HJT:
Logfile of HijackThis v1.99.1
Scan saved at 18:46:29, on 08-04-2007
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\NETWOR~1\MCAFEE~1\FireSvc.exe
C:\Program Files\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\Mcshield.exe
C:\Program Files\Network Associates\VsTskMgr.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Network Associates\SHSTAT.EXE
C:\Program Files\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
D:\XFMC\XFiMode.exe
C:\PROGRA~1\FlashGet\FlashGet.exe
D:\D-Tools\daemon.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\System32\CTXFIHLP.EXE
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\WINDOWS\System32\RUNDLL32.EXE
D:\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\ctfmon.exe
D:\valve\steam.exe
D:\Moje Dokumenty\Ściągnięte\Programy\Zegarynka.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Network Associates\McAfee Desktop Firewall dla Windows XP\FireTray.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Creative\ShareDLL\CADI\NotiMan.exe
D:\Xfire\xfire.exe
C:\PROGRA~1\AVANTB~1\avant.exe
D:\Moje Dokumenty\Ściągnięte\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\PROGRA~1\FlashGet\getflash.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [XFMC] D:\XFMC\XFiMode.exe /START_ENTERTAINMENT
O4 - HKLM\..\Run: [Flashget] C:\PROGRA~1\FlashGet\FlashGet.exe /min
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "D:\D-Tools\daemon.exe" -lang 1045
O4 - HKLM\..\Run: [RCSystem] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" RCSystem * -Startup
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [iTunesHelper] "D:\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "d:\valve\steam.exe" -silent
O4 - HKCU\..\Run: [Zegarynka] D:\Moje Dokumenty\Ściągnięte\Programy\Zegarynka.exe
O4 - Startup: Xfire.lnk = D:\Xfire\xfire.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Zasobnik programu McAfee Desktop Firewall.lnk = C:\Program Files\Network Associates\McAfee Desktop Firewall dla Windows XP\FireTray.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\PROGRA~1\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\PROGRA~1\FlashGet\jc_link.htm
O8 - Extra context menu item: Blokuj wszystkie obrazy z tego serwera - C:\PROGRA~1\AVANTB~1\AddAllToADBlackList.htm
O8 - Extra context menu item: Dodaj do listy blokowanych reklam - C:\PROGRA~1\AVANTB~1\AddToADBlackList.htm
O8 - Extra context menu item: Otwórz w nowym Avant Browser - C:\PROGRA~1\AVANTB~1\OpenInNewBrowser.htm
O8 - Extra context menu item: Otwórz wszystkie adresy z tej strony... - C:\PROGRA~1\AVANTB~1\OpenAllLinks.htm
O8 - Extra context menu item: Podświetl - C:\PROGRA~1\AVANTB~1\Highlight.htm
O8 - Extra context menu item: Szukaj - C:\PROGRA~1\AVANTB~1\Search.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\FlashGet.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15026/CTSUEng.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game08.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15028/CTPID.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: __c00497F2 - C:\WINDOWS\System32\__ c00497F2.dat
O23 - Service: McAfee Desktop Firewall Service (FireSvc) - Networks Associates Technology, Inc. - C:\PROGRA~1\NETWOR~1\MCAFEE~1\FireSvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Serwis struktury programu McAfee (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VsTskMgr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
ComboScan:
ComboScan v20070306.20 run by Czarny Iwan on 2007-04-08 at 18:47:10
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- HijackThis (run as Czarny Iwan.exe) -----------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 18:47:12, on 08-04-2007
