- Kod: Zaznacz wszystko
"Silent Runners.vbs", revision 55, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"CTFMON.EXE" = "D:\WINDOWS\system32\ctfmon.exe" [MS]
"SpybotSD TeaTimer" = "D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" ["Safer Networking Limited"]
"thebat_startup" = "D:\Program Files\The Bat!\thebat.exe /minimize" ["Ritlabs S.R.L."]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"IgfxTray" = "D:\WINDOWS\system32\igfxtray.exe" ["Intel Corporation"]
"HotKeysCmds" = "D:\WINDOWS\system32\hkcmd.exe" ["Intel Corporation"]
"Skrót do strony właściwości High Definition Audio" = "HDAudPropShortcut.exe" ["Windows (R) Server 2003 DDK provider"]
"SoundMan" = "SOUNDMAN.EXE" ["Realtek Semiconductor Corp."]
"AlcWzrd" = "ALCWZRD.EXE" ["RealTek Semicoductor Corp."]
"SpeedTouch USB Diagnostics" = ""D:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon" ["THOMSON Telecom Belgium"]
"avast!" = "D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" ["ALWIL Software"]
"ZoneAlarm Client" = ""D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"" ["Zone Labs, LLC"]
"Spik" = "D:\Program Files\Spik\Spik.exe -autostart" [null data]
"CafeNews" = "D:\Program Files\CafeNews\CN.exe /autostart" ["Cafe News sp. z o.o. www.cafenews.pl, Multimedia Cafe www.mmcafe.pl"]
"LXCGCATS" = "rundll32 D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16" [MS]
"lxcgmon.exe" = ""D:\Program Files\Lexmark 2300 Series\lxcgmon.exe"" ["Lexmark International, Inc."]
"EzPrint" = ""D:\Program Files\Lexmark 2300 Series\ezprint.exe"" ["Lexmark International Inc."]
"iKeyWorks" = "D:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe" ["A4Tech Co.,Ltd."]
"REGSHAVE" = "D:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN" ["FUJI PHOTO FILM CO., LTD."]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Adobe PDF Reader Link Helper"
\InProcServer32\(Default) = "D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Spybot-S&D IE Protection"
\InProcServer32\(Default) = "D:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]
{C451C08A-EC37-45DF-AAAD-18B51AB5E837}\(Default) = (no title provided)
-> {HKLM...CLSID} = "PDFCreator Toolbar Helper"
\InProcServer32\(Default) = "D:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll" [null data]
{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}\(Default) = "ZoneAlarm Spy Blocker BHO"
-> {HKLM...CLSID} = "ZoneAlarm Spy Blocker BHO"
\InProcServer32\(Default) = "D:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL" ["ZoneAlarm"]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"
-> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "D:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
"{472083B0-C522-11CF-8763-00608CC02F24}" = "avast"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "D:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
"{D9872D13-7651-4471-9EEE-F0A00218BEBB}" = "Multiscan"
-> {HKLM...CLSID} = "ZLAVShExt Class"
\InProcServer32\(Default) = "D:\Program Files\Zone Labs\ZoneAlarm\zlavscan.dll" ["Zone Labs, LLC"]
"{B4B924A2-EBDA-11DA-95DA-00E08161165F}" = "Dodatki Spika"
-> {HKLM...CLSID} = "SpikShellExt Class"
\InProcServer32\(Default) = "D:\Program Files\Spik\shellext_wpmsg.dll" ["Wirtualna Polska"]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "D:\Program Files\WinRAR\rarext.dll" [null data]
"{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C}" = "Microsoft Office OneNote Namespace Extension for Windows Desktop Search"
-> {HKLM...CLSID} = "Microsoft Office OneNote Namespace Extension for Windows Desktop Search"
\InProcServer32\(Default) = "D:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "D:\Program Files\Microsoft Office\Office12\msohevi.dll" [MS]
"{993BE281-6695-4BA5-8A2A-7AACBFAAB69E}" = "Microsoft Office Metadata Handler"
-> {HKLM...CLSID} = "Microsoft Office Metadata Handler"
\InProcServer32\(Default) = "D:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS]
"{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97}" = "Microsoft Office Thumbnail Handler"
-> {HKLM...CLSID} = "Microsoft Office Thumbnail Handler"
