nienzany "antyvir" sam się zainstalował oo

[Kirnin]

Witam. Mam problem. Przez przypadek ściągnąłem antyvira. Wiem, że dziwnie to brzmi . Zainstalowałem go. W folderze nosi nazwę Internet Security, a w pasku na dole ( ) zmienia ikonki na znak zapytania na niebieskim tle i czerwone okrąg z przeciętym paskiem (podobny do znaku zakaz postoju). I nie moge na niego kliknąć prawym przyciskiem ani lewym ponieważ wtedy wrzuca mnie na stronę www i namawia do ściągnięcia SpywareLocked 3.5. Fizycznie nie mogę usunąć tego ponieważ jest używany, w Procesach również go nie ma, podobnie jak w Dodaj lub usuń programy. Postanowiłem ściągnąć SpywareLocked 3.5. Zainstalowałem itd. ale nic się z tamtym nie zmienia (pomijając fakt, że ten program również jest zbędny -_-). I co robić? Głownie chodzi mi o to, że nie mogę np. grać ponieważ z tego Internet Security co jakiś czas wyskakują okienka i minimalizują mi grę. Proszę o pomoc!

[prog]

Daj logi z hijackthis, silentrunners.

[Kirnin]

Z góry przepraszam jeżeli coś źle, ale jestem całkiem zielony w tych tematach.
Proszę:

Kod: Zaznacz wszystko

Logfile of HijackThis v1.99.1
Scan saved at 20:57:26, on 2007-04-18
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\pavsrv51.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\AVENGINE.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\TPSrv.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
c:\program files\panda software\panda internet security 2007\firewall\PNMSRV.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Security\pmsnrr.exe
C:\Program Files\Internet Security\pmmnt.exe
C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
D:\Winamp\winampa.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\APVXDWIN.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\PavFnSvr.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\psimsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Common Files\Teleca Shared\Generic.exe
E:\Xfire\xfire.exe
C:\Program Files\Sony Ericsson\Mobile2\Connection Wizard\ConnectionWizard.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\SRVLOAD.EXE
c:\program files\panda software\panda internet security 2007\WebProxy.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
E:\DAP\DAP.EXE
C:\DOCUME~1\GURU\USTAWI~1\Temp\Rar$EX00.797\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.interia.pl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {A6ACAE64-F798-4930-AD86-BD3FB32038DB} - C:\Program Files\Internet Security\isadd.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Protection Bar - {84938242-5C5B-4A55-B6B9-A1507543B418} - C:\Program Files\Internet Security\iesplugin.dll (file missing)
O4 - HKLM\..\Run: [NVRTCLK] C:\WINDOWS\system32\NVRTCLK\NVRTClk.exe
O4 - HKLM\..\Run: [PathNvidiaTV] C:\Program Files\Gigabyte\Nvidia\patchnvidiaTVout.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [VGAUtil] C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [WinampAgent] D:\Winamp\winampa.exe
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Internet Security 2007\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Software\Panda Internet Security 2007\Inicio.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Steam] D:\HL 2 i CSS\\Steam.exe -silent
O4 - Startup: Xfire.lnk = E:\Xfire\xfire.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Clean Traces - E:\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - E:\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - E:\DAP\dapextie2.htm
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dll
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Program Files\Panda Software\Panda Internet Security 2007\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Software\Panda Internet Security 2007\pavsrv51.exe
O23 - Service: Panda Antispam Engine (pmshellsrv) - Panda Software International - C:\Program Files\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Panda Network Manager (PNMSRV) - Panda Software International - c:\program files\panda software\panda internet security 2007\firewall\PNMSRV.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software - C:\Program Files\Panda Software\Panda Internet Security 2007\psimsvc.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Software - C:\Program Files\Panda Software\Panda Internet Security 2007\TPSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

EDIT: Korzystałem z poradnika zamieszczonego w dziale. Mam nadzieję, że dobrze wszystko zrobione

[wojtas]

uzyj:

smitfraudfix z opcji 2:

http://siri.urz.free.fr/Fix/SmitfraudFix_En.php

[Kirnin]

Czyli mam zrobić to:

# Select 2 and hit Enter to delete infect files.
# You will be prompted: Do you want to clean the registry ? answer Y (yes) and hit Enter in order to remove the Desktop background and clean registry keys associated with the infection.
# The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found): Replace infected file ? answer Y (yes) and hit Enter to restore a clean file.
# A reboot may be needed to finish the cleaning process. The report can be found at the root of the system drive, usually at C:\rapport.txt

I tylko to? Czy coś jeszcze?

[prog]

No masz uruchomić go, wpisać 2 i wcisnąć enter i czekać
Potem dajesz nam C:\rapport.exe i nowe logi.

[Kirnin]

Pomijając fakt iż Padna wykryła coś niepożądanego w tym programie to zainstalowałem i zrobiłem wszystko co tam jest napisane. Ten dziwny program mi zniknął, nawet nie ma go na dysku, ale komp dalej mi muli i to dosyć mocno. O to te logi:

SmitFraudFix v2.171

Scan done at 16:19:18,85, 2007-04-19
Run from E:\SmitfraudFix
OS: Microsoft Windows XP [Wersja 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{0e4e5110-a772-4c4a-a7dc-137fe10abd6e}"="calocarpum"

[HKEY_CLASSES_ROOT\CLSID\{0e4e5110-a772-4c4a-a7dc-137fe10abd6e}\InProcServer32]
@="C:\WINDOWS\system32\czxtyx.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{0e4e5110-a772-4c4a-a7dc-137fe10abd6e}\InProcServer32]
@="C:\WINDOWS\system32\czxtyx.dll"


»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts


127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\WINDOWS\system32\czxtyx.dll Deleted
C:\DOCUME~1\ALLUSE~1\MENUST~1\Online Security Guide.url Deleted
C:\DOCUME~1\ALLUSE~1\MENUST~1\Security Troubleshooting.url Deleted
C:\DOCUME~1\GURU\Ulubione\Online Security Test.url Deleted
C:\Program Files\Internet Security\ Deleted
C:\Program Files\Video AX Object\ Deleted

»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{F239C58F-6C3E-4182-B271-17E22F23200B}: DhcpNameServer=83.145.128.4 83.145.128.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{F239C58F-6C3E-4182-B271-17E22F23200B}: DhcpNameServer=83.145.128.4 83.145.128.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{F239C58F-6C3E-4182-B271-17E22F23200B}: DhcpNameServer=83.145.128.4 83.145.128.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=83.145.128.4 83.145.128.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=83.145.128.4 83.145.128.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=83.145.128.4 83.145.128.1


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End

[prog]

Nowe logi proszę => HJ + SR

[Kirnin]

HJ:

Logfile of HijackThis v1.99.1
Scan saved at 17:01:42, on 2007-04-19
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\pavsrv51.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\AVENGINE.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\TPSrv.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
c:\program files\panda software\panda internet security 2007\firewall\PNMSRV.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\RunDLL32.exe
D:\Winamp\winampa.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\APVXDWIN.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\PavFnSvr.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\psimsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\SRVLOAD.EXE
c:\program files\panda software\panda internet security 2007\WebProxy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Panda Software\Panda Internet Security 2007\psimreal.exe
E:\DAP\DAP.EXE
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\GURU\USTAWI~1\Temp\Rar$EX00.266\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [NVRTCLK] C:\WINDOWS\system32\NVRTCLK\NVRTClk.exe
O4 - HKLM\..\Run: [PathNvidiaTV] C:\Program Files\Gigabyte\Nvidia\patchnvidiaTVout.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [VGAUtil] C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [WinampAgent] D:\Winamp\winampa.exe
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Internet Security 2007\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Software\Panda Internet Security 2007\Inicio.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Steam] D:\HL 2 i CSS\\Steam.exe -silent
O4 - Startup: Xfire.lnk = E:\Xfire\xfire.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Clean Traces - E:\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - E:\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - E:\DAP\dapextie2.htm
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dll
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Program Files\Panda Software\Panda Internet Security 2007\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Software\Panda Internet Security 2007\pavsrv51.exe
O23 - Service: Panda Antispam Engine (pmshellsrv) - Panda Software International - C:\Program Files\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Panda Network Manager (PNMSRV) - Panda Software International - c:\program files\panda software\panda internet security 2007\firewall\PNMSRV.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software - C:\Program Files\Panda Software\Panda Internet Security 2007\psimsvc.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Software - C:\Program Files\Panda Software\Panda Internet Security 2007\TPSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

A tym SR nie wiem jak zrobić, bo nie chce się nawet uruchomić. Po 2 Panda blokuje nie wiem czemu. Może to wystarczy?

[wojtas]

wylacz pande i daj silenta oraz comboscana

[Kirnin]

Można prościej?

[prog]

Wyłącz pande i daj log z tego SR i comboscana, co w tym trudnego do zrozumienia?

[Kirnin]

Jaki Comboscan? :C Naprawdę nie wiem o co chodzi, zielony w tym jestem

[prog]

http://forum.programosy.pl/dodatkowe-narzedzia-do-usuwania-i-ochrony-vt42021.html
Ostatni post.

Autor postu otrzymał pochwałę

[Kirnin]

SR:

"Silent Runners.vbs", revision R50, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS]
"MSMSGS" = ""C:\Program Files\Messenger\msmsgs.exe" /background" [MS]
"LDM" = "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" ["Logitech Inc."]
"swg" = "C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" ["Google Inc."]
"Steam" = "D:\HL 2 i CSS\\Steam.exe -silent" ["Valve Corporation"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"NVRTCLK" = "C:\WINDOWS\system32\NVRTCLK\NVRTClk.exe" [empty string]
"PathNvidiaTV" = "C:\Program Files\Gigabyte\Nvidia\patchnvidiaTVout.exe" [empty string]
"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]
"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]
"VGAUtil" = "C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe" [empty string]
"RemoteControl" = ""C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"" ["Cyberlink Corp."]
"NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]
"NvMediaCenter" = "RunDLL32.exe NvMCTray.dll,NvTaskbarInit" [MS]
"Logitech Hardware Abstraction Layer" = "KHALMNPR.EXE" ["Logitech Inc."]
"(Default)" = "(empty string)" [file not found]
"Sony Ericsson PC Suite" = ""C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions" ["Sony Ericsson Mobile Communications AB"]
"HPDJ Taskbar Utility" = "C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe" ["HP"]
"WinampAgent" = "D:\Winamp\winampa.exe" [null data]
"APVXDWIN" = ""C:\Program Files\Panda Software\Panda Internet Security 2007\APVXDWIN.EXE" /s" ["Panda Software International"]
"SCANINICIO" = ""C:\Program Files\Panda Software\Panda Internet Security 2007\Inicio.exe"" ["Panda Software International"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "AcroIEHlprObj Class"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Google Toolbar Helper"
\InProcServer32\(Default) = "c:\program files\google\googletoolbar3.dll" ["Google Inc."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"
-> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
-> {HKLM...CLSID} = "DesktopContext Class"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
-> {HKLM...CLSID} = "Desktop Explorer"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"
-> {HKLM...CLSID} = "nView Desktop Context Menu"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
"{950FF917-7A57-46BC-8017-59D9BF474000}" = "Shell Extension for CDRW"
-> {HKLM...CLSID} = "Shell Extension for CDRW"
\InProcServer32\(Default) = "C:\Program Files\Ahead\InCD\incdshx.dll" ["Nero AG"]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"
-> {HKLM...CLSID} = "Rozszerzenie ikon plików programu Outlook"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office\OLKFSTUB.DLL" [MS]
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
-> {HKLM...CLSID} = "NVIDIA CPL Extension"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{A5110426-177D-4e08-AB3F-785F10B4439C}" = "Sony Ericsson File Manager"
-> {HKLM...CLSID} = "Sony Ericsson File Manager"
\InProcServer32\(Default) = "C:\Program Files\Sony Ericsson\Mobile2\File Manager\fmgrgui.dll" ["Sony Ericsson Mobile Communications AB"]
"{65756541-C65C-11CD-0000-4B656E696100}" = "Panda Antivirus"
-> {HKLM...CLSID} = "Panda Antivirus"
\InProcServer32\(Default) = "C:\Program Files\Panda Software\Panda Internet Security 2007\PAVOLE.DLL" ["Panda Software"]

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
<<!>> avldr\DLLName = "avldr.dll" ["Panda Software"]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
DAP_Menu\(Default) = "{BED4C38B-F765-45AC-8C56-613F76BBF43E}"
-> {HKLM...CLSID} = "DAPMenuShellExt Class"
\InProcServer32\(Default) = "E:\DAP\PRIVAC~1\DAPCTX~1.DLL" ["Speedbit Ltd."]
DAP_ShredMenu\(Default) = "{BED4C38B-F765-45AC-8C56-613F76BBF43E}"
-> {HKLM...CLSID} = "DAPMenuShellExt Class"
\InProcServer32\(Default) = "E:\DAP\PRIVAC~1\DAPCTX~1.DLL" ["Speedbit Ltd."]
Panda Antivirus\(Default) = "{65756541-C65C-11CD-0000-4B656E696100}"
-> {HKLM...CLSID} = "Panda Antivirus"
\InProcServer32\(Default) = "C:\Program Files\Panda Software\Panda Internet Security 2007\PAVOLE.DLL" ["Panda Software"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
DAP_ShredMenu\(Default) = "{BED4C38B-F765-45AC-8C56-613F76BBF43E}"
-> {HKLM...CLSID} = "DAPMenuShellExt Class"
\InProcServer32\(Default) = "E:\DAP\PRIVAC~1\DAPCTX~1.DLL" ["Speedbit Ltd."]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
Panda Antivirus\(Default) = "{65756541-C65C-11CD-0000-4B656E696100}"
-> {HKLM...CLSID} = "Panda Antivirus"
\InProcServer32\(Default) = "C:\Program Files\Panda Software\Panda Internet Security 2007\PAVOLE.DLL" ["Panda Software"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]


Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------

Note: detected settings may not have any effect.

