- High Definition Audio
- Videocontroller (VGA)
- Videocontroller
- Ethernet-controller
I wyskakuje jakis blad z ATI-configuratiescherm (po angielsku to control panel).
Plyty zostaly w Polsce (jakbym miala to bym zainstalowala). Nie mozna jakos inaczej np. zainstalowac glos?
Aha, jeszcze internet dziwnie chodzi (dziwnie przewija i wooolno)
Z gory dziekuje
+ Logi z HiJackThis, Silent Runners i Comboscan
- Kod: Zaznacz wszystko
Logfile of HijackThis v1.99.1
Scan saved at 20:58:52, on 4-5-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Protexis\License Service\PSIService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\CASIO\Photo Loader\Plauto.exe
C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe
C:\Program Files\Ares\Ares.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\SYSTEM32\cidaemon.exe
C:\Documents and Settings\Kasienka\Bureaublad\hijackthis_199\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wp.pl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {57E218E6-5A80-4f0c-AB25-83598F25D7E9} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: (no name) - {B07CB267-5E6F-441F-9B3C-324EFE70F897} - (no file)
O2 - BHO: (no name) - {CDF58B49-E8C4-482E-85A2-D6CFD5C5A158} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [Snelkoppeling naar eigenschappenvenster voor High Definition Audio] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Photo Loader supervisory.lnk = C:\Program Files\CASIO\Photo Loader\Plauto.exe
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.hetnet.nl/
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Belkin Wireless USB Network Adapter (Belkin Wireless USB Network Adapter Service) - GRISOFT, s.r.o. - (no file)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Program Files\Common Files\Protexis\License Service\PSIService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
"Silent Runners.vbs", revision R50, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"swg" = "C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" ["Google Inc."]
"updateMgr" = "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9" ["Adobe Systems Incorporated"]
"ares" = ""C:\Program Files\Ares\Ares.exe" -h" ["Ares Development Group"]
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"Snelkoppeling naar eigenschappenvenster voor High Definition Audio" = "HDAShCut.exe" ["Windows (R) Server 2003 DDK provider"]
"SoundMan" = "SOUNDMAN.EXE" ["Realtek Semiconductor Corp."]
"AlcWzrd" = "ALCWZRD.EXE" ["RealTek Semicoductor Corp."]
"ATIPTA" = ""C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"" ["ATI Technologies, Inc."]
"NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]
"type32" = ""C:\Program Files\Microsoft IntelliType Pro\type32.exe"" [MS]
"IntelliPoint" = ""C:\Program Files\Microsoft IntelliPoint\point32.exe"" [MS]
"SunJavaUpdateSched" = "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" ["Sun Microsystems, Inc."]
"OpwareSE2" = ""C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"" ["ScanSoft, Inc."]
"ISUSPM Startup" = "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup" ["Macrovision Corporation"]
"ISUSScheduler" = ""C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start" ["Macrovision Corporation"]
"ISUSPM" = ""C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler" ["Macrovision Corporation"]
"!AVG Anti-Spyware" = ""C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized" ["Anti-Malware Development a.s."]
HKLM\Software\Microsoft\Active Setup\Installed Components\
<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}\(Default) = "IE7 Uninstall Stub"
\StubPath = "C:\WINDOWS\system32\ieudinit.exe" [MS]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Adobe PDF Reader Link Helper"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
-> {HKLM...CLSID} = "SSVHelper Class"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."]
{AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Google Toolbar Helper"
\InProcServer32\(Default) = "c:\program files\google\googletoolbar3.dll" ["Google Inc."]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal-pictogramuitbreiding"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
"{97FA8AA2-EE77-4FF2-9449-424D8924EF21}" = "IntelliType Pro Zooming Control Panel Property Page"
-> {HKLM...CLSID} = "IntelliType Pro Zooming Property Page"
\InProcServer32\(Default) = ""C:\Program Files\Microsoft IntelliType Pro\itcplzm.dll"" [MS]
"{111D8120-25EB-4E1C-A4DF-C9EE5FCA35CB}" = "IntelliType Pro Scrolling Control Panel Property Page"
-> {HKLM...CLSID} = "IntelliType Pro Scrolling Property Page"
\InProcServer32\(Default) = ""C:\Program Files\Microsoft IntelliType Pro\itcplwhl.dll"" [MS]
"{ED6E87C6-8A83-43aa-8208-8DBC8247F4D2}" = "IntelliType Pro Key Settings Control Panel Property Page"
-> {HKLM...CLSID} = "IntelliType Pro Key Settings Property Page"
\InProcServer32\(Default) = ""C:\Program Files\Microsoft IntelliType Pro\itcplkey.dll"" [MS]
"{A2569D1F-4E06-43EC-9825-0088B471BE47}" = "IntelliType Pro Wireless Control Panel Property Page"
-> {HKLM...CLSID} = "IntelliType Pro Wireless Control Panel Property Page"
\InProcServer32\(Default) = ""C:\Program Files\Microsoft IntelliType Pro\itcplwir.dll"" [MS]
"{20082881-FC36-4E47-9A7A-644C95FF749F}" = "IntelliPoint Wireless Control Panel Property Page"
-> {HKLM...CLSID} = "Wireless Property Page"
\InProcServer32\(Default) = ""C:\Program Files\Microsoft IntelliPoint\ipcplwir.dll"" [MS]
"{AF90F543-6A3A-4C1B-8B16-ECEC073E69BE}" = "IntelliPoint Wheel Control Panel Property Page"
-> {HKLM...CLSID} = "Wheel Property Page"
\InProcServer32\(Default) = ""C:\Program Files\Microsoft IntelliPoint\ipcplwhl.dll"" [MS]
"{653DCCC2-13DB-45B2-A389-427885776CFE}" = "IntelliPoint Activities Control Panel Property Page"
-> {HKLM...CLSID} = "Activities Property Page"
\InProcServer32\(Default) = ""C:\Program Files\Microsoft IntelliPoint\ipcplact.dll"" [MS]
"{124597D8-850A-41AE-849C-017A4FA99CA2}" = "IntelliPoint Buttons Control Panel Property Page"
-> {HKLM...CLSID} = "Buttons Property Page"
\InProcServer32\(Default) = ""C:\Program Files\Microsoft IntelliPoint\ipcplbtn.dll"" [MS]
"{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"
-> {HKLM...CLSID} = "Microsoft Office Outlook"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\OFFICE11\MLSHEXT.DLL" [MS]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"
-> {HKLM...CLSID} = "Rozszerzenie ikon plików programu Outlook"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\OFFICE11\OLKFSTUB.DLL" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
<<!>> "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}" = "AVG Anti-Spyware 7.5"
-> {HKLM...CLSID} = "CShellExecuteHookImpl Object"
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" ["Anti-Malware Development a.s."]
HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\
"WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
-> {HKLM...CLSID} = "WPDShServiceObj Class"
\InProcServer32\(Default) = "C:\WINDOWS\system32\WPDShServiceObj.dll" [MS]
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
<<!>> AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."]
HKLM\Software\Classes\PROTOCOLS\Filter\
<<!>> text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]
HKLM\Software\Classes\Folder\shellex\ColumnHandlers\
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
-> {HKLM...CLSID} = "PDF Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]
HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
AVG Anti-Spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"
-> {HKLM...CLSID} = "CContextScan Object"
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll" ["Anti-Malware Development a.s."]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
AVG Anti-Spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"
-> {HKLM...CLSID} = "CContextScan Object"
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll" ["Anti-Malware Development a.s."]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
Group Policies {policy setting}:
--------------------------------
Note: detected settings may not have any effect.
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
"EditLevel" = (REG_DWORD) hex:0x00000000
{unrecognized setting}
"NoRun" = (REG_DWORD) hex:0x00000000
{unrecognized setting}
"NoClose" = (REG_DWORD) hex:0x00000000
{unrecognized setting}
"NoSaveSettings" = (REG_DWORD) hex:0x00000000
{Don't save settings at exit}
"NoFileMenu" = (REG_DWORD) hex:0x00000000
{unrecognized setting}
"NoCommonGroups" = (REG_DWORD) hex:0x00000000
{unrecognized setting}
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\
"DisableRegistryTools" = (REG_DWORD) hex:0x00000000
{Prevent access to registry editing tools}
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\
"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001
{Shutdown: Allow system to be shut down without having to log on}
"undockwithoutlogon" = (REG_DWORD) hex:0x00000001
{Devices: Allow undock without having to log on}
Active Desktop and Wallpaper:
-----------------------------
Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"
Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\Kasienka\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"
Enabled Screen Saver:
---------------------
HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\system32\ssstars.scr" [MS]
Startup items in "Kasienka" & "All Users" startup folders:
----------------------------------------------------------
C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten
"Adobe Reader Snelle start" -> shortcut to: "C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe" ["Adobe Systems Incorporated"]
"Photo Loader supervisory" -> shortcut to: "C:\Program Files\CASIO\Photo Loader\Plauto.exe" ["CASIO COMPUTER CO.,LTD."]
