A te wpisy w hijacku miałem usunąć poprzez zaznaczenie tych trzech i naciśnięcie Fix checked, tak? Jeśli tak, to tak zrobiłem. A oto logi:
Kod:
ComboFix 08-07-15.4 - Pimpuś 2008-07-17 14:43:48.2 - NTFSx86
Microsoft Windows XP Home Edition5.1.2600.2.1250.1.1045.18.623 [GMT 2:00]
Running from: C:Documents and SettingsPimpuśPulpitComboFix.exe
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.
((((((((((((((((((((((((( Files Created from 2008-06-17 to 2008-07-17)))))))))))))))))))))))))))))))
.
2008-07-17 12:04 . 2008-07-17 12:04 271,360 --a------ C:WINDOWSsystem32driversatksgt.sys
2008-07-17 12:04 . 2008-07-17 12:04 18,048 --a------ C:WINDOWSsystem32driverslirsgt.sys
2008-07-17 12:00 . 2008-07-17 14:29 <DIR> d-------- C:Program FilesGothic III
2008-07-16 22:16 . 2008-07-16 22:16 2,448 --a------ C:WINDOWSsystem32tmp.reg
2008-07-16 19:39 . 2007-09-06 00:22 289,144 --a------ C:WINDOWSsystem32VCCLSID.exe
2008-07-16 19:39 . 2006-04-27 17:49 288,417 --a------ C:WINDOWSsystem32SrchSTS.exe
2008-07-16 19:39 . 2008-05-29 09:35 86,528 --a------ C:WINDOWSsystem32VACFix.exe
2008-07-16 19:39 . 2008-05-18 21:40 82,944 --a------ C:WINDOWSsystem32IEDFix.exe
2008-07-16 19:39 . 2008-07-02 13:33 82,432 --a------ C:WINDOWSsystem32IEDFix.C.exe
2008-07-16 19:39 . 2008-05-23 18:21 81,920 --a------ C:WINDOWSsystem32404Fix.exe
2008-07-16 19:39 . 2003-06-05 21:13 53,248 --a------ C:WINDOWSsystem32Process.exe
2008-07-16 19:39 . 2004-07-31 18:50 51,200 --a------ C:WINDOWSsystem32dumphive.exe
2008-07-16 19:39 . 2007-10-04 00:36 25,600 --a------ C:WINDOWSsystem32WS2Fix.exe
2008-07-16 16:37 . 2008-07-16 16:37 <DIR> d-------- C:Program FilesTrend Micro
2008-07-16 13:32 . 2008-07-16 13:32 20,992 --a------ C:WINDOWSsystem32inte_f.dll
2008-07-13 12:47 . 2008-07-13 12:47 <DIR> d-------- C:cda
2008-07-08 15:24 . 2008-07-08 15:24 <DIR> d-------- C:Program FilesMSXML 6.0
2008-07-07 14:40 . 2008-07-07 14:40 <DIR> d-------- C:Documents and SettingsPimpuśDane aplikacjiMedia Player Classic
2008-07-07 14:07 . 2006-09-24 17:11 389,120 --a------ C:WINDOWSsystem32lameACM.acm
2008-07-07 14:07 . 2007-09-04 18:56 164,352 --a------ C:WINDOWSsystem32unrar.dll
2008-07-07 14:07 . 2007-09-21 02:52 118,784 --a------ C:WINDOWSsystem32ac3acm.acm
2008-07-07 14:07 . 2007-10-03 17:03 414 --a------ C:WINDOWSsystem32lame_acm.xml
2008-07-07 14:06 . 2008-07-07 14:13 <DIR> d-------- C:Program FilesSubRip
2008-07-07 14:06 . 2008-07-07 14:06 <DIR> d-------- C:Program FilesK-Lite Codec Pack
2008-07-07 14:06 . 2008-03-21 22:30 3,596,288 --a------ C:WINDOWSsystem32qt-dx331.dll
2008-07-07 14:06 . 2008-01-10 14:15 755,027 --a------ C:WINDOWSsystem32xvidcore.dll
2008-07-07 14:06 . 2008-03-31 23:25 682,496 --a------ C:WINDOWSsystem32divx.dll
2008-07-07 14:06 . 2008-01-10 14:16 159,839 --a------ C:WINDOWSsystem32xvidvfw.dll
2008-07-07 14:06 . 2008-03-21 22:28 81,920 --a------ C:WINDOWSsystem32dpl100.dll
2008-07-07 14:06 . 2008-03-28 19:41 7,680 --a------ C:WINDOWSsystem32ff_vfw.dll
2008-07-07 14:06 . 2007-07-10 18:10 547 --a------ C:WINDOWSsystem32ff_vfw.dll.manifest
