MRU List przy kazdym skanowaniu Ad-adware

Vampire · 1 Marzec 2007 17:04

Zawsze jak skanuję komputer Ad-Adware to nawet jak to robię kilka razy pod rząd to mi wyskakuje MRU list z 9cioma obiektami.

Co to takiego?

Dodatkowo, parę dni temu komputer samoczynnie się zresetował i pytał w jakim trybie uruchomic komputer. Zrobiłam skan i Spybot wykrył jakiegoś śmiecia z “keygen” w nazwie o rozszerzeniu .exe

Od tego czasu juz się nie restartuje, ale moe coś jeszcze zostało.

HijackThis 1.99

Logfile of HijackThis v1.99.1 Scan saved at 17:49:00, on 2007-03-01 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16414) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Panda Software\Panda Internet Security 2007\pavsrv51.exe C:\Program Files\Panda Software\Panda Internet Security 2007\AVENGINE.EXE C:\WINDOWS\system32\svchost.exe C:\Program Files\Panda Software\Panda Internet Security 2007\TPSrv.exe C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe c:\program files\panda software\panda internet security 2007\firewall\PNMSRV.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\cisvc.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe C:\WINDOWS\SYSTEM32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Panda Software\Panda Internet Security 2007\PavFnSvr.exe C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe C:\Program Files\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc.exe C:\Program Files\Panda Software\Panda Internet Security 2007\PsImSvc.exe C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\Program Files\PWN\Definicje\Bin\Starter.exe E:\Program Files\D-Tools\daemon.exe C:\Program Files\Panda Software\Panda Internet Security 2007\APVXDWIN.EXE D:\Program Files\Winamp\winampa.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\TGTSoft\StyleXP\StyleXP.exe E:\Program Files\CursorXP\CursorXP.exe E:\Program Files\Zinio\ZinioDeliveryManager.exe E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe E:\Program Files\WinZip\WZQKPICK.EXE D:\Program Files\Webshots\webshots.scr C:\Program Files\Panda Software\Panda Internet Security 2007\SRVLOAD.EXE c:\program files\panda software\panda internet security 2007\WebProxy.exe C:\WINDOWS\SYSTEM32\cidaemon.exe C:\WINDOWS\SYSTEM32\cidaemon.exe E:\Program Files\Wapster\AQQ\AQQ.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Skype\Plugin Manager\SkypePM.exe E:\Program Files\Vasilios Applications\TranspApps\task_bar\TransBar.exe E:\Program Files\Vasilios Applications\TranspApps\task_bar\TransBar.exe E:\Program Files\Vasilios Applications\TranspApps\task_bar\TransBar.exe E:\Program Files\Vasilios Applications\TranspApps\task_bar\TransBar.exe E:\Program Files\Vasilios Applications\TranspApps\task_bar\TransBar.exe E:\Program Files\Vasilios Applications\TranspApps\task_bar\TransBar.exe E:\Program Files\Vasilios Applications\TranspApps\task_bar\TransBar.exe E:\Program Files\Vasilios Applications\TranspApps\task_bar\TransBar.exe E:\Program Files\Vasilios Applications\TranspApps\task_bar\TransBar.exe C:\WINDOWS\explorer.exe E:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe D:\Program Files\Talisman 2\talisman.exe D:\Program Files\Talisman 2\ltaskbar.exe D:\Program Files\Opera\Opera.exe D:\Program Files\Talisman 2\plugins\lmenu.exe C:\Program Files\Panda Software\Panda Internet Security 2007\Upgrader.exe F:\Moje dokumenty\Windows+\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza F2 - REG:system.ini: Shell= O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - D:\PROGRA~1\FlashGet\Jccatch.dll O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll O4 - HKLM…\Run: [skrót do strony właściwości High Definition Audio] HDAudPropShortcut.exe O4 - HKLM…\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM…\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe O4 - HKLM…\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe O4 - HKLM…\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe O4 - HKLM…\Run: [DemonStarter] C:\Program Files\PWN\Definicje\Bin\Starter.exe O4 - HKLM…\Run: [DAEMON Tools-1033] “E:\Program Files\D-Tools\daemon.exe” -lang 1033 O4 - HKLM…\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM…\Run: [APVXDWIN] “C:\Program Files\Panda Software\Panda Internet Security 2007\APVXDWIN.EXE” /s O4 - HKLM…\Run: [sCANINICIO] “C:\Program Files\Panda Software\Panda Internet Security 2007\Inicio.exe” O4 - HKLM…\Run: [WinampAgent] D:\Program Files\Winamp\winampa.exe O4 - HKLM…\Run: [ATICCC] “C:\Program Files\ATI Technologies\ATI.ACE\cli.exe” runtime O4 - HKLM…\Run: [MsgCenterExe] “C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe” -osboot O4 - HKLM…\Run: [LogonStudio] “E:\Program Files\WinCustomize\LogonStudio\logonstudio.exe” /RANDOM O4 - HKLM…\Run: [Vistadrv] F:\Moje dokumenty\Windows+\Talisman II\VISTA\Vistadrive\Vistadrive\vsdrv.exe O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU…\Run: [sTYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide O4 - HKCU…\Run: [CursorXP] E:\Program Files\CursorXP\CursorXP.exe O4 - HKCU…\Run: [Zinio DLM] E:\Program Files\Zinio\ZinioDeliveryManager.exe /autostart O4 - HKCU…\Run: [spybotSD TeaTimer] E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU…\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: Webshots.lnk = D:\Program Files\Webshots\Launcher.exe O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe O4 - Global Startup: WinZip Quick Pick.lnk = E:\Program Files\WinZip\WZQKPICK.EXE O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://E:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~2\OFFICE12\EXCEL.EXE/3000 O8 - Extra context menu item: Web Rebates. - file://C:\Program Files\WebRebates4\websrebates\webtrebates\toprC0.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.1_02\bin\npjpi141_02.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.1_02\bin\npjpi141_02.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O11 - Options group: [iNTERNATIONAL] International* O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/rap … loader.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} - http://www.miniclip.com/supergerball/mi … Loader.dll O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda … 9054828807 O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game11.zylom.com/activex/zylomgamesplayer.cab O17 - HKLM\System\CCS\Services\Tcpip…{E84D536C-EE66-4332-BCCB-5528C8349933}: NameServer = 217.30.129.149,217.30.137.200 O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - “C:\PROGRA~1\MSNMES~1\msgrapp.dll” (file missing) O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: hpdj - Unknown owner - C:\DOCUME~1\ANIA\USTAWI~1\Temp\hpdj.exe (file missing) O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Program Files\Panda Software\Panda Internet Security 2007\PavFnSvr.exe O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Software\Panda Internet Security 2007\pavsrv51.exe O23 - Service: Panda Antispam Engine (pmshellsrv) - Panda Software International - C:\Program Files\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc.exe O23 - Service: Panda Network Manager (PNMSRV) - Panda Software International - c:\program files\panda software\panda internet security 2007\firewall\PNMSRV.EXE O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software - C:\Program Files\Panda Software\Panda Internet Security 2007\PsImSvc.exe O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe O23 - Service: Panda TPSrv (TPSrv) - Panda Software - C:\Program Files\Panda Software\Panda Internet Security 2007\TPSrv.exe

P.S. Jak uruchomic Silent Runners? Klikam dwa razy na ściągnięty plik vbs i nic się nie dzieje.

Gutek · 1 Marzec 2007 17:23

Wyłacz na moment SpybotSD TeaTimer

usuń wpisy HJT a folder ręcznie

Skan AVG Anti-Spyware 7.5 po update

Vampire · 2 Marzec 2007 14:25

Wpis usunęłam folderu WebRebates 4 nie ma na dysku :?

Natomiast AVG znalazł mi właśnie tego WebRebates, craagle (nie wiem skąd nawet :/) I coś o końcówce .zlob

oraz przy dwukrotynym skanowaniu pod rząd TrackingCookie.Adocean

Gutek · 2 Marzec 2007 16:54

Daj nowe logi + log z Silenta

Vampire · 2 Marzec 2007 17:52

Silenta za nic nie mogę uruchomic. Klikam dwa razy na plik i nic się nie dzieje

HijackThis:

Logfile of HijackThis v1.99.1

Scan saved at 18:37:00, on 2007-03-02

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16414)


Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\SYSTEM32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Panda Software\Panda Internet Security 2007\pavsrv51.exe

C:\Program Files\Panda Software\Panda Internet Security 2007\AVENGINE.EXE

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Panda Software\Panda Internet Security 2007\TPSrv.exe

C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

c:\program files\panda software\panda internet security 2007\firewall\PNMSRV.EXE

C:\WINDOWS\system32\spoolsv.exe

E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\WINDOWS\system32\cisvc.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\SYSTEM32\Ati2evxx.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\Explorer.EXE

C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe

C:\Program Files\Panda Software\Panda Internet Security 2007\PavFnSvr.exe

C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe

C:\Program Files\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc.exe

C:\Program Files\Panda Software\Panda Internet Security 2007\PsImSvc.exe

C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

C:\Program Files\PWN\Definicje\Bin\Starter.exe

E:\Program Files\D-Tools\daemon.exe

C:\Program Files\Panda Software\Panda Internet Security 2007\APVXDWIN.EXE

D:\Program Files\Winamp\winampa.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\TGTSoft\StyleXP\StyleXP.exe

