Tak jak w temacie. Podczas pracy z systemem Windows XP Home Edition komputer jest spowolniony a czasami się nawet przywiesza. Dodatkowo po założeniu dodatkowej kości pamięci RAM w komputera zaczynają wyskakiwać bluescreen’y i system się resetuje.
Log z HijackThis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:13:02, on 27-04-2008
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
D:\windows\System32\smss.exe
D:\windows\system32\winlogon.exe
D:\windows\system32\services.exe
D:\windows\system32\lsass.exe
D:\windows\system32\svchost.exe
D:\Program Files\Windows Defender\MsMpEng.exe
D:\windows\System32\svchost.exe
D:\windows\system32\spoolsv.exe
D:\Program Files\Apache Group\Apache2\bin\Apache.exe
D:\Program Files\Bonjour\mDNSResponder.exe
D:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
D:\Program Files\F-Secure Internet Security\Anti-Virus\FSGK32.EXE
D:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
D:\windows\system32\nvsvc32.exe
D:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindService.exe
D:\Program Files\Apache Group\Apache2\bin\Apache.exe
D:\windows\system32\svchost.exe
D:\Program Files\F-Secure Internet Security\Common\FSMB32.EXE
D:\Program Files\F-Secure Internet Security\Common\FCH32.EXE
D:\Program Files\F-Secure Internet Security\Common\FAMEH32.EXE
D:\Program Files\F-Secure Internet Security\Anti-Virus\fsqh.exe
D:\Program Files\F-Secure Internet Security\FSAUA\program\fsaua.exe
D:\Program Files\F-Secure Internet Security\Anti-Virus\fssm32.exe
D:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
D:\Program Files\F-Secure Internet Security\FSAUA\program\fsus.exe
D:\Program Files\F-Secure Internet Security\Anti-Virus\fsav32.exe
D:\windows\Explorer.EXE
D:\windows\RTHDCPL.EXE
D:\PROGRA~1\A4Tech\Mouse\Amoumain.exe
D:\windows\system32\RUNDLL32.EXE
D:\Program Files\Windows Defender\MSASCui.exe
D:\Program Files\F-Secure Internet Security\Common\FSM32.EXE
D:\Program Files\Topro\tppoll.exe
D:\Program Files\AutoConnect\AutoConnect.exe
D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
D:\Program Files\F-Secure Internet Security\FSGUI\fsguidll.exe
D:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
D:\Program Files\Apache Group\Apache2\bin\ApacheMonitor.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O1 - Hosts: 80.239.151.15 rs0l3.rapidshare.com
O1 - Hosts: 80.239.151.15 rs0l32.rapidshare.com
O1 - Hosts: 80.239.236.2 rs0l33.rapidshare.com
O1 - Hosts: 80.239.236.3 rs0l33.rapidshare.com
O1 - Hosts: 80.239.236.4 rs0l33.rapidshare.com
O1 - Hosts: 80.239.236.5 rs0l33.rapidshare.com
O1 - Hosts: 80.239.236.6 rs0l33.rapidshare.com
O1 - Hosts: 80.239.236.7 rs0l33.rapidshare.com
O1 - Hosts: 80.239.236.8 rs0l33.rapidshare.com
O1 - Hosts: 80.239.236.9 rs0l33.rapidshare.com
O1 - Hosts: 80.239.236.10 rs0l33.rapidshare.com
O1 - Hosts: 80.239.236.11 rs0l33.rapidshare.com
O1 - Hosts: 80.239.236.12 rs0l33.rapidshare.com
O1 - Hosts: 80.239.236.13 rs0l33.rapidshare.com
O1 - Hosts: 80.239.236.14 rs0l33.rapidshare.com
O1 - Hosts: 80.239.236.15 rs0l33.rapidshare.com
O1 - Hosts: 195.219.1.2 rs0tg.rapidshare.com
O1 - Hosts: 195.219.1.3 rs0tg.rapidshare.com
O1 - Hosts: 195.219.1.4 rs0tg.rapidshare.com
O1 - Hosts: 195.219.1.5 rs0tg.rapidshare.com
O1 - Hosts: 195.219.1.6 rs0tg.rapidshare.com
O1 - Hosts: 195.219.1.7 rs0tg.rapidshare.com
O1 - Hosts: 195.219.1.8 rs0tg.rapidshare.com
O1 - Hosts: 195.219.1.9 rs0tg.rapidshare.com
O1 - Hosts: 195.219.1.10 rs0tg.rapidshare.com
O1 - Hosts: 195.219.1.11 rs0tg.rapidshare.com
O1 - Hosts: 195.219.1.12 rs0tg.rapidshare.com
O1 - Hosts: 195.219.1.13 rs0tg.rapidshare.com
O1 - Hosts: 195.219.1.14 rs0tg.rapidshare.com
O1 - Hosts: 195.219.1.15 rs0tg.rapidshare.com
