Logfile of HijackThis v1.99.1
Scan saved at 21:30:16, on 2006-05-22
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\TPSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\pavsrv51.exe
C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\AVENGINE.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\program files\panda software\panda platinum 2006 internet security\firewall\PNMSRV.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PavFnSvr.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\AntiSpam\pskmssvc.exe
C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PsImSvc.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\apvxdwin.exe
C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\SRVLOAD.EXE
C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\WebProxy.exe
C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\PowerS.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\XP Tools\xptools.exe
C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATnotes\ATnotes.exe
C:\Program Files\Prolink\PlayTV Pro\TVRMVCR.EXE
C:\Program Files\TechniSat DVB\bin\Server4PC.exe
C:\Program Files\Prolink\PlayTV Pro\TVSCHL.EXE
C:\Program Files\Common Files\Sonic Shared\cinetray.exe
C:\Program Files\XP Tools\xptools.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Dawid\Pulpit\hijackthis_199\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.pol.chello.pl/ssi/welcome/welcome.php?url=home
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.pol.chello.pl/ssi/welcome/welcome.php?url=home
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local.,
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [WheelMouse] C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [Spik] C:\Program Files\Spik\Spik.exe -autostart
O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\Inicio.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PowerS] C:\WINDOWS\PowerS.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\APVXDWIN.EXE" /s
O4 - HKCU\..\Run: [XP Tools] C:\Program Files\XP Tools\xptools.exe /min
O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /startmonitor
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ATnotes.exe] C:\Program Files\ATnotes\ATnotes.exe
O4 - Startup: Sonic CinePlayer Quick Launch.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Remote Controller.lnk = C:\Program Files\Prolink\PlayTV Pro\TVRMVCR.EXE
O4 - Global Startup: Server4PC.lnk = C:\Program Files\TechniSat DVB\bin\Server4PC.exe
O4 - Global Startup: TVSCHL.lnk = C:\Program Files\Prolink\PlayTV Pro\TVSCHL.EXE
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://D:\PROGRA~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O18 - Protocol: wpmsg - {2E0AC5A0-3597-11D6-B3ED-0001021DC1C3} - C:\Program Files\Spik\url_wpmsg.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\wmfhotfix.dll
O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Servizio Bonjour (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software - C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\pavsrv51.exe
O23 - Service: Panda Antispam Engine (pmshellsrv) - PANDA SOFTWARE - C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\AntiSpam\pskmssvc.exe
O23 - Service: Panda Network Manager (PNMSRV) - Panda Software - c:\program files\panda software\panda platinum 2006 internet security\firewall\PNMSRV.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software Internacional - C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PsImSvc.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Software - C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\TPSrv.exe
Złączono Posta : 22.05.2006 (Pon) 21:36
"Silent Runners.vbs", revision 45, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"XP Tools" = "C:\Program Files\XP Tools\xptools.exe /min" ["XPTools"]
"McAfee.InstantUpdate.Monitor" = ""C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /startmonitor" ["Networks Associates Technologies, Inc."]
"CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS]
"ATnotes.exe" = "C:\Program Files\ATnotes\ATnotes.exe" ["Thomas Ascher"]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"WheelMouse" = "C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe" ["A4Tech Co.,Ltd."]
"Spik" = "C:\Program Files\Spik\Spik.exe -autostart" [null data]
"SCANINICIO" = ""C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\Inicio.exe"" ["Panda Software International"]
"QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]
"PowerS" = "C:\WINDOWS\PowerS.exe" ["prolink"]
"iTunesHelper" = ""C:\Program Files\iTunes\iTunesHelper.exe"" ["Apple Computer, Inc."]
"APVXDWIN" = ""C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\APVXDWIN.EXE" /s" ["Panda Software International"]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{02478D38-C3F9-4EFB-9B51-7695ECA05670}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Yahoo! Toolbar Helper"
\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "AcroIEHlprObj Class"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"
-> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{21569614-B795-46b1-85F4-E737A8DC09AD}" = "Shell Search Band"
-> {HKLM...CLSID} = "Shell Search Band"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]
"{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"
-> {HKLM...CLSID} = "Microsoft Office Outlook"
\InProcServer32\(Default) = "D:\PROGRA~1\OFFICE11\MLSHEXT.DLL" [MS]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"
-> {HKLM...CLSID} = "Rozszerzenie ikon plików programu Outlook"
\InProcServer32\(Default) = "D:\PROGRA~1\OFFICE11\OLKFSTUB.DLL" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "D:\Program Files2\OFFICE11\msohev.dll" [MS]
"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}" = "iTunes"
-> {HKLM...CLSID} = "iTunes"
\InProcServer32\(Default) = "C:\Program Files\iTunes\iTunesMiniPlayer.dll" ["Apple Computer, Inc."]