\InProcServer32\(Default) = "D:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS]
"{00000000-5736-4205-0100-1967b1b2ce60}" = "Steganos Security Suite 7 Special Edition"
-> {HKLM...CLSID} = "Steganos Security Suite 7 Special Edition"
\InProcServer32\(Default) = "d:\program files\steganos security suite 7 se\sssse7se.dll" [null data]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\
"WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
-> {HKLM...CLSID} = "WPDShServiceObj Class"
\InProcServer32\(Default) = "D:\WINDOWS\system32\WPDShServiceObj.dll" [MS]
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Aedebug\
<<!>> "Debugger" = ""D:\WINDOWS\system32\vsjitdebugger.exe" -p %ld -e %ld" [MS]
"Auto" = "1"
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\
<<!>> "Userinit" = "D:\WINDOWS\system32\userinit.exe,D:\WINDOWS\system32\secpol.exe," [MS], [file not found]
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
<<!>> fsmgmt\DLLName = "fsmgmt.dll" [MS]
HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\
<<!>> text/xml\CLSID = "{807563E5-5146-11D5-A672-00B0D022E945}"
-> {HKLM...CLSID} = "Microsoft Office InfoPath XML Mime Filter"
\InProcServer32\(Default) = "D:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL" [MS]
HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
-> {HKLM...CLSID} = "PDF Shell Extension"
\InProcServer32\(Default) = "D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]
HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\
avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "D:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
Spik\(Default) = "{B4B924A2-EBDA-11DA-95DA-00E08161165F}"
-> {HKLM...CLSID} = "SpikShellExt Class"
\InProcServer32\(Default) = "D:\Program Files\Spik\shellext_wpmsg.dll" ["Wirtualna Polska"]
Steganos Security Suite 7 Special Edition\(Default) = "{00000000-5736-4205-0100-1967b1b2ce60}"
-> {HKLM...CLSID} = "Steganos Security Suite 7 Special Edition"
\InProcServer32\(Default) = "d:\program files\steganos security suite 7 se\sssse7se.dll" [null data]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "D:\Program Files\WinRAR\rarext.dll" [null data]
ZLAVShExt\(Default) = "{D9872D13-7651-4471-9EEE-F0A00218BEBB}"
-> {HKLM...CLSID} = "ZLAVShExt Class"
\InProcServer32\(Default) = "D:\Program Files\Zone Labs\ZoneAlarm\zlavscan.dll" ["Zone Labs, LLC"]
HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\
Steganos Security Suite 7 Special Edition\(Default) = "{00000000-5736-4205-0100-1967b1b2ce60}"
-> {HKLM...CLSID} = "Steganos Security Suite 7 Special Edition"
\InProcServer32\(Default) = "d:\program files\steganos security suite 7 se\sssse7se.dll" [null data]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "D:\Program Files\WinRAR\rarext.dll" [null data]
HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\
avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "D:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
Spik\(Default) = "{B4B924A2-EBDA-11DA-95DA-00E08161165F}"
-> {HKLM...CLSID} = "SpikShellExt Class"
\InProcServer32\(Default) = "D:\Program Files\Spik\shellext_wpmsg.dll" ["Wirtualna Polska"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "D:\Program Files\WinRAR\rarext.dll" [null data]
ZLAVShExt\(Default) = "{D9872D13-7651-4471-9EEE-F0A00218BEBB}"
-> {HKLM...CLSID} = "ZLAVShExt Class"
\InProcServer32\(Default) = "D:\Program Files\Zone Labs\ZoneAlarm\zlavscan.dll" ["Zone Labs, LLC"]
Group Policies {policy setting}:
--------------------------------
Note: detected settings may not have any effect.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\
"shutdownwithoutlogon" = (REG_DWORD) dword:0x00000001
{Shutdown: Allow system to be shut down without having to log on}
"undockwithoutlogon" = (REG_DWORD) dword:0x00000001
{Devices: Allow undock without having to log on}
Active Desktop and Wallpaper:
-----------------------------
Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "D:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"
Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "D:\Documents and Settings\rybak_dusz\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"
