Hijack:
- Kod: Zaznacz wszystko
Logfile of HijackThis v1.99.1
Scan saved at 08:52, on 2008-01-25
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Lexmark 5200 series\lxbtbmgr.exe
C:\Program Files\Eset\nod32kui.exe
D:\Program Files\D-Tools\daemon.exe
C:\Program Files\Lexmark 5200 series\lxbtbmon.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
D:\Program Files\BitLord\BitLord.exe
D:\Program Files\AutoConnect\AutoConnect.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
D:\Program Files\Nero\Nero 8\Nero BackItUp\NBService.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
D:\Program Files\DriveHQ\DriveHQ Desktop Express\DriveHQRepository2.28.exe
D:\Program Files\Opera\Opera.exe
C:\Documents and Settings\Grzesiek\Pulpit\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\PROGRA~1\MICROS~1\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Tłumaczenie - {0D704FAD-66E9-4F0A-BFED-4F665770DDB3} - C:\Program Files\Techland\Common\InternetTranslator\InternetTranslator.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Lexmark 5200 series] "C:\Program Files\Lexmark 5200 series\lxbtbmgr.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [DAEMON Tools-1033] "D:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [PCSuiteTrayApplication] D:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "D:\Program Files\Nero\Nero 8\Nero BackItUp\NBKeyScan.exe"
O4 - HKCU\..\Run: [Gadu-Gadu] "D:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [BitComet] "D:\Program Files\BitLord\BitLord.exe"
O4 - HKCU\..\Run: [System Support] torrent.exe
O4 - HKCU\..\Run: [VoipBuster] "D:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe" -nosplash -minimized
O4 - HKCU\..\Run: [AutoConnect] D:\Program Files\AutoConnect\AutoConnect.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Twoje TVN24] "D:\Program Files\Pasek TVN24\tvn-ustawienia.exe"
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Wyślij obraz na &Telefon - res://D:\Program Files\MTPlugin\MTSend.dll/Plugin
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B46B0919-62BA-4D99-A5C4-916B57A6805C} - C:\Program Files\Techland\Common\InternetTranslator\InternetTranslator.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Techland\Common\InternetTranslator\InternetTranslator.dll,-103 - {B46B0919-62BA-4D99-A5C4-916B57A6805C} - C:\Program Files\Techland\Common\InternetTranslator\InternetTranslator.dll
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{393AC03D-E708-46C0-9879-3EBC05B6C672}: NameServer = 194.204.159.1 217.98.63.164
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\PROGRA~1\MICROS~1\Office12\GR99D3~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: WBSrv - D:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: bqxomdo - {23F50DA2-9BB5-45AA-8E4F-18873551331D} - C:\WINDOWS\bqxomdo.dll
O21 - SSODL: aswmklt - {8AA0E117-B2AD-4F2A-8602-23F865F573EA} - C:\WINDOWS\aswmklt.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: lxbt_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbtcoms.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - D:\Program Files\Nero\Nero 8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
Decard:
- Kod: Zaznacz wszystko
Deckard's System Scanner v20071014.68
Run by Grzesiek on 2008-01-25 08:27:04
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 5 Restore Point(s) --
13: 2008-01-25 07:27:09 UTC - RP114 - Deckard's System Scanner Restore Point
12: 2008-01-24 16:08:08 UTC - RP113 - ComboFix created restore point
11: 2008-01-18 09:30:08 UTC - RP112 - Punkt kontrolny systemu
10: 2008-01-13 13:59:56 UTC - RP111 - Punkt kontrolny systemu
9: 2008-01-11 15:45:51 UTC - RP110 - Installed Jasc Animation Shop 3
-- First Restore Point --
1: 2007-12-12 15:36:45 UTC - RP102 - Installed %1 %2.
Backed up registry hives.
Performed disk cleanup.