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\NETWOR~1\MCAFEE~1\FireSvc.exe
C:\Program Files\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\Mcshield.exe
C:\Program Files\Network Associates\VsTskMgr.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Network Associates\SHSTAT.EXE
C:\Program Files\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
D:\XFMC\XFiMode.exe
C:\PROGRA~1\FlashGet\FlashGet.exe
D:\D-Tools\daemon.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\System32\CTXFIHLP.EXE
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\WINDOWS\System32\RUNDLL32.EXE
D:\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\ctfmon.exe
D:\valve\steam.exe
D:\Moje Dokumenty\Ściągnięte\Programy\Zegarynka.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Network Associates\McAfee Desktop Firewall dla Windows XP\FireTray.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Creative\ShareDLL\CADI\NotiMan.exe
D:\Xfire\xfire.exe
C:\PROGRA~1\AVANTB~1\avant.exe
D:\Moje Dokumenty\Ściągnięte\Programy\comboscan.exe
D:\MOJEDO~1\CIGNIT~1\Czarny Iwan.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\PROGRA~1\FlashGet\getflash.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [XFMC] D:\XFMC\XFiMode.exe /START_ENTERTAINMENT
O4 - HKLM\..\Run: [Flashget] C:\PROGRA~1\FlashGet\FlashGet.exe /min
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "D:\D-Tools\daemon.exe" -lang 1045
O4 - HKLM\..\Run: [RCSystem] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" RCSystem * -Startup
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [iTunesHelper] "D:\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "d:\valve\steam.exe" -silent
O4 - HKCU\..\Run: [Zegarynka] D:\Moje Dokumenty\Ściągnięte\Programy\Zegarynka.exe
O4 - Startup: Xfire.lnk = D:\Xfire\xfire.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Zasobnik programu McAfee Desktop Firewall.lnk = C:\Program Files\Network Associates\McAfee Desktop Firewall dla Windows XP\FireTray.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\PROGRA~1\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\PROGRA~1\FlashGet\jc_link.htm
O8 - Extra context menu item: Blokuj wszystkie obrazy z tego serwera - C:\PROGRA~1\AVANTB~1\AddAllToADBlackList.htm
O8 - Extra context menu item: Dodaj do listy blokowanych reklam - C:\PROGRA~1\AVANTB~1\AddToADBlackList.htm
O8 - Extra context menu item: Otwórz w nowym Avant Browser - C:\PROGRA~1\AVANTB~1\OpenInNewBrowser.htm
O8 - Extra context menu item: Otwórz wszystkie adresy z tej strony... - C:\PROGRA~1\AVANTB~1\OpenAllLinks.htm
O8 - Extra context menu item: Podświetl - C:\PROGRA~1\AVANTB~1\Highlight.htm
O8 - Extra context menu item: Szukaj - C:\PROGRA~1\AVANTB~1\Search.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\FlashGet.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15026/CTSUEng.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game08.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15028/CTPID.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: __c00497F2 - C:\WINDOWS\System32\__ c00497F2.dat
O23 - Service: McAfee Desktop Firewall Service (FireSvc) - Networks Associates Technology, Inc. - C:\PROGRA~1\NETWOR~1\MCAFEE~1\FireSvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Serwis struktury programu McAfee (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VsTskMgr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
-- Files created between 2007-03-08 and 2007-04-08 -----------------------------
2007-04-08 18:11:17 0 d------c- C:\VundoFix Backups
2007-04-08 17:57:17 0 d------c- C:\!KillBox
