Regulamin forum
1. Każdy temat powinien odzwierciedlać treść wątku.2. W przypadku wklejania logów; należy je wykonać od razu przynajmniej z dwóch narzędzi: FRST oraz z GMER
3. Wszelkie logi proszę publikować na przeznaczonych do tego stronach a w poście wklejać tylko link.
4. Nie wskazane jest skracanie logów, należy wkleić cały - od początku, do końca.
5. Nie wskazane jest podczepianie się do tematów innych użytkowników - proszę założyć nowy temat w dziale Bezpieczeństwo, ułatwi to pomoc sprawdzającemu.
6. Osoby nie posiadające odpowiedniej wiedzy, nie powinny sprawdzać logów, ponieważ grozi to poważnym uszkodzeniem systemu lub aplikacji zainstalowanych na komputerze.
7. Należy dokładnie opisać problem, występujące objawy oraz wszelkie podjęte działania.
8. Każdy skrypt jest unikatowy, napisany dla każdego przypadku z osobna, więc nie może być stosowany przez innych.
9. W przypadku zamieszczenia zrzutu ekranu (screenshot'a) proszę korzystać z zewnętrznego serwisu oferującego hosting zdjęć.
proszęo sprawdzenie loga
23 Lip 2007, 03:37
Proszę o sprawdzenie loga.Komputer mi się często restartuje.Z góry dziękuje.Logfile of HijackThis v1.99.1
Scan saved at 03:31:27, on 2007-07-23
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
D:\Program Files\Alwil Software\Avast4\ashServ.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\RTHDCPL.EXE
D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\programy\daemon\daemon.exe
C:\programy\a-square\a-squared Free\a2service.exe
C:\programy\Quiktim\qttask.exe
C:\programy\winamp\winampa.exe
C:\programy\zero spyware\FileDeleter.exe
C:\programy\crystal XP\Crystal Clear\RocketDock\RocketDock.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\programy\clock\Clock Tray Skins\ClockTraySkins.exe
C:\programy\crystal XP\Crystal Clear\UberIcon\UberIcon Manager.exe
C:\programy\winzip\WZQKPICK.EXE
C:\programy\POP3 tray\PopTray.exe
C:\programy\ObjectDock\ObjectDock.exe
C:\programy\crystal XP\Crystal Clear\YzShadow\YzShadow.exe
C:\programy\crystal XP\Crystal Clear\YzToolbar\YzToolBar.exe
D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
D:\WINDOWS\system32\wuauclt.exe
D:\Program Files\Mozilla Firefox\firefox.exe
C:\programy\hijack\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.imesh.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.imesh.com/sidebar.html?src=ssb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\programy\adobereader\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\programy\spybot\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - (no file)
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [StartCCC] D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\programy\daemon\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [LogonStudio] "C:\programy\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: [QuickTime Task] "C:\programy\Quiktim\qttask.exe" -atboottime
O4 - HKLM\..\Run: [IMJPMIG8.1] "D:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] D:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [WinampAgent] C:\programy\winamp\winampa.exe
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\programy\BootSkin\BootSkin.exe" /StartupJobs
O4 - HKCU\..\Run: [RocketDock] "C:\programy\crystal XP\Crystal Clear\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SkinClock] C:\programy\clock\Clock Tray Skins\ClockTraySkins.exe
O4 - HKCU\..\Run: [UberIcon] "C:\programy\crystal XP\Crystal Clear\UberIcon\UberIcon Manager.exe"
O4 - Startup: PopTray.lnk = C:\programy\POP3 tray\PopTray.exe
O4 - Startup: RocketDock.lnk = C:\programy\crystal XP\Crystal Clear\RocketDock\RocketDock.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\programy\ObjectDock\ObjectDock.exe
O4 - Startup: UberIcon.lnk = C:\programy\crystal XP\Crystal Clear\UberIcon\UberIcon Manager.exe
O4 - Startup: Y'z Shadow.lnk = C:\programy\crystal XP\Crystal Clear\YzShadow\YzShadow.exe
O4 - Startup: Y'z Toolbar.lnk = C:\programy\crystal XP\Crystal Clear\YzToolbar\YzToolBar.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\programy\winzip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 2305983109
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 2305442968
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O20 - Winlogon Notify: WgaLogon - D:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - D:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\programy\a-square\a-squared Free\a2service.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ZeroSpyware FileDeleter (FileDeleter) - FBM Software - C:\programy\zero spyware\FileDeleter.exe
O23 - Service: SysEnforce - Unknown owner - C:\programy\SSI\SYSENF~1.EXE (file missing)
Scan saved at 03:31:27, on 2007-07-23
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
D:\Program Files\Alwil Software\Avast4\ashServ.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\RTHDCPL.EXE
D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\programy\daemon\daemon.exe
C:\programy\a-square\a-squared Free\a2service.exe
C:\programy\Quiktim\qttask.exe
C:\programy\winamp\winampa.exe
C:\programy\zero spyware\FileDeleter.exe
C:\programy\crystal XP\Crystal Clear\RocketDock\RocketDock.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\programy\clock\Clock Tray Skins\ClockTraySkins.exe
C:\programy\crystal XP\Crystal Clear\UberIcon\UberIcon Manager.exe
C:\programy\winzip\WZQKPICK.EXE
C:\programy\POP3 tray\PopTray.exe
C:\programy\ObjectDock\ObjectDock.exe
C:\programy\crystal XP\Crystal Clear\YzShadow\YzShadow.exe
C:\programy\crystal XP\Crystal Clear\YzToolbar\YzToolBar.exe
D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
D:\WINDOWS\system32\wuauclt.exe
D:\Program Files\Mozilla Firefox\firefox.exe
C:\programy\hijack\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.imesh.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.imesh.com/sidebar.html?src=ssb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\programy\adobereader\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\programy\spybot\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - (no file)
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [StartCCC] D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\programy\daemon\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [LogonStudio] "C:\programy\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: [QuickTime Task] "C:\programy\Quiktim\qttask.exe" -atboottime
O4 - HKLM\..\Run: [IMJPMIG8.1] "D:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] D:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [WinampAgent] C:\programy\winamp\winampa.exe
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\programy\BootSkin\BootSkin.exe" /StartupJobs
O4 - HKCU\..\Run: [RocketDock] "C:\programy\crystal XP\Crystal Clear\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SkinClock] C:\programy\clock\Clock Tray Skins\ClockTraySkins.exe
O4 - HKCU\..\Run: [UberIcon] "C:\programy\crystal XP\Crystal Clear\UberIcon\UberIcon Manager.exe"
O4 - Startup: PopTray.lnk = C:\programy\POP3 tray\PopTray.exe
O4 - Startup: RocketDock.lnk = C:\programy\crystal XP\Crystal Clear\RocketDock\RocketDock.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\programy\ObjectDock\ObjectDock.exe
O4 - Startup: UberIcon.lnk = C:\programy\crystal XP\Crystal Clear\UberIcon\UberIcon Manager.exe
O4 - Startup: Y'z Shadow.lnk = C:\programy\crystal XP\Crystal Clear\YzShadow\YzShadow.exe
O4 - Startup: Y'z Toolbar.lnk = C:\programy\crystal XP\Crystal Clear\YzToolbar\YzToolBar.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\programy\winzip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 2305983109
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 2305442968
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O20 - Winlogon Notify: WgaLogon - D:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - D:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\programy\a-square\a-squared Free\a2service.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ZeroSpyware FileDeleter (FileDeleter) - FBM Software - C:\programy\zero spyware\FileDeleter.exe
O23 - Service: SysEnforce - Unknown owner - C:\programy\SSI\SYSENF~1.EXE (file missing)
23 Lip 2007, 14:30
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.imesh.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.imesh.com/sidebar.html?src=ssb
O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
Fix w HJT.
Pokaż log z Silent Runners i ComboFix.
