Kłopot z uciązliwym paskiem i komunikatem na górze okna


(Endidevil) #1

prosze o pomoc i szybą odpowieć w sprawdzeniu loga przepraszam że nie doczytałem wiec moim problemem jest wyskakująca link w internet eksploler który nie wiadomo jak zamknąć a takrze dodatkowy pasek narzedzi prowadzacy też do tamtej strony pasek ten nazywa sie

" the nssfrch" wyczytałem że to własnie po to powstał hijack wiec prosze o pomoc czy i wyjasnienie czy moje obawy są słuszne jesli tak to prosze o strawdzenie loga jeśli nie to prosze o podanie sposobu jak moge sie pozbyć wyskakującego paska narzedzi i komunikatu znajdującego na samej gurze okna przeglądarki treśc tego komunikatu jest nastepująca "" po klikniecu na link otwiera sie

ta strona

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 10:28:41, on 2007-11-03

Platform: Windows Vista (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16546)

Boot mode: Normal


Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Windows\SMINST\scheduler.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\PDF Complete\pdfsty.exe

C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe

C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Program Files\WinZip\WZQKPICK.EXE

C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe

C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE

C:\Program Files\Opera\Opera.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.hp.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hp.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 

O1 - Hosts: ::1 localhost

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll

O2 - BHO: MSVPS System - {24038BE3-4EF2-41E2-A603-4CE3BDD9E874} - C:\Windows\movctrlqtn.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: The nssfrch - {1699137C-B90E-4488-97BC-575C896C2B5C} - C:\Windows\nssfrch.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [PDF Complete] "C:\Program Files\PDF Complete\pdfsty.exe"

O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start

O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe

O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [SetPoint] C:\Program Files\Logitech\SetPoint\SetPoint.EXE

O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe

O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe

O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

O4 - HKLM\..\RunOnce: [ST Recovery Launcher] %WINDIR%\SMINST\launcher.exe

O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden

O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray

O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart

O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'USŁUGA LOKALNA')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'USŁUGA LOKALNA')

O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'USŁUGA SIECIOWA')

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe

O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE

O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O13 - Gopher Prefix: 

O20 - Winlogon Notify: DeviceNP - C:\Windows\SYSTEM32\DeviceNP.dll

O21 - SSODL: bxsbang - {EF415BF9-7C41-4C9A-980E-0C93BA032D8E} - C:\Windows\bxsbang.dll

O21 - SSODL: ocgrep - {BAF75EB9-E1E8-4C3F-A871-9BD634E21919} - C:\Windows\ocgrep.dll

O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\Windows\system32\AEADISRV.EXE

O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe

O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe

O23 - Service: HP ProtectTools Device Locking / Auditing (FLCDLOCK) - Hewlett-Packard Ltd - C:\Windows\system32\flcdlock.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Harmonogram automatycznej usługi LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe

O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exe

O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe


--

End of file - 11017 bytes

(jessica) #2

.

Tak, @snav ma rację, ale tym zajmie się Moderator.

Użyj -->SmitfraudFix.

Użyj go z opcji "Clean", czyli wpisz 2 i naciśnij ENTER.

Po jego użyciu może zajść potrzeba ustawiania od nowa tapety (czyli prawoklik na ekranie>>właściwości, itd. )

Daj z niego raport z C:\SmitfraudFix.txt

Daj jego raport.

jessi


(squeet) #3

endidevil witaj na Forum.

Proszę o lekturę poniższych tematów:

:arrow: http://forum.dobreprogramy.pl/viewtopic.php?t=36654

:arrow: http://forum.dobreprogramy.pl/viewtopic.php?t=66889

  • Proszę zmienić tytuł swojego tematu na konkretny, mówiący o problemie.

(Endidevil) #4

czyli teraz już temat dobrze jest ?? i cała reszta


(jessica) #5

W każdym razie - zrób to, co zaleciłam Ci wcześniej.

jessi


(Endidevil) #6

oki zrobiłem a oto raport

SmitFraudFix v2.246


Scan done at 11:58:17,59, 2007-11-03

Run from C:\Users\Kasia\Desktop\SmitfraudFix

OS: Microsoft Windows [Wersja 6.0.6000] - Windows_NT

The filesystem type is NTFS

Fix run in safe mode


»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!Attention, following keys are not inevitably infected!


SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» Killing process



»»»»»»»»»»»»»»»»»»»»»»»» hosts



127.0.0.1 localhost

::1 localhost


»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix


S!Ri's WS2Fix: LSP not Found.