2007-04-07 19:30:36 0 d------c- C:\Program Files\Avant Browser
2007-04-05 11:44:03 80 --a----c- C:\WINDOWS\gmer_uninstall.cmd
2007-03-20 20:27:06 134272 --a------ C:\WINDOWS\System32\drivers\portcls.sys
2007-03-20 20:27:06 57856 --a------ C:\WINDOWS\System32\drivers\drmk.sys
2007-03-20 16:53:12 23040 -ra------ C:\WINDOWS\System32\drivers\GVCplDrv.sys
2007-03-19 20:48:58 25600 --a------ C:\WINDOWS\System32\borlndmm.dll
2007-03-19 19:30:36 167552 --a------ C:\WINDOWS\System32\drivers\ndis.sys
2007-03-19 19:04:31 176128 --a------ C:\WINDOWS\System32\nvudisp.exe
2007-03-19 16:10:21 0 d------c- C:\WINDOWS\nview
2007-03-18 22:59:18 0 d------c- C:\Program Files\Common Files\Skype
2007-03-18 14:00:51 0 d------c- C:\Program Files\Skype
2007-03-17 23:47:16 4456448 --a------ C:\Documents and Settings\Czarny Iwan.DURENDAL\ntuser.dat
2007-03-17 11:51:44 0 d------c- C:\Program Files\Java
2007-03-16 19:53:01 9548 --a------ C:\WINDOWS\System32\ __c00497F2.dat<__ C004~1.DAT>
2007-03-15 21:33:39 0 d------c- C:\Program Files\QuickTime
2007-03-15 12:23:16 497496 --a------ C:\WINDOWS\System32\XceedZip.dll
2007-03-15 12:19:58 526184 --a------ C:\WINDOWS\System32\XceedCry.dll
2007-03-11 17:57:52 286720 -------c- C:\WINDOWS\Setup1.exe
2007-03-11 17:57:50 73216 --a----c- C:\WINDOWS\ST6UNST.EXE
2007-03-11 00:46:07 306688 --a----c- C:\WINDOWS\IsUninst.exe
2007-03-10 22:51:12 89360 --a------ C:\WINDOWS\System32\VB5DB.DLL
2007-03-08 20:06:06 0 d------c- C:\Program Files\OpenAL
2007-03-08 16:58:59 90112 -------c- C:\WINDOWS\Updreg.EXE
2007-03-08 16:57:29 10240 --a----c- C:\WINDOWS\CTDCRES.DLL
-- Find3M Report ---------------------------------------------------------------
2007-04-08 18:45:02 0 d------c- C:\Documents and Settings\Czarny Iwan.DURENDAL\Dane aplikacji\Xfire
2007-04-08 18:08:13 0 d------c- C:\Program Files\FlashGet
2007-04-07 16:12:23 1416 --a----c- C:\WINDOWS\mozver.dat
2007-04-06 22:15:41 0 d------c- C:\Documents and Settings\Czarny Iwan.DURENDAL\Dane aplikacji\Skype
2007-04-03 21:19:35 0 d------c- C:\Documents and Settings\Czarny Iwan.DURENDAL\Dane aplikacji\Help
2007-03-29 20:48:45 0 d------c- C:\Documents and Settings\Czarny Iwan.DURENDAL\Dane aplikacji\PlayFirst
2007-03-28 22:18:08 0 d---s--c- C:\Documents and Settings\Czarny Iwan.DURENDAL\Dane aplikacji\Microsoft
2007-03-28 00:03:17 0 d------c- C:\Documents and Settings\Czarny Iwan.DURENDAL\Dane aplikacji\ID3-TagIT 3
2007-03-26 16:18:40 0 d--h---c- C:\Program Files\InstallShield Installation Information
2007-03-25 09:41:40 435978 --a------ C:\WINDOWS\System32\perfh015.dat
2007-03-25 09:41:40 67078 --a------ C:\WINDOWS\System32\perfc015.dat
2007-03-23 16:00:10 0 d------c- C:\Documents and Settings\Czarny Iwan.DURENDAL\Dane aplikacji\Adobe
2007-03-23 15:28:00 0 d------c- C:\Program Files\Usługi online
2007-03-23 15:19:46 0 d------c- C:\Program Files\Creative
2007-03-22 22:51:24 0 d------c- C:\Program Files\iPod
2007-03-19 20:49:14 0 d------c- C:\Documents and Settings\Czarny Iwan.DURENDAL\Dane aplikacji\Gizmoz
2007-03-19 19:03:37 1324 --a------ C:\WINDOWS\System32\d3d9caps.dat
2007-03-19 16:58:41 1100 --a------ C:\WINDOWS\System32\d3d8caps.dat
2007-03-19 16:52:20 108144 --a------ C:\WINDOWS\System32\CmdLineExt.dll
2007-03-18 22:56:32 0 d------c- C:\Program Files\Common Files\Wise Installation Wizard
2007-03-18 22:47:20 0 d------c- C:\Documents and Settings\Czarny Iwan.DURENDAL\Dane aplikacji\SuperAdBlocker.com
2007-03-17 20:05:04 0 d------c- C:\Documents and Settings\Czarny Iwan.DURENDAL\Dane aplikacji\Macromedia
2007-03-17 12:40:33 0 d------c- C:\Documents and Settings\Czarny Iwan.DURENDAL\Dane aplikacji\teamspeak2
2007-03-16 20:02:37 413696 --a------ C:\WINDOWS\System32\wrap_oal.dll
