LOG HijackThis


(Tomek Zamlynny) #1

Prosze o sprawdzenie

Logfile of HijackThis v1.97.7

Scan saved at 13:46:55, on 2004-09-11

Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)


Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Winamp\winampa.exe

C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe

C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

C:\WINDOWS\System32\xwuybzrq.exe

C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\Program Files\TGTSoft\StyleXP\StyleXP.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\RUNDLL32.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe

C:\WINDOWS\System32\wuauclt.exe

C:\WINDOWS\explorer.exe

C:\Program Files\FlashGet\Gadu-Gadu\gg.exe

C:\Program Files\FlashGet\flashget.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Downloads\HijackThis.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

R3 - URLSearchHook: (no name) - {20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - C:\Program Files\TV Media\TvmBho.dll

O2 - BHO: (no name) - SOFTWARE - (no file)

O2 - BHO: (no name) - {00000000-0000-0000-0000-000000000221} - C:\Program Files\ClearSearch\CSIE.DLL (file missing)

O2 - BHO: (no name) - {00000EF1-0786-4633-87C6-1AA7A44296DA} - C:\WINDOWS\System32\ATPART~1.DLL (file missing)

O2 - BHO: (no name) - {000020DD-C72E-4113-AF77-DD56626C6C42} - C:\WINDOWS\twaintec.dll

O2 - BHO: (no name) - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINDOWS\bxxs5.dll (file missing)

O2 - BHO: NavErrRedir Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL (file missing)

O2 - BHO: (no name) - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - C:\WINDOWS\wsem301.dll

O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll

O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe

O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe

O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"

O4 - HKLM\..\Run: [stcloader] C:\WINDOWS\System32\stcloader.exe

O4 - HKLM\..\Run: [vyjecvhqwmpnn] C:\WINDOWS\System32\xwuybzrq.exe

O4 - HKLM\..\Run: [alchem] C:\WINDOWS\alchem.exe

O4 - HKLM\..\Run: [ClrSchLoader] C:\Program Files\ClearSearch\Loader.exe

O4 - HKLM\..\Run: [updater] C:\Program Files\Common files\updater\wupdater.exe

O4 - HKLM\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe

O4 - HKLM\..\Run: [WebRebates0] "C:\Program Files\Web_Rebates\WebRebates0.exe"

O4 - HKLM\..\Run: [bxxs5] RunDLL32.EXE C:\WINDOWS\bxxs5.dll,DllRun

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKCU\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe

O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide

O4 - Global Startup: hp psc 1000 series.lnk = ?

O8 - Extra context menu item: Web Rebates - file://C:\Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm

O8 - Extra context menu item: Ściągnij przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_link.htm

O8 - Extra context menu item: Ściągnij wszystko przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_all.htm

O9 - Extra button: Related (HKLM)

O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)

O9 - Extra button: FlashGet (HKLM)

O9 - Extra 'Tools' menuitem: &FlashGet (HKLM)

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

Zmiana tytułu

Asterisk


(Adarek) #2

Usuń

R3 - URLSearchHook: (no name) - {20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - C:\Program Files\TV Media\TvmBho.dll

Tu masz więcej opisane jakies taki ciekawski http://www.pestpatrol.com/PestInfo/c/cleveriehooker.asp

O2 - BHO: (no name) - SOFTWARE - (no file) 

O2 - BHO: (no name) - {00000000-0000-0000-0000-000000000221} - C:\Program Files\ClearSearch\CSIE.DLL (file missing) 

O2 - BHO: (no name) - {00000EF1-0786-4633-87C6-1AA7A44296DA} - C:\WINDOWS\System32\ATPART~1.DLL (file missing) 

O2 - BHO: (no name) - {000020DD-C72E-4113-AF77-DD56626C6C42} - C:\WINDOWS\twaintec.dll 

O2 - BHO: (no name) - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINDOWS\bxxs5.dll (file missing)

CSIE.DLL >http://www.pestpatrol.com/PestInfo/c/clearsearch.asptwaintec.dll .http://www.pchell.com/support/twaintec.shtml

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe 

O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe 

O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe 

O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe" 

O4 - HKLM\..\Run: [stcloader] C:\WINDOWS\System32\stcloader.exe 

O4 - HKLM\..\Run: [vyjecvhqwmpnn] C:\WINDOWS\System32\xwuybzrq.exe 

O4 - HKLM\..\Run: [alchem] C:\WINDOWS\alchem.exe 

O4 - HKLM\..\Run: [ClrSchLoader] C:\Program Files\ClearSearch\Loader.exe 

O4 - HKLM\..\Run: [updater] C:\Program Files\Common files\updater\wupdater.exe 

O4 - HKLM\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe 

O4 - HKLM\..\Run: [WebRebates0] "C:\Program Files\Web_Rebates\WebRebates0.exe" 

O4 - HKLM\..\Run: [bxxs5] RunDLL32.EXE C:\WINDOWS\bxxs5.dll,DllRun 

O4 - Global Startup: hp psc 1000 series.lnk = ? 

