Michal Kawecki pisze:
> Gołym okiem widać, że jakiś proces odtwarza usunięty wpis dot.
> sterownika. Wrzuć pełen skan pozycji Autostart z Gmera.
GMER 1.0.14.14536 - http://www.gmer.net
Autostart scan 2008-11-07 22:41:18
Windows 5.1.2600 Dodatek Service Pack 3
HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows
= %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows
SharedSection=1024,3072,512 Windows=On SubSystemType=Windows
ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3
ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off
MaxRequestThreads=16
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon >>>
@UserinitC:\WINDOWS\system32\userinit.exe, =
C:\WINDOWS\system32\userinit.exe,
@Shellexplorer.exe = explorer.exe
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ >>>
AtiExtEvent@DLLName = Ati2evxx.dll
dimsntfy@DLLName = %SystemRoot%\System32\dimsntfy.dll
HKLM\SYSTEM\CurrentControlSet\Services\ >>>
a2free@ = "C:\Program Files\a-squared Free\a2service.exe"
aawservice@ = "C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe"
Aspi32@ = System32\drivers\aspi32.sys
aswUpdSv@ = "C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"
Ati HotKey Poller@ = %SystemRoot%\system32\Ati2evxx.exe
ATI Smart@ = C:\WINDOWS\system32\ati2sgag.exe
avast! Antivirus@ = "C:\Program Files\Alwil Software\Avast4\ashServ.exe"
Creative Service for CDROM Access@ = C:\WINDOWS\system32\CTsvcCDA.exe
Fax@ = %systemroot%\system32\fxssvc.exe
InCDsrv@ = C:\Program Files\Ahead\InCD\InCDsrv.exe
InteractiveLogon@ = C:\WINDOWS\System32\Fast.exe -service
MSSQL$FORCRM@ = C:\Program Files\Microsoft SQL
Server\MSSQL$FORCRM\Binn\sqlservr.exe -sFORCRM /*file not found*/
MSSQL$PINNACLESYS@ = "C:\Program Files\Pinnacle\MediaServer\Microsoft
SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe" -sPINNACLESYS
O&O Defrag@ = C:\WINDOWS\system32\oodag.exe
PinnacleSys.MediaServer@ = "C:\Program Files\Pinnacle\Shared
Files\Programs\MediaServer\PMSHost.exe"
ScsiPort@ = %SystemRoot%\system32\drivers\scsiport.sys
WinDefend@ = "C:\Program Files\Windows Defender\MsMpEng.exe"
WMDM PMSP Service@ = C:\WINDOWS\system32\MsPMSPSv.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@WOOWATCHC:\PROGRA~1\Wanadoo\Watch.exe = C:\PROGRA~1\Wanadoo\Watch.exe
@SunJavaUpdateSched"C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" =
"C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
@BackgroundSwitcherC:\WINDOWS\System32\bgswitch.exe =
C:\WINDOWS\System32\bgswitch.exe
@CoolSwitchC:\WINDOWS\System32\taskswitch.exe =
C:\WINDOWS\System32\taskswitch.exe
@HP Software Update"C:\Program Files\Hewlett-Packard\HP Software
Update\HPWuSchd2.exe" = "C:\Program Files\Hewlett-Packard\HP Software
Update\HPWuSchd2.exe"
@Jet Detection"C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe" =
"C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
@CTHelperCTHELPER.EXE = CTHELPER.EXE
@ISUSScheduler"C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe" -start
= "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe" -start
@avast!C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe =
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
@UpdateManager"C:\Program Files\Common Files\Sonic\Update
Manager\sgtray.exe" /r = "C:\Program Files\Common Files\Sonic\Update
Manager\sgtray.exe" /r
@BluetoothAuthenticationAgentrundll32.exe
bthprops.cpl,,BluetoothAuthenticationAgent = rundll32.exe
bthprops.cpl,,BluetoothAuthenticationAgent
@Pinnacle WebUpdater"C:\Program Files\Pinnacle\Shared