»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix


GenericRenosFix by S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


C:\Windows\bxsbang.dll Deleted

Deleting [HKEY_CLASSES_ROOT\CLSID\{EF415BF9-7C41-4C9A-980E-0C93BA032D8E}]

C:\Windows\kthemup.exe Deleted

C:\Windows\movctrlqtn.dll Deleted

C:\Windows\nssfrch.dll Deleted

C:\Windows\ocgrep.dll Deleted

Deleting [HKEY_CLASSES_ROOT\CLSID\{BAF75EB9-E1E8-4C3F-A871-9BD634E21919}]

C:\Program Files\VideoAccessCodec\ Deleted


»»»»»»»»»»»»»»»»»»»»»»»» DNS


HKLM\SYSTEM\CCS\Services\Tcpip\..\{49440F7F-3AE3-4B76-A711-D78B64A11C45}: DhcpNameServer=62.179.1.60 62.179.1.61

HKLM\SYSTEM\CCS\Services\Tcpip\..\{B3C71535-AEC4-438A-A660-46D6C79804B7}: DhcpNameServer=62.179.1.60 62.179.1.61

HKLM\SYSTEM\CS1\Services\Tcpip\..\{49440F7F-3AE3-4B76-A711-D78B64A11C45}: DhcpNameServer=62.179.1.60 62.179.1.61

HKLM\SYSTEM\CS1\Services\Tcpip\..\{B3C71535-AEC4-438A-A660-46D6C79804B7}: DhcpNameServer=62.179.1.60 62.179.1.61

HKLM\SYSTEM\CS2\Services\Tcpip\..\{49440F7F-3AE3-4B76-A711-D78B64A11C45}: DhcpNameServer=62.179.1.60 62.179.1.61

HKLM\SYSTEM\CS2\Services\Tcpip\..\{B3C71535-AEC4-438A-A660-46D6C79804B7}: DhcpNameServer=62.179.1.60 62.179.1.61

HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=62.179.1.60 62.179.1.61

HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=62.179.1.60 62.179.1.61

HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=62.179.1.60 62.179.1.61



»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files



»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!Attention, following keys are not inevitably infected!


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]



»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning


Registry Cleaning done. 


»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!Attention, following keys are not inevitably infected!


SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll



»»»»»»»»»»»»»»»»»»»»»»»» End


[/code]

[color=darkblue][size=75]Złączono Posta: 03.11.2007 (Sob) 12:11[/size][/color]

teraz już koniec czy coś jeszcze trzeba zrobic??


(jessica) #7

Nie widzę, by SmitfraudFix usuwał ten plik, choć powinien go usuwać.

Na wszelki wypadek daj log z ComboFix (na dole tej strony z linku) -

Log wklej na http://wklej.org/, a w poście daj tylko link.(czyli skopiuj adres z paska adresów).

jessi


(Endidevil) #8

mam viste i on nie chodzi co mam zrobić??


(jessica) #9

Od kilku dni ComboFix w najnowszej wersji działa także na VIŚCIE.

Jeśli jednak u Ciebie nie będzie działał, to zrób log z Hijacka i zobacz, czy ten wpis zniknął.

jessi


(Endidevil) #10

zrobiłem log za pomocą Deckard's System Scanner i wyszły 2 pliki jeden o nazwie main.txt a drugi extra.txt i w main

Deckard's System Scanner v20071014.68

Run by Kasia on 2007-11-03 12:35:53

Computer is in Normal Mode.

--------------------------------------------------------------------------------


-- Last 5 Restore Point(s) --

6: 2007-11-02 19:05:20 UTC - RP266 - Windows Update

5: 2007-10-31 06:20:08 UTC - RP264 - Windows Update

4: 2007-10-30 20:14:40 UTC - RP262 - Zaplanowany punkt kontrolny

3: 2007-10-29 19:42:03 UTC - RP260 - Zaplanowany punkt kontrolny

2: 2007-10-28 19:34:16 UTC - RP258 - Zaplanowany punkt kontrolny



-- First Restore Point -- 

1: 2007-10-27 11:56:27 UTC - RP256 - Zaplanowany punkt kontrolny



Backed up registry hives.

Performed disk cleanup.


[color=red]Total Physical Memory: 1015 MiB (1024 MiB recommended).[/color]



-- HijackThis Clone ------------------------------------------------------------



Emulating logfile of Trend Micro HijackThis v2.0.2

Scan saved at 2007-11-03 12:38:47

Platform: Windows Vista (6.00.6000)

MSIE: Internet Explorer (7.00.6000.16386)

Boot mode: Normal


Running processes:

C:\Windows\System32\dwm.exe

C:\Windows\explorer.exe

C:\Windows\System32\taskeng.exe

C:\Windows\SMINST\Scheduler.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\PDF Complete\pdfsty.exe

C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe

C:\Program Files\WinZip\WZQKPICK.EXE

C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe

C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE

C:\Windows\System32\igfxsrvc.exe

C:\Windows\System32\taskeng.exe

C:\Program Files\Opera\Opera.exe

C:\Users\Kasia\Desktop\dss.exe

C:\Windows\System32\conime.exe


R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsoft.com/access/autosearch.asp?p=%s

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBHO.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar2.dll

O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar2.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [PDF Complete] "C:\Program Files\PDF Complete\pdfsty.exe"

O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start

O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe

O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [SetPoint] C:\Program Files\Logitech\SetPoint\SetPoint.EXE

O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe

O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe

O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

O4 - HKLM\..\RunOnce: [ST Recovery Launcher] %WINDIR%\SMINST\launcher.exe

O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden

O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray

O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart

O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'NETWORK SERVICE')

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: DVD Check.lnk = ?

