Spysecure, potem Combofix - teraz nie widze ikon


(Qbanovac) #1

Moje problemy zaczęły sie od tego ze Windows Security Center otwieral mi nowe okno w Firefoxie i pokazywal ze mam 45 zagrożen. Po klikneciu na te strone na kompa laduje sie Spysecure.

Skanowalem i usuwalem kolejne wirusy programami:

AGV 8.0

a-squared

Malwarebytes

ale to nic nie pomoglo.

Na innym forum znalazłem porade by użyć Combofix.

Odpaliłem lecz problem nadal istnieje (choć rzadziej) dodatkowo po użyciu Combofix zniknęły mi ikonki zawierajace foldery ze zdjeciami i ikonki zdjec, widac tylko nazwy folderow a w miejscu ikonki jest zupełnie pusto.

Może ktoś wie co z tym zrobić? Nie chciałbym formatowac kompa bo obecnie jestem na statku i bede tu jeszcze 2 miechy a nie mam przy sobie wszystkich programow.

Mam system Vista i zrobilem loga w Hijacku ktorego zamieszczam ponizej.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 13:03, on 2008-05-10

Platform: Windows Vista (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16643)

Boot mode: Normal

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\Explorer.EXE

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe

C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Apoint\Apoint.exe

C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe

C:\Program Files\Sony\ISB Utility\ISBMgr.exe

C:\Program Files\Apoint\ApMsgFwd.exe

C:\Program Files\Babylon\Babylon-Pro\Babylon.exe

C:\Program Files\AVG\AVG8\avgtray.exe

C:\Program Files\Apoint\Apvfb.exe

C:\Program Files\Apoint\Apntex.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Users\VAIO\AppData\Local\abxkfhc.exe

C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

C:\Windows\ehome\ehmsas.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe

C:\Program Files\Skype\Plugin Manager\skypePM.exe

C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\conime.exe

C:\Windows\System32\rundll32.exe

C:\Windows\system32\icardagt.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.all-search-engines.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Pomocnik rejestracji usługi Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

O4 - HKLM..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM..\Run: [VAIOCameraUtility] "C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe"

O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe

O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe

O4 - HKLM..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart

O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM..\Run: [sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe

O4 - HKLM..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"

O4 - HKLM..\Run: [iSBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe"

O4 - HKLM..\Run: [babylon Client] C:\Program Files\Babylon\Babylon-Pro\Babylon.exe -AutoStart

O4 - HKLM..\Run: [TrayServer] C:\Program Files\MAGIX\Movie_Edit_Pro_14_silver\TrayServer.exe

O4 - HKLM..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKCU..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 52\axcmd.exe" /automount

O4 - HKCU..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU..\Run: [abxkfhc] c:\users\vaio\appdata\local\abxkfhc.exe abxkfhc

O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

O4 - HKUS\S-1-5-19..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'USŁUGA LOKALNA')

O4 - HKUS\S-1-5-19..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'USŁUGA LOKALNA')

O4 - HKUS\S-1-5-20..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'USŁUGA SIECIOWA')

O4 - HKUS\S-1-5-18..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')

O4 - HKUS.DEFAULT..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')

O4 - Startup: Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

O4 - Global Startup: BTTray.lnk = ?

O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Wyślij obraz do urządzenia &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O8 - Extra context menu item: Wyślij stronę do urządzenia &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Wpis w blogu - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Wpis w blogu w Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O13 - Gopher Prefix:

O17 - HKLM\System\CCS\Services\Tcpip..{8E1ACAAF-7E3B-4668-8C6F-E74E53EBC52A}: NameServer = 208.67.222.222,208.67.220.220

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe

O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe

O23 - Service: Urządzenie mobilne Apple (Apple Mobile Device) - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Usługa iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Roxio UPnP Renderer 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe

O23 - Service: Roxio Upnp Server 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe

O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe

O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe

O23 - Service: Roxio Hard Drive Watcher 10 (RoxWatch10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe

O23 - Service: SessionLauncher - Unknown owner - C:\Users\VAIO\AppData\Local\Temp\DX9\SessionLauncher.exe (file missing)

O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\stacsv.exe

O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe

O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe

O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe

--

End of file - 11759 bytes


(Leon$) #2

Pobierz Combofix http://www.searchengines.pl/index.php?s ... ntry395642 przeskanuj daj log

:slight_smile:


(Qbanovac) #3

Dzieki za zaiteresowanie :smiley:

Odpalilem jeszcze raz ComboFix, ale chyba cos nie tak. Nie moge znalezc loga.

Po zrebutowaniu systemu ComboFix wyswietlił następujący komunikat:

"System nie może znaleźć komunikatu dla numeru komunikatu 0x2363 w pliku komunikatów dal Application"


(Leon$) #4

Start >> wyszukaj >> ComboFix.txt

:slight_smile:

jak nie znajdzie to pobierz Deckard's System Scanner (DSS): http://www.searchengines.pl/index.php?showtopic=86306&st=0&p=392369entry392369 daj log

:slight_smile:


(Qbanovac) #5

DSS wyprodukowal dwa pliki main.txt oraz extra.txt. oto one:

main.txt

Deckard's System Scanner v20071014.68

Run by VAIO on 2008-05-10 17:56:07

Computer is in Normal Mode.


Backed up registry hives.

Performed disk cleanup.

-- HijackThis (run as VAIO.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 17:57, on 2008-05-10

Platform: Windows Vista (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16643)

Boot mode: Normal

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe

C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Apoint\Apoint.exe

C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe

C:\Program Files\Sony\ISB Utility\ISBMgr.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Apoint\ApMsgFwd.exe

C:\Program Files\Apoint\Apvfb.exe

C:\Program Files\AVG\AVG8\avgtray.exe

C:\Program Files\Apoint\Apntex.exe

C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

C:\Windows\ehome\ehmsas.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe

C:\Windows\system32\conime.exe

C:\Users\VAIO\Desktop\dss.exe

C:\Windows\system32\SearchFilterHost.exe

C:\PROGRA~1\TRENDM~1\HIJACK~1\VAIO.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.all-search-engines.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: Pomocnik rejestracji usługi Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

O4 - HKLM..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM..\Run: [VAIOCameraUtility] "C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe"

O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe

O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe

O4 - HKLM..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart

O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM..\Run: [sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe

O4 - HKLM..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"

O4 - HKLM..\Run: [iSBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe"

O4 - HKLM..\Run: [babylon Client] C:\Program Files\Babylon\Babylon-Pro\Babylon.exe -AutoStart

O4 - HKLM..\Run: [TrayServer] C:\Program Files\MAGIX\Movie_Edit_Pro_14_silver\TrayServer.exe

O4 - HKLM..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKCU..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 52\axcmd.exe" /automount

O4 - HKCU..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

O4 - HKUS\S-1-5-19..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'USŁUGA LOKALNA')

O4 - HKUS\S-1-5-19..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'USŁUGA LOKALNA')

O4 - HKUS\S-1-5-20..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'USŁUGA SIECIOWA')

O4 - HKUS\S-1-5-18..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')

O4 - HKUS.DEFAULT..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')

O4 - Startup: Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

O4 - Global Startup: BTTray.lnk = ?

O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Wyślij obraz do urządzenia &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O8 - Extra context menu item: Wyślij stronę do urządzenia &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Wpis w blogu - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Wpis w blogu w Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O13 - Gopher Prefix:

O17 - HKLM\System\CCS\Services\Tcpip..{8E1ACAAF-7E3B-4668-8C6F-E74E53EBC52A}: NameServer = 208.67.222.222,208.67.220.220

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe

O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe

O23 - Service: Urządzenie mobilne Apple (Apple Mobile Device) - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Usługa iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Roxio UPnP Renderer 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe

O23 - Service: Roxio Upnp Server 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe

O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe

O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe

O23 - Service: Roxio Hard Drive Watcher 10 (RoxWatch10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe

O23 - Service: SessionLauncher - Unknown owner - C:\Users\VAIO\AppData\Local\Temp\DX9\SessionLauncher.exe (file missing)

O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\stacsv.exe

O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe

O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe

O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe

--

End of file - 11013 bytes

-- File Associations -----------------------------------------------------------

.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

S1 Tosrfcom (Bluetooth RFCOMM) - c:\windows\system32\drivers\tosrfcom.sys

S3 tosporte (Bluetooth COM Port) - c:\windows\system32\drivers\tosporte.sys

S3 tosrfbd (Bluetooth RFBUS) - c:\windows\system32\drivers\tosrfbd.sys

S3 tosrfbnp (Bluetooth RFBNEP) - c:\windows\system32\drivers\tosrfbnp.sys

S3 Tosrfhid (Bluetooth RFHID) - c:\windows\system32\drivers\tosrfhid.sys

S3 tosrfnds (Bluetooth Personal Area Network) - c:\windows\system32\drivers\tosrfnds.sys

S3 TosRfSnd (Bluetooth Audio) - c:\windows\system32\drivers\tosrfsnd.sys

S3 Tosrfusb (Bluetooth USB Controller) - c:\windows\system32\drivers\tosrfusb.sys

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device (Urządzenie mobilne Apple) - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe"

R2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe"

R2 StarWindServiceAE (StarWind AE Service) - c:\program files\alcohol soft\alcohol 52\starwind\starwindserviceae.exe

S2 SessionLauncher - c:\users\vaio\appdata\local\temp\dx9\sessionlauncher.exe (file missing)

S3 FirebirdServerMAGIXInstance (Firebird Server - MAGIX Instance) - c:\program files\magix\common\database\bin\fbserver.exe

-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.

-- Scheduled Tasks -------------------------------------------------------------

2008-05-10 17:44:01 252 --a------ C:\Windows\Tasks\Sprawdź aktualizacje paska narzędzi Windows Live Toolbar.job

2008-05-09 19:13:20 416 --ah----- C:\Windows\Tasks\User_Feed_Synchronization-{F1D15D29-081B-486C-8246-AD8F38BED216}.job

-- Files created between 2008-04-10 and 2008-05-10 -----------------------------

2008-05-10 16:07:44 53248 --a------ C:\Windows\PSEXESVC.EXE

2008-05-10 16:04:22 6736 --a------ C:\Windows\system32\drivers\PROCEXP90.SYS www.sysinternals.com; Process Explorer>

2008-05-10 13:02:44 0 d-------- C:\Program Files\Trend Micro

2008-05-10 10:47:03 0 d--h----- C:\$AVG8.VAULT$

2008-05-10 10:09:42 0 d-------- C:\Users\VAIO\Bluetooth Software

2008-05-10 09:47:14 68096 --a------ C:\Windows\zip.exe

2008-05-10 09:47:14 49152 --a------ C:\Windows\VFind.exe

2008-05-10 09:47:14 212480 --a------ C:\Windows\swxcacls.exe

2008-05-10 09:47:14 136704 --a------ C:\Windows\swsc.exe

2008-05-10 09:47:14 161792 --a------ C:\Windows\swreg.exe

2008-05-10 09:47:14 98816 --a------ C:\Windows\sed.exe

2008-05-10 09:47:14 80412 --a------ C:\Windows\grep.exe

2008-05-10 09:47:14 73728 --a------ C:\Windows\fdsv.exe

2008-05-09 21:16:39 0 d-------- C:\Users\All Users\Grisoft

2008-05-09 21:02:36 0 d-------- C:\Windows\system32\drivers\Avg

2008-05-09 21:02:34 0 d-------- C:\Users\All Users\avg8

2008-05-09 21:02:34 0 d-------- C:\Program Files\AVG

2008-05-09 09:05:10 0 d-------- C:\Program Files\a-squared Free

2008-05-08 17:54:39 0 d-------- C:\Users\All Users\Malwarebytes

2008-05-08 17:54:39 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware

2008-05-08 12:29:00 1637318 --a------ C:\Windows\system32\Tenerife Dolphins Screensaver.scr

2008-05-08 12:29:00 0 d-------- C:\Program Files\Free-Animated-Screensavers.org

2008-05-08 12:28:56 0 d-------- C:\Program Files\Screen Saver Manager

2008-05-08 12:28:56 0 d--h----- C:\Program Files\InstallJammer Registry

2008-05-08 08:53:39 103424 --a------ C:\Windows\system32\presenter_nat.dll http://www.cavisions.com>

2008-05-08 08:53:18 0 d-------- C:\Users\All Users\Brontes Processing

2008-05-08 08:53:18 0 d-------- C:\Program Files\Brontes Processing

2008-05-07 21:45:01 0 d-------- C:\Users\All Users\Pinnacle VideoSpin

2008-05-07 21:41:58 0 d-------- C:\Users\All Users\VideoSpin

2008-05-07 21:41:58 0 d-------- C:\Program Files\Pinnacle

2008-05-07 21:41:58 0 d-------- C:\Program Files\Common Files\Yahoo!

