przez Jarczew 01 Kwi 2007, 21:00
Na pasku obok godziny cały czas wyświetla się ten program Registry Cleaner 3.2 i komunikat co jakąś minute że komputer jest zainfekowany i żebym ściągnął ten program i zainstalował.Usunąłem go jv 16 Pover Tools, ale dalej pojawia się ten komunikat-że komputer jest zainfekowany i żebym ściągnął ten program.Wiecie jak się tego pozbyć ? Pozdro 
przez wojtas 01 Kwi 2007, 21:36
przez Jarczew 01 Kwi 2007, 21:53
Logfile of HijackThis v1.99.1
Scan saved at 21:30:31, on 2007-04-01
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\tcpipmon.exe
C:\WINDOWS\system32\tcpipmon.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
C:\WINDOWS\system32\hqlynedq.exe
C:\WINDOWS\system32\utorrent.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\utorrent.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\SAGEM WiFi manager\WLANUTL.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Media Player Classic\mplayerc.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Documents and Settings\Jarczew\Pulpit\Miotła\Różne\hijackthis.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wp.pl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Translator Internet - {8E4AA109-7239-4B85-8196-7377A53DDEFF} - C:\PROGRA~1\Antadis\TRANSL~1\DELPHI~1.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [Outpost Firewall] C:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe /waitservice
O4 - HKLM\..\Run: [OutpostFeedBack] C:\PROGRA~1\Agnitum\OUTPOS~1.0\feedback.exe /dump:os_startup
O4 - HKLM\..\Run: [tcpipmon] tcpipmon.exe
O4 - HKLM\..\Run: [iKeyWorks] C:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QD FastAndSafe] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [WheelMouse] C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [hqlynedq.exe] C:\WINDOWS\system32\hqlynedq.exe
O4 - HKLM\..\Run: [Dcom Helper] utorrent.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [LaunchList] C:\Program Files\Pinnacle\Studio 9\LaunchList.exe
O4 - HKLM\..\RunServices: [Dcom Helper] utorrent.exe
O4 - HKCU\..\Run: [Dcom Helper] utorrent.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: Program sieciowy dla SAGEM Wi-Fi 11g USB adapter.lnk = ?
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Szybkie dostosowywanie programu Outpost Firewall Pro - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\PROGRA~1\Agnitum\OUTPOS~1.0\Plugins\BrowserBar\ie_bar.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: rpcc - C:\WINDOWS\system32\rpcc.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AutoComplete Service (Autocomplete) - Unknown owner - --C:\Program Files\Acesoft\Tracks Eraser Pro\delautocomp.exe (file missing)
O23 - Service: AVG Anti-Spyware Guard - Unknown owner - -C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - --"C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Unknown owner - --C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Office Source Engine (ose) - Unknown owner - --"C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (file missing)
O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum Ltd. - C:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - --"C:\Program Files\CyberLink\Shared files\RichVideo.exe (file missing)
"Silent Runners.vbs", revision 49, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"Dcom Helper" = "utorrent.exe" [null data]
"swg" = "C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" ["Google Inc."]
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"Outpost Firewall" = "C:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe /waitservice" ["Agnitum Ltd."]
"OutpostFeedBack" = "C:\PROGRA~1\Agnitum\OUTPOS~1.0\feedback.exe /dump:os_startup" ["Agnitum Ltd."]
"tcpipmon" = "tcpipmon.exe" [null data]
"iKeyWorks" = "C:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe" ["A4Tech Co.,Ltd."]
"NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]
"QD FastAndSafe" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]
"RemoteControl" = ""C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"" ["Cyberlink Corp."]
"WheelMouse" = "C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe" ["A4Tech Co.,Ltd."]
"SunJavaUpdateSched" = ""C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"" ["Sun Microsystems, Inc."]
"SoundMan" = "SOUNDMAN.EXE" ["Realtek Semiconductor Corp."]
"NvMediaCenter" = "RunDLL32.exe NvMCTray.dll,NvTaskbarInit" [MS]
"LanguageShortcut" = ""C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"" [null data]
"HPDJ Taskbar Utility" = "C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe" ["HP"]
"hqlynedq.exe" = "C:\WINDOWS\system32\hqlynedq.exe" [null data]
"Dcom Helper" = "utorrent.exe" [null data]
"nod32kui" = ""C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE" ["Eset "]
"TkBellExe" = ""C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot" ["RealNetworks, Inc."]
"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]
"UserFaultCheck" = "C:\WINDOWS\system32\dumprep 0 -u"
"PinnacleDriverCheck" = "C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg" [empty string]
"LaunchList" = "C:\Program Files\Pinnacle\Studio 9\LaunchList.exe" ["Pinnacle Systems"]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "AcroIEHlprObj Class"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
-> {HKLM...CLSID} = "SSVHelper Class"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll" ["Sun Microsystems, Inc."]
{AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Google Toolbar Helper"
\InProcServer32\(Default) = "c:\program files\google\googletoolbar3.dll" ["Google Inc."]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
"{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"
-> {HKLM...CLSID} = "Microsoft Office Outlook"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL" [MS]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"
-> {HKLM...CLSID} = "Rozszerzenie ikon plików programu Outlook"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS]
"{57C51AF9-DEF7-11D3-A801-00C04F163490}" = "Ghost Shell Extension"
-> {HKLM...CLSID} = "PropPage Class"
\InProcServer32\(Default) = "C:\Program Files\Norton SystemWorks\Norton Ghost\GhoShExt.dll" ["Symantec Corporation"]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
-> {HKLM...CLSID} = "Portable Media Devices Menu"
\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
-> {HKLM...CLSID} = "DesktopContext Class"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
-> {HKLM...CLSID} = "NVIDIA CPL Extension"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
-> {HKLM...CLSID} = "Desktop Explorer"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"
-> {HKLM...CLSID} = "nView Desktop Context Menu"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
-> {HKLM...CLSID} = "RealOne Player Context Menu Class"
\InProcServer32\(Default) = "C:\Program Files\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."]
"{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Shell Extension"
-> {HKLM...CLSID} = "AVG7 Shell Extension Class"
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG7\avgse.dll" ["GRISOFT, s.r.o."]
"{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Find Extension"
-> {HKLM...CLSID} = "AVG7 Find Extension Class"
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG7\avgse.dll" ["GRISOFT, s.r.o."]
"{B089FE88-FB52-11D3-BDF1-0050DA34150D}" = "NOD32 Context Menu Shell Extension"
-> {HKLM...CLSID} = "NOD32 Context Menu Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Eset\nodshex.dll" [null data]
"{B327765E-D724-4347-8B16-78AE18552FC3}" = "NeroDigitalIconHandler"
-> {HKLM...CLSID} = "NeroDigitalIconHandler Class"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\lib\NeroDigitalExt.dll" ["Nero AG"]
"{7F1CF152-04F8-453A-B34C-E609530A9DC8}" = "NeroDigitalPropSheetHandler"
-> {HKLM...CLSID} = "NeroDigitalPropSheetHandler Class"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\lib\NeroDigitalExt.dll" ["Nero AG"]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
<<!>> "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}" = "AVG Anti-Spyware 7.5"
-> {HKLM...CLSID} = "CShellExecuteHookImpl Object"
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" ["Anti-Malware Development a.s."]
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\
"System" = (value not set)
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
<<!>> rpcc\DLLName = "C:\WINDOWS\system32\rpcc.dll" [file not found]
HKLM\Software\Classes\PROTOCOLS\Filter\
<<!>> text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]
HKLM\Software\Classes\Folder\shellex\ColumnHandlers\
{7D4D6379-F301-4311-BEBA-E26EB0561882}\(Default) = "NeroDigitalExt.NeroDigitalColumnHandler"
-> {HKLM...CLSID} = "NeroDigitalColumnHandler Class"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\lib\NeroDigitalExt.dll" ["Nero AG"]
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
-> {HKLM...CLSID} = "PDF Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]
HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
ASW\(Default) = "{33C9E362-3EDA-4930-8AFE-5DA39A8BB77A}"
-> {HKLM...CLSID} = "Outpost.ASWShellExt Component"
\InProcServer32\(Default) = "C:\PROGRA~1\Agnitum\OUTPOS~1.0\op_shell.dll" ["Agnitum Ltd."]
AVG Anti-Spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"
-> {HKLM...CLSID} = "CContextScan Object"
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll" ["Anti-Malware Development a.s."]
AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"
-> {HKLM...CLSID} = "AVG7 Shell Extension Class"
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG7\avgse.dll" ["GRISOFT, s.r.o."]
NOD32 Context Menu Shell Extension\(Default) = "{B089FE88-FB52-11D3-BDF1-0050DA34150D}"
-> {HKLM...CLSID} = "NOD32 Context Menu Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Eset\nodshex.dll" [null data]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
ASW\(Default) = "{33C9E362-3EDA-4930-8AFE-5DA39A8BB77A}"
-> {HKLM...CLSID} = "Outpost.ASWShellExt Component"
\InProcServer32\(Default) = "C:\PROGRA~1\Agnitum\OUTPOS~1.0\op_shell.dll" ["Agnitum Ltd."]
AVG Anti-Spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"
-> {HKLM...CLSID} = "CContextScan Object"
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll" ["Anti-Malware Development a.s."]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
ASW\(Default) = "{33C9E362-3EDA-4930-8AFE-5DA39A8BB77A}"
-> {HKLM...CLSID} = "Outpost.ASWShellExt Component"
\InProcServer32\(Default) = "C:\PROGRA~1\Agnitum\OUTPOS~1.0\op_shell.dll" ["Agnitum Ltd."]
AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"
-> {HKLM...CLSID} = "AVG7 Shell Extension Class"
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG7\avgse.dll" ["GRISOFT, s.r.o."]
NOD32 Context Menu Shell Extension\(Default) = "{B089FE88-FB52-11D3-BDF1-0050DA34150D}"
-> {HKLM...CLSID} = "NOD32 Context Menu Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Eset\nodshex.dll" [null data]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------
Note: detected settings may not have any effect.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
"NoCDBurning" = (REG_DWORD) hex:0x00000000
{unrecognized setting}
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\
"DisableRegistryTools" = (REG_DWORD) hex:0x00000000
{User Configuration|Administrative Templates|System|
Prevent access to registry editing tools}
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\
"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}
"undockwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}
Active Desktop and Wallpaper:
-----------------------------
Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"
Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\Jarczew\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"
Startup items in "Jarczew" & "All Users" startup folders:
---------------------------------------------------------
C:\Documents and Settings\All Users\Menu Start\Programy\Autostart
"Adobe Gamma" -> shortcut to: "C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe" ["Adobe Systems, Inc."]
