zamrznutie PC

Zpráva

1danab · #16 Příspěvek od **1danab** » 30 črc 2010 19:35

log není celý...a jestli můžu požádat, nedávejte mi to do Code, děkuji

sky kid · #17 Příspěvek od **sky kid** » 30 črc 2010 20:02

"Silent Runners.vbs", revision 61, http://www.silentrunners.org/
Operating System: Windows XP SP3
Output limited to non-default values, except where indicated by "{++}"

Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" = ""C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"" ["Nero AG"]
"DAEMON Tools Lite" = ""C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun" ["DT Soft Ltd"]
"Google Update" = ""C:\Documents and Settings\Marek\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c" ["Google Inc."]
"LDM" = "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" ["Logitech"]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"CnxDslTaskBar" = ""C:\Program Files\Microcom\ADSL DeskPorte USB\CnxDslTb.exe" "Microcom\ADSL DeskPorte USB"" ["Conexant Systems, Inc."]
"Kernel and Hardware Abstraction Layer" = "KHALMNPR.EXE" ["Logitech, Inc."]
"Adobe Reader Speed Launcher" = ""C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"" ["Adobe Systems Incorporated"]
"Adobe ARM" = ""C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"" ["Adobe Systems Incorporated"]
"StartCCC" = ""C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"" [null data]
"avgnt" = ""C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min" ["Avira GmbH"]
"SunJavaUpdateSched" = ""C:\Program Files\Common Files\Java\Java Update\jusched.exe"" ["Sun Microsystems, Inc."]
"NokiaMServer" = "C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup" ["Nokia"]

HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\
>{26923b43-4d38-484f-9b9e-de460746276c}\(Default) = "Internet Explorer"
\StubPath = "C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig" [MS]
>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}\(Default) = "Outlook Express"
\StubPath = "C:\WINDOWS\system32\shmgrate.exe OCInstallUserConfigOE" [MS]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Adobe PDF Reader Link Helper"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]

{9421DD08-935F-4701-A9CA-22DF90AC4EA6}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Easy Photo Print"
\InProcServer32\(Default) = "C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll" ["SEIKO EPSON CORPORATION / CyCom Technology Corp."]

{DBC80044-A445-435b-BC74-9C25C1C588A9}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Java(tm) Plug-In 2 SSV Helper"
\InProcServer32\(Default) = "C:\Program Files\Java\jre6\bin\jp2ssv.dll" ["Sun Microsystems, Inc."]

{E7E6F031-17CE-4C07-BC86-EABFE594F69C}\(Default) = "JQSIEStartDetectorImpl"
-> {HKLM...CLSID} = "JQSIEStartDetectorImpl Class"
\InProcServer32\(Default) = "C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll" ["Sun Microsystems, Inc."]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension"
-> {HKLM...CLSID} = "Display Panning CPL Extension"
\InProcServer32\(Default) = "deskpan.dll" [file not found]

"{EFA24E62-B078-11d0-89E4-00C04FC9E26E}" = "History Band"
-> {HKLM...CLSID} = "History Band"
\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]

"{B327765E-D724-4347-8B16-78AE18552FC3}" = "NeroDigitalIconHandler"
-> {HKLM...CLSID} = "NeroDigitalIconHandler Class"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]

"{7F1CF152-04F8-453A-B34C-E609530A9DC8}" = "NeroDigitalPropSheetHandler"
-> {HKLM...CLSID} = "NeroDigitalPropSheetHandler Class"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]

"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" ["Alexander Roshal"]

"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"
-> {HKLM...CLSID} = "Outlook File Icon Extension"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\OLKFSTUB.DLL" [MS]

"{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"
-> {HKLM...CLSID} = "Microsoft Office Outlook"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\MLSHEXT.DLL" [MS]

"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\msohevi.dll" [MS]

"{993BE281-6695-4BA5-8A2A-7AACBFAAB69E}" = "Microsoft Office Metadata Handler"
-> {HKLM...CLSID} = "Microsoft Office Metadata Handler"
\InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS]

"{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97}" = "Microsoft Office Thumbnail Handler"
-> {HKLM...CLSID} = "Microsoft Office Thumbnail Handler"
\InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS]

"{A5110426-177D-4e08-AB3F-785F10B4439C}" = "Sony Ericsson File Manager"
-> {HKLM...CLSID} = "Sony Ericsson File Manager"
\InProcServer32\(Default) = "C:\Program Files\Sony Ericsson\Mobile2\File Manager\fmgrgui.dll" ["Sony Ericsson Mobile Communications AB"]

"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}" = "iTunes"
-> {HKLM...CLSID} = "iTunes"
\InProcServer32\(Default) = "C:\Program Files\iTunes\iTunesMiniPlayer.dll" ["Apple Inc."]

"{5E2121EE-0300-11D4-8D3B-444553540000}" = "Catalyst Context Menu extension"
-> {HKLM...CLSID} = "SimpleShlExt Class"
\InProcServer32\(Default) = "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll" [null data]

"{45AC2688-0253-4ED8-97DE-B5370FA7D48A}" = "Shell Extension for Malware scanning"
-> {HKLM...CLSID} = "Shell Extension for Malware scanning"
\InProcServer32\(Default) = "C:\Program Files\Avira\AntiVir Desktop\shlext.dll" ["Avira GmbH"]

"{472083B0-C522-11CF-8763-00608CC02F24}" = "avast"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast5\ashShell.dll" ["AVAST Software"]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\

"WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
-> {HKLM...CLSID} = "WPDShServiceObj Class"
\InProcServer32\(Default) = "C:\WINDOWS\system32\wpdshserviceobj.dll" [MS]

HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\
<<!>> "BootExecute" = "autocheck autochk *"|"lsdelete" [null data]

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
<<!>> AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."]

HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\

<<!>> text/xml\CLSID = "{807563E5-5146-11D5-A672-00B0D022E945}"
-> {HKLM...CLSID} = "Microsoft Office InfoPath XML Mime Filter"
\InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL" [MS]

HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\

<<!>> bw+0\CLSID = "{cd7e0184-bd4a-4e3a-9713-7764acbe7b00}"
-> {HKLM...CLSID} = "BackWeb Proactive Portal Pluggable Protocol"
\InProcServer32\(Default) = "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll" ["BackWeb Technologies Inc. "]

<<!>> bw+0s\CLSID = "{cd7e0184-bd4a-4e3a-9713-7764acbe7b00}"
-> {HKLM...CLSID} = "BackWeb Proactive Portal Pluggable Protocol"
\InProcServer32\(Default) = "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll" ["BackWeb Technologies Inc. "]

<<!>> bw-0\CLSID = "{cd7e0184-bd4a-4e3a-9713-7764acbe7b00}"
-> {HKLM...CLSID} = "BackWeb Proactive Portal Pluggable Protocol"
\InProcServer32\(Default) = "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll" ["BackWeb Technologies Inc. "]

<<!>> bw-0s\CLSID = "{cd7e0184-bd4a-4e3a-9713-7764acbe7b00}"
-> {HKLM...CLSID} = "BackWeb Proactive Portal Pluggable Protocol"
\InProcServer32\(Default) = "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll" ["BackWeb Technologies Inc. "]

<<!>> bw00\CLSID = "{cd7e0184-bd4a-4e3a-9713-7764acbe7b00}"
-> {HKLM...CLSID} = "BackWeb Proactive Portal Pluggable Protocol"
\InProcServer32\(Default) = "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll" ["BackWeb Technologies Inc. "]

<<!>> bw00s\CLSID = "{cd7e0184-bd4a-4e3a-9713-7764acbe7b00}"
-> {HKLM...CLSID} = "BackWeb Proactive Portal Pluggable Protocol"
\InProcServer32\(Default) = "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll" ["BackWeb Technologies Inc. "]

<<!>> bw10\CLSID = "{cd7e0184-bd4a-4e3a-9713-7764acbe7b00}"
-> {HKLM...CLSID} = "BackWeb Proactive Portal Pluggable Protocol"
\InProcServer32\(Default) = "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll" ["BackWeb Technologies Inc. "]

<<!>> bw10s\CLSID = "{cd7e0184-bd4a-4e3a-9713-7764acbe7b00}"
-> {HKLM...CLSID} = "BackWeb Proactive Portal Pluggable Protocol"
\InProcServer32\(Default) = "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll" ["BackWeb Technologies Inc. "]

<<!>> bw20\CLSID = "{cd7e0184-bd4a-4e3a-9713-7764acbe7b00}"
-> {HKLM...CLSID} = "BackWeb Proactive Portal Pluggable Protocol"
\InProcServer32\(Default) = "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll" ["BackWeb Technologies Inc. "]

<<!>> bw20s\CLSID = "{cd7e0184-bd4a-4e3a-9713-7764acbe7b00}"
-> {HKLM...CLSID} = "BackWeb Proactive Portal Pluggable Protocol"
\InProcServer32\(Default) = "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll" ["BackWeb Technologies Inc. "]

<<!>> bw30\CLSID = "{cd7e0184-bd4a-4e3a-9713-7764acbe7b00}"
-> {HKLM...CLSID} = "BackWeb Proactive Portal Pluggable Protocol"
\InProcServer32\(Default) = "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll" ["BackWeb Technologies Inc. "]

<<!>> bw30s\CLSID = "{cd7e0184-bd4a-4e3a-9713-7764acbe7b00}"
-> {HKLM...CLSID} = "BackWeb Proactive Portal Pluggable Protocol"
\InProcServer32\(Default) = "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll" ["BackWeb Technologies Inc. "]

