HijackThis
- Kod: Zaznacz wszystko
Logfile of HijackThis v1.99.1
Scan saved at 15:07:11, on 2007-04-30
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\svchost.exe
E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
E:\Program Files\Alwil Software\Avast4\ashServ.exe
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\system32\wscntfy.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\system32\WgaTray.exe
E:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
E:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
E:\PROGRA~1\Wanadoo\TaskbarIcon.exe
E:\Program Files\Messenger\msmsgs.exe
E:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
E:\PROGRA~1\Wanadoo\EspaceWanadoo.exe
E:\PROGRA~1\Wanadoo\ComComp.exe
E:\PROGRA~1\Wanadoo\Watch.exe
E:\DOCUME~1\Legion\USTAWI~1\Temp\update.tmp
E:\Program Files\Gadu-Gadu\gg.exe
E:\WINDOWS\explorer.exe
E:\Program Files\Gadu-Gadu\gg.exe
E:\WINDOWS\NOTEPAD.EXE
E:\WINDOWS\NOTEPAD.EXE
E:\Program Files\Mozilla Firefox\firefox.exe
E:\Documents and Settings\Legion\Pulpit\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.pl
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada Plus wita Cie w Internecie
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - E:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - E:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - E:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - e:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SiSUSBRG] E:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SunJavaUpdateSched] E:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [ATIPTA] E:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] E:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [NeroFilterCheck] E:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WinampAgent] E:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [runner1] E:\WINDOWS\updater.exe 61A847B5BBF72810329B385577FB01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
O4 - HKLM\..\Run: [avast!] E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [webHancer Agent] E:\Program Files\webHancer\Programs\whagent.exe
O4 - HKLM\..\Run: [tcpipmon] tcpipmon.exe
O4 - HKLM\..\Run: [WOOWATCH] E:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] E:\PROGRA~1\Wanadoo\TaskbarIcon.exe
O4 - HKLM\..\Run: [InfoData] rundll32.exe "E:\WINDOWS\system32\goeubvku.dll",realset
O4 - HKCU\..\Run: [Gadu-Gadu] "E:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [MSMSGS] "E:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Adobe Gamma.lnk = E:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = E:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: DSLMON.lnk = E:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O8 - Extra context menu item: Download with IDM - E:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://E:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://E:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://E:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://E:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O16 - DPF: {5A09E43F-A0A7-4ABF-AF80-11367CF1DC8F} (MainControl Class) - http://mks.com.pl/skaner/SkanerOnline.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F5793671-109B-4761-B9EF-EAC4E961F372}: NameServer = 194.204.159.1 217.98.63.164
O21 - SSODL: ferrateen - {27321538-5739-4aa1-b84c-7d18e4383f1f} - (no file)
O23 - Service: Adobe LM Service - Adobe Systems - E:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - E:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - E:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - E:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Web Scanner - Unknown owner - E:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: cFosSpeed System Service (cFosSpeedS) - Unknown owner - E:\Program Files\cFosSpeed\spd.exe" -service (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - E:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Unknown owner - E:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe (file missing)
Silent Runner
- Kod: Zaznacz wszystko
"Silent Runners.vbs", revision R50, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"Gadu-Gadu" = ""E:\Program Files\Gadu-Gadu\gg.exe" /tray" ["Gadu-Gadu S.A."]
"MSMSGS" = ""E:\Program Files\Messenger\msmsgs.exe" /background" [MS]
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ {++}
"pmsngr.exe" = "E:\Program Files\iVideoCodec\pmsngr.exe" [file not found]
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"SiSUSBRG" = "E:\WINDOWS\SiSUSBrg.exe" ["Silicon Integrated Systems Corp."]
"Cmaudio" = "RunDll32 cmicnfg.cpl,CMICtrlWnd" [MS]
"SunJavaUpdateSched" = "E:\Program Files\Java\jre1.5.0_04\bin\jusched.exe" ["Sun Microsystems, Inc."]
"ATIPTA" = "E:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" ["ATI Technologies, Inc."]
"Easy-PrintToolBox" = "E:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon" ["CANON INC."]
"NeroFilterCheck" = "E:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]
"WinampAgent" = "E:\Program Files\Winamp\winampa.exe" [file not found]
"runner1" = "E:\WINDOWS\updater.exe 61A847B5BBF72810329B385577FB01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310" [null data]
"avast!" = "E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" ["ALWIL Software"]
"webHancer Agent" = "E:\Program Files\webHancer\Programs\whagent.exe" ["webHancer Corporation"]
"tcpipmon" = "tcpipmon.exe" [file not found]
"WOOWATCH" = "E:\PROGRA~1\Wanadoo\Watch.exe" ["France Télécom R&D"]
"WOOTASKBARICON" = "E:\PROGRA~1\Wanadoo\TaskbarIcon.exe" ["France Télécom R&D"]
"InfoData" = "rundll32.exe "E:\WINDOWS\system32\goeubvku.dll",realset" [MS]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{0055C089-8582-441B-A0BF-17B458C2A3A8}\(Default) = (no title provided)
-> {HKLM...CLSID} = "IDMIEHlprObj Class"
\InProcServer32\(Default) = "E:\Program Files\Internet Download Manager\IDMIECC.dll" ["Internet Download Manager Corp., Tonec Inc."]
{02478D38-C3F9-4EFB-9B51-7695ECA05670}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Yahoo! Toolbar Helper"
\InProcServer32\(Default) = "E:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."]