2007-03-16 20:02:37 86016 --a------ C:\WINDOWS\System32\OpenAL32.dll
2007-03-12 20:20:20 0 d------c- C:\Program Files\ICEOWS
2007-03-08 15:30:15 0 d------c- C:\Documents and Settings\Czarny Iwan.DURENDAL\Dane aplikacji\Creative
2007-03-04 23:32:26 0 d------c- C:\Documents and Settings\Czarny Iwan.DURENDAL\Dane aplikacji\Hamachi
2007-03-01 21:25:17 0 d------c- C:\Program Files\Apple Software Update
2007-03-01 18:04:18 0 d------c- C:\Documents and Settings\Czarny Iwan.DURENDAL\Dane aplikacji\Folder przesylania Share-to-Web
2007-02-26 21:19:39 0 d------c- C:\Documents and Settings\Czarny Iwan.DURENDAL\Dane aplikacji\Folder przesyłania Share-to-Web
2007-02-23 20:50:33 0 d------c- C:\Documents and Settings\Czarny Iwan.DURENDAL\Dane aplikacji\Apple Computer
2007-02-19 20:01:21 0 d------c- C:\Documents and Settings\Czarny Iwan.DURENDAL\Dane aplikacji\Talkback
2007-02-19 20:01:17 0 d------c- C:\Documents and Settings\Czarny Iwan.DURENDAL\Dane aplikacji\Mozilla
2007-02-14 01:16:34 0 d------c- C:\Program Files\Ahead
2007-02-11 16:21:27 0 d------c- C:\Documents and Settings\Czarny Iwan.DURENDAL\Dane aplikacji\Lavasoft
2007-02-08 18:04:31 0 d------c- C:\Documents and Settings\Czarny Iwan.DURENDAL\Dane aplikacji\Sun
2007-02-08 16:27:19 0 d------c- C:\Program Files\ffdshow
2007-02-08 16:27:08 0 d------c- C:\Program Files\DirectShow Pack
2007-02-07 15:50:52 21856 --a------ C:\WINDOWS\System32\emptyregdb.dat
2007-02-07 15:44:46 62 --ahs--c- C:\Documents and Settings\Czarny Iwan.DURENDAL\Dane aplikacji\desktop.ini
-- Registry Dump ---------------------------------------------------------------
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\ctfmon.exe"
"Steam"="\"d:\\valve\\steam.exe\" -silent"
"Zegarynka"="D:\\Moje Dokumenty\\Ściągnięte\\Programy\\Zegarynka.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"ShStatEXE"="\"C:\\Program Files\\Network Associates\\SHSTAT.EXE\" /STANDALONE"
"McAfeeUpdaterUI"="\"C:\\Program Files\\Common Framework\\UpdaterUI.exe\" /StartedFromRunKey"
"Network Associates Error Reporting Service"="\"C:\\Program Files\\Common Files\\Network Associates\\TalkBack\\TBMon.exe\""
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE"
"XFMC"="D:\\XFMC\\XFiMode.exe /START_ENTERTAINMENT"
"Flashget"="C:\\PROGRA~1\\FlashGet\\FlashGet.exe /min"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"DAEMON Tools-1033"="\"D:\\D-Tools\\daemon.exe\" -lang 1045"
"RCSystem"="\"C:\\Program Files\\Creative\\Shared Files\\Module Loader\\DLLML.exe\" RCSystem * -Startup"
"CTHelper"="CTHELPER.EXE"
"CTxfiHlp"="CTXFIHLP.EXE"
"UpdReg"="C:\\WINDOWS\\UpdReg.EXE"
"VolPanel"="\"C:\\Program Files\\Creative\\Sound Blaster X-Fi\\Volume Panel\\VolPanel.exe\" /r"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_11\\bin\\jusched.exe\""
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvMcTray.dll,NvTaskbarInit"
"iTunesHelper"="\"D:\\iTunes\\iTunesHelper.exe\""
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\__c00497F2
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_ENTDRV51
-- End of ComboScan: finished at 2007-04-08 at 18:47:29 ------------------------
SilentRunners:
"Silent Runners.vbs", revision R50, http://www.silentrunners.org/
Operating System: Windows XP
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"CTFMON.EXE" = "C:\WINDOWS\System32\ctfmon.exe" [MS]
"Steam" = ""d:\valve\steam.exe" -silent" ["Valve Corporation"]
"Zegarynka" = "D:\Moje Dokumenty\Ściągnięte\Programy\Zegarynka.exe" [null data]
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"ShStatEXE" = ""C:\Program Files\Network Associates\SHSTAT.EXE" /STANDALONE" ["Network Associates, Inc."]