Enabled Screen Saver:
---------------------
HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "D:\WINDOWS\system32\sstext3d.scr" [MS]
Winsock2 Service Provider DLLs:
-------------------------------
Namespace Service Providers
HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
Transport Service Providers
HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 21
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05
Toolbars, Explorer Bars, Extensions:
------------------------------------
Toolbars
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{31CF9EBE-5755-4A1D-AC25-2834D952D9B4}"
-> {HKLM...CLSID} = "PDFCreator Toolbar"
\InProcServer32\(Default) = "D:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll" [null data]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"
-> {HKLM...CLSID} = "ZoneAlarm Spy Blocker"
\InProcServer32\(Default) = "D:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL" ["ZoneAlarm"]
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}" = (no title provided)
-> {HKLM...CLSID} = "ZoneAlarm Spy Blocker"
\InProcServer32\(Default) = "D:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL" ["ZoneAlarm"]
"{31CF9EBE-5755-4A1D-AC25-2834D952D9B4}" = "PDFCreator Toolbar"
-> {HKLM...CLSID} = "PDFCreator Toolbar"
\InProcServer32\(Default) = "D:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll" [null data]
Explorer Bars
HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
HKLM\SOFTWARE\Classes\CLSID\{916C1EF1-CA89-4F1B-AFDA-3CA85BD0F831}\(Default) = "ZoneAlarm PopBlocker"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "D:\WINDOWS\system32\shdocvw.dll" [MS]
HKLM\SOFTWARE\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Poszukaj"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "D:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL" [MS]
Extensions (Tools menu items, main toolbar menu buttons)
HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{2670000A-7350-4F3C-8081-5663EE0C6C49}\
"ButtonText" = "Wyślij do programu OneNote"
"MenuText" = "Wyślij &do programu OneNote"
"CLSIDExtension" = "{48E73304-E1D6-4330-914C-F5F514E3486C}"
-> {HKLM...CLSID} = "Send to OneNote from Internet Explorer button"
\InProcServer32\(Default) = "D:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll" [MS]
{92780B25-18CC-41C8-B9BE-3C9C571A8263}\
"ButtonText" = "Research"
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}\
"MenuText" = "Spybot - Search & Destroy Configuration"
"CLSIDExtension" = "{53707962-6F74-2D53-2644-206D7942484F}"
-> {HKLM...CLSID} = "Spybot-S&D IE Protection"
\InProcServer32\(Default) = "D:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]
{E2E2DD38-D088-4134-82B7-F2BA38496583}\
"MenuText" = "@xpsp3res.dll,-20001"
"Exec" = "%windir%\Network Diagnostic\xpnetdiag.exe" [MS]
{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "D:\Program Files\Messenger\msmsgs.exe" [MS]
Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------
avast! Antivirus, avast! Antivirus, ""D:\Program Files\Alwil Software\Avast4\ashServ.exe"" ["ALWIL Software"]
avast! iAVS4 Control Service, aswUpdSv, ""D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"" ["ALWIL Software"]
avast! Mail Scanner, avast! Mail Scanner, ""D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service" ["ALWIL Software"]
avast! Web Scanner, avast! Web Scanner, ""D:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service" ["ALWIL Software"]
lxcg_device, lxcg_device, "D:\WINDOWS\system32\lxcgcoms.exe -service" [" "]
TrueVector Internet Monitor, vsmon, "D:\WINDOWS\system32\ZoneLabs\vsmon.exe -service" ["Zone Labs, LLC"]
Print Monitors:
---------------
HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\
2300 Series Port\Driver = "lxcglmpm.DLL" [" "]
PDFCreator\Driver = "pdfcmnnt.dll" ["internet-support foehr.com"]
Send To Microsoft OneNote Monitor\Driver = "msonpmon.dll" [MS]
---------- (launch time: 2008-01-09 21:50:43)
<<!>>: Suspicious data at a malware launch point.
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
took 132 seconds.