"{65756541-C65C-11CD-0000-4B656E696100}" = "Panda Antivirus"
-> {HKLM...CLSID} = "Panda Antivirus"
\InProcServer32\(Default) = "C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PAVOLE.DLL" ["Panda Software"]
"{5E2121EE-0300-11D4-8D3B-444553540000}" = "SimpleShlExt extension"
-> {HKLM...CLSID} = "SimpleShlExt Class"
\InProcServer32\(Default) = "C:\Program Files\Spik\shellext_wpmsg.dll" [empty string]
"{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"
-> {HKLM...CLSID} = "Portable Media Devices"
\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
-> {HKLM...CLSID} = "Portable Media Devices Menu"
\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
INFECTION WARNING! "{54D9498B-CF93-414F-8984-8CE7FDE0D391}" = "ewido shell guard"
-> {HKLM...CLSID} = "CShellExecuteHookImpl Object"
\InProcServer32\(Default) = "C:\Program Files\ewido anti-malware\shellhook.dll" ["TODO: "]
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\
INFECTION WARNING! "AppInit_DLLs" = "C:\WINDOWS\system32\wmfhotfix.dll" [null data]
HKLM\System\CurrentControlSet\Control\Session Manager\
INFECTION WARNING! "BootExecute" = "autocheck autochk * SsiEfr.e" [file not found], [MS], [file not found], [file not found]
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
INFECTION WARNING! avldr\DLLName = "avldr.dll" ["Panda Software"]
INFECTION WARNING! WgaLogon\DLLName = "WgaLogon.dll" [MS]
INFECTION WARNING! WRNotifier\DLLName = "WRLogonNTF.dll" ["Webroot Software, Inc."]
HKLM\Software\Classes\PROTOCOLS\Filter\
INFECTION WARNING! text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]
HKLM\Software\Classes\Folder\shellex\ColumnHandlers\
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
-> {HKLM...CLSID} = "PDF Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]
HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
ewido\(Default) = "{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E}"
-> {HKLM...CLSID} = "Ctest Object"
\InProcServer32\(Default) = "C:\Program Files\ewido anti-malware\context.dll" ["ewido networks"]
Panda Antivirus\(Default) = "{65756541-C65C-11CD-0000-4B656E696100}"
-> {HKLM...CLSID} = "Panda Antivirus"
\InProcServer32\(Default) = "C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PAVOLE.DLL" ["Panda Software"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
WPKontakt\(Default) = "{5E2121EE-0300-11D4-8D3B-444553540000}"
-> {HKLM...CLSID} = "SimpleShlExt Class"
\InProcServer32\(Default) = "C:\Program Files\Spik\shellext_wpmsg.dll" [empty string]
XPTools\(Default) = "{23F2DE6C-2C3F-4F95-B16A-56714C6FAAF4}"
-> {HKLM...CLSID} = "Context Menu Shell Extension"
\InProcServer32\(Default) = "C:\WINDOWS\system32\context.dll" ["SuperLogix"]
HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
ewido\(Default) = "{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E}"
-> {HKLM...CLSID} = "Ctest Object"
\InProcServer32\(Default) = "C:\Program Files\ewido anti-malware\context.dll" ["ewido networks"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
Panda Antivirus\(Default) = "{65756541-C65C-11CD-0000-4B656E696100}"
-> {HKLM...CLSID} = "Panda Antivirus"
\InProcServer32\(Default) = "C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PAVOLE.DLL" ["Panda Software"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
XPTools\(Default) = "{23F2DE6C-2C3F-4F95-B16A-56714C6FAAF4}"
-> {HKLM...CLSID} = "Context Menu Shell Extension"
\InProcServer32\(Default) = "C:\WINDOWS\system32\context.dll" ["SuperLogix"]
Active Desktop and Wallpaper:
-----------------------------
Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\Dawid\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"
Enabled Screen Saver:
---------------------
HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\THELOR~1.SCR" (The Lord of the Rings Fangorn Forest.scr) ["ScreenTime Media"]
DESKTOP.INI DLL launch in local fixed drive directories:
--------------------------------------------------------
WARNING! G: is an unreadable partition!
Startup items in "Dawid" & "All Users" startup folders:
-------------------------------------------------------
C:\Documents and Settings\Dawid\Menu Start\Programy\Autostart
"Sonic CinePlayer Quick Launch" -> shortcut to: "C:\Program Files\Common Files\Sonic Shared\cinetray.exe" ["Sonic Solutions"]
C:\Documents and Settings\All Users\Menu Start\Programy\Autostart
"Adobe Reader Speed Launch" -> shortcut to: "C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe" ["Adobe Systems Incorporated"]
"Remote Controller" -> shortcut to: "C:\Program Files\Prolink\PlayTV Pro\TVRMVCR.EXE" ["TelSignal Co., Ltd."]
