Ok, dziekuje bardzo. A czy moge prosic o sprawdzenie logów mojego drugiego komputera? Oto one:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:40:43, on 2008-10-18
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\FixCamera.exe
C:\WINDOWS\tsnp325.exe
C:\WINDOWS\vsnp325.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\NETGEAR\WPN111\wpn111.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nasza-klasa.pl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM…\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM…\Run: [inCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM…\Run: [Ad-aware] “C:\Program Files\Lavasoft\Ad-aware 6\Ad-aware.exe” +c
O4 - HKLM…\Run: [RemoteControl] “C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe”
O4 - HKLM…\Run: [LanguageShortcut] “C:\Program Files\CyberLink\PowerDVD\Language\Language.exe”
O4 - HKLM…\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM…\Run: [avgnt] “C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe” /min
O4 - HKLM…\Run: [Adobe Reader Speed Launcher] “C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe”
O4 - HKLM…\Run: [TkBellExe] “C:\Program Files\Common Files\Real\Update_OB\realsched.exe” -osboot
O4 - HKLM…\Run: [WinampAgent] “C:\Program Files\Winamp\winampa.exe”
O4 - HKLM…\Run: [FixCamera] C:\WINDOWS\FixCamera.exe
O4 - HKLM…\Run: [tsnp325] C:\WINDOWS\tsnp325.exe
O4 - HKLM…\Run: [snp325] C:\WINDOWS\vsnp325.exe
O4 - HKLM…\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM…\Run: [sunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe”
O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU…\Run: [bitTorrent] “C:\Program Files\BitTorrent\bittorrent.exe” --force_start_minimized
O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray
O4 - HKCU…\Run: [AutoEA] C:\Program Files\Creative\SBLive\AudioHQ\ahqrun.exe “C:\Program Files\Creative\SBLive\AudioHQ\AHQ\CTAutoEA.ahq” 0
O4 - HKCU…\Run: [skype] “C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized
O4 - HKCU…\Run: [MsnMsgr] “C:\Program Files\MSN Messenger\MsnMsgr.Exe” /background
O4 - HKCU…\Run: [H/PC Connection Agent] “C:\Program Files\Microsoft ActiveSync\Wcescomm.exe”
O4 - HKCU…\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘USŁUGA LOKALNA’)
O4 - HKUS\S-1-5-19…\RunOnce: [nlpo_01] cmd.exe /c md “%USERPROFILE%\Ustawienia lokalne\Temp” (User ‘USŁUGA LOKALNA’)
O4 - HKUS\S-1-5-19…\RunOnce: [nlpo_03] cmd.exe /c md “%SystemRoot%\System32\dllcache” (User ‘USŁUGA LOKALNA’)
O4 - HKUS\S-1-5-19…\RunOnce: [nlpo_04] cmd.exe /C move /Y “%SystemRoot%\System32\syssetub.dll” “%SystemRoot%\System32\syssetup.dll” (User ‘USŁUGA LOKALNA’)
O4 - HKUS\S-1-5-19…\RunOnce: [nlpo_05] rundll32 advpack.dll,LaunchINFSection nlite.inf,nLiteReg (User ‘USŁUGA LOKALNA’)
O4 - HKUS\S-1-5-19…\RunOnce: [nlpo_06] rundll32 advpack.dll,LaunchINFSection nlite.inf,S (User ‘USŁUGA LOKALNA’)
O4 - HKUS\S-1-5-20…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘USŁUGA SIECIOWA’)
O4 - HKUS\S-1-5-20…\RunOnce: [nlpo_01] cmd.exe /c md “%USERPROFILE%\Ustawienia lokalne\Temp” (User ‘USŁUGA SIECIOWA’)
O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’)
O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’)
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NETGEAR WPN111 Smart Wizard.lnk = ?
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra ‘Tools’ menuitem: Utwórz Ulubione dla urządzenia przenośnego… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {1E53EA77-34F2-474E-9046-B2B0C86F1821} (OggX Control) - http://www.eska.pl/streamplayers/OggX.ocx
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/ … leId=23100
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
–
End of file - 8683 bytes
ComboFix 08-10-17.01 - agu 2008-10-18 20:48:55.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.219 [GMT 2:00]
Uruchomiony z: C:\Documents and Settings\agu\Pulpit\ComboFix.exe
* Utworzono nowy punkt przywracania
UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA
.
((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\Downloaded Program Files\setup.inf
.
((((((((((((((((((((((((( Pliki utworzone od 2008-09-18 do 2008-10-18 )))))))))))))))))))))))))))))))
.