23 Lip 2007, 16:21
Dziękuje za sprawdzenie loga hijack,a to log combofix
"sir Daniello" - 2007-07-23 16:13:59 - ComboFix 07-07-23.6 - Dodatek Service Pack 2 NTFS
((((((((((((((((((((((((( Files Created from 2007-06-23 to 2007-07-23 )))))))))))))))))))))))))))))))
2007-07-23 15:40 51,200 --a------ D:\WINDOWS\nircmd.exe
2007-07-23 13:56 <DIR> d-------- D:\DOCUME~1\ALLUSE~1\DANEAP~1\NVIDIA
2007-07-23 13:51 208,896 --a------ D:\WINDOWS\system32\NVUNINST.EXE
2007-07-23 11:55 <DIR> d-------- D:\DOCUME~1\ALLUSE~1\DANEAP~1\nView_Profiles
2007-07-23 10:05 208,896 --a------ D:\WINDOWS\system32\nvudisp.exe
2007-07-23 10:05 <DIR> d-------- D:\WINDOWS\nview
2007-07-18 09:14 4,027 --a------ D:\WINDOWS\BricoPackFoldersDelete.cmd
2007-07-17 20:03 <DIR> d-------- D:\DOCUME~1\ALLUSE~1\DANEAP~1\Spybot - Search & Destroy
2007-07-17 17:34 4,212 ---h----- D:\WINDOWS\system32\zllictbl.dat
2007-07-17 17:34 11,264 --a------ D:\WINDOWS\system32\SpOrder.dll
2007-07-17 17:33 <DIR> d-------- D:\WINDOWS\Internet Logs
2007-07-17 13:18 299,520 --a------ D:\WINDOWS\uninst.exe
2007-07-17 13:18 <DIR> d-------- D:\DOCUME~1\SIRDAN~1\WINDOWS
2007-07-17 09:33 <DIR> d-------- D:\DOCUME~1\SIRDAN~1\Pulpit
2007-07-16 19:51 <DIR> d-------- D:\DOCUME~1\SIRDAN~1\DANEAP~1\SopCast
2007-07-16 19:45 <DIR> d-------- D:\Program Files\Common Files\Real
2007-07-16 19:44 <DIR> d-------- D:\DOCUME~1\SIRDAN~1\DANEAP~1\Real
2007-07-15 17:17 <DIR> d-------- D:\DOCUME~1\SIRDAN~1\DANEAP~1\Desktop Sidebar
2007-07-13 20:03 <DIR> d-------- D:\DOCUME~1\SIRDAN~1\DANEAP~1\Media Player Classic
2007-07-13 18:12 <DIR> d-------- D:\WINDOWS\system32\ZeroSpyware Limited Edition
2007-07-13 17:55 <DIR> d-------- D:\WINDOWS\system32\zslfiles
2007-07-13 17:44 <DIR> d-------- D:\Program Files\FBM Software
2007-07-12 17:21 159,744 --a------ D:\WINDOWS\system32\hasher.dll
2007-07-12 14:28 75,264 --a------ D:\WINDOWS\system32\unacev2.dll
2007-07-12 14:28 156,160 --a------ D:\WINDOWS\system32\unrar3.dll
2007-07-11 19:49 98,304 --a------ D:\WINDOWS\system32\msir3jp.dll
2007-07-11 19:49 9,216 --a------ D:\WINDOWS\system32\kbdnecAT.dll
2007-07-11 19:49 838,144 --a------ D:\WINDOWS\system32\chtbrkr.dll
2007-07-11 19:49 76,288 --a------ D:\WINDOWS\system32\uniime.dll
2007-07-11 19:49 70,656 --a------ D:\WINDOWS\system32\korwbrkr.dll
2007-07-11 19:49 7,680 --a------ D:\WINDOWS\system32\kbdnecNT.dll
2007-07-11 19:49 7,168 --a------ D:\WINDOWS\system32\kbdnec95.dll
2007-07-11 19:49 7,168 --a------ D:\WINDOWS\system32\kbdibm02.dll
2007-07-11 19:49 7,168 --a------ D:\WINDOWS\system32\f3ahvoas.dll
2007-07-11 19:49 6,656 --a------ D:\WINDOWS\system32\kbdlk41a.dll
2007-07-11 19:49 6,656 --a------ D:\WINDOWS\system32\c_is2022.dll
2007-07-11 19:49 6,144 --a------ D:\WINDOWS\system32\kbdlk41j.dll
2007-07-11 19:49 6,144 --a------ D:\WINDOWS\system32\kbdax2.dll
2007-07-11 19:49 6,144 --a------ D:\WINDOWS\system32\kbd106n.dll
2007-07-11 19:49 6,144 --a------ D:\WINDOWS\system32\kbd101a.dll
2007-07-11 19:49 6,144 --a------ D:\WINDOWS\system32\kbd101.dll
2007-07-11 19:49 218,112 --a------ D:\WINDOWS\system32\c_g18030.dll
2007-07-11 19:49 1,677,824 --a------ D:\WINDOWS\system32\chsbrkr.dll
2007-07-11 19:48 811,064 --a------ D:\WINDOWS\system32\imjp81k.dll
2007-07-11 19:48 8,704 --a------ D:\WINDOWS\system32\kbdjpn.dll
2007-07-11 19:48 8,192 --a------ D:\WINDOWS\system32\kbdkor.dll
2007-07-11 19:48 6,144 --a------ D:\WINDOWS\system32\kbd106.dll
2007-07-11 19:48 6,144 --a------ D:\WINDOWS\system32\kbd101c.dll
2007-07-11 19:48 6,144 --a------ D:\WINDOWS\system32\kbd101b.dll
2007-07-11 19:48 5,632 --a------ D:\WINDOWS\system32\kbd103.dll
2007-07-11 19:44 6,144 -ra------ D:\WINDOWS\system32\kbdth3.dll
2007-07-11 19:44 6,144 -ra------ D:\WINDOWS\system32\kbdth2.dll
2007-07-11 19:44 6,144 -ra------ D:\WINDOWS\system32\kbdinpun.dll
2007-07-11 19:44 6,144 --a------ D:\WINDOWS\system32\ftlx041e.dll
2007-07-11 19:44 5,632 -ra------ D:\WINDOWS\system32\kbdvntc.dll
2007-07-11 19:44 5,632 -ra------ D:\WINDOWS\system32\kbdurdu.dll
2007-07-11 19:44 5,632 -ra------ D:\WINDOWS\system32\kbdth1.dll
2007-07-11 19:44 5,632 -ra------ D:\WINDOWS\system32\kbdth0.dll
2007-07-11 19:44 5,632 -ra------ D:\WINDOWS\system32\kbdsyr2.dll
2007-07-11 19:44 5,632 -ra------ D:\WINDOWS\system32\kbdsyr1.dll
2007-07-11 19:44 5,632 -ra------ D:\WINDOWS\system32\kbdintel.dll
2007-07-11 19:44 5,632 -ra------ D:\WINDOWS\system32\kbdintam.dll
2007-07-11 19:44 5,632 -ra------ D:\WINDOWS\system32\kbdinmar.dll
2007-07-11 19:44 5,632 -ra------ D:\WINDOWS\system32\kbdinkan.dll
2007-07-11 19:44 5,632 -ra------ D:\WINDOWS\system32\kbdinhin.dll
2007-07-11 19:44 5,632 -ra------ D:\WINDOWS\system32\kbdinguj.dll
2007-07-11 19:44 5,632 -ra------ D:\WINDOWS\system32\kbdindev.dll
2007-07-11 19:44 5,632 -ra------ D:\WINDOWS\system32\kbdheb.dll
2007-07-11 19:44 5,632 -ra------ D:\WINDOWS\system32\kbdfa.dll
2007-07-11 19:44 5,632 -ra------ D:\WINDOWS\system32\kbddiv2.dll
2007-07-11 19:44 5,632 -ra------ D:\WINDOWS\system32\kbddiv1.dll
2007-07-11 19:44 5,632 -ra------ D:\WINDOWS\system32\kbda3.dll
2007-07-11 19:44 5,632 -ra------ D:\WINDOWS\system32\kbda2.dll
2007-07-11 19:44 5,632 -ra------ D:\WINDOWS\system32\kbda1.dll
2007-07-11 19:44 5,632 --a------ D:\WINDOWS\system32\kbdusa.dll
2007-07-11 19:44 5,120 -ra------ D:\WINDOWS\system32\kbdgeo.dll
2007-07-11 19:44 5,120 -ra------ D:\WINDOWS\system32\kbdarmw.dll
2007-07-11 19:44 5,120 -ra------ D:\WINDOWS\system32\kbdarme.dll
2007-07-11 19:44 185,344 --a------ D:\WINDOWS\system32\Thawbrkr.dll
2007-07-11 19:44 10,752 --a------ D:\WINDOWS\system32\c_iscii.dll
2007-07-11 19:35 <DIR> d-------- D:\WINDOWS\system32\NtmsData
2007-07-11 13:48 <DIR> d-------- D:\DOCUME~1\ALLUSE~1\DANEAP~1\SUPERAntiSpyware.com
2007-07-11 13:43 <DIR> d-------- D:\Program Files\Common Files\Scanner
2007-07-11 13:43 <DIR> d-------- D:\DOCUME~1\ALLUSE~1\DANEAP~1\CA
2007-07-11 13:37 <DIR> d-------- D:\DOCUME~1\SIRDAN~1\DANEAP~1\SUPERAntiSpyware.com
2007-07-11 13:20 <DIR> d-------- D:\DOCUME~1\SIRDAN~1\DANEAP~1\Lavasoft
2007-07-11 13:10 512,688 --a------ D:\WINDOWS\system32\XceedCry.dll
2007-07-11 13:10 423,784 --a------ D:\WINDOWS\system32\XceedBkp.dll
2007-07-11 13:10 101,888 --a------ D:\WINDOWS\system32\VB6STKIT.DLL
2007-07-10 20:11 <DIR> d-------- D:\DOCUME~1\SIRDAN~1\DANEAP~1\Onet
2007-07-10 20:11 <DIR> d-------- D:\DOCUME~1\SIRDAN~1\DANEAP~1\MozillaControl
2007-07-10 20:11 <DIR> d-------- D:\DOCUME~1\SIRDAN~1\DANEAP~1\Listonosz
