Proszę o Sprawdzenia Logów odnosze wrażenie zamulania Kompa

[Czarodziejczarek]

Prosze o pomoc lub chociaz na rzucenie okiem bede bardzo wdzieczny. odnosze wrazenie ze moj komputer dziwnie pracuje... nie mam zielonego pojecia o systemach itp...


Dobry wieczor albo jak kto woli dzien dobry. Po instalacji systemu po kliku dniach odnosze wrazenieze system zamula. moje dane systemu to 1gb +512mb ram ddr1 prpcesor amd semphron 2300+, nvidia geforce fx 5200, windows legalny xp home edition office 2007 home and student tez legalny avast oraz spyware doctor takze legalne z licencjami.

podaje loga najpierw combofix

ComboFix 08-02-21 - Cezary Kielanowicz 2008-02-20 23:13:56.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1045.18.1051 [GMT 1:00]
Running from: D:\Pliki Ściągnięte z Internetu i Skany\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-01-21 to 2008-02-21 )))))))))))))))))))))))))))))))
.

2008-02-20 22:38 . 2008-02-20 22:38 <DIR> dr------- C:\Ważne Programy Chroniące System
2008-02-20 14:17 . 2008-02-20 14:46 <DIR> d-------- C:\Documents and Settings\Cezary Kielanowicz\.gimp-2.4
2008-02-20 14:13 . 2008-02-20 14:16 <DIR> dr------- C:\Program Files\GIMP-2.0
2008-02-19 23:53 . 2008-02-19 23:55 0 --a------ C:\WINDOWS\system\Lista Pamięci.dll
2008-02-19 20:47 . 2008-02-19 20:47 754 --a------ C:\WINDOWS\WORDPAD.INI
2008-02-19 20:39 . 2008-02-19 20:54 <DIR> d-------- C:\Documents and Settings\Cezary Kielanowicz\Dane aplikacji\WinEdt
2008-02-19 17:12 . 2008-02-19 17:13 <DIR> dr------- C:\Program Files\WinEdt Team
2008-02-19 17:09 . 2008-02-19 17:10 <DIR> dr------- C:\Program Files\Ghostgum
2008-02-19 17:08 . 2008-02-19 17:10 <DIR> dr------- C:\Program Files\gs
2008-02-19 16:54 . 2008-02-19 16:54 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\MiKTeX
2008-02-19 16:24 . 2008-02-19 17:06 <DIR> dr------- C:\Program Files\MiKTeX 2.6
2008-02-19 09:05 . 2008-02-19 09:05 14,336 --ahs---- C:\WINDOWS\Thumbs.db
2008-02-19 09:05 . 2008-02-19 09:05 7,168 --ahs---- C:\WINDOWS\system32\Thumbs.db
2008-02-18 22:24 . 2008-02-18 22:25 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-02-17 22:54 . 2008-02-17 22:54 <DIR> d-------- C:\WINDOWS\ERUNT
2008-02-16 09:57 . 2008-02-20 23:08 <DIR> dr------- C:\Program Files\Spyware Doctor
2008-02-16 09:57 . 2008-02-16 09:57 <DIR> d-------- C:\Documents and Settings\Cezary Kielanowicz\Dane aplikacji\PC Tools
2008-02-16 09:57 . 2007-12-10 14:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-02-16 09:57 . 2007-12-10 14:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-02-16 09:57 . 2007-12-10 14:53 41,864 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-02-16 09:57 . 2007-12-10 14:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-02-15 23:55 . 2008-02-18 10:20 250 --a------ C:\WINDOWS\gmer.ini
2008-02-15 21:30 . 2008-02-18 22:48 1,348 --a------ C:\WINDOWS\mozver.dat
2008-02-15 20:02 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-02-15 20:02 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-02-15 20:02 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-02-15 17:03 . 2008-02-15 17:03 <DIR> d-------- C:\Documents and Settings\Cezary Kielanowicz\Dane aplikacji\Nero
2008-02-15 17:00 . 2008-02-15 19:32 <DIR> dr------- C:\Program Files\Nero
2008-02-15 17:00 . 2008-02-15 17:01 <DIR> d-------- C:\Program Files\Common Files\Nero
2008-02-15 17:00 . 2008-02-15 17:00 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Nero
2008-02-15 16:06 . 2008-02-20 23:10 <DIR> d-a------ C:\Documents and Settings\All Users\Dane aplikacji\TEMP
2008-02-15 15:53 . 2005-09-23 07:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2008-02-15 15:20 . 2008-02-15 15:20 <DIR> d-------- C:\Documents and Settings\Cezary Kielanowicz\Dane aplikacji\Talkback
2008-02-15 15:20 . 2008-02-15 15:20 0 --a------ C:\WINDOWS\nsreg.dat
2008-02-15 15:16 . 2008-02-15 15:16 <DIR> d-------- C:\WINDOWS\system32\Samsung_USB_Drivers
2008-02-15 15:16 . 2008-02-15 15:16 <DIR> d-------- C:\WINDOWS\system32\Samsung PC Studio Codecs
2008-02-15 15:16 . 2008-02-15 19:33 <DIR> dr------- C:\Program Files\Samsung
2008-02-15 15:16 . 2005-12-22 12:24 137,884 --a------ C:\WINDOWS\system32\drivers\sscdmdm.sys