{37B85A21-692B-4205-9CAD-2626E4993404}\(Default) = (no title provided)
-> {HKLM...CLSID} = "My Global Search Bar BHO"
\InProcServer32\(Default) = "E:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL" ["My Global Search"]
{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Megaupload Toolbar"
\InProcServer32\(Default) = "E:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL" ["MegaUpload"]
{6148028B-D532-4417-8C0B-5A4A0B745393}\(Default) = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "E:\WINDOWS\system32\ljjhgeb.dll" [null data]
{697E442B-81AA-47F1-A055-70E10BB9726E}\(Default) = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "E:\WINDOWS\system32\ddabc.dll" [null data]
{AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Google Toolbar Helper"
\InProcServer32\(Default) = "e:\program files\google\googletoolbar2.dll" ["Google Inc."]
{D651AFF4-9590-424d-BD1E-8E33E090DFB3}\(Default) = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "E:\WINDOWS\system32\emxnwkag.dll" [null data]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"
-> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "E:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "E:\Program Files\WinRAR\rarext.dll" [null data]
"{A5110426-177D-4e08-AB3F-785F10B4439C}" = "My Phones"
-> {HKLM...CLSID} = "My Phones"
\InProcServer32\(Default) = "E:\Program Files\Sony Ericsson\Mobile\File Manager\fmgrgui.dll" ["Sony Ericsson Mobile Communications AB"]
"{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}" = "UnlockerShellExtension"
-> {HKLM...CLSID} = "UnlockerShellExtension"
\InProcServer32\(Default) = "E:\Program Files\Unlocker\UnlockerCOM.dll" [null data]
"{1C311AAA-D8B1-4A0A-BEE5-2387FEC583DA}" = "ShellPlusContextMenu"
-> {HKLM...CLSID} = "Burn4Freecontext menu"
\InProcServer32\(Default) = "E:\WINDOWS\system32\b4fm.dll" [null data]
"{472083B0-C522-11CF-8763-00608CC02F24}" = "avast"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "E:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
"{FED7043D-346A-414D-ACD7-550D052499A7}" = "dBpowerAMP Music Converter 1"
-> {HKLM...CLSID} = "dBpShell Class"
\InProcServer32\(Default) = "E:\Program Files\Illustrate\dBpowerAMP\dBShell.dll" [empty string]
"{2C49B5D0-ACE7-4D17-9DF0-A254A6C5A0C5}" = "dBpowerAMP Music Converter"
-> {HKLM...CLSID} = "dMCIShell Class"
\InProcServer32\(Default) = "E:\Program Files\Illustrate\dBpowerAMP\dMCShell.dll" [empty string]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
<<!>> "{6148028B-D532-4417-8C0B-5A4A0B745393}" = "*h" (unwritable string)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "E:\WINDOWS\system32\ljjhgeb.dll" [null data]
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
<<!>> AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."]
<<!>> ddabc\DLLName = "E:\WINDOWS\system32\ddabc.dll" [null data]
<<!>> ljjhgeb\DLLName = "ljjhgeb.dll" [null data]
<<!>> rpcc\DLLName = "E:\WINDOWS\system32\rpcc.dll" [null data]
HKLM\Software\Classes\Folder\shellex\ColumnHandlers\
{FED7043D-346A-414D-ACD7-550D052499A7}\(Default) = "dBpowerAMP Column Handler"
-> {HKLM...CLSID} = "dBpShell Class"
\InProcServer32\(Default) = "E:\Program Files\Illustrate\dBpowerAMP\dBShell.dll" [empty string]
HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "E:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
MyPhoneExplorer\(Default) = "{C63D6E57-FE9E-43D7-B7ED-900DEB695D3E}"
-> {HKLM...CLSID} = "MyPhoneExplorer_ShellEx.ShellExt"
\InProcServer32\(Default) = "E:\Program Files\MyPhoneExplorer\DLL\ShellMgr.dll" ["F.J. Wechselberger"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "E:\Program Files\WinRAR\rarext.dll" [null data]
HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "E:\Program Files\WinRAR\rarext.dll" [null data]
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
AAAAImageConvertContext\(Default) = "{C7E1EFC0-0C97-4F5C-81C4-790C9A299F8A}"
-> {HKLM...CLSID} = "ConvertImageContext.clsContextMenu"
\InProcServer32\(Default) = "E:\Program Files\Softinterface, Inc\Convert Image\ConvertImageContext.dll" ["SoftInterface, Inc. and Cypress Technology Solutions, Inc."]
avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "E:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
UnlockerShellExtension\(Default) = "{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}"
-> {HKLM...CLSID} = "UnlockerShellExtension"
\InProcServer32\(Default) = "E:\Program Files\Unlocker\UnlockerCOM.dll" [null data]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "E:\Program Files\WinRAR\rarext.dll" [null data]
HKLM\Software\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\
AAAAImageConvertContext\(Default) = "{C7E1EFC0-0C97-4F5C-81C4-790C9A299F8A}"
-> {HKLM...CLSID} = "ConvertImageContext.clsContextMenu"
\InProcServer32\(Default) = "E:\Program Files\Softinterface, Inc\Convert Image\ConvertImageContext.dll" ["SoftInterface, Inc. and Cypress Technology Solutions, Inc."]
ShellPlusContextMenu\(Default) = "{1C311AAA-D8B1-4A0A-BEE5-2387FEC583DA}"
-> {HKLM...CLSID} = "Burn4Freecontext menu"
\InProcServer32\(Default) = "E:\WINDOWS\system32\b4fm.dll" [null data]
UnlockerShellExtension\(Default) = "{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}"
-> {HKLM...CLSID} = "UnlockerShellExtension"
\InProcServer32\(Default) = "E:\Program Files\Unlocker\UnlockerCOM.dll" [null data]
Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------
Note: detected settings may not have any effect.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
"NoStartMenuMFUprogramsList" = (REG_DWORD) hex:0x00000001
{unrecognized setting}
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\
"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}
"undockwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}
Active Desktop and Wallpaper:
-----------------------------
Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "E:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"
Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "E:\Documents and Settings\Legion\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"
Startup items in "Legion" & "All Users" startup folders:
--------------------------------------------------------
E:\Documents and Settings\Legion\Menu Start\Programy\Autostart
"Adobe Gamma" -> shortcut to: "E:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe" ["Adobe Systems, Inc."]