2007-07-10 20:11 <DIR> d-------- D:\DOCUME~1\SIRDAN~1\DANEAP~1\AutoUpdate
2007-07-10 08:12 63,488 --a------ D:\WINDOWS\system32\unam4ie.exe
2007-07-10 08:12 4,608 --a------ D:\WINDOWS\system32\w95inf32.dll
2007-07-10 08:12 38,160 --a------ D:\WINDOWS\system32\LMRTREND.dll
2007-07-10 08:12 221,184 --a------ D:\WINDOWS\system32\wmpns.dll
2007-07-10 08:12 2,272 --a------ D:\WINDOWS\system32\w95inf16.dll
2007-07-10 08:12 194,320 --a------ D:\WINDOWS\system32\qcut.dll
2007-07-10 08:12 182,032 --a------ D:\WINDOWS\system32\dxtmsft3.dll
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-07-23 13:54:20 1,277 ----a-w D:\WINDOWS\mozver.dat
2007-07-22 18:44:42 219,648 ----a-w D:\WINDOWS\system32\uxtheme.dll
2007-07-18 07:16:51 -------- d-----w D:\Program Files\Movie Maker
2007-07-16 15:48:35 -------- d--h--w D:\Program Files\InstallShield Installation Information
2007-07-16 02:09:58 194 --sha-w D:\Program Files\desktop.ini
2007-07-12 11:14:02 6,632,448 ----a-w D:\WINDOWS\system32\logonuiX.exe
2007-07-11 03:00:55 87,188 ----a-w D:\WINDOWS\system32\perfc015.dat
2007-07-11 03:00:55 494,652 ----a-w D:\WINDOWS\system32\perfh015.dat
2007-07-02 10:16:14 -------- d-----w D:\Program Files\Windows NT
2007-06-23 19:28:58 163,644 ----a-w D:\WINDOWS\system32\drivers\secdrv.sys
2007-06-22 16:29:14 -------- d-----w D:\DOCUME~1\SIRDAN~1\DANEAP~1\Talkback
2007-06-20 07:13:32 -------- d-----w D:\DOCUME~1\SIRDAN~1\DANEAP~1\Gadu-Gadu
2007-06-20 04:46:23 -------- d-----w D:\Program Files\VID_0E8F&PID_0012
2007-06-20 04:41:38 -------- d-----w D:\Program Files\Common Files\Nero
2007-06-20 04:39:15 -------- d-----w D:\Program Files\Common Files\Ahead
2007-06-20 04:32:13 0 ----a-w D:\WINDOWS\nsreg.dat
2007-06-20 04:15:40 -------- d-----w D:\DOCUME~1\SIRDAN~1\DANEAP~1\ATI
2007-06-20 04:12:43 -------- d-----w D:\Program Files\Common Files\InstallShield
2007-06-20 04:01:50 -------- d-----w D:\Program Files\MSXML 6.0
2007-06-20 03:46:53 -------- d-----w D:\Program Files\MSBuild
2007-06-20 03:42:42 -------- d-----w D:\Program Files\Reference Assemblies
2007-06-20 03:41:16 -------- d-----w D:\Program Files\Windows Media Connect 2
2007-06-20 02:45:41 -------- d-----w D:\Program Files\Messenger
2007-06-19 22:28:54 -------- d-----w D:\Program Files\Common Files\ODBC
2007-06-19 22:28:51 -------- d-----w D:\Program Files\Common Files\SpeechEngines
2007-06-19 21:05:59 -------- d-----w D:\Program Files\Alwil Software
2007-06-19 20:53:44 -------- d-----w D:\Program Files\Realtek
2007-06-19 20:48:01 -------- d-----w D:\Program Files\DIFX
2007-06-19 20:40:18 -------- d-----w D:\Program Files\microsoft frontpage
2007-06-19 20:38:50 -------- d--h--w D:\Program Files\WindowsUpdate
2007-06-19 20:38:47 -------- d-----w D:\Program Files\Usługi online
2007-06-19 20:37:59 -------- d-----w D:\Program Files\Common Files\MSSoap
2007-06-19 20:37:22 21,856 ----a-w D:\WINDOWS\system32\emptyregdb.dat
2007-06-19 20:36:32 -------- d-----w D:\Program Files\MSN Gaming Zone
2007-05-18 01:57:53 268,288 ----a-w D:\WINDOWS\system32\ati2dvag.dll
2007-05-18 01:41:03 2,922,144 ----a-w D:\WINDOWS\system32\ati3duag.dll
2007-05-18 01:30:58 1,512,960 ----a-w D:\WINDOWS\system32\ativvaxx.dll
2007-05-18 01:10:21 368,640 ----a-w D:\WINDOWS\system32\ati2cqag.dll
2007-05-16 15:18:58 683,520 ----a-w D:\WINDOWS\system32\inetcomm.dll
2007-04-30 15:46:10 745,600 ----a-w D:\WINDOWS\system32\aswBoot.exe
2007-04-30 15:35:28 95,872 ----a-w D:\WINDOWS\system32\AvastSS.scr
2007-04-25 14:23:30 144,896 ----a-w D:\WINDOWS\system32\schannel.dll
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-08-01 20:10 D:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 19:04 D:\WINDOWS\SkyTel.exe]
"Alcmtr"="ALCMTR.EXE" [2005-05-03 19:43 D:\WINDOWS\Alcmtr.exe]
"avast!"="D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-04-30 17:42]
"DAEMON Tools-1033"="C:\programy\daemon\daemon.exe" [2004-08-22 17:05]
"LogonStudio"="C:\programy\LogonStudio\logonstudio.exe" [2002-09-03 18:38]
"QuickTime Task"="C:\programy\Quiktim\qttask.exe" [2007-04-27 09:41]
"WinampAgent"="C:\programy\winamp\winampa.exe" [2007-05-15 00:22]
"BootSkin Startup Jobs"="C:\programy\BootSkin\BootSkin.exe" [2004-04-26 16:21]
"nwiz"="nwiz.exe" [2007-04-19 13:26 D:\WINDOWS\system32\nwiz.exe]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="C:\programy\crystal XP\Crystal Clear\RocketDock\RocketDock.exe" [2006-05-14 22:47]
"ctfmon.exe"="D:\WINDOWS\system32\ctfmon.exe" [2006-03-02 14:00]
"SkinClock"="C:\programy\clock\Clock Tray Skins\ClockTraySkins.exe" [2006-10-14 14:35]
"UberIcon"="C:\programy\crystal XP\Crystal Clear\UberIcon\UberIcon Manager.exe" [2006-02-05 14:20]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"MRUBlaster"=C:\programy\MRUblaster\MRU-Blaster\indexcleaner.exe -CC
D:\Documents and Settings\sir Daniello\Menu Start\Programy\Autostart\
PopTray.lnk - C:\programy\POP3 tray\PopTray.exe [2006-09-16 15:01:16]
RocketDock.lnk - C:\programy\crystal XP\Crystal Clear\RocketDock\RocketDock.exe [2006-05-14 22:47:48]
Stardock ObjectDock.lnk - C:\programy\ObjectDock\ObjectDock.exe [2007-07-04 18:15:32]
UberIcon.lnk - C:\programy\crystal XP\Crystal Clear\UberIcon\UberIcon Manager.exe [2006-02-05 14:20:14]
Y'z Shadow.lnk - C:\programy\crystal XP\Crystal Clear\YzShadow\YzShadow.exe [2002-09-30 21:09:06]
Y'z Toolbar.lnk - C:\programy\crystal XP\Crystal Clear\YzToolbar\YzToolBar.exe [2002-09-29 14:41:10]
D:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
WinZip Quick Pick.lnk - C:\programy\winzip\WZQKPICK.EXE [2007-07-15 14:39:23]
R0 sfsync02;StarForce Protection Synchronization Driver (version 2.x);D:\WINDOWS\system32\drivers\sfsync02.sys
R0 sfvfs02;StarForce Protection VFS Driver (version 2.x);D:\WINDOWS\system32\drivers\sfvfs02.sys
R1 AmdK8;Sterownik procesora AMD;D:\WINDOWS\system32\DRIVERS\AmdK8.sys
R2 FileDeleter;ZeroSpyware FileDeleter;C:\programy\zero spyware\FileDeleter.exe
R3 netrcacm;RCA USB Digital Cable Modem Driver;D:\WINDOWS\system32\DRIVERS\netrcacm.sys
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0;D:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
S3 idsvc;Windows CardSpace;"D:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe"
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service;"D:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe"
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-23 16:14:43
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden registry entries ...
