wklejam logi (wykonane po poprawkach)
Logfile of HijackThis v1.99.1
Scan saved at 10:13:51, on 2007-04-22
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\nslsvice.exe
C:\WINNT\system32\nsl.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Avast4\aswUpdSv.exe
C:\Program Files\Avast4\ashServ.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
c:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\802.11 Wireless LAN\802.11g Pen Size Wireless USB 2.0 Adapter HW.32 V1.00\SiSWLSvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Avast4\ashWebSv.exe
C:\Program Files\Avast4\ashMaiSv.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINNT\AGRSMMSG.exe
C:\Program Files\PowerDVD\PDVDServ.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\PROGRA~1\Avast4\ashDisp.exe
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Dialer Killer\DialKill.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\a-squared Anti-Dialer\a2adguard.exe
C:\WINNT\system32\internat.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\instalki\tools\bezpieczenstwo\inne\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~1\TEXTware\QUICKF~1\PlugIns\IEHelp.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM…\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM…\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM…\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM…\Run: [RemoteControl] “C:\Program Files\PowerDVD\PDVDServ.exe”
O4 - HKLM…\Run: [MCAgentExe] C:\Program Files\McAfee.com\Agent\mcagent.exe
O4 - HKLM…\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\mcupdate.exe
O4 - HKLM…\Run: [iTunesHelper] “C:\Program Files\iTunes\iTunesHelper.exe”
O4 - HKLM…\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime
O4 - HKLM…\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM…\Run: [avast!] C:\PROGRA~1\Avast4\ashDisp.exe
O4 - HKLM…\Run: [GhostStartTrayApp] C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
O4 - HKLM…\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
O4 - HKLM…\Run: [SunJavaUpdateSched] “C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe”
O4 - HKLM…\Run: [SpeedTouch USB Diagnostics] “C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe” /icon
O4 - HKLM…\Run: [DialerKiller] C:\Program Files\Dialer Killer\DialKill.exe -h
O4 - HKLM…\Run: [a-squared Anti-Dialer] “C:\Program Files\a-squared Anti-Dialer\a2adguard.exe”
O4 - HKCU…\Run: [internat.exe] internat.exe
O4 - HKCU…\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: SpeedTouch Dial-up.lnk = C:\Program Files\Thomson\SpeedTouch USB\stdialup.exe
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra ‘Tools’ menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE (file missing)
O9 - Extra ‘Tools’ menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE (file missing)
O15 - Trusted Zone: http://www.mks.com.pl
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.pl/resources/virusscanner/kavwebscan_unicode.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3D8700FB-86A4-4CB4-B738-6F0FC016AC7D} (MainControl Class) - http://arcaonline.arcabit.com/ArcaOnline.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner37710.cab
O16 - DPF: {92ECE6FA-AC2E-4042-BFAE-0C8608E52A43} (SignActivX Control) - https://www.bph.pl/pi/components/SignActivX.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5014/mcfscan.cab
O17 - HKLM\System\CCS\Services\Tcpip…{1CF987F0-1659-41D3-809A-B2E74145DD08}: NameServer = 194.204.159.1,194.204.152.34
O17 - HKLM\System\CCS\Services\Tcpip…{33805B51-FD0F-4421-926B-D9AB492E63EB}: NameServer = 213.241.79.37 83.238.255.76
O17 - HKLM\System\CCS\Services\Tcpip…{D31507B7-FF67-46FA-88F5-F6D072A3E2AE}: NameServer = 194.204.159.1,194.204.152.34
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = crm.eon.altkom.pl
O17 - HKLM\System\CS1\Services\Tcpip…{1CF987F0-1659-41D3-809A-B2E74145DD08}: NameServer = 194.204.159.1,194.204.152.34
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = crm.eon.altkom.pl
O17 - HKLM\System\CS2\Services\Tcpip…{1CF987F0-1659-41D3-809A-B2E74145DD08}: NameServer = 194.204.159.1,194.204.152.34
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = crm.eon.altkom.pl
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Avast4\aswUpdSv.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Usługa administracyjna Menedżera dysków logicznych (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: Lotus Notes — pojedyncze logowanie (Lotus Notes Single Logon) - Unknown owner - C:\WINNT\system32\nslsvice.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: SiS WirelessLan Service (SiSWLSvc) - Unknown owner - C:\Program Files\802.11 Wireless LAN\802.11g Pen Size Wireless USB 2.0 Adapter HW.32 V1.00\SiSWLSvc.exe
“Silent Runners.vbs”, revision R50, http://www.silentrunners.org/
Operating System: Windows 2000
Output limited to non-default values, except where indicated by “{++}”
Startup items buried in registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
“internat.exe” = “internat.exe” [MS]
“OM_Monitor” = “C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart” [“OLYMPUS IMAGING CORP.”]