E:\Documents and Settings\All Users\Menu Start\Programy\Autostart
"Adobe Gamma Loader" -> shortcut to: "E:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe" ["Adobe Systems, Inc."]
"DSLMON" -> shortcut to: "E:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe /W" [empty string]
Enabled Scheduled Tasks:
------------------------
"AppleSoftwareUpdate" -> launches: "E:\Program Files\Apple Software Update\SoftwareUpdate.exe -Task" ["Apple Computer, Inc."]
Winsock2 Service Provider DLLs:
-------------------------------
Namespace Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
Transport Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
E:\Program Files\webHancer\Programs\webhdll.dll ["webHancer Corporation"], 01 - 02, 18
%SystemRoot%\system32\mswsock.dll [MS], 03 - 05, 08 - 17
%SystemRoot%\system32\rsvpsp.dll [MS], 06 - 07
Toolbars, Explorer Bars, Extensions:
------------------------------------
Toolbars
HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\
"{37B85A29-692B-4205-9CAD-2626E4993404}"
-> {HKLM...CLSID} = "My Global Search Bar"
\InProcServer32\(Default) = "E:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL" ["My Global Search"]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"
-> {HKLM...CLSID} = "&Google"
\InProcServer32\(Default) = "e:\program files\google\googletoolbar2.dll" ["Google Inc."]
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}"
-> {HKLM...CLSID} = "Megaupload Toolbar"
\InProcServer32\(Default) = "E:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL" ["MegaUpload"]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"
-> {HKLM...CLSID} = "&Google"
\InProcServer32\(Default) = "e:\program files\google\googletoolbar2.dll" ["Google Inc."]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"
-> {HKLM...CLSID} = "Yahoo! Toolbar"
\InProcServer32\(Default) = "E:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."]
"{37B85A29-692B-4205-9CAD-2626E4993404}"
-> {HKLM...CLSID} = "My Global Search Bar"
\InProcServer32\(Default) = "E:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL" ["My Global Search"]
HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{327C2873-E90D-4C37-AA9D-10AC9BABA46C}" = "Easy-WebPrint"
-> {HKLM...CLSID} = "Easy-WebPrint"
\InProcServer32\(Default) = "E:\Program Files\Canon\Easy-WebPrint\Toolband.dll" [null data]
"{37B85A29-692B-4205-9CAD-2626E4993404}" = (no title provided)
-> {HKLM...CLSID} = "My Global Search Bar"
\InProcServer32\(Default) = "E:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL" ["My Global Search"]
"{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}" = (no title provided)
-> {HKLM...CLSID} = "Megaupload Toolbar"
\InProcServer32\(Default) = "E:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL" ["MegaUpload"]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = (no title provided)
-> {HKLM...CLSID} = "&Google"
\InProcServer32\(Default) = "e:\program files\google\googletoolbar2.dll" ["Google Inc."]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" = (no title provided)
-> {HKLM...CLSID} = "Yahoo! Toolbar"
\InProcServer32\(Default) = "E:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."]
Explorer Bars
HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\
HKLM\Software\Classes\CLSID\{03C1C47F-0538-4645-8372-D3109B9FC636}\(Default) = "Easy-WebPrint"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "E:\Program Files\Canon\Easy-WebPrint\Toolband.dll" [null data]
Extensions (Tools menu items, main toolbar menu buttons)
HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBC}"
-> {HKLM...CLSID} = "Java Plug-in 1.5.0_04"
\InProcServer32\(Default) = "E:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll" ["Sun Microsystems, Inc."]
{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "E:\Program Files\Messenger\msmsgs.exe" [MS]
Miscellaneous IE Hijack Points
------------------------------
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\
<<H>> "{EF99BD32-C1FB-11D2-892F-0090271D4F88}" = "*h" (unwritable string)
-> {HKLM...CLSID} = "Yahoo! Toolbar"
\InProcServer32\(Default) = "E:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."]
Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------
Ati HotKey Poller, Ati HotKey Poller, "E:\WINDOWS\system32\Ati2evxx.exe" ["ATI Technologies Inc."]
avast! Antivirus, avast! Antivirus, ""E:\Program Files\Alwil Software\Avast4\ashServ.exe"" ["ALWIL Software"]
avast! iAVS4 Control Service, aswUpdSv, ""E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"" ["ALWIL Software"]
Windows User Mode Driver Framework, UMWdf, "E:\WINDOWS\system32\wdfmgr.exe" [MS]
Print Monitors:
---------------
HKLM\System\CurrentControlSet\Control\Print\Monitors\
Canon BJ Language Monitor PIXMA iP1500\Driver = "CNMLM5y.DLL" ["CANON INC."]
----------
<<!>>: Suspicious data at a malware launch point.
<<H>>: Suspicious data at a browser hijack point.
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points, use the -supp parameter or answer "No" at the
first message box and "Yes" at the second message box.
---------- (total run time: 819 seconds, including 18 seconds for message boxes)
Oraz dwa logi z ComboScana
1.
- Kod: Zaznacz wszystko
ComboScan v20070306.20 run by Legion on 2007-04-30 at 14:48:42
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created ComboScan Restore Point.
-- Last 5 Restore Point(s) --
61: 2007-04-30 12:49:53 UTC - RP105 - ComboScan Restore Point
60: 2007-04-30 12:45:33 UTC - RP104 - ComboScan Restore Point
59: 2007-04-25 10:32:51 UTC - RP103 - Neostrada Plus
58: 2007-04-24 09:46:04 UTC - RP102 - Neostrada Plus
57: 2007-04-24 09:45:28 UTC - RP101 - Neostrada Plus
-- First Restore Point --
1: 2006-10-03 13:11:08 UTC - RP45 - Software Distribution Service 2.0
Performed disk cleanup.