"Adobe Reader Speed Launch" -> shortcut to: "C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe" ["Adobe Systems Incorporated"]
"DSLMON" -> shortcut to: "C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe" [empty string]
"Program sieciowy dla SAGEM Wi-Fi 11g USB adapter" -> shortcut to: "C:\Program Files\SAGEM WiFi manager\WLANUTL.exe" [" "]
Enabled Scheduled Tasks:
------------------------
"AppleSoftwareUpdate" -> launches: "C:\Program Files\Apple Software Update\SoftwareUpdate.exe -Task" ["Apple Computer, Inc."]
"Symantec NetDetect" -> launches: "C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE" ["Symantec Corporation"]
Winsock2 Service Provider DLLs:
-------------------------------
Namespace Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
Transport Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
C:\WINDOWS\system32\imon.dll ["Eset "], 01 - 05, 23
%SystemRoot%\system32\mswsock.dll [MS], 06 - 08, 11 - 22
%SystemRoot%\system32\rsvpsp.dll [MS], 09 - 10
Toolbars, Explorer Bars, Extensions:
------------------------------------
Toolbars
HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"
-> {HKLM...CLSID} = "&Google"
\InProcServer32\(Default) = "c:\program files\google\googletoolbar3.dll" ["Google Inc."]
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"
-> {HKLM...CLSID} = "&Google"
\InProcServer32\(Default) = "c:\program files\google\googletoolbar3.dll" ["Google Inc."]
HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{8E4AA109-7239-4B85-8196-7377A53DDEFF}" = (no title provided)
-> {HKLM...CLSID} = "&Translator Internet"
\InProcServer32\(Default) = "C:\PROGRA~1\Antadis\TRANSL~1\DELPHI~1.DLL" [null data]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = (no title provided)
-> {HKLM...CLSID} = "&Google"
\InProcServer32\(Default) = "c:\program files\google\googletoolbar3.dll" ["Google Inc."]
Explorer Bars
HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\
HKLM\Software\Classes\CLSID\{8E4AA109-7239-4B85-8196-7377A53DDEFF}\(Default) = "&Translator Internet"
Implemented Categories\{00021494-0000-0000-C000-000000000046}\ [horizontal bar]
InProcServer32\(Default) = "C:\PROGRA~1\Antadis\TRANSL~1\DELPHI~1.DLL" [null data]
HKLM\Software\Classes\CLSID\{A1A7E22D-1587-4230-8F16-081C68D21448}\(Default) = "Szybkie dostosowywanie programu"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\PROGRA~1\Agnitum\OUTPOS~1.0\Plugins\BrowserBar\ie_bar.dll" ["Agnitum Ltd."]
HKLM\Software\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Badanie"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL" [MS]
Extensions (Tools menu items, main toolbar menu buttons)
HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBC}"
-> {HKCU...CLSID} = "Java Plug-in 1.5.0_09"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll" ["Sun Microsystems, Inc."]
-> {HKLM...CLSID} = "Java Plug-in 1.5.0_09"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll" ["Sun Microsystems, Inc."]
{44627E97-789B-40D4-B5C2-58BD171129A1}\
"ButtonText" = "Szybkie dostosowywanie programu Outpost Firewall Pro"
{92780B25-18CC-41C8-B9BE-3C9C571A8263}\
"ButtonText" = "Badanie"
{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]
Miscellaneous IE Hijack Points
------------------------------
C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings")
Added lines (compared with English-language version):
[Strings]: START_PAGE_URL=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Missing lines (compared with English-language version):
[Strings]: 1 line
Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------
AVG7 Alert Manager Server, Avg7Alrt, "C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe" ["GRISOFT, s.r.o."]
AVG7 Update Service, Avg7UpdSvc, "C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe" ["GRISOFT, s.r.o."]
NOD32 Kernel Service, NOD32krn, ""C:\Program Files\Eset\nod32krn.exe"" ["Eset "]
NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"]
Outpost Firewall Service, OutpostFirewall, "C:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe /service" ["Agnitum Ltd."]
Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]
Print Monitors:
---------------
HKLM\System\CurrentControlSet\Control\Print\Monitors\
hpzsnt05\Driver = "hpzsnt05.dll" ["HP"]
hpzsnt07\Driver = "hpzsnt07.dll" ["HP"]
Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS]
----------
<<!>>: Suspicious data at a malware launch point.
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points, use the -supp parameter or answer "No" at the
first message box and "Yes" at the second message box.
---------- (total run time: 460 seconds, including 7 seconds for message boxes)
przez wojtas 01 Kwi 2007, 22:17
O4 - HKLM\..\Run: [hqlynedq.exe] C:\WINDOWS\system32\hqlynedq.exe
O4 - HKLM\..\Run: [Dcom Helper] utorrent.exe <<Plik bedzie w C:\WINDOWS\system32
O4 - HKLM\..\RunServices: [Dcom Helper] utorrent.exe
O4 - HKCU\..\Run: [Dcom Helper] utorrent.exe
O20 - Winlogon Notify: rpcc - C:\WINDOWS\system32\rpcc.dll (file missing)
przez Jarczew 01 Kwi 2007, 23:45
Logfile of HijackThis v1.99.1
Scan saved at 23:18:28, on 2007-04-01
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\SAGEM WiFi manager\WLANUTL.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Documents and Settings\Jarczew\Pulpit\Miotła\Różne\hijackthis.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wp.pl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Translator Internet - {8E4AA109-7239-4B85-8196-7377A53DDEFF} - C:\PROGRA~1\Antadis\TRANSL~1\DELPHI~1.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [Outpost Firewall] C:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe /waitservice
O4 - HKLM\..\Run: [OutpostFeedBack] C:\PROGRA~1\Agnitum\OUTPOS~1.0\feedback.exe /dump:os_startup
O4 - HKLM\..\Run: [iKeyWorks] C:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QD FastAndSafe] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [WheelMouse] C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: Program sieciowy dla SAGEM Wi-Fi 11g USB adapter.lnk = ?
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Szybkie dostosowywanie programu Outpost Firewall Pro - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\PROGRA~1\Agnitum\OUTPOS~1.0\Plugins\BrowserBar\ie_bar.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: AutoComplete Service (Autocomplete) - Unknown owner - --C:\Program Files\Acesoft\Tracks Eraser Pro\delautocomp.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Unknown owner - --"C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Unknown owner - --C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Office Source Engine (ose) - Unknown owner - --"C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (file missing)
O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum Ltd. - C:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - --"C:\Program Files\CyberLink\Shared files\RichVideo.exe (file missing)
"Silent Runners.vbs", revision 49, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"swg" = "C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" ["Google Inc."]
"MSMSGS" = ""C:\Program Files\Messenger\msmsgs.exe" /background" [MS]
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"Outpost Firewall" = "C:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe /waitservice" ["Agnitum Ltd."]
"OutpostFeedBack" = "C:\PROGRA~1\Agnitum\OUTPOS~1.0\feedback.exe /dump:os_startup" ["Agnitum Ltd."]
"iKeyWorks" = "C:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe" ["A4Tech Co.,Ltd."]
"NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]
"QD FastAndSafe" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]
"RemoteControl" = ""C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"" ["Cyberlink Corp."]
"WheelMouse" = "C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe" ["A4Tech Co.,Ltd."]
"SunJavaUpdateSched" = ""C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"" ["Sun Microsystems, Inc."]
"SoundMan" = "SOUNDMAN.EXE" ["Realtek Semiconductor Corp."]
"NvMediaCenter" = "RunDLL32.exe NvMCTray.dll,NvTaskbarInit" [MS]
"LanguageShortcut" = ""C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"" [null data]
"HPDJ Taskbar Utility" = "C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe" ["HP"]
"nod32kui" = ""C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE" ["Eset "]
"TkBellExe" = ""C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot" ["RealNetworks, Inc."]
"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]
"PinnacleDriverCheck" = "C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg" [empty string]
"GhostStartTrayApp" = "C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe" ["Symantec Corporation"]
"UserFaultCheck" = "%systemroot%\system32\dumprep 0 -u" [MS]
"AVG7_CC" = "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP" ["GRISOFT, s.r.o."]
"MSConfig" = "C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto" [MS]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "AcroIEHlprObj Class"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
-> {HKLM...CLSID} = "SSVHelper Class"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll" ["Sun Microsystems, Inc."]
{AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Google Toolbar Helper"
\InProcServer32\(Default) = "c:\program files\google\googletoolbar3.dll" ["Google Inc."]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
"{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"
-> {HKLM...CLSID} = "Microsoft Office Outlook"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL" [MS]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"
-> {HKLM...CLSID} = "Rozszerzenie ikon plików programu Outlook"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS]
"{57C51AF9-DEF7-11D3-A801-00C04F163490}" = "Ghost Shell Extension"
-> {HKLM...CLSID} = "PropPage Class"
\InProcServer32\(Default) = "C:\Program Files\Norton SystemWorks\Norton Ghost\GhoShExt.dll" ["Symantec Corporation"]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
-> {HKLM...CLSID} = "Portable Media Devices Menu"
\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
-> {HKLM...CLSID} = "DesktopContext Class"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
-> {HKLM...CLSID} = "NVIDIA CPL Extension"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
-> {HKLM...CLSID} = "Desktop Explorer"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"
-> {HKLM...CLSID} = "nView Desktop Context Menu"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
-> {HKLM...CLSID} = "RealOne Player Context Menu Class"
\InProcServer32\(Default) = "C:\Program Files\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."]
"{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Shell Extension"
-> {HKLM...CLSID} = "AVG7 Shell Extension Class"
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG7\avgse.dll" ["GRISOFT, s.r.o."]
"{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Find Extension"
-> {HKLM...CLSID} = "AVG7 Find Extension Class"
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG7\avgse.dll" ["GRISOFT, s.r.o."]
"{B089FE88-FB52-11D3-BDF1-0050DA34150D}" = "NOD32 Context Menu Shell Extension"
-> {HKLM...CLSID} = "NOD32 Context Menu Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Eset\nodshex.dll" [null data]
"{B327765E-D724-4347-8B16-78AE18552FC3}" = "NeroDigitalIconHandler"
-> {HKLM...CLSID} = "NeroDigitalIconHandler Class"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\lib\NeroDigitalExt.dll" ["Nero AG"]
"{7F1CF152-04F8-453A-B34C-E609530A9DC8}" = "NeroDigitalPropSheetHandler"
-> {HKLM...CLSID} = "NeroDigitalPropSheetHandler Class"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\lib\NeroDigitalExt.dll" ["Nero AG"]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
<<!>> "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}" = "AVG Anti-Spyware 7.5"
-> {HKLM...CLSID} = "CShellExecuteHookImpl Object"
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" ["Anti-Malware Development a.s."]