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\

"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}

"undockwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}


Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState


Enabled Screen Saver:
---------------------

HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\System32\logon.scr" [MS]


Startup items in "GURU" & "All Users" startup folders:
------------------------------------------------------

C:\Documents and Settings\GURU\Menu Start\Programy\Autostart
"Xfire" -> shortcut to: "E:\Xfire\xfire.exe" ["Xfire Inc."]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart
"Logitech Desktop Messenger" -> shortcut to: "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe -startup" ["Logitech Inc."]
"Logitech SetPoint" -> shortcut to: "C:\Program Files\Logitech\SetPoint\SetPoint.exe" ["Logitech Inc."]
"Microsoft Office" -> shortcut to: "C:\Program Files\Microsoft Office\Office\OSA9.EXE -b -l" [MS]


Enabled Scheduled Tasks:
------------------------

"Symantec NetDetect" -> launches: "C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE" ["Symantec Corporation"]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
c:\program files\panda software\panda internet security 2007\pavlsp.dll ["Panda Software International"], 01 - 03, 17
%SystemRoot%\system32\mswsock.dll [MS], 04 - 06, 09 - 16
%SystemRoot%\system32\rsvpsp.dll [MS], 07 - 08


Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"
-> {HKLM...CLSID} = "&Google"
\InProcServer32\(Default) = "c:\program files\google\googletoolbar3.dll" ["Google Inc."]

HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = (no title provided)
-> {HKLM...CLSID} = "&Google"
\InProcServer32\(Default) = "c:\program files\google\googletoolbar3.dll" ["Google Inc."]


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

InCD Helper, InCDsrv, "C:\Program Files\Ahead\InCD\InCDsrv.exe" ["Nero AG"]
NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"]
Panda anti-virus service, PAVSRV, ""C:\Program Files\Panda Software\Panda Internet Security 2007\pavsrv51.exe"" ["Panda Software International"]
Panda Antispam Engine, pmshellsrv, "C:\Program Files\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc.exe" ["Panda Software International"]
Panda Function Service, PAVFNSVR, ""C:\Program Files\Panda Software\Panda Internet Security 2007\PavFnSvr.exe"" ["Panda Software International"]
Panda IManager Service, PSIMSVC, ""C:\Program Files\Panda Software\Panda Internet Security 2007\psimsvc.exe"" ["Panda Software"]
Panda Network Manager, PNMSRV, ""c:\program files\panda software\panda internet security 2007\firewall\PNMSRV.EXE"" ["Panda Software International"]
Panda Process Protection Service, PavPrSrv, ""C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe"" ["Panda Software"]
Panda TPSrv, TPSrv, ""C:\Program Files\Panda Software\Panda Internet Security 2007\TPSrv.exe"" ["Panda Software"]
PnkBstrA, PnkBstrA, "C:\WINDOWS\system32\PnkBstrA.exe" [null data]
Ulead Burning Helper, UleadBurningHelper, "C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe" ["Ulead Systems, Inc."]
Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]


Print Monitors:
---------------

HKLM\System\CurrentControlSet\Control\Print\Monitors\
hpzlnt04\Driver = "hpzlnt04.dll" ["HP"]


----------
<<!>>: Suspicious data at a malware launch point.

+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
took 82 seconds.
---------- (total run time: 169 seconds)

ComboScan:

ComboScan v20070306.20 run by GURU on 2007-04-19 at 19:57:30
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created ComboScan Restore Point.


-- Last 5 Restore Point(s) --
37: 2007-04-19 17:57:43 UTC - RP84 - ComboScan Restore Point
36: 2007-04-18 20:54:18 UTC - RP83 - Software Distribution Service 2.0
35: 2007-04-18 17:11:31 UTC - RP82 - Zainstalowane Panda Internet Security 2007
34: 2007-04-18 17:07:22 UTC - RP81 - Zainstalowane Panda Internet Security 2007
33: 2007-04-18 16:41:49 UTC - RP80 - Usunięto: Norton Internet Security


-- First Restore Point --
1: 2007-01-25 18:16:15 UTC - RP48 - Punkt kontrolny systemu


Performed disk cleanup.


-- HijackThis Clone ------------------------------------------------------------

Emulating logfile of HijackThis v1.99.1
Scan saved at 2007-04-19 19:58:06
Platform: Windows XP Dodatek Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.0.2900.2180)