-- HijackThis (run as Legion.exe) ----------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 14:56:17, on 2007-04-30
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\svchost.exe
E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
E:\Program Files\Alwil Software\Avast4\ashServ.exe
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\system32\wscntfy.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\system32\WgaTray.exe
E:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
E:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
E:\PROGRA~1\Wanadoo\TaskbarIcon.exe
E:\Program Files\Messenger\msmsgs.exe
E:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
E:\PROGRA~1\Wanadoo\EspaceWanadoo.exe
E:\PROGRA~1\Wanadoo\ComComp.exe
E:\PROGRA~1\Wanadoo\Watch.exe
E:\DOCUME~1\Legion\USTAWI~1\Temp\update.tmp
E:\Program Files\Mozilla Firefox\firefox.exe
E:\Program Files\Gadu-Gadu\gg.exe
E:\WINDOWS\explorer.exe
E:\Program Files\Gadu-Gadu\gg.exe
E:\WINDOWS\System32\WScript.exe
E:\Documents and Settings\Legion\Pulpit\comboscan.exe
E:\DOCUME~1\Legion\Pulpit\Legion.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.pl
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada Plus wita Cie w Internecie
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: IDMIEHlprObj Class - {0055C089-8582-441B-A0BF-17B458C2A3A8} - E:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - E:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {118F2E33-B3AD-C525-F444-EF2B22988A93} - (no file)
O2 - BHO: (no name) - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - (no file)
O2 - BHO: My Global Search Bar BHO - {37B85A21-692B-4205-9CAD-2626E4993404} - E:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - E:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: (no name) - {4FA3AE1B-6F81-1D0C-D9DB-66630561D291} - (no file)
O2 - BHO: (no name) - {6148028B-D532-4417-8C0B-5A4A0B745393} - E:\WINDOWS\system32\ljjhgeb.dll
O2 - BHO: (no name) - {697E442B-81AA-47F1-A055-70E10BB9726E} - E:\WINDOWS\system32\ddabc.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - e:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {D651AFF4-9590-424d-BD1E-8E33E090DFB3} - E:\WINDOWS\system32\emxnwkag.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - E:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - E:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - E:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - e:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SiSUSBRG] E:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SunJavaUpdateSched] E:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [ATIPTA] E:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] E:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [NeroFilterCheck] E:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WinampAgent] E:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [runner1] E:\WINDOWS\updater.exe 61A847B5BBF72810329B385577FB01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
O4 - HKLM\..\Run: [avast!] E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [webHancer Agent] E:\Program Files\webHancer\Programs\whagent.exe
O4 - HKLM\..\Run: [tcpipmon] tcpipmon.exe
O4 - HKLM\..\Run: [WOOWATCH] E:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] E:\PROGRA~1\Wanadoo\TaskbarIcon.exe
O4 - HKLM\..\Run: [InfoData] rundll32.exe "E:\WINDOWS\system32\goeubvku.dll",realset
O4 - HKCU\..\Run: [Gadu-Gadu] "E:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [MSMSGS] "E:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Adobe Gamma.lnk = E:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = E:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: DSLMON.lnk = E:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O8 - Extra context menu item: Download with IDM - E:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://E:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://E:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://E:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://E:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O16 - DPF: {5A09E43F-A0A7-4ABF-AF80-11367CF1DC8F} (MainControl Class) - http://mks.com.pl/skaner/SkanerOnline.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F5793671-109B-4761-B9EF-EAC4E961F372}: NameServer = 194.204.159.1 217.98.63.164
O20 - Winlogon Notify: ddabc - E:\WINDOWS\system32\ddabc.dll
O20 - Winlogon Notify: ljjhgeb - E:\WINDOWS\SYSTEM32\ljjhgeb.dll
O20 - Winlogon Notify: rpcc - E:\WINDOWS\system32\rpcc.dll
O20 - Winlogon Notify: WgaLogon - E:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: ferrateen - {27321538-5739-4aa1-b84c-7d18e4383f1f} - (no file)
