalIconHandler"

  -> {HKLM...CLSID} = "NeroDigitalIconHandler Class"

                   \InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]

"{7F1CF152-04F8-453A-B34C-E609530A9DC8}" = "NeroDigitalPropSheetHandler"

  -> {HKLM...CLSID} = "NeroDigitalPropSheetHandler Class"

                   \InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]

"{B4B924A2-EBDA-11DA-95DA-00E08161165F}" = "Dodatki Spika"

  -> {HKLM...CLSID} = "SpikShellExt Class"

                   \InProcServer32\(Default) = "C:\Program Files\Spik\shellext_wpmsg.dll" ["Wirtualna Polska"]


HKLM\Software\Classes\Folder\shellex\ColumnHandlers\

{7D4D6379-F301-4311-BEBA-E26EB0561882}\(Default) = "NeroDigitalExt.NeroDigitalColumnHandler"

  -> {HKLM...CLSID} = "NeroDigitalColumnHandler Class"

                   \InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]

{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\(Default) = "OpenOffice.org Column Handler"

  -> {HKLM...CLSID} = (no title provided)

                   \InProcServer32\(Default) = ""C:\Program Files\OpenOffice.org 2.2\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]

{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"

  -> {HKLM...CLSID} = "PDF Shell Extension"

                   \InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]


HKLM\Software\Classes\*\shellex\ContextMenuHandlers\

Cover Designer\(Default) = "{73FCA462-9BD5-4065-A73F-A8E5F6904EF7}"

  -> {HKLM...CLSID} = "NeroCoverEdContextMenu Class"

                   \InProcServer32\(Default) = "C:\Program Files\Nero\Nero 7\Nero CoverDesigner\CoverEdExtension.dll" ["Nero AG"]

Spik\(Default) = "{B4B924A2-EBDA-11DA-95DA-00E08161165F}"

  -> {HKLM...CLSID} = "SpikShellExt Class"

                   \InProcServer32\(Default) = "C:\Program Files\Spik\shellext_wpmsg.dll" ["Wirtualna Polska"]

Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{FAD61B3D-699D-49B2-BE16-7F82CB4C59CA}"

  -> {HKLM...CLSID} = "IEContextMenu Class"

                   \InProcServer32\(Default) = "c:\PROGRA~1\NORTON~1\NORTON~1\NavShExt.dll" ["Symantec Corporation"]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]


HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]


HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\

Spik\(Default) = "{B4B924A2-EBDA-11DA-95DA-00E08161165F}"

  -> {HKLM...CLSID} = "SpikShellExt Class"

                   \InProcServer32\(Default) = "C:\Program Files\Spik\shellext_wpmsg.dll" ["Wirtualna Polska"]

Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{FAD61B3D-699D-49B2-BE16-7F82CB4C59CA}"

  -> {HKLM...CLSID} = "IEContextMenu Class"

                   \InProcServer32\(Default) = "c:\PROGRA~1\NORTON~1\NORTON~1\NavShExt.dll" ["Symantec Corporation"]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]



Group Policies {GPedit.msc branch and setting}:

-----------------------------------------------


Note: detected settings may not have any effect.


HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\


"LogonHoursAction" = (REG_DWORD) hex:0x00000002

{unrecognized setting}


"DontDisplayLogonHoursWarnings" = (REG_DWORD) hex:0x00000001

{unrecognized setting}


HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\


"ConsentPromptBehaviorAdmin" = (REG_DWORD) hex:0x00000002

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

User Account Control: Behavior Of The Elevation Prompt For Administrators In Admin Approval Mode}


"ConsentPromptBehaviorUser" = (REG_DWORD) hex:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

User Account Control: Behavior Of The Elevation Prompt For Standard Users}


"EnableInstallerDetection" = (REG_DWORD) hex:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

User Account Control: Detect Application Installations And Prompt For Elevation}


"EnableLUA" = (REG_DWORD) hex:0x00000000

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

User Account Control: Run All Administrators In Admin Approval Mode}


"EnableSecureUIAPaths" = (REG_DWORD) hex:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

User Account Control: Only elevate UIAccess applications that are installed in secure locations}


"EnableVirtualization" = (REG_DWORD) hex:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

User Account Control: Virtualize file and registry write failures to per-user locations}