---------- (total run time: 180 seconds)
- Kod: Zaznacz wszystko
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:55:30, on 2008-01-09
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\ZoneLabs\vsmon.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
D:\Program Files\Alwil Software\Avast4\ashServ.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\igfxtray.exe
D:\WINDOWS\system32\hkcmd.exe
D:\WINDOWS\SOUNDMAN.EXE
D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
D:\WINDOWS\ALCWZRD.EXE
D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
D:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
D:\Program Files\Spik\Spik.exe
D:\Program Files\CafeNews\CN.exe
D:\Program Files\Lexmark 2300 Series\lxcgmon.exe
D:\Program Files\Lexmark 2300 Series\ezprint.exe
D:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
D:\Program Files\The Bat!\thebat.exe
D:\WINDOWS\system32\lxcgcoms.exe
D:\WINDOWS\system32\msiexec.exe
D:\PROGRA~1\MOZILL~1\FIREFOX.EXE
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.www.daemon-search.com/default
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
F2 - REG:system.ini: UserInit=D:\WINDOWS\system32\userinit.exe,D:\WINDOWS\system32\secpol.exe,
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - D:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - D:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - D:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - D:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O4 - HKLM\..\Run: [IgfxTray] D:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] D:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Skrót do strony właściwości High Definition Audio] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "D:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Spik] D:\Program Files\Spik\Spik.exe -autostart
O4 - HKLM\..\Run: [CafeNews] D:\Program Files\CafeNews\CN.exe /autostart
O4 - HKLM\..\Run: [LXCGCATS] rundll32 D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [lxcgmon.exe] "D:\Program Files\Lexmark 2300 Series\lxcgmon.exe"
O4 - HKLM\..\Run: [EzPrint] "D:\Program Files\Lexmark 2300 Series\ezprint.exe"
O4 - HKLM\..\Run: [iKeyWorks] D:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe
O4 - HKLM\..\Run: [REGSHAVE] D:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [thebat_startup] D:\Program Files\The Bat!\thebat.exe /minimize
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-19\..\RunOnce: [SSSSE7] "D:\Program Files\Steganos Security Suite 7 SE\sssse7.exe" -firstboot (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-20\..\RunOnce: [SSSSE7] "D:\Program Files\Steganos Security Suite 7 SE\sssse7.exe" -firstboot (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [SSSSE7] "D:\Program Files\Steganos Security Suite 7 SE\sssse7.exe" -firstboot (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [SSSSE7] "D:\Program Files\Steganos Security Suite 7 SE\sssse7.exe" -firstboot (User 'Default user')
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Subskrybuj w Cafe News - D:\Program Files\CafeNews\addFeed.htm
O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{691B92CB-D0DD-4C2D-B65C-CB9544F7CF6D}: NameServer = 213.241.79.37 83.238.255.76
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wpmsg - {2E0AC5A0-3597-11D6-B3ED-0001021DC1C3} - D:\Program Files\Spik\url_wpmsg.dll
O20 - Winlogon Notify: fsmgmt - D:\WINDOWS\SYSTEM32\fsmgmt.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: lxcg_device - - D:\WINDOWS\system32\lxcgcoms.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - D:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 7769 bytes
- Kod: Zaznacz wszystko
ComboFix 08-01-10.2 - rybak_dusz 2008-01-09 22:00:06.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1045.18.385 [GMT 1:00]
Running from: D:\Documents and Settings\rybak_dusz\Pulpit\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((( Files Created from 2007-12-10 to 2008-01-10 )))))))))))))))))))))))))))))))
.
2008-01-09 21:57 . 2000-08-31 08:00 51,200 --a------ D:\WINDOWS\NirCmd.exe