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\
"System" = (value not set)
HKLM\Software\Classes\PROTOCOLS\Filter\
<<!>> text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]
HKLM\Software\Classes\Folder\shellex\ColumnHandlers\
{7D4D6379-F301-4311-BEBA-E26EB0561882}\(Default) = "NeroDigitalExt.NeroDigitalColumnHandler"
-> {HKLM...CLSID} = "NeroDigitalColumnHandler Class"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\lib\NeroDigitalExt.dll" ["Nero AG"]
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
-> {HKLM...CLSID} = "PDF Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]
HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
ASW\(Default) = "{33C9E362-3EDA-4930-8AFE-5DA39A8BB77A}"
-> {HKLM...CLSID} = "Outpost.ASWShellExt Component"
\InProcServer32\(Default) = "C:\PROGRA~1\Agnitum\OUTPOS~1.0\op_shell.dll" ["Agnitum Ltd."]
AVG Anti-Spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"
-> {HKLM...CLSID} = "CContextScan Object"
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll" ["Anti-Malware Development a.s."]
AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"
-> {HKLM...CLSID} = "AVG7 Shell Extension Class"
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG7\avgse.dll" ["GRISOFT, s.r.o."]
NOD32 Context Menu Shell Extension\(Default) = "{B089FE88-FB52-11D3-BDF1-0050DA34150D}"
-> {HKLM...CLSID} = "NOD32 Context Menu Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Eset\nodshex.dll" [null data]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
ASW\(Default) = "{33C9E362-3EDA-4930-8AFE-5DA39A8BB77A}"
-> {HKLM...CLSID} = "Outpost.ASWShellExt Component"
\InProcServer32\(Default) = "C:\PROGRA~1\Agnitum\OUTPOS~1.0\op_shell.dll" ["Agnitum Ltd."]
AVG Anti-Spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"
-> {HKLM...CLSID} = "CContextScan Object"
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll" ["Anti-Malware Development a.s."]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
ASW\(Default) = "{33C9E362-3EDA-4930-8AFE-5DA39A8BB77A}"
-> {HKLM...CLSID} = "Outpost.ASWShellExt Component"
\InProcServer32\(Default) = "C:\PROGRA~1\Agnitum\OUTPOS~1.0\op_shell.dll" ["Agnitum Ltd."]
AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"
-> {HKLM...CLSID} = "AVG7 Shell Extension Class"
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG7\avgse.dll" ["GRISOFT, s.r.o."]
NOD32 Context Menu Shell Extension\(Default) = "{B089FE88-FB52-11D3-BDF1-0050DA34150D}"
-> {HKLM...CLSID} = "NOD32 Context Menu Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Eset\nodshex.dll" [null data]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------
Note: detected settings may not have any effect.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
"NoCDBurning" = (REG_DWORD) hex:0x00000000
{unrecognized setting}
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\
"DisableRegistryTools" = (REG_DWORD) hex:0x00000000
{User Configuration|Administrative Templates|System|
Prevent access to registry editing tools}
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\
"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}
"undockwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}
Active Desktop and Wallpaper:
-----------------------------
Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"
Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\Jarczew\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"
Startup items in "Jarczew" & "All Users" startup folders:
---------------------------------------------------------
C:\Documents and Settings\All Users\Menu Start\Programy\Autostart
"Adobe Gamma" -> shortcut to: "C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe" ["Adobe Systems, Inc."]
"Adobe Reader Speed Launch" -> shortcut to: "C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe" ["Adobe Systems Incorporated"]
"DSLMON" -> shortcut to: "C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe" [empty string]
"Program sieciowy dla SAGEM Wi-Fi 11g USB adapter" -> shortcut to: "C:\Program Files\SAGEM WiFi manager\WLANUTL.exe" [" "]
Enabled Scheduled Tasks:
------------------------
"AppleSoftwareUpdate" -> launches: "C:\Program Files\Apple Software Update\SoftwareUpdate.exe -Task" ["Apple Computer, Inc."]
"Symantec NetDetect" -> launches: "C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE" ["Symantec Corporation"]
Winsock2 Service Provider DLLs:
-------------------------------
Namespace Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
Transport Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
C:\WINDOWS\system32\imon.dll ["Eset "], 01 - 05, 23
%SystemRoot%\system32\mswsock.dll [MS], 06 - 08, 11 - 22
%SystemRoot%\system32\rsvpsp.dll [MS], 09 - 10
Toolbars, Explorer Bars, Extensions:
------------------------------------
Toolbars
HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"
-> {HKLM...CLSID} = "&Google"
\InProcServer32\(Default) = "c:\program files\google\googletoolbar3.dll" ["Google Inc."]
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"
-> {HKLM...CLSID} = "&Google"
\InProcServer32\(Default) = "c:\program files\google\googletoolbar3.dll" ["Google Inc."]
HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{8E4AA109-7239-4B85-8196-7377A53DDEFF}" = (no title provided)
-> {HKLM...CLSID} = "&Translator Internet"
\InProcServer32\(Default) = "C:\PROGRA~1\Antadis\TRANSL~1\DELPHI~1.DLL" [null data]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = (no title provided)
-> {HKLM...CLSID} = "&Google"
\InProcServer32\(Default) = "c:\program files\google\googletoolbar3.dll" ["Google Inc."]
Explorer Bars
HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\
HKLM\Software\Classes\CLSID\{8E4AA109-7239-4B85-8196-7377A53DDEFF}\(Default) = "&Translator Internet"
Implemented Categories\{00021494-0000-0000-C000-000000000046}\ [horizontal bar]
InProcServer32\(Default) = "C:\PROGRA~1\Antadis\TRANSL~1\DELPHI~1.DLL" [null data]
HKLM\Software\Classes\CLSID\{A1A7E22D-1587-4230-8F16-081C68D21448}\(Default) = "Szybkie dostosowywanie programu"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\PROGRA~1\Agnitum\OUTPOS~1.0\Plugins\BrowserBar\ie_bar.dll" ["Agnitum Ltd."]
HKLM\Software\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Badanie"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL" [MS]
Extensions (Tools menu items, main toolbar menu buttons)
HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBC}"
-> {HKCU...CLSID} = "Java Plug-in 1.5.0_09"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll" ["Sun Microsystems, Inc."]
-> {HKLM...CLSID} = "Java Plug-in 1.5.0_09"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll" ["Sun Microsystems, Inc."]
{44627E97-789B-40D4-B5C2-58BD171129A1}\
"ButtonText" = "Szybkie dostosowywanie programu Outpost Firewall Pro"
{92780B25-18CC-41C8-B9BE-3C9C571A8263}\
"ButtonText" = "Badanie"
{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]
Miscellaneous IE Hijack Points
------------------------------
C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings")
Added lines (compared with English-language version):
[Strings]: START_PAGE_URL=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Missing lines (compared with English-language version):
[Strings]: 1 line
Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------
NOD32 Kernel Service, NOD32krn, ""C:\Program Files\Eset\nod32krn.exe"" ["Eset "]
NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"]
Outpost Firewall Service, OutpostFirewall, "C:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe /service" ["Agnitum Ltd."]
Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]
Print Monitors:
---------------
HKLM\System\CurrentControlSet\Control\Print\Monitors\
hpzsnt05\Driver = "hpzsnt05.dll" ["HP"]
hpzsnt07\Driver = "hpzsnt07.dll" ["HP"]
Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS]
----------
<<!>>: Suspicious data at a malware launch point.
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points, use the -supp parameter or answer "No" at the
first message box and "Yes" at the second message box.
---------- (total run time: 50 seconds, including 4 seconds for message boxes)
przez wojtas 02 Kwi 2007, 15:49
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=-
przez Jarczew 02 Kwi 2007, 20:42
przez wojtas 02 Kwi 2007, 20:44
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\
"System"=-
przez Jarczew 02 Kwi 2007, 20:59
"Silent Runners.vbs", revision 49, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"swg" = "C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" ["Google Inc."]
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"Outpost Firewall" = "C:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe /waitservice" ["Agnitum Ltd."]
"OutpostFeedBack" = "C:\PROGRA~1\Agnitum\OUTPOS~1.0\feedback.exe /dump:os_startup" ["Agnitum Ltd."]
"iKeyWorks" = "C:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe" ["A4Tech Co.,Ltd."]
"NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]
"QD FastAndSafe" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]
"RemoteControl" = ""C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"" ["Cyberlink Corp."]
"WheelMouse" = "C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe" ["A4Tech Co.,Ltd."]
"SunJavaUpdateSched" = ""C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"" ["Sun Microsystems, Inc."]
"SoundMan" = "SOUNDMAN.EXE" ["Realtek Semiconductor Corp."]
"NvMediaCenter" = "RunDLL32.exe NvMCTray.dll,NvTaskbarInit" [MS]
"LanguageShortcut" = ""C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"" [null data]
"HPDJ Taskbar Utility" = "C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe" ["HP"]
"nod32kui" = ""C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE" ["Eset "]
"TkBellExe" = ""C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot" ["RealNetworks, Inc."]
"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]
"PinnacleDriverCheck" = "C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg" [empty string]
"MSConfig" = "C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto" [MS]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "AcroIEHlprObj Class"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
-> {HKLM...CLSID} = "SSVHelper Class"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll" ["Sun Microsystems, Inc."]
{AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Google Toolbar Helper"
\InProcServer32\(Default) = "c:\program files\google\googletoolbar3.dll" ["Google Inc."]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
"{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"
-> {HKLM...CLSID} = "Microsoft Office Outlook"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL" [MS]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"
-> {HKLM...CLSID} = "Rozszerzenie ikon plików programu Outlook"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS]
"{57C51AF9-DEF7-11D3-A801-00C04F163490}" = "Ghost Shell Extension"
-> {HKLM...CLSID} = "PropPage Class"
\InProcServer32\(Default) = "C:\Program Files\Norton SystemWorks\Norton Ghost\GhoShExt.dll" ["Symantec Corporation"]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
-> {HKLM...CLSID} = "Portable Media Devices Menu"
\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
-> {HKLM...CLSID} = "DesktopContext Class"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
-> {HKLM...CLSID} = "NVIDIA CPL Extension"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
-> {HKLM...CLSID} = "Desktop Explorer"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"
-> {HKLM...CLSID} = "nView Desktop Context Menu"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
-> {HKLM...CLSID} = "RealOne Player Context Menu Class"
\InProcServer32\(Default) = "C:\Program Files\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."]
"{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Shell Extension"
-> {HKLM...CLSID} = "AVG7 Shell Extension Class"
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG7\avgse.dll" ["GRISOFT, s.r.o."]
"{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Find Extension"
-> {HKLM...CLSID} = "AVG7 Find Extension Class"
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG7\avgse.dll" ["GRISOFT, s.r.o."]