Enabled Scheduled Tasks:
------------------------
"AB05C5AE9116437E" -> launches: "c:\docume~1\kasienka\applic~1\fast4s~1\two phone mode.exe" [file not found]
"RegCure Program Check" -> launches: "C:\Program Files\RegCure\RegCure.exe ShowReminders" [null data]
"RegCure" -> launches: "C:\Program Files\RegCure\RegCure.exe -t" [null data]
Winsock2 Service Provider DLLs:
-------------------------------
Namespace Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
Transport Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 15
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05
Toolbars, Explorer Bars, Extensions:
------------------------------------
Toolbars
HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"
-> {HKLM...CLSID} = "&Google"
\InProcServer32\(Default) = "c:\program files\google\googletoolbar3.dll" ["Google Inc."]
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"
-> {HKLM...CLSID} = "&Google"
\InProcServer32\(Default) = "c:\program files\google\googletoolbar3.dll" ["Google Inc."]
HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = (no title provided)
-> {HKLM...CLSID} = "&Google"
\InProcServer32\(Default) = "c:\program files\google\googletoolbar3.dll" ["Google Inc."]
"{327C2873-E90D-4C37-AA9D-10AC9BABA46C}" = "Easy-WebPrint"
-> {HKLM...CLSID} = "Easy-WebPrint"
\InProcServer32\(Default) = "C:\Program Files\Canon\Easy-WebPrint\Toolband.dll" [null data]
Explorer Bars
HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\
HKLM\Software\Classes\CLSID\{03C1C47F-0538-4645-8372-D3109B9FC636}\(Default) = "Easy-WebPrint"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\Program Files\Canon\Easy-WebPrint\Toolband.dll" [null data]
HKLM\Software\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Badanie"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL" [MS]
Extensions (Tools menu items, main toolbar menu buttons)
HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}"
-> {HKCU...CLSID} = "Java Plug-in"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."]
-> {HKLM...CLSID} = "Java Plug-in 1.5.0_06"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll" ["Sun Microsystems, Inc."]
{92780B25-18CC-41C8-B9BE-3C9C571A8263}\
"ButtonText" = "Badanie"
{E2E2DD38-D088-4134-82B7-F2BA38496583}\
"MenuText" = "@xpsp3res.dll,-20001"
"Exec" = "%windir%\Network Diagnostic\xpnetdiag.exe" [MS]
{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "@C:\Program Files\Messenger\Msgslang.dll,-61144"
"MenuText" = "@C:\Program Files\Messenger\Msgslang.dll,-61144"
"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]
Miscellaneous IE Hijack Points
------------------------------
C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings")
Added lines (compared with English-language version):
[Strings]: START_PAGE_URL=http://www.hetnet.nl/
Missing lines (compared with English-language version):
[Strings]: 1 line
Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------
AVG Anti-Spyware Guard, AVG Anti-Spyware Guard, "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe" ["Anti-Malware Development a.s."]
ProtexisLicensing, ProtexisLicensing, ""C:\Program Files\Common Files\Protexis\License Service\PSIService.exe"" [null data]
SNMP Trap-service, SNMPTRAP, "C:\WINDOWS\System32\snmptrap.exe" [MS]
TCP/IP Print Server, LPDSVC, "C:\WINDOWS\system32\tcpsvcs.exe" [MS]
Print Monitors:
---------------
HKLM\System\CurrentControlSet\Control\Print\Monitors\
Canon BJ Language Monitor MP500\Driver = "CNMLM7L.DLL" ["CANON INC."]
LPR Port\Driver = "lprmon.dll" [MS]
Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS]
Microsoft Shared Fax Monitor\Driver = "FXSMON.DLL" [MS]
----------
<<!>>: Suspicious data at a malware launch point.
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
took 9 seconds.
