pysiul86
(Olga86)
30 Lipiec 2008 11:01
#1
Witam od pewnego czasu zauważyłem że mój komputer jakoś dziwnie zwolnił nie wiem czym zostało to spowodowane, martwi mnie to jednak troszkę dlatego z pomocą zwracam się właśnie do was.
Błędu wogule nie jestem w stanie odczytać bo pokazuje się na sekundeczkę dosłownie widzę tylko że jest to czerwony krzyżyk. Dzieję się to tylko nieraz podczas wyłączania komputera.
Co do tego że wyraźnie zwolnił to chodzi mi np. o to żę bardzo olno działa mi internet oraz o to że np wypakowanie rara trwa bardzo długo.
Zamieszczam logi z SR oraz HJ
Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:56:15, on 2008-07-30 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe D:\Program Files\Moje Programy\Programy Sprawdzające I Zabezpieczające Komputer\Kaspersky Anti-Virus 7.0\avp.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe D:\Program Files\Moje Programy\Programy Do Nagrywania I Emulowania Płyt CD I DVD\Alcohol 120\StarWind\StarWindServiceAE.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Labtec\Media Keyboard\V5.0\KbdAp32A.exe D:\Program Files\Moje Programy\Programy Sprawdzające I Zabezpieczające Komputer\Kaspersky Anti-Virus 7.0\avp.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\TGTSoft\StyleXP\StyleXP.exe D:\Program Files\Moje Programy\Programy Użytkowe\RocketDock\RocketDock.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe D:\Program Files\Moje Programy\Programy Użytkowe\Kalendarz XP\Kalendarz.exe D:\Program Files\Moje Programy\Przeglądarki Internetowe\Mozilla Firefox 2.0\firefox.exe C:\Documents and Settings\Dąbrowski Łukasz\Pulpit\HiJackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Moje Programy\Programy Do Przeglądania Dokumentów PDF\Adobe Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - D:\Program Files\Moje Programy\Programy Do Komunikacji Internetowej\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files\Moje Programy\Programy Sprawdzające I Zabezpieczające Komputer\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\PROGRA~1\MOJEPR~1\PRBC3E~1\MICROS~1\Office12\GRA8E1~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Expressivo - {85F685C3-20D9-4943-95E4-EB4224056C3F} - D:\Program Files\Moje Programy\Programy Spikery\Expressivo\IH_iexplore.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: Expressivo - {85F685C3-20D9-4943-95E4-EB4224056C3F} - D:\Program Files\Moje Programy\Programy Spikery\Expressivo\IH_iexplore.dll O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM…\Run: [nwiz] nwiz.exe /install O4 - HKLM…\Run: [LWBKEYBOARD] C:\Program Files\Labtec\Media Keyboard\V5.0\KbdAp32A.exe O4 - HKLM…\Run: [updReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM…\Run: [AVP] “D:\Program Files\Moje Programy\Programy Sprawdzające I Zabezpieczające Komputer\Kaspersky Anti-Virus 7.0\avp.exe” O4 - HKLM…\Run: [sunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe” O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM…\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM…\Run: [soundMan] SOUNDMAN.EXE O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU…\Run: [sTYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide O4 - HKCU…\Run: [RocketDock] “D:\Program Files\Moje Programy\Programy Użytkowe\RocketDock\RocketDock.exe” O4 - HKCU…\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKUS\S-1-5-19…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘USŁUGA LOKALNA’) O4 - HKUS\S-1-5-20…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘USŁUGA SIECIOWA’) O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’) O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’) O4 - Global Startup: Kalendarz XP.lnk = ? O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://D:\PROGRA~1\MOJEPR~1\PRBC3E~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Konwertuj do Adobe PDF - res://D:\Program Files\Moje Programy\Programy Do Przeglądania Dokumentów PDF\Adobe Acrobat 8 Professional\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Konwertuj miejsce docelowe łącza do Adobe PDF - res://D:\Program Files\Moje Programy\Programy Do Przeglądania Dokumentów PDF\Adobe Acrobat 8 Professional\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Konwertuj miejsce docelowe łącza do istniejącego pliku PDF - res://D:\Program Files\Moje Programy\Programy Do Przeglądania Dokumentów PDF\Adobe Acrobat 8 Professional\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Konwertuj wybrane łącza do Adobe PDF - res://D:\Program Files\Moje Programy\Programy Do Przeglądania Dokumentów PDF\Adobe Acrobat 8 Professional\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Konwertuj zaznaczenie do Adobe PDF - res://D:\Program Files\Moje Programy\Programy Do Przeglądania Dokumentów PDF\Adobe Acrobat 8 Professional\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Konwertuj zaznaczenie do istniejącego pliku PDF - res://D:\Program Files\Moje Programy\Programy Do Przeglądania Dokumentów PDF\Adobe Acrobat 8 Professional\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Open Picture in &Microsoft PhotoDraw - res://D:\PROGRA~1\MOJEPR~1\PR1748~1\MICROS~1\Office\1033\phdintl.dll/phdContext.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Statystyki dla ochrony WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - D:\Program Files\Moje Programy\Programy Sprawdzające I Zabezpieczające Komputer\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MOJEPR~1\PRBC3E~1\MICROS~1\Office12\ONBttnIE.dll O9 - Extra ‘Tools’ menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MOJEPR~1\PRBC3E~1\MICROS~1\Office12\ONBttnIE.dll O9 - Extra button: Kolekcja wycinków HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll O9 - Extra button: Zaznaczanie HP Smart - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - D:\Program Files\Moje Programy\Programy Do Komunikacji Internetowej\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MOJEPR~1\PRBC3E~1\MICROS~1\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll ,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\PROGRA~1\MOJEPR~1\PRBC3E~1\MICROS~1\Office12\GR99D3~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - D:\Program Files\Moje Programy\Programy Sprawdzające I Zabezpieczające Komputer\Kaspersky Anti-Virus 7.0\avp.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: NBService - Nero AG - D:\Program Files\Moje Programy\Programy Do Nagrywania I Emulowania Płyt CD I DVD\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - D:\Program Files\Moje Programy\Programy Do Nagrywania I Emulowania Płyt CD I DVD\Alcohol 120\StarWind\StarWindServiceAE.exe O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe – End of file - 11221 bytes
“Silent Runners.vbs”, revision 58, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by “{++}” Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “CTFMON.EXE” = “C:\WINDOWS\system32\ctfmon.exe” [MS] “STYLEXP” = “C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide” [empty string] “RocketDock” = ““D:\Program Files\Moje Programy\Programy Użytkowe\RocketDock\RocketDock.exe”” [null data] “swg” = “C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe” [“Google Inc.”] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} “NvCplDaemon” = “RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup” [MS] “nwiz” = “nwiz.exe /install” [“NVIDIA Corporation”] “LWBKEYBOARD” = “C:\Program Files\Labtec\Media Keyboard\V5.0\KbdAp32A.exe” [empty string] “UpdReg” = “C:\WINDOWS\UpdReg.EXE” [“Creative Technology Ltd.”] “AVP” = ““D:\Program Files\Moje Programy\Programy Sprawdzające I Zabezpieczające Komputer\Kaspersky Anti-Virus 7.0\avp.exe”” [“Kaspersky Lab”] “SunJavaUpdateSched” = ““C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe”” [“Sun Microsystems, Inc.”] “NvMediaCenter” = “RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit” [MS] “HP Software Update” = “C:\Program Files\HP\HP Software Update\HPWuSchd2.exe” [“Hewlett-Packard Co.”] “SoundMan” = “SOUNDMAN.EXE” [“Realtek Semiconductor Corp.”] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {02478D38-C3F9-4EFB-9B51-7695ECA05670}(Default) = (no title provided) -> {HKLM…CLSID} = “Yahoo! Toolbar Helper” \InProcServer32(Default) = “C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll” [“Yahoo! Inc.”] {0347C33E-8762-4905-BF09-768834316C61}(Default) = “HP Print Enhancer” -> {HKLM…CLSID} = “HP Print Enhancer” \InProcServer32(Default) = “C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll” [“Hewlett-Packard Co.”] {053F9267-DC04-4294-A72C-58F732D338C0}(Default) = (no title provided) -> {HKLM…CLSID} = “HP Print Clips” \InProcServer32(Default) = “C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll” [“Hewlett-Packard Co.”] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided) -> {HKLM…CLSID} = “AcroIEHlprObj Class” \InProcServer32(Default) = “D:\Program Files\Moje Programy\Programy Do Przeglądania Dokumentów PDF\Adobe Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll” [“Adobe Systems Incorporated”] {22BF413B-C6D2-4d91-82A9-A0F997BA588C}(Default) = (no title provided) -> {HKLM…CLSID} = “Skype add-on (mastermind)” \InProcServer32(Default) = “D:\Program Files\Moje Programy\Programy Do Komunikacji Internetowej\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll” [“Skype Technologies S.A.”] {53707962-6F74-2D53-2644-206D7942484F}(Default) = (no title provided) -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “D:\Program Files\Moje Programy\Programy Sprawdzające I Zabezpieczające Komputer\Spybot - Search & Destroy\SDHelper.dll” [“Safer Networking Limited”] {72853161-30C5-4D22-B7F9-0BBC1D38A37E}(Default) = (no title provided) -> {HKLM…CLSID} = “Groove GFS Browser Helper” \InProcServer32(Default) = “D:\PROGRA~1\MOJEPR~1\PRBC3E~1\MICROS~1\Office12\GRA8E1~1.DLL” [MS] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}(Default) = (no title provided) -> {HKLM…CLSID} = “SSVHelper Class” \InProcServer32(Default) = “C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll” [“Sun Microsystems, Inc.”] {85F685C3-20D9-4943-95E4-EB4224056C3F}(Default) = (no title provided) -> {HKLM…CLSID} = “Expressivo” \InProcServer32(Default) = “D:\Program Files\Moje Programy\Programy Spikery\Expressivo\IH_iexplore.dll” [“IVO Software Sp. z o.o.”] {AA58ED58-01DD-4d91-8333-CF10577473F7}(Default) = (no title provided) -> {HKLM…CLSID} = “Google Toolbar Helper” \InProcServer32(Default) = “c:\program files\google\googletoolbar1.dll” [“Google Inc.”] {AF69DE43-7D58-4638-B6FA-CE66B5AD205D}(Default) = (no title provided) -> {HKLM…CLSID} = “Google Toolbar Notifier BHO” \InProcServer32(Default) = “C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll” [“Google Inc.”] {C333CF63-767F-4831-94AC-E683D962C63C}(Default) = “TGTSoft Explorer Toolbar Changer” -> {HKLM…CLSID} = “CoTGT_BHO Class” \InProcServer32(Default) = “C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll” [null data] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ “{88895560-9AA2-1069-930E-00AA0030EBC8}” = “Rozszerzenie ikony HyperTerminalu” -> {HKLM…CLSID} = “HyperTerminal Icon Ext” \InProcServer32(Default) = “C:\WINDOWS\system32\hticons.dll” [“Hilgraeve, Inc.”] “{EFA24E62-B078-11d0-89E4-00C04FC9E26E}” = “History Band” -> {HKLM…CLSID} = “History Band” \InProcServer32(Default) = “C:\WINDOWS\system32\shdocvw.dll” [MS] “{A70C977A-BF00-412C-90B7-034C51DA2439}” = “NvCpl DesktopContext Class” -> {HKLM…CLSID} = “DesktopContext Class” \InProcServer32(Default) = “C:\WINDOWS\system32\nvcpl.dll” [“NVIDIA Corporation”] “{1CDB2949-8F65-4355-8456-263E7C208A5D}” = “Desktop Explorer” -> {HKLM…CLSID} = “Desktop Explorer” \InProcServer32(Default) = “C:\WINDOWS\system32\nvshell.dll” [“NVIDIA Corporation”] “{1E9B04FB-F9E5-4718-997B-B8DA88302A47}” = “Desktop Explorer Menu” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\WINDOWS\system32\nvshell.dll” [“NVIDIA Corporation”] “{1E9B04FB-F9E5-4718-997B-B8DA88302A48}” = “nView Desktop Context Menu” -> {HKLM…CLSID} = “nView Desktop Context Menu” \InProcServer32(Default) = “C:\WINDOWS\system32\nvshell.dll” [“NVIDIA Corporation”] “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” = “WinRAR shell extension” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “D:\Program Files\Moje Programy\Programy Kompresujące\WinRAR 3.70\rarext.dll” [null data] “{97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2}” = “NeroCoverEd Live Icons” -> {HKLM…CLSID} = “NeroCoverEdLiveIcons Class” \InProcServer32(Default) = “D:\Program Files\Moje Programy\Programy Do Nagrywania I Emulowania Płyt CD I DVD\Nero 7\Nero CoverDesigner\CoverEdExtension.dll” [“Nero AG”] “{67C63340-679B-11D2-92EE-000021474C19}” = “IrfanView Extensions” -> {HKLM…CLSID} = “IrfanView Extensions” \InProcServer32(Default) = “D:\Program Files\Moje Programy\Programy Do Przeglądania Grafiki\IrfanView 4.00\IVEX.dll” [“BAxBEx Software”] “{23170F69-40C1-278A-1000-000100020000}” = “7-Zip Shell Extension” -> {HKLM…CLSID} = “7-Zip Shell Extension” \InProcServer32(Default) = “D:\Program Files\Moje Programy\Programy Kompresujące\7-Zip\7-zip.dll” [“Igor Pavlov”] “{E0D79304-84BE-11CE-9641-444553540000}” = “WinZip” -> {HKLM…CLSID} = “WinZip” \InProcServer32(Default) = “D:\PROGRA~1\MOJEPR~1\PR75B6~1\WINZIP\WZSHLSTB.DLL” [“WinZip Computing LP”] “{E0D79305-84BE-11CE-9641-444553540000}” = “WinZip” -> {HKLM…CLSID} = “WinZip” \InProcServer32(Default) = “D:\PROGRA~1\MOJEPR~1\PR75B6~1\WINZIP\WZSHLSTB.DLL” [“WinZip Computing LP”] “{E0D79306-84BE-11CE-9641-444553540000}” = “WinZip” -> {HKLM…CLSID} = “WinZip” \InProcServer32(Default) = “D:\PROGRA~1\MOJEPR~1\PR75B6~1\WINZIP\WZSHLSTB.DLL” [“WinZip Computing LP”] “{E0D79307-84BE-11CE-9641-444553540000}” = “WinZip” -> {HKLM…CLSID} = “WinZip” \InProcServer32(Default) = “D:\PROGRA~1\MOJEPR~1\PR75B6~1\WINZIP\WZSHLSTB.DLL” [“WinZip Computing LP”] “{85E0B171-04FA-11D1-B7DA-00A0C90348D6}” = “Statystyki dla ochrony WWW” -> {HKLM…CLSID} = “Statystyki dla ochrony WWW” \InProcServer32(Default) = “D:\Program Files\Moje Programy\Programy Sprawdzające I Zabezpieczające Komputer\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll” [“Kaspersky Lab”] “{FFB699E0-306A-11d3-8BD1-00104B6F7516}” = “Play on my TV helper” -> {HKLM…CLSID} = “NVIDIA CPL Extension” \InProcServer32(Default) = “C:\WINDOWS\system32\nvcpl.dll” [“NVIDIA Corporation”] “{72853161-30C5-4D22-B7F9-0BBC1D38A37E}” = “Groove GFS Browser Helper” -> {HKLM…CLSID} = “Groove GFS Browser Helper” \InProcServer32(Default) = “D:\PROGRA~1\MOJEPR~1\PRBC3E~1\MICROS~1\Office12\GRA8E1~1.DLL” [MS] “{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}” = “Groove GFS Explorer Bar” -> {HKLM…CLSID} = “Groove Folder Synchronization” \InProcServer32(Default) = “D:\PROGRA~1\MOJEPR~1\PRBC3E~1\MICROS~1\Office12\GRA8E1~1.DLL” [MS] “{A449600E-1DC6-4232-B948-9BD794D62056}” = “Groove GFS Stub Icon Handler” -> {HKLM…CLSID} = “Groove GFS Stub Icon Handler” \InProcServer32(Default) = “D:\PROGRA~1\MOJEPR~1\PRBC3E~1\MICROS~1\Office12\GRA8E1~1.DLL” [MS] “{B5A7F190-DDA6-4420-B3BA-52453494E6CD}” = “Groove GFS Stub Execution Hook” -> {HKLM…CLSID} = “Groove GFS Stub Execution Hook” \InProcServer32(Default) = “D:\PROGRA~1\MOJEPR~1\PRBC3E~1\MICROS~1\Office12\GRA8E1~1.DLL” [MS] “{6C467336-8281-4E60-8204-430CED96822D}” = “Groove GFS Context Menu Handler” -> {HKLM…CLSID} = “Groove GFS Context Menu Handler” \InProcServer32(Default) = “D:\PROGRA~1\MOJEPR~1\PRBC3E~1\MICROS~1\Office12\GRA8E1~1.DLL” [MS] “{387E725D-DC16-4D76-B310-2C93ED4752A0}” = “Groove XML Icon Handler” -> {HKLM…CLSID} = “Groove XML Icon Handler” \InProcServer32(Default) = “D:\PROGRA~1\MOJEPR~1\PRBC3E~1\MICROS~1\Office12\GRA8E1~1.DLL” [MS] “{16F3DD56-1AF5-4347-846D-7C10C4192619}” = “Groove Explorer Icon Overlay 3 (GFS Folder)” -> {HKLM…CLSID} = “Groove Explorer Icon Overlay 3 (GFS Folder)” \InProcServer32(Default) = “D:\PROGRA~1\MOJEPR~1\PRBC3E~1\MICROS~1\Office12\GRA8E1~1.DLL” [MS] “{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC}” = “Groove Explorer Icon Overlay 2 (GFS Stub)” -> {HKLM…CLSID} = “Groove Explorer Icon Overlay 2 (GFS Stub)” \InProcServer32(Default) = “D:\PROGRA~1\MOJEPR~1\PRBC3E~1\MICROS~1\Office12\GRA8E1~1.DLL” [MS] “{2916C86E-86A6-43FE-8112-43ABE6BF8DCC}” = “Groove Explorer Icon Overlay 4 (GFS Unread Mark)” -> {HKLM…CLSID} = “Groove Explorer Icon Overlay 4 (GFS Unread Mark)” \InProcServer32(Default) = “D:\PROGRA~1\MOJEPR~1\PRBC3E~1\MICROS~1\Office12\GRA8E1~1.DLL” [MS] “{99FD978C-D287-4F50-827F-B2C658EDA8E7}” = “Groove Explorer Icon Overlay 1 (GFS Unread Stub)” -> {HKLM…CLSID} = “Groove Explorer Icon Overlay 1 (GFS Unread Stub)” \InProcServer32(Default) = “D:\PROGRA~1\MOJEPR~1\PRBC3E~1\MICROS~1\Office12\GRA8E1~1.DLL” [MS] “{920E6DB1-9907-4370-B3A0-BAFC03D81399}” = “Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)” -> {HKLM…CLSID} = “Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)” \InProcServer32(Default) = “D:\PROGRA~1\MOJEPR~1\PRBC3E~1\MICROS~1\Office12\GRA8E1~1.DLL” [MS] “{0006F045-0000-0000-C000-000000000046}” = “Microsoft Office Outlook Custom Icon Handler” -> {HKLM…CLSID} = “Outlook File Icon Extension” \InProcServer32(Default) = “D:\PROGRA~1\MOJEPR~1\PRBC3E~1\MICROS~1\Office12\OLKFSTUB.DLL” [MS] “{00020D75-0000-0000-C000-000000000046}” = “Microsoft Office Outlook Desktop Icon Handler” -> {HKLM…CLSID} = “Microsoft Office Outlook” \InProcServer32(Default) = “D:\PROGRA~1\MOJEPR~1\PRBC3E~1\MICROS~1\Office12\MLSHEXT.DLL” [MS] “{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C}” = “Microsoft Office OneNote Namespace Extension for Windows Desktop Search” -> {HKLM…CLSID} = “Microsoft Office OneNote Namespace Extension for Windows Desktop Search” \InProcServer32(Default) = “D:\PROGRA~1\MOJEPR~1\PRBC3E~1\MICROS~1\Office12\ONFILTER.DLL” [MS] “{42042206-2D85-11D3-8CFF-005004838597}” = “Microsoft Office HTML Icon Handler” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “D:\Program Files\Moje Programy\Programy Biurowe\Microsoft Office 2003\Office12\msohevi.dll” [MS] “{993BE281-6695-4BA5-8A2A-7AACBFAAB69E}” = “Microsoft Office Metadata Handler” -> {HKLM…CLSID} = “Microsoft Office Metadata Handler” \InProcServer32(Default) = “C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll” [MS] “{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97}” = “Microsoft Office Thumbnail Handler” -> {HKLM…CLSID} = “Microsoft Office Thumbnail Handler” \InProcServer32(Default) = “C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll” [MS] “{416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A}” = “Nokia Phone Browser” -> {HKLM…CLSID} = “Nokia Phone Browser” \InProcServer32(Default) = “D:\Program Files\Moje Programy\Nokia PC Suite\Nokia PC Suite 6\phonebrowser.dll” [“Nokia”] “{3A93B640-3755-4D0A-AC39-2DB8CEB0B0D1}” = “MMCopyHook” -> {HKLM…CLSID} = “MMCopyHook Class” \InProcServer32(Default) = “D:\Program Files\Moje Programy\Nokia PC Suite\Nokia Map Manager\MapMgrCopyHook.dll” ["TODO: "] “{1F77B17B-F531-44DB-ACA4-76ABB5010A28}” = “AIMP2: ShellExt” -> {HKLM…CLSID} = “AIMP2: ShellExt” \InProcServer32(Default) = “D:\PROGRA~1\MOJEPR~1\PR7013~1\AIMP2~1.5\System\AIMP_S~1.DLL” [“AIMP DevTeam”] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\ <> “{B5A7F190-DDA6-4420-B3BA-52453494E6CD}” = “Groove GFS Stub Execution Hook” -> {HKLM…CLSID} = “Groove GFS Stub Execution Hook” \InProcServer32(Default) = “D:\PROGRA~1\MOJEPR~1\PRBC3E~1\MICROS~1\Office12\GRA8E1~1.DLL” [MS] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ “WPDShServiceObj” = “{AAA288BA-9A4C-45B0-95D7-94D524869DB5}” -> {HKLM…CLSID} = “WPDShServiceObj Class” \InProcServer32(Default) = “C:\WINDOWS\system32\WPDShServiceObj.dll” [MS] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ <> klogon\DLLName = “C:\WINDOWS\system32\klogon.dll” [“Kaspersky Lab”] HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\ <> text/xml\CLSID = “{807563E5-5146-11D5-A672-00B0D022E945}” -> {HKLM…CLSID} = “Microsoft Office InfoPath XML Mime Filter” \InProcServer32(Default) = “C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL” [MS] HKLM\SOFTWARE\Classes*\shellex\ContextMenuHandlers\ 7-Zip(Default) = “{23170F69-40C1-278A-1000-000100020000}” -> {HKLM…CLSID} = “7-Zip Shell Extension” \InProcServer32(Default) = “D:\Program Files\Moje Programy\Programy Kompresujące\7-Zip\7-zip.dll” [“Igor Pavlov”] AIMPClassic(Default) = “{1F77B17B-F531-44DB-ACA4-76ABB5010A28}” -> {HKLM…CLSID} = “AIMP2: ShellExt” \InProcServer32(Default) = “D:\PROGRA~1\MOJEPR~1\PR7013~1\AIMP2~1.5\System\AIMP_S~1.DLL” [“AIMP DevTeam”] Cover Designer(Default) = “{73FCA462-9BD5-4065-A73F-A8E5F6904EF7}” -> {HKLM…CLSID} = “NeroCoverEdContextMenu Class” \InProcServer32(Default) = “D:\Program Files\Moje Programy\Programy Do Nagrywania I Emulowania Płyt CD I DVD\Nero 7\Nero CoverDesigner\CoverEdExtension.dll” [“Nero AG”] Kaspersky Anti-Virus(Default) = “{dd230880-495a-11d1-b064-008048ec2fc5}” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “D:\Program Files\Moje Programy\Programy Sprawdzające I Zabezpieczające Komputer\Kaspersky Anti-Virus 7.0\ShellEx.dll” [“Kaspersky Lab”] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “D:\Program Files\Moje Programy\Programy Kompresujące\WinRAR 3.70\rarext.dll” [null data] WinZip(Default) = “{E0D79304-84BE-11CE-9641-444553540000}” -> {HKLM…CLSID} = “WinZip” \InProcServer32(Default) = “D:\PROGRA~1\MOJEPR~1\PR75B6~1\WINZIP\WZSHLSTB.DLL” [“WinZip Computing LP”] XXX Groove GFS Context Menu Handler XXX(Default) = “{6C467336-8281-4E60-8204-430CED96822D}” -> {HKLM…CLSID} = “Groove GFS Context Menu Handler” \InProcServer32(Default) = “D:\PROGRA~1\MOJEPR~1\PRBC3E~1\MICROS~1\Office12\GRA8E1~1.DLL” [MS] {67C63340-679B-11D2-92EE-000021474C19}(Default) = “{67C63340-679B-11D2-92EE-000021474C19}” -> {HKLM…CLSID} = “IrfanView Extensions” \InProcServer32(Default) = “D:\Program Files\Moje Programy\Programy Do Przeglądania Grafiki\IrfanView 4.00\IVEX.dll” [“BAxBEx Software”] HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ 7-Zip(Default) = “{23170F69-40C1-278A-1000-000100020000}” -> {HKLM…CLSID} = “7-Zip Shell Extension” \InProcServer32(Default) = “D:\Program Files\Moje Programy\Programy Kompresujące\7-Zip\7-zip.dll” [“Igor Pavlov”] AIMPClassic(Default) = “{1F77B17B-F531-44DB-ACA4-76ABB5010A28}” -> {HKLM…CLSID} = “AIMP2: ShellExt” \InProcServer32(Default) = “D:\PROGRA~1\MOJEPR~1\PR7013~1\AIMP2~1.5\System\AIMP_S~1.DLL” [“AIMP DevTeam”] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “D:\Program Files\Moje Programy\Programy Kompresujące\WinRAR 3.70\rarext.dll” [null data] WinZip(Default) = “{E0D79304-84BE-11CE-9641-444553540000}” -> {HKLM…CLSID} = “WinZip” \InProcServer32(Default) = “D:\PROGRA~1\MOJEPR~1\PR75B6~1\WINZIP\WZSHLSTB.DLL” [“WinZip Computing LP”] XXX Groove GFS Context Menu Handler XXX(Default) = “{6C467336-8281-4E60-8204-430CED96822D}” -> {HKLM…CLSID} = “Groove GFS Context Menu Handler” \InProcServer32(Default) = “D:\PROGRA~1\MOJEPR~1\PRBC3E~1\MICROS~1\Office12\GRA8E1~1.DLL” [MS] HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\ Kaspersky Anti-Virus(Default) = “{dd230880-495a-11d1-b064-008048ec2fc5}” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “D:\Program Files\Moje Programy\Programy Sprawdzające I Zabezpieczające Komputer\Kaspersky Anti-Virus 7.0\ShellEx.dll” [“Kaspersky Lab”] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “D:\Program Files\Moje Programy\Programy Kompresujące\WinRAR 3.70\rarext.dll” [null data] WinZip(Default) = “{E0D79304-84BE-11CE-9641-444553540000}” -> {HKLM…CLSID} = “WinZip” \InProcServer32(Default) = “D:\PROGRA~1\MOJEPR~1\PR75B6~1\WINZIP\WZSHLSTB.DLL” [“WinZip Computing LP”] XXX Groove GFS Context Menu Handler XXX(Default) = “{6C467336-8281-4E60-8204-430CED96822D}” -> {HKLM…CLSID} = “Groove GFS Context Menu Handler” \InProcServer32(Default) = “D:\PROGRA~1\MOJEPR~1\PRBC3E~1\MICROS~1\Office12\GRA8E1~1.DLL” [MS] HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\ XXX Groove GFS Context Menu Handler XXX(Default) = “{6C467336-8281-4E60-8204-430CED96822D}” -> {HKLM…CLSID} = “Groove GFS Context Menu Handler” \InProcServer32(Default) = “D:\PROGRA~1\MOJEPR~1\PRBC3E~1\MICROS~1\Office12\GRA8E1~1.DLL” [MS] Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\ “NoLowDiskSpaceChecks” = (REG_DWORD) dword:0x00000001 {unrecognized setting} HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ “shutdownwithoutlogon” = (REG_DWORD) dword:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Shutdown: Allow system to be shut down without having to log on} “undockwithoutlogon” = (REG_DWORD) dword:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Devices: Allow undock without having to log on} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ “Wallpaper” = “%APPDATA%\IrfanView\IrfanView_Wallpaper.bmp” Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ “Wallpaper” = “C:\Documents and Settings\Dąbrowski Łukasz\Dane aplikacji\IrfanView\IrfanView_Wallpaper.bmp” Windows Portable Device AutoPlay Handlers ----------------------------------------- HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ AlcoholAutoPlayV2.BurnDisc\ “Provider” = “Alcohol 120%” “InvokeProgID” = “AlcoholAutoPlayV2” “InvokeVerb” = “BurnDisc” HKLM\SOFTWARE\Classes\AlcoholAutoPlayV2\shell\BurnDisc\command(Default) = ““D:\Program Files\Moje Programy\Programy Do Nagrywania I Emulowania Płyt CD I DVD\Alcohol 120_Alcohol.exe” %1” [“Alcohol Soft Development Team”] AlcoholAutoPlayV2.ReadDisc\ “Provider” = “Alcohol 120%” “InvokeProgID” = “AlcoholAutoPlayV2” “InvokeVerb” = “ReadDisc” HKLM\SOFTWARE\Classes\AlcoholAutoPlayV2\shell\ReadDisc\command(Default) = ““D:\Program Files\Moje Programy\Programy Do Nagrywania I Emulowania Płyt CD I DVD\Alcohol 120_Alcohol.exe” %1” [“Alcohol Soft Development Team”] CTPlayAudioOnArrival\ “Provider” = “@C :\Program Files\Creative\MediaSource\CTCMS.CRL,-14345” “InvokeProgID” = “CTAutoPL.AudioCDPlayer.1” “InvokeVerb” = “open” HKLM\SOFTWARE\Classes\CTAutoPL.AudioCDPlayer.1\shell\open\command(Default) = ““C:\Program Files\Creative\MediaSource\CTCMS.exe” /T=CLASSKEY_AudioCD IN %L PlayNow” [“Creative Technology Ltd”] HPAutoplayPSE\ “Provider” = “HP Photosmart Essential 2.01” “InvokeProgID” = “HpqPSApl.Autoplay” “InvokeVerb” = “Play” HKLM\SOFTWARE\Classes\HpqPSApl.Autoplay\shell\Play\DropTarget\CLSID = “{A6873065-D632-4615-A3A9-C5F05EE109C1}” -> {HKLM…CLSID} = (no title provided) \LocalServer32(Default) = “C:\Program Files\HP\Digital Imaging\bin\HpqPsApl.exe” [“Hewlett-Packard”] MPCPlayCDAudioOnArrival\ “Provider” = “Media Player Classi” “InvokeProgID” = “MPC.CDAudio” “InvokeVerb” = “play” HKLM\SOFTWARE\Classes\MPC.CDAudio\shell\play\command(Default) = ““D:\Program Files\Moje Programy\Kodeki Do Filmów I Muzyki\K-Lite Codec Pack\Media Player Classic\mplayerc.exe” %L /cd” [“Gabest”] MPCPlayDVDMovieOnArrival\ “Provider” = “Media Player Classic” “InvokeProgID” = “MPC.DVDMovie” “InvokeVerb” = “play” HKLM\SOFTWARE\Classes\MPC.DVDMovie\shell\play\command(Default) = ““D:\Program Files\Moje Programy\Kodeki Do Filmów I Muzyki\K-Lite Codec Pack\Media Player Classic\mplayerc.exe” %L /dvd” [“Gabest”] MSWPDShellNamespaceHandler\ “Provider” = “@%SystemRoot%\System32\WPDShextRes.dll,-501” “CLSID” = “{A55803CC-4D53-404c-8557-FD63DBA95D24}” “InitCmdLine” = " " -> {HKLM…CLSID} = “WPDShextAutoplay” \LocalServer32(Default) = “C:\WINDOWS\system32\WPDShextAutoplay.exe” [MS] NeroAutoPlay7AudioToNeroDigital\ “Provider” = “Nero Burning ROM” “InvokeProgID” = “Nero.AutoPlay7” “InvokeVerb” = “AudioToNeroDigital_PlayCDAudioOnArrival” HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\AudioToNeroDigital_PlayCDAudioOnArrival\command(Default) = “D:\Program Files\Moje Programy\Programy Do Nagrywania I Emulowania Płyt CD I DVD\Nero 7\Core\nero.exe /Dialog:SaveTracks %L” [“Nero AG”] NeroAutoPlay7CDAudio\ “Provider” = “Nero Express” “InvokeProgID” = “Nero.AutoPlay7” “InvokeVerb” = “CDAudio_HandleCDBurningOnArrival” HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\CDAudio_HandleCDBurningOnArrival\command(Default) = “D:\Program Files\Moje Programy\Programy Do Nagrywania I Emulowania Płyt CD I DVD\Nero 7\Core\nero.exe -w /New:AudioCD” [“Nero AG”] NeroAutoPlay7CopyCD\ “Provider” = “Nero Burning ROM” “InvokeProgID” = “Nero.AutoPlay7” “InvokeVerb” = “CopyCD_PlayMusicFilesOnArrival” HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\CopyCD_PlayMusicFilesOnArrival\command(Default) = “D:\Program Files\Moje Programy\Programy Do Nagrywania I Emulowania Płyt CD I DVD\Nero 7\Core\nero.exe /Dialog:DiscCopy %L” [“Nero AG”] NeroAutoPlay7DataDisc\ “Provider” = “Nero Express” “InvokeProgID” = “Nero.AutoPlay7” “InvokeVerb” = “DataDisc_HandleCDBurningOnArrival” HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\DataDisc_HandleCDBurningOnArrival\command(Default) = “D:\Program Files\Moje Programy\Programy Do Nagrywania I Emulowania Płyt CD I DVD\Nero 7\Core\nero.exe -w /New:ISODisc” [“Nero AG”] NeroAutoPlay7LaunchNeroStartSmart\ “Provider” = “Nero StartSmart” “InvokeProgID” = “Nero.AutoPlay7” “InvokeVerb” = “LaunchNeroStartSmart_HandleCDBurningOnArrival” HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\LaunchNeroStartSmart_HandleCDBurningOnArrival\command(Default) = “D:\Program Files\Moje Programy\Programy Do Nagrywania I Emulowania Płyt CD I DVD\Nero 7\Nero StartSmart\NeroStartSmart.exe /AutoPlay” [“Nero AG”] NeroAutoPlay7PlayAudioCD\ “Provider” = “Nero ShowTime” “InvokeProgID” = “Nero.AutoPlay7” “InvokeVerb” = “PlayAudioCD_PlayMusicFilesOnArrival” HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\PlayAudioCD_PlayMusicFilesOnArrival\command(Default) = “D:\Program Files\Moje Programy\Programy Do Nagrywania I Emulowania Płyt CD I DVD\Nero 7\Nero ShowTime\ShowTime.exe /Play %L” [“Nero AG”] NeroAutoPlay7PlayDVD\ “Provider” = “Nero ShowTime” “InvokeProgID” = “Nero.AutoPlay7” “InvokeVerb” = “PlayDVD_PlayVideoFilesOnArrival” HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\PlayDVD_PlayVideoFilesOnArrival\command(Default) = “D:\Program Files\Moje Programy\Programy Do Nagrywania I Emulowania Płyt CD I DVD\Nero 7\Nero ShowTime\ShowTime.exe /Play %L” [“Nero AG”] NeroAutoPlay7RipCD\ “Provider” = “Nero Burning ROM” “InvokeProgID” = “Nero.AutoPlay7” “InvokeVerb” = “RipCD_PlayCDAudioOnArrival” HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\RipCD_PlayCDAudioOnArrival\command(Default) = “D:\Program Files\Moje Programy\Programy Do Nagrywania I Emulowania Płyt CD I DVD\Nero 7\Core\nero.exe /Dialog:SaveTracks %L” [“Nero AG”] NeroAutoPlay7TranscodeVideo\ “Provider” = “Nero Recode” “InvokeProgID” = “Nero.AutoPlay7” “InvokeVerb” = “TranscodeVideo_PlayDVDMovieOnArrival” HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\TranscodeVideo_PlayDVDMovieOnArrival\command(Default) = “D:\Program Files\Moje Programy\Programy Do Nagrywania I Emulowania Płyt CD I DVD\Nero 7\Nero Recode\Recode.exe /New:CopyDVDVideo” [“Nero AG”] NeroAutoPlay7VideoCapture\ “Provider” = “Nero Vision” “ProgID” = “Shell.HWEventHandlerShellExecute” “InitCmdLine” = ““D:\Program Files\Moje Programy\Programy Do Nagrywania I Emulowania Płyt CD I DVD\Nero 7\Nero Vision\NeroVision.exe” /New:VideoCapture” HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID(Default) = “{FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}” -> {HKLM…CLSID} = “ShellExecute HW Event Handler” \LocalServer32(Default) = “rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}” [MS] NeroAutoPlay7ViewPhotos\ “Provider” = “Nero PhotoSnap Viewer” “InvokeProgID” = “Nero.AutoPlay7” “InvokeVerb” = “ViewPhotos_ShowPicturesOnArrival” HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\ViewPhotos_ShowPicturesOnArrival\command(Default) = “D:\Program Files\Moje Programy\Programy Do Nagrywania I Emulowania Płyt CD I DVD\Nero 7\Nero PhotoSnap\PhotoSnapViewer.exe /” [“Nero AG”] NMMPlayCDAudioOnArrival\ “Provider” = “Nokia Music Manager” “InvokeProgID” = “NokiaMusicManager” “InvokeVerb” = “NMMPlayCD” HKLM\SOFTWARE\Classes\NokiaMusicManager\shell\NMMPlayCD\command(Default) = “D:\Program Files\Moje Programy\Nokia PC Suite\Nokia PC Suite 6\MusicManager.exe /playCD “%L”” [“Nokia”] NMMRipCDAudioOnArrival\ “Provider” = “Nokia Music Manager” “InvokeProgID” = “NokiaMusicManager” “InvokeVerb” = “NMMRipCD” HKLM\SOFTWARE\Classes\NokiaMusicManager\shell\NMMRipCD\command(Default) = “D:\Program Files\Moje Programy\Nokia PC Suite\Nokia PC Suite 6\MusicManager.exe /ripCD “%L”” [“Nokia”] VLCPlayCDAudioOnArrival\ “Provider” = “VideoLAN VLC media player” “InvokeProgID” = “VLC.CDAudio” “InvokeVerb” = “play” HKLM\SOFTWARE\Classes\VLC.CDAudio\shell\play\command(Default) = “D:\Program Files\Moje Programy\Programy Do Odtwarzania Filmów Video\VLC Media Player 0.8.6 C\vlc.exe --started-from-file cdda:%1” [“VideoLAN Team”] VLCPlayDVDMovieOnArrival\ “Provider” = “VideoLAN VLC media player” “InvokeProgID” = “VLC.DVDMovie” “InvokeVerb” = “play” HKLM\SOFTWARE\Classes\VLC.DVDMovie\shell\play\command(Default) = “D:\Program Files\Moje Programy\Programy Do Odtwarzania Filmów Video\VLC Media Player 0.8.6 C\vlc.exe --started-from-file dvd:%1” [“VideoLAN Team”] WinampMTPHandler\ “Provider” = “Winamp” “ProgID” = “Shell.HWEventHandlerShellExecute” “InitCmdLine” = “D:\Program Files\Moje Programy\Programy Do Odtwarzania Muzyki\Winamp\winamp.exe” HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID(Default) = “{FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}” -> {HKLM…CLSID} = “ShellExecute HW Event Handler” \LocalServer32(Default) = “rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}” [MS] Startup items in “Dąbrowski Łukasz” & “All Users” startup folders: ------------------------------------------------------------------ C:\Documents and Settings\All Users\Menu Start\Programy\Autostart “Kalendarz XP” -> shortcut to: “D:\Program Files\Moje Programy\Programy Użytkowe\Kalendarz XP\Kalendarz.exe” [null data] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] 000000000002\LibraryPath = “%SystemRoot%\System32\winrnr.dll” [MS] 000000000003\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] Transport Service Providers HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 15 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ “{F2CF5485-4E02-4F68-819C-B92DE9277049}” -> {HKLM…CLSID} = “&Links” \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] “{2318C2B1-4965-11D4-9B18-009027A5CD4F}” -> {HKLM…CLSID} = “&Google” \InProcServer32(Default) = “c:\program files\google\googletoolbar1.dll” [“Google Inc.”] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ “{2318C2B1-4965-11D4-9B18-009027A5CD4F}” = (no title provided) -> {HKLM…CLSID} = “&Google” \InProcServer32(Default) = “c:\program files\google\googletoolbar1.dll” [“Google Inc.”] “{EF99BD32-C1FB-11D2-892F-0090271D4F88}” = (no title provided) -> {HKLM…CLSID} = “Yahoo! Toolbar” \InProcServer32(Default) = “C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll” [“Yahoo! Inc.”] “{85F685C3-20D9-4943-95E4-EB4224056C3F}” = “Expressivo” -> {HKLM…CLSID} = “Expressivo” \InProcServer32(Default) = “D:\Program Files\Moje Programy\Programy Spikery\Expressivo\IH_iexplore.dll” [“IVO Software Sp. z o.o.”] Explorer Bars HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ HKLM\SOFTWARE\Classes\CLSID{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}(Default) = “Groove Folder Synchronization” Implemented Categories{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32(Default) = “D:\PROGRA~1\MOJEPR~1\PRBC3E~1\MICROS~1\Office12\GRA8E1~1.DLL” [MS] HKLM\SOFTWARE\Classes\CLSID{85E0B171-04FA-11D1-B7DA-00A0C90348D6}(Default) = “Statystyki dla ochrony WWW” Implemented Categories{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32(Default) = “D:\Program Files\Moje Programy\Programy Sprawdzające I Zabezpieczające Komputer\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll” [“Kaspersky Lab”] HKLM\SOFTWARE\Classes\CLSID{FF059E31-CC5A-4E2E-BF3B-96E929D65503}(Default) = “&Poszukaj” Implemented Categories{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32(Default) = “D:\PROGRA~1\MOJEPR~1\PRBC3E~1\MICROS~1\Office12\REFIEBAR.DLL” [MS] Extensions (Tools menu items, main toolbar menu buttons) HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\ {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ “MenuText” = “Sun Java Console” “CLSIDExtension” = “{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC}” -> {HKCU…CLSID} = “Java Plug-in 1.6.0_05” \InProcServer32(Default) = “C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll” [“Sun Microsystems, Inc.”] -> {HKLM…CLSID} = “Java Plug-in 1.6.0_05” \InProcServer32(Default) = “C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll” [“Sun Microsystems, Inc.”] {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E}\ “ButtonText” = “Statystyki dla ochrony WWW” {2670000A-7350-4F3C-8081-5663EE0C6C49}\ “ButtonText” = “Wyślij do programu OneNote” “MenuText” = “Wyślij &do programu OneNote” “CLSIDExtension” = “{48E73304-E1D6-4330-914C-F5F514E3486C}” -> {HKLM…CLSID} = “Send to OneNote from Internet Explorer button” \InProcServer32(Default) = “D:\PROGRA~1\MOJEPR~1\PRBC3E~1\MICROS~1\Office12\ONBttnIE.dll” [MS] {58ECB495-38F0-49CB-A538-10282ABF65E7}\ “ButtonText” = “Kolekcja wycinków HP” “CLSIDExtension” = “{E763472E-A716-4CD9-89BD-DBDA6122F741}” -> {HKLM…CLSID} = “ClipBookBtn Class” \InProcServer32(Default) = “C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll” [“Hewlett-Packard Co.”] {700259D7-1666-479A-93B1-3250410481E8}\ “ButtonText” = “Zaznaczanie HP Smart” “CLSIDExtension” = “{A93C41D8-01F8-4F8B-B14C-DE20B117E636}” -> {HKLM…CLSID} = “EnhSelectionBtn Class” \InProcServer32(Default) = “C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll” [“Hewlett-Packard Co.”] {77BF5300-1474-4EC7-9980-D32B190E9B07}\ “ButtonText” = “Skype” “CLSIDExtension” = “{77BF5300-1474-4EC7-9980-D32B190E9B07}” -> {HKLM…CLSID} = “Skype add-on (button)” \InProcServer32(Default) = “D:\Program Files\Moje Programy\Programy Do Komunikacji Internetowej\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll” [“Skype Technologies S.A.”] {92780B25-18CC-41C8-B9BE-3C9C571A8263}\ “ButtonText” = “Research” {E2E2DD38-D088-4134-82B7-F2BA38496583}\ “MenuText” = “@xpsp3res.dll ,-20001” “Exec” = “%windir%\Network Diagnostic\xpnetdiag.exe” [MS] Miscellaneous IE Hijack Points ------------------------------ HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\ <> “{EF99BD32-C1FB-11D2-892F-0090271D4F88}” = (no title provided) -> {HKLM…CLSID} = “Yahoo! Toolbar” \InProcServer32(Default) = “C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll” [“Yahoo! Inc.”] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ Creative Service for CDROM Access, Creative Service for CDROM Access, “C:\WINDOWS\system32\CTsvcCDA.exe” [“Creative Technology Ltd”] hpqcxs08, hpqcxs08, “C:\WINDOWS\system32\svchost.exe -k hpdevmgmt” {“C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll” [“Hewlett-Packard Co.”]} Kaspersky Anti-Virus 7.0, AVP, ““D:\Program Files\Moje Programy\Programy Sprawdzające I Zabezpieczające Komputer\Kaspersky Anti-Virus 7.0\avp.exe” -r” [“Kaspersky Lab”] Machine Debug Manager, MDM, ““C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE”” [MS] Net Driver HPZ12, Net Driver HPZ12, “C:\WINDOWS\System32\svchost.exe -k HPZ12” {“C:\WINDOWS\system32\HPZinw12.dll” [“Hewlett-Packard”]} NVIDIA Display Driver Service, NVSvc, “C:\WINDOWS\system32\nvsvc32.exe” [“NVIDIA Corporation”] Pml Driver HPZ12, Pml Driver HPZ12, “C:\WINDOWS\System32\svchost.exe -k HPZ12” {“C:\WINDOWS\system32\HPZipm12.dll” [“Hewlett-Packard”]} StarWind AE Service, StarWindServiceAE, “D:\Program Files\Moje Programy\Programy Do Nagrywania I Emulowania Płyt CD I DVD\Alcohol 120\StarWind\StarWindServiceAE.exe” [“Rocket Division Software”] StyleXPService, StyleXPService, ““C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe”” [empty string] Usługa HP CUE DeviceDiscovery, hpqddsvc, “C:\WINDOWS\system32\svchost.exe -k hpdevmgmt” {“C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll” [“Hewlett-Packard Co.”]} Windows Driver Foundation - User-mode Driver Framework, WudfSvc, “C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup” {“C:\WINDOWS\System32\WUDFSvc.dll” [MS]} WMDM PMSP Service, WMDM PMSP Service, “C:\WINDOWS\system32\MsPMSPSv.exe” [MS] Print Monitors: --------------- HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\ Canon BJ Language Monitor i550\Driver = “CNMLM49.DLL” [“CANON INC.”] LIDIL hpzll5ha\Driver = “hpzll5ha.dll” [“Hewlett-Packard Company”] Send To Microsoft OneNote Monitor\Driver = “msonpmon.dll” [MS] ---------- (launch time: 2008-07-30 12:58:31) <>: Suspicious data at a malware launch point. <>: Suspicious data at a browser hijack point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + The search for DESKTOP.INI DLL launch points on all local fixed drives took 102 seconds. ---------- (total run time: 135 seconds)
pysiul86
(Olga86)
30 Lipiec 2008 11:20
#3
pysiul86
(Olga86)
31 Lipiec 2008 17:15
#4
czy jest cos nie tak z wtych logach?
Leon1
(Leon$)
31 Lipiec 2008 17:24
#5
Pobierz i uruchom narzędzie The Avenger Zaznaczasz tekst podany do usunięcia na forum
kopiuj >> klikasz na Paste Script from Clipboard >> Execute >> Potwierdzasz i zgadzasz się na restart klikając OK .
Kasujesz ręcznie z dysku plik: C:\Avenger\backup.zip i wklejasz na forum raport: C:\avenger.txt
zrób optymalizacje uruchamiania
http://cybertrash.netarteria.pl/cyber/i … 378.0.html
usuń ręcznie folder C: \Qoobox usuń instalkę Combofix z dysku.
Wyłącz I włącz przywracanie systemu na wszystkich dyskach.http://support.microsoft.com/kb/310405/pl
przeskanuj obszar Mój komputer http://www.kaspersky.pl/virusscanner.html pokaż raport stronę uruchomić przez IE
pysiul86
(Olga86)
2 Sierpień 2008 07:44
#6
witam zrobiłem to o co prosiłeś ale nie robię skanowania tym online antywirusem, bo posiadam pełną wersje kasparskiego aktualnego na dysku z bazami i nic mi on nie wskazuje.
o to raport
Logfile of The Avenger Version 2.0, © by Swandog46 http://swandog46.geekstogo.com Platform: Windows XP ******************* Script file opened successfully. Script file read successfully. Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: Rootkit scan active. No rootkits found! Driver “lredbooo” deleted successfully. Registry key “HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger” deleted successfully. Completed script processing. ******************* Finished! Terminate.
huber2t
(huber2t)
2 Sierpień 2008 07:46
#7
Wszsytko się pousuwało
Pokaz jeszcze raport ze skanowania Kasperskim
pysiul86
(Olga86)
2 Sierpień 2008 10:12
#8
witam przeskanowałem swój komputer programem który mama na dysku tj kaspersky anty-virus i wykrył mi takie o to 4 elementy po czym jest usunął:
huber2t
(huber2t)
2 Sierpień 2008 10:13
#9
Przeskanuj jeszcze wersję onnline dla pewności, ale po tym powinno być ok
pysiul86
(Olga86)
3 Sierpień 2008 21:10
#10
OK przeskanowałem tym online skanerem, pokazał mi się komunikat:
wklejam loga:
http://wklej.org/id/391e897f5a
Dla pewności wklejam także jeszcze raz loga z HJ oraz SR:
LOGI ZOSTAŁY DZIŚ ZROBIONE
http://wklej.org/id/1bfbe0ee72
http://wklej.org/id/6d8251eb16
Leon1
(Leon$)
3 Sierpień 2008 21:21
#11
Pobierz i uruchom narzędzie The Avenger Zaznaczasz tekst podany do usunięcia na forum
kopiuj >> klikasz na Paste Script from Clipboard >> Execute >> Potwierdzasz i zgadzasz się na restart klikając OK .
Kasujesz ręcznie z dysku plik: C:\Avenger\backup.zip i wklejasz na forum raport: C:\avenger.txt
logi czyste
zrób optymalizacje uruchamiania
http://cybertrash.netarteria.pl/cyber/i … 378.0.html
pysiul86
(Olga86)
3 Sierpień 2008 21:26
#12
ok takiego dostałem loga z avangera:
http://wklej.org/id/cacb9771a0
Leon1
(Leon$)
3 Sierpień 2008 21:32
#13
wszystko usunięte i powinno być OK
pysiul86
(Olga86)
3 Sierpień 2008 21:34
#14
ok rozumiem fajnie kurcze zrobił bym tę optymalizacje ale chyba wole tego ie rosząc bo jeszcze coś zepsuje nie wiem co duklanie mam powywalać aby komputer działał dyzo szybciej
Leon1
(Leon$)
3 Sierpień 2008 21:58
#15
zostawmy to na jutro to podam co zrobić
pysiul86
(Olga86)
3 Sierpień 2008 22:01
#16
ok w takim razie czekam do jutra i jutro to zrobie
pysiul86
(Olga86)
4 Sierpień 2008 19:55
#17
kolego pomożesz mi bo czekam przed komputerem i robię optymalizacje
pysiul86
(Olga86)
5 Sierpień 2008 16:58
#19
Leon1
(Leon$)
5 Sierpień 2008 17:32
#20
Te możesz spokojnie wyłączyć
O4 - HKLM…\Run: [nwiz] nwiz.exe /install O4 - HKLM…\Run: [updReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM…\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM…\Run: [soundMan] SOUNDMAN.EXE
usuń HijackThisem >> Fix checked
jeśli nie używasz wielu języków to
Panel sterowania >> opcje regionalne i językowe >> języki >> zaawansowane >> zaznacz Wyłącz zaawansowane usługi tekstowe
usunięcie wpisu nie powoduje usunięcia pliku (dotyczy wpisów 04) w razie pomyłki można przywrócić w HijackThisie