Dziwne zachowanie instalatora sterowników grafiki i Spika
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:35, on 2008-05-02
Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\Program Files\Eset\nod32krn.exe
D:\WINDOWS\system32\PnkBstrA.exe
D:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Eset\nod32kui.exe
D:\WINDOWS\SOUNDMAN.EXE
D:\Program Files\Skype\Phone\Skype.exe
D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
D:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe
D:\Program Files\DAEMON Tools Lite\daemon.exe
D:\Program Files\Skype\Plugin Manager\skypePM.exe
D:\Program Files\Spik\Spik.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.interia.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [nod32kui] "D:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] atiptaxx.exe
O4 - HKLM\..\Run: [Spik] D:\Program Files\Spik\Spik.exe -autostart
O4 - HKLM\..\RunOnce: [spik.regtool] "D:\Program Files\Spik\regtool.exe" shellext_wpmsg.dll
O4 - HKCU\..\Run: [Skype] "D:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [AtiTrayTools] "D:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Clean Traces - D:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - D:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - D:\Program Files\DAP\dapextie2.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase4009.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wpmsg - {2E0AC5A0-3597-11D6-B3ED-0001021DC1C3} - D:\Program Files\Spik\url_wpmsg.dll
O23 - Service: Adobe LM Service - Unknown owner - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Google Updater Service (gusvc) - Google - D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: IviRegMgr - InterVideo - D:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: NMIndexingService - Unknown owner - D:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe (file missing)
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - D:\Program Files\Eset\nod32krn.exe
O23 - Service: PnkBstrA - Unknown owner - D:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - D:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
--
End of file - 6167 bytes
Dziwne zachowanie polega na wyświetlaniu dziwnego komunikatu o błędzie(czerwone przekreślone kółko).Antywirus wykrył trojana w pliku svchost.exe w C:\WINDOWS\inf.
Odpowiedzi: 6
http://www.fotosik.pl/pokaz_obrazek/7cfe078b66494f87.html
http://www.fotosik.pl/pokaz_obrazek/865178be9e80a2dd.html
Zrobiłem dodatkowo próbę z innymi komunikatorami.GG działa poprawnie a WP Kontakt pokazuje dokładnie taki sam błąd.
Dodatkowo lista błędów generowanych przez system:
Błąd 2008-05-08 10:32:38 Service Control Manager Brak 7000 Brak DOM
Nie można uruchomić usługi{95808DC4-FA4A-4c74-92FE-5B863F82066B} Z powodu nast.błędu.Nie można odnaleźć pliku.
Błąd 2008-05-08 10:32:38 Service Control Manager Brak 7000 Brak DOM
Nie można uruchomić usługi MainSrv.System nie może odnaleźć ścieżki.
Błąd 2008-05-08 10:32:38 Service Control Manager Brak 7000 Brak DOM
Nie można uruchomić usługi IviRegMgr.Nie można odnaleźć pliku.
Błąd 2008-05-08 10:32:19 ati2mtag CRT 45062 Brak DOM
CRT invalid display type.
7026 Nie można załadować sterowników startu rozruchowego lub systemowego Imapi
7000 Nie można uruchomić menadżera przekazywania.Konto podane dla tej usługi różni się od konta podanego dla innych usług działających w tym procesie.
Nie można załadować usługi regi Nie można odnaleźć pliku.
Albo slepne na starość albo nie widze nic konkretnego ....
Tu -> http://forum.centrumxp.pl/default.aspx?g=posts&t=156273 masz o tym jak screena wstawić - pokaz jak to wygląda.
A tak w szczegółach Spik uruchamia sie normalnie.Pobiera pocztę z kont itp.Problem pojawia sie w momencie otrzymania wiadomości.Po kliknięciu na dymek pojawia sie okienko z ikonka ComboFix.Po anulowaniu okienka pojawia sie okno rozmowy,ale nie ma treści wiadomości.To samo jest przy próbie wysłania.Wiadomość sie co prawda wysyła ale w oknie rozmowy jej nie widać.Nie widac też historii(archiwum)wiadomości.Przy intalatorze w momencie uruchomienia(dwuklik)pojawia sie ta sama ikona ComboFix tyle tylko że nad nią jest napis irsetup.
ComboFix 08-05-01.1 - Jakub 2008-05-06 7:24:05.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.129 [GMT 2:00]
Running from: D:\Documents and Settings\Jakub\Pulpit\Combo-Fix.exe
* Resident AV is active
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.