2008-05-07 21:38:36 0 d-------- C:\Users\All Users\Pinnacle

2008-05-07 21:30:12 0 d-------- C:\Program Files\Common Files\MAGIX Shared

2008-05-07 21:30:11 44544 --a------ C:\Windows\system32\msxml4a.dll

2008-05-07 21:30:10 24576 --a------ C:\Windows\system32\TTIC32.dll

2008-05-07 21:30:10 24576 --a------ C:\Windows\system32\TTI32.dll

2008-05-07 21:30:10 32768 --a------ C:\Windows\system32\STRING32.dll

2008-05-07 21:30:10 430080 --a------ C:\Windows\system32\MXRestore.exe

2008-05-07 21:30:10 57344 --a------ C:\Windows\system32\DLLTPO32.dll

2008-05-07 21:30:10 192512 --a------ C:\Windows\system32\DLLRES32.dll

2008-05-07 21:30:10 40960 --a------ C:\Windows\system32\DLLRD32.dll

2008-05-07 21:30:10 65536 --a------ C:\Windows\system32\DLLPTL32.dll

2008-05-07 21:30:10 53248 --a------ C:\Windows\system32\DLLPRJ32.dll

2008-05-07 21:30:10 49152 --a------ C:\Windows\system32\DLLPRF32.dll

2008-05-07 21:30:10 36864 --a------ C:\Windows\system32\DLLPNT32.dll

2008-05-07 21:30:10 32768 --a------ C:\Windows\system32\DLLMSC32.dll

2008-05-07 21:30:10 24576 --a------ C:\Windows\system32\DLLIX.dll

2008-05-07 21:30:10 32768 --a------ C:\Windows\system32\DLLISO32.dll

2008-05-07 21:30:10 53248 --a------ C:\Windows\system32\DLLIO32.dll

2008-05-07 21:30:10 45056 --a------ C:\Windows\system32\DLLIMG32.dll

2008-05-07 21:30:10 151552 --a------ C:\Windows\system32\DLLDRV32.dll

2008-05-07 21:30:10 32768 --a------ C:\Windows\system32\DLLDIR32.dll

2008-05-07 21:30:10 167936 --a------ C:\Windows\system32\DLLDEV32.dll

2008-05-07 21:30:10 98304 --a------ C:\Windows\system32\DLLCPY32.dll

2008-05-07 21:30:10 61440 --a------ C:\Windows\system32\DLLCDF32.dll

2008-05-07 21:30:10 114688 --a------ C:\Windows\system32\DLLCDA32.dll

2008-05-07 21:30:10 618496 --a------ C:\Windows\system32\DLLAV32.dll

2008-05-07 21:28:49 0 d-------- C:\Users\All Users\MAGIX

2008-05-07 21:28:29 120200 --a------ C:\Windows\system32\DLLDEV32i.dll

2008-05-07 21:28:29 0 d-------- C:\Program Files\MAGIX

2008-05-07 21:27:11 700416 --a------ C:\Windows\system32\mgxoschk.dll

2008-05-07 21:27:11 0 d-------- C:\Windows\system32\MAGIX

2008-05-07 21:24:16 0 d-------- C:\Windows\Komputer i Ty Kurs Flash

2008-05-07 21:24:16 0 d-------- C:\Program Files\Komputer i Ty Kurs Flash

2008-05-07 20:56:29 0 d-------- C:\Users\All Users\Mistrz Klawiatury CHIP Edition Data

2008-05-07 20:56:29 0 d-------- C:\Program Files\Mistrz Klawiatury CHIP Edition

2008-05-07 20:52:38 0 d-------- C:\Users\All Users\Avanquest

2008-05-07 20:46:33 0 dr-hs---- C:_Backup.RC

2008-05-07 20:46:30 0 d--h----- C:_Backup

2008-05-07 20:44:39 0 d-------- C:\Users\All Users\VCOM

2008-05-07 20:38:31 0 d-------- C:\Users\All Users\BVRP Software

2008-05-06 20:34:45 0 d-------- C:\Program Files\SecondLife

2008-05-06 12:56:07 0 d-------- C:\Program Files\Orban

2008-05-06 09:52:13 0 d-------- C:\Users\All Users\Babylon

2008-05-06 09:52:13 0 d-------- C:\Program Files\Babylon

2008-05-05 12:39:18 0 d-------- C:\Program Files\SpeedTestPro

2008-05-05 12:39:03 0 d-------- C:\Program Files\AF Uninstalls

2008-05-02 22:54:52 0 d-------- C:\Program Files\SigmaTel

2008-05-02 17:33:54 0 d-------- C:\Program Files\FastStone Image Viewer

2008-05-02 13:36:58 0 d-------- C:\Program Files\a-squared HiJackFree

2008-05-02 12:48:10 0 d-------- C:\Program Files\Tlen.pl

2008-05-01 22:28:24 0 d-------- C:\Windows\system32\ebay

2008-05-01 22:28:24 0 d-------- C:\Program Files\Ashampoo

2008-05-01 18:12:30 0 d-------- C:\Program Files\Apoint

2008-05-01 11:53:38 0 d-------- C:\Windows\Sun

2008-05-01 09:58:29 56 --ah----- C:\Windows\system32\ezsidmv.dat

2008-05-01 09:55:53 0 d-------- C:\Program Files\Common Files\Skype

2008-04-30 22:53:03 0 d-------- C:\Users\All Users\Sony Corporation

2008-04-28 12:53:27 0 d-------- C:\Program Files\Common Files\Sony Ericsson Shared

2008-04-28 12:53:25 0 d-------- C:\Program Files\Sony Ericsson

2008-04-28 12:53:25 0 d-------- C:\Program Files\Common Files\Teleca Shared

2008-04-28 12:53:15 0 d-------- C:\Windows\Downloaded Installations

2008-04-28 12:52:45 0 d-------- C:\Users\All Users\Teleca

2008-04-28 12:52:45 0 d-------- C:\Users\All Users\Sony Ericsson

2008-04-27 03:28:54 0 d-------- C:\Users\VAIO\Kuby_zD

2008-04-26 03:44:18 0 d-------- C:\Users\VAIO\Z_Domow

2008-04-26 02:15:02 0 d-------- C:\Program Files\Winamp

2008-04-26 01:24:41 0 d-------- C:\Users\VAIO\Moje Websy

2008-04-26 01:22:21 0 d-------- C:\Users\VAIO\Moje programy

2008-04-26 01:22:19 0 d-------- C:\Users\VAIO\Listy

2008-04-25 23:21:38 0 dr------- C:\Users\VAIO\Filmy

2008-04-25 23:18:14 0 d-------- C:\videodvdmaker

2008-04-25 23:17:25 0 d-------- C:\Program Files\Video DVD Maker

2008-04-24 19:21:46 0 d-------- C:\Windows\Ulead.dat

2008-04-24 19:18:10 0 d-------- C:\Windows\RegisteredPackages

2008-04-24 19:18:09 0 d--h----- C:\Windows\msdownld.tmp

2008-04-24 17:26:31 0 d-------- C:\Users\All Users\Ulead Systems

2008-04-24 17:25:07 306688 --a------ C:\Windows\IsUninst.exe

2008-04-24 17:19:58 0 d-------- C:\Program Files\Windows Media Components

2008-04-24 01:45:55 0 d-------- C:\Users\All Users\Media Center Programs

2008-04-24 01:38:53 0 d-------- C:\Program Files\Ubisoft

2008-04-24 00:23:01 0 d-------- C:\Program Files\KONAMI

2008-04-23 23:14:40 0 d-------- C:\Program Files\Edgard

2008-04-23 22:18:57 38160 --a------ C:\Windows\system32\LMRTREND.dll

2008-04-23 22:18:57 155408 --a------ C:\Windows\system32\LMRT.dll

2008-04-23 22:18:56 63488 --a------ C:\Windows\system32\unam4ie.exe

2008-04-23 22:18:56 217984 --a------ C:\Windows\system32\strmdll.dll

2008-04-23 22:18:56 182032 --a------ C:\Windows\system32\dxtmsft3.dll

2008-04-23 22:18:54 10240 --a------ C:\Windows\system32\vidx16.dll

2008-04-23 22:18:53 194320 --a------ C:\Windows\system32\qcut.dll

2008-04-23 22:18:52 4608 --a------ C:\Windows\system32\w95inf32.dll

2008-04-23 22:18:52 2272 --a------ C:\Windows\system32\w95inf16.dll

2008-04-23 22:18:40 0 d-------- C:\Program Files\Auralog

2008-04-22 22:43:13 0 d-------- C:\Users\VAIO\Nagrania

2008-04-22 22:32:50 164352 --a------ C:\Windows\system32\unrar.dll

2008-04-22 22:32:42 0 d-------- C:\Users\All Users\Real

2008-04-22 22:32:42 0 d-------- C:\Program Files\K-Lite Codec Pack

2008-04-22 22:08:11 0 d-------- C:\Program Files\MediaMonkey

2008-04-22 22:00:53 0 d-------- C:\Users\VAIO\zextrascr

2008-04-22 14:30:25 0 d-------- C:\Program Files\Common Files\Adobe

2008-04-21 23:51:53 398416 --a------ C:\Windows\system\VBRUN300.DLL

2008-04-21 23:51:53 12212 --a------ C:\Windows\system\VALIDPIC.DLL

2008-04-21 23:51:38 0 d-------- C:\Programy

2008-04-21 23:50:49 0 -rahs---- C:\MSDOS.SYS

2008-04-21 23:50:49 0 -rahs---- C:\IO.SYS

2008-04-21 22:06:54 0 d-------- C:\Program Files\Edgard Multimedia

2008-04-21 21:55:02 0 d-------- C:\Program Files\Alcohol Soft

2008-04-21 21:51:44 716272 --a------ C:\Windows\system32\drivers\sptd.sys

2008-04-21 21:06:42 0 d-------- C:\Users\VAIO.borland

2008-04-21 21:05:20 0 d-------- C:\Program Files\Common Files\Borland Shared

2008-04-21 21:05:13 0 d-------- C:\Program Files\Borland

2008-04-21 20:55:37 0 d-------- C:\Program Files\Microsoft Visual Studio .NET 2003

2008-04-21 19:18:20 0 d-------- C:\Users\VAIO\LAPTOP DYSK

2008-04-21 19:15:06 0 d-------- C:\Program Files\altcmd

2008-04-19 23:36:59 0 d-------- C:\Program Files\Microsoft SQL Server Compact Edition

2008-04-19 23:36:21 0 d-------- C:\Program Files\Windows Live Toolbar

2008-04-19 23:30:47 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller

2008-04-19 23:30:44 0 d-------- C:\Program Files\Windows Live

2008-04-19 23:30:39 0 d-------- C:\Users\All Users\WLInstaller

2008-04-19 22:56:50 0 d-------- C:\Program Files\Foxit Software

2008-04-19 22:32:10 0 d-------- C:\Program Files\OpenOffice.org 2.3

2008-04-19 22:13:14 0 d-------- C:\Users\VAIO\Morskie

2008-04-19 22:05:33 0 d-------- C:\Users\VAIO\Moje

2008-04-19 22:04:18 0 d-------- C:\Users\VAIO\ksiazki

2008-04-19 22:01:12 0 d-------- C:\Users\VAIO\instalki

2008-04-19 22:00:54 0 d-------- C:\Users\VAIO\smichy

2008-04-19 21:59:56 0 d-------- C:\Users\VAIO\praca

2008-04-19 21:59:07 0 d-------- C:\Users\VAIO\nowe

2008-04-19 21:32:38 0 d-------- C:\Users\VAIO\haki

2008-04-19 02:49:04 1208 --a------ C:\drmHeader.bin

2008-04-19 02:48:18 0 d-------- C:\Users\VAIO\HO_pliki

2008-04-19 02:30:14 0 d-------- C:\Program Files\HO

2008-04-19 01:53:48 0 d-------- C:\Users\VAIO.gimp-2.4

2008-04-19 01:25:02 0 d-------- C:\Program Files\GIMP-2.0

2008-04-17 23:46:35 0 d-------- C:\Program Files\Microsoft Works

2008-04-17 23:46:20 0 d-------- C:\Windows\PCHEALTH

2008-04-17 23:46:20 0 d-------- C:\Program Files\Microsoft.NET

2008-04-17 23:43:56 0 d-------- C:\Users\All Users\Microsoft Help

2008-04-17 23:43:36 0 dr-h----- C:\MSOCache

2008-04-17 23:35:13 0 d-------- C:\Users\VAIO\Mozilla backups

2008-04-17 23:22:17 0 d-------- C:\Program Files\Mozilla Thunderbird

2008-04-17 22:56:35 0 d-------- C:\Program Files\MozBackup

2008-04-17 22:50:45 0 d-------- C:\Program Files\SopCast

2008-04-17 22:42:20 1350 --a------ C:\Windows\mozver.dat

2008-04-17 19:53:05 32 --a------ C:\Users\All Users\ezsid.dat

2008-04-17 19:24:43 0 d-------- C:\Users\VAIO\Downloaded

2008-04-17 19:19:53 0 --a------ C:\Windows\nsreg.dat

2008-04-17 12:24:52 0 d-------- C:\Program Files\Apple Software Update

2008-04-17 12:20:26 0 d-------- C:\Program Files\iPod

2008-04-17 12:20:24 0 d-------- C:\Program Files\iTunes

2008-04-17 12:19:29 0 d-------- C:\Program Files\QuickTime

2008-04-17 12:13:26 0 d-------- C:\Users\VAIO\Application Data

2008-04-17 12:13:26 0 d-------- C:\Users\VAIO\Application Data\Adobe

2008-04-17 12:13:23 0 d-------- C:\Program Files\Adobe Media Player

2008-04-17 12:13:21 0 d-------- C:\Program Files\Common Files\Adobe AIR

2008-04-17 12:07:33 0 d-------- C:\Windows\system32\Macromed

2008-04-17 12:05:18 0 d-------- C:\Windows\system32\Adobe

2008-04-17 11:38:28 0 d-------- C:\Program Files\Microsoft Silverlight

-- Find3M Report ---------------------------------------------------------------

2008-05-10 17:56:04 0 d-------- C:\Users\VAIO\AppData\Roaming\Babylon

2008-05-10 17:56:01 0 d-------- C:\Users\VAIO\AppData\Roaming\Skype

2008-05-10 16:16:45 41952 --a------ C:\Users\VAIO\AppData\Roaming\nvModes.001

2008-05-10 16:08:58 2091 --a------ C:\Windows\bthservsdp.dat

2008-05-10 16:00:30 0 d-------- C:\Users\VAIO\AppData\Roaming\skypePM

2008-05-10 10:14:26 41952 --a------ C:\Users\VAIO\AppData\Roaming\nvModes.dat

2008-05-09 23:08:43 0 d-------- C:\Users\VAIO\AppData\Roaming\OpenOffice.org2

2008-05-09 21:16:50 0 d-------- C:\Users\VAIO\AppData\Roaming\Grisoft

2008-05-08 19:47:21 544794 --a------ C:\Windows\system32\perfh015.dat

2008-05-08 19:47:21 91572 --a------ C:\Windows\system32\perfc015.dat

2008-05-08 17:54:46 0 d-------- C:\Users\VAIO\AppData\Roaming\Malwarebytes

2008-05-08 13:42:37 0 d-------- C:\Users\VAIO\AppData\Roaming\Aquatica 3D

2008-05-08 00:18:42 0 d-------- C:\Program Files\Common Files

2008-05-07 21:35:56 0 d--h----- C:\Program Files\InstallShield Installation Information