---------- (total run time: 47 seconds)
- Kod: Zaznacz wszystko
ComboScan v20070306.20 run by Kasienka on 2007-05-04 at 21:00:49
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- HijackThis (run as Kasienka.exe) --------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 21:00:50, on 4-5-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Protexis\License Service\PSIService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\CASIO\Photo Loader\Plauto.exe
C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe
C:\Program Files\Ares\Ares.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\SYSTEM32\cidaemon.exe
C:\Documents and Settings\Kasienka\Bureaublad\hijackthis_199\comboscan.exe
C:\DOCUME~1\Kasienka\BUREAU~1\HIJACK~1\Kasienka.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wp.pl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {57E218E6-5A80-4f0c-AB25-83598F25D7E9} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: (no name) - {B07CB267-5E6F-441F-9B3C-324EFE70F897} - (no file)
O2 - BHO: (no name) - {CDF58B49-E8C4-482E-85A2-D6CFD5C5A158} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [Snelkoppeling naar eigenschappenvenster voor High Definition Audio] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Photo Loader supervisory.lnk = C:\Program Files\CASIO\Photo Loader\Plauto.exe
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.hetnet.nl/
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Belkin Wireless USB Network Adapter (Belkin Wireless USB Network Adapter Service) - GRISOFT, s.r.o. - (no file)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Program Files\Common Files\Protexis\License Service\PSIService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
-- Files created between 2007-04-04 and 2007-05-04 -----------------------------
2007-05-04 20:43:28 0 d-------- C:\WINDOWS\LastGood
2007-05-04 20:41:42 0 d-------- C:\Documents and Settings\LocalService\Application Data\Adobe
2007-05-04 20:41:37 0 d-------- C:\Documents and Settings\LocalService\Bureaublad<BUREAU~1>
2007-05-04 20:41:07 8704 --a------ C:\WINDOWS\system32\snmptrap.exe
2007-05-04 20:41:07 6144 --a------ C:\WINDOWS\system32\snmpmib.dll
2007-05-04 20:41:07 32768 --a------ C:\WINDOWS\system32\snmp.exe
2007-05-04 20:41:07 19456 --a------ C:\WINDOWS\system32\lprmon.dll
2007-05-04 20:41:07 23040 --a------ C:\WINDOWS\system32\lpdsvc.dll
2007-05-04 20:41:07 39936 --a------ C:\WINDOWS\system32\hostmib.dll
2007-05-04 20:41:07 94208 --a------ C:\WINDOWS\system32\evntwin.exe
2007-05-04 20:41:07 25600 --a------ C:\WINDOWS\system32\evntcmd.exe
2007-05-04 20:41:07 106496 --a------ C:\WINDOWS\system32\evntagnt.dll
2007-05-04 20:41:05 33792 --a------ C:\WINDOWS\system32\lmmib2.dll
2007-05-03 20:48:16 15175296 --a------ C:\mwav.exe
2007-05-03 17:23:34 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard<WISEIN~1>
2007-05-03 17:22:37 0 d-------- C:\VundoFix Backups<VUNDOF~1>
2007-05-03 17:13:56 79360 --a------ C:\WINDOWS\system32\swxcacls.exe
2007-05-03 17:13:56 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-05-03 17:13:56 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-05-03 15:39:35 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2007-05-03 14:30:25 0 d-a------ C:\WINDOWS\zts2.exe
2007-05-03 14:30:25 0 d-a------ C:\WINDOWS\system32\vcmgcd32.dll
2007-05-03 14:30:25 0 d-a------ C:\WINDOWS\system32\iifgfgf.dll
2007-05-03 14:30:25 0 d-a------ C:\WINDOWS\rundll16.exe
2007-05-03 14:30:25 0 d-a------ C:\WINDOWS\rundl132.dll
2007-05-03 14:30:25 0 d-a------ C:\WINDOWS\logo1_.exe