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
“Synchronization Manager” = “mobsync.exe /logon” [MS]
“NvCplDaemon” = “RUNDLL32.EXE NvQTwk,NvCplDaemon initialize” [MS]
“AGRSMMSG” = “AGRSMMSG.exe” [“Agere Systems”]
“NeroCheck” = “C:\WINNT\system32\NeroCheck.exe” [“Ahead Software Gmbh”]
“RemoteControl” = ““C:\Program Files\PowerDVD\PDVDServ.exe”” [“Cyberlink Corp.”]
“MCAgentExe” = “C:\Program Files\McAfee.com\Agent\mcagent.exe” [“McAfee.com Corporation”]
“MCUpdateExe” = “C:\PROGRA~1\McAfee.com\Agent\mcupdate.exe” [“McAfee.com Corporation”]
“iTunesHelper” = ““C:\Program Files\iTunes\iTunesHelper.exe”” [“Apple Computer, Inc.”]
“QuickTime Task” = ““C:\Program Files\QuickTime\qttask.exe” -atboottime” [“Apple Computer, Inc.”]
“PCSuiteTrayApplication” = “C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup” [“Nokia”]
“avast!” = “C:\PROGRA~1\Avast4\ashDisp.exe” [“ALWIL Software”]
“GhostStartTrayApp” = “C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe” [“Symantec Corporation”]
“OM_Monitor” = “C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe” [“OLYMPUS IMAGING CORP.”]
“SunJavaUpdateSched” = ““C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe”” [“Sun Microsystems, Inc.”]
“SpeedTouch USB Diagnostics” = ““C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe” /icon” [“THOMSON Telecom Belgium”]
“DialerKiller” = “C:\Program Files\Dialer Killer\DialKill.exe -h” [empty string]
“a-squared Anti-Dialer” = ““C:\Program Files\a-squared Anti-Dialer\a2adguard.exe”” [“a-squared”]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided)
-> {HKLM…CLSID} = “AcroIEHlprObj Class”
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}(Default) = (no title provided)
-> {HKLM…CLSID} = “SSVHelper Class”
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll" ["Sun Microsystems, Inc."]
{C08DF07A-3E49-4E25-9AB0-D3882835F153}(Default) = (no title provided)
-> {HKLM…CLSID} = “QUICKfind BHO Object”
\InProcServer32\(Default) = "C:\PROGRA~1\TEXTware\QUICKF~1\PlugIns\IEHelp.dll" [file not found]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
“{42071714-76d4-11d1-8b24-00a0c9068ff3}” = “Rozszerzenie CPL kadrowania wyświetlania”
-> {HKLM…CLSID} = “Rozszerzenie CPL kadrowania wyświetlania”
\InProcServer32\(Default) = "deskpan.dll" [file not found]
“{88895560-9AA2-1069-930E-00AA0030EBC8}” = “Rozszerzenie ikony HyperTerminalu”
-> {HKLM…CLSID} = “HyperTerminal Icon Ext”
\InProcServer32\(Default) = "C:\WINNT\System32\hticons.dll" ["Hilgraeve, Inc."]
