witam
Mam kompa hp pavilon 6670 system vista home premium neostrada 1mb
łącze się przez wifi przez router linksys wag200g.Od pewnego czasu co
2-4 raz jak włączam kompa i włączam maxtona (nakładka ne IE) lub IE nie moge
wejść na żadną stronę tak jak bym nie miał internetu a co dziwne gg
jak włączę to działa i the bat też. Wtedy muszę się wylogować i
zalogować ponownie i wtedy jest ok.Mam antywira kasperskiego często
sprawdzam system ad aware i niewiem co może powodować coś takiego
bardzo proszę o pomoc poniżej daję loga z hjt
pzdr Markomarecki1
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:31:02, on 2008-11-06
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
c:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Spik\Spik.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\Maxthon2\Maxthon.exe
C:\Program Files\The Bat!\thebat.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\DllHost.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - F:\Program Files\FlashGet\jccatch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: VeriSoft Access Manager - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\Program Files\Bioscrypt\VeriSoft\Bin\ItIEAddIn.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - F:\Program Files\FlashGet\getflash.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: &Tłumaczenie - {0D704FAD-66E9-4F0A-BFED-4F665770DDB3} - C:\Program Files\Techland\Common\InternetTranslator\InternetTranslator.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe c:\PROGRA~1\BIOSCR~1\VeriSoft\Bin\ASTSVCC.dll,RegisterModule
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\Run: [Spik] C:\Program Files\Spik\Spik.exe -autostart
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-21-141594895-3797064947-534855294-1001\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'HONIA')
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &Ściągnij przy pomocy FlashGet'a - F:\program files\FlashGet\jc_link.htm
O8 - Extra context menu item: &Ściągnij wszystko przy pomocy FlashGet'a - F:\program files\FlashGet\jc_all.htm
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Wyślij obraz do urządzenia &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Wyślij stronę do urządzenia &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
O9 - Extra button: Statystyki dla ochrony WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B46B0919-62BA-4D99-A5C4-916B57A6805C} - C:\Program Files\Techland\Common\InternetTranslator\InternetTranslator.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Techland\Common\InternetTranslator\InternetTranslator.dll,-103 - {B46B0919-62BA-4D99-A5C4-916B57A6805C} - C:\Program Files\Techland\Common\InternetTranslator\InternetTranslator.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - F:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - F:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: Zaznaczanie HP Smart - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O13 - Gopher Prefix:
O15 - Trusted IP range: http://83.14.117.14
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {7D30109B-DD2B-4339-BE80-1CD48723C2BC} (LiveX(v6.0.1.0)) - http://83.14.117.14:81/cab/Live.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game02.zylom.com/activex/zylomgamesplayer.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wpmsg - {2E0AC5A0-3597-11D6-B3ED-0001021DC1C3} - C:\Program Files\Spik\url_wpmsg.dll
O20 - AppInit_DLLs: APSHook.dll,C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll,C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O23 - Service: Acronis OS Selector Reinstall Service (AcronisOSSReinstallSvc) - Unknown owner - C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe (file missing)
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe
--
End of file - 10619 bytes
[Pomoc] proszę o spr. loga problem z internetem
Rozpoczęty przez
markomarecki1
, 06 11 2008 20:31
7 odpowiedzi w tym temacie
#1
Napisano 06 11 2008 - 20:31
#2
Napisano 06 11 2008 - 20:46
><
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
>><<
Pokaż co masz w pliku Hosts : C:\Windows\System32\Drivers\Etc\Hosts (Vista ma chyba tak samo ?) Otwórz notatnikiem.
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
>><<
Pokaż co masz w pliku Hosts : C:\Windows\System32\Drivers\Etc\Hosts (Vista ma chyba tak samo ?) Otwórz notatnikiem.
#3
Napisano 07 11 2008 - 10:00
w tm pliku hosts mam
Copyright © 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
127.0.0.1 localhost
::1 localhost
podaje jeszcze raz loga w momecie jak nie mam internetu (na tym dogóry wszystko grało.Oczywiście te dwa zaznaczone przez karolkulich usunołem ale na tym logu jeszcze beda
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:40:24, on 2008-11-06
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
c:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Spik\Spik.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - F:\Program Files\FlashGet\jccatch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: VeriSoft Access Manager - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\Program Files\Bioscrypt\VeriSoft\Bin\ItIEAddIn.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - F:\Program Files\FlashGet\getflash.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: &Tłumaczenie - {0D704FAD-66E9-4F0A-BFED-4F665770DDB3} - C:\Program Files\Techland\Common\InternetTranslator\InternetTranslator.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe c:\PROGRA~1\BIOSCR~1\VeriSoft\Bin\ASTSVCC.dll,RegisterModule
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\Run: [Spik] C:\Program Files\Spik\Spik.exe -autostart
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'USŁUGA SIECIOWA')
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &Ściągnij przy pomocy FlashGet'a - F:\program files\FlashGet\jc_link.htm
O8 - Extra context menu item: &Ściągnij wszystko przy pomocy FlashGet'a - F:\program files\FlashGet\jc_all.htm
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Wyślij obraz do urządzenia &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Wyślij stronę do urządzenia &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
O9 - Extra button: Statystyki dla ochrony WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B46B0919-62BA-4D99-A5C4-916B57A6805C} - C:\Program Files\Techland\Common\InternetTranslator\InternetTranslator.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Techland\Common\InternetTranslator\InternetTranslator.dll,-103 - {B46B0919-62BA-4D99-A5C4-916B57A6805C} - C:\Program Files\Techland\Common\InternetTranslator\InternetTranslator.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - F:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - F:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: Zaznaczanie HP Smart - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O13 - Gopher Prefix:
