- Kod: Zaznacz wszystko
Deckard's System Scanner v20071014.68
Run by aaaa on 2008-05-31 16:03:05
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 5 Restore Point(s) --
92: 2008-05-31 14:03:13 UTC - RP92 - Deckard's System Scanner Restore Point
91: 2008-05-27 10:05:17 UTC - RP91 - Punkt kontrolny systemu
90: 2008-05-22 11:45:16 UTC - RP90 - Installed Grand Theft Auto Vice City
89: 2008-05-21 15:27:45 UTC - RP89 - Usunięte Wiedźmin
88: 2008-05-21 15:26:20 UTC - RP88 - Configured The Club Demo
-- First Restore Point --
1: 2008-01-30 11:35:52 UTC - RP1 - Punkt kontrolny systemu
Backed up registry hives.
Performed disk cleanup.
-- HijackThis (run as aaaa.exe) ------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:04:24, on 2008-05-31
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\system32\svchost.exe
H:\Program Files\Panda Software\Panda Antivirus 2007\pavsrv51.exe
H:\Program Files\Panda Software\Panda Antivirus 2007\AVENGINE.EXE
H:\WINDOWS\system32\spoolsv.exe
H:\Program Files\Bonjour\mDNSResponder.exe
H:\Program Files\Common Files\LightScribe\LSSrvc.exe
H:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
H:\WINDOWS\system32\nvsvc32.exe
H:\WINDOWS\system32\PnkBstrA.exe
H:\Program Files\Panda Software\Panda Antivirus 2007\PsImSvc.exe
H:\Documents and Settings\aaaa\Pulpit\AKG\StarWind\StarWindServiceAE.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\RTHDCPL.EXE
H:\Program Files\Panda Software\Panda Antivirus 2007\apvxdwin.exe
H:\Program Files\VDOTool\TBPanel.exe
H:\WINDOWS\system32\RUNDLL32.EXE
H:\Winamp\winampa.exe
H:\Program Files\DAEMON Tools\daemon.exe
H:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
H:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
H:\Program Files\Gadu-Gadu\gg.exe
H:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
h:\program files\panda software\panda antivirus 2007\WebProxy.exe
H:\Program Files\Winamp Remote\bin\OrbTray.exe
H:\Program Files\Messenger\msmsgs.exe
H:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
H:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
H:\WINDOWS\system32\wuauclt.exe
H:\WINDOWS\explorer.exe
H:\Documents and Settings\aaaa\Pulpit\bezpieczenstwo\dss.exe
H:\DOCUME~1\aaaa\Pulpit\BEZPIE~1\aaaa.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - H:\Program Files\Winamp Toolbar\winamptb.dll
O1 - Hosts: 78.46.45.81 L2authd.lineage2.com
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - H:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_2_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - H:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - H:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - H:\Flash get\jccatch.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - H:\Documents and Settings\aaaa\Pulpit\2kxpinf\tools\BitCometBHO_1.2.2.28.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - H:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - h:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - H:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - H:\Flash get\getflash.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - H:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_2_0.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - H:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - H:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - h:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Gainward] H:\Program Files\VDOTool\TBPanel.exe /A
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE H:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE H:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] H:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [APVXDWIN] "H:\Program Files\Panda Software\Panda Antivirus 2007\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [Anti-keylogger] H:\Documents and Settings\aaaa\Pulpit\Nowy folder (2)\Anti-keylogger.exe /autorun
O4 - HKLM\..\Run: [WinampAgent] H:\Winamp\winampa.exe
O4 - HKLM\..\Run: [DAEMON Tools] "H:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "H:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [LightScribe Control Panel] H:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [Gadu-Gadu] "H:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [AlcoholAutomount] "H:\Documents and Settings\aaaa\Pulpit\AKG\axcmd.exe" /automount