"{B089FE88-FB52-11D3-BDF1-0050DA34150D}" = "NOD32 Context Menu Shell Extension"
-> {HKLM...CLSID} = "NOD32 Context Menu Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Eset\nodshex.dll" [null data]
"{B327765E-D724-4347-8B16-78AE18552FC3}" = "NeroDigitalIconHandler"
-> {HKLM...CLSID} = "NeroDigitalIconHandler Class"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\lib\NeroDigitalExt.dll" ["Nero AG"]
"{7F1CF152-04F8-453A-B34C-E609530A9DC8}" = "NeroDigitalPropSheetHandler"
-> {HKLM...CLSID} = "NeroDigitalPropSheetHandler Class"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\lib\NeroDigitalExt.dll" ["Nero AG"]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
<<!>> "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}" = "AVG Anti-Spyware 7.5"
-> {HKLM...CLSID} = "CShellExecuteHookImpl Object"
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" ["Anti-Malware Development a.s."]
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\
"System" = (value not set)
HKLM\Software\Classes\PROTOCOLS\Filter\
<<!>> text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]
HKLM\Software\Classes\Folder\shellex\ColumnHandlers\
{7D4D6379-F301-4311-BEBA-E26EB0561882}\(Default) = "NeroDigitalExt.NeroDigitalColumnHandler"
-> {HKLM...CLSID} = "NeroDigitalColumnHandler Class"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\lib\NeroDigitalExt.dll" ["Nero AG"]
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
-> {HKLM...CLSID} = "PDF Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]
HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
ASW\(Default) = "{33C9E362-3EDA-4930-8AFE-5DA39A8BB77A}"
-> {HKLM...CLSID} = "Outpost.ASWShellExt Component"
\InProcServer32\(Default) = "C:\PROGRA~1\Agnitum\OUTPOS~1.0\op_shell.dll" ["Agnitum Ltd."]
AVG Anti-Spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"
-> {HKLM...CLSID} = "CContextScan Object"
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll" ["Anti-Malware Development a.s."]
AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"
-> {HKLM...CLSID} = "AVG7 Shell Extension Class"
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG7\avgse.dll" ["GRISOFT, s.r.o."]
NOD32 Context Menu Shell Extension\(Default) = "{B089FE88-FB52-11D3-BDF1-0050DA34150D}"
-> {HKLM...CLSID} = "NOD32 Context Menu Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Eset\nodshex.dll" [null data]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
ASW\(Default) = "{33C9E362-3EDA-4930-8AFE-5DA39A8BB77A}"
-> {HKLM...CLSID} = "Outpost.ASWShellExt Component"
\InProcServer32\(Default) = "C:\PROGRA~1\Agnitum\OUTPOS~1.0\op_shell.dll" ["Agnitum Ltd."]
AVG Anti-Spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"
-> {HKLM...CLSID} = "CContextScan Object"
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll" ["Anti-Malware Development a.s."]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
ASW\(Default) = "{33C9E362-3EDA-4930-8AFE-5DA39A8BB77A}"
-> {HKLM...CLSID} = "Outpost.ASWShellExt Component"
\InProcServer32\(Default) = "C:\PROGRA~1\Agnitum\OUTPOS~1.0\op_shell.dll" ["Agnitum Ltd."]
AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"
-> {HKLM...CLSID} = "AVG7 Shell Extension Class"
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG7\avgse.dll" ["GRISOFT, s.r.o."]
NOD32 Context Menu Shell Extension\(Default) = "{B089FE88-FB52-11D3-BDF1-0050DA34150D}"
-> {HKLM...CLSID} = "NOD32 Context Menu Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Eset\nodshex.dll" [null data]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------
Note: detected settings may not have any effect.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
"NoCDBurning" = (REG_DWORD) hex:0x00000000
{unrecognized setting}
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\
"DisableRegistryTools" = (REG_DWORD) hex:0x00000000
{User Configuration|Administrative Templates|System|
Prevent access to registry editing tools}
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\
"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}
"undockwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}
Active Desktop and Wallpaper:
-----------------------------
Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"
Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\Jarczew\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"
Startup items in "Jarczew" & "All Users" startup folders:
---------------------------------------------------------
C:\Documents and Settings\All Users\Menu Start\Programy\Autostart
"Adobe Gamma" -> shortcut to: "C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe" ["Adobe Systems, Inc."]
"Adobe Reader Speed Launch" -> shortcut to: "C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe" ["Adobe Systems Incorporated"]
"DSLMON" -> shortcut to: "C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe" [empty string]
"Program sieciowy dla SAGEM Wi-Fi 11g USB adapter" -> shortcut to: "C:\Program Files\SAGEM WiFi manager\WLANUTL.exe" [" "]
Enabled Scheduled Tasks:
------------------------
"AppleSoftwareUpdate" -> launches: "C:\Program Files\Apple Software Update\SoftwareUpdate.exe -Task" ["Apple Computer, Inc."]
"Symantec NetDetect" -> launches: "C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE" ["Symantec Corporation"]
Winsock2 Service Provider DLLs:
-------------------------------
Namespace Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
Transport Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
C:\WINDOWS\system32\imon.dll ["Eset "], 01 - 05, 23
%SystemRoot%\system32\mswsock.dll [MS], 06 - 08, 11 - 22
%SystemRoot%\system32\rsvpsp.dll [MS], 09 - 10
Toolbars, Explorer Bars, Extensions:
------------------------------------
Toolbars
HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"
-> {HKLM...CLSID} = "&Google"
\InProcServer32\(Default) = "c:\program files\google\googletoolbar3.dll" ["Google Inc."]
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"
-> {HKLM...CLSID} = "&Google"
\InProcServer32\(Default) = "c:\program files\google\googletoolbar3.dll" ["Google Inc."]
HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{8E4AA109-7239-4B85-8196-7377A53DDEFF}" = (no title provided)
-> {HKLM...CLSID} = "&Translator Internet"
\InProcServer32\(Default) = "C:\PROGRA~1\Antadis\TRANSL~1\DELPHI~1.DLL" [null data]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = (no title provided)
-> {HKLM...CLSID} = "&Google"
\InProcServer32\(Default) = "c:\program files\google\googletoolbar3.dll" ["Google Inc."]
Explorer Bars
HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\
HKLM\Software\Classes\CLSID\{8E4AA109-7239-4B85-8196-7377A53DDEFF}\(Default) = "&Translator Internet"
Implemented Categories\{00021494-0000-0000-C000-000000000046}\ [horizontal bar]
InProcServer32\(Default) = "C:\PROGRA~1\Antadis\TRANSL~1\DELPHI~1.DLL" [null data]
HKLM\Software\Classes\CLSID\{A1A7E22D-1587-4230-8F16-081C68D21448}\(Default) = "Szybkie dostosowywanie programu"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\PROGRA~1\Agnitum\OUTPOS~1.0\Plugins\BrowserBar\ie_bar.dll" ["Agnitum Ltd."]
HKLM\Software\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Badanie"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL" [MS]
Extensions (Tools menu items, main toolbar menu buttons)
HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBC}"
-> {HKCU...CLSID} = "Java Plug-in 1.5.0_09"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll" ["Sun Microsystems, Inc."]
-> {HKLM...CLSID} = "Java Plug-in 1.5.0_09"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll" ["Sun Microsystems, Inc."]
{44627E97-789B-40D4-B5C2-58BD171129A1}\
"ButtonText" = "Szybkie dostosowywanie programu Outpost Firewall Pro"
{92780B25-18CC-41C8-B9BE-3C9C571A8263}\
"ButtonText" = "Badanie"
{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]
Miscellaneous IE Hijack Points
------------------------------
C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings")
Added lines (compared with English-language version):
[Strings]: START_PAGE_URL=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Missing lines (compared with English-language version):
[Strings]: 1 line
Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------
AVG7 Alert Manager Server, Avg7Alrt, "C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe" ["GRISOFT, s.r.o."]
AVG7 Update Service, Avg7UpdSvc, "C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe" ["GRISOFT, s.r.o."]
NOD32 Kernel Service, NOD32krn, ""C:\Program Files\Eset\nod32krn.exe"" ["Eset "]
NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"]
Outpost Firewall Service, OutpostFirewall, "C:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe /service" ["Agnitum Ltd."]
Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]
Print Monitors:
---------------
HKLM\System\CurrentControlSet\Control\Print\Monitors\
hpzsnt05\Driver = "hpzsnt05.dll" ["HP"]
hpzsnt07\Driver = "hpzsnt07.dll" ["HP"]
Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS]
----------
<<!>>: Suspicious data at a malware launch point.
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points, use the -supp parameter or answer "No" at the
first message box and "Yes" at the second message box.
---------- (total run time: 39 seconds, including 4 seconds for message boxes)
ComboScan v20070306.20 run by Jarczew on 2007-04-02 at 20:46:04
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- HijackThis (run as Jarczew.exe) ---------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 20:46:35, on 2007-04-02
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\SAGEM WiFi manager\WLANUTL.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\Opera\Opera.exe
C:\Documents and Settings\Jarczew\Pulpit\Miotła\Różne\comboscan.exe
C:\PROGRA~1\HIJACK~1\Jarczew.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wp.pl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Translator Internet - {8E4AA109-7239-4B85-8196-7377A53DDEFF} - C:\PROGRA~1\Antadis\TRANSL~1\DELPHI~1.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [Outpost Firewall] C:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe /waitservice
O4 - HKLM\..\Run: [OutpostFeedBack] C:\PROGRA~1\Agnitum\OUTPOS~1.0\feedback.exe /dump:os_startup
O4 - HKLM\..\Run: [iKeyWorks] C:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QD FastAndSafe] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [WheelMouse] C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: Program sieciowy dla SAGEM Wi-Fi 11g USB adapter.lnk = ?