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\A\1\5\1c]
"Order"=hex:08,00,00,00,02,00,00,00,b8,01,00,00,01,00,00,00,04,00,00,00,8c,..
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2007-07-23 16:15:32
--- E O F ---
"sir Daniello" - 2007-07-23 16:13:59 - ComboFix 07-07-23.6 - Dodatek Service Pack 2 NTFS
((((((((((((((((((((((((( Files Created from 2007-06-23 to 2007-07-23 )))))))))))))))))))))))))))))))
2007-07-23 15:40 51,200 --a------ D:\WINDOWS\nircmd.exe
2007-07-23 13:56 <DIR> d-------- D:\DOCUME~1\ALLUSE~1\DANEAP~1\NVIDIA
2007-07-23 13:51 208,896 --a------ D:\WINDOWS\system32\NVUNINST.EXE
2007-07-23 11:55 <DIR> d-------- D:\DOCUME~1\ALLUSE~1\DANEAP~1\nView_Profiles
2007-07-23 10:05 208,896 --a------ D:\WINDOWS\system32\nvudisp.exe
2007-07-23 10:05 <DIR> d-------- D:\WINDOWS\nview
2007-07-18 09:14 4,027 --a------ D:\WINDOWS\BricoPackFoldersDelete.cmd
2007-07-17 20:03 <DIR> d-------- D:\DOCUME~1\ALLUSE~1\DANEAP~1\Spybot - Search & Destroy
2007-07-17 17:34 4,212 ---h----- D:\WINDOWS\system32\zllictbl.dat
2007-07-17 17:34 11,264 --a------ D:\WINDOWS\system32\SpOrder.dll
2007-07-17 17:33 <DIR> d-------- D:\WINDOWS\Internet Logs
2007-07-17 13:18 299,520 --a------ D:\WINDOWS\uninst.exe
2007-07-17 13:18 <DIR> d-------- D:\DOCUME~1\SIRDAN~1\WINDOWS
2007-07-17 09:33 <DIR> d-------- D:\DOCUME~1\SIRDAN~1\Pulpit
2007-07-16 19:51 <DIR> d-------- D:\DOCUME~1\SIRDAN~1\DANEAP~1\SopCast
2007-07-16 19:45 <DIR> d-------- D:\Program Files\Common Files\Real
2007-07-16 19:44 <DIR> d-------- D:\DOCUME~1\SIRDAN~1\DANEAP~1\Real
2007-07-15 17:17 <DIR> d-------- D:\DOCUME~1\SIRDAN~1\DANEAP~1\Desktop Sidebar
2007-07-13 20:03 <DIR> d-------- D:\DOCUME~1\SIRDAN~1\DANEAP~1\Media Player Classic
2007-07-13 18:12 <DIR> d-------- D:\WINDOWS\system32\ZeroSpyware Limited Edition
2007-07-13 17:55 <DIR> d-------- D:\WINDOWS\system32\zslfiles
2007-07-13 17:44 <DIR> d-------- D:\Program Files\FBM Software
2007-07-12 17:21 159,744 --a------ D:\WINDOWS\system32\hasher.dll
2007-07-12 14:28 75,264 --a------ D:\WINDOWS\system32\unacev2.dll
2007-07-12 14:28 156,160 --a------ D:\WINDOWS\system32\unrar3.dll
2007-07-11 19:49 98,304 --a------ D:\WINDOWS\system32\msir3jp.dll
2007-07-11 19:49 9,216 --a------ D:\WINDOWS\system32\kbdnecAT.dll
2007-07-11 19:49 838,144 --a------ D:\WINDOWS\system32\chtbrkr.dll
2007-07-11 19:49 76,288 --a------ D:\WINDOWS\system32\uniime.dll
2007-07-11 19:49 70,656 --a------ D:\WINDOWS\system32\korwbrkr.dll
2007-07-11 19:49 7,680 --a------ D:\WINDOWS\system32\kbdnecNT.dll
2007-07-11 19:49 7,168 --a------ D:\WINDOWS\system32\kbdnec95.dll
2007-07-11 19:49 7,168 --a------ D:\WINDOWS\system32\kbdibm02.dll
2007-07-11 19:49 7,168 --a------ D:\WINDOWS\system32\f3ahvoas.dll
2007-07-11 19:49 6,656 --a------ D:\WINDOWS\system32\kbdlk41a.dll
2007-07-11 19:49 6,656 --a------ D:\WINDOWS\system32\c_is2022.dll
2007-07-11 19:49 6,144 --a------ D:\WINDOWS\system32\kbdlk41j.dll
2007-07-11 19:49 6,144 --a------ D:\WINDOWS\system32\kbdax2.dll
2007-07-11 19:49 6,144 --a------ D:\WINDOWS\system32\kbd106n.dll
2007-07-11 19:49 6,144 --a------ D:\WINDOWS\system32\kbd101a.dll
2007-07-11 19:49 6,144 --a------ D:\WINDOWS\system32\kbd101.dll
2007-07-11 19:49 218,112 --a------ D:\WINDOWS\system32\c_g18030.dll
2007-07-11 19:49 1,677,824 --a------ D:\WINDOWS\system32\chsbrkr.dll
2007-07-11 19:48 811,064 --a------ D:\WINDOWS\system32\imjp81k.dll
2007-07-11 19:48 8,704 --a------ D:\WINDOWS\system32\kbdjpn.dll
2007-07-11 19:48 8,192 --a------ D:\WINDOWS\system32\kbdkor.dll
2007-07-11 19:48 6,144 --a------ D:\WINDOWS\system32\kbd106.dll
2007-07-11 19:48 6,144 --a------ D:\WINDOWS\system32\kbd101c.dll
2007-07-11 19:48 6,144 --a------ D:\WINDOWS\system32\kbd101b.dll
2007-07-11 19:48 5,632 --a------ D:\WINDOWS\system32\kbd103.dll
2007-07-11 19:44 6,144 -ra------ D:\WINDOWS\system32\kbdth3.dll
2007-07-11 19:44 6,144 -ra------ D:\WINDOWS\system32\kbdth2.dll
2007-07-11 19:44 6,144 -ra------ D:\WINDOWS\system32\kbdinpun.dll
2007-07-11 19:44 6,144 --a------ D:\WINDOWS\system32\ftlx041e.dll
2007-07-11 19:44 5,632 -ra------ D:\WINDOWS\system32\kbdvntc.dll
2007-07-11 19:44 5,632 -ra------ D:\WINDOWS\system32\kbdurdu.dll
2007-07-11 19:44 5,632 -ra------ D:\WINDOWS\system32\kbdth1.dll
2007-07-11 19:44 5,632 -ra------ D:\WINDOWS\system32\kbdth0.dll
2007-07-11 19:44 5,632 -ra------ D:\WINDOWS\system32\kbdsyr2.dll
2007-07-11 19:44 5,632 -ra------ D:\WINDOWS\system32\kbdsyr1.dll
2007-07-11 19:44 5,632 -ra------ D:\WINDOWS\system32\kbdintel.dll
2007-07-11 19:44 5,632 -ra------ D:\WINDOWS\system32\kbdintam.dll
2007-07-11 19:44 5,632 -ra------ D:\WINDOWS\system32\kbdinmar.dll
2007-07-11 19:44 5,632 -ra------ D:\WINDOWS\system32\kbdinkan.dll
2007-07-11 19:44 5,632 -ra------ D:\WINDOWS\system32\kbdinhin.dll
2007-07-11 19:44 5,632 -ra------ D:\WINDOWS\system32\kbdinguj.dll
2007-07-11 19:44 5,632 -ra------ D:\WINDOWS\system32\kbdindev.dll
2007-07-11 19:44 5,632 -ra------ D:\WINDOWS\system32\kbdheb.dll
2007-07-11 19:44 5,632 -ra------ D:\WINDOWS\system32\kbdfa.dll
2007-07-11 19:44 5,632 -ra------ D:\WINDOWS\system32\kbddiv2.dll
2007-07-11 19:44 5,632 -ra------ D:\WINDOWS\system32\kbddiv1.dll
2007-07-11 19:44 5,632 -ra------ D:\WINDOWS\system32\kbda3.dll
2007-07-11 19:44 5,632 -ra------ D:\WINDOWS\system32\kbda2.dll
2007-07-11 19:44 5,632 -ra------ D:\WINDOWS\system32\kbda1.dll
2007-07-11 19:44 5,632 --a------ D:\WINDOWS\system32\kbdusa.dll
2007-07-11 19:44 5,120 -ra------ D:\WINDOWS\system32\kbdgeo.dll
2007-07-11 19:44 5,120 -ra------ D:\WINDOWS\system32\kbdarmw.dll
2007-07-11 19:44 5,120 -ra------ D:\WINDOWS\system32\kbdarme.dll
2007-07-11 19:44 185,344 --a------ D:\WINDOWS\system32\Thawbrkr.dll
2007-07-11 19:44 10,752 --a------ D:\WINDOWS\system32\c_iscii.dll
2007-07-11 19:35 <DIR> d-------- D:\WINDOWS\system32\NtmsData