2008-05-07 21:30:45 0 d-------- C:\Users\VAIO\AppData\Roaming\MAGIX

2008-05-07 20:52:38 0 d-------- C:\Users\VAIO\AppData\Roaming\Avanquest

2008-05-07 20:44:39 0 d-------- C:\Users\VAIO\AppData\Roaming\VCOM

2008-05-06 20:42:46 0 d-------- C:\Users\VAIO\AppData\Roaming\SecondLife

2008-05-05 22:24:28 0 d-------- C:\Users\VAIO\AppData\Roaming\Sony Corporation

2008-05-05 22:23:49 0 d-------- C:\Program Files\Sony

2008-05-05 22:23:01 0 d-------- C:\Program Files\Common Files\Sony Shared

2008-05-03 18:07:45 0 d-------- C:\Users\VAIO\AppData\Roaming\UseNeXT

2008-05-02 23:39:58 0 d-------- C:\Users\VAIO\AppData\Roaming\InstallShield

2008-05-02 18:39:18 0 d-------- C:\Program Files\Picasa2

2008-05-02 17:33:58 0 d-------- C:\Users\VAIO\AppData\Roaming\FastStone

2008-05-02 12:49:01 0 d-------- C:\Users\VAIO\AppData\Roaming\Tlen.pl

2008-05-01 12:14:26 0 d-------- C:\Program Files\Common Files\InstallShield

2008-04-28 12:57:49 0 d-------- C:\Users\VAIO\AppData\Roaming\Teleca

2008-04-28 12:53:32 0 d-------- C:\Users\VAIO\AppData\Roaming\Sony Ericsson

2008-04-26 02:27:55 0 d-------- C:\Users\VAIO\AppData\Roaming\Winamp

2008-04-25 23:18:14 0 d-------- C:\Users\VAIO\AppData\Roaming\Video DVD Maker FREE

2008-04-24 19:07:27 0 d-------- C:\Program Files\Google

2008-04-24 17:26:33 0 d-------- C:\Users\VAIO\AppData\Roaming\Ulead Systems

2008-04-24 01:00:29 0 dr-h----- C:\Users\VAIO\AppData\Roaming\SecuROM

2008-04-22 22:36:08 0 d-------- C:\Users\VAIO\AppData\Roaming\Media Player Classic

2008-04-22 22:32:42 0 d-------- C:\Users\VAIO\AppData\Roaming\Real

2008-04-22 14:25:57 0 d-------- C:\Users\VAIO\AppData\Roaming\Adobe

2008-04-19 02:49:14 0 d-------- C:\Users\VAIO\AppData\Roaming\Roxio

2008-04-19 01:23:12 0 d-------- C:\Users\VAIO\AppData\Roaming\Acronis

2008-04-17 19:22:09 0 d-------- C:\Users\VAIO\AppData\Roaming\Mozilla

2008-04-17 19:22:08 0 d-------- C:\Users\VAIO\AppData\Roaming\Thunderbird

2008-04-14 12:16:52 0 d-------- C:\Program Files\Java

2008-04-14 11:56:06 0 d-------- C:\Program Files\Windows Mail

2008-04-01 14:01:52 0 d-------- C:\Program Files\MSXML 4.0

2008-03-12 17:30:49 0 d-------- C:\Program Files\InterActual

2008-03-12 17:27:17 0 d-------- C:\Program Files\Common Files\PX Storage Engine

2008-03-12 17:27:12 0 d-------- C:\Program Files\Roxio

2008-03-12 17:26:58 0 d-------- C:\Program Files\Common Files\Sonic Shared

2008-03-12 17:26:52 0 d-------- C:\Program Files\Common Files\Roxio Shared

2008-03-12 17:23:51 0 d-------- C:\Program Files\SmartSound Software

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects{A057A204-BACC-4D26-9990-79A187E2698E}]

2008-05-09 21:02 2050816 --a------ C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{A057A204-BACC-4D26-9990-79A187E2698E}"= C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-05-09 21:02 2050816]

[-HKEY_CLASSES_ROOT\CLSID{A057A204-BACC-4D26-9990-79A187E2698E}]

[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-11-23 15:07]

"VAIOCameraUtility"="C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe" [2007-02-07 20:43]

"TrueImageMonitor.exe"="C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2007-09-14 03:52]

"AcronisTimounterMonitor"="C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe" [2007-09-14 04:02]

"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-11-07 03:35]

"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-11-07 03:35]

"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-11-07 03:35]

"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-06-13 08:16]

"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2007-06-10 01:12]

"Acronis Scheduler2 Service"="C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" [2007-09-14 03:55]

"ISBMgr.exe"="C:\Program Files\Sony\ISB Utility\ISBMgr.exe" [2007-06-11 18:27]

"Babylon Client"="C:\Program Files\Babylon\Babylon-Pro\Babylon.exe" [2006-05-24 17:39]

"TrayServer"="C:\Program Files\MAGIX\Movie_Edit_Pro_14_silver\TrayServer.exe" [2007-12-04 12:34]

"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-05-09 21:02]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-11 17:18]

"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-04-23 17:45]

"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 14:35]

"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 52\axcmd.exe" [2008-03-20 18:39]

"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34]

"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-11-23 15:33]

[HKEY_USERS.default\software\microsoft\windows\currentversion\run]

"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

C:\Users\VAIO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Tworzenie wycink˘w ekranu i uruchamianie programu OneNote 2007.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2007-08-24 04:45:42]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\

BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-06-22 11:55:32]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"=2 (0x2)

"EnableLUA"=0 (0x0)

"DisableRegistryTools"=0 (0x0)

"HideLegacyLogonScripts"=0 (0x0)

"HideLogoffScripts"=0 (0x0)

"RunLogonScriptSync"=1 (0x1)

"RunStartupScriptSync"=1 (0x1)

"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]

"HideLegacyLogonScripts"=0 (0x0)

"HideLogoffScripts"=0 (0x0)

"RunLogonScriptSync"=1 (0x1)

"RunStartupScriptSync"=1 (0x1)

"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]

VESWinlogon.dll 2007-07-24 19:26 98304 C:\Windows\System32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

"Authentication Packages"= msv1_0 relog_ap

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal{533C5B84-EC70-11D2-9505-00C04F79DEAF}]

@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]

@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]

@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]

@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum

bthsvcs BthServ

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{89eb30cb-0fdc-11dd-a84d-001bfb58314d}]

AutoRun\command- F:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{b6484ae2-ed8b-11db-90b8-806e6f6e6963}]

AutoRun\command- D:\autorun_PES2008.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{d0c99709-0c64-11dd-82ce-001bfb58314d}]

AutoRun\command- rthrw.com

explore\Command- rthrw.com

open\Command- rthrw.com

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]

C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components{6BF52A52-394A-11d3-B153-00C04F79FAA6}]

%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI

-- End of Deckard's System Scanner: finished at 2008-05-10 17:58:48 ------------


(Leon$) #6

Otwórz notatnik i wklej

zapisz jako plik.reg >> wszystkie pliki >> scal z rejestrem >> restart

b57f17008275c957m.jpg

powstanie plik o takiej ikonie

062aec4c9b51c033m.jpg

w który dwa razy klikniesz potwierdzisz chęć dodania do rejestru potem restart

start uruchom cmd

sc stop SessionLauncher Enter

sc delete SessionLauncher Enter

zrób optymalizacje uruchamiania http://cybertrash.netarteria.pl/cyber/index.php/topic,378.0.html

Wyłącz I włącz przywracanie systemu na wszystkich dyskach.http://support.microsoft.com/kb/310405/pl

przeskanuj obszar Mój komputer http://www.kaspersky.pl/virusscanner.html pokaż raport stronę uruchomić przez IE

:slight_smile:


(Qbanovac) #7

Zrobilem to co zalecales. ja mam viste, ale mamnadzieje ze tez zadziala

Ponizej zalaczam raport ze skanowania z Kasperskyego, ktory znalazl i chyba wyczyscil jakies wirusy:


KASPERSKY ONLINE SCANNER REPORT

2008-05-11 07:05

System operacyjny: Microsoft Windows Vista Home Edition, (Build 6000)

Kaspersky Online Scanner wersja: 5.0.98.0

Ostatnia aktualizacja Kaspersky Anti-Virus10/05/2008

Liczba wpisów w bazie danych Kaspersky Anti-Virus754409


Ustawienia skanowania:

Skanowanie przy użyciu następujących baz danych: rozszerzone

Skanuj archiwa: tak

Skanuj pocztowe bazy danych: tak

Obszar skanowania - Mój komputer:

C:\

D:\

F:\

G:\

H:\

Statystyki skanowania:

Liczba skanowanych obiektów: 207245

Liczba wykrytych wirusów: 3

Liczba zainfekowanych obiektów: 12

Liczba podejrzanych obiektów: 0

Czas trwania skanowania: 04:55:48

Nazwa zainfekowanego obiektu / Nazwa wirusa / Ostatnie działanie

C:\Boot\BCD Object is locked pominięty

C:\Boot\BCD.LOG Object is locked pominięty

C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\logs\sw_ae-20080510-193420.log Object is locked pominięty

C:\ProgramData\avg8\emc\Log\emc.log Object is locked pominięty

C:\ProgramData\avg8\Log\avgcore.log Object is locked pominięty

C:\ProgramData\avg8\Log\avglng.log Object is locked pominięty

C:\ProgramData\avg8\Log\avgrs.log Object is locked pominięty

C:\ProgramData\avg8\Log\avgsched.log Object is locked pominięty

C:\ProgramData\avg8\Log\avgui.log Object is locked pominięty

C:\ProgramData\avg8\Log\avgwd.log Object is locked pominięty

C:\ProgramData\avg8\Log\commonpriv.log Object is locked pominięty

C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\0c0cd80e730e3b08b024e74317a49762_dd38cd13-907e-46e5-8e09-d968377f70bc Object is locked pominięty

C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat Object is locked pominięty

C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat Object is locked pominięty

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.38.Crwl Object is locked pominięty

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.38.gthr Object is locked pominięty

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log Object is locked pominięty

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSStmp.log Object is locked pominięty

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010001.wid Object is locked pominięty

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010002.wid Object is locked pominięty

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010003.wid Object is locked pominięty

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010004.wid Object is locked pominięty

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010005.wid Object is locked pominięty

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010006.wid Object is locked pominięty

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010007.wid Object is locked pominięty

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010008.wid Object is locked pominięty

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000A.wid Object is locked pominięty

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000B.wid Object is locked pominięty

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000F.wid Object is locked pominięty

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010011.wid Object is locked pominięty

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010015.wid Object is locked pominięty

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010016.wid Object is locked pominięty

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010017.wid Object is locked pominięty

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010018.wid Object is locked pominięty

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010019.wid Object is locked pominięty

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001B.wid Object is locked pominięty

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001E.wid Object is locked pominięty

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010024.ci Object is locked pominięty

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010024.wid Object is locked pominięty

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010024.wsb Object is locked pominięty

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010036.wid Object is locked pominięty

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\INDEX.000 Object is locked pominięty

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.000 Object is locked pominięty

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\Used0000.000 Object is locked pominięty

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.000 Object is locked pominięty

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.chk1.gthr Object is locked pominięty

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.chk2.gthr Object is locked pominięty

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.Ntfy154.gthr Object is locked pominięty

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.Ntfy155.gthr Object is locked pominięty

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\tmp.edb Object is locked pominięty

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb Object is locked pominięty

C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc\NtfDB02.tmp Object is locked pominięty

C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc\NtfDB03.tmp Object is locked pominięty

C:\ProgramData\Microsoft\Windows Defender\Support\MPLog-11022006-050241.log Object is locked pominięty

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked pominięty

C:\Users\VAIO\AppData\Local\Microsoft\CardSpace\CardSpace.db Object is locked pominięty

C:\Users\VAIO\AppData\Local\Microsoft\CardSpace\CardSpace.db.shadow Object is locked pominięty

C:\Users\VAIO\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT Object is locked pominięty

C:\Users\VAIO\AppData\Local\Microsoft\Messenger\qbanovac@hotmail.com\SharingMetadata\Logs\Dfsr00005.log Object is locked pominięty

C:\Users\VAIO\AppData\Local\Microsoft\Messenger\qbanovac@hotmail.com\SharingMetadata\pending.dat Object is locked pominięty

C:\Users\VAIO\AppData\Local\Microsoft\Messenger\qbanovac@hotmail.com\SharingMetadata\Working\database_B84A_876D_4A87_276A\dfsr.db Object is locked pominięty

C:\Users\VAIO\AppData\Local\Microsoft\Messenger\qbanovac@hotmail.com\SharingMetadata\Working\database_B84A_876D_4A87_276A\fsr.log Object is locked pominięty

C:\Users\VAIO\AppData\Local\Microsoft\Messenger\qbanovac@hotmail.com\SharingMetadata\Working\database_B84A_876D_4A87_276A\fsrtmp.log Object is locked pominięty

C:\Users\VAIO\AppData\Local\Microsoft\Messenger\qbanovac@hotmail.com\SharingMetadata\Working\database_B84A_876D_4A87_276A\tmp.edb Object is locked pominięty

C:\Users\VAIO\AppData\Local\Microsoft\Windows\Explorer\thumbcache_1024.db Object is locked pominięty

C:\Users\VAIO\AppData\Local\Microsoft\Windows\Explorer\thumbcache_256.db Object is locked pominięty

C:\Users\VAIO\AppData\Local\Microsoft\Windows\Explorer\thumbcache_32.db Object is locked pominięty

C:\Users\VAIO\AppData\Local\Microsoft\Windows\Explorer\thumbcache_96.db Object is locked pominięty

C:\Users\VAIO\AppData\Local\Microsoft\Windows\Explorer\thumbcache_idx.db Object is locked pominięty

C:\Users\VAIO\AppData\Local\Microsoft\Windows\Explorer\thumbcache_sr.db Object is locked pominięty

C:\Users\VAIO\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat Object is locked pominięty

C:\Users\VAIO\AppData\Local\Microsoft\Windows\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked pominięty

C:\Users\VAIO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat Object is locked pominięty

C:\Users\VAIO\AppData\Local\Microsoft\Windows\UsrClass.dat Object is locked pominięty

C:\Users\VAIO\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1 Object is locked pominięty

C:\Users\VAIO\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2 Object is locked pominięty

C:\Users\VAIO\AppData\Local\Microsoft\Windows\UsrClass.dat{15d9e600-9993-11dc-a32b-0013a9c01d9e}.TM.blf Object is locked pominięty

C:\Users\VAIO\AppData\Local\Microsoft\Windows\UsrClass.dat{15d9e600-9993-11dc-a32b-0013a9c01d9e}.TMContainer00000000000000000001.regtrans-ms Object is locked pominięty

C:\Users\VAIO\AppData\Local\Microsoft\Windows\UsrClass.dat{15d9e600-9993-11dc-a32b-0013a9c01d9e}.TMContainer00000000000000000002.regtrans-ms Object is locked pominięty

