system
(system)
7 Wrzesień 2009 15:40
#1
Cześć!
Mam problem z komputerem,który polega na tym,że czasami albo gry mi się zawieszają albo w ogóle wyłączają.Następny problem dotyczy dźwięku.Nie ważne co bym oglądał na YT zawsze po chwili przestaje słyszeć,np muzyke.
Mój system operacjyny to windows vista ultimate 64 pl
Logi:
Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:32:42, on 2009-09-07 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.18813) Boot mode: Normal Running processes: C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe C:\Program Files (x86)\DirectX Happy Uninstall\DHU.exe D:\Programy\Alcohol\Alcohol 120\AxShlEx64Helper.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Users\Daniel\Desktop\Nowy folder\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe O1 - Hosts: ::1 localhost O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O4 - HKLM…\Run: [avgnt] “C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe” /min O4 - HKUS\S-1-5-19…\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User ‘USŁUGA LOKALNA’) O4 - HKUS\S-1-5-19…\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User ‘USŁUGA LOKALNA’) O4 - HKUS\S-1-5-20…\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User ‘USŁUGA SIECIOWA’) O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll O9 - Extra ‘Tools’ menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll O20 - AppInit_DLLs: C:\Windows\SysWOW64\guard32.dll C:\Windows\SysWOW64\cssdll32.dll O23 - Service: Acronis OS Selector Reinstall Service (AcronisOSSReinstallSvc) - Unknown owner - C:\Program Files (x86)\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe O23 - Service: @dfsrres.dll ,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing) O23 - Service: @keyiso.dll ,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @comres.dll ,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: Loki Drivers Auto Removal (pr2agqwb) (pr2agqwb) - Unknown owner - C:\Windows\system32\pr2agqwb.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: Bufor wydruku (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - D:\Programy\Alcohol\Alcohol 120\StarWind\StarWindServiceAE.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) – End of file - 6229 bytes
“Silent Runners.vbs”, revision 59, http://www.silentrunners.org/ Operating System: Windows Vista Output limited to non-default values, except where indicated by “{++}” Startup items buried in registry: --------------------------------- HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} “COMODO Firewall Pro” = ““C:\Program Files\COMODO\Firewall\cfp.exe” -h” [“COMODO”] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ “{42042206-2D85-11D3-8CFF-005004838597}” = “Microsoft Office HTML Icon Handler” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\Office12\MSOHEVI.DLL” [MS] “{993BE281-6695-4BA5-8A2A-7AACBFAAB69E}” = “Microsoft Office Metadata Handler” -> {HKLM…CLSID} = “Microsoft Office Metadata Handler” \InProcServer32(Default) = “C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll” [MS] “{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97}” = “Microsoft Office Thumbnail Handler” -> {HKLM…CLSID} = “Microsoft Office Thumbnail Handler” \InProcServer32(Default) = “C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll” [MS] “{11016101-E366-4D22-BC06-4ADA335C892B}” = “IE History and Feeds Shell Data Source for Windows Search” -> {HKLM…CLSID} = “IE History and Feeds Shell Data Source for Windows Search” \InProcServer32(Default) = “C:\Windows\System32\ieframe.dll” [MS] “{85D26561-0241-4BE2-A8DF-8F921A0EF948}” = “a-squared Free Shell Extension x64” -> {HKLM…CLSID} = “a-squared Free Shell Extension x64” \InProcServer32(Default) = “D:\Programy\a-squared Free\a2freecontmenu64.dll” [“Emsi Software GmbH”] “{AD392E40-428C-459F-961E-9B147782D099}” = “UltraISO” -> {HKLM…CLSID} = “UIContextMenu Class” \InProcServer32(Default) = “D:\Programy\UltraISO\isoshl64.dll” [“EZB