2008-10-18 20:40 . 2008-10-18 20:40
2008-10-18 00:50 . 2008-10-18 00:50 268 --ah----- C:\sqmdata04.sqm
2008-10-18 00:50 . 2008-10-18 00:50 244 --ah----- C:\sqmnoopt04.sqm
2008-10-17 00:56 . 2008-10-17 00:56 268 --ah----- C:\sqmdata03.sqm
2008-10-17 00:56 . 2008-10-17 00:56 244 --ah----- C:\sqmnoopt03.sqm
2008-10-16 00:47 . 2008-10-16 00:47 268 --ah----- C:\sqmdata02.sqm
2008-10-16 00:47 . 2008-10-16 00:47 244 --ah----- C:\sqmnoopt02.sqm
2008-10-16 00:17 . 2008-10-16 00:25
2008-10-16 00:16 . 2004-08-04 02:44 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-10-15 02:11 . 2008-10-15 02:11 268 --ah----- C:\sqmdata01.sqm
2008-10-15 02:11 . 2008-10-15 02:11 244 --ah----- C:\sqmnoopt01.sqm
2008-10-14 23:17 . 2008-10-14 23:17 268 --ah----- C:\sqmdata00.sqm
2008-10-14 23:17 . 2008-10-14 23:17 244 --ah----- C:\sqmnoopt00.sqm
2008-10-14 23:16 . 2008-08-14 15:40 2,187,264 --------- C:\WINDOWS\system32\DllCache\ntoskrnl.exe
2008-10-14 23:16 . 2008-08-14 15:40 2,144,256 --------- C:\WINDOWS\system32\DllCache\ntkrnlmp.exe
2008-10-14 23:16 . 2008-08-14 15:40 2,064,256 --------- C:\WINDOWS\system32\DllCache\ntkrnlpa.exe
2008-10-14 23:16 . 2008-08-14 15:40 2,022,400 --------- C:\WINDOWS\system32\DllCache\ntkrpamp.exe
2008-10-14 23:16 . 2008-09-15 17:17 1,847,168 --------- C:\WINDOWS\system32\DllCache\win32k.sys
2008-10-14 23:16 . 2008-08-28 12:35 333,056 --------- C:\WINDOWS\system32\DllCache\srv.sys
2008-10-14 00:16 . 2008-06-14 20:01 273,024 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-10-14 00:16 . 2008-06-14 20:01 273,024 --------- C:\WINDOWS\system32\DllCache\bthport.sys
2008-10-14 00:15 . 2006-12-07 07:29 2,374,472 --------- C:\WINDOWS\system32\DllCache\wmvcore.dll
2008-10-14 00:15 . 2008-04-11 20:41 683,520 --------- C:\WINDOWS\system32\DllCache\inetcomm.dll
2008-10-14 00:15 . 2008-05-01 16:33 331,776 --------- C:\WINDOWS\system32\DllCache\msadce.dll
2008-10-14 00:15 . 2008-05-08 14:14 203,008 --------- C:\WINDOWS\system32\DllCache\rmcast.sys
2008-10-14 00:14 . 2008-10-16 00:25
2008-10-05 17:02 . 2008-10-05 17:30
2008-10-05 17:02 . 2008-10-05 17:02
2008-10-05 16:56 . 2008-10-05 16:56
2008-10-05 16:56 . 2008-10-05 16:57 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-09-28 22:17 . 2005-10-21 03:47 30,592 --------- C:\WINDOWS\system32\drivers\rndismpx.sys
2008-09-28 22:17 . 2005-10-21 03:47 12,800 --------- C:\WINDOWS\system32\drivers\usb8023x.sys
2008-09-28 22:16 . 2008-09-28 22:17
2008-09-25 16:45 . 2008-09-25 16:47
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-18 19:02 --------- d-----w C:\Documents and Settings\agu\Dane aplikacji\Skype
2008-10-18 16:47 --------- d–h--w C:\Program Files\InstallShield Installation Information
2008-10-18 14:09 --------- d-----w C:\Documents and Settings\agu\Dane aplikacji\skypePM
2008-10-16 12:18 --------- d-----w C:\Program Files\MPlayer for Windows
2008-10-04 23:26 --------- d-----w C:\Documents and Settings\agu\Dane aplikacji\iMesh
2008-09-15 15:17 1,847,168 ----a-w C:\WINDOWS\system32\win32k.sys
2008-08-31 17:21 --------- d-----w C:\Program Files\Sun
2008-08-31 17:20 --------- d-----w C:\Program Files\Java
2008-08-31 17:18 --------- d-----w C:\Program Files\Common Files\Java
2008-08-30 18:45 --------- d-----w C:\Program Files\NAPI-PROJEKT
2008-08-28 10:35 333,056 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-08-20 05:33 151,552 ------w C:\WINDOWS\system32\DllCache\cdfview.dll
2008-08-19 09:38 18,432 ------w C:\WINDOWS\system32\DllCache\iedw.exe
2008-08-14 13:40 2,187,264 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-08-14 13:40 2,064,256 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2008-08-14 09:48 138,368 ------w C:\WINDOWS\system32\DllCache\afd.sys
2008-01-24 19:49 19,944 ----a-w C:\Documents and Settings\agu\Dane aplikacji\GDIPFONTCACHEV1.DAT
2007-12-23 20:11 32 ----a-w C:\Documents and Settings\All Users\Dane aplikacji\ezsid.dat
2007-09-24 15:12 84,418 ----a-w C:\Documents and Settings\All Users\Dane aplikacji\firstlsp.reg.dat
2007-07-19 23:19 855,886 ----a-w C:\Program Files\AUG2007_d3dx10_35_x64.cab