2008-01-09 11:13 . 2008-01-09 21:47 <DIR> d--h----- D:\Documents and Settings\All Users\Dane aplikacji\~0
2008-01-09 11:07 . 2007-09-06 07:52 998,400 --a------ D:\WINDOWS\system32\Rave75VCL100.bpl
2008-01-09 10:00 . 2008-01-09 10:00 <DIR> d-------- D:\Program Files\Common Files\CodeGear Shared
2008-01-09 10:00 . 2008-01-09 10:00 <DIR> d-------- D:\Program Files\CodeGear
2008-01-09 10:00 . 2008-01-09 10:00 <DIR> d-------- D:\Documents and Settings\rybak_dusz\Dane aplikacji\Borland
2008-01-09 09:56 . 2008-01-09 09:56 <DIR> d-------- D:\Program Files\Common Files\Borland Shared
2008-01-09 09:08 . 2008-01-09 11:52 <DIR> d-------- D:\Documents and Settings\All Users\Dane aplikacji\CodeGear
2008-01-09 04:29 . 2008-01-09 04:29 <DIR> d-------- D:\Program Files\Microsoft.NET
2008-01-09 04:29 . 2008-01-09 04:34 <DIR> d-------- D:\Program Files\Microsoft Visual Studio 8
2008-01-09 03:16 . 2008-01-09 03:16 <DIR> d-------- D:\Documents and Settings\All Users\Dane aplikacji\ESET
2008-01-09 02:46 . 2008-01-09 02:46 <DIR> d-------- D:\Program Files\Sophos
2008-01-09 02:41 . 2007-01-18 13:00 3,968 --a------ D:\WINDOWS\system32\drivers\AvgArCln.sys
2008-01-09 02:29 . 2008-01-09 02:29 <DIR> d-------- D:\Documents and Settings\rybak_dusz\Dane aplikacji\ArcaBit
2008-01-08 22:17 . 2008-01-09 21:46 <DIR> d--h----- D:\Documents and Settings\All Users\Dane aplikacji\{6AF0EFC6-B937-4704-A430-319EB93F4C12}
2008-01-07 20:13 . 2008-01-07 20:14 <DIR> d-------- D:\Documents and Settings\rybak_dusz\Dane aplikacji\DrDietman2
2008-01-07 20:13 . 2008-01-07 20:13 569,344 --a------ D:\WINDOWS\system32\OdbcFb32.dll
2008-01-06 02:49 . 2008-01-06 02:49 <DIR> d-------- D:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-01-05 15:39 . 2008-01-05 15:39 <DIR> d-------- D:\Documents and Settings\rybak_dusz\Dane aplikacji\CyberLink
2008-01-05 15:23 . 2007-07-30 19:19 271,224 --a------ D:\WINDOWS\system32\mucltui.dll
2008-01-05 15:23 . 2007-07-30 19:19 207,736 --a------ D:\WINDOWS\system32\muweb.dll
2008-01-05 15:23 . 2007-07-30 19:18 30,072 --a------ D:\WINDOWS\system32\mucltui.dll.mui
2008-01-05 15:09 . 2008-01-09 13:03 <DIR> d-------- D:\Program Files\totalcmd
2008-01-05 15:09 . 2008-01-09 13:04 577 --a------ D:\WINDOWS\wincmd.ini
2008-01-05 15:09 . 2007-09-14 07:02 545 --a------ D:\WINDOWS\UC.PIF
2008-01-05 15:09 . 2007-09-14 07:02 545 --a------ D:\WINDOWS\RAR.PIF
2008-01-05 15:09 . 2007-09-14 07:02 545 --a------ D:\WINDOWS\PKZIP.PIF
2008-01-05 15:09 . 2007-09-14 07:02 545 --a------ D:\WINDOWS\PKUNZIP.PIF
2008-01-05 15:09 . 2007-09-14 07:02 545 --a------ D:\WINDOWS\NOCLOSE.PIF
2008-01-05 15:09 . 2007-09-14 07:02 545 --a------ D:\WINDOWS\LHA.PIF
2008-01-05 15:09 . 2007-09-14 07:02 545 --a------ D:\WINDOWS\ARJ.PIF
2008-01-05 01:26 . 2008-01-05 01:26 <DIR> d-------- D:\Documents and Settings\rybak_dusz\Dane aplikacji\IsolatedStorage
2008-01-05 01:24 . 2008-01-05 01:25 <DIR> d-------- D:\WINDOWS\system32\URTTemp
2008-01-05 01:22 . 2008-01-05 01:44 <DIR> d-------- D:\Program Files\Symantec
2008-01-05 01:22 . 2008-01-05 01:44 <DIR> d-------- D:\Program Files\Common Files\Symantec Shared
2008-01-05 01:22 . 2008-01-05 01:26 <DIR> d-------- D:\Documents and Settings\All Users\Dane aplikacji\Symantec
2008-01-05 01:19 . 2008-01-05 01:19 <DIR> d-------- D:\Program Files\Trend Micro
2008-01-05 01:11 . 2008-01-09 00:00 <DIR> d-------- D:\Documents and Settings\rybak_dusz\Dane aplikacji\skypePM
2008-01-05 01:11 . 2008-01-05 01:11 32 --a------ D:\Documents and Settings\All Users\Dane aplikacji\ezsid.dat
2008-01-05 01:10 . 2008-01-05 01:10 <DIR> d-------- D:\Program Files\Skype
2008-01-05 01:10 . 2008-01-05 01:10 <DIR> d-------- D:\Program Files\Common Files\Skype
2008-01-05 01:10 . 2008-01-09 01:59 <DIR> d-------- D:\Documents and Settings\rybak_dusz\Dane aplikacji\Skype
2008-01-05 01:10 . 2008-01-05 01:10 <DIR> d-------- D:\Documents and Settings\All Users\Dane aplikacji\Skype
2008-01-05 00:38 . 2008-01-05 00:39 <DIR> d-------- D:\WINDOWS\system32\pl-pl
2008-01-05 00:26 . 2008-01-05 00:26 <DIR> d-------- D:\Program Files\Windows Media Connect 2
2008-01-05 00:22 . 2008-01-05 00:22 <DIR> d-------- D:\WINDOWS\system32\LogFiles