2007-07-11 13:48 <DIR> d-------- D:\DOCUME~1\ALLUSE~1\DANEAP~1\SUPERAntiSpyware.com
2007-07-11 13:43 <DIR> d-------- D:\Program Files\Common Files\Scanner
2007-07-11 13:43 <DIR> d-------- D:\DOCUME~1\ALLUSE~1\DANEAP~1\CA
2007-07-11 13:37 <DIR> d-------- D:\DOCUME~1\SIRDAN~1\DANEAP~1\SUPERAntiSpyware.com
2007-07-11 13:20 <DIR> d-------- D:\DOCUME~1\SIRDAN~1\DANEAP~1\Lavasoft
2007-07-11 13:10 512,688 --a------ D:\WINDOWS\system32\XceedCry.dll
2007-07-11 13:10 423,784 --a------ D:\WINDOWS\system32\XceedBkp.dll
2007-07-11 13:10 101,888 --a------ D:\WINDOWS\system32\VB6STKIT.DLL
2007-07-10 20:11 <DIR> d-------- D:\DOCUME~1\SIRDAN~1\DANEAP~1\Onet
2007-07-10 20:11 <DIR> d-------- D:\DOCUME~1\SIRDAN~1\DANEAP~1\MozillaControl
2007-07-10 20:11 <DIR> d-------- D:\DOCUME~1\SIRDAN~1\DANEAP~1\Listonosz
2007-07-10 20:11 <DIR> d-------- D:\DOCUME~1\SIRDAN~1\DANEAP~1\AutoUpdate
2007-07-10 08:12 63,488 --a------ D:\WINDOWS\system32\unam4ie.exe
2007-07-10 08:12 4,608 --a------ D:\WINDOWS\system32\w95inf32.dll
2007-07-10 08:12 38,160 --a------ D:\WINDOWS\system32\LMRTREND.dll
2007-07-10 08:12 221,184 --a------ D:\WINDOWS\system32\wmpns.dll
2007-07-10 08:12 2,272 --a------ D:\WINDOWS\system32\w95inf16.dll
2007-07-10 08:12 194,320 --a------ D:\WINDOWS\system32\qcut.dll
2007-07-10 08:12 182,032 --a------ D:\WINDOWS\system32\dxtmsft3.dll
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-07-23 13:54:20 1,277 ----a-w D:\WINDOWS\mozver.dat
2007-07-22 18:44:42 219,648 ----a-w D:\WINDOWS\system32\uxtheme.dll
2007-07-18 07:16:51 -------- d-----w D:\Program Files\Movie Maker
2007-07-16 15:48:35 -------- d--h--w D:\Program Files\InstallShield Installation Information
2007-07-16 02:09:58 194 --sha-w D:\Program Files\desktop.ini
2007-07-12 11:14:02 6,632,448 ----a-w D:\WINDOWS\system32\logonuiX.exe
2007-07-11 03:00:55 87,188 ----a-w D:\WINDOWS\system32\perfc015.dat
2007-07-11 03:00:55 494,652 ----a-w D:\WINDOWS\system32\perfh015.dat
2007-07-02 10:16:14 -------- d-----w D:\Program Files\Windows NT
2007-06-23 19:28:58 163,644 ----a-w D:\WINDOWS\system32\drivers\secdrv.sys
2007-06-22 16:29:14 -------- d-----w D:\DOCUME~1\SIRDAN~1\DANEAP~1\Talkback
2007-06-20 07:13:32 -------- d-----w D:\DOCUME~1\SIRDAN~1\DANEAP~1\Gadu-Gadu
2007-06-20 04:46:23 -------- d-----w D:\Program Files\VID_0E8F&PID_0012
2007-06-20 04:41:38 -------- d-----w D:\Program Files\Common Files\Nero
2007-06-20 04:39:15 -------- d-----w D:\Program Files\Common Files\Ahead
2007-06-20 04:32:13 0 ----a-w D:\WINDOWS\nsreg.dat
2007-06-20 04:15:40 -------- d-----w D:\DOCUME~1\SIRDAN~1\DANEAP~1\ATI
2007-06-20 04:12:43 -------- d-----w D:\Program Files\Common Files\InstallShield
2007-06-20 04:01:50 -------- d-----w D:\Program Files\MSXML 6.0
2007-06-20 03:46:53 -------- d-----w D:\Program Files\MSBuild
2007-06-20 03:42:42 -------- d-----w D:\Program Files\Reference Assemblies
2007-06-20 03:41:16 -------- d-----w D:\Program Files\Windows Media Connect 2
2007-06-20 02:45:41 -------- d-----w D:\Program Files\Messenger
2007-06-19 22:28:54 -------- d-----w D:\Program Files\Common Files\ODBC
2007-06-19 22:28:51 -------- d-----w D:\Program Files\Common Files\SpeechEngines
2007-06-19 21:05:59 -------- d-----w D:\Program Files\Alwil Software
2007-06-19 20:53:44 -------- d-----w D:\Program Files\Realtek
2007-06-19 20:48:01 -------- d-----w D:\Program Files\DIFX
2007-06-19 20:40:18 -------- d-----w D:\Program Files\microsoft frontpage
2007-06-19 20:38:50 -------- d--h--w D:\Program Files\WindowsUpdate
2007-06-19 20:38:47 -------- d-----w D:\Program Files\Usługi online
2007-06-19 20:37:59 -------- d-----w D:\Program Files\Common Files\MSSoap
2007-06-19 20:37:22 21,856 ----a-w D:\WINDOWS\system32\emptyregdb.dat
2007-06-19 20:36:32 -------- d-----w D:\Program Files\MSN Gaming Zone
2007-05-18 01:57:53 268,288 ----a-w D:\WINDOWS\system32\ati2dvag.dll
2007-05-18 01:41:03 2,922,144 ----a-w D:\WINDOWS\system32\ati3duag.dll
2007-05-18 01:30:58 1,512,960 ----a-w D:\WINDOWS\system32\ativvaxx.dll
2007-05-18 01:10:21 368,640 ----a-w D:\WINDOWS\system32\ati2cqag.dll
2007-05-16 15:18:58 683,520 ----a-w D:\WINDOWS\system32\inetcomm.dll
2007-04-30 15:46:10 745,600 ----a-w D:\WINDOWS\system32\aswBoot.exe
2007-04-30 15:35:28 95,872 ----a-w D:\WINDOWS\system32\AvastSS.scr
2007-04-25 14:23:30 144,896 ----a-w D:\WINDOWS\system32\schannel.dll
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-08-01 20:10 D:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 19:04 D:\WINDOWS\SkyTel.exe]
"Alcmtr"="ALCMTR.EXE" [2005-05-03 19:43 D:\WINDOWS\Alcmtr.exe]
"avast!"="D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-04-30 17:42]
"DAEMON Tools-1033"="C:\programy\daemon\daemon.exe" [2004-08-22 17:05]
"LogonStudio"="C:\programy\LogonStudio\logonstudio.exe" [2002-09-03 18:38]
"QuickTime Task"="C:\programy\Quiktim\qttask.exe" [2007-04-27 09:41]
"WinampAgent"="C:\programy\winamp\winampa.exe" [2007-05-15 00:22]
"BootSkin Startup Jobs"="C:\programy\BootSkin\BootSkin.exe" [2004-04-26 16:21]
"nwiz"="nwiz.exe" [2007-04-19 13:26 D:\WINDOWS\system32\nwiz.exe]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="C:\programy\crystal XP\Crystal Clear\RocketDock\RocketDock.exe" [2006-05-14 22:47]
"ctfmon.exe"="D:\WINDOWS\system32\ctfmon.exe" [2006-03-02 14:00]
"SkinClock"="C:\programy\clock\Clock Tray Skins\ClockTraySkins.exe" [2006-10-14 14:35]
"UberIcon"="C:\programy\crystal XP\Crystal Clear\UberIcon\UberIcon Manager.exe" [2006-02-05 14:20]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"MRUBlaster"=C:\programy\MRUblaster\MRU-Blaster\indexcleaner.exe -CC
D:\Documents and Settings\sir Daniello\Menu Start\Programy\Autostart\
PopTray.lnk - C:\programy\POP3 tray\PopTray.exe [2006-09-16 15:01:16]
RocketDock.lnk - C:\programy\crystal XP\Crystal Clear\RocketDock\RocketDock.exe [2006-05-14 22:47:48]
