Witam
Domyślam się, że takich tematów już kilka było, postanowiłem założyć nowy bo każdy log jest inny… Mnie spotkał podobny problem - czerwona tapeta z super napisaem “your privacy is in danger”… dodatkowo wyskakujace reklamy przeróżnych programów antyspyware, antyaware… itd itd itd
na poczatku odpalilem ad-aware, cos tam pousuwal… f-secure tez cos znalazl. Na koniec odpalilem FixWareOut’a, ktory tez usunal rzekomo jakies pliki.
na koniec dodaje logi z HJT i SilentRunners, proszę o pomoc gdyż problem nie zniknal 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:10:42, on 2007-11-18
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
C:\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE
C:\WINDOWS\System32\CTsvcCDA.exe
C:\F-Secure 2006\Anti-Virus\fsgk32st.exe
C:\F-Secure 2006\Anti-Virus\FSGK32.EXE
C:\F-Secure 2006\backweb\4476822\program\fsbwsys.exe
C:\F-Secure 2006\Common\FSMA32.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\F-Secure 2006\Common\FSMB32.EXE
C:\WINDOWS\System32\svchost.exe
C:\F-Secure 2006\Anti-Virus\fssm32.exe
C:\F-Secure 2006\Common\FCH32.EXE
C:\F-Secure 2006\Anti-Virus\fsqh.exe
C:\F-Secure 2006\Common\FAMEH32.EXE
C:\F-Secure 2006\Anti-Virus\fsrw.exe
C:\WINDOWS\Explorer.EXE
C:\F-Secure 2006\FWES\Program\fsdfwd.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb11.exe
C:\F-Secure 2006\Common\FSM32.EXE
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\F-Secure 2006\Anti-Virus\fsav32.exe
C:\F-Secure 2006\backweb\4476822\Program\fspex.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\F-SECU~1\ANTI-S~1\fsaw.exe
C:\F-Secure 2006\FSGUI\fsguidll.exe
E:\Firefox\firefox.exe
C:\WINDOWS\System32\WScript.exe
C:\WINDOWS\System32\WScript.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm
--
End of file - 2368 bytes
"Silent Runners.vbs", revision 52, http://www.silentrunners.org/
Operating System: Windows XP
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" = ""C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"" ["Nero AG"]
"Skype" = ""C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized" ["Skype Technologies S.A."]
"CTSyncU.exe" = ""C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"" [empty string]
"Windows Firewall" = "C:\WINDOWS\System32\drivers\svchost.exe" [file not found]
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"SoundMan" = "SOUNDMAN.EXE" ["Realtek Semiconductor Corp."]
"HPDJ Taskbar Utility" = "C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb11.exe" ["HP"]
"KernelFaultCheck" = "C:\WINDOWS\system32\dumprep 0 -k"
"F-Secure Manager" = ""C:\F-Secure 2006\Common\FSM32.EXE" /splash" ["F-Secure Corporation"]
"F-Secure TNB" = ""C:\F-Secure 2006\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW" ["F-Secure Corporation"]
"F-Secure Startup Wizard" = ""C:\F-Secure 2006\FSGUI\FSSW.EXE" /reboot" ["F-Secure Corporation"]
HKLM\Software\Microsoft\Active Setup\Installed Components\
{306D6C21-C1B6-4629-986C-E59E1875B8AF}\(Default) = (no title provided)
\StubPath = ""C:\WINDOWS\System32\rundll32.exe" "C:\Program Files\Messenger\msgsc.dll",ShowIconsUser" [MS]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{6A78E352-B1FA-4C18-9C48-96DD03979770}\(Default) = (no title provided)
-> {HKLM...CLSID} = "MSVPS System"
\InProcServer32\(Default) = "C:\WINDOWS\popnetmtq.dll" [empty string]
{8036D4D7-AAD3-4793-AB49-329E437155A8}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Mario Forever Toolbar Helper"
\InProcServer32\(Default) = "C:\Program Files\Mario Forever Toolbar\v2.0.0.3\Mario_Forever_Toolbar.dll" [file not found]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"
-> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Eksplorator pulpitów"
-> {HKLM...CLSID} = "Eksplorator pulpitów"
\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\msohev.dll" [MS]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "E:\WinRarPL\rarext.dll" [null data]
"{B327765E-D724-4347-8B16-78AE18552FC3}" = "NeroDigitalIconHandler"
-> {HKLM...CLSID} = "NeroDigitalIconHandler Class"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\lib\NeroDigitalExt.dll" ["Nero AG"]
"{7F1CF152-04F8-453A-B34C-E609530A9DC8}" = "NeroDigitalPropSheetHandler"
-> {HKLM...CLSID} = "NeroDigitalPropSheetHandler Class"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\lib\NeroDigitalExt.dll" ["Nero AG"]
"{416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A}" = "PhoneBrowser"
-> {HKLM...CLSID} = "Nokia Phone Browser"
\InProcServer32\(Default) = "E:\PC Suite\Nokia PC Suite 6\PhoneBrowser.dll" ["Nokia"]
"{FED7043D-346A-414D-ACD7-550D052499A7}" = "dBpowerAMP Music Converter 1"
-> {HKLM...CLSID} = "dBpShell Class"
\InProcServer32\(Default) = "E:\dBpowerAMP\dBShell.dll" [empty string]
"{2C49B5D0-ACE7-4D17-9DF0-A254A6C5A0C5}" = "dBpowerAMP Music Converter"
-> {HKLM...CLSID} = "dMCIShell Class"
\InProcServer32\(Default) = "E:\dBpowerAMP\dMCShell.dll" [empty string]
"{4FED14EE-8086-4b0c-A0DE-C27042ED1296}" = "PDFTransformer2ContextMenu"
-> {HKLM...CLSID} = "PDFTransformer2.PDFTContextMenu.1"
\InProcServer32\(Default) = "E:\Abby PDF Transformer\PDFTContextMenu.dll" ["ABBYY Software"]
"{24849E2F-0A86-40CD-A62A-B12F161882DB}" = "ZEN V Series Media Explorer"
-> {HKLM...CLSID} = "ZEN V Series Media Explorer"
\InProcServer32\(Default) = "E:\Creative Zen V\ZEN V Series Media Explorer\SHCTMTP.dll" ["Creative Technology Ltd"]
"{5E2121EE-0300-11D4-8D3B-444553540000}" = "Context Menu Extension"
-> {HKLM...CLSID} = "BackupData Class"
\InProcServer32\(Default) = "C:\WINDOWS\System32\VZCONT~1.DLL" [null data]
HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\
"sapnet" = "{5C6A7398-3121-4D6A-AA0B-3DB07504C321}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\sapnet.dll" [null data]
"rmvgor" = "{EBDE1102-D57C-4A81-8981-285A3F63A662}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\rmvgor.dll" [null data]
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\
"AppInit_DLLs" = (value not set)
HKLM\System\CurrentControlSet\Control\Session Manager\
<> "BootExecute" = "autocheck autochk *"|"aswBoot.exe /M:5a36685a /A:"*" /L:"Polish"" [file not found]
HKLM\Software\Classes\Folder\shellex\ColumnHandlers\
{7D4D6379-F301-4311-BEBA-E26EB0561882}\(Default) = "NeroDigitalExt.NeroDigitalColumnHandler"
-> {HKLM...CLSID} = "NeroDigitalColumnHandler Class"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\lib\NeroDigitalExt.dll" ["Nero AG"]
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
-> {HKLM...CLSID} = "PDF Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]
HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
BackupData\(Default) = "{5E2121EE-0300-11D4-8D3B-444553540000}"
-> {HKLM...CLSID} = "BackupData Class"
\InProcServer32\(Default) = "C:\WINDOWS\System32\VZCONT~1.DLL" [null data]
CTMTPMediaExplorer\(Default) = "{7895F317-A125-42CC-BD3E-5830765CE577}"
-> {HKLM...CLSID} = "CtMtpContextMenu Class"
\InProcServer32\(Default) = "C:\PROGRA~1\Creative\SHARED~1\CtCmeCtx.dll" ["Creative Technology Ltd"]
PandoShellExt\(Default) = "{9C150845-2A2D-44CC-90B3-AA03480AA3D2}"
-> {HKLM...CLSID} = "PDShellExt Class"
\InProcServer32\(Default) = "E:\Pando\PandoShellExt.dll" ["TODO: "]