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Szybkie dostosowywanie programu Outpost Firewall Pro - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\PROGRA~1\Agnitum\OUTPOS~1.0\Plugins\BrowserBar\ie_bar.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AutoComplete Service (Autocomplete) - Unknown owner - --C:\Program Files\Acesoft\Tracks Eraser Pro\delautocomp.exe (file missing)
O23 - Service: AVG Anti-Spyware Guard - Unknown owner - -C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: GhostStartService - Unknown owner - --C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartService.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Unknown owner - --"C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: iPod Service - Unknown owner - --"C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Unknown owner - --C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Office Source Engine (ose) - Unknown owner - --"C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (file missing)
O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum Ltd. - C:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - --"C:\Program Files\CyberLink\Shared files\RichVideo.exe (file missing)
-- Files created between 2007-03-02 and 2007-04-02 -----------------------------
2007-04-01 19:47:12 11264 --a------ C:\WINDOWS\system32\drivers\asapiW2k.sys
2007-04-01 19:47:11 406016 --a------ C:\WINDOWS\system32\PSDrvCheck.exe<PSDRVC~1.EXE>
2007-04-01 19:47:10 19456 --a------ C:\WINDOWS\system32\asapi.dll
2007-04-01 19:46:27 61440 --a------ C:\WINDOWS\system32\pclepim1.dll
2007-04-01 19:46:26 487424 --a------ C:\WINDOWS\system32\MSVCP70.DLL
2007-04-01 19:46:26 54784 --a------ C:\WINDOWS\system32\MSVCI70.DLL
2007-04-01 19:46:25 1047552 --a------ C:\WINDOWS\system32\MFC71u.dll
2007-04-01 19:46:25 49152 --a------ C:\WINDOWS\system32\MFC71KOR.DLL
2007-04-01 19:46:25 49152 --a------ C:\WINDOWS\system32\MFC71JPN.DLL
2007-04-01 19:46:25 61440 --a------ C:\WINDOWS\system32\MFC71ITA.DLL
2007-04-01 19:46:25 61440 --a------ C:\WINDOWS\system32\MFC71FRA.DLL
2007-04-01 19:46:25 61440 --a------ C:\WINDOWS\system32\MFC71ESP.DLL
2007-04-01 19:46:25 57344 --a------ C:\WINDOWS\system32\MFC71ENU.DLL
2007-04-01 19:46:25 65536 --a------ C:\WINDOWS\system32\MFC71DEU.DLL
2007-04-01 19:46:25 45056 --a------ C:\WINDOWS\system32\MFC71CHT.DLL
2007-04-01 19:46:25 40960 --a------ C:\WINDOWS\system32\MFC71CHS.DLL
2007-04-01 19:46:25 964608 --a------ C:\WINDOWS\system32\MFC70U.DLL
2007-04-01 19:46:24 49152 --a------ C:\WINDOWS\system32\PCLEGetGuid.dll<PCLEGE~1.DLL>
2007-04-01 19:46:24 974848 --a------ C:\WINDOWS\system32\MFC70.DLL
2007-04-01 19:46:24 84992 --a------ C:\WINDOWS\system32\ATL70.DLL
2007-04-01 19:44:32 14165 -----n--- C:\WINDOWS\system32\drivers\Pclepci.sys
2007-04-01 17:01:06 614191 --a------ C:\WINDOWS\system32\RegistryCleanerSetup.exe<REGIST~1.EXE>
2007-04-01 16:35:30 2017 --a------ C:\jefpnls.exe
2007-04-01 16:33:03 3137 --a------ C:\logical.exe
2007-03-31 15:15:43 55978 --a------ C:\WINDOWS\system32\StylesContent.dat<STYLES~1.DAT>
2007-03-31 13:18:53 46 --a------ C:\WINDOWS\system32\imon1.dat
2007-03-30 21:14:51 53760 --a------ C:\WINDOWS\system32\hqlynedq.exe
2007-03-30 19:12:21 0 d-------- C:\Program Files\Common Files\Agnitum Shared<AGNITU~1>
2007-03-30 19:12:14 0 d-------- C:\Program Files\Agnitum
2007-03-30 00:26:31 973312 --a------ C:\WINDOWS\system32\utorrent.exe
2007-03-30 00:26:29 33920 --a------ C:\WINDOWS\system32\drivers\oreans32.sys
2007-03-30 00:26:05 298104 --a------ C:\WINDOWS\system32\imon.dll
2007-03-30 00:26:05 15424 --a------ C:\WINDOWS\system32\drivers\nod32drv.sys
2007-03-30 00:26:05 512096 --a------ C:\WINDOWS\system32\drivers\amon.sys
2007-03-30 00:03:51 19392 --a------ C:\WINDOWS\system32\drivers\avgmfx86.sys
2007-03-30 00:03:51 3968 --a------ C:\WINDOWS\system32\drivers\avgclean.sys
2007-03-29 20:00:48 0 d-------- C:\avenger
2007-03-27 21:32:01 0 --a------ C:\WINDOWS\system32\dxdllreg.exe
2007-03-27 21:25:31 3968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-03-26 23:50:35 0 d-------- C:\Program Files\Common Files\xing shared<XINGSH~1>
2007-03-26 23:47:34 0 d-------- C:\Program Files\Common Files\Real
2007-03-26 23:47:21 0 d-------- C:\Program Files\Real
2007-03-26 23:36:35 0 d-------- C:\My Downloads<MYDOWN~1>
2007-03-26 22:18:06 0 d-------- C:\Program Files\Ontrack
2007-03-17 17:45:36 31744 --a------ C:\WINDOWS\system32\drivers\ZDPSp50a64.sys<ZDPSP5~1.SYS>
2007-03-17 17:45:36 17664 --a------ C:\WINDOWS\system32\drivers\ZDPSp50.sys
2007-03-17 17:45:36 29184 --a------ C:\WINDOWS\system32\drivers\BRGSp50a64.sys<BRGSP5~1.SYS>
2007-03-17 17:45:36 20608 --a------ C:\WINDOWS\system32\drivers\BRGSp50.sys
2007-03-17 17:45:36 0 d-------- C:\Program Files\SAGEM WiFi manager<SAGEMW~1>
2007-03-17 17:44:42 402432 --a------ C:\WINDOWS\system32\drivers\WlanBZXP.sys
2007-03-17 17:44:42 493440 --a------ C:\WINDOWS\system32\drivers\WlanBZ64.SYS
2007-03-14 15:28:47 114688 --a------ C:\WINDOWS\system32\WLANUTL.dll
2007-03-14 15:28:47 61440 --a------ C:\WINDOWS\system32\W32N50.dll
-- Find3M Report ---------------------------------------------------------------
2007-04-02 20:12:25 0 d-------- C:\Documents and Settings\Jarczew\Dane aplikacji\AVG7
2007-04-01 20:22:40 0 d-------- C:\Program Files\jv16 PowerTools<JV16PO~1>
2007-04-01 20:09:21 0 d-------- C:\Program Files\Common Files\{34D67B31-0C8F-1045-0906-041127020030}<{34D67~1>
2007-04-01 19:45:52 0 d-------- C:\Program Files\Pinnacle
2007-04-01 19:45:51 0 d--h----- C:\Program Files\InstallShield Installation Information<INSTAL~1>
2007-04-01 16:41:21 0 d-------- C:\Program Files\Common Files\Symantec Shared<SYMANT~1>
2007-04-01 16:07:09 0 d-------- C:\Program Files\Norton SystemWorks<NORTON~3>
2007-04-01 15:53:45 0 d-------- C:\Documents and Settings\Jarczew\Dane aplikacji\Azureus
2007-03-31 16:14:40 0 d-------- C:\Program Files\Soulseek
2007-03-31 15:07:56 0 d-------- C:\Program Files\English Translator 3<ENGLIS~1>
2007-03-30 00:03:45 0 d-------- C:\Program Files\Grisoft
2007-03-29 18:44:48 73 --a------ C:\WINDOWS\system32\ssprs.dll
2007-03-29 18:44:48 205 --a------ C:\WINDOWS\system32\lsprst7.dll
2007-03-26 23:54:32 0 d-------- C:\Documents and Settings\Jarczew\Dane aplikacji\Real
2007-03-26 22:17:19 0 d-------- C:\Program Files\Common Files\InstallShield<INSTAL~1>
2007-03-25 19:54:35 0 d-------- C:\Program Files\Azureus
2007-03-25 10:57:39 491044 --a------ C:\WINDOWS\system32\perfh015.dat
2007-03-25 10:57:39 85686 --a------ C:\WINDOWS\system32\perfc015.dat
2007-03-21 22:19:47 0 d-------- C:\Documents and Settings\Jarczew\Dane aplikacji\AdobeUM
2007-03-17 17:45:29 0 d-------- C:\Program Files\SAGEM
2007-03-06 13:25:37 1056 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2007-02-14 23:18:50 0 d-------- C:\Program Files\Netia
2007-02-09 23:43:41 0 d-------- C:\Program Files\Real Alternative<REALAL~1>
2007-02-09 23:43:36 0 d-------- C:\Program Files\Media Player Classic<MEDIAP~1>
2007-01-29 10:58:06 60416 -----n--- C:\WINDOWS\system32\tzchange.exe
2007-01-03 00:20:04 60416 --a------ C:\WINDOWS\ALCFDRTM.EXE
-- Registry Dump ---------------------------------------------------------------
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"Outpost Firewall"="C:\\PROGRA~1\\Agnitum\\OUTPOS~1.0\\outpost.exe /waitservice"
"OutpostFeedBack"="C:\\PROGRA~1\\Agnitum\\OUTPOS~1.0\\feedback.exe /dump:os_startup"
"iKeyWorks"="C:\\PROGRA~1\\A4Tech\\Keyboard\\Ikeymain.exe"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"QD FastAndSafe"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"RemoteControl"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\""
"WheelMouse"="C:\\PROGRA~1\\A4Tech\\Mouse\\Amoumain.exe"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_09\\bin\\jusched.exe\""
"SoundMan"="SOUNDMAN.EXE"
"NvMediaCenter"="RunDLL32.exe NvMCTray.dll,NvTaskbarInit"
"LanguageShortcut"="\"C:\\Program Files\\CyberLink\\PowerDVD\\Language\\Language.exe\""
"HPDJ Taskbar Utility"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\hpztsb07.exe"
"nod32kui"="\"C:\\Program Files\\Eset\\nod32kui.exe\" /WAITSERVICE"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"PinnacleDriverCheck"="C:\\WINDOWS\\system32\\PSDrvCheck.exe -CheckReg"
"MSConfig"="C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\MSConfig.exe /auto"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="avgcc"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc.exe /STARTUP"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GhostStartTrayApp]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="GhostStartTrayApp"
"hkey"="HKLM"
"command"="C:\\Program Files\\Norton SystemWorks\\Norton Ghost\\GhostStartTrayApp.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgw.exe /RUNONCE"
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgw.exe /RUNONCE"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoCDBurning"=dword:00000000
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
-- End of ComboScan: finished at 2007-04-02 at 20:47:08 ------------------------
przez wojtas 02 Kwi 2007, 21:21
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=-
Files to delete:
C:\WINDOWS\system32\RegistryCleanerSetup.exe
C:\WINDOWS\system32\utorrent.exe
C:\jefpnls.exe
C:\logical.exe
przez Jarczew 02 Kwi 2007, 22:54
Service is stopped in this moments. Scanning of your sample has not been finalized and results has been lost. If you wish to scan it, please send it again.
