Net poważnie zwolnił


(Hilary42) #1

Od pewnego czasu mój internet strasznie zwolnił a sam PC dziala wolniej.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 10:31:08, on 2008-07-14

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16674)

Boot mode: Normal


Running processes:

H:\WINDOWS\System32\smss.exe

H:\WINDOWS\system32\winlogon.exe

H:\WINDOWS\system32\services.exe

H:\WINDOWS\system32\lsass.exe

H:\WINDOWS\system32\svchost.exe

H:\WINDOWS\System32\svchost.exe

H:\WINDOWS\system32\svchost.exe

H:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

H:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

H:\WINDOWS\Explorer.EXE

H:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

H:\WINDOWS\system32\spoolsv.exe

H:\WINDOWS\system32\RUNDLL32.EXE

H:\PROGRA~1\A4Tech\Mouse\Amoumain.exe

H:\WINDOWS\zHotkey.exe

H:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

H:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

H:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

H:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEE.EXE

H:\Program Files\Common Files\Symantec Shared\ccApp.exe

H:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe

H:\WINDOWS\V0220Mon.exe

H:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe

H:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

H:\Program Files\iTunes\iTunesHelper.exe

H:\Program Files\Multimedia Card Reader\shwicon2k.exe

H:\WINDOWS\RTHDCPL.EXE

H:\WINDOWS\system32\ctfmon.exe

H:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

H:\Program Files\Bonjour\mDNSResponder.exe

H:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

H:\WINDOWS\system32\nvsvc32.exe

H:\WINDOWS\system32\svchost.exe

H:\Program Files\iPod\bin\iPodService.exe

H:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

H:\Program Files\Opera\opera.exe

H:\WINDOWS\system32\taskmgr.exe

H:\Program Files\foobar2000\foobar2000.exe

H:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe

H:\Documents and Settings\Underek\Pulpit\CryptLoad_1.1.3\CryptLoad.exe

H:\Program Files\Trend Micro\HijackThis\HijackThis.exe


R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: (no name) - {37FC4EAE-1986-43DF-BFAF-2EA6DABDEA4E} - H:\WINDOWS\system32\credui32.dll

O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - H:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - H:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - H:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - H:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - H:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE H:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE H:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [WheelMouse] H:\PROGRA~1\A4Tech\Mouse\Amoumain.exe

O4 - HKLM\..\Run: [CHotkey] zHotkey.exe

O4 - HKLM\..\Run: [ShowWnd] ShowWnd.exe

O4 - HKLM\..\Run: [GrooveMonitor] "H:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [SunJavaUpdateSched] H:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

O4 - HKLM\..\Run: [RemoteControl] "H:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] H:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [EPSON Stylus DX4000 Series] H:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEE.EXE /FU "H:\WINDOWS\TEMP\E_SC0B.tmp" /EF "HKLM"

O4 - HKLM\..\Run: [ccApp] "H:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [osCheck] "H:\Program Files\Norton AntiVirus\osCheck.exe"

O4 - HKLM\..\Run: [QuickTime Task] "H:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [AVFX Engine] H:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe

O4 - HKLM\..\Run: [V0220Mon.exe] H:\WINDOWS\V0220Mon.exe

O4 - HKLM\..\Run: [HP Software Update] H:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe

O4 - HKLM\..\Run: [DeviceDiscovery] H:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

O4 - HKLM\..\Run: [iTunesHelper] "H:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [Sunkist2k] H:\Program Files\Multimedia Card Reader\shwicon2k.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKCU\..\Run: [ctfmon.exe] H:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Creative Live! Cam Manager] "H:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe"

O4 - HKCU\..\Run: [EPSON Stylus DX4000 Series] H:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEE.EXE /FU "H:\DOCUME~1\Underek\USTAWI~1\Temp\E_S67C.tmp" /EF "HKCU"

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://H:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - H:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - H:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - H:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - H:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - H:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe

O17 - HKLM\System\CCS\Services\Tcpip\..\{99A69558-EA77-42B1-BA5C-8CE622D4AB3B}: NameServer = 194.204.159.1,194.204.152.34

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - H:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL

O18 - Protocol: wpmsg - {2E0AC5A0-3597-11D6-B3ED-0001021DC1C3} - H:\Program Files\Spik\url_wpmsg.dll

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - H:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: Urządzenie mobilne Apple (Apple Mobile Device) - Apple, Inc. - H:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Bonjour Service - Apple Inc. - H:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - H:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - H:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - H:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Harmonogram automatycznej usługi LiveUpdate - Symantec Corporation - H:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: hpdj - HP - H:\DOCUME~1\Underek\USTAWI~1\Temp\hpdj.exe

O23 - Service: Usługa iPod (iPod Service) - Apple Inc. - H:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - H:\Program Files\Norton AntiVirus\isPwdSvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - H:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - H:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Symantec Core LC - Unknown owner - H:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - H:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe


--

End of file - 9234 bytes

"Silent Runners.vbs", revision 58, http://www.silentrunners.org/

Operating System: Windows XP SP2

Output limited to non-default values, except where indicated by "{++}"



Startup items buried in registry:

---------------------------------


HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}

"ctfmon.exe" = "H:\WINDOWS\system32\ctfmon.exe" [MS]

"Creative Live! Cam Manager" = ""H:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe"" ["Creative Technology Ltd."]

"EPSON Stylus DX4000 Series" = "H:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEE.EXE /FU "H:\DOCUME~1\Underek\USTAWI~1\Temp\E_S67C.tmp" /EF "HKCU"" ["SEIKO EPSON CORPORATION"]


HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}

"NvCplDaemon" = "RUNDLL32.EXE H:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]

"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]

"NvMediaCenter" = "RUNDLL32.EXE H:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit" [MS]

"WheelMouse" = "H:\PROGRA~1\A4Tech\Mouse\Amoumain.exe" ["A4Tech Co.,Ltd."]

"CHotkey" = "zHotkey.exe" ["Chicony"]

"ShowWnd" = "ShowWnd.exe" [null data]

"GrooveMonitor" = ""H:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"" [MS]

"SunJavaUpdateSched" = "H:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" ["Sun Microsystems, Inc."]

"RemoteControl" = ""H:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"" ["Cyberlink Corp."]

"NeroFilterCheck" = "H:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]

"EPSON Stylus DX4000 Series" = "H:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEE.EXE /FU "H:\WINDOWS\TEMP\E_SC0B.tmp" /EF "HKLM"" ["SEIKO EPSON CORPORATION"]

"ccApp" = ""H:\Program Files\Common Files\Symantec Shared\ccApp.exe"" ["Symantec Corporation"]

"osCheck" = ""H:\Program Files\Norton AntiVirus\osCheck.exe"" ["Symantec Corporation"]

"QuickTime Task" = ""H:\Program Files\QuickTime\QTTask.exe" -atboottime" ["Apple Inc."]

"AVFX Engine" = "H:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe" ["Creative Technology Ltd."]

"V0220Mon.exe" = "H:\WINDOWS\V0220Mon.exe" ["Creative Technology Ltd."]

"HP Software Update" = "H:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [null data]

"DeviceDiscovery" = "H:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" ["Hewlett-Packard"]

"iTunesHelper" = ""H:\Program Files\iTunes\iTunesHelper.exe"" ["Apple Inc."]

"Sunkist2k" = "H:\Program Files\Multimedia Card Reader\shwicon2k.exe" ["Alcor Micro, Corp."]

"RTHDCPL" = "RTHDCPL.EXE" ["Realtek Semiconductor Corp."]

"Alcmtr" = "ALCMTR.EXE" ["Realtek Semiconductor Corp."]


HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{37FC4EAE-1986-43DF-BFAF-2EA6DABDEA4E}\(Default) = (no title provided)

  -> {HKLM...CLSID} = (no title provided)

                   \InProcServer32\(Default) = "H:\WINDOWS\system32\credui32.dll" [null data]

{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}\(Default) = (no title provided)

  -> {HKLM...CLSID} = "Megaupload Toolbar"

                   \InProcServer32\(Default) = "H:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL" ["MEGAUPLOAD "]

{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)

  -> {HKLM...CLSID} = "Spybot-S&D IE Protection"

                   \InProcServer32\(Default) = "H:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]

{72853161-30C5-4D22-B7F9-0BBC1D38A37E}\(Default) = (no title provided)

  -> {HKLM...CLSID} = "Groove GFS Browser Helper"

                   \InProcServer32\(Default) = "H:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)

  -> {HKLM...CLSID} = "SSVHelper Class"

                   \InProcServer32\(Default) = "H:\Program Files\Java\jre1.6.0_05\bin\ssv.dll" ["Sun Microsystems, Inc."]


HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"

  -> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"

                   \InProcServer32\(Default) = "deskpan.dll" [file not found]

"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"

  -> {HKLM...CLSID} = "HyperTerminal Icon Ext"

                   \InProcServer32\(Default) = "H:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]

"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"

  -> {HKLM...CLSID} = "DesktopContext Class"

                   \InProcServer32\(Default) = "H:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]

"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"

  -> {HKLM...CLSID} = "NVIDIA CPL Extension"

                   \InProcServer32\(Default) = "H:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]

"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"

  -> {HKLM...CLSID} = "Desktop Explorer"

                   \InProcServer32\(Default) = "H:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]

"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"

  -> {HKLM...CLSID} = (no title provided)

                   \InProcServer32\(Default) = "H:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]

"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"

  -> {HKLM...CLSID} = "nView Desktop Context Menu"

                   \InProcServer32\(Default) = "H:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]

"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "H:\Program Files\WinRAR\rarext.dll" [null data]

"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}" = "Groove GFS Browser Helper"

  -> {HKLM...CLSID} = "Groove GFS Browser Helper"

                   \InProcServer32\(Default) = "H:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]

"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}" = "Groove GFS Explorer Bar"

  -> {HKLM...CLSID} = "Groove Folder Synchronization"

                   \InProcServer32\(Default) = "H:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]

"{A449600E-1DC6-4232-B948-9BD794D62056}" = "Groove GFS Stub Icon Handler"

  -> {HKLM...CLSID} = "Groove GFS Stub Icon Handler"

                   \InProcServer32\(Default) = "H:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]

"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}" = "Groove GFS Stub Execution Hook"

  -> {HKLM...CLSID} = "Groove GFS Stub Execution Hook"

                   \InProcServer32\(Default) = "H:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]

"{6C467336-8281-4E60-8204-430CED96822D}" = "Groove GFS Context Menu Handler"

  -> {HKLM...CLSID} = "Groove GFS Context Menu Handler"

                   \InProcServer32\(Default) = "H:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]

"{387E725D-DC16-4D76-B310-2C93ED4752A0}" = "Groove XML Icon Handler"

  -> {HKLM...CLSID} = "Groove XML Icon Handler"

                   \InProcServer32\(Default) = "H:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]

"{16F3DD56-1AF5-4347-846D-7C10C4192619}" = "Groove Explorer Icon Overlay 3 (GFS Folder)"

  -> {HKLM...CLSID} = "Groove Explorer Icon Overlay 3 (GFS Folder)"

                   \InProcServer32\(Default) = "H:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]

"{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC}" = "Groove Explorer Icon Overlay 2 (GFS Stub)"

  -> {HKLM...CLSID} = "Groove Explorer Icon Overlay 2 (GFS Stub)"

                   \InProcServer32\(Default) = "H:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]

"{2916C86E-86A6-43FE-8112-43ABE6BF8DCC}" = "Groove Explorer Icon Overlay 4 (GFS Unread Mark)"

  -> {HKLM...CLSID} = "Groove Explorer Icon Overlay 4 (GFS Unread Mark)"

                   \InProcServer32\(Default) = "H:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]

"{99FD978C-D287-4F50-827F-B2C658EDA8E7}" = "Groove Explorer Icon Overlay 1 (GFS Unread Stub)"

  -> {HKLM...CLSID} = "Groove Explorer Icon Overlay 1 (GFS Unread Stub)"

                   \InProcServer32\(Default) = "H:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]

"{920E6DB1-9907-4370-B3A0-BAFC03D81399}" = "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)"

  -> {HKLM...CLSID} = "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)"

                   \InProcServer32\(Default) = "H:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]

"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"

  -> {HKLM...CLSID} = "Outlook File Icon Extension"

                   \InProcServer32\(Default) = "H:\PROGRA~1\MICROS~2\Office12\OLKFSTUB.DLL" [MS]

"{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"

  -> {HKLM...CLSID} = "Microsoft Office Outlook"

                   \InProcServer32\(Default) = "H:\PROGRA~1\MICROS~2\Office12\MLSHEXT.DLL" [MS]

"{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C}" = "Microsoft Office OneNote Namespace Extension for Windows Desktop Search"

  -> {HKLM...CLSID} = "Microsoft Office OneNote Namespace Extension for Windows Desktop Search"

                   \InProcServer32\(Default) = "H:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL" [MS]

"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"

  -> {HKLM...CLSID} = (no title provided)

                   \InProcServer32\(Default) = "H:\Program Files\Microsoft Office\Office12\msohevi.dll" [MS]

"{993BE281-6695-4BA5-8A2A-7AACBFAAB69E}" = "Microsoft Office Metadata Handler"

  -> {HKLM...CLSID} = "Microsoft Office Metadata Handler"

                   \InProcServer32\(Default) = "H:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS]

"{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97}" = "Microsoft Office Thumbnail Handler"

  -> {HKLM...CLSID} = "Microsoft Office Thumbnail Handler"

                   \InProcServer32\(Default) = "H:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS]

"{4FED14EE-8086-4b0c-A0DE-C27042ED1296}" = "PDFTransformer2ContextMenu"

  -> {HKLM...CLSID} = "PDFTransformer2.PDFTContextMenu.1"

                   \InProcServer32\(Default) = "H:\Program Files\ABBYY PDF Transformer 2.0\PDFTContextMenu.dll" ["ABBYY Software"]

"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}" = "iTunes"

  -> {HKLM...CLSID} = "iTunes"

                   \InProcServer32\(Default) = "H:\Program Files\iTunes\iTunesMiniPlayer.dll" ["Apple Inc."]

"{23170F69-40C1-278A-1000-000100020000}" = "7-Zip Shell Extension"

  -> {HKLM...CLSID} = "7-Zip Shell Extension"

                   \InProcServer32\(Default) = "H:\Program Files\7-Zip\7-zip.dll" ["Igor Pavlov"]

"{B4B924A2-EBDA-11DA-95DA-00E08161165F}" = "Dodatki Spika"

  -> {HKLM...CLSID} = "SpikShellExt Class"

                   \InProcServer32\(Default) = "H:\Program Files\Spik\shellext_wpmsg.dll" ["Wirtualna Polska"]


HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\

<> "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}" = "Groove GFS Stub Execution Hook"

  -> {HKLM...CLSID} = "Groove GFS Stub Execution Hook"

                   \InProcServer32\(Default) = "H:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]


HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\

"WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

  -> {HKLM...CLSID} = "WPDShServiceObj Class"

                   \InProcServer32\(Default) = "H:\WINDOWS\system32\WPDShServiceObj.dll" [MS]


HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\

<> "BootExecute" = "autocheck autochk *"|"lsdelete" [null data]


HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\

<> text/xml\CLSID = "{807563E5-5146-11D5-A672-00B0D022E945}"

  -> {HKLM...CLSID} = "Microsoft Office InfoPath XML Mime Filter"

                   \InProcServer32\(Default) = "H:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL" [MS]


HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\

7-Zip\(Default) = "{23170F69-40C1-278A-1000-000100020000}"

  -> {HKLM...CLSID} = "7-Zip Shell Extension"

                   \InProcServer32\(Default) = "H:\Program Files\7-Zip\7-zip.dll" ["Igor Pavlov"]

PDFTransformer2ContextMenu\(Default) = "{4FED14EE-8086-4b0c-A0DE-C27042ED1296}"

  -> {HKLM...CLSID} = "PDFTransformer2.PDFTContextMenu.1"

                   \InProcServer32\(Default) = "H:\Program Files\ABBYY PDF Transformer 2.0\PDFTContextMenu.dll" ["ABBYY Software"]

Spik\(Default) = "{B4B924A2-EBDA-11DA-95DA-00E08161165F}"

  -> {HKLM...CLSID} = "SpikShellExt Class"

                   \InProcServer32\(Default) = "H:\Program Files\Spik\shellext_wpmsg.dll" ["Wirtualna Polska"]

Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{FAD61B3D-699D-49B2-BE16-7F82CB4C59CA}"

  -> {HKLM...CLSID} = "IEContextMenu Class"

                   \InProcServer32\(Default) = "H:\PROGRA~1\NORTON~1\NavShExt.dll" ["Symantec Corporation"]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "H:\Program Files\WinRAR\rarext.dll" [null data]

XXX Groove GFS Context Menu Handler XXX\(Default) = "{6C467336-8281-4E60-8204-430CED96822D}"

  -> {HKLM...CLSID} = "Groove GFS Context Menu Handler"

                   \InProcServer32\(Default) = "H:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]


HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\

7-Zip\(Default) = "{23170F69-40C1-278A-1000-000100020000}"

  -> {HKLM...CLSID} = "7-Zip Shell Extension"

                   \InProcServer32\(Default) = "H:\Program Files\7-Zip\7-zip.dll" ["Igor Pavlov"]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "H:\Program Files\WinRAR\rarext.dll" [null data]

XXX Groove GFS Context Menu Handler XXX\(Default) = "{6C467336-8281-4E60-8204-430CED96822D}"

  -> {HKLM...CLSID} = "Groove GFS Context Menu Handler"

                   \InProcServer32\(Default) = "H:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]


HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\

Spik\(Default) = "{B4B924A2-EBDA-11DA-95DA-00E08161165F}"

  -> {HKLM...CLSID} = "SpikShellExt Class"

                   \InProcServer32\(Default) = "H:\Program Files\Spik\shellext_wpmsg.dll" ["Wirtualna Polska"]

Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{FAD61B3D-699D-49B2-BE16-7F82CB4C59CA}"

  -> {HKLM...CLSID} = "IEContextMenu Class"

                   \InProcServer32\(Default) = "H:\PROGRA~1\NORTON~1\NavShExt.dll" ["Symantec Corporation"]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "H:\Program Files\WinRAR\rarext.dll" [null data]

XXX Groove GFS Context Menu Handler XXX\(Default) = "{6C467336-8281-4E60-8204-430CED96822D}"

  -> {HKLM...CLSID} = "Groove GFS Context Menu Handler"

                   \InProcServer32\(Default) = "H:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]


HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\

XXX Groove GFS Context Menu Handler XXX\(Default) = "{6C467336-8281-4E60-8204-430CED96822D}"

  -> {HKLM...CLSID} = "Groove GFS Context Menu Handler"

                   \InProcServer32\(Default) = "H:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]



Group Policies {GPedit.msc branch and setting}:

-----------------------------------------------


Note: detected settings may not have any effect.


HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\


"shutdownwithoutlogon" = (REG_DWORD) dword:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

Shutdown: Allow system to be shut down without having to log on}


"undockwithoutlogon" = (REG_DWORD) dword:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

Devices: Allow undock without having to log on}



Active Desktop and Wallpaper:

-----------------------------


Active Desktop may be disabled at this entry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState


Displayed if Active Desktop enabled and wallpaper not set by Group Policy:

HKCU\Software\Microsoft\Internet Explorer\Desktop\General\

"Wallpaper" = "H:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"


Displayed if Active Desktop disabled and wallpaper not set by Group Policy:

HKCU\Control Panel\Desktop\

"Wallpaper" = "H:\Documents and Settings\Underek\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"



Windows Portable Device AutoPlay Handlers

-----------------------------------------


HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\


iTunesBurnCDOnArrival\

"Provider" = "iTunes"

"InvokeProgID" = "iTunes.BurnCD"

"InvokeVerb" = "burn"

HKLM\SOFTWARE\Classes\iTunes.BurnCD\shell\burn\command\(Default) = ""H:\Program Files\iTunes\iTunes.exe" /AutoPlayBurn "%L"" ["Apple Inc."]


iTunesImportSongsOnArrival\

"Provider" = "iTunes"

"InvokeProgID" = "iTunes.ImportSongsOnCD"

"InvokeVerb" = "import"

HKLM\SOFTWARE\Classes\iTunes.ImportSongsOnCD\shell\import\command\(Default) = ""H:\Program Files\iTunes\iTunes.exe" /AutoPlayImportSongs "%L"" ["Apple Inc."]


iTunesPlaySongsOnArrival\

"Provider" = "iTunes"

"InvokeProgID" = "iTunes.PlaySongsOnCD"

"InvokeVerb" = "play"

HKLM\SOFTWARE\Classes\iTunes.PlaySongsOnCD\shell\play\command\(Default) = ""H:\Program Files\iTunes\iTunes.exe" /playCD "%L"" ["Apple Inc."]


iTunesShowSongsOnArrival\

"Provider" = "iTunes"

"InvokeProgID" = "iTunes.ShowSongsOnCD"

"InvokeVerb" = "showsongs"

HKLM\SOFTWARE\Classes\iTunes.ShowSongsOnCD\shell\showsongs\command\(Default) = ""H:\Program Files\iTunes\iTunes.exe" /AutoPlayShowSongs "%L"" ["Apple Inc."]


MPCPlayCDAudioOnArrival\

"Provider" = "Media Player Classi"

"InvokeProgID" = "MPC.CDAudio"

"InvokeVerb" = "play"

HKLM\SOFTWARE\Classes\MPC.CDAudio\shell\play\command\(Default) = ""H:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe" %L /cd" ["Gabest"]


MPCPlayDVDMovieOnArrival\

"Provider" = "Media Player Classic"

"InvokeProgID" = "MPC.DVDMovie"

"InvokeVerb" = "play"

HKLM\SOFTWARE\Classes\MPC.DVDMovie\shell\play\command\(Default) = ""H:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe" %L /dvd" ["Gabest"]


MSWPDShellNamespaceHandler\

"Provider" = "@%SystemRoot%\System32\WPDShextRes.dll,-501"

"CLSID" = "{A55803CC-4D53-404c-8557-FD63DBA95D24}"

"InitCmdLine" = " "

  -> {HKLM...CLSID} = "WPDShextAutoplay"

                   \LocalServer32\(Default) = "H:\WINDOWS\system32\WPDShextAutoplay.exe" [MS]


NeroAutoPlay2CDAudio\

"Provider" = "Nero Express"

"InvokeProgID" = "Nero.AutoPlay2"

"InvokeVerb" = "HandleCDBurningOnArrival_CDAudio"

HKLM\SOFTWARE\Classes\Nero.AutoPlay2\shell\HandleCDBurningOnArrival_CDAudio\command\(Default) = "H:\Program Files\Ahead\nero\nero.exe /w /New:AudioCD /Drive:%L" ["Ahead Software AG"]


NeroAutoPlay2CopyCD\

"Provider" = "Nero Express"

"InvokeProgID" = "Nero.AutoPlay2"

"InvokeVerb" = "PlayCDAudioOnArrival_CopyCD"

HKLM\SOFTWARE\Classes\Nero.AutoPlay2\shell\PlayCDAudioOnArrival_CopyCD\command\(Default) = "H:\Program Files\Ahead\nero\nero.exe /w /Dialog:DiscCopy /Drive:%L" ["Ahead Software AG"]


NeroAutoPlay2DataDisc\

"Provider" = "Nero Express"

"InvokeProgID" = "Nero.AutoPlay2"

"InvokeVerb" = "HandleCDBurningOnArrival_DataDisc"

HKLM\SOFTWARE\Classes\Nero.AutoPlay2\shell\HandleCDBurningOnArrival_DataDisc\command\(Default) = "H:\Program Files\Ahead\nero\nero.exe /w /New:ISODisc /Drive:%L" ["Ahead Software AG"]


NeroAutoPlay2LaunchNeroStartSmart\

"Provider" = "Nero StartSmart"

"InvokeProgID" = "Nero.AutoPlay2"

"InvokeVerb" = "HandleCDBurningOnArrival_LaunchNeroStartSmart"

HKLM\SOFTWARE\Classes\Nero.AutoPlay2\shell\HandleCDBurningOnArrival_LaunchNeroStartSmart\command\(Default) = "H:\Program Files\Ahead\Nero StartSmart\NeroStartSmart.exe /AutoPlay /Drive:%L" ["Ahead Software AG"]


PDVDPlayCDAudioOnArrival\

"Provider" = "PowerDVD"

"InvokeProgID" = "AudioCD"

"InvokeVerb" = "PlayWithPowerDVD"

HKLM\SOFTWARE\Classes\AudioCD\shell\PlayWithPowerDVD\Command\(Default) = ""H:\Program Files\CyberLink DVD Solution\PowerDVD\PowerDVD.exe" "%L"" ["CyberLink Corp."]


PDVDPlayDVDMovieOnArrival\

"Provider" = "PowerDVD"

"InvokeProgID" = "DVD"

"InvokeVerb" = "PlayWithPowerDVD"

HKLM\SOFTWARE\Classes\DVD\shell\PlayWithPowerDVD\Command\(Default) = ""H:\Program Files\CyberLink DVD Solution\PowerDVD\PowerDVD.exe" "%l"" ["CyberLink Corp."]


PDVDPlayVCDMovieOnArrival\

"Provider" = "PowerDVD"

"InvokeProgID" = "VCD"

"InvokeVerb" = "PlayWithPowerDVD"

HKLM\SOFTWARE\Classes\VCD\shell\PlayWithPowerDVD\Command\(Default) = ""H:\Program Files\CyberLink DVD Solution\PowerDVD\PowerDVD.exe" "%l"" ["CyberLink Corp."]



Enabled Scheduled Tasks:

------------------------


"AppleSoftwareUpdate" -> launches: "H:\Program Files\Apple Software Update\SoftwareUpdate.exe -task" ["Apple Inc."]

"Norton AntiVirus - Uruchom pełne skanowanie systemu - Underek" -> launches: "H:\PROGRA~1\NORTON~1\Navw32.exe /TASK:"H:\Documents and Settings\All Users\Dane aplikacji\Symantec\Norton AntiVirus\Tasks\mycomp.sca"" ["Symantec Corporation"]



Winsock2 Service Provider DLLs:

-------------------------------


Namespace Service Providers


HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}

000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]

000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

000000000004\LibraryPath = "H:\Program Files\Bonjour\mdnsNSP.dll" ["Apple Inc."]


Transport Service Providers


HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}

0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:

%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 19

%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05



Toolbars, Explorer Bars, Extensions:

------------------------------------


Toolbars


HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\

"{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}"

  -> {HKLM...CLSID} = "Megaupload Toolbar"

                   \InProcServer32\(Default) = "H:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL" ["MEGAUPLOAD "]

"{F2CF5485-4E02-4F68-819C-B92DE9277049}"

  -> {HKLM...CLSID} = "&Links"

                   \InProcServer32\(Default) = "H:\WINDOWS\system32\ieframe.dll" [MS]


HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\

"{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}" = (no title provided)

  -> {HKLM...CLSID} = "Megaupload Toolbar"

                   \InProcServer32\(Default) = "H:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL" ["MEGAUPLOAD "]


Explorer Bars


HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\


HKLM\SOFTWARE\Classes\CLSID\{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}\(Default) = "Groove Folder Synchronization"

Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]

InProcServer32\(Default) = "H:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]


HKLM\SOFTWARE\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Poszukaj"

Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]

InProcServer32\(Default) = "H:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL" [MS]


Extensions (Tools menu items, main toolbar menu buttons)


HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\

{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\

"MenuText" = "Sun Java Console"

"CLSIDExtension" = "{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC}"

  -> {HKCU...CLSID} = "Java Plug-in 1.6.0_05"

                   \InProcServer32\(Default) = "H:\Program Files\Java\jre1.6.0_05\bin\ssv.dll" ["Sun Microsystems, Inc."]

  -> {HKLM...CLSID} = "Java Plug-in 1.6.0_05"

                   \InProcServer32\(Default) = "H:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll" ["Sun Microsystems, Inc."]


{2670000A-7350-4F3C-8081-5663EE0C6C49}\

"ButtonText" = "Wyślij do programu OneNote"

"MenuText" = "Wyślij &do programu OneNote"

"CLSIDExtension" = "{48E73304-E1D6-4330-914C-F5F514E3486C}"

  -> {HKLM...CLSID} = "Send to OneNote from Internet Explorer button"

                   \InProcServer32\(Default) = "H:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll" [MS]


{92780B25-18CC-41C8-B9BE-3C9C571A8263}\

"ButtonText" = "Research"


{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}\

"MenuText" = "Spybot - Search & Destroy Configuration"

"CLSIDExtension" = "{53707962-6F74-2D53-2644-206D7942484F}"

  -> {HKLM...CLSID} = "Spybot-S&D IE Protection"

                   \InProcServer32\(Default) = "H:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]


{FB5F1910-F110-11D2-BB9E-00C04F795683}\

"ButtonText" = "Messenger"

"MenuText" = "Windows Messenger"

"Exec" = "H:\Program Files\Messenger\msmsgs.exe" [MS]



Miscellaneous IE Hijack Points

------------------------------


HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\

<> "Tabs" = "H:\Documents and Settings\Underek\Dane aplikacji\MEGAUPLOADTOOLBAR\tabwelcome.html" [null data]



Running Services (Display Name, Service Name, Path {Service DLL}):

------------------------------------------------------------------


Bonjour Service, Bonjour Service, ""H:\Program Files\Bonjour\mDNSResponder.exe"" ["Apple Inc."]

Harmonogram automatycznej usługi LiveUpdate, Harmonogram automatycznej usługi LiveUpdate, ""H:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe"" ["Symantec Corporation"]

Lavasoft Ad-Aware Service, aawservice, ""H:\Program Files\Lavasoft\Ad-Aware\aawservice.exe"" ["Lavasoft"]

NVIDIA Display Driver Service, NVSvc, "H:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"]

Symantec AppCore Service, SymAppCore, ""H:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe"" ["Symantec Corporation"]

Symantec Core LC, Symantec Core LC, ""H:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe"" ["Symantec Corporation"]

Symantec Event Manager, ccEvtMgr, ""H:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon" ["Symantec Corporation"]

Symantec Lic NetConnect service, CLTNetCnService, ""H:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon" ["Symantec Corporation"]

Symantec Settings Manager, ccSetMgr, ""H:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon" ["Symantec Corporation"]

Urządzenie mobilne Apple, Apple Mobile Device, ""H:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe"" ["Apple, Inc."]

Usługa iPod, iPod Service, ""H:\Program Files\iPod\bin\iPodService.exe"" ["Apple Inc."]

Windows Driver Foundation - User-mode Driver Framework, WudfSvc, "H:\WINDOWS\system32\svchost.exe -k WudfServiceGroup" {"H:\WINDOWS\System32\WUDFSvc.dll" [MS]}



Print Monitors:

---------------


HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\

EPSON Stylus DX4000 Series 32MonitorBE\Driver = "E_FLBBEE.DLL" ["SEIKO EPSON CORPORATION"]

hpzsnt08\Driver = "hpzsnt08.dll" ["HP"]

PDF-XChange\Driver = "H:\WINDOWS\system32\pxc25pm.dll" ["Tracker Software"]

Send To Microsoft OneNote Monitor\Driver = "msonpmon.dll" [MS]



---------- (launch time: 2008-07-14 10:35:25)

<>: Suspicious data at a malware launch point.

<>: Suspicious data at a browser hijack point.


+ This report excludes default entries except where indicated.

+ To see *everywhere* the script checks and *everything* it finds,

  launch it from a command prompt or a shortcut with the -all parameter.

+ The search for DESKTOP.INI DLL launch points on all local fixed drives

  took 43 seconds.

---------- (total run time: 89 seconds)

(huber2t) #2

Pokaż log z combofix

logi wygladają na czyste


(Sebastianchrzan) #3

może dostawca leci w kulki sprawdz szybkość i www.speedtest.net/


(Hilary42) #4

(huber2t) #5

Pobierz ComboFix, ale nie uruchamiaj

Wklej do notatnika:

File::

H:\WINDOWS\system32\credui32.dll


Registry::

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{37FC4EAE-1986-43DF-BFAF-2EA6DABDEA4E}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1a3e9c0c-00ca-11dd-a6b2-00038a000015}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1c5f5b34-167c-11dd-a6f8-00038a0000

Plik -> zapisz jako -> CFScript.txt (najwygodniej będzie, jeśli zapiszesz w takiej lokalizacji, by ikonka CFScript.txt znalazła się obok ikonki ComboFix.exe )

Przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe tak jak tu ->

02f8f1e3c410a4cc.gif

Rozpocznie się usuwanie i powstanie log, który dasz na forum.

Logi dajesz na http://wklejto.pl a w poście dajesz tylko link


(Hilary42) #6

http://wklejto.pl/5754


(huber2t) #7

otwórz notatnik i wklej

Z menu Notatnika -> Plik -> Zapisz jako -> Zmień rozszerzenie z .txt na wszystkie pliki -> zapisz pod nazwą Fix.reg

Uruchom ten plik, uruchom ponownie komputer

usuń ręcznie folder C: \Qoobox , usuń instalkę Combofix z dysku.

Przeczyść komputer Ccleanerem

Wykonaj optymalizację autostartu

Wyłącz i włącz przywracanie systemu na wszystkich dyskach. Instrukcja

Przeskanuj obszar mojego komputera http://www.kaspersky.pl/virusscanner.html (uruchom przez IE) Daj raport z niego na forum

lub

Dr.WEB CureIt!


(Hilary42) #8

Zrobione Dr.WEB CureIt! tez nicł nie znalazł.


(Leon$) #9

nie wiem czy zrobiłeś optymalizację autostartu

według mnie do wyłączenia aplikacje

usuń HijackThisem >> Fix checked

jeśli nie używasz wielu języków

Panel sterowania >> opcje regionalne i językowe >> języki >> zaawansowane >> zaznacz Wyłącz zaawansowane usługi tekstowe

Nad pozostałymi też warto by się zastanowić czy nie wyłączyć z uruchamiania systemu

:slight_smile:


(Hilary42) #10

Co twoim zdaniem jeszcze wywalić?


(Leon$) #11

jeśli wyłączyłeś te co podałem

to jeżeli chodzi o pozostałe to musisz sam zadecydować które aplikacje i programy wyłączyć a które nie

w uruchamianiu powinny być

1.antywirus

2.aplikacje systemowe

3.programy które ty chcesz aby uruchamiały się za każdym razem

:slight_smile:


(Hilary42) #12

Dobra ale co z tym muleniem neta i PC-a


(Leon$) #13

Każda z tych aplikacji działająca w tle zabiera zasoby procesora i pamięci

pozostało ci jeszcze trochę

ty masz jeszcze tyle a ja mam tylko cztery i gdyby nie zepsuty przycisk myszy to było by trzy

a ty masz całą listę i zastanawiasz się czemu komp muli

:slight_smile:


(Hilary42) #14

Wcześniej tego było więcej i działało a teraz jest mniej i nie działa. Skasuje coś tylko ze nie wiem co do czego jest może ktoś to na szybko opisać.