PDFTransformer2ContextMenu\(Default) = "{4FED14EE-8086-4b0c-A0DE-C27042ED1296}"
-> {HKLM...CLSID} = "PDFTransformer2.PDFTContextMenu.1"
\InProcServer32\(Default) = "E:\Abby PDF Transformer\PDFTContextMenu.dll" ["ABBYY Software"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "E:\WinRarPL\rarext.dll" [null data]
HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
BackupData\(Default) = "{5E2121EE-0300-11D4-8D3B-444553540000}"
-> {HKLM...CLSID} = "BackupData Class"
\InProcServer32\(Default) = "C:\WINDOWS\System32\VZCONT~1.DLL" [null data]
PandoShellExt\(Default) = "{9C150845-2A2D-44CC-90B3-AA03480AA3D2}"
-> {HKLM...CLSID} = "PDShellExt Class"
\InProcServer32\(Default) = "E:\Pando\PandoShellExt.dll" ["TODO: "]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "E:\WinRarPL\rarext.dll" [null data]
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
BackupData\(Default) = "{5E2121EE-0300-11D4-8D3B-444553540000}"
-> {HKLM...CLSID} = "BackupData Class"
\InProcServer32\(Default) = "C:\WINDOWS\System32\VZCONT~1.DLL" [null data]
CTMTPMediaExplorer\(Default) = "{7895F317-A125-42CC-BD3E-5830765CE577}"
-> {HKLM...CLSID} = "CtMtpContextMenu Class"
\InProcServer32\(Default) = "C:\PROGRA~1\Creative\SHARED~1\CtCmeCtx.dll" ["Creative Technology Ltd"]
FineReader\(Default) = "{AC0DD14A-8F29-4F88-BE1D-0F0ED1B06C9F}"
-> {HKLM...CLSID} = "FineReaderExplorerContextMenuHandler"
\InProcServer32\(Default) = "e:\finereader\fecmenu.dll" ["ABBYY (BIT Software)"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "E:\WinRarPL\rarext.dll" [null data]
Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------
Note: detected settings may not have any effect.
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
"NoSMBalloonTip" = (REG_DWORD) hex:0x00000001
{unrecognized setting}
"NoSaveSettings" = (REG_DWORD) hex:0x00000000
{User Configuration|Administrative Templates|Desktop|
Don't save settings at exit}
"NoRecentDocsHistory" = (REG_DWORD) hex:0x00000001
{unrecognized setting}
"CDRAutoRun" = (REG_DWORD) hex:0x00000000
{unrecognized setting}
"NoLowDiskSpaceChecks" = (REG_DWORD) hex:0x00000001
{unrecognized setting}
"MemCheckBoxInRunDlg" = (REG_DWORD) hex:0x00000000
{unrecognized setting}
"NoClose" = (REG_DWORD) hex:0x00000000
{unrecognized setting}
"NoAutoTrayNotify" = (REG_DWORD) hex:0x00000000
{unrecognized setting}
"NoResolveTrack" = (REG_DWORD) hex:0x00000000
{unrecognized setting}
"NoResolveSearch" = (REG_DWORD) hex:0x00000001
{unrecognized setting}
"LinkResolveIgnoreLinkInfo" = (REG_DWORD) hex:0x00000001
{unrecognized setting}
"NoStartBanner" = (REG_BINARY) hex:01 00 00 00
{Remove "Click here to begin" from Start button}
"NoWelcomeScreen" = (REG_DWORD) hex:0x00000001
{unrecognized setting}
"NoRecentDocsNetHood" = (REG_DWORD) hex:0x00000001
{unrecognized setting}
"NoDesktopCleanupWizard" = (REG_DWORD) hex:0x00000001
{unrecognized setting}
"NoSharedDocuments" = (REG_DWORD) hex:0x00000001
{User Configuration|Administrative Templates|Windows Components|Windows Explorer|
Remove Shared Documents from My Computer}
"NoThemesTab" = (REG_DWORD) hex:0x00000000
{unrecognized setting}
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
"NoRemoteRecursiveEvents" = (REG_DWORD) hex:0x00000001
{unrecognized setting}
"NoStrCmpLogical" = (REG_DWORD) hex:0x00000001
{unrecognized setting}
"NoClose" = (REG_DWORD) hex:0x00000000
{unrecognized setting}
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\
"NoDispAppearancePage" = (REG_DWORD) hex:0x00000000
{unrecognized setting}
"NoColorChoice" = (REG_DWORD) hex:0x00000000