O15 - Trusted IP range: http://83.14.117.14
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {7D30109B-DD2B-4339-BE80-1CD48723C2BC} (LiveX(v6.0.1.0)) - http://83.14.117.14:81/cab/Live.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game02.zylom.com/activex/zylomgamesplayer.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wpmsg - {2E0AC5A0-3597-11D6-B3ED-0001021DC1C3} - C:\Program Files\Spik\url_wpmsg.dll
O20 - AppInit_DLLs: APSHook.dll,C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll,C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O23 - Service: Acronis OS Selector Reinstall Service (AcronisOSSReinstallSvc) - Unknown owner - C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe (file missing)
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe
--
End of file - 10366 bytes
Copyright © 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
127.0.0.1 localhost
::1 localhost
podaje jeszcze raz loga w momecie jak nie mam internetu (na tym dogóry wszystko grało.Oczywiście te dwa zaznaczone przez karolkulich usunołem ale na tym logu jeszcze beda
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:40:24, on 2008-11-06
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
c:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Spik\Spik.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - F:\Program Files\FlashGet\jccatch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: VeriSoft Access Manager - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\Program Files\Bioscrypt\VeriSoft\Bin\ItIEAddIn.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - F:\Program Files\FlashGet\getflash.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: &Tłumaczenie - {0D704FAD-66E9-4F0A-BFED-4F665770DDB3} - C:\Program Files\Techland\Common\InternetTranslator\InternetTranslator.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe c:\PROGRA~1\BIOSCR~1\VeriSoft\Bin\ASTSVCC.dll,RegisterModule
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\Run: [Spik] C:\Program Files\Spik\Spik.exe -autostart
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'USŁUGA SIECIOWA')
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &Ściągnij przy pomocy FlashGet'a - F:\program files\FlashGet\jc_link.htm
O8 - Extra context menu item: &Ściągnij wszystko przy pomocy FlashGet'a - F:\program files\FlashGet\jc_all.htm
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Wyślij obraz do urządzenia &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Wyślij stronę do urządzenia &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
O9 - Extra button: Statystyki dla ochrony WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B46B0919-62BA-4D99-A5C4-916B57A6805C} - C:\Program Files\Techland\Common\InternetTranslator\InternetTranslator.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Techland\Common\InternetTranslator\InternetTranslator.dll,-103 - {B46B0919-62BA-4D99-A5C4-916B57A6805C} - C:\Program Files\Techland\Common\InternetTranslator\InternetTranslator.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - F:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - F:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: Zaznaczanie HP Smart - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O13 - Gopher Prefix:
O15 - Trusted IP range: http://83.14.117.14
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {7D30109B-DD2B-4339-BE80-1CD48723C2BC} (LiveX(v6.0.1.0)) - http://83.14.117.14:81/cab/Live.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game02.zylom.com/activex/zylomgamesplayer.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wpmsg - {2E0AC5A0-3597-11D6-B3ED-0001021DC1C3} - C:\Program Files\Spik\url_wpmsg.dll
O20 - AppInit_DLLs: APSHook.dll,C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll,C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O23 - Service: Acronis OS Selector Reinstall Service (AcronisOSSReinstallSvc) - Unknown owner - C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe (file missing)
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe
--
End of file - 10366 bytes
#5
Napisano 08 11 2008 - 10:29
ComboFix 08-11-07.01 - marek 2008-11-08 9:10:27.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1250.1.1045.18.1039 [GMT 1:00]
Uruchomiony z: C:\Users\marek\Desktop\ComboFix.exe
* Utworzono nowy punkt przywracania
.
((((((((((((((((((((((((( Pliki utworzone od 2008-10-08 do 2008-11-08 )))))))))))))))))))))))))))))))
.
2008-11-05 19:21 . 2008-11-05 19:21 <DIR> d-------- C:\Users\All Users\WEBREG
2008-11-05 19:21 . 2008-11-05 19:21 <DIR> d-------- C:\ProgramData\WEBREG
2008-11-05 19:17 . 2008-11-05 19:17 <DIR> d-------- C:\Users\All Users\HP Product Assistant
2008-11-05 19:17 . 2008-11-05 19:17 <DIR> d-------- C:\ProgramData\HP Product Assistant
2008-11-05 19:17 . 2008-11-05 19:17 <DIR> d-------- C:\Program Files\Common Files\Hewlett-Packard
2008-11-05 19:14 . 2007-10-30 10:11 729,088 --a------ C:\Windows\System32\hpowiax7.dll
2008-11-05 19:14 . 2007-10-30 10:11 581,632 --a------ C:\Windows\System32\hpotscl6.dll
2008-11-05 19:14 . 2007-10-30 10:25 372,736 --a------ C:\Windows\System32\hppldcoi.dll
2008-11-05 19:14 . 2007-10-30 10:11 303,104 --a------ C:\Windows\System32\hpovst15.dll
2008-11-05 19:14 . 2007-11-08 15:52 271,704 --a------ C:\Windows\System32\hpzids01.dll
2008-11-05 19:14 . 2007-10-20 18:25 117,760 --a------ C:\Windows\System32\hpzll5mu.dll
2008-11-05 19:11 . 2008-11-05 19:24 169,236 --a------ C:\Windows\hpoins27.dat
2008-11-02 15:44 . 2008-11-02 16:25 <DIR> d-------- C:\Users\HONIA\AppData\Roaming\smc
2008-11-02 11:02 . 2008-11-02 11:04 <DIR> d-------- C:\Users\marek\AppData\Roaming\smc
2008-11-01 17:23 . 2008-11-01 17:23 <DIR> d-------- C:\Users\All Users\Arkan Ball
2008-11-01 17:23 . 2008-11-01 17:23 <DIR> d-------- C:\ProgramData\Arkan Ball
2008-11-01 13:11 . 2008-11-01 13:11 50 --a------ C:\Windows\Commando.dat
2008-10-29 19:18 . 2008-10-29 19:18 <DIR> d-------- C:\Program Files\Xvid
2008-10-29 18:30 . 2008-10-29 18:30 <DIR> d--h----- C:\Windows\PIF
2008-10-29 18:02 . 2008-10-29 18:02 1,527 --a------ C:\Windows\System32\sdbackup.reg
2008-10-29 12:47 . 2008-09-18 05:56 147,456 --a------ C:\Windows\System32\Faultrep.dll
2008-10-29 12:47 . 2008-09-18 05:56 125,952 --a------ C:\Windows\System32\wersvc.dll