2008-02-15 15:16 . 2005-12-22 12:24 80,272 --a------ C:\WINDOWS\system32\drivers\sscdbus.sys
2008-02-15 15:16 . 2005-12-22 12:24 11,877 --a------ C:\WINDOWS\system32\drivers\sscdcmnt.sys
2008-02-15 15:16 . 2005-12-22 12:24 11,877 --a------ C:\WINDOWS\system32\drivers\sscdcm.sys
2008-02-15 15:16 . 2005-12-22 12:24 11,188 --a------ C:\WINDOWS\system32\drivers\sscdwhnt.sys
2008-02-15 15:16 . 2005-12-22 12:24 11,188 --a------ C:\WINDOWS\system32\drivers\sscdwh.sys
2008-02-15 15:16 . 2005-12-22 12:24 10,864 --a------ C:\WINDOWS\system32\drivers\sscdmdfl.sys
2008-02-15 15:16 . 2005-08-28 20:51 766 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-02-15 15:04 . 2008-02-15 19:34 <DIR> dr------- C:\Program Files\ToniArts
2008-02-15 15:04 . 2008-02-15 15:16 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2008-02-15 14:52 . 2008-02-15 14:52 <DIR> d-------- C:\Documents and Settings\Cezary Kielanowicz\Dane aplikacji\Gadu-Gadu
2008-02-15 14:47 . 2008-02-15 19:34 <DIR> dr------- C:\Program Files\Winamp
2008-02-15 14:47 . 2008-02-15 19:41 <DIR> d-------- C:\Documents and Settings\Cezary Kielanowicz\Dane aplikacji\Winamp
2008-02-15 14:46 . 2008-02-15 19:30 <DIR> dr------- C:\Program Files\K-Lite Codec Pack
2008-02-15 14:46 . 2007-09-04 18:56 164,352 --a------ C:\WINDOWS\system32\unrar.dll
2008-02-15 14:46 . 2007-07-29 17:51 7,680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2008-02-15 14:46 . 2007-07-10 18:10 547 --a------ C:\WINDOWS\system32\ff_vfw.dll.manifest
2008-02-15 14:45 . 2008-02-15 19:29 <DIR> dr------- C:\Program Files\Gadu-Gadu
2008-02-15 14:45 . 2008-02-15 15:36 <DIR> d-------- C:\Documents and Settings\Cezary Kielanowicz\Gadu-Gadu
2008-02-15 14:44 . 2008-02-15 19:28 <DIR> dr------- C:\Program Files\CCleaner
2008-02-15 14:43 . 2008-02-15 19:30 <DIR> dr------- C:\Program Files\MarBit
2008-02-15 14:43 . 2008-02-18 14:39 2,688 --a------ C:\WINDOWS\unins000.dat
2008-02-15 14:38 . 2008-02-15 19:31 <DIR> dr------- C:\Program Files\MSECache
2008-02-15 14:12 . 2008-02-15 18:13 <DIR> d-------- C:\WINDOWS\system32\pl-pl
2008-02-15 11:41 . 2008-02-15 19:32 <DIR> dr------- C:\Program Files\MSXML 4.0
2008-02-15 11:17 . 2006-09-06 17:43 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-18 19:43 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Microsoft Help
2008-02-15 18:32 --------- d-----r C:\Program Files\Usługi online
2008-02-15 18:31 --------- d-----r C:\Program Files\Microsoft Works
2008-02-15 18:30 --------- d-----r C:\Program Files\microsoft frontpage
2008-02-15 18:29 --------- d-----r C:\Program Files\HP
2008-02-15 18:29 --------- d-----r C:\Program Files\Hewlett-Packard
2008-02-15 18:28 77 --sh--w C:\Program Files\Common Files\Desktop.ini
2008-02-15 18:28 --------- d-----r C:\Program Files\Alwil Software
2008-02-15 09:51 --------- d-----w C:\Documents and Settings\Cezary Kielanowicz\Dane aplikacji\HP
2008-02-15 09:36 --------- d-----w C:\Documents and Settings\LocalService\Dane aplikacji\HP
2008-02-15 09:36 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\WEBREG
2008-02-15 09:35 --------- d-----w C:\Program Files\Common Files\HP
2008-02-15 09:34 --------- d-----w C:\Program Files\Common Files\Hewlett-Packard
2008-02-15 09:34 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\HPSSUPPLY
2008-02-15 09:34 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\HP
2008-02-15 09:32 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Hewlett-Packard
2008-02-15 09:21 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-12-07 02:14 824,832 ----a-w C:\WINDOWS\system32\wininet.dll
2007-12-04 18:42 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 13:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Cmaudio"="cmicnfg.cpl" []
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-10-29 09:50 4620288]
"nwiz"="nwiz.exe" [2004-10-29 09:50 921600 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2004-10-29 09:50 86016]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [2007-12-10 14:53 1103752]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 13:00 15360]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-21 23:17:17
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