2008-07-07 14:05 . 2008-07-07 14:05 <DIR> d-------- C:Program FilesMSBuild
2008-07-07 14:02 . 2008-07-07 14:02 <DIR> d-------- C:WINDOWSsystem32XPSViewer
2008-07-07 14:02 . 2008-07-07 14:02 <DIR> d-------- C:Program FilesReference Assemblies
2008-07-07 14:01 . 2006-06-29 13:07 14,048 --------- C:WINDOWSsystem32spmsg2.dll
2008-07-07 13:57 . 2008-07-07 13:57 <DIR> d-------- C:Program FilesAviSynth 2.5
2008-07-06 20:02 . 2008-07-06 20:03 <DIR> d-------- C:Documents and SettingsPimpuśDane aplikacjifoobar2000
2008-07-03 20:25 . 2008-07-03 20:29 <DIR> d-------- C:Documents and SettingsPimpuśDane aplikacjiWinamp
2008-07-03 18:28 . 2008-07-03 18:29 <DIR> d-------- C:Program FilesMicrosoft LifeCam
2008-07-03 18:27 . 2008-07-03 18:27 <DIR> d-------- C:WINDOWSsystem32driversumdf
2008-07-03 18:27 . 2008-07-03 23:00 921,624 --a------ C:img2-001.raw
2008-07-03 18:26 . 2004-08-03 23:10 10,880 --a------ C:WINDOWSsystem32driversNdisIP.sys
2008-07-03 18:26 . 2004-08-03 23:10 10,880 --a--c--- C:WINDOWSsystem32dllcachendisip.sys
2008-07-03 18:26 . 2004-08-03 22:58 5,504 --a------ C:WINDOWSsystem32driversMSTEE.sys
2008-07-03 18:26 . 2004-08-03 22:58 5,504 --a--c--- C:WINDOWSsystem32dllcachemstee.sys
2008-07-01 12:27 . 2008-07-01 12:27 <DIR> d-------- C:Program FilesSAGEM WiFi manager
2008-07-01 12:27 . 2007-01-16 13:52 20,608 --a------ C:WINDOWSsystem32driversBRGSp50.sys
2008-07-01 12:27 . 2007-01-16 13:52 17,664 --a------ C:WINDOWSsystem32driversZDPSp50.sys
2008-07-01 11:54 . 2007-01-10 10:14 450,560 --a------ C:WINDOWSsystem32driversWlanBZXP.sys
2008-06-30 21:41 . 2004-08-03 23:07 59,264 --a------ C:WINDOWSsystem32driversUSBAUDIO.sys
2008-06-30 21:41 . 2004-08-03 23:07 59,264 --a--c--- C:WINDOWSsystem32dllcacheusbaudio.sys
2008-06-30 18:31 . 2008-07-16 14:31 <DIR> d-------- C:temp
2008-06-25 10:40 . 2008-06-25 10:40 <DIR> d-------- C:Documents and SettingsPimpuśDane aplikacjiCyberLink
2008-06-20 18:59 . 2008-03-25 02:37 69,632 --a------ C:WINDOWSsystem32javacpl.cpl
2008-06-20 18:58 . 2008-06-20 18:59 <DIR> d-------- C:Program FilesJava
2008-06-20 18:57 . 2008-06-20 18:57 <DIR> d-------- C:Program FilesCommon FilesJava
2008-06-18 20:50 . 2005-05-03 18:43 69,632 --a------ C:WINDOWSAlcmtr.exe
2008-06-18 20:50 . 2007-11-14 15:18 553 --a------ C:WINDOWSUSetup.iss
2008-06-18 00:07 . 2008-06-18 16:22 238 --a------ C:WINDOWSmafosav.INI
2008-06-17 16:15 . 2008-06-17 17:50 <DIR> d-------- C:Documents and SettingsPimpuśDane aplikacjiHamachi
2008-06-17 16:14 . 2008-06-17 16:14 25,280 --a------ C:WINDOWSsystem32drivershamachi.sys
2008-06-17 14:57 . 2008-07-16 21:12 <DIR> d-------- C:Documents and SettingsPimpuśDane aplikacjiskypePM
2008-06-17 14:57 . 2008-06-17 14:57 56 --ah----- C:WINDOWSsystem32ezsidmv.dat
2008-06-17 14:55 . 2008-06-17 14:55 <DIR> d-------- C:Program FilesSkype
2008-06-17 14:55 . 2008-06-17 14:55 <DIR> d-------- C:Program FilesCommon FilesSkype
2008-06-17 14:55 . 2008-07-16 21:48 <DIR> d-------- C:Documents and SettingsPimpuśDane aplikacjiSkype
2008-06-17 14:55 . 2008-06-17 14:55 <DIR> d-------- C:Documents and SettingsAll UsersDane aplikacjiSkype