2008-10-29 12:46 . 2008-08-12 04:39 443,392 --a------ C:\Windows\System32\win32spl.dll
2008-10-28 14:59 . 2008-08-05 10:49 428,544 --a------ C:\Windows\System32\EncDec.dll
2008-10-28 14:59 . 2008-08-05 10:49 293,376 --a------ C:\Windows\System32\psisdecd.dll
2008-10-28 14:59 . 2008-08-05 10:48 217,088 --a------ C:\Windows\System32\psisrndr.ax
2008-10-28 14:59 . 2008-08-05 10:48 177,664 --a------ C:\Windows\System32\mpg2splt.ax
2008-10-28 14:59 . 2008-08-05 10:48 80,896 --a------ C:\Windows\System32\MSNP.ax
2008-10-25 10:01 . 2008-10-25 10:01 412 --a------ C:\Windows\ODBC.INI
2008-10-25 09:57 . 2008-10-25 09:57 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-10-19 12:19 . 2008-10-19 12:19 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared
2008-10-19 10:11 . 2008-10-19 10:11 <DIR> d-------- C:\Users\All Users\Zylom
2008-10-19 10:11 . 2008-10-19 10:11 <DIR> d-------- C:\ProgramData\Zylom
2008-10-17 08:10 . 2008-10-17 08:10 <DIR> d-------- C:\Users\marek\AppData\Roaming\TuneUp Software
2008-10-17 08:10 . 2008-10-17 08:10 <DIR> d-------- C:\Users\All Users\TuneUp Software
2008-10-17 08:10 . 2008-10-17 08:10 <DIR> d-------- C:\ProgramData\TuneUp Software
2008-10-17 08:10 . 2008-10-17 08:10 361,728 --a------ C:\Windows\System32\TuneUpDefragService.exe
2008-10-17 08:10 . 2008-07-18 14:05 28,416 --a------ C:\Windows\System32\uxtuneup.dll
2008-10-17 08:10 . 2008-07-18 14:05 16,640 --a------ C:\Windows\System32\authuitu.dll
2008-10-17 08:09 . 2008-10-17 08:09 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-10-15 05:43 . 2008-09-18 05:54 3,601,976 --a------ C:\Windows\System32\ntkrnlpa.exe
2008-10-15 05:43 . 2008-09-18 05:54 3,549,752 --a------ C:\Windows\System32\ntoskrnl.exe
2008-10-15 05:43 . 2008-09-18 03:16 2,032,640 --a------ C:\Windows\System32\win32k.sys
2008-10-15 05:43 . 2008-10-02 02:32 1,383,424 --a------ C:\Windows\System32\mshtml.tlb
2008-10-15 05:43 . 2008-10-02 04:49 827,392 --a------ C:\Windows\System32\wininet.dll
2008-10-15 05:43 . 2008-08-27 02:06 288,768 --a------ C:\Windows\System32\drivers\srv.sys
2008-10-12 10:16 . 2008-10-12 10:16 720,896 --a------ C:\Windows\iun6002.exe
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-08 08:20 77,667,104 --sha-w C:\Windows\system32\drivers\fidbox.dat
2008-11-08 08:16 1,047,380 --sha-w C:\Windows\system32\drivers\fidbox.idx
2008-11-08 07:57 --------- d-----w C:\ProgramData\Kaspersky Lab
2008-11-07 16:06 --------- d-----w C:\Users\marek\AppData\Roaming\The Bat!
2008-11-06 14:51 49,159 ----a-w C:\Users\HONIA\AppData\Roaming\nvModes.dat
2008-11-05 18:24 --------- d-----w C:\Users\marek\AppData\Roaming\HP
2008-11-05 18:21 --------- d-----w C:\ProgramData\HP
2008-11-05 18:16 --------- d-----w C:\ProgramData\Hewlett-Packard
2008-11-05 18:13 --------- d-----w C:\Program Files\HP
2008-11-03 19:47 49,159 ----a-w C:\Users\marek\AppData\Roaming\nvModes.dat
2008-11-03 07:57 --------- d-----w C:\Program Files\Spik
2008-10-25 08:42 --------- d-----w C:\ProgramData\Microsoft Help
2008-10-25 08:42 --------- d-----w C:\Program Files\Microsoft Works
2008-10-25 08:41 --------- d-----w C:\Program Files\MSBuild
2008-10-19 11:20 --------- d-----w C:\Program Files\Common Files\Adobe
2008-10-15 18:52 --------- d-----w C:\Program Files\Windows Mail
2008-10-03 16:03 --------- d-----w C:\Users\marek\AppData\Roaming\LimeWire
2008-09-26 18:40 --------- d-----w C:\Users\marek\AppData\Roaming\Corel
2008-09-22 10:28 --------- d-----w C:\Users\marek\AppData\Roaming\Acronis
2008-09-22 08:04 --------- d-----w C:\Program Files\clj1500
2008-09-14 12:01 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-09 15:41 --------- d-----w C:\Program Files\hp deskjet 940c series
2008-09-09 15:37 --------- d-----w C:\Program Files\Hewlett-Packard
2008-04-19 17:57 174 --sha-w C:\Program Files\desktop.ini
2008-05-01 16:08 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-05-01 16:08 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-05-01 16:08 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
2007-11-07 16:24 22 --sha-w C:\Windows\SMINST\HPCD.sys
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-18 22:33 1233920]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-09-15 02:50 1021224]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-02-12 15:37 174872]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 03:27 144784]
"CognizanceTS"="c:\PROGRA~1\BIOSCR~1\VeriSoft\Bin\ASTSVCC.dll" [2003-12-22 19:12 17920]
"SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 02:29 102400]
"Windows Mobile-based device management"="C:\Windows\WindowsMobile\wmdSync.exe" [2006-11-02 10:45 215552]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-11-07 08:05 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-11-07 08:05 8534560]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-11-07 08:05 81920]
"Spik"="C:\Program Files\Spik\Spik.exe" [2008-08-20 13:55 103912]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 15:32 56080 C:\Windows\KHALMNPR.Exe]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-09 18:50 4390912 C:\Windows\RtHDVCpl.exe]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-12-20 12:27:40 719664]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-12-03 15:36:43 692224]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=APSHook.dll,C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll,C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= divxa32.acm
"vidc.mpg4"= C:\Windows\mpg4c32.dll
"vidc.mpg2"= C:\Windows\mpg4c32.dll
"vidc.mpg3"= C:\Windows\mpg4c32.dll
"vidc.GEOX"= C:\Windows\GeoCodec.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli ASWLNPkg
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\Windows\pss\Adobe Reader Speed Launch.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=C:\Windows\pss\Adobe Reader Synchronizer.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^Users^marek^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=C:\Users\marek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=C:\Windows\pss\Adobe Gamma.lnk.Startup
backupExtension=.Startup
[HKLM\~\startupfolder\C:^Users^marek^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk]
path=C:\Users\marek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk
backup=C:\Windows\pss\Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk.Startup
backupExtension=.Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]
--a------ 2007-02-16 18:49 149024 C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcronisTimounterMonitor]
--a------ 2007-02-16 18:57 1945960 C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 21:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]
