Wyskakujace okienko 'windows security alert' 'spyware alert'


(Weedel) #1

nie dokońca znam się na tych rzeczach i jeśli ktoś chciałby mi pomóc (proszę) to proszę o dokładne instrukcje...

Skanowałem system McAfee, nic nie wykrył, wcześniej wyłączył mi się menedżer zadań, ale udało się go właczyć (google ) no i wzrosła liczba procesów ok. +10 procesów, nie wiem, które tam być powinny, ale na pewno było ich mniej ;/

[Dodano: Dzisiaj o 18:46]

log z hijacka

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 17:48:07, on 2008-05-22

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Boot mode: Safe mode


Running processes:

E:\WINDOWS\System32\smss.exe

E:\WINDOWS\system32\winlogon.exe

E:\WINDOWS\system32\services.exe

E:\WINDOWS\system32\lsass.exe

E:\WINDOWS\system32\svchost.exe

E:\WINDOWS\system32\svchost.exe

E:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

E:\WINDOWS\Explorer.EXE

E:\PROGRA~1\McAfee.com\Agent\mcagent.exe

E:\Program Files\Trend Micro\HijackThis\HijackThis.exe


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.bearshare.com/sidebar.html?src=ssb

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - E:\Program Files\SiteAdvisor\6253\SiteAdv.dll

O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - e:\PROGRA~1\mcafee\msk\mcapbho.dll

O2 - BHO: My Global Search Bar BHO - {37B85A21-692B-4205-9CAD-2626E4993404} - E:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - E:\Program Files\McAfee\VirusScan\scriptsn.dll

O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - E:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL

O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - E:\Program Files\SiteAdvisor\6253\SiteAdv.dll

O3 - Toolbar: gktxaspm - {AE7C2D7A-58B4-4DDD-904F-E089A9514E0F} - E:\WINDOWS\gktxaspm.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [ASUSGamerOSD] E:\Program Files\ASUS\GamerOSD\GamerOSD.exe

O4 - HKLM\..\Run: [JMB36X IDE Setup] E:\WINDOWS\RaidTool\xInsIDE.exe

O4 - HKLM\..\Run: [36X Raid Configurer] E:\WINDOWS\system32\xRaidSetup.exe boot

O4 - HKLM\..\Run: [LVCOMSX] E:\WINDOWS\system32\LVCOMSX.EXE

O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup

O4 - HKLM\..\Run: [RemoteControl] "c:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [LogitechCameraAssistant] E:\Program Files\Logitech\Video\CameraAssistant.exe

O4 - HKLM\..\Run: [LogitechVideo[inspector]] E:\Program Files\Logitech\Video\InstallHelper.exe /inspect

O4 - HKLM\..\Run: [LogitechCameraService(E)] E:\WINDOWS\system32\ElkCtrl.exe /automation

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] E:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe

O4 - HKLM\..\Run: [HPHUPD05] E:\Program Files\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe

O4 - HKLM\..\Run: [HP Component Manager] "E:\Program Files\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [HP Software Update] "E:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"

O4 - HKLM\..\Run: [HPHmon05] E:\WINDOWS\system32\hphmon05.exe

O4 - HKLM\..\Run: [WinampAgent] "c:\Program Files\Winamp\winampa.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] E:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "E:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [BearShare] "E:\Program Files\BearShare\BearShare.exe" /pause

O4 - HKLM\..\Run: [mcagent_exe] E:\Program Files\McAfee.com\Agent\mcagent.exe /runkey

O4 - HKLM\..\Run: [SiteAdvisor] E:\Program Files\SiteAdvisor\6253\SiteAdv.exe

O4 - HKLM\..\Run: [McENUI] E:\PROGRA~1\McAfee\MHN\McENUI.exe /hide

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] E:\Program Files\Google\Gmail Notifier\gnotify.exe

O4 - HKLM\..\Run: [Onet.pl AutoUpdate] "E:\Program Files\Common Files\Onet.pl\NewAutoUpdate.exe" /updateexetsr

O4 - HKLM\..\Run: [DelayLoad] E:\DOCUME~1\Adam\USTAWI~1\Temp\msprint.exe

O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray

O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "E:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [Comrade.exe] E:\Program Files\GameSpy\Comrade\Comrade.exe

O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Mobiola Web Camera 2 for S60 3rd Edition.lnk = C:\Program Files\Mobiola Web Camera 2 for S60 3rd Edition\BtCam.exe

O4 - Startup: OpenOffice.org 2.3.lnk = E:\Program Files\OpenOffice.org 2.3\program\quickstart.exe

O4 - Global Startup: SAGEM Wi-Fi 11g USB adapter LAN Utility.lnk = ?