"McAfeeUpdaterUI" = ""C:\Program Files\Common Framework\UpdaterUI.exe" /StartedFromRunKey" ["Network Associates, Inc."]
"Network Associates Error Reporting Service" = ""C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"" ["Network Associates, Inc."]
"Logitech Hardware Abstraction Layer" = "KHALMNPR.EXE" ["Logitech Inc."]
"XFMC" = "D:\XFMC\XFiMode.exe /START_ENTERTAINMENT" ["Spectra9 [Budyanto Nurhalim]"]
"Flashget" = "C:\PROGRA~1\FlashGet\FlashGet.exe /min" ["FlashGet.com"]
"NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]
"DAEMON Tools-1033" = ""D:\D-Tools\daemon.exe" -lang 1045" ["DAEMON'S HOME"]
"RCSystem" = ""C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" RCSystem * -Startup" ["Creative Technology Ltd."]
"CTHelper" = "CTHELPER.EXE" ["Creative Technology Ltd"]
"CTxfiHlp" = "CTXFIHLP.EXE" ["Creative Technology Ltd"]
"UpdReg" = "C:\WINDOWS\UpdReg.EXE" ["Creative Technology Ltd."]
"VolPanel" = ""C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r" ["Creative Technology Ltd"]
"QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]
"SunJavaUpdateSched" = ""C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"" ["Sun Microsystems, Inc."]
"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup" [MS]
"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]
"NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit" [MS]
"iTunesHelper" = ""D:\iTunes\iTunesHelper.exe"" ["Apple Inc."]
HKLM\Software\Microsoft\Active Setup\Installed Components\
>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}\(Default) = "Outlook Express"
\StubPath = "C:\WINDOWS\system32\shmgrate.exe OCInstallUserConfigOE" [MS]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "AcroIEHlprObj Class"
\InProcServer32\(Default) = "D:\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}\(Default) = "flashget urlcatch"
-> {HKLM...CLSID} = "FGCatchUrl"
\InProcServer32\(Default) = "C:\PROGRA~1\FlashGet\jccatch.dll" ["www.flashget.com"]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
-> {HKLM...CLSID} = "SSVHelper Class"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll" ["Sun Microsystems, Inc."]