--a------ 2007-11-15 15:42 498688 F:\program files\SlySoft\AnyDVD\AnyDVD.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2007-09-20 15:35 202024 C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
--a------ 2005-05-19 14:47 57344 F:\program files\SlySoft\CloneCD\CloneCDTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2007-08-29 16:09 171464 f:\program files\DAEMON Tools\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadu-Gadu]
--a------ 2007-11-09 21:16 2119104 F:\program files\gg\Gadu-Gadu\gg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler]
--a------ 2007-03-12 10:54 50696 C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2007-10-14 21:17 49152 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
--a------ 2007-08-22 16:31 80896 C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]
--a------ 2007-03-01 12:18 472776 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2007-01-19 11:54 5674352 C:\PROGRA~1\MSNMES~1\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
--a------ 2007-09-20 09:51 1836328 C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-01 15:57 153136 C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
--a------ 2008-02-26 02:23 443968 f:\program files\Picasa2\PicasaMediaDetector.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl]
--a------ 2007-02-13 10:38 159744 C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
--a------ 2007-04-23 17:11 176128 C:\Program Files\HP\QuickPlay\QPService.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2007-09-13 13:31 22880040 C:\Program Files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
--a------ 2006-10-09 21:43 729088 C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-11-10 19:11 171448 C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe]
--a------ 2007-02-16 18:45 1169776 C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WAWifiMessage]
--a------ 2007-01-10 15:12 317128 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WhenUSearch]
--a------ 2006-08-17 17:29 304504 C:\Program Files\DAEMON Tools SearchBar\Search.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2007-10-10 06:28 36352 F:\program files\winamp\winampa.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
--a------ 2008-01-18 22:38 1008184 C:\Program Files\Windows Defender\MSASCui.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
--a------ 2008-01-18 22:33 202240 C:\Program Files\Windows Media Player\wmpnscfg.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-141594895-3797064947-534855294-1000]
"EnableNotificationsRef"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{DC6B58C1-F27F-46B6-BC49-7F3725435A97}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{A7EE9358-BE7C-43D9-B98E-AFFD8596C1B8}"= C:\Program Files\HP\QuickPlay\QP.exe:Quick Play
"{0C2F0C4D-11B0-449B-B2CE-F9DE879042EA}"= C:\Program Files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{86C6FD2E-6E53-4D94-B5C1-98D8F028CC88}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{908F0F45-71A2-4651-99AE-E96383B8AE76}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{287D558B-D919-4013-8800-D97E6E09E016}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{D825E987-0B45-43DB-A378-0C7C584CFDE5}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{ED4EEFE2-FFB7-4434-922F-F0B46586E9E2}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{CE013BDF-1A7B-454F-9691-936732C3304D}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{7401047F-FC79-4C7A-8FFE-DF9C353CA5CD}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{2B80C3A2-47BC-4DC0-B864-D991EEBD79BF}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{4BF5EE6F-1D01-4A2F-B131-F47AC5045EB1}"= UDP:9639:BitComet 9639 TCP
"{7ABA7EE6-2133-4779-96E0-28A98C8300FE}"= TCP:9639:BitComet 9639 UDP
"{82336A01-D8DF-4266-AE91-3FBA915151D3}"= UDP:F:\program files\LimeWire\LimeWire.exe:LimeWire
"{51770948-67E7-4B18-BF46-452CE4AA028C}"= TCP:F:\program files\LimeWire\LimeWire.exe:LimeWire
"{03C3B61C-B226-4A6D-A8F0-3C9893C7891D}"= Disabled:UDP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"{D3ECBB47-7634-47D8-B9F7-A7C6D8BD1F0F}"= Disabled:TCP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"{DBB7FF53-916A-4A56-8792-6058441BCC41}"= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:hpqtra08.exe
"{384B7349-8BFB-4FA9-B458-DC5D44A01750}"= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:hpqtra08.exe
"{97DD7AD2-29CD-4D32-BA82-8780060DF926}"= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:hpqste08.exe
"{0F42EEAE-6C7C-47A7-8AD9-E68FFEAE8E43}"= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:hpqste08.exe
"{635A383B-1842-4B35-96BD-BEB36ED16C88}"= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:hposid01.exe
"{531244CB-60BA-4BD5-820B-F8D96E06B72F}"= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:hposid01.exe
"{8A3780CB-EB44-414C-8E06-94F538FF6BA5}"= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:hpiscnapp.exe
"{B2E6D3DD-D095-4479-82BC-EBD5E26895DD}"= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:hpiscnapp.exe
"{3E718557-16EC-4126-83E0-FC075A08A36A}"= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:hpqkygrp.exe
"{4CDA5BA8-3E26-47E7-9BB6-151D6C773901}"= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:hpqkygrp.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\system32\DRIVERS\klim6.sys [2007-04-04 14:59 20760]
R2 ASBroker;Logon Session Broker;C:\Windows\System32\svchost.exe [2008-01-18 22:33 21504]
R2 ASChannel;Local Communication Channel;C:\Windows\System32\svchost.exe [2008-01-18 22:33 21504]
R2 UxTuneUp;TuneUp Theme Extension;C:\Windows\System32\svchost.exe [2008-01-18 22:33 21504]
S2 AcronisOSSReinstallSvc;Acronis OS Selector Reinstall Service;C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe [ ]
S3 btwaudio;Urządzenie dźwiękowe Bluetooth;C:\Windows\system32\drivers\btwaudio.sys [2007-01-02 11:45 78128]
S3 btwavdt;Bluetooth AVDT;C:\Windows\system32\drivers\btwavdt.sys [2007-01-02 11:45 80688]
S3 btwrchid;btwrchid;C:\Windows\system32\DRIVERS\btwrchid.sys [2007-01-02 11:45 16560]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\Windows\System32\TuneUpDefragService.exe [2008-10-17 08:10 361728]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
Cognizance REG_MULTI_SZ ASBroker ASChannel
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c770b788-8ec7-11dc-b8cd-001b249a3a5e}]
\shell\AutoRun\command - J:\LaunchU3.exe
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6778F1EE-80BB-4F27-BC69-F91B843782CD}]
C:\Users\marek\AppData\Roaming\Microsoft\cfgmgr.vbs
.