2008-01-05 00:22 . 2008-01-05 00:23 <DIR> d-------- D:\WINDOWS\system32\drivers\UMDF
2008-01-05 00:02 . 2008-01-07 19:19 <DIR> d-------- D:\Program Files\AllMyMovies
2008-01-05 00:01 . 2008-01-05 00:01 <DIR> d-------- D:\Program Files\PDFCreator Toolbar
2008-01-05 00:01 . 2008-01-05 00:01 253,116 --a------ D:\WINDOWS\PDFCreator_Toolbar_Uninstaller_2609.exe
2008-01-05 00:01 . 2008-01-05 00:01 14,290 --a------ D:\Program Files\settings.dat
2008-01-05 00:00 . 2008-01-05 00:01 <DIR> d-------- D:\Program Files\PDFCreator
2008-01-05 00:00 . 2004-03-09 00:00 662,288 --a------ D:\WINDOWS\system32\MSCOMCT2.OCX
2008-01-05 00:00 . 2005-10-15 12:32 196,608 --a------ D:\WINDOWS\system32\pdfcmnnt.dll
2008-01-05 00:00 . 1998-06-24 00:00 137,000 --a------ D:\WINDOWS\system32\MSMAPI32.OCX
2008-01-05 00:00 . 1998-07-06 00:00 23,552 --a------ D:\WINDOWS\system32\MSMPIDE.DLL
2008-01-04 23:46 . 2008-01-04 23:46 <DIR> d-------- D:\Program Files\PIXELA
2008-01-04 23:46 . 2004-03-08 12:55 13,567 --a------ D:\WINDOWS\system32\drivers\CDRBSDRV.SYS
2008-01-04 23:43 . 2002-04-07 13:26 106,496 --a------ D:\WINDOWS\system32\FPXS2Pro.dll
2008-01-04 23:42 . 2008-01-04 23:42 <DIR> d-------- D:\Program Files\FinePixViewer
2008-01-04 23:42 . 2008-01-04 23:42 <DIR> d-------- D:\Documents and Settings\rybak_dusz\Dane aplikacji\FUJIFILM
2008-01-04 23:42 . 2003-09-03 07:45 274,432 --a------ D:\WINDOWS\system32\FFTIFF16.dll
2008-01-04 23:42 . 2004-07-24 12:28 155,648 --a------ D:\WINDOWS\system32\FFRAFLIB.DLL
2008-01-04 23:41 . 2008-01-04 23:41 <DIR> d-------- D:\Program Files\REGSHAVE
2008-01-04 23:41 . 2001-11-25 12:11 81,924 --------- D:\WINDOWS\system32\drivers\VC4CB104.SYS
2008-01-04 23:41 . 2002-02-05 17:33 69,632 --------- D:\WINDOWS\system32\FREGSHEX.DLL
2008-01-04 23:41 . 2002-02-27 12:27 65,536 --------- D:\WINDOWS\system32\FINFCHECK.dll
2008-01-04 23:41 . 2002-06-25 10:06 45,056 --------- D:\WINDOWS\system32\FINFCOPY.dll
2008-01-04 23:41 . 2002-02-13 11:00 45,056 --------- D:\WINDOWS\system32\FCLKBTN.DLL
2008-01-04 23:39 . 2008-01-04 23:39 <DIR> d-------- D:\Program Files\Steganos Security Suite 7 SE
2008-01-04 23:38 . 2008-01-04 23:38 801 --a------ D:\WINDOWS\unins000.dat
2008-01-04 23:36 . 2008-01-04 23:36 <DIR> d-------- D:\Program Files\A4Tech
2008-01-04 23:30 . 2008-01-04 23:30 <DIR> d-------- D:\Documents and Settings\All Users\Dane aplikacji\CyberLink
2008-01-04 23:29 . 2008-01-04 23:30 <DIR> d-------- D:\Program Files\CyberLink
2008-01-04 23:23 . 2005-02-08 13:12 2,670,592 --------- D:\WINDOWS\UNNMP.exe
2008-01-04 23:23 . 2005-06-07 10:40 49,655 --------- D:\WINDOWS\UNNMP.cfg
2008-01-04 23:22 . 2008-01-04 23:30 <DIR> d-------- D:\Documents and Settings\All Users\Dane aplikacji\Spybot - Search & Destroy
2008-01-04 23:20 . 2008-01-04 23:20 <DIR> d-------- D:\Program Files\Common Files\Nero
2008-01-04 23:20 . 2001-07-09 11:50 155,648 --a------ D:\WINDOWS\system32\NeroCheck.exe
2008-01-04 23:18 . 2008-01-04 23:18 <DIR> d-------- D:\Program Files\Common Files\Adobe
2008-01-04 23:17 . 2005-04-20 12:32 2,916,352 --------- D:\WINDOWS\UNNeroVision.exe
2008-01-04 23:17 . 2005-06-07 10:40 154,855 --------- D:\WINDOWS\UNNeroVision.cfg
2008-01-04 23:17 . 2001-03-08 19:30 24,064 --------- D:\WINDOWS\system32\msxml3a.dll
2008-01-04 23:16 . 2008-01-04 23:16 <DIR> d-------- D:\Program Files\Common Files\Ahead
2008-01-04 23:16 . 2008-01-04 23:22 <DIR> d-------- D:\Program Files\Ahead
2008-01-04 23:16 . 2008-01-04 23:16 <DIR> d-------- D:\Documents and Settings\All Users\Dane aplikacji\Ahead
2008-01-04 23:16 . 2004-07-26 17:16 1,568,768 --------- D:\WINDOWS\system32\ImagX7.dll
2008-01-04 23:16 . 2004-07-26 17:16 476,320 --------- D:\WINDOWS\system32\ImagXpr7.dll
2008-01-04 23:16 . 2004-07-26 17:16 471,040 --------- D:\WINDOWS\system32\ImagXRA7.dll
2008-01-04 23:16 . 2004-07-09 09:43 364,544 --------- D:\WINDOWS\system32\TwnLib4.dll
2008-01-04 23:16 . 2004-07-26 17:16 262,144 --------- D:\WINDOWS\system32\ImagXR7.dll
2008-01-04 23:16 . 2000-06-26 11:45 106,496 --a------ D:\WINDOWS\system32\TwnLib20.dll
