Deckard’s System Scanner v20070826.66
Run by wieslaw on 2007-08-29 21:31:47
Computer is in Normal Mode.
– System Restore --------------------------------------------------------------
Successfully created a Deckard’s System Scanner Restore Point.
– Last 5 Restore Point(s) –
7: 2007-08-29 19:31:59 UTC - RP180 - Deckard’s System Scanner Restore Point
6: 2007-08-27 11:48:50 UTC - RP179 - Punkt kontrolny systemu
5: 2007-08-22 09:52:35 UTC - RP178 - Punkt kontrolny systemu
4: 2007-08-18 21:35:48 UTC - RP177 - Installed ACDSee 9 Photo Manager
3: 2007-08-14 23:11:21 UTC - RP176 - Software Distribution Service 3.0
– First Restore Point –
1: 2007-08-11 14:59:22 UTC - RP174 - Usunięte Pro Evolution Soccer 6
Backed up registry hives.
Performed disk cleanup.
System Drive C: has 2.83 GiB (less than 15%) free.
– HijackThis (run as wieslaw.exe) ---------------------------------------------
Unable to find log (file not found); running clone.
– HijackThis Clone ------------------------------------------------------------
Emulating logfile of HijackThis v1.99.1
Scan saved at 2007-08-29 21:33:42
Platform: Windows XP Dodatek Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16512)
Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\DeskSite\binex\DeskSiteCMA.exe
C:\WITaj!\WITaj!\WIT2000.EXE
C:\Program Files\SAGEM WiFi manager\WLANUTL.EXE
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
D:\Program Files\Shareaza\Shareaza\Shareaza.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\download\dss.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wp.pl/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = IE 7
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: MEGAUPLOADTOOLBAR - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\Program Files\MegauploadToolbar\megauploadtoolbar.dll
O2 - BHO: IEbho Class - {68C55168-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IE7pro\IE7pro.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: CoTGT_BHO Class - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
O2 - BHO: Kwyshell MidpX - {EBE9E2B5-B526-48BC-AD46-687263EDCB0E} - C:\Program Files\Kwyshell\MidpX\JadInvoker\MidpInvoker.dll
O3 - Toolbar: MEGAUPLOADTOOLBAR - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\Program Files\MegauploadToolbar\megauploadtoolbar.dll
O3 - Toolbar: &Save Flash - {4064EA35-578D-4073-A834-C96D82CBCF40} - C:\Program Files\Save Flash\SaveFlash.dll
O3 - Toolbar: Kwyshell MidpX - {EBE9E2B5-B526-48BC-AD46-687263EDCB0E} - C:\Program Files\Kwyshell\MidpX\JadInvoker\MidpInvoker.dll
O3 - Toolbar: Copernic Desktop Search 2 - {968631B6-4729-440D-9BF4-251F5593EC9A} - C:\Program Files\Copernic Desktop Search 2\DesktopSearchBand2575.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKEY_LOCAL_MACHINE…\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKEY_LOCAL_MACHINE…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKEY_LOCAL_MACHINE…\Run: [TkBellExe] “C:\Program Files\Common Files\Real\Update_OB\realsched.exe” -osboot
O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU…\Run: [AWMON] “C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe”
O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray
O4 - HKCU…\Run: [Odkurzacz-MCD] C:\Program Files\Odkurzacz\odk_mcd.exe
O4 - HKCU…\Run: [WITaj!] C:\WITaj!\WITaj!\WIT2000.EXE
O4 - Global Startup: Program sieciowy dla SAGEM Wi-Fi 11g USB adapter.lnk = C:\Program Files\SAGEM WiFi manager\WLANUTL.exe
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Program Files\Dealio\kb103\res\DealioSearch.html
O8 - Extra context menu item: Download Link Using Mega Manager… - C:\Program Files\Megaupload\Mega Manager\mm_file.htm
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Link to &MidpX - C:\Program Files\Kwyshell\MidpX\JadInvoker\Extent\jad_wrap.htm
O9 - Extra button: IE7pro - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7pro\IE7pro.dll