<<!>> bw40\CLSID = "{cd7e0184-bd4a-4e3a-9713-7764acbe7b00}"
-> {HKLM...CLSID} = "BackWeb Proactive Portal Pluggable Protocol"
\InProcServer32\(Default) = "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll" ["BackWeb Technologies Inc. "]

<<!>> bw40s\CLSID = "{cd7e0184-bd4a-4e3a-9713-7764acbe7b00}"
-> {HKLM...CLSID} = "BackWeb Proactive Portal Pluggable Protocol"
\InProcServer32\(Default) = "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll" ["BackWeb Technologies Inc. "]

<<!>> bw50\CLSID = "{cd7e0184-bd4a-4e3a-9713-7764acbe7b00}"
-> {HKLM...CLSID} = "BackWeb Proactive Portal Pluggable Protocol"
\InProcServer32\(Default) = "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll" ["BackWeb Technologies Inc. "]

<<!>> bw50s\CLSID = "{cd7e0184-bd4a-4e3a-9713-7764acbe7b00}"
-> {HKLM...CLSID} = "BackWeb Proactive Portal Pluggable Protocol"
\InProcServer32\(Default) = "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll" ["BackWeb Technologies Inc. "]

<<!>> bw60\CLSID = "{cd7e0184-bd4a-4e3a-9713-7764acbe7b00}"
-> {HKLM...CLSID} = "BackWeb Proactive Portal Pluggable Protocol"
\InProcServer32\(Default) = "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll" ["BackWeb Technologies Inc. "]

<<!>> bw60s\CLSID = "{cd7e0184-bd4a-4e3a-9713-7764acbe7b00}"
-> {HKLM...CLSID} = "BackWeb Proactive Portal Pluggable Protocol"
\InProcServer32\(Default) = "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll" ["BackWeb Technologies Inc. "]

<<!>> bw70\CLSID = "{cd7e0184-bd4a-4e3a-9713-7764acbe7b00}"
-> {HKLM...CLSID} = "BackWeb Proactive Portal Pluggable Protocol"
\InProcServer32\(Default) = "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll" ["BackWeb Technologies Inc. "]

<<!>> bw70s\CLSID = "{cd7e0184-bd4a-4e3a-9713-7764acbe7b00}"
-> {HKLM...CLSID} = "BackWeb Proactive Portal Pluggable Protocol"
\InProcServer32\(Default) = "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll" ["BackWeb Technologies Inc. "]

<<!>> bw80\CLSID = "{cd7e0184-bd4a-4e3a-9713-7764acbe7b00}"
-> {HKLM...CLSID} = "BackWeb Proactive Portal Pluggable Protocol"
\InProcServer32\(Default) = "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll" ["BackWeb Technologies Inc. "]

<<!>> bw80s\CLSID = "{cd7e0184-bd4a-4e3a-9713-7764acbe7b00}"
-> {HKLM...CLSID} = "BackWeb Proactive Portal Pluggable Protocol"
\InProcServer32\(Default) = "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll" ["BackWeb Technologies Inc. "]

<<!>> bw90\CLSID = "{cd7e0184-bd4a-4e3a-9713-7764acbe7b00}"
-> {HKLM...CLSID} = "BackWeb Proactive Portal Pluggable Protocol"
\InProcServer32\(Default) = "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll" ["BackWeb Technologies Inc. "]

<<!>> bw90s\CLSID = "{cd7e0184-bd4a-4e3a-9713-7764acbe7b00}"
-> {HKLM...CLSID} = "BackWeb Proactive Portal Pluggable Protocol"
\InProcServer32\(Default) = "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll" ["BackWeb Technologies Inc. "]

<<!>> bwa0\CLSID = "{cd7e0184-bd4a-4e3a-9713-7764acbe7b00}"
-> {HKLM...CLSID} = "BackWeb Proactive Portal Pluggable Protocol"
\InProcServer32\(Default) = "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll" ["BackWeb Technologies Inc. "]

<<!>> bwa0s\CLSID = "{cd7e0184-bd4a-4e3a-9713-7764acbe7b00}"
-> {HKLM...CLSID} = "BackWeb Proactive Portal Pluggable Protocol"
\InProcServer32\(Default) = "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll" ["BackWeb Technologies Inc. "]

<<!>> bwb0\CLSID = "{cd7e0184-bd4a-4e3a-9713-7764acbe7b00}"
-> {HKLM...CLSID} = "BackWeb Proactive Portal Pluggable Protocol"
\InProcServer32\(Default) = "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll" ["BackWeb Technologies Inc. "]

<<!>> bwb0s\CLSID = "{cd7e0184-bd4a-4e3a-9713-7764acbe7b00}"
-> {HKLM...CLSID} = "BackWeb Proactive Portal Pluggable Protocol"
\InProcServer32\(Default) = "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll" ["BackWeb Technologies Inc. "]

<<!>> bwc0\CLSID = "{cd7e0184-bd4a-4e3a-9713-7764acbe7b00}"
-> {HKLM...CLSID} = "BackWeb Proactive Portal Pluggable Protocol"
\InProcServer32\(Default) = "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll" ["BackWeb Technologies Inc. "]

<<!>> bwc0s\CLSID = "{cd7e0184-bd4a-4e3a-9713-7764acbe7b00}"
-> {HKLM...CLSID} = "BackWeb Proactive Portal Pluggable Protocol"
\InProcServer32\(Default) = "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll" ["BackWeb Technologies Inc. "]

<<!>> bwd0\CLSID = "{cd7e0184-bd4a-4e3a-9713-7764acbe7b00}"
-> {HKLM...CLSID} = "BackWeb Proactive Portal Pluggable Protocol"
\InProcServer32\(Default) = "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll" ["BackWeb Technologies Inc. "]

<<!>> bwd0s\CLSID = "{cd7e0184-bd4a-4e3a-9713-7764acbe7b00}"
-> {HKLM...CLSID} = "BackWeb Proactive Portal Pluggable Protocol"
\InProcServer32\(Default) = "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll" ["BackWeb Technologies Inc. "]

<<!>> bwe0\CLSID = "{cd7e0184-bd4a-4e3a-9713-7764acbe7b00}"
-> {HKLM...CLSID} = "BackWeb Proactive Portal Pluggable Protocol"
\InProcServer32\(Default) = "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll" ["BackWeb Technologies Inc. "]

<<!>> bwe0s\CLSID = "{cd7e0184-bd4a-4e3a-9713-7764acbe7b00}"
-> {HKLM...CLSID} = "BackWeb Proactive Portal Pluggable Protocol"
\InProcServer32\(Default) = "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll" ["BackWeb Technologies Inc. "]

<<!>> bwf0\CLSID = "{cd7e0184-bd4a-4e3a-9713-7764acbe7b00}"
-> {HKLM...CLSID} = "BackWeb Proactive Portal Pluggable Protocol"
\InProcServer32\(Default) = "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll" ["BackWeb Technologies Inc. "]

<<!>> bwf0s\CLSID = "{cd7e0184-bd4a-4e3a-9713-7764acbe7b00}"
-> {HKLM...CLSID} = "BackWeb Proactive Portal Pluggable Protocol"
\InProcServer32\(Default) = "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll" ["BackWeb Technologies Inc. "]

<<!>> bwfile-8876480\CLSID = "{9462A756-7B47-47BC-8C80-C34B9B80B32B}"
-> {HKLM...CLSID} = "BackWeb GA Pluggable Protocol"
\InProcServer32\(Default) = "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll" ["BackWeb Technologies Inc. "]

<<!>> bwg0\CLSID = "{cd7e0184-bd4a-4e3a-9713-7764acbe7b00}"
-> {HKLM...CLSID} = "BackWeb Proactive Portal Pluggable Protocol"
\InProcServer32\(Default) = "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll" ["BackWeb Technologies Inc. "]

<<!>> bwg0s\CLSID = "{cd7e0184-bd4a-4e3a-9713-7764acbe7b00}"
-> {HKLM...CLSID} = "BackWeb Proactive Portal Pluggable Protocol"
\InProcServer32\(Default) = "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll" ["BackWeb Technologies Inc. "]

<<!>> bwh0\CLSID = "{cd7e0184-bd4a-4e3a-9713-7764acbe7b00}"
-> {HKLM...CLSID} = "BackWeb Proactive Portal Pluggable Protocol"
\InProcServer32\(Default) = "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll" ["BackWeb Technologies Inc. "]

<<!>> bwh0s\CLSID = "{cd7e0184-bd4a-4e3a-9713-7764acbe7b00}"
-> {HKLM...CLSID} = "BackWeb Proactive Portal Pluggable Protocol"
\InProcServer32\(Default) = "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll" ["BackWeb Technologies Inc. "]

<<!>> bwi0\CLSID = "{cd7e0184-bd4a-4e3a-9713-7764acbe7b00}"
-> {HKLM...CLSID} = "BackWeb Proactive Portal Pluggable Protocol"
\InProcServer32\(Default) = "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll" ["BackWeb Technologies Inc. "]

<<!>> bwi0s\CLSID = "{cd7e0184-bd4a-4e3a-9713-7764acbe7b00}"
-> {HKLM...CLSID} = "BackWeb Proactive Portal Pluggable Protocol"
\InProcServer32\(Default) = "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll" ["BackWeb Technologies Inc. "]

<<!>> bwj0\CLSID = "{cd7e0184-bd4a-4e3a-9713-7764acbe7b00}"
-> {HKLM...CLSID} = "BackWeb Proactive Portal Pluggable Protocol"
\InProcServer32\(Default) = "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll" ["BackWeb Technologies Inc. "]