O1 - Hosts: 80.239.151.15 rs0tl.rapidshare.com
O1 - Hosts: 80.239.236.2 rs0tl2.rapidshare.com
O1 - Hosts: 80.239.236.3 rs0tl2.rapidshare.com
O1 - Hosts: 80.239.236.4 rs0tl2.rapidshare.com
O1 - Hosts: 80.239.236.5 rs0tl2.rapidshare.com
O1 - Hosts: 80.239.236.6 rs0tl2.rapidshare.com
O1 - Hosts: 80.239.236.7 rs0tl2.rapidshare.com
O1 - Hosts: 80.239.236.8 rs0tl2.rapidshare.com
O1 - Hosts: 80.239.236.9 rs0tl2.rapidshare.com
O1 - Hosts: 80.239.236.10 rs0tl2.rapidshare.com
O1 - Hosts: 80.239.236.11 rs0tl2.rapidshare.com
O1 - Hosts: 80.239.236.12 rs0tl2.rapidshare.com
O1 - Hosts: 80.239.236.13 rs0tl2.rapidshare.com
O1 - Hosts: 80.239.236.14 rs0tl2.rapidshare.com
O1 - Hosts: 80.239.236.15 rs0tl2.rapidshare.com
O1 - Hosts: 80.239.236.101 rs100l33.rapidshare.com
O1 - Hosts: 195.219.1.101 rs100tg.rapidshare.com
O1 - Hosts: 80.239.236.101 rs100tl2.rapidshare.com
O1 - Hosts: 80.239.236.102 rs101l33.rapidshare.com
O1 - Hosts: 195.219.1.102 rs101tg.rapidshare.com
O1 - Hosts: 80.239.236.102 rs101tl2.rapidshare.com
O1 - Hosts: 80.239.236.103 rs102l33.rapidshare.com
O1 - Hosts: 195.219.1.103 rs102tg.rapidshare.com
O1 - Hosts: 80.239.236.103 rs102tl2.rapidshare.com
O1 - Hosts: 80.239.236.104 rs103l33.rapidshare.com
O1 - Hosts: 195.219.1.104 rs103tg.rapidshare.com
O1 - Hosts: 80.239.236.104 rs103tl2.rapidshare.com
O1 - Hosts: 80.239.236.105 rs104l33.rapidshare.com
O1 - Hosts: 195.219.1.105 rs104tg.rapidshare.com
O1 - Hosts: 80.239.236.105 rs104tl2.rapidshare.com
O1 - Hosts: 80.239.236.106 rs105l33.rapidshare.com
O1 - Hosts: 195.219.1.106 rs105tg.rapidshare.com
O1 - Hosts: 80.239.236.106 rs105tl2.rapidshare.com
O1 - Hosts: 80.239.236.107 rs106l33.rapidshare.com
O1 - Hosts: 195.219.1.107 rs106tg.rapidshare.com
O1 - Hosts: 80.239.236.107 rs106tl2.rapidshare.com
O1 - Hosts: 80.239.236.108 rs107l33.rapidshare.com
O1 - Hosts: 195.219.1.108 rs107tg.rapidshare.com
O1 - Hosts: 80.239.236.108 rs107tl2.rapidshare.com
O1 - Hosts: 80.239.236.109 rs108l33.rapidshare.com
O1 - Hosts: 195.219.1.109 rs108tg.rapidshare.com
O1 - Hosts: 80.239.236.109 rs108tl2.rapidshare.com
O1 - Hosts: 80.239.236.110 rs109l33.rapidshare.com
O1 - Hosts: 195.219.1.110 rs109tg.rapidshare.com
O1 - Hosts: 80.239.236.110 rs109tl2.rapidshare.com
O1 - Hosts: 80.239.236.11 rs10l33.rapidshare.com
O1 - Hosts: 195.219.1.11 rs10tg.rapidshare.com
O1 - Hosts: 80.239.236.11 rs10tl2.rapidshare.com
O1 - Hosts: 80.239.236.111 rs110l33.rapidshare.com
O1 - Hosts: 195.219.1.111 rs110tg.rapidshare.com
O1 - Hosts: 80.239.236.111 rs110tl2.rapidshare.com
O1 - Hosts: 80.239.236.112 rs111l33.rapidshare.com
O1 - Hosts: 195.219.1.112 rs111tg.rapidshare.com
O1 - Hosts: 80.239.236.112 rs111tl2.rapidshare.com
O1 - Hosts: 80.239.236.113 rs112l33.rapidshare.com
O1 - Hosts: 195.219.1.113 rs112tg.rapidshare.com
O1 - Hosts: 80.239.236.113 rs112tl2.rapidshare.com
O1 - Hosts: 80.239.236.114 rs113l33.rapidshare.com
O1 - Hosts: 195.219.1.114 rs113tg.rapidshare.com
O1 - Hosts: 80.239.236.114 rs113tl2.rapidshare.com
O1 - Hosts: 80.239.236.115 rs114l33.rapidshare.com
O1 - Hosts: 195.219.1.115 rs114tg.rapidshare.com
O1 - Hosts: 80.239.236.115 rs114tl2.rapidshare.com
O1 - Hosts: 80.239.236.116 rs115l33.rapidshare.com
O1 - Hosts: 195.219.1.116 rs115tg.rapidshare.com
O1 - Hosts: 80.239.236.116 rs115tl2.rapidshare.com
O1 - Hosts: 80.239.236.117 rs116l33.rapidshare.com
O1 - Hosts: 195.219.1.117 rs116tg.rapidshare.com
O1 - Hosts: 80.239.236.117 rs116tl2.rapidshare.com
O1 - Hosts: 80.239.236.118 rs117l33.rapidshare.com
O1 - Hosts: 195.219.1.118 rs117tg.rapidshare.com