E:\Program Files\CursorXP\CursorXP.exe

E:\Program Files\Zinio\ZinioDeliveryManager.exe

E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\Windows Media Player\WMPNSCFG.exe

C:\Program Files\Panda Software\Panda Internet Security 2007\SRVLOAD.EXE

c:\program files\panda software\panda internet security 2007\WebProxy.exe

C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe

E:\Program Files\WinZip\WZQKPICK.EXE

D:\Program Files\Webshots\webshots.scr

C:\WINDOWS\SYSTEM32\cidaemon.exe

C:\WINDOWS\SYSTEM32\cidaemon.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Skype\Plugin Manager\SkypePM.exe

E:\Program Files\Wapster\AQQ\AQQ.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Panda Software\Panda Internet Security 2007\psimreal.exe

D:\Program Files\Talisman 2\talisman.exe

D:\Program Files\Talisman 2\ltaskbar.exe

D:\Program Files\Talisman 2\plugins\lmenu.exe

D:\Program Files\Opera\Opera.exe

E:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32Info.exe

F:\Moje dokumenty\Windows+\HijackThis.exe


R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

F2 - REG:system.ini: Shell=

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - D:\PROGRA~1\FlashGet\Jccatch.dll

O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll

O4 - HKLM\..\Run: [Skrót do strony właściwości High Definition Audio] HDAudPropShortcut.exe

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe

O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

O4 - HKLM\..\Run: [DemonStarter] C:\Program Files\PWN\Definicje\Bin\Starter.exe

O4 - HKLM\..\Run: [DAEMON Tools-1033] "E:\Program Files\D-Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Internet Security 2007\APVXDWIN.EXE" /s

O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Software\Panda Internet Security 2007\Inicio.exe"

O4 - HKLM\..\Run: [WinampAgent] D:\Program Files\Winamp\winampa.exe

O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime

O4 - HKLM\..\Run: [MsgCenterExe] "C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe" -osboot

O4 - HKLM\..\Run: [LogonStudio] "E:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM

O4 - HKLM\..\Run: [Vistadrv] F:\Moje dokumenty\Windows+\Talisman II\VISTA\Vistadrive\Vistadrive\vsdrv.exe

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide

O4 - HKCU\..\Run: [CursorXP] E:\Program Files\CursorXP\CursorXP.exe

O4 - HKCU\..\Run: [Zinio DLM] E:\Program Files\Zinio\ZinioDeliveryManager.exe /autostart

O4 - HKCU\..\Run: [SpybotSD TeaTimer] E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Startup: Webshots.lnk = D:\Program Files\Webshots\Launcher.exe

O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe

O4 - Global Startup: WinZip Quick Pick.lnk = E:\Program Files\WinZip\WZQKPICK.EXE

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://E:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~2\OFFICE12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.1_02\bin\npjpi141_02.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.1_02\bin\npjpi141_02.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL

O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O11 - Options group: [INTERNATIONAL] International*

O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/raptisoftgameloader.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1129054828807

O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game11.zylom.com/activex/zylomgamesplayer.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{E84D536C-EE66-4332-BCCB-5528C8349933}: NameServer = 217.30.129.149,217.30.137.200

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: hpdj - Unknown owner - C:\DOCUME~1\ANIA\USTAWI~1\Temp\hpdj.exe (file missing)

O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Program Files\Panda Software\Panda Internet Security 2007\PavFnSvr.exe

O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe

O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Software\Panda Internet Security 2007\pavsrv51.exe

O23 - Service: Panda Antispam Engine (pmshellsrv) - Panda Software International - C:\Program Files\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc.exe

O23 - Service: Panda Network Manager (PNMSRV) - Panda Software International - c:\program files\panda software\panda internet security 2007\firewall\PNMSRV.EXE

O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software - C:\Program Files\Panda Software\Panda Internet Security 2007\PsImSvc.exe

O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

O23 - Service: Panda TPSrv (TPSrv) - Panda Software - C:\Program Files\Panda Software\Panda Internet Security 2007\TPSrv.exe

adam9870 · 2 Marzec 2007 17:56

Na czas wykonania czynności opisanych poniżej wyłącz SpybotSD TeaTimer.

Start => uruchom => wpisz cmd i kliknij OK => w konsoli, która się otworzy wpisz:

Użyj progrmu ATF Cleaner i przeczyść Current User Temp oraz All Users Temp.

Usuń wpisy HJT.

Poczytaj opis silenta - http://www.searchengines.pl/phpbb203/in … opic=15989

Vampire · 2 Marzec 2007 18:38

HijackThis:

Logfile of HijackThis v1.99.1 Scan saved at 19:34:10, on 2007-03-02 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16414) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Panda Software\Panda Internet Security 2007\pavsrv51.exe C:\Program Files\Panda Software\Panda Internet Security 2007\AVENGINE.EXE C:\WINDOWS\system32\svchost.exe C:\Program Files\Panda Software\Panda Internet Security 2007\TPSrv.exe C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe c:\program files\panda software\panda internet security 2007\firewall\PNMSRV.EXE C:\WINDOWS\system32\spoolsv.exe E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\system32\cisvc.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\SYSTEM32\Ati2evxx.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\Explorer.EXE C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe C:\Program Files\Panda Software\Panda Internet Security 2007\PavFnSvr.exe C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe C:\Program Files\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc.exe C:\Program Files\Panda Software\Panda Internet Security 2007\PsImSvc.exe C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\Program Files\PWN\Definicje\Bin\Starter.exe E:\Program Files\D-Tools\daemon.exe C:\Program Files\Panda Software\Panda Internet Security 2007\APVXDWIN.EXE D:\Program Files\Winamp\winampa.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\TGTSoft\StyleXP\StyleXP.exe E:\Program Files\CursorXP\CursorXP.exe E:\Program Files\Zinio\ZinioDeliveryManager.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\Panda Software\Panda Internet Security 2007\SRVLOAD.EXE c:\program files\panda software\panda internet security 2007\WebProxy.exe C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe E:\Program Files\WinZip\WZQKPICK.EXE D:\Program Files\Webshots\webshots.scr C:\WINDOWS\SYSTEM32\cidaemon.exe C:\WINDOWS\SYSTEM32\cidaemon.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Skype\Plugin Manager\SkypePM.exe E:\Program Files\Wapster\AQQ\AQQ.exe C:\WINDOWS\explorer.exe D:\Program Files\Opera\Opera.exe C:\Program Files\Panda Software\Panda Internet Security 2007\psimreal.exe F:\Moje dokumenty\Windows+\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza F2 - REG:system.ini: Shell= O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - D:\PROGRA~1\FlashGet\Jccatch.dll O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll O4 - HKLM…\Run: [skrót do strony właściwości High Definition Audio] HDAudPropShortcut.exe O4 - HKLM…\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM…\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe O4 - HKLM…\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe O4 - HKLM…\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe O4 - HKLM…\Run: [DemonStarter] C:\Program Files\PWN\Definicje\Bin\Starter.exe O4 - HKLM…\Run: [DAEMON Tools-1033] “E:\Program Files\D-Tools\daemon.exe” -lang 1033 O4 - HKLM…\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM…\Run: [APVXDWIN] “C:\Program Files\Panda Software\Panda Internet Security 2007\APVXDWIN.EXE” /s O4 - HKLM…\Run: [sCANINICIO] “C:\Program Files\Panda Software\Panda Internet Security 2007\Inicio.exe” O4 - HKLM…\Run: [WinampAgent] D:\Program Files\Winamp\winampa.exe O4 - HKLM…\Run: [ATICCC] “C:\Program Files\ATI Technologies\ATI.ACE\cli.exe” runtime O4 - HKLM…\Run: [MsgCenterExe] “C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe” -osboot O4 - HKLM…\Run: [LogonStudio] “E:\Program Files\WinCustomize\LogonStudio\logonstudio.exe” /RANDOM O4 - HKLM…\Run: [Vistadrv] F:\Moje dokumenty\Windows+\Talisman II\VISTA\Vistadrive\Vistadrive\vsdrv.exe O4 - HKLM…\Run: [!AVG Anti-Spyware] “E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe” /minimized O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU…\Run: [sTYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide O4 - HKCU…\Run: [CursorXP] E:\Program Files\CursorXP\CursorXP.exe O4 - HKCU…\Run: [Zinio DLM] E:\Program Files\Zinio\ZinioDeliveryManager.exe /autostart O4 - HKCU…\Run: [spybotSD TeaTimer] E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU…\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: Webshots.lnk = D:\Program Files\Webshots\Launcher.exe O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe O4 - Global Startup: WinZip Quick Pick.lnk = E:\Program Files\WinZip\WZQKPICK.EXE O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://E:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~2\OFFICE12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.1_02\bin\npjpi141_02.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.1_02\bin\npjpi141_02.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O11 - Options group: [iNTERNATIONAL] International* O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/rap … loader.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda … 9054828807 O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game11.zylom.com/activex/zylomgamesplayer.cab O17 - HKLM\System\CCS\Services\Tcpip…{E84D536C-EE66-4332-BCCB-5528C8349933}: NameServer = 217.30.129.149,217.30.137.200 O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - “C:\PROGRA~1\MSNMES~1\msgrapp.dll” (file missing) O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Program Files\Panda Software\Panda Internet Security 2007\PavFnSvr.exe O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Software\Panda Internet Security 2007\pavsrv51.exe O23 - Service: Panda Antispam Engine (pmshellsrv) - Panda Software International - C:\Program Files\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc.exe O23 - Service: Panda Network Manager (PNMSRV) - Panda Software International - c:\program files\panda software\panda internet security 2007\firewall\PNMSRV.EXE O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software - C:\Program Files\Panda Software\Panda Internet Security 2007\PsImSvc.exe O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe O23 - Service: Panda TPSrv (TPSrv) - Panda Software - C:\Program Files\Panda Software\Panda Internet Security 2007\TPSrv.exe