O4 - HKCU\..\Run: [Orb] "H:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "H:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] H:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [amva] H:\WINDOWS\system32\amvo.exe
O4 - HKCU\..\Run: [Steam] "H:\Program Files\Valve\Steam\Steam.exe" -silent
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = H:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://H:\Documents and Settings\aaaa\Pulpit\2kxpinf\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://H:\Documents and Settings\aaaa\Pulpit\2kxpinf\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://H:\Documents and Settings\aaaa\Pulpit\2kxpinf\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Winamp Search - H:\Documents and Settings\All Users\Dane aplikacji\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: &Ściągnij przy pomocy FlashGet'a - H:\Flash get\jc_link.htm
O8 - Extra context menu item: &Ściągnij wszystko przy pomocy FlashGet'a - H:\Flash get\jc_all.htm
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://H:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - H:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://H:\Documents and Settings\aaaa\Pulpit\2kxpinf\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - H:\Flash get\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - H:\Flash get\FlashGet.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: h:\windows\system32\nwprovau.dll
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - H:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - H:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - H:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - H:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NMIndexingService - Nero AG - H:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - H:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - H:\Program Files\Panda Software\Panda Antivirus 2007\pavsrv51.exe
O23 - Service: PnkBstrA - Unknown owner - H:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software - H:\Program Files\Panda Software\Panda Antivirus 2007\PsImSvc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - H:\Documents and Settings\aaaa\Pulpit\AKG\StarWind\StarWindServiceAE.exe
--
End of file - 9550 bytes
-- File Associations -----------------------------------------------------------
[COLOR=red].cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*[/COLOR]
[COLOR=red].cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%*[/COLOR]
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R1 krnl_akl - h:\windows\system32\drivers\krnl_akl.sys <Not Verified; Information Security Center Ltd.; Anti-Keylogger/PrivacyKeyboard core>
R2 lirsgt - h:\windows\system32\drivers\lirsgt.sys
S3 catchme - h:\docume~1\aaaa\ustawi~1\temp\catchme.sys (file missing)
S3 dump_wmimmc - h:\lineage\l2 ct1 hellbound live\system\gameguard\dump_wmimmc.sys (file missing)
S3 NPPTNT2 - h:\windows\system32\npptnt2.sys (file missing)
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 Bonjour Service (##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##) - "h:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Computer, Inc.; Bonjour>
R2 PAVSRV (Panda anti-virus service) - "h:\program files\panda software\panda antivirus 2007\pavsrv51.exe" <Not Verified; Panda Software International; Panda residents>
R2 PSIMSVC (Panda IManager Service) - "h:\program files\panda software\panda antivirus 2007\psimsvc.exe" <Not Verified; Panda Software; Panda Antivirus>
R2 StarWindServiceAE (StarWind AE Service) - h:\documents and settings\aaaa\pulpit\akg\starwind\starwindserviceae.exe <Not Verified; Rocket Division Software; StarWind Alcohol Edition>
S3 FLEXnet Licensing Service - "h:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>
-- Device Manager: Disabled ----------------------------------------------------
No disabled devices found.
-- Files created between 2008-04-30 and 2008-05-31 -----------------------------
2008-05-29 06:44:48 108535 -r-hs---- H:\jdwx.exe
2008-05-28 16:12:51 0 d-------- H:\Program Files\TryMedia
2008-05-28 16:12:17 10 --a------ H:\WINDOWS\popcinfo.dat
2008-05-27 13:58:37 0 d-------- H:\Program Files\Zylom Games
2008-05-26 17:17:53 0 d-------- H:\Program Files\GIMP-2.0
2008-05-26 17:16:50 0 d-------- H:\Program Files\Common Files\GTK
2008-05-22 13:45:12 0 d-------- H:\Program Files\Rockstar Games
2008-05-22 13:39:18 0 d-------- H:\vc
2008-05-21 19:02:00 0 d-------- H:\Program Files\Gumboy Crazy Adventures