detected NTDLL code modification:
ZwClose

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.

drugi log z innego programu silent runners...

"Silent Runners.vbs", revision 55, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"Cmaudio" = "RunDll32 cmicnfg.cpl,CMICtrlWnd" [MS]
"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]
"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]
"NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit" [MS]
"avast!" = "C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" ["ALWIL Software"]
"ISTray" = ""C:\Program Files\Spyware Doctor\pctsTray.exe"" ["PC Tools"]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
{HKLM...CLSID} = "Adobe PDF Reader Link Helper"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{AE84A6AA-A333-4B92-B276-C11E2212E4FE}\(Default) = "HP Smart Web Printing 1.0"
{HKLM...CLSID} = "CPrintEnhancer Object"
\InProcServer32\(Default) = "C:\Program Files\HP\Smart Web Printing\SmartWebPrinting.dll" ["Hewlett-Packard Co."]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"
{HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"
{HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
"{EFA24E62-B078-11d0-89E4-00C04FC9E26E}" = "History Band"
{HKLM...CLSID} = "History Band"
\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]
"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
{HKLM...CLSID} = "DesktopContext Class"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
{HKLM...CLSID} = "NVIDIA CPL Extension"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
{HKLM...CLSID} = "Desktop Explorer"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
{HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"
{HKLM...CLSID} = "nView Desktop Context Menu"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C}" = "Microsoft Office OneNote Namespace Extension for Windows Desktop Search"
{HKLM...CLSID} = "Microsoft Office OneNote Namespace Extension for Windows Desktop Search"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
{HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\msohevi.dll" [MS]
"{993BE281-6695-4BA5-8A2A-7AACBFAAB69E}" = "Microsoft Office Metadata Handler"
{HKLM...CLSID} = "Microsoft Office Metadata Handler"
\InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS]
"{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97}" = "Microsoft Office Thumbnail Handler"
{HKLM...CLSID} = "Microsoft Office Thumbnail Handler"
\InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS]
"{472083B0-C522-11CF-8763-00608CC02F24}" = "avast"
{HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
{HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
"{97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2}" = "NeroCoverEd Live Icons"
{HKLM...CLSID} = "NeroCoverEdLiveIcons Class"
\InProcServer32\(Default) = "C:\Program Files\Nero\Nero8\Nero CoverDesigner\CoverEdExtension.dll" ["Nero AG"]
"{B327765E-D724-4347-8B16-78AE18552FC3}" = "NeroDigitalIconHandler"
{HKLM...CLSID} = "NeroDigitalIconHandler Class"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Nero\Lib\NeroDigitalExt.dll" ["Nero AG"]
"{7F1CF152-04F8-453A-B34C-E609530A9DC8}" = "NeroDigitalPropSheetHandler"
{HKLM...CLSID} = "NeroDigitalPropSheetHandler Class"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Nero\Lib\NeroDigitalExt.dll" ["Nero AG"]

HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\
<<!>> text/xml\CLSID = "{807563E5-5146-11D5-A672-00B0D022E945}"
{HKLM...CLSID} = "Microsoft Office InfoPath XML Mime Filter"
\InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL" [MS]

HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\
{7D4D6379-F301-4311-BEBA-E26EB0561882}\(Default) = "NeroDigitalExt.NeroDigitalColumnHandler"
{HKLM...CLSID} = "NeroDigitalColumnHandler Class"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Nero\Lib\NeroDigitalExt.dll" ["Nero AG"]
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
{HKLM...CLSID} = "PDF Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]

HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\
avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
{HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
Cover Designer\(Default) = "{73FCA462-9BD5-4065-A73F-A8E5F6904EF7}"
{HKLM...CLSID} = "NeroCoverEdContextMenu Class"
\InProcServer32\(Default) = "C:\Program Files\Nero\Nero8\Nero CoverDesigner\CoverEdExtension.dll" ["Nero AG"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
{HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
{HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\
avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
{HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
{HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]


Group Policies {policy setting}:
--------------------------------

Note: detected settings may not have any effect.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\