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - D:\Program Files\IEPro\iepro.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - D:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - D:\Program Files\FlashGet\jccatch.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - D:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - D:\Program Files\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [WheelMouse] D:\PROGRA~1\A4Tech\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Windows Defender] "D:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [F-Secure Manager] "D:\Program Files\F-Secure Internet Security\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "D:\Program Files\F-Secure Internet Security\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [Onet.pl AutoUpdate] "D:\Program Files\Common Files\Onet.pl\NewAutoUpdate.exe" /updateexe
O4 - HKLM\..\Run: [tppoll] D:\Program Files\Topro\tppoll.exe
O4 - HKCU\..\Run: [AutoConnect] D:\Program Files\AutoConnect\AutoConnect.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "D:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "D:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: DSLMON.lnk = D:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: Monitor Apache Servers.lnk = D:\Program Files\Apache Group\Apache2\bin\ApacheMonitor.exe
O8 - Extra context menu item: &Winamp Toolbar Search - D:\Documents and Settings\All Users\Dane aplikacji\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: &Ściągnij przy pomocy FlashGet'a - D:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &Ściągnij wszystko przy pomocy FlashGet'a - D:\Program Files\FlashGet\jc_all.htm
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - D:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - D:\Program Files\IEPro\iepro.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - D:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - D:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - D:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - D:\windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - D:\windows\bdoscandel.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\windows\Network Diagnostic\xpnetdiag.exe
O15 - Trusted Zone: http://*.google.pl
O15 - Trusted Zone: http://www.mks.com.pl
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/programs/OnlineScanner.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1194858493609
O17 - HKLM\System\CCS\Services\Tcpip\..\{465DE6A8-B228-4945-8E87-5D92ACC6C392}: NameServer = 194.204.159.1 217.98.63.164
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\Skype4COM.dll
O23 - Service: Apache2 - Apache Software Foundation - D:\Program Files\Apache Group\Apache2\bin\Apache.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - D:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - D:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - D:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - D:\Program Files\F-Secure Internet Security\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - D:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
O23 - Service: Agent zarządzania F-Secure (FSMA) - F-Secure Corporation - D:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\windows\system32\nvsvc32.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - D:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindService.exe
--
End of file - 15650 bytes
Log z Silent Runners:
"Silent Runners.vbs", revision 56, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"AutoConnect" = "D:\Program Files\AutoConnect\AutoConnect.exe" ["http://autoconnect.prv.pl"]
"SpybotSD TeaTimer" = "D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" ["Safer Networking Limited"]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"SkyTel" = "SkyTel.EXE" ["Realtek Semiconductor Corp."]