O23 - Service: Adobe LM Service - Adobe Systems - E:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - E:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - E:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - E:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Web Scanner - Unknown owner - E:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: cFosSpeed System Service (cFosSpeedS) - Unknown owner - E:\Program Files\cFosSpeed\spd.exe" -service (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - E:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Unknown owner - E:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe (file missing)
-- File Associations -----------------------------------------------------------
.bat - batfile - "%1" %*
.chm - chm.file - "E:\WINDOWS\hh.exe" %1
.cmd - cmdfile - "%1" %*
.com - comfile - "%1" %*
.exe - exefile - "%1" %*
.hlp - hlpfile - %SystemRoot%\System32\winhlp32.exe %1
.inf - inffile - %SystemRoot%\System32\NOTEPAD.EXE %1
.ini - inifile - %SystemRoot%\System32\NOTEPAD.EXE %1
[COLOR=red].js - EdHTMLFile_2 - unable to read value[/COLOR]
.lnk - lnkfile - {00021401-0000-0000-C000-000000000046}
.pif - piffile - "%1" %*
[COLOR=red].reg - regfile - "regedit.exe" "%1"[/COLOR]
.scr - scrfile - "%1" /S
.txt - txtfile - %SystemRoot%\system32\NOTEPAD.EXE %1
.vbs - VBSFile - %SystemRoot%\System32\WScript.exe "%1" %*
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
1R Aavmker4 (avast! Asynchronous Virus Monitor) - E:\WINDOWS\system32\drivers\aavmker4.sys
2S ADILOADER (General Purpose USB Driver (adildr.sys)) - E:\WINDOWS\system32\drivers\adildr.sys
3R adiusbaw (USB ADSL WAN Adapter) - E:\WINDOWS\system32\drivers\adiusbaw.sys
1R AmdK7 (Sterownik procesora AMD K7) - E:\WINDOWS\system32\drivers\amdk7.sys
2R aswMon2 (avast! Standard Shield Support) - E:\WINDOWS\system32\drivers\aswmon2.sys
3R aswRdr - E:\WINDOWS\system32\drivers\aswRdr.sys
1R aswTdi (avast! Network Shield Support) - E:\WINDOWS\system32\drivers\aswTdi.sys
3R ati2mtag - E:\WINDOWS\system32\drivers\ati2mtag.sys
3R cmuda (C-Media WDM Audio Interface) - E:\WINDOWS\system32\drivers\cmuda.sys
3S Epiusb (USB Flash) - E:\WINDOWS\system32\drivers\Epiusb.sys
1R fwdrv (Firewall Driver) - E:\WINDOWS\system32\drivers\fwdrv.sys
3S ggsemc (Sony Ericsson USB Flash Driver) - E:\WINDOWS\system32\drivers\ggsemc.sys
3S hamachi (Hamachi Network Interface) - E:\WINDOWS\system32\drivers\hamachi.sys
3S HidUsb (Sterownik Microsoft klasy HID) - E:\WINDOWS\system32\drivers\hidusb.sys
1R khips (Kerio HIPS Driver) - E:\WINDOWS\system32\drivers\khips.sys
2S ntio256 (Input and output operations) - E:\WINDOWS\system32\ntio256.sys
0R PxHelp20 - E:\WINDOWS\system32\drivers\PxHelp20.sys
3R ROOTMODEM (Microsoft Legacy Modem Driver) - E:\WINDOWS\system32\drivers\rootmdm.sys
0R SISAGP (SiS AGP Filter) - E:\WINDOWS\system32\drivers\SISAGPX.SYS
3R SISNIC (Sterownik karty PCI Fast Ethernet SiS) - E:\WINDOWS\system32\drivers\sisnic.sys
0R sptd - E:\WINDOWS\system32\drivers\sptd.sys
2R UacFlt (Philips Composite Class Filter Driver) - E:\WINDOWS\system32\drivers\uacbflt.sys
0R uagp35 (Filtr AGPv3.5 firmy Microsoft) - E:\WINDOWS\system32\drivers\UAGP35.SYS
3S usbaudio (Sterownik audio USB (WDM)) - E:\WINDOWS\system32\drivers\USBAUDIO.sys
3S usbccgp (Rodzajowy sterownik nadrzędny USB Microsoft) - E:\WINDOWS\system32\drivers\usbccgp.sys
3R usbehci (Sterownik Miniport rozszerzonego kontrolera hosta USB 2.0 Microsoft) - E:\WINDOWS\system32\drivers\usbehci.sys
3R usbohci (Sterownik Miniport otwartego kontrolera hosta USB Microsoft) - E:\WINDOWS\system32\drivers\usbohci.sys
3S usbprint (Klasa PRINTER USB Microsoft) - E:\WINDOWS\system32\drivers\usbprint.sys
3S USBSTOR (Sterownik magazynu masowego USB) - E:\WINDOWS\system32\drivers\USBSTOR.SYS
3S w800bus (Sony Ericsson W800 driver (WDM)) - E:\WINDOWS\system32\drivers\w800bus.sys
3S w800mdfl (Sony Ericsson W800 USB WMC Modem Filter) - E:\WINDOWS\system32\drivers\w800mdfl.sys
3S w800mdm (Sony Ericsson W800 USB WMC Modem Drivers) - E:\WINDOWS\system32\drivers\w800mdm.sys
3S w800mgmt (Sony Ericsson W800 USB WMC Device Management Drivers) - E:\WINDOWS\system32\drivers\w800mgmt.sys
3S w800obex (Sony Ericsson W800 USB WMC OBEX Interface Drivers) - E:\WINDOWS\system32\drivers\w800obex.sys
1R WS2IFSL (Środowisko wspomagające dostawcę usług innych niż IFS - Windows Socket 2.0) - E:\WINDOWS\system32\drivers\ws2ifsl.sys
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
3S Adobe LM Service - "E:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe"
3S aspnet_state (ASP.NET State Service) - E:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
2R aswUpdSv (avast! iAVS4 Control Service) - "E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"