O8 - Extra context menu item: Web Rebates - file://C:\Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm 

O9 - Extra button: Related (HKLM) 

O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM

Pełno trojanów

Toe foldery też do usunięcia

C:\WINDOWS\System32\xwuybzrq.exe

C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe - jesli nie jest to jakiś sterownik.

Wcześniej wył.prywracanie systemu .WŁącz kompa w trybie awaryjnym.

Zbij procesy i usuwaj , szukaj jeszcze w plikach ukrytych i kuczaczach

rejestru.

Niech to ktoś jeszcze sprawdzi bo mogłem coś przegapić. :smiley:


(Xiao19) #3

O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe

(to jest sterownik sama mam taki HP)

O4 - HKLM..\Run: [internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe" (to jest progs nieusuwasz)

O4 - HKLM..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe

(programik TV zostawiasz ten wpis)

jejku ty miales avastaI4 :o i tyle trojanow szok

chyba zmienie o nim zdanie calkowicie juz

Poczytaj i najlepiej zainstaluj

http://forum.dobreprogramy.pl/viewtopic ... ht=blaster

skan dysku jeszcze

--GFI Trojan--

http://www.windowsecurity.com/trojanscan/

--mks_vir--

http://skaner.mks.com.pl

--GeCAD (RAV)-- (uwieczni dzielo ) the BEST :stuck_out_tongue: :stuck_out_tongue:

http://www.ravantivirus.com/scan/

Na koniec dajesz jeszcze raz loga tu >>>

po scnowaniu antywirami

zobaczymy czy wszystko oki


(Adarek) #4

\optimize.exe to jest Internet Optimizer - czyli szpiegol i zamulacz

opis http://www.doxdesk.com/parasite/InternetOptimizer.html - usuwaj !!

TV Media - program =Spyware! - nie takłatwo sie tego pozbyć jak czytałem na zagranicznych forach.

Poczytaj na

http://www.windowsstartup.com/wso/brows ... 00end=225 jesli sie godzisz na to, to zostaw.

hpztsb07.exe - ok sterownik .

Pobiesz sobie nową wersję HijackThis czili

HijackThis 1.98.2


(Xiao19) #5

ok niech kolega sam sie wypowie ,chodz to malo mozliwe ze by tak prosto sie intalowal (szpieg) jako program

TV Media w katalogu Programy dziwne troche

niech sam wlasciciel loga nam powie czy wie o takim programie u siebie

ihih najpierw

Internet Optimizer do tego tez niejestem taka pewna

to juz wlasciciel powinien wiedziec chyba jakie ma programy w

C:\Program Files i do czego one sluza

jesli naprwade sa to jakies szpiegusy oki niema sprawy

w koncu sie ciagle uczymy ,


(Safol) #6

Witam, nie mam pewnosci czy aby moj log jest czysty. prosze o sprawdzenie.

Logfile of HijackThis v1.98.2

Scan saved at 12:34:57, on 2004-09-12

Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)


Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe

C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\pavsrv51.exe

C:\Program Files\cFosSpeed\cFosSpeed.exe

C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\APVXDWIN.EXE

C:\PROGRA~1\DAP\DAP.EXE

C:\WINDOWS\system32\pctspk.exe

C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

C:\WINDOWS\System32\ctfmon.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\Program Files\Gadu-Gadu\gg.exe

C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\AVENGINE.EXE

C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe

C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\WebProxy.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\Cichuta\Pulpit\hijackthis\HijackThis.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.pl

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.pl

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\Program Files\DAP\DAPBHO.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\Program Files\DAP\DAPIEBar.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [cFosSpeed] C:\Program Files\cFosSpeed\cFosSpeed.exe

O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\APVXDWIN.EXE" /s

O4 - HKLM\..\Run: [DownloadAccelerator] C:\PROGRA~1\DAP\DAP.EXE /STARTUP

O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray

O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe

O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm

O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html

O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html

O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm

O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html

O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html

O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\PROGRA~1\DAP\DAP.EXE

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1094821080031

O17 - HKLM\System\CCS\Services\Tcpip\..\{B04762C0-C563-4629-8051-0A0407E4DE23}: NameServer = 194.204.152.34 217.98.63.164

(Adarek) #7

safol

Log masz czysty.

Tylko szpiga masz w postaci DAP . Wersja płatna tego nie ma . Ja mam

GetRight 5.iles tam. Od tej wersji wyświetla tylko ..

Ps .

Tylko przyponmienie o możliwości kupna i to rzadko


(system) #8

W tym folderze nagminnie instalują się komponenty szpiegowskie, jeśli

użytkownik ma prawa aministratora (i pełne prawa dostępu do dysku

systemowego).


(Adarek) #9

Dobrym pomysłem jest instalowanie systemu na innym dysku /patrycji niż C.

Wtedy prawie nigdy nic sie samemu nie zainstaluje w systemie bo zgłupieje.

Dobrze radzić ale sam mam system na C. Jakoś sie nie mogę przełamać sie na inną lokalizację systemu.