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab

O21 - SSODL: gnowmebk - {B1507E16-F4C4-42B8-97EB-83453B4EB2DB} - E:\WINDOWS\gnowmebk.dll

O21 - SSODL: pxgdslro - {CA6C99C2-55BB-4135-BB37-F811413F57BC} - E:\WINDOWS\pxgdslro.dll

O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - E:\WINDOWS\ATKKBService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - E:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - e:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - E:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - e:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - E:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe

O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - e:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - E:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - E:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - E:\Program Files\McAfee\MPF\MPFSrv.exe

O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - E:\Program Files\McAfee\MSK\MskSrver.exe

O23 - Service: NMIndexingService - Nero AG - E:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - E:\WINDOWS\system32\HPZipm12.exe

O23 - Service: PnkBstrA - Unknown owner - E:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: ServiceLayer - Nokia. - E:\Program Files\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: Usługa SiteAdvisor (SiteAdvisor Service) - Unknown owner - E:\Program Files\SiteAdvisor\6253\SAService.exe


--

End of file - 8808 bytes

W dniu 22.05.2008 , o godzinie 19:23 został dopisany post przez weedelZ silent runners

"Silent Runners.vbs", revision 58, http://www.silentrunners.org/ 

Operating System: Windows XP SP2 

Output limited to non-default values, except where indicated by "{++}" 



Startup items buried in registry: 

--------------------------------- 


HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} 

"CTFMON.EXE" = "E:\WINDOWS\system32\ctfmon.exe" [MS] 

"Gadu-Gadu" = ""C:\Program Files\Gadu-Gadu\gg.exe" /tray" ["Gadu-Gadu S.A."] 

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" = ""E:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"" ["Nero AG"] 

"Comrade.exe" = "E:\Program Files\GameSpy\Comrade\Comrade.exe" [null data] 

"Steam" = ""c:\program files\steam\steam.exe" -silent" ["Valve Corporation"] 


HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} 

"NvCplDaemon" = "RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS] 

"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"] 

"ASUSGamerOSD" = "E:\Program Files\ASUS\GamerOSD\GamerOSD.exe" ["ASUSTeK Computer Inc."] 

"JMB36X IDE Setup" = "E:\WINDOWS\RaidTool\xInsIDE.exe" [null data] 

"36X Raid Configurer" = "E:\WINDOWS\system32\xRaidSetup.exe boot" ["Gigabyte Technology Corp."] 

"LVCOMSX" = "E:\WINDOWS\system32\LVCOMSX.EXE" ["Logitech Inc."] 

"PCSuiteTrayApplication" = "C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup" ["Nokia"] 

"RemoteControl" = ""c:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"" ["Cyberlink Corp."] 

"SunJavaUpdateSched" = ""E:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"" ["Sun Microsystems, Inc."] 

"LogitechCameraAssistant" = "E:\Program Files\Logitech\Video\CameraAssistant.exe" ["Logitech Inc."] 

"LogitechVideo[inspector]" = "E:\Program Files\Logitech\Video\InstallHelper.exe /inspect" ["Logitech Inc."] 

"LogitechCameraService(E)" = "E:\WINDOWS\system32\ElkCtrl.exe /automation" ["Logitech Inc."] 

"HPDJ Taskbar Utility" = "E:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" ["HP"] 

"HPHUPD05" = "E:\Program Files\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe" ["Hewlett-Packard"] 

"HP Component Manager" = ""E:\Program Files\HP\hpcoretech\hpcmpmgr.exe"" ["Hewlett-Packard Company"] 

"HP Software Update" = ""E:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"" ["Hewlett-Packard"] 

"HPHmon05" = "E:\WINDOWS\system32\hphmon05.exe" ["Hewlett-Packard"] 

"WinampAgent" = ""c:\Program Files\Winamp\winampa.exe"" [null data] 

"NeroFilterCheck" = "E:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" ["Nero AG"] 

"Adobe Reader Speed Launcher" = ""E:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"" ["Adobe Systems Incorporated"] 

"BearShare" = ""E:\Program Files\BearShare\BearShare.exe" /pause" ["Free Peers, Inc."] 

"mcagent_exe" = "E:\Program Files\McAfee.com\Agent\mcagent.exe /runkey" ["McAfee, Inc."] 

"SiteAdvisor" = "E:\Program Files\SiteAdvisor\6253\SiteAdv.exe" ["McAfee, Inc."] 

"McENUI" = "E:\PROGRA~1\McAfee\MHN\McENUI.exe /hide" ["McAfee, Inc."] 