2007-07-19 23:19 800,467 ----a-w C:\Program Files\AUG2007_d3dx10_35_x86.cab
2007-07-19 23:19 1,803,760 ----a-w C:\Program Files\AUG2007_d3dx9_35_x64.cab
2007-07-19 23:18 44,684 ----a-w C:\Program Files\dxdllreg_x86.cab
2007-07-19 23:18 201,696 ----a-w C:\Program Files\AUG2007_XACT_x64.cab
2007-07-19 23:18 156,612 ----a-w C:\Program Files\AUG2007_XACT_x86.cab
2007-07-19 23:18 1,711,752 ----a-w C:\Program Files\AUG2007_d3dx9_35_x86.cab
2008-06-25 16:29 88 --sh–r C:\WINDOWS\system32\456B4DF211.sys
2008-06-25 16:29 3,350 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-04 15360]
“Gadu-Gadu”=“C:\Program Files\Gadu-Gadu\gg.exe” [2007-07-09 2119104]
“Skype”=“C:\Program Files\Skype\Phone\Skype.exe” [2008-06-03 21718312]
“MsnMsgr”=“C:\Program Files\MSN Messenger\MsnMsgr.Exe” [2007-01-19 5674352]
“H/PC Connection Agent”=“C:\Program Files\Microsoft ActiveSync\Wcescomm.exe” [2006-11-13 1289000]
“swg”=“C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe” [2007-10-03 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“NeroFilterCheck”=“C:\WINDOWS\system32\NeroCheck.exe” [2001-07-09 155648]
“InCD”=“C:\Program Files\Ahead\InCD\InCD.exe” [2004-06-04 1400944]
“RemoteControl”=“C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe” [2005-12-07 30208]
“LanguageShortcut”=“C:\Program Files\CyberLink\PowerDVD\Language\Language.exe” [2006-05-18 49152]
“avgnt”=“C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe” [2008-07-19 266497]
“Adobe Reader Speed Launcher”=“C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe” [2008-01-11 39792]
“TkBellExe”=“C:\Program Files\Common Files\Real\Update_OB\realsched.exe” [2008-06-25 185896]
“FixCamera”=“C:\WINDOWS\FixCamera.exe” [2007-02-12 20480]
“tsnp325”=“C:\WINDOWS\tsnp325.exe” [2007-04-21 270336]
“snp325”=“C:\WINDOWS\vsnp325.exe” [2007-04-25 835584]
“PWRISOVM.EXE”=“C:\Program Files\PowerISO\PWRISOVM.EXE” [2006-09-09 196608]
“SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe” [2008-06-10 144784]
[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE” [2004-08-04 15360]
C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]
NETGEAR WPN111 Smart Wizard.lnk - C:\Program Files\NETGEAR\WPN111\wpn111.exe [2008-07-18 884838]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
“aux”= ctwdm32.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
–a------ 2008-07-24 17:02 490952 C:\Program Files\DAEMON Tools Lite\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
–a------ 2007-10-03 19:41 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
“%windir%\system32\sessmgr.exe”=
“C:\WINDOWS\system32\usmt\migwiz.exe”=
“C:\Program Files\Gadu-Gadu\gg.exe”=
“C:\Program Files\iMesh Applications\iMesh\iMesh.exe”=
“C:\Program Files\MSN Messenger\msnmsgr.exe”=
“C:\Program Files\MSN Messenger\livecall.exe”=
“C:\Program Files\Real\RealPlayer\realplay.exe”=
“C:\Program Files\Microsoft ActiveSync\rapimgr.exe”= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
“C:\Program Files\Microsoft ActiveSync\wcescomm.exe”= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
“C:\Program Files\Microsoft ActiveSync\WCESMgr.exe”= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
“C:\Program Files\Skype\Phone\Skype.exe”=
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
“8056:TCP”= 8056:TCP:BitComet 8056 TCP
“8056:UDP”= 8056:UDP:BitComet 8056 UDP
“8461:TCP”= 8461:TCP:GoD High Port
“8462:TCP”= 8462:TCP:GoD Low Port
“26675:TCP”= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
R3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\DNINDIS5.SYS [2003-07-24 17149]
R3 SNP325;USB PC Camera (SNPSTD325);C:\WINDOWS\system32\DRIVERS\snp325.sys [2007-04-26 10343168]
R3 WPN111;Wireless USB 2.0 Adapter with RangeMax Service;C:\WINDOWS\system32\DRIVERS\WPN111.sys [2005-09-26 362944]
S3 tj2knd5;Terayon Cable Modem (NDIS);C:\WINDOWS\system32\DRIVERS\tj2knd5.sys [2002-10-14 17616]
S3 tj2kunic;Terayon Cable Modem (WDM);C:\WINDOWS\system32\DRIVERS\tj2kunic.sys [2002-10-14 69680]
S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2006-09-13 26496]
*Newly Created Service* - PROCEXP90
.