Zawartość folderu 'Zaplanowane zadania'
2008-11-08 C:\Windows\Tasks\Konserwacja jednym kliknięciem.job
- F:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe [2008-08-27 11:09]
2008-11-07 C:\Windows\Tasks\User_Feed_Synchronization-{AE034F30-09DE-49FB-8D97-A684ED7374E5}.job
- C:\Windows\system32\msfeedssync.exe [2008-01-18 22:33]
2008-11-07 C:\Windows\Tasks\User_Feed_Synchronization-{D1BD3C72-0FA2-4595-8385-418482DE272A}.job
- C:\Windows\system32\msfeedssync.exe [2008-01-18 22:33]
.
- - - - USUNIĘTO PUSTE WPISY - - - -
MSConfigStartUp-AAWTray - C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
MSConfigStartUp-AdVantage - C:\Program Files\AdVantage\AdVantage.exe
MSConfigStartUp-BitComet - F:\program files\BitComet\BitComet.exe
MSConfigStartUp-GrooveMonitor - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
.
------- Skan uzupełniający -------
.
O8 -: &Ściągnij przy pomocy FlashGet'a - F:\program files\FlashGet\jc_link.htm
O8 -: &Ściągnij wszystko przy pomocy FlashGet'a - F:\program files\FlashGet\jc_all.htm
O8 -: E&ksport do programu Microsoft Excel - C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 -: Wyślij obraz do urządzenia &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 -: Wyślij stronę do urządzenia &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 -: {B46B0919-62BA-4D99-A5C4-916B57A6805C} - {B46B0919-62BA-4D99-A5C4-916B57A6805C} - C:\Program Files\Techland\Common\InternetTranslator\InternetTranslator.dll
O18 -: Handler: wpmsg - {2E0AC5A0-3597-11D6-B3ED-0001021DC1C3} - C:\Program Files\Spik\url_wpmsg.dll
O16 -: {7D30109B-DD2B-4339-BE80-1CD48723C2BC} - hxxp://83.14.117.14:81/cab/Live.cab
C:\Windows\Downloaded Program Files\LiveX.inf
C:\Windows\STable.xml
C:\Windows\Downloaded Program Files\LiveClient.dll
C:\Windows\Downloaded Program Files\LiveAudio.ocx
C:\Windows\Downloaded Program Files\LiveX.ocx
O16 -: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game02.zylom.com/activex/zylomgamesplayer.cab
C:\Windows\Downloaded Program Files\ZylomGamesPlayer.inf
C:\Windows\Downloaded Program Files\zylomgamesplayer.dll
.
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1250.1.1045.18.1039 [GMT 1:00]
Uruchomiony z: C:\Users\marek\Desktop\ComboFix.exe
* Utworzono nowy punkt przywracania
.
((((((((((((((((((((((((( Pliki utworzone od 2008-10-08 do 2008-11-08 )))))))))))))))))))))))))))))))
.
2008-11-05 19:21 . 2008-11-05 19:21 <DIR> d-------- C:\Users\All Users\WEBREG
2008-11-05 19:21 . 2008-11-05 19:21 <DIR> d-------- C:\ProgramData\WEBREG
2008-11-05 19:17 . 2008-11-05 19:17 <DIR> d-------- C:\Users\All Users\HP Product Assistant
2008-11-05 19:17 . 2008-11-05 19:17 <DIR> d-------- C:\ProgramData\HP Product Assistant
2008-11-05 19:17 . 2008-11-05 19:17 <DIR> d-------- C:\Program Files\Common Files\Hewlett-Packard
2008-11-05 19:14 . 2007-10-30 10:11 729,088 --a------ C:\Windows\System32\hpowiax7.dll
2008-11-05 19:14 . 2007-10-30 10:11 581,632 --a------ C:\Windows\System32\hpotscl6.dll
2008-11-05 19:14 . 2007-10-30 10:25 372,736 --a------ C:\Windows\System32\hppldcoi.dll
2008-11-05 19:14 . 2007-10-30 10:11 303,104 --a------ C:\Windows\System32\hpovst15.dll
2008-11-05 19:14 . 2007-11-08 15:52 271,704 --a------ C:\Windows\System32\hpzids01.dll
2008-11-05 19:14 . 2007-10-20 18:25 117,760 --a------ C:\Windows\System32\hpzll5mu.dll
2008-11-05 19:11 . 2008-11-05 19:24 169,236 --a------ C:\Windows\hpoins27.dat
2008-11-02 15:44 . 2008-11-02 16:25 <DIR> d-------- C:\Users\HONIA\AppData\Roaming\smc
2008-11-02 11:02 . 2008-11-02 11:04 <DIR> d-------- C:\Users\marek\AppData\Roaming\smc
2008-11-01 17:23 . 2008-11-01 17:23 <DIR> d-------- C:\Users\All Users\Arkan Ball
2008-11-01 17:23 . 2008-11-01 17:23 <DIR> d-------- C:\ProgramData\Arkan Ball
2008-11-01 13:11 . 2008-11-01 13:11 50 --a------ C:\Windows\Commando.dat
2008-10-29 19:18 . 2008-10-29 19:18 <DIR> d-------- C:\Program Files\Xvid
2008-10-29 18:30 . 2008-10-29 18:30 <DIR> d--h----- C:\Windows\PIF
2008-10-29 18:02 . 2008-10-29 18:02 1,527 --a------ C:\Windows\System32\sdbackup.reg
2008-10-29 12:47 . 2008-09-18 05:56 147,456 --a------ C:\Windows\System32\Faultrep.dll
2008-10-29 12:47 . 2008-09-18 05:56 125,952 --a------ C:\Windows\System32\wersvc.dll
2008-10-29 12:46 . 2008-08-12 04:39 443,392 --a------ C:\Windows\System32\win32spl.dll
2008-10-28 14:59 . 2008-08-05 10:49 428,544 --a------ C:\Windows\System32\EncDec.dll
2008-10-28 14:59 . 2008-08-05 10:49 293,376 --a------ C:\Windows\System32\psisdecd.dll
2008-10-28 14:59 . 2008-08-05 10:48 217,088 --a------ C:\Windows\System32\psisrndr.ax
2008-10-28 14:59 . 2008-08-05 10:48 177,664 --a------ C:\Windows\System32\mpg2splt.ax
2008-10-28 14:59 . 2008-08-05 10:48 80,896 --a------ C:\Windows\System32\MSNP.ax
2008-10-25 10:01 . 2008-10-25 10:01 412 --a------ C:\Windows\ODBC.INI
2008-10-25 09:57 . 2008-10-25 09:57 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-10-19 12:19 . 2008-10-19 12:19 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared
2008-10-19 10:11 . 2008-10-19 10:11 <DIR> d-------- C:\Users\All Users\Zylom
2008-10-19 10:11 . 2008-10-19 10:11 <DIR> d-------- C:\ProgramData\Zylom
2008-10-17 08:10 . 2008-10-17 08:10 <DIR> d-------- C:\Users\marek\AppData\Roaming\TuneUp Software
2008-10-17 08:10 . 2008-10-17 08:10 <DIR> d-------- C:\Users\All Users\TuneUp Software
2008-10-17 08:10 . 2008-10-17 08:10 <DIR> d-------- C:\ProgramData\TuneUp Software
2008-10-17 08:10 . 2008-10-17 08:10 361,728 --a------ C:\Windows\System32\TuneUpDefragService.exe
2008-10-17 08:10 . 2008-07-18 14:05 28,416 --a------ C:\Windows\System32\uxtuneup.dll
2008-10-17 08:10 . 2008-07-18 14:05 16,640 --a------ C:\Windows\System32\authuitu.dll
2008-10-17 08:09 . 2008-10-17 08:09 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-10-15 05:43 . 2008-09-18 05:54 3,601,976 --a------ C:\Windows\System32\ntkrnlpa.exe