"shutdownwithoutlogon" = (REG_DWORD) dword:0x00000001
{Shutdown: Allow system to be shut down without having to log on}

"undockwithoutlogon" = (REG_DWORD) dword:0x00000001
{Devices: Allow undock without having to log on}


Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\Cezary Kielanowicz\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 11
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05


Toolbars, Explorer Bars, Extensions:
------------------------------------

Explorer Bars

HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\

HKLM\SOFTWARE\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Poszukaj"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL" [MS]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{2670000A-7350-4F3C-8081-5663EE0C6C49}\
"ButtonText" = "Wyślij do programu OneNote"
"MenuText" = "Wyślij &do programu OneNote"
"CLSIDExtension" = "{48E73304-E1D6-4330-914C-F5F514E3486C}"
{HKLM...CLSID} = "Send to OneNote from Internet Explorer button"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll" [MS]

{92780B25-18CC-41C8-B9BE-3C9C571A8263}\
"ButtonText" = "Research"

{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

avast! Antivirus, avast! Antivirus, ""C:\Program Files\Alwil Software\Avast4\ashServ.exe"" ["ALWIL Software"]
avast! iAVS4 Control Service, aswUpdSv, ""C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"" ["ALWIL Software"]
avast! Mail Scanner, avast! Mail Scanner, ""C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service" ["ALWIL Software"]
avast! Web Scanner, avast! Web Scanner, ""C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service" ["ALWIL Software"]
hpqcxs08, hpqcxs08, "C:\WINDOWS\system32\svchost.exe -k hpdevmgmt" {"C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll" ["Hewlett-Packard Co."]}
Nero BackItUp Scheduler 3, Nero BackItUp Scheduler 3, "C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe" ["Nero AG"]
Net Driver HPZ12, Net Driver HPZ12, "C:\WINDOWS\System32\svchost.exe -k HPZ12" {"C:\WINDOWS\system32\HPZinw12.dll" ["Hewlett-Packard"]}
NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"]
PC Tools Auxiliary Service, sdAuxService, "C:\Program Files\Spyware Doctor\pctsAuxs.exe" ["PC Tools"]
PC Tools Security Service, sdCoreService, "C:\Program Files\Spyware Doctor\pctsSvc.exe" ["PC Tools"]
Pml Driver HPZ12, Pml Driver HPZ12, "C:\WINDOWS\System32\svchost.exe -k HPZ12" {"C:\WINDOWS\system32\HPZipm12.dll" ["Hewlett-Packard"]}
Usługa HP CUE DeviceDiscovery, hpqddsvc, "C:\WINDOWS\system32\svchost.exe -k hpdevmgmt" {"C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll" ["Hewlett-Packard Co."]}
Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]


Print Monitors:
---------------

HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\
LIDIL hpzll4v2\Driver = "hpzll4v2.dll" ["Hewlett-Packard Company"]
Send To Microsoft OneNote Monitor\Driver = "msonpmon.dll" [MS]


---------- (launch time: 2008-02-21 23:31:58)
<<!>>: Suspicious data at a malware launch point.

+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
took 35 seconds.
---------- (total run time: 107 seconds)

Completion time: 2008-02-21 23:18:30
.
2008-02-15 17:14:01 --- E O F ---


Prosze o pomoc lub chociaz sprawdzzenie.

skanujac avastem oraz spywarem doctorem nic nie ma ale ostatnio mialem set[i tu rozne cyfry bylyl miedzy innymi 2,3,21,7].tmp ale udalo sie usunac no nie wiem prosze opomoc.

dzikiuje i pozdrawwiam cieplo.

podalem dwaa logi poniewaz administrator tak prosil w swym regulaminie.

mam madziej ze nie namieszalem jesli co TO Z GóRY PRZEPRZASZM


POZDRO

[pp3088]

Myślę, że jest czysto. Co do TEMP-ów, polecam zmianę przeglądarki na Firefoxa.

[Czarodziejczarek]

Jesli wszystko ok to bardzo dziekuje za pomoc a przegladareke firefox to mam. wersja 2.0.0.12 cos takiego. Raz jescze dziekuje i pozdrawiam:)

Dziekuje.[/u][/i]

[pp3088]

skanujac avastem oraz spywarem doctorem nic nie ma ale ostatnio mialem set[i tu rozne cyfry bylyl miedzy innymi 2,3,21,7].tmp ale udalo sie usunac no nie wiem prosze opomoc.

ATF Cleaner

Do usuwania śmieci

[Czarodziejczarek]

Dzięki za Pomoc. forum wg mnie jest bardzo Potrzebne. Pozdrawiam i polecam. Trzymajcie się ciepło wszyscy Administratorzy Wasza Pomoc jest Wyjątkowa. Dobranoc.