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-17 10:00 --------- d--h--w C:Program FilesInstallShield Installation Information
2008-07-17 09:34 --------- d-----w C:Documents and SettingsPimpuśDane aplikacjiAzureus
2008-07-08 14:27 --------- d-----w C:Documents and SettingsAll UsersDane aplikacjiTrackMania
2008-06-20 17:42 246,784 ----a-w C:WINDOWSsystem32mswsock.dll
2008-06-20 10:45 360,320 ----a-w C:WINDOWSsystem32driverstcpip.sys
2008-06-20 10:44 138,368 ----a-w C:WINDOWSsystem32driversafd.sys
2008-06-20 09:52 225,920 ----a-w C:WINDOWSsystem32driverstcpip6.sys
2008-06-14 18:01 273,024 ------w C:WINDOWSsystem32driversbthport.sys
2008-06-13 16:50 --------- d-----w C:Documents and SettingsPimpuśDane aplikacjiXfire
2008-06-09 12:25 --------- d-----w C:Program FilesGoogle
2008-06-09 11:17 --------- d-----w C:Program FilesCommon FilesAdobe
2008-06-09 11:16 --------- d-----w C:Program FilesAdobe Media Player
2008-06-07 09:33 --------- d-----w C:Documents and SettingsAll UsersDane aplikacjiApple Computer
2008-06-07 09:20 --------- d-----w C:Documents and SettingsPimpuśDane aplikacjiApple Computer
2008-06-07 09:19 --------- d-----w C:Program FilesBonjour
2008-06-07 09:19 --------- d-----w C:Program FilesApple Software Update
2008-06-07 09:18 --------- d-----w C:Program FilesCommon FilesApple
2008-06-07 09:18 --------- d-----w C:Documents and SettingsAll UsersDane aplikacjiApple
2008-06-02 16:10 4,752,384 ----a-w C:WINDOWSsystem32driversRtkHDAud.sys
2008-05-31 12:12 --------- d-----w C:Documents and SettingsAll UsersDane aplikacjiAzureus
2008-05-28 12:52 16,862,720 ----a-w C:WINDOWSRTHDCPL.exe
2008-05-25 15:37 --------- d-----w C:Program FilesCommon FilesDirectX
2008-05-18 08:49 --------- d-----w C:Documents and SettingsPimpuśDane aplikacjiMicrosoft Web Folders
2008-05-18 08:48 --------- d-----w C:Program Filesmicrosoft frontpage
2008-05-18 08:41 --------- d-----w C:Documents and SettingsPimpuśDane aplikacjiGadu-Gadu
2008-05-18 08:24 --------- d-----w C:Program FilesWindows Defender
2008-05-18 08:09 --------- d-----w C:Program FilesSAGEM
2008-05-18 07:50 --------- d-----w C:Program FilesCyberLink
2008-05-18 07:50 --------- d-----w C:Documents and SettingsAll UsersDane aplikacjiCyberLink
2008-05-18 07:49 --------- d-----w C:Program FilesCommon FilesNero
2008-05-18 07:48 --------- d-----w C:Program FilesAhead
2008-05-18 07:47 --------- d-----w C:Program FilesCommon FilesAhead
2008-05-18 07:41 --------- d-----w C:Program FilesAlwil Software
2008-05-18 07:36 15,600 ----a-w C:WINDOWSgdrv.sys
2008-05-18 07:34 315,392 ----a-w C:WINDOWSHideWin.exe
2008-05-18 07:34 --------- d-----w C:Program FilesRealtek
2008-05-18 07:34 --------- d-----w C:Program FilesDIFX
2008-05-18 07:34 --------- d-----w C:Program FilesCommon FilesInstallShield
2008-05-18 07:33 --------- d-----w C:Documents and SettingsPimpuśDane aplikacjiInstallShield
2008-05-18 07:20 --------- d-----w C:Program FilesUsługi online
2008-05-07 05:16 1,291,264 ----a-w C:WINDOWSsystem32quartz.dll
2008-04-21 07:03 662,016 ----a-w C:WINDOWSsystem32wininet.dll
.