"PromptOnSecureDesktop" = (REG_DWORD) hex:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

User Account Conrol: Switch to the secure desktop when prompting for elevation}


"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

Shutdown: Allow system to be shut down without having to log on}


"undockwithoutlogon" = (REG_DWORD) hex:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

Devices: Allow undock without having to log on}


"FilterAdministratorToken" = (REG_DWORD) hex:0x00000000

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

User Account Control: Admin Approval Mode for the Built-in Administrator Account}



Active Desktop and Wallpaper:

-----------------------------


Active Desktop may be disabled at this entry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState


Displayed if Active Desktop enabled and wallpaper not set by Group Policy:

HKCU\Software\Microsoft\Internet Explorer\Desktop\General\

"Wallpaper" = "C:\Windows\web\Wallpaper\img24.jpg"


Displayed if Active Desktop disabled and wallpaper not set by Group Policy:

HKCU\Control Panel\Desktop\

"Wallpaper" = "C:\Windows\web\Wallpaper\img24.jpg"



Enabled Screen Saver:

---------------------


HKCU\Control Panel\Desktop\

"SCRNSAVE.EXE" = "C:\Windows\system32\logon.scr" [MS]



Startup items in "Gosia" & "All Users" startup folders:

-------------------------------------------------------


C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup

"Adobe Reader Speed Launch" -> shortcut to: "C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe" ["Adobe Systems Incorporated"]

"Adobe Reader Synchronizer" -> shortcut to: "C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe" ["Adobe Systems Incorporated"]



Non-disabled Scheduled Tasks:

-----------------------------


C:\Windows\System32\Tasks

"ExtendedServicePlan" -> launches: ""C:\Program Files\Hewlett-Packard\SDP\RemEngine.exe" ExtendedServicePlan ShowMessageTask" [null data]

"HP Health Check" -> launches: "C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe /Scan" [null data]

"HPCeeScheduleForGosia" -> launches: "C:\Program Files\Hewlett-Packard\SDP\Ceement\HPCEE.exe HPCeeScheduleForGosia (null)" [null data]

"Norton Internet Security - Run Full System Scan - Gosia" -> launches: "c:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exe /TASK:"C:\ProgramData\Symantec\Norton AntiVirus\Tasks\mycomp.sca"" ["Symantec Corporation"]

"ServicePlan" -> launches: ""C:\Program Files\Hewlett-Packard\SDP\RemEngine.exe" ServicePlan ShowMessageTask11M" [null data]

"User_Feed_Synchronization-{8FF67A44-7088-4B8E-8CE3-FF03CC789D98}" -> (HIDDEN!) launches: "C:\Windows\system32\msfeedssync.exe sync" [MS]

"User_Feed_Synchronization-{CB13BBCE-AF5B-4C8E-8D8B-FF819003451B}" -> (HIDDEN!) launches: "C:\Windows\system32\msfeedssync.exe sync" [MS]


C:\Windows\System32\Tasks\Microsoft\Windows\Bluetooth

"UninstallDeviceTask" -> launches: "BthUdTask.exe $(Arg0)" [MS]


C:\Windows\System32\Tasks\Microsoft\Windows\CertificateServicesClient

"SystemTask" -> launches: "{58fb76b9-ac85-4e55-ac04-427593b1d060}"

  -> {HKLM...CLSID} = "Certificate Services Client Task Handler"

                   \InProcServer32\(Default) = "C:\Windows\system32\dimsjob.dll" [MS]

"UserTask" -> launches: "{58fb76b9-ac85-4e55-ac04-427593b1d060}"

  -> {HKLM...CLSID} = "Certificate Services Client Task Handler"

                   \InProcServer32\(Default) = "C:\Windows\system32\dimsjob.dll" [MS]

"UserTask-Roam" -> launches: "{58fb76b9-ac85-4e55-ac04-427593b1d060}"

  -> {HKLM...CLSID} = "Certificate Services Client Task Handler"

                   \InProcServer32\(Default) = "C:\Windows\system32\dimsjob.dll" [MS]


C:\Windows\System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program

"Consolidator" -> launches: "%SystemRoot%\System32\wsqmcons.exe" [MS]