O4 - Global Startup: Logitech SetPoint.lnk = ?

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE

O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\microsoft shared\Web Components\11\OWC11.DLL

O20 - Winlogon Notify: DeviceNP - C:\Windows\system32\DeviceNP.dll

O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\Windows\System32\AEADISRV.EXE

O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\System32\agrsmsvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe

O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe

O23 - Service: HP ProtectTools Device Locking / Auditing (FLCDLOCK) - Hewlett-Packard Ltd - C:\Windows\System32\flcdlock.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Harmonogram automatycznej usługi LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe

O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE

O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

O23 - Service: Nero BackItUp Scheduler 3 - Unknown owner - C:\Program Files\Nero\Nero8\Nero

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exe

O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe



--

End of file - 10292 bytes


-- File Associations -----------------------------------------------------------


[COLOR=red].cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*[/COLOR]



-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------


All drivers whitelisted.



-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------


R2 HP Health Check Service - "c:\program files\hewlett-packard\hp health check\hphc_service.exe" 

R2 Nero BackItUp Scheduler 3 - c:\program files\nero\nero8\nero backitup\nbservice.exe


S3 Com4Qlb - "c:\program files\hewlett-packard\hp quick launch buttons\com4qlb.exe" 

S3 FLCDLOCK (HP ProtectTools Device Locking / Auditing) - c:\windows\system32\flcdlock.exe 



-- Device Manager: Disabled ----------------------------------------------------


No disabled devices found.



-- Scheduled Tasks -------------------------------------------------------------


2007-11-03 10:55:43 580 --a------ C:\Windows\Tasks\Norton Internet Security - Uruchom pełne skanowanie systemu - Kasia.job

2007-10-29 15:30:34 322 --a------ C:\Windows\Tasks\HPCeeScheduleForKasia.job



-- Files created between 2007-10-03 and 2007-11-03 -----------------------------


2007-11-03 11:58:24 7372 --a------ C:\Windows\system32\tmp.reg

2007-10-21 19:16:46 0 d-------- C:\Users\All Users\Real

2007-10-21 19:16:46 0 d-------- C:\Program Files\Real Alternative

2007-10-16 21:50:34 0 d-------- C:\Program Files\Combined Community Codec Pack

2007-10-16 21:30:38 0 d-------- C:\Program Files\SubEdit-Player

2007-10-16 12:33:32 0 d-------- C:\Program Files\Cambridge

2007-10-12 14:31:32 0 d-------- C:\Users\All Users\eMule

2007-10-12 14:31:14 0 d-------- C:\Program Files\eMule

2007-10-07 09:55:24 0 d-------- C:\Program Files\Screamer_Radio

2007-10-06 16:05:43 0 d-------- C:\Program Files\TryMedia

2007-10-06 16:03:42 0 d-------- C:\Program Files\Worms 2

2007-10-06 13:32:40 0 d-------- C:\Program Files\Team17 Software Ltd

2007-10-05 18:05:07 0 d-------- C:\Program Files\worms armagedon

2007-10-05 17:04:56 327168 --a------ C:\Windows\IsUn0415.exe 

2007-10-05 16:53:21 0 d-------- C:\Program Files\DAEMON Tools

2007-10-05 16:37:20 0 d-------- C:\Users\All Users\LightScribe

2007-10-05 16:20:55 0 d-------- C:\Users\All Users\Nero

2007-10-05 16:20:55 0 d-------- C:\Program Files\Nero

2007-10-05 16:20:55 0 d-------- C:\Program Files\Common Files\Nero

2007-10-05 13:41:23 0 d-------- C:\Program Files\WhenUSearch

2007-10-05 13:36:38 685816 --a------ C:\Windows\system32\drivers\sptd.sys



-- Find3M Report ---------------------------------------------------------------


2007-11-03 12:08:44 591502 --a------ C:\Windows\system32\perfh015.dat

2007-11-03 12:08:44 109094 --a------ C:\Windows\system32\perfc015.dat

2007-11-03 11:53:34 12 --a------ C:\Windows\bthservsdp.dat

2007-10-28 11:49:39 0 d-------- C:\Users\Kasia\AppData\Roaming\f2fElementary

2007-10-21 19:16:46 0 d-------- C:\Users\Kasia\AppData\Roaming\Real

2007-10-14 10:35:45 0 d-------- C:\Users\Kasia\AppData\Roaming\Adobe

2007-10-08 18:42:46 0 d-------- C:\Users\Kasia\AppData\Roaming\AdobeUM

2007-10-07 16:58:05 0 d-------- C:\Program Files\Java

2007-10-07 11:04:37 0 d-------- C:\Users\Kasia\AppData\Roaming\Hewlett-Packard

2007-10-06 13:32:39 0 d--h----- C:\Program Files\InstallShield Installation Information