"RTHDCPL" = "RTHDCPL.EXE" ["Realtek Semiconductor Corp."]
"WheelMouse" = "D:\PROGRA~1\A4Tech\Mouse\Amoumain.exe" ["A4Tech Co., Ltd."]
"NvCplDaemon" = "RUNDLL32.EXE D:\windows\system32\NvCpl.dll,NvStartup" [MS]
"NvMediaCenter" = "RUNDLL32.EXE D:\windows\system32\NvMcTray.dll,NvTaskbarInit" [MS]
"Windows Defender" = ""D:\Program Files\Windows Defender\MSASCui.exe" -hide" [MS]
"F-Secure Manager" = ""D:\Program Files\F-Secure Internet Security\Common\FSM32.EXE" /splash" ["F-Secure Corporation"]
"F-Secure TNB" = ""D:\Program Files\F-Secure Internet Security\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW" ["F-Secure Corporation"]
"Onet.pl AutoUpdate" = ""D:\Program Files\Common Files\Onet.pl\NewAutoUpdate.exe" /updateexe" [file not found]
"tppoll" = "D:\Program Files\Topro\tppoll.exe" [null data]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{00011268-E188-40DF-A514-835FCD78B1BF}\(Default) = "IE7Pro"
-> {HKLM...CLSID} = "IE7Pro BHO"
\InProcServer32\(Default) = "D:\Program Files\IEPro\iepro.dll" ["IE7Pro.com"]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Adobe PDF Reader Link Helper"
\InProcServer32\(Default) = "D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}\(Default) = "Winamp Toolbar BHO"
-> {HKLM...CLSID} = "Winamp Toolbar BHO"
\InProcServer32\(Default) = "D:\Program Files\Winamp Toolbar\winamptb.dll" ["AOL LLC"]
{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}\(Default) = "flashget urlcatch"
-> {HKLM...CLSID} = "FGCatchUrl"
\InProcServer32\(Default) = "D:\Program Files\FlashGet\jccatch.dll" ["www.flashget.com"]
{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}\(Default) = "BitComet ClickCapture"
-> {HKLM...CLSID} = "BitComet Helper"
\InProcServer32\(Default) = "D:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll" ["BitComet"]
{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Spybot-S&D IE Protection"
\InProcServer32\(Default) = "D:\Program Files\Spybot - Search & Destroy\SDHelper.dll" ["Safer Networking Limited"]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
-> {HKLM...CLSID} = "SSVHelper Class"
\InProcServer32\(Default) = "D:\Program Files\Java\jre1.5.0_09\bin\ssv.dll" ["Sun Microsystems, Inc."]