((((((((((((((((((((((((((((( snapshot@2008-07-16_22.22.34.98 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-07-17 12:29:16 16,384 ----atw C:WINDOWSTempPerflib_Perfdata_748.dat
+ 2005-09-22 21:49:12 95,744 ----a-w C:WINDOWSWinSxSx86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_6e805841ATL80.dll
+ 2005-09-22 23:16:02 1,093,632 ----a-w C:WINDOWSWinSxSx86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2mfc80.dll
+ 2005-09-22 23:16:06 1,079,808 ----a-w C:WINDOWSWinSxSx86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2mfc80u.dll
+ 2005-09-22 23:16:08 69,632 ----a-w C:WINDOWSWinSxSx86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2mfcm80.dll
+ 2005-09-22 23:16:10 57,344 ----a-w C:WINDOWSWinSxSx86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2mfcm80u.dll
+ 2005-09-22 22:58:06 40,960 ----a-w C:WINDOWSWinSxSx86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0mfc80CHS.dll
+ 2005-09-22 22:58:06 45,056 ----a-w C:WINDOWSWinSxSx86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0mfc80CHT.dll
+ 2005-09-22 22:58:06 65,536 ----a-w C:WINDOWSWinSxSx86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0mfc80DEU.dll
+ 2005-09-22 22:58:06 57,344 ----a-w C:WINDOWSWinSxSx86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0mfc80ENU.dll
+ 2005-09-22 22:58:06 61,440 ----a-w C:WINDOWSWinSxSx86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0mfc80ESP.dll
+ 2005-09-22 22:58:06 61,440 ----a-w C:WINDOWSWinSxSx86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0mfc80FRA.dll
+ 2005-09-22 22:58:06 61,440 ----a-w C:WINDOWSWinSxSx86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0mfc80ITA.dll
+ 2005-09-22 22:58:06 49,152 ----a-w C:WINDOWSWinSxSx86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0mfc80JPN.dll
+ 2005-09-22 22:58:06 49,152 ----a-w C:WINDOWSWinSxSx86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0mfc80KOR.dll
+ 2005-09-22 23:35:10 65,536 ----a-w C:WINDOWSWinSxSx86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0ee63867vcomp.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
"avast!"="C:PROGRA~1ALWILS~1Avast4ashDisp.exe" [2008-05-16 01:19 79224]
"NeroFilterCheck"="C:WINDOWSsystem32NeroCheck.exe" [2001-07-09 11:50 155648]
"RemoteControl"="C:Program FilesCyberLinkPowerDVDPDVDServ.exe" [2003-10-31 19:42 32768]
"Adobe Reader Speed Launcher"="C:Program FilesAdobeReader 8.0ReaderReader_sl.exe" [2008-01-11 22:16 39792]
"SunJavaUpdateSched"="C:Program FilesJavajre1.6.0_06binjusched.exe" [2008-03-25 04:28 144784]
"VX1000"="C:WINDOWSvVX1000.exe" [2007-04-10 23:46 709992]
"LifeCam"="C:Program FilesMicrosoft LifeCamLifeExp.exe" [2007-05-17 23:45 279912]
"WinampAgent"="D:ProgramyWinampwinampa.exe" [2008-04-01 20:49 36352]
"RTHDCPL"="RTHDCPL.EXE" [2008-05-28 14:52 16862720 C:WINDOWSRTHDCPL.exe]
[HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
"CTFMON.EXE"="C:WINDOWSsystem32CTFMON.EXE" [2004-08-04 14:00 15360]
[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversiondrivers32]
"VIDC.I420"= i420vfw.dll
"vidc.yv12"= yv12vfw.dll
[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
"%windir%\system32\sessmgr.exe"=
"D:\Gry\Counter Strike 1.6\hl.exe"=
"D:\Gry\TmNationsForever\TmForever.exe"=
"D:\Programy\eMule\emule.exe"=
"D:\Programy\Azureus\Azureus.exe"=
"D:\Gry\Worms 4 Totalna Rozwałka\WORMS 4 MAYHEM.EXE"=
"C:\Program Files\Bonjour\mDNSResponder.exe"=
"D:\Gry\LucasArts\Star Wars Battlefront II\GameData\BattlefrontII.exe"=
"C:\WINDOWS\system32\dpvsetup.exe"=
"C:\Program Files\Microsoft LifeCam\LifeCam.exe"=
"C:\Program Files\Microsoft LifeCam\LifeExp.exe"=
"C:\Program Files\Skype\Phone\Skype.exe"=
[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileGloballyOpenPortsList]
"8461:TCP"= 8461:TCP:GoD High Port
"8462:TCP"= 8462:TCP:GoD Low Port
R1 aswSP;avast! Self Protection;C:WINDOWSsystem32driversaswSP.sys [2008-05-16 01:20]
R2 aswFsBlk;aswFsBlk;C:WINDOWSsystem32DRIVERSaswFsBlk.sys [2008-05-16 01:16]
R2 MSCamSvc;MSCamSvc;C:Program FilesMicrosoft LifeCamMSCamS32.exe [2007-05-17 23:45]
R3 SG762_XP;SAGEM 802.11g XG762 1211B Driver;C:WINDOWSsystem32DRIVERSWlanBZXP.sys [2007-01-10 10:14]
R3 VX1000;VX-1000;C:WINDOWSsystem32DRIVERSVX1000.sys [2007-04-10 23:46]
S3 ZDCndis5;ZDCndis5 Protocol Driver;C:WINDOWSsystem32ZDCndis5.SYS []
.
