Log, spowoloniony komp, wind. sec. center wykrywa spyware

Xil · 13 Listopad 2006 18:56

Log z HJ:

Logfile of HijackThis v1.99.1 Scan saved at 19:56:28, on 2006-11-13 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\System32\nvsvc32.exe C:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\Eset\nod32kui.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Gadu-Gadu\gg.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Administrator\Pulpit\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wp.pl/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O4 - HKLM…\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM…\Run: [NvCplDaemon] “RUNDLL32.EXE” C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM…\Run: [nwiz] “nwiz.exe” /install O4 - HKLM…\Run: [NvMediaCenter] “RUNDLL32.EXE” C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM…\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM…\Run: [CloneCDTray] “C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe” /s O4 - HKLM…\Run: [DAEMON Tools] “C:\Program Files\DAEMON Tools\daemon.exe” -lang 1045 O4 - HKLM…\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM…\Run: [nod32kui] “C:\Program Files\Eset\nod32kui.exe” /WAITSERVICE O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray O4 - HKCU…\Run: [updateService] C:\WINDOWS\system32\wservice.exe O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar … vSniff.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar … /cabsa.cab O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab O17 - HKLM\System\CCS\Services\Tcpip…{10C207F9-A50B-4C26-AAE7-5E868DF33DCD}: NameServer = 85.255.114.102,85.255.112.83 O17 - HKLM\System\CCS\Services\Tcpip…{19E6592A-82C4-414D-9FBF-D04B05C58CD2}: NameServer = 85.255.114.102,85.255.112.83 O17 - HKLM\System\CCS\Services\Tcpip…{699C2DC5-0233-4A67-B43E-7780C4070F67}: NameServer = 85.255.114.102,85.255.112.83 O17 - HKLM\System\CCS\Services\Tcpip…{EB14D460-E5C2-4D0C-B4E6-B5A5B736DD0C}: NameServer = 85.255.114.102,85.255.112.83 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.102 85.255.112.83 O17 - HKLM\System\CS1\Services\Tcpip…{10C207F9-A50B-4C26-AAE7-5E868DF33DCD}: NameServer = 85.255.114.102,85.255.112.83 O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.114.102 85.255.112.83 O17 - HKLM\System\CS3\Services\Tcpip…{10C207F9-A50B-4C26-AAE7-5E868DF33DCD}: NameServer = 85.255.114.102,85.255.112.83 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.102 85.255.112.83 O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

Log z Gmer’a:

GMER 1.0.12.11889 - http://www.gmer.net Autostart scan 2006-11-13 19:58:32 Windows 5.1.2600 Dodatek Service Pack 2 HKLM\SYSTEM\CurrentControlSet\Control\Session Manager@BootExecute = autocheck autochk * /*file not found*/ HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16 HKLM\SYSTEM\CurrentControlSet\Control\WOW@cmdline = %SystemRoot%\system32\ntvdm.exe HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon >>> @UserinitC:\WINDOWS\system32\userinit.exe, = C:\WINDOWS\system32\userinit.exe, @ShellExplorer.exe = Explorer.exe @System = @UIHostlogonui.exe = logonui.exe HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ >>> crypt32chain@DLLName = crypt32.dll cryptnet@DLLName = cryptnet.dll cscdll@DLLName = cscdll.dll ScCertProp@DLLName = wlnotify.dll Schedule@DLLName = wlnotify.dll sclgntfy@DLLName = sclgntfy.dll SensLogn@DLLName = WlNotify.dll termsrv@DLLName = wlnotify.dll wlballoon@DLLName = wlnotify.dll HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows@AppInit_DLLs = HKLM\SYSTEM\CurrentControlSet\Services\ >>> AudioSrv /*Windows Audio*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs Browser /*Przegl*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs CryptSvc /*Us*/@ = %SystemRoot%\system32\svchost.exe -k netsvcs DcomLaunch /*Program uruchamiaj*/@ = %SystemRoot%\system32\svchost -k DcomLaunch Dhcp /*Klient DHCP*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs dmserver /*Mened*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs Dnscache /*Klient DNS*/@ = %SystemRoot%\System32\svchost.exe -k NetworkService Eventlog /*Dziennik zdarze*/@ = %SystemRoot%\system32\services.exe helpsvc /*Pomoc i obs*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs Irmon /*Monitor podczerwieni*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs lanmanserver /*Serwer*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs lanmanworkstation /*Stacja robocza*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs LightScribeService /*LightScribeService Direct Disc Labeling Service*/@ = “C:\Program Files\Common Files\LightScribe\LSSrvc.exe” LmHosts /*Pomoc TCP/IP NetBIOS*/@ = %SystemRoot%\System32\svchost.exe -k LocalService NOD32krn /*NOD32 Kernel Service*/@ = “C:\Program Files\Eset\nod32krn.exe” NVSvc /*NVIDIA Display Driver Service*/@ = %SystemRoot%\System32\nvsvc32.exe PlugPlay /*Plug and Play*/@ = %SystemRoot%\system32\services.exe Pml Driver HPZ12 /*Pml Driver HPZ12*/@ = C:\WINDOWS\system32\HPZipm12.exe PolicyAgent /*Us*/@ = %SystemRoot%\System32\lsass.exe ProtectedStorage /*Magazyn chroniony*/@ = %SystemRoot%\system32\lsass.exe RemoteRegistry /*Rejestr zdalny*/@ = %SystemRoot%\system32\svchost.exe -k LocalService RpcSs /*Zdalne wywo*/@ = %SystemRoot%\system32\svchost -k rpcss SamSs /*Mened*/@ = %SystemRoot%\system32\lsass.exe Schedule /*Harmonogram zada*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs ScsiPort@ = %SystemRoot%\system32\drivers\scsiport.sys seclogon /*Logowanie pomocnicze*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs SENS /*Zawiadomienie o zdarzeniu systemowym*/@ = %SystemRoot%\system32\svchost.exe -k netsvcs ShellHWDetection /*Wykrywanie sprz*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs Spooler /*Bufor wydruku*/@ = %SystemRoot%\system32\spoolsv.exe srservice /*Us*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs StarWindService /*StarWind iSCSI Service*/@ = C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe stisvc /*Windows Image Acquisition (WIA)*/@ = %SystemRoot%\System32\svchost.exe -k imgsvc Themes /*Kompozycje*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs TrkWks /*Klient */@ = %SystemRoot%\system32\svchost.exe -k netsvcs WebClient /*WebClient*/@ = %SystemRoot%\System32\svchost.exe -k LocalService winmgmt /*Instrumentacja zarz*/@ = %systemroot%\system32\svchost.exe -k netsvcs WmdmPmSp /*Numer seryjny no*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs WZCSVC /*Konfiguracja zerowej sieci bezprzewodowej*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>> @RTHDCPLRTHDCPL.EXE = RTHDCPL.EXE @NvCplDaemon"RUNDLL32.EXE" C:\WINDOWS\System32\NvCpl.dll,NvStartup = “RUNDLL32.EXE” C:\WINDOWS\System32\NvCpl.dll,NvStartup @nwiz"nwiz.exe" /install = “nwiz.exe” /install @NvMediaCenter"RUNDLL32.EXE" C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit = “RUNDLL32.EXE” C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit @NeroFilterCheckC:\WINDOWS\system32\NeroCheck.exe = C:\WINDOWS\system32\NeroCheck.exe @CloneCDTray"C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s = “C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe” /s @DAEMON Tools"C:\Program Files\DAEMON Tools\daemon.exe" -lang 1045 = “C:\Program Files\DAEMON Tools\daemon.exe” -lang 1045 @KernelFaultCheck%systemroot%\system32\dumprep 0 -k = %systemroot%\system32\dumprep 0 -k @nod32kui"C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE = “C:\Program Files\Eset\nod32kui.exe” /WAITSERVICE HKCU\Software\Microsoft\Windows\CurrentVersion\Run >>> @CTFMON.EXEC:\WINDOWS\system32\ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe @Gadu-Gadu"C:\Program Files\Gadu-Gadu\gg.exe" /tray = “C:\Program Files\Gadu-Gadu\gg.exe” /tray @UpdateServiceC:\WINDOWS\system32\wservice.exe ?q? ?q?? ? ??? ???| ?qt P?? ???| ?q ??? ???q???|???|???|t ?@ ?? ??? &- X??|???q ?&- ??? ?q ?? ?"- (D?qX?? ???|p??|???m??|???| ? ???|P?? ???x?? <$?|<?? ?$?|B$?|7 2 ??? ? /*file not found*/ = C:\WINDOWS\system32\wservice.exe ?q? ?q?? ? ??? ???| ?qt P?? ???| ?q ??? ???q???|???|???|t ?@ ?? ??? &- X??|???q ?&- ??? ?q ?? ?"- (D?qX?? ???|p??|???m??|???| ? ???|P?? ???x?? <$?|<?? ?$?|B$?