Antivirus Version Update Result
AhnLab-V3 2007.4.3.0 04.02.2007 no virus found
AntiVir 7.3.1.48 04.02.2007 TR/Dldr.Small.DDT.1
Authentium 4.93.8 03.31.2007 Possibly a new variant of W32/new-malware!Maximus
Avast 4.7.936.0 04.02.2007 Win32:Small-EMG
AVG 7.5.0.447 04.02.2007 Downloader.Generic4.CLB
BitDefender 7.2 04.02.2007 Trojan.Downloader.Harnig.XB
CAT-QuickHeal 9.00 04.02.2007 TrojanDownloader.Small.ecr
ClamAV devel-20070312 04.02.2007 no virus found
DrWeb 4.33 04.02.2007 Trojan.DownLoader.19975
eSafe 7.0.15.0 04.02.2007 Win32.Small.ecr
eTrust-Vet 30.6.3535 04.02.2007 Win32/Harnig!generic
Ewido 4.0 04.02.2007 Downloader.Small.ecr
FileAdvisor 1 04.02.2007 no virus found
Fortinet 2.85.0.0 04.02.2007 suspicious
F-Prot 4.3.1.45 03.30.2007 W32/new-malware!Maximus
Aditional Information
File size: 2017 bytes
MD5: 55a72acf00481acc096ac32c727bbfa7
SHA1: 35e763fcf174184d0b6975564f49cb0c94490375
packers: FSG
packers: FSGSmitFraudFix v2.162
Scan done at 22:38:56,20, 2007-04-02
Run from D:\Download\SmitfraudFix
OS: Microsoft Windows XP [Wersja 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\SAGEM WiFi manager\WLANUTL.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\cmd.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Jarczew
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Jarczew\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Start Menu
C:\DOCUME~1\ALLUSE~1\MENUST~1\Online Security Guide.url FOUND !
C:\DOCUME~1\ALLUSE~1\MENUST~1\Security Troubleshooting.url FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Jarczew\Ulubione
C:\DOCUME~1\Jarczew\Ulubione\Online Security Test.url FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» Desktop
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys
»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Moja bieľĄca strona g˘wna"
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32-huy32
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: SAGEM Wi-Fi 11g USB adapter
DNS Server Search Order: 192.168.1.1
DNS Server Search Order: 0.0.0.0
HKLM\SYSTEM\CCS\Services\Tcpip\..\{C46EA053-BB19-4035-9195-17C4CDE6AA3E}: DhcpNameServer=192.168.1.1 0.0.0.0
HKLM\SYSTEM\CS1\Services\Tcpip\..\{C46EA053-BB19-4035-9195-17C4CDE6AA3E}: DhcpNameServer=192.168.1.1 0.0.0.0
HKLM\SYSTEM\CS2\Services\Tcpip\..\{C46EA053-BB19-4035-9195-17C4CDE6AA3E}: DhcpNameServer=192.168.1.1 0.0.0.0
HKLM\SYSTEM\CS3\Services\Tcpip\..\{C46EA053-BB19-4035-9195-17C4CDE6AA3E}: DhcpNameServer=192.168.1.1 0.0.0.0
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 0.0.0.0
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 0.0.0.0
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 0.0.0.0
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 0.0.0.0
»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection
»»»»»»»»»»»»»»»»»»»»»»»» End
przez wojtas 02 Kwi 2007, 22:57
C:\jefpnls.exe
C:\logical.exe
przez Jarczew 02 Kwi 2007, 23:01
Complete scanning result of "jefpnls.exe", received in VirusTotal at 04.02.2007, 22:40:02 (CET).
Antivirus Version Update Result
AhnLab-V3 2007.4.3.0 04.02.2007 no virus found
AntiVir 7.3.1.48 04.02.2007 TR/Dldr.Small.DDT.1
Authentium 4.93.8 03.31.2007 Possibly a new variant of W32/new-malware!Maximus
Avast 4.7.936.0 04.02.2007 Win32:Small-EMG
AVG 7.5.0.447 04.02.2007 Downloader.Generic4.CLB
BitDefender 7.2 04.02.2007 Trojan.Downloader.Harnig.XB
CAT-QuickHeal 9.00 04.02.2007 TrojanDownloader.Small.ecr
ClamAV devel-20070312 04.02.2007 no virus found
DrWeb 4.33 04.02.2007 Trojan.DownLoader.19975
eSafe 7.0.15.0 04.02.2007 Win32.Small.ecr
eTrust-Vet 30.6.3535 04.02.2007 Win32/Harnig!generic
Ewido 4.0 04.02.2007 Downloader.Small.ecr
FileAdvisor 1 04.02.2007 no virus found
Fortinet 2.85.0.0 04.02.2007 suspicious
F-Prot 4.3.1.45 03.30.2007 W32/new-malware!Maximus
F-Secure 6.70.13030.0 04.02.2007 Trojan-Downloader.Win32.Small.ecr
Ikarus T3.1.1.3 04.02.2007 Trojan-Downloader.Win32.Small.dib
Kaspersky 4.0.2.24 04.02.2007 Trojan-Downloader.Win32.Small.ecr
McAfee 4998 04.02.2007 no virus found
Microsoft 1.2306 04.02.2007 TrojanDownloader:Win32/Harnig.gen!G
NOD32v2 2164 04.02.2007 probably a variant of Win32/TrojanDownloader.Small.NSL
Norman 5.80.02 04.02.2007 W32/Harnig.EOY
Panda 9.0.0.4 04.02.2007 Suspicious file
Prevx1 V2 04.02.2007 Polynomial.Code.Exploit
Sophos 4.16.0 03.30.2007 Mal/Packer
Sunbelt 2.2.907.0 03.31.2007 VIPRE.Suspicious
Symantec 10 04.02.2007 SpySheriff
TheHacker 6.1.6.084 04.02.2007 Trojan/Downloader.Small.ecr
UNA 1.83 03.16.2007 no virus found
VBA32 3.11.3 04.02.2007 no virus found
VirusBuster 4.3.7:9 04.02.2007 Packed/FSG
Webwasher-Gateway 6.0.1 04.02.2007 Trojan.Dldr.Small.DDT.1
Aditional Information
File size: 2017 bytes
MD5: 55a72acf00481acc096ac32c727bbfa7
SHA1: 35e763fcf174184d0b6975564f49cb0c94490375
packers: FSG
packers: FSG
Prevx info: http://fileinfo.prevx.com/fileinfo.asp?PXC=8e7e86371176
Sunbelt info: VIPRE.Suspicious is a generic detection for potential threats that are deemed suspicious through heuristics.
przez wojtas 02 Kwi 2007, 23:03
przez Jarczew 02 Kwi 2007, 23:44
ComboScan v20070306.20 run by Jarczew on 2007-04-02 at 23:29:48
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- HijackThis (run as Jarczew.exe) ---------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 23:29:55, on 2007-04-02
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\SAGEM WiFi manager\WLANUTL.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Opera\Opera.exe
C:\Documents and Settings\Jarczew\Pulpit\Miotła\Różne\comboscan.exe
C:\PROGRA~1\HIJACK~1\Jarczew.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Translator Internet - {8E4AA109-7239-4B85-8196-7377A53DDEFF} - C:\PROGRA~1\Antadis\TRANSL~1\DELPHI~1.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [Outpost Firewall] C:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe /waitservice
O4 - HKLM\..\Run: [OutpostFeedBack] C:\PROGRA~1\Agnitum\OUTPOS~1.0\feedback.exe /dump:os_startup
O4 - HKLM\..\Run: [iKeyWorks] C:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QD FastAndSafe] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [WheelMouse] C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: Program sieciowy dla SAGEM Wi-Fi 11g USB adapter.lnk = ?
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Szybkie dostosowywanie programu Outpost Firewall Pro - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\PROGRA~1\Agnitum\OUTPOS~1.0\Plugins\BrowserBar\ie_bar.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AutoComplete Service (Autocomplete) - Unknown owner - --C:\Program Files\Acesoft\Tracks Eraser Pro\delautocomp.exe (file missing)
O23 - Service: AVG Anti-Spyware Guard - Unknown owner - -C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: GhostStartService - Unknown owner - --C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartService.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Unknown owner - --"C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: iPod Service - Unknown owner - --"C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Unknown owner - --C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Office Source Engine (ose) - Unknown owner - --"C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (file missing)
O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum Ltd. - C:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - --"C:\Program Files\CyberLink\Shared files\RichVideo.exe (file missing)
-- Files created between 2007-03-02 and 2007-04-02 -----------------------------
2007-04-02 22:39:02 3672 --a------ C:\WINDOWS\system32\tmp.reg
2007-04-02 22:27:31 79360 --a------ C:\WINDOWS\system32\swxcacls.exe
2007-04-02 22:27:31 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-04-02 22:27:30 40960 --a------ C:\WINDOWS\system32\swsc.exe
2007-04-02 22:27:30 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-04-02 22:27:29 135168 --a------ C:\WINDOWS\system32\swreg.exe
2007-04-02 22:27:29 53248 --a------ C:\WINDOWS\system32\Process.exe
2007-04-02 21:58:13 0 d-------- C:\avenger
2007-04-01 19:47:12 11264 --a------ C:\WINDOWS\system32\drivers\asapiW2k.sys
2007-04-01 19:47:11 406016 --a------ C:\WINDOWS\system32\PSDrvCheck.exe<PSDRVC~1.EXE>
2007-04-01 19:47:10 19456 --a------ C:\WINDOWS\system32\asapi.dll
2007-04-01 19:46:27 61440 --a------ C:\WINDOWS\system32\pclepim1.dll
2007-04-01 19:46:26 487424 --a------ C:\WINDOWS\system32\MSVCP70.DLL
2007-04-01 19:46:26 54784 --a------ C:\WINDOWS\system32\MSVCI70.DLL
2007-04-01 19:46:25 1047552 --a------ C:\WINDOWS\system32\MFC71u.dll
2007-04-01 19:46:25 49152 --a------ C:\WINDOWS\system32\MFC71KOR.DLL
2007-04-01 19:46:25 49152 --a------ C:\WINDOWS\system32\MFC71JPN.DLL
2007-04-01 19:46:25 61440 --a------ C:\WINDOWS\system32\MFC71ITA.DLL
2007-04-01 19:46:25 61440 --a------ C:\WINDOWS\system32\MFC71FRA.DLL
2007-04-01 19:46:25 61440 --a------ C:\WINDOWS\system32\MFC71ESP.DLL
2007-04-01 19:46:25 57344 --a------ C:\WINDOWS\system32\MFC71ENU.DLL
2007-04-01 19:46:25 65536 --a------ C:\WINDOWS\system32\MFC71DEU.DLL
2007-04-01 19:46:25 45056 --a------ C:\WINDOWS\system32\MFC71CHT.DLL