C:\Users\VAIO\AppData\Local\Microsoft\Windows Defender\FileTracker{55E396B7-4D99-4578-A21B-B13A74FA7667} Object is locked pominięty

C:\Users\VAIO\AppData\Local\Microsoft\Windows Live Contacts\qbanovac@hotmail.com\real\members.stg Object is locked pominięty

C:\Users\VAIO\AppData\Local\Microsoft\Windows Sidebar\Settings.ini Object is locked pominięty

C:\Users\VAIO\AppData\Local\Mozilla\Firefox\Profiles\yg5emaw7.default\Cache_CACHE_001_ Object is locked pominięty

C:\Users\VAIO\AppData\Local\Mozilla\Firefox\Profiles\yg5emaw7.default\Cache_CACHE_002_ Object is locked pominięty

C:\Users\VAIO\AppData\Local\Mozilla\Firefox\Profiles\yg5emaw7.default\Cache_CACHE_003_ Object is locked pominięty

C:\Users\VAIO\AppData\Local\Mozilla\Firefox\Profiles\yg5emaw7.default\Cache_CACHE_MAP_ Object is locked pominięty

C:\Users\VAIO\AppData\Local\Temp\~DF997C.tmp Object is locked pominięty

C:\Users\VAIO\AppData\Local\Temp\~DF9988.tmp Object is locked pominięty

C:\Users\VAIO\AppData\Local\Temp\~ROMFN_000006B8 Object is locked pominięty

C:\Users\VAIO\AppData\Roaming\Babylon\log_file.txt Object is locked pominięty

C:\Users\VAIO\AppData\Roaming\Microsoft\Windows\Cookies\index.dat Object is locked pominięty

C:\Users\VAIO\AppData\Roaming\Mozilla\Firefox\Profiles\yg5emaw7.default\cert8.db Object is locked pominięty

C:\Users\VAIO\AppData\Roaming\Mozilla\Firefox\Profiles\yg5emaw7.default\formhistory.dat Object is locked pominięty

C:\Users\VAIO\AppData\Roaming\Mozilla\Firefox\Profiles\yg5emaw7.default\history.dat Object is locked pominięty

C:\Users\VAIO\AppData\Roaming\Mozilla\Firefox\Profiles\yg5emaw7.default\key3.db Object is locked pominięty

C:\Users\VAIO\AppData\Roaming\Mozilla\Firefox\Profiles\yg5emaw7.default\parent.lock Object is locked pominięty

C:\Users\VAIO\AppData\Roaming\Mozilla\Firefox\Profiles\yg5emaw7.default\search.sqlite Object is locked pominięty

C:\Users\VAIO\AppData\Roaming\Mozilla\Firefox\Profiles\yg5emaw7.default\urlclassifier2.sqlite Object is locked pominięty

C:\Users\VAIO\AppData\Roaming\Skype\qbanovacs\call256.dbb Object is locked pominięty

C:\Users\VAIO\AppData\Roaming\Skype\qbanovacs\callmember256.dbb Object is locked pominięty

C:\Users\VAIO\AppData\Roaming\Skype\qbanovacs\chat512.dbb Object is locked pominięty

C:\Users\VAIO\AppData\Roaming\Skype\qbanovacs\chatmember256.dbb Object is locked pominięty

C:\Users\VAIO\AppData\Roaming\Skype\qbanovacs\chatmsg1024.dbb Object is locked pominięty

C:\Users\VAIO\AppData\Roaming\Skype\qbanovacs\chatmsg256.dbb Object is locked pominięty

C:\Users\VAIO\AppData\Roaming\Skype\qbanovacs\chatmsg512.dbb Object is locked pominięty

C:\Users\VAIO\AppData\Roaming\Skype\qbanovacs\contactgroup256.dbb Object is locked pominięty

C:\Users\VAIO\AppData\Roaming\Skype\qbanovacs\dyncontent\bundle.dat Object is locked pominięty

C:\Users\VAIO\AppData\Roaming\Skype\qbanovacs\index2.dat Object is locked pominięty

C:\Users\VAIO\AppData\Roaming\Skype\qbanovacs\profile4096.dbb Object is locked pominięty

C:\Users\VAIO\AppData\Roaming\Skype\qbanovacs\sms256.dbb Object is locked pominięty

C:\Users\VAIO\AppData\Roaming\Skype\qbanovacs\transfer256.dbb Object is locked pominięty

C:\Users\VAIO\AppData\Roaming\Skype\qbanovacs\user1024.dbb Object is locked pominięty

C:\Users\VAIO\AppData\Roaming\Skype\qbanovacs\user16384.dbb Object is locked pominięty

C:\Users\VAIO\AppData\Roaming\Skype\qbanovacs\user256.dbb Object is locked pominięty

C:\Users\VAIO\AppData\Roaming\Skype\qbanovacs\user4096.dbb Object is locked pominięty

C:\Users\VAIO\AppData\Roaming\Skype\qbanovacs\voicemail256.dbb Object is locked pominięty

C:\Users\VAIO\AppData\Roaming\Sony Ericsson\Teleca\Telecalib\Logging\Application logs\FM_log.txt Object is locked pominięty

C:\Users\VAIO\instalki\Twister 2.0.6 mp3 sciagacz\twisterfree.exe/WISE0020.BIN Zainfekowanych: not-a-virus:AdWare.Win32.EZula.bc pominięty

C:\Users\VAIO\instalki\Twister 2.0.6 mp3 sciagacz\twisterfree.exe/WISE0021.BIN Zainfekowanych: not-a-virus:AdWare.Win32.SaveNow.bx pominięty

C:\Users\VAIO\instalki\Twister 2.0.6 mp3 sciagacz\twisterfree.exe WiseSFX: zainfekowany - 2 pominięty

C:\Users\VAIO\NTUSER.DAT Object is locked pominięty

C:\Users\VAIO\ntuser.dat.LOG1 Object is locked pominięty

C:\Users\VAIO\ntuser.dat.LOG2 Object is locked pominięty

C:\Users\VAIO\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf Object is locked pominięty

C:\Users\VAIO\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms Object is locked pominięty

C:\Users\VAIO\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms Object is locked pominięty

C:\Users\VAIO\Z_Domow\Pulpit\Downloaded\VistaConverter\vtp4\Vista Transformation Pack 4.0.exe/WISE0034.BIN Zainfekowanych: not-a-virus:RiskTool.Win32.CloseApp.a pominięty

C:\Users\VAIO\Z_Domow\Pulpit\Downloaded\VistaConverter\vtp4\Vista Transformation Pack 4.0.exe/WISE0159.BIN/WISE0005.BIN Zainfekowanych: not-a-virus:RiskTool.Win32.CloseApp.a pominięty

C:\Users\VAIO\Z_Domow\Pulpit\Downloaded\VistaConverter\vtp4\Vista Transformation Pack 4.0.exe/WISE0159.BIN Zainfekowanych: not-a-virus:RiskTool.Win32.CloseApp.a pominięty

C:\Users\VAIO\Z_Domow\Pulpit\Downloaded\VistaConverter\vtp4\Vista Transformation Pack 4.0.exe WiseSFX: zainfekowany - 3 pominięty

C:\Users\VAIO\Z_Domow\Pulpit\Downloaded\VistaConverter\vtp4.zip/Vista Transformation Pack 4.0.exe/WISE0034.BIN Zainfekowanych: not-a-virus:RiskTool.Win32.CloseApp.a pominięty

C:\Users\VAIO\Z_Domow\Pulpit\Downloaded\VistaConverter\vtp4.zip/Vista Transformation Pack 4.0.exe/WISE0159.BIN/WISE0005.BIN Zainfekowanych: not-a-virus:RiskTool.Win32.CloseApp.a pominięty

C:\Users\VAIO\Z_Domow\Pulpit\Downloaded\VistaConverter\vtp4.zip/Vista Transformation Pack 4.0.exe/WISE0159.BIN Zainfekowanych: not-a-virus:RiskTool.Win32.CloseApp.a pominięty

C:\Users\VAIO\Z_Domow\Pulpit\Downloaded\VistaConverter\vtp4.zip/Vista Transformation Pack 4.0.exe Zainfekowanych: not-a-virus:RiskTool.Win32.CloseApp.a pominięty

C:\Users\VAIO\Z_Domow\Pulpit\Downloaded\VistaConverter\vtp4.zip ZIP: zainfekowany - 4 pominięty

C:\Windows\bthservsdp.dat Object is locked pominięty

C:\Windows\Debug\PASSWD.LOG Object is locked pominięty

C:\Windows\Debug\sam.log Object is locked pominięty

C:\Windows\Debug\WIA\wiatrace.log Object is locked pominięty

C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat Object is locked pominięty

C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat Object is locked pominięty

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WindowsUpdate.log Object is locked pominięty

C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT Object is locked pominięty

C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1 Object is locked pominięty

C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG2 Object is locked pominięty

C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{3a539869-6a70-11db-887c-d362bd253390}.TM.blf Object is locked pominięty

C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{3a539869-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms Object is locked pominięty

C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{3a539869-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms Object is locked pominięty

C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT Object is locked pominięty

C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1 Object is locked pominięty

C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG2 Object is locked pominięty

C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{3a539865-6a70-11db-887c-d362bd253390}.TM.blf Object is locked pominięty

C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{3a539865-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms Object is locked pominięty

C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{3a539865-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms Object is locked pominięty

C:\Windows\SoftwareDistribution\DataStore\DataStore.edb Object is locked pominięty

C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log Object is locked pominięty

C:\Windows\SoftwareDistribution\DataStore\Logs\tmp.edb Object is locked pominięty

C:\Windows\SoftwareDistribution\ReportingEvents.log Object is locked pominięty

C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 Object is locked pominięty

C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 Object is locked pominięty

C:\Windows\System32\catroot2\edb.log Object is locked pominięty

C:\Windows\System32\catroot2{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb Object is locked pominięty

C:\Windows\System32\catroot2{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb Object is locked pominięty

C:\Windows\System32\config\COMPONENTS Object is locked pominięty

C:\Windows\System32\config\COMPONENTS.LOG1 Object is locked pominięty

C:\Windows\System32\config\COMPONENTS.LOG2 Object is locked pominięty

C:\Windows\System32\config\DEFAULT Object is locked pominięty

C:\Windows\System32\config\DEFAULT.LOG1 Object is locked pominięty

C:\Windows\System32\config\DEFAULT.LOG2 Object is locked pominięty

C:\Windows\System32\config\RegBack\COMPONENTS Object is locked pominięty

C:\Windows\System32\config\RegBack\DEFAULT Object is locked pominięty

C:\Windows\System32\config\RegBack\SAM Object is locked pominięty

C:\Windows\System32\config\RegBack\SECURITY Object is locked pominięty

C:\Windows\System32\config\RegBack\SOFTWARE Object is locked pominięty

C:\Windows\System32\config\RegBack\SYSTEM Object is locked pominięty

C:\Windows\System32\config\SAM Object is locked pominięty

C:\Windows\System32\config\SAM.LOG1 Object is locked pominięty

C:\Windows\System32\config\SAM.LOG2 Object is locked pominięty

C:\Windows\System32\config\SECURITY Object is locked pominięty

C:\Windows\System32\config\SECURITY.LOG1 Object is locked pominięty

C:\Windows\System32\config\SECURITY.LOG2 Object is locked pominięty

C:\Windows\System32\config\SOFTWARE Object is locked pominięty

C:\Windows\System32\config\SOFTWARE.LOG1 Object is locked pominięty

C:\Windows\System32\config\SOFTWARE.LOG2 Object is locked pominięty

C:\Windows\System32\config\SYSTEM Object is locked pominięty

C:\Windows\System32\config\SYSTEM.LOG1 Object is locked pominięty

C:\Windows\System32\config\SYSTEM.LOG2 Object is locked pominięty

C:\Windows\System32\config\systemprofile\AppData\Roaming\Acronis\TrueImageHome\Logs\534196C0-CE86-4CA2-8B5E-9204B3F533AB.log Object is locked pominięty

C:\Windows\System32\config\TxR{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.0.regtrans-ms Object is locked pominięty

C:\Windows\System32\config\TxR{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.1.regtrans-ms Object is locked pominięty

C:\Windows\System32\config\TxR{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.2.regtrans-ms Object is locked pominięty

C:\Windows\System32\config\TxR{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.blf Object is locked pominięty

C:\Windows\System32\config\TxR{250834B7-750C-494d-BDC3-DA86B6E2101B}.TM.blf Object is locked pominięty

C:\Windows\System32\config\TxR{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000001.regtrans-ms Object is locked pominięty

C:\Windows\System32\config\TxR{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000002.regtrans-ms Object is locked pominięty

C:\Windows\System32\config\TxR{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000003.regtrans-ms Object is locked pominięty

C:\Windows\System32\config\TxR{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000004.regtrans-ms Object is locked pominięty

C:\Windows\System32\drivers\sptd.sys Object is locked pominięty

C:\Windows\System32\LogFiles\HTTPERR\httperr1.log Object is locked pominięty

C:\Windows\System32\LogFiles\Scm\SCM.EVM Object is locked pominięty

C:\Windows\System32\LogFiles\WUDF\WUDFTrace.etl Object is locked pominięty

C:\Windows\System32\Msdtc\KtmRmTm.blf Object is locked pominięty

C:\Windows\System32\Msdtc\KtmRmTmContainer00000000000000000001 Object is locked pominięty

C:\Windows\System32\Msdtc\KtmRmTmContainer00000000000000000002 Object is locked pominięty

C:\Windows\System32\spool\SpoolerETW.etl Object is locked pominięty

C:\Windows\System32\wbem\Logs\WMITracing.log Object is locked pominięty

C:\Windows\System32\wbem\Repository\INDEX.BTR Object is locked pominięty

C:\Windows\System32\wbem\Repository\MAPPING1.MAP Object is locked pominięty

C:\Windows\System32\wbem\Repository\MAPPING2.MAP Object is locked pominięty

C:\Windows\System32\wbem\Repository\OBJECTS.DATA Object is locked pominięty

C:\Windows\System32\WDI\LogFiles\WdiContextLog.etl.002 Object is locked pominięty

C:\Windows\System32\wfp\wfpdiag.etl Object is locked pominięty

C:\Windows\System32\winevt\Logs\Application.evtx Object is locked pominięty

C:\Windows\System32\winevt\Logs\DFS Replication.evtx Object is locked pominięty

C:\Windows\System32\winevt\Logs\HardwareEvents.evtx Object is locked pominięty

C:\Windows\System32\winevt\Logs\Internet Explorer.evtx Object is locked pominięty