"RTHDCPL" = "RTHDCPL.EXE" ["Realtek Semiconductor Corp."] 

"Alcmtr" = "ALCMTR.EXE" ["Realtek Semiconductor Corp."] 

"NvMediaCenter" = "RUNDLL32.EXE E:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit" [MS] 

"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}" = "E:\Program Files\Google\Gmail Notifier\gnotify.exe" ["Google Inc."] 

"Onet.pl AutoUpdate" = ""E:\Program Files\Common Files\Onet.pl\NewAutoUpdate.exe" /updateexetsr" [file not found] 

"DelayLoad" = "E:\DOCUME~1\Adam\USTAWI~1\Temp\msprint.exe" [null data] 


HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ 

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided) 

  -> {HKLM...CLSID} = "Adobe PDF Reader Link Helper" 

                   \InProcServer32\(Default) = "E:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"] 

{089FD14D-132B-48FC-8861-0048AE113215}\(Default) = (no title provided) 

  -> {HKLM...CLSID} = (no title provided) 

                   \InProcServer32\(Default) = "E:\Program Files\SiteAdvisor\6253\SiteAdv.dll" ["McAfee, Inc."] 

{377C180E-6F0E-4D4C-980F-F45BD3D40CF4}\(Default) = "McAntiPhishingBHO" 

  -> {HKLM...CLSID} = "McAfee Phishing Filter" 

                   \InProcServer32\(Default) = "e:\PROGRA~1\mcafee\msk\mcapbho.dll" ["McAfee, Inc."] 

{37B85A21-692B-4205-9CAD-2626E4993404}\(Default) = "My Global Search Bar BHO" 

  -> {HKLM...CLSID} = "My Global Search Bar BHO" 

                   \InProcServer32\(Default) = "E:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL" ["My Global Search"] 

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided) 

  -> {HKLM...CLSID} = "SSVHelper Class" 

                   \InProcServer32\(Default) = "E:\Program Files\Java\jre1.6.0_03\bin\ssv.dll" ["Sun Microsystems, Inc."] 

{7DB2D5A0-7241-4E79-B68D-6309F01C5231}\(Default) = "scriptproxy" 

  -> {HKLM...CLSID} = "scriptproxy" 

                   \InProcServer32\(Default) = "E:\Program Files\McAfee\VirusScan\scriptsn.dll" ["McAfee, Inc."] 


HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ 

"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania" 

  -> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania" 

                   \InProcServer32\(Default) = "deskpan.dll" [file not found] 

"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu" 

  -> {HKLM...CLSID} = "HyperTerminal Icon Ext" 

                   \InProcServer32\(Default) = "E:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."] 

"{EFA24E62-B078-11d0-89E4-00C04FC9E26E}" = "History Band" 

  -> {HKLM...CLSID} = "History Band" 

                   \InProcServer32\(Default) = "E:\WINDOWS\system32\shdocvw.dll" [MS] 

"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class" 

  -> {HKLM...CLSID} = "DesktopContext Class" 

                   \InProcServer32\(Default) = "E:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"] 

"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer" 

  -> {HKLM...CLSID} = "Desktop Explorer" 

                   \InProcServer32\(Default) = "E:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"] 

"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu" 

  -> {HKLM...CLSID} = (no title provided) 

                   \InProcServer32\(Default) = "E:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"] 

"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu" 

  -> {HKLM...CLSID} = "nView Desktop Context Menu" 

                   \InProcServer32\(Default) = "E:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"] 

"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension" 

  -> {HKLM...CLSID} = "WinRAR" 

                   \InProcServer32\(Default) = "E:\Program Files\WinRAR\rarext.dll" [null data] 

"{416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A}" = "PhoneBrowser" 

  -> {HKLM...CLSID} = "Nokia Phone Browser" 

                   \InProcServer32\(Default) = "C:\Program Files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll" ["Nokia"] 

"{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" = "OpenOffice.org Column Handler" 

  -> {HKLM...CLSID} = (no title provided) 

                   \InProcServer32\(Default) = ""E:\Program Files\OpenOffice.org 2.3\program\shlxthdl.dll"" ["Sun Microsystems, Inc."] 

"{087B3AE3-E237-4467-B8DB-5A38AB959AC9}" = "OpenOffice.org Infotip Handler" 

  -> {HKLM...CLSID} = (no title provided) 

                   \InProcServer32\(Default) = ""E:\Program Files\OpenOffice.org 2.3\program\shlxthdl.dll"" ["Sun Microsystems, Inc."] 