[color=red]Percentage of Memory in Use: 77% (more than 75%).[/color]
[color=red]Total Physical Memory: 511 MiB (512 MiB recommended).[/color]
[color=red]System Drive C: has 0.59 GiB (less than 15%) free.[/color]
-- HijackThis (run as Grzesiek.exe) --------------------------------------------
Unable to find log (file not found); running clone.
-- HijackThis Clone ------------------------------------------------------------
Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-01-25 08:29:32
Platform: Windows XP Dodatek Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:WINDOWSsystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32ati2evxx.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSsystem32ati2evxx.exe
C:WINDOWSexplorer.exe
C:Program FilesATI TechnologiesATI.ACECLI.exe
C:WINDOWSSOUNDMAN.EXE
C:Program FilesLexmark 5200 Serieslxbtbmgr.exe
C:Program FilesEsetnod32kui.exe
D:Program FilesD-Toolsdaemon.exe
C:Program FilesLexmark 5200 Serieslxbtbmon.exe
C:Program FilesJavajre1.6.0_03binjusched.exe
D:Program FilesBitLordBitLord.exe
D:Program FilesAutoConnectAutoConnect.exe
C:Program FilesCommon FilesNeroLibNMBgMonitor.exe
C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesBonjourmDNSResponder.exe
C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGmdm.exe
D:Program FilesNeroNero 8Nero BackItUpNBService.exe
C:Program FilesEsetnod32krn.exe
C:WINDOWSsystem32PSIService.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesCommon FilesNeroLibNMIndexingService.exe
C:Program FilesCommon FilesNeroLibNMIndexStoreSvr.exe
D:Program FilesDriveHQDriveHQ Desktop ExpressDriveHQRepository2.28.exe
D:Program FilesOperaOpera.exe
C:Documents and SettingsGrzesiekPulpitdss.exe
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://www.google.com/ie
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://www.google.com
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
R1 - HKCUSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = http://www.google.com/ie
R1 - HKCUSoftwareMicrosoftInternet ExplorerSearchURL,(Default) = http://www.google.com/search?q=%s
R1 - HKCUSoftwareMicrosoftInternet Connection Wizard,ShellNext = iexplore
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://www.google.com/ie
R1 - HKLMSoftwareMicrosoftInternet ExplorerSearch,Default_Search_URL = http://www.google.com/ie
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:Program FilesNeostrada TPSearchPageURL.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:Program FilesYahoo!CompanionInstallscpnyt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:Program FilesYahoo!CompanionInstallscpnyt.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:Program FilesSkypeToolbarsInternet ExplorerSkypeIEPlugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:Program FilesMicrosoft OfficeOffice12GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre1.6.0_03binssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:Program FilesGoogleGoogleToolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:Program FilesGoogleGoogleToolbarNotifier2.0.301.7164swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:Program FilesYahoo!CompanionInstallscpnyt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:Program FilesGoogleGoogleToolbar2.dll
O3 - Toolbar: &Tłumaczenie - {0D704FAD-66E9-4F0A-BFED-4F665770DDB3} - C:Program FilesTechlandCommonInternetTranslatorInternetTranslator.dll
O4 - HKLM..Run: [ATIPTA] C:Program FilesATI TechnologiesATI Control Panelatiptaxx.exe
O4 - HKLM..Run: [ATICCC] "C:Program FilesATI TechnologiesATI.ACEcli.exe" runtime