{F156768E-81EF-470C-9057-481BA8380DBA}\(Default) = (no title provided)
-> {HKLM...CLSID} = "FlashGet GetFlash Class"
\InProcServer32\(Default) = "D:\Program Files\FlashGet\getflash.dll" ["www.flashget.com"]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}" = "Strona zabezpieczeń NTFS"
-> {HKLM...CLSID} = "Security Shell Extension"
\InProcServer32\(Default) = "rshx32_5.dll" [MS]
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"
-> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "D:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
"{EFA24E62-B078-11d0-89E4-00C04FC9E26E}" = "History Band"
-> {HKLM...CLSID} = "History Band"
\InProcServer32\(Default) = "D:\windows\system32\SHDOCVW.DLL" [MS]
"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
-> {HKLM...CLSID} = "DesktopContext Class"
\InProcServer32\(Default) = "D:\windows\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
-> {HKLM...CLSID} = "Desktop Explorer"
\InProcServer32\(Default) = "D:\windows\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "D:\windows\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"
-> {HKLM...CLSID} = "nView Desktop Context Menu"
\InProcServer32\(Default) = "D:\windows\system32\nvshell.dll" ["NVIDIA Corporation"]
"{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" = "OpenOffice.org Column Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = ""D:\Program Files\OpenOffice.org 2.0.3\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]
"{087B3AE3-E237-4467-B8DB-5A38AB959AC9}" = "OpenOffice.org Infotip Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = ""D:\Program Files\OpenOffice.org 2.0.3\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]
"{63542C48-9552-494A-84F7-73AA6A7C99C1}" = "OpenOffice.org Property Sheet Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = ""D:\Program Files\OpenOffice.org 2.0.3\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]
"{3B092F0C-7696-40E3-A80F-68D74DA84210}" = "OpenOffice.org Thumbnail Viewer"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = ""D:\Program Files\OpenOffice.org 2.0.3\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]
"{C169E5F0-E2B3-41F3-B81A-7BA529CBE193}" = "ZipGenius Shell Extension"
-> {HKLM...CLSID} = "ZipGenius Shell Extension"
\InProcServer32\(Default) = "D:\PROGRA~1\ZIPGEN~1\contmenu.dll" ["M.Dev Software"]
"{2E5AC2E0-406D-11D4-86B3-FA5861508E25}" = "ZipGenius Zip InfoTip"
-> {HKLM...CLSID} = "ZipGenius InfoTip"
\InProcServer32\(Default) = "D:\PROGRA~1\ZIPGEN~1\zgtips.dll" ["M.Dev Software"]
"{310A0C95-EA11-42AE-A8E4-53E69E650310}" = "ZipGenius Drop handler"
-> {HKLM...CLSID} = "ZipGenius Drag and Drop handler"
\InProcServer32\(Default) = "D:\PROGRA~1\ZIPGEN~1\DROPHA~1.DLL" ["M.Dev Software"]
"{FE8D01BF-610A-4261-9C6E-32D65A42C907}" = "ZipGenius DnD Extract handler"
-> {HKLM...CLSID} = "ZipGenius DnD Extract handler"
\InProcServer32\(Default) = "D:\PROGRA~1\ZIPGEN~1\ZGDRAG~1.DLL" ["M.Dev Software"]
"{1530F7EE-5128-43BD-9977-84A4B0FAD7DF}" = "PhotoToys"
-> {HKCU...CLSID} = (no title provided)
\InProcServer32\(Default) = "D:\WINDOWS\system32\phototoys.dll" [MS]
"{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D}" = "Messenger Sharing Folders"
-> {HKLM...CLSID} = "Moje foldery udostępniania"
\InProcServer32\(Default) = "D:\Program Files\MSN Messenger\fsshext.8.1.0178.00.dll" [MS]
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
-> {HKLM...CLSID} = "NVIDIA CPL Extension"
\InProcServer32\(Default) = "D:\windows\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{1F77B17B-F531-44DB-ACA4-76ABB5010A28}" = "AIMP2: Shell Extention"
-> {HKLM...CLSID} = "AIMP2: Shell Extention"
\InProcServer32\(Default) = "D:\PROGRA~1\AIMP2\System\AIMP_S~1.DLL" ["AIMP DevTeam"]
"{AD392E40-428C-459F-961E-9B147782D099}" = "UltraISO"
-> {HKLM...CLSID} = "UIContextMenu Class"
\InProcServer32\(Default) = "D:\Program Files\UltraISO\isoshell.dll" ["EZB Systems, Inc."]