O9 - Extra ‘Tools’ menuitem: IE7pro - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7pro\IE7pro.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra ‘Tools’ menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra ‘Tools’ menuitem: (no name) - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: (no name) - {B46B0919-62BA-4D99-A5C4-916B57A6805C} - (no file)
O9 - Extra ‘Tools’ menuitem: (no name) - {B46B0919-62BA-4D99-A5C4-916B57A6805C} - (no file)
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - (no file)
O9 - Extra ‘Tools’ menuitem: (no name) - {E908B145-C847-4e85-B315-07E2E70DECF8} - (no file)
O15 - Trusted Zone: *.archiviosex.net (HKCU)
O15 - Trusted Zone: *.otherchance.com (HKCU)
O15 - Trusted Zone: *.whatsnew.name (HKCU)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://fpdownload.macromedia.com/get/sh … tor/sw.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {32C11E38-E587-4BE9-9ABB-D69158C21CE5} (Moonlight MPEG-4 Video Decoder) - http://195.140.237.244/activex/decoder/mpeg4_dec.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://217.125.138.27/activex/AxisCamControl.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s … wflash.cab
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://195.140.237.244/activex/AMC.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: DeskSiteCMA - Unknown owner - “C:\Program Files\DeskSite\binex\DeskSiteCMA.exe”
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - “C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe”
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: NBService - Unknown owner - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - “C:\Program Files\CyberLink\Shared files\RichVideo.exe”
O23 - Service: StyleXPService - Unknown owner - “C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe”
– HijackThis Fixed Entries (D:\download\HIJACK~1\backups) --------------------
backup-20061220-202046-937 O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL
backup-20061220-202151-400 O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
backup-20061220-202151-586 O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file)
backup-20061220-202151-722 R3 - Default URLSearchHook is missing
backup-20061228-164505-803 R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - blank (file missing)
backup-20061228-165550-254 O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
backup-20061228-165550-281 O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
backup-20070202-184650-960 O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL
backup-20070202-184821-451 O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
backup-20070202-184821-606 O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
backup-20070214-125506-499 O2 - BHO: (no name) - {140BD8E3-C167-11D4-B4A3-080000180323} - (no file)
backup-20070214-125506-540 O2 - BHO: My Global Search Bar BHO - {37B85A21-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL
backup-20070829-205818-356 O2 - BHO: (no name) - {6A87B991-A31F-4130-AE72-6D0C294BF082} - (no file)
backup-20070829-205818-739 O3 - Toolbar: (no name) - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - (no file)
backup-20070829-205818-959 O3 - Toolbar: (no name) - {0D704FAD-66E9-4F0A-BFED-4F665770DDB3} - (no file)
– File Associations -----------------------------------------------------------
.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL “%1”,%*
.cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser “%1”,%*
– Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R0 BTHidMgr (Bluetooth HID Manager Service) - c:\windows\system32\drivers\bthidmgr.sys
R1 StyleXPHelper - c:\program files\tgtsoft\stylexp\stylexphelper.exe
R1 UserPort - c:\windows\system32\drivers\userport.sys
R2 ElbyCDIO (ElbyCDIO Driver) - c:\windows\system32\drivers\elbycdio.sys
R2 PStrip - c:\windows\system32\drivers\pstrip.sys
R3 BlueletAudio (Bluetooth Audio Service) - c:\windows\system32\drivers\blueletaudio.sys
R3 BlueletSCOAudio (Bluetooth SCO Audio Service) - c:\windows\system32\drivers\blueletscoaudio.sys
R3 BT (Bluetooth PAN Network Adapter) - c:\windows\system32\drivers\btnetdrv.sys
R3 Btcsrusb (Bluetooth USB For Bluetooth Service) - c:\windows\system32\drivers\btcusb.sys