O4 - HKLM..Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM..Run: [Lexmark 5200 series] "C:Program FilesLexmark 5200 serieslxbtbmgr.exe"
O4 - HKLM..Run: [nod32kui] "C:Program FilesEsetnod32kui.exe" /WAITSERVICE
O4 - HKLM..Run: [DAEMON Tools-1033] "D:Program FilesD-Toolsdaemon.exe" -lang 1033
O4 - HKLM..Run: [PCSuiteTrayApplication] D:Program FilesNokiaNokia PC Suite 6LaunchApplication.exe -startup
O4 - HKLM..Run: [SunJavaUpdateSched] "C:Program FilesJavajre1.6.0_03binjusched.exe"
O4 - HKLM..Run: [NeroFilterCheck] C:Program FilesCommon FilesNeroLibNeroCheck.exe
O4 - HKLM..Run: [NBKeyScan] "D:Program FilesNeroNero 8Nero BackItUpNBKeyScan.exe"
O4 - HKCU..Run: [Gadu-Gadu] "D:Program FilesGadu-Gadugg.exe" /tray
O4 - HKCU..Run: [BitComet] "D:Program FilesBitLordBitLord.exe"
O4 - HKCU..Run: [System Support] torrent.exe
O4 - HKCU..Run: [VoipBuster] "D:Program FilesVoipBuster.comVoipBusterVoipBuster.exe" -nosplash -minimized
O4 - HKCU..Run: [AutoConnect] D:Program FilesAutoConnectAutoConnect.exe
O4 - HKCU..Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:Program FilesCommon FilesNeroLibNMBgMonitor.exe"
O4 - HKCU..Run: [swg] C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe
O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 - HKCU..Run: [Twoje TVN24] "D:Program FilesPasek TVN24tvn-ustawienia.exe"
O4 - HKUSS-1-5-19..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUSS-1-5-20..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'SYSTEM')
O4 - HKUSS-1-5-18..Run: [ATICCC] "C:Program FilesATI TechnologiesATI.ACEcli.exe" runtime (User 'SYSTEM')
O4 - HKUSS-1-5-18..Run: [PcSync] D:Program FilesNokiaNokia PC Suite 6PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'Default user')
O4 - HKUS.DEFAULT..Run: [ATICCC] "C:Program FilesATI TechnologiesATI.ACEcli.exe" runtime (User 'Default user')
O4 - HKUS.DEFAULT..Run: [PcSync] D:Program FilesNokiaNokia PC Suite 6PcSync2.exe /NoDialog (User 'Default user')
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://D:PROGRA~1MICROS~1Office12EXCEL.EXE/3000
O8 - Extra context menu item: Wyślij obraz na &Telefon - res://D:Program FilesMTPluginMTSend.dll/Plugin
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_03binssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_03binssv.dll
O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:Program FilesMicrosoft OfficeOffice12ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:Program FilesMicrosoft OfficeOffice12ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:Program FilesSkypeToolbarsInternet ExplorerSkypeIEPlugin.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: (no name) - {B46B0919-62BA-4D99-A5C4-916B57A6805C} - C:Program FilesTechlandCommonInternetTranslatorInternetTranslator.dll
O9 - Extra 'Tools' menuitem: @C:Program FilesTechlandCommonInternetTranslatorInternetTranslator.dll,-103 - {B46B0919-62BA-4D99-A5C4-916B57A6805C} - C:Program FilesTechlandCommonInternetTranslatorInternetTranslator.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:Program FilesYahoo!Commonyinsthelper.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKLMSYSTEMCCSServicesTcpip..{393AC03D-E708-46C0-9879-3EBC05B6C672}: NameServer = 194.204.159.1 217.98.63.164
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:Program FilesMicrosoft OfficeOffice12GrooveSystemServices.dll
O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:Program FilesCommon FilesMicrosoft SharedHelphxds.dll