2007-10-05 16:26:55 0 d-------- C:\Users\Kasia\AppData\Roaming\Nero

2007-10-05 16:26:16 0 d-------- C:\Program Files\Winamp

2007-10-05 16:20:55 0 d-------- C:\Program Files\Common Files

2007-10-04 12:02:04 0 d-------- C:\Program Files\Symantec

2007-10-03 15:19:29 0 d-------- C:\Users\Kasia\AppData\Roaming\SampleView

2007-10-02 20:00:24 0 -rahs---- C:\MSDOS.SYS

2007-10-02 20:00:24 0 -rahs---- C:\IO.SYS

2007-10-01 11:21:44 0 d-------- C:\Program Files\Windows Mail

2007-10-01 10:46:43 0 d-------- C:\Program Files\Microsoft SQL Server

2007-10-01 10:40:51 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2

2007-10-01 10:30:05 0 d-------- C:\Program Files\MSXML 4.0

2007-09-30 20:18:31 0 d-------- C:\Users\Kasia\AppData\Roaming\Google

2007-09-30 20:02:31 0 d-------- C:\Program Files\Google

2007-09-30 19:44:25 0 d-------- C:\Program Files\Common Files\Symantec Shared

2007-09-30 19:43:30 0 d-------- C:\Program Files\Norton Internet Security

2007-09-26 16:27:29 0 d-------- C:\Users\Kasia\AppData\Roaming\Winamp

2007-09-26 16:25:14 0 d-------- C:\Users\Kasia\AppData\Roaming\Opera

2007-09-26 16:25:05 0 d-------- C:\Program Files\Opera

2007-09-26 16:23:20 0 d-------- C:\Program Files\Gadu-Gadu

2007-09-26 16:19:47 0 d-------- C:\Program Files\Common Files\Adobe

2007-09-26 15:52:08 0 d-------- C:\Program Files\Microsoft FrontPage

2007-09-26 15:49:52 0 d-------- C:\Users\Kasia\AppData\Roaming\Microsoft Web Folders

2007-09-19 08:03:01 0 d-------- C:\Users\Kasia\AppData\Roaming\InterVideo

2007-09-18 18:24:05 0 d-------- C:\Users\Kasia\AppData\Roaming\Logitech

2007-09-18 18:19:05 0 d-------- C:\Program Files\MUSICMATCH

2007-09-18 18:18:12 0 d-------- C:\Program Files\Common Files\Logitech

2007-09-18 18:17:59 0 d-------- C:\Program Files\Logitech

2007-09-18 18:10:18 0 d-------- C:\Users\Kasia\AppData\Roaming\Identities

2007-09-18 18:04:38 0 d-------- C:\Users\Kasia\AppData\Roaming\Macromedia

2007-09-18 18:00:15 0 d-------- C:\Program Files\Macrovision Corp

2007-09-18 17:59:30 0 d-------- C:\Program Files\InterVideo

2007-09-18 17:57:39 0 d-------- C:\Program Files\Common Files\InterVideo

2007-09-18 17:57:24 0 d-------- C:\Users\Kasia\AppData\Roaming\InstallShield

2007-09-18 17:57:08 0 d-------- C:\Program Files\Common Files\InstallShield



-- Registry Dump ---------------------------------------------------------------


*Note* empty entries & legit default entries are not shown



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-07-26 23:40]

"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2007-02-21 14:14]

"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2007-06-13 10:01]

"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2007-06-13 10:01]

"Persistence"="C:\Windows\system32\igfxpers.exe" [2007-06-13 10:01]

"PDF Complete"="C:\Program Files\PDF Complete\pdfsty.exe" [2007-05-08 07:38]

"PTHOSTTR"="C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.exe" [2007-01-09 14:52]

"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-06-07 19:14]

"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-05-11 12:21]

"WAWifiMessage"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-10 15:12]

"HP Health Check Scheduler"="c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-06-05 08:12]

"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 14:59]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]

"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-06-11 07:55]

"HP Software Update"="c:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 22:11]

"SetPoint"="C:\Program Files\Logitech\SetPoint\SetPoint.EXE" [2005-03-31 16:19]

"MMTray"="C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe" [2004-04-20 15:50]

"WinampAgent"="C:\Program Files\Winamp\winampa.exe" []

"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 10:22]

"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 14:57]

"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 08:51]


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2006-11-02 13:34]

"LightScribe Control Panel"="C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-04-19 12:26]

"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2007-01-30 15:58]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-09-20 14:35]

"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-08-16 12:24]

"eMuleAutoStart"="C:\Program Files\eMule\emule.exe" [2007-05-13 15:57]


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]

"ST Recovery Launcher"=%WINDIR%\SMINST\launcher.exe


C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\

Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 06:05:26]

DVD Check.lnk - C:\Program Files\InterVideo\DVD Check\DVDCheck.exe [2007-09-18 17:57:12]

Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-09-18 18:18:09]

Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 20:05:56]

WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2007-09-26 16:29:09]


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"=2 (0x2)


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP] 

DeviceNP.dll 2007-06-08 08:04 49152 C:\Windows\System32\DeviceNP.dll


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]

@="Service"


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]

@="Service"


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]

@="Service"


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]

@="Service"


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]

@="Service"


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]

@="Service"


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]

@="Service"


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]

@="Service"


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]

@="Service"


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]