Contents of the ''Scheduled Tasks'' folder
"2008-07-03 16:25:46 C:WINDOWSTasksMicrosoft_Hardware_Launch_setup_exe.job"
- E:setup.exe
"2008-07-17 12:32:25 C:WINDOWSTasksMP Scheduled Scan.job"
- C:Program FilesWindows DefenderMpCmdRun.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-17 14:44:43
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-07-17 14:45:19
ComboFix-quarantined-files.txt2008-07-17 12:45:08
ComboFix2.txt2008-07-16 20:22:53
Pre-Run: 21,013,753,856 bajtów wolnych
Post-Run: 21,004,636,160 bajtów wolnych
204 --- E O F --- 2008-07-11 17:00:37
Kod:
"Silent Runners.vbs", revision 58, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKLMSOFTWAREMicrosoftWindowsCurrentVersionRun {++}
"avast!" = "C:PROGRA~1ALWILS~1Avast4ashDisp.exe" ["ALWIL Software"]
"NeroFilterCheck" = "C:WINDOWSsystem32NeroCheck.exe" ["Ahead Software Gmbh"]
"RemoteControl" = ""C:Program FilesCyberLinkPowerDVDPDVDServ.exe"" ["Cyberlink Corp."]
"Windows Defender" = ""C:Program FilesWindows DefenderMSASCui.exe" -hide" [MS]
"Adobe Reader Speed Launcher" = ""C:Program FilesAdobeReader 8.0ReaderReader_sl.exe"" ["Adobe Systems Incorporated"]
"RTHDCPL" = "RTHDCPL.EXE" ["Realtek Semiconductor Corp."]
"Alcmtr" = "ALCMTR.EXE" ["Realtek Semiconductor Corp."]
"SunJavaUpdateSched" = ""C:Program FilesJavajre1.6.0_06binjusched.exe"" ["Sun Microsystems, Inc."]
"VX1000" = "C:WINDOWSvVX1000.exe" [MS]
"LifeCam" = ""C:Program FilesMicrosoft LifeCamLifeExp.exe"" [MS]
"WinampAgent" = "D:ProgramyWinampwinampa.exe" [null data]
HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided)
-> {HKLM...CLSID} = "Adobe PDF Reader Link Helper"
InProcServer32(Default) = "C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll" ["Adobe Systems Incorporated"]
{4AD3A71E-8ED4-40F5-9A81-69245BDCBB75}(Default) = (no title provided)
-> {HKLM...CLSID} = "BHO.Filter"
InProcServer32(Default) = "C:WINDOWSsystem32iefltr.dll" [null data]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}(Default) = (no title provided)
-> {HKLM...CLSID} = "SSVHelper Class"
InProcServer32(Default) = "C:Program FilesJavajre1.6.0_06binssv.dll" ["Sun Microsystems, Inc."]
{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}(Default) = "Ask Toolbar BHO"
-> {HKLM...CLSID} = "Ask Toolbar BHO"
InProcServer32(Default) = "C:Program FilesAskSBarbar1.binASKSBAR.DLL" ["Ask.com"]
HKLMSOFTWAREMicrosoftWindowsCurrentVersionShell ExtensionsApproved
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"
-> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"
InProcServer32(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
InProcServer32(Default) = "C:WINDOWSsystem32hticons.dll" ["Hilgraeve, Inc."]
"{472083B0-C522-11CF-8763-00608CC02F24}" = "avast"
-> {HKLM...CLSID} = "avast"
InProcServer32(Default) = "C:Program FilesAlwil SoftwareAvast4ashShell.dll" ["ALWIL Software"]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
InProcServer32(Default) = "D:ProgramyWinRARrarext.dll" [null data]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"
-> {HKLM...CLSID} = "Rozszerzenie ikon plików programu Outlook"
InProcServer32(Default) = "C:PROGRA~1MICROS~2OfficeOLKFSTUB.DLL" [MS]
HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorerShellExecuteHooks
<<!>> "{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}" = "Microsoft AntiMalware ShellExecuteHook"
-> {HKLM...CLSID} = "Microsoft AntiMalware ShellExecuteHook"
InProcServer32(Default) = "C:PROGRA~1WINDOW~4MpShHook.dll" [MS]
HKLMSOFTWAREMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoad
"WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
-> {HKLM...CLSID} = "WPDShServiceObj Class"
InProcServer32(Default) = "C:WINDOWSsystem32WPDShServiceObj.dll" [MS]
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotify
<<!>> AtiExtEventDLLName = "Ati2evxx.dll" ["ATI Technologies Inc."]