-
-
-
- USUNIĘTO PUSTE WPISY - - - -
HKCU-Run-BitTorrent - C:\Program Files\BitTorrent\bittorrent.exe
HKCU-Run-AutoEA - C:\Program Files\Creative\SBLive\AudioHQ\ahqrun.exe
HKLM-Run-Ad-aware - C:\Program Files\Lavasoft\Ad-aware 6\Ad-aware.exe
HKLM-Run-AudioHQ - C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
HKLM-Run-WinampAgent - C:\Program Files\Winamp\winampa.exe
MSConfigStartUp-BitComet - C:\Program Files\BitComet\BitComet.exe
.
------- Skan uzupełniający -------
.
FireFox -: Profile - C:\Documents and Settings\agu\Dane aplikacji\Mozilla\Firefox\Profiles\dy0h08k2.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=ie=UTF-8oe=UTF-8q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://google.atcomet.com/b/
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-18 21:02:24
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
skanowanie ukrytych procesów …
skanowanie ukrytych wpisów autostartu …
skanowanie ukrytych plików …
C:\DOCUME~1\agu\USTAWI~1\Temp\RGIE.tmp
skanowanie pomyślnie ukończone
ukryte pliki: 1
**************************************************************************
.
Czas ukończenia: 2008-10-18 21:07:07
ComboFix-quarantined-files.txt 2008-10-18 19:06:13
Przed: 14 064 336 896 bajtów wolnych
Po: 14,063,099,904 bajtów wolnych
WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe
171 — E O F — 2008-10-15 22:25:37
“Silent Runners.vbs”, revision 58, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by “{++}”
Startup items buried in registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
“CTFMON.EXE” = “C:\WINDOWS\system32\ctfmon.exe” [MS]
“BitTorrent” = ““C:\Program Files\BitTorrent\bittorrent.exe” --force_start_minimized” [file not found]
“Gadu-Gadu” = ““C:\Program Files\Gadu-Gadu\gg.exe” /tray” [“Gadu-Gadu S.A.”]
“AutoEA” = “C:\Program Files\Creative\SBLive\AudioHQ\ahqrun.exe “C:\Program Files\Creative\SBLive\AudioHQ\AHQ\CTAutoEA.ahq” 0” [file not found]
“Skype” = ““C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized” [“Skype Technologies S.A.”]
“MsnMsgr” = ““C:\Program Files\MSN Messenger\MsnMsgr.Exe” /background” [MS]
“H/PC Connection Agent” = ““C:\Program Files\Microsoft ActiveSync\Wcescomm.exe”” [MS]
“swg” = “C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe” [“Google Inc.”]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
“NeroFilterCheck” = “C:\WINDOWS\system32\NeroCheck.exe” [“Ahead Software Gmbh”]
“InCD” = “C:\Program Files\Ahead\InCD\InCD.exe” [“Ahead Software AG”]
“Ad-aware” = ““C:\Program Files\Lavasoft\Ad-aware 6\Ad-aware.exe” +c” [file not found]
“RemoteControl” = ““C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe”” [“Cyberlink Corp.”]
“LanguageShortcut” = ““C:\Program Files\CyberLink\PowerDVD\Language\Language.exe”” [null data]
“AudioHQ” = “C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE” [file not found]
“avgnt” = ““C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe” /min” [“Avira GmbH”]
“Adobe Reader Speed Launcher” = ““C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe”” [“Adobe Systems Incorporated”]
“TkBellExe” = ““C:\Program Files\Common Files\Real\Update_OB\realsched.exe” -osboot” [“RealNetworks, Inc.”]