"OptinNotification" -> launches: "%SystemRoot%\System32\wsqmcons.exe -n 0x1C577FA2B69CAD0" [MS]


C:\Windows\System32\Tasks\Microsoft\Windows\Defrag

"ScheduledDefrag" -> launches: "%windir%\system32\defrag.exe -c -i" [MS]


C:\Windows\System32\Tasks\Microsoft\Windows\DiskDiagnostic

"Microsoft-Windows-DiskDiagnosticDataCollector" -> (HIDDEN!) launches: "%windir%\system32\rundll32.exe dfdts.dll,DfdGetDefaultPolicyAndSMART" [MS]


C:\Windows\System32\Tasks\Microsoft\Windows\MobilePC

"HotStart" -> launches: "{06DA0625-9701-43da-BFD7-FBEEA2180A1E}"

  -> {HKLM...CLSID} = "HotStart User Agent"

                   \InProcServer32\(Default) = "C:\Windows\System32\HotStartUserAgent.dll" [MS]

"TMM" -> launches: "{35EF4182-F900-4632-B072-8639E4478A61}"

  -> {HKLM...CLSID} = "Transient Multi-Monitor Manager"

                   \InProcServer32\(Default) = "C:\Windows\System32\TMM.dll" [MS]


C:\Windows\System32\Tasks\Microsoft\Windows\MUI

"LPRemove" -> launches: "%windir%\system32\lpremove.exe" [MS]


C:\Windows\System32\Tasks\Microsoft\Windows\Multimedia

"SystemSoundsService" -> launches: "{2DEA658F-54C1-4227-AF9B-260AB5FC3543}"

  -> {HKLM...CLSID} = "Microsoft PlaySoundService Class"

                   \InProcServer32\(Default) = "C:\Windows\System32\PlaySndSrv.dll" [MS]


C:\Windows\System32\Tasks\Microsoft\Windows\NetworkAccessProtection

"NAPStatus UI" -> launches: "{f09878a1-4652-4292-aa63-8c7d4fd7648f}"

  -> {HKLM...CLSID} = "Nap ITask Handler Implementation"

                   \InProcServer32\(Default) = "C:\Windows\System32\QAgent.dll" [MS]


C:\Windows\System32\Tasks\Microsoft\Windows\RAC

"RACAgent" -> (HIDDEN!) launches: "%windir%\system32\RacAgent.exe" [MS]


C:\Windows\System32\Tasks\Microsoft\Windows\RemoteAssistance

"RemoteAssistanceTask" -> (HIDDEN!) launches: "%windir%\system32\RAServer.exe /offerraupdate" [MS]


C:\Windows\System32\Tasks\Microsoft\Windows\Shell

"CrawlStartPages" -> launches: "{51653423-e62d-4ff7-894a-dabb2b8e21e2}"

  -> {HKLM...CLSID} = "CrawlStartPages Task Handler"

                   \InProcServer32\(Default) = "C:\Windows\System32\srchadmin.dll" [MS]


C:\Windows\System32\Tasks\Microsoft\Windows\SystemRestore

"SR" -> launches: "%windir%\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation" [MS]


C:\Windows\System32\Tasks\Microsoft\Windows\Tcpip

"IpAddressConflict1" -> launches: "rundll32 ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem" [MS]

"IpAddressConflict2" -> launches: "rundll32 ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem" [MS]


C:\Windows\System32\Tasks\Microsoft\Windows\TextServicesFramework

"MsCtfMonitor" -> (HIDDEN!) launches: "{01575cfe-9a55-4003-a5e1-f38d1ebdcbe1}"

  -> {HKLM...CLSID} = "MsCtfMonitor task handler"

                   \InProcServer32\(Default) = "C:\Windows\system32\MsCtfMonitor.dll" [MS]


C:\Windows\System32\Tasks\Microsoft\Windows\UPnP

"UPnPHostConfig" -> launches: "sc.exe config upnphost start= auto" [MS]


C:\Windows\System32\Tasks\Microsoft\Windows\WDI

"ResolutionHost" -> (HIDDEN!) launches: "{900be39d-6be8-461a-bc4d-b0fa71f5ecb1}"

  -> {HKLM...CLSID} = "DiagnosticInfrastructureCustomHandler"