|7 2 ??? ? /*file not found*/ HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad >>> @PostBootReminder%SystemRoot%\system32\SHELL32.dll = %SystemRoot%\system32\SHELL32.dll @CDBurn%SystemRoot%\system32\SHELL32.dll = %SystemRoot%\system32\SHELL32.dll @WebCheck%SystemRoot%\System32\webcheck.dll = %SystemRoot%\System32\webcheck.dll @SysTrayC:\WINDOWS\System32\stobject.dll = C:\WINDOWS\System32\stobject.dll HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler >>> @{438755C2-A8BA-11D1-B96B-00A0C90312E1}%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll @{8C7461EF-2B13-11d2-BE35-3078302C2030}%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll @{2C1CD3D7-86AC-4068-93BC-A02304BB2236}(null) = HKLM\Software\Classes\Folder\shell\open\command@ = %SystemRoot%\Explorer.exe /idlist,%I,%L HKLM\Software\Classes\Folder\shell\explore\command@ = %SystemRoot%\Explorer.exe /e,/idlist,%I,%L HKLM\Software\Classes\ >>> .exe@ = “%1” %* .com@ = “%1” %* .cmd@ = “%1” %* .bat@ = “%1” %* .pif@ = “%1” %* .scr@ = “%1” /S .hta@ = C:\WINDOWS\System32\mshta.exe “%1” %* HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks@{AEB6717E-7E19-11d0-97EE-00C04FD91972} = shell32.dll HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>> @{00022613-0000-0000-C000-000000000046} /*Karta w*/mmsys.cpl = mmsys.cpl @{176d6597-26d3-11d1-b350-080036a75b03} /*Zarz*/icmui.dll = icmui.dll @{1F2E5C40-9550-11CE-99D2-00AA006E086C} /*Strona zabezpiecze*/rshx32.dll = rshx32.dll @{3EA48300-8CF6-101B-84FB-666CCB9BCD32} /*Strona w*/docprop.dll = docprop.dll @{40dd6e20-7c17-11ce-a804-00aa003ca9f6} /*Rozszerzenia pow*/ntshrui.dll = ntshrui.dll @{41E300E0-78B6-11ce-849B-444553540000} /*PlusPack CPL Extension*/%SystemRoot%\System32\themeui.dll = %SystemRoot%\System32\themeui.dll @{42071712-76d4-11d1-8b24-00a0c9068ff3} /*Rozszerzenie CPL karty graficznej*/deskadp.dll = deskadp.dll @{42071713-76d4-11d1-8b24-00a0c9068ff3} /*Rozszerzenie CPL monitora wy*/deskmon.dll = deskmon.dll @{42071714-76d4-11d1-8b24-00a0c9068ff3} /*Rozszerzenie CPL kadrowania wy*/deskpan.dll /*file not found*/ = deskpan.dll /*file not found*/ @{4E40F770-369C-11d0-8922-00A024AB2DBB} /*Strona zabezpiecze*/dssec.dll = dssec.dll @{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8} /*Strona zgodno*/SlayerXP.dll = SlayerXP.dll @{56117100-C0CD-101B-81E2-00AA004AE837} /*Program obs*/shscrap.dll = shscrap.dll @{59099400-57FF-11CE-BD94-0020AF85B590} /*Rozszerzenie Disc Copy*/diskcopy.dll = diskcopy.dll @{59be4990-f85c-11ce-aff7-00aa003ca9f6} /*Rozszerzenia pow*/ntlanui2.dll = ntlanui2.dll @{5DB2625A-54DF-11D0-B6C4-0800091AA605} /*Zarz*/%SystemRoot%\System32\icmui.dll = %SystemRoot%\System32\icmui.dll @{675F097E-4C4D-11D0-B6C1-0800091AA605} /*Zarz*/%SystemRoot%\system32\icmui.dll = %SystemRoot%\system32\icmui.dll @{764BF0E1-F219-11ce-972D-00AA00A14F56} /*Rozszerzenia pow*/(null) = @{77597368-7b15-11d0-a0c2-080036af3f03} /*Rozszerzenie pow*/printui.dll = printui.dll @{7988B573-EC89-11cf-9C00-00AA00A14F56} /*Disk Quota UI*/dskquoui.dll = dskquoui.dll @{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} /*Menu kontekstowe szyfrowania*/(null) = @{85BBD920-42A0-1069-A2E4-08002B30309D} /*Aktówka*/syncui.dll = syncui.dll @{88895560-9AA2-1069-930E-00AA0030EBC8} /*Rozszerzenie ikony HyperTerminalu*/C:\WINDOWS\System32\hticons.dll = C:\WINDOWS\System32\hticons.dll @{BD84B380-8CA2-1069-AB1D-08000948F534} /*Fonts*/fontext.dll = fontext.dll @{DBCE2480-C732-101B-BE72-BA78E9AD5B27} /*Profil ICC*/%SystemRoot%\system32\icmui.dll = %SystemRoot%\system32\icmui.dll @{F37C5810-4D3F-11d0-B4BF-00AA00BBB723} /*Strona zabezpiecze*/rshx32.dll = rshx32.dll @{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} /*Rozszerzenia pow*/ntshrui.dll = ntshrui.dll @{f92e8c40-3d33-11d2-b1aa-080036a75b03} /*Display TroubleShoot CPL Extension*/deskperf.dll = deskperf.dll @{7444C717-39BF-11D1-8CD9-00C04FC29D45} /*Rozszerzenie Crypto PKO*/C:\WINDOWS\system32\cryptext.dll = C:\WINDOWS\system32\cryptext.dll @{7444C719-39BF-11D1-8CD9-00C04FC29D45} /*Rozszerzenie Crypto Sign*/C:\WINDOWS\system32\cryptext.dll = C:\WINDOWS\system32\cryptext.dll @{7007ACC7-3202-11D1-AAD2-00805FC1270E} /*Po*/C:\WINDOWS\system32\NETSHELL.dll = C:\WINDOWS\system32\NETSHELL.dll @{992CFFA0-F557-101A-88EC-00DD010CCC48} /*Po*/C:\WINDOWS\system32\NETSHELL.dll = C:\WINDOWS\system32\NETSHELL.dll @{E211B736-43FD-11D1-9EFB-0000F8757FCD} /*&Skanery i aparaty fotograficzne*/wiashext.dll = wiashext.dll @{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD} /*&Skanery i aparaty fotograficzne*/wiashext.dll = wiashext.dll @{905667aa-acd6-11d2-8080-00805f6596d2} /*&Skanery i aparaty fotograficzne*/wiashext.dll = wiashext.dll @{3F953603-1008-4f6e-A73A-04AAC7A992F1} /*&Skanery i aparaty fotograficzne*/wiashext.dll = wiashext.dll @{83bbcbf3-b28a-4919-a5aa-73027445d672} /*&Skanery i aparaty fotograficzne*/wiashext.dll = wiashext.dll @{F0152790-D56E-4445-850E-4F3117DB740C} /*Remote Sessions CPL Extension*/C:\WINDOWS\System32\remotepg.dll = C:\WINDOWS\System32\remotepg.dll @{5F327514-6C5E-4d60-8F16-D07FA08A78ED} /*Auto Update Property Sheet Extension*/%SystemRoot%\System32\wuaucpl.cpl = %SystemRoot%\System32\wuaucpl.cpl @{60254CA5-953B-11CF-8C96-00AA00B8708C} /*Rozszerzenia pow*/C:\WINDOWS\System32\wshext.dll = C:\WINDOWS\System32\wshext.dll @{2206CDB2-19C1-11D1-89E0-00C04FD7A829} /*Microsoft Data Link*/C:\Program Files\Common Files\System\Ole DB\oledb32.dll = C:\Program Files\Common Files\System\Ole DB\oledb32.dll @{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF} /*Tasks Folder Icon Handler*/C:\WINDOWS\System32\mstask.dll = C:\WINDOWS\System32\mstask.dll @{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF} /*Tasks Folder Shell Extension*/C:\WINDOWS\System32\mstask.dll = C:\WINDOWS\System32\mstask.dll @{D6277990-4C6A-11CF-8D87-00AA0060F5BF} /*Zaplanowane zadania*/C:\WINDOWS\System32\mstask.dll = C:\WINDOWS\System32\mstask.dll @{0DF44EAA-FF21-4412-828E-260A8728E7F1} /*Pasek zada*/(null) = @{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0} /*Wyszukaj*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll @{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0} /*Pomoc i obs*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll @{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0} /*Pomoc i obs*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll @{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0} /*Uruchom…*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll @{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0} /*Internet*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll @{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0} /*E-mail*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll @{D20EA4E1-3957-11d2-A40B-0C5020524152} /*Czcionki*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll @{D20EA4E1-3957-11d2-A40B-0C5020524153} /*Narz*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll @{875CB1A1-0F29-45de-A1AE-CFB4950D0B78} /*Audio Media Properties Handler*/%SystemRoot%\System32\shmedia.dll = %SystemRoot%\System32\shmedia.dll @{40C3D757-D6E4-4b49-BB41-0E5BBEA28817} /*Video Media Properties Handler*/%SystemRoot%\System32\shmedia.dll = %SystemRoot%\System32\shmedia.dll @{E4B29F9D-D390-480b-92FD-7DDB47101D71} /*Wav Properties Handler*/%SystemRoot%\System32\shmedia.dll = %SystemRoot%\System32\shmedia.dll @{87D62D94-71B3-4b9a-9489-5FE6850DC73E} /*Avi Properties Handler*/%SystemRoot%\System32\shmedia.dll = %SystemRoot%\System32\shmedia.dll @{A6FD9E45-6E44-43f9-8644-08598F5A74D9} /*Midi Properties Handler*/%SystemRoot%\System32\shmedia.dll = %SystemRoot%\System32\shmedia.dll @{c5a40261-cd64-4ccf-84cb-c394da41d590} /*Video Thumbnail Extractor*/%SystemRoot%\System32\shmedia.dll = %SystemRoot%\System32\shmedia.dll @{5E6AB780-7743-11CF-A12B-00AA004AE837} /*Pasek narz*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll @{22BF0C20-6DA7-11D0-B373-00A0C9034938} /*Stan pobierania*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll @{91EA3F8B-C99B-11d0-9815-00C04FD91972} /*Folder pow*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll @{6413BA2C-B461-11d1-A18A-080036B11A03} /*Folder pow*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll @{F61FFEC1-754F-11d0-80CA-00AA005B4383} /*BandProxy*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll @{7BA4C742-9E81-11CF-99D3-00AA004AE837} /*Pasek przegl*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll @{30D02401-6A81-11d0-8274-00C04FD5AE38} /*Pasek wyszukiwania*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll @{32683183-48a0-441b-a342-7c2a440a9478} /*Pasek multimediów*/(null) = @{169A0691-8DF9-11d1-A1C4-00C04FD75D13} /*Wyszukiwanie w okienku*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll @{07798131-AF23-11d1-9111-00A0C98BA67D} /*Wyszukiwanie w sieci Web*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll @{AF4F6510-F982-11d0-8595-00AA004CD6D8} /*Narz*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll @{01E04581-4EEE-11d0-BFE9-00AA005B4383} /*&Adres*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll @{A08C11D2-A228-11d0-825B-00AA005B4383} /*Pole edycji adresu*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll @{00BB2763-6A77-11D0-A535-00C04FD7D062} /*Autouzupe*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll @{7376D660-C583-11d0-A3A5-00C04FD706EC} /*Wyodr*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll @{6756A641-DE71-11d0-831B-00AA005B4383} /*Lista autouzupe*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll @{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A} /*Niestandardowa lista autouzupe*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll @{7e653215-fa25-46bd-a339-34a2790f3cb7} /*Dost*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll @{acf35015-526e-4230-9596-becbe19f0ac9} /*Pasek podr*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll @{E0E11A09-5CB8-4B6C-8332-E00720A168F2} /*Analizator paska adresu*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll @{00BB2764-6A77-11D0-A535-00C04FD7D062} /*Lista autouzupe*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll @{03C036F1-A186-11D0-824A-00AA005B4383} /*Lista autouzupe*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll @{00BB2765-6A77-11D0-A535-00C04FD7D062} /*Kontener wielu list autouzupe*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll @{ECD4FC4E-521C-11D0-B792-00A0C90312E1} /*Menu witryny paska pow*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll @{3CCF8A41-5C85-11d0-9796-00AA00B90ADF} /*Shell DeskBarApp*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll @{ECD4FC4C-521C-11D0-B792-00A0C90312E1} /*Pasek pulpitu pow*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll @{ECD4FC4D-521C-11D0-B792-00A0C90312E1} /*Shell Rebar BandSite*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll @{DD313E04-FEFF-11d1-8ECD-0000F87A470C} /*Pomoc dla u*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll @{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11} /*Globalne ustawienia folderów*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll @{EFA24E61-B078-11d0-89E4-00C04FC9E26E} /*Favorites Band*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll @{0A89A860-D7B1-11CE-8350-444553540000} /*Shell Automation Inproc Service*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll @{E7E4BC40-E76A-11CE-A9BB-00AA004AE837} /*Shell DocObject Viewer*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll @{A5E46E3A-8849-11D1-9D8C-00C04FC99D61} /*Microsoft Browser Architecture*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll @{FBF23B40-E3F0-101B-8488-00AA003E56F8} /*InternetShortcut*/shdocvw.dll = shdocvw.dll @{3C374A40-BAE4-11CF-BF7D-00AA006946EE} /*Microsoft Url History Service*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll @{FF393560-C2A7-11CF-BFF4-444553540000} /*Historia*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll @{7BD29E00-76C1-11CF-9DD0-00A0C9034933} /*Tymczasowe pliki internetowe*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll @{7BD29E01-76C1-11CF-9DD0-00A0C9034933} /*Tymczasowe pliki internetowe*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll @{CFBFAE00-17A6-11D0-99CB-00C04FD64497} /*Microsoft Url Search Hook*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll @{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC} /*Ekran powitalny pakietu IE4*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll @{67EA19A0-CCEF-11d0-8024-00C04FD75D13} /*CDF Extension Copy Hook*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll @{131A6951-7F78-11D0-A979-00C04FD705A2} /*ISFBand OC*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll @{9461b922-3c5a-11d2-bf8b-00c04fb93661} /*Search Assistant OC*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll @{3DC7A020-0ACD-11CF-A9BB-00AA004AE837} /*Internet*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll @{871C5380-42A0-1069-A2EA-08002B30309D} /*Internet Name Space*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll @{EFA24E64-B078-11d0-89E4-00C04FC9E26E} /*Pasek eksploratora*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll @{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE} /*Sendmail service*/C:\WINDOWS\System32\sendmail.dll = C:\WINDOWS\System32\sendmail.dll @{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE} /*Sendmail service*/C:\WINDOWS\System32\sendmail.dll = C:\WINDOWS\System32\sendmail.dll @{88C6C381-2E85-11D0-94DE-444553540000} /*Folder pami*/%SystemRoot%\System32\occache.dll = %SystemRoot%\System32\occache.dll @{E6FB5E20-DE35-11CF-9C87-00AA005127ED} /*WebCheck*/%SystemRoot%\System32\webcheck.dll = %SystemRoot%\System32\webcheck.dll @{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE} /*Subscription Mgr*/%SystemRoot%\System32\webcheck.dll = %SystemRoot%\System32\webcheck.dll @{F5175861-2688-11d0-9C5E-00AA00A45957} /*Folder subskrypcji*/%SystemRoot%\System32\webcheck.dll = %SystemRoot%\System32\webcheck.dll @{08165EA0-E946-11CF-9C87-00AA005127ED} /*WebCheckWebCrawler*/%SystemRoot%\System32\webcheck.dll = %SystemRoot%\System32\webcheck.dll @{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB} /*WebCheckChannelAgent*/%SystemRoot%\System32\webcheck.dll = %SystemRoot%\System32\webcheck.dll @{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7} /*TrayAgent*/%SystemRoot%\System32\webcheck.dll = %SystemRoot%\System32\webcheck.dll @{7D559C10-9FE9-11d0-93F7-00AA0059CE02} /*Code Download Agent*/%SystemRoot%\System32\webcheck.dll = %SystemRoot%\System32\webcheck.dll @{E6CC6978-6B6E-11D0-BECA-00C04FD940BE} /*ConnectionAgent*/%SystemRoot%\System32\webcheck.dll = %SystemRoot%\System32\webcheck.dll @{D8BD2030-6FC9-11D0-864F-00AA006809D9} /*PostAgent*/%SystemRoot%\System32\webcheck.dll = %SystemRoot%\System32\webcheck.dll @{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB} /*WebCheck SyncMgr Handler*/%SystemRoot%\System32\webcheck.dll = %SystemRoot%\System32\webcheck.dll @{352EC2B7-8B9A-11D1-B8AE-006008059382} /*Mened*/%SystemRoot%\System32\appwiz.cpl = %SystemRoot%\System32\appwiz.cpl @{0B124F8F-91F0-11D1-B8B5-006008059382} /*Wyliczanie zainstalowanych aplikacji*/%SystemRoot%\System32\appwiz.cpl = %SystemRoot%\System32\appwiz.cpl @{CFCCC7A0-A282-11D1-9082-006008059382} /*Publikator aplikacji Darwin*/%SystemRoot%\System32\appwiz.cpl = %SystemRoot%\System32\appwiz.cpl @{e84fda7c-1d6a-45f6-b725-cb260c236066} /*Shell Image Verbs*/%SystemRoot%\System32\shimgvw.dll = %SystemRoot%\System32\shimgvw.dll @{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178} /*Shell Image Data Factory*/%SystemRoot%\System32\shimgvw.dll = %SystemRoot%\System32\shimgvw.dll @{3F30C968-480A-4C6C-862D-EFC0897BB84B} /*GDI+program wyodr*/C:\WINDOWS\System32\shimgvw.dll = C:\WINDOWS\System32\shimgvw.dll @{9DBD2C50-62AD-11d0-B806-00C04FD706EC} /*Informacje podsumowuj*/C:\WINDOWS\System32\shimgvw.dll = C:\WINDOWS\System32\shimgvw.dll @{EAB841A0-9550-11cf-8C16-00805F1408F3} /*Wyodr*/C:\WINDOWS\System32\shimgvw.dll = C:\WINDOWS\System32\shimgvw.dll @{eb9b1153-3b57-4e68-959a-a3266bc3d7fe} /*Shell Image Property Handler*/%SystemRoot%\System32\shimgvw.dll = %SystemRoot%\System32\shimgvw.dll @{CC6EEFFB-43F6-46c5-9619-51D571967F7D} /*Kreator publikacji w sieci Web*/%SystemRoot%\System32\netplwiz.dll = %SystemRoot%\System32\netplwiz.dll @{add36aa8-751a-4579-a266-d66f5202ccbb} /*Zamawianie odbitek w sieci Web*/%SystemRoot%\System32\netplwiz.dll = %SystemRoot%\System32\netplwiz.dll @{6b33163c-76a5-4b6c-bf21-45de9cd503a1} /*Obiekt pow*/%SystemRoot%\System32\netplwiz.dll = %SystemRoot%\System32\netplwiz.dll @{58f1f272-9240-4f51-b6d4-fd63d1618591} /*Kreator uzyskiwania profilu us*/%SystemRoot%\System32\netplwiz.dll = %SystemRoot%\System32\netplwiz.dll @{7A9D77BD-5403-11d2-8785-2E0420524153} /*Konta u*/(null) = @{E88DCCE0-B7B3-11d1-A9F0-00AA0060FA31} /*Folder skompresowany (zip)*/%SystemRoot%\System32\zipfldr.dll = %SystemRoot%\System32\zipfldr.dll @{BD472F60-27FA-11cf-B8B4-444553540000} /*Compressed (zipped) Folder Right Drag Handler*/%SystemRoot%\System32\zipfldr.dll = %SystemRoot%\System32\zipfldr.dll @{888DCA60-FC0A-11CF-8F0F-00C04FD7D062} /*Compressed (zipped) Folder SendTo Target*/%SystemRoot%\System32\zipfldr.dll = %SystemRoot%\System32\zipfldr.dll @{f39a0dc0-9cc8-11d0-a599-00c04fd64433} /*Plik kana*/%SystemRoot%\System32\cdfview.dll = %SystemRoot%\System32\cdfview.dll @{f3aa0dc0-9cc8-11d0-a599-00c04fd64434} /*Skrót kana*/%SystemRoot%\System32\cdfview.dll = %SystemRoot%\System32\cdfview.dll @{f3ba0dc0-9cc8-11d0-a599-00c04fd64435} /*Obiekt obs*/%SystemRoot%\System32\cdfview.dll = %SystemRoot%\System32\cdfview.dll @{f3da0dc0-9cc8-11d0-a599-00c04fd64437} /*Channel Menu*/%SystemRoot%\System32\cdfview.dll = %SystemRoot%\System32\cdfview.dll @{f3ea0dc0-9cc8-11d0-a599-00c04fd64438} /*Channel Properties*/%SystemRoot%\System32\cdfview.dll = %SystemRoot%\System32\cdfview.dll @{63da6ec0-2e98-11cf-8d82-444553540000} /*FTP Folders Webview*/C:\WINDOWS\System32\msieftp.dll = C:\WINDOWS\System32\msieftp.dll @{883373C3-BF89-11D1-BE35-080036B11A03} /*Microsoft DocProp Shell Ext*/C:\WINDOWS\System32\docprop2.dll = C:\WINDOWS\System32\docprop2.dll @{A9CF0EAE-901A-4739-A481-E35B73E47F6D} /*Microsoft DocProp Inplace Edit Box Control*/C:\WINDOWS\System32\docprop2.dll = C:\WINDOWS\System32\docprop2.dll @{8EE97210-FD1F-4B19-91DA-67914005F020} /*Microsoft DocProp Inplace ML Edit Box Control*/C:\WINDOWS\System32\docprop2.dll = C:\WINDOWS\System32\docprop2.dll @{0EEA25CC-4362-4A12-850B-86EE61B0D3EB} /*Microsoft DocProp Inplace Droplist Combo Control*/C:\WINDOWS\System32\docprop2.dll = C:\WINDOWS\System32\docprop2.dll @{6A205B57-2567-4A2C-B881-F787FAB579A3} /*Microsoft DocProp Inplace Calendar Control*/C:\WINDOWS\System32\docprop2.dll = C:\WINDOWS\System32\docprop2.dll @{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33} /*Microsoft DocProp Inplace Time Control*/C:\WINDOWS\System32\docprop2.dll = C:\WINDOWS\System32\docprop2.dll @{8A23E65E-31C2-11d0-891C-00A024AB2DBB} /*Directory Query UI*/%SystemRoot%\System32\dsquery.dll = %SystemRoot%\System32\dsquery.dll @{9E51E0D0-6E0F-11d2-9601-00C04FA31A86} /*Shell properties for a DS object*/%SystemRoot%\System32\dsquery.dll = %SystemRoot%\System32\dsquery.dll @{163FDC20-2ABC-11d0-88F0-00A024AB2DBB} /*Directory Object Find*/%SystemRoot%\System32\dsquery.dll = %SystemRoot%\System32\dsquery.dll @{F020E586-5264-11d1-A532-0000F8757D7E} /*Directory Start/Search Find*/%SystemRoot%\System32\dsquery.dll = %SystemRoot%\System32\dsquery.dll @{0D45D530-764B-11d0-A1CA-00AA00C16E65} /*Directory Property UI*/%SystemRoot%\System32\dsuiext.dll = %SystemRoot%\System32\dsuiext.dll @{62AE1F9A-126A-11D0-A14B-0800361B1103} /*Directory Context Menu Verbs*/%SystemRoot%\System32\dsuiext.dll = %SystemRoot%\System32\dsuiext.dll @{ECF03A33-103D-11d2-854D-006008059367} /*MyDocs Copy Hook*/%SystemRoot%\System32\mydocs.dll = %SystemRoot%\System32\mydocs.dll @{ECF03A32-103D-11d2-854D-006008059367} /*MyDocs Drop Target*/%SystemRoot%\System32\mydocs.dll = %SystemRoot%\System32\mydocs.dll @{4a7ded0a-ad25-11d0-98a8-0800361b1103} /*MyDocs Properties*/%SystemRoot%\System32\mydocs.dll = %SystemRoot%\System32\mydocs.dll @{750fdf0e-2a26-11d1-a3ea-080036587f03} /*Offline Files Menu*/%SystemRoot%\System32\cscui.dll = %SystemRoot%\System32\cscui.dll @{10CFC467-4392-11d2-8DB4-00C04FA31A66} /*Offline Files Folder Options*/%SystemRoot%\System32\cscui.dll = %SystemRoot%\System32\cscui.dll @{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E} /*Folder plików trybu offline*/%SystemRoot%\System32\cscui.dll = %SystemRoot%\System32\cscui.dll @{143A62C8-C33B-11D1-84FE-00C04FA34A14} /*Microsoft Agent Character Property Sheet Handler*/C:\WINDOWS\msagent\agentpsh.dll = C:\WINDOWS\msagent\agentpsh.dll @{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6} /*DfsShell*/C:\WINDOWS\System32\dfsshlex.dll = C:\WINDOWS\System32\dfsshlex.dll @{60fd46de-f830-4894-a628-6fa81bc0190d} /*%DESC_PublishDropTarget%*/%SystemRoot%\System32\photowiz.dll = %SystemRoot%\System32\photowiz.dll @{7A80E4A8-8005-11D2-BCF8-00C04F72C717} /*MMC Icon Handler*/%SystemRoot%\System32\mmcshext.dll = %SystemRoot%\System32\mmcshext.dll @{0CD7A5C0-9F37-11CE-AE65-08002B2E1262} /*.CAB file viewer*/cabview.dll = cabview.dll @{32714800-2E5F-11d0-8B85-00AA0044F941} /*&Do osób…*/C:\Program Files\Outlook Express\wabfind.dll = C:\Program Files\Outlook Express\wabfind.dll @{8DD448E6-C188-4aed-AF92-44956194EB1F} /*Windows Media Player Play as Playlist Context Menu Handler*/C:\WINDOWS\system32\wmpshell.dll = C:\WINDOWS\system32\wmpshell.dll @{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C} /*Windows Media Player Burn Audio CD Context Menu Handler*/C:\WINDOWS\system32\wmpshell.dll = C:\WINDOWS\system32\wmpshell.dll @{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD} /*Windows Media Player Add to Playlist Context Menu Handler*/C:\WINDOWS\system32\wmpshell.dll = C:\WINDOWS\system32\wmpshell.dll @{A70C977A-BF00-412C-90B7-034C51DA2439} /*NvCpl DesktopContext Class*/C:\WINDOWS\System32\nvcpl.dll = C:\WINDOWS\System32\nvcpl.dll @{FFB699E0-306A-11d3-8BD1-00104B6F7516} /*Play on my TV helper*/C:\WINDOWS\System32\nvcpl.dll = C:\WINDOWS\System32\nvcpl.dll @{1CDB2949-8F65-4355-8456-263E7C208A5D} /*Desktop Explorer*/C:\WINDOWS\System32\nvshell.dll = C:\WINDOWS\System32\nvshell.dll @{1E9B04FB-F9E5-4718-997B-B8DA88302A47} /*Desktop Explorer Menu*/C:\WINDOWS\System32\nvshell.dll = C:\WINDOWS\System32\nvshell.dll @{1E9B04FB-F9E5-4718-997B-B8DA88302A48} /*nView Desktop Context Menu*/C:\WINDOWS\System32\nvshell.dll = C:\WINDOWS\System32\nvshell.dll @{B41DB860-8EE4-11D2-9906-E49FADC173CA} /*WinRAR shell extension*/C:\Program Files\WinRAR\rarext.dll = C:\Program Files\WinRAR\rarext.dll @{32020A01-506E-484D-A2A8-BE3CF17601C3} /*AlcoholShellEx*/C:\PROGRA~1\ALCOHO~1\ALCOHO~1\axshlex.dll = C:\PROGRA~1\ALCOHO~1\ALCOHO~1\axshlex.dll @{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0} /*Set Program Access and Defaults*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll @{596AB062-B4D2-4215-9F74-E9109B0A8153} /*Previous Versions Property Page*/C:\WINDOWS\System32\twext.dll = C:\WINDOWS\System32\twext.dll @{9DB7A13C-F208-4981-8353-73CC61AE2783} /*Previous Versions*/C:\WINDOWS\System32\twext.dll = C:\WINDOWS\System32\twext.dll @{692F0339-CBAA-47e6-B5B5-3B84DB604E87} /*Extensions Manager Folder*/C:\WINDOWS\System32\extmgr.dll = C:\WINDOWS\System32\extmgr.dll @{B089FE88-FB52-11d3-BDF1-0050DA34150D} /*NOD32 Context Menu Shell Extension*/C:\Program Files\Eset\nodshex.dll = C:\Program Files\Eset\nodshex.dll HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved@{BDEADF00-C265-11d0-BCED-00A0C90AB50F} /*Foldery w sieci Web*/ = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL HKLM\Software\Classes*\shellex\ContextMenuHandlers\ >>> NOD32 Context Menu Shell Extension@{B089FE88-FB52-11d3-BDF1-0050DA34150D} = C:\Program Files\Eset\nodshex.dll Offline Files@{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll Open With@{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll Open With EncryptionMenu@{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll HKLM\Software\Classes*\shellex\ContextMenuHandlers@{a2a9545d-a0c2-42b4-9708-a0b2badd77c8} = %SystemRoot%\system32\SHELL32.dll HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ >>> EncryptionMenu@{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll Offline Files@{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll Sharing@{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ >>> NOD32 Context Menu Shell Extension@{B089FE88-FB52-11d3-BDF1-0050DA34150D} = C:\Program Files\Eset\nodshex.dll WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll HKCU\Control Panel\Desktop@SCRNSAVE.EXE = C:\WINDOWS\System32\logon.scr HKLM\Software\Microsoft\Internet Explorer\Plugins\Extension.spop@Location = C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll HKLM\Software\Microsoft\Internet Explorer\Main >>> @Default_Page_URLhttp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome = http://www.microsoft.com/isapi/redir.dl … ar=msnhome @Start Pagehttp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home @Local Page%SystemRoot%\system32\blank.htm = %SystemRoot%\system32\blank.htm HKCU\Software\Microsoft\Internet Explorer\Main >>> @Start Pagehttp://www.wp.pl/ = http://www.wp.pl/ @Local PageC:\WINDOWS\system32\blank.htm = C:\WINDOWS\system32\blank.htm HKLM\Software\Classes\PROTOCOLS\Filter\ >>> Class Install Handler@CLSID = C:\WINDOWS\system32\urlmon.dll deflate@CLSID = C:\WINDOWS\system32\urlmon.dll gzip@CLSID = C:\WINDOWS\system32\urlmon.dll lzdhtml@CLSID = C:\WINDOWS\system32\urlmon.dll text/webviewhtml@CLSID = %SystemRoot%\system32\SHELL32.dll HKLM\Software\Classes\PROTOCOLS\Handler\ >>> about@CLSID = %SystemRoot%\System32\mshtml.dll cdl@CLSID = C:\WINDOWS\system32\urlmon.dll dvd@CLSID = C:\WINDOWS\system32\msvidctl.dll file@CLSID = C:\WINDOWS\system32\urlmon.dll ftp@CLSID = C:\WINDOWS\system32\urlmon.dll gopher@CLSID = C:\WINDOWS\system32\urlmon.dll http@CLSID = C:\WINDOWS\system32\urlmon.dll https@CLSID = C:\WINDOWS\system32\urlmon.dll its@CLSID = C:\WINDOWS\System32\itss.dll javascript@CLSID = %SystemRoot%\System32\mshtml.dll local@CLSID = C:\WINDOWS\system32\urlmon.dll mailto@CLSID = %SystemRoot%\System32\mshtml.dll mhtml@CLSID = %SystemRoot%\System32\inetcomm.dll mk@CLSID = C:\WINDOWS\system32\urlmon.dll ms-its@CLSID = C:\WINDOWS\System32\itss.dll res@CLSID = %SystemRoot%\System32\mshtml.dll sysimage@CLSID = %SystemRoot%\System32\mshtml.dll tv@CLSID = C:\WINDOWS\system32\msvidctl.dll vbscript@CLSID = %SystemRoot%\System32\mshtml.dll wia@CLSID = C:\WINDOWS\System32\wiascr.dll HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters@Domain = HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces{EB14D460-E5C2-4D0C-B4E6-B5A5B736DD0C} /*Po*/ >>> @IPAddress192.168.2.3 = 192.168.2.3 @NameServer85.255.114.102,85.255.112.83 = 85.255.114.102,85.255.112.83 @DefaultGateway192.168.2.1 = 192.168.2.1 @Domain = HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ >>> 000000000001@LibraryPath = %SystemRoot%\System32\mswsock.dll 000000000002@LibraryPath = %SystemRoot%\System32\winrnr.dll 000000000003@LibraryPath = %SystemRoot%\System32\mswsock.dll HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\ >>> 000000000001@PackedCatalogItem = imon.dll 000000000002@PackedCatalogItem = imon.dll 000000000003@PackedCatalogItem = imon.dll 000000000004@PackedCatalogItem = imon.dll 000000000005@PackedCatalogItem = imon.dll 000000000006@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll 000000000007@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll 000000000008@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll 000000000009@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll 000000000010@PackedCatalogItem = %SystemRoot%\system32\rsvpsp.dll 000000000011@PackedCatalogItem = %SystemRoot%\system32\rsvpsp.dll 000000000012@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll 000000000013@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll 000000000014@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll 000000000015@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll 000000000016@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll 000000000017@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll 000000000018@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll 000000000019@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll 000000000020@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll 000000000021@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll 000000000022@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll 000000000023@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000024@PackedCatalogItem = imon.dll C:\Documents and Settings\All Users\Menu Start\Programy\Autostart >>> InterVideo WinCinema Manager.lnk = InterVideo WinCinema Manager.lnk Microsoft Office.lnk = Microsoft Office.lnk ---- EOF - GMER 1.0.12 ----