Stardock ObjectDock.lnk - C:\programy\ObjectDock\ObjectDock.exe [2007-07-04 18:15:32]
UberIcon.lnk - C:\programy\crystal XP\Crystal Clear\UberIcon\UberIcon Manager.exe [2006-02-05 14:20:14]
Y'z Shadow.lnk - C:\programy\crystal XP\Crystal Clear\YzShadow\YzShadow.exe [2002-09-30 21:09:06]
Y'z Toolbar.lnk - C:\programy\crystal XP\Crystal Clear\YzToolbar\YzToolBar.exe [2002-09-29 14:41:10]
D:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
WinZip Quick Pick.lnk - C:\programy\winzip\WZQKPICK.EXE [2007-07-15 14:39:23]
R0 sfsync02;StarForce Protection Synchronization Driver (version 2.x);D:\WINDOWS\system32\drivers\sfsync02.sys
R0 sfvfs02;StarForce Protection VFS Driver (version 2.x);D:\WINDOWS\system32\drivers\sfvfs02.sys
R1 AmdK8;Sterownik procesora AMD;D:\WINDOWS\system32\DRIVERS\AmdK8.sys
R2 FileDeleter;ZeroSpyware FileDeleter;C:\programy\zero spyware\FileDeleter.exe
R3 netrcacm;RCA USB Digital Cable Modem Driver;D:\WINDOWS\system32\DRIVERS\netrcacm.sys
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0;D:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
S3 idsvc;Windows CardSpace;"D:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe"
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service;"D:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe"
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-23 16:14:43
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden registry entries ...
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\A\1\5\1c]
"Order"=hex:08,00,00,00,02,00,00,00,b8,01,00,00,01,00,00,00,04,00,00,00,8c,..
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2007-07-23 16:15:32
--- E O F ---
23 Lip 2007, 16:25
A,bym zapomniał,od dzisiaj mam nowy procesor AM2 athlon64 3600,ram 2560,nvidia geforce 7600 gs
23 Lip 2007, 16:35
oto log z silent runners
"Silent Runners.vbs", revision R50, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"RocketDock" = ""C:\programy\crystal XP\Crystal Clear\RocketDock\RocketDock.exe"" [null data]
"ctfmon.exe" = "D:\WINDOWS\system32\ctfmon.exe" [MS]
"SkinClock" = "C:\programy\clock\Clock Tray Skins\ClockTraySkins.exe" [null data]
"UberIcon" = ""C:\programy\crystal XP\Crystal Clear\UberIcon\UberIcon Manager.exe"" [null data]
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"RTHDCPL" = "RTHDCPL.EXE" ["Realtek Semiconductor Corp."]
"SkyTel" = "SkyTel.EXE" ["Realtek Semiconductor Corp."]
"Alcmtr" = "ALCMTR.EXE" ["Realtek Semiconductor Corp."]
"avast!" = "D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" ["ALWIL Software"]
"DAEMON Tools-1033" = ""C:\programy\daemon\daemon.exe" -lang 1033" ["DAEMON'S HOME"]
"LogonStudio" = ""C:\programy\LogonStudio\logonstudio.exe" /RANDOM" ["Stardock and Luca Saggese"]
"QuickTime Task" = ""C:\programy\Quiktim\qttask.exe" -atboottime" ["Apple Inc."]
"WinampAgent" = "C:\programy\winamp\winampa.exe" [null data]
"BootSkin Startup Jobs" = ""C:\programy\BootSkin\BootSkin.exe" /StartupJobs" [empty string]
"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\ {++}
"MRUBlaster" = "C:\programy\MRUblaster\MRU-Blaster\indexcleaner.exe -CC" [null data]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
{HKLM...CLSID} = "AcroIEHlprObj Class"
\InProcServer32\(Default) = "C:\programy\adobereader\Reader\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
{HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\programy\spybot\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
{HKLM...CLSID} = "SSVHelper Class"
\InProcServer32\(Default) = "D:\Program Files\Java\jre1.6.0_02\bin\ssv.dll" ["Sun Microsystems, Inc."]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"
{HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"
{HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "D:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
"{EFA24E62-B078-11d0-89E4-00C04FC9E26E}" = "History Band"
{HKLM...CLSID} = "History Band"
\InProcServer32\(Default) = "D:\WINDOWS\system32\shdocvw.dll" [MS]
"{472083B0-C522-11CF-8763-00608CC02F24}" = "avast"
{HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "D:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
"{B327765E-D724-4347-8B16-78AE18552FC3}" = "NeroDigitalIconHandler"
{HKLM...CLSID} = "NeroDigitalIconHandler Class"
\InProcServer32\(Default) = "D:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]
"{7F1CF152-04F8-453A-B34C-E609530A9DC8}" = "NeroDigitalPropSheetHandler"
{HKLM...CLSID} = "NeroDigitalPropSheetHandler Class"
\InProcServer32\(Default) = "D:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]
"{A155339D-CCCD-4714-85EB-3754B804C9DF}" = "a-squared Free Shell Extension"
{HKLM...CLSID} = "a-squared Free Shell Extension"
\InProcServer32\(Default) = "C:\programy\a-square\a-squared Free\a2freecontmenu.dll" ["Emsi Software GmbH"]
"{E0D79304-84BE-11CE-9641-444553540000}" = "WinZip"
{HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\PROGRAMY\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{E0D79305-84BE-11CE-9641-444553540000}" = "WinZip"
{HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\PROGRAMY\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{E0D79306-84BE-11CE-9641-444553540000}" = "WinZip"
{HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\PROGRAMY\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{E0D79307-84BE-11CE-9641-444553540000}" = "WinZip"
{HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\PROGRAMY\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
{HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\programy\winrar\rarext.dll" [null data]
"{ABC70703-32AF-11d4-90C4-D483A70F4825}" = "CMenuExtender"
{HKLM...CLSID} = "CMenuExtender"
\InProcServer32\(Default) = "C:\programy\crystal XP\Crystal Clear\iColorFolder\CMExt.dll" ["Revenger inc."]