HKLMSOFTWAREClassesFoldershellexColumnHandlers
{F9DB5320-233E-11D1-9F84-707F02C10627}(Default) = "PDF Column Info"
-> {HKLM...CLSID} = "PDF Shell Extension"
InProcServer32(Default) = "C:Program FilesCommon FilesAdobeAcrobatActiveXPDFShell.dll" ["Adobe Systems, Inc."]
HKLMSOFTWAREClasses*shellexContextMenuHandlers
avast(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
-> {HKLM...CLSID} = "avast"
InProcServer32(Default) = "C:Program FilesAlwil SoftwareAvast4ashShell.dll" ["ALWIL Software"]
WinRAR(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
InProcServer32(Default) = "D:ProgramyWinRARrarext.dll" [null data]
HKLMSOFTWAREClassesDirectoryshellexContextMenuHandlers
WinRAR(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
InProcServer32(Default) = "D:ProgramyWinRARrarext.dll" [null data]
HKLMSOFTWAREClassesFoldershellexContextMenuHandlers
avast(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
-> {HKLM...CLSID} = "avast"
InProcServer32(Default) = "C:Program FilesAlwil SoftwareAvast4ashShell.dll" ["ALWIL Software"]
WinRAR(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
InProcServer32(Default) = "D:ProgramyWinRARrarext.dll" [null data]
Group Policies {policy setting}:
--------------------------------
Note: detected settings may not have any effect.
HKLMSOFTWAREMicrosoftWindowsCurrentVersionPoliciesSystem
"shutdownwithoutlogon" = (REG_DWORD) dword:0x00000001
{Shutdown: Allow system to be shut down without having to log on}
"undockwithoutlogon" = (REG_DWORD) dword:0x00000001
{Devices: Allow undock without having to log on}
Active Desktop and Wallpaper:
-----------------------------
Active Desktop may be disabled at this entry:
HKCUSoftwareMicrosoftWindowsCurrentVersionExplorerShellState
Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCUSoftwareMicrosoftInternet ExplorerDesktopGeneral
"Wallpaper" = "C:WINDOWSsystem32configsystemprofileUstawienia lokalneDane aplikacjiMicrosoftWallpaper1.bmp"
Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCUControl PanelDesktop
"Wallpaper" = "C:Documents and SettingsPimpuśUstawienia lokalneDane aplikacjiMicrosoftWallpaper1.bmp"
Enabled Screen Saver:
---------------------
HKCUControl PanelDesktop
"SCRNSAVE.EXE" = "C:WINDOWSsystem32logon.scr" [MS]
Windows Portable Device AutoPlay Handlers
-----------------------------------------
HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorerAutoplayHandlersHandlers
MPCPlayCDAudioOnArrival
"Provider" = "Media Player Classic"
"InvokeProgID" = "MediaPlayerClassic.Autorun"
"InvokeVerb" = "PlayCDAudio"
HKLMSOFTWAREClassesMediaPlayerClassic.AutorunshellPlayCDAudiocommand(Default) = ""C:Program FilesK-Lite Codec PackMedia Player Classicmplayerc.exe" %1 /cd" ["Gabest"]
MPCPlayDVDMovieOnArrival
"Provider" = "Media Player Classic"
"InvokeProgID" = "MediaPlayerClassic.Autorun"
"InvokeVerb" = "PlayDVDMovie"
HKLMSOFTWAREClassesMediaPlayerClassic.AutorunshellPlayDVDMoviecommand(Default) = ""C:Program FilesK-Lite Codec PackMedia Player Classicmplayerc.exe" %1 /dvd" ["Gabest"]
MPCPlayMusicFilesOnArrival
"Provider" = "Media Player Classic"
"InvokeProgID" = "MediaPlayerClassic.Autorun"
"InvokeVerb" = "PlayMusicFiles"
HKLMSOFTWAREClassesMediaPlayerClassic.AutorunshellPlayMusicFilescommand(Default) = ""C:Program FilesK-Lite Codec PackMedia Player Classicmplayerc.exe" %1" ["Gabest"]
MPCPlayVideoFilesOnArrival
"Provider" = "Media Player Classic"