"Server4PC" -> shortcut to: "C:\Program Files\TechniSat DVB\bin\Server4PC.exe" ["B2C2, Inc."]
"TVSCHL" -> shortcut to: "C:\Program Files\Prolink\PlayTV Pro\TVSCHL.EXE" ["TelSignal Co., Ltd."]
Winsock2 Service Provider DLLs:
-------------------------------
Namespace Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000004\LibraryPath = "C:\Program Files\Bonjour\mdnsNSP.dll" ["Apple Computer, Inc."]
Transport Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\pavlsp.dll ["Panda Software "], 01 - 03, 21
%SystemRoot%\system32\mswsock.dll [MS], 04 - 06, 09 - 20
%SystemRoot%\system32\rsvpsp.dll [MS], 07 - 08
Toolbars, Explorer Bars, Extensions:
------------------------------------
Toolbars
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"
-> {HKLM...CLSID} = "Yahoo! Toolbar"
\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."]
HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" = (no title provided)
-> {HKLM...CLSID} = "Yahoo! Toolbar"
\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."]
Explorer Bars
Dormant Explorer Bars in "View, Explorer Bar" menu
HKLM\Software\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Badanie"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "D:\PROGRA~1\OFFICE11\REFIEBAR.DLL" [MS]
Extensions (Tools menu items, main toolbar menu buttons)
HKLM\Software\Microsoft\Internet Explorer\Extensions\
{2D663D1A-8670-49D9-A1A5-4C56B4E14E84}\
"ButtonText" = "Spyware Doctor"
"CLSIDExtension" = "{A1EDC4A1-940F-48E0-8DFD-E38F1D501021}"
-> {HKLM...CLSID} = "PCTools Browser Monitor"
\InProcServer32\(Default) = "C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll" ["PC Tools"]
{92780B25-18CC-41C8-B9BE-3C9C571A8263}\
"ButtonText" = "Badanie"
{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]
Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------
ewido security suite control, ewido security suite control, "C:\Program Files\ewido anti-malware\ewidoctrl.exe" ["ewido networks"]
iPodService, iPodService, "C:\Program Files\iPod\bin\iPodService.exe" ["Apple Computer, Inc."]
Machine Debug Manager, MDM, ""C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE"" [MS]
Panda anti-virus service, PAVSRV, ""C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\pavsrv51.exe"" ["Panda Software"]
Panda Antispam Engine, pmshellsrv, "C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\AntiSpam\pskmssvc.exe" ["PANDA SOFTWARE"]
Panda Function Service, PAVFNSVR, ""C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PavFnSvr.exe"" ["Panda Software"]
Panda IManager Service, PSIMSVC, ""C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PsImSvc.exe"" ["Panda Software Internacional"]
Panda Network Manager, PNMSRV, ""c:\program files\panda software\panda platinum 2006 internet security\firewall\PNMSRV.EXE"" ["Panda Software"]
Panda Process Protection Service, PavPrSrv, ""C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe"" ["Panda Software"]
Panda TPSrv, TPSrv, ""C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\TPSrv.exe"" ["Panda Software"]
Servizio Bonjour, Bonjour Service, ""C:\Program Files\Bonjour\mDNSResponder.exe"" ["Apple Computer, Inc."]
Webroot Spy Sweeper Engine, svcWRSSSDK, "C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe" ["Webroot Software, Inc."]
Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]
Print Monitors:
---------------
HKLM\System\CurrentControlSet\Control\Print\Monitors\
Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS]
----------
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
took 37 seconds.
+ The search for all Registry CLSIDs containing dormant Explorer Bars
took 11 seconds.
---------- (total run time: 85 seconds)
Złączono Posta : 22.05.2006 (Pon) 21:37
---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------
+ Created on: 20:21:45, 2006-05-22
+ Report-Checksum: BFB7C6FB
+ Scan result:
:mozilla.53:C:\Documents and Settings\Dawid\Dane aplikacji\Mozilla\Firefox\Profiles\n5i35hsa.default\cookies.txt -> TrackingCookie.Adocean : Cleaned with backup
:mozilla.54:C:\Documents and Settings\Dawid\Dane aplikacji\Mozilla\Firefox\Profiles\n5i35hsa.default\cookies.txt -> TrackingCookie.Adocean : Cleaned with backup
:mozilla.19:C:\Documents and Settings\Dawid_2\Dane aplikacji\Mozilla\Firefox\Profiles\g4i6y1c9.default\cookies.txt -> TrackingCookie.Adocean : Cleaned with backup
:mozilla.20:C:\Documents and Settings\Dawid_2\Dane aplikacji\Mozilla\Firefox\Profiles\g4i6y1c9.default\cookies.txt -> TrackingCookie.Adocean : Cleaned with backup
::Report End