“WinampAgent” = ““C:\Program Files\Winamp\winampa.exe”” [file not found]
“FixCamera” = “C:\WINDOWS\FixCamera.exe” [empty string]
“tsnp325” = “C:\WINDOWS\tsnp325.exe” [empty string]
“snp325” = “C:\WINDOWS\vsnp325.exe” [empty string]
“PWRISOVM.EXE” = “C:\Program Files\PowerISO\PWRISOVM.EXE” [“PowerISO Computing, Inc.”]
“SunJavaUpdateSched” = ““C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe”” [“Sun Microsystems, Inc.”]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided)
- {HKLM…CLSID} = “Adobe PDF Reader Link Helper”
\InProcServer32(Default) = “C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll” [“Adobe Systems Incorporated”]
{22BF413B-C6D2-4d91-82A9-A0F997BA588C}(Default) = “Skype add-on (mastermind)”
- {HKLM…CLSID} = “Skype add-on (mastermind)”
\InProcServer32(Default) = “C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll” [“Skype Technologies S.A.”]
{3049C3E9-B461-4BC5-8870-4C09146192CA}(Default) = (no title provided)
- {HKLM…CLSID} = “RealPlayer Download and Record Plugin for Internet Explorer”
\InProcServer32(Default) = “C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll” [“RealPlayer”]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}(Default) = (no title provided)
- {HKLM…CLSID} = “SSVHelper Class”
\InProcServer32(Default) = “C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll” [“Sun Microsystems, Inc.”]
{9030D464-4C02-4ABF-8ECC-5164760863C6}(Default) = (no title provided)
- {HKLM…CLSID} = “Windows Live Sign-in Helper”
\InProcServer32(Default) = “C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll” [MS]
{AA58ED58-01DD-4d91-8333-CF10577473F7}(Default) = (no title provided)
- {HKLM…CLSID} = “Google Toolbar Helper”
\InProcServer32(Default) = “c:\program files\google\googletoolbar1.dll” [“Google Inc.”]
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}(Default) = (no title provided)
- {HKLM…CLSID} = “Google Toolbar Notifier BHO”
\InProcServer32(Default) = “C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll” [“Google Inc.”]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
“{42071714-76d4-11d1-8b24-00a0c9068ff3}” = “Rozszerzenie CPL kadrowania wyświetlania”
- {HKLM…CLSID} = “Rozszerzenie CPL kadrowania wyświetlania”
\InProcServer32(Default) = “deskpan.dll” [file not found]
“{88895560-9AA2-1069-930E-00AA0030EBC8}” = “Rozszerzenie ikony HyperTerminalu”
- {HKLM…CLSID} = “HyperTerminal Icon Ext”
\InProcServer32(Default) = “C:\WINDOWS\system32\hticons.dll” [“Hilgraeve, Inc.”]
“{3028902F-6374-48b2-8DC6-9725E775B926}” = “IE Microsoft AutoComplete”
- {HKLM…CLSID} = “IE Microsoft AutoComplete”
\InProcServer32(Default) = “C:\WINDOWS\system32\browseui.dll” [MS]
“{EFA24E62-B078-11d0-89E4-00C04FC9E26E}” = “History Band”
- {HKLM…CLSID} = “History Band”
\InProcServer32(Default) = “C:\WINDOWS\system32\shdocvw.dll” [MS]
“{45AC2688-0253-4ED8-97DE-B5370FA7D48A}” = “Shell Extension for Malware scanning”
- {HKLM…CLSID} = “Shell Extension for Malware scanning”
\InProcServer32(Default) = “C:\Program Files\Avira\AntiVir PersonalEdition Classic\shlext.dll” [“Avira GmbH”]
“{0006F045-0000-0000-C000-000000000046}” = “Microsoft Outlook Custom Icon Handler”
- {HKLM…CLSID} = “Rozszerzenie ikon plików programu Outlook”
\InProcServer32(Default) = “C:\Program Files\Microsoft Office\Office10\OLKFSTUB.DLL” [MS]
“{42042206-2D85-11D3-8CFF-005004838597}” = “Microsoft Office HTML Icon Handler”
- {HKLM…CLSID} = (no title provided)
\InProcServer32(Default) = “C:\Program Files\Microsoft Office\Office10\msohev.dll” [MS]
“{950FF917-7A57-46BC-8017-59D9BF474000}” = “Shell Extension for CDRW”
- {HKLM…CLSID} = “Shell Extension for CDRW”
\InProcServer32(Default) = “C:\Program Files\Ahead\InCD\incdshx.dll” [“Ahead Software AG”]
“{B41DB860-8EE4-11D2-9906-E49FADC173CA}” = “WinRAR shell extension”
\InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data]
“{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D}” = “Messenger Sharing Folders”
- {HKLM…CLSID} = “Moje foldery udostępniania”
\InProcServer32(Default) = “C:\Program Files\MSN Messenger\fsshext.8.1.0178.00.dll” [MS]
“{cc86590a-b60a-48e6-996b-41d25ed39a1e}” = “Portable Media Devices Menu”
- {HKLM…CLSID} = “Portable Media Devices Menu”
\InProcServer32(Default) = “C:\WINDOWS\system32\Audiodev.dll” [MS]
“{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}” = “Shell Extensions for RealOne Player”
- {HKLM…CLSID} = “RealOne Player Context Menu Class”
\InProcServer32(Default) = “C:\Program Files\Real\RealPlayer\rpshell.dll” [“RealNetworks, Inc.”]