@="Service"


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]

@="Driver"


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]

@="Driver"


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]

@="Volume shadow copy"


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]

@="IEEE 1394 Bus host controllers"


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]

@="SBP2 IEEE 1394 Devices"


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]

@="SecurityDevices"


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalService	nsi lltdsvc SSDPSRV upnphost SCardSvr w32time EventSystem RemoteRegistry WinHttpAutoProxySvc lanmanworkstation TBS SLUINotify THREADORDER fdrespub netprofm fdphost wcncsvc QWAVE WebClient

LocalSystemNetworkRestricted	hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc wlansvc EMDMgmt TabletInputService WPDBusEnum

LocalServiceNoNetwork	PLA DPS BFE mpssvc

bthsvcs	BthServ


*Newly Created Service* - COMHOST


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]

C:\Windows\system32\unregmp2.exe /ShowWMP


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]

%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI




-- End of Deckard's System Scanner: finished at 2007-11-03 12:40:18 ------------

Złączono Posta : 03.11.2007 (Sob) 12:56a w pliku extra jest coś takiego

Deckard's System Scanner v20071014.68

Extra logfile - please post this as an attachment with your post.

--------------------------------------------------------------------------------


-- System Information ----------------------------------------------------------


Microsoft® Windows Vista™ Home Basic (build 6000)

Architecture: X86; Language: Polish


CPU 0: Intel(R) Celeron(R) CPU 540 @ 1.86GHz

Percentage of Memory in Use: 67%

Physical Memory (total/avail): 1014.69 MiB / 328.11 MiB

Pagefile Memory (total/avail): 2284.5 MiB / 1296.94 MiB

Virtual Memory (total/avail): 2047.88 MiB / 1911.39 MiB


C: is Fixed (NTFS) - 102.92 GiB total, 58.84 GiB free. 

D: is CDROM (No Media)

E: is Fixed (NTFS) - 1.55 GiB total, 1.31 GiB free. 

F: is Fixed (NTFS) - 7.32 GiB total, 0.74 GiB free. 

G: is CDROM (No Media)


\\.\PHYSICALDRIVE0 - Hitachi HTS541612J9SA00 - 111.79 GiB - 3 partitions

  \PARTITION0 (bootable) - Installable File System - 102.92 GiB - C:

  \PARTITION1 - Installable File System - 7.32 GiB - F:

  \PARTITION2 - Installable File System - 1589 MiB - E:




-- Security Center -------------------------------------------------------------


AUOptions is scheduled to auto-install.

Windows Internal Firewall is enabled.


FW: Norton Internet Security v2007 (Symantec Corporation)

AV: Norton Internet Security v2007 (Symantec Corporation)

AS: Windows Defender v1.1.1505.0 (Microsoft Corporation) [COLOR=RED]Disabled[/COLOR]

AS: Norton Internet Security v2007 (Symantec Corporation)


[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]


[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]



-- Environment Variables -------------------------------------------------------


ALLUSERSPROFILE=C:\ProgramData

APPDATA=C:\Users\Kasia\AppData\Roaming

CommonProgramFiles=C:\Program Files\Common Files

COMPUTERNAME=KASIA-PC

ComSpec=C:\Windows\system32\cmd.exe

FP_NO_HOST_CHECK=NO

HOMEDRIVE=C:

HOMEPATH=\Users\Kasia

LOCALAPPDATA=C:\Users\Kasia\AppData\Local

LOGONSERVER=\\KASIA-PC

NUMBER_OF_PROCESSORS=1

OnlineServices=Online Services

OS=Windows_NT

Path=C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;c:\Program Files\Microsoft SQL Server\90\Tools\binn\;c:\Program Files\Common Files\Roxio Shared\DLLShared\;c:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\

PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC

PLATFORM=BNB

PROCESSOR_ARCHITECTURE=x86

PROCESSOR_IDENTIFIER=x86 Family 6 Model 22 Stepping 1, GenuineIntel

PROCESSOR_LEVEL=6

PROCESSOR_REVISION=1601

ProgramData=C:\ProgramData

ProgramFiles=C:\Program Files

PROMPT=$P$G

PUBLIC=C:\Users\Public

RoxioCentral=c:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\

SystemDrive=C:

SystemRoot=C:\Windows

TEMP=C:\Users\Kasia\AppData\Local\Temp

TMP=C:\Users\Kasia\AppData\Local\Temp

USERDOMAIN=Kasia-PC

USERNAME=Kasia

USERPROFILE=C:\Users\Kasia

windir=C:\Windows



-- User Profiles ---------------------------------------------------------------


Kasia



-- Add/Remove Programs ---------------------------------------------------------


 --> C:\Program Files\InstallShield Installation Information\{69333A04-5134-40A5-A055-9166A7AA1EC8}\setup.exe -runfromtemp -l0x0009 -removeonly