"{0111E5AF-C96A-4AF6-8FEC-F4C56BB5C36C}" = "SxContextMenuMCS"
-> {HKLM...CLSID} = "ShellPlus test context menu"
\InProcServer32\(Default) = "D:\PROGRA~1\MEDIAC~1\MENU_O~1.DLL" [null data]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
<> "{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}" = "Microsoft AntiMalware ShellExecuteHook"
-> {HKLM...CLSID} = "Microsoft AntiMalware ShellExecuteHook"
\InProcServer32\(Default) = "D:\PROGRA~1\WIFD1F~1\MpShHook.dll" [MS]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\
"WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
-> {HKLM...CLSID} = "WPDShServiceObj Class"
\InProcServer32\(Default) = "D:\WINDOWS\system32\WPDShServiceObj.dll" [MS]
HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\
<> "BootExecute" = "autocheck autochk *"| [file not found]| [file not found]
HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\(Default) = "OpenOffice.org Column Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = ""D:\Program Files\OpenOffice.org 2.0.3\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
-> {HKLM...CLSID} = "PDF Shell Extension"
\InProcServer32\(Default) = "D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]
HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\
AIMPClassic\(Default) = "{1F77B17B-F531-44DB-ACA4-76ABB5010A28}"
-> {HKLM...CLSID} = "AIMP2: Shell Extention"
\InProcServer32\(Default) = "D:\PROGRA~1\AIMP2\System\AIMP_S~1.DLL" ["AIMP DevTeam"]
DaemonShellExtImage\(Default) = "{40966797-8FFE-46C8-9EF8-7003F33CCF0F}"
-> {HKLM...CLSID} = "DaemonShellExtImage Class"
\InProcServer32\(Default) = "D:\Program Files\DAEMON Tools Pro\imgshl32.dll" ["DT Soft Ltd."]
ZipGenius 6\(Default) = "{C169E5F0-E2B3-41F3-B81A-7BA529CBE193}"
-> {HKLM...CLSID} = "ZipGenius Shell Extension"
\InProcServer32\(Default) = "D:\PROGRA~1\ZIPGEN~1\contmenu.dll" ["M.Dev Software"]
HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\
AIMPClassic\(Default) = "{1F77B17B-F531-44DB-ACA4-76ABB5010A28}"
-> {HKLM...CLSID} = "AIMP2: Shell Extention"
\InProcServer32\(Default) = "D:\PROGRA~1\AIMP2\System\AIMP_S~1.DLL" ["AIMP DevTeam"]
UltraISO\(Default) = "{AD392E40-428C-459F-961E-9B147782D099}"
-> {HKLM...CLSID} = "UIContextMenu Class"
\InProcServer32\(Default) = "D:\Program Files\UltraISO\isoshell.dll" ["EZB Systems, Inc."]
ZipGenius 6\(Default) = "{C169E5F0-E2B3-41F3-B81A-7BA529CBE193}"
-> {HKLM...CLSID} = "ZipGenius Shell Extension"
\InProcServer32\(Default) = "D:\PROGRA~1\ZIPGEN~1\contmenu.dll" ["M.Dev Software"]
HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\
SxContextMenuMCS\(Default) = "{0111E5AF-C96A-4AF6-8FEC-F4C56BB5C36C}"
-> {HKLM...CLSID} = "ShellPlus test context menu"
\InProcServer32\(Default) = "D:\PROGRA~1\MEDIAC~1\MENU_O~1.DLL" [null data]
UltraISO\(Default) = "{AD392E40-428C-459F-961E-9B147782D099}"
-> {HKLM...CLSID} = "UIContextMenu Class"
\InProcServer32\(Default) = "D:\Program Files\UltraISO\isoshell.dll" ["EZB Systems, Inc."]
Group Policies {policy setting}:
--------------------------------
Note: detected settings may not have any effect.