"{63542C48-9552-494A-84F7-73AA6A7C99C1}" = "OpenOffice.org Property Sheet Handler" 

  -> {HKLM...CLSID} = (no title provided) 

                   \InProcServer32\(Default) = ""E:\Program Files\OpenOffice.org 2.3\program\shlxthdl.dll"" ["Sun Microsystems, Inc."] 

"{3B092F0C-7696-40E3-A80F-68D74DA84210}" = "OpenOffice.org Thumbnail Viewer" 

  -> {HKLM...CLSID} = (no title provided) 

                   \InProcServer32\(Default) = ""E:\Program Files\OpenOffice.org 2.3\program\shlxthdl.dll"" ["Sun Microsystems, Inc."] 

"{B327765E-D724-4347-8B16-78AE18552FC3}" = "NeroDigitalIconHandler" 

  -> {HKLM...CLSID} = "NeroDigitalIconHandler Class" 

                   \InProcServer32\(Default) = "E:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"] 

"{7F1CF152-04F8-453A-B34C-E609530A9DC8}" = "NeroDigitalPropSheetHandler" 

  -> {HKLM...CLSID} = "NeroDigitalPropSheetHandler Class" 

                   \InProcServer32\(Default) = "E:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"] 

"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper" 

  -> {HKLM...CLSID} = "NVIDIA CPL Extension" 

                   \InProcServer32\(Default) = "E:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"] 


HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ 

"WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}" 

  -> {HKLM...CLSID} = "WPDShServiceObj Class" 

                   \InProcServer32\(Default) = "E:\WINDOWS\system32\WPDShServiceObj.dll" [MS] 

"gnowmebk" = "{B1507E16-F4C4-42B8-97EB-83453B4EB2DB}" 

  -> {HKLM...CLSID} = (no title provided) 

                   \InProcServer32\(Default) = "E:\WINDOWS\gnowmebk.dll" [null data] 

"pxgdslro" = "{CA6C99C2-55BB-4135-BB37-F811413F57BC}" 

  -> {HKLM...CLSID} = (no title provided) 

                   \InProcServer32\(Default) = "E:\WINDOWS\pxgdslro.dll" [null data] 


HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\ 

{7D4D6379-F301-4311-BEBA-E26EB0561882}\(Default) = "NeroDigitalExt.NeroDigitalColumnHandler" 

  -> {HKLM...CLSID} = "NeroDigitalColumnHandler Class" 

                   \InProcServer32\(Default) = "E:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"] 

{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\(Default) = "OpenOffice.org Column Handler" 

  -> {HKLM...CLSID} = (no title provided) 

                   \InProcServer32\(Default) = ""E:\Program Files\OpenOffice.org 2.3\program\shlxthdl.dll"" ["Sun Microsystems, Inc."] 

{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info" 

  -> {HKLM...CLSID} = "PDF Shell Extension" 

                   \InProcServer32\(Default) = "E:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."] 


HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\ 

McCtxMenu\(Default) = "{01576F39-90DE-4D6E-A068-5B20C22BAAEE}" 

  -> {HKLM...CLSID} = "CtxMenu Class" 

                   \InProcServer32\(Default) = "e:\PROGRA~1\mcafee\VIRUSS~1\mcctxmnu.dll" ["McAfee, Inc."] 

MkS_Vir\(Default) = "{E64226E0-9DA1-479E-8265-8D65BA327BD4}" 

  -> {HKLM...CLSID} = "MkS_Vir Shell Extension" 

                   \InProcServer32\(Default) = "/u\mksshell.dll" [file not found] 

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" 

  -> {HKLM...CLSID} = "WinRAR" 

                   \InProcServer32\(Default) = "E:\Program Files\WinRAR\rarext.dll" [null data] 


HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ 

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" 

  -> {HKLM...CLSID} = "WinRAR" 

                   \InProcServer32\(Default) = "E:\Program Files\WinRAR\rarext.dll" [null data] 


HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\ 

McCtxMenu\(Default) = "{01576F39-90DE-4D6E-A068-5B20C22BAAEE}" 

  -> {HKLM...CLSID} = "CtxMenu Class" 

                   \InProcServer32\(Default) = "e:\PROGRA~1\mcafee\VIRUSS~1\mcctxmnu.dll" ["McAfee, Inc."] 

MkS_Vir\(Default) = "{E64226E0-9DA1-479E-8265-8D65BA327BD4}" 

  -> {HKLM...CLSID} = "MkS_Vir Shell Extension" 

                   \InProcServer32\(Default) = "/u\mksshell.dll" [file not found] 

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" 

  -> {HKLM...CLSID} = "WinRAR" 

                   \InProcServer32\(Default) = "E:\Program Files\WinRAR\rarext.dll" [null data] 



Group Policies {GPedit.msc branch and setting}: 

----------------------------------------------- 


Note: detected settings may not have any effect. 


HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\ 


"DisableTaskMgr" = (REG_DWORD) dword:0x00000000 

{User Configuration|Administrative Templates|System|Ctrl+Alt+Del Options| 

Remove Task Manager} 


HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ 


"shutdownwithoutlogon" = (REG_DWORD) dword:0x00000001 

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| 

Shutdown: Allow system to be shut down without having to log on} 


"undockwithoutlogon" = (REG_DWORD) dword:0x00000001 

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| 

Devices: Allow undock without having to log on} 



Active Desktop and Wallpaper: 

----------------------------- 


Active Desktop may be disabled at this entry: 

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState 


Displayed if Active Desktop enabled and wallpaper not set by Group Policy: 

HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ 

"Wallpaper" = "%APPDATA%\Opera\Opera\profile\skin\20.bmp" 


Displayed if Active Desktop disabled and wallpaper not set by Group Policy: 

HKCU\Control Panel\Desktop\ 

"Wallpaper" = "E:\Documents and Settings\Adam\Dane aplikacji\Opera\Opera\profile\skin\20.bmp" 



Enabled Screen Saver: 

--------------------- 


HKCU\Control Panel\Desktop\ 

"SCRNSAVE.EXE" = "E:\WINDOWS\system32\logon.scr" [MS] 



Windows Portable Device AutoPlay Handlers 

----------------------------------------- 


HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ 


MSPlayCDAudioOnArrival\ 

"Provider" = "ALLPlayer" 

"InvokeProgID" = "AllPlayerFile" 

"InvokeVerb" = "play" 

HKLM\SOFTWARE\Classes\AllPlayerFile\shell\play\command\(Default) = ""d:\Program Files\MarBit\ALLPlayer\ALLPlayer.exe" "%1"" ["MarBit"] 


MSWPDShellNamespaceHandler\ 

"Provider" = "@%SystemRoot%\System32\WPDShextRes.dll,-501" 

"CLSID" = "{A55803CC-4D53-404c-8557-FD63DBA95D24}" 

"InitCmdLine" = " " 

  -> {HKLM...CLSID} = "WPDShextAutoplay" 

                   \LocalServer32\(Default) = "E:\WINDOWS\system32\WPDShextAutoplay.exe" [MS] 


NeroAutoPlay7CDAudio\ 

"Provider" = "Nero Express Essentials" 

"InvokeProgID" = "Nero.AutoPlay7" 

"InvokeVerb" = "CDAudio_HandleCDBurningOnArrival" 

HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\CDAudio_HandleCDBurningOnArrival\command\(Default) = "E:\Program Files\Nero\Nero 7\Core\nero.exe -w /New:AudioCD" ["Nero AG"] 


NeroAutoPlay7CopyCD\ 

"Provider" = "Nero Express Essentials" 

"InvokeProgID" = "Nero.AutoPlay7" 

"InvokeVerb" = "CopyCD_PlayMusicFilesOnArrival" 

HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\CopyCD_PlayMusicFilesOnArrival\command\(Default) = "E:\Program Files\Nero\Nero 7\Core\nero.exe -w /New:DiscCopy" ["Nero AG"] 


NeroAutoPlay7DataDisc\ 

"Provider" = "Nero Express Essentials" 

"InvokeProgID" = "Nero.AutoPlay7" 

"InvokeVerb" = "DataDisc_HandleCDBurningOnArrival" 

HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\DataDisc_HandleCDBurningOnArrival\command\(Default) = "E:\Program Files\Nero\Nero 7\Core\nero.exe -w /New:ISODisc" ["Nero AG"] 


NeroAutoPlay7LaunchNeroStartSmart\ 

"Provider" = "Nero StartSmart Essentials" 

"InvokeProgID" = "Nero.AutoPlay7" 

"InvokeVerb" = "LaunchNeroStartSmart_HandleCDBurningOnArrival" 

HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\LaunchNeroStartSmart_HandleCDBurningOnArrival\command\(Default) = "E:\Program Files\Nero\Nero 7\Nero StartSmart\NeroStartSmart.exe /AutoPlay" ["Nero AG"] 


NeroAutoPlay7PlayAudioCD\ 

"Provider" = "Nero ShowTime Essentials" 

"InvokeProgID" = "Nero.AutoPlay7" 

"InvokeVerb" = "PlayAudioCD_PlayMusicFilesOnArrival" 

HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\PlayAudioCD_PlayMusicFilesOnArrival\command\(Default) = "E:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe /Play %L" ["Nero AG"] 


NeroAutoPlay7PlayDVD\ 

"Provider" = "Nero ShowTime Essentials" 

"InvokeProgID" = "Nero.AutoPlay7" 

"InvokeVerb" = "PlayDVD_PlayVideoFilesOnArrival" 

HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\PlayDVD_PlayVideoFilesOnArrival\command\(Default) = "E:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe /Play %L" ["Nero AG"] 


NeroAutoPlay7VideoCapture\ 

"Provider" = "Nero Vision Essentials SE" 

"ProgID" = "Shell.HWEventHandlerShellExecute" 

"InitCmdLine" = ""E:\Program Files\Nero\Nero 7\Nero Vision\NeroVision.exe" /New:VideoCapture" 

HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = "{FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" 

  -> {HKLM...CLSID} = "ShellExecute HW Event Handler" 

                   \LocalServer32\(Default) = "rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" [MS] 


NeroAutoPlay7ViewPhotos\ 

"Provider" = "Nero PhotoSnap Viewer Essentials" 

"InvokeProgID" = "Nero.AutoPlay7" 

"InvokeVerb" = "ViewPhotos_ShowPicturesOnArrival" 

HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\ViewPhotos_ShowPicturesOnArrival\command\(Default) = "E:\Program Files\Nero\Nero 7\Nero PhotoSnap\PhotoSnapViewer.exe /" ["Nero AG"] 


NMMPlayCDAudioOnArrival\ 

"Provider" = "Nokia Music Manager" 

"InvokeProgID" = "NokiaMusicManager" 

"InvokeVerb" = "NMMPlayCD" 

HKLM\SOFTWARE\Classes\NokiaMusicManager\shell\NMMPlayCD\command\(Default) = "C:\Program Files\Nokia\Nokia PC Suite 6\MusicManager.exe /playCD "%L"" ["Nokia"] 


NMMRipCDAudioOnArrival\ 

"Provider" = "Nokia Music Manager" 

"InvokeProgID" = "NokiaMusicManager" 

"InvokeVerb" = "NMMRipCD" 

HKLM\SOFTWARE\Classes\NokiaMusicManager\shell\NMMRipCD\command\(Default) = "C:\Program Files\Nokia\Nokia PC Suite 6\MusicManager.exe /ripCD "%L"" ["Nokia"] 


PDVDPlayCDAudioOnArrival\ 

"Provider" = "PowerDVD" 

"InvokeProgID" = "AudioCD" 

"InvokeVerb" = "PlayWithPowerDVD" 

HKLM\SOFTWARE\Classes\AudioCD\shell\PlayWithPowerDVD\Command\(Default) = ""c:\Program Files\CyberLink\PowerDVD\PowerDVD.exe" "%L"" ["CyberLink Corp."] 


PDVDPlayDVDMovieOnArrival\ 

"Provider" = "PowerDVD" 

"InvokeProgID" = "DVD" 

"InvokeVerb" = "PlayWithPowerDVD" 

HKLM\SOFTWARE\Classes\DVD\shell\PlayWithPowerDVD\Command\(Default) = ""c:\Program Files\CyberLink\PowerDVD\PowerDVD.exe" "%l"" ["CyberLink Corp."] 


PDVDPlayVCDMovieOnArrival\ 

"Provider" = "PowerDVD" 

"InvokeProgID" = "VCD" 

"InvokeVerb" = "PlayWithPowerDVD" 

HKLM\SOFTWARE\Classes\VCD\shell\PlayWithPowerDVD\Command\(Default) = ""c:\Program Files\CyberLink\PowerDVD\PowerDVD.exe" "%l"" ["CyberLink Corp."] 


WinampMTPHandler\ 

"Provider" = "Winamp" 

"ProgID" = "Shell.HWEventHandlerShellExecute" 

"InitCmdLine" = "c:\Program Files\Winamp\winamp.exe" 

HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = "{FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" 

  -> {HKLM...CLSID} = "ShellExecute HW Event Handler" 

                   \LocalServer32\(Default) = "rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" [MS] 


WinampPlayMediaOnArrival\ 

"Provider" = "Winamp" 

"InvokeProgID" = "Winamp.File" 

"InvokeVerb" = "Play" 

HKLM\SOFTWARE\Classes\Winamp.File\shell\Play\command\(Default) = ""c:\Program Files\Winamp\winamp.exe" "%1"" ["Nullsoft"] 

HKLM\SOFTWARE\Classes\Winamp.File\shell\Play\DropTarget\CLSID = "{46986115-84D6-459c-8F95-52DD653E532E}" 