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\PAVSRV51.EXE
C:\Program Files\Panda Software\Panda Internet Security 2007\AVENGINE.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\TPSrv.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\FIREWALL\PNmSrv.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Gigabyte\VGA Utility Manager\G-vga.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\rundll32.exe
D:\Winamp\winampa.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\PAVFNSVR.EXE
C:\Program Files\Common Files\Panda Software\PavShld\PavPrSrv.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\PsImSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\SrvLoad.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\WebProxy.exe
C:\WINDOWS\system32\wuauclt.exe
E:\Xfire\xfire.exe
D:\Winamp\winamp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wscript.exe
C:\WINDOWS\system32\notepad.exe
E:\DAP\DAP.exe
E:\comboscan.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/search?q=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar3.dll
O4 - HKLM\..\Run: [NVRTCLK] C:\WINDOWS\system32\NVRTCLK\NVRTClk.exe
O4 - HKLM\..\Run: [PathNvidiaTV] C:\Program Files\Gigabyte\Nvidia\patchnvidiaTVout.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [VGAUtil] C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [WinampAgent] D:\Winamp\winampa.exe
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Internet Security 2007\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Software\Panda Internet Security 2007\Inicio.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Steam] D:\HL 2 i CSS\\Steam.exe -silent
O4 - Startup: Xfire.lnk = E:\Xfire\xfire.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Clean Traces - E:\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - E:\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - E:\DAP\dapextie2.htm
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - Winlogon Notify: avldr - C:\WINDOWS\system32\avldr.dll
O23 - Service: Urządzenie alarmowe (Alerter) - C:\WINDOWS\System32\svchost.exe -k LocalService
O23 - Service: Usługa bramy warstwy aplikacji (ALG) - C:\WINDOWS\system32\alg.exe
O23 - Service: Zarządzanie aplikacjami (AppMgmt) - C:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: ASP.NET State Service (aspnet_state) - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
O23 - Service: Windows Audio (AudioSrv) - C:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: Usługa inteligentnego transferu w tle (BITS) - C:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: Przeglądarka komputera (Browser) - C:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: Usługa indeksowania (CiSvc) - C:\WINDOWS\system32\cisvc.exe
O23 - Service: ClipBook (ClipSrv) - C:\WINDOWS\system32\clipsrv.exe
O23 - Service: .NET Runtime Optimization Service v2.0.50727_X86 (clr_optimization_v2.0.50727_32) - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
O23 - Service: Aplikacja systemowa modelu COM+ (COMSysApp) - C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
O23 - Service: Usługi kryptograficzne (CryptSvc) - C:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: Program uruchamiający proces serwera DCOM (DcomLaunch) - C:\WINDOWS\system32\svchost -k DcomLaunch
O23 - Service: Klient DHCP (Dhcp) - C:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: Usługa administracyjna Menedżera dysków logicznych (dmadmin) - C:\WINDOWS\System32\dmadmin.exe /com
O23 - Service: Menedżer dysków logicznych (dmserver) - C:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: Klient DNS (Dnscache) - C:\WINDOWS\System32\svchost.exe -k NetworkService
O23 - Service: Usługa raportowania błędów (ERSvc) - C:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: Dziennik zdarzeń (Eventlog) - C:\WINDOWS\system32\services.exe
O23 - Service: System zdarzeń COM+ (EventSystem) - C:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: Zgodność szybkiego przełączania użytkowników (FastUserSwitchingCompatibility) - C:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: Google Updater Service (gusvc) - "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"
O23 - Service: Pomoc i obsługa techniczna (helpsvc) - C:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: HID Input Service (HidServ) - C:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: HTTP SSL (HTTPFilter) - C:\WINDOWS\System32\svchost.exe -k HTTPFilter
O23 - Service: Usługa COM nagrywania dysków CD IMAPI (ImapiService) - C:\WINDOWS\system32\imapi.exe
O23 - Service: InCD Helper (InCDsrv) - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Serwer (lanmanserver) - C:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: Stacja robocza (lanmanworkstation) - C:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: Pomoc TCP/IP NetBIOS (LmHosts) - C:\WINDOWS\System32\svchost.exe -k LocalService
O23 - Service: Posłaniec (Messenger) - C:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: NetMeeting Remote Desktop Sharing (mnmsrvc) - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: Distributed Transaction Coordinator (MSDTC) - C:\WINDOWS\system32\msdtc.exe
O23 - Service: Instalator Windows (MSIServer) - C:\WINDOWS\system32\msiexec.exe /V
O23 - Service: DDE sieci (NetDDE) - C:\WINDOWS\system32\netdde.exe
O23 - Service: DSDM DDE sieci (NetDDEdsdm) - C:\WINDOWS\system32\netdde.exe
O23 - Service: Logowanie do sieci (Netlogon) - C:\WINDOWS\system32\lsass.exe
O23 - Service: Połączenia sieciowe (Netman) - C:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: Rozpoznawanie lokalizacji w sieci (NLA) (Nla) - C:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: Usługa NT LM Security Support Provider (NtLmSsp) - C:\WINDOWS\system32\lsass.exe
O23 - Service: Magazyn wymienny (NtmsSvc) - C:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: NVIDIA Display Driver Service (NVSvc) - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Panda Function Service (PAVFNSVR) - "C:\Program Files\Panda Software\Panda Internet Security 2007\PavFnSvr.exe"
O23 - Service: Panda Process Protection Service (PavPrSrv) - "C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe"
O23 - Service: Panda anti-virus service (PAVSRV) - "C:\Program Files\Panda Software\Panda Internet Security 2007\pavsrv51.exe"
O23 - Service: Plug and Play (PlugPlay) - C:\WINDOWS\system32\services.exe
O23 - Service: Panda Antispam Engine (pmshellsrv) - C:\Program Files\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc.exe
O23 - Service: PnkBstrA - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Panda Network Manager (PNMSRV) - "c:\program files\panda software\panda internet security 2007\firewall\PNMSRV.EXE"
O23 - Service: Usługi IPSEC (PolicyAgent) - C:\WINDOWS\system32\lsass.exe
O23 - Service: Magazyn chroniony (ProtectedStorage) - C:\WINDOWS\system32\lsass.exe
O23 - Service: Panda IManager Service (PSIMSVC) - "C:\Program Files\Panda Software\Panda Internet Security 2007\psimsvc.exe"
O23 - Service: Menedżer autopołączenia dostępu zdalnego (RasAuto) - C:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: Menedżer połączeń usługi Dostęp zdalny (RasMan) - C:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: Menedżer sesji pomocy pulpitu zdalnego (RDSessMgr) - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Routing i dostęp zdalny (RemoteAccess) - C:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: Rejestr zdalny (RemoteRegistry) - C:\WINDOWS\system32\svchost.exe -k LocalService
O23 - Service: Lokalizator usługi zdalnego wywołania procedury (RPC) (RpcLocator) - C:\WINDOWS\system32\locator.exe
O23 - Service: Zdalne wywoływanie procedur (RPC) (RpcSs) - C:\WINDOWS\system32\svchost -k rpcss
O23 - Service: QoS RSVP (RSVP) - C:\WINDOWS\system32\rsvp.exe
O23 - Service: Menedżer kont zabezpieczeń (SamSs) - C:\WINDOWS\system32\lsass.exe
O23 - Service: Karta inteligentna (SCardSvr) - C:\WINDOWS\system32\scardsvr.exe
O23 - Service: Harmonogram zadań (Schedule) - C:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: Logowanie pomocnicze (seclogon) - C:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: Zawiadomienie o zdarzeniu systemowym (SENS) - C:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: Zapora systemu Windows/Udostępnianie połączenia internetowego (SharedAccess) - C:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: Wykrywanie sprzętu powłoki (ShellHWDetection) - C:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: Bufor wydruku (Spooler) - C:\WINDOWS\system32\spoolsv.exe
O23 - Service: Usługa przywracania systemu (srservice) - C:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: Usługa odnajdywania SSDP (SSDPSRV) - C:\WINDOWS\System32\svchost.exe -k LocalService
O23 - Service: Windows Image Acquisition (WIA) (stisvc) - C:\WINDOWS\System32\svchost.exe -k imgsvc
O23 - Service: MS Software Shadow Copy Provider (SwPrv) - C:\WINDOWS\System32\dllhost.exe /Processid:{E6F78FB3-C67E-4F22-BFF4-474CE245DB6D}
O23 - Service: Dzienniki wydajności i alerty (SysmonLog) - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Telefonia (TapiSrv) - C:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: Usługi terminalowe (TermService) - C:\WINDOWS\System32\svchost -k DComLaunch
O23 - Service: Kompozycje (Themes) - C:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: Telnet (TlntSvr) - C:\WINDOWS\system32\tlntsvr.exe
O23 - Service: Panda TPSrv (TPSrv) - "C:\Program Files\Panda Software\Panda Internet Security 2007\TPSrv.exe"
O23 - Service: Klient śledzenia łączy rozproszonych (TrkWks) - C:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Windows User Mode Driver Framework (UMWdf) - C:\WINDOWS\system32\wdfmgr.exe
O23 - Service: Host uniwersalnego urządzenia Plug and Play (upnphost) - C:\WINDOWS\System32\svchost.exe -k LocalService
O23 - Service: Zasilacz awaryjny (UPS) (UPS) - C:\WINDOWS\system32\ups.exe
O23 - Service: Kopiowanie woluminów w tle (VSS) - C:\WINDOWS\system32\vssvc.exe
O23 - Service: Usługa Czas systemu Windows (W32Time) - C:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: WebClient - C:\WINDOWS\System32\svchost.exe -k LocalService
O23 - Service: Instrumentacja zarządzania Windows (winmgmt) - C:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: Usługa numeru seryjnego multimediów przenośnych (WmdmPmSN) - C:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: Rozszerzenia sterownika Instrumentacji zarządzania Windows (Wmi) - C:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: Karta wydajności WMI (WmiApSrv) - C:\WINDOWS\system32\wbem\wmiapsrv.exe
O23 - Service: Centrum zabezpieczeń (wscsvc) - C:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: Aktualizacje automatyczne (wuauserv) - C:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: Konfiguracja zerowej sieci bezprzewodowej (WZCSVC) - C:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: Usługa dostarczania sieci (xmlprov) - C:\WINDOWS\System32\svchost.exe -k netsvcs