                   \InProcServer32\(Default) = "C:\Windows\System32\wdi.dll" [MS]


C:\Windows\System32\Tasks\Microsoft\Windows\Windows Error Reporting

"QueueReporting" -> launches: "%windir%\system32\wermgr.exe -queuereporting" [MS]


C:\Windows\System32\Tasks\Microsoft\Windows\Wired

"GatherWiredInfo" -> launches: "%windir%\system32\gatherWiredInfo.vbs" [null data]


C:\Windows\System32\Tasks\Microsoft\Windows\Wireless

"GatherWirelessInfo" -> launches: "%windir%\system32\gatherWirelessInfo.vbs" [null data]


C:\Windows\System32\Tasks\Microsoft\Windows Defender

"MP Scheduled Scan" -> (HIDDEN!) launches: "c:\program files\windows defender\MpCmdRun.exe Scan -RestrictPrivileges" [MS]



Winsock2 Service Provider DLLs:

-------------------------------


Namespace Service Providers


HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}

000000000001\LibraryPath = "%SystemRoot%\system32\NLAapi.dll" [MS]

000000000002\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

000000000003\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]

000000000004\LibraryPath = "%SystemRoot%\system32\napinsp.dll" [MS]

000000000005\LibraryPath = "%SystemRoot%\system32\pnrpnsp.dll" [MS]

000000000006\LibraryPath = "%SystemRoot%\system32\pnrpnsp.dll" [MS]


Transport Service Providers


HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}

0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:

%SystemRoot%\system32\mswsock.dll [MS], 01 - 22



Toolbars, Explorer Bars, Extensions:

------------------------------------


Toolbars


HKLM\Software\Microsoft\Internet Explorer\Toolbar\

"{90222687-F593-4738-B738-FBEE9C7B26DF}" = "NCO Toolbar"

  -> {HKLM...CLSID} = "Show Norton Toolbar"

                   \InProcServer32\(Default) = "c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll" ["Symantec Corporation"]


Explorer Bars


HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\


HKLM\Software\Classes\CLSID\{E7A829CC-671F-4C3D-B590-8C0AEA72E6B2}\(Default) = "BitComet Button"

Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]

InProcServer32\(Default) = "C:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll" ["BitComet"]


Extensions (Tools menu items, main toolbar menu buttons)


HKLM\Software\Microsoft\Internet Explorer\Extensions\

{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\

"MenuText" = "Sun Java Console"

"CLSIDExtension" = "{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC}"

  -> {HKLM...CLSID} = "Java Plug-in 1.6.0_02"

                   \InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll" ["Sun Microsystems, Inc."]


{461CC20B-FB6E-4F16-8FE8-C29359DB100E}\

"ButtonText" = "BitComet Search"


{77BF5300-1474-4EC7-9980-D32B190E9B07}\

"ButtonText" = "Skype"

"CLSIDExtension" = "{77BF5300-1474-4EC7-9980-D32B190E9B07}"

  -> {HKLM...CLSID} = "Skype add-on (button)"

                   \InProcServer32\(Default) = "C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll" ["Skype Technologies S.A."]



HOSTS file

----------


C:\Windows\System32\drivers\etc\HOSTS


maps: 2 domain names to IP addresses,

      1 of the IP addresses is *not* localhost!



Running Services (Display Name, Service Name, Path {Service DLL}):

------------------------------------------------------------------


Autokonfiguracja sieci WLAN, Wlansvc, "C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted" {"C:\Windows\System32\wlansvc.dll" [MS]}

Automatic LiveUpdate Scheduler, Automatic LiveUpdate Scheduler, ""C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe"" ["Symantec Corporation"]

Dostęp do urządzeń interfejsu HID, hidserv, "C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted" {"C:\Windows\system32\hidserv.dll" [MS]}

Dziennik zdarzeń systemu Windows, Eventlog, "C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted" {(missing data)}

Host urządzenia UPnP, upnphost, "C:\Windows\system32\svchost.exe -k LocalService" {"C:\Windows\System32\upnphost.dll" [MS]}

HP Health Check Service, HP Health Check Service, ""C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe"" [null data]

hpqwmiex, hpqwmiex, "C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe" ["Hewlett-Packard Development Company, L.P."]