SR nadal nie chce ruszyc…

system · 13 Listopad 2006 19:09

Ściągnij to http://dobreprogramy.pl/index.php?dz=2&t=55&id=1643 zmien wszystkie znaczki z disable na enable, nastapi restart kompa

Wyłacz przywracanie systemu

O4 - HKCU…\Run: [updateService] C:\WINDOWS\system32\wservice.exe O4 - HKLM…\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O17 - HKLM\System\CCS\Services\Tcpip…{10C207F9-A50B-4C26-AAE7-5E868DF33DCD}: NameServer = 85.255.114.102,85.255.112.83 O17 - HKLM\System\CCS\Services\Tcpip…{19E6592A-82C4-414D-9FBF-D04B05C58CD2}: NameServer = 85.255.114.102,85.255.112.83 O17 - HKLM\System\CCS\Services\Tcpip…{699C2DC5-0233-4A67-B43E-7780C4070F67}: NameServer = 85.255.114.102,85.255.112.83 O17 - HKLM\System\CCS\Services\Tcpip…{EB14D460-E5C2-4D0C-B4E6-B5A5B736DD0C}: NameServer = 85.255.114.102,85.255.112.83 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.102 85.255.112.83 O17 - HKLM\System\CS1\Services\Tcpip…{10C207F9-A50B-4C26-AAE7-5E868DF33DCD}: NameServer = 85.255.114.102,85.255.112.83 O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.114.102 85.255.112.83 O17 - HKLM\System\CS3\Services\Tcpip…{10C207F9-A50B-4C26-AAE7-5E868DF33DCD}: NameServer = 85.255.114.102,85.255.112.83

Tych DNS-ów wejdz tu http://www.sylwex.pl/~soft-worte/new_fo … c.php?t=11 i poczytaj Windows Security Center i użyj narzedzia Fixwareout.exe .Po usuwaniu wklej log na forum z tego narzedzia.

Co do tego pliku naczerwono uzyj Pocket KillBox Wybierz ocje “Delete on Reboot” w polu “Full Path of File to Delete” i wklej ścieżke

C:\WINDOWS\system32\wservice.exe

Następnie wybierasz X(czerwony) i nastąpi restart kompa.

Po wszystkim nowe logi plus z Fixwareout.exe. Wpisy oczywiście skasuj w hijakthis poleceniem fixchecked

Xil · 13 Listopad 2006 19:23

Hmm mam problem z dostaniem sie na te strony, bede caly czas probowal. Mam pytanie, tak na wszelki wypadek, na przyszlosc :] Gdybym robil formata to co powiniennem zrobic zeby ustrzec sie takich niespodzianek ? Czy wystarczy jesli odrazu po instalacji zainstaluje nod32 albo avasta ? Czy dolozyc jeszcze do nich jakis program wspomagajacy ?

system · 13 Listopad 2006 19:28

nod32 + firewall np: Kerio , na forum jest ładny opis tego programu.

Link do Fixwareout.exe

i koniecznie zastosuj WWDC. Format to ostateczność zawsze zdązysz go zrobić

Xil · 13 Listopad 2006 19:50

Log z Fixwareout:

Log z HJ:

Logfile of HijackThis v1.99.1 Scan saved at 20:53:51, on 2006-11-13 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\Eset\nod32kui.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Administrator\Pulpit\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O4 - HKLM…\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM…\Run: [NvCplDaemon] “RUNDLL32.EXE” C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM…\Run: [nwiz] “nwiz.exe” /install O4 - HKLM…\Run: [NvMediaCenter] “RUNDLL32.EXE” C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM…\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM…\Run: [CloneCDTray] “C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe” /s O4 - HKLM…\Run: [DAEMON Tools] “C:\Program Files\DAEMON Tools\daemon.exe” -lang 1045 O4 - HKLM…\Run: [nod32kui] “C:\Program Files\Eset\nod32kui.exe” /WAITSERVICE O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray O4 - HKCU…\Run: [updateService] C:\WINDOWS\system32\wservice.exe O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar … vSniff.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar … /cabsa.cab O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab O17 - HKLM\System\CCS\Services\Tcpip…{EB14D460-E5C2-4D0C-B4E6-B5A5B736DD0C}: NameServer = 217.30.129.149,217.30.137.200 O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

system · 13 Listopad 2006 20:02

To usuwałes tym killboxem ?? moze pliku juz nie ma jest w gmerze file not found ale lepiej sprawdzić

Jak usuwałes to wejdz z powrtotem do Gmera w trybie awaryjnym i metode juz znasz usuwania i wklej w cmd

DEL C:\WINDOWS\system32{153CFF4F-D28A-4E6C-9BFE-653E600D4A8E}.exe

DEL C:\WINDOWS\system32{E433693F-7E28-4CD3-879E-1BCFE9CF0344}.exe

DEL C:\WINDOWS\system32\wservice.exe

Następnie zaznacz regedit i wklej

Dla kazdego z osobna musisz dać uruchom. W razie komunikatów błednych w gmerze daj usuwanie tylko tych dwóch pierwszych bez tego wservice.exe

po wszystkim nowy log z hijackthis

Xil · 13 Listopad 2006 20:19

Log z HJ:

Logfile of HijackThis v1.99.1 Scan saved at 21:21:54, on 2006-11-13 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\Eset\nod32kui.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Administrator\Pulpit\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wp.pl/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O4 - HKLM…\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM…\Run: [NvCplDaemon] “RUNDLL32.EXE” C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM…\Run: [nwiz] “nwiz.exe” /install O4 - HKLM…\Run: [NvMediaCenter] “RUNDLL32.EXE” C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM…\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM…\Run: [CloneCDTray] “C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe” /s O4 - HKLM…\Run: [DAEMON Tools] “C:\Program Files\DAEMON Tools\daemon.exe” -lang 1045 O4 - HKLM…\Run: [nod32kui] “C:\Program Files\Eset\nod32kui.exe” /WAITSERVICE O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar … vSniff.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar … /cabsa.cab O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab O17 - HKLM\System\CCS\Services\Tcpip…{EB14D460-E5C2-4D0C-B4E6-B5A5B736DD0C}: NameServer = 217.30.129.149,217.30.137.200 O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

system · 13 Listopad 2006 20:26

No jest już ok

Jak problemy z kompem ustąpiły ??

Xil · 13 Listopad 2006 20:37

Wszystko jest w jak najlepszym porzadku Bardzo dziekuje za pomoc, jednak niewarto odrazu robic formata. Respect dla Twojej wiedzy…