((((((((((((((((((((((((( Files Created from 2008-04-06 to 2008-05-06 )))))))))))))))))))))))))))))))
.
2008-05-04 19:09 . 2008-05-04 19:09 d-------- D:\Program Files\Gadu-Gadu
2008-05-04 19:09 . 2008-05-04 19:09 d-------- D:\Documents and Settings\Jakub\Gadu-Gadu
2008-05-02 22:32 . 2008-05-02 22:32 128 --a------ D:\Documents and Settings\Jakub\CFScript.txt
2008-05-02 18:50 . 2004-08-04 01:27 1,896,400 --a------ D:\WINDOWS\system32\dllcache\nt5.cat
2008-05-02 18:49 . 2004-08-04 00:43 686,080 --a------ D:\WINDOWS\system32\advapi32.dll
2008-05-02 18:49 . 2004-08-04 00:44 624,128 --a------ D:\WINDOWS\system32\autoconv.exe
2008-05-02 18:49 . 2004-08-04 00:44 610,304 --a------ D:\WINDOWS\system32\autochk.exe
2008-05-02 17:51 . 2006-02-22 03:05 139,264 --a------ D:\WINDOWS\system32\atiprbxx.exe
2008-05-02 17:51 . 2004-09-30 17:17 135,168 --a------ D:\WINDOWS\system32\DIRECTX.CPL
2008-05-02 17:48 . 2004-02-23 20:42 1,386,496 --a------ D:\WINDOWS\system32\msvbvm60.dll
2008-05-01 13:25 . 2008-02-25 20:54 105,088 --a------ D:\WINDOWS\system32\drivers\Rtnicxp.sys
2008-05-01 13:06 . 2008-05-01 13:06 0 --a------ D:\WINDOWS\control.ini
2008-05-01 13:05 . 2008-05-01 13:05 749 -rah----- D:\WINDOWS\WindowsShell.Manifest
2008-05-01 13:05 . 2008-05-01 13:05 749 -rah----- D:\WINDOWS\system32\wuaucpl.cpl.manifest
2008-05-01 13:05 . 2008-05-01 13:05 749 -rah----- D:\WINDOWS\system32\sapi.cpl.manifest
2008-05-01 13:05 . 2008-05-01 13:05 749 -rah----- D:\WINDOWS\system32\nwc.cpl.manifest
2008-05-01 13:05 . 2008-05-01 13:05 749 -rah----- D:\WINDOWS\system32\ncpa.cpl.manifest
2008-05-01 13:05 . 2008-05-01 13:05 488 -rah----- D:\WINDOWS\system32\logonui.exe.manifest
2008-05-01 13:02 . 2001-07-22 02:36 65,832 --a------ D:\WINDOWS\Stiuk z Santa Fe.bmp
2008-05-01 13:02 . 2001-07-22 02:36 9,522 --a------ D:\WINDOWS\Indiaäski pled.bmp
2008-05-01 13:02 . 2001-07-22 02:36 1,272 --a------ D:\WINDOWS\Niebieska koronka 16.bmp
2008-05-01 10:48 . 2001-10-26 21:29 24,661 --a------ D:\WINDOWS\system32\spxcoins.dll
2008-05-01 10:48 . 2001-10-26 21:29 13,312 --a------ D:\WINDOWS\system32\irclass.dll
2008-05-01 10:47 . 2004-08-04 01:27 1,086,058 -ra------ D:\WINDOWS\SET9D.tmp
2008-05-01 10:47 . 2004-08-04 01:32 1,014,483 -ra------ D:\WINDOWS\SET9A.tmp
2008-05-01 10:47 . 2001-10-27 15:34 808,524 --a--c--- D:\WINDOWS\system32\dllcache\NT5IIS.CAT
2008-05-01 10:47 . 2001-10-27 15:34 399,670 --a--c--- D:\WINDOWS\system32\dllcache\MAPIMIG.CAT
2008-05-01 10:47 . 2001-10-27 15:34 37,509 --a--c--- D:\WINDOWS\system32\dllcache\MW770.CAT
2008-05-01 10:47 . 2004-08-04 01:26 14,043 -ra------ D:\WINDOWS\SETA9.tmp
2008-05-01 10:47 . 2001-10-27 15:34 13,497 --a--c--- D:\WINDOWS\system32\dllcache\HPCRDP.CAT
2008-05-01 10:47 . 2001-10-27 15:34 8,599 --a--c--- D:\WINDOWS\system32\dllcache\IASNT4.CAT
2008-05-01 10:47 . 2001-08-23 17:00 7,382 --a--c--- D:\WINDOWS\system32\dllcache\OEMBIOS.CAT
2008-05-01 10:01 . 2008-04-13 22:04 1,897,408 --------- D:\WINDOWS\system32\drivers\nv4_mini.sys