Usuwałam

F2 - REG:system.ini: Shell=

ale ciągle się odnawia

SilentRunners:

“Silent Runners.vbs”, revision R50, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by “{++}” Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “CTFMON.EXE” = “C:\WINDOWS\system32\ctfmon.exe” [MS] “STYLEXP” = “C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide” [empty string] “CursorXP” = “E:\Program Files\CursorXP\CursorXP.exe” [" "] “Zinio DLM” = “E:\Program Files\Zinio\ZinioDeliveryManager.exe /autostart” [“Zinio Systems, Inc.”] “SpybotSD TeaTimer” = “E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe” [“Safer Networking Limited”] “WMPNSCFG” = “C:\Program Files\Windows Media Player\WMPNSCFG.exe” [MS] HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “Skrót do strony właściwości High Definition Audio” = “HDAudPropShortcut.exe” [“Windows ® Server 2003 DDK provider”] “ATIPTA” = “C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe” [“ATI Technologies, Inc.”] “HP Software Update” = “C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe” [“Hewlett-Packard Co.”] “HPDJ Taskbar Utility” = “C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe” [“HP”] “DeviceDiscovery” = “C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe” [“Hewlett-Packard”] “DemonStarter” = “C:\Program Files\PWN\Definicje\Bin\Starter.exe” [null data] “DAEMON Tools-1033” = ““E:\Program Files\D-Tools\daemon.exe” -lang 1033” [“DAEMON’S HOME”] “NeroCheck” = “C:\WINDOWS\system32\NeroCheck.exe” [“Ahead Software Gmbh”] “APVXDWIN” = ““C:\Program Files\Panda Software\Panda Internet Security 2007\APVXDWIN.EXE” /s” [“Panda Software International”] “SCANINICIO” = ““C:\Program Files\Panda Software\Panda Internet Security 2007\Inicio.exe”” [“Panda Software International”] “WinampAgent” = “D:\Program Files\Winamp\winampa.exe” [null data] “ATICCC” = ““C:\Program Files\ATI Technologies\ATI.ACE\cli.exe” runtime” [null data] “MsgCenterExe” = ““C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe” -osboot” [file not found] “LogonStudio” = ““E:\Program Files\WinCustomize\LogonStudio\logonstudio.exe” /RANDOM” [“Stardock and Luca Saggese”] “Vistadrv” = “F:\Moje dokumenty\Windows+\Talisman II\VISTA\Vistadrive\Vistadrive\vsdrv.exe” [file not found] “!AVG Anti-Spyware” = ““E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe” /minimized” [“Anti-Malware Development a.s.”] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided) -> {HKLM…CLSID} = “AcroIEHlprObj Class” \InProcServer32(Default) = “E:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll” [“Adobe Systems Incorporated”] {22BF413B-C6D2-4d91-82A9-A0F997BA588C}(Default) = “Skype add-on (mastermind)” -> {HKLM…CLSID} = “Skype add-on (mastermind)” \InProcServer32(Default) = “C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL” [“Skype Technologies S.A.”] {53707962-6F74-2D53-2644-206D7942484F}(Default) = (no title provided) -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “E:\PROGRA~1\SPYBOT~1\SDHelper.dll” [“Safer Networking Limited”] {A5366673-E8CA-11D3-9CD9-0090271D075B}(Default) = (no title provided) -> {HKLM…CLSID} = “IeCatch2 Class” \InProcServer32(Default) = “D:\PROGRA~1\FlashGet\Jccatch.dll” [“Amaze Soft”] {C333CF63-767F-4831-94AC-E683D962C63C}(Default) = “TGTSoft Explorer Toolbar Changer” -> {HKLM…CLSID} = “CoTGT_BHO Class” \InProcServer32(Default) = “C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll” [null data] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ “{42071714-76d4-11d1-8b24-00a0c9068ff3}” = “Rozszerzenie CPL kadrowania wyświetlania” -> {HKLM…CLSID} = “Rozszerzenie CPL kadrowania wyświetlania” \InProcServer32(Default) = “deskpan.dll” [file not found] “{88895560-9AA2-1069-930E-00AA0030EBC8}” = “Rozszerzenie ikony HyperTerminalu” -> {HKLM…CLSID} = “HyperTerminal Icon Ext” \InProcServer32(Default) = “C:\WINDOWS\system32\hticons.dll” [“Hilgraeve, Inc.”] “{FF393560-C2A7-11CF-BFF4-444553540000}” = “History” -> {HKCU…CLSID} = “History” \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] “{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}” = “The Internet” -> {HKCU…CLSID} = “The Internet” \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] “{88C6C381-2E85-11D0-94DE-444553540000}” = “ActiveX Cache Folder” -> {HKCU…CLSID} = “ActiveX Cache Folder” \InProcServer32(Default) = “C:\WINDOWS\system32\occache.dll” [MS] “{F5175861-2688-11d0-9C5E-00AA00A45957}” = “Subscription Folder” -> {HKCU…CLSID} = “Subscription Folder” \InProcServer32(Default) = “C:\WINDOWS\system32\webcheck.dll” [MS] “{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}” = “iTunes” -> {HKLM…CLSID} = “iTunes” \InProcServer32(Default) = “E:\Program Files\iTunes\iTunesMiniPlayer.dll” [“Apple Computer, Inc.”] “{4CCEFB41-18FA-11D3-9EF3-00A0C9E897FD}” = “Skladnik rozszerzenia powloki CorelDRAW” -> {HKLM…CLSID} = “CorelDRAW Shell Extension Component” \InProcServer32(Default) = “E:\Program Files\Corel\Corel Graphics 11\DRAW\CDRVIEWER\CrlShell110.dll” [null data] “{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}” = “OpenOffice.org Column Handler” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = ““C:\Program Files\OpenOffice.ux.pl 2.0.1\program\shlxthdl.dll”” [“Sun Microsystems, Inc.”] “{087B3AE3-E237-4467-B8DB-5A38AB959AC9}” = “OpenOffice.org Infotip Handler” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = ““C:\Program Files\OpenOffice.ux.pl 2.0.1\program\shlxthdl.dll”” [“Sun Microsystems, Inc.”] “{63542C48-9552-494A-84F7-73AA6A7C99C1}” = “OpenOffice.org Property Sheet Handler” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = ““C:\Program Files\OpenOffice.ux.pl 2.0.1\program\shlxthdl.dll”” [“Sun Microsystems, Inc.”] “{3B092F0C-7696-40E3-A80F-68D74DA84210}” = “OpenOffice.org Thumbnail Viewer” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = ““C:\Program Files\OpenOffice.ux.pl 2.0.1\program\shlxthdl.dll”” [“Sun Microsystems, Inc.”] “{00020D75-0000-0000-C000-000000000046}” = “Microsoft Office Outlook Desktop Icon Handler” -> {HKLM…CLSID} = “Microsoft Office Outlook” \InProcServer32(Default) = “E:\PROGRA~1\MICROS~1\OFFICE11\MLSHEXT.DLL” [MS] “{0006F045-0000-0000-C000-000000000046}” = “Microsoft Office Outlook Custom Icon Handler” -> {HKLM…CLSID} = “Rozszerzenie ikon plików programu Outlook” \InProcServer32(Default) = “E:\PROGRA~1\MICROS~1\OFFICE11\OLKFSTUB.DLL” [MS] “{42042206-2D85-11D3-8CFF-005004838597}” = “Microsoft Office HTML Icon Handler” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “E:\Program Files\Microsoft Office2007\OFFICE12\msohev.dll” [MS] “{506F4668-F13E-4AA1-BB04-B43203AB3CC0}” = “{506F4668-F13E-4AA1-BB04-B43203AB3CC0}” -> {HKLM…CLSID} = “ImageExtractorShellExt Class” \InProcServer32(Default) = “E:\Program Files\Microsoft Office\Visio11\VISSHE.DLL” [null data] “{D66DC78C-4F61-447F-942B-3FB6980118CF}” = “{D66DC78C-4F61-447F-942B-3FB6980118CF}” -> {HKLM…CLSID} = “CInfoTipShellExt Class” \InProcServer32(Default) = “E:\Program Files\Microsoft Office\Visio11\VISSHE.DLL” [null data] “{993BE281-6695-4BA5-8A2A-7AACBFAAB69E}” = “Microsoft Office Metadata Handler” -> {HKLM…CLSID} = “Microsoft Office Metadata Handler” \InProcServer32(Default) = “C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll” [MS] “{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97}” = “Microsoft Office Thumbnail Handler” -> {HKLM…CLSID} = “Microsoft Office Thumbnail Handler” \InProcServer32(Default) = “C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll” [MS] “{AC0B5D2E-B691-4E12-A4F9-CA88492579A2}” = “Zinio Shell Extension” -> {HKLM…CLSID} = “Zinio Magazine” \InProcServer32(Default) = “C:\Program Files\Common Files\Zinio\ZShext.dll” [“Zinio Systems, Inc.”] “{A9AACA72-1C51-4F84-804D-90EDBA0D58F4}” = “Zinio Magazine Column Provider” -> {HKLM…CLSID} = “MyMagazinesColumn Class” \InProcServer32(Default) = “C:\Program Files\Common Files\Zinio\ZShext.dll” [“Zinio Systems, Inc.”] “{32A9D769-5B55-4a25-9A62-86B5683FE50A}” = “NikonView Drop Extension” -> {HKLM…CLSID} = “NikonView Drop Extension” \InProcServer32(Default) = “E:\Program Files\Nikon\NkView6\NkvDropExt.dll” [“Nikon Corporation”] “{4ADF8C01-0AC7-4403-888C-012E6EA2F67E}” = “Sims2Pack Clean Installer Shell Extension” -> {HKLM…CLSID} = “S2PCISE.S2PCISE” \InProcServer32(Default) = “mscoree.dll” [MS] “{DEE12703-6333-4D4E-8F34-738C4DCC2E04}” = “RecordNow! SendToExt” -> {HKLM…CLSID} = “RecordNow! SendToExt” \InProcServer32(Default) = “D:\Program Files\Roxio\RecordNow!\shlext.dll” [null data] “{E91B2703-013E-4A99-AD33-2B6FB00AA356}” = “RecordNow! ContextMenuExt” -> {HKLM…CLSID} = “RecordNow! ContextMenuExt” \InProcServer32(Default) = “D:\Program Files\Roxio\RecordNow!\shlext.dll” [null data] “{A5110426-177D-4e08-AB3F-785F10B4439C}” = “Sony Ericsson File Manager” -> {HKLM…CLSID} = “Sony Ericsson File Manager” \InProcServer32(Default) = “C:\Program Files\Sony Ericsson\Mobile2\File Manager\fmgrgui.dll” [“Sony Ericsson Mobile Communications AB”] “{65756541-C65C-11CD-0000-4B656E696100}” = “Panda Antivirus” -> {HKLM…CLSID} = “Panda Antivirus” \InProcServer32(Default) = “C:\Program Files\Panda Software\Panda Internet Security 2007\PAVOLE.DLL” [“Panda Software”] “{5E2121EE-0300-11D4-8D3B-444553540000}” = “Catalyst Context Menu extension” -> {HKLM…CLSID} = “SimpleShlExt Class” \InProcServer32(Default) = “C:\Program Files\ATI Technologies\ATI.ACE\atiacmxx.dll” [empty string] “{E0D79304-84BE-11CE-9641-444553540000}” = “WinZip” -> {HKLM…CLSID} = “WinZip” \InProcServer32(Default) = “E:\PROGRA~1\WINZIP\WZSHLSTB.DLL” [“WinZip Computing LP”] “{E0D79305-84BE-11CE-9641-444553540000}” = “WinZip” -> {HKLM…CLSID} = “WinZip” \InProcServer32(Default) = “E:\PROGRA~1\WINZIP\WZSHLSTB.DLL” [“WinZip Computing LP”] “{E0D79306-84BE-11CE-9641-444553540000}” = “WinZip” -> {HKLM…CLSID} = “WinZip” \InProcServer32(Default) = “E:\PROGRA~1\WINZIP\WZSHLSTB.DLL” [“WinZip Computing LP”] “{E0D79307-84BE-11CE-9641-444553540000}” = “WinZip” -> {HKLM…CLSID} = “WinZip” \InProcServer32(Default) = “E:\PROGRA~1\WINZIP\WZSHLSTB.DLL” [“WinZip Computing LP”] “{453D1B6D-BD6A-4FA1-B876-9E4DD848D434}” = “AQQ File Transfer Shell Extension” -> {HKLM…CLSID} = “AQQ File Transfer Shell Extension” \InProcServer32(Default) = “E:\PROGRA~1\Wapster\AQQ\System\AQQSHE~1.DLL” [null data] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\ <> “{57B86673-276A-48B2-BAE7-C6DBB3020EB8}” = “AVG Anti-Spyware 7.5” -> {HKLM…CLSID} = “CShellExecuteHookImpl Object” \InProcServer32(Default) = “E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll” [“Anti-Malware Development a.s.”] HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ “WPDShServiceObj” = “{AAA288BA-9A4C-45B0-95D7-94D524869DB5}” -> {HKLM…CLSID} = “WPDShServiceObj Class” \InProcServer32(Default) = “C:\WINDOWS\system32\WPDShServiceObj.dll” [MS] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ <> AtiExtEvent\DLLName = “Ati2evxx.dll” [“ATI Technologies Inc.”] <> avldr\DLLName = “avldr.dll” [“Panda Software”] HKLM\Software\Classes\PROTOCOLS\Filter\ <> text/xml\CLSID = “{807553E5-5146-11D5-A672-00B0D022E945}” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL” [MS] HKLM\Software\Classes\Folder\shellex\ColumnHandlers\ {A9AACA72-1C51-4F84-804D-90EDBA0D58F4}(Default) = “Zinio Magazine Column Provider” -> {HKLM…CLSID} = “MyMagazinesColumn Class” \InProcServer32(Default) = “C:\Program Files\Common Files\Zinio\ZShext.dll” [“Zinio Systems, Inc.”] {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}(Default) = “OpenOffice.org Column Handler” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = ““C:\Program Files\OpenOffice.ux.pl 2.0.1\program\shlxthdl.dll”” [“Sun Microsystems, Inc.”] {F9DB5320-233E-11D1-9F84-707F02C10627}(Default) = “PDF Column Info” -> {HKLM…CLSID} = “PDF Shell Extension” \InProcServer32(Default) = “E:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll” [“Adobe Systems, Inc.”] HKLM\Software\Classes*\shellex\ContextMenuHandlers\ AQQFileTransfer(Default) = “{453D1B6D-BD6A-4FA1-B876-9E4DD848D434}” -> {HKLM…CLSID} = “AQQ File Transfer Shell Extension” \InProcServer32(Default) = “E:\PROGRA~1\Wapster\AQQ\System\AQQSHE~1.DLL” [null data] AVG Anti-Spyware(Default) = “{8934FCEF-F5B8-468f-951F-78A921CD3920}” -> {HKLM…CLSID} = “CContextScan Object” \InProcServer32(Default) = “E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll” [“Anti-Malware Development a.s.”] Panda Antivirus(Default) = “{65756541-C65C-11CD-0000-4B656E696100}” -> {HKLM…CLSID} = “Panda Antivirus” \InProcServer32(Default) = “C:\Program Files\Panda Software\Panda Internet Security 2007\PAVOLE.DLL” [“Panda Software”] WinZip(Default) = “{E0D79304-84BE-11CE-9641-444553540000}” -> {HKLM…CLSID} = “WinZip” \InProcServer32(Default) = “E:\PROGRA~1\WINZIP\WZSHLSTB.DLL” [“WinZip Computing LP”] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ AVG Anti-Spyware(Default) = “{8934FCEF-F5B8-468f-951F-78A921CD3920}” -> {HKLM…CLSID} = “CContextScan Object” \InProcServer32(Default) = “E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll” [“Anti-Malware Development a.s.”] WinZip(Default) = “{E0D79304-84BE-11CE-9641-444553540000}” -> {HKLM…CLSID} = “WinZip” \InProcServer32(Default) = “E:\PROGRA~1\WINZIP\WZSHLSTB.DLL” [“WinZip Computing LP”] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ Panda Antivirus(Default) = “{65756541-C65C-11CD-0000-4B656E696100}” -> {HKLM…CLSID} = “Panda Antivirus” \InProcServer32(Default) = “C:\Program Files\Panda Software\Panda Internet Security 2007\PAVOLE.DLL” [“Panda Software”] S2PCI(Default) = “{4ADF8C01-0AC7-4403-888C-012E6EA2F67E}” -> {HKLM…CLSID} = “S2PCISE.S2PCISE” \InProcServer32(Default) = “mscoree.dll” [MS] WinZip(Default) = “{E0D79304-84BE-11CE-9641-444553540000}” -> {HKLM…CLSID} = “WinZip” \InProcServer32(Default) = “E:\PROGRA~1\WINZIP\WZSHLSTB.DLL” [“WinZip Computing LP”] Default executables: -------------------- HKCU\Software\Classes.bat(Default) = (value not set) HKCU\Software\Classes.cmd(Default) = (value not set) HKCU\Software\Classes.com(Default) = “comfile” HKCU\Software\Classes.exe(Default) = “exefile” HKCU\Software\Classes.hta(Default) = “htafile” Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\ “DisableRegistryTools” = (REG_DWORD) hex:0x00000000 {User Configuration|Administrative Templates|System| Prevent access to registry editing tools} HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\ “shutdownwithoutlogon” = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Shutdown: Allow system to be shut down without having to log on} “undockwithoutlogon” = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Devices: Allow undock without having to log on} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ “Wallpaper” = “C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp” Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ “Wallpaper” = “C:\Documents and Settings\ANIA\Dane aplikacji\Webshots\The Webshots Desktop\Webshots Wallpaper.bmp” DESKTOP.INI DLL launch in local fixed drive directories: -------------------------------------------------------- C:\Documents and Settings\ANIA\Ustawienia lokalne\Historia\DESKTOP.INI [.ShellClassInfo] CLSID={FF393560-C2A7-11CF-BFF4-444553540000} -> {HKCU…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\Documents and Settings\ANIA\Ustawienia lokalne\Historia\History.IE5\DESKTOP.INI [.ShellClassInfo] CLSID={FF393560-C2A7-11CF-BFF4-444553540000} -> {HKCU…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\Documents and Settings\Default User\Ustawienia lokalne\Historia\DESKTOP.INI [.ShellClassInfo] CLSID={FF393560-C2A7-11CF-BFF4-444553540000} -> {HKCU…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\Documents and Settings\Default User\Ustawienia lokalne\Historia\History.IE5\DESKTOP.INI [.ShellClassInfo] CLSID={FF393560-C2A7-11CF-BFF4-444553540000} -> {HKCU…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\Documents and Settings\LocalService\Ustawienia lokalne\Historia\DESKTOP.INI [.ShellClassInfo] CLSID={FF393560-C2A7-11CF-BFF4-444553540000} -> {HKCU…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\Documents and Settings\LocalService\Ustawienia lokalne\Historia\History.IE5\DESKTOP.INI [.ShellClassInfo] CLSID={FF393560-C2A7-11CF-BFF4-444553540000} -> {HKCU…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\Documents and Settings\NetworkService\Ustawienia lokalne\Historia\History.IE5\DESKTOP.INI [.ShellClassInfo] CLSID={FF393560-C2A7-11CF-BFF4-444553540000} -> {HKCU…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\WINDOWS\Downloaded Program Files\DESKTOP.INI [.ShellClassInfo] CLSID={88C6C381-2E85-11d0-94DE-444553540000} -> {HKCU…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\occache.dll” [MS] C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Historia\DESKTOP.INI [.ShellClassInfo] CLSID={FF393560-C2A7-11CF-BFF4-444553540000} -> {HKCU…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\DESKTOP.INI [.ShellClassInfo] CLSID={FF393560-C2A7-11CF-BFF4-444553540000} -> {HKCU…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] Startup items in “ANIA” & “All Users” startup folders: ------------------------------------------------------ C:\Documents and Settings\ANIA\Menu Start\Programy\Autostart “Adobe Gamma” -> shortcut to: “C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe” [“Adobe Systems, Inc.”] “Webshots” -> shortcut to: “D:\Program Files\Webshots\Launcher.exe /t” [null data] C:\Documents and Settings\All Users\Menu Start\Programy\Autostart “ATI CATALYST System Tray” -> shortcut to: “C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe SystemTray” [null data] “WinZip Quick Pick” -> shortcut to: “E:\Program Files\WinZip\WZQKPICK.EXE” [“WinZip Computing LP”] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] 000000000002\LibraryPath = “%SystemRoot%\System32\winrnr.dll” [MS] 000000000003\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: c:\program files\panda software\panda internet security 2007\pavlsp.dll [“Panda Software International”], 01 - 03, 20 %SystemRoot%\system32\mswsock.dll [MS], 04 - 07, 10 - 19 %SystemRoot%\system32\rsvpsp.dll [MS], 08 - 09 Toolbars, Explorer Bars, Extensions: ------------------------------------ Explorer Bars HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\ HKLM\Software\Classes\CLSID{FF059E31-CC5A-4E2E-BF3B-96E929D65503}(Default) = “&Badanie” Implemented Categories{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32(Default) = “E:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL” [MS] Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ “MenuText” = “Sun Java Console” “CLSIDExtension” = “{08B0E5C0-4FCB-11CF-AAA5-00401C608501}” {77BF5300-1474-4EC7-9980-D32B190E9B07}\ “ButtonText” = “Skype” “CLSIDExtension” = “{77BF5300-1474-4EC7-9980-D32B190E9B07}” -> {HKLM…CLSID} = “Skype add-on (button)” \InProcServer32(Default) = “C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL” [“Skype Technologies S.A.”] {92780B25-18CC-41C8-B9BE-3C9C571A8263}\ “ButtonText” = “Badanie” {E2E2DD38-D088-4134-82B7-F2BA38496583}\ “MenuText” = “@xpsp3res.dll,-20001” “Exec” = “%windir%\Network Diagnostic\xpnetdiag.exe” [MS] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ Ati HotKey Poller, Ati HotKey Poller, “C:\WINDOWS\system32\Ati2evxx.exe” [“ATI Technologies Inc.”] AVG Anti-Spyware Guard, AVG Anti-Spyware Guard, “E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe” [“Anti-Malware Development a.s.”] Machine Debug Manager, MDM, ““C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE”” [MS] MSSQL$MICROSOFTBCM, MSSQL$MICROSOFTBCM, “C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe -sMICROSOFTBCM” [MS] Panda anti-virus service, PAVSRV, ““C:\Program Files\Panda Software\Panda Internet Security 2007\pavsrv51.exe”” [“Panda Software International”] Panda Antispam Engine, pmshellsrv, “C:\Program Files\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc.exe” [“Panda Software International”] Panda Function Service, PAVFNSVR, ““C:\Program Files\Panda Software\Panda Internet Security 2007\PavFnSvr.exe”” [“Panda Software International”] Panda IManager Service, PSIMSVC, ““C:\Program Files\Panda Software\Panda Internet Security 2007\PsImSvc.exe”” [“Panda Software”] Panda Network Manager, PNMSRV, ““c:\program files\panda software\panda internet security 2007\firewall\PNMSRV.EXE”” [“Panda Software International”] Panda Process Protection Service, PavPrSrv, ““C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe”” [“Panda Software”] Panda TPSrv, TPSrv, ““C:\Program Files\Panda Software\Panda Internet Security 2007\TPSrv.exe”” [“Panda Software”] StyleXPService, StyleXPService, ““C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe”” [empty string] Usługa udostępniania w sieci programu Windows Media Player, WMPNetworkSvc, ““C:\Program Files\Windows Media Player\WMPNetwk.exe”” [MS] Print Monitors: --------------- HKLM\System\CurrentControlSet\Control\Print\Monitors\ hpzsnt08\Driver = “hpzsnt08.dll” [“HP”] Microsoft Document Imaging Writer Monitor\Driver = “mdimon.dll” [MS] PDF-XChange\Driver = “pxc25pm.dll” [“Tracker Software”] ---------- <>: Suspicious data at a malware launch point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + The search for DESKTOP.INI DLL launch points on all local fixed drives took 159 seconds. ---------- (total run time: 345 seconds)