2R Ati HotKey Poller - E:\WINDOWS\system32\Ati2evxx.exe
2S ATI Smart - E:\WINDOWS\system32\ati2sgag.exe
2R avast! Antivirus - "E:\Program Files\Alwil Software\Avast4\ashServ.exe"
3S avast! Web Scanner - "E:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service
2S cFosSpeedS (cFosSpeed System Service) - "E:\Program Files\cFosSpeed\spd.exe" -service
3S gusvc (Google Updater Service) - "E:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"
3S IDriverT (InstallDriver Table Manager) - "E:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe"
2S KPF4 (Kerio Personal Firewall 4) - "E:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe"
2R UMWdf (Windows User Mode Driver Framework) - E:\WINDOWS\system32\wdfmgr.exe
-- Scheduled Tasks -------------------------------------------------------------
2007-04-02 20:46:01 284 --a------ E:\WINDOWS\Tasks\AppleSoftwareUpdate.job<APPLES~1.JOB>
-- Files created between 2007-03-30 and 2007-04-30 -----------------------------
2007-04-27 16:12:44 49204 --a------ E:\WINDOWS\system32\emxnwkag.dll
2007-04-25 21:16:29 132660 --a------ E:\WINDOWS\system32\goeubvku.dll
2007-04-21 10:33:53 0 d-------- E:\Program Files\Rockstar Games<ROCKST~1>
2007-04-21 10:32:30 0 d-------- E:\Program Files\Forum Poster 2<FORUMP~1>
2007-04-21 09:34:38 2016 --a------ E:\WINDOWS\system32\tmp.reg
2007-04-21 09:21:42 79360 --a------ E:\WINDOWS\system32\swxcacls.exe
2007-04-21 09:21:42 40960 --a------ E:\WINDOWS\system32\swsc.exe
2007-04-21 09:21:42 135168 --a------ E:\WINDOWS\system32\swreg.exe
2007-04-21 09:21:42 288417 --a------ E:\WINDOWS\system32\SrchSTS.exe
2007-04-21 09:21:42 53248 --a------ E:\WINDOWS\system32\Process.exe
2007-04-21 09:21:42 51200 --a------ E:\WINDOWS\system32\dumphive.exe
2007-04-20 13:50:05 0 d-------- E:\Program Files\webHancer<WEBHAN~1>
2007-04-19 14:09:59 49204 --a------ E:\WINDOWS\system32\sbgnxvqr.dll
2007-04-17 16:16:06 36441 --a------ E:\WINDOWS\system32\SpoonUninstall-dBpowerAMP Music Converter.dat<SPOONU~1.DAT>
2007-04-17 16:16:06 131072 --a------ E:\WINDOWS\system32\SpoonUninstall.exe<SPOONU~1.EXE>
2007-04-17 16:15:52 0 d-------- E:\Program Files\Illustrate<ILLUST~1>
2007-04-16 17:31:32 123972 --a------ E:\WINDOWS\system32\havesuck.dll
2007-04-16 17:31:28 516901 ---hs---- E:\WINDOWS\system32\cbadd.bak2<CBADD~2.BAK>
2007-04-15 17:20:18 43176 --a------ E:\WINDOWS\system32\drivers\aswTdi.sys
2007-04-15 17:20:18 23416 --a------ E:\WINDOWS\system32\drivers\aswRdr.sys
2007-04-15 17:20:16 26888 --a------ E:\WINDOWS\system32\drivers\aavmker4.sys
2007-04-15 17:20:09 90112 --a------ E:\WINDOWS\system32\AvastSS.scr
2007-04-15 17:19:44 94552 --a------ E:\WINDOWS\system32\drivers\aswmon2.sys
2007-04-15 17:19:44 85952 --a------ E:\WINDOWS\system32\drivers\aswmon.sys
2007-04-15 17:19:34 733824 --a------ E:\WINDOWS\system32\aswBoot.exe
2007-04-15 16:21:37 0 d-------- E:\Program Files\Foxit Software<FOXITS~1>
2007-04-15 16:02:30 76412 --a------ E:\WINDOWS\system32\mnbfalwf.dll
2007-04-15 16:02:20 123972 --a------ E:\WINDOWS\system32\seilpupp.dll
2007-04-15 16:02:10 48708 --a------ E:\WINDOWS\system32\jguhphnw.dll
2007-04-15 16:02:05 484662 ---hs---- E:\WINDOWS\system32\cbadd.bak1<CBADD~1.BAK>
2007-04-15 16:00:57 280676 ---hs---- E:\WINDOWS\system32\jkkjg.dll
2007-04-15 16:00:57 280676 ---hs---- E:\WINDOWS\system32\ddabc.dll
2007-04-15 15:55:50 0 d-------- E:\Program Files\Ipwindows<IPWIND~1>
2007-04-15 15:55:45 0 d-------- E:\Program Files\InetGet2
2007-04-15 15:54:23 13824 --a------ E:\WINDOWS\system32\max1d1641.exe<MAX1D1~1.EXE>
2007-04-15 15:54:19 15360 --a------ E:\WINDOWS\system32\protector.exe<PROTEC~1.EXE>
2007-04-15 15:54:19 17920 --a------ E:\WINDOWS\system32\ntio256.sys
2007-04-15 15:54:16 30720 --a------ E:\WINDOWS\system32\rpcc.dll
2007-04-15 15:53:03 26694 --a------ E:\WINDOWS\system32\ljjhgeb.dll
2007-04-15 12:51:37 442368 --a------ E:\WINDOWS\system32\vp6vfw.dll
2007-04-10 12:09:39 0 d-------- E:\Program Files\Registry Clean Expert<REGIST~1>
2007-04-10 11:53:36 0 d-------- E:\Program Files\ProxyFinder<PROXYF~1>
2007-04-10 11:47:02 0 d-------- E:\Program Files\Rapidshare Unlimited<RAPIDS~1>
2007-04-09 12:16:11 5 --ahs---- E:\WINDOWS\system32\bdbac_k.dll
2007-04-09 12:15:57 0 d-------- E:\Program Files\jv16 PowerTools 2006<JV16PO~1>
2007-04-09 11:17:48 0 d-------- E:\Program Files\Kaspersky Lab<KASPER~1>
2007-04-09 09:15:02 25 --a------ E:\WINDOWS\SW_Win2000X48.DLL<SW_WIN~1.DLL>
2007-04-09 09:11:19 344064 --a------ E:\WINDOWS\system32\NCTImageView.dll<NCTIMA~2.DLL>
2007-04-09 09:11:19 335872 --a------ E:\WINDOWS\system32\NCTImageUtility.dll<NCTIMA~3.DLL>
2007-04-09 09:11:19 401408 --a------ E:\WINDOWS\system32\NCTImageTransform.dll<NCTIMA~4.DLL>