2007-04-01 19:46:25 40960 --a------ C:\WINDOWS\system32\MFC71CHS.DLL
2007-04-01 19:46:25 964608 --a------ C:\WINDOWS\system32\MFC70U.DLL
2007-04-01 19:46:24 49152 --a------ C:\WINDOWS\system32\PCLEGetGuid.dll<PCLEGE~1.DLL>
2007-04-01 19:46:24 974848 --a------ C:\WINDOWS\system32\MFC70.DLL
2007-04-01 19:46:24 84992 --a------ C:\WINDOWS\system32\ATL70.DLL
2007-04-01 19:44:32 14165 -----n--- C:\WINDOWS\system32\drivers\Pclepci.sys
2007-03-31 15:15:43 55978 --a------ C:\WINDOWS\system32\StylesContent.dat<STYLES~1.DAT>
2007-03-31 13:18:53 46 --a------ C:\WINDOWS\system32\imon1.dat
2007-03-30 21:14:51 53760 --a------ C:\WINDOWS\system32\hqlynedq.exe
2007-03-30 19:12:21 0 d-------- C:\Program Files\Common Files\Agnitum Shared<AGNITU~1>
2007-03-30 19:12:14 0 d-------- C:\Program Files\Agnitum
2007-03-30 00:26:29 33920 --a------ C:\WINDOWS\system32\drivers\oreans32.sys
2007-03-30 00:26:05 298104 --a------ C:\WINDOWS\system32\imon.dll
2007-03-30 00:26:05 15424 --a------ C:\WINDOWS\system32\drivers\nod32drv.sys
2007-03-30 00:26:05 512096 --a------ C:\WINDOWS\system32\drivers\amon.sys
2007-03-30 00:03:51 19392 --a------ C:\WINDOWS\system32\drivers\avgmfx86.sys
2007-03-30 00:03:51 3968 --a------ C:\WINDOWS\system32\drivers\avgclean.sys
2007-03-27 21:32:01 0 --a------ C:\WINDOWS\system32\dxdllreg.exe
2007-03-27 21:25:31 3968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-03-26 23:50:35 0 d-------- C:\Program Files\Common Files\xing shared<XINGSH~1>
2007-03-26 23:47:34 0 d-------- C:\Program Files\Common Files\Real
2007-03-26 23:47:21 0 d-------- C:\Program Files\Real
2007-03-26 23:36:35 0 d-------- C:\My Downloads<MYDOWN~1>
2007-03-26 22:18:06 0 d-------- C:\Program Files\Ontrack
2007-03-17 17:45:36 31744 --a------ C:\WINDOWS\system32\drivers\ZDPSp50a64.sys<ZDPSP5~1.SYS>
2007-03-17 17:45:36 17664 --a------ C:\WINDOWS\system32\drivers\ZDPSp50.sys
2007-03-17 17:45:36 29184 --a------ C:\WINDOWS\system32\drivers\BRGSp50a64.sys<BRGSP5~1.SYS>
2007-03-17 17:45:36 20608 --a------ C:\WINDOWS\system32\drivers\BRGSp50.sys
2007-03-17 17:45:36 0 d-------- C:\Program Files\SAGEM WiFi manager<SAGEMW~1>
2007-03-17 17:44:42 402432 --a------ C:\WINDOWS\system32\drivers\WlanBZXP.sys
2007-03-17 17:44:42 493440 --a------ C:\WINDOWS\system32\drivers\WlanBZ64.SYS
2007-03-14 15:28:47 114688 --a------ C:\WINDOWS\system32\WLANUTL.dll
2007-03-14 15:28:47 61440 --a------ C:\WINDOWS\system32\W32N50.dll
-- Find3M Report ---------------------------------------------------------------
2007-04-02 21:04:17 0 d-------- C:\Program Files\jv16 PowerTools<JV16PO~1>
2007-04-02 20:12:25 0 d-------- C:\Documents and Settings\Jarczew\Dane aplikacji\AVG7
2007-04-01 20:09:21 0 d-------- C:\Program Files\Common Files\{34D67B31-0C8F-1045-0906-041127020030}<{34D67~1>
2007-04-01 19:45:52 0 d-------- C:\Program Files\Pinnacle
2007-04-01 19:45:51 0 d--h----- C:\Program Files\InstallShield Installation Information<INSTAL~1>
2007-04-01 16:41:21 0 d-------- C:\Program Files\Common Files\Symantec Shared<SYMANT~1>
2007-04-01 16:07:09 0 d-------- C:\Program Files\Norton SystemWorks<NORTON~3>
2007-04-01 15:53:45 0 d-------- C:\Documents and Settings\Jarczew\Dane aplikacji\Azureus
2007-03-31 16:14:40 0 d-------- C:\Program Files\Soulseek
2007-03-31 15:07:56 0 d-------- C:\Program Files\English Translator 3<ENGLIS~1>
2007-03-30 00:03:45 0 d-------- C:\Program Files\Grisoft
2007-03-29 18:44:48 73 --a------ C:\WINDOWS\system32\ssprs.dll
2007-03-29 18:44:48 205 --a------ C:\WINDOWS\system32\lsprst7.dll
2007-03-26 23:54:32 0 d-------- C:\Documents and Settings\Jarczew\Dane aplikacji\Real
2007-03-26 22:17:19 0 d-------- C:\Program Files\Common Files\InstallShield<INSTAL~1>
2007-03-25 19:54:35 0 d-------- C:\Program Files\Azureus
2007-03-25 10:57:39 491044 --a------ C:\WINDOWS\system32\perfh015.dat
2007-03-25 10:57:39 85686 --a------ C:\WINDOWS\system32\perfc015.dat
2007-03-21 22:19:47 0 d-------- C:\Documents and Settings\Jarczew\Dane aplikacji\AdobeUM
2007-03-17 17:45:29 0 d-------- C:\Program Files\SAGEM
2007-03-06 13:25:37 1056 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2007-02-14 23:18:50 0 d-------- C:\Program Files\Netia
2007-02-09 23:43:41 0 d-------- C:\Program Files\Real Alternative<REALAL~1>
2007-02-09 23:43:36 0 d-------- C:\Program Files\Media Player Classic<MEDIAP~1>
2007-01-29 10:58:06 60416 -----n--- C:\WINDOWS\system32\tzchange.exe
2007-01-03 00:20:04 60416 --a------ C:\WINDOWS\ALCFDRTM.EXE
-- Registry Dump ---------------------------------------------------------------
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"Outpost Firewall"="C:\\PROGRA~1\\Agnitum\\OUTPOS~1.0\\outpost.exe /waitservice"
"OutpostFeedBack"="C:\\PROGRA~1\\Agnitum\\OUTPOS~1.0\\feedback.exe /dump:os_startup"
"iKeyWorks"="C:\\PROGRA~1\\A4Tech\\Keyboard\\Ikeymain.exe"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"QD FastAndSafe"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"RemoteControl"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\""
"WheelMouse"="C:\\PROGRA~1\\A4Tech\\Mouse\\Amoumain.exe"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_09\\bin\\jusched.exe\""
"SoundMan"="SOUNDMAN.EXE"
"NvMediaCenter"="RunDLL32.exe NvMCTray.dll,NvTaskbarInit"
"LanguageShortcut"="\"C:\\Program Files\\CyberLink\\PowerDVD\\Language\\Language.exe\""
"HPDJ Taskbar Utility"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\hpztsb07.exe"
"nod32kui"="\"C:\\Program Files\\Eset\\nod32kui.exe\" /WAITSERVICE"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"PinnacleDriverCheck"="C:\\WINDOWS\\system32\\PSDrvCheck.exe -CheckReg"
"GhostStartTrayApp"="C:\\Program Files\\Norton SystemWorks\\Norton Ghost\\GhostStartTrayApp.exe"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc.exe /STARTUP"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgw.exe /RUNONCE"
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgw.exe /RUNONCE"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoCDBurning"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
-- End of ComboScan: finished at 2007-04-02 at 23:30:22 ------------------------
SmitFraudFix v2.162
Scan done at 23:25:46,01, 2007-04-02
Run from D:\Download\SmitfraudFix
OS: Microsoft Windows XP [Wersja 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Killing process
»»»»»»»»»»»»»»»»»»»»»»»» hosts
127.0.0.1 localhost
127.0.0.1 localhost
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: SAGEM Wi-Fi 11g USB adapter
DNS Server Search Order: 192.168.1.1
DNS Server Search Order: 0.0.0.0
HKLM\SYSTEM\CCS\Services\Tcpip\..\{C46EA053-BB19-4035-9195-17C4CDE6AA3E}: DhcpNameServer=192.168.1.1 0.0.0.0
HKLM\SYSTEM\CS1\Services\Tcpip\..\{C46EA053-BB19-4035-9195-17C4CDE6AA3E}: DhcpNameServer=192.168.1.1 0.0.0.0
HKLM\SYSTEM\CS2\Services\Tcpip\..\{C46EA053-BB19-4035-9195-17C4CDE6AA3E}: DhcpNameServer=192.168.1.1 0.0.0.0
HKLM\SYSTEM\CS3\Services\Tcpip\..\{C46EA053-BB19-4035-9195-17C4CDE6AA3E}: DhcpNameServer=192.168.1.1 0.0.0.0
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 0.0.0.0
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 0.0.0.0
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 0.0.0.0
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 0.0.0.0
»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
przez wojtas 03 Kwi 2007, 20:03
Files to delete:
C:\WINDOWS\system32\tmp.reg
C:\WINDOWS\system32\hqlynedq.exe
Folders to delete:
C:\Program Files\Common Files\{34D67B31-0C8F-1045-0906-041127020030}
przez Jarczew 03 Kwi 2007, 20:18
Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\nfghrjce
*******************
Script file located at: \??\C:\xkblqigw.txt
Script file opened successfully.
Script file read successfully
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
File C:\WINDOWS\system32\tmp.reg deleted successfully.
File C:\WINDOWS\system32\hqlynedq.exe deleted successfully.
Folder C:\Program Files\Common Files\{34D67B31-0C8F-1045-0906-041127020030} deleted successfully.
Completed script processing.
*******************
Finished! Terminate.ComboScan v20070306.20 run by Jarczew on 2007-04-03 at 20:06:16
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- HijackThis (run as Jarczew.exe) ---------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 20:06:22, on 2007-04-03
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\SAGEM WiFi manager\WLANUTL.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Documents and Settings\Jarczew\Pulpit\Miotła\Różne\comboscan.exe
C:\PROGRA~1\HIJACK~1\Jarczew.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Translator Internet - {8E4AA109-7239-4B85-8196-7377A53DDEFF} - C:\PROGRA~1\Antadis\TRANSL~1\DELPHI~1.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [Outpost Firewall] C:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe /waitservice
O4 - HKLM\..\Run: [OutpostFeedBack] C:\PROGRA~1\Agnitum\OUTPOS~1.0\feedback.exe /dump:os_startup
O4 - HKLM\..\Run: [iKeyWorks] C:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QD FastAndSafe] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [WheelMouse] C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: Program sieciowy dla SAGEM Wi-Fi 11g USB adapter.lnk = ?