-- File Associations -----------------------------------------------------------

.bat - batfile - "%1" %*
.chm - chm.file - "C:\WINDOWS\hh.exe" %1
.cmd - cmdfile - "%1" %*
.com - comfile - "%1" %*
.exe - exefile - "%1" %*
.hlp - hlpfile - %SystemRoot%\System32\winhlp32.exe %1
.inf - inffile - %SystemRoot%\System32\NOTEPAD.EXE %1
.ini - inifile - %SystemRoot%\System32\NOTEPAD.EXE %1
.js - JSFile - %SystemRoot%\System32\WScript.exe "%1" %*
.lnk - lnkfile - {00021401-0000-0000-C000-000000000046}
.pif - piffile - "%1" %*
.reg - regfile - regedit.exe "%1"
.scr - scrfile - "%1" /S
.txt - txtfile - %SystemRoot%\system32\NOTEPAD.EXE %1
.vbs - VBSFile - %SystemRoot%\System32\WScript.exe "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

1R AmdK7 (Sterownik procesora AMD K7) - C:\WINDOWS\system32\drivers\amdk7.sys
1R APPFLT (App Filter Plugin) - C:\WINDOWS\system32\drivers\APPFLT.SYS
3R Arp1394 (Protokół klienta 1394 ARP) - C:\WINDOWS\system32\drivers\arp1394.sys
3R AvFlt (Antivirus Filter Driver) - C:\WINDOWS\system32\drivers\av5flt.sys (not found)
3S cmudaxu (C-Media USB Sound Interface) - C:\WINDOWS\system32\drivers\cmudaxu.sys (not found)
2R cpoint (Panda CPoint Driver) - C:\WINDOWS\system32\drivers\cpoint.sys
3S ctljystk (Port gier dla karty Creative SB Live!) - C:\WINDOWS\system32\drivers\ctljystk.sys
1R DSAFLT (DSA Filter Plugin) - C:\WINDOWS\system32\drivers\dsaflt.sys
3S emu10k (Creative SB Live! (WDM)) - C:\WINDOWS\system32\drivers\emu10k1m.sys
3S emu10k1 (Sterownik Creative Interface Manager (WDM)) - C:\WINDOWS\system32\drivers\ctlfacem.sys
1R FNETMON (NetMon Filter Plugin) - C:\WINDOWS\system32\drivers\fnetmon.sys
3R GVCplDrv - C:\WINDOWS\system32\drivers\GVCplDrv.sys
3R GVTDrv - C:\WINDOWS\system32\drivers\GVTDrv.sys
3R hidusb (Sterownik Microsoft klasy HID) - C:\WINDOWS\system32\drivers\hidusb.sys
1R IDSFLT (Ids Filter Plugin) - C:\WINDOWS\system32\drivers\idsflt.sys
4R InCDfs (InCD File System) - C:\WINDOWS\system32\drivers\InCDfs.sys
1R InCDPass - C:\WINDOWS\system32\drivers\InCDpass.sys
1R incdrm (InCD Reader) - C:\WINDOWS\system32\drivers\InCDrm.sys
3S k510bus (Sony Ericsson K510 Driver driver (WDM)) - C:\WINDOWS\system32\drivers\k510bus.sys
3S k510mdfl (Sony Ericsson K510 USB WMC Modem Filter) - C:\WINDOWS\system32\drivers\k510mdfl.sys
3S k510mdm (Sony Ericsson K510 USB WMC Modem Driver) - C:\WINDOWS\system32\drivers\k510mdm.sys
3S k510mgmt (Sony Ericsson K510 USB WMC Device Management Drivers (WDM)) - C:\WINDOWS\system32\drivers\k510mgmt.sys
3S k510obex (Sony Ericsson K510 USB WMC OBEX Interface) - C:\WINDOWS\system32\drivers\k510obex.sys
3R L8042Kbd (Logitech SetPoint Keyboard Driver) - C:\WINDOWS\system32\drivers\L8042Kbd.sys
3S L8042mou (Logitech SetPoint PS/2 Mouse Filter Driver) - C:\WINDOWS\system32\drivers\L8042mou.Sys
3R LHidKe (Logitech SetPoint HID Mouse Filter Driver) - C:\WINDOWS\system32\drivers\LHidKE.Sys
3R LHidUsbK (Logitech SetPoint USB Receiver device driver) - C:\WINDOWS\system32\drivers\LHidUsbK.sys
3R LMouKE (Logitech SetPoint Mouse Filter Driver) - C:\WINDOWS\system32\drivers\LMouKE.Sys
3R mouhid (Sterownik myszy HID) - C:\WINDOWS\system32\drivers\mouhid.sys
0R netflt (Panda Net Driver [NDIS Layer]) - C:\WINDOWS\system32\drivers\netflt.sys
1R NETFLTDI (Panda Net Driver [TDI Layer]) - C:\WINDOWS\system32\drivers\netfltdi.sys
3R NIC1394 (Sterownik sieci 1394) - C:\WINDOWS\system32\drivers\nic1394.sys
3R nv - C:\WINDOWS\system32\drivers\nv4_mini.sys
0R ohci1394 (Kontroler hosta IEEE 1394 VIA zgodny z OHCI) - C:\WINDOWS\system32\drivers\ohci1394.sys
2R PAVDRV - C:\WINDOWS\system32\drivers\pavdrv51.sys
2R PavProc (Panda Process Protection Driver) - C:\WINDOWS\system32\drivers\PavProc.sys
3R PavSRK.sys - C:\WINDOWS\system32\PavSRK.sys (not found)
3S PavTPK.sys - C:\WINDOWS\system32\PavTPK.sys (not found)
3R pfc (Padus ASPI Shell) - C:\WINDOWS\system32\drivers\pfc.sys
3S PnkBstrK - C:\WINDOWS\system32\drivers\PnkBstrK.sys
0R PxHelp20 - C:\WINDOWS\system32\drivers\PxHelp20.sys
3R rtl8139 (Sterownik NT karty Realtek RTL8139(A/B/C)-based PCI Fast Ethernet) - C:\WINDOWS\system32\drivers\rtl8139.sys
0R sfdrv01 (StarForce Protection Environment Driver (version 1.x)) - C:\WINDOWS\system32\drivers\sfdrv01.sys
0R sfhlp02 (StarForce Protection Helper Driver (version 2.x)) - C:\WINDOWS\system32\drivers\sfhlp02.sys
3S sfman (Sterownik Creative SoundFont Manager (WDM)) - C:\WINDOWS\system32\drivers\sfmanm.sys
0R sfsync04 (StarForce Protection Synchronization Driver (version 4.x)) - C:\WINDOWS\system32\drivers\sfsync04.sys
1R ShldDrv (Panda File Shield Driver) - C:\WINDOWS\system32\drivers\ShldDrv.sys
1R SMSFLT (SMS Filter Plugin) - C:\WINDOWS\system32\drivers\smsflt.sys
3R usbaudio (Sterownik audio USB (WDM)) - C:\WINDOWS\system32\drivers\USBAUDIO.sys
3R usbccgp (Rodzajowy sterownik nadrzędny USB Microsoft) - C:\WINDOWS\system32\drivers\usbccgp.sys
3R usbehci (Sterownik Miniport rozszerzonego kontrolera hosta USB 2.0 Microsoft) - C:\WINDOWS\system32\drivers\usbehci.sys
3S usbscan (Sterownik skanera USB) - C:\WINDOWS\system32\drivers\usbscan.sys
3S USBSTOR (Sterownik magazynu masowego USB) - C:\WINDOWS\system32\drivers\USBSTOR.SYS
0R viaagp1 (VIA AGP Filter) - C:\WINDOWS\system32\drivers\VIAAGP1.SYS
1R WNMFLT (Wifi Monitor Filter Plugin) - C:\WINDOWS\system32\drivers\wnmflt.sys
1R WS2IFSL (Środowisko wspomagające dostawcę usług innych niż IFS - Windows Socket 2.0) - C:\WINDOWS\system32\drivers\ws2ifsl.sys
3R zebrceb (Sony Ericsson Cable Emulation Bus (WDM)) - C:\WINDOWS\system32\drivers\zebrceb.sys