{unrecognized setting}
"NoDispBackgroundPage" = (REG_DWORD) hex:0x00000000
{User Configuration|Administrative Templates|Control Panel|Display|
Hide Desktop tab}
"NoDispCPL" = (REG_DWORD) hex:0x00000000
{User Configuration|Administrative Templates|Control Panel|Display|
Remove Display in Control Panel}
"NoDispSettingsPage" = (REG_DWORD) hex:0x00000000
{unrecognized setting}
"NoDispScrSavPage" = (REG_DWORD) hex:0x00000000
{unrecognized setting}
"NoVisualStyleChoice" = (REG_DWORD) hex:0x00000000
{unrecognized setting}
"NoSizeChoice" = (REG_DWORD) hex:0x00000000
{unrecognized setting}
HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions\
"NoUpdateCheck" = (REG_DWORD) hex:0x00000001
{unrecognized setting}
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\
"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}
"undockwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}
"RunStartupScriptSync" = (REG_DWORD) hex:0x00000000
{unrecognized setting}
"SynchronousMachineGroupPolicy" = (REG_DWORD) hex:0x00000000
{unrecognized setting}
"SynchronousUserGroupPolicy" = (REG_DWORD) hex:0x00000000
{unrecognized setting}
Active Desktop and Wallpaper:
-----------------------------
Active Desktop may be enabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "%APPDATA%\Mozilla\Firefox\Tapeta pulpitu.bmp"
Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\Dom\Dane aplikacji\Mozilla\Firefox\Tapeta pulpitu.bmp"
Active Desktop web content (hidden if disabled):
HKCU\Software\Microsoft\Internet Explorer\Desktop\Components\0\
"FriendlyName" = "Privacy Protection"
"Source" = "file:///C:\WINDOWS\privacy_danger\index.htm"
"SubscribedURL" = ""
Startup items in "Dom" & "All Users" startup folders:
-----------------------------------------------------
C:\Documents and Settings\All Users\Menu Start\Programy\Autostart
"F-Secure Anti-Virus 2006" -> shortcut to: "C:\F-Secure 2006\backweb\4476822\Program\fspex.exe -startup" ["F-Secure Internet Security 2005"]
"Adobe Gamma Loader" -> shortcut to: "C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe" ["Adobe Systems, Inc."]
"Exif Launcher" -> shortcut to: "C:\Program Files\FinePixViewer\QuickDCF.exe" ["FUJI PHOTO FILM CO., LTD."]
Enabled Scheduled Tasks:
------------------------
"HP Usg Daily" -> launches: "C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\pexpress\hphped05.exe" [empty string]
"AE53DE3E91844EDE" -> launches: "c:\docume~1\dom\daneap~1\armysi~1\FunkCurbThis.exe" [file not found]
"Scheduled scanning task" -> launches: "C:\F-SECU~1\ANTI-V~1\fsav.exe /HARD /ARCHIVE /DISINF /SCHED /NOBREAK /REPORT=C:\F-SECU~1\ANTI-V~1\report.txt " ["F-Secure Corporation"]
Winsock2 Service Provider DLLs:
-------------------------------
Namespace Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
Transport Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 16
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05
Toolbars, Explorer Bars, Extensions:
------------------------------------
Toolbars
HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\
"{463DF6D5-BEC1-4D67-B217-59DB692DFC53}"
-> {HKLM...CLSID} = "Mario Forever Toolbar"
\InProcServer32\(Default) = "C:\Program Files\Mario Forever Toolbar\v2.0.0.3\Mario_Forever_Toolbar.dll" [file not found]
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}"
-> {HKLM...CLSID} = "Megaupload Toolbar"
\InProcServer32\(Default) = "C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL" [file not found]
"{07B18EA9-A523-4961-B6BB-170DE4475CCA}"
-> {HKLM...CLSID} = "My Web Search"