2008-05-21 17:21:04 0 d-------- H:\WINDOWS\system32\appmgmt
2008-05-18 05:59:31 105503 -r-hs---- H:\d.cmd
2008-05-17 20:26:36 0 d-------- H:\Program Files\Bonjour
2008-05-17 20:17:22 0 d-------- H:\Program Files\Common Files\Macrovision Shared
2008-05-17 18:57:13 0 d-------- H:\photoshop
2008-05-16 15:58:41 0 d-------- H:\Program Files\Guild Wars
2008-05-15 21:35:10 0 d-------- H:\Program Files\Common Files\INCA Shared
2008-05-15 21:34:47 0 d-------- H:\Program Files\GraveLand.pl
2008-05-12 21:10:13 105503 -r-hs---- H:\g83816.com
2008-05-11 10:18:52 2560 --a------ H:\WINDOWS\system32\bitcometres.dll <Not Verified; BitComet; BitComet BCTP Helper>
2008-05-10 11:24:53 104537 -r-hs---- H:\r6r.exe
2008-05-04 17:24:44 86016 --a------ H:\WINDOWS\unvise32.exe <Not Verified; MindVision Software; Installer VISE>
2008-05-04 06:49:44 104147 -r-hs---- H:\igxv.cmd
2008-05-04 06:49:18 74240 -r-hs---- H:\WINDOWS\system32\amvo1.dll
2008-05-03 09:34:40 0 d-------- H:\WINDOWS\system32\Adobe
2008-05-02 14:09:25 103457 -r-hs---- H:\0n.bat
2008-05-02 14:08:58 74240 -r-hs---- H:\WINDOWS\system32\amvo0.dll
2008-05-02 14:08:58 108535 -r-hs---- H:\WINDOWS\system32\amvo.exe
2008-05-01 09:42:34 0 d-------- H:\Program Files\Valve
2008-04-30 21:09:23 0 d-------- H:\Program Files\Steam
-- Find3M Report ---------------------------------------------------------------
2008-05-27 18:21:00 0 d-------- H:\Documents and Settings\aaaa\Dane aplikacji\Zylom
2008-05-27 18:21:00 0 d-------- H:\Documents and Settings\aaaa\Dane aplikacji\Identities
2008-05-26 17:16:50 0 d-------- H:\Program Files\Common Files
2008-05-22 13:45:16 0 d--h----- H:\Program Files\InstallShield Installation Information
2008-05-21 17:27:58 0 d-------- H:\Program Files\Wiedźmin
2008-05-21 17:24:53 0 d-------- H:\Program Files\Electronic Arts
2008-05-21 07:29:00 0 d-------- H:\Documents and Settings\aaaa\Dane aplikacji\Adobe
2008-05-21 07:28:59 0 d-------- H:\Documents and Settings\aaaa\Dane aplikacji\Macromedia
2008-05-17 20:26:34 0 d-------- H:\Program Files\Common Files\Adobe
2008-05-15 18:12:15 0 d-------- H:\Documents and Settings\aaaa\Dane aplikacji\Winamp
2008-05-11 12:35:44 0 d-------- H:\Documents and Settings\aaaa\Dane aplikacji\InstallShield Installation Information
2008-05-07 22:22:52 0 d-------- H:\Program Files\VDOTool
2008-05-07 22:09:58 0 d-------- H:\Program Files\Common Files\LightScribe
2008-05-05 16:00:35 0 d-------- H:\Program Files\DAEMON Tools
2008-05-05 16:00:33 0 d-------- H:\Program Files\Gadu-Gadu
2008-05-05 16:00:32 0 d-------- H:\Program Files\Messenger
2008-05-03 09:34:46 1471 --a------ H:\WINDOWS\mozver.dat
2008-04-25 21:46:03 0 d-------- H:\Program Files\Winamp Toolbar
2008-04-25 21:43:04 0 d-------- H:\Program Files\MegauploadToolbar
2008-04-25 21:42:34 0 d-------- H:\Program Files\Google
2008-04-24 20:26:17 0 dr-h----- H:\Documents and Settings\aaaa\Dane aplikacji\SecuROM
2008-04-24 20:19:26 0 d-------- H:\Program Files\Aspyr
2008-04-24 15:24:57 0 d-------- H:\Documents and Settings\aaaa\Dane aplikacji\Google
2008-04-23 19:54:12 0 d-------- H:\Program Files\Artifex Mundi
2008-04-17 15:14:38 0 d-------- H:\Program Files\SystemRequirementsLab
2008-04-16 16:25:46 0 d-------- H:\Program Files\CAPCOM
2008-04-14 16:54:31 0 d-------- H:\Documents and Settings\aaaa\Dane aplikacji\fretsonfire
2008-04-11 21:39:25 0 d-------- H:\Documents and Settings\aaaa\Dane aplikacji\Tibia
2008-04-11 15:53:18 0 d-------- H:\Documents and Settings\aaaa\Dane aplikacji\GuiltyGearIsukaNA
2008-04-04 19:46:23 0 d-------- H:\Program Files\Winamp Remote
2008-03-30 06:27:28 435978 --a------ H:\WINDOWS\system32\perfh015.dat
2008-03-30 06:27:28 67078 --a------ H:\WINDOWS\system32\perfc015.dat
2008-03-22 09:11:50 409600 --a------ H:\WINDOWS\system32\wrap_oal.dll <Not Verified; Creative Labs; Creative Labs OpenAL32>
2008-03-22 09:11:50 114688 --a------ H:\WINDOWS\system32\OpenAL32.dll <Not Verified; Portions (C) Creative Labs Inc. and NVIDIA Corp.; Standard OpenAL(TM) Library>
2008-03-15 12:55:18 4096 --a------ H:\WINDOWS\d3dx.dat
2008-03-02 15:41:31 0 --a------ H:\WINDOWS\nsreg.dat
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
2008-03-20 00:36 1267040 --a------ H:\Program Files\Winamp Toolbar\winamptb.dll
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= H:\Program Files\Winamp Toolbar\winamptb.dll [2008-03-20 00:36 1267040]
[-HKEY_CLASSES_ROOT\CLSID\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-09-03 09:52 H:\WINDOWS\RTHDCPL.exe]