{F156768E-81EF-470C-9057-481BA8380DBA}\(Default) = (no title provided)
-> {HKLM...CLSID} = "FlashGet GetFlash Class"
\InProcServer32\(Default) = "C:\PROGRA~1\FlashGet\getflash.dll" ["www.flashget.com"]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"
-> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"
-> {HKLM...CLSID} = "Rozszerzenie ikon plików programu Outlook"
\InProcServer32\(Default) = "D:\MICROS~1\Office\OLKFSTUB.DLL" [MS]
"{FEB7DAE0-E111-11D0-BFD7-444553540000}" = "ICEOWS"
-> {HKLM...CLSID} = "Folder Iceows"
\InProcServer32\(Default) = "C:\WINDOWS\System32\ShellExt\IceGUI.dll" ["Raphaël MOUNIER"]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
-> {HKLM...CLSID} = "Portable Media Devices Menu"
\InProcServer32\(Default) = "C:\WINDOWS\System32\Audiodev.dll" [MS]
"{B8323370-FF27-11D2-97B6-204C4F4F5020}" = "SmartFTP Shell Extension DLL"
-> {HKLM...CLSID} = "SmartFTP Shell Extension DLL"
\InProcServer32\(Default) = "D:\SmartFTP Client 2.0\smarthook.dll" ["SmartFTP"]
"{24849E2F-0A86-40CD-A62A-B12F161882DB}" = "ZEN V Series Media Explorer"
-> {HKLM...CLSID} = "ZEN V Series Media Explorer"
\InProcServer32\(Default) = "C:\Program Files\Creative\Creative ZEN V Series (R2)\ZEN V Series Media Explorer\SHCTMTP.dll" ["Creative Technology Ltd"]
"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
-> {HKLM...CLSID} = "DesktopContext Class"
\InProcServer32\(Default) = "C:\WINDOWS\System32\nvcpl.dll" ["NVIDIA Corporation"]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
-> {HKLM...CLSID} = "Desktop Explorer"
\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"
-> {HKLM...CLSID} = "nView Desktop Context Menu"
\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
-> {HKLM...CLSID} = "NVIDIA CPL Extension"
\InProcServer32\(Default) = "C:\WINDOWS\System32\nvcpl.dll" ["NVIDIA Corporation"]
"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}" = "iTunes"
-> {HKLM...CLSID} = "iTunes"
\InProcServer32\(Default) = "D:\iTunes\iTunesMiniPlayer.dll" ["Apple Inc."]
"{71A466B0-65CC-4B41-9043-6090F2C830D3}" = "QCD IconHandler"
-> {HKLM...CLSID} = "QIconHandler Class"
\InProcServer32\(Default) = "D:\Quintessential Player\QMPShell.dll" ["Quinnware"]
"{71A068F3-2DC9-438D-8944-6B4FF540D2F5}" = "QCD ContextMenu"
-> {HKLM...CLSID} = "QContextMenu Class"
\InProcServer32\(Default) = "D:\Quintessential Player\QMPShell.dll" ["Quinnware"]
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
<> __c00497F2\DLLName = "C:\WINDOWS\System32\__ c00497F2.dat" [null data]
HKLM\Software\Classes\Folder\shellex\ColumnHandlers\
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
-> {HKLM...CLSID} = "PDF Shell Extension"
\InProcServer32\(Default) = "D:\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]
HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
CTMTPMediaExplorer\(Default) = "{7895F317-A125-42CC-BD3E-5830765CE577}"
-> {HKLM...CLSID} = "CtMtpContextMenu Class"
\InProcServer32\(Default) = "C:\PROGRA~1\Creative\SHARED~1\CtCmeCtx.dll" ["Creative Technology Ltd"]
ICEOWS\(Default) = "{FEB7DAE0-E111-11D0-BFD7-444553540000}"
-> {HKLM...CLSID} = "Folder Iceows"
\InProcServer32\(Default) = "C:\WINDOWS\System32\ShellExt\IceGUI.dll" ["Raphaël MOUNIER"]
VirusScan\(Default) = "{cda2863e-2497-4c49-9b89-06840e070a87}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Network Associates\shext.dll" ["Network Associates, Inc."]
HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
ICEOWS\(Default) = "{FEB7DAE0-E111-11D0-BFD7-444553540000}"
-> {HKLM...CLSID} = "Folder Iceows"
\InProcServer32\(Default) = "C:\WINDOWS\System32\ShellExt\IceGUI.dll" ["Raphaël MOUNIER"]
VirusScan\(Default) = "{cda2863e-2497-4c49-9b89-06840e070a87}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Network Associates\shext.dll" ["Network Associates, Inc."]