Files\\Programs\WebUpdater\WebUpdater.exe" -s -f=UpdateVersion.xml
-url=http://cdn.pinnaclesys.com/SupportFiles = "C:\Program
Files\Pinnacle\Shared Files\\Programs\WebUpdater\WebUpdater.exe" -s
-f=UpdateVersion.xml -url=http://cdn.pinnaclesys.com/SupportFiles
@Easy-PrintToolBox"C:\Program
Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" /logon = "C:\Program
Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" /logon
@Windows Defender"C:\Program Files\Windows Defender\MSASCui.exe" -hide =
"C:\Program Files\Windows Defender\MSASCui.exe" -hide
@NeroFilterCheckC:\WINDOWS\system32\NeroCheck.exe =
C:\WINDOWS\system32\NeroCheck.exe
@InCDC:\Program Files\Ahead\InCD\InCD.exe = C:\Program
Files\Ahead\InCD\InCD.exe
@OODefragTrayC:\WINDOWS\system32\oodtray.exe =
C:\WINDOWS\system32\oodtray.exe
@WheelMouseC:\Program Files\A4Tech\Mouse\Amoumain.exe = C:\Program
Files\A4Tech\Mouse\Amoumain.exe
@ATIPTAC:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
= C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
@SkypeRec"C:\Program Files\SkypeRec\SkypeRecorder.exe" /s = "C:\Program
Files\SkypeRec\SkypeRecorder.exe" /s
HKCU\Software\Microsoft\Windows\CurrentVersion\Run >>>
@Skype"C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized =
"C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
@ATI Launchpad"C:\Program Files\ATI Multimedia\main\LaunchPd.exe" =
"C:\Program Files\ATI Multimedia\main\LaunchPd.exe"
@ATI DeviceDetectC:\Program Files\ATI Multimedia\main\ATIDtct.EXE =
C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
@ATI Scheduler"C:\Program Files\ATI Multimedia\main\ATISched.EXE" =
"C:\Program Files\ATI Multimedia\main\ATISched.EXE"
@IdleTimeBackup"C:\WINDY\itbackup.exe" = "C:\WINDY\itbackup.exe"
@Odkurzacz-MCDC:\Program Files\Odkurzacz\odk_mcd.exe = C:\Program
Files\Odkurzacz\odk_mcd.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
>>>
@WebCheck(null) =
@WPDShServiceObjC:\WINDOWS\system32\WPDShServiceObj.dll =
C:\WINDOWS\system32\WPDShServiceObj.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks@{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}
= C:\PROGRA~1\WIFD1F~1\MpShHook.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{42071714-76d4-11d1-8b24-00a0c9068ff3} /*Rozszerzenie CPL kadrowania
wyświetlania*/(null) =
@{32683183-48a0-441b-a342-7c2a440a9478} /*Pasek multimediów*/(null) =
@{E6FB5E20-DE35-11CF-9C87-00AA005127ED} /*WebCheck*/(null) =
@{e57ce731-33e8-4c51-8354-bb4de9d215d1} /*Uniwersalne urządzenia Plug
and Play*/(null) =
@{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} /*Shell Extensions for RealOne
Player*/C:\Program Files\Real\RealPlayer\rpshell.dll = C:\Program
Files\Real\RealPlayer\rpshell.dll
@{472083B0-C522-11CF-8763-00608CC02F24} /*avast*/C:\Program Files\Alwil
Software\Avast4\ashShell.dll = C:\Program Files\Alwil
Software\Avast4\ashShell.dll
@(null) =
@{709C6E11-538F-4759-86AC-6ACB302AA0DE} /*Desktop
Manager*/C:\WINDOWS\System32\msvdm.dll = C:\WINDOWS\System32\msvdm.dll
@{76EDEF4C-1313-11d3-8705-00C04FB16A21} /*Audio Player
backend*/C:\WINDOWS\System32\shplayer.dll = C:\WINDOWS\System32\shplayer.dll
@{1530F7EE-5128-43BD-9977-84A4B0FAD7DF}
/*PhotoToys*/C:\WINDOWS\System32\phototoys.dll =
C:\WINDOWS\System32\phototoys.dll
@{65F411C7-F4EE-11d2-9B7D-00C04FB16A21} /*Audio
Player*/C:\WINDOWS\System32\shplayer.dll = C:\WINDOWS\System32\shplayer.dll
@{efb97cb8-a4a4-4357-a261-002ffaed0267} /*CD Slideshow
Powertoy*/C:\WINDOWS\System32\slideshow.dll =
C:\WINDOWS\System32\slideshow.dll
@{596AB062-B4D2-4215-9F74-E9109B0A8153} /*Previous Versions Property