"Gainward"="H:\Program Files\VDOTool\TBPanel.exe" [2007-10-02 13:19]
"NvCplDaemon"="H:\WINDOWS\system32\NvCpl.dll" [2007-10-05 07:37]
"nwiz"="nwiz.exe" [2007-10-05 07:37 H:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="H:\WINDOWS\system32\NvMcTray.dll" [2007-10-05 07:37]
"NeroFilterCheck"="H:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-05-04 11:59]
"APVXDWIN"="H:\Program Files\Panda Software\Panda Antivirus 2007\APVXDWIN.exe" [2006-09-13 08:59]
"Anti-keylogger"="H:\Documents and Settings\aaaa\Pulpit\Nowy folder (2)\Anti-keylogger.exe" []
"WinampAgent"="H:\Winamp\winampa.exe" [2008-04-01 20:49]
"DAEMON Tools"="H:\Program Files\DAEMON Tools\daemon.exe" [2005-12-10 16:57]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="H:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-05-04 11:39]
"LightScribe Control Panel"="H:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-04-19 14:26]
"Gadu-Gadu"="H:\Program Files\Gadu-Gadu\gg.exe" [2007-11-14 12:54]
"AlcoholAutomount"="H:\Documents and Settings\aaaa\Pulpit\AKG\axcmd.exe" [2008-02-22 13:30]
"Orb"="H:\Program Files\Winamp Remote\bin\OrbTray.exe" [2008-03-25 04:59]
"MSMSGS"="H:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24]
"swg"="H:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-05 17:36]
"amva"="H:\WINDOWS\system32\amvo.exe" [2008-05-30 06:56]
"Steam"="H:\Program Files\Valve\Steam\Steam.exe" [2008-05-09 17:43]
H:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
Adobe Reader Speed Launch.lnk - H:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 15:44:06]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
avldr.dll 2005-09-27 13:13 45056 H:\WINDOWS\system32\avldr.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 nwprovau
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]
@="Service"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J]
AutoRun\command- J:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{683659e1-025a-11dd-823f-001a4df8e9c5}]
AutoRun\command- C:\jdwx.exe
explore\Command- C:\jdwx.exe
open\Command- C:\jdwx.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{68c29616-d0e9-11dc-8d94-001a4df8e9c5}]
AutoRun\command- I:\Autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{82e37a56-dc03-11dc-8dc3-001a4df8e9c5}]
AutoRun\command- K:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{82e37a57-dc03-11dc-8dc3-001a4df8e9c5}]
AutoRun\command- C:\0n.bat
explore\Command- C:\0n.bat
open\Command- C:\0n.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{baab3842-cf44-11dc-8d86-ad60f7ec1253}]
AutoRun\command- C:\g83816.com
explore\Command- C:\g83816.com
open\Command- C:\g83816.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d4c61e14-f77c-11dc-a271-001a4df8e9c5}]
AutoRun\command- C:\r6r.exe
explore\Command- C:\r6r.exe
open\Command- C:\r6r.exe
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"H:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
-- Hosts -----------------------------------------------------------------------
78.46.45.81 L2authd.lineage2.com
-- End of Deckard's System Scanner: finished at 2008-05-31 16:05:01 ------------
HiJackThis
- Kod: Zaznacz wszystko
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:13:33, on 2008-05-31
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\system32\svchost.exe
H:\Program Files\Panda Software\Panda Antivirus 2007\pavsrv51.exe
H:\Program Files\Panda Software\Panda Antivirus 2007\AVENGINE.EXE
H:\WINDOWS\system32\spoolsv.exe
H:\Program Files\Bonjour\mDNSResponder.exe
H:\Program Files\Common Files\LightScribe\LSSrvc.exe
H:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
H:\WINDOWS\system32\nvsvc32.exe
H:\WINDOWS\system32\PnkBstrA.exe
H:\Program Files\Panda Software\Panda Antivirus 2007\PsImSvc.exe
H:\Documents and Settings\aaaa\Pulpit\AKG\StarWind\StarWindServiceAE.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\RTHDCPL.EXE
H:\Program Files\Panda Software\Panda Antivirus 2007\apvxdwin.exe
H:\Program Files\VDOTool\TBPanel.exe
H:\WINDOWS\system32\RUNDLL32.EXE
H:\Winamp\winampa.exe
H:\Program Files\DAEMON Tools\daemon.exe
H:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
H:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
H:\Program Files\Gadu-Gadu\gg.exe
H:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
h:\program files\panda software\panda antivirus 2007\WebProxy.exe
H:\Program Files\Winamp Remote\bin\OrbTray.exe