“{00020D75-0000-0000-C000-000000000046}” = “Microsoft Office Outlook Desktop Icon Handler”
-> {HKLM…CLSID} = “Microsoft Office Outlook”
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL" [MS]
“{0006F045-0000-0000-C000-000000000046}” = “Microsoft Office Outlook Custom Icon Handler”
-> {HKLM…CLSID} = “Outlook File Icon Extension”
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL" [MS]
“{42042206-2D85-11D3-8CFF-005004838597}” = “Microsoft Office HTML Icon Handler”
-> {HKLM…CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS]
“{B41DB860-8EE4-11D2-9906-E49FADC173CA}” = “WinRAR shell extension”
-> {HKLM…CLSID} = “WinRAR”
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
“{E0D79304-84BE-11CE-9641-444553540000}” = “WinZip”
-> {HKLM…CLSID} = “WinZip”
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"]
“{E0D79305-84BE-11CE-9641-444553540000}” = “WinZip”
-> {HKLM…CLSID} = “WinZip”
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"]
“{E0D79306-84BE-11CE-9641-444553540000}” = “WinZip”
-> {HKLM…CLSID} = “WinZip”
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"]
“{E0D79307-84BE-11CE-9641-444553540000}” = “WinZip”
-> {HKLM…CLSID} = “WinZip”
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"]
“{506F4668-F13E-4AA1-BB04-B43203AB3CC0}” = “{506F4668-F13E-4AA1-BB04-B43203AB3CC0}”
-> {HKLM…CLSID} = “ImageExtractorShellExt Class”
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Visio11\VISSHE.DLL" [null data]
“{D66DC78C-4F61-447F-942B-3FB6980118CF}” = “{D66DC78C-4F61-447F-942B-3FB6980118CF}”
-> {HKLM…CLSID} = “CInfoTipShellExt Class”
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Visio11\VISSHE.DLL" [null data]
“{416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A}” = “PhoneBrowser”
-> {HKLM…CLSID} = “Nokia Phone Browser”
\InProcServer32\(Default) = "C:\Program Files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll" ["Nokia"]
“{472083B0-C522-11CF-8763-00608CC02F24}” = “avast”
-> {HKLM…CLSID} = “avast”
\InProcServer32\(Default) = "C:\Program Files\Avast4\ashShell.dll" ["ALWIL Software"]
“{6C6BA5E0-1277-11D5-8DC4-444553540000}” = “4th split file property sheet”
-> {HKLM…CLSID} = “The4thSplitPropertySheet”
\InProcServer32\(Default) = "C:\PROGRA~1\4THFEB~1\UTILIT~1\split\EN\4thsprop.dll" [null data]
“{57C51AF9-DEF7-11D3-A801-00C04F163490}” = “Ghost Shell Extension”
-> {HKLM…CLSID} = “PropPage Class”
\InProcServer32\(Default) = "C:\Program Files\Symantec\Norton Ghost 2003\GhoShExt.dll" ["Symantec Corporation"]
“{36A21736-36C2-4C11-8ACB-D4136F2B57BD}” = “Uchwyt nakładania ikony podpisu cyfrowego”
-> {HKLM…CLSID} = “AcSignIcon”
\InProcServer32\(Default) = "C:\WINNT\system32\AcSignIcon.dll" ["Autodesk"]
“{AC1DB655-4F9A-4c39-8AD2-A65324A4C446}” = “Autodesk Drawing Preview”
-> {HKLM…CLSID} = “ACTHUMBNAIL”
\InProcServer32\(Default) = "C:\Program Files\Common Files\Autodesk Shared\Thumbnail\AcThumbnail16.dll" ["Autodesk"]
HKLM\Software\Classes\PROTOCOLS\Filter\
<> text/xml\CLSID = “{807553E5-5146-11D5-A672-00B0D022E945}”
-> {HKLM…CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]
HKLM\Software\Classes\Folder\shellex\ColumnHandlers\
{F9DB5320-233E-11D1-9F84-707F02C10627}(Default) = “PDF Column Info”
-> {HKLM…CLSID} = “PDF Shell Extension”
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]
HKLM\Software\Classes*\shellex\ContextMenuHandlers\
Autodesk.DWF.ContextMenu(Default) = “{6C18531F-CA85-45F7-8278-FF33CF0A5964}”
-> {HKLM…CLSID} = “DWFShellExt Class”
\InProcServer32\(Default) = "C:\Program Files\Common Files\Autodesk shared\dwf common\DWFShellExtension.dll" ["Autodesk, Inc."]