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:Program FilesCommon FilesMicrosoft SharedWeb Components11OWC11.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:Program FilesCommon FilesSkypeSkype4COM.dll
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:Program FilesCommon FilesMicrosoft SharedOFFICE11MSOXMLMF.DLL
O20 - AppInit_DLLs: wbsys.dll
O21 - SSODL: bqxomdo - {23F50DA2-9BB5-45AA-8E4F-18873551331D} - C:WINDOWSbqxomdo.dll
O21 - SSODL: aswmklt - {8AA0E117-B2AD-4F2A-8602-23F865F573EA} - C:WINDOWSaswmklt.dll
O22 - SharedTaskScheduler: depreciable - {716002db-288c-4bf0-80cd-a467e78d8b55} - C:WINDOWSsystem32dxovx.dll (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:WINDOWSsystem32ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:WINDOWSsystem32ati2sgag.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:Program FilesBonjourmDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:Program FilesCommon FilesMacrovision SharedFLEXnet PublisherFNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
O23 - Service: lxbt_device - Lexmark International, Inc. - C:WINDOWSsystem32lxbtcoms.exe
O23 - Service: Nero BackItUp Scheduler 3 - Unknown owner - D:Program FilesNeroNero 8Nero
O23 - Service: NMIndexingService - Nero AG - C:Program FilesCommon FilesNeroLibNMIndexingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:Program FilesEsetnod32krn.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:WINDOWSsystem32PSIService.exe
O23 - Service: ServiceLayer - Nokia. - C:Program FilesPC Connectivity SolutionServiceLayer.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:WINDOWSprivacy_dangerindex.htm
--
End of file - 10829 bytes
-- File Associations -----------------------------------------------------------
[COLOR=red].cpl - cplfile - shellcplopencommand - rundll32.exe shell32.dll,Control_RunDLL "%1",%*[/COLOR]
[COLOR=red].cpl - cplfile - shellrunascommand - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%*[/COLOR]
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R0 d344bus - c:windowssystem32driversd344bus.sys
R0 d344prt - c:windowssystem32driversd344prt.sys
R3 actser - c:windowssystem32driversactser.sys <Not Verified; Siemens AG; Actser Filter Driver>
R3 vsbus (Virtual Serial Bus Enumerator) - c:windowssystem32driversvsb.sys
S3 GVCplDrv - c:windowssystem32driversgvcpldrv.sys
S3 vserial (ELTIMA Virtual Serial Ports Driver) - c:windowssystem32driversvserial.sys
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 Bonjour Service (##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##) - "c:program filesbonjourmdnsresponder.exe" <Not Verified; Apple Computer, Inc.; Bonjour>
R2 Nero BackItUp Scheduler 3 - d:program filesneronero 8nero backitupnbservice.exe
S2 ProtexisLicensing - c:windowssystem32psiservice.exe <Not Verified; ; PSIService>
S3 FLEXnet Licensing Service - "c:program filescommon filesmacrovision sharedflexnet publisherfnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>
S3 ServiceLayer - "c:program filespc connectivity solutionservicelayer.exe" <Not Verified; Nokia.; PC Connectivity Solution>
-- Device Manager: Disabled ----------------------------------------------------
No disabled devices found.
-- Files created between 2007-12-25 and 2008-01-25 -----------------------------
2008-01-25 08:02:55 0 d-------- C:WINDOWSprivacy_danger
2008-01-24 11:05:51 147456 --a------ C:WINDOWSfvqkfsp.exe
2008-01-24 11:05:51 204800 --a------ C:WINDOWSelfwgps.dll <Not Verified; ; elfwgps Module>
2008-01-24 11:05:51 311296 --a------ C:WINDOWSbqxomdo.dll