2008-05-01 08:49 . 2008-04-14 22:50 1,306,624 --a------ D:\WINDOWS\system32\msxml6.dll
2008-05-01 08:48 . 2004-08-04 00:43 1,251,840 --a------ D:\WINDOWS\system32\comsvcs.dll
2008-05-01 08:47 . 2004-08-04 00:44 539,136 --a------ D:\WINDOWS\system32\spider.exe
2008-04-28 14:42 . 2008-05-01 09:52 d-------- D:\Documents and Settings\Jakub\Dane aplikacji\Samsung
2008-04-28 14:40 . 2006-05-03 22:53 174,592 --a------ D:\WINDOWS\system32\framedyn.dll
2008-04-28 14:38 . 2008-04-28 14:40 d-------- D:\WINDOWS\system32\Samsung_USB_Drivers
2008-04-28 14:38 . 2006-07-24 16:05 5,632 --a------ D:\WINDOWS\system32\drivers\StarOpen.sys
2008-04-28 14:38 . 2005-08-28 20:51 766 --a------ D:\WINDOWS\system32\Uninstall.ico
2008-04-24 11:12 . 2008-04-24 11:12 40 --ah----- D:\WINDOWS\system32\ivireg.ivr
2008-04-24 09:19 . 2008-04-24 09:24 d-------- D:\Documents and Settings\Jakub\Dane aplikacji\Corel
2008-04-24 09:19 . 2008-04-24 09:34 3,350 --ahs---- D:\Documents and Settings\All Users\Dane aplikacji\KGyGaAvL.sys
2008-04-24 09:19 . 2008-04-24 09:24 88 -r-hs---- D:\Documents and Settings\All Users\Dane aplikacji\153235FFBD.sys
2008-04-24 09:13 . 2005-09-20 17:27 10,368 --a------ D:\WINDOWS\system32\drivers\iviaspi.sys
2008-04-24 09:12 . 2008-04-24 09:12 d-------- D:\Documents and Settings\All Users\Dane aplikacji\Corel
2008-04-24 09:11 . 2008-04-24 09:11 d-------- D:\Program Files\Common Files\Protexis
2008-04-24 09:10 . 2008-04-24 09:10 d-------- D:\Program Files\Corel
2008-04-21 23:15 . 2008-04-21 23:43 d-------- D:\Program Files\SIW
2008-04-21 19:47 . 2008-05-01 09:43 d-------- D:\Program Files\QuickTime
2008-04-20 11:27 . 2008-04-20 11:27 d-------- D:\Program Files\DAEMON Tools Lite
2008-04-20 09:44 . 2008-03-05 15:56 3,786,760 --a------ D:\WINDOWS\system32\d3dx9_37.dll
2008-04-20 09:44 . 2006-11-02 11:46 1,029,120 --a------ D:\WINDOWS\system32\d3d10.dll
2008-04-20 09:44 . 2008-02-05 23:07 462,864 --a------ D:\WINDOWS\system32\d3dx10_37.dll
2008-04-20 09:44 . 2006-11-29 13:06 440,080 --a------ D:\WINDOWS\system32\d3dx10.dll
2008-04-20 09:44 . 2006-11-02 11:46 187,392 --a------ D:\WINDOWS\system32\d3d10core.dll
2008-04-20 09:44 . 2006-11-02 11:46 167,936 --a------ D:\WINDOWS\system32\dxgi.dll
2008-04-20 09:44 . 2006-11-02 11:46 39,936 --a------ D:\WINDOWS\system32\dwmapi.dll
2008-04-20 09:44 . 2008-03-09 06:25 236 --ah----- D:\Program Files\Common Files\dx.reg
2008-04-17 18:46 . 2008-04-17 18:52 d-------- D:\Program Files\Bolek I Lolek
2008-04-17 18:39 . 2008-04-17 18:39 d-------- D:\Program Files\KeyTweak
2008-04-16 19:33 . 2008-04-16 19:33 4,096 --a------ D:\WINDOWS\d3dx.dat
2008-04-16 19:32 . 2008-04-16 19:38 d-------- D:\Program Files\AxySnake
2008-04-16 19:17 . 2008-04-16 19:17 d-------- D:\WINDOWS\system32\Adobe
2008-04-16 08:24 . 2008-04-16 08:33 d-------- D:\Program Files\avisplit
2008-04-16 07:37 . 2008-04-16 07:37 d-------- D:\Documents and Settings\Jakub\WINDOWS
2008-04-14 23:08 . 2008-04-14 23:08 512,096 --a------ D:\WINDOWS\system32\drivers\amon.sys
