Logi HJ:
Logfile of HijackThis v1.99.1
Scan saved at 14:42:19, on 2006-12-28
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\LClock\LClock.exe
F:\INSTAL\Cursor\CursorXP.exe
F:\INSTAL\StatBar\StatBar.exe
F:\INSTAL\TuneUP\MemOptimizer.exe
E:\{C4B782D4-09A2-4CD5-B5E5-3FBC9067F11D}\sidebar.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
f:\instal\winamp\winamp.exe
F:\INSTAL\Mozilla\firefox.exe
F:\INSTAL\xp-Anti-Spy\xp-AntiSpy\xp-AntiSpy.exe
H:\PROGRAMY\Programy\Do LOGA\hijackthis1.99.1\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O4 - HKLM\..\Run: [LClock] C:\Program Files\LClock\LClock.exe
O4 - HKLM\..\Run: [Vista Sidebar] C:\Program Files\Vista Sidebar\sidebar.exe
O4 - HKLM\..\Run: [kis] "F:\INSTAL\Kaspersky\avp.exe"
O4 - HKCU\..\Run: [CursorXP] F:\INSTAL\Cursor\CursorXP.exe
O4 - HKCU\..\Run: [StatBar] F:\INSTAL\StatBar\StatBar.exe
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "F:\INSTAL\TuneUP\MemOptimizer.exe" autostart
O8 - Extra context menu item: &Download with &DAP - F:\INSTAL\DAP\dapextie.htm
O9 - Extra button: Ochrona WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - F:\INSTAL\Kaspersky\scieplugin.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\INSTAL\Office\OFFICE11\REFIEBAR.DLL
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Kaspersky Lab - F:\INSTAL\Kaspersky\avp.exe
Logi SR:
"Silent Runners.vbs", revision 49, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"CursorXP" = "F:\INSTAL\Cursor\CursorXP.exe" [" "]
"StatBar" = "F:\INSTAL\StatBar\StatBar.exe" ["Globe Software"]
"TuneUp MemOptimizer" = ""F:\INSTAL\TuneUP\MemOptimizer.exe" autostart" ["TuneUp Software GmbH"]
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"LClock" = "C:\Program Files\LClock\LClock.exe" [null data]
"Vista Sidebar" = "C:\Program Files\Vista Sidebar\sidebar.exe" [null data]
"kis" = ""F:\INSTAL\Kaspersky\avp.exe"" ["Kaspersky Lab"]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"
-> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
-> {HKLM...CLSID} = "Portable Media Devices Menu"
\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "F:\INSTAL\Office\OFFICE11\msohev.dll" [MS]
"{44440D00-FF19-4AFC-B765-9A0970567D97}" = "TuneUp Theme Extension"
-> {HKLM...CLSID} = "TuneUp Theme Extension"
\InProcServer32\(Default) = "C:\WINDOWS\system32\uxtuneup.dll" ["TuneUp Software GmbH"]
"{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}" = "UnlockerShellExtension"
-> {HKLM...CLSID} = "UnlockerShellExtension"
\InProcServer32\(Default) = "F:\INSTAL\Unlocker\UnlockerCOM.dll" [null data]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "F:\INSTAL\WinRaR\rarext.dll" [null data]
"{5D64CBA3-BDEC-427C-8A7F-8CB7C9EA7C74}" = "xdrive.LinkedIconOverlay"
-> {HKLM...CLSID} = "Xdrive LinkedIconOverlay Class"
\InProcServer32\(Default) = "F:\INSTAL\XDriver\Overlay.dll" ["XDrive"]
"{7C541B8D-BD5A-4687-9010-50E2B5D4A8E4}" = "xdrive.LinkedSharedIconOverlay"
-> {HKLM...CLSID} = "Xdrive LinkedSharedIconOverlay Class"
\InProcServer32\(Default) = "F:\INSTAL\XDriver\Overlay.dll" ["XDrive"]
"{39C2972F-3338-471B-8D67-FA82E46E3AC2}" = "xdrive.SharedIconOverlay"
-> {HKLM...CLSID} = "Xdrive SharedIconOverlay Class"
\InProcServer32\(Default) = "F:\INSTAL\XDriver\Overlay.dll" ["XDrive"]
"{802293E4-9A69-4387-A084-42814E0BAE29}" = "XDrive properties shell extension"
-> {HKLM...CLSID} = "ShellExtnObj Class"
\InProcServer32\(Default) = "F:\INSTAL\XDriver\PropExt.dll" [null data]
"{24E75230-0B5A-445D-822E-119FBB211AF4}" = "ExecHook"
-> {HKLM...CLSID} = "ShellObj Class"
\InProcServer32\(Default) = "F:\INSTAL\XDriver\ExecHook.dll" [null data]
"{4858E7D9-8E12-45a3-B6A3-1CD128C9D403}" = "TuneUp Shredder Shell Extension"
-> {HKLM...CLSID} = "TuneUp Shredder Shell Extension"
\InProcServer32\(Default) = "F:\INSTAL\TuneUP\SDShelEx-win32.dll" ["TuneUp Software GmbH"]
"{85E0B171-04FA-11D1-B7DA-00A0C90348D6}" = "Ochrona WWW"
-> {HKLM...CLSID} = "Ochrona WWW"
\InProcServer32\(Default) = "F:\INSTAL\Kaspersky\scieplugin.dll" ["Kaspersky Lab"]
"{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"
-> {HKLM...CLSID} = "Microsoft Office Outlook"
\InProcServer32\(Default) = "F:\INSTAL\Office\OFFICE11\MLSHEXT.DLL" [MS]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"
-> {HKLM...CLSID} = "Rozszerzenie ikon plików programu Outlook"
\InProcServer32\(Default) = "F:\INSTAL\Office\OFFICE11\OLKFSTUB.DLL" [MS]
"{5E2121EE-0300-11D4-8D3B-444553540000}" = "Catalyst Context Menu extension"
-> {HKLM...CLSID} = "SimpleShlExt Class"
\InProcServer32\(Default) = "C:\Program Files\ATI Technologies\ATI.ACE\atiacmxx.dll" [empty string]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
<> "{24E75230-0B5A-445D-822E-119FBB211AF4}" = "ExecHook"
-> {HKLM...CLSID} = "ShellObj Class"
\InProcServer32\(Default) = "F:\INSTAL\XDriver\ExecHook.dll" [null data]
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
<> AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."]