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

3S aspnet_state (ASP.NET State Service) - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
3S clr_optimization_v2.0.50727_32 (.NET Runtime Optimization Service v2.0.50727_X86) - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
3S gusvc (Google Updater Service) - "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"
2R InCDsrv (InCD Helper) - C:\Program Files\Ahead\InCD\InCDsrv.exe
2R NVSvc (NVIDIA Display Driver Service) - C:\WINDOWS\system32\nvsvc32.exe
2R PAVFNSVR (Panda Function Service) - "C:\Program Files\Panda Software\Panda Internet Security 2007\PavFnSvr.exe"
2R PavPrSrv (Panda Process Protection Service) - "C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe"
2R PAVSRV (Panda anti-virus service) - "C:\Program Files\Panda Software\Panda Internet Security 2007\pavsrv51.exe"
2R pmshellsrv (Panda Antispam Engine) - C:\Program Files\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc.exe
2R PnkBstrA - C:\WINDOWS\system32\PnkBstrA.exe
2R PNMSRV (Panda Network Manager) - "c:\program files\panda software\panda internet security 2007\firewall\PNMSRV.EXE"
2R PSIMSVC (Panda IManager Service) - "C:\Program Files\Panda Software\Panda Internet Security 2007\psimsvc.exe"
2R TPSrv (Panda TPSrv) - "C:\Program Files\Panda Software\Panda Internet Security 2007\TPSrv.exe"
2R UleadBurningHelper (Ulead Burning Helper) - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
2R UMWdf (Windows User Mode Driver Framework) - C:\WINDOWS\system32\wdfmgr.exe


-- Scheduled Tasks -------------------------------------------------------------

2007-04-19 16:26:12 410 --a------ C:\WINDOWS\Tasks\Symantec NetDetect.job<SYMANT~1.JOB>


-- Files created between 2007-03-19 and 2007-04-19 -----------------------------

2007-04-19 16:19:23 3160 --a------ C:\WINDOWS\system32\tmp.reg
2007-04-18 22:54:28 0 d-------- C:\WINDOWS\system32\PreInstall<PREINS~1>
2007-04-18 22:54:26 0 d--h----- C:\WINDOWS\$hf_mig$
2007-04-18 22:05:37 0 d-------- C:\WINDOWS\system32\SoftwareDistribution<SOFTWA~1>
2007-04-18 19:12:18 0 --a------ C:\WINDOWS\system32\drivers\wnmsav.dat
2007-04-18 19:08:07 71552 --a------ C:\WINDOWS\system32\drivers\pavdrv51.sys
2007-04-18 19:07:47 182880 --a------ C:\WINDOWS\system32\drivers\APPFCONT.DAT
2007-04-18 19:07:41 16256 --a------ C:\WINDOWS\system32\drivers\wnmflt.sys
2007-04-18 19:07:41 23296 --a------ C:\WINDOWS\system32\drivers\smsflt.sys
2007-04-18 19:07:41 103936 --a------ C:\WINDOWS\system32\drivers\netfltdi.sys
2007-04-18 19:07:41 141312 --a------ C:\WINDOWS\system32\drivers\netflt.sys
2007-04-18 19:07:41 185472 --a------ C:\WINDOWS\system32\drivers\idsflt.sys
2007-04-18 19:07:41 9216 --a------ C:\WINDOWS\system32\drivers\fnetmon.sys
2007-04-18 19:07:41 36864 --a------ C:\WINDOWS\system32\drivers\dsaflt.sys
2007-04-18 19:07:41 44544 --a------ C:\WINDOWS\system32\drivers\APPFLT.SYS
2007-04-18 19:07:30 24576 --a------ C:\WINDOWS\system32\msxml3a.dll
2007-04-18 19:07:30 446464 --a------ C:\WINDOWS\system32\HHActiveX.dll<HHACTI~1.DLL>
2007-04-18 19:07:27 139264 --a------ C:\WINDOWS\system32\TpUtil.dll
2007-04-18 19:07:27 101888 --a------ C:\WINDOWS\system32\SYSTOOLS.DLL
2007-04-18 19:07:27 245760 --a------ C:\WINDOWS\system32\PavSHook.dll
2007-04-18 19:07:27 57344 --a------ C:\WINDOWS\system32\pavipc.dll
2007-04-18 19:07:27 16640 --a------ C:\WINDOWS\system32\drivers\cpoint.sys
2007-04-18 19:07:23 9488 --a------ C:\WINDOWS\system32\sporder.dll
2007-04-18 19:07:23 0 d-------- C:\WINDOWS\system32\PAV
2007-04-18 19:07:23 45056 --a------ C:\WINDOWS\system32\avldr.dll
2007-04-18 19:04:47 0 d-------- C:\Program Files\Panda Software<PANDAS~1>
2007-04-18 19:04:30 26752 --a------ C:\WINDOWS\system32\drivers\ShldDrv.sys
2007-04-18 19:04:30 165120 --a------ C:\WINDOWS\system32\drivers\PavProc.sys
2007-04-18 18:39:14 0 d-------- C:\Program Files\Common Files\Panda Software<PANDAS~1>
2007-04-17 19:15:09 0 d-------- C:\Program Files\Rozliczenie Roczne Rzeczpospolitej 2006<ROZLIC~1>
2007-04-16 18:00:21 0 d-------- C:\Program Files\Gimnazjum_testy_2007<GIMNAZ~1>
2007-04-15 19:56:54 129784 -----n--- C:\WINDOWS\system32\pxafs.dll
2007-04-15 19:56:54 2560 -----n--- C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-04-15 19:56:54 2432 -----n--- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-04-15 19:56:48 0 d-------- C:\Program Files\Winamp
2007-04-15 13:30:52 0 d-------- C:\Program Files\hp deskjet 930c series<HPDESK~1>
2007-04-15 13:30:44 0 d-------- C:\Program Files\Hewlett-Packard<HEWLET~1>
2007-04-15 11:21:14 0 d-------- C:\Program Files\Testy gimnazjalne 2006<TESTYG~1>
2007-04-15 11:21:07 327168 --a------ C:\WINDOWS\IsUn0415.exe
2007-04-11 18:27:04 0 d-------- C:\Program Files\NiemPol
2007-04-04 20:33:51 22584 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-04-04 19:48:39 99904 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2007-04-04 19:47:51 0 d-------- C:\WINDOWS\system32\LogFiles
2007-04-04 19:47:50 63040 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2007-03-19 20:44:39 241664 -ra------ C:\WINDOWS\system32\cmdrvrmu.exe
2007-03-19 20:44:39 45056 -ra------ C:\WINDOWS\system32\cmdrvrmu.dll
2007-03-19 20:44:39 315392 -ra------ C:\WINDOWS\system\cmifltr.dll