"InvokeProgID" = "MediaPlayerClassic.Autorun"
"InvokeVerb" = "PlayVideoFiles"
HKLMSOFTWAREClassesMediaPlayerClassic.AutorunshellPlayVideoFilescommand(Default) = ""C:Program FilesK-Lite Codec PackMedia Player Classicmplayerc.exe" %1" ["Gabest"]
MSWPDShellNamespaceHandler
"Provider" = "@%SystemRoot%system32wpdshext.dll,-501"
"CLSID" = "{A55803CC-4D53-404c-8557-FD63DBA95D24}"
"InitCmdLine" = " "
-> {HKLM...CLSID} = "WPDShextAutoplay"
LocalServer32(Default) = "C:WINDOWSsystem32WPDShextAutoplay.exe" [MS]
NeroAutoPlay2CDAudio
"Provider" = "Nero Express"
"InvokeProgID" = "Nero.AutoPlay2"
"InvokeVerb" = "HandleCDBurningOnArrival_CDAudio"
HKLMSOFTWAREClassesNero.AutoPlay2shellHandleCDBurningOnArrival_CDAudiocommand(Default) = "C:Program FilesAheadneronero.exe /w /New:AudioCD /Drive:%L" ["Ahead Software AG"]
NeroAutoPlay2CopyCD
"Provider" = "Nero Express"
"InvokeProgID" = "Nero.AutoPlay2"
"InvokeVerb" = "PlayCDAudioOnArrival_CopyCD"
HKLMSOFTWAREClassesNero.AutoPlay2shellPlayCDAudioOnArrival_CopyCDcommand(Default) = "C:Program FilesAheadneronero.exe /w /Dialog:DiscCopy /Drive:%L" ["Ahead Software AG"]
NeroAutoPlay2DataDisc
"Provider" = "Nero Express"
"InvokeProgID" = "Nero.AutoPlay2"
"InvokeVerb" = "HandleCDBurningOnArrival_DataDisc"
HKLMSOFTWAREClassesNero.AutoPlay2shellHandleCDBurningOnArrival_DataDisccommand(Default) = "C:Program FilesAheadneronero.exe /w /New:ISODisc /Drive:%L" ["Ahead Software AG"]
NeroAutoPlay2LaunchNeroStartSmart
"Provider" = "Nero StartSmart"
"InvokeProgID" = "Nero.AutoPlay2"
"InvokeVerb" = "HandleCDBurningOnArrival_LaunchNeroStartSmart"
HKLMSOFTWAREClassesNero.AutoPlay2shellHandleCDBurningOnArrival_LaunchNeroStartSmartcommand(Default) = "C:Program FilesAheadNero StartSmartNeroStartSmart.exe /AutoPlay /Drive:%L" ["Ahead Software AG"]
PDVDPlayDVDMovieOnArrival
"Provider" = "PowerDVD"
"InvokeProgID" = "DVD"
"InvokeVerb" = "PlayWithPowerDVD"
HKLMSOFTWAREClassesDVDshellPlayWithPowerDVDCommand(Default) = ""C:Program FilesCyberLinkPowerDVDPowerDVD.exe" "%l"" ["CyberLink Corp."]
Picasa2ImportPicturesOnArrival
"Provider" = "Picasa2"
"InvokeProgID" = "picasa2.autoplay"
"InvokeVerb" = "import"
HKLMSOFTWAREClassespicasa2.autoplayshellimportcommand(Default) = "D:ProgramyPicasa2Picasa2.exe "%1"" ["Google Inc."]
WinampMTPHandler
"Provider" = "Winamp"
"ProgID" = "Shell.HWEventHandlerShellExecute"
"InitCmdLine" = "D:ProgramyWinampwinamp.exe"
HKLMSOFTWAREClassesShell.HWEventHandlerShellExecuteCLSID(Default) = "{FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}"
-> {HKLM...CLSID} = "ShellExecute HW Event Handler"
LocalServer32(Default) = "rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" [MS]
WinampPlayMediaOnArrival
"Provider" = "Winamp"
"InvokeProgID" = "Winamp.File"
"InvokeVerb" = "Play"
HKLMSOFTWAREClassesWinamp.FileshellPlaycommand(Default) = ""D:ProgramyWinampwinamp.exe" "%1"" ["Nullsoft"]
HKLMSOFTWAREClassesWinamp.FileshellPlayDropTargetCLSID = "{46986115-84D6-459c-8F95-52DD653E532E}"
-> {HKLM...CLSID} = (no title provided)
LocalServer32(Default) = ""D:ProgramyWinampwinamp.exe"" ["Nullsoft"]
Startup items in "Pimpuś" & "All Users" startup folders:
--------------------------------------------------------
C:Documents and SettingsAll UsersMenu StartProgramyAutostart
"Adobe Gamma Loader" -> shortcut to: "C:Program FilesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe" ["Adobe Systems, Inc."]