avast(Default) = “{472083B0-C522-11CF-8763-00608CC02F24}”
-> {HKLM…CLSID} = “avast”
\InProcServer32\(Default) = "C:\Program Files\Avast4\ashShell.dll" ["ALWIL Software"]
WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}”
-> {HKLM…CLSID} = “WinRAR”
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
WinZip(Default) = “{E0D79304-84BE-11CE-9641-444553540000}”
-> {HKLM…CLSID} = “WinZip”
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"]
HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}”
-> {HKLM…CLSID} = “WinRAR”
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
WinZip(Default) = “{E0D79304-84BE-11CE-9641-444553540000}”
-> {HKLM…CLSID} = “WinZip”
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"]
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
avast(Default) = “{472083B0-C522-11CF-8763-00608CC02F24}”
-> {HKLM…CLSID} = “avast”
\InProcServer32\(Default) = "C:\Program Files\Avast4\ashShell.dll" ["ALWIL Software"]
WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}”
-> {HKLM…CLSID} = “WinRAR”
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
WinZip(Default) = “{E0D79304-84BE-11CE-9641-444553540000}”
-> {HKLM…CLSID} = “WinZip”
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"]
Default executables:
HKCU\Software\Classes.scr(Default) = “AutoCADScriptFile”
<> HKCU\Software\Classes\AutoCADScriptFile\shell\open\command(Default) = "“C:\WINNT\system32\NOTEPAD.EXE” “%1"” [MS]
Group Policies {GPedit.msc branch and setting}:
Note: detected settings may not have any effect.
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
“CDRAutoRun” = (REG_DWORD) hex:0x00000000
{unrecognized setting}
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\
“shutdownwithoutlogon” = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}
Active Desktop and Wallpaper:
Active Desktop may be enabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
“Wallpaper” = “%APPDATA%\IrfanView\IrfanView_Wallpaper.bmp”
Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
“Wallpaper” = “C:\Documents and Settings\Administrator\Dane aplikacji\IrfanView\IrfanView_Wallpaper.bmp”
Startup items in “Administrator” & “All Users” startup folders:
C:\Documents and Settings\All Users\Menu Start\Programy\Autostart
“Adobe Reader Speed Launch” -> shortcut to: “C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe” [“Adobe Systems Incorporated”]
“Microsoft Office” -> shortcut to: “C:\Program Files\Microsoft Office\Office10\OSA.EXE -b -l” [MS]
“SpeedTouch Dial-up” -> shortcut to: “C:\Program Files\Thomson\SpeedTouch USB\stdialup.exe” [“THOMSON Telecom Belgium”]
Enabled Scheduled Tasks:
“McAfee.com Update Check (WCJ1-Administrator)” -> launches: “C:\PROGRA~1\McAfee.com\Agent\mcupdate.exe /Schedule” [“McAfee.com Corporation”]
Winsock2 Service Provider DLLs:
Namespace Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = “%SystemRoot%\System32\rnr20.dll” [MS]
000000000002\LibraryPath = “%SystemRoot%\System32\winrnr.dll” [MS]
Transport Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\msafd.dll [MS], 01 - 03, 06 - 17
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05
Toolbars, Explorer Bars, Extensions:
Explorer Bars
HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\
HKLM\Software\Classes\CLSID{FF059E31-CC5A-4E2E-BF3B-96E929D65503}(Default) = “&Badanie”
Implemented Categories{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL” [MS]
Extensions (Tools menu items, main toolbar menu buttons)
HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
“MenuText” = “Sun Java Console”
“CLSIDExtension” = “{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBC}”
-> {HKCU…CLSID} = “Java Plug-in 1.5.0_11”
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll" ["Sun Microsystems, Inc."]
-> {HKLM…CLSID} = “Java Plug-in 1.5.0_11”
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_11\bin\npjpi150_11.dll" ["Sun Microsystems, Inc."]