<<!>> bwj0s\CLSID = "{cd7e0184-bd4a-4e3a-9713-7764acbe7b00}"
-> {HKLM...CLSID} = "BackWeb Proactive Portal Pluggable Protocol"
\InProcServer32\(Default) = "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll" ["BackWeb Technologies Inc. "]

<<!>> bwk0\CLSID = "{cd7e0184-bd4a-4e3a-9713-7764acbe7b00}"
-> {HKLM...CLSID} = "BackWeb Proactive Portal Pluggable Protocol"
\InProcServer32\(Default) = "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll" ["BackWeb Technologies Inc. "]

<<!>> bwk0s\CLSID = "{cd7e0184-bd4a-4e3a-9713-7764acbe7b00}"
-> {HKLM...CLSID} = "BackWeb Proactive Portal Pluggable Protocol"
\InProcServer32\(Default) = "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll" ["BackWeb Technologies Inc. "]

<<!>> bwl0\CLSID = "{cd7e0184-bd4a-4e3a-9713-7764acbe7b00}"
-> {HKLM...CLSID} = "BackWeb Proactive Portal Pluggable Protocol"
\InProcServer32\(Default) = "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll" ["BackWeb Technologies Inc. "]

<<!>> bwl0s\CLSID = "{cd7e0184-bd4a-4e3a-9713-7764acbe7b00}"
-> {HKLM...CLSID} = "BackWeb Proactive Portal Pluggable Protocol"
\InProcServer32\(Default) = "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll" ["BackWeb Technologies Inc. "]

<<!>> bwm0\CLSID = "{cd7e0184-bd4a-4e3a-9713-7764acbe7b00}"
-> {HKLM...CLSID} = "BackWeb Proactive Portal Pluggable Protocol"
\InProcServer32\(Default) = "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll" ["BackWeb Technologies Inc. "]

<<!>> bwm0s\CLSID = "{cd7e0184-bd4a-4e3a-9713-7764acbe7b00}"
-> {HKLM...CLSID} = "BackWeb Proactive Portal Pluggable Protocol"
\InProcServer32\(Default) = "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll" ["BackWeb Technologies Inc. "]

<<!>> bwn0\CLSID = "{cd7e0184-bd4a-4e3a-9713-7764acbe7b00}"
-> {HKLM...CLSID} = "BackWeb Proactive Portal Pluggable Protocol"
\InProcServer32\(Default) = "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll" ["BackWeb Technologies Inc. "]

<<!>> bwn0s\CLSID = "{cd7e0184-bd4a-4e3a-9713-7764acbe7b00}"
-> {HKLM...CLSID} = "BackWeb Proactive Portal Pluggable Protocol"
\InProcServer32\(Default) = "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll" ["BackWeb Technologies Inc. "]

<<!>> bwo0\CLSID = "{cd7e0184-bd4a-4e3a-9713-7764acbe7b00}"
-> {HKLM...CLSID} = "BackWeb Proactive Portal Pluggable Protocol"
\InProcServer32\(Default) = "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll" ["BackWeb Technologies Inc. "]

<<!>> bwo0s\CLSID = "{cd7e0184-bd4a-4e3a-9713-7764acbe7b00}"
-> {HKLM...CLSID} = "BackWeb Proactive Portal Pluggable Protocol"
\InProcServer32\(Default) = "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll" ["BackWeb Technologies Inc. "]

<<!>> bwp0\CLSID = "{cd7e0184-bd4a-4e3a-9713-7764acbe7b00}"
-> {HKLM...CLSID} = "BackWeb Proactive Portal Pluggable Protocol"
\InProcServer32\(Default) = "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll" ["BackWeb Technologies Inc. "]

<<!>> bwp0s\CLSID = "{cd7e0184-bd4a-4e3a-9713-7764acbe7b00}"
-> {HKLM...CLSID} = "BackWeb Proactive Portal Pluggable Protocol"
\InProcServer32\(Default) = "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll" ["BackWeb Technologies Inc. "]

<<!>> bwq0\CLSID = "{cd7e0184-bd4a-4e3a-9713-7764acbe7b00}"
-> {HKLM...CLSID} = "BackWeb Proactive Portal Pluggable Protocol"
\InProcServer32\(Default) = "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll" ["BackWeb Technologies Inc. "]

<<!>> bwq0s\CLSID = "{cd7e0184-bd4a-4e3a-9713-7764acbe7b00}"
-> {HKLM...CLSID} = "BackWeb Proactive Portal Pluggable Protocol"
\InProcServer32\(Default) = "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll" ["BackWeb Technologies Inc. "]

<<!>> bwr0\CLSID = "{cd7e0184-bd4a-4e3a-9713-7764acbe7b00}"
-> {HKLM...CLSID} = "BackWeb Proactive Portal Pluggable Protocol"
\InProcServer32\(Default) = "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll" ["BackWeb Technologies Inc. "]

<<!>> bwr0s\CLSID = "{cd7e0184-bd4a-4e3a-9713-7764acbe7b00}"
-> {HKLM...CLSID} = "BackWeb Proactive Portal Pluggable Protocol"
\InProcServer32\(Default) = "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll" ["BackWeb Technologies Inc. "]

<<!>> bws0\CLSID = "{cd7e0184-bd4a-4e3a-9713-7764acbe7b00}"
-> {HKLM...CLSID} = "BackWeb Proactive Portal Pluggable Protocol"
\InProcServer32\(Default) = "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll" ["BackWeb Technologies Inc. "]

<<!>> bws0s\CLSID = "{cd7e0184-bd4a-4e3a-9713-7764acbe7b00}"
-> {HKLM...CLSID} = "BackWeb Proactive Portal Pluggable Protocol"
\InProcServer32\(Default) = "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll" ["BackWeb Technologies Inc. "]

<<!>> bwt0\CLSID = "{cd7e0184-bd4a-4e3a-9713-7764acbe7b00}"
-> {HKLM...CLSID} = "BackWeb Proactive Portal Pluggable Protocol"
\InProcServer32\(Default) = "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll" ["BackWeb Technologies Inc. "]

<<!>> bwt0s\CLSID = "{cd7e0184-bd4a-4e3a-9713-7764acbe7b00}"
-> {HKLM...CLSID} = "BackWeb Proactive Portal Pluggable Protocol"
\InProcServer32\(Default) = "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll" ["BackWeb Technologies Inc. "]

<<!>> bwu0\CLSID = "{cd7e0184-bd4a-4e3a-9713-7764acbe7b00}"
-> {HKLM...CLSID} = "BackWeb Proactive Portal Pluggable Protocol"
\InProcServer32\(Default) = "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll" ["BackWeb Technologies Inc. "]

<<!>> bwu0s\CLSID = "{cd7e0184-bd4a-4e3a-9713-7764acbe7b00}"
-> {HKLM...CLSID} = "BackWeb Proactive Portal Pluggable Protocol"
\InProcServer32\(Default) = "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll" ["BackWeb Technologies Inc. "]

<<!>> bwv0\CLSID = "{cd7e0184-bd4a-4e3a-9713-7764acbe7b00}"
-> {HKLM...CLSID} = "BackWeb Proactive Portal Pluggable Protocol"
\InProcServer32\(Default) = "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll" ["BackWeb Technologies Inc. "]

<<!>> bwv0s\CLSID = "{cd7e0184-bd4a-4e3a-9713-7764acbe7b00}"
-> {HKLM...CLSID} = "BackWeb Proactive Portal Pluggable Protocol"
\InProcServer32\(Default) = "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll" ["BackWeb Technologies Inc. "]

<<!>> bww0\CLSID = "{cd7e0184-bd4a-4e3a-9713-7764acbe7b00}"
-> {HKLM...CLSID} = "BackWeb Proactive Portal Pluggable Protocol"
\InProcServer32\(Default) = "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll" ["BackWeb Technologies Inc. "]

<<!>> bww0s\CLSID = "{cd7e0184-bd4a-4e3a-9713-7764acbe7b00}"
-> {HKLM...CLSID} = "BackWeb Proactive Portal Pluggable Protocol"
\InProcServer32\(Default) = "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll" ["BackWeb Technologies Inc. "]

<<!>> bwx0\CLSID = "{cd7e0184-bd4a-4e3a-9713-7764acbe7b00}"
-> {HKLM...CLSID} = "BackWeb Proactive Portal Pluggable Protocol"
\InProcServer32\(Default) = "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll" ["BackWeb Technologies Inc. "]

<<!>> bwx0s\CLSID = "{cd7e0184-bd4a-4e3a-9713-7764acbe7b00}"
-> {HKLM...CLSID} = "BackWeb Proactive Portal Pluggable Protocol"
\InProcServer32\(Default) = "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll" ["BackWeb Technologies Inc. "]

<<!>> bwy0\CLSID = "{cd7e0184-bd4a-4e3a-9713-7764acbe7b00}"
-> {HKLM...CLSID} = "BackWeb Proactive Portal Pluggable Protocol"
\InProcServer32\(Default) = "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll" ["BackWeb Technologies Inc. "]

<<!>> bwy0s\CLSID = "{cd7e0184-bd4a-4e3a-9713-7764acbe7b00}"
-> {HKLM...CLSID} = "BackWeb Proactive Portal Pluggable Protocol"
\InProcServer32\(Default) = "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll" ["BackWeb Technologies Inc. "]

<<!>> bwz0\CLSID = "{cd7e0184-bd4a-4e3a-9713-7764acbe7b00}"
-> {HKLM...CLSID} = "BackWeb Proactive Portal Pluggable Protocol"
\InProcServer32\(Default) = "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll" ["BackWeb Technologies Inc. "]