Page*/C:\WINDOWS\system32\twext.dll = C:\WINDOWS\system32\twext.dll
@{9DB7A13C-F208-4981-8353-73CC61AE2783} /*Previous
Versions*/C:\WINDOWS\system32\twext.dll = C:\WINDOWS\system32\twext.dll
@{692F0339-CBAA-47e6-B5B5-3B84DB604E87} /*Extensions Manager
Folder*/C:\WINDOWS\system32\extmgr.dll = C:\WINDOWS\system32\extmgr.dll
@{A70C977A-BF00-412C-90B7-034C51DA2439} /*NvCpl DesktopContext
Class*/(null) =
@{BB7DF450-F119-11CD-8465-00AA00425D90} /*Microsoft Access Custom Icon
Handler*/C:\Program Files\msaccrt\Access 97\soa800.dll = C:\Program
Files\msaccrt\Access 97\soa800.dll
@{AB77609F-2178-4E6F-9C4B-44AC179D937A} /*a˛ Context Menu Shell
Extension*/(null) =
@{e82a2d71-5b2f-43a0-97b8-81be15854de8} /*ShellLink for Application
References*/C:\WINDOWS\system32\dfshim.dll = C:\WINDOWS\system32\dfshim.dll
@{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} /*Shell Icon Handler for
Application References*/C:\WINDOWS\system32\dfshim.dll =
C:\WINDOWS\system32\dfshim.dll
@{A155339D-CCCD-4714-85EB-3754B804C9DF} /*a-squared Free Shell
Extension*/C:\Program Files\a-squared Free\a2freecontmenu.dll =
C:\Program Files\a-squared Free\a2freecontmenu.dll
@{BD88A479-9623-4897-8546-BC62B9628F44} /*SPTHandler*/(null) =
@{7A4097B2-6022-4670-995F-DA363EBF947F} /*Custom shell context menu
extension*/(null) =
@{35786D3C-B075-49b9-88DD-029876E11C01} /*Portable
Devices*/%SystemRoot%\system32\wpdshext.dll =
%SystemRoot%\system32\wpdshext.dll
@{D6791A63-E7E2-4fee-BF52-5DED8E86E9B8} /*Portable Devices
Menu*/%SystemRoot%\system32\wpdshext.dll =
%SystemRoot%\system32\wpdshext.dll
@{79BC0345-1015-11D2-A299-006008312725} /*blue.shell*/C:\Program
Files\Pinnacle\Studio 10\programs\BlueShellExt.dll = C:\Program
Files\Pinnacle\Studio 10\programs\BlueShellExt.dll
@{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} /*Autoplay for SlideShow*/(null) =
@{F49C55B9-D417-45A1-A6E7-D6E057946280} /*FdmUplShlExt*/(null) =
@{950FF917-7A57-46BC-8017-59D9BF474000} /*Shell Extension for
CDRW*/C:\Program Files\Ahead\InCD\incdshx.dll = C:\Program
Files\Ahead\InCD\incdshx.dll
@{48EAD1E1-ECF2-4a85-AA09-1C44FBEED451}
/*OODefrag*/C:\PROGRA~1\OOSOFT~1\DEFRAG~1\oodsh.dll =
C:\PROGRA~1\OOSOFT~1\DEFRAG~1\oodsh.dll
@{1CC513EE-A20D-4f42-BDAF-4BE42BCDB6EC} /*UIM File
Extension*/C:\WINDOWS\system32\UimExt.dll = C:\WINDOWS\system32\UimExt.dll
@{1CC513AE-A20D-4f42-BDAF-4BE42BCDB6EC} /*UIM Drive
Extension*/C:\WINDOWS\system32\UimExt.dll = C:\WINDOWS\system32\UimExt.dll
@{42042206-2D85-11D3-8CFF-005004838597} /*Microsoft Office HTML Icon
Handler*/C:\Program Files\Microsoft Office\OFFICE11\msohev.dll =
C:\Program Files\Microsoft Office\OFFICE11\msohev.dll
@{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} /*OpenOffice.org Column
Handler*/"C:\Program Files\OpenOffice.org 2.4\program\shlxthdl.dll" =
"C:\Program Files\OpenOffice.org 2.4\program\shlxthdl.dll"
@{087B3AE3-E237-4467-B8DB-5A38AB959AC9} /*OpenOffice.org Infotip
Handler*/"C:\Program Files\OpenOffice.org 2.4\program\shlxthdl.dll" =
"C:\Program Files\OpenOffice.org 2.4\program\shlxthdl.dll"
@{63542C48-9552-494A-84F7-73AA6A7C99C1} /*OpenOffice.org Property Sheet
Handler*/"C:\Program Files\OpenOffice.org 2.4\program\shlxthdl.dll" =
"C:\Program Files\OpenOffice.org 2.4\program\shlxthdl.dll"
@{3B092F0C-7696-40E3-A80F-68D74DA84210} /*OpenOffice.org Thumbnail
Viewer*/"C:\Program Files\OpenOffice.org 2.4\program\shlxthdl.dll" =
"C:\Program Files\OpenOffice.org 2.4\program\shlxthdl.dll"
HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>>
avast@{472083B0-C522-11CF-8763-00608CC02F24} = C:\Program Files\Alwil
Software\Avast4\ashShell.dll
OODefrag@{48EAD1E1-ECF2-4a85-AA09-1C44FBEED451} =
C:\PROGRA~1\OOSOFT~1\DEFRAG~1\oodsh.dll
SPTContMenu@{BD88A479-9623-4897-8546-BC62B9628F44} =
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ >>>
a-squared Free Shell Extension@{A155339D-CCCD-4714-85EB-3754B804C9DF} =
C:\Program Files\a-squared Free\a2freecontmenu.dll
a2FreeContMenu@{A155339D-CCCD-4714-85EB-3754B804C9DF} = C:\Program
Files\a-squared Free\a2freecontmenu.dll
avast@{472083B0-C522-11CF-8763-00608CC02F24} = C:\Program Files\Alwil
Software\Avast4\ashShell.dll
Library@{54F51408-DD44-4a12-82EF-519AD2A80DE9} = C:\Program Files\ATI
Multimedia\mlibrary\MLShell.dll
OODefrag@{48EAD1E1-ECF2-4a85-AA09-1C44FBEED451} =
C:\PROGRA~1\OOSOFT~1\DEFRAG~1\oodsh.dll
SPTContMenu@{BD88A479-9623-4897-8546-BC62B9628F44} =
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper
Objects >>>
@{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}C:\Program Files\Adobe\Acrobat
7.0\ActiveX\AcroIEHelper.dll = C:\Program Files\Adobe\Acrobat
7.0\ActiveX\AcroIEHelper.dll
@{3049C3E9-B461-4BC5-8870-4C09146192CA}C:\Program
Files\Real\RealPlayer\rpbrowserrecordplugin.dll = C:\Program
Files\Real\RealPlayer\rpbrowserrecordplugin.dll
@{53707962-6F74-2D53-2644-206D7942484F}C:\PROGRA~1\SPYBOT~1\SDHelper.dll
= C:\PROGRA~1\SPYBOT~1\SDHelper.dll
@{69A87B7D-DE56-4136-9655-716BA50C19C7}C:\Program Files\Google\Web
Accelerator\GoogleWebAccToolbar.dll = C:\Program Files\Google\Web
Accelerator\GoogleWebAccToolbar.dll
@{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}C:\Program
Files\Java\jre1.6.0_07\bin\ssv.dll = C:\Program
Files\Java\jre1.6.0_07\bin\ssv.dll
@{CC59E0F9-7E43-44FA-9FAA-8377850BF205}C:\Program Files\Free Download
Manager\iefdm2.dll = C:\Program Files\Free Download Manager\iefdm2.dll
HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
= http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
@Start
Pagehttp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
=
http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
HKCU\Software\Microsoft\Internet Explorer\Main@Start Page =
http://www.google.pl/
HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
dvd@CLSID = C:\WINDOWS\system32\msvidctl.dll
its@CLSID = C:\WINDOWS\system32\itss.dll
mhtml@CLSID = %SystemRoot%\System32\inetcomm.dll
ms-its@CLSID = C:\WINDOWS\system32\itss.dll
skype4com@CLSID = C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
tv@CLSID = C:\WINDOWS\system32\msvidctl.dll
wia@CLSID = C:\WINDOWS\System32\wiascr.dll
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000005@LibraryPath
= %SystemRoot%\system32\wshbth.dll
C:\Documents and Settings\Marek\Menu Start\Programy\Autostart >>>
Stickies.lnk = Stickies.lnk
wkcalrem.LNK = wkcalrem.LNK
C:\Documents and Settings\All Users\Menu Start\Programy\Autostart >>>
DTemp.lnk = DTemp.lnk
Firefox Preloader.lnk = Firefox Preloader.lnk
quickstart.exe.lnk = quickstart.exe.lnk
Ralink Wireless Utility.lnk = Ralink Wireless Utility.lnk
TClock.lnk = TClock.lnk
---- EOF - GMER 1.0.14 ----
---------------------------------------------------------------------
Niby nic się nie dzieje ...
ale w końcu korzystam z kompa np. w banku i jestem zaniepokojony
(jestem wdzięczny za zainteresowanie, bo wiek robi swoje w zdobywaniu i
przyswajaniu wiedzy - a to już troszkę za skomplikowane, zwłaszcza, że
to troszkę walka z cieniem)
Pozdrawiam
Bubu
Received on Fri Nov 7 22:50:10 2008
To archiwum zostało wygenerowane przez hypermail 2.1.8 : Fri 07 Nov 2008 - 23:42:01 MET