  -> {HKLM...CLSID} = (no title provided) 

                   \LocalServer32\(Default) = ""c:\Program Files\Winamp\winamp.exe"" ["Nullsoft"] 



Startup items in "Adam" & "All Users" startup folders: 

------------------------------------------------------ 


E:\Documents and Settings\Adam\Menu Start\Programy\Autostart 

"Mobiola Web Camera 2 for S60 3rd Edition" -> shortcut to: "C:\Program Files\Mobiola Web Camera 2 for S60 3rd Edition\BtCam.exe" ["Warelex LLC"] 

"OpenOffice.org 2.3" -> shortcut to: "E:\Program Files\OpenOffice.org 2.3\program\quickstart.exe" [null data] 


E:\Documents and Settings\All Users\Menu Start\Programy\Autostart 

"SAGEM Wi-Fi 11g USB adapter LAN Utility" -> shortcut to: "E:\Program Files\SAGEM Wi-Fi 11g USB adapter LAN Utility\WLANUTL.exe" [" "] 



Enabled Scheduled Tasks: 

------------------------ 


"HP Usg Daily" -> launches: "E:\Program Files\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\pexpress\hphped05.exe" [empty string] 

"McDefragTask" -> launches: "e:\PROGRA~1\mcafee\mqc\QcConsol.exe "E:\WINDOWS\system32\defrag.exe" C: -f" ["McAfee, Inc."] 

"McQcTask" -> launches: "e:\PROGRA~1\mcafee\mqc\QcConsol.exe 14 0" ["McAfee, Inc."] 



Winsock2 Service Provider DLLs: 

------------------------------- 


Namespace Service Providers 


HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 

000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 

000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS] 

000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 


Transport Service Providers 


HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 

0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: 

%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 17 

%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 



Toolbars, Explorer Bars, Extensions: 

------------------------------------ 


Toolbars 


HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\ 

"{37B85A29-692B-4205-9CAD-2626E4993404}" 

  -> {HKLM...CLSID} = "My Global Search Bar" 

                   \InProcServer32\(Default) = "E:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL" ["My Global Search"] 


HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ 

"{37B85A29-692B-4205-9CAD-2626E4993404}" 

  -> {HKLM...CLSID} = "My Global Search Bar" 

                   \InProcServer32\(Default) = "E:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL" ["My Global Search"] 


HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ 

"{37B85A29-692B-4205-9CAD-2626E4993404}" = (no title provided) 

  -> {HKLM...CLSID} = "My Global Search Bar" 

                   \InProcServer32\(Default) = "E:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL" ["My Global Search"] 

"{0BF43445-2F28-4351-9252-17FE6E806AA0}" = "McAfee SiteAdvisor" 

  -> {HKLM...CLSID} = "McAfee SiteAdvisor" 

                   \InProcServer32\(Default) = "E:\Program Files\SiteAdvisor\6253\SiteAdv.dll" ["McAfee, Inc."] 

"{AE7C2D7A-58B4-4DDD-904F-E089A9514E0F}" = (no title provided) 

  -> {HKLM...CLSID} = "gktxaspm" 

                   \InProcServer32\(Default) = "E:\WINDOWS\gktxaspm.dll" [null data] 


Extensions (Tools menu items, main toolbar menu buttons) 


HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\ 

{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ 

"MenuText" = "Sun Java Console" 

"CLSIDExtension" = "{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}" 

  -> {HKCU...CLSID} = "Java Plug-in 1.6.0_03" 

                   \InProcServer32\(Default) = "E:\Program Files\Java\jre1.6.0_03\bin\ssv.dll" ["Sun Microsystems, Inc."] 

  -> {HKLM...CLSID} = "Java Plug-in 1.6.0_03" 

                   \InProcServer32\(Default) = "E:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll" ["Sun Microsystems, Inc."] 


{FB5F1910-F110-11D2-BB9E-00C04F795683}\ 

"ButtonText" = "Messenger" 

"MenuText" = "Windows Messenger" 

"Exec" = "E:\Program Files\Messenger\msmsgs.exe" [MS] 



Running Services (Display Name, Service Name, Path {Service DLL}): 

------------------------------------------------------------------ 


ATK Keyboard Service, ATKKeyboardService, "E:\WINDOWS\ATKKBService.exe" ["ASUSTeK COMPUTER INC."] 

LightScribeService Direct Disc Labeling Service, LightScribeService, ""E:\Program Files\Common Files\LightScribe\LSSrvc.exe"" ["Hewlett-Packard Company"] 

Logitech Process Monitor, LVPrcSrv, "e:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe" ["Logitech Inc."] 