2007-04-09 09:11:19 626688 --a------ E:\WINDOWS\system32\NCTImageFile.dll<NCTIMA~1.DLL>
2007-04-09 09:11:18 53248 --a------ E:\WINDOWS\system32\RegisterExe.exe<REGIST~1.EXE>
2007-04-09 09:11:16 0 d-------- E:\Program Files\Softinterface, Inc<SOFTIN~1>
2007-04-07 11:54:24 0 d-------- E:\Program Files\Common Files\Adobe Systems Shared<ADOBES~1>
2007-04-06 18:45:24 0 d-------- E:\Program Files\Common Files\HP
2007-04-06 18:45:23 0 d-------- E:\Program Files\HP
2007-04-06 18:44:41 106425 --a------ E:\WINDOWS\hpqins13.dat
2007-04-06 10:50:04 1024000 --a------ E:\WINDOWS\system32\3ivx.dll
2007-04-06 10:50:01 0 d-------- E:\Program Files\Acala 3GP Movies Free<ACALA3~1>
-- Find3M Report ---------------------------------------------------------------
2007-04-30 13:18:21 0 d-------- E:\Program Files\Wanadoo
2007-04-29 14:02:19 0 d-------- E:\Program Files\Mozilla Firefox<MOZILL~1>
2007-04-22 20:37:38 0 d-------- E:\Program Files\Opera
2007-04-21 10:39:26 0 d--h----- E:\Program Files\InstallShield Installation Information<INSTAL~1>
2007-04-20 19:16:09 0 d-------- E:\Documents and Settings\Legion\Dane aplikacji\Google
2007-04-17 18:57:49 0 d-------- E:\Program Files\MyPhoneExplorer<MYPHON~1>
2007-04-17 16:00:03 0 d-------- E:\Program Files\Audacity
2007-04-15 15:54:10 0 d-------- E:\Program Files\Winamp
2007-04-12 18:06:53 0 d-------- E:\Documents and Settings\Legion\Dane aplikacji\Adobe
2007-04-09 17:51:01 0 d-------- E:\Program Files\Gadu-Gadu<GADU-G~1>
2007-04-09 17:48:31 0 d-------- E:\Program Files\Mistrz Klawiatury 1.0 Demo<MISTRZ~1.0DE>
2007-04-09 17:47:19 0 d-------- E:\Program Files\All Media Fixer<ALLMED~1>
2007-04-09 17:44:40 0 d-------- E:\Program Files\mIRC
2007-04-09 17:43:56 0 d-------- E:\Program Files\Mgtweak
2007-04-09 17:43:06 0 d-------- E:\Documents and Settings\Legion\Dane aplikacji\Cream Software<CREAMS~1>
2007-04-09 17:38:30 0 d-------- E:\Program Files\Send Filex<SENDFI~1>
2007-04-09 17:38:15 0 d-------- E:\Program Files\ElcomSoft<ELCOMS~1>
2007-04-09 17:37:55 0 d-------- E:\Program Files\FileZilla<FILEZI~1>
2007-04-09 17:37:07 0 d-------- E:\Program Files\nsp
2007-04-09 17:36:38 0 d-------- E:\Program Files\WYSIWYG Web Builder<WYSIWY~1>
2007-04-09 17:36:26 0 d-------- E:\Program Files\Amaya
2007-04-09 17:32:33 0 d-------- E:\Program Files\Far
2007-04-09 17:31:26 0 d-------- E:\Program Files\eMule
2007-04-09 17:30:30 0 d-------- E:\Program Files\Free Monitor for Google<FREEMO~1>
2007-04-09 17:28:24 0 d-------- E:\Documents and Settings\Legion\Dane aplikacji\Netscape
2007-04-09 17:28:10 0 d-------- E:\Program Files\Sjboy Emulator<SJBOYE~1>
2007-04-09 17:25:49 0 d-------- E:\Program Files\Enigma Browser<ENIGMA~1>
2007-04-09 17:20:18 0 d-------- E:\Program Files\Flock
2007-04-09 16:56:07 0 d-------- E:\Program Files\GIMP-2.0
2007-04-09 11:47:37 0 d-------- E:\Program Files\BearShare MediaBar<BEARSH~2>
2007-04-09 11:44:00 0 d--hs---- E:\Program Files\outlook
2007-04-07 12:19:50 0 d-------- E:\Program Files\Common Files\Adobe
2007-04-05 15:05:44 0 d-------- E:\Program Files\Capture-A-ScreenShot<CAPTUR~1>
2007-04-04 17:13:28 0 d-------- E:\Documents and Settings\Legion\Dane aplikacji\Winamp
2007-03-31 12:26:33 0 d-------- E:\Documents and Settings\Legion\Dane aplikacji\Enigma Browser<ENIGMA~1>
2007-03-29 09:50:13 0 d-------- E:\Program Files\Real Alternative<REALAL~1>
2007-03-29 09:50:12 0 d-------- E:\Program Files\Worms World Of Party =]<WORMSW~1>
2007-03-29 09:50:09 0 d-------- E:\Program Files\PC Inspector File Recovery<PCINSP~1>
2007-03-29 09:50:08 0 d-------- E:\Program Files\Messenger<MESSEN~1>
2007-03-29 09:50:08 0 d-------- E:\Program Files\MegauploadToolbar<MEGAUP~1>
2007-03-29 09:50:06 0 d-------- E:\Program Files\Antenna
2007-03-28 18:11:44 0 d-------- E:\Program Files\AutoConnect<AUTOCO~1>
2007-03-28 12:49:07 0 d-------- E:\Documents and Settings\Legion\Dane aplikacji\IBP
2007-03-28 11:01:11 7706 --a------ E:\WINDOWS\mozver.dat
2007-03-27 12:48:28 0 d-------- E:\Documents and Settings\Legion\Dane aplikacji\Flock
2007-03-27 09:46:57 0 d-------- E:\Program Files\K-Meleon
2007-03-26 20:45:08 0 d-------- E:\Program Files\PWN
2007-03-25 15:36:58 87 --a------ E:\WINDOWS\system32\buyurl0502.dat<BUYURL~1.DAT>
2007-03-25 15:19:59 0 d-------- E:\Program Files\AVOne
2007-03-25 10:02:28 435978 --a------ E:\WINDOWS\system32\perfh015.dat
2007-03-25 10:02:28 67078 --a------ E:\WINDOWS\system32\perfc015.dat
2007-03-23 18:52:30 0 d-------- E:\Program Files\HPSW
2007-03-23 17:34:57 0 d-------- E:\Program Files\SocksCapV2<SOCKSC~1>
2007-03-22 12:27:23 0 d-------- E:\Program Files\BearShare<BEARSH~1>
2007-03-16 19:04:25 0 d-------- E:\Program Files\emulator gier java<EMULAT~1>
2007-03-15 16:55:26 0 d-------- E:\Program Files\Yahoo!