H:\Program Files\Messenger\msmsgs.exe
H:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
H:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
H:\WINDOWS\system32\wuauclt.exe
H:\WINDOWS\explorer.exe
H:\Program Files\Mozilla Firefox\firefox.exe
H:\Metin\metin2.bin
H:\Documents and Settings\aaaa\Pulpit\bezpieczenstwo\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - H:\Program Files\Winamp Toolbar\winamptb.dll
O1 - Hosts: 78.46.45.81 L2authd.lineage2.com
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - H:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_2_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - H:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - H:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - H:\Flash get\jccatch.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - H:\Documents and Settings\aaaa\Pulpit\2kxpinf\tools\BitCometBHO_1.2.2.28.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - H:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - h:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - H:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - H:\Flash get\getflash.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - H:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_2_0.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - H:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - H:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - h:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Gainward] H:\Program Files\VDOTool\TBPanel.exe /A
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE H:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE H:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] H:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [APVXDWIN] "H:\Program Files\Panda Software\Panda Antivirus 2007\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [Anti-keylogger] H:\Documents and Settings\aaaa\Pulpit\Nowy folder (2)\Anti-keylogger.exe /autorun
O4 - HKLM\..\Run: [WinampAgent] H:\Winamp\winampa.exe
O4 - HKLM\..\Run: [DAEMON Tools] "H:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "H:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [LightScribe Control Panel] H:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [Gadu-Gadu] "H:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [AlcoholAutomount] "H:\Documents and Settings\aaaa\Pulpit\AKG\axcmd.exe" /automount
O4 - HKCU\..\Run: [Orb] "H:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "H:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] H:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Steam] "H:\Program Files\Valve\Steam\Steam.exe" -silent
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = H:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://H:\Documents and Settings\aaaa\Pulpit\2kxpinf\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://H:\Documents and Settings\aaaa\Pulpit\2kxpinf\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://H:\Documents and Settings\aaaa\Pulpit\2kxpinf\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Ściągnij przy pomocy FlashGet'a - H:\Flash get\jc_link.htm
O8 - Extra context menu item: &Ściągnij wszystko przy pomocy FlashGet'a - H:\Flash get\jc_all.htm
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://H:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - H:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - H:\Flash get\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - H:\Flash get\FlashGet.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: h:\windows\system32\nwprovau.dll
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - H:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - H:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - H:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - H:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NMIndexingService - Nero AG - H:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - H:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - H:\Program Files\Panda Software\Panda Antivirus 2007\pavsrv51.exe
O23 - Service: PnkBstrA - Unknown owner - H:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software - H:\Program Files\Panda Software\Panda Antivirus 2007\PsImSvc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - H:\Documents and Settings\aaaa\Pulpit\AKG\StarWind\StarWindServiceAE.exe
--
End of file - 9194 bytes