<> klogon\DLLName = "C:\WINDOWS\system32\klogon.dll" ["Kaspersky Lab"]
HKLM\Software\Classes\PROTOCOLS\Filter\
<> text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]
HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
DAP_ShredMenu\(Default) = "{BED4C38B-F765-45AC-8C56-613F76BBF43E}"
-> {HKLM...CLSID} = "DAPMenuShellExt Class"
\InProcServer32\(Default) = "F:\INSTAL\DAP\PRIVAC~1\DAPCTX~1.DLL" ["Speedbit Ltd."]
Kaspersky Anti-Virus\(Default) = "{dd230880-495a-11d1-b064-008048ec2fc5}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "F:\INSTAL\Kaspersky\shellex.dll" ["Kaspersky Lab"]
PropExt\(Default) = "{802293E4-9A69-4387-A084-42814E0BAE29}"
-> {HKLM...CLSID} = "ShellExtnObj Class"
\InProcServer32\(Default) = "F:\INSTAL\XDriver\PropExt.dll" [null data]
TuneUp Shredder Shell Extension\(Default) = "{4858E7D9-8E12-45a3-B6A3-1CD128C9D403}"
-> {HKLM...CLSID} = "TuneUp Shredder Shell Extension"
\InProcServer32\(Default) = "F:\INSTAL\TuneUP\SDShelEx-win32.dll" ["TuneUp Software GmbH"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "F:\INSTAL\WinRaR\rarext.dll" [null data]
XdriveRightClickExt\(Default) = "{3C6CC269-AFF3-4D07-BB07-B26A86A4FEED}"
-> {HKLM...CLSID} = "RightClickContextMenu Class"
\InProcServer32\(Default) = "F:\INSTAL\XDriver\RightClickExt.dll" [null data]
HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
DAP_ShredMenu\(Default) = "{BED4C38B-F765-45AC-8C56-613F76BBF43E}"
-> {HKLM...CLSID} = "DAPMenuShellExt Class"
\InProcServer32\(Default) = "F:\INSTAL\DAP\PRIVAC~1\DAPCTX~1.DLL" ["Speedbit Ltd."]
TuneUp Shredder Shell Extension\(Default) = "{4858E7D9-8E12-45a3-B6A3-1CD128C9D403}"
-> {HKLM...CLSID} = "TuneUp Shredder Shell Extension"
\InProcServer32\(Default) = "F:\INSTAL\TuneUP\SDShelEx-win32.dll" ["TuneUp Software GmbH"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "F:\INSTAL\WinRaR\rarext.dll" [null data]
XdriveRightClickExt\(Default) = "{3C6CC269-AFF3-4D07-BB07-B26A86A4FEED}"
-> {HKLM...CLSID} = "RightClickContextMenu Class"
\InProcServer32\(Default) = "F:\INSTAL\XDriver\RightClickExt.dll" [null data]
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
Kaspersky Anti-Virus\(Default) = "{dd230880-495a-11d1-b064-008048ec2fc5}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "F:\INSTAL\Kaspersky\shellex.dll" ["Kaspersky Lab"]
PropExt\(Default) = "{802293E4-9A69-4387-A084-42814E0BAE29}"
-> {HKLM...CLSID} = "ShellExtnObj Class"
\InProcServer32\(Default) = "F:\INSTAL\XDriver\PropExt.dll" [null data]
UnlockerShellExtension\(Default) = "{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}"
-> {HKLM...CLSID} = "UnlockerShellExtension"
\InProcServer32\(Default) = "F:\INSTAL\Unlocker\UnlockerCOM.dll" [null data]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "F:\INSTAL\WinRaR\rarext.dll" [null data]
HKLM\Software\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\
UnlockerShellExtension\(Default) = "{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}"
-> {HKLM...CLSID} = "UnlockerShellExtension"
\InProcServer32\(Default) = "F:\INSTAL\Unlocker\UnlockerCOM.dll" [null data]
Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------
Note: detected settings may not have any effect.