2007-05-03 14:28:09 140800 --a------ C:\WINDOWS\system32\TASKMGR.COM
2007-05-03 14:28:09 140800 --a------ C:\WINDOWS\system32\T.COM
2007-05-03 14:28:09 153088 --a------ C:\WINDOWS\REGEDIT.COM
2007-05-03 14:28:09 153088 --a------ C:\WINDOWS\R.COM
2007-05-02 17:06:48 0 d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2007-05-02 16:02:50 0 d-------- C:\Documents and Settings\Kasienka\.jpi_cache<JPI_CA~1>
2007-05-02 16:02:49 0 d-------- C:\Documents and Settings\Kasienka\.java<JAVA~1>
2007-05-02 15:46:03 3968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-05-02 15:16:31 0 d-------- C:\Program Files\Grisoft
2007-04-26 15:07:26 0 d-------- C:\Program Files\Philips Firmware Manager<PHILIP~1>
2007-04-26 13:54:16 22216 -ra------ C:\WINDOWS\system32\drivers\pdms7.sys
2007-04-26 13:52:41 0 d-------- C:\Program Files\Common Files\Adobe
2007-04-26 13:52:34 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2007-04-26 13:47:26 68204 --a------ C:\WINDOWS\system32\drivers\StMp3Rec.sys
2007-04-26 13:47:21 0 d-------- C:\Program Files\Philips
2007-04-20 23:11:45 0 d-------- C:\Program Files\Real
2007-04-20 23:11:45 0 d-------- C:\Program Files\Common Files\Real
2007-04-20 23:11:25 0 d-------- C:\Documents and Settings\Kasienka\Application Data\Real
2007-04-20 23:07:56 0 d-------- C:\My Downloads<MYDOWN~1>
2007-04-20 23:06:04 0 d-------- C:\Program Files\InterVideo Information Service<INTERV~2>
2007-04-20 23:06:04 0 d-------- C:\Program Files\Common Files\Ulead
2007-04-20 23:04:27 81768 --a------ C:\WINDOWS\system32\xinput1_3.dll<XINPUT~4.DLL>
2007-04-20 23:04:26 261480 --a------ C:\WINDOWS\system32\xactengine2_7.dll<XA3466~1.DLL>
2007-04-20 23:04:26 443752 --a------ C:\WINDOWS\system32\d3dx10_33.dll<D3DX10~1.DLL>
2007-04-20 23:04:26 1123696 --a------ C:\WINDOWS\system32\D3DCompiler_33.dll<D3DCOM~1.DLL>
2007-04-20 23:04:25 3495784 --a------ C:\WINDOWS\system32\d3dx9_33.dll
2007-04-20 23:04:24 255848 --a------ C:\WINDOWS\system32\xactengine2_6.dll<XA3066~1.DLL>
2007-04-20 23:04:24 251672 --a------ C:\WINDOWS\system32\xactengine2_5.dll<XA3C56~1.DLL>
2007-04-20 23:04:24 237848 --a------ C:\WINDOWS\system32\xactengine2_4.dll<XA3856~1.DLL>
2007-04-20 23:04:24 15128 --a------ C:\WINDOWS\system32\x3daudio1_1.dll<X3DAUD~2.DLL>
2007-04-20 23:04:24 3426072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2007-04-20 23:04:24 2414360 --a------ C:\WINDOWS\system32\d3dx9_31.dll
2007-04-20 23:04:23 62744 --a------ C:\WINDOWS\system32\xinput1_2.dll<XINPUT~3.DLL>
2007-04-20 23:04:23 236824 --a------ C:\WINDOWS\system32\xactengine2_3.dll<XACTEN~4.DLL>
2007-04-20 23:04:20 2297552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2007-04-20 23:01:46 0 d--h----- C:\WINDOWS\msdownld.tmp
2007-04-20 20:51:35 0 d-------- C:\Program Files\Common Files\Corel
2007-04-20 20:51:35 0 d-------- C:\Documents and Settings\All Users\Application Data\Corel
2007-04-20 20:50:14 0 d-------- C:\Program Files\Rawshooter<RAWSHO~1>
2007-04-20 20:50:14 0 d-------- C:\Program Files\Polish
2007-04-20 20:50:14 0 d-------- C:\Program Files\Czech
2007-04-20 20:49:46 0 d-------- C:\Program Files\CGS13
2007-04-20 20:49:45 2405928 --a------ C:\Program Files\autorun.exe
2007-04-20 20:49:45 0 d-------- C:\Program Files\AutoPlay
2007-04-20 20:21:26 0 d-------- C:\Documents and Settings\All Users\Application Data\roam play vga pop<ROAMPL~1>
2007-04-20 20:21:08 0 d-------- C:\Program Files\fast4size<FAST4S~1>
2007-04-20 20:21:08 0 d-------- C:\Documents and Settings\Kasienka\Application Data\fast4size<FAST4S~1>