2008-04-14 23:08 . 2008-04-14 23:08 298,104 --a------ D:\WINDOWS\system32\imon.dll
2008-04-14 23:08 . 2008-04-14 23:08 15,424 --a------ D:\WINDOWS\system32\drivers\nod32drv.sys
2008-04-14 23:03 . 2008-05-02 21:21 d-------- D:\Program Files\ESET
2008-04-14 22:52 . 2008-04-18 16:10 d-------- D:\Program Files\MSECACHE
2008-04-14 22:51 . 2008-04-14 22:51 20,992 --------- D:\WINDOWS\system32\spupdwxp.exe
2008-04-14 22:51 . 2008-04-14 22:51 20,992 --------- D:\WINDOWS\system32\faxpatch.exe
2008-04-14 22:51 . 2008-04-14 22:51 7,680 --a------ D:\WINDOWS\system32\spdwnwxp.exe
2008-04-14 22:05 . 2008-04-14 22:05 1,950 --------- D:\WINDOWS\system32\pid.inf
2008-04-13 23:01 . 2008-05-01 09:43 d-------- D:\Program Files\MozBackup
2008-04-13 22:52 . 2008-04-13 22:52 0 --a------ D:\WINDOWS\nsreg.dat
2008-04-13 21:58 . 2008-04-13 22:23 d-------- D:\Program Files\DAP
2008-04-13 19:21 . 2008-04-13 22:14 d-------- D:\Program Files\DAP Premium
2008-04-12 09:13 . 2008-04-12 13:23 d-------- D:\Program Files\Winamp Remote
2008-04-11 15:19 . 2008-04-11 15:19 d-------- D:\Documents and Settings\Jakub\Dane aplikacji\Ashampoo
2008-04-09 20:32 . 2008-04-09 20:32 d-------- D:\Documents and Settings\Jakub\Dane aplikacji\InstallShield
2008-04-09 20:17 . 2008-04-09 20:17 d-------- D:\Program Files\Realtek AC97
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-06 05:29 --------- d-----w D:\Documents and Settings\Jakub\Dane aplikacji\Skype
2008-05-06 05:20 --------- d-----w D:\Program Files\Mozilla Thunderbird
2008-05-06 05:16 --------- d-----w D:\Documents and Settings\Jakub\Dane aplikacji\skypePM
2008-05-04 18:36 --------- d-----w D:\Program Files\Spik
2008-05-04 18:36 --------- d-----w D:\Documents and Settings\Jakub\Dane aplikacji\Spik
2008-05-04 18:32 --------- d---a-w D:\Documents and Settings\All Users\Dane aplikacji\TEMP
2008-05-04 16:58 --------- d-----w D:\Documents and Settings\Jakub\Dane aplikacji\uTorrent
2008-05-03 08:40 --------- d-----w D:\Program Files\Winamp
2008-05-03 07:59 --------- d-----w D:\Program Files\Torrent Master
2008-05-02 17:58 --------- d-----w D:\Documents and Settings\All Users\Dane aplikacji\Spybot - Search & Destroy
2008-05-01 12:33 717,296 ----a-w D:\WINDOWS\system32\drivers\sptd.sys
2008-05-01 08:45 --------- d--h--w D:\Program Files\InstallShield Installation Information
2008-05-01 07:43 --------- d-----w D:\Program Files\Autoplay Repair
2008-04-24 10:08 --------- d-----w D:\Program Files\SST-GSM
2008-04-20 08:02 --------- d-----w D:\Program Files\Direx9
2008-04-16 15:56 --------- d-----w D:\Program Files\SiMoCo
2008-04-16 15:01 --------- d-----w D:\Program Files\DivX
2008-04-14 20:51 33,792 ------w D:\WINDOWS\system32\mmcperf.exe
2008-04-14 20:51 32,866 ------w D:\WINDOWS\system32\slrundll.exe
2008-04-14 20:51 32,768 ------w D:\WINDOWS\system32\setupn.exe
2008-04-14 20:51 28,672 ----a-w D:\WINDOWS\system32\verclsid.exe
2008-04-14 20:51 276,992 ----a-w D:\WINDOWS\system32\wmphoto.dll
2008-04-14 20:51 221