2008-01-04 23:16 . 2001-06-26 08:15 38,912 --------- D:\WINDOWS\system32\picn20.dll
2008-01-04 23:09 . 2008-01-05 00:48 <DIR> d-------- D:\Program Files\AdVantage
2008-01-04 23:08 . 2008-01-04 23:09 <DIR> d-------- D:\Program Files\DAEMON Tools Lite
2008-01-04 23:08 . 2008-01-04 23:08 <DIR> d-------- D:\Documents and Settings\rybak_dusz\Dane aplikacji\DAEMON Tools
2008-01-04 23:04 . 2008-01-04 23:04 <DIR> d-------- D:\Program Files\Microsoft Works
2008-01-04 23:04 . 2006-10-26 19:56 32,592 --a------ D:\WINDOWS\system32\msonpmon.dll
2008-01-04 23:02 . 2008-01-04 23:02 <DIR> d-------- D:\WINDOWS\SHELLNEW
2008-01-04 23:02 . 2008-01-09 13:04 <DIR> d-------- D:\Documents and Settings\All Users\Dane aplikacji\Microsoft Help
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-09 20:47 --------- d--h--w D:\Documents and Settings\All Users\Dane aplikacji\~0
2008-01-09 12:16 6,301,728 --sha-w D:\WINDOWS\system32\drivers\fidbox.dat
2008-01-09 12:16 41,564 --sha-w D:\WINDOWS\system32\drivers\fidbox.idx
2008-01-05 00:21 --------- d-----w D:\Program Files\Common Files\InstallShield
2008-01-04 22:46 --------- d--h--w D:\Program Files\InstallShield Installation Information
2008-01-04 21:04 9,216 ----a-w D:\WINDOWS\system32\cpuinf32.dll
2008-01-04 21:04 740,442 ----a-w D:\WINDOWS\system32\DivX.dll
2008-01-04 21:04 245,760 ----a-w D:\WINDOWS\system32\mplvpx.dll
2008-01-04 21:04 1,559,040 ----a-w D:\WINDOWS\system32\xvidcore.dll
2008-01-04 21:00 --------- d-----w D:\Documents and Settings\rybak_dusz\Dane aplikacji\Winamp
2008-01-04 20:59 --------- d-----w D:\Program Files\Winamp
2008-01-04 20:56 --------- d-----w D:\Program Files\CafeNews
2008-01-04 20:45 --------- d-----w D:\Program Files\Spik
2008-01-04 20:45 --------- d-----w D:\Documents and Settings\rybak_dusz\Dane aplikacji\Spik
2008-01-04 20:27 --------- d-----w D:\Program Files\ZoneAlarmSB
2008-01-04 20:27 --------- d-----w D:\Documents and Settings\All Users\Dane aplikacji\MailFrontier
2008-01-04 20:23 --------- d-----w D:\Program Files\Alwil Software
2008-01-04 20:05 --------- d-----w D:\Program Files\Thomson
2008-01-04 20:02 73,728 ----a-w D:\WINDOWS\ALCFDRTM.EXE
2008-01-04 20:01 --------- d-----w D:\Program Files\GIGABYTE
2008-01-04 20:00 --------- d-----w D:\Program Files\Realtek
2008-01-04 19:58 --------- d-----w D:\Program Files\Intel
2008-01-04 19:52 --------- d-----w D:\Program Files\microsoft frontpage
2008-01-04 19:51 --------- d-----w D:\Program Files\Usługi online
2007-12-04 14:56 93,264 ----a-w D:\WINDOWS\system32\drivers\aswmon.sys
2007-12-04 14:55 94,544 ----a-w D:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-04 14:53 23,152 ----a-w D:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 14:51 42,912 ----a-w D:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-04 14:49 26,624 ----a-w D:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-04 13:04 837,496 ----a-w D:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w D:\WINDOWS\system32\AvastSS.scr
2007-11-14 15:05 75,248 ----a-w D:\WINDOWS\zllsputility.exe
2007-11-14 15:05 1,086,952 ----a-w D:\WINDOWS\system32\zpeng24.dll
2007-11-13 10:25 20,480 ----a-w D:\WINDOWS\system32\drivers\secdrv.sys
2007-11-07 09:29 723,968 ----a-w D:\WINDOWS\system32\lsasrv.dll
2007-10-29 22:44 1,291,264 ----a-w D:\WINDOWS\system32\quartz.dll
2007-10-25 08:28 222,720 ----a-w D:\WINDOWS\system32\wmasf.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]
2008-01-04 21:27 262144 --a------ D:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}
{31CF9EBE-5755-4A1D-AC25-2834D952D9B4}
[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= D:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL [2008-01-04 21:27 262144]
[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="D:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360]
"SpybotSD TeaTimer"="D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46 1460560]
"thebat_startup"="D:\Program Files\The Bat!\thebat.exe" [2007-10-31 16:18 11954536]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="D:\WINDOWS\system32\igfxtray.exe" [2004-11-02 02:03 155648]