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
"NoSMBalloonTip" = (REG_DWORD) dword:0x00000001
{unrecognized setting}
"NoRecentDocsHistory" = (REG_DWORD) dword:0x00000001
{unrecognized setting}
"CDRAutoRun" = (REG_DWORD) dword:0x00000000
{unrecognized setting}
"NoLowDiskSpaceChecks" = (REG_DWORD) dword:0x00000001
{unrecognized setting}
"MemCheckBoxInRunDlg" = (REG_DWORD) dword:0x00000000
{unrecognized setting}
"NoAutoTrayNotify" = (REG_DWORD) dword:0x00000000
{unrecognized setting}
"NoResolveTrack" = (REG_DWORD) dword:0x00000000
{unrecognized setting}
"NoResolveSearch" = (REG_DWORD) dword:0x00000001
{unrecognized setting}
"LinkResolveIgnoreLinkInfo" = (REG_DWORD) dword:0x00000001
{unrecognized setting}
"NoStartBanner" = (REG_BINARY) hex:01 00 00 00
{Remove "Click here to begin" from Start button}
"NoWelcomeScreen" = (REG_DWORD) dword:0x00000001
{unrecognized setting}
"NoRecentDocsNetHood" = (REG_DWORD) dword:0x00000001
{unrecognized setting}
"NoDesktopCleanupWizard" = (REG_DWORD) dword:0x00000001
{unrecognized setting}
"NoSharedDocuments" = (REG_DWORD) dword:0x00000001
{Remove Shared Documents from My Computer}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\
"NoRemoteRecursiveEvents" = (REG_DWORD) dword:0x00000001
{unrecognized setting}
"NoStrCmpLogical" = (REG_DWORD) dword:0x00000001
{unrecognized setting}
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\
"NoDispBackgroundPage" = (REG_DWORD) dword:0x00000000
{Hide Desktop tab}
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions\
"NoUpdateCheck" = (REG_DWORD) dword:0x00000001
{unrecognized setting}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\
"shutdownwithoutlogon" = (REG_DWORD) dword:0x00000001
{Shutdown: Allow system to be shut down without having to log on}
"undockwithoutlogon" = (REG_DWORD) dword:0x00000001
{Devices: Allow undock without having to log on}
"RunStartupScriptSync" = (REG_DWORD) dword:0x00000000
{unrecognized setting}
"SynchronousMachineGroupPolicy" = (REG_DWORD) dword:0x00000000
{unrecognized setting}
"SynchronousUserGroupPolicy" = (REG_DWORD) dword:0x00000000
{unrecognized setting}
Active Desktop and Wallpaper:
-----------------------------
Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "D:\windows\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"
Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "D:\Documents and Settings\FuriousCK\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"
Startup items in "FuriousCK" & "All Users" startup folders:
-----------------------------------------------------------
D:\Documents and Settings\All Users\Menu Start\Programy\Autostart
"DSLMON" -> shortcut to: "D:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe" [empty string]
"Monitor Apache Servers" -> shortcut to: "D:\Program Files\Apache Group\Apache2\bin\ApacheMonitor.exe" ["Apache Software Foundation"]
Enabled Scheduled Tasks:
------------------------
"firefox" -> launches: "D:\Program Files\Mozilla Firefox\firefox.exe" ["Mozilla Corporation"]
"MP Scheduled Scan" -> launches: "D:\Program Files\Windows Defender\MpCmdRun.exe Scan -RestrictPrivileges" [MS]
Winsock2 Service Provider DLLs:
-------------------------------
Namespace Service Providers
HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000004\LibraryPath = "D:\Program Files\Bonjour\mdnsNSP.dll" ["Apple Computer, Inc."]
Transport Service Providers
HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
D:\Program Files\F-Secure Internet Security\FSPS\program\FSLSP.DLL ["F-Secure Corporation"], 01 - 03, 09
%SystemRoot%\system32\mswsock.dll [MS], 04 - 06, 10 - 25
%SystemRoot%\system32\rsvpsp.dll [MS], 07 - 08
Toolbars, Explorer Bars, Extensions:
------------------------------------
Toolbars
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"
-> {HKLM...CLSID} = "Winamp Toolbar"
\InProcServer32\(Default) = "D:\Program Files\Winamp Toolbar\winamptb.dll" ["AOL LLC"]
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}" = "Winamp Toolbar"
-> {HKLM...CLSID} = "Winamp Toolbar"
\InProcServer32\(Default) = "D:\Program Files\Winamp Toolbar\winamptb.dll" ["AOL LLC"]
Explorer Bars
HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
HKLM\SOFTWARE\Classes\CLSID\{E7A829CC-671F-4C3D-B590-8C0AEA72E6B2}\(Default) = "BitComet Search"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "D:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll" ["BitComet"]
Extensions (Tools menu items, main toolbar menu buttons)
HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{0026439F-A980-4F18-8C95-4F1CBBF9C1D8}\
"ButtonText" = "IE7Pro Preferences"
"MenuText" = "IE7Pro Preferences"
"CLSIDExtension" = "{B119EB0C-C021-46CF-85B0-34A760E0D5FE}"
-> {HKLM...CLSID} = "IE7Pro ToolsExt"
\InProcServer32\(Default) = "D:\Program Files\IEPro\iepro.dll" ["IE7Pro.com"]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBC}"
-> {HKCU...CLSID} = "Java Plug-in 1.5.0_09"
\InProcServer32\(Default) = "D:\Program Files\Java\jre1.5.0_09\bin\ssv.dll" ["Sun Microsystems, Inc."]
-> {HKLM...CLSID} = "Java Plug-in 1.5.0_09"
\InProcServer32\(Default) = "D:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll" ["Sun Microsystems, Inc."]
{36ECAF82-3300-8F84-092E-AFF36D6C7040}\
"ButtonText" = "Run WinHTTrack"
"MenuText" = "Launch WinHTTrack"
"CLSIDExtension" = "{86529161-034E-4F8A-88D2-3C625E612E04}"
-> {HKLM...CLSID} = "WinHTTrackLauncher Class"
\InProcServer32\(Default) = "D:\Program Files\WinHTTrack\WinHTTrackIEBar.dll" [null data]
{461CC20B-FB6E-4F16-8FE8-C29359DB100E}\
"ButtonText" = "BitComet Search"
{85D1F590-48F4-11D9-9669-0800200C9A66}\
"MenuText" = "Uninstall BitDefender Online Scanner v8"
"Exec" = "%windir%\bdoscandel.exe" [null data]
{D6E814A0-E0C5-11D4-8D29-0050BA6940E3}\
"ButtonText" = "FlashGet"
"MenuText" = "FlashGet"
"Exec" = "D:\Program Files\FlashGet\FlashGet.exe" ["FlashGet.com"]
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}\
"MenuText" = "Spybot - Search && Destroy Configuration"
"CLSIDExtension" = "{53707962-6F74-2D53-2644-206D7942484F}"
-> {HKLM...CLSID} = "Spybot-S&D IE Protection"
\InProcServer32\(Default) = "D:\Program Files\Spybot - Search & Destroy\SDHelper.dll" ["Safer Networking Limited"]
{E2E2DD38-D088-4134-82B7-F2BA38496583}\
"MenuText" = "@xpsp3res.dll,-20001"
"Exec" = "%windir%\Network Diagnostic\xpnetdiag.exe" [MS]
Miscellaneous IE Hijack Points
------------------------------
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\
<> "DesktopItemNavigationFailure" = "res://shdoclc.dll/navcancl.htm" [MS]
HOSTS file
----------
D:\windows\System32\drivers\etc\HOSTS
maps: 2940 domain names to IP addresses,
2939 of the IP addresses are *not* localhost!
Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------
##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##, Bonjour Service, ""D:\Program Files\Bonjour\mDNSResponder.exe"" ["Apple Computer, Inc."]
Agent zarządzania F-Secure, FSMA, ""D:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE"" ["F-Secure Corporation"]
Apache2, Apache2, ""D:\Program Files\Apache Group\Apache2\bin\Apache.exe" -k runservice" ["Apache Software Foundation"]
F-Secure Anti-Virus Firewall Daemon, FSDFWD, ""D:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe"" ["F-Secure Corporation"]
F-Secure Automatic Update Agent, FSAUA, ""D:\Program Files\F-Secure Internet Security\FSAUA\program\fsaua.exe"" ["F-Secure Corporation"]
FSGKHS, F-Secure Gatekeeper Handler Starter, ""D:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe"" ["F-Secure Corporation"]
NVIDIA Display Driver Service, NVSvc, "D:\windows\system32\nvsvc32.exe" ["NVIDIA Corporation"]
StarWind iSCSI Service, StarWindService, "D:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindService.exe" ["Rocket Division Software"]
Windows Defender, WinDefend, ""D:\Program Files\Windows Defender\MsMpEng.exe"" [MS]
Print Monitors:
---------------
HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\
SUGS2 Langmon\Driver = "SUGS2LMK.DLL" ["Samsung Electronics."]
---------- (launch time: 2008-04-27 08:16:34)
<>: Suspicious data at a malware launch point.
<>: Suspicious data at a browser hijack point.
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points, use the -supp parameter or answer "No" at the
first message box and "Yes" at the second message box.
---------- (total run time: 54 seconds, including 12 seconds for message boxes)
Log z ComboFix:
http://wklej.org/id/1eb7ab361c
Dziękuję za pomoc.