McAfee Anti-Spam Service, MSK80Service, ""E:\Program Files\McAfee\MSK\MskSrver.exe"" ["McAfee, Inc."] 

McAfee Network Agent, McNASvc, ""e:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe"" ["McAfee, Inc."] 

McAfee Personal Firewall Service, MpfService, ""E:\Program Files\McAfee\MPF\MPFSrv.exe"" ["McAfee, Inc."] 

McAfee Proxy Service, McProxy, "e:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe" ["McAfee, Inc."] 

McAfee Real-time Scanner, McShield, "E:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe" ["McAfee, Inc."] 

McAfee Services, mcmscsvc, "E:\PROGRA~1\McAfee\MSC\mcmscsvc.exe" ["McAfee, Inc."] 

McAfee SystemGuards, McSysmon, "E:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe" ["McAfee, Inc."] 

NMIndexingService, NMIndexingService, ""E:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe"" ["Nero AG"] 

NVIDIA Display Driver Service, NVSvc, "E:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"] 

Pml Driver HPZ12, Pml Driver HPZ12, "E:\WINDOWS\system32\HPZipm12.exe" ["HP"] 

PnkBstrA, PnkBstrA, "E:\WINDOWS\system32\PnkBstrA.exe" [null data] 

ServiceLayer, ServiceLayer, ""E:\Program Files\PC Connectivity Solution\ServiceLayer.exe"" ["Nokia."] 

Usługa SiteAdvisor, SiteAdvisor Service, "E:\Program Files\SiteAdvisor\6253\SAService.exe" ["McAfee, Inc."] 

Windows Driver Foundation - User-mode Driver Framework, WudfSvc, "E:\WINDOWS\system32\svchost.exe -k WudfServiceGroup" {"E:\WINDOWS\System32\WUDFSvc.dll" [MS]} 



Print Monitors: 

--------------- 


HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\ 

hpzlnt09\Driver = "hpzlnt09.dll" ["HP"] 



---------- (launch time: 2008-05-22 18:44:15) 

+ This report excludes default entries except where indicated. 

+ To see *everywhere* the script checks and *everything* it finds, 

  launch it from a command prompt or a shortcut with the -all parameter. 

+ The search for DESKTOP.INI DLL launch points on all local fixed drives 

  took 8 seconds. 

---------- (total run time: 39 seconds)

(huber2t) #2

fix w hijackthis

Pobierz ComboFix, ale nie uruchamiaj

Wklej do notatnika:

File::

E:\WINDOWS\gktxaspm.dll

E:\WINDOWS\pxgdslro.dll

 E:\WINDOWS\gnowmebk.dll

E:\DOCUME~1\Adam\USTAWI~1\Temp\msprint.exe

Plik -> zapisz jako -> CFScript.txt (najwygodniej będzie, jeśli zapiszesz w takiej lokalizacji, by ikonka CFScript.txt znalazła się obok ikonki ComboFix.exe)

Przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe tak jak tu ->

02f8f1e3c410a4cc.gif

Rozpocznie się usuwanie i powstanie log, daj ten log na forum.


(Weedel) #3

zrobiłem wszystko do ostatniego punktu tj. 'rzuciłem' tym txt, on tam coś ... complete itd , a potem mi wyłączył komputer pojawił niebieski komunikat na cały ekran, kazał mi zresetować kompa więc nie powstał żaden log... zrobić hijackiem?? proszę o instrukcje :wink:


(huber2t) #4

Nie wykonaj nowy log combofixem


(Weedel) #5

już chyba wszystko ok ale podaje loga z combofixa


(huber2t) #6

Pobierz ComboFix, ale nie uruchamiaj

Wklej do notatnika:

File::

E:\WINDOWS\elsq.exe

E:\WINDOWS\mdtgkswr.exe

E:\Program Files\antiviirus.exe



Folder::

E:\WINDOWS\system32\959563


Registry::

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7C9E1967-FA81-47C2-B649-5E52A35D854F}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RemoteControl"=-

"SunJavaUpdateSched"=-

"WinampAgent"=-

"Adobe Reader Speed Launcher"=-

"antiviirus"=-

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2]

Plik -> zapisz jako -> CFScript.txt (najwygodniej będzie, jeśli zapiszesz w takiej lokalizacji, by ikonka CFScript.txt znalazła się obok ikonki ComboFix.exe)

Przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe tak jak tu ->

02f8f1e3c410a4cc.gif

Rozpocznie się usuwanie i powstanie log, daj ten log na forum.