-- Find3M Report ---------------------------------------------------------------

2007-04-19 19:53:52 0 d-------- C:\Program Files\Mozilla Firefox<MOZILL~1>
2007-04-19 19:29:27 0 d-------- C:\Documents and Settings\GURU\Dane aplikacji\Xfire
2007-04-18 21:41:21 0 d-------- C:\Program Files\Common Files\Teleca Shared<TELECA~1>
2007-04-18 21:41:19 0 d-------- C:\Program Files\Messenger<MESSEN~1>
2007-04-18 19:19:14 457574 --a------ C:\WINDOWS\system32\perfh015.dat
2007-04-18 19:19:14 79606 --a------ C:\WINDOWS\system32\perfc015.dat
2007-04-18 19:07:22 0 d--h----- C:\Program Files\InstallShield Installation Information<INSTAL~1>
2007-04-18 18:54:09 0 d-------- C:\Program Files\Symantec
2007-04-18 18:54:09 0 d-------- C:\Program Files\Common Files\Symantec Shared<SYMANT~1>
2007-04-18 18:27:45 0 d-------- C:\Program Files\Google
2007-04-11 15:27:14 0 d-------- C:\Documents and Settings\GURU\Dane aplikacji\MSN6
2007-03-26 16:34:50 0 d---s---- C:\Documents and Settings\GURU\Dane aplikacji\Microsoft<MICROS~1>
2007-03-16 05:55:58 40960 --a------ C:\WINDOWS\system32\frapsvid.dll
2007-03-06 16:04:16 80980 --a------ C:\WINDOWS\Uninstall Jade Empire.exe<UNINST~1.EXE>
2007-03-03 23:36:38 0 d-------- C:\Documents and Settings\GURU\Dane aplikacji\ppstream
2007-02-28 23:16:56 2024 --a------ C:\WINDOWS\mozver.dat
2007-02-28 21:34:32 0 d-------- C:\Program Files\Disc2Phone<DISC2P~1>
2007-02-28 21:30:09 0 d-------- C:\Documents and Settings\GURU\Dane aplikacji\Teleca
2007-02-28 21:28:09 0 d-------- C:\Program Files\Sony Ericsson<SONYER~1>
2007-02-28 21:24:15 0 d-------- C:\Program Files\SEMC
2007-02-26 19:27:20 0 d-------- C:\Program Files\THQ
2007-02-26 19:25:40 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard<WISEIN~1>
2007-02-06 20:05:35 41476 --a------ C:\WINDOWS\system32\OggDSuninst.exe<OGGDSU~1.EXE>


-- Registry Dump ---------------------------------------------------------------


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"LDM"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"
"Steam"="D:\\HL 2 i CSS\\\\Steam.exe -silent"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"NVRTCLK"="C:\\WINDOWS\\system32\\NVRTCLK\\NVRTClk.exe"
"PathNvidiaTV"="C:\\Program Files\\Gigabyte\\Nvidia\\patchnvidiaTVout.exe"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"VGAUtil"="C:\\Program Files\\GigaByte\\VGA Utility Manager\\G-VGA.exe"
"RemoteControl"="\"C:\\Program Files\\CyberLink DVD Solution\\PowerDVD\\PDVDServ.exe\""
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"NvMediaCenter"="RunDLL32.exe NvMCTray.dll,NvTaskbarInit"
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE"
@=""
"Sony Ericsson PC Suite"="\"C:\\Program Files\\Sony Ericsson\\Mobile2\\Application Launcher\\Application Launcher.exe\" /startoptions"
"HPDJ Taskbar Utility"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\hpztsb04.exe"
"WinampAgent"="D:\\Winamp\\winampa.exe"
"APVXDWIN"="\"C:\\Program Files\\Panda Software\\Panda Internet Security 2007\\APVXDWIN.EXE\" /s"
"SCANINICIO"="\"C:\\Program Files\\Panda Software\\Panda Internet Security 2007\\Inicio.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^GURU^Menu Start^Programy^Autostart^Registration .LNK]
"path"="C:\\Documents and Settings\\GURU\\Menu Start\\Programy\\Autostart\\Registration .LNK"
"backup"="C:\\WINDOWS\\pss\\Registration .LNKStartup"
"location"="Startup"
"command"="C:\\Splinter Cell\\support\\Register\\Reg.exe -d 802864 -l english -r 7 -g -c us -i "
"item"="Registration "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadAccelerator]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DAP"
"hkey"="HKLM"
"command"="\"E:\\DAP\\DAP.EXE\" /STARTUP"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadu-Gadu]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="gg"
"hkey"="HKCU"
"command"="\"H:\\Gadu-Gadu\\gg.exe\" /tray"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="InCD"
"hkey"="HKLM"
"command"="C:\\Program Files\\Ahead\\InCD\\InCD.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Komunikator]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="tlen"
"hkey"="HKCU"
"command"="E:\\Tlen.pl\\tlen.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Skype"
"hkey"="HKCU"
"command"="\"H:\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"
"inimapping"="0"


[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0


[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\I]
Shell\AutoRun\command I:\setup.exe

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6436118b-7176-11db-a498-806d6172696f}]
Shell\AutoRun\command I:\setup.exe


-- End of ComboScan: finished at 2007-04-19 at 19:58:46 ------------------------

Supplementary:

ComboScan v20070306.20 run by GURU on 2007-04-19 at 19:57:30
Supplementary logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: Polish

CPU 0: AMD Athlon(tm) XP 2500+
Percentage of Memory in Use: 50%
Physical Memory (total/avail): 1023.49 MiB / 505.66 MiB
Pagefile Memory (total/avail): 2461.83 MiB / 1990.48 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1994.32 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 22.36 GiB total, 5.97 GiB free.
D: is Fixed (FAT32) - 116.19 GiB total, 17.06 GiB free.
E: is Fixed (FAT32) - 22.35 GiB total, 9.67 GiB free.
F: is Fixed (FAT32) - 22.35 GiB total, 12.54 GiB free.
G: is Fixed (FAT32) - 7.42 GiB total, 6.49 GiB free.
H: is Fixed (FAT32) - 116.64 GiB total, 108.03 GiB free.
I: is CDROM (CDFS)