"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
{HKLM...CLSID} = "DesktopContext Class"
\InProcServer32\(Default) = "D:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
{HKLM...CLSID} = "Desktop Explorer"
\InProcServer32\(Default) = "D:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
{HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "D:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"
{HKLM...CLSID} = "nView Desktop Context Menu"
\InProcServer32\(Default) = "D:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
{HKLM...CLSID} = "NVIDIA CPL Extension"
\InProcServer32\(Default) = "D:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\
"WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
{HKLM...CLSID} = "WPDShServiceObj Class"
\InProcServer32\(Default) = "D:\WINDOWS\system32\WPDShServiceObj.dll" [MS]
HKLM\Software\Classes\Folder\shellex\ColumnHandlers\
{7D4D6379-F301-4311-BEBA-E26EB0561882}\(Default) = "NeroDigitalExt.NeroDigitalColumnHandler"
{HKLM...CLSID} = "NeroDigitalColumnHandler Class"
\InProcServer32\(Default) = "D:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]
HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
{HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "D:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
{HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\programy\winrar\rarext.dll" [null data]
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
{HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\PROGRAMY\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
CMenuExtender\(Default) = "{ABC70703-32AF-11d4-90C4-D483A70F4825}"
{HKLM...CLSID} = "CMenuExtender"
\InProcServer32\(Default) = "C:\programy\crystal XP\Crystal Clear\iColorFolder\CMExt.dll" ["Revenger inc."]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
{HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\programy\winrar\rarext.dll" [null data]
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
{HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\PROGRAMY\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
a-squared Free Shell Extension\(Default) = "{A155339D-CCCD-4714-85EB-3754B804C9DF}"
{HKLM...CLSID} = "a-squared Free Shell Extension"
\InProcServer32\(Default) = "C:\programy\a-square\a-squared Free\a2freecontmenu.dll" ["Emsi Software GmbH"]
a2FreeContMenu\(Default) = "{A155339D-CCCD-4714-85EB-3754B804C9DF}"
{HKLM...CLSID} = "a-squared Free Shell Extension"
\InProcServer32\(Default) = "C:\programy\a-square\a-squared Free\a2freecontmenu.dll" ["Emsi Software GmbH"]
avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
{HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "D:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
{HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\programy\winrar\rarext.dll" [null data]
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
{HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\PROGRAMY\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
HKLM\Software\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\
a-squared Free Shell Extension\(Default) = "{A155339D-CCCD-4714-85EB-3754B804C9DF}"
{HKLM...CLSID} = "a-squared Free Shell Extension"
\InProcServer32\(Default) = "C:\programy\a-square\a-squared Free\a2freecontmenu.dll" ["Emsi Software GmbH"]
a2FreeContMenu\(Default) = "{A155339D-CCCD-4714-85EB-3754B804C9DF}"
{HKLM...CLSID} = "a-squared Free Shell Extension"
\InProcServer32\(Default) = "C:\programy\a-square\a-squared Free\a2freecontmenu.dll" ["Emsi Software GmbH"]
Group Policies {policy setting}:
--------------------------------
Note: detected settings may not have any effect.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\
"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001
{Shutdown: Allow system to be shut down without having to log on}
"undockwithoutlogon" = (REG_DWORD) hex:0x00000001
{Devices: Allow undock without having to log on}
Active Desktop and Wallpaper:
-----------------------------
Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "D:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"
Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "D:\Documents and Settings\sir Daniello\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"
Startup items in "sir Daniello" & "All Users" startup folders:
--------------------------------------------------------------
D:\Documents and Settings\sir Daniello\Menu Start\Programy\Autostart
"PopTray" shortcut to: "C:\programy\POP3 tray\PopTray.exe" ["Renier Crause"]
"RocketDock" shortcut to: "C:\programy\crystal XP\Crystal Clear\RocketDock\RocketDock.exe" [null data]
"Stardock ObjectDock" shortcut to: "C:\programy\ObjectDock\ObjectDock.exe" ["Stardock"]
"UberIcon" shortcut to: "C:\programy\crystal XP\Crystal Clear\UberIcon\UberIcon Manager.exe" [null data]
"Y'z Shadow" shortcut to: "C:\programy\crystal XP\Crystal Clear\YzShadow\YzShadow.exe" ["Y'z@Home"]
"Y'z Toolbar" shortcut to: "C:\programy\crystal XP\Crystal Clear\YzToolbar\YzToolBar.exe" ["Y'z@Home"]
D:\Documents and Settings\All Users\Menu Start\Programy\Autostart
"WinZip Quick Pick" shortcut to: "C:\programy\winzip\WZQKPICK.EXE" ["WinZip Computing, Inc."]
Winsock2 Service Provider DLLs:
-------------------------------
Namespace Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
Transport Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 11
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05
Toolbars, Explorer Bars, Extensions:
------------------------------------
Extensions (Tools menu items, main toolbar menu buttons)
HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC}"
{HKLM...CLSID} = "Java Plug-in 1.6.0_02"
\InProcServer32\(Default) = "D:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll" ["Sun Microsystems, Inc."]
{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "D:\Program Files\Messenger\msmsgs.exe" [MS]
Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------
a-squared Free Service, a2free, "C:\programy\a-square\a-squared Free\a2service.exe" ["Emsi Software GmbH"]
avast! Antivirus, avast! Antivirus, ""D:\Program Files\Alwil Software\Avast4\ashServ.exe"" ["ALWIL Software"]
avast! iAVS4 Control Service, aswUpdSv, ""D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"" ["ALWIL Software"]
avast! Mail Scanner, avast! Mail Scanner, ""D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service" ["ALWIL Software"]
avast! Web Scanner, avast! Web Scanner, ""D:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service" ["ALWIL Software"]
NVIDIA Display Driver Service, NVSvc, "D:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"]
ZeroSpyware FileDeleter, FileDeleter, "C:\programy\zero spyware\FileDeleter.exe" ["FBM Software"]
----------
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points, use the -supp parameter or answer "No" at the
first message box and "Yes" at the second message box.
---------- (total run time: 39 seconds, including 7 seconds for message boxes)
Z góry dziękuje za pomoc
"Silent Runners.vbs", revision R50, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"RocketDock" = ""C:\programy\crystal XP\Crystal Clear\RocketDock\RocketDock.exe"" [null data]
"ctfmon.exe" = "D:\WINDOWS\system32\ctfmon.exe" [MS]
"SkinClock" = "C:\programy\clock\Clock Tray Skins\ClockTraySkins.exe" [null data]
"UberIcon" = ""C:\programy\crystal XP\Crystal Clear\UberIcon\UberIcon Manager.exe"" [null data]
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"RTHDCPL" = "RTHDCPL.EXE" ["Realtek Semiconductor Corp."]
"SkyTel" = "SkyTel.EXE" ["Realtek Semiconductor Corp."]
"Alcmtr" = "ALCMTR.EXE" ["Realtek Semiconductor Corp."]
"avast!" = "D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" ["ALWIL Software"]
"DAEMON Tools-1033" = ""C:\programy\daemon\daemon.exe" -lang 1033" ["DAEMON'S HOME"]
"LogonStudio" = ""C:\programy\LogonStudio\logonstudio.exe" /RANDOM" ["Stardock and Luca Saggese"]
"QuickTime Task" = ""C:\programy\Quiktim\qttask.exe" -atboottime" ["Apple Inc."]