2008-10-15 05:43 . 2008-09-18 05:54 3,549,752 --a------ C:\Windows\System32\ntoskrnl.exe
2008-10-15 05:43 . 2008-09-18 03:16 2,032,640 --a------ C:\Windows\System32\win32k.sys
2008-10-15 05:43 . 2008-10-02 02:32 1,383,424 --a------ C:\Windows\System32\mshtml.tlb
2008-10-15 05:43 . 2008-10-02 04:49 827,392 --a------ C:\Windows\System32\wininet.dll
2008-10-15 05:43 . 2008-08-27 02:06 288,768 --a------ C:\Windows\System32\drivers\srv.sys
2008-10-12 10:16 . 2008-10-12 10:16 720,896 --a------ C:\Windows\iun6002.exe
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-08 08:20 77,667,104 --sha-w C:\Windows\system32\drivers\fidbox.dat
2008-11-08 08:16 1,047,380 --sha-w C:\Windows\system32\drivers\fidbox.idx
2008-11-08 07:57 --------- d-----w C:\ProgramData\Kaspersky Lab
2008-11-07 16:06 --------- d-----w C:\Users\marek\AppData\Roaming\The Bat!
2008-11-06 14:51 49,159 ----a-w C:\Users\HONIA\AppData\Roaming\nvModes.dat
2008-11-05 18:24 --------- d-----w C:\Users\marek\AppData\Roaming\HP
2008-11-05 18:21 --------- d-----w C:\ProgramData\HP
2008-11-05 18:16 --------- d-----w C:\ProgramData\Hewlett-Packard
2008-11-05 18:13 --------- d-----w C:\Program Files\HP
2008-11-03 19:47 49,159 ----a-w C:\Users\marek\AppData\Roaming\nvModes.dat
2008-11-03 07:57 --------- d-----w C:\Program Files\Spik
2008-10-25 08:42 --------- d-----w C:\ProgramData\Microsoft Help
2008-10-25 08:42 --------- d-----w C:\Program Files\Microsoft Works
2008-10-25 08:41 --------- d-----w C:\Program Files\MSBuild
2008-10-19 11:20 --------- d-----w C:\Program Files\Common Files\Adobe
2008-10-15 18:52 --------- d-----w C:\Program Files\Windows Mail
2008-10-03 16:03 --------- d-----w C:\Users\marek\AppData\Roaming\LimeWire
2008-09-26 18:40 --------- d-----w C:\Users\marek\AppData\Roaming\Corel
2008-09-22 10:28 --------- d-----w C:\Users\marek\AppData\Roaming\Acronis
2008-09-22 08:04 --------- d-----w C:\Program Files\clj1500
2008-09-14 12:01 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-09 15:41 --------- d-----w C:\Program Files\hp deskjet 940c series
2008-09-09 15:37 --------- d-----w C:\Program Files\Hewlett-Packard
2008-04-19 17:57 174 --sha-w C:\Program Files\desktop.ini
2008-05-01 16:08 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-05-01 16:08 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-05-01 16:08 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
2007-11-07 16:24 22 --sha-w C:\Windows\SMINST\HPCD.sys
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-18 22:33 1233920]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-09-15 02:50 1021224]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-02-12 15:37 174872]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 03:27 144784]
"CognizanceTS"="c:\PROGRA~1\BIOSCR~1\VeriSoft\Bin\ASTSVCC.dll" [2003-12-22 19:12 17920]
"SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 02:29 102400]
"Windows Mobile-based device management"="C:\Windows\WindowsMobile\wmdSync.exe" [2006-11-02 10:45 215552]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-11-07 08:05 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-11-07 08:05 8534560]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-11-07 08:05 81920]
"Spik"="C:\Program Files\Spik\Spik.exe" [2008-08-20 13:55 103912]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 15:32 56080 C:\Windows\KHALMNPR.Exe]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-09 18:50 4390912 C:\Windows\RtHDVCpl.exe]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-12-20 12:27:40 719664]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-12-03 15:36:43 692224]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=APSHook.dll,C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll,C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= divxa32.acm
"vidc.mpg4"= C:\Windows\mpg4c32.dll
"vidc.mpg2"= C:\Windows\mpg4c32.dll
"vidc.mpg3"= C:\Windows\mpg4c32.dll
"vidc.GEOX"= C:\Windows\GeoCodec.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli ASWLNPkg
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\Windows\pss\Adobe Reader Speed Launch.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=C:\Windows\pss\Adobe Reader Synchronizer.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^Users^marek^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=C:\Users\marek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=C:\Windows\pss\Adobe Gamma.lnk.Startup
backupExtension=.Startup
[HKLM\~\startupfolder\C:^Users^marek^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk]
path=C:\Users\marek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk
backup=C:\Windows\pss\Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk.Startup
backupExtension=.Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]
--a------ 2007-02-16 18:49 149024 C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcronisTimounterMonitor]
--a------ 2007-02-16 18:57 1945960 C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 21:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]
--a------ 2007-11-15 15:42 498688 F:\program files\SlySoft\AnyDVD\AnyDVD.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2007-09-20 15:35 202024 C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
--a------ 2005-05-19 14:47 57344 F:\program files\SlySoft\CloneCD\CloneCDTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2007-08-29 16:09 171464 f:\program files\DAEMON Tools\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadu-Gadu]
--a------ 2007-11-09 21:16 2119104 F:\program files\gg\Gadu-Gadu\gg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler]
--a------ 2007-03-12 10:54 50696 C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2007-10-14 21:17 49152 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