Systems, Inc.”] “{A70C977A-BF00-412C-90B7-034C51DA2439}” = “NvCpl DesktopContext Class” -> {HKLM…CLSID} = “DesktopContext Class” \InProcServer32(Default) = “C:\Windows\system32\nvcpl.dll” [“NVIDIA Corporation”] “{3D1975AF-48C6-4f8e-A182-BE0E08FA86A9}” = “NVIDIA Play On My TV Context Menu Extension” -> {HKLM…CLSID} = “NVIDIA CPL Context Menu Extension” \InProcServer32(Default) = “C:\Windows\system32\nvshext.dll” [“NVIDIA Corporation”] “{28803F59-3A75-4058-995F-4EE5503B023C}” = “Wireless Devices” -> {HKLM…CLSID} = “Bluetooth Devices” \InProcServer32(Default) = “C:\Windows\system32\FunctionDiscoveryFolder.dll” [MS] “{9113A02D-00A3-46B9-BC5F-9C04DADDD5D7}” = “Enhanced Storage Data Source” -> {HKLM…CLSID} = “Enhanced Storage Data Source” \InProcServer32(Default) = “C:\Windows\system32\EhStorShell.dll” [MS] “{FFB699E0-306A-11d3-8BD1-00104B6F7516}” = “Play on my TV helper” -> {HKLM…CLSID} = “NVIDIA CPL Extension” \InProcServer32(Default) = “C:\Windows\system32\nvcpl.dll” [“NVIDIA Corporation”] “{45AC2688-0253-4ED8-97DE-B5370FA7D48A}” = “Shell Extension for Malware scanning” -> {HKLM…CLSID} = “Shell Extension for Malware scanning” \InProcServer32(Default) = “C:\Program Files (x86)\Avira\AntiVir Desktop\shlext64.dll” [“Avira GmbH”] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\ <> “{E31004D1-A431-41B8-826F-E902F9D95C81}” = “Windows DreamScene” -> {HKLM…CLSID} = “Windows DreamScene” \InProcServer32(Default) = “C:\Windows\System32\DreamScene.dll” [MS] HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\ <> text/xml\CLSID = “{807563E5-5146-11D5-A672-00B0D022E945}” -> {HKLM…CLSID} = “Microsoft Office InfoPath XML Mime Filter” \InProcServer32(Default) = “C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL” [MS] HKLM\SOFTWARE\Classes*\shellex\ContextMenuHandlers\ Shell Extension for Malware scanning(Default) = “{45AC2688-0253-4ED8-97DE-B5370FA7D48A}” -> {HKLM…CLSID} = “Shell Extension for Malware scanning” \InProcServer32(Default) = “C:\Program Files (x86)\Avira\AntiVir Desktop\shlext64.dll” [“Avira GmbH”] WinRAR(Default) = “{B41DB860-64E4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files (x86)\WinRAR\rarext64.dll” [null data] HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ UltraISO(Default) = “{AD392E40-428C-459F-961E-9B147782D099}” -> {HKLM…CLSID} = “UIContextMenu Class” \InProcServer32(Default) = “D:\Programy\UltraISO\isoshl64.dll” [“EZB Systems, Inc.”] WinRAR(Default) = “{B41DB860-64E4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files (x86)\WinRAR\rarext64.dll” [null data] HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\ a-squared Free Shell Extension x64(Default) = “{85D26561-0241-4BE2-A8DF-8F921A0EF948}” -> {HKLM…CLSID} = “a-squared Free Shell Extension x64” \InProcServer32(Default) = “D:\Programy\a-squared Free\a2freecontmenu64.dll” [“Emsi Software GmbH”] Shell Extension for Malware scanning(Default) = “{45AC2688-0253-4ED8-97DE-B5370FA7D48A}” -> {HKLM…CLSID} = “Shell Extension for Malware scanning” \InProcServer32(Default) = “C:\Program Files (x86)\Avira\AntiVir Desktop\shlext64.dll” [“Avira GmbH”] UltraISO(Default) = “{AD392E40-428C-459F-961E-9B147782D099}” -> {HKLM…CLSID} = “UIContextMenu Class” \InProcServer32(Default) = “D:\Programy\UltraISO\isoshl64.dll” [“EZB Systems, Inc.”] WinRAR(Default) = “{B41DB860-64E4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files (x86)\WinRAR\rarext64.dll” [null data] HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\ a-squared Free Shell Extension x64(Default) = “{85D26561-0241-4BE2-A8DF-8F921A0EF948}” -> {HKLM…CLSID} = “a-squared Free Shell Extension x64” \InProcServer32(Default) = “D:\Programy\a-squared Free\a2freecontmenu64.dll” [“Emsi Software GmbH”] Default executables: -------------------- HKLM\SOFTWARE\Classes.hta(Default) = “htafile” <> HKLM\SOFTWARE\Classes\htafile\shell\open\command(Default) = “C:\Windows\SysWOW64\mshta.exe “%1” %*” [MS] Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\ “HonorAutorunSetting” = (REG_DWORD) dword:0x00000001 {unrecognized setting} “NoRecentDocsNetHood” = (REG_DWORD) dword:0x00000001 {unrecognized setting} HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ “NoActiveDesktop” = (REG_DWORD) dword:0x00000001 {unrecognized setting} “NoActiveDesktopChanges” = (REG_DWORD) dword:0x00000001 {unrecognized setting} “ForceActiveDesktopOn” = (REG_DWORD) dword:0x00000000 {unrecognized setting} “HonorAutorunSetting” = (REG_DWORD) dword:0x00000001 {unrecognized setting} “BindDirectlyToPropertySetStorage” = (REG_DWORD) dword:0x00000000 {unrecognized setting} HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ “ConsentPromptBehaviorAdmin” = (REG_DWORD) dword:0x00000000 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| User Account Control: Behavior Of The Elevation Prompt For Administrators In Admin Approval Mode} “ConsentPromptBehaviorUser” = (REG_DWORD) dword:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| User Account Control: Behavior Of The Elevation Prompt For Standard Users} “EnableInstallerDetection” = (REG_DWORD) dword:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| User Account Control: Detect Application Installations And Prompt For Elevation} “EnableLUA” = (REG_DWORD) dword:0x00000000 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| User Account Control: Run All Administrators In Admin Approval Mode} “EnableSecureUIAPaths” = (REG_DWORD) dword:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| User Account Control: Only elevate UIAccess applications that are installed in secure locations} “EnableVirtualization” = (REG_DWORD) dword:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| User Account Control: Virtualize file and registry write failures to per-user locations} “PromptOnSecureDesktop” = (REG_DWORD) dword:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| User Account Control: Switch to the secure desktop when prompting for elevation} “shutdownwithoutlogon” = (REG_DWORD) dword:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Shutdown: Allow system to be shut down without having to log on} “undockwithoutlogon” = (REG_DWORD) dword:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Devices: Allow undock without having to log on} “FilterAdministratorToken” = (REG_DWORD) dword:0x00000000 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| User Account Control: Admin Approval Mode for the Built-in Administrator Account} “EnableUIADesktopToggle” = (REG_DWORD) dword:0x00000000 {unrecognized setting} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ “Wallpaper” = “C:\Windows\system32\config\systemprofile\AppData\Roaming\Mozilla\Firefox\Tapeta pulpitu.bmp” Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ “Wallpaper” = “C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Tapeta pulpitu.bmp” Windows Portable Device AutoPlay Handlers ----------------------------------------- HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ AlcoholAutoPlayV2.BurnDisc\ “Provider” = “Alcohol 120%” “InvokeProgID” = “AlcoholAutoPlayV2” “InvokeVerb” = “BurnDisc” HKLM\SOFTWARE\Classes\AlcoholAutoPlayV2\shell\BurnDisc\command(Default) = ““D:\Programy\Alcohol\Alcohol 120\Alcohol.exe” %1” [“Alcohol Soft Development Team”] AlcoholAutoPlayV2.ReadDisc\ “Provider” = “Alcohol 120%” “InvokeProgID” = “AlcoholAutoPlayV2” “InvokeVerb” = “BurnDisc” HKLM\SOFTWARE\Classes\AlcoholAutoPlayV2\shell\BurnDisc\command(Default) = ““D:\Programy\Alcohol\Alcohol 120\Alcohol.exe” %1” [“Alcohol Soft Development Team”] ImgBurnBluRayBurningOnArrival_BuildImage\ “Provider” = “ImgBurn” “InvokeProgID” = “ImgBurn.AutoPlay.1” “InvokeVerb” = “HandleBluRayBurningOnArrival_BuildImage” HKLM\SOFTWARE\Classes\ImgBurn.AutoPlay.1\shell\HandleBluRayBurningOnArrival_BuildImage\Command(Default) = "“D:\Programy\ImgBurn\ImgBurn.exe” /MODE BUILD /BUILDMODE DEVICE /DEST “%1"” [“LIGHTNING UK!”] ImgBurnBluRayBurningOnArrival_BurnImage\ “Provider” = “ImgBurn” “InvokeProgID” = “ImgBurn.AutoPlay.1” “InvokeVerb” = “HandleBluRayBurningOnArrival_BurnImage” HKLM\SOFTWARE\Classes\ImgBurn.AutoPlay.1\shell\HandleBluRayBurningOnArrival_BurnImage\Command(Default) = "“D:\Programy\ImgBurn\ImgBurn.exe” /MODE WRITE /DEST “%1"” [“LIGHTNING UK!”] ImgBurnCDBurningOnArrival_BuildImage\ “Provider” = “ImgBurn” “InvokeProgID” = “ImgBurn.AutoPlay.1” “InvokeVerb” = “HandleCDBurningOnArrival_BuildImage” HKLM\SOFTWARE\Classes\ImgBurn.AutoPlay.1\shell\HandleCDBurningOnArrival_BuildImage\Command(Default) = "“D:\Programy\ImgBurn\ImgBurn.exe” /MODE BUILD /BUILDMODE DEVICE /DEST “%1"” [“LIGHTNING UK!”] ImgBurnCDBurningOnArrival_BurnImage\ “Provider” = “ImgBurn” “InvokeProgID” = “ImgBurn.AutoPlay.1” “InvokeVerb” = “HandleCDBurningOnArrival_BurnImage” HKLM\SOFTWARE\Classes\ImgBurn.AutoPlay.1\shell\HandleCDBurningOnArrival_BurnImage\Command(Default) = "“D:\Programy\ImgBurn\ImgBurn.exe” /MODE WRITE /DEST “%1"” [“LIGHTNING UK!”] ImgBurnDVDBurningOnArrival_BuildImage\ “Provider” = “ImgBurn” “InvokeProgID” = “ImgBurn.AutoPlay.1” “InvokeVerb” = “HandleDVDBurningOnArrival_BuildImage” HKLM\SOFTWARE\Classes\ImgBurn.AutoPlay.1\shell\HandleDVDBurningOnArrival_BuildImage\Command(Default) = "“D:\Programy\ImgBurn\ImgBurn.exe” /MODE BUILD /BUILDMODE DEVICE /DEST “%1"” [“LIGHTNING UK!”] ImgBurnDVDBurningOnArrival_BurnImage\ “Provider” = “ImgBurn” “InvokeProgID” = “ImgBurn.AutoPlay.1” “InvokeVerb” = “HandleDVDBurningOnArrival_BurnImage” HKLM\SOFTWARE\Classes\ImgBurn.AutoPlay.1\shell\HandleDVDBurningOnArrival_BurnImage\Command(Default) = "“D:\Programy\ImgBurn\ImgBurn.exe” /MODE WRITE /DEST “%1"” [“LIGHTNING UK!”] ImgBurnHDDVDBurningOnArrival_BuildImage\ “Provider” = “ImgBurn” “InvokeProgID” = “ImgBurn.AutoPlay.1” “InvokeVerb” = “HandleHDDVDBurningOnArrival_BuildImage” HKLM\SOFTWARE\Classes\ImgBurn.AutoPlay.1\shell\HandleHDDVDBurningOnArrival_BuildImage\Command(Default) = "“D:\Programy\ImgBurn\ImgBurn.exe” /MODE BUILD /BUILDMODE DEVICE /DEST “%1"” [“LIGHTNING UK!”] ImgBurnHDDVDBurningOnArrival_BurnImage\ “Provider” = “ImgBurn” “InvokeProgID” = “ImgBurn.AutoPlay.1” “InvokeVerb” = “HandleHDDVDBurningOnArrival_BurnImage” HKLM\SOFTWARE\Classes\ImgBurn.AutoPlay.1\shell\HandleHDDVDBurningOnArrival_BurnImage\Command(Default) = "“D:\Programy\ImgBurn\ImgBurn.exe” /MODE WRITE /DEST “%1"” [“LIGHTNING UK!”] ImgBurnPlayBluRayOnArrival_ReadDisc\ “Provider” = “ImgBurn” “InvokeProgID” = “ImgBurn.AutoPlay.1” “InvokeVerb” = “PlayBluRayOnArrival_ReadDisc” HKLM\SOFTWARE\Classes\ImgBurn.AutoPlay.1\shell\PlayBluRayOnArrival_ReadDisc\Command(Default) = "“D:\Programy\ImgBurn\ImgBurn.exe” /MODE READ /SRC “%1"” [“LIGHTNING UK!”] ImgBurnPlayCDAudioOnArrival_ReadDisc\ “Provider” = “ImgBurn” “InvokeProgID” = “ImgBurn.AutoPlay.1” “InvokeVerb” = “PlayCDAudioOnArrival_ReadDisc” HKLM\SOFTWARE\Classes\ImgBurn.AutoPlay.1\shell\PlayCDAudioOnArrival_ReadDisc\Command(Default) = "“D:\Programy\ImgBurn\ImgBurn.exe” /MODE READ /SRC “%1"” [“LIGHTNING UK!”] ImgBurnPlayDVDMovieOnArrival_ReadDisc\ “Provider” = “ImgBurn” “InvokeProgID” = “ImgBurn.AutoPlay.1” “InvokeVerb” = “PlayDVDMovieOnArrival_ReadDisc” HKLM\SOFTWARE\Classes\ImgBurn.AutoPlay.1\shell\PlayDVDMovieOnArrival_ReadDisc\Command(Default) = "“D:\Programy\ImgBurn\ImgBurn.exe” /MODE READ /SRC “%1"” [“LIGHTNING UK!”] ImgBurnPlayHDDVDOnArrival_ReadDisc\ “Provider” = “ImgBurn” “InvokeProgID” = “ImgBurn.AutoPlay.1” “InvokeVerb” = “PlayHDDVDOnArrival_ReadDisc” HKLM\SOFTWARE\Classes\ImgBurn.AutoPlay.1\shell\PlayHDDVDOnArrival_ReadDisc\Command(Default) = ““D:\Programy\ImgBurn\ImgBurn.exe” /MODE READ /SRC “%1"” [“LIGHTNING UK!”] MSEnhancedStorageHandler\ “Provider” = “@C :\Windows\system32\EhStorShell.dll,-108” “ProgID” = “EhStorShell.AutoplayHandler” “InitCmdLine” = “Authorize” HKLM\SOFTWARE\Classes\EhStorShell.AutoplayHandler\CLSID(Default) = “{36F54939-CD3B-4C73-92D5-F9A389ED631C}” -> {HKLM…CLSID} = “Enhanced Storage Autoplay Handler Class” \InProcServer32(Default) = “C:\Windows\system32\EhStorShell.dll” [MS] MSPlayCDAudioOnArrival\ “Provider” = “@wmploc.dll ,-6502” “InvokeProgID” = “WMP.AudioCD” “InvokeVerb” = “play” HKLM\SOFTWARE\Classes\WMP.AudioCD\shell\play\command(Default) = ““C:\Program Files (x86)\Windows Media Player\wmplayer.exe” /prefetch:3 /device:AudioCD “%L”” [MS] MSPlayDVDMovieOnArrival\ “Provider” = “@wmploc.dll ,-6502” “InvokeProgID” = “WMP.DVD” “InvokeVerb” = “play” HKLM\SOFTWARE\Classes\WMP.DVD\shell\play\command(Default) = ““C:\Program Files (x86)\Windows Media Player\wmplayer.exe” /prefetch:4 /device:DVD “%L”” [MS] MSPlaySuperVideoCDMovieOnArrival\ “Provider” = “@wmploc.dll ,-6502” “InvokeProgID” = “WMP.VCD” “InvokeVerb” = “play” HKLM\SOFTWARE\Classes\WMP.VCD\shell\play\command(Default) = ““C:\Program Files (x86)\Windows Media Player\wmplayer.exe” /prefetch:4 /device:VCD “%L”” [MS] MSPlayVideoCDMovieOnArrival\ “Provider” = “@wmploc.dll ,-6502” “InvokeProgID” = “WMP.VCD” “InvokeVerb” = “play” HKLM\SOFTWARE\Classes\WMP.VCD\shell\play\command(Default) = ““C:\Program Files (x86)\Windows Media Player\wmplayer.exe” /prefetch:4 /device:VCD “%L”” [MS] MSRipCDAudioOnArrival\ “Provider” = “@wmploc.dll ,-6502” “InvokeProgID” = “WMP.RipCD” “InvokeVerb” = “Rip” HKLM\SOFTWARE\Classes\WMP.RipCD\shell\Rip\Command(Default) = ““C:\Program Files (x86)\Windows Media Player\wmplayer.exe” /prefetch:3 /RipAudioCD “%L” " [MS] MSWMPBurnCDOnArrival\ “Provider” = “@wmploc.dll ,-6502” “InvokeProgID” = “WMP.BurnCD” “InvokeVerb” = “Burn” HKLM\SOFTWARE\Classes\WMP.BurnCD\shell\Burn\Command(Default) = ““C:\Program Files (x86)\Windows Media Player\wmplayer.exe” /prefetch:3 /Task:CDWrite /Device:”%L” " [MS] MSWMPBurnDataDVDArrival\ “Provider” = “@wmploc.dll ,-6502” “InvokeProgID” = “WMP.BurnDVD” “InvokeVerb” = “Burn” HKLM\SOFTWARE\Classes\WMP.BurnDVD\shell\Burn\Command(Default) = ““C:\Program Files (x86)\Windows Media Player\wmplayer.exe” /prefetch:3 /Task:DVDWrite /Device:”%L” " [MS] NeroAutoPlay9AudioToNeroDigital\ “Provider” = “Nero SoundTrax” “InvokeProgID” = “Nero.AutoPlay8” “InvokeVerb” = “AudioToNeroDigital_PlayCDAudioOnArrival” HKLM\SOFTWARE\Classes\Nero.AutoPlay8\shell\AudioToNeroDigital_PlayCDAudioOnArrival\command(Default) = “D:\Programy\Nero 9\Nero 9\Nero SoundTrax\SoundTrax.exe /” [“Nero AG”] NeroAutoPlay9CDAudio\ “Provider” = “Nero Burning ROM” “InvokeProgID” = “Nero.AutoPlay8” “InvokeVerb” = “CDAudio_HandleCDBurningOnArrival” HKLM\SOFTWARE\Classes\Nero.AutoPlay8\shell\CDAudio_HandleCDBurningOnArrival\command(Default) = “D:\Programy\Nero 9\Nero 9\Nero Burning ROM\Nero.exe /New:AudioCD %L” [“Nero AG”] NeroAutoPlay9CopyCD\ “Provider” = “Nero Burning ROM” “InvokeProgID” = “Nero.AutoPlay8” “InvokeVerb” = “CopyCD_PlayMusicFilesOnArrival” HKLM\SOFTWARE\Classes\Nero.AutoPlay8\shell\CopyCD_PlayMusicFilesOnArrival\command(Default) = “D:\Programy\Nero 9\Nero 9\Nero Burning ROM\Nero.exe /Dialog:DiscCopy %L” [“Nero AG”] NeroAutoPlay9DataDisc\ “Provider” = “Nero Burning ROM” “InvokeProgID” = “Nero.AutoPlay8” “InvokeVerb” = “DataDisc_HandleCDBurningOnArrival” HKLM\SOFTWARE\Classes\Nero.AutoPlay8\shell\DataDisc_HandleCDBurningOnArrival\command(Default) = “D:\Programy\Nero 9\Nero 9\Nero Burning ROM\Nero.exe /New:ISODisc %L” [“Nero AG”] NeroAutoPlay9DVDVideoToNeroDigital\ “Provider” = “Nero Recode” “InvokeProgID” = “Nero.AutoPlay8” “InvokeVerb” = “DVDVideoToNeroDigital_PlayDVDMovieOnArrival” HKLM\SOFTWARE\Classes\Nero.AutoPlay8\shell\DVDVideoToNeroDigital_PlayDVDMovieOnArrival\command(Default) = “D:\Programy\Nero 9\Nero 9\Nero Recode\Recode.exe /New:ReAuthorNeroDigital” [“Nero AG”] NeroAutoPlay9LaunchNeroStartSmart\ “Provider” = “Nero StartSmart” “InvokeProgID” = “Nero.AutoPlay8” “InvokeVerb” = “LaunchNeroStartSmart_HandleCDBurningOnArrival” HKLM\SOFTWARE\Classes\Nero.AutoPlay8\shell\LaunchNeroStartSmart_HandleCDBurningOnArrival\command(Default) = “D:\Programy\Nero 9\Nero 9\Nero StartSmart\NeroStartSmart.exe /AutoPlay” [“Nero AG”] NeroAutoPlay9PlayAudioCD\ “Provider” = “Nero