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Szybkie dostosowywanie programu Outpost Firewall Pro - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\PROGRA~1\Agnitum\OUTPOS~1.0\Plugins\BrowserBar\ie_bar.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AutoComplete Service (Autocomplete) - Unknown owner - --C:\Program Files\Acesoft\Tracks Eraser Pro\delautocomp.exe (file missing)
O23 - Service: AVG Anti-Spyware Guard - Unknown owner - -C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: GhostStartService - Unknown owner - --C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartService.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Unknown owner - --"C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: iPod Service - Unknown owner - --"C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Unknown owner - --C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Office Source Engine (ose) - Unknown owner - --"C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (file missing)
O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum Ltd. - C:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - --"C:\Program Files\CyberLink\Shared files\RichVideo.exe (file missing)
-- Files created between 2007-03-03 and 2007-04-03 -----------------------------
2007-04-03 19:56:43 0 d-------- C:\avenger
2007-04-03 19:14:02 0 d-------- C:\Program Files\SopCast
2007-04-02 22:27:31 79360 --a------ C:\WINDOWS\system32\swxcacls.exe
2007-04-02 22:27:31 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-04-02 22:27:30 40960 --a------ C:\WINDOWS\system32\swsc.exe
2007-04-02 22:27:30 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-04-02 22:27:29 135168 --a------ C:\WINDOWS\system32\swreg.exe
2007-04-02 22:27:29 53248 --a------ C:\WINDOWS\system32\Process.exe
2007-04-01 19:47:12 11264 --a------ C:\WINDOWS\system32\drivers\asapiW2k.sys
2007-04-01 19:47:11 406016 --a------ C:\WINDOWS\system32\PSDrvCheck.exe<PSDRVC~1.EXE>
2007-04-01 19:47:10 19456 --a------ C:\WINDOWS\system32\asapi.dll
2007-04-01 19:46:27 61440 --a------ C:\WINDOWS\system32\pclepim1.dll
2007-04-01 19:46:26 487424 --a------ C:\WINDOWS\system32\MSVCP70.DLL
2007-04-01 19:46:26 54784 --a------ C:\WINDOWS\system32\MSVCI70.DLL
2007-04-01 19:46:25 1047552 --a------ C:\WINDOWS\system32\MFC71u.dll
2007-04-01 19:46:25 49152 --a------ C:\WINDOWS\system32\MFC71KOR.DLL
2007-04-01 19:46:25 49152 --a------ C:\WINDOWS\system32\MFC71JPN.DLL
2007-04-01 19:46:25 61440 --a------ C:\WINDOWS\system32\MFC71ITA.DLL
2007-04-01 19:46:25 61440 --a------ C:\WINDOWS\system32\MFC71FRA.DLL
2007-04-01 19:46:25 61440 --a------ C:\WINDOWS\system32\MFC71ESP.DLL
2007-04-01 19:46:25 57344 --a------ C:\WINDOWS\system32\MFC71ENU.DLL
2007-04-01 19:46:25 65536 --a------ C:\WINDOWS\system32\MFC71DEU.DLL
2007-04-01 19:46:25 45056 --a------ C:\WINDOWS\system32\MFC71CHT.DLL
2007-04-01 19:46:25 40960 --a------ C:\WINDOWS\system32\MFC71CHS.DLL
2007-04-01 19:46:25 964608 --a------ C:\WINDOWS\system32\MFC70U.DLL
2007-04-01 19:46:24 49152 --a------ C:\WINDOWS\system32\PCLEGetGuid.dll<PCLEGE~1.DLL>
2007-04-01 19:46:24 974848 --a------ C:\WINDOWS\system32\MFC70.DLL
2007-04-01 19:46:24 84992 --a------ C:\WINDOWS\system32\ATL70.DLL
2007-04-01 19:44:32 14165 -----n--- C:\WINDOWS\system32\drivers\Pclepci.sys
2007-03-31 15:15:43 55978 --a------ C:\WINDOWS\system32\StylesContent.dat<STYLES~1.DAT>
2007-03-31 13:18:53 46 --a------ C:\WINDOWS\system32\imon1.dat
2007-03-30 19:12:21 0 d-------- C:\Program Files\Common Files\Agnitum Shared<AGNITU~1>
2007-03-30 19:12:14 0 d-------- C:\Program Files\Agnitum
2007-03-30 00:26:29 33920 --a------ C:\WINDOWS\system32\drivers\oreans32.sys
2007-03-30 00:26:05 298104 --a------ C:\WINDOWS\system32\imon.dll
2007-03-30 00:26:05 15424 --a------ C:\WINDOWS\system32\drivers\nod32drv.sys
2007-03-30 00:26:05 512096 --a------ C:\WINDOWS\system32\drivers\amon.sys
2007-03-30 00:03:51 19392 --a------ C:\WINDOWS\system32\drivers\avgmfx86.sys
2007-03-30 00:03:51 3968 --a------ C:\WINDOWS\system32\drivers\avgclean.sys
2007-03-27 21:32:01 0 --a------ C:\WINDOWS\system32\dxdllreg.exe
2007-03-27 21:25:31 3968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-03-26 23:50:35 0 d-------- C:\Program Files\Common Files\xing shared<XINGSH~1>
2007-03-26 23:47:34 0 d-------- C:\Program Files\Common Files\Real
2007-03-26 23:47:21 0 d-------- C:\Program Files\Real
2007-03-26 23:36:35 0 d-------- C:\My Downloads<MYDOWN~1>
2007-03-26 22:18:06 0 d-------- C:\Program Files\Ontrack
2007-03-17 17:45:36 31744 --a------ C:\WINDOWS\system32\drivers\ZDPSp50a64.sys<ZDPSP5~1.SYS>
2007-03-17 17:45:36 17664 --a------ C:\WINDOWS\system32\drivers\ZDPSp50.sys
2007-03-17 17:45:36 29184 --a------ C:\WINDOWS\system32\drivers\BRGSp50a64.sys<BRGSP5~1.SYS>
2007-03-17 17:45:36 20608 --a------ C:\WINDOWS\system32\drivers\BRGSp50.sys
2007-03-17 17:45:36 0 d-------- C:\Program Files\SAGEM WiFi manager<SAGEMW~1>
2007-03-17 17:44:42 402432 --a------ C:\WINDOWS\system32\drivers\WlanBZXP.sys
2007-03-17 17:44:42 493440 --a------ C:\WINDOWS\system32\drivers\WlanBZ64.SYS
2007-03-14 15:28:47 114688 --a------ C:\WINDOWS\system32\WLANUTL.dll
2007-03-14 15:28:47 61440 --a------ C:\WINDOWS\system32\W32N50.dll
-- Find3M Report ---------------------------------------------------------------
2007-04-03 19:15:52 0 d-------- C:\Documents and Settings\Jarczew\Dane aplikacji\SopCast
2007-04-03 18:05:03 0 d-------- C:\Documents and Settings\Jarczew\Dane aplikacji\AVG7
2007-04-02 21:04:17 0 d-------- C:\Program Files\jv16 PowerTools<JV16PO~1>
2007-04-01 19:45:52 0 d-------- C:\Program Files\Pinnacle
2007-04-01 19:45:51 0 d--h----- C:\Program Files\InstallShield Installation Information<INSTAL~1>
2007-04-01 16:41:21 0 d-------- C:\Program Files\Common Files\Symantec Shared<SYMANT~1>
2007-04-01 16:07:09 0 d-------- C:\Program Files\Norton SystemWorks<NORTON~3>
2007-04-01 15:53:45 0 d-------- C:\Documents and Settings\Jarczew\Dane aplikacji\Azureus
2007-03-31 16:14:40 0 d-------- C:\Program Files\Soulseek
2007-03-31 15:07:56 0 d-------- C:\Program Files\English Translator 3<ENGLIS~1>
2007-03-30 00:03:45 0 d-------- C:\Program Files\Grisoft
2007-03-29 18:44:48 73 --a------ C:\WINDOWS\system32\ssprs.dll
2007-03-29 18:44:48 205 --a------ C:\WINDOWS\system32\lsprst7.dll
2007-03-26 23:54:32 0 d-------- C:\Documents and Settings\Jarczew\Dane aplikacji\Real
2007-03-26 22:17:19 0 d-------- C:\Program Files\Common Files\InstallShield<INSTAL~1>
2007-03-25 19:54:35 0 d-------- C:\Program Files\Azureus
2007-03-25 10:57:39 491044 --a------ C:\WINDOWS\system32\perfh015.dat
2007-03-25 10:57:39 85686 --a------ C:\WINDOWS\system32\perfc015.dat
2007-03-21 22:19:47 0 d-------- C:\Documents and Settings\Jarczew\Dane aplikacji\AdobeUM
2007-03-17 17:45:29 0 d-------- C:\Program Files\SAGEM
2007-03-06 13:25:37 1056 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2007-02-14 23:18:50 0 d-------- C:\Program Files\Netia
2007-02-09 23:43:41 0 d-------- C:\Program Files\Real Alternative<REALAL~1>
2007-02-09 23:43:36 0 d-------- C:\Program Files\Media Player Classic<MEDIAP~1>
2007-01-29 10:58:06 60416 -----n--- C:\WINDOWS\system32\tzchange.exe
2007-01-03 00:20:04 60416 --a------ C:\WINDOWS\ALCFDRTM.EXE
-- Registry Dump ---------------------------------------------------------------
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"Outpost Firewall"="C:\\PROGRA~1\\Agnitum\\OUTPOS~1.0\\outpost.exe /waitservice"
"OutpostFeedBack"="C:\\PROGRA~1\\Agnitum\\OUTPOS~1.0\\feedback.exe /dump:os_startup"
"iKeyWorks"="C:\\PROGRA~1\\A4Tech\\Keyboard\\Ikeymain.exe"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"QD FastAndSafe"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"RemoteControl"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\""
"WheelMouse"="C:\\PROGRA~1\\A4Tech\\Mouse\\Amoumain.exe"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_09\\bin\\jusched.exe\""
"SoundMan"="SOUNDMAN.EXE"
"NvMediaCenter"="RunDLL32.exe NvMCTray.dll,NvTaskbarInit"
"LanguageShortcut"="\"C:\\Program Files\\CyberLink\\PowerDVD\\Language\\Language.exe\""
"HPDJ Taskbar Utility"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\hpztsb07.exe"
"nod32kui"="\"C:\\Program Files\\Eset\\nod32kui.exe\" /WAITSERVICE"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"PinnacleDriverCheck"="C:\\WINDOWS\\system32\\PSDrvCheck.exe -CheckReg"
"GhostStartTrayApp"="C:\\Program Files\\Norton SystemWorks\\Norton Ghost\\GhostStartTrayApp.exe"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc.exe /STARTUP"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgw.exe /RUNONCE"
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgw.exe /RUNONCE"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoCDBurning"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
-- End of ComboScan: finished at 2007-04-03 at 20:06:55 ------------------------
przez Jarczew 03 Kwi 2007, 20:27
Użytkownicy przeglądający to forum: Brak zarejestrowanych użytkowników oraz 1 gość