--a------ 2007-08-22 16:31 80896 C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]
--a------ 2007-03-01 12:18 472776 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2007-01-19 11:54 5674352 C:\PROGRA~1\MSNMES~1\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
--a------ 2007-09-20 09:51 1836328 C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-01 15:57 153136 C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
--a------ 2008-02-26 02:23 443968 f:\program files\Picasa2\PicasaMediaDetector.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl]
--a------ 2007-02-13 10:38 159744 C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
--a------ 2007-04-23 17:11 176128 C:\Program Files\HP\QuickPlay\QPService.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2007-09-13 13:31 22880040 C:\Program Files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
--a------ 2006-10-09 21:43 729088 C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-11-10 19:11 171448 C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe]
--a------ 2007-02-16 18:45 1169776 C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WAWifiMessage]
--a------ 2007-01-10 15:12 317128 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WhenUSearch]
--a------ 2006-08-17 17:29 304504 C:\Program Files\DAEMON Tools SearchBar\Search.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2007-10-10 06:28 36352 F:\program files\winamp\winampa.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
--a------ 2008-01-18 22:38 1008184 C:\Program Files\Windows Defender\MSASCui.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
--a------ 2008-01-18 22:33 202240 C:\Program Files\Windows Media Player\wmpnscfg.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-141594895-3797064947-534855294-1000]
"EnableNotificationsRef"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{DC6B58C1-F27F-46B6-BC49-7F3725435A97}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{A7EE9358-BE7C-43D9-B98E-AFFD8596C1B8}"= C:\Program Files\HP\QuickPlay\QP.exe:Quick Play
"{0C2F0C4D-11B0-449B-B2CE-F9DE879042EA}"= C:\Program Files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{86C6FD2E-6E53-4D94-B5C1-98D8F028CC88}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{908F0F45-71A2-4651-99AE-E96383B8AE76}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{287D558B-D919-4013-8800-D97E6E09E016}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{D825E987-0B45-43DB-A378-0C7C584CFDE5}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{ED4EEFE2-FFB7-4434-922F-F0B46586E9E2}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{CE013BDF-1A7B-454F-9691-936732C3304D}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{7401047F-FC79-4C7A-8FFE-DF9C353CA5CD}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{2B80C3A2-47BC-4DC0-B864-D991EEBD79BF}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{4BF5EE6F-1D01-4A2F-B131-F47AC5045EB1}"= UDP:9639:BitComet 9639 TCP
"{7ABA7EE6-2133-4779-96E0-28A98C8300FE}"= TCP:9639:BitComet 9639 UDP
"{82336A01-D8DF-4266-AE91-3FBA915151D3}"= UDP:F:\program files\LimeWire\LimeWire.exe:LimeWire
"{51770948-67E7-4B18-BF46-452CE4AA028C}"= TCP:F:\program files\LimeWire\LimeWire.exe:LimeWire
"{03C3B61C-B226-4A6D-A8F0-3C9893C7891D}"= Disabled:UDP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"{D3ECBB47-7634-47D8-B9F7-A7C6D8BD1F0F}"= Disabled:TCP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"{DBB7FF53-916A-4A56-8792-6058441BCC41}"= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:hpqtra08.exe
"{384B7349-8BFB-4FA9-B458-DC5D44A01750}"= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:hpqtra08.exe
"{97DD7AD2-29CD-4D32-BA82-8780060DF926}"= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:hpqste08.exe
"{0F42EEAE-6C7C-47A7-8AD9-E68FFEAE8E43}"= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:hpqste08.exe
"{635A383B-1842-4B35-96BD-BEB36ED16C88}"= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:hposid01.exe
"{531244CB-60BA-4BD5-820B-F8D96E06B72F}"= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:hposid01.exe
"{8A3780CB-EB44-414C-8E06-94F538FF6BA5}"= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:hpiscnapp.exe
"{B2E6D3DD-D095-4479-82BC-EBD5E26895DD}"= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:hpiscnapp.exe
"{3E718557-16EC-4126-83E0-FC075A08A36A}"= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:hpqkygrp.exe
"{4CDA5BA8-3E26-47E7-9BB6-151D6C773901}"= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:hpqkygrp.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\system32\DRIVERS\klim6.sys [2007-04-04 14:59 20760]
R2 ASBroker;Logon Session Broker;C:\Windows\System32\svchost.exe [2008-01-18 22:33 21504]
R2 ASChannel;Local Communication Channel;C:\Windows\System32\svchost.exe [2008-01-18 22:33 21504]
R2 UxTuneUp;TuneUp Theme Extension;C:\Windows\System32\svchost.exe [2008-01-18 22:33 21504]
S2 AcronisOSSReinstallSvc;Acronis OS Selector Reinstall Service;C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe [ ]
S3 btwaudio;Urządzenie dźwiękowe Bluetooth;C:\Windows\system32\drivers\btwaudio.sys [2007-01-02 11:45 78128]
S3 btwavdt;Bluetooth AVDT;C:\Windows\system32\drivers\btwavdt.sys [2007-01-02 11:45 80688]
S3 btwrchid;btwrchid;C:\Windows\system32\DRIVERS\btwrchid.sys [2007-01-02 11:45 16560]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\Windows\System32\TuneUpDefragService.exe [2008-10-17 08:10 361728]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
Cognizance REG_MULTI_SZ ASBroker ASChannel
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c770b788-8ec7-11dc-b8cd-001b249a3a5e}]
\shell\AutoRun\command - J:\LaunchU3.exe
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6778F1EE-80BB-4F27-BC69-F91B843782CD}]
C:\Users\marek\AppData\Roaming\Microsoft\cfgmgr.vbs
.