C:\Windows\System32\winevt\Logs\Key Management Service.evtx Object is locked pominięty

C:\Windows\System32\winevt\Logs\Media Center.evtx Object is locked pominięty

C:\Windows\System32\winevt\Logs\Microsoft-Windows-Bits-Client%4Operational.evtx Object is locked pominięty

C:\Windows\System32\winevt\Logs\Microsoft-Windows-CodeIntegrity%4Operational.evtx Object is locked pominięty

C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-DPS%4Operational.evtx Object is locked pominięty

C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Performance%4Operational.evtx Object is locked pominięty

C:\Windows\System32\winevt\Logs\Microsoft-Windows-DriverFrameworks-UserMode%4Operational.evtx Object is locked pominięty

C:\Windows\System32\winevt\Logs\Microsoft-Windows-GroupPolicy%4Operational.evtx Object is locked pominięty

C:\Windows\System32\winevt\Logs\Microsoft-Windows-Help%4Operational.evtx Object is locked pominięty

C:\Windows\System32\winevt\Logs\Microsoft-Windows-International%4Operational.evtx Object is locked pominięty

C:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-WHEA.evtx Object is locked pominięty

C:\Windows\System32\winevt\Logs\Microsoft-Windows-LanguagePackSetup%4Operational.evtx Object is locked pominięty

C:\Windows\System32\winevt\Logs\Microsoft-Windows-NetworkAccessProtection%4Operational.evtx Object is locked pominięty

C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReadyBoost%4Operational.evtx Object is locked pominięty

C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReliabilityAnalysisComponent%4Operational.evtx Object is locked pominięty

C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Detector%4Operational.evtx Object is locked pominięty

C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Resolver%4Operational.evtx Object is locked pominięty

C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Leak-Diagnostic%4Operational.evtx Object is locked pominięty

C:\Windows\System32\winevt\Logs\Microsoft-Windows-RestartManager%4Operational.evtx Object is locked pominięty

C:\Windows\System32\winevt\Logs\Microsoft-Windows-TaskScheduler%4Operational.evtx Object is locked pominięty

C:\Windows\System32\winevt\Logs\Microsoft-Windows-WindowsUpdateClient%4Operational.evtx Object is locked pominięty

C:\Windows\System32\winevt\Logs\Microsoft-Windows-WLAN-AutoConfig%4Operational.evtx Object is locked pominięty

C:\Windows\System32\winevt\Logs\ODiag.evtx Object is locked pominięty

C:\Windows\System32\winevt\Logs\OSession.evtx Object is locked pominięty

C:\Windows\System32\winevt\Logs\Security.evtx Object is locked pominięty

C:\Windows\System32\winevt\Logs\System.evtx Object is locked pominięty

C:\Windows\Tasks\SCHEDLGU.TXT Object is locked pominięty

C:\Windows\WindowsUpdate.log Object is locked pominięty

Proces skanowania został zakończony.


(huber2t) #8

Usuń te pliki:

Powinno być ok

:slight_smile: :slight_smile:


(Leon$) #9

jeszcze to usuń ręcznie

tylko znalazł online nie usuwa

:slight_smile:


(Qbanovac) #10

Ok, zrobione.

Czy skanowac kompa jeszcze raz?

Caly czas mam ten problem z pulpitem oraz ikonami, co chyba jest pozostaloscia po dzialanosci wirusa.

Pulpit jest po prostu czarny i choc probuje wrzucic na niego jakies obrazy to nic sie nie pokazuje.

Ikony w folderach "obrazy" sie nie pokazuja. Widac tylko biale pole nad nazwa pliku

4470174-02f


(Leon$) #11

Pobierz Silent Runners http://forum.dobreprogramy.pl/viewtopic.php?f=16&t=36654 pokaż log

:slight_smile:


(Qbanovac) #12

OK oto kod z Silent Runnera:

"Silent Runners.vbs", revision 57, http://www.silentrunners.org/

Operating System: Windows Vista

Output limited to non-default values, except where indicated by "{++}"

Startup items buried in registry:


HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}

"Sidebar" = "C:\Program Files\Windows Sidebar\sidebar.exe /autoRun" [MS]

"Skype" = ""C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized" ["Skype Technologies S.A."]

"ehTray.exe" = "C:\Windows\ehome\ehTray.exe" [MS]

"AlcoholAutomount" = ""C:\Program Files\Alcohol Soft\Alcohol 52\axcmd.exe" /automount" ["Alcohol Soft Development Team"]

"msnmsgr" = ""C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background" [MS]

"swg" = "C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" ["Google Inc."]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}

"Windows Defender" = "C:\Program Files\Windows Defender\MSASCui.exe -hide"

"VAIOCameraUtility" = ""C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe"" ["Sony Corporation"]

"TrueImageMonitor.exe" = "C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe" ["Acronis"]

"AcronisTimounterMonitor" = "C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe" ["Acronis"]

"NvSvc" = "RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart" [MS]

"NvCplDaemon" = "RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup" [MS]

"NvMediaCenter" = "RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit" [MS]

"Sony Ericsson PC Suite" = ""C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions" [null data]

"Apoint" = "C:\Program Files\Apoint\Apoint.exe" ["Alps Electric Co., Ltd."]

"Acronis Scheduler2 Service" = ""C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"" ["Acronis"]

"ISBMgr.exe" = ""C:\Program Files\Sony\ISB Utility\ISBMgr.exe"" ["Sony Corporation"]

"Babylon Client" = "C:\Program Files\Babylon\Babylon-Pro\Babylon.exe -AutoStart" ["Babylon Ltd."]

"AVG8_TRAY" = "C:\PROGRA~1\AVG\AVG8\avgtray.exe" ["AVG Technologies CZ, s.r.o."]

"TrayServer" = "C:\Program Files\MAGIX\Movie_Edit_Pro_14_silver\TrayServer.exe" ["MAGIX AG"]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided)

-> {HKLM...CLSID} = "Adobe PDF Reader Link Helper"

\InProcServer32(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]

{22BF413B-C6D2-4d91-82A9-A0F997BA588C}(Default) = "Skype add-on (mastermind)"

-> {HKLM...CLSID} = "Skype add-on (mastermind)"

\InProcServer32(Default) = "C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll" ["Skype Technologies S.A."]

{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}(Default) = "WormRadar.com IESiteBlocker.NavFilter"

-> {HKLM...CLSID} = "AVG Safe Search"

\InProcServer32(Default) = "C:\Program Files\AVG\AVG8\avgssie.dll" ["AVG Technologies CZ, s.r.o."]

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}(Default) = (no title provided)

-> {HKLM...CLSID} = "SSVHelper Class"

\InProcServer32(Default) = "C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll" ["Sun Microsystems, Inc."]

{9030D464-4C02-4ABF-8ECC-5164760863C6}(Default) = (no title provided)

-> {HKLM...CLSID} = "Pomocnik rejestracji usługi Windows Live"

\InProcServer32(Default) = "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll" [MS]

{A057A204-BACC-4D26-9990-79A187E2698E}(Default) = (no title provided)

-> {HKLM...CLSID} = "AVG Security Toolbar"

\InProcServer32(Default) = "C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL" ["AVG, Technologies CZ, s.r.o "]

{AA58ED58-01DD-4d91-8333-CF10577473F7}(Default) = (no title provided)

-> {HKLM...CLSID} = "Google Toolbar Helper"

\InProcServer32(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."]

{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}(Default) = (no title provided)

-> {HKLM...CLSID} = "Windows Live Toolbar Helper"

\InProcServer32(Default) = "C:\Program Files\Windows Live Toolbar\msntb.dll" [MS]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"

-> {HKLM...CLSID} = "DesktopContext Class"

\InProcServer32(Default) = "C:\Windows\system32\nvcpl.dll" ["NVIDIA Corporation"]

"{45C6AFA5-2C13-402f-BC5D-45CC8172EF6B}" = "Bluetooth"

-> {HKCU...CLSID} = "Wymiana informacji - Bluetooth"

\InProcServer32(Default) = "C:\Windows\system32\TosBtExt.dll" [file not found]

-> {HKLM...CLSID} = "Wymiana informacji - Bluetooth"

\InProcServer32(Default) = "C:\Windows\system32\TosBtExt.dll" [file not found]

"{C539A15A-3AF9-4c92-B771-50CB78F5C751}" = "Acronis True Image Shell Context Menu Extension"

-> {HKLM...CLSID} = "Acronis True Image Shell Context Menu Extension"

\InProcServer32(Default) = "C:\Program Files\Acronis\TrueImageHome\tishell.dll" ["Acronis"]

"{C539A15B-3AF9-4c92-B771-50CB78F5C751}" = "Acronis True Image Shell Extension"

-> {HKLM...CLSID} = "Acronis True Image Shell Extension"

\InProcServer32(Default) = "C:\Program Files\Acronis\TrueImageHome\tishell.dll" ["Acronis"]

"{7842554E-6BED-11D2-8CDB-B05550C10000}" = "Monitor"

-> {HKLM...CLSID} = "Monitor Class"

\InProcServer32(Default) = "C:\Windows\system32\btncopy.dll" ["Broadcom Corporation."]

"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"

-> {HKLM...CLSID} = "NVIDIA CPL Extension"

\InProcServer32(Default) = "C:\Windows\system32\nvcpl.dll" ["NVIDIA Corporation"]

"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}" = "iTunes"

-> {HKLM...CLSID} = "iTunes"

\InProcServer32(Default) = "C:\Program Files\iTunes\iTunesMiniPlayer.dll" ["Apple Inc."]

"{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C}" = "Microsoft Office OneNote Namespace Extension for Windows Desktop Search"

-> {HKLM...CLSID} = "Microsoft Office OneNote Namespace Extension for Windows Desktop Search"

\InProcServer32(Default) = "C:\PROGRA~1\MICROS~3\Office12\ONFILTER.DLL" [MS]

"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32(Default) = "C:\Program Files\Microsoft Office\Office12\msohevi.dll" [MS]

"{993BE281-6695-4BA5-8A2A-7AACBFAAB69E}" = "Microsoft Office Metadata Handler"

-> {HKLM...CLSID} = "Microsoft Office Metadata Handler"

\InProcServer32(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS]

"{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97}" = "Microsoft Office Thumbnail Handler"

-> {HKLM...CLSID} = "Microsoft Office Thumbnail Handler"

\InProcServer32(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS]

"{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}" = "AVG8 Shell Extension"

-> {HKLM...CLSID} = "AVG8 Shell Extension Class"

\InProcServer32(Default) = "C:\Program Files\AVG\AVG8\avgse.dll" ["AVG Technologies CZ, s.r.o."]

"{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D}" = "Messenger Sharing Folders"

-> {HKLM...CLSID} = "Moje foldery udostępniania"

\InProcServer32(Default) = "C:\Program Files\Windows Live\Messenger\fsshext.8.5.1302.1018.dll" [MS]

"{E0D79304-84BE-11CE-9641-444553540000}" = "WinZip"

-> {HKLM...CLSID} = "WinZip"

\InProcServer32(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"]

"{E0D79305-84BE-11CE-9641-444553540000}" = "WinZip"

-> {HKLM...CLSID} = "WinZip"

\InProcServer32(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"]

"{E0D79306-84BE-11CE-9641-444553540000}" = "WinZip"

-> {HKLM...CLSID} = "WinZip"

\InProcServer32(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"]

"{E0D79307-84BE-11CE-9641-444553540000}" = "WinZip"

-> {HKLM...CLSID} = "WinZip"

\InProcServer32(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"]

"{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" = "OpenOffice.org Column Handler"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32(Default) = ""C:\Program Files\OpenOffice.org 2.3\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]

"{087B3AE3-E237-4467-B8DB-5A38AB959AC9}" = "OpenOffice.org Infotip Handler"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32(Default) = ""C:\Program Files\OpenOffice.org 2.3\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]

"{63542C48-9552-494A-84F7-73AA6A7C99C1}" = "OpenOffice.org Property Sheet Handler"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32(Default) = ""C:\Program Files\OpenOffice.org 2.3\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]

"{3B092F0C-7696-40E3-A80F-68D74DA84210}" = "OpenOffice.org Thumbnail Viewer"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32(Default) = ""C:\Program Files\OpenOffice.org 2.3\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]

"{0563DB41-F538-4B37-A92D-4659049B7766}" = "WLMD Message Handler"

-> {HKLM...CLSID} = "CLSID_WLMCMimeFilter"

\InProcServer32(Default) = "C:\Program Files\Windows Live\Mail\mailcomm.dll" [MS]

"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

"{00F33137-EE26-412F-8D71-F84E4C2C6625}" = (no title provided)

-> {HKLM...CLSID} = "Windows Live Photo Gallery Import Autoplay Shim"

\InProcServer32(Default) = "C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll" [MS]

"{00F346CB-35A4-465B-8B8F-65A29DBAB1F6}" = "Windows Live Photo Gallery Viewer Drop Target Shim"

-> {HKLM...CLSID} = "Windows Live Photo Gallery Viewer Shim"

\InProcServer32(Default) = "C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll" [MS]

"{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D}" = "Windows Live Photo Gallery Editor Drop Target Shim"

-> {HKLM...CLSID} = "Windows Live Photo Gallery Editor Shim"

\InProcServer32(Default) = "C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll" [MS]

"{00F30F90-3E96-453B-AFCD-D71989ECC2C7}" = "Windows Live Photo Gallery Autoplay Drop Target Shim"

-> {HKLM...CLSID} = "Windows Live Photo Gallery Viewer Autoplay Shim"

\InProcServer32(Default) = "C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll" [MS]

"{03DAACC5-10BA-4E3E-9D54-2A569F6B4B87}" = "Menedżer plików firmy Sony Ericsson"

-> {HKLM...CLSID} = "Menedżer plików firmy Sony Ericsson"

\InProcServer32(Default) = "C:\Program Files\Sony Ericsson\Mobile2\File Manager\FM.dll" ["Popwire AB"]

"{738D66C6-0149-4D40-84E4-A7BB2D0CE949}" = "Menedżer plików firmy Sony Ericsson"

-> {HKLM...CLSID} = "Menedżer plików firmy Sony Ericsson"

\InProcServer32(Default) = "C:\Program Files\Sony Ericsson\Mobile2\File Manager\FM.dll" ["Popwire AB"]

"{ED58A35B-B554-42AF-A26C-6F3D424200D3}" = "Sony Power Management Extensiond"

-> {HKLM...CLSID} = "SPMPanel"

\InProcServer32(Default) = "C:\Program Files\Sony\VAIO Power Management\SPMPanel.dll" ["Sony Corporation"]

"{79BC0345-1015-11D2-A299-006008312725}" = "blue.shell"

-> {HKLM...CLSID} = "///FAST project settings"

\InProcServer32(Default) = "C:\Program Files\Pinnacle\VideoSpin\Programs\BlueShellExt.dll" [null data]

"{A155339D-CCCD-4714-85EB-3754B804C9DF}" = "a-squared Free Shell Extension"

-> {HKLM...CLSID} = "a-squared Free Shell Extension"

\InProcServer32(Default) = "C:\Program Files\a-squared Free\a2freecontmenu.dll" ["Emsi Software GmbH"]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\

<> "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}" = "AVG Anti-Spyware 7.5"

-> {HKLM...CLSID} = "CShellExecuteHookImpl Object"

\InProcServer32(Default) = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" ["GRISOFT s.r.o."]