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
CTMTPMediaExplorer\(Default) = "{7895F317-A125-42CC-BD3E-5830765CE577}"
-> {HKLM...CLSID} = "CtMtpContextMenu Class"
\InProcServer32\(Default) = "C:\PROGRA~1\Creative\SHARED~1\CtCmeCtx.dll" ["Creative Technology Ltd"]
VirusScan\(Default) = "{cda2863e-2497-4c49-9b89-06840e070a87}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Network Associates\shext.dll" ["Network Associates, Inc."]
Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------
Note: detected settings may not have any effect.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\
"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}
"undockwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}
Active Desktop and Wallpaper:
-----------------------------
Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\Documents and Settings\Czarny Iwan.DURENDAL\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"
Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\Czarny Iwan.DURENDAL\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"
Startup items in "Czarny Iwan" & "All Users" startup folders:
-------------------------------------------------------------
C:\Documents and Settings\Czarny Iwan.DURENDAL\Menu Start\Programy\Autostart
"Xfire" -> shortcut to: "D:\Xfire\xfire.exe" ["Xfire Inc."]
C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programy\Autostart
"Adobe Reader Speed Launch" -> shortcut to: "D:\Acrobat 7.0\Reader\reader_sl.exe" ["Adobe Systems Incorporated"]
"Logitech SetPoint" -> shortcut to: "C:\Program Files\Logitech\SetPoint\SetPoint.exe" ["Logitech Inc."]
"Microsoft Office" -> shortcut to: "D:\Microsoft Office\Office\OSA9.EXE -b -l" [MS]
"Zasobnik programu McAfee Desktop Firewall" -> shortcut to: "C:\Program Files\Network Associates\McAfee Desktop Firewall dla Windows XP\FireTray.exe" ["Networks Associates Technology, Inc."]
Enabled Scheduled Tasks:
------------------------
"AppleSoftwareUpdate" -> launches: "C:\Program Files\Apple Software Update\SoftwareUpdate.exe -Task" ["Apple Computer, Inc."]
Winsock2 Service Provider DLLs:
-------------------------------
Namespace Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
Transport Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 13
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05
Toolbars, Explorer Bars, Extensions:
------------------------------------
Extensions (Tools menu items, main toolbar menu buttons)
HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBC}"
-> {HKCU...CLSID} = "Java Plug-in 1.5.0_11"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll" ["Sun Microsystems, Inc."]
-> {HKLM...CLSID} = "Java Plug-in 1.5.0_11"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_11\bin\npjpi150_11.dll" ["Sun Microsystems, Inc."]
{D6E814A0-E0C5-11D4-8D29-0050BA6940E3}\
"ButtonText" = "FlashGet"
"MenuText" = "FlashGet"
"Exec" = "C:\PROGRA~1\FlashGet\FlashGet.exe" ["FlashGet.com"]
Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------
iPod Service, iPod Service, "C:\Program Files\iPod\bin\iPodService.exe" ["Apple Inc."]
McAfee Desktop Firewall Service, FireSvc, "C:\PROGRA~1\NETWOR~1\MCAFEE~1\FireSvc.exe" ["Networks Associates Technology, Inc."]
Network Associates McShield, McShield, ""C:\Program Files\Network Associates\Mcshield.exe"" ["Network Associates, Inc."]
Network Associates Task Manager, McTaskManager, ""C:\Program Files\Network Associates\VsTskMgr.exe"" ["Network Associates, Inc."]
NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\System32\nvsvc32.exe" ["NVIDIA Corporation"]
Serwis struktury programu McAfee, McAfeeFramework, "C:\Program Files\Common Framework\FrameworkService.exe /ServiceStart" ["Network Associates, Inc."]
Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\System32\wdfmgr.exe" [MS]
Print Monitors:
---------------
HKLM\System\CurrentControlSet\Control\Print\Monitors\
HPLJ1018LM\Driver = "ZLhp1018.DLL" ["Zenographics, Inc."]
----------
<>: Suspicious data at a malware launch point.
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points, use the -supp parameter or answer "No" at the
first message box and "Yes" at the second message box.
---------- (total run time: 1087 seconds, including 16 seconds for message boxes)