<<!>> bwz0s\CLSID = "{cd7e0184-bd4a-4e3a-9713-7764acbe7b00}"
-> {HKLM...CLSID} = "BackWeb Proactive Portal Pluggable Protocol"
\InProcServer32\(Default) = "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll" ["BackWeb Technologies Inc. "]

<<!>> ms-help\CLSID = "{314111c7-a502-11d2-bbca-00c04f8ec294}"
-> {HKLM...CLSID} = "HxProtocol Class"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll" [MS]

<<!>> offline-8876480\CLSID = "{CD7E0184-BD4A-4E3A-9713-7764ACBE7B00}"
-> {HKLM...CLSID} = "BackWeb Proactive Portal Pluggable Protocol"
\InProcServer32\(Default) = "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll" ["BackWeb Technologies Inc. "]

<<!>> skype4com\CLSID = "{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D}"
-> {HKLM...CLSID} = "IEProtocolHandler Class"
\InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL" ["Skype Technologies"]

HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\

avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast5\ashShell.dll" ["AVAST Software"]

EPP\(Default) = "{3F3B81BE-529B-40b9-8189-6666B241ADFA}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Epson Software\Easy Photo Print\EPPShell.dll" ["SEIKO EPSON CORPORATION"]

LavasoftShellExt\(Default) = "{DCE027F7-16A4-4BEE-9BE7-74F80EE3738F}"
-> {HKLM...CLSID} = "Lavasoft Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Lavasoft\Ad-Aware\ShellExt.dll" [null data]

Shell Extension for Malware scanning\(Default) = "{45AC2688-0253-4ED8-97DE-B5370FA7D48A}"
-> {HKLM...CLSID} = "Shell Extension for Malware scanning"
\InProcServer32\(Default) = "C:\Program Files\Avira\AntiVir Desktop\shlext.dll" ["Avira GmbH"]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" ["Alexander Roshal"]

{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208}\(Default) = (no title provided)
-> {HKLM...CLSID} = "NBShellHook Class"
\InProcServer32\(Default) = "C:\Program Files\Nero\Nero 7\Nero BackItUp\NBShell.dll" ["Nero AG"]

HKLM\SOFTWARE\Classes\*\shellex\DragDropHandlers\

NBShellHook\(Default) = "{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208}"
-> {HKLM...CLSID} = "NBShellHook Class"
\InProcServer32\(Default) = "C:\Program Files\Nero\Nero 7\Nero BackItUp\NBShell.dll" ["Nero AG"]

HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" ["Alexander Roshal"]

HKLM\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\

A5110426-177D-4e08-AB3F-785F10B4439C\(Default) = "{A5110426-177D-4e08-AB3F-785F10B4439C}"
-> {HKLM...CLSID} = "Sony Ericsson File Manager"
\InProcServer32\(Default) = "C:\Program Files\Sony Ericsson\Mobile2\File Manager\fmgrgui.dll" ["Sony Ericsson Mobile Communications AB"]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" ["Alexander Roshal"]

HKLM\SOFTWARE\Classes\Directory\Background\shellex\ContextMenuHandlers\

ACE\(Default) = "{5E2121EE-0300-11D4-8D3B-444553540000}"
-> {HKLM...CLSID} = "SimpleShlExt Class"
\InProcServer32\(Default) = "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll" [null data]

HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\

{7D4D6379-F301-4311-BEBA-E26EB0561882}\(Default) = "NeroDigitalExt.NeroDigitalColumnHandler"
-> {HKLM...CLSID} = "NeroDigitalColumnHandler Class"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]

{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
-> {HKLM...CLSID} = "PDF Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]

HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\

avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast5\ashShell.dll" ["AVAST Software"]

LavasoftShellExt\(Default) = "{DCE027F7-16A4-4BEE-9BE7-74F80EE3738F}"
-> {HKLM...CLSID} = "Lavasoft Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Lavasoft\Ad-Aware\ShellExt.dll" [null data]

Shell Extension for Malware scanning\(Default) = "{45AC2688-0253-4ED8-97DE-B5370FA7D48A}"
-> {HKLM...CLSID} = "Shell Extension for Malware scanning"
\InProcServer32\(Default) = "C:\Program Files\Avira\AntiVir Desktop\shlext.dll" ["Avira GmbH"]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" ["Alexander Roshal"]

{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208}\(Default) = (no title provided)
-> {HKLM...CLSID} = "NBShellHook Class"
\InProcServer32\(Default) = "C:\Program Files\Nero\Nero 7\Nero BackItUp\NBShell.dll" ["Nero AG"]

HKLM\SOFTWARE\Classes\Folder\shellex\DragDropHandlers\

A5110426-177D-4e08-AB3F-785F10B4439C\(Default) = "{A5110426-177D-4e08-AB3F-785F10B4439C}"
-> {HKLM...CLSID} = "Sony Ericsson File Manager"
\InProcServer32\(Default) = "C:\Program Files\Sony Ericsson\Mobile2\File Manager\fmgrgui.dll" ["Sony Ericsson Mobile Communications AB"]

NBShellHook\(Default) = "{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208}"
-> {HKLM...CLSID} = "NBShellHook Class"
\InProcServer32\(Default) = "C:\Program Files\Nero\Nero 7\Nero BackItUp\NBShell.dll" ["Nero AG"]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" ["Alexander Roshal"]

Default executables:
--------------------

<<!>> HKLM\SOFTWARE\Classes\.com\(Default) = "ComFile"

Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------

Note: detected settings may not have any effect.

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\

"NoDrives" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\

"NoDrives" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\

"DisableRegistryTools" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\Marek\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"

Enabled Screen Saver:
---------------------

HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\system32\scrnsave.scr" [MS]

Windows Portable Device AutoPlay Handlers
-----------------------------------------

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\

iTunesBurnCDOnArrival\
"Provider" = "iTunes"
"InvokeProgID" = "iTunes.BurnCD"
"InvokeVerb" = "burn"
HKLM\SOFTWARE\Classes\iTunes.BurnCD\shell\burn\command\(Default) = ""C:\Program Files\iTunes\iTunes.exe" /AutoPlayBurn "%L"" ["Apple Inc."]

iTunesImportSongsOnArrival\
"Provider" = "iTunes"
"InvokeProgID" = "iTunes.ImportSongsOnCD"
"InvokeVerb" = "import"
HKLM\SOFTWARE\Classes\iTunes.ImportSongsOnCD\shell\import\command\(Default) = ""C:\Program Files\iTunes\iTunes.exe" /AutoPlayImportSongs "%L"" ["Apple Inc."]

iTunesPlaySongsOnArrival\
"Provider" = "iTunes"
"InvokeProgID" = "iTunes.PlaySongsOnCD"
"InvokeVerb" = "play"
HKLM\SOFTWARE\Classes\iTunes.PlaySongsOnCD\shell\play\command\(Default) = ""C:\Program Files\iTunes\iTunes.exe" /playCD "%L"" ["Apple Inc."]

iTunesShowSongsOnArrival\
"Provider" = "iTunes"
"InvokeProgID" = "iTunes.ShowSongsOnCD"
"InvokeVerb" = "showsongs"
HKLM\SOFTWARE\Classes\iTunes.ShowSongsOnCD\shell\showsongs\command\(Default) = ""C:\Program Files\iTunes\iTunes.exe" /AutoPlayShowSongs "%L"" ["Apple Inc."]

MSWPDShellNamespaceHandler\
"Provider" = "@%SystemRoot%\System32\WPDShextRes.dll,-501"
"CLSID" = "{A55803CC-4D53-404c-8557-FD63DBA95D24}"
"InitCmdLine" = " "
-> {HKLM...CLSID} = "WPDShextAutoplay"
\LocalServer32\(Default) = "C:\WINDOWS\system32\WPDShextAutoplay.exe" [MS]

NeroAutoPlay7AudioToNeroDigital\
"Provider" = "Nero Burning ROM"
"InvokeProgID" = "Nero.AutoPlay7"
"InvokeVerb" = "AudioToNeroDigital_PlayCDAudioOnArrival"
HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\AudioToNeroDigital_PlayCDAudioOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Core\nero.exe /Dialog:SaveTracks %L" ["Nero AG"]

NeroAutoPlay7CDAudio\
"Provider" = "Nero Express"
"InvokeProgID" = "Nero.AutoPlay7"
"InvokeVerb" = "CDAudio_HandleCDBurningOnArrival"
HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\CDAudio_HandleCDBurningOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Core\nero.exe -w /New:AudioCD" ["Nero AG"]

NeroAutoPlay7CopyCD\
"Provider" = "Nero Burning ROM"
"InvokeProgID" = "Nero.AutoPlay7"
"InvokeVerb" = "CopyCD_PlayMusicFilesOnArrival"
HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\CopyCD_PlayMusicFilesOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Core\nero.exe /Dialog:DiscCopy %L" ["Nero AG"]

NeroAutoPlay7DataDisc\
"Provider" = "Nero Express"
"InvokeProgID" = "Nero.AutoPlay7"
"InvokeVerb" = "DataDisc_HandleCDBurningOnArrival"
HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\DataDisc_HandleCDBurningOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Core\nero.exe -w /New:ISODisc" ["Nero AG"]

NeroAutoPlay7LaunchNeroStartSmart\
"Provider" = "Nero StartSmart"
"InvokeProgID" = "Nero.AutoPlay7"
"InvokeVerb" = "LaunchNeroStartSmart_HandleCDBurningOnArrival"
HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\LaunchNeroStartSmart_HandleCDBurningOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Nero StartSmart\NeroStartSmart.exe /AutoPlay" ["Nero AG"]