HKLM\SYSTEM\CurrentControlSet\Control\Lsa\

<> "Authentication Packages" = "msv1_0"|"relog_ap"

HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\

<> text/xml\CLSID = "{807563E5-5146-11D5-A672-00B0D022E945}"

-> {HKLM...CLSID} = "Microsoft Office InfoPath XML Mime Filter"

\InProcServer32(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL" [MS]

HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\

{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}(Default) = "OpenOffice.org Column Handler"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32(Default) = ""C:\Program Files\OpenOffice.org 2.3\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]

{F9DB5320-233E-11D1-9F84-707F02C10627}(Default) = "PDF Column Info"

-> {HKLM...CLSID} = "PDF Shell Extension"

\InProcServer32(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]

HKLM\SOFTWARE\Classes*\shellex\ContextMenuHandlers\

AVG Anti-Spyware(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"

-> {HKLM...CLSID} = "CContextScan Object"

\InProcServer32(Default) = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll" ["GRISOFT s.r.o."]

AVG8 Shell Extension(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"

-> {HKLM...CLSID} = "AVG8 Shell Extension Class"

\InProcServer32(Default) = "C:\Program Files\AVG\AVG8\avgse.dll" ["AVG Technologies CZ, s.r.o."]

RXDCExtSvr(Default) = "{70D0238E-E029-4a94-B68D-182018B6C4FF}"

-> {HKLM...CLSID} = "RXDCExtShlExt Class"

\InProcServer32(Default) = "C:\Program Files\Roxio\Virtual Drive 10\DC_ShellExt.dll" ["Sonic Solutions"]

tosBtShllExt(Default) = "{6BEF3D0B-53F0-4b0d-B91C-C19ED3D4C9D1}"

-> {HKCU...CLSID} = "Bluetooth File Extenstion"

\InProcServer32(Default) = "C:\Windows\system32\TosBtShell.dll" [file not found]

-> {HKLM...CLSID} = "Bluetooth File Extenstion"

\InProcServer32(Default) = "C:\Windows\system32\TosBtShell.dll" [file not found]

WinRAR(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

WinZip(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"

-> {HKLM...CLSID} = "WinZip"

\InProcServer32(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"]

HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\

AVG Anti-Spyware(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"

-> {HKLM...CLSID} = "CContextScan Object"

\InProcServer32(Default) = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll" ["GRISOFT s.r.o."]

tosBtShllExt(Default) = "{6BEF3D0B-53F0-4b0d-B91C-C19ED3D4C9D1}"

-> {HKCU...CLSID} = "Bluetooth File Extenstion"

\InProcServer32(Default) = "C:\Windows\system32\TosBtShell.dll" [file not found]

-> {HKLM...CLSID} = "Bluetooth File Extenstion"

\InProcServer32(Default) = "C:\Windows\system32\TosBtShell.dll" [file not found]

WinRAR(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

WinZip(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"

-> {HKLM...CLSID} = "WinZip"

\InProcServer32(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"]

HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\

a-squared Free Shell Extension(Default) = "{A155339D-CCCD-4714-85EB-3754B804C9DF}"

-> {HKLM...CLSID} = "a-squared Free Shell Extension"

\InProcServer32(Default) = "C:\Program Files\a-squared Free\a2freecontmenu.dll" ["Emsi Software GmbH"]

AVG8 Shell Extension(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"

-> {HKLM...CLSID} = "AVG8 Shell Extension Class"

\InProcServer32(Default) = "C:\Program Files\AVG\AVG8\avgse.dll" ["AVG Technologies CZ, s.r.o."]

MBAMShlExt(Default) = "{57CE581A-0CB6-4266-9CA0-19364C90A0B3}"

-> {HKLM...CLSID} = "MBAMShlExt Class"

\InProcServer32(Default) = "C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll" ["Malwarebytes"]

RXDCExtSvr(Default) = "{70D0238E-E029-4a94-B68D-182018B6C4FF}"

-> {HKLM...CLSID} = "RXDCExtShlExt Class"

\InProcServer32(Default) = "C:\Program Files\Roxio\Virtual Drive 10\DC_ShellExt.dll" ["Sonic Solutions"]

WinRAR(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

WinZip(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"

-> {HKLM...CLSID} = "WinZip"

\InProcServer32(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"]

HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\

a-squared Free Shell Extension(Default) = "{A155339D-CCCD-4714-85EB-3754B804C9DF}"

-> {HKLM...CLSID} = "a-squared Free Shell Extension"

\InProcServer32(Default) = "C:\Program Files\a-squared Free\a2freecontmenu.dll" ["Emsi Software GmbH"]

MBAMShlExt(Default) = "{57CE581A-0CB6-4266-9CA0-19364C90A0B3}"

-> {HKLM...CLSID} = "MBAMShlExt Class"

\InProcServer32(Default) = "C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll" ["Malwarebytes"]

Group Policies {GPedit.msc branch and setting}:


Note: detected settings may not have any effect.

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\

"HideLegacyLogonScripts" = (REG_DWORD) dword:0x00000000

{unrecognized setting}

"HideLogoffScripts" = (REG_DWORD) dword:0x00000000

{unrecognized setting}

"RunLogonScriptSync" = (REG_DWORD) dword:0x00000001

{unrecognized setting}

"RunStartupScriptSync" = (REG_DWORD) dword:0x00000001

{unrecognized setting}

"HideStartupScripts" = (REG_DWORD) dword:0x00000000

{unrecognized setting}

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\

"ConsentPromptBehaviorAdmin" = (REG_DWORD) dword:0x00000002

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

User Account Control: Behavior Of The Elevation Prompt For Administrators In Admin Approval Mode}

"ConsentPromptBehaviorUser" = (REG_DWORD) dword:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

User Account Control: Behavior Of The Elevation Prompt For Standard Users}

"EnableInstallerDetection" = (REG_DWORD) dword:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

User Account Control: Detect Application Installations And Prompt For Elevation}

"EnableLUA" = (REG_DWORD) dword:0x00000000

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

User Account Control: Run All Administrators In Admin Approval Mode}

"EnableSecureUIAPaths" = (REG_DWORD) dword:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

User Account Control: Only elevate UIAccess applications that are installed in secure locations}

"EnableVirtualization" = (REG_DWORD) dword:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

User Account Control: Virtualize file and registry write failures to per-user locations}

"PromptOnSecureDesktop" = (REG_DWORD) dword:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

User Account Control: Switch to the secure desktop when prompting for elevation}

"shutdownwithoutlogon" = (REG_DWORD) dword:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

Shutdown: Allow system to be shut down without having to log on}

"undockwithoutlogon" = (REG_DWORD) dword:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

Devices: Allow undock without having to log on}

"FilterAdministratorToken" = (REG_DWORD) dword:0x00000000

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

User Account Control: Admin Approval Mode for the Built-in Administrator Account}

"DisableRegistryTools" = (REG_DWORD) dword:0x00000000

{unrecognized setting}

"HideLegacyLogonScripts" = (REG_DWORD) dword:0x00000000

{unrecognized setting}

"HideLogoffScripts" = (REG_DWORD) dword:0x00000000

{unrecognized setting}

"RunLogonScriptSync" = (REG_DWORD) dword:0x00000001

{unrecognized setting}

"RunStartupScriptSync" = (REG_DWORD) dword:0x00000001

{unrecognized setting}

"HideStartupScripts" = (REG_DWORD) dword:0x00000000

{unrecognized setting}

Active Desktop and Wallpaper:


Active Desktop may be disabled at this entry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:

HKCU\Software\Microsoft\Internet Explorer\Desktop\General\

"Wallpaper" = "C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows Photo Gallery\Tapeta z Galerii fotografii systemu Windows.jpg"

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:

HKCU\Control Panel\Desktop\

"Wallpaper" = "C:\Users\VAIO\AppData\Roaming\Microsoft\Windows Photo Gallery\Tapeta z Galerii fotografii systemu Windows.jpg"

Enabled Screen Saver:


HKCU\Control Panel\Desktop\

"SCRNSAVE.EXE" = "C:\Windows\system32\scrnsave.scr" [MS]

Windows Portable Device AutoPlay Handlers


HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\

DMXPlayDVD\

"Provider" = "Roxio CinePlayer"

"InvokeProgID" = "DMX.PLAYDVD"

"InvokeVerb" = "Play"

HKLM\SOFTWARE\Classes\DMX.PLAYDVD\shell\Play\Command(Default) = "C:\Program Files\Roxio\CinePlayer\DMX.exe DVD "Play %1"" [null data]

InterActualPlayerPlayDVDVideoArrival\

"Provider" = "InterActual Player"

"InvokeProgID" = "InterActualPlayer.PlayDVD"

"InvokeVerb" = "play"

HKLM\SOFTWARE\Classes\InterActualPlayer.PlayDVD\shell\play\command(Default) = "C:\Program Files\InterActual\InterActual Player\iPlayer.exe -startup=autorun" ["Sonic Solutions"]

iTunesBurnCDOnArrival\

"Provider" = "iTunes"

"InvokeProgID" = "iTunes.BurnCD"

"InvokeVerb" = "burn"

HKLM\SOFTWARE\Classes\iTunes.BurnCD\shell\burn\command(Default) = ""C:\Program Files\iTunes\iTunes.exe" /AutoPlayBurn "%L"" ["Apple Inc."]

iTunesImportSongsOnArrival\

"Provider" = "iTunes"

"InvokeProgID" = "iTunes.ImportSongsOnCD"

"InvokeVerb" = "import"

HKLM\SOFTWARE\Classes\iTunes.ImportSongsOnCD\shell\import\command(Default) = ""C:\Program Files\iTunes\iTunes.exe" /AutoPlayImportSongs "%L"" ["Apple Inc."]

iTunesPlaySongsOnArrival\

"Provider" = "iTunes"

"InvokeProgID" = "iTunes.PlaySongsOnCD"

"InvokeVerb" = "play"

HKLM\SOFTWARE\Classes\iTunes.PlaySongsOnCD\shell\play\command(Default) = ""C:\Program Files\iTunes\iTunes.exe" /playCD "%L"" ["Apple Inc."]

iTunesShowSongsOnArrival\

"Provider" = "iTunes"

"InvokeProgID" = "iTunes.ShowSongsOnCD"

"InvokeVerb" = "showsongs"

HKLM\SOFTWARE\Classes\iTunes.ShowSongsOnCD\shell\showsongs\command(Default) = ""C:\Program Files\iTunes\iTunes.exe" /AutoPlayShowSongs "%L"" ["Apple Inc."]

MediaCapture10Music\

"Provider" = "Media Import"

"InvokeProgID" = "RoxioMediaCapture10"

"InvokeVerb" = "Audio"

HKLM\SOFTWARE\Classes\RoxioMediaCapture10\shell\Audio\command(Default) = "C:\Program Files\Roxio\Media Import 10\MediaCapture10.exe -audio %L" ["Sonic Solutions"]

MediaCapture10Photos\

"Provider" = "Media Import"

"InvokeProgID" = "RoxioMediaCapture10"

"InvokeVerb" = "Photo"

HKLM\SOFTWARE\Classes\RoxioMediaCapture10\shell\Photo\command(Default) = "C:\Program Files\Roxio\Media Import 10\MediaCapture10.exe -photo %L" ["Sonic Solutions"]

MediaCapture10VideoCamera\

"Provider" = "Media Import"

"ProgID" = "Shell.HWEventHandlerShellExecute"

"InitCmdLine" = "C:\Program Files\Roxio\Media Import 10\MediaCapture10.exe"

HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID(Default) = "{FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}"

-> {HKLM...CLSID} = "Shell Execute Hardware Event Handler"

\LocalServer32(Default) = "C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" [MS]

MediaCapture10Videos\

"Provider" = "Media Import"

"InvokeProgID" = "RoxioMediaCapture10"

"InvokeVerb" = "Video"

HKLM\SOFTWARE\Classes\RoxioMediaCapture10\shell\Video\command(Default) = "C:\Program Files\Roxio\Media Import 10\MediaCapture10.exe -video %L" ["Sonic Solutions"]

MediaMonkeyBurnHandler\

"Provider" = "MediaMonkey"

"InvokeProgID" = "SongsDB.SDBDropTarget"

"InvokeVerb" = "open"

HKLM\SOFTWARE\Classes\SongsDB.SDBDropTarget\shell\open\DropTarget\CLSID = "{AB97EDE4-091B-405F-83E6-9A31AD18EDAF}"

-> {HKLM...CLSID} = "SDBDropTarget"

\LocalServer32(Default) = "C:\PROGRA~1\MEDIAM~1\MEDIAM~2.EXE" ["Ventis Media Inc."]

MediaMonkeyPlayCDHandler\

"Provider" = "MediaMonkey"

"InvokeProgID" = "SongsDB.SDBDropTarget"

"InvokeVerb" = "open"

HKLM\SOFTWARE\Classes\SongsDB.SDBDropTarget\shell\open\DropTarget\CLSID = "{AB97EDE4-091B-405F-83E6-9A31AD18EDAF}"

-> {HKLM...CLSID} = "SDBDropTarget"

\LocalServer32(Default) = "C:\PROGRA~1\MEDIAM~1\MEDIAM~2.EXE" ["Ventis Media Inc."]