"Microsoft Office" -> shortcut to: "C:Program FilesMicrosoft OfficeOfficeOSA9.EXE -b -l" [MS]
"Program sieciowy dla SAGEM Wi-Fi 11g USB adapter" -> shortcut to: "C:Program FilesSAGEM WiFi managerWLANUTL.exe" [" "]
Enabled Scheduled Tasks:
------------------------
"Microsoft_Hardware_Launch_setup_exe" -> launches: "E:setup.exe" [file not found]
"MP Scheduled Scan" -> launches: "C:Program FilesWindows DefenderMpCmdRun.exe Scan -RestrictPrivileges" [MS]
Winsock2 Service Provider DLLs:
-------------------------------
Namespace Service Providers
HKLMSYSTEMCurrentControlSetServicesWinsock2ParametersNameSpace_Catalog5Catalog_Entries {++}
000000000001LibraryPath = "%SystemRoot%System32mswsock.dll" [MS]
000000000002LibraryPath = "%SystemRoot%System32winrnr.dll" [MS]
000000000003LibraryPath = "%SystemRoot%System32mswsock.dll" [MS]
000000000004LibraryPath = "C:Program FilesBonjourmdnsNSP.dll" ["Apple Inc."]
Transport Service Providers
HKLMSYSTEMCurrentControlSetServicesWinsock2ParametersProtocol_Catalog9Catalog_Entries {++}
0000000000##PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%system32mswsock.dll [MS], 01 - 03, 06 - 17
%SystemRoot%system32rsvpsp.dll [MS], 04 - 05
Toolbars, Explorer Bars, Extensions:
------------------------------------
Toolbars
HKCUSoftwareMicrosoftInternet ExplorerToolbarWebBrowser
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"
-> {HKLM...CLSID} = "Ask Toolbar"
InProcServer32(Default) = "C:Program FilesAskSBarbar1.binASKSBAR.DLL" ["Ask.com"]
HKLMSOFTWAREMicrosoftInternet ExplorerToolbar
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}" = (no title provided)
-> {HKLM...CLSID} = "Ask Toolbar"
InProcServer32(Default) = "C:Program FilesAskSBarbar1.binASKSBAR.DLL" ["Ask.com"]
Extensions (Tools menu items, main toolbar menu buttons)
HKLMSOFTWAREMicrosoftInternet ExplorerExtensions
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC}"
-> {HKCU...CLSID} = "Java Plug-in 1.6.0_06"
InProcServer32(Default) = "C:Program FilesJavajre1.6.0_06binssv.dll" ["Sun Microsystems, Inc."]
-> {HKLM...CLSID} = "Java Plug-in 1.6.0_06"
InProcServer32(Default) = "C:Program FilesJavajre1.6.0_06binnpjpi160_06.dll" ["Sun Microsystems, Inc."]
{FB5F1910-F110-11D2-BB9E-00C04F795683}
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:Program FilesMessengermsmsgs.exe" [MS]
Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------
Ati HotKey Poller, Ati HotKey Poller, "C:WINDOWSsystem32Ati2evxx.exe" ["ATI Technologies Inc."]
avast! Antivirus, avast! Antivirus, ""C:Program FilesAlwil SoftwareAvast4ashServ.exe"" ["ALWIL Software"]
avast! iAVS4 Control Service, aswUpdSv, ""C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe"" ["ALWIL Software"]
avast! Mail Scanner, avast! Mail Scanner, ""C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe" /service" ["ALWIL Software"]
avast! Web Scanner, avast! Web Scanner, ""C:Program FilesAlwil SoftwareAvast4ashWebSv.exe" /service" ["ALWIL Software"]
Bonjour Service, Bonjour Service, ""C:Program FilesBonjourmDNSResponder.exe"" ["Apple Inc."]
MSCamSvc, MSCamSvc, ""C:Program FilesMicrosoft LifeCamMSCamS32.exe"" [MS]
Urządzenie mobilne Apple, Apple Mobile Device, ""C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe"" ["Apple, Inc."]
Windows Defender, WinDefend, ""C:Program FilesWindows DefenderMsMpEng.exe"" [MS]
---------- (launch time: 2008-07-16 19:31:27)
<<!>>: Suspicious data at a malware launch point.
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points, use the -supp parameter or answer "No" at the
first message box and "Yes" at the second message box.
---------- (total run time: 22 seconds, including 4 seconds for message boxes)