 --> C:\Program Files\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL

 --> C:\Windows\UNNeroBackItUp.exe /UNINSTALL

 --> C:\Windows\UNNeroMediaHome.exe /UNINSTALL

 --> C:\Windows\UNNeroShowTime.exe /UNINSTALL

 --> C:\Windows\UNNeroVision.exe /UNINSTALL

 --> C:\Windows\UNRecode.exe /UNINSTALL

Activation Assistant for the 2007 Microsoft Office suites --> "C:\ProgramData\{623D32E9-0C62-4453-AD44-98B31F52A5E1}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE

Adobe Flash Player 9 ActiveX --> C:\Windows\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete

Adobe Flash Player Plugin --> C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe

Adobe Reader 7.0.5 - Polish --> MsiExec.exe /I{AC76BA86-7AD7-1045-7B44-A70500000002}

Agere Systems HDA Modem --> agrsmdel

AppCore --> MsiExec.exe /I{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}

Application Installer 4.00.B14 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{70CEFEBA-F757-4DBE-8A21-027C326137CE}\SETUP.EXE" -l0x15 

Archiwizator WinRAR --> C:\Program Files\WinRAR\uninstall.exe

AV --> MsiExec.exe /I{F4DB525F-A986-4249-B98B-42A8066251CA}

BIOS Configuration for HP ProtectTools --> MsiExec.exe /X{64AE6DA6-8B61-4DF7-AFC0-7134E4C458FA}

Business Contact Manager dla programu Outlook 2007 --> "C:\Program Files\Microsoft Small Business\Business Contact Manager\SetupBootstrap\Setup.exe" /remove {4ac40384-37ba-421c-b14c-2ecbe4403817}

Business Contact Manager dla programu Outlook 2007 --> MsiExec.exe /X{4AC40384-37BA-421C-B14C-2ECBE4403817}

ccCommon --> MsiExec.exe /I{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}

Combined Community Codec Pack 2007-07-22 --> "C:\Program Files\Combined Community Codec Pack\unins000.exe"

Device Access Manager for HP ProtectTools --> MsiExec.exe /X{55B52830-024A-443E-AF61-61E1E71AFA1B}

eMule --> "C:\Program Files\eMule\Uninstall.exe"

eMusic - 50 Free MP3 offer --> "C:\Program Files\Winamp\eMusic\Uninst-eMusic-promotion.exe"

ESU for Microsoft Vista --> MsiExec.exe /I{BB8BCF06-EE91-4137-AA29-1FB223A5C576}

face2face Elementary --> MsiExec.exe /X{181192A9-D13B-49F4-A4C6-1F7F48538642}

Gadu-Gadu 7.6 --> C:\Program Files\Gadu-Gadu\Setup.exe

Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}

Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"

Hewlett-Packard Active Check for Health Check --> MsiExec.exe /X{254C37AA-6B72-4300-84F6-98A82419187E}

Hewlett-Packard Asset Agent for Health Check --> MsiExec.exe /X{669D4A35-146B-4314-89F1-1AC3D7B88367}

HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall

HP Active Support Library --> C:\Program Files\InstallShield Installation Information\{E59A46D4-699C-4DC8-969F-DAC3395B4543}\setup.exe -runfromtemp -l0x0409

HP Active Support Library 32 bit components --> MsiExec.exe /I{6D3DB611-D5E8-4E4B-8952-0D3F549F9CC6}

HP Customer Experience Enhancements --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AB5E289E-76BF-4251-9F3F-9B763F681AE0}\setup.exe" -l0x9 -removeonly

HP Doc Viewer --> MsiExec.exe /I{082702D5-5DD8-4600-BCE5-48B15174687F}

HP Easy Setup - Frontend --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BBE5C83E-4DC5-494F-8A23-3AAE242E94C2}\setup.exe" -l0x9 -removeonly

HP Help and Support --> MsiExec.exe /I{584B0895-8EF3-4175-8E80-1B68BFA04636}

HP Notebook Accessories Product Tour --> MsiExec.exe /I{521F72F4-FFE4-4959-AA88-EED06125211F}

HP ProtectTools Security Manager --> MsiExec.exe /I{2DB165DC-DDB4-403F-B985-19F3EC7D0357}

HP Quick Launch Buttons 6.20 G2 --> C:\Program Files\InstallShield Installation Information\{34D2AB40-150D-475D-AE32-BD23FB5EE355}\setup.exe -runfromtemp -l0x0015 -removeonly uninst

HP Update --> MsiExec.exe /X{AB40272D-92AB-4F30-B36B-22EDE16F8FE5}

HP User Guides 0084 --> MsiExec.exe /I{7CA4EF4B-DB5A-4E2F-81CC-6EE33FC9EF1E}

HP Wireless Assistant --> MsiExec.exe /I{0289B18A-F99F-423F-B79F-1150D0F85492}

Instalator Menedżera Kopii Zapasowej i Odzyskiwania HP --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F9F7336-6DF8-476F-ABF6-C70A17FAF619}\setup.exe" -l0x15 -uninst -removeonly

Intel(R) Graphics Media Accelerator Driver --> C:\Windows\system32\igxpun.exe -uninstall

Intel(R) PRO Network Connections Drivers --> Prounstl.exe

InterVideo DVD Check --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5D97A4A7-C274-4B63-86D9-07A33435F505}\setup.exe" REMOVEALL