Może kiedyś ,ale na razie XP chodzi bez reinstalki jakieś 9 miesięcy. :smiley: :smiley: :stuck_out_tongue: :stuck_out_tongue:


(system) #10

Sprawdźcie jeśli możęcie :slight_smile:

StartupList report, 2004-09-13, 16:51:58

StartupList version: 1.52

Started from : C:\DOCUME~1\Grzesiek\USTAWI~1\Temp\Rar$EX00.248\StartupList.EXE

Detected: Windows XP (WinNT 5.01.2600)

Detected: Internet Explorer v6.00 (6.00.2600.0000)

* Using default options

==================================================


Running processes:


C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\AVPersonal\AVGUARD.EXE

C:\Program Files\AVPersonal\AVWUPSRV.EXE

C:\WINDOWS\system32\crypserv.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\AVPersonal\AVGNT.EXE

C:\Program Files\Winamp\winampa.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Silicon Prairie Software\MemTurbo\memturbo.exe

D:\ściągnięte\Temp\mul\eMule\emule.exe

C:\Program Files\FlashGet\flashget.exe

C:\Program Files\Winamp\winamp.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\WinRAR\WinRAR.exe

C:\DOCUME~1\Grzesiek\USTAWI~1\Temp\Rar$EX00.248\StartupList.exe


--------------------------------------------------


Listing of startup folders:


Shell folders Startup:

[C]

emule.lnk = Temp\mul\eMule\emule.exe

WinMySQLadmin.lnk = C:\mysql\bin\winmysqladmin.exe


Shell folders Common Startup:

[C]

MemTurbo.lnk = C:\Program Files\Silicon Prairie Software\MemTurbo\memturbo.exe

Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE


--------------------------------------------------


Checking Windows NT UserInit:


[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]

UserInit = C:\WINDOWS\system32\userinit.exe,


--------------------------------------------------


Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run


AVGCtrl = "C:\Program Files\AVPersonal\AVGNT.EXE" /min

WinampAgent = C:\Program Files\Winamp\winampa.exe

QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime

PeerGuardian = C:\Program Files\KMD Lite\peerguardian.exe


--------------------------------------------------


Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run


eDexter = C:\Program Files\KMD Lite\eDexter\edexter.exe


--------------------------------------------------


Load/Run keys from C:\WINDOWS\WIN.INI:


load=*INI section not found*

run=*INI section not found*


Load/Run keys from Registry:


HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*

HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*

HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*

HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*

HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*

HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*

HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*

HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*

HKCU\..\Windows NT\CurrentVersion\Windows: load=

HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*

HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*

HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*

HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=NVDESK32.DLL


--------------------------------------------------


Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:


Shell=*INI section not found*

SCRNSAVE.EXE=*INI section not found*

drivers=*INI section not found*


Shell & screensaver key from Registry:


Shell=Explorer.exe

SCRNSAVE.EXE=*Registry value not found*

drivers=*Registry value not found*


Policies Shell key:


HKCU\..\Policies: Shell=*Registry key not found*

HKLM\..\Policies: Shell=*Registry value not found*


--------------------------------------------------



Enumerating Browser Helper Objects:


(no name) - C:\Program Files\Adobe\Acrobat 5.0 CE\Reader\ActiveX\AcroIEHelper.ocx - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}

(no name) - C:\PROGRA~1\FLASHGET\jccatch.dll - {A5366673-E8CA-11D3-9CD9-0090271D075B}


--------------------------------------------------


Enumerating Download Program Files:


[{10000000-1000-0000-1000-000000000000}]

CODEBASE = file://C:\Program Files\Internet Explorer\upudgxbx.exe


[{33564D57-0000-0010-8000-00AA00389B71}]

CODEBASE = http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB


[Shockwave Flash Object]

InProcServer32 = C:\WINDOWS\System32\macromed\flash\Flash.ocx

CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab


[Yahoo! Webcam Viewer Wrapper]

InProcServer32 = C:\WINDOWS\Downloaded Program Files\yvwrctl.dll

CODEBASE = http://chat.yahoo.com/cab/yvwrctl.cab


[MainControl Class]

InProcServer32 = C:\WINDOWS\System32\SkanerOnline.dll

CODEBASE = http://skaner.mks.com.pl/SkanerOnline.cab


--------------------------------------------------


Enumerating ShellServiceObjectDelayLoad items:


PostBootReminder: C:\WINDOWS\system32\SHELL32.dll

CDBurn: C:\WINDOWS\system32\SHELL32.dll

WebCheck: C:\WINDOWS\System32\webcheck.dll

SysTray: C:\WINDOWS\System32\stobject.dll


--------------------------------------------------

End of report, 6 232 bytes

Report generated in 1,532 seconds


Command line options:

   /verbose - to add additional info on each section

   /complete - to include empty sections and unsuspicious data

   /full - to include several rarely-important sections

   /force9x - to include Win9x-only startups even if running on WinNT

   /forcent - to include WinNT-only startups even if running on Win9x

   /forceall - to include all Win9x and WinNT startups, regardless of platform

   /history - to list version history only