NeroAutoPlay7PlayAudioCD\
"Provider" = "Nero ShowTime"
"InvokeProgID" = "Nero.AutoPlay7"
"InvokeVerb" = "PlayAudioCD_PlayMusicFilesOnArrival"
HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\PlayAudioCD_PlayMusicFilesOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe /Play %L" ["Nero AG"]

NeroAutoPlay7PlayDVD\
"Provider" = "Nero ShowTime"
"InvokeProgID" = "Nero.AutoPlay7"
"InvokeVerb" = "PlayDVD_PlayVideoFilesOnArrival"
HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\PlayDVD_PlayVideoFilesOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe /Play %L" ["Nero AG"]

NeroAutoPlay7RipCD\
"Provider" = "Nero Burning ROM"
"InvokeProgID" = "Nero.AutoPlay7"
"InvokeVerb" = "RipCD_PlayCDAudioOnArrival"
HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\RipCD_PlayCDAudioOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Core\nero.exe /Dialog:SaveTracks %L" ["Nero AG"]

NeroAutoPlay7TranscodeVideo\
"Provider" = "Nero Recode"
"InvokeProgID" = "Nero.AutoPlay7"
"InvokeVerb" = "TranscodeVideo_PlayDVDMovieOnArrival"
HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\TranscodeVideo_PlayDVDMovieOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Nero Recode\Recode.exe /New:CopyDVDVideo" ["Nero AG"]

NeroAutoPlay7VideoCapture\
"Provider" = "Nero Vision"
"ProgID" = "Shell.HWEventHandlerShellExecute"
"InitCmdLine" = ""C:\Program Files\Nero\Nero 7\Nero Vision\NeroVision.exe" /New:VideoCapture"
HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = "{FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}"
-> {HKLM...CLSID} = "ShellExecute HW Event Handler"
\LocalServer32\(Default) = "rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" [MS]

NeroAutoPlay7ViewPhotos\
"Provider" = "Nero PhotoSnap Viewer"
"InvokeProgID" = "Nero.AutoPlay7"
"InvokeVerb" = "ViewPhotos_ShowPicturesOnArrival"
HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\ViewPhotos_ShowPicturesOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Nero PhotoSnap\PhotoSnapViewer.exe /" ["Nero AG"]

NokiaMusicBurnCD\
"Provider" = "Nokia Music"
"InvokeProgID" = "NokiaMusic.Autoplay"
"InvokeVerb" = "BurnCD"
HKLM\SOFTWARE\Classes\NokiaMusic.Autoplay\shell\BurnCD\command\(Default) = ""C:\Program Files\Nokia\Nokia Music\NokiaMusic.exe" /command:burn %L /device:cd %L" [null data]

NokiaMusicPlayCD\
"Provider" = "Nokia Music"
"InvokeProgID" = "NokiaMusic.Autoplay"
"InvokeVerb" = "PlayCD"
HKLM\SOFTWARE\Classes\NokiaMusic.Autoplay\shell\PlayCD\command\(Default) = ""C:\Program Files\Nokia\Nokia Music\NokiaMusic.exe" /command:playcd %L /device:cd %L" [null data]

NokiaMusicRipCD\
"Provider" = "Nokia Music"
"InvokeProgID" = "NokiaMusic.Autoplay"
"InvokeVerb" = "RipCD"
HKLM\SOFTWARE\Classes\NokiaMusic.Autoplay\shell\RipCD\command\(Default) = ""C:\Program Files\Nokia\Nokia Music\NokiaMusic.exe" /command:rip %L /device:cd %L" [null data]

NokiaMusicViewCD\
"Provider" = "Nokia Music"
"InvokeProgID" = "NokiaMusic.Autoplay"
"InvokeVerb" = "ViewCD"
HKLM\SOFTWARE\Classes\NokiaMusic.Autoplay\shell\ViewCD\command\(Default) = ""C:\Program Files\Nokia\Nokia Music\NokiaMusic.exe" /device:cd %L" [null data]

NokiaMusicViewDevice\
"Provider" = "Nokia Music"
"ProgID" = "NokiaMusic.Autoplay"
HKLM\SOFTWARE\Classes\NokiaMusic.Autoplay\CLSID\(Default) = "{546811A4-510D-4E15-9679-DD6A27C5CCB3}"
-> {HKLM...CLSID} = "Nokia Music"
\LocalServer32\(Default) = "C:\Program Files\Nokia\Nokia Music\NokiaMusic.exe" [null data]

NPAutoPlayHandler\
"Provider" = "Nokia Photos"
"InvokeProgID" = "NPAutoPlay"
"InvokeVerb" = "import"
HKLM\SOFTWARE\Classes\NPAutoPlay\shell\import\command\(Default) = "C:\Program Files\Nokia\Nokia Photos\NokiaPhotos2.exe -import %1" [null data]

TVPPlayDVDMovieOnArrival\
"Provider" = "Total Video Player"
"InvokeProgID" = "totalplayer.dvd"
"InvokeVerb" = "open"
HKLM\SOFTWARE\Classes\totalplayer.dvd\shell\open\command\(Default) = "C:\Program Files\Total Video Converter\tvp.exe -dvd %1" [file not found]

VLCPlayCDAudioOnArrival\
"Provider" = "VideoLAN VLC media player"
"InvokeProgID" = "VLC.CDAudio"
"InvokeVerb" = "play"
HKLM\SOFTWARE\Classes\VLC.CDAudio\shell\play\command\(Default) = "C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file cdda://%1" ["the VideoLAN Team"]

VLCPlayDVDMovieOnArrival\
"Provider" = "VideoLAN VLC media player"
"InvokeProgID" = "VLC.DVDMovie"
"InvokeVerb" = "play"
HKLM\SOFTWARE\Classes\VLC.DVDMovie\shell\play\command\(Default) = "C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file dvd://%1" ["the VideoLAN Team"]

Startup items in "Marek" & "All Users" startup folders:
-------------------------------------------------------

C:\Documents and Settings\Marek\Start Menu\Programs\Startup
"Arctosa" -> shortcut to: "C:\Program Files\Razer\Arctosa\razerhid.exe" ["Razer USA Ltd."]
"AvastUI" -> shortcut to: "C:\Program Files\Alwil Software\Avast5\AvastUI.exe" ["AVAST Software"]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
"Logitech Desktop Messenger" -> shortcut to: "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe /start" ["Logitech"]
"SetPointII" -> shortcut to: "C:\Program Files\Logitech\SetPoint II\SetpointII.exe" ["Logitech Inc."]

Enabled Scheduled Tasks:
------------------------

"GoogleUpdateTaskMachineCore" -> launches: "C:\Program Files\Google\Update\GoogleUpdate.exe /c" ["Google Inc."]
"GoogleUpdateTaskMachineUA" -> launches: "C:\Program Files\Google\Update\GoogleUpdate.exe /ua /installsource scheduler" ["Google Inc."]
"GoogleUpdateTaskUserS-1-5-21-790525478-746137067-1606980848-1003Core" -> launches: "C:\Documents and Settings\Marek\Local Settings\Application Data\Google\Update\GoogleUpdate.exe /c" ["Google Inc."]
"GoogleUpdateTaskUserS-1-5-21-790525478-746137067-1606980848-1003UA" -> launches: "C:\Documents and Settings\Marek\Local Settings\Application Data\Google\Update\GoogleUpdate.exe /ua /installsource scheduler" ["Google Inc."]
"OGALogon" -> launches: "C:\WINDOWS\system32\OGAEXEC.exe /batch" [MS]
"RegCure Program Check" -> launches: "C:\Program Files\RegCure\RegCure.exe ShowReminders" [null data]
"RegCure" -> launches: "C:\Program Files\RegCure\RegCure.exe -t" [null data]

Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000004\LibraryPath = "C:\Program Files\Bonjour\mdnsNSP.dll" ["Apple Inc."]

Transport Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 17
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05

sky kid · #18 Příspěvek od **sky kid** » 30 črc 2010 20:03

pokracovanie, sprava mala viac ako 60000 znakov

Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\

"{F2CF5485-4E02-4F68-819C-B92DE9277049}"
-> {HKLM...CLSID} = "&Links"
\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]

HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\
"{9421DD08-935F-4701-A9CA-22DF90AC4EA6}" = "EPTBL"
-> {HKLM...CLSID} = "Easy Photo Print"
\InProcServer32\(Default) = "C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll" ["SEIKO EPSON CORPORATION / CyCom Technology Corp."]

Explorer Bars

HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\

HKLM\SOFTWARE\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Zdroje informácií"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL" [MS]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}\
"ButtonText" = "ICQ7.2"
"MenuText" = "ICQ7.2"
"Exec" = "C:\Program Files\ICQ7.2\ICQ.exe" ["ICQ, LLC."]