{85D1F590-48F4-11D9-9669-0800200C9A66}\
“MenuText” = “Uninstall BitDefender Online Scanner v8”
“Exec” = “%windir%\bdoscandel.exe” [null data]
{92780B25-18CC-41C8-B9BE-3C9C571A8263}\
“ButtonText” = “Badanie”
{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}\
“ButtonText” = “Yahoo! Messenger”
“MenuText” = “Yahoo! Messenger”
“Exec” = “C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE” [file not found]
Running Services (Display Name, Service Name, Path {Service DLL}):
avast! Antivirus, avast! Antivirus, ““C:\Program Files\Avast4\ashServ.exe”” [“ALWIL Software”]
avast! iAVS4 Control Service, aswUpdSv, ““C:\Program Files\Avast4\aswUpdSv.exe”” [“ALWIL Software”]
avast! Mail Scanner, avast! Mail Scanner, ““C:\Program Files\Avast4\ashMaiSv.exe” /service” [“ALWIL Software”]
avast! Web Scanner, avast! Web Scanner, ““C:\Program Files\Avast4\ashWebSv.exe” /service” [“ALWIL Software”]
EPSON Printer Status Agent2, EPSONStatusAgent2, “C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe” [“SEIKO EPSON CORPORATION”]
GhostStartService, GhostStartService, “C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe” [“Symantec Corporation”]
iPodService, iPodService, “C:\Program Files\iPod\bin\iPodService.exe” [“Apple Computer, Inc.”]
Lotus Notes — pojedyncze logowanie, Lotus Notes Single Logon, “C:\WINNT\system32\nslsvice.exe” [null data]
Machine Debug Manager, MDM, ““c:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe”” [MS]
NVIDIA Driver Helper Service, NVSvc, “C:\WINNT\system32\nvsvc32.exe” [“NVIDIA Corporation”]
ServiceLayer, ServiceLayer, ““C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe”” [“Nokia.”]
SiS WirelessLan Service, SiSWLSvc, “C:\Program Files\802.11 Wireless LAN\802.11g Pen Size Wireless USB 2.0 Adapter HW.32 V1.00\SiSWLSvc.exe” [null data]
Sunbelt Kerio Personal Firewall 4, KPF4, ““C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe”” [“Sunbelt Software”]
System zdarzeń COM+, EventSystem, “C:\WINNT\System32\svchost.exe -k netsvcs” {“C:\WINNT\System32\es.dll” [null data]}
Print Monitors:
HKLM\System\CurrentControlSet\Control\Print\Monitors\
EPSON V3 2KMonitor352\Driver = “E_SL2352.DLL” [“SEIKO EPSON CORPORATION”]
Microsoft Document Imaging Writer Monitor\Driver = “mdimon.dll” [MS]
<>: Suspicious data at a malware launch point.
-
This report excludes default entries except where indicated.
-
To see everywhere the script checks and everything it finds,
launch it from a command prompt or a shortcut with the -all parameter.
-
The search for DESKTOP.INI DLL launch points on all local fixed drives
took 131 seconds.
---------- (total run time: 204 seconds)
ewido anti-spyware online scanner
http://www.ewido.net
Name: TrackingCookie.Doubleclick
Path: C:\Documents and Settings\Administrator\Cookies\administrator@doubleclick[1].txt
Risk: Medium
Name: TrackingCookie.Gemius
Path: C:\Documents and Settings\Administrator\Cookies\administrator@hit.gemius[1].txt
Risk: Medium
Name: TrackingCookie.Gemius
Path: :mozilla.7:C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\89newgbm.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Gemius
Path: :mozilla.8:C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\89newgbm.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Tradedoubler
Path: :mozilla.21:C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\89newgbm.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Tradedoubler
Path: :mozilla.22:C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\89newgbm.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Adocean
Path: :mozilla.42:C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\89newgbm.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Adocean
Path: :mozilla.43:C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\89newgbm.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Adocean
Path: :mozilla.47:C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\89newgbm.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Adocean
Path: :mozilla.48:C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\89newgbm.default\cookies.txt
Risk: Medium