"WinampAgent" = "C:\programy\winamp\winampa.exe" [null data]
"BootSkin Startup Jobs" = ""C:\programy\BootSkin\BootSkin.exe" /StartupJobs" [empty string]
"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\ {++}
"MRUBlaster" = "C:\programy\MRUblaster\MRU-Blaster\indexcleaner.exe -CC" [null data]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
{HKLM...CLSID} = "AcroIEHlprObj Class"
\InProcServer32\(Default) = "C:\programy\adobereader\Reader\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
{HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\programy\spybot\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
{HKLM...CLSID} = "SSVHelper Class"
\InProcServer32\(Default) = "D:\Program Files\Java\jre1.6.0_02\bin\ssv.dll" ["Sun Microsystems, Inc."]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"
{HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"
{HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "D:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
"{EFA24E62-B078-11d0-89E4-00C04FC9E26E}" = "History Band"
{HKLM...CLSID} = "History Band"
\InProcServer32\(Default) = "D:\WINDOWS\system32\shdocvw.dll" [MS]
"{472083B0-C522-11CF-8763-00608CC02F24}" = "avast"
{HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "D:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
"{B327765E-D724-4347-8B16-78AE18552FC3}" = "NeroDigitalIconHandler"
{HKLM...CLSID} = "NeroDigitalIconHandler Class"
\InProcServer32\(Default) = "D:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]
"{7F1CF152-04F8-453A-B34C-E609530A9DC8}" = "NeroDigitalPropSheetHandler"
{HKLM...CLSID} = "NeroDigitalPropSheetHandler Class"
\InProcServer32\(Default) = "D:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]
"{A155339D-CCCD-4714-85EB-3754B804C9DF}" = "a-squared Free Shell Extension"
{HKLM...CLSID} = "a-squared Free Shell Extension"
\InProcServer32\(Default) = "C:\programy\a-square\a-squared Free\a2freecontmenu.dll" ["Emsi Software GmbH"]
"{E0D79304-84BE-11CE-9641-444553540000}" = "WinZip"
{HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\PROGRAMY\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{E0D79305-84BE-11CE-9641-444553540000}" = "WinZip"
{HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\PROGRAMY\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{E0D79306-84BE-11CE-9641-444553540000}" = "WinZip"
{HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\PROGRAMY\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{E0D79307-84BE-11CE-9641-444553540000}" = "WinZip"
{HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\PROGRAMY\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
{HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\programy\winrar\rarext.dll" [null data]
"{ABC70703-32AF-11d4-90C4-D483A70F4825}" = "CMenuExtender"
{HKLM...CLSID} = "CMenuExtender"
\InProcServer32\(Default) = "C:\programy\crystal XP\Crystal Clear\iColorFolder\CMExt.dll" ["Revenger inc."]
"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
{HKLM...CLSID} = "DesktopContext Class"
\InProcServer32\(Default) = "D:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
{HKLM...CLSID} = "Desktop Explorer"
\InProcServer32\(Default) = "D:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
{HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "D:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"
{HKLM...CLSID} = "nView Desktop Context Menu"
\InProcServer32\(Default) = "D:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
{HKLM...CLSID} = "NVIDIA CPL Extension"
\InProcServer32\(Default) = "D:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\
"WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
{HKLM...CLSID} = "WPDShServiceObj Class"
\InProcServer32\(Default) = "D:\WINDOWS\system32\WPDShServiceObj.dll" [MS]
HKLM\Software\Classes\Folder\shellex\ColumnHandlers\
{7D4D6379-F301-4311-BEBA-E26EB0561882}\(Default) = "NeroDigitalExt.NeroDigitalColumnHandler"
{HKLM...CLSID} = "NeroDigitalColumnHandler Class"
\InProcServer32\(Default) = "D:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]
HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
{HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "D:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
{HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\programy\winrar\rarext.dll" [null data]
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
{HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\PROGRAMY\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
CMenuExtender\(Default) = "{ABC70703-32AF-11d4-90C4-D483A70F4825}"
{HKLM...CLSID} = "CMenuExtender"
\InProcServer32\(Default) = "C:\programy\crystal XP\Crystal Clear\iColorFolder\CMExt.dll" ["Revenger inc."]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
{HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\programy\winrar\rarext.dll" [null data]
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
{HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\PROGRAMY\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
a-squared Free Shell Extension\(Default) = "{A155339D-CCCD-4714-85EB-3754B804C9DF}"
{HKLM...CLSID} = "a-squared Free Shell Extension"
\InProcServer32\(Default) = "C:\programy\a-square\a-squared Free\a2freecontmenu.dll" ["Emsi Software GmbH"]
a2FreeContMenu\(Default) = "{A155339D-CCCD-4714-85EB-3754B804C9DF}"
{HKLM...CLSID} = "a-squared Free Shell Extension"
\InProcServer32\(Default) = "C:\programy\a-square\a-squared Free\a2freecontmenu.dll" ["Emsi Software GmbH"]
avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
{HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "D:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
{HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\programy\winrar\rarext.dll" [null data]
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
{HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\PROGRAMY\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
HKLM\Software\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\
a-squared Free Shell Extension\(Default) = "{A155339D-CCCD-4714-85EB-3754B804C9DF}"
{HKLM...CLSID} = "a-squared Free Shell Extension"
\InProcServer32\(Default) = "C:\programy\a-square\a-squared Free\a2freecontmenu.dll" ["Emsi Software GmbH"]
a2FreeContMenu\(Default) = "{A155339D-CCCD-4714-85EB-3754B804C9DF}"
{HKLM...CLSID} = "a-squared Free Shell Extension"
\InProcServer32\(Default) = "C:\programy\a-square\a-squared Free\a2freecontmenu.dll" ["Emsi Software GmbH"]
Group Policies {policy setting}:
--------------------------------
Note: detected settings may not have any effect.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\
"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001
{Shutdown: Allow system to be shut down without having to log on}
"undockwithoutlogon" = (REG_DWORD) hex:0x00000001
{Devices: Allow undock without having to log on}
Active Desktop and Wallpaper:
-----------------------------
Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "D:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"
Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "D:\Documents and Settings\sir Daniello\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"
Startup items in "sir Daniello" & "All Users" startup folders:
--------------------------------------------------------------
D:\Documents and Settings\sir Daniello\Menu Start\Programy\Autostart
"PopTray"
shortcut to: "C:\programy\POP3 tray\PopTray.exe" ["Renier Crause"]
"RocketDock"
shortcut to: "C:\programy\crystal XP\Crystal Clear\RocketDock\RocketDock.exe" [null data]
"Stardock ObjectDock"
shortcut to: "C:\programy\ObjectDock\ObjectDock.exe" ["Stardock"]
"UberIcon"
shortcut to: "C:\programy\crystal XP\Crystal Clear\UberIcon\UberIcon Manager.exe" [null data]
"Y'z Shadow"
shortcut to: "C:\programy\crystal XP\Crystal Clear\YzShadow\YzShadow.exe" ["Y'z@Home"]
"Y'z Toolbar"
shortcut to: "C:\programy\crystal XP\Crystal Clear\YzToolbar\YzToolBar.exe" ["Y'z@Home"]
D:\Documents and Settings\All Users\Menu Start\Programy\Autostart
"WinZip Quick Pick"
shortcut to: "C:\programy\winzip\WZQKPICK.EXE" ["WinZip Computing, Inc."]
Winsock2 Service Provider DLLs:
-------------------------------
Namespace Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
Transport Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 11
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05
Toolbars, Explorer Bars, Extensions:
------------------------------------
Extensions (Tools menu items, main toolbar menu buttons)
HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC}"
{HKLM...CLSID} = "Java Plug-in 1.6.0_02"
\InProcServer32\(Default) = "D:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll" ["Sun Microsystems, Inc."]
{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "D:\Program Files\Messenger\msmsgs.exe" [MS]
Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------
a-squared Free Service, a2free, "C:\programy\a-square\a-squared Free\a2service.exe" ["Emsi Software GmbH"]
avast! Antivirus, avast! Antivirus, ""D:\Program Files\Alwil Software\Avast4\ashServ.exe"" ["ALWIL Software"]
avast! iAVS4 Control Service, aswUpdSv, ""D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"" ["ALWIL Software"]
avast! Mail Scanner, avast! Mail Scanner, ""D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service" ["ALWIL Software"]
avast! Web Scanner, avast! Web Scanner, ""D:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service" ["ALWIL Software"]
NVIDIA Display Driver Service, NVSvc, "D:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"]
ZeroSpyware FileDeleter, FileDeleter, "C:\programy\zero spyware\FileDeleter.exe" ["FBM Software"]
----------
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points, use the -supp parameter or answer "No" at the
first message box and "Yes" at the second message box.
---------- (total run time: 39 seconds, including 7 seconds for message boxes)
Z góry dziękuje za pomoc
23 Lip 2007, 17:23
Czysto 
23 Lip 2007, 19:31
Możesz jeszcze wyłączyć zbędne usługi startujące z systemem, bo masz ich trochę
Uruchom msconfig Zakładka 'Uruchamianie' i odznacz co niepotrzebne
Uruchom
msconfig Zakładka 'Uruchamianie' i odznacz co niepotrzebne
23 Lip 2007, 19:42
Dziękuje serdecznie i posyłam pozdrowienia