\InProcServer32\(Default) = "C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL" ["MyWebSearch.com"]
"{463DF6D5-BEC1-4D67-B217-59DB692DFC53}"
-> {HKLM...CLSID} = "Mario Forever Toolbar"
\InProcServer32\(Default) = "C:\Program Files\Mario Forever Toolbar\v2.0.0.3\Mario_Forever_Toolbar.dll" [file not found]
HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{463DF6D5-BEC1-4D67-B217-59DB692DFC53}" = "Mario Forever Toolbar"
-> {HKLM...CLSID} = "Mario Forever Toolbar"
\InProcServer32\(Default) = "C:\Program Files\Mario Forever Toolbar\v2.0.0.3\Mario_Forever_Toolbar.dll" [file not found]
"{6BA27973-068D-4F85-BE84-1251E0B20FD3}" = (no title provided)
-> {HKLM...CLSID} = "The jokwmp"
\InProcServer32\(Default) = "C:\WINDOWS\jokwmp.dll" [null data]
Explorer Bars
HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\
HKLM\Software\Classes\CLSID\{1E0DE227-5CE4-4EA3-AB0C-8B03E1AA76BC}\(Default) = "My Web Search Quick View"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS]
Extensions (Tools menu items, main toolbar menu buttons)
HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBC}"
-> {HKCU...CLSID} = "Java Plug-in 1.5.0_10"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll" ["Sun Microsystems, Inc."]
-> {HKLM...CLSID} = "Java Plug-in 1.5.0_10"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll" ["Sun Microsystems, Inc."]
{215940F1-E7E0-4801-BEE3-44D045534106}\
"ButtonText" = "Wyslij SMS'a"
"Script" = "C:\Program Files\Common Files\moje.js" [null data]
{300DB664-75B5-47C0-8B45-A44ACCF73C00}\
"ButtonText" = "Osłona programu IE"
"MenuText" = "Osłona programu IE..."
"CLSIDExtension" = "{0928F506-07E8-470c-979D-147C296D4879}"
-> {HKLM...CLSID} = "F-Secure IE Shield COM button"
\InProcServer32\(Default) = "C:\F-Secure 2006\Anti-Spyware\ieshield.dll" ["F-Secure Corporation"]
Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------
Creative Service for CDROM Access, Creative Service for CDROM Access, "C:\WINDOWS\System32\CTsvcCDA.exe" ["Creative Technology Ltd"]
F-Secure Anti-Virus 2006, BackWeb Plug-in - 4476822, "C:\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE" ["F-Secure Internet Security 2005"]
F-Secure Anti-Virus Firewall Daemon, FSDFWD, ""C:\F-Secure 2006\FWES\Program\fsdfwd.exe"" ["F-Secure Corporation"]
F-Secure Management Agent, FSMA, ""C:\F-Secure 2006\Common\FSMA32.EXE"" ["F-Secure Corporation"]
fsbwsys, fsbwsys, ""C:\F-Secure 2006\backweb\4476822\program\fsbwsys.exe"" ["F-Secure Corp."]
FSGKHS, F-Secure Gatekeeper Handler Starter, ""C:\F-Secure 2006\Anti-Virus\fsgk32st.exe"" ["F-Secure Corporation"]
Netropa NHK Server, nhksrv, "C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe" [null data]
NVIDIA Driver Helper Service, NVSvc, "C:\WINDOWS\System32\nvsvc32.exe" ["NVIDIA Corporation"]
Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\System32\wdfmgr.exe" [MS]
Keyboard Driver Filters:
------------------------
HKLM\System\CurrentControlSet\Control\Class\{4D36E96B-E325-11CE-BFC1-08002BE10318}\
"UpperFilters" = <> "msikbd2k" ["Netropa Corporation"]
Print Monitors:
---------------
HKLM\System\CurrentControlSet\Control\Print\Monitors\
hpzlnt11\Driver = "hpzlnt11.dll" ["HP"]
PDF-XChange\Driver = "C:\WINDOWS\System32\pxc25pm.dll" ["Tracker Software"]
---------- (launch time: 2007-11-18 11:04:59)
<>: Suspicious data at a malware launch point.
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points, use the -supp parameter or answer "No" at the
first message box and "Yes" at the second message box.
---------- (total run time: 2506 seconds, including 15 seconds for message boxes)