“{967B2D40-8B7D-4127-9049-61EA0C2C6DCE}” = “PowerISO”
- {HKLM…CLSID} = “PowerISO”
\InProcServer32(Default) = “C:\Program Files\PowerISO\PWRISOSH.DLL” [“PowerISO Computing, Inc.”]
“{49BF5420-FA7F-11cf-8011-00A0C90A8F78}” = “Mobile Device”
- {HKLM…CLSID} = “Urządzenie przenośne”
\InProcServer32(Default) = “C:\PROGRA~1\MICROS~3\Wcesview.dll” [MS]
HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\
{F9DB5320-233E-11D1-9F84-707F02C10627}(Default) = “PDF Column Info”
- {HKLM…CLSID} = “PDF Shell Extension”
\InProcServer32(Default) = “C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll” [“Adobe Systems, Inc.”]
HKLM\SOFTWARE\Classes*\shellex\ContextMenuHandlers\
PowerISO(Default) = “{967B2D40-8B7D-4127-9049-61EA0C2C6DCE}”
- {HKLM…CLSID} = “PowerISO”
\InProcServer32(Default) = “C:\Program Files\PowerISO\PWRISOSH.DLL” [“PowerISO Computing, Inc.”]
Shell Extension for Malware scanning(Default) = “{45AC2688-0253-4ED8-97DE-B5370FA7D48A}”
- {HKLM…CLSID} = “Shell Extension for Malware scanning”
\InProcServer32(Default) = “C:\Program Files\Avira\AntiVir PersonalEdition Classic\shlext.dll” [“Avira GmbH”]
WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}”
\InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data]
HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\
PowerISO(Default) = “{967B2D40-8B7D-4127-9049-61EA0C2C6DCE}”
- {HKLM…CLSID} = “PowerISO”
\InProcServer32(Default) = “C:\Program Files\PowerISO\PWRISOSH.DLL” [“PowerISO Computing, Inc.”]
WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}”
\InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data]
HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\
PowerISO(Default) = “{967B2D40-8B7D-4127-9049-61EA0C2C6DCE}”
- {HKLM…CLSID} = “PowerISO”
\InProcServer32(Default) = “C:\Program Files\PowerISO\PWRISOSH.DLL” [“PowerISO Computing, Inc.”]
Shell Extension for Malware scanning(Default) = “{45AC2688-0253-4ED8-97DE-B5370FA7D48A}”
- {HKLM…CLSID} = “Shell Extension for Malware scanning”
\InProcServer32(Default) = “C:\Program Files\Avira\AntiVir PersonalEdition Classic\shlext.dll” [“Avira GmbH”]
WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}”
\InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data]
Group Policies {GPedit.msc branch and setting}:
Note: detected settings may not have any effect.
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\
“DisableRegistryTools” = (REG_DWORD) dword:0x00000000
{User Configuration|Administrative Templates|System|
Prevent access to registry editing tools}
HKCU\Software\Policies\Microsoft\Windows\System\
“DisableCMD” = (REG_DWORD) dword:0x00000000
{User Configuration|Administrative Templates|System|
Disable the command prompt}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\
“shutdownwithoutlogon” = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}
“undockwithoutlogon” = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}
Active Desktop and Wallpaper:
Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
“Wallpaper” = “C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp”
Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
“Wallpaper” = “C:\Documents and Settings\agu\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp”
Windows Portable Device AutoPlay Handlers
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\
IMMediaPlayerOnArrival\
“Provider” = “iMesh”
“ProgID” = “iMesh.LauncherEventHandler”
HKLM\SOFTWARE\Classes\iMesh.LauncherEventHandler\CLSID(Default) = “{2C353E32-B8AC-4B82-B988-4C2D3394388A}”
- {HKLM…CLSID} = “CLauncherEventHandler Object”
\LocalServer32(Default) = ““C:\PROGRA~1\IMESHA~1\iMesh\Launcher.exe”” [“iMesh Inc.”]