2007-03-15 16:08:13 101438 --a------ E:\WINDOWS\b122.exe
2007-03-13 17:59:04 0 d-------- E:\Program Files\Netscape
2007-03-13 17:45:31 0 d-------- E:\Documents and Settings\Legion\Dane aplikacji\K-Meleon
2007-03-07 16:26:10 0 d-------- E:\Program Files\Internet Download Manager<INTERN~2>
2007-03-07 16:05:04 0 d-------- E:\Documents and Settings\Legion\Dane aplikacji\DMCache
2007-03-05 17:46:30 0 d-------- E:\Program Files\Google
2007-03-05 17:18:28 0 d-------- E:\Documents and Settings\Legion\Dane aplikacji\MegauploadToolbar<MEGAUP~1>
2007-03-04 18:42:32 0 d-------- E:\Program Files\SpeedOptimizer<SPEEDO~1>
2007-03-04 13:24:22 0 d-------- E:\Program Files\Common Files\Wise Installation Wizard<WISEIN~1>
2007-03-03 18:23:50 0 d-------- E:\Documents and Settings\Legion\Dane aplikacji\IDM
2007-03-03 18:19:17 0 d-------- E:\Program Files\DAP
2007-03-03 12:52:36 62464 --a------ E:\WINDOWS\system32\bszip.dll
2007-03-03 12:52:32 0 ---hs---- E:\WINDOWS\system32\tracert.com
2007-03-03 12:52:32 0 ---hs---- E:\WINDOWS\system32\tasklist.com
2007-03-03 12:52:32 0 ---hs---- E:\WINDOWS\system32\taskkill.com
2007-03-03 12:52:32 0 ---hs---- E:\WINDOWS\system32\regedit.com
2007-03-03 12:52:32 0 ---hs---- E:\WINDOWS\system32\ping.com
2007-03-03 12:52:32 0 ---hs---- E:\WINDOWS\system32\netstat.com
2007-03-03 12:52:32 0 ---hs---- E:\WINDOWS\system32\cmd.com
2007-02-10 13:39:04 286720 --a------ E:\WINDOWS\iun506.exe
2007-02-01 16:12:43 73 --a------ E:\WINDOWS\system32\ssprs.dll
2007-02-01 16:12:43 610 --a------ E:\WINDOWS\system32\lsprst7.dll
-- Registry Dump ---------------------------------------------------------------
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"Gadu-Gadu"="\"E:\\Program Files\\Gadu-Gadu\\gg.exe\" /tray"
"MSMSGS"="\"E:\\Program Files\\Messenger\\msmsgs.exe\" /background"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"SiSUSBRG"="E:\\WINDOWS\\SiSUSBrg.exe"
"Cmaudio"="RunDll32 cmicnfg.cpl,CMICtrlWnd"
"SunJavaUpdateSched"="E:\\Program Files\\Java\\jre1.5.0_04\\bin\\jusched.exe"
"ATIPTA"="E:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"Easy-PrintToolBox"="E:\\Program Files\\Canon\\Easy-PrintToolBox\\BJPSMAIN.EXE /logon"
"NeroFilterCheck"="E:\\WINDOWS\\system32\\NeroCheck.exe"
"WinampAgent"="E:\\Program Files\\Winamp\\winampa.exe"
"runner1"="E:\\WINDOWS\\updater.exe 61A847B5BBF72810329B385577FB01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310"
"avast!"="E:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
"webHancer Agent"="E:\\Program Files\\webHancer\\Programs\\whagent.exe"
"tcpipmon"="tcpipmon.exe"
"WOOWATCH"="E:\\PROGRA~1\\Wanadoo\\Watch.exe"
"WOOTASKBARICON"="E:\\PROGRA~1\\Wanadoo\\TaskbarIcon.exe"
"InfoData"="rundll32.exe \"E:\\WINDOWS\\system32\\goeubvku.dll\",realset"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"winmgmt"=dword:00000002
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{27321538-5739-4aa1-b84c-7d18e4383f1f}"="ferrateen"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{6148028B-D532-4417-8C0B-5A4A0B745393}"=""
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"ferrateen"="{27321538-5739-4aa1-b84c-7d18e4383f1f}"
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="E:\\WINDOWS\\system32\\CTFMON.EXE"
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="E:\\WINDOWS\\system32\\CTFMON.EXE"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoStartMenuMFUprogramsList"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"pmsngr.exe"="E:\\Program Files\\iVideoCodec\\pmsngr.exe"
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddabc
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ljjhgeb
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rpcc
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
-- End of ComboScan: finished at 2007-04-30 at 15:03:29 ------------------------
2.
Drugi loga coś nie moge wkleić bo chyba ma za dużo znaków : ) więc wrzucam na rapida.
- Kod: Zaznacz wszystko
http://rapidshare.com/files/28716519/Supplementary.txt.html