InterVideo WinDVD --> "C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL

Java(TM) 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}

Java(TM) SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}

LiveUpdate 3.2 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U

LiveUpdate Notice (Symantec Corporation) --> MsiExec.exe /X{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}

Logitech SetPoint --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}\setup.exe" -l0x15 -removeonly

Microsoft .NET Framework 1.1 --> msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}

Microsoft .NET Framework 1.1 --> MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}

Microsoft .NET Framework 1.1 Hotfix (KB929729) --> "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\M929729\M929729Uninstall.msp"

Microsoft .NET Framework 1.1 Polish Language Pack --> MsiExec.exe /X{64CB2553-C109-4132-AA51-1F421B515FD1}

Microsoft Office 2000 Premium --> MsiExec.exe /I{00000415-78E1-11D2-B60F-006097C998E7}

Microsoft Office 2003 Web Components --> MsiExec.exe /I{90A40415-6000-11D3-8CFE-0150048383C9}

Microsoft Office 2007 Primary Interop Assemblies --> MsiExec.exe /X{50120000-1105-0000-0000-0000000FF1CE}

Microsoft SQL Server 2005 --> "c:\Program Files\Microsoft SQL Server\90\Setup Bootstrap\ARPWrapper.exe" /Remove

Microsoft SQL Server 2005 Express Edition (MSSMLBIZ) --> MsiExec.exe /I{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}

Microsoft SQL Server Native Client --> MsiExec.exe /I{F9B3DD02-B0B3-42E9-8650-030DFF0D133D}

Microsoft SQL Server Setup Support Files (English) --> MsiExec.exe /X{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}

Microsoft SQL Server VSS Writer --> MsiExec.exe /I{E9F44C98-B8B6-480F-AF7B-E42A0A46F4E3}

MSCU for Microsoft Vista --> MsiExec.exe /I{4D78E819-D633-43AF-A594-A7645E53EC3C}

MSRedist --> MsiExec.exe /I{B7C61755-DB48-4003-948F-3D34DB8EAF69}

MSXML 4.0 SP2 (KB936181) --> MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}

MUSICMATCH Jukebox --> C:\PROGRA~1\MUSICM~1\MUSICM~2\unmatch.exe

Nero 8 Demo --> MsiExec.exe /X{81C6BFED-691E-402A-95DA-F6DE1A351045}

neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}

Norton AntiVirus --> MsiExec.exe /X{830D8CBD-C668-49e2-A969-C2C2106332E0}

Norton Confidential Browser Component --> MsiExec.exe /I{4843B611-8FCB-4428-8C23-31D0A5EAE164}

Norton Confidential Web Protection Component --> MsiExec.exe /I{D353CC51-430D-4C6F-9B7E-52003DA1E05A}

Norton Internet Security --> MsiExec.exe /I{48185814-A224-447A-81DA-71BD20580E1B}

Norton Internet Security --> MsiExec.exe /I{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}

Norton Internet Security --> MsiExec.exe /I{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}

Norton Internet Security --> MsiExec.exe /I{E5EE9939-259F-4DE2-8023-5C49E16A4F43}

Norton Internet Security (Symantec Corporation) --> "C:\Program Files\Common Files\Symantec Shared\SymSetup\{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}_10_2_0_30\{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}.exe" /X

Norton Protection Center --> MsiExec.exe /I{9A129ABC-A53A-4209-A21E-D5DEDFB7CCA8}

Opera 9.10 --> MsiExec.exe /X{750B9AD1-4C63-4143-94C5-6FB304199BAD}

PDF Complete --> C:\Program Files\PDF Complete\pdfiutil.exe /UGUI

Real Alternative 1.60 --> "C:\Program Files\Real Alternative\unins000.exe"

Roxio Activation Module --> MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}

Roxio Creator Audio --> MsiExec.exe /I{83FFCFC7-88C6-41C6-8752-958A45325C82}

Roxio Creator Basic v9 --> MsiExec.exe /I{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}

Roxio Creator Copy --> MsiExec.exe /I{619CDD8A-14B6-43A1-AB6C-0F4EE48CE048}

Roxio Creator Data --> MsiExec.exe /I{0D397393-9B50-4C52-84D5-77E344289F87}

Roxio Creator Tools --> MsiExec.exe /I{0394CDC8-FABD-4ED8-B104-03393876DFDF}

Roxio Express Labeler 3 --> MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}

Roxio MyDVD Basic v9 --> MsiExec.exe /I{33C65B6A-5D73-4E3E-A1F9-127C27BD3F72}

Roxio Update Manager --> MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}

Scientific-Atlanta WebSTAR 2000 series Cable Modem --> UNDPX2A.EXE

Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}

Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}

Składniki łączności pakietu Microsoft Office Small Business --> MsiExec.exe /X{A939D341-5A04-4E0A-BB55-3E65B386432D}

Sonic CinePlayer Decoder Pack --> MsiExec.exe /I{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}

SoundMAX --> C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe -runfromtemp -l0x0015 -removeonly