R3 BTHidEnum (Bluetooth HID Enumerator) - c:\windows\system32\drivers\vbtenum.sys
R3 ElbyCDFL - c:\windows\system32\drivers\elbycdfl.sys
R3 Pcatip - c:\windows\system32\drivers\pcatip.sys
R3 Pcouffin (Low level access layer for CD devices) - c:\windows\system32\drivers\pcouffin.sys
R3 VComm (Virtual Serial port driver) - c:\windows\system32\drivers\vcomm.sys
R3 VcommMgr (Bluetooth VComm Manager Service) - c:\windows\system32\drivers\vcommmgr.sys
R3 ZDPSp50 (ZDPSp50 NDIS Protocol Driver) - c:\windows\system32\drivers\zdpsp50.sys
S3 BTNetFilter (Bluetooth Network Filter) - c:\windows\system32\drivers\btnetfilter.sys
S3 ENTECH - c:\windows\system32\drivers\entech.sys
S3 PCANDIS5 (PCANDIS5 Protocol Driver) - c:\windows\system32\pcandis5.sys (file missing)
S3 ZDCndis5 (ZDCndis5 Protocol Driver) - c:\windows\system32\zdcndis5.sys (file missing)
– Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 BlueSoleil Hid Service - c:\program files\ivt corporation\bluesoleil\btntservice.exe
R2 DeskSiteCMA - “c:\program files\desksite\binex\desksitecma.exe”
R2 RichVideo (Cyberlink RichVideo Service(CRVS)) - “c:\program files\cyberlink\shared files\richvideo.exe”
R2 StyleXPService - “c:\program files\tgtsoft\stylexp\stylexpservice.exe”
S3 AresChatServer (Ares Chatroom server) - c:\program files\ares\chatserver.exe
S3 NBService - c:\program files\nero\nero 7\nero backitup\nbservice.exe
– Device Manager: Disabled ----------------------------------------------------
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Karta Realtek RTL8139 Family PCI Fast Ethernet NIC
Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_81391849&REV_10\4&32A45852&0&50F0
Manufacturer: Realtek
Name: Karta Realtek RTL8139 Family PCI Fast Ethernet NIC
PNP Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_81391849&REV_10\4&32A45852&0&50F0
Service: rtl8139
– Scheduled Tasks -------------------------------------------------------------
2007-08-28 17:03:03 284 --a----c- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2007-08-24 00:05:02 440 --a----c- C:\WINDOWS\Tasks\EasyShare Registration Task.job
2007-08-17 19:12:00 296 --a----c- C:\WINDOWS\Tasks\avast! Antivirus.job
– Files created between 2007-07-29 and 2007-08-29 -----------------------------
2007-08-29 14:58:40 0 d------c- C:\WINDOWS\LastGood
2007-08-19 23:42:00 109568 --a----c- C:\WINDOWS\system32\apex3gp.exe
2007-08-19 23:41:59 4755968 --a----c- C:\WINDOWS\system32\apexconverter.exe
2007-08-19 23:41:59 120320 --a----c- C:\WINDOWS\system32\apexchanger.exe
2007-08-19 23:41:58 3138048 --a----c- C:\WINDOWS\system32\apexxbox.exe
2007-08-19 23:41:58 398798 --a----c- C:\WINDOWS\system32\apexpmp.exe
2007-08-19 23:41:58 86016 --a----c- C:\WINDOWS\system32\AddiTunes.exe
2007-08-19 23:41:39 764416 --a----c- C:\WINDOWS\system32\NCTRMFile.dll
2007-08-19 23:41:39 249856 --a----c- C:\WINDOWS\system32\NCTQuickTimeFile.dll
2007-08-19 23:41:39 626688 --a----c- C:\WINDOWS\system32\NCTImageFile.dll
2007-08-19 23:41:38 495104 --a----c- C:\WINDOWS\system32\NCTVideoCoreM.dll
2007-08-19 23:41:38 382464 --a----c- C:\WINDOWS\system32\NCTAVIFile.dll
2007-08-19 23:41:37 780288 --a----c- C:\WINDOWS\system32\NCTVideoCompress.dll
2007-08-19 23:41:37 90112 --a----c- C:\WINDOWS\system32\NCTAudioFormatSettings3.dll
2007-08-19 23:41:36 312320 --a----c- C:\WINDOWS\system32\NCTVideoView.dll
2007-08-19 23:41:36 188416 --a----c- C:\WINDOWS\system32\NCTVideoFile.dll
2007-08-19 23:41:36 2846720 --a----c- C:\WINDOWS\system32\NCTAudioCompress3.dll
2007-08-19 23:41:35 215552 --a----c- C:\WINDOWS\system32\NCTWMVFile.dll
2007-08-19 23:41:35 778240 --a----c- C:\WINDOWS\system32\NCTAudioCompress2.dll
2007-08-19 23:41:31 0 d------c- C:\WINDOWS\system32\RMBin
2007-08-19 23:41:30 81920 --a----c- C:\WINDOWS\system32\viscomwave.dll
2007-08-19 23:41:30 147456 --a----c- C:\WINDOWS\system32\viscomqtenc.dll http://www.viscomsoft.com; >
2007-08-19 23:41:30 139264 --a----c- C:\WINDOWS\system32\viscomqtde.dll http://www.viscomsoft.com; >
2007-08-18 23:38:08 0 d------c- C:\extensions
2007-08-18 23:37:14 0 d------c- C:\Program Files\Yahoo!