2007-04-20 20:21:01 0 d-------- C:\Documents and Settings\Kasienka\Application Data\NetPumper<NETPUM~1>
2007-04-20 20:20:58 0 d-------- C:\Program Files\NetPumper<NETPUM~1>
2007-04-20 19:49:39 0 d-------- C:\Documents and Settings\Kasienka\Application Data\Bitstream<BITSTR~1>
2007-04-20 17:42:02 88 -r-hs---- C:\WINDOWS\system32\B15483F58E.sys<B15483~1.SYS>
2007-04-20 17:35:42 0 d-------- C:\Program Files\Common Files\Protexis
2007-04-20 16:59:16 0 dr-h----- C:\Documents and Settings\Kasienka\Onlangs geopend<ONLANG~1>
2007-04-20 16:58:23 96978 --a------ C:\VirtumundoBeGone.exe<VIRTUM~1.EXE>
2007-04-20 16:58:13 166064 --a------ C:\FixVundo.exe
2007-04-20 16:58:04 97280 --a------ C:\VundoFix.exe
2007-04-18 19:55:00 0 d-------- C:\fixwareout<FIXWAR~1>
2007-04-17 23:05:03 0 d-------- C:\Program Files\Corel
2007-04-12 21:39:06 0 d-------- C:\Program Files\FDRLab
2007-04-11 18:38:37 0 d-------- C:\Program Files\Disk Cleaner<DISKCL~1>
2007-04-11 17:32:29 0 d-------- C:\Program Files\KRISoftware<KRISOF~1>
2007-04-11 17:32:16 0 d-------- C:\Program Files\Prolific Publishing, Inc<PROLIF~1>
2007-04-11 17:29:35 0 d-------- C:\Program Files\Bright Bug Software<BRIGHT~1>
2007-04-11 17:27:58 0 d-------- C:\Program Files\Seraline
2007-04-11 17:20:34 0 d-------- C:\Documents and Settings\All Users\Application Data\SSScanWizard<SSSCAN~2>
2007-04-11 17:20:34 0 d-------- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir<SSSCAN~1>
2007-04-11 17:13:10 5 --ahs---- C:\WINDOWS\system32\addebfa5_s.dll<ADDEBF~1.DLL>
2007-04-11 16:55:18 5 --ahs---- C:\WINDOWS\system32\eefe0_s.dll
2007-04-11 16:55:12 0 d-------- C:\Program Files\jv16 PowerTools 2006<JV16PO~1>
2007-04-11 15:41:17 0 d-------- C:\Documents and Settings\Kasienka\Application Data\Uniblue
2007-04-09 22:14:31 0 d-------- C:\L Ryuuzaki Hideki<LRYUUZ~1>
2007-04-08 13:58:25 0 d-------- C:\Documents and Settings\All Users\Application Data\BVRP Software<BVRPSO~1>
2007-04-08 13:23:14 0 d--hs---- C:\Documents and Settings\Kasienka\Phone Browser<PHONEB~1>
2007-04-08 12:58:44 0 d-------- C:\Documents and Settings\All Users\Application Data\PC Suite<PCSUIT~1>
2007-04-08 12:58:43 0 d-------- C:\Documents and Settings\Kasienka\Application Data\Nokia
2007-04-08 12:58:15 0 d-------- C:\Program Files\DIFX
2007-04-08 12:58:12 0 d-------- C:\Documents and Settings\Kasienka\Application Data\PC Suite<PCSUIT~1>
2007-04-08 12:58:00 0 d-------- C:\Program Files\PC Connectivity Solution<PCCONN~1>
2007-04-08 12:57:44 0 d------c- C:\WINDOWS\system32\DRVSTORE
2007-04-08 12:57:40 50688 --a------ C:\WINDOWS\system32\nmwcdcls.dll
-- Find3M Report ---------------------------------------------------------------
2007-05-04 20:46:41 0 d-------- C:\Program Files\Mozilla Firefox<MOZILL~1>
2007-05-04 20:41:12 446740 --a------ C:\WINDOWS\system32\perfh013.dat
2007-05-04 20:41:12 71390 --a------ C:\WINDOWS\system32\perfc013.dat
2007-05-03 17:14:35 3036 --a------ C:\WINDOWS\system32\tmp.reg
2007-04-28 00:10:57 0 d-------- C:\Program Files\Call of Duty<CALLOF~1>
2007-04-26 15:38:08 6580 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2007-04-26 14:37:51 0 d-------- C:\Documents and Settings\Kasienka\Application Data\AdobeUM
2007-04-26 13:48:36 0 d-------- C:\Documents and Settings\Kasienka\Application Data\Adobe
2007-04-26 13:47:21 0 d--h----- C:\Program Files\InstallShield Installation Information<INSTAL~1>
2007-04-25 14:39:35 0 d-------- C:\Documents and Settings\Kasienka\Application Data\Canon
2007-04-20 23:05:00 0 d-------- C:\Program Files\InterVideo<INTERV~1>
2007-04-20 22:43:28 0 d-------- C:\Program Files\SubEdit-Player<SUBEDI~1>
2007-04-20 22:35:44 0 d-------- C:\Documents and Settings\Kasienka\Application Data\dvdcss
2007-04-20 20:53:34 0 d-------- C:\Documents and Settings\Kasienka\Application Data\Corel
2007-04-20 17:38:36 0 d---s---- C:\Documents and Settings\Kasienka\Application Data\Microsoft<MICROS~1>
2007-04-20 17:21:03 0 d-------- C:\Program Files\Common Files\InstallShield<INSTAL~1>
2007-04-19 19:38:11 0 d-------- C:\Program Files\RegCure
2007-04-17 23:13:40 56 -r-hs---- C:\WINDOWS\system32\8EF58354B1.sys<8EF583~1.SYS>
2007-04-06 20:11:33 0 d-------- C:\Program Files\Microsoft IntelliType Pro<MICROS~4>
2007-03-26 18:02:47 0 d-------- C:\Documents and Settings\Kasienka\Application Data\Help
2007-03-17 15:45:54 293376 --a------ C:\WINDOWS\system32\winsrv.dll
2007-03-15 15:29:26 0 -rahs---- C:\MSDOS.SYS
2007-03-15 15:29:26 0 -rahs---- C:\IO.SYS
2007-03-08 17:39:10 579072 --a------ C:\WINDOWS\system32\user32.dll
2007-03-08 17:39:10 40960 --a------ C:\WINDOWS\system32\mf3216.dll
2007-03-08 17:39:10 281600 --a------ C:\WINDOWS\system32\gdi32.dll
2007-03-08 17:37:59 1843712 --a------ C:\WINDOWS\system32\win32k.sys
2007-02-05 22:20:07 185344 --a------ C:\WINDOWS\system32\upnphost.dll
-- Registry Dump ---------------------------------------------------------------
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"
"updateMgr"="C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe AcRdB7_0_9"
"ares"="\"C:\\Program Files\\Ares\\Ares.exe\" -h"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"Snelkoppeling naar eigenschappenvenster voor High Definition Audio"="HDAShCut.exe"
"SoundMan"="SOUNDMAN.EXE"
"AlcWzrd"="ALCWZRD.EXE"
"ATIPTA"="\"C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe\""
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"type32"="\"C:\\Program Files\\Microsoft IntelliType Pro\\type32.exe\""
"IntelliPoint"="\"C:\\Program Files\\Microsoft IntelliPoint\\point32.exe\""
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"OpwareSE2"="\"C:\\Program Files\\ScanSoft\\OmniPageSE2.0\\OpwareSE2.exe\""
"ISUSPM Startup"="C:\\PROGRA~1\\COMMON~1\\INSTAL~1\\UPDATE~1\\ISUSPM.exe -startup"
"ISUSScheduler"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start"
"ISUSPM"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\ISUSPM.exe\" -scheduler"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{B07CB267-5E6F-441F-9B3C-324EFE70F897}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=dword:00000000
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"EditLevel"=dword:00000000
"NoRun"=dword:00000000
"NoClose"=dword:00000000
"NoSaveSettings"=dword:00000000
"NoFileMenu"=dword:00000000
"NoCommonGroups"=dword:00000000
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source REG_SZ http://a.as-eu.falkag.net/dat/bgf/200307/10/as24_blue_pixel.gif
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1]
Source REG_SZ http://www.schadeautos.nl/2006_layout/images/txt_nl.jpg
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\2]
Source REG_SZ http://www.topproduct.nl/images/hardware.gif
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\3]
Source REG_SZ http://www.rabobank.nl/images/css/rabobanklogo.gif
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0
*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_CISVC
*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_LPDSVC
*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_SNMP
*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_SNMPTRAP
-- End of ComboScan: finished at 2007-05-04 at 21:01:09 ------------------------