SPBBC 32bit --> MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}

SubEdit-Player --> "C:\PROGRA~1\SUBEDI~1\unins000.exe"

SubEdit - Vista WMP Patch --> "C:\PROGRA~1\SUBEDI~1\WMP6_4\unins000.exe"

SymNet --> MsiExec.exe /I{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}

Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall

VCRedistSetup --> MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}

Vista Default Settings --> MsiExec.exe /I{CD4978C5-AAF7-4E28-AAAD-2E90644476C9}

Winamp (remove only) --> "C:\Program Files\Winamp\UninstWA.exe"

WinZip --> "C:\Program Files\WinZip\WINZIP32.EXE" /uninstall

Worms Forts - Oblężenie --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{75773FB3-929A-4B08-A411-04A075071E10}\setup.exe" -l0x15 -removeonly



-- Application Event Log -------------------------------------------------------


Event Record #/Type8549 / Error

Event Submitted/Written: 11/03/2007 00:33:50 PM

Event ID/Source: 1000 / Application Error

Event Description:

Aplikacja powodująca błąd swreg.cfexe, wersja 2.0.1.6, sygnatura czasowa 0x2a425e19, moduł powodujący błąd ntdll.dll, wersja 6.0.6000.16386, sygnatura czasowa 0x4549bdc9, kod wyjątku 0xc0000005, przesunięcie błędu 0x00061f2a,

identyfikator procesu 0x13d4, godzina rozpoczęcia aplikacji 0xswreg.cfexe0.


Event Record #/Type8548 / Error

Event Submitted/Written: 11/03/2007 00:33:14 PM

Event ID/Source: 1000 / Application Error

Event Description:

Aplikacja powodująca błąd swreg.cfexe, wersja 2.0.1.6, sygnatura czasowa 0x2a425e19, moduł powodujący błąd ntdll.dll, wersja 6.0.6000.16386, sygnatura czasowa 0x4549bdc9, kod wyjątku 0xc0000005, przesunięcie błędu 0x00061f2a,

identyfikator procesu 0xbc8, godzina rozpoczęcia aplikacji 0xswreg.cfexe0.


Event Record #/Type8546 / Error

Event Submitted/Written: 11/03/2007 00:32:14 PM

Event ID/Source: 1000 / Application Error

Event Description:

Aplikacja powodująca błąd swreg.cfexe, wersja 2.0.1.6, sygnatura czasowa 0x2a425e19, moduł powodujący błąd ntdll.dll, wersja 6.0.6000.16386, sygnatura czasowa 0x4549bdc9, kod wyjątku 0xc0000005, przesunięcie błędu 0x00061f2a,

identyfikator procesu 0xc5c, godzina rozpoczęcia aplikacji 0xswreg.cfexe0.


Event Record #/Type8542 / Error

Event Submitted/Written: 11/03/2007 00:08:43 PM

Event ID/Source: 5007 / WerSvc

Event Description:

Nie można przeanalizować pliku docelowego platformy przesyłania opinii o systemie Windows (pliku DLL zawierającego listę problemów występujących na tym komputerze, które wymagają zebrania dodatkowych danych w celu przeprowadzenia diagnostyki). Kod błędu: 8014FFF9.


Event Record #/Type8527 / Success

Event Submitted/Written: 11/03/2007 00:02:12 PM

Event ID/Source: 5617 / WinMgmt

Event Description:





-- Security Event Log ----------------------------------------------------------


No Errors/Warnings found.



-- System Event Log ------------------------------------------------------------


Event Record #/Type14961 / Error

Event Submitted/Written: 11/03/2007 00:01:33 PM

Event ID/Source: 6 / ACPI

Event Description:

IRQARB: System ACPI BIOS nie zawiera przerwania dla urządzenia w gnieździe PCI 25, funkcja 0.

Skontaktuj się z dostawcą systemu w celu uzyskania pomocy technicznej.


Event Record #/Type14953 / Error

Event Submitted/Written: 11/03/2007 11:59:53 AM

Event ID/Source: 7001 / Service Control Manager

Event Description:

?Rozpoznawanie lokalizacji w sieci%%1068


Event Record #/Type14952 / Error

Event Submitted/Written: 11/03/2007 11:59:53 AM

Event ID/Source: 7001 / Service Control Manager

Event Description:

?Rozpoznawanie lokalizacji w sieci%%1068


Event Record #/Type14951 / Error

Event Submitted/Written: 11/03/2007 11:59:20 AM

Event ID/Source: 7001 / Service Control Manager

Event Description:

?Rozpoznawanie lokalizacji w sieci%%1068


Event Record #/Type14950 / Error

Event Submitted/Written: 11/03/2007 11:59:20 AM

Event ID/Source: 7001 / Service Control Manager

Event Description:

?Rozpoznawanie lokalizacji w sieci%%1068




-- End of Deckard's System Scanner: finished at 2007-11-03 12:40:18 ------------

(jessica) #11

Jest prawie OK.

Odinstaluj tylko ten powyższy szkodliwy dodatek (od DaemonTools).

jessi


(Endidevil) #12

no oki to wielkie dzięki :slight_smile: