Spowolniona praca komputera, zawieszanie się systemu


(Derelion) #1

Tak jak w temacie. Podczas pracy z systemem Windows XP Home Edition komputer jest spowolniony a czasami się nawet przywiesza. Dodatkowo po założeniu dodatkowej kości pamięci RAM w komputera zaczynają wyskakiwać bluescreen'y i system się resetuje.

Log z HijackThis:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 08:13:02, on 27-04-2008

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Boot mode: Normal


Running processes:

D:\windows\System32\smss.exe

D:\windows\system32\winlogon.exe

D:\windows\system32\services.exe

D:\windows\system32\lsass.exe

D:\windows\system32\svchost.exe

D:\Program Files\Windows Defender\MsMpEng.exe

D:\windows\System32\svchost.exe

D:\windows\system32\spoolsv.exe

D:\Program Files\Apache Group\Apache2\bin\Apache.exe

D:\Program Files\Bonjour\mDNSResponder.exe

D:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe

D:\Program Files\F-Secure Internet Security\Anti-Virus\FSGK32.EXE

D:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE

D:\windows\system32\nvsvc32.exe

D:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindService.exe

D:\Program Files\Apache Group\Apache2\bin\Apache.exe

D:\windows\system32\svchost.exe

D:\Program Files\F-Secure Internet Security\Common\FSMB32.EXE

D:\Program Files\F-Secure Internet Security\Common\FCH32.EXE

D:\Program Files\F-Secure Internet Security\Common\FAMEH32.EXE

D:\Program Files\F-Secure Internet Security\Anti-Virus\fsqh.exe

D:\Program Files\F-Secure Internet Security\FSAUA\program\fsaua.exe

D:\Program Files\F-Secure Internet Security\Anti-Virus\fssm32.exe

D:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe

D:\Program Files\F-Secure Internet Security\FSAUA\program\fsus.exe

D:\Program Files\F-Secure Internet Security\Anti-Virus\fsav32.exe

D:\windows\Explorer.EXE

D:\windows\RTHDCPL.EXE

D:\PROGRA~1\A4Tech\Mouse\Amoumain.exe

D:\windows\system32\RUNDLL32.EXE

D:\Program Files\Windows Defender\MSASCui.exe

D:\Program Files\F-Secure Internet Security\Common\FSM32.EXE

D:\Program Files\Topro\tppoll.exe

D:\Program Files\AutoConnect\AutoConnect.exe

D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

D:\Program Files\F-Secure Internet Security\FSGUI\fsguidll.exe

D:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe

D:\Program Files\Apache Group\Apache2\bin\ApacheMonitor.exe

D:\Program Files\Trend Micro\HijackThis\HijackThis.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.pl/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O1 - Hosts: 80.239.151.15 rs0l3.rapidshare.com

O1 - Hosts: 80.239.151.15 rs0l32.rapidshare.com

O1 - Hosts: 80.239.236.2 rs0l33.rapidshare.com

O1 - Hosts: 80.239.236.3 rs0l33.rapidshare.com

O1 - Hosts: 80.239.236.4 rs0l33.rapidshare.com

O1 - Hosts: 80.239.236.5 rs0l33.rapidshare.com

O1 - Hosts: 80.239.236.6 rs0l33.rapidshare.com

O1 - Hosts: 80.239.236.7 rs0l33.rapidshare.com

O1 - Hosts: 80.239.236.8 rs0l33.rapidshare.com

O1 - Hosts: 80.239.236.9 rs0l33.rapidshare.com

O1 - Hosts: 80.239.236.10 rs0l33.rapidshare.com

O1 - Hosts: 80.239.236.11 rs0l33.rapidshare.com

O1 - Hosts: 80.239.236.12 rs0l33.rapidshare.com

O1 - Hosts: 80.239.236.13 rs0l33.rapidshare.com

O1 - Hosts: 80.239.236.14 rs0l33.rapidshare.com

O1 - Hosts: 80.239.236.15 rs0l33.rapidshare.com

O1 - Hosts: 195.219.1.2 rs0tg.rapidshare.com

O1 - Hosts: 195.219.1.3 rs0tg.rapidshare.com

O1 - Hosts: 195.219.1.4 rs0tg.rapidshare.com

O1 - Hosts: 195.219.1.5 rs0tg.rapidshare.com

O1 - Hosts: 195.219.1.6 rs0tg.rapidshare.com

O1 - Hosts: 195.219.1.7 rs0tg.rapidshare.com

O1 - Hosts: 195.219.1.8 rs0tg.rapidshare.com

O1 - Hosts: 195.219.1.9 rs0tg.rapidshare.com

O1 - Hosts: 195.219.1.10 rs0tg.rapidshare.com

O1 - Hosts: 195.219.1.11 rs0tg.rapidshare.com

O1 - Hosts: 195.219.1.12 rs0tg.rapidshare.com

O1 - Hosts: 195.219.1.13 rs0tg.rapidshare.com

O1 - Hosts: 195.219.1.14 rs0tg.rapidshare.com

O1 - Hosts: 195.219.1.15 rs0tg.rapidshare.com

O1 - Hosts: 80.239.151.15 rs0tl.rapidshare.com

O1 - Hosts: 80.239.236.2 rs0tl2.rapidshare.com

O1 - Hosts: 80.239.236.3 rs0tl2.rapidshare.com

O1 - Hosts: 80.239.236.4 rs0tl2.rapidshare.com

O1 - Hosts: 80.239.236.5 rs0tl2.rapidshare.com

O1 - Hosts: 80.239.236.6 rs0tl2.rapidshare.com

O1 - Hosts: 80.239.236.7 rs0tl2.rapidshare.com

O1 - Hosts: 80.239.236.8 rs0tl2.rapidshare.com

O1 - Hosts: 80.239.236.9 rs0tl2.rapidshare.com

O1 - Hosts: 80.239.236.10 rs0tl2.rapidshare.com

O1 - Hosts: 80.239.236.11 rs0tl2.rapidshare.com

O1 - Hosts: 80.239.236.12 rs0tl2.rapidshare.com

O1 - Hosts: 80.239.236.13 rs0tl2.rapidshare.com

O1 - Hosts: 80.239.236.14 rs0tl2.rapidshare.com

O1 - Hosts: 80.239.236.15 rs0tl2.rapidshare.com

O1 - Hosts: 80.239.236.101 rs100l33.rapidshare.com

O1 - Hosts: 195.219.1.101 rs100tg.rapidshare.com

O1 - Hosts: 80.239.236.101 rs100tl2.rapidshare.com

O1 - Hosts: 80.239.236.102 rs101l33.rapidshare.com

O1 - Hosts: 195.219.1.102 rs101tg.rapidshare.com

O1 - Hosts: 80.239.236.102 rs101tl2.rapidshare.com

O1 - Hosts: 80.239.236.103 rs102l33.rapidshare.com

O1 - Hosts: 195.219.1.103 rs102tg.rapidshare.com

O1 - Hosts: 80.239.236.103 rs102tl2.rapidshare.com

O1 - Hosts: 80.239.236.104 rs103l33.rapidshare.com

O1 - Hosts: 195.219.1.104 rs103tg.rapidshare.com

O1 - Hosts: 80.239.236.104 rs103tl2.rapidshare.com

O1 - Hosts: 80.239.236.105 rs104l33.rapidshare.com

O1 - Hosts: 195.219.1.105 rs104tg.rapidshare.com

O1 - Hosts: 80.239.236.105 rs104tl2.rapidshare.com

O1 - Hosts: 80.239.236.106 rs105l33.rapidshare.com

O1 - Hosts: 195.219.1.106 rs105tg.rapidshare.com

O1 - Hosts: 80.239.236.106 rs105tl2.rapidshare.com

O1 - Hosts: 80.239.236.107 rs106l33.rapidshare.com

O1 - Hosts: 195.219.1.107 rs106tg.rapidshare.com

O1 - Hosts: 80.239.236.107 rs106tl2.rapidshare.com

O1 - Hosts: 80.239.236.108 rs107l33.rapidshare.com

O1 - Hosts: 195.219.1.108 rs107tg.rapidshare.com

O1 - Hosts: 80.239.236.108 rs107tl2.rapidshare.com

O1 - Hosts: 80.239.236.109 rs108l33.rapidshare.com

O1 - Hosts: 195.219.1.109 rs108tg.rapidshare.com

O1 - Hosts: 80.239.236.109 rs108tl2.rapidshare.com

O1 - Hosts: 80.239.236.110 rs109l33.rapidshare.com

O1 - Hosts: 195.219.1.110 rs109tg.rapidshare.com

O1 - Hosts: 80.239.236.110 rs109tl2.rapidshare.com

O1 - Hosts: 80.239.236.11 rs10l33.rapidshare.com

O1 - Hosts: 195.219.1.11 rs10tg.rapidshare.com

O1 - Hosts: 80.239.236.11 rs10tl2.rapidshare.com

O1 - Hosts: 80.239.236.111 rs110l33.rapidshare.com

O1 - Hosts: 195.219.1.111 rs110tg.rapidshare.com

O1 - Hosts: 80.239.236.111 rs110tl2.rapidshare.com

O1 - Hosts: 80.239.236.112 rs111l33.rapidshare.com

O1 - Hosts: 195.219.1.112 rs111tg.rapidshare.com

O1 - Hosts: 80.239.236.112 rs111tl2.rapidshare.com

O1 - Hosts: 80.239.236.113 rs112l33.rapidshare.com

O1 - Hosts: 195.219.1.113 rs112tg.rapidshare.com

O1 - Hosts: 80.239.236.113 rs112tl2.rapidshare.com

O1 - Hosts: 80.239.236.114 rs113l33.rapidshare.com

O1 - Hosts: 195.219.1.114 rs113tg.rapidshare.com

O1 - Hosts: 80.239.236.114 rs113tl2.rapidshare.com

O1 - Hosts: 80.239.236.115 rs114l33.rapidshare.com

O1 - Hosts: 195.219.1.115 rs114tg.rapidshare.com

O1 - Hosts: 80.239.236.115 rs114tl2.rapidshare.com

O1 - Hosts: 80.239.236.116 rs115l33.rapidshare.com

O1 - Hosts: 195.219.1.116 rs115tg.rapidshare.com

O1 - Hosts: 80.239.236.116 rs115tl2.rapidshare.com

O1 - Hosts: 80.239.236.117 rs116l33.rapidshare.com

O1 - Hosts: 195.219.1.117 rs116tg.rapidshare.com

O1 - Hosts: 80.239.236.117 rs116tl2.rapidshare.com

O1 - Hosts: 80.239.236.118 rs117l33.rapidshare.com

O1 - Hosts: 195.219.1.118 rs117tg.rapidshare.com

O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - D:\Program Files\IEPro\iepro.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - D:\Program Files\Winamp Toolbar\winamptb.dll

O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - D:\Program Files\FlashGet\jccatch.dll

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - D:\Program Files\FlashGet\getflash.dll

O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - D:\Program Files\Winamp Toolbar\winamptb.dll

O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [WheelMouse] D:\PROGRA~1\A4Tech\Mouse\Amoumain.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [Windows Defender] "D:\Program Files\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [F-Secure Manager] "D:\Program Files\F-Secure Internet Security\Common\FSM32.EXE" /splash

O4 - HKLM\..\Run: [F-Secure TNB] "D:\Program Files\F-Secure Internet Security\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW

O4 - HKLM\..\Run: [Onet.pl AutoUpdate] "D:\Program Files\Common Files\Onet.pl\NewAutoUpdate.exe" /updateexe

O4 - HKLM\..\Run: [tppoll] D:\Program Files\Topro\tppoll.exe

O4 - HKCU\..\Run: [AutoConnect] D:\Program Files\AutoConnect\AutoConnect.exe

O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')

O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "D:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "D:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')

O4 - Global Startup: DSLMON.lnk = D:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe

O4 - Global Startup: Monitor Apache Servers.lnk = D:\Program Files\Apache Group\Apache2\bin\ApacheMonitor.exe

O8 - Extra context menu item: &Winamp Toolbar Search - D:\Documents and Settings\All Users\Dane aplikacji\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html

O8 - Extra context menu item: &Ściągnij przy pomocy FlashGet'a - D:\Program Files\FlashGet\jc_link.htm

O8 - Extra context menu item: &Ściągnij wszystko przy pomocy FlashGet'a - D:\Program Files\FlashGet\jc_all.htm

O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - D:\Program Files\IEPro\iepro.dll

O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - D:\Program Files\IEPro\iepro.dll

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - D:\Program Files\WinHTTrack\WinHTTrackIEBar.dll

O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - D:\Program Files\WinHTTrack\WinHTTrackIEBar.dll

O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - D:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - D:\windows\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - D:\windows\bdoscandel.exe

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Program Files\FlashGet\FlashGet.exe

O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Program Files\FlashGet\FlashGet.exe

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\windows\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\windows\Network Diagnostic\xpnetdiag.exe

O15 - Trusted Zone: http://*.google.pl

O15 - Trusted Zone: http://www.mks.com.pl

O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab

O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/programs/OnlineScanner.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1194858493609

O17 - HKLM\System\CCS\Services\Tcpip\..\{465DE6A8-B228-4945-8E87-5D92ACC6C392}: NameServer = 194.204.159.1 217.98.63.164

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\Skype4COM.dll

O23 - Service: Apache2 - Apache Software Foundation - D:\Program Files\Apache Group\Apache2\bin\Apache.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - D:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - D:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - D:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - D:\Program Files\F-Secure Internet Security\FSAUA\program\fsaua.exe

O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - D:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe

O23 - Service: Agent zarządzania F-Secure (FSMA) - F-Secure Corporation - D:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\windows\system32\nvsvc32.exe

O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - D:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindService.exe


--

End of file - 15650 bytes

Log z Silent Runners:

"Silent Runners.vbs", revision 56, http://www.silentrunners.org/

Operating System: Windows XP SP2

Output limited to non-default values, except where indicated by "{++}"



Startup items buried in registry:

---------------------------------


HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}

"AutoConnect" = "D:\Program Files\AutoConnect\AutoConnect.exe" ["http://autoconnect.prv.pl"]

"SpybotSD TeaTimer" = "D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" ["Safer Networking Limited"]


HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}

"SkyTel" = "SkyTel.EXE" ["Realtek Semiconductor Corp."]

"RTHDCPL" = "RTHDCPL.EXE" ["Realtek Semiconductor Corp."]

"WheelMouse" = "D:\PROGRA~1\A4Tech\Mouse\Amoumain.exe" ["A4Tech Co., Ltd."]

"NvCplDaemon" = "RUNDLL32.EXE D:\windows\system32\NvCpl.dll,NvStartup" [MS]

"NvMediaCenter" = "RUNDLL32.EXE D:\windows\system32\NvMcTray.dll,NvTaskbarInit" [MS]

"Windows Defender" = ""D:\Program Files\Windows Defender\MSASCui.exe" -hide" [MS]

"F-Secure Manager" = ""D:\Program Files\F-Secure Internet Security\Common\FSM32.EXE" /splash" ["F-Secure Corporation"]

"F-Secure TNB" = ""D:\Program Files\F-Secure Internet Security\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW" ["F-Secure Corporation"]

"Onet.pl AutoUpdate" = ""D:\Program Files\Common Files\Onet.pl\NewAutoUpdate.exe" /updateexe" [file not found]

"tppoll" = "D:\Program Files\Topro\tppoll.exe" [null data]


HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{00011268-E188-40DF-A514-835FCD78B1BF}\(Default) = "IE7Pro"

  -> {HKLM...CLSID} = "IE7Pro BHO"

                   \InProcServer32\(Default) = "D:\Program Files\IEPro\iepro.dll" ["IE7Pro.com"]

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)

  -> {HKLM...CLSID} = "Adobe PDF Reader Link Helper"

                   \InProcServer32\(Default) = "D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]

{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}\(Default) = "Winamp Toolbar BHO"

  -> {HKLM...CLSID} = "Winamp Toolbar BHO"

                   \InProcServer32\(Default) = "D:\Program Files\Winamp Toolbar\winamptb.dll" ["AOL LLC"]

{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}\(Default) = "flashget urlcatch"

  -> {HKLM...CLSID} = "FGCatchUrl"

                   \InProcServer32\(Default) = "D:\Program Files\FlashGet\jccatch.dll" ["www.flashget.com"]

{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}\(Default) = "BitComet ClickCapture"

  -> {HKLM...CLSID} = "BitComet Helper"

                   \InProcServer32\(Default) = "D:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll" ["BitComet"]

{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)

  -> {HKLM...CLSID} = "Spybot-S&D IE Protection"

                   \InProcServer32\(Default) = "D:\Program Files\Spybot - Search & Destroy\SDHelper.dll" ["Safer Networking Limited"]

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)

  -> {HKLM...CLSID} = "SSVHelper Class"

                   \InProcServer32\(Default) = "D:\Program Files\Java\jre1.5.0_09\bin\ssv.dll" ["Sun Microsystems, Inc."]

{F156768E-81EF-470C-9057-481BA8380DBA}\(Default) = (no title provided)

  -> {HKLM...CLSID} = "FlashGet GetFlash Class"

                   \InProcServer32\(Default) = "D:\Program Files\FlashGet\getflash.dll" ["www.flashget.com"]


HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

"{1F2E5C40-9550-11CE-99D2-00AA006E086C}" = "Strona zabezpieczeń NTFS"

  -> {HKLM...CLSID} = "Security Shell Extension"

                   \InProcServer32\(Default) = "rshx32_5.dll" [MS]

"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"

  -> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"

                   \InProcServer32\(Default) = "deskpan.dll" [file not found]

"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"

  -> {HKLM...CLSID} = "HyperTerminal Icon Ext"

                   \InProcServer32\(Default) = "D:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]

"{EFA24E62-B078-11d0-89E4-00C04FC9E26E}" = "History Band"

  -> {HKLM...CLSID} = "History Band"

                   \InProcServer32\(Default) = "D:\windows\system32\SHDOCVW.DLL" [MS]

"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"

  -> {HKLM...CLSID} = "DesktopContext Class"

                   \InProcServer32\(Default) = "D:\windows\system32\nvcpl.dll" ["NVIDIA Corporation"]

"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"

  -> {HKLM...CLSID} = "Desktop Explorer"

                   \InProcServer32\(Default) = "D:\windows\system32\nvshell.dll" ["NVIDIA Corporation"]

"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"

  -> {HKLM...CLSID} = (no title provided)

                   \InProcServer32\(Default) = "D:\windows\system32\nvshell.dll" ["NVIDIA Corporation"]

"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"

  -> {HKLM...CLSID} = "nView Desktop Context Menu"

                   \InProcServer32\(Default) = "D:\windows\system32\nvshell.dll" ["NVIDIA Corporation"]

"{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" = "OpenOffice.org Column Handler"

  -> {HKLM...CLSID} = (no title provided)

                   \InProcServer32\(Default) = ""D:\Program Files\OpenOffice.org 2.0.3\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]

"{087B3AE3-E237-4467-B8DB-5A38AB959AC9}" = "OpenOffice.org Infotip Handler"

  -> {HKLM...CLSID} = (no title provided)

                   \InProcServer32\(Default) = ""D:\Program Files\OpenOffice.org 2.0.3\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]

"{63542C48-9552-494A-84F7-73AA6A7C99C1}" = "OpenOffice.org Property Sheet Handler"

  -> {HKLM...CLSID} = (no title provided)

                   \InProcServer32\(Default) = ""D:\Program Files\OpenOffice.org 2.0.3\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]

"{3B092F0C-7696-40E3-A80F-68D74DA84210}" = "OpenOffice.org Thumbnail Viewer"

  -> {HKLM...CLSID} = (no title provided)

                   \InProcServer32\(Default) = ""D:\Program Files\OpenOffice.org 2.0.3\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]

"{C169E5F0-E2B3-41F3-B81A-7BA529CBE193}" = "ZipGenius Shell Extension"

  -> {HKLM...CLSID} = "ZipGenius Shell Extension"

                   \InProcServer32\(Default) = "D:\PROGRA~1\ZIPGEN~1\contmenu.dll" ["M.Dev Software"]

"{2E5AC2E0-406D-11D4-86B3-FA5861508E25}" = "ZipGenius Zip InfoTip"

  -> {HKLM...CLSID} = "ZipGenius InfoTip"

                   \InProcServer32\(Default) = "D:\PROGRA~1\ZIPGEN~1\zgtips.dll" ["M.Dev Software"]

"{310A0C95-EA11-42AE-A8E4-53E69E650310}" = "ZipGenius Drop handler"

  -> {HKLM...CLSID} = "ZipGenius Drag and Drop handler"

                   \InProcServer32\(Default) = "D:\PROGRA~1\ZIPGEN~1\DROPHA~1.DLL" ["M.Dev Software"]

"{FE8D01BF-610A-4261-9C6E-32D65A42C907}" = "ZipGenius DnD Extract handler"

  -> {HKLM...CLSID} = "ZipGenius DnD Extract handler"

                   \InProcServer32\(Default) = "D:\PROGRA~1\ZIPGEN~1\ZGDRAG~1.DLL" ["M.Dev Software"]

"{1530F7EE-5128-43BD-9977-84A4B0FAD7DF}" = "PhotoToys"

  -> {HKCU...CLSID} = (no title provided)

                   \InProcServer32\(Default) = "D:\WINDOWS\system32\phototoys.dll" [MS]

"{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D}" = "Messenger Sharing Folders"

  -> {HKLM...CLSID} = "Moje foldery udostępniania"

                   \InProcServer32\(Default) = "D:\Program Files\MSN Messenger\fsshext.8.1.0178.00.dll" [MS]

"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"

  -> {HKLM...CLSID} = "NVIDIA CPL Extension"

                   \InProcServer32\(Default) = "D:\windows\system32\nvcpl.dll" ["NVIDIA Corporation"]

"{1F77B17B-F531-44DB-ACA4-76ABB5010A28}" = "AIMP2: Shell Extention"

  -> {HKLM...CLSID} = "AIMP2: Shell Extention"

                   \InProcServer32\(Default) = "D:\PROGRA~1\AIMP2\System\AIMP_S~1.DLL" ["AIMP DevTeam"]

"{AD392E40-428C-459F-961E-9B147782D099}" = "UltraISO"

  -> {HKLM...CLSID} = "UIContextMenu Class"

                   \InProcServer32\(Default) = "D:\Program Files\UltraISO\isoshell.dll" ["EZB Systems, Inc."]

"{0111E5AF-C96A-4AF6-8FEC-F4C56BB5C36C}" = "SxContextMenuMCS"

  -> {HKLM...CLSID} = "ShellPlus test context menu"

                   \InProcServer32\(Default) = "D:\PROGRA~1\MEDIAC~1\MENU_O~1.DLL" [null data]


HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\

<> "{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}" = "Microsoft AntiMalware ShellExecuteHook"

  -> {HKLM...CLSID} = "Microsoft AntiMalware ShellExecuteHook"

                   \InProcServer32\(Default) = "D:\PROGRA~1\WIFD1F~1\MpShHook.dll" [MS]


HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\

"WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

  -> {HKLM...CLSID} = "WPDShServiceObj Class"

                   \InProcServer32\(Default) = "D:\WINDOWS\system32\WPDShServiceObj.dll" [MS]


HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\

<> "BootExecute" = "autocheck autochk *"| [file not found]| [file not found]


HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\

{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\(Default) = "OpenOffice.org Column Handler"

  -> {HKLM...CLSID} = (no title provided)

                   \InProcServer32\(Default) = ""D:\Program Files\OpenOffice.org 2.0.3\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]

{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"

  -> {HKLM...CLSID} = "PDF Shell Extension"

                   \InProcServer32\(Default) = "D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]


HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\

AIMPClassic\(Default) = "{1F77B17B-F531-44DB-ACA4-76ABB5010A28}"

  -> {HKLM...CLSID} = "AIMP2: Shell Extention"

                   \InProcServer32\(Default) = "D:\PROGRA~1\AIMP2\System\AIMP_S~1.DLL" ["AIMP DevTeam"]

DaemonShellExtImage\(Default) = "{40966797-8FFE-46C8-9EF8-7003F33CCF0F}"

  -> {HKLM...CLSID} = "DaemonShellExtImage Class"

                   \InProcServer32\(Default) = "D:\Program Files\DAEMON Tools Pro\imgshl32.dll" ["DT Soft Ltd."]

ZipGenius 6\(Default) = "{C169E5F0-E2B3-41F3-B81A-7BA529CBE193}"

  -> {HKLM...CLSID} = "ZipGenius Shell Extension"

                   \InProcServer32\(Default) = "D:\PROGRA~1\ZIPGEN~1\contmenu.dll" ["M.Dev Software"]


HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\

AIMPClassic\(Default) = "{1F77B17B-F531-44DB-ACA4-76ABB5010A28}"

  -> {HKLM...CLSID} = "AIMP2: Shell Extention"

                   \InProcServer32\(Default) = "D:\PROGRA~1\AIMP2\System\AIMP_S~1.DLL" ["AIMP DevTeam"]

UltraISO\(Default) = "{AD392E40-428C-459F-961E-9B147782D099}"

  -> {HKLM...CLSID} = "UIContextMenu Class"

                   \InProcServer32\(Default) = "D:\Program Files\UltraISO\isoshell.dll" ["EZB Systems, Inc."]

ZipGenius 6\(Default) = "{C169E5F0-E2B3-41F3-B81A-7BA529CBE193}"

  -> {HKLM...CLSID} = "ZipGenius Shell Extension"

                   \InProcServer32\(Default) = "D:\PROGRA~1\ZIPGEN~1\contmenu.dll" ["M.Dev Software"]


HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\

SxContextMenuMCS\(Default) = "{0111E5AF-C96A-4AF6-8FEC-F4C56BB5C36C}"

  -> {HKLM...CLSID} = "ShellPlus test context menu"

                   \InProcServer32\(Default) = "D:\PROGRA~1\MEDIAC~1\MENU_O~1.DLL" [null data]

UltraISO\(Default) = "{AD392E40-428C-459F-961E-9B147782D099}"

  -> {HKLM...CLSID} = "UIContextMenu Class"

                   \InProcServer32\(Default) = "D:\Program Files\UltraISO\isoshell.dll" ["EZB Systems, Inc."]



Group Policies {policy setting}:

--------------------------------


Note: detected settings may not have any effect.


HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\


"NoSMBalloonTip" = (REG_DWORD) dword:0x00000001

{unrecognized setting}


"NoRecentDocsHistory" = (REG_DWORD) dword:0x00000001

{unrecognized setting}


"CDRAutoRun" = (REG_DWORD) dword:0x00000000

{unrecognized setting}


"NoLowDiskSpaceChecks" = (REG_DWORD) dword:0x00000001

{unrecognized setting}


"MemCheckBoxInRunDlg" = (REG_DWORD) dword:0x00000000

{unrecognized setting}


"NoAutoTrayNotify" = (REG_DWORD) dword:0x00000000

{unrecognized setting}


"NoResolveTrack" = (REG_DWORD) dword:0x00000000

{unrecognized setting}


"NoResolveSearch" = (REG_DWORD) dword:0x00000001

{unrecognized setting}


"LinkResolveIgnoreLinkInfo" = (REG_DWORD) dword:0x00000001

{unrecognized setting}


"NoStartBanner" = (REG_BINARY) hex:01 00 00 00

{Remove "Click here to begin" from Start button}


"NoWelcomeScreen" = (REG_DWORD) dword:0x00000001

{unrecognized setting}


"NoRecentDocsNetHood" = (REG_DWORD) dword:0x00000001

{unrecognized setting}


"NoDesktopCleanupWizard" = (REG_DWORD) dword:0x00000001

{unrecognized setting}


"NoSharedDocuments" = (REG_DWORD) dword:0x00000001

{Remove Shared Documents from My Computer}


HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\


"NoRemoteRecursiveEvents" = (REG_DWORD) dword:0x00000001

{unrecognized setting}


"NoStrCmpLogical" = (REG_DWORD) dword:0x00000001

{unrecognized setting}


HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\


"NoDispBackgroundPage" = (REG_DWORD) dword:0x00000000

{Hide Desktop tab}


HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions\


"NoUpdateCheck" = (REG_DWORD) dword:0x00000001

{unrecognized setting}


HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\


"shutdownwithoutlogon" = (REG_DWORD) dword:0x00000001

{Shutdown: Allow system to be shut down without having to log on}


"undockwithoutlogon" = (REG_DWORD) dword:0x00000001

{Devices: Allow undock without having to log on}


"RunStartupScriptSync" = (REG_DWORD) dword:0x00000000

{unrecognized setting}


"SynchronousMachineGroupPolicy" = (REG_DWORD) dword:0x00000000

{unrecognized setting}


"SynchronousUserGroupPolicy" = (REG_DWORD) dword:0x00000000

{unrecognized setting}



Active Desktop and Wallpaper:

-----------------------------


Active Desktop may be disabled at this entry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState


Displayed if Active Desktop enabled and wallpaper not set by Group Policy:

HKCU\Software\Microsoft\Internet Explorer\Desktop\General\

"Wallpaper" = "D:\windows\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"


Displayed if Active Desktop disabled and wallpaper not set by Group Policy:

HKCU\Control Panel\Desktop\

"Wallpaper" = "D:\Documents and Settings\FuriousCK\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"



Startup items in "FuriousCK" & "All Users" startup folders:

-----------------------------------------------------------


D:\Documents and Settings\All Users\Menu Start\Programy\Autostart

"DSLMON" -> shortcut to: "D:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe" [empty string]

"Monitor Apache Servers" -> shortcut to: "D:\Program Files\Apache Group\Apache2\bin\ApacheMonitor.exe" ["Apache Software Foundation"]



Enabled Scheduled Tasks:

------------------------


"firefox" -> launches: "D:\Program Files\Mozilla Firefox\firefox.exe" ["Mozilla Corporation"]

"MP Scheduled Scan" -> launches: "D:\Program Files\Windows Defender\MpCmdRun.exe Scan -RestrictPrivileges" [MS]



Winsock2 Service Provider DLLs:

-------------------------------


Namespace Service Providers


HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}

000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]

000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

000000000004\LibraryPath = "D:\Program Files\Bonjour\mdnsNSP.dll" ["Apple Computer, Inc."]


Transport Service Providers


HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}

0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:

D:\Program Files\F-Secure Internet Security\FSPS\program\FSLSP.DLL ["F-Secure Corporation"], 01 - 03, 09

%SystemRoot%\system32\mswsock.dll [MS], 04 - 06, 10 - 25

%SystemRoot%\system32\rsvpsp.dll [MS], 07 - 08



Toolbars, Explorer Bars, Extensions:

------------------------------------


Toolbars


HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\

"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"

  -> {HKLM...CLSID} = "Winamp Toolbar"

                   \InProcServer32\(Default) = "D:\Program Files\Winamp Toolbar\winamptb.dll" ["AOL LLC"]


HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\

"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}" = "Winamp Toolbar"

  -> {HKLM...CLSID} = "Winamp Toolbar"

                   \InProcServer32\(Default) = "D:\Program Files\Winamp Toolbar\winamptb.dll" ["AOL LLC"]


Explorer Bars


HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\


HKLM\SOFTWARE\Classes\CLSID\{E7A829CC-671F-4C3D-B590-8C0AEA72E6B2}\(Default) = "BitComet Search"

Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]

InProcServer32\(Default) = "D:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll" ["BitComet"]


Extensions (Tools menu items, main toolbar menu buttons)


HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\

{0026439F-A980-4F18-8C95-4F1CBBF9C1D8}\

"ButtonText" = "IE7Pro Preferences"

"MenuText" = "IE7Pro Preferences"

"CLSIDExtension" = "{B119EB0C-C021-46CF-85B0-34A760E0D5FE}"

  -> {HKLM...CLSID} = "IE7Pro ToolsExt"

                   \InProcServer32\(Default) = "D:\Program Files\IEPro\iepro.dll" ["IE7Pro.com"]


{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\

"MenuText" = "Sun Java Console"

"CLSIDExtension" = "{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBC}"

  -> {HKCU...CLSID} = "Java Plug-in 1.5.0_09"

                   \InProcServer32\(Default) = "D:\Program Files\Java\jre1.5.0_09\bin\ssv.dll" ["Sun Microsystems, Inc."]

  -> {HKLM...CLSID} = "Java Plug-in 1.5.0_09"

                   \InProcServer32\(Default) = "D:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll" ["Sun Microsystems, Inc."]


{36ECAF82-3300-8F84-092E-AFF36D6C7040}\

"ButtonText" = "Run WinHTTrack"

"MenuText" = "Launch WinHTTrack"

"CLSIDExtension" = "{86529161-034E-4F8A-88D2-3C625E612E04}"

  -> {HKLM...CLSID} = "WinHTTrackLauncher Class"

                   \InProcServer32\(Default) = "D:\Program Files\WinHTTrack\WinHTTrackIEBar.dll" [null data]


{461CC20B-FB6E-4F16-8FE8-C29359DB100E}\

"ButtonText" = "BitComet Search"


{85D1F590-48F4-11D9-9669-0800200C9A66}\

"MenuText" = "Uninstall BitDefender Online Scanner v8"

"Exec" = "%windir%\bdoscandel.exe" [null data]


{D6E814A0-E0C5-11D4-8D29-0050BA6940E3}\

"ButtonText" = "FlashGet"

"MenuText" = "FlashGet"

"Exec" = "D:\Program Files\FlashGet\FlashGet.exe" ["FlashGet.com"]


{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}\

"MenuText" = "Spybot - Search && Destroy Configuration"

"CLSIDExtension" = "{53707962-6F74-2D53-2644-206D7942484F}"

  -> {HKLM...CLSID} = "Spybot-S&D IE Protection"

                   \InProcServer32\(Default) = "D:\Program Files\Spybot - Search & Destroy\SDHelper.dll" ["Safer Networking Limited"]


{E2E2DD38-D088-4134-82B7-F2BA38496583}\

"MenuText" = "@xpsp3res.dll,-20001"

"Exec" = "%windir%\Network Diagnostic\xpnetdiag.exe" [MS]



Miscellaneous IE Hijack Points

------------------------------


HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\

<> "DesktopItemNavigationFailure" = "res://shdoclc.dll/navcancl.htm" [MS]



HOSTS file

----------


D:\windows\System32\drivers\etc\HOSTS


maps: 2940 domain names to IP addresses,

      2939 of the IP addresses are *not* localhost!



Running Services (Display Name, Service Name, Path {Service DLL}):

------------------------------------------------------------------


##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##, Bonjour Service, ""D:\Program Files\Bonjour\mDNSResponder.exe"" ["Apple Computer, Inc."]

Agent zarządzania F-Secure, FSMA, ""D:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE"" ["F-Secure Corporation"]

Apache2, Apache2, ""D:\Program Files\Apache Group\Apache2\bin\Apache.exe" -k runservice" ["Apache Software Foundation"]

F-Secure Anti-Virus Firewall Daemon, FSDFWD, ""D:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe"" ["F-Secure Corporation"]

F-Secure Automatic Update Agent, FSAUA, ""D:\Program Files\F-Secure Internet Security\FSAUA\program\fsaua.exe"" ["F-Secure Corporation"]

FSGKHS, F-Secure Gatekeeper Handler Starter, ""D:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe"" ["F-Secure Corporation"]

NVIDIA Display Driver Service, NVSvc, "D:\windows\system32\nvsvc32.exe" ["NVIDIA Corporation"]

StarWind iSCSI Service, StarWindService, "D:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindService.exe" ["Rocket Division Software"]

Windows Defender, WinDefend, ""D:\Program Files\Windows Defender\MsMpEng.exe"" [MS]



Print Monitors:

---------------


HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\

SUGS2 Langmon\Driver = "SUGS2LMK.DLL" ["Samsung Electronics."]



---------- (launch time: 2008-04-27 08:16:34)

<>: Suspicious data at a malware launch point.

<>: Suspicious data at a browser hijack point.


+ This report excludes default entries except where indicated.

+ To see *everywhere* the script checks and *everything* it finds,

  launch it from a command prompt or a shortcut with the -all parameter.

+ To search all directories of local fixed drives for DESKTOP.INI

  DLL launch points, use the -supp parameter or answer "No" at the

  first message box and "Yes" at the second message box.

---------- (total run time: 54 seconds, including 12 seconds for message boxes)

Log z ComboFix:

http://wklej.org/id/1eb7ab361c

Dziękuję za pomoc.


(huber2t) #2

fix w hijackthis

O1 - Hosts: 80.239.151.15 rs0l3.rapidshare.com

O1 - Hosts: 80.239.151.15 rs0l32.rapidshare.com

O1 - Hosts: 80.239.236.2 rs0l33.rapidshare.com

O1 - Hosts: 80.239.236.3 rs0l33.rapidshare.com

O1 - Hosts: 80.239.236.4 rs0l33.rapidshare.com

O1 - Hosts: 80.239.236.5 rs0l33.rapidshare.com

O1 - Hosts: 80.239.236.6 rs0l33.rapidshare.com

O1 - Hosts: 80.239.236.7 rs0l33.rapidshare.com

O1 - Hosts: 80.239.236.8 rs0l33.rapidshare.com

O1 - Hosts: 80.239.236.9 rs0l33.rapidshare.com

O1 - Hosts: 80.239.236.10 rs0l33.rapidshare.com

O1 - Hosts: 80.239.236.11 rs0l33.rapidshare.com

O1 - Hosts: 80.239.236.12 rs0l33.rapidshare.com

O1 - Hosts: 80.239.236.13 rs0l33.rapidshare.com

O1 - Hosts: 80.239.236.14 rs0l33.rapidshare.com

O1 - Hosts: 80.239.236.15 rs0l33.rapidshare.com

O1 - Hosts: 195.219.1.2 rs0tg.rapidshare.com

O1 - Hosts: 195.219.1.3 rs0tg.rapidshare.com

O1 - Hosts: 195.219.1.4 rs0tg.rapidshare.com

O1 - Hosts: 195.219.1.5 rs0tg.rapidshare.com

O1 - Hosts: 195.219.1.6 rs0tg.rapidshare.com

O1 - Hosts: 195.219.1.7 rs0tg.rapidshare.com

O1 - Hosts: 195.219.1.8 rs0tg.rapidshare.com

O1 - Hosts: 195.219.1.9 rs0tg.rapidshare.com

O1 - Hosts: 195.219.1.10 rs0tg.rapidshare.com

O1 - Hosts: 195.219.1.11 rs0tg.rapidshare.com

O1 - Hosts: 195.219.1.12 rs0tg.rapidshare.com

O1 - Hosts: 195.219.1.13 rs0tg.rapidshare.com

O1 - Hosts: 195.219.1.14 rs0tg.rapidshare.com

O1 - Hosts: 195.219.1.15 rs0tg.rapidshare.com

O1 - Hosts: 80.239.151.15 rs0tl.rapidshare.com

O1 - Hosts: 80.239.236.2 rs0tl2.rapidshare.com

O1 - Hosts: 80.239.236.3 rs0tl2.rapidshare.com

O1 - Hosts: 80.239.236.4 rs0tl2.rapidshare.com

O1 - Hosts: 80.239.236.5 rs0tl2.rapidshare.com

O1 - Hosts: 80.239.236.6 rs0tl2.rapidshare.com

O1 - Hosts: 80.239.236.7 rs0tl2.rapidshare.com

O1 - Hosts: 80.239.236.8 rs0tl2.rapidshare.com

O1 - Hosts: 80.239.236.9 rs0tl2.rapidshare.com

O1 - Hosts: 80.239.236.10 rs0tl2.rapidshare.com

O1 - Hosts: 80.239.236.11 rs0tl2.rapidshare.com

O1 - Hosts: 80.239.236.12 rs0tl2.rapidshare.com

O1 - Hosts: 80.239.236.13 rs0tl2.rapidshare.com

O1 - Hosts: 80.239.236.14 rs0tl2.rapidshare.com

O1 - Hosts: 80.239.236.15 rs0tl2.rapidshare.com

O1 - Hosts: 80.239.236.101 rs100l33.rapidshare.com

O1 - Hosts: 195.219.1.101 rs100tg.rapidshare.com

O1 - Hosts: 80.239.236.101 rs100tl2.rapidshare.com

O1 - Hosts: 80.239.236.102 rs101l33.rapidshare.com

O1 - Hosts: 195.219.1.102 rs101tg.rapidshare.com

O1 - Hosts: 80.239.236.102 rs101tl2.rapidshare.com

O1 - Hosts: 80.239.236.103 rs102l33.rapidshare.com

O1 - Hosts: 195.219.1.103 rs102tg.rapidshare.com

O1 - Hosts: 80.239.236.103 rs102tl2.rapidshare.com

O1 - Hosts: 80.239.236.104 rs103l33.rapidshare.com

O1 - Hosts: 195.219.1.104 rs103tg.rapidshare.com

O1 - Hosts: 80.239.236.104 rs103tl2.rapidshare.com

O1 - Hosts: 80.239.236.105 rs104l33.rapidshare.com

O1 - Hosts: 195.219.1.105 rs104tg.rapidshare.com

O1 - Hosts: 80.239.236.105 rs104tl2.rapidshare.com

O1 - Hosts: 80.239.236.106 rs105l33.rapidshare.com

O1 - Hosts: 195.219.1.106 rs105tg.rapidshare.com

O1 - Hosts: 80.239.236.106 rs105tl2.rapidshare.com

O1 - Hosts: 80.239.236.107 rs106l33.rapidshare.com

O1 - Hosts: 195.219.1.107 rs106tg.rapidshare.com

O1 - Hosts: 80.239.236.107 rs106tl2.rapidshare.com

O1 - Hosts: 80.239.236.108 rs107l33.rapidshare.com

O1 - Hosts: 195.219.1.108 rs107tg.rapidshare.com

O1 - Hosts: 80.239.236.108 rs107tl2.rapidshare.com

O1 - Hosts: 80.239.236.109 rs108l33.rapidshare.com

O1 - Hosts: 195.219.1.109 rs108tg.rapidshare.com

O1 - Hosts: 80.239.236.109 rs108tl2.rapidshare.com

O1 - Hosts: 80.239.236.110 rs109l33.rapidshare.com

O1 - Hosts: 195.219.1.110 rs109tg.rapidshare.com

O1 - Hosts: 80.239.236.110 rs109tl2.rapidshare.com

O1 - Hosts: 80.239.236.11 rs10l33.rapidshare.com

O1 - Hosts: 195.219.1.11 rs10tg.rapidshare.com

O1 - Hosts: 80.239.236.11 rs10tl2.rapidshare.com

O1 - Hosts: 80.239.236.111 rs110l33.rapidshare.com

O1 - Hosts: 195.219.1.111 rs110tg.rapidshare.com

O1 - Hosts: 80.239.236.111 rs110tl2.rapidshare.com

O1 - Hosts: 80.239.236.112 rs111l33.rapidshare.com

O1 - Hosts: 195.219.1.112 rs111tg.rapidshare.com

O1 - Hosts: 80.239.236.112 rs111tl2.rapidshare.com

O1 - Hosts: 80.239.236.113 rs112l33.rapidshare.com

O1 - Hosts: 195.219.1.113 rs112tg.rapidshare.com

O1 - Hosts: 80.239.236.113 rs112tl2.rapidshare.com

O1 - Hosts: 80.239.236.114 rs113l33.rapidshare.com

O1 - Hosts: 195.219.1.114 rs113tg.rapidshare.com

O1 - Hosts: 80.239.236.114 rs113tl2.rapidshare.com

O1 - Hosts: 80.239.236.115 rs114l33.rapidshare.com

O1 - Hosts: 195.219.1.115 rs114tg.rapidshare.com

O1 - Hosts: 80.239.236.115 rs114tl2.rapidshare.com

O1 - Hosts: 80.239.236.116 rs115l33.rapidshare.com

O1 - Hosts: 195.219.1.116 rs115tg.rapidshare.com

O1 - Hosts: 80.239.236.116 rs115tl2.rapidshare.com

O1 - Hosts: 80.239.236.117 rs116l33.rapidshare.com

O1 - Hosts: 195.219.1.117 rs116tg.rapidshare.com

O1 - Hosts: 80.239.236.117 rs116tl2.rapidshare.com

O1 - Hosts: 80.239.236.118 rs117l33.rapidshare.com

O1 - Hosts: 195.219.1.118 rs117tg.rapidshare.com

(Derelion) #3

huber2t to i tak nic nie pomogło. Komputer dalej jest spowolniony...


(huber2t) #4

Pokaż log z Combofix


(Derelion) #5

Podałem linka w pierwszym poście.


(huber2t) #6

W tych logach syfu nie widać

Zapewne jest to wina tego Ramu


(Derelion) #7

Tan "niby" uszkodzony RAM już dawno wyciągnąłem z PC'ta.