2008-01-24 11:05:51 258048 --a------ C:WINDOWSaswmklt.dll <Not Verified; ; aswmklt>
2008-01-24 11:04:21 0 d-------- C:Program FilesMediaEntertainmentCodec
2008-01-23 17:21:17 0 d-------- C:Program FilesMIKSOFT
2008-01-23 17:13:46 0 --a------ C:Documents
2008-01-23 17:13:11 0 d-------- C:ringtoneexport
2008-01-23 17:12:39 91 --a------ C:WINDOWSsystem32buyurl-mmp.dat
2008-01-11 16:45:04 0 d-------- C:Program FilesJasc Software Inc
-- Find3M Report ---------------------------------------------------------------
2008-01-25 08:06:20 467200 --a------ C:WINDOWSsystem32perfh015.dat
2008-01-25 08:06:20 82422 --a------ C:WINDOWSsystem32perfc015.dat
2008-01-23 17:20:03 0 d-------- C:Documents and SettingsGrzesiekDane aplikacjiNokia Multimedia Player
2008-01-23 17:12:52 0 d--h----- C:Program FilesInstallShield Installation Information
2008-01-23 16:27:24 0 d-------- C:Documents and SettingsGrzesiekDane aplikacjiCorel
2008-01-23 16:24:31 2672 --ahs---- C:WINDOWSsystem32KGyGaAvL.sys
2008-01-23 16:24:30 88 -r-hs---- C:WINDOWSsystem324F8585456D.sys
2008-01-18 18:44:07 0 d-------- C:Program FilesNeostrada TP
2008-01-14 16:14:09 0 d-------- C:Documents and SettingsGrzesiekDane aplikacjiHamachi
2008-01-11 16:46:12 0 d-------- C:Documents and SettingsGrzesiekDane aplikacjiJasc
2008-01-05 17:34:58 0 d-------- C:Documents and SettingsGrzesiekDane aplikacjiSkype
2007-12-12 16:38:11 0 d-------- C:Program FilesMSBuild
2007-12-12 16:27:31 0 d-------- C:Program FilesMSXML 6.0
2007-12-01 16:55:33 0 d-------- C:Documents and SettingsGrzesiekDane aplikacjiAdobe
2007-11-28 17:37:28 0 d-------- C:Program FilesCommon Files
2007-11-28 17:37:28 0 d-------- C:Program FilesCommon FilesFuturemark Shared
2007-11-28 17:37:12 0 d-------- C:Documents and SettingsGrzesiekDane aplikacjiInstallShield
2007-11-21 17:16:28 74752 --a------ C:WINDOWScadkasdeinst01e.exe
2007-11-02 19:24:37 796672 --a------ C:WINDOWSGPInstall.exe <Not Verified; Qsc; GP-Install>
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
"ATIPTA"="C:Program FilesATI TechnologiesATI Control Panelatiptaxx.exe" [2004-08-25 12:52]
"ATICCC"="C:Program FilesATI TechnologiesATI.ACEcli.exe" [2004-08-25 14:25]
"SoundMan"="SOUNDMAN.EXE" [2004-07-01 19:23 C:WINDOWSSOUNDMAN.EXE]
"Lexmark 5200 series"="C:Program FilesLexmark 5200 serieslxbtbmgr.exe" [2004-03-25 14:35]
"nod32kui"="C:Program FilesEsetnod32kui.exe" [2007-03-24 13:49]
"DAEMON Tools-1033"="D:Program FilesD-Toolsdaemon.exe" [2003-12-27 19:43]
"PCSuiteTrayApplication"="D:Program FilesNokiaNokia PC Suite 6LaunchApplication.exe" [2007-01-23 10:19]
"SunJavaUpdateSched"="C:Program FilesJavajre1.6.0_03binjusched.exe" [2007-09-25 00:11]
"NeroFilterCheck"="C:Program FilesCommon FilesNeroLibNeroCheck.exe" [2007-03-01 14:57]
"NBKeyScan"="D:Program FilesNeroNero 8Nero BackItUpNBKeyScan.exe" [2007-08-08 08:25]
[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
"Gadu-Gadu"="D:Program FilesGadu-Gadugg.exe" [2007-01-30 15:58]
"BitComet"="D:Program FilesBitLordBitLord.exe" [2005-05-07 01:47]
"System Support"="torrent.exe" []
"VoipBuster"="D:Program FilesVoipBuster.comVoipBusterVoipBuster.exe" []
"AutoConnect"="D:Program FilesAutoConnectAutoConnect.exe" [2004-08-28 19:27]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:Program FilesCommon FilesNeroLibNMBgMonitor.exe" [2007-08-03 11:51]
"swg"="C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe" [2007-10-12 19:27]
"ctfmon.exe"="C:WINDOWSsystem32ctfmon.exe" [2004-08-04 13:00]
"Twoje TVN24"="D:Program FilesPasek TVN24tvn-ustawienia.exe" [2007-11-27 17:06]
[HKEY_USERS.defaultsoftwaremicrosoftwindowscurrentversionrun]