"HotKeysCmds"="D:\WINDOWS\system32\hkcmd.exe" [2004-11-02 01:59 126976]
"Skrót do strony właściwości High Definition Audio"="HDAudPropShortcut.exe" [2004-03-17 15:10 61952 D:\WINDOWS\system32\Hdaudpropshortcut.exe]
"SoundMan"="SOUNDMAN.EXE" [2004-11-02 07:53 77824 D:\WINDOWS\SOUNDMAN.EXE]
"AlcWzrd"="ALCWZRD.EXE" [2004-12-10 08:38 2749440 D:\WINDOWS\ALCWZRD.EXE]
"SpeedTouch USB Diagnostics"="D:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 11:38 866816]
"avast!"="D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"ZoneAlarm Client"="D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-11-14 16:05 919016]
"Spik"="D:\Program Files\Spik\Spik.exe" [2007-11-21 13:55 103912]
"CafeNews"="D:\Program Files\CafeNews\CN.exe" [2007-06-28 13:43 1224704]
"LXCGCATS"="D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll" [2005-07-20 13:48 73728]
"lxcgmon.exe"="D:\Program Files\Lexmark 2300 Series\lxcgmon.exe" [2005-07-21 02:08 200704]
"EzPrint"="D:\Program Files\Lexmark 2300 Series\ezprint.exe" [2005-08-01 08:05 94208]
"iKeyWorks"="D:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe" [2005-04-14 05:35 73728]
"REGSHAVE"="D:\Program Files\REGSHAVE\REGSHAVE.exe" [2002-02-04 22:32 53248]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="D:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SSSSE7"="D:\Program Files\Steganos Security Suite 7 SE\sssse7.exe" [2004-11-30 13:52 249856]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fsmgmt]
fsmgmt.dll 2008-01-05 01:50 58880 D:\WINDOWS\system32\fsmgmt.dll
[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk]
path=D:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnk
backup=D:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Synchronizer.lnk]
path=D:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Synchronizer.lnk
backup=D:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup
[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Menu Start^Programy^Autostart^BlueSoleil.lnk]
path=D:\Documents and Settings\All Users\Menu Start\Programy\Autostart\BlueSoleil.lnk
backup=D:\WINDOWS\pss\BlueSoleil.lnkCommon Startup
[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Exif Launcher.lnk]
path=D:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Exif Launcher.lnk
backup=D:\WINDOWS\pss\Exif Launcher.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdVantage]
D:\Program Files\AdVantage\AdVantage.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
--a------ 2008-01-03 14:54 486856 D:\Program Files\DAEMON Tools Lite\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint]
--a------ 2005-08-01 08:05 94208 D:\Program Files\Lexmark 2300 Series\ezprint.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
--a------ 2004-08-04 13:00 208952 D:\WINDOWS\IME\imjp8_1\IMJPMIG.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxcgmon.exe]
--a------ 2005-07-21 02:08 200704 D:\Program Files\Lexmark 2300 Series\lxcgmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 11:50 155648 D:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
--a------ 2004-08-04 13:00 455168 D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
--a------ 2004-08-04 13:00 455168 D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 2003-10-31 19:42 32768 D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2007-12-07 15:11 21803304 D:\Program Files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2007-12-20 16:16 37376 D:\Program Files\Winamp\winampa.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"BlueSoleil Hid Service"=2 (0x2)
"ose"=3 (0x3)
"odserv"=3 (0x3)
"UPS"=3 (0x3)
"SLEE_81_SERVICE"=2 (0x2)
R2 SLEE_81_DRIVER;Steganos Live Encryption Engine 8.1 [Driver];D:\WINDOWS\system32\drivers\SLEE81.sys [2004-11-19 09:28]
S3 MEMSWEEP2;MEMSWEEP2;D:\WINDOWS\system32\12F.tmp []
*Newly Created Service* - PROCEXP90
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-10 22:02:37
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCGCATS = rundll32 D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16?????
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-01-10 22:03:36
.
2008-01-06 23:35:32 --- E O F ---