IMPlayCDAudioOnArrival\
“Provider” = “iMesh”
“InvokeProgID” = “iMesh.AudioCD”
“InvokeVerb” = “play”
HKLM\SOFTWARE\Classes\iMesh.AudioCD\shell\play\Command(Default) = “C:\PROGRA~1\IMESHA~1\iMesh\iMesh.exe --playdrive %L” [“iMesh, Inc”]
IMRipCDAudioOnArrival\
“Provider” = “iMesh”
“InvokeProgID” = “iMesh.AudioCD”
“InvokeVerb” = “rip”
HKLM\SOFTWARE\Classes\iMesh.AudioCD\shell\rip\Command(Default) = “C:\PROGRA~1\IMESHA~1\iMesh\iMesh.exe --ripdrive %L” [“iMesh, Inc”]
IMShowCDAudioOnArrival\
“Provider” = “iMesh”
“InvokeProgID” = “iMesh.AudioCD”
“InvokeVerb” = “show”
HKLM\SOFTWARE\Classes\iMesh.AudioCD\shell\show\Command(Default) = “C:\PROGRA~1\IMESHA~1\iMesh\iMesh.exe --showdrive %L” [“iMesh, Inc”]
NeroAutoPlayEmptyCD\
“Provider” = “Nero StartSmart”
“InvokeProgID” = “Nero.AutoPlay”
“InvokeVerb” = “EmptyCD”
HKLM\SOFTWARE\Classes\Nero.AutoPlay\shell\EmptyCD\command(Default) = ““C:\Program Files\Ahead\nero startsmart\nerostartsmart.exe” /Drive:%L” [“Ahead Software AG”]
NeroAutoPlayInCDAutorunEmptyCD\
“Provider” = “InCD”
“InvokeProgID” = “Nero.AutoPlay”
“InvokeVerb” = “InCDAutorunEmptyCD”
HKLM\SOFTWARE\Classes\Nero.AutoPlay\shell\InCDAutorunEmptyCD\command(Default) = “C:\Program Files\Ahead\InCD\InCDL.exe” [“Ahead Software AG”]
PDVDPlayCDAudioOnArrival\
“Provider” = “PowerDVD”
“InvokeProgID” = “AudioCD”
“InvokeVerb” = “PlayWithPowerDVD”
HKLM\SOFTWARE\Classes\AudioCD\shell\PlayWithPowerDVD\Command(Default) = ““C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe” “%L”” [“CyberLink Corp.”]
PDVDPlayVCDMovieOnArrival\
“Provider” = “PowerDVD”
“InvokeProgID” = “VCD”
“InvokeVerb” = “PlayWithPowerDVD”
HKLM\SOFTWARE\Classes\VCD\shell\PlayWithPowerDVD\Command(Default) = ““C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe” “%l”” [“CyberLink Corp.”]
RPCDBurningOnArrival\
“Provider” = “RealPlayer”
“InvokeProgID” = “RealPlayer.CDBurn.6”
“InvokeVerb” = “open”
HKCU\Software\Classes\RealPlayer.CDBurn.6\shell\open\command(Default) = "“C:\Program Files\Real\RealPlayer\realplay.exe” /burn “%1"” [“RealNetworks, Inc.”]
RPDeviceOnArrival\
“Provider” = “RealPlayer”
“ProgID” = “RealPlayer.HWEventHandler”
HKLM\SOFTWARE\Classes\RealPlayer.HWEventHandler\CLSID(Default) = “{67E76F1D-BDE2-4052-913C-2752366192D2}”
- {HKLM…CLSID} = “RealNetworks Scheduler”
\LocalServer32(Default) = ““C:\Program Files\Common Files\Real\Update_OB\realsched.exe” -autoplay” [“RealNetworks, Inc.”]
RPPlayCDAudioOnArrival\
“Provider” = “RealPlayer”
“InvokeProgID” = “RealPlayer.AudioCD.6”
“InvokeVerb” = “play”
HKCU\Software\Classes\RealPlayer.AudioCD.6\shell\play\command(Default) = "“C:\Program Files\Real\RealPlayer\realplay.exe” /play %1 " [“RealNetworks, Inc.”]
RPPlayDVDMovieOnArrival\
“Provider” = “RealPlayer”
“InvokeProgID” = “RealPlayer.DVD.6”
“InvokeVerb” = “play”
HKCU\Software\Classes\RealPlayer.DVD.6\shell\play\command(Default) = "“C:\Program Files\Real\RealPlayer\realplay.exe” /dvd %1 " [“RealNetworks, Inc.”]