Izolacja klucza CNG, KeyIso, "C:\Windows\system32\lsass.exe" [MS]

LightScribeService Direct Disc Labeling Service, LightScribeService, ""C:\Program Files\Common Files\LightScribe\LSSrvc.exe"" ["Hewlett-Packard Company"]

LiveUpdate Notice Service Ex, LiveUpdate Notice Ex, ""c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon" ["Symantec Corporation"]

LVCOMSer, LVCOMSer, ""C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe"" ["Logitech Inc."]

NMIndexingService, NMIndexingService, ""C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe"" ["Nero AG"]

Process Monitor, LVPrcSrv, ""C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe"" ["Logitech Inc."]

Protokół uwierzytelniania rozszerzonego (EAP), EapHost, "C:\Windows\System32\svchost.exe -k netsvcs" {"C:\Windows\System32\eapsvc.dll" [MS]}

Przeglądarka komputera, Browser, "C:\Windows\System32\svchost.exe -k netsvcs" {"C:\Windows\System32\browser.dll" [MS]}

Publikacja zasobów odnajdowania funkcji, FDResPub, "C:\Windows\system32\svchost.exe -k LocalService" {"C:\Windows\system32\fdrespub.dll" [MS]}

Symantec AppCore Service, SymAppCore, ""c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe"" ["Symantec Corporation"]

Symantec Core LC, Symantec Core LC, ""C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe"" ["Symantec Corporation"]

Symantec Event Manager, ccEvtMgr, ""c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon" ["Symantec Corporation"]

Symantec Lic NetConnect service, CLTNetCnService, ""c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h cltCommon" ["Symantec Corporation"]

Symantec Settings Manager, ccSetMgr, ""c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon" ["Symantec Corporation"]

Usługa udostępniania w sieci programu Windows Media Player, WMPNetworkSvc, ""C:\Program Files\Windows Media Player\wmpnetwk.exe"" [MS]

Windows Driver Foundation — User-mode Driver Framework, wudfsvc, "C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted" {"C:\Windows\System32\WUDFSvc.dll" [MS]}

Windows Image Acquisition (WIA), stisvc, "C:\Windows\system32\svchost.exe -k imgsvc" {"C:\Windows\System32\wiaservc.dll" [MS]}

XAudioService, XAudioService, "C:\Windows\system32\DRIVERS\xaudio.exe" ["Conexant Systems, Inc."]



Print Monitors:

---------------


HKLM\System\CurrentControlSet\Control\Print\Monitors\

4300 Series Port\Driver = "lxcelmpm.DLL" ["Lexmark International, Inc."]



---------- (launch time: 2007-11-10 16:14:56)

+ This report excludes default entries except where indicated.

+ To see *everywhere* the script checks and *everything* it finds,

  launch it from a command prompt or a shortcut with the -all parameter.

+ To search all directories of local fixed drives for DESKTOP.INI

  DLL launch points, use the -supp parameter or answer "No" at the

  first message box and "Yes" at the second message box.

---------- (total run time: 118 seconds, including 18 seconds for message boxes)

LOG Z COMBOFIXA JEST W PIERWSZYM POśCIE, TU SIę NIE CHCIAł WRZUCIć[/u


(Gutek) #4

Logi Ok jedynie:

Edytuj plik hosts C:\WINDOWS\System32\drivers\etc\HOSTS

powina znajdować się tam tylko linijka 127.0.0.1 localhost


(Misiek Lim) #5
# Copyright (c) 1993-2006 Microsoft Corp.

#

# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.

#

# This file contains the mappings of IP addresses to host names. Each

# entry should be kept on an individual line. The IP address should

# be placed in the first column followed by the corresponding host name.

# The IP address and the host name should be separated by at least one

# space.

#

# Additionally, comments (such as these) may be inserted on individual

# lines or following the machine name denoted by a '#' symbol.

#

# For example:

#

# 102.54.94.97 rhino.acme.com # source server

# 38.25.63.10 x.acme.com # x client host


127.0.0.1 localhost

::1 localhost

Czyli wszystko skasować? Oprócz tego 127.0.0.1 localhost?


(Rafallobocki) #6

Skasuj to co jest na czerwono nie wszystko :stuck_out_tongue: pozdro