Gutek · 2 Marzec 2007 19:34

Nie usuniesz wpisu jak masz włączony SpybotSD TeaTimer - wyłącz i usuń wpis HJT:

Użyj UnHookExec.inf - który odblokuje uruchamianie exe. Po ściągnięciu pliku UnHookExec.inf na dysk należy kliknąć na niego prawym i wybrać opcję Instaluj. Nic się nie pokaże bo to nie jest żadna instalacja.

Vampire · 2 Marzec 2007 20:23

Ale ja wyłączam tego TeaTimera i mimo tego nie mogę wywalic wpisu.

adam9870 · 2 Marzec 2007 21:12

Spróbuj otworzyć Notatnik i wkleić w nim to:

Plik >>> Zapisz jako >>> Zmień rozszerzenie z TXT na Wszystkie pliki >>> Zapisz pod nazwą FIX.REG >>> kliknij dwa razy na utworzony plik FIX.REG i potwierdź dodanie do rejestru >>> restart.

Jeśli potem w hijacku będzie taki wpis:

To go usuń.

Wszystko oczywiście robisz przy wyłączonym TeaTimerze Spybota.

Gutek · 2 Marzec 2007 21:12

Jak wyłączyłeś jak jest wpis - O4 - HKCU…\Run: [spybotSD TeaTimer] E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

Vampire · 3 Marzec 2007 09:24

Dobra, jakoś się udało. Nowe logi:

HijackThis:

Logfile of HijackThis v1.99.1 Scan saved at 10:16:24, on 2007-03-03 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16414) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Panda Software\Panda Internet Security 2007\pavsrv51.exe C:\Program Files\Panda Software\Panda Internet Security 2007\AVENGINE.EXE C:\WINDOWS\system32\svchost.exe C:\Program Files\Panda Software\Panda Internet Security 2007\TPSrv.exe C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe c:\program files\panda software\panda internet security 2007\firewall\PNMSRV.EXE C:\WINDOWS\system32\spoolsv.exe E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\system32\cisvc.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\SYSTEM32\Ati2evxx.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\Explorer.EXE C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe C:\Program Files\Panda Software\Panda Internet Security 2007\PavFnSvr.exe C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe C:\Program Files\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc.exe C:\Program Files\Panda Software\Panda Internet Security 2007\PsImSvc.exe C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe E:\Program Files\D-Tools\daemon.exe C:\Program Files\Panda Software\Panda Internet Security 2007\APVXDWIN.EXE D:\Program Files\Winamp\winampa.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\TGTSoft\StyleXP\StyleXP.exe E:\Program Files\CursorXP\CursorXP.exe E:\Program Files\Zinio\ZinioDeliveryManager.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe E:\Program Files\WinZip\WZQKPICK.EXE D:\Program Files\Webshots\webshots.scr C:\Program Files\Panda Software\Panda Internet Security 2007\SRVLOAD.EXE c:\program files\panda software\panda internet security 2007\WebProxy.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Panda Software\Panda Internet Security 2007\psimreal.exe D:\Program Files\Opera\Opera.exe F:\Moje dokumenty\Windows+\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - D:\PROGRA~1\FlashGet\Jccatch.dll O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll O4 - HKLM…\Run: [skrót do strony właściwości High Definition Audio] HDAudPropShortcut.exe O4 - HKLM…\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM…\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe O4 - HKLM…\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe O4 - HKLM…\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe O4 - HKLM…\Run: [DemonStarter] C:\Program Files\PWN\Definicje\Bin\Starter.exe O4 - HKLM…\Run: [DAEMON Tools-1033] “E:\Program Files\D-Tools\daemon.exe” -lang 1033 O4 - HKLM…\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM…\Run: [APVXDWIN] “C:\Program Files\Panda Software\Panda Internet Security 2007\APVXDWIN.EXE” /s O4 - HKLM…\Run: [sCANINICIO] “C:\Program Files\Panda Software\Panda Internet Security 2007\Inicio.exe” O4 - HKLM…\Run: [WinampAgent] D:\Program Files\Winamp\winampa.exe O4 - HKLM…\Run: [ATICCC] “C:\Program Files\ATI Technologies\ATI.ACE\cli.exe” runtime O4 - HKLM…\Run: [MsgCenterExe] “C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe” -osboot O4 - HKLM…\Run: [LogonStudio] “E:\Program Files\WinCustomize\LogonStudio\logonstudio.exe” /RANDOM O4 - HKLM…\Run: [Vistadrv] F:\Moje dokumenty\Windows+\Talisman II\VISTA\Vistadrive\Vistadrive\vsdrv.exe O4 - HKLM…\Run: [!AVG Anti-Spyware] “E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe” /minimized O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU…\Run: [sTYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide O4 - HKCU…\Run: [CursorXP] E:\Program Files\CursorXP\CursorXP.exe O4 - HKCU…\Run: [Zinio DLM] E:\Program Files\Zinio\ZinioDeliveryManager.exe /autostart O4 - HKCU…\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: Webshots.lnk = D:\Program Files\Webshots\Launcher.exe O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe O4 - Global Startup: WinZip Quick Pick.lnk = E:\Program Files\WinZip\WZQKPICK.EXE O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://E:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~2\OFFICE12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.1_02\bin\npjpi141_02.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.1_02\bin\npjpi141_02.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O11 - Options group: [iNTERNATIONAL] International* O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/rap … loader.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda … 9054828807 O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game11.zylom.com/activex/zylomgamesplayer.cab O17 - HKLM\System\CCS\Services\Tcpip…{E84D536C-EE66-4332-BCCB-5528C8349933}: NameServer = 217.30.129.149,217.30.137.200 O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - “C:\PROGRA~1\MSNMES~1\msgrapp.dll” (file missing) O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Program Files\Panda Software\Panda Internet Security 2007\PavFnSvr.exe O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Software\Panda Internet Security 2007\pavsrv51.exe O23 - Service: Panda Antispam Engine (pmshellsrv) - Panda Software International - C:\Program Files\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc.exe O23 - Service: Panda Network Manager (PNMSRV) - Panda Software International - c:\program files\panda software\panda internet security 2007\firewall\PNMSRV.EXE O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software - C:\Program Files\Panda Software\Panda Internet Security 2007\PsImSvc.exe O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe O23 - Service: Panda TPSrv (TPSrv) - Panda Software - C:\Program Files\Panda Software\Panda Internet Security 2007\TPSrv.exe

SilentRunners:

“Silent Runners.vbs”, revision R50, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by “{++}” Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “CTFMON.EXE” = “C:\WINDOWS\system32\ctfmon.exe” [MS] “STYLEXP” = “C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide” [empty string] “CursorXP” = “E:\Program Files\CursorXP\CursorXP.exe” [" “] “Zinio DLM” = “E:\Program Files\Zinio\ZinioDeliveryManager.exe /autostart” [“Zinio Systems, Inc.”] “WMPNSCFG” = “C:\Program Files\Windows Media Player\WMPNSCFG.exe” [MS] HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “Skrót do strony właściwości High Definition Audio” = “HDAudPropShortcut.exe” [“Windows ® Server 2003 DDK provider”] “ATIPTA” = “C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe” [“ATI Technologies, Inc.”] “HP Software Update” = “C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe” [“Hewlett-Packard Co.”] “HPDJ Taskbar Utility” = “C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe” [“HP”] “DeviceDiscovery” = “C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe” [“Hewlett-Packard”] “DemonStarter” = “C:\Program Files\PWN\Definicje\Bin\Starter.exe” [null data] “DAEMON Tools-1033” = ““E:\Program Files\D-Tools\daemon.exe” -lang 1033” [“DAEMON’S HOME”] “NeroCheck” = “C:\WINDOWS\system32\NeroCheck.exe” [“Ahead Software Gmbh”] “APVXDWIN” = ““C:\Program Files\Panda Software\Panda Internet Security 2007\APVXDWIN.EXE” /s” [“Panda Software International”] “SCANINICIO” = ““C:\Program Files\Panda Software\Panda Internet Security 2007\Inicio.exe”” [“Panda Software International”] “WinampAgent” = “D:\Program Files\Winamp\winampa.exe” [null data] “ATICCC” = ““C:\Program Files\ATI Technologies\ATI.ACE\cli.exe” runtime” [null data] “MsgCenterExe” = ““C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe” -osboot” [file not found] “LogonStudio” = ““E:\Program Files\WinCustomize\LogonStudio\logonstudio.exe” /RANDOM” [“Stardock and Luca Saggese”] “Vistadrv” = “F:\Moje dokumenty\Windows+\Talisman II\VISTA\Vistadrive\Vistadrive\vsdrv.exe” [file not found] “!AVG Anti-Spyware” = ““E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe” /minimized” [“Anti-Malware Development a.s.”] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided) -> {HKLM…CLSID} = “AcroIEHlprObj Class” \InProcServer32(Default) = “E:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll” [“Adobe Systems Incorporated”] {22BF413B-C6D2-4d91-82A9-A0F997BA588C}(Default) = “Skype add-on (mastermind)” -> {HKLM…CLSID} = “Skype add-on (mastermind)” \InProcServer32(Default) = “C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL” [“Skype Technologies S.A.”] {53707962-6F74-2D53-2644-206D7942484F}(Default) = (no title provided) -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “E:\Program Files\Spybot - Search & Destroy\SDHelper.dll” [“Safer Networking Limited”] {A5366673-E8CA-11D3-9CD9-0090271D075B}(Default) = (no title provided) -> {HKLM…CLSID} = “IeCatch2 Class” \InProcServer32(Default) = “D:\PROGRA~1\FlashGet\Jccatch.dll” [“Amaze Soft”] {C333CF63-767F-4831-94AC-E683D962C63C}(Default) = “TGTSoft Explorer Toolbar Changer” -> {HKLM…CLSID} = “CoTGT_BHO Class” \InProcServer32(Default) = “C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll” [null data] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ “{42071714-76d4-11d1-8b24-00a0c9068ff3}” = “Rozszerzenie CPL kadrowania wyświetlania” -> {HKLM…CLSID} = “Rozszerzenie CPL kadrowania wyświetlania” \InProcServer32(Default) = “deskpan.dll” [file not found] “{88895560-9AA2-1069-930E-00AA0030EBC8}” = “Rozszerzenie ikony HyperTerminalu” -> {HKLM…CLSID} = “HyperTerminal Icon Ext” \InProcServer32(Default) = “C:\WINDOWS\system32\hticons.dll” [“Hilgraeve, Inc.”] “{FF393560-C2A7-11CF-BFF4-444553540000}” = “History” -> {HKCU…CLSID} = “History” \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] “{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}” = “The Internet” -> {HKCU…CLSID} = “The Internet” \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] “{88C6C381-2E85-11D0-94DE-444553540000}” = “ActiveX Cache Folder” -> {HKCU…CLSID} = “ActiveX Cache Folder” \InProcServer32(Default) = “C:\WINDOWS\system32\occache.dll” [MS] “{F5175861-2688-11d0-9C5E-00AA00A45957}” = “Subscription Folder” -> {HKCU…CLSID} = “Subscription Folder” \InProcServer32(Default) = “C:\WINDOWS\system32\webcheck.dll” [MS] “{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}” = “iTunes” -> {HKLM…CLSID} = “iTunes” \InProcServer32(Default) = “E:\Program Files\iTunes\iTunesMiniPlayer.dll” [“Apple Computer, Inc.”] “{4CCEFB41-18FA-11D3-9EF3-00A0C9E897FD}” = “Skladnik rozszerzenia powloki CorelDRAW” -> {HKLM…CLSID} = “CorelDRAW Shell Extension Component” \InProcServer32(Default) = “E:\Program Files\Corel\Corel Graphics 11\DRAW\CDRVIEWER\CrlShell110.dll” [null data] “{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}” = “OpenOffice.org Column Handler” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = ““C:\Program Files\OpenOffice.ux.pl 2.0.1\program\shlxthdl.dll”” [“Sun Microsystems, Inc.”] “{087B3AE3-E237-4467-B8DB-5A38AB959AC9}” = “OpenOffice.org Infotip Handler” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = ““C:\Program Files\OpenOffice.ux.pl 2.0.1\program\shlxthdl.dll”” [“Sun Microsystems, Inc.”] “{63542C48-9552-494A-84F7-73AA6A7C99C1}” = “OpenOffice.org Property Sheet Handler” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = ““C:\Program Files\OpenOffice.ux.pl 2.0.1\program\shlxthdl.dll”” [“Sun Microsystems, Inc.”] “{3B092F0C-7696-40E3-A80F-68D74DA84210}” = “OpenOffice.org Thumbnail Viewer” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = ““C:\Program Files\OpenOffice.ux.pl 2.0.1\program\shlxthdl.dll”” [“Sun Microsystems, Inc.”] “{00020D75-0000-0000-C000-000000000046}” = “Microsoft Office Outlook Desktop Icon Handler” -> {HKLM…CLSID} = “Microsoft Office Outlook” \InProcServer32(Default) = “E:\PROGRA~1\MICROS~1\OFFICE11\MLSHEXT.DLL” [MS] “{0006F045-0000-0000-C000-000000000046}” = “Microsoft Office Outlook Custom Icon Handler” -> {HKLM…CLSID} = “Rozszerzenie ikon plików programu Outlook” \InProcServer32(Default) = “E:\PROGRA~1\MICROS~1\OFFICE11\OLKFSTUB.DLL” [MS] “{42042206-2D85-11D3-8CFF-005004838597}” = “Microsoft Office HTML Icon Handler” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “E:\Program Files\Microsoft Office2007\OFFICE12\msohev.dll” [MS] “{506F4668-F13E-4AA1-BB04-B43203AB3CC0}” = “{506F4668-F13E-4AA1-BB04-B43203AB3CC0}” -> {HKLM…CLSID} = “ImageExtractorShellExt Class” \InProcServer32(Default) = “E:\Program Files\Microsoft Office\Visio11\VISSHE.DLL” [null data] “{D66DC78C-4F61-447F-942B-3FB6980118CF}” = “{D66DC78C-4F61-447F-942B-3FB6980118CF}” -> {HKLM…CLSID} = “CInfoTipShellExt Class” \InProcServer32(Default) = “E:\Program Files\Microsoft Office\Visio11\VISSHE.DLL” [null data] “{993BE281-6695-4BA5-8A2A-7AACBFAAB69E}” = “Microsoft Office Metadata Handler” -> {HKLM…CLSID} = “Microsoft Office Metadata Handler” \InProcServer32(Default) = “C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll” [MS] “{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97}” = “Microsoft Office Thumbnail Handler” -> {HKLM…CLSID} = “Microsoft Office Thumbnail Handler” \InProcServer32(Default) = “C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll” [MS] “{AC0B5D2E-B691-4E12-A4F9-CA88492579A2}” = “Zinio Shell Extension” -> {HKLM…CLSID} = “Zinio Magazine” \InProcServer32(Default) = “C:\Program Files\Common Files\Zinio\ZShext.dll” [“Zinio Systems, Inc.”] “{A9AACA72-1C51-4F84-804D-90EDBA0D58F4}” = “Zinio Magazine Column Provider” -> {HKLM…CLSID} = “MyMagazinesColumn Class” \InProcServer32(Default) = “C:\Program Files\Common Files\Zinio\ZShext.dll” [“Zinio Systems, Inc.”] “{32A9D769-5B55-4a25-9A62-86B5683FE50A}” = “NikonView Drop Extension” -> {HKLM…CLSID} = “NikonView Drop Extension” \InProcServer32(Default) = “E:\Program Files\Nikon\NkView6\NkvDropExt.dll” [“Nikon Corporation”] “{4ADF8C01-0AC7-4403-888C-012E6EA2F67E}” = “Sims2Pack Clean Installer Shell Extension” -> {HKLM…CLSID} = “S2PCISE.S2PCISE” \InProcServer32(Default) = “mscoree.dll” [MS] “{DEE12703-6333-4D4E-8F34-738C4DCC2E04}” = “RecordNow! SendToExt” -> {HKLM…CLSID} = “RecordNow! SendToExt” \InProcServer32(Default) = “D:\Program Files\Roxio\RecordNow!\shlext.dll” [null data] “{E91B2703-013E-4A99-AD33-2B6FB00AA356}” = “RecordNow! ContextMenuExt” -> {HKLM…CLSID} = “RecordNow! ContextMenuExt” \InProcServer32(Default) = “D:\Program Files\Roxio\RecordNow!\shlext.dll” [null data] “{A5110426-177D-4e08-AB3F-785F10B4439C}” = “Sony Ericsson File Manager” -> {HKLM…CLSID} = “Sony Ericsson File Manager” \InProcServer32(Default) = “C:\Program Files\Sony Ericsson\Mobile2\File Manager\fmgrgui.dll” [“Sony Ericsson Mobile Communications AB”] “{65756541-C65C-11CD-0000-4B656E696100}” = “Panda Antivirus” -> {HKLM…CLSID} = “Panda Antivirus” \InProcServer32(Default) = “C:\Program Files\Panda Software\Panda Internet Security 2007\PAVOLE.DLL” [“Panda Software”] “{5E2121EE-0300-11D4-8D3B-444553540000}” = “Catalyst Context Menu extension” -> {HKLM…CLSID} = “SimpleShlExt Class” \InProcServer32(Default) = “C:\Program Files\ATI Technologies\ATI.ACE\atiacmxx.dll” [empty string] “{E0D79304-84BE-11CE-9641-444553540000}” = “WinZip” -> {HKLM…CLSID} = “WinZip” \InProcServer32(Default) = “E:\PROGRA~1\WINZIP\WZSHLSTB.DLL” [“WinZip Computing LP”] “{E0D79305-84BE-11CE-9641-444553540000}” = “WinZip” -> {HKLM…CLSID} = “WinZip” \InProcServer32(Default) = “E:\PROGRA~1\WINZIP\WZSHLSTB.DLL” [“WinZip Computing LP”] “{E0D79306-84BE-11CE-9641-444553540000}” = “WinZip” -> {HKLM…CLSID} = “WinZip” \InProcServer32(Default) = “E:\PROGRA~1\WINZIP\WZSHLSTB.DLL” [“WinZip Computing LP”] “{E0D79307-84BE-11CE-9641-444553540000}” = “WinZip” -> {HKLM…CLSID} = “WinZip” \InProcServer32(Default) = “E:\PROGRA~1\WINZIP\WZSHLSTB.DLL” [“WinZip Computing LP”] “{453D1B6D-BD6A-4FA1-B876-9E4DD848D434}” = “AQQ File Transfer Shell Extension” -> {HKLM…CLSID} = “AQQ File Transfer Shell Extension” \InProcServer32(Default) = “E:\PROGRA~1\Wapster\AQQ\System\AQQSHE~1.DLL” [null data] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\ <> “{57B86673-276A-48B2-BAE7-C6DBB3020EB8}” = “AVG Anti-Spyware 7.5” -> {HKLM…CLSID} = “CShellExecuteHookImpl Object” \InProcServer32(Default) = “E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll” [“Anti-Malware Development a.s.”] HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ “WPDShServiceObj” = “{AAA288BA-9A4C-45B0-95D7-94D524869DB5}” -> {HKLM…CLSID} = “WPDShServiceObj Class” \InProcServer32(Default) = “C:\WINDOWS\system32\WPDShServiceObj.dll” [MS] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ <> AtiExtEvent\DLLName = “Ati2evxx.dll” [“ATI Technologies Inc.”] <> avldr\DLLName = “avldr.dll” [“Panda Software”] HKLM\Software\Classes\PROTOCOLS\Filter\ <> text/xml\CLSID = “{807553E5-5146-11D5-A672-00B0D022E945}” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL” [MS] HKLM\Software\Classes\Folder\shellex\ColumnHandlers\ {A9AACA72-1C51-4F84-804D-90EDBA0D58F4}(Default) = “Zinio Magazine Column Provider” -> {HKLM…CLSID} = “MyMagazinesColumn Class” \InProcServer32(Default) = “C:\Program Files\Common Files\Zinio\ZShext.dll” [“Zinio Systems, Inc.”] {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}(Default) = “OpenOffice.org Column Handler” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = ““C:\Program Files\OpenOffice.ux.pl 2.0.1\program\shlxthdl.dll”” [“Sun Microsystems, Inc.”] {F9DB5320-233E-11D1-9F84-707F02C10627}(Default) = “PDF Column Info” -> {HKLM…CLSID} = “PDF Shell Extension” \InProcServer32(Default) = “E:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll” [“Adobe Systems, Inc.”] HKLM\Software\Classes*\shellex\ContextMenuHandlers\ AQQFileTransfer(Default) = “{453D1B6D-BD6A-4FA1-B876-9E4DD848D434}” -> {HKLM…CLSID} = “AQQ File Transfer Shell Extension” \InProcServer32(Default) = “E:\PROGRA~1\Wapster\AQQ\System\AQQSHE~1.DLL” [null data] AVG Anti-Spyware(Default) = “{8934FCEF-F5B8-468f-951F-78A921CD3920}” -> {HKLM…CLSID} = “CContextScan Object” \InProcServer32(Default) = “E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll” [“Anti-Malware Development a.s.”] Panda Antivirus(Default) = “{65756541-C65C-11CD-0000-4B656E696100}” -> {HKLM…CLSID} = “Panda Antivirus” \InProcServer32(Default) = “C:\Program Files\Panda Software\Panda Internet Security 2007\PAVOLE.DLL” [“Panda Software”] WinZip(Default) = “{E0D79304-84BE-11CE-9641-444553540000}” -> {HKLM…CLSID} = “WinZip” \InProcServer32(Default) = “E:\PROGRA~1\WINZIP\WZSHLSTB.DLL” [“WinZip Computing LP”] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ AVG Anti-Spyware(Default) = “{8934FCEF-F5B8-468f-951F-78A921CD3920}” -> {HKLM…CLSID} = “CContextScan Object” \InProcServer32(Default) = “E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll” [“Anti-Malware Development a.s.”] WinZip(Default) = “{E0D79304-84BE-11CE-9641-444553540000}” -> {HKLM…CLSID} = “WinZip” \InProcServer32(Default) = “E:\PROGRA~1\WINZIP\WZSHLSTB.DLL” [“WinZip Computing LP”] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ Panda Antivirus(Default) = “{65756541-C65C-11CD-0000-4B656E696100}” -> {HKLM…CLSID} = “Panda Antivirus” \InProcServer32(Default) = “C:\Program Files\Panda Software\Panda Internet Security 2007\PAVOLE.DLL” [“Panda Software”] S2PCI(Default) = “{4ADF8C01-0AC7-4403-888C-012E6EA2F67E}” -> {HKLM…CLSID} = “S2PCISE.S2PCISE” \InProcServer32(Default) = “mscoree.dll” [MS] WinZip(Default) = “{E0D79304-84BE-11CE-9641-444553540000}” -> {HKLM…CLSID} = “WinZip” \InProcServer32(Default) = “E:\PROGRA~1\WINZIP\WZSHLSTB.DLL” [“WinZip Computing LP”] Default executables: -------------------- HKCU\Software\Classes.bat(Default) = (value not set) HKCU\Software\Classes.cmd(Default) = (value not set) HKCU\Software\Classes.com(Default) = “comfile” HKCU\Software\Classes.exe(Default) = “exefile” HKCU\Software\Classes.hta(Default) = “htafile” <> HKLM\Software\Classes\scrfile\shell\open\command(Default) = “”%1” %*" [file not found] Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\ “DisableRegistryTools” = (REG_SZ) 0 {User Configuration|Administrative Templates|System| Prevent access to registry editing tools} HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\ “shutdownwithoutlogon” = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Shutdown: Allow system to be shut down without having to log on} “undockwithoutlogon” = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Devices: Allow undock without having to log on} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ “Wallpaper” = “C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp” Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ “Wallpaper” = “C:\Documents and Settings\ANIA\Dane aplikacji\Webshots\The Webshots Desktop\Webshots Wallpaper.bmp” DESKTOP.INI DLL launch in local fixed drive directories: -------------------------------------------------------- C:\Documents and Settings\ANIA\Ustawienia lokalne\Historia\DESKTOP.INI [.ShellClassInfo] CLSID={FF393560-C2A7-11CF-BFF4-444553540000} -> {HKCU…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\Documents and Settings\ANIA\Ustawienia lokalne\Historia\History.IE5\DESKTOP.INI [.ShellClassInfo] CLSID={FF393560-C2A7-11CF-BFF4-444553540000} -> {HKCU…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\Documents and Settings\Default User\Ustawienia lokalne\Historia\DESKTOP.INI [.ShellClassInfo] CLSID={FF393560-C2A7-11CF-BFF4-444553540000} -> {HKCU…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\Documents and Settings\Default User\Ustawienia lokalne\Historia\History.IE5\DESKTOP.INI [.ShellClassInfo] CLSID={FF393560-C2A7-11CF-BFF4-444553540000} -> {HKCU…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\Documents and Settings\LocalService\Ustawienia lokalne\Historia\DESKTOP.INI [.ShellClassInfo] CLSID={FF393560-C2A7-11CF-BFF4-444553540000} -> {HKCU…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\Documents and Settings\LocalService\Ustawienia lokalne\Historia\History.IE5\DESKTOP.INI [.ShellClassInfo] CLSID={FF393560-C2A7-11CF-BFF4-444553540000} -> {HKCU…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\Documents and Settings\NetworkService\Ustawienia lokalne\Historia\History.IE5\DESKTOP.INI [.ShellClassInfo] CLSID={FF393560-C2A7-11CF-BFF4-444553540000} -> {HKCU…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\WINDOWS\Downloaded Program Files\DESKTOP.INI [.ShellClassInfo] CLSID={88C6C381-2E85-11d0-94DE-444553540000} -> {HKCU…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\occache.dll” [MS] C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Historia\DESKTOP.INI [.ShellClassInfo] CLSID={FF393560-C2A7-11CF-BFF4-444553540000} -> {HKCU…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\DESKTOP.INI [.ShellClassInfo] CLSID={FF393560-C2A7-11CF-BFF4-444553540000} -> {HKCU…CLSID}\InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] Startup items in “ANIA” & “All Users” startup folders: ------------------------------------------------------ C:\Documents and Settings\ANIA\Menu Start\Programy\Autostart “Adobe Gamma” -> shortcut to: “C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe” [“Adobe Systems, Inc.”] “Webshots” -> shortcut to: “D:\Program Files\Webshots\Launcher.exe /t” [null data] C:\Documents and Settings\All Users\Menu Start\Programy\Autostart “ATI CATALYST System Tray” -> shortcut to: “C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe SystemTray” [null data] “WinZip Quick Pick” -> shortcut to: “E:\Program Files\WinZip\WZQKPICK.EXE” [“WinZip Computing LP”] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] 000000000002\LibraryPath = “%SystemRoot%\System32\winrnr.dll” [MS] 000000000003\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: c:\program files\panda software\panda internet security 2007\pavlsp.dll [“Panda Software International”], 01 - 03, 20 %SystemRoot%\system32\mswsock.dll [MS], 04 - 07, 10 - 19 %SystemRoot%\system32\rsvpsp.dll [MS], 08 - 09 Toolbars, Explorer Bars, Extensions: ------------------------------------ Explorer Bars HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\ HKLM\Software\Classes\CLSID{FF059E31-CC5A-4E2E-BF3B-96E929D65503}(Default) = “&Badanie” Implemented Categories{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32(Default) = “E:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL” [MS] Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ “MenuText” = “Sun Java Console” “CLSIDExtension” = “{08B0E5C0-4FCB-11CF-AAA5-00401C608501}” {77BF5300-1474-4EC7-9980-D32B190E9B07}\ “ButtonText” = “Skype” “CLSIDExtension” = “{77BF5300-1474-4EC7-9980-D32B190E9B07}” -> {HKLM…CLSID} = “Skype add-on (button)” \InProcServer32(Default) = “C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL” [“Skype Technologies S.A.”] {92780B25-18CC-41C8-B9BE-3C9C571A8263}\ “ButtonText” = “Badanie” {E2E2DD38-D088-4134-82B7-F2BA38496583}\ “MenuText” = “@xpsp3res.dll,-20001” “Exec” = “%windir%\Network Diagnostic\xpnetdiag.exe” [MS] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ Ati HotKey Poller, Ati HotKey Poller, “C:\WINDOWS\system32\Ati2evxx.exe” [“ATI Technologies Inc.”] AVG Anti-Spyware Guard, AVG Anti-Spyware Guard, “E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe” [“Anti-Malware Development a.s.”] Machine Debug Manager, MDM, ““C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE”” [MS] MSSQL$MICROSOFTBCM, MSSQL$MICROSOFTBCM, “C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe -sMICROSOFTBCM” [MS] Panda anti-virus service, PAVSRV, ““C:\Program Files\Panda Software\Panda Internet Security 2007\pavsrv51.exe”” [“Panda Software International”] Panda Antispam Engine, pmshellsrv, “C:\Program Files\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc.exe” [“Panda Software International”] Panda Function Service, PAVFNSVR, ““C:\Program Files\Panda Software\Panda Internet Security 2007\PavFnSvr.exe”” [“Panda Software International”] Panda IManager Service, PSIMSVC, ““C:\Program Files\Panda Software\Panda Internet Security 2007\PsImSvc.exe”” [“Panda Software”] Panda Network Manager, PNMSRV, ““c:\program files\panda software\panda internet security 2007\firewall\PNMSRV.EXE”” [“Panda Software International”] Panda Process Protection Service, PavPrSrv, ““C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe”” [“Panda Software”] Panda TPSrv, TPSrv, ““C:\Program Files\Panda Software\Panda Internet Security 2007\TPSrv.exe”” [“Panda Software”] StyleXPService, StyleXPService, ““C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe”” [empty string] Usługa udostępniania w sieci programu Windows Media Player, WMPNetworkSvc, ““C:\Program Files\Windows Media Player\WMPNetwk.exe”” [MS] Print Monitors: --------------- HKLM\System\CurrentControlSet\Control\Print\Monitors\ hpzsnt08\Driver = “hpzsnt08.dll” [“HP”] Microsoft Document Imaging Writer Monitor\Driver = “mdimon.dll” [MS] PDF-XChange\Driver = “pxc25pm.dll” [“Tracker Software”] ---------- <>: Suspicious data at a malware launch point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + The search for DESKTOP.INI DLL launch points on all local fixed drives took 150 seconds. ---------- (total run time: 262 seconds)

Gutek · 15 Październik 2007 15:31

Optymalizacja XP: http://forum.dobreprogramy.pl/viewtopic.php?t=76580 + optymalizacja Autostartu

Czyszczenie rejestru:

RegCleaner - http://www.dobreprogramy.pl/index.php?dz=2&t=29&id=177

możesz rejestr przelecieć albo

jv16 PowerTools - http://www.dobreprogramy.pl/index.php?dz=2&t=29&id=509

Opis RegCleaner - http://www.agavk.p9.pl/strony/progra_regcleaner.php

Zobacz - Obsługa jv16 PowerTools