{92780B25-18CC-41C8-B9BE-3C9C571A8263}\
"ButtonText" = "Research"

{E2E2DD38-D088-4134-82B7-F2BA38496583}\
"MenuText" = "@xpsp3res.dll,-20001"
"Exec" = "%windir%\Network Diagnostic\xpnetdiag.exe" [MS]

{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]

Miscellaneous IE Hijack Points
------------------------------

HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\
<<H>> "Tabs" = "C:\Documents and Settings\All Users\Application Data\ICQ\ICQNewTab\newTab.html" [null data]

Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

Ati HotKey Poller, Ati HotKey Poller, "C:\WINDOWS\system32\Ati2evxx.exe" ["ATI Technologies Inc."]
avast! Antivirus, avast! Antivirus, ""C:\Program Files\Alwil Software\Avast5\AvastSvc.exe"" ["AVAST Software"]
avast! Mail Scanner, avast! Mail Scanner, ""C:\Program Files\Alwil Software\Avast5\AvastSvc.exe"" ["AVAST Software"]
avast! Web Scanner, avast! Web Scanner, ""C:\Program Files\Alwil Software\Avast5\AvastSvc.exe"" ["AVAST Software"]
Avira AntiVir Guard, AntiVirService, ""C:\Program Files\Avira\AntiVir Desktop\avguard.exe"" ["Avira GmbH"]
Avira AntiVir Scheduler, AntiVirSchedulerService, ""C:\Program Files\Avira\AntiVir Desktop\sched.exe"" ["Avira GmbH"]
Bonjour Service, Bonjour Service, ""C:\Program Files\Bonjour\mDNSResponder.exe"" ["Apple Inc."]
Java Quick Starter, JavaQuickStarterService, ""C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf"" ["Sun Microsystems, Inc."]
Windows Driver Foundation - User-mode Driver Framework, WudfSvc, "C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup" {"C:\WINDOWS\System32\WUDFSvc.dll" [MS]}

Safe Mode Drivers & Services (subkey name, subkey default value):
-----------------------------------------------------------------

HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\

<<!>> Lavasoft Ad-Aware Service, "Service"
<<!>> WdfLoadGroup, (title not found)

HKLM\System\CurrentControlSet\Control\SafeBoot\Network\

<<!>> Lavasoft Ad-Aware Service, "Service"
<<!>> WdfLoadGroup, (title not found)

Print Monitors:
---------------

HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\
EPSON SX410 Series 32MonitorBE\Driver = "E_FLBFCE.DLL" ["SEIKO EPSON CORPORATION"]

---------- (launch time: 2010-07-30 19:40:20)
<<!>>: Suspicious data at a malware launch point.
<<H>>: Suspicious data at a browser hijack point.

+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
took 187 seconds.
---------- (total run time: 365 seconds)

1danab · #19 Příspěvek od **1danab** » 30 črc 2010 20:37

C:\WINDOWS\system32\OGAEXEC.exe otestujte na VIRUSTOTALu
link s výsledkem sem

sky kid · #20 Příspěvek od **sky kid** » 30 črc 2010 21:09

Antivirus Verze Poslední aktualizace Výsledek
AhnLab-V3 2010.07.30.00 2010.07.29 -
AntiVir 8.2.4.32 2010.07.30 -
Antiy-AVL 2.0.3.7 2010.07.30 -
Authentium 5.2.0.5 2010.07.30 -
Avast 4.8.1351.0 2010.07.30 -
Avast5 5.0.332.0 2010.07.30 -
AVG 9.0.0.851 2010.07.30 -
BitDefender 7.2 2010.07.30 -
CAT-QuickHeal 11.00 2010.07.30 -
ClamAV 0.96.0.3-git 2010.07.30 -
Comodo 5590 2010.07.30 -
DrWeb 5.0.2.03300 2010.07.30 -
Emsisoft 5.0.0.34 2010.07.30 -
eSafe 7.0.17.0 2010.07.29 -
eTrust-Vet 36.1.7751 2010.07.30 -
F-Prot 4.6.1.107 2010.07.30 -
Fortinet 4.1.143.0 2010.07.30 -
GData 21 2010.07.30 -
Ikarus T3.1.1.84.0 2010.07.30 -
Jiangmin 13.0.900 2010.07.29 -
Kaspersky 7.0.0.125 2010.07.30 -
McAfee 5.400.0.1158 2010.07.30 -
McAfee-GW-Edition 2010.1 2010.07.30 -
Microsoft 1.6004 2010.07.30 -
NOD32 5327 2010.07.30 -
Norman 6.05.11 2010.07.30 -
nProtect 2010-07-30.02 2010.07.30 -
Panda 10.0.2.7 2010.07.30 -
PCTools 7.0.3.5 2010.07.30 -
Prevx 3.0 2010.07.30 -
Rising 22.58.04.05 2010.07.30 -
Sophos 4.56.0 2010.07.30 -
Sunbelt 6665 2010.07.30 -
Symantec 20101.1.1.7 2010.07.30 -
TheHacker 6.5.2.1.328 2010.07.30 -
TrendMicro 9.120.0.1004 2010.07.30 -
TrendMicro-HouseCall 9.120.0.1004 2010.07.30 -
VBA32 3.12.12.7 2010.07.30 -
ViRobot 2010.7.30.3963 2010.07.30 -
VirusBuster 5.0.27.0 2010.07.30 -
Rozšiřující informace
File size: 230768 bytes
MD5...: ec9b420801d3d7f82388267d13d0f89b
SHA1..: 4e0786050745e895666afd86c34b79598cd612fb
SHA256: 83c543605bdd1b000e0b029cd7b9bd76c445b5cec57616ba8131bad7c810ed2a
ssdeep: 3072:5XVzWBDSDyfSlo4bVjQ8UIx9Zy+Q3l4s9DP5nrUy2hGh0o/Z+s+9Wt4IHgS
S/urf:pDKOo4bVcXbllxU4j+s+as2m6
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x1f984
timedatestamp.....: 0x4a775c96 (Mon Aug 03 21:54:30 2009)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x311a5 0x31200 5.78 ba6096bc177f300b6b2b0c5b3a69f284
.data 0x33000 0x3629 0x3800 1.42 bc465762e1ee093fe1fdad78b860b1e9
.rsrc 0x37000 0x390 0x400 2.94 b6d564e5d86a4f60a634a90560ffbc24
.reloc 0x38000 0x1ab0 0x1c00 6.65 92c92fd4e336dddbcf0f1e994ede2741

( 10 imports )
> ADVAPI32.dll: RegCloseKey, CheckTokenMembership, EqualSid, GetAce, GetAclInformation, GetSecurityDescriptorDacl, AdjustTokenPrivileges, LookupPrivilegeValueW, SetNamedSecurityInfoW, GetSecurityDescriptorControl, ConvertStringSecurityDescriptorToSecurityDescriptorW, GetFileSecurityW, RegOpenKeyExW, RegQueryValueExW, RegDeleteValueW, CreateProcessAsUserW, DuplicateTokenEx, OpenProcessToken, ConvertStringSidToSidW, RegEnumValueW, RegEnumKeyW, RegDeleteKeyW, RegCreateKeyExW, RegSetValueExW, OpenThreadToken, GetTokenInformation, GetLengthSid, CopySid, LookupAccountNameW, RegOpenKeyExA, RegQueryValueExA, RegQueryInfoKeyW
> KERNEL32.dll: HeapSetInformation, InterlockedExchange, GetExitCodeProcess, LoadLibraryW, InitializeCriticalSectionAndSpinCount, GetCurrentProcess, DeleteFileA, MoveFileA, GetTempPathA, ReadProcessMemory, GetSystemDirectoryA, DeviceIoControl, GetComputerNameW, CreateFileA, FlushFileBuffers, GetFileSize, ReadFile, GetSystemDirectoryW, Sleep, CreateMutexW, OpenMutexW, WaitForSingleObject, ExpandEnvironmentStringsW, LocalAlloc, GetModuleFileNameW, ReleaseMutex, CreateDirectoryW, CreateFileW, WriteFile, SetFileAttributesW, LocalFree, GetFileAttributesW, GetVersionExW, lstrcmpiW, GetSystemTime, SystemTimeToFileTime, GetLastError, CloseHandle, TryEnterCriticalSection, HeapFree, GetVersionExA, HeapAlloc, GetProcessHeap, GetStartupInfoW, SetUnhandledExceptionFilter, GetProcAddress, GetModuleHandleA, ExitProcess, GetStdHandle, GetModuleFileNameA, FreeEnvironmentStringsA, MultiByteToWideChar, GetEnvironmentStrings, FreeEnvironmentStringsW, GetEnvironmentStringsW, GetCommandLineA, GetCommandLineW, SetHandleCount, GetFileType, GetStartupInfoA, DeleteCriticalSection, TlsGetValue, TlsAlloc, TlsSetValue, TlsFree, InterlockedIncrement, SetLastError, GetCurrentThreadId, InterlockedDecrement, GetCurrentThread, HeapDestroy, HeapCreate, VirtualFree, QueryPerformanceCounter, GetTickCount, GetCurrentProcessId, GetSystemTimeAsFileTime, TerminateProcess, UnhandledExceptionFilter, IsDebuggerPresent, GetCPInfo, GetACP, GetOEMCP, IsValidCodePage, EnterCriticalSection, LeaveCriticalSection, HeapSize, VirtualAlloc, HeapReAlloc, FreeLibrary, LoadLibraryA, InitializeCriticalSection, RtlUnwind, SetFilePointer, WideCharToMultiByte, GetConsoleCP, GetConsoleMode, LCMapStringA, LCMapStringW, GetStringTypeA, GetStringTypeW, GetUserDefaultLCID, GetLocaleInfoA, SetStdHandle, WriteConsoleA, GetConsoleOutputCP, WriteConsoleW, GetVersion, VirtualProtect
> CRYPT32.dll: CryptUnprotectData, CryptProtectData
> WININET.dll: HttpQueryInfoA, InternetCloseHandle, InternetQueryOptionA, HttpEndRequestA, InternetSetOptionW, InternetOpenA, InternetConnectA, HttpOpenRequestA, HttpSendRequestExA, InternetWriteFile
> VERSION.dll: GetFileVersionInfoW, GetFileVersionInfoSizeW, VerQueryValueW
> WTSAPI32.dll: WTSEnumerateSessionsW, WTSQueryUserToken, WTSFreeMemory
> USERENV.dll: CreateEnvironmentBlock, DestroyEnvironmentBlock
> ole32.dll: StringFromGUID2, CoCreateGuid, CoInitializeEx, CoUninitialize, CoCreateInstance, CoSetProxyBlanket, CLSIDFromProgID
> OLEAUT32.dll: -, -, -, -, -, -
> USER32.dll: GetSystemMetrics

( 0 exports )
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: Microsoft Corporation
Microsoft Code Signing PCA
Microsoft Root Authority
signing date.: 12:08 AM 8/4/2009
verified.....: -

1danab · #21 Příspěvek od **1danab** » 30 črc 2010 23:46

stáhněte T-Cleaner zde http://sweb.cz/Marinus/T-Cleaner.exe
spusťte, až po vás bude chtít potvrzení, dejte Ano a nechte ho pracovat...sám uklidí po předchozích programech

poté stáhněte a uložte nejlépe na plochu nově aktualizovaný ComboFix a postupujte jak bylo již výše napsáno...log samozřejmě sem

sky kid · #22 Příspěvek od **sky kid** » 31 črc 2010 01:06

ComboFix 10-07-30.01 - Marek 31.07.2010 1:46.3.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1033.18.1534.992 [GMT 2:00]
Running from: c:\documents and settings\Marek\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((( Files Created from 2010-06-28 to 2010-07-30 )))))))))))))))))))))))))))))))
.

2010-07-29 18:59 . 2010-07-30 23:33 -------- d-----w- c:\program files\trend micro
2010-07-28 16:56 . 2010-07-28 16:56 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2010-07-28 16:56 . 2010-07-28 16:56 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-07-27 22:46 . 2010-07-27 22:46 -------- d-----w- c:\documents and settings\rodina\Local Settings\Application Data\Mozilla
2010-07-27 22:42 . 2010-07-27 22:42 503808 ----a-w- c:\documents and settings\rodina\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-5cf02ac1-n\msvcp71.dll
2010-07-27 22:42 . 2010-07-27 22:42 499712 ----a-w- c:\documents and settings\rodina\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-5cf02ac1-n\jmc.dll
2010-07-27 22:42 . 2010-07-27 22:42 12800 ----a-w- c:\documents and settings\rodina\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-71532691-n\decora-d3d.dll
2010-07-27 22:42 . 2010-07-27 22:42 348160 ----a-w- c:\documents and settings\rodina\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-5cf02ac1-n\msvcr71.dll
2010-07-27 22:42 . 2010-07-27 22:42 61440 ----a-w- c:\documents and settings\rodina\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-71532691-n\decora-sse.dll
2010-07-27 22:26 . 2010-07-27 22:26 -------- d-sh--w- c:\documents and settings\rodina\IETldCache
2010-07-27 22:26 . 2010-07-27 22:26 -------- d-----w- c:\documents and settings\rodina\Local Settings\Application Data\Nokia
2010-07-27 22:25 . 2010-07-27 22:25 -------- d-----w- c:\documents and settings\rodina\Local Settings\Application Data\LogiShrd
2010-07-27 22:25 . 2010-07-27 22:25 -------- d-----w- c:\documents and settings\rodina\Local Settings\Application Data\Apple Computer
2010-07-27 21:26 . 2010-06-28 20:37 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-07-27 21:26 . 2010-06-28 20:32 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-07-27 21:26 . 2010-06-28 20:33 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-07-27 21:26 . 2010-06-28 20:37 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-07-27 21:26 . 2010-06-28 20:32 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-07-27 21:26 . 2010-06-28 20:32 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-07-27 21:26 . 2010-06-28 20:32 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-07-27 21:25 . 2010-06-28 20:57 38848 ----a-w- c:\windows\avastSS.scr
2010-07-27 21:25 . 2010-06-28 20:57 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-07-27 21:24 . 2010-07-27 21:24 -------- d-----w- c:\program files\Alwil Software
2010-07-27 21:24 . 2010-07-27 21:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-07-27 20:49 . 2010-07-25 22:35 35790800 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{09C468CA-2940-466A-AAE8-DCC0C6E9323C}\NokiaSoftwareUpdaterSetup_sk(2).exe
2010-07-27 20:49 . 2010-07-27 20:49 36864 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{09C468CA-2940-466A-AAE8-DCC0C6E9323C}\Installer\CommonCustomActions\Sleep.exe
2010-07-27 20:49 . 2010-07-27 20:49 3351812 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{09C468CA-2940-466A-AAE8-DCC0C6E9323C}\Installer\CommonCustomActions\msxml6Exec.exe
2010-07-27 20:49 . 2010-07-27 20:49 3203453 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{09C468CA-2940-466A-AAE8-DCC0C6E9323C}\Installer\CommonCustomActions\vcredistExec.exe
2010-07-25 22:17 . 2010-07-25 22:17 -------- d-----w- c:\documents and settings\Marek\Local Settings\Application Data\NokiaAccount
2010-07-25 21:41 . 2010-07-25 21:41 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Suite
2010-07-25 21:41 . 2010-07-29 13:54 -------- d-----w- c:\documents and settings\Marek\Application Data\PC Suite
2010-07-25 21:27 . 2008-08-26 08:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2010-07-25 21:26 . 2010-07-25 21:26 -------- d-----w- c:\program files\PC Connectivity Solution
2010-07-25 21:25 . 2010-02-26 12:21 8320 ----a-w- c:\windows\system32\drivers\nmwcdnsuc.sys
2010-07-25 21:24 . 2010-02-26 12:21 137344 ----a-w- c:\windows\system32\drivers\nmwcdnsu.sys
2010-07-25 21:24 . 2010-02-26 12:32 8192 ----a-w- c:\windows\system32\drivers\usbser_lowerfltj.sys
2010-07-25 21:24 . 2010-02-26 12:32 8192 ----a-w- c:\windows\system32\drivers\usbser_lowerflt.sys
2010-07-25 21:23 . 2010-02-26 12:32 22528 ----a-w- c:\windows\system32\drivers\ccdcmbo.sys
2010-07-25 21:23 . 2010-02-26 12:32 662016 ----a-w- c:\windows\system32\nmwcdcocls.dll
2010-07-25 21:23 . 2010-02-26 12:32 18176 ----a-w- c:\windows\system32\drivers\ccdcmb.sys
2010-07-25 21:23 . 2010-02-26 12:19 1461992 ----a-w- c:\windows\system32\wdfcoinstaller01009.dll
2010-07-25 21:09 . 2010-07-25 21:10 12212040 ----a-w- c:\documents and settings\All Users\Application Data\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\Installer\CommonCustomActions\WMFDist11-WindowsXP-X86-ENU.exe
2010-07-25 21:09 . 2010-07-25 21:09 13930312 ----a-w- c:\documents and settings\All Users\Application Data\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\Installer\CommonCustomActions\WMFDist11-WindowsXP-X64-ENU.exe
2010-07-25 21:09 . 2010-07-25 21:09 77824 ----a-w- c:\documents and settings\All Users\Application Data\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\Installer\CommonCustomActions\Run_XML6_SP1.exe
2010-07-25 21:09 . 2010-07-25 21:09 38912 ----a-w- c:\documents and settings\All Users\Application Data\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\Installer\CommonCustomActions\WMF11Runx86.exe
2010-07-25 21:09 . 2010-07-25 21:09 38912 ----a-w- c:\documents and settings\All Users\Application Data\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\Installer\CommonCustomActions\WMF11Runx64.exe
2010-07-25 21:09 . 2010-07-25 21:09 50000 ----a-w- c:\documents and settings\All Users\Application Data\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\Installer\CommonCustomActions\pcswpc.exe
2010-07-25 21:09 . 2010-07-25 21:08 103412296 ----a-w- c:\documents and settings\All Users\Application Data\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\Installer.exe
2010-07-25 21:09 . 2010-07-25 21:09 -------- d-----w- c:\documents and settings\All Users\Application Data\NokiaInstallerCache
2010-07-22 08:11 . 2010-07-22 08:11 -------- d-----w- c:\documents and settings\Marek\Application Data\Razer
2010-07-22 07:08 . 2008-09-12 13:47 16896 ----a-w- c:\windows\system32\drivers\Arctosa.sys
2010-07-22 07:08 . 2010-07-22 07:08 -------- d-----w- c:\program files\Razer
2010-07-22 06:41 . 2010-07-25 21:27 -------- d-----w- c:\program files\DIFX
2010-07-19 19:59 . 2010-07-19 19:59 -------- d-----w- c:\documents and settings\Marek\Local Settings\Application Data\AOL
2010-07-19 19:58 . 2010-07-19 20:06 -------- d-----w- c:\program files\ICQ7.2
2010-07-15 13:51 . 2010-07-15 13:51 -------- d-----w- c:\documents and settings\Marek\Application Data\DVDVideoSoftIEHelpers
2010-07-03 21:26 . 2010-07-03 21:26 -------- d-----w- c:\documents and settings\Marek\Application Data\Avira
2010-07-03 21:14 . 2010-07-13 00:23 -------- d-----w- c:\windows\system32\NtmsData
2010-07-03 20:58 . 2010-03-01 08:05 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-07-03 20:58 . 2010-02-16 12:24 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-07-03 20:58 . 2009-05-11 10:49 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-07-03 20:58 . 2009-05-11 10:49 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-07-03 20:58 . 2010-07-03 20:58 -------- d-----w- c:\program files\Avira
2010-07-03 20:58 . 2010-07-03 20:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-30 20:27 . 2008-11-17 18:26 -------- d-----w- c:\documents and settings\Marek\Application Data\Skype
2010-07-30 20:25 . 2008-11-17 18:35 -------- d-----w- c:\documents and settings\Marek\Application Data\skypePM
2010-07-30 19:19 . 2009-12-21 19:24 -------- d-----w- c:\program files\Steam
2010-07-29 12:49 . 2009-10-21 17:57 -------- d-----w- c:\program files\Common Files\Apple
2010-07-29 12:37 . 2010-04-22 20:39 -------- d-----w- c:\program files\CCleaner
2010-07-29 12:35 . 2009-10-21 18:01 -------- d-----w- c:\program files\Bonjour
2010-07-29 11:55 . 2008-12-10 16:42 -------- d-----w- c:\documents and settings\Marek\Application Data\dvdcss
2010-07-28 00:04 . 2008-10-18 13:23 -------- d-----w- c:\program files\Common Files\Java
2010-07-28 00:03 . 2008-10-18 13:23 -------- d-----w- c:\program files\Java
2010-07-27 20:50 . 2009-09-28 20:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Installations
2010-07-27 20:50 . 2009-09-25 20:15 -------- d-----w- c:\program files\Nokia
2010-07-27 10:34 . 2010-01-03 02:25 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2010-07-25 22:23 . 2010-07-25 22:23 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01009.Wdf
2010-07-25 22:23 . 2010-07-25 22:23 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
2010-07-25 22:23 . 2009-09-25 22:07 -------- d-----w- c:\documents and settings\Marek\Application Data\Nokia
2010-07-25 21:34 . 2009-09-25 21:47 -------- d-----w- c:\program files\Common Files\Nokia
2010-07-22 08:10 . 2008-10-15 10:49 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-20 20:01 . 2009-12-21 18:02 -------- d-----w- c:\program files\PowerStrip
2010-07-20 19:52 . 2009-10-01 18:00 -------- d-----w- c:\program files\Total Video Converter
2010-07-20 14:04 . 2008-10-16 16:46 -------- d-----w- c:\documents and settings\Marek\Application Data\ICQ
2010-07-19 20:03 . 2008-10-16 16:46 -------- d-----w- c:\documents and settings\All Users\Application Data\ICQ
2010-07-17 03:00 . 2010-05-12 14:47 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-14 16:58 . 2008-10-17 12:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-07-14 13:12 . 2010-04-11 00:43 -------- d-----w- c:\program files\SpeedFan
2010-07-13 14:29 . 2008-10-17 05:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-06-26 08:49 . 2010-05-22 15:15 -------- d-----w- c:\documents and settings\Marek\Application Data\EPSON
2010-06-24 10:59 . 2010-06-24 10:59 198496 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-06-14 14:31 . 2008-10-15 08:39 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-13 12:44 . 2010-06-13 12:44 388096 ----a-r- c:\documents and settings\Marek\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-05-26 12:46 . 2010-05-26 12:46 503808 ----a-w- c:\documents and settings\Marek\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-3e7869fe-n\msvcp71.dll
2010-05-26 12:46 . 2010-05-26 12:46 499712 ----a-w- c:\documents and settings\Marek\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-3e7869fe-n\jmc.dll
2010-05-26 12:46 . 2010-05-26 12:46 348160 ----a-w- c:\documents and settings\Marek\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-3e7869fe-n\msvcr71.dll
2010-05-26 12:46 . 2010-05-26 12:46 61440 ----a-w- c:\documents and settings\Marek\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-460b5d0e-n\decora-sse.dll
2010-05-26 12:46 . 2010-05-26 12:46 12800 ----a-w- c:\documents and settings\Marek\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-460b5d0e-n\decora-d3d.dll
2010-05-06 10:41 . 2008-04-23 00:16 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22 . 2008-04-14 08:00 1851264 ----a-w- c:\windows\system32\win32k.sys
2009-07-14 00:16 . 2009-07-14 00:16 1044480 ----a-w- c:\program files\opera\program\plugins\libdivx.dll
2009-07-14 00:16 . 2009-07-14 00:16 200704 ----a-w- c:\program files\opera\program\plugins\ssldivx.dll
.

------- Sigcheck -------

[-] 2008-07-12 . 362BC5AF8EAF712832C58CC13AE05750 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-09-13 139264]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952]
"Google Update"="c:\documents and settings\Marek\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-10-28 135664]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2010-04-01 32768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CnxDslTaskBar"="c:\program files\Microcom\ADSL DeskPorte USB\CnxDslTb.exe Microcom\ADSL DeskPorte USB" [X]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-06-17 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]

c:\documents and settings\Marek\Start Menu\Programs\Startup\
Arctosa.lnk - c:\program files\Razer\Arctosa\razerhid.exe [2010-7-22 147456]
AvastUI.lnk - c:\program files\Alwil Software\Avast5\AvastUI.exe [2010-7-27 2837864]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2010-4-1 450560]
SetPointII.lnk - c:\program files\Logitech\SetPoint II\SetpointII.exe [2009-7-21 323584]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\40175]
C:\WINDOWS [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 12:10 155648 -c--a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"d:\\Plne hry\\Counter strike 1.6\\hl.exe"=
"c:\\Program Files\\Valve\\hl.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\ICQ7.2\\ICQ.exe"=
"c:\\Program Files\\ICQ7.2\\aolload.exe"=
"c:\\Program Files\\Steam\\steamapps\\marafak_one\\counter-strike\\hl.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [26.8.2009 19:20 64160]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [27.7.2010 23:26 165456]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [3.7.2010 22:58 135336]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [27.7.2010 23:26 17744]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [3.3.2010 21:20 10384]
R3 ArcFltr;Arctosa Keyboard;c:\windows\system32\drivers\Arctosa.sys [22.7.2010 9:08 16896]
S2 gupdate1c98f6d47754126;Služba Google Update (gupdate1c98f6d47754126);c:\program files\Google\Update\GoogleUpdate.exe [15.2.2009 14:59 133104]
S3 CnxEtP;Conexant AccessRunner USB ADSL Adapter Filter Driver;c:\windows\system32\drivers\CnxEtP.sys [15.10.2008 12:30 131072]
S3 CnxEtU;Conexant AccessRunner USB ADSL Interface Device Driver;c:\windows\system32\drivers\CnxEtU.sys [15.10.2008 12:30 614272]
S3 CnxTgNP;Conexant AccessRunner ADSL WAN PPPoE Adapter Driver;c:\windows\system32\drivers\CnxTgNP.sys [15.10.2008 12:31 60416]
S3 cpuz130;cpuz130;\??\c:\docume~1\Marek\LOCALS~1\Temp\cpuz130\cpuz_x32.sys --> c:\docume~1\Marek\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [?]
S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [16.4.2010 18:02 23456]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [18.1.2009 23:34 1029456]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [25.7.2010 23:24 137344]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [25.7.2010 23:25 8320]
S3 s115bus;Sony Ericsson Device 115 driver (WDM);c:\windows\system32\drivers\s115bus.sys [23.4.2007 11:24 83208]
S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;c:\windows\system32\drivers\s115mdfl.sys [23.4.2007 11:24 15112]
S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;c:\windows\system32\drivers\s115mdm.sys [23.4.2007 11:24 108680]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [24.10.2008 19:50 717296]
.
Contents of the 'Scheduled Tasks' folder

2010-07-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-15 12:59]

2010-07-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-15 12:59]

2010-07-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-790525478-746137067-1606980848-1003Core.job
- c:\documents and settings\Marek\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-12-28 20:50]

2010-07-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-790525478-746137067-1606980848-1003UA.job
- c:\documents and settings\Marek\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-12-28 20:50]

2010-07-30 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 13:07]

2010-07-30 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2007-08-02 04:50]

2010-02-18 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2007-08-02 04:50]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://start.icq.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Free YouTube to Mp3 Converter - c:\documents and settings\Marek\Application Data\DVDVideoSoftIEHelpers\youtubetomp3.htm
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\documents and settings\Marek\Application Data\Mozilla\Firefox\Profiles\qysa46i3.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.sk/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.6&q=
FF - component: c:\program files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\components\FirefoxExtension.dll
FF - plugin: c:\documents and settings\Marek\Local Settings\Application Data\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Opera\program\plugins\npdivx32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-31 01:54
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\OMSCAN]
"ImagePath"="\Sys"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(668)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2010-07-31 01:58:28
ComboFix-quarantined-files.txt 2010-07-30 23:58

Pre-Run: 9 114 865 664 bytes free
Post-Run: 9 069 776 896 voľných bajtov

- - End Of File - - F676B2624CAEDF2E4FC3AC61A2C7ED0D

1danab · #23 Příspěvek od **1danab** » 01 srp 2010 08:14

máte instalační cd windows?

sky kid · #24 Příspěvek od **sky kid** » 07 srp 2010 22:53

niekde by sa snad naslo, preco?

1danab · #25 Příspěvek od **1danab** » 08 srp 2010 17:43

k opravě instalace

sky kid · #26 Příspěvek od **sky kid** » 15 srp 2010 23:57

fuha, v tychto veciach som neni moc zrucny...mohol by som to zvladnut?..je tam velka chyba?

1danab · #27 Příspěvek od **1danab** » 16 srp 2010 16:06

společně to zvládneme v pohodě

VIRY.CZ

zamrznutie PC

Re: zamrznutie PC

Re: zamrznutie PC

Re: zamrznutie PC

Re: zamrznutie PC

Re: zamrznutie PC

Re: zamrznutie PC

Re: zamrznutie PC

Re: zamrznutie PC

Re: zamrznutie PC

Re: zamrznutie PC

Re: zamrznutie PC

Re: zamrznutie PC