RPPlayMediaOnArrival\
“Provider” = “RealPlayer”
“InvokeProgID” = “RealPlayer.AutoPlay.6”
“InvokeVerb” = “open”
HKCU\Software\Classes\RealPlayer.AutoPlay.6\shell\open\command(Default) = "“C:\Program Files\Real\RealPlayer\realplay.exe” /autoplay “%1"” [“RealNetworks, Inc.”]
Startup items in “agu” “All Users” startup folders:
C:\Documents and Settings\All Users\Menu Start\Programy\Autostart
“Microsoft Office” - shortcut to: “C:\Program Files\Microsoft Office\Office10\OSA.EXE -b -l” [MS]
“NETGEAR WPN111 Smart Wizard” - shortcut to: “C:\Program Files\NETGEAR\WPN111\wpn111.exe” [“NETGEAR”]
Winsock2 Service Provider DLLs:
Namespace Service Providers
HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS]
000000000002\LibraryPath = “%SystemRoot%\System32\winrnr.dll” [MS]
000000000003\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS]
Transport Service Providers
HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 19
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05
Toolbars, Explorer Bars, Extensions:
Toolbars
HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\
“{2318C2B1-4965-11D4-9B18-009027A5CD4F}”
\InProcServer32(Default) = “c:\program files\google\googletoolbar1.dll” [“Google Inc.”]
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
“{2318C2B1-4965-11D4-9B18-009027A5CD4F}”
\InProcServer32(Default) = “c:\program files\google\googletoolbar1.dll” [“Google Inc.”]
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\
“{2318C2B1-4965-11D4-9B18-009027A5CD4F}” = (no title provided)
\InProcServer32(Default) = “c:\program files\google\googletoolbar1.dll” [“Google Inc.”]
Extensions (Tools menu items, main toolbar menu buttons)
HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
“MenuText” = “Sun Java Console”
“CLSIDExtension” = “{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC}”
- {HKCU…CLSID} = “Java Plug-in 1.6.0_07”
\InProcServer32(Default) = “C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll” [“Sun Microsystems, Inc.”]
- {HKLM…CLSID} = “Java Plug-in 1.6.0_07”
\InProcServer32(Default) = “C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll” [“Sun Microsystems, Inc.”]
{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F}\
“ButtonText” = “Create Mobile Favorite”
“CLSIDExtension” = “{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F}”
- {HKLM…CLSID} = “Create Mobile Favorite”
\InProcServer32(Default) = “C:\PROGRA~1\MICROS~3\INetRepl.dll” [MS]
{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F}\
“MenuText” = “Utwórz Ulubione dla urządzenia przenośnego…”
“CLSIDExtension” = “{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F}”
- {HKLM…CLSID} = “Create Mobile Favorite”
\InProcServer32(Default) = “C:\PROGRA~1\MICROS~3\INetRepl.dll” [MS]
{77BF5300-1474-4EC7-9980-D32B190E9B07}\
“ButtonText” = “Skype”
“CLSIDExtension” = “{77BF5300-1474-4EC7-9980-D32B190E9B07}”
- {HKLM…CLSID} = “Skype add-on (button)”
\InProcServer32(Default) = “C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll” [“Skype Technologies S.A.”]
{FB5F1910-F110-11D2-BB9E-00C04F795683}\
“ButtonText” = “Messenger”
“MenuText” = “Windows Messenger”
“Exec” = “C:\Program Files\Messenger\msmsgs.exe” [MS]
Running Services (Display Name, Service Name, Path {Service DLL}):
AntiVir PersonalEdition Classic Guard, AntiVirService, ““C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe”” [“Avira GmbH”]
AntiVir PersonalEdition Classic Scheduler, AntiVirScheduler, ““C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe”” [“Avira GmbH”]
Cyberlink RichVideo Service(CRVS), RichVideo, ““C:\Program Files\CyberLink\Shared files\RichVideo.exe”” [empty string]
InCD Helper, InCDsrv, “C:\Program Files\Ahead\InCD\InCDsrv.exe” [“Ahead Software AG”]
Machine Debug Manager, MDM, ““C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe”” [MS]
Windows User Mode Driver Framework, UMWdf, “C:\WINDOWS\system32\wdfmgr.exe” [MS]
---------- (launch time: 2008-10-18 20:41:11)
-
This report excludes default entries except where indicated.
-
To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
- The search for DESKTOP.INI DLL launch points on all local fixed drives
took 63 seconds.
---------- (total run time: 193 seconds)