ShowTime” “InvokeProgID” = “Nero.AutoPlay8” “InvokeVerb” = “PlayAudioCD_PlayMusicFilesOnArrival” HKLM\SOFTWARE\Classes\Nero.AutoPlay8\shell\PlayAudioCD_PlayMusicFilesOnArrival\command(Default) = “D:\Programy\Nero 9\Nero 9\Nero ShowTime\ShowTime.exe /Play %L” [“Nero AG”] NeroAutoPlay9PlayDVD\ “Provider” = “Nero ShowTime” “InvokeProgID” = “Nero.AutoPlay8” “InvokeVerb” = “PlayDVD_PlayVideoFilesOnArrival” HKLM\SOFTWARE\Classes\Nero.AutoPlay8\shell\PlayDVD_PlayVideoFilesOnArrival\command(Default) = “D:\Programy\Nero 9\Nero 9\Nero ShowTime\ShowTime.exe /Play %L” [“Nero AG”] NeroAutoPlay9RipCD\ “Provider” = “Nero Burning ROM” “InvokeProgID” = “Nero.AutoPlay8” “InvokeVerb” = “RipCD_PlayCDAudioOnArrival” HKLM\SOFTWARE\Classes\Nero.AutoPlay8\shell\RipCD_PlayCDAudioOnArrival\command(Default) = “D:\Programy\Nero 9\Nero 9\Nero Burning ROM\Nero.exe /Dialog:SaveTracks %L” [“Nero AG”] NeroAutoPlay9TranscodeVideo\ “Provider” = “Nero Recode” “InvokeProgID” = “Nero.AutoPlay8” “InvokeVerb” = “TranscodeVideo_PlayDVDMovieOnArrival” HKLM\SOFTWARE\Classes\Nero.AutoPlay8\shell\TranscodeVideo_PlayDVDMovieOnArrival\command(Default) = “D:\Programy\Nero 9\Nero 9\Nero Recode\Recode.exe /New:CopyDVDVideo” [“Nero AG”] NeroAutoPlay9VideoCapture\ “Provider” = “Nero Vision” “ProgID” = “Shell.HWEventHandlerShellExecute” “InitCmdLine” = ““D:\Programy\Nero 9\Nero 9\Nero Vision\NeroVision.exe” /New:VideoCapture” HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID(Default) = “{FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}” -> {HKLM…CLSID} = “Shell Execute Hardware Event Handler” \LocalServer32(Default) = “C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}” [MS] NeroAutoPlay9ViewPhotos\ “Provider” = “Nero PhotoSnap Viewer” “InvokeProgID” = “Nero.AutoPlay8” “InvokeVerb” = “ViewPhotos_ShowPicturesOnArrival” HKLM\SOFTWARE\Classes\Nero.AutoPlay8\shell\ViewPhotos_ShowPicturesOnArrival\command(Default) = “D:\Programy\Nero 9\Nero 9\Nero PhotoSnap\PhotoSnapViewer.exe /” [“Nero AG”] WIA_{8D9A0D0E-AC03-4EAD-88BD-DCF278EEAA03}\ “Provider” = “Microsoft Office Publisher” “CLSID” = “{A55803CC-4D53-404c-8557-FD63DBA95D24}” “InitCmdLine” = “/WiaCmd;C:\Program Files (x86)\Microsoft Office\Office12\MSPUB.EXE /IMG_STI /StiDevice:%1 /StiEvent:%2;” -> {HKLM…CLSID} = “WPDShextAutoplay” \LocalServer32(Default) = “C:\Windows\system32\WPDShextAutoplay.exe” [MS] WIA_{913A6FB8-B4E3-4BC7-943A-2FE59FA467AD}\ “Provider” = “Microsoft Office Publisher” “CLSID” = “{A55803CC-4D53-404c-8557-FD63DBA95D24}” “InitCmdLine” = “/WiaCmd;C:\Program Files (x86)\Microsoft Office\Office12\MSPUB.EXE /IMG_WIA;” -> {HKLM…CLSID} = “WPDShextAutoplay” \LocalServer32(Default) = “C:\Windows\system32\WPDShextAutoplay.exe” [MS] WIA_{D277346E-70A3-401B-A47D-E15957478C9D}\ “Provider” = “Microsoft Office Word” “CLSID” = “{A55803CC-4D53-404c-8557-FD63DBA95D24}” “InitCmdLine” = “/WiaCmd;C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE /IMG_WIA;” -> {HKLM…CLSID} = “WPDShextAutoplay” \LocalServer32(Default) = “C:\Windows\system32\WPDShextAutoplay.exe” [MS] Non-disabled Scheduled Tasks: ----------------------------- C:\Windows\System32\Tasks “User_Feed_Synchronization-{9950DDBF-D719-46B9-8AD5-42C85509F17E}” -> (HIDDEN!) launches: “C:\Windows\system32\msfeedssync.exe sync” [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Active Directory Rights Management Services Client “AD RMS Rights Policy Template Management (Manual)” -> launches: “{BF5CB148-7C77-4d8a-A53E-D81C70CF743C}” -> {HKLM…CLSID} = “AD RMS Rights Policy Template Management (Manual) Task Handler” \InProcServer32(Default) = “C:\Windows\system32\msdrm.dll” [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Bluetooth “UninstallDeviceTask” -> launches: “BthUdTask.exe $(Arg0)” [MS] C:\Windows\System32\Tasks\Microsoft\Windows\CertificateServicesClient “SystemTask” -> launches: “{58fb76b9-ac85-4e55-ac04-427593b1d060}” -> {HKLM…CLSID} = “Certificate Services Client Task Handler” \InProcServer32(Default) = “C:\Windows\system32\dimsjob.dll” [MS] “UserTask” -> launches: “{58fb76b9-ac85-4e55-ac04-427593b1d060}” -> {HKLM…CLSID} = “Certificate Services Client Task Handler” \InProcServer32(Default) = “C:\Windows\system32\dimsjob.dll” [MS] “UserTask-Roam” -> launches: “{58fb76b9-ac85-4e55-ac04-427593b1d060}” -> {HKLM…CLSID} = “Certificate Services Client Task Handler” \InProcServer32(Default) = “C:\Windows\system32\dimsjob.dll” [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program “Consolidator” -> launches: “%SystemRoot%\System32\wsqmcons.exe” [MS] “OptinNotification” -> launches: “%SystemRoot%\System32\wsqmcons.exe -n 0x1C577FA2B69CAD0” [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Defrag “ScheduledDefrag” -> launches: “%windir%\system32\defrag.exe -c -i” [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Media Center “ehDRMInit” -> launches: “%SystemRoot%\ehome\ehPrivJob.exe /DRMInit” [MS] “mcupdate” -> launches: “%SystemRoot%\ehome\mcupdate $(Arg0) -gc” [MS] “OCURActivate” -> launches: “%SystemRoot%\ehome\ehPrivJob.exe /OCURActivate” [MS] “OCURDiscovery” -> launches: “%SystemRoot%\ehome\ehPrivJob.exe /OCURDiscovery” [MS] “UpdateRecordPath” -> launches: “%SystemRoot%\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0)” [MS] C:\Windows\System32\Tasks\Microsoft\Windows\MobilePC “HotStart” -> launches: “{06DA0625-9701-43da-BFD7-FBEEA2180A1E}” -> {HKLM…CLSID} = “HotStart User Agent” \InProcServer32(Default) = “C:\Windows\System32\HotStartUserAgent.dll” [MS] “TMM” -> launches: “{35EF4182-F900-4632-B072-8639E4478A61}” -> {HKLM…CLSID} = “Transient Multi-Monitor Manager” \InProcServer32(Default) = “C:\Windows\System32\TMM.dll” [MS] C:\Windows\System32\Tasks\Microsoft\Windows\MUI “LPRemove” -> launches: “%windir%\system32\lpremove.exe” [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Multimedia “SystemSoundsService” -> launches: “{2DEA658F-54C1-4227-AF9B-260AB5FC3543}” -> {HKLM…CLSID} = “Microsoft PlaySoundService Class” \InProcServer32(Default) = “C:\Windows\System32\PlaySndSrv.dll” [MS] C:\Windows\System32\Tasks\Microsoft\Windows\NetworkAccessProtection “NAPStatus UI” -> launches: “{f09878a1-4652-4292-aa63-8c7d4fd7648f}” -> {HKLM…CLSID} = “Nap ITask Handler Implementation” \InProcServer32(Default) = “C:\Windows\System32\QAgent.dll” [MS] C:\Windows\System32\Tasks\Microsoft\Windows\RAC “RACAgent” -> (HIDDEN!) launches: “%windir%\system32\RacAgent.exe” [MS] C:\Windows\System32\Tasks\Microsoft\Windows\RemoteAssistance “RemoteAssistanceTask” -> (HIDDEN!) launches: “%windir%\system32\RAServer.exe /offerraupdate” [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Shell “CrawlStartPages” -> launches: “{51653423-e62d-4ff7-894a-dabb2b8e21e2}” -> {HKLM…CLSID} = “CrawlStartPages Task Handler” \InProcServer32(Default) = “C:\Windows\System32\srchadmin.dll” [MS] C:\Windows\System32\Tasks\Microsoft\Windows\SideShow “GadgetManager” -> launches: “{FF87090D-4A9A-4f47-879B-29A80C355D61}” -> {HKLM…CLSID} = “GadgetsManager Class” \InProcServer32(Default) = “C:\Windows\System32\AuxiliaryDisplayServices.dll” [MS] C:\Windows\System32\Tasks\Microsoft\Windows\SystemRestore “SR” -> launches: “%windir%\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation” [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Tcpip “IpAddressConflict1” -> launches: “rundll32 ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem” [MS] “IpAddressConflict2” -> launches: “rundll32 ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem” [MS] “WSHReset” -> (HIDDEN!) launches: “%systemroot%\system32\netsh.exe interface tcp set heuristic wsh=default” [MS] C:\Windows\System32\Tasks\Microsoft\Windows\TextServicesFramework “MsCtfMonitor” -> (HIDDEN!) launches: “{01575cfe-9a55-4003-a5e1-f38d1ebdcbe1}” -> {HKLM…CLSID} = “MsCtfMonitor task handler” \InProcServer32(Default) = “C:\Windows\system32\MsCtfMonitor.dll” [MS] C:\Windows\System32\Tasks\Microsoft\Windows\UPnP “UPnPHostConfig” -> launches: “sc.exe config upnphost start= auto” [MS] C:\Windows\System32\Tasks\Microsoft\Windows\WDI “ResolutionHost” -> (HIDDEN!) launches: “{900be39d-6be8-461a-bc4d-b0fa71f5ecb1}” -> {HKLM…CLSID} = “DiagnosticInfrastructureCustomHandler” \InProcServer32(Default) = “C:\Windows\System32\wdi.dll” [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Windows Error Reporting “QueueReporting” -> launches: “%windir%\system32\wermgr.exe -queuereporting” [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Wired “GatherWiredInfo” -> launches: “%windir%\system32\gatherWiredInfo.vbs” [null data] C:\Windows\System32\Tasks\Microsoft\Windows\Wireless “GatherWirelessInfo” -> launches: “%windir%\system32\gatherWirelessInfo.vbs” [null data] C:\Windows\System32\Tasks\Microsoft\Windows Defender “MP Scheduled Scan” -> (HIDDEN!) launches: “c:\program files\windows defender\MpCmdRun.exe Scan -RestrictPrivileges” [MS] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = “%SystemRoot%\system32\NLAapi.dll” [MS] 000000000002\LibraryPath = “%SystemRoot%\system32\napinsp.dll” [MS] 000000000003\LibraryPath = “%SystemRoot%\system32\pnrpnsp.dll” [MS] 000000000004\LibraryPath = “%SystemRoot%\system32\pnrpnsp.dll” [MS] 000000000005\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] 000000000006\LibraryPath = “%SystemRoot%\System32\winrnr.dll” [MS] Transport Service Providers HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 10 Miscellaneous IE Hijack Points ------------------------------ C:\WINDOWS\INF\IERESET.INF (used to “Reset Web Settings”) <> C:\WINDOWS\INF\IERESET.INF was not found! HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\ <> “InPrivate” = “res://ieframe.dll/inprivate.htm” [MS] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ Avira AntiVir Guard, AntiVirService, ““C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe”” [“Avira GmbH”] Avira AntiVir Scheduler, AntiVirSchedulerService, ““C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe”” [“Avira GmbH”] COMODO Firewall Pro Helper Service, cmdAgent, ““C:\Program Files\COMODO\Firewall\cmdagent.exe”” [“COMODO”] NVIDIA Display Driver Service, nvsvc, “C:\Windows\system32\nvvsvc.exe” [“NVIDIA Corporation”] StarWind AE Service, StarWindServiceAE, “D:\Programy\Alcohol\Alcohol 120\StarWind\StarWindServiceAE.exe” [“Rocket Division Software”] Usługa Protokół SSTP, SstpSvc, “C:\Windows\system32\svchost.exe -k LocalService” {“C:\Windows\system32\sstpsvc.dll” [MS]} Windows Driver Foundation — User-mode Driver Framework, wudfsvc, “C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted” {“C:\Windows\System32\WUDFSvc.dll” [MS]} Windows Image Acquisition (WIA), stisvc, “C:\Windows\system32\svchost.exe -k imgsvc” {“C:\Windows\System32\wiaservc.dll” [MS]} ---------- (launch time: 2009-09-07 17:33:41) <>: Suspicious data at a malware launch point. <>: Suspicious data at a browser hijack point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + The search for DESKTOP.INI DLL launch points on all local fixed drives took 176 seconds. ---------- (total run time: 223 seconds)
deFco247
(deFco247)
7 Wrzesień 2009 15:43
#2
Logi wklejasz na wklej.org lub wklej.to , a w poście dajesz link.
Pokaż logi OTL
(Na Windows Vista uruchamiamy program z menu Uruchom jako Administrator… )
oraz GMER .
W GMER nic nie zmieniamy -> wciskamy Szukaj (skan potrwa kilkadziesiąt minut) -> po skanie Kopiuj .
A co do zawieszania: sprawdź temperatury podzespołów np. Everestem oraz podaj model zasilacza.
system
(system)
7 Wrzesień 2009 18:32
#4
deFco247
Gmer
http://wklej.org/hash/962f8d1387/
OTL
http://wklej.org/hash/151073891d/
SillentRunners
http://wklej.org/hash/e9cef026c5/
trubul.as999
Wydaje mi się ,że temperatury mam dobre,a zasilacz mam jakiś FEEL.
deFco247
(deFco247)
7 Wrzesień 2009 18:35
#5
To może być właśnie przyczyna problemu wieszania się.
Podmień go na jakiś markowy i sprawdź. http://forum.pclab.pl/index.php?showtopic=142996
http://forum.hotfix.pl/viewtopic.php?f=22&t=160
Wśród złych Modecom FEEL (zły zasilacz dobrej marki). Zamień na jakiś porządny (np. BeQuiet, Corsair lub Chieftec; zresztą lista w linku wyżej).