Zawartość folderu 'Zaplanowane zadania'
2008-11-08 C:\Windows\Tasks\Konserwacja jednym kliknięciem.job
- F:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe [2008-08-27 11:09]
2008-11-07 C:\Windows\Tasks\User_Feed_Synchronization-{AE034F30-09DE-49FB-8D97-A684ED7374E5}.job
- C:\Windows\system32\msfeedssync.exe [2008-01-18 22:33]
2008-11-07 C:\Windows\Tasks\User_Feed_Synchronization-{D1BD3C72-0FA2-4595-8385-418482DE272A}.job
- C:\Windows\system32\msfeedssync.exe [2008-01-18 22:33]
.
- - - - USUNIĘTO PUSTE WPISY - - - -
MSConfigStartUp-AAWTray - C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
MSConfigStartUp-AdVantage - C:\Program Files\AdVantage\AdVantage.exe
MSConfigStartUp-BitComet - F:\program files\BitComet\BitComet.exe
MSConfigStartUp-GrooveMonitor - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
.
------- Skan uzupełniający -------
.
O8 -: &Ściągnij przy pomocy FlashGet'a - F:\program files\FlashGet\jc_link.htm
O8 -: &Ściągnij wszystko przy pomocy FlashGet'a - F:\program files\FlashGet\jc_all.htm
O8 -: E&ksport do programu Microsoft Excel - C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 -: Wyślij obraz do urządzenia &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 -: Wyślij stronę do urządzenia &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 -: {B46B0919-62BA-4D99-A5C4-916B57A6805C} - {B46B0919-62BA-4D99-A5C4-916B57A6805C} - C:\Program Files\Techland\Common\InternetTranslator\InternetTranslator.dll
O18 -: Handler: wpmsg - {2E0AC5A0-3597-11D6-B3ED-0001021DC1C3} - C:\Program Files\Spik\url_wpmsg.dll
O16 -: {7D30109B-DD2B-4339-BE80-1CD48723C2BC} - hxxp://83.14.117.14:81/cab/Live.cab
C:\Windows\Downloaded Program Files\LiveX.inf
C:\Windows\STable.xml
C:\Windows\Downloaded Program Files\LiveClient.dll
C:\Windows\Downloaded Program Files\LiveAudio.ocx
C:\Windows\Downloaded Program Files\LiveX.ocx
O16 -: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game02.zylom.com/activex/zylomgamesplayer.cab
C:\Windows\Downloaded Program Files\ZylomGamesPlayer.inf
C:\Windows\Downloaded Program Files\zylomgamesplayer.dll
.
#6
Napisano 08 11 2008 - 10:44
Tak na szybkiego wydaje się czysto. Niestety teraz nie mam czasu bo wyjeżdżam.
To mnie zastanawia : SearchFilterHost.exe (to m$, zostawiamy)
Ale to wieczorem, chyba, że Ordynat zaglądnie na forum
Wklej do notatnika :
Plik >>> Zapisz jako >>> Zmień rozszerzenie z TXT na Wszystkie pliki >>> Zapisz pod nazwą FIX.REG Dwuklik i zgodzić się na dodanie do rejestru.
Nie wiem, nie widzę tutaj niczego, co mogłoby powodować wspomniane problemy. Można spróbować pod innymi przeglądarkami.
To mnie zastanawia : SearchFilterHost.exe (to m$, zostawiamy)
Ale to wieczorem, chyba, że Ordynat zaglądnie na forum
Wklej do notatnika :
Windows Registry Editor Version 5.00 [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WhenUSearch]
Plik >>> Zapisz jako >>> Zmień rozszerzenie z TXT na Wszystkie pliki >>> Zapisz pod nazwą FIX.REG Dwuklik i zgodzić się na dodanie do rejestru.
Nie wiem, nie widzę tutaj niczego, co mogłoby powodować wspomniane problemy. Można spróbować pod innymi przeglądarkami.
#7
Napisano 16 11 2008 - 14:43
nie wiem czy to ten combofix czy to co edytowało coś w rejestrze ale jest ok naprawiło sie od paru dni net działa jak ta lala bardzo dziękuję za pomoc
pozdrawiam markomarecki1
pozdrawiam markomarecki1
#8
Napisano 17 11 2008 - 10:16
Proponuję przeskanowanie komputera programem antyspyware, bo bawienie się logiem to lanie wody po suficie
Proponuję program Windows Defender (dla nieposiadających oryginalnego systemu są "pomoce", by zainstalować go).
To chyba na tyle..
Ew. Można jeszcze użyć antywirusa, ale nie używaj Avasta, bo jest słaby, proponuję Kasperskiego lub Nod32.
Proponuję program Windows Defender (dla nieposiadających oryginalnego systemu są "pomoce", by zainstalować go).
To chyba na tyle..
Ew. Można jeszcze użyć antywirusa, ale nie używaj Avasta, bo jest słaby, proponuję Kasperskiego lub Nod32.
Użytkownicy przeglądający ten temat: 1
0 użytkowników, 1 gości, 0 anonimowych