-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\GURU\Dane aplikacji
ArmServerInfo=0008039C
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=ES-ELXM6C8G6WT5
ComSpec=C:\WINDOWS\system32\cmd.exe
DEFAULT_CA_NR=CA6
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\GURU
LOGONSERVER=\\ES-ELXM6C8G6WT5
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\PROGRA~1\MOZILL~1;C:\Program Files\Mozilla Firefox;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Common Files\Ulead Systems\MPEG;C:\Program Files\Common Files\Teleca Shared;C:\Program Files\Panda Software\Panda Internet Security 2007\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 10 Stepping 0, AuthenticAMD
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0a00
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\GURU\USTAWI~1\Temp
TMP=C:\DOCUME~1\GURU\USTAWI~1\Temp
USERDOMAIN=ES-ELXM6C8G6WT5
USERNAME=GURU
USERPROFILE=C:\Documents and Settings\GURU
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

GURU (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Acrobat 5.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Reader 6.0.2 CE --> MsiExec.exe /I{AC76BA86-7AD7-1038-7B44-CEA000000001}
Aktualizacja dla systemu Windows XP (KB898461) --> "C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Archiwizator WinRAR --> C:\Program Files\WinRAR\uninstall.exe
Call of Duty(R) 2 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{D0A05794-48C2-4424-A15A-9F20FCFDD374}
Company of Heroes --> MsiExec.exe /X{199E6632-EB28-4F73-AECB-3E192EB92D18}
Direct Show Ogg Vorbis Filter (remove only) --> "C:\WINDOWS\system32\OggDSuninst.exe"
Disc2Phone --> MsiExec.exe /I{6E65247F-58F9-41CA-BE69-0316F7907170}
DivX --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter --> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Download Accelerator Plus (DAP) --> E:\DAP\DAPREMOVE.EXE
DVD Solution --> "C:\Program Files\Uninstall_CDS.exe"
eMusic - 50 Free MP3 offer --> "D:\Winamp\eMusic\Uninst-eMusic-promotion.exe"
Enable S3 for USB Device --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Gigabyte\Enable S3 for USB Device\Uninst.isu"
Fraps --> "E:\Programy do nagrywania\Fraps\uninstall.exe"
Game Cam v1.4 --> MsiExec.exe /I{EBE7050B-7988-4BC3-BBFD-5C6828859483}
GIGABYTE VGA Utility Manager --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\GigaByte\VGA Utility Manager\Uninst.isu"
Gimnazjum_testy_2007 1.0 --> C:\Program Files\Gimnazjum_testy_2007\uninst.exe
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar3.dll"
Half-Life(R) 2 --> MsiExec.exe /I{D45EC259-4A19-4656-B588-C2C360DD18EA}
Headshot Player --> E:\Headshot Player\uninstall.exe
HijackThis 1.99.1 --> C:\DOCUME~1\GURU\USTAWI~1\Temp\Rar$EX00.797\HijackThis.exe /uninstall
hp deskjet 930c series (Tylko usuń) --> C:\Program Files\hp deskjet 930c series\hpfiui.exe -c -vdivid=HPF -vpnum=95 -vinstport=LPT1: -vproduct=930c -huninstall
InCD --> C:\WINDOWS\NuNInst.exe /UNINSTALL
Indeo® software --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Intel\Indeo\Uninst.isu" -c"C:\Program Files\Intel\Indeo\SavedSystemFiles\indounin.dll"
Jade Empire --> C:\WINDOWS\Uninstall Jade Empire.exe
Komputerowy Słownik Niemiecko-Polski 0.7.6 --> "C:\Program Files\NiemPol\unins000.exe"
LiveReg (Symantec Corporation) --> C:\Program Files\Common Files\Symantec Shared\LiveReg\VcSetup.exe /REMOVE
LiveUpdate 1.80 (Symantec Corporation) --> C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
Logitech Desktop Messenger --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\SETUP.exe" -l0x9 UNINSTALL -removeonly
Logitech SetPoint --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}\setup.exe" -l0x15 -removeonly
Microsoft Office 2000 Premium --> MsiExec.exe /I{00000415-78E1-11D2-B60F-006097C998E7}
mIRC --> "E:\mIRC\mirc.exe" -uninstall
Mozilla Firefox (2.0.0.3) --> C:\PROGRA~1\Mozilla Firefox\uninstall\helper.exe
Multimedia Launcher --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe" -uninstall
Nero OEM --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
Neverwinter Nights 2 --> C:\Program Files\InstallShield Installation Information\{F20C1251-1D0A-4944-B2AE-678581B33B19}\SETUP.EXE -runfromtemp -l0x0015 -removeonly
Nimo Codecs Pack v5.0 (Remove Only) --> "C:\Program Files\NimoCodec Pack\uninstall.exe"
NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI
Panda Internet Security 2007 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EEBA9416-3207-47E0-9022-116440599DBC}\SETUP.exe" -l0x15 -removeonly
PC DUAL SHOCK --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{42DC7D64-F389-4E37-B545-E7D674A97D66}\setup.exe" -l0x9 -removeonly
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
PowerProducer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\setup.exe" -uninstall
PPStream --> "E:\PPStream\unins000.exe"
Pro Evolution Soccer 6 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{EBB794ED-D282-4334-92FB-254481EFF514} /l1045
Real Alternative 1.48 --> "C:\Program Files\Real Alternative\unins000.exe"
Rozliczenie Roczne Rzeczpospolitej 2006 --> "C:\Program Files\Rozliczenie Roczne Rzeczpospolitej 2006\Odinstaluj.exe"
Sony Ericsson PC Suite 1.20.173 --> MsiExec.exe /I{C5ADA65A-7828-4D85-B071-ECC52B51F794}
Sony Ericsson Software --> C:\Program Files\SEMC\Sony Ericsson Handset Software\USBDriver\ZEBRUninstall.exe
Steam(TM) --> MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
Testy gimnazjalne 2006 --> C:\WINDOWS\IsUn0415.exe -f"C:\Program Files\Testy gimnazjalne 2006\Uninst.isu"
The Playa --> "C:\Program Files\The Playa\uninstall.exe"
ToCA Race Driver 3 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0297C87B-CC40-446F-865A-031B4FC0CF22}\Setup.exe" -l0x15 -removeonly
Ulead VideoStudio 8.0 SE DVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4F1DA6BF-3614-48A1-9970-9E90F646789E}\setup.exe" -l0x9
Winamp (remove only) --> "D:\Winamp\UninstWA.exe"
Windows Media Encoder 9 Series --> msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Encoder 9 Series --> MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Format SDK Hotfix - KB891122 --> "C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe"
Wolfenstein - Enemy Territory --> E:\WOLFEN~1\Uninstall\Unwise.exe /u E:\WOLFEN~1\Uninstall\Install.log
Xfire (remove only) --> "E:\Xfire\uninst.exe"


-- End of ComboScan: finished at 2007-04-19 at 19:58:46 ------------------------

[wojtas]

do ubicia masz pliki:

C:\WINDOWS\system32\tmp.reg
C:\WINDOWS\system32\sporder.dll

Autor postu otrzymał pochwałę

[Kirnin]

To wszystko? Jeżeli tak to bardzo dziękuje! Plusiki wędrują do Was

[snajper$]

Zapodaj jeszcze logi kontrolne