2007-08-15 01:12:24 0 d------c- C:\Program Files\MSXML 4.0
– Find3M Report ---------------------------------------------------------------
2007-08-28 20:28:40 14662 --a----c- C:\logfile
2007-08-26 13:59:13 0 d------c- C:\Documents and Settings\wieslaw\Dane aplikacji\MegauploadToolbar
2007-08-20 18:21:06 459070 --a----c- C:\WINDOWS\system32\perfh015.dat
2007-08-20 18:21:06 80352 --a----c- C:\WINDOWS\system32\perfc015.dat
2007-08-20 12:36:18 0 d------c- C:\Program Files\Mozilla Thunderbird
2007-08-20 10:57:29 0 d------c- C:\Program Files\Trojan Remover
2007-08-19 00:44:50 0 d------c- C:\Documents and Settings\wieslaw\Dane aplikacji\WinRAR
2007-08-18 23:36:17 0 d------c- C:\Program Files\Common Files\ACD Systems
2007-08-14 20:40:22 0 d------c- C:\Program Files\Odkurzacz
2007-08-11 17:00:20 0 d–h—c- C:\Program Files\InstallShield Installation Information
2007-08-11 15:52:49 0 d------c- C:\Program Files\Peer2Mail
2007-08-10 18:49:25 0 d------c- C:\Program Files\MegauploadToolbar
2007-07-20 18:14:23 0 d------c- C:\Program Files\Copernic Desktop Search 2
2007-07-14 17:37:06 0 d------c- C:\Documents and Settings\wieslaw\Dane aplikacji\uTorrent
2007-07-11 15:55:33 664 --a----c- C:\WINDOWS\desctemp.dat
2007-07-05 20:19:08 0 d------c- C:\Program Files\Vulcan Media
2007-07-05 20:19:03 0 d------c- C:\Program Files\PWN
2007-07-02 01:06:48 0 d------c- C:\Program Files\Kwyshell
2007-06-29 00:22:44 0 d------c- C:\Program Files\Kodak
2007-06-29 00:20:53 0 d------c- C:\Program Files\Common Files
2007-06-29 00:20:53 0 d------c- C:\Program Files\Common Files\Kodak
2007-06-08 22:38:51 356352 --a----c- C:\WINDOWS\eSellerateEngine.dll
2007-06-06 09:38:40 237568 --a----c- C:\WINDOWS\system32\KPDPMUI.dll
2007-06-06 09:38:14 344064 --a----c- C:\WINDOWS\system32\KPDPM.dll
– Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“avast!”=“C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [2007-07-28 00:03]
“NvCplDaemon”=“C:\WINDOWS\system32\NvCpl.dll” [2006-08-11 22:43]
“TkBellExe”=“C:\Program Files\Common Files\Real\Update_OB\realsched.exe” [2007-01-15 00:44]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-04 00:44]
“AWMON”=“C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe” [2005-05-25 13:12]
“Gadu-Gadu”=“C:\Program Files\Gadu-Gadu\gg.exe” [2007-05-10 16:36]
“Odkurzacz-MCD”=“C:\Program Files\Odkurzacz\odk_mcd.exe” [2007-05-03 10:02]
“WITaj!”=“C:\WITaj!\WITaj!\WIT2000.EXE” [2005-03-21 18:20]
C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
Program sieciowy dla SAGEM Wi-Fi 11g USB adapter.lnk - C:\Program Files\SAGEM WiFi manager\WLANUTL.exe [2007-01-13 20:50:30]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DemonStarter]
C:\Program Files\PWN\Definicje\Bin\Starter.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadu-Gadu]
“C:\Program Files\Gadu-Gadu\gg.exe” /tray
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WITaj!]
C:\WITaj!\WITaj!\WIT2000.EXE
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
“BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}”=“C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe”
“FreeCall”=“C:\Program Files\FreeCall.com\FreeCall\FreeCall.exe” -nosplash -minimized
“XPRepairBusiness”=C:\Program Files\XP Repair Pro\xprepairpro.exe /s
“Shareaza”=“D:\Program Files\Shareaza\Shareaza\Shareaza.exe” -tray
“ares”=“C:\Program Files\Ares\Ares.exe” -h
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
“TkBellExe”=“C:\Program Files\Common Files\Real\Update_OB\realsched.exe” -osboot
“SunJavaUpdateSched”=“C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe”
“WinampAgent”=C:\Program Files\Winamp\winampa.exe
“QuickTime Task”=“C:\Program Files\QuickTime\qttask.exe” -atboottime
“HPDJ Taskbar Utility”=C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
“nwiz”=nwiz.exe /install
“BearShare”=“D:\Program Files\BearShare\BearShare.exe” /pause
“UserFaultCheck”=%systemroot%\system32\dumprep 0 -u
“TrojanScanner”=C:\Program Files\Trojan Remover\Trjscan.exe
“NeroFilterCheck”=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
– End of Deckard’s System Scanner: finished at 2007-08-29 21:34:59 ------------