"ATICCC"="C:Program FilesATI TechnologiesATI.ACEcli.exe" runtime
"PcSync"=D:Program FilesNokiaNokia PC Suite 6PcSync2.exe /NoDialog
[HKEY_CURRENT_USERsoftwaremicrosoftinternet explorerdesktopcomponents]
= file:///C:WINDOWSprivacy_dangerindex.htm
= Privacy Protection[
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerSharedTaskScheduler]
716002db-288c-4bf0-80cd-a467e78d8b55}"= C:WINDOWSsystem32dxovx.dll [ ][
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoad]"
bqxomdo"= {23F50DA2-9BB5-45AA-8E4F-18873551331D} - C:WINDOWSbqxomdo.dll [2008-01-23 05:25 311296]"
aswmklt"= {8AA0E117-B2AD-4F2A-8602-23F865F573EA} - C:WINDOWSaswmklt.dll [2008-01-23 05:25 258048][
HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwinlogonnotifyWBSrv] D
:PROGRA~1StardockOBJECT~1WINDOW~1wbsrv.dll 2007-06-10 18:59 176128 D:PROGRA~1StardockOBJECT~1WINDOW~1WbSrv.dll[
HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwindows]"
appinit_dlls"=wbsys.dll[
HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupfolderC:^Documents and Settings^All Users^Menu Start^Programy^Autostart^ATI CATALYST System Tray.lnk]
=C:Documents and SettingsAll UsersMenu StartProgramyAutostartATI CATALYST System Tray.lnk
=C:WINDOWSpssATI CATALYST System Tray.lnkCommon Startup[
HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupfolderC:^Documents and Settings^Grzesiek^Menu Start^Programy^Autostart^Mobile Phone Manager.lnk]
=C:Documents and SettingsGrzesiekMenu StartProgramyAutostartMobile Phone Manager.lnk
=C:WINDOWSpssMobile Phone Manager.lnkStartup[
HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupfolderC:^Documents and Settings^Grzesiek^Menu Start^Programy^Autostart^Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk]
=C:Documents and SettingsGrzesiekMenu StartProgramyAutostartTworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk
=C:WINDOWSpssTworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnkStartup[
HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregBearShare]"
D:Program FilesBearShareBearShare.exe" /pause[
HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregCafeNews]D
:Program FilesCafeNewsCN.exe /autostart[
HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregDriveHQ FileManager]"
D:Program FilesDriveHQDriveHQ FileManagerDriveHQClient.exe" autorun[
HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregGrooveMonitor]"
D:Program FilesMicrosoft OfficeOffice12GrooveMonitor.exe"[
HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregNeroFilterCheck]C
:WINDOWSsystem32NeroCheck.exe[
HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSkype]"
C:Program FilesSkypePhoneSkype.exe" /nosplash /minimized[
HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSpeedTouch USB Diagnostics]"
C:Program FilesThomsonSpeedTouch USBDragdiag.exe" /icon[
HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregWinampAgent]D
:Program FilesWinampwinampa.exe[
HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregWooCnxMon]C
:PROGRA~1NEOSTR~1CnxMon.exe[
HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregWOOTASKBARICON]C
:PROGRA~1NEOSTR~1TaskbarIcon.exe[
HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregWOOWATCH]C
:PROGRA~1NEOSTR~1Watch.exe[
HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{5a440b0c-c114-11dc-bd23-000e50d7fe73}]
- I:USBNB.exe[
HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{99bade41-c11b-11db-9a96-806d6172696f}]
- E:start.exe-
- End of Deckard's System Scanner: finished at 2008-01-25 08:30:22 ------------