MediaMonkeyPlayHandler\

"Provider" = "MediaMonkey"

"InvokeProgID" = "SongsDB.SDBDropTarget"

"InvokeVerb" = "open"

HKLM\SOFTWARE\Classes\SongsDB.SDBDropTarget\shell\open\DropTarget\CLSID = "{AB97EDE4-091B-405F-83E6-9A31AD18EDAF}"

-> {HKLM...CLSID} = "SDBDropTarget"

\LocalServer32(Default) = "C:\PROGRA~1\MEDIAM~1\MEDIAM~2.EXE" ["Ventis Media Inc."]

MediaMonkeyRipCDHandler\

"Provider" = "MediaMonkey"

"InvokeProgID" = "SongsDB.SDBDropTargetRip"

"InvokeVerb" = "open"

HKLM\SOFTWARE\Classes\SongsDB.SDBDropTargetRip\shell\open\DropTarget\CLSID = "{7903D765-DA8C-4CB9-ADF2-F88D82E6BFFE}"

-> {HKLM...CLSID} = "SDBDropTargetRip"

\LocalServer32(Default) = "C:\PROGRA~1\MEDIAM~1\MEDIAM~2.EXE" ["Ventis Media Inc."]

MediaMonkeyStartHandler\

"Provider" = "MediaMonkey"

"CLSID" = "{0BA2D9E2-D4C8-45B2-8F5B-B3ADE5E461E6}"

-> {HKLM...CLSID} = "SDBHWEvents"

\LocalServer32(Default) = "C:\PROGRA~1\MEDIAM~1\MEDIAM~2.EXE" ["Ventis Media Inc."]

MPCPlayCDAudioOnArrival\

"Provider" = "Media Player Classic"

"InvokeProgID" = "MediaPlayerClassic.Autorun"

"InvokeVerb" = "PlayCDAudio"

HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayCDAudio\command(Default) = ""C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe" %1 /cd" ["Gabest"]

MPCPlayDVDMovieOnArrival\

"Provider" = "Media Player Classic"

"InvokeProgID" = "MediaPlayerClassic.Autorun"

"InvokeVerb" = "PlayDVDMovie"

HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayDVDMovie\command(Default) = ""C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe" %1 /dvd" ["Gabest"]

MPCPlayMusicFilesOnArrival\

"Provider" = "Media Player Classic"

"InvokeProgID" = "MediaPlayerClassic.Autorun"

"InvokeVerb" = "PlayMusicFiles"

HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayMusicFiles\command(Default) = ""C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe" %1" ["Gabest"]

MPCPlayVideoFilesOnArrival\

"Provider" = "Media Player Classic"

"InvokeProgID" = "MediaPlayerClassic.Autorun"

"InvokeVerb" = "PlayVideoFiles"

HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayVideoFiles\command(Default) = ""C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe" %1" ["Gabest"]

MSLivePhotoAcqHWEventHandler\

"Provider" = "@C:\Program Files\Windows Live\Photo Gallery\regres.dll,-10;en-us.1329.0201"

"ProgID" = "Microsoft.LivePhotoAcqHWEventHandler"

HKLM\SOFTWARE\Classes\Microsoft.LivePhotoAcqHWEventHandler\CLSID(Default) = "{3BD0ACD1-71CA-4475-92CC-E0AA0AAF843F}"

-> {HKLM...CLSID} = (no title provided)

\LocalServer32(Default) = "C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe" [MS]

MSLivePhotoAcquireDropHandler\

"Provider" = "@C:\Program Files\Windows Live\Photo Gallery\regres.dll,-10;en-us.1329.0201"

"InvokeProgID" = "Microsoft.LivePhotoAcqDTShim.1"

"InvokeVerb" = "open"

HKLM\SOFTWARE\Classes\Microsoft.LivePhotoAcqDTShim.1\shell\open\DropTarget\CLSID = "{00F33137-EE26-412F-8D71-F84E4C2C6625}"

-> {HKLM...CLSID} = "Windows Live Photo Gallery Import Autoplay Shim"

\InProcServer32(Default) = "C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll" [MS]

MSLiveShowPicturesOnArrival\

"Provider" = "@C:\Program Files\Windows Live\Photo Gallery\regres.dll,-10;en-us.1329.0201"

"InvokeProgID" = "Microsoft.Photos.LiveAutoplayShim.1"

"InvokeVerb" = "open"

HKLM\SOFTWARE\Classes\Microsoft.Photos.LiveAutoplayShim.1\shell\open\DropTarget\CLSID = "{00F30F90-3E96-453B-AFCD-D71989ECC2C7}"

-> {HKLM...CLSID} = "Windows Live Photo Gallery Viewer Autoplay Shim"

\InProcServer32(Default) = "C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll" [MS]

MSLiveVideoCameraArrivalCaptureWizard\

"Provider" = "@C:\Program Files\Windows Live\Photo Gallery\regres.dll,-10;en-us.1329.0201"

"ProgID" = "WLXAutoPlayMgr.WLXHWEventHandler"

"InitCmdLine" = "WLXVideoAcquireWizard"

HKLM\SOFTWARE\Classes\WLXAutoPlayMgr.WLXHWEventHandler\CLSID(Default) = "{9B5C97F6-B3A5-4A6D-8B03-993EC7291A22}"

-> {HKLM...CLSID} = "WLXWEventHandler Class"

\LocalServer32(Default) = ""C:\Program Files\Windows Live\Photo Gallery\WLXVideoCameraAutoPlayManager.exe"" [MS]

MSWMEncVCArrival\

"Provider" = "Windows Media Encoder 9 Series"

"ProgID" = "Shell.HWEventHandlerShellExecute"

"InitCmdLine" = "C:\Program Files\Windows Media Components\Encoder\WMEnc.exe"

HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID(Default) = "{FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}"

-> {HKLM...CLSID} = "Shell Execute Hardware Event Handler"

\LocalServer32(Default) = "C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" [MS]

MxVideoDeLuxeVideoCameraArrival\

"Provider" = "MAGIX Movie Edit Pro silver"

"ProgID" = "Magix.videodeLuxe"

HKLM\SOFTWARE\Classes\Magix.videodeLuxe\CLSID(Default) = "{1810360D-0FC7-474B-ABC1-84E96BF51D2F}"

-> {HKLM...CLSID} = "videodeLuxe AutoplayClass"

\LocalServer32(Default) = "C:\Program Files\MAGIX\Movie_Edit_Pro_14_silver\MovieEdit.exe" ["MAGIX AG"]

Picasa2ImportPicturesOnArrival\

"Provider" = "Picasa2"

"InvokeProgID" = "picasa2.autoplay"

"InvokeVerb" = "import"

HKLM\SOFTWARE\Classes\picasa2.autoplay\shell\import\command(Default) = "C:\Program Files\Picasa2\Picasa2.exe "%1"" ["Google Inc."]

RoxioCreator10PlayCDAudioOnArrival\

"Provider" = "Roxio Creator Classic"

"InvokeProgID" = "Creator10"

"InvokeVerb" = "open"

HKLM\SOFTWARE\Classes\Creator10\shell\open\Command(Default) = "C:\Program Files\Roxio\Creator Classic 10\Creator10.exe" ["Sonic Solutions"]

RoxioSCAudioCDTask36\

"Provider" = "Roxio Central Audio"

"InvokeProgID" = "Roxio.RoxioCentral36"

"InvokeVerb" = "AudioCDTask"

HKLM\SOFTWARE\Classes\Roxio.RoxioCentral36\shell\AudioCDTask\Command(Default) = ""C:\Program Files\Common Files\Roxio Shared\10.0\Roxio Central36\Main\Roxio_Central36.exe" /Launch {1DF24BC5-8E7F-4D41-AF7B-1EAAF8CE889B}" [null data]

RoxioSCCopyCD36\

"Provider" = "Roxio Central Copy"

"InvokeProgID" = "Roxio.RoxioCentral36"

"InvokeVerb" = "ExactCopyJob"

HKLM\SOFTWARE\Classes\Roxio.RoxioCentral36\shell\ExactCopyJob\Command(Default) = ""C:\Program Files\Common Files\Roxio Shared\10.0\Roxio Central36\Main\Roxio_Central36.exe" /Launch {D7B34115-CCC3-4508-BAC4-02A111F4DB4D}" [null data]

RoxioSCCopyDisc36\

"Provider" = "Roxio Central Copy"

"InvokeProgID" = "Roxio.RoxioCentral36"

"InvokeVerb" = "ExactCopyJob"

HKLM\SOFTWARE\Classes\Roxio.RoxioCentral36\shell\ExactCopyJob\Command(Default) = ""C:\Program Files\Common Files\Roxio Shared\10.0\Roxio Central36\Main\Roxio_Central36.exe" /Launch {D7B34115-CCC3-4508-BAC4-02A111F4DB4D}" [null data]

RoxioSCDataProject36\

"Provider" = "Roxio Central Data"

"InvokeProgID" = "Roxio.RoxioCentral36"

"InvokeVerb" = "DataGuide"

HKLM\SOFTWARE\Classes\Roxio.RoxioCentral36\shell\DataGuide\Command(Default) = ""C:\Program Files\Common Files\Roxio Shared\10.0\Roxio Central36\Main\Roxio_Central36.exe" /Launch Data" [null data]

RoxioSCDataTask36\

"Provider" = "Roxio Central Data"

"InvokeProgID" = "Roxio.RoxioCentral36"

"InvokeVerb" = "DataTask"

HKLM\SOFTWARE\Classes\Roxio.RoxioCentral36\shell\DataTask\Command(Default) = ""C:\Program Files\Common Files\Roxio Shared\10.0\Roxio Central36\Main\Roxio_Central36.exe" /Launch {85B64A0F-9111-4A55-8B5A-59343EE1EE8B}" [null data]

WIA_{569A2D1B-F33D-4CCC-B8CA-476FFD3251A8}\

"Provider" = "Picasa2"

"CLSID" = "{A55803CC-4D53-404c-8557-FD63DBA95D24}"

"InitCmdLine" = "/WiaCmd;C:\Program Files\Picasa2\PicasaMediaDetector.exe /StiDevice:%1 /StiEvent:%2;"

-> {HKLM...CLSID} = "WPDShextAutoplay"

\LocalServer32(Default) = "C:\Windows\system32\WPDShextAutoplay.exe" [MS]

WIA_{6D7F3577-EB4C-4F01-B242-8E14F4B58B05}\

"Provider" = "Picasa2"

"CLSID" = "{A55803CC-4D53-404c-8557-FD63DBA95D24}"

"InitCmdLine" = "/WiaCmd;C:\Program Files\Picasa2\PicasaMediaDetector.exe /StiDevice:%1 /StiEvent:%2;"

-> {HKLM...CLSID} = "WPDShextAutoplay"

\LocalServer32(Default) = "C:\Windows\system32\WPDShextAutoplay.exe" [MS]

WIA_{7F76B217-883B-462F-B39C-1AE8B271BADB}\

"Provider" = "Microsoft Office OneNote"

"CLSID" = "{A55803CC-4D53-404c-8557-FD63DBA95D24}"

"InitCmdLine" = "/WiaCmd;C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE /IMG_WIA;"

-> {HKLM...CLSID} = "WPDShextAutoplay"

\LocalServer32(Default) = "C:\Windows\system32\WPDShextAutoplay.exe" [MS]

WIA_{E12ADB14-BDAA-48A7-B1E5-0019F93E9B80}\

"Provider" = "Microsoft Office Word"

"CLSID" = "{A55803CC-4D53-404c-8557-FD63DBA95D24}"

"InitCmdLine" = "/WiaCmd;C:\Program Files\Microsoft Office\Office12\WINWORD.EXE /IMG_WIA;"

-> {HKLM...CLSID} = "WPDShextAutoplay"

\LocalServer32(Default) = "C:\Windows\system32\WPDShextAutoplay.exe" [MS]

WinampMTPHandler\

"Provider" = "Winamp"

"ProgID" = "Shell.HWEventHandlerShellExecute"

"InitCmdLine" = "C:\Program Files\Winamp\winamp.exe"

HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID(Default) = "{FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}"

-> {HKLM...CLSID} = "Shell Execute Hardware Event Handler"

\LocalServer32(Default) = "C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" [MS]

WinampPlayMediaOnArrival\

"Provider" = "Winamp"

"InvokeProgID" = "Winamp.File"

"InvokeVerb" = "Play"

HKLM\SOFTWARE\Classes\Winamp.File\shell\Play\command(Default) = ""C:\Program Files\Winamp\winamp.exe" "%1"" ["Nullsoft"]

HKLM\SOFTWARE\Classes\Winamp.File\shell\Play\DropTarget\CLSID = "{46986115-84D6-459c-8F95-52DD653E532E}"

-> {HKLM...CLSID} = (no title provided)

\LocalServer32(Default) = ""C:\Program Files\Winamp\winamp.exe"" ["Nullsoft"]

Startup items in "VAIO" & "All Users" startup folders:


C:\Users\VAIO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

"Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007" -> shortcut to: "C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE /tsr" [MS]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup

"BTTray" -> shortcut to: "C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe" ["Broadcom Corporation."]

Non-disabled Scheduled Tasks:


C:\Windows\System32\Tasks

"Sprawdź aktualizacje paska narzędzi Windows Live Toolbar" -> launches: "C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE" [MS]

"User_Feed_Synchronization-{F1D15D29-081B-486C-8246-AD8F38BED216}" -> (HIDDEN!) launches: "C:\Windows\system32\msfeedssync.exe sync" [MS]

C:\Windows\System32\Tasks\Apple

"AppleSoftwareUpdate" -> launches: "C:\Program Files\Apple Software Update\SoftwareUpdate.exe -task" ["Apple Inc."]