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
"DisallowRun" = (REG_DWORD) hex:0x00000001
{unrecognized setting}
"ClearRecentDocsOnExit" = (REG_DWORD) hex:0x00000001
{unrecognized setting}
"NoRecentDocsNetHood" = (REG_DWORD) hex:0x00000001
{unrecognized setting}
"NoSharedDocuments" = (REG_DWORD) hex:0x00000001
{User Configuration|Administrative Templates|Windows Components|Windows Explorer|
Remove Shared Documents from My Computer}
"NoStartMenuMorePrograms" = (REG_DWORD) hex:0x00000001
{User Configuration|Administrative Templates|Start Menu and Taskbar|
Remove All Programs list from the Start menu}
"NoFolderOptions" = (REG_DWORD) hex:0x00000001
{User Configuration|Administrative Templates|Windows Components|Windows Explorer|
Removes the Folder Options menu item from the Tools menu}
"NoViewOnDrive" = (REG_DWORD) hex:0x0000000C
{unrecognized setting}
"NoDrives" = (REG_DWORD) hex:0x0000000C
{unrecognized setting}
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
"LinkResolveIgnoreLinkInfo" = (REG_DWORD) hex:0x00000000
{unrecognized setting}
"NoResolveSearch" = (REG_DWORD) hex:0x00000001
{unrecognized setting}
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\
"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}
"undockwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}
Active Desktop and Wallpaper:
-----------------------------
Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"
Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\AREK\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"
Enabled Screen Saver:
---------------------
HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\System32\ssmypics.scr" [MS]
Enabled Scheduled Tasks:
------------------------
"1-Click Maintenance" -> launches: "F:\INSTAL\TuneUP\SystemOptimizer.exe /schedulestart" ["TuneUp Software GmbH"]
Winsock2 Service Provider DLLs:
-------------------------------
Namespace Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000004\LibraryPath = "%SystemRoot%\System32\nwprovau.dll" [MS]
Transport Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 33
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05
Toolbars, Explorer Bars, Extensions:
------------------------------------
Explorer Bars
HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\
HKLM\Software\Classes\CLSID\{175556B1-4D91-4E9A-9C4B-D6888D5DEE6C}\(Default) = "&Ramka Tłumaczenia"
Implemented Categories\{00021494-0000-0000-C000-000000000046}\ [horizontal bar]
InProcServer32\(Default) = "C:\Program Files\Techland\Common\InternetTranslator\InternetTranslator.dll" ["Techland"]
HKLM\Software\Classes\CLSID\{85E0B171-04FA-11D1-B7DA-00A0C90348D6}\(Default) = "Ochrona WWW"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "F:\INSTAL\Kaspersky\scieplugin.dll" ["Kaspersky Lab"]
HKLM\Software\Classes\CLSID\{D553F157-2AB0-4B46-98D2-7BA7CA418491}\(Default) = "&Słownik Podręczny"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\Program Files\Techland\Common\InternetTranslator\InternetTranslator.dll" ["Techland"]
HKLM\Software\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Badanie"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "F:\INSTAL\Office\OFFICE11\REFIEBAR.DLL" [MS]
Extensions (Tools menu items, main toolbar menu buttons)
HKLM\Software\Microsoft\Internet Explorer\Extensions\
{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E}\
"ButtonText" = "Ochrona WWW"
{92780B25-18CC-41C8-B9BE-3C9C571A8263}\
"ButtonText" = "Badanie"
Miscellaneous IE Hijack Points
------------------------------
HKLM\Software\Microsoft\Internet Explorer\AboutURLs\
<> "TuneUp" = "file://C|/Documents and Settings/All Users/Dane aplikacji/TuneUp Software/Common/base.css" [file not found]
Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------
Agent SAP, NwSapAgent, "C:\WINDOWS\system32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\ipxsap.dll" [MS]}
Ati HotKey Poller, Ati HotKey Poller, "C:\WINDOWS\system32\Ati2evxx.exe" ["ATI Technologies Inc."]
TuneUp Design Expansion, UxTuneUp, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\uxtuneup.dll" ["TuneUp Software GmbH"]}
Usługa Pomocnik IPv6, 6to4, "C:\WINDOWS\system32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\6to4svc.dll" [MS]}
Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]
----------
<>: Suspicious data at a malware launch point.
<>: Suspicious data at a browser hijack point.
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points, use the -supp parameter or answer "No" at the
first message box and "Yes" at the second message box.
---------- (total run time: 75 seconds, including 2 seconds for message boxes)