C:\Windows\System32\Tasks\Microsoft\Windows\Bluetooth

"UninstallDeviceTask" -> launches: "BthUdTask.exe $(Arg0)" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\CertificateServicesClient

"SystemTask" -> launches: "{58fb76b9-ac85-4e55-ac04-427593b1d060}"

-> {HKLM...CLSID} = "Certificate Services Client Task Handler"

\InProcServer32(Default) = "C:\Windows\system32\dimsjob.dll" [MS]

"UserTask" -> launches: "{58fb76b9-ac85-4e55-ac04-427593b1d060}"

-> {HKLM...CLSID} = "Certificate Services Client Task Handler"

\InProcServer32(Default) = "C:\Windows\system32\dimsjob.dll" [MS]

"UserTask-Roam" -> launches: "{58fb76b9-ac85-4e55-ac04-427593b1d060}"

-> {HKLM...CLSID} = "Certificate Services Client Task Handler"

\InProcServer32(Default) = "C:\Windows\system32\dimsjob.dll" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program

"Consolidator" -> launches: "%SystemRoot%\System32\wsqmcons.exe" [MS]

"OptinNotification" -> launches: "%SystemRoot%\System32\wsqmcons.exe -n 0x1C577FA2B69CAD0" [MS]

"Uploader" -> launches: "%windir%\system32\WSqmCons.exe -u" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Defrag

"ScheduledDefrag" -> launches: "%windir%\system32\defrag.exe -c -i" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Media Center

"ehDRMInit" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /DRMInit" [MS]

"mcupdate" -> launches: "%SystemRoot%\ehome\mcupdate $(Arg0) -gc" [MS]

"OCURActivate" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /OCURActivate" [MS]

"OCURDiscovery" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /OCURDiscovery" [MS]

"UpdateRecordPath" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0)" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\MobilePC

"HotStart" -> launches: "{06DA0625-9701-43da-BFD7-FBEEA2180A1E}"

-> {HKLM...CLSID} = "HotStart User Agent"

\InProcServer32(Default) = "C:\Windows\System32\HotStartUserAgent.dll" [MS]

"TMM" -> launches: "{35EF4182-F900-4632-B072-8639E4478A61}"

-> {HKLM...CLSID} = "Transient Multi-Monitor Manager"

\InProcServer32(Default) = "C:\Windows\System32\TMM.dll" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\MUI

"LPRemove" -> launches: "%windir%\system32\lpremove.exe" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Multimedia

"SystemSoundsService" -> launches: "{2DEA658F-54C1-4227-AF9B-260AB5FC3543}"

-> {HKLM...CLSID} = "Microsoft PlaySoundService Class"

\InProcServer32(Default) = "C:\Windows\System32\PlaySndSrv.dll" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\NetworkAccessProtection

"NAPStatus UI" -> launches: "{f09878a1-4652-4292-aa63-8c7d4fd7648f}"

-> {HKLM...CLSID} = "Nap ITask Handler Implementation"

\InProcServer32(Default) = "C:\Windows\System32\QAgent.dll" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\PLA\System

"ConvertLogEntries" -> (HIDDEN!) launches: "%windir%\system32\rundll32.exe %windir%\system32\pla.dll,PlaConvertLogEntries" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\RAC

"RACAgent" -> (HIDDEN!) launches: "%windir%\system32\RacAgent.exe" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\RemoteAssistance

"RemoteAssistanceTask" -> (HIDDEN!) launches: "%windir%\system32\RAServer.exe /offerraupdate" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Shell

"CrawlStartPages" -> launches: "{51653423-e62d-4ff7-894a-dabb2b8e21e2}"

-> {HKLM...CLSID} = "CrawlStartPages Task Handler"

\InProcServer32(Default) = "C:\Windows\System32\srchadmin.dll" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\SideShow

"GadgetManager" -> launches: "{FF87090D-4A9A-4f47-879B-29A80C355D61}"

-> {HKLM...CLSID} = "GadgetsManager Class"

\InProcServer32(Default) = "C:\Windows\System32\AuxiliaryDisplayServices.dll" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Tcpip

"IpAddressConflict1" -> launches: "rundll32 ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem" [MS]

"IpAddressConflict2" -> launches: "rundll32 ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\TextServicesFramework

"MsCtfMonitor" -> (HIDDEN!) launches: "{01575cfe-9a55-4003-a5e1-f38d1ebdcbe1}"

-> {HKLM...CLSID} = "MsCtfMonitor task handler"

\InProcServer32(Default) = "C:\Windows\system32\MsCtfMonitor.dll" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\UPnP

"UPnPHostConfig" -> launches: "sc.exe config upnphost start= auto" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\WDI

"ResolutionHost" -> (HIDDEN!) launches: "{900be39d-6be8-461a-bc4d-b0fa71f5ecb1}"

-> {HKLM...CLSID} = "DiagnosticInfrastructureCustomHandler"

\InProcServer32(Default) = "C:\Windows\System32\wdi.dll" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Windows Error Reporting

"QueueReporting" -> launches: "%windir%\system32\wermgr.exe -queuereporting" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\WindowsCalendar

"Reminders - VAIO" -> launches: "C:\Program Files\Windows Calendar\WinCal.exe /reminder" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Wired

"GatherWiredInfo" -> launches: "%windir%\system32\gatherWiredInfo.vbs" [null data]

C:\Windows\System32\Tasks\Microsoft\Windows\Wireless

"GatherWirelessInfo" -> launches: "%windir%\system32\gatherWirelessInfo.vbs" [null data]

C:\Windows\System32\Tasks\Microsoft\Windows Defender

"MP Scheduled Scan" -> (HIDDEN!) launches: "c:\program files\windows defender\MpCmdRun.exe Scan -RestrictPrivileges" [MS]

C:\Windows\System32\Tasks\SONY\VAIO Update

"VAIO Update" -> launches: ""C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe" /Stationary" ["Sony Corporation"]

C:\Windows\System32\Tasks\SONY\WSSU

"WSSU" -> launches: "C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe" ["Sony Corporation"]

Winsock2 Service Provider DLLs:


Namespace Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}

000000000001\LibraryPath = "%SystemRoot%\system32\NLAapi.dll" [MS]

000000000002\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

000000000003\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]

000000000004\LibraryPath = "%SystemRoot%\system32\napinsp.dll" [MS]

000000000005\LibraryPath = "%SystemRoot%\system32\pnrpnsp.dll" [MS]

000000000006\LibraryPath = "%SystemRoot%\system32\pnrpnsp.dll" [MS]

000000000007\LibraryPath = "C:\Program Files\Bonjour\mdnsNSP.dll" ["Apple Inc."]

000000000008\LibraryPath = "%SystemRoot%\system32\wshbth.dll" [MS]

Transport Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}

0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:

%SystemRoot%\system32\mswsock.dll [MS], 01 - 63

Toolbars, Explorer Bars, Extensions:


Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\

"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"

-> {HKLM...CLSID} = "&Google"

\InProcServer32(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."]

"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}"

-> {HKLM...CLSID} = "Windows Live Toolbar"

\InProcServer32(Default) = "C:\Program Files\Windows Live Toolbar\msntb.dll" [MS]

"{A057A204-BACC-4D26-9990-79A187E2698E}"

-> {HKLM...CLSID} = "AVG Security Toolbar"

\InProcServer32(Default) = "C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL" ["AVG, Technologies CZ, s.r.o "]

HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\

"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = (no title provided)

-> {HKLM...CLSID} = "&Google"

\InProcServer32(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."]

"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" = (no title provided)

-> {HKLM...CLSID} = "Windows Live Toolbar"

\InProcServer32(Default) = "C:\Program Files\Windows Live Toolbar\msntb.dll" [MS]

"{A057A204-BACC-4D26-9990-79A187E2698E}" = (no title provided)

-> {HKLM...CLSID} = "AVG Security Toolbar"

\InProcServer32(Default) = "C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL" ["AVG, Technologies CZ, s.r.o "]

Explorer Bars

HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\

HKLM\SOFTWARE\Classes\CLSID{FF059E31-CC5A-4E2E-BF3B-96E929D65503}(Default) = "&Poszukaj"

Implemented Categories{00021493-0000-0000-C000-000000000046}\ [vertical bar]

InProcServer32(Default) = "C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL" [MS]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\

{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\

"MenuText" = "Sun Java Console"

"CLSIDExtension" = "{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC}"

-> {HKLM...CLSID} = "Java Plug-in 1.6.0_05"

\InProcServer32(Default) = "C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll" ["Sun Microsystems, Inc."]

{219C3416-8CB2-491A-A3C7-D9FCDDC9D600}\

"ButtonText" = "Wpis w blogu"

"MenuText" = "&Wpis w blogu w Windows Live Writer"

"CLSIDExtension" = "{5F7B1267-94A9-47F5-98DB-E99415F33AEC}"

-> {HKLM...CLSID} = "BlogThisToolbarButton Class"

\InProcServer32(Default) = "C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll" [MS]

{2670000A-7350-4F3C-8081-5663EE0C6C49}\

"ButtonText" = "Wyślij do programu OneNote"

"MenuText" = "Wyślij &do programu OneNote"

"CLSIDExtension" = "{48E73304-E1D6-4330-914C-F5F514E3486C}"

-> {HKLM...CLSID} = "Send to OneNote from Internet Explorer button"

\InProcServer32(Default) = "C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll" [MS]

{77BF5300-1474-4EC7-9980-D32B190E9B07}\

"ButtonText" = "Skype"

"CLSIDExtension" = "{77BF5300-1474-4EC7-9980-D32B190E9B07}"

-> {HKLM...CLSID} = "Skype add-on (button)"

\InProcServer32(Default) = "C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll" ["Skype Technologies S.A."]

{92780B25-18CC-41C8-B9BE-3C9C571A8263}\

"ButtonText" = "Research"

{CCA281CA-C863-46EF-9331-5C8D4460577F}\

"ButtonText" = "@btrez.dll,-4015"

"MenuText" = "@btrez.dll,-12650"

"Script" = "C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm" [null data]

Running Services (Display Name, Service Name, Path {Service DLL}):


a-squared Free Service, a2free, ""C:\Program Files\a-squared Free\a2service.exe"" ["Emsi Software GmbH"]

Acronis Scheduler2 Service, AcrSch2Svc, ""C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe"" ["Acronis"]

Acronis Try And Decide Service, TryAndDecideService, ""C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe"" [null data]

Autokonfiguracja sieci WLAN, Wlansvc, "C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted" {"C:\Windows\System32\wlansvc.dll" [MS]}

AVG Anti-Spyware Guard, AVG Anti-Spyware Guard, "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe" ["GRISOFT s.r.o."]

AVG8 E-mail Scanner, avg8emc, "C:\PROGRA~1\AVG\AVG8\avgemc.exe" ["AVG Technologies CZ, s.r.o."]

AVG8 WatchDog, avg8wd, "C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe" ["AVG Technologies CZ, s.r.o."]

Bonjour Service, Bonjour Service, ""C:\Program Files\Bonjour\mDNSResponder.exe"" ["Apple Inc."]

Dostęp do urządzeń interfejsu HID, hidserv, "C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted" {"C:\Windows\system32\hidserv.dll" [MS]}

Izolacja klucza CNG, KeyIso, "C:\Windows\system32\lsass.exe" [MS]

Machine Debug Manager, MDM, ""C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe"" [MS]

Protokół uwierzytelniania rozszerzonego (EAP), EapHost, "C:\Windows\System32\svchost.exe -k netsvcs" {"C:\Windows\System32\eapsvc.dll" [MS]}

SigmaTel Audio Service, STacSV, "C:\Windows\system32\stacsv.exe" ["SigmaTel, Inc."]

StarWind AE Service, StarWindServiceAE, "C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe" ["Rocket Division Software"]

Urządzenie mobilne Apple, Apple Mobile Device, ""C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe"" ["Apple, Inc."]

Usługa buforowania czcionek platformy Windows Presentation Foundation, wersja 3.0.0.0, FontCache3.0.0.0, "C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe" [MS]

Usługa Messenger Sharing Folders USN Journal Reader, usnjsvc, ""C:\Program Files\Windows Live\Messenger\usnsvc.exe"" [MS]

Usługa obsługi Bluetooth, BthServ, "C:\Windows\system32\svchost.exe -k bthsvcs" {"C:\Windows\System32\bthserv.dll" [MS]}

VAIO Event Service, VAIO Event Service, "C:\Program Files\Sony\VAIO Event Service\VESMgr.exe" ["Sony Corporation"]

Windows Driver Foundation — User-mode Driver Framework, wudfsvc, "C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted" {"C:\Windows\System32\WUDFSvc.dll" [MS]}

Windows Image Acquisition (WIA), stisvc, "C:\Windows\system32\svchost.exe -k imgsvc" {"C:\Windows\System32\wiaservc.dll" [MS]}

Print Monitors:

HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\

Send To Microsoft OneNote Monitor\Driver = "msonpmon.dll" [MS]

  • (launch time: 2008-05-11 11:27:42)

<>: Suspicious data at a malware launch point.

  • The search for DESKTOP.INI DLL launch points on all local fixed drives

took 424 seconds.

---------- (total run time: 648 seconds)


(Leon$) #13

Podejrzewam że masz uszkodzony folder ze zdjęciami

w rejestrze jest podana ścvieżka do zdjęcia jako tapety

skoro jest uszkodzone to nie masz tapety tylko czarne tło

nie wiem jak jest w Viście >> właściwości >> pulpit >> ustaw tapetę systemową

:slight_smile:


(Qbanovac) #14

Zmiana tapety na systemową nic nie daje.

Zauważyłem teraz że problem nie dotyczy tylko folderu z obrazkami. Dotyczy on folderow gdzie widok okien ustawiony jest na "duży" lub "bardzo duży". Jak sie zmnieni widok jest ok. Tyle że wolałbym aby wszysko dobrze działało. Komp jest cały czas raczej wolny, wolniej sie otwiera i widze ze procek pracuje ciężko.

Z tapeta tez nic nie działa. Ponizej wysyłam link to strony gdzie zamieściłem zrzut pulpitu by pokazać jak wygląda okno dialogowe przy wybieraniu obrazu na pulpit.

Widać ze są tam umieszczne jakies obrazki, bo pod wskaźnikiem myszki pokazuje sie chmurka z nazwa. Tylko ze ikony są białe.

BBBB dziwne.

Szukając na różnych forach znalazłem 1 gościa w usa, który ma taki sam - identyczny problem i też go jeszcze nie rozwiązał i na tamtejszym forum też mu probują pomóc lecz narazie też bez skutku.

Oto link:

http://www.divshare.com/download/4471048-601

W dniu 11.05.2008 , o godzinie 23:36 został dopisany post przez qbas

Wyglada mi na to ze virusow juz nie mam, bo komp zaczal szybciej chodzic i ostatnie skanwanie nic nie wykazalo.

Problem z desktopem i ikonkami dalej istnieje i wyglada mi na to tak jakby był wyłączony Aktywny Pulpit, ponieważ gdy wrzuciłem na pulpit obrazek bitmapy to sie pojawił. Tak samo w 98 przy wyłączonym aktywnym pulpicie.

tylko nie wiem czy w Viscie istnieje wogole cos takiego jak Aktywny pulpit bo nigdzie go nie widac.

Zapytam sie tez o to w watku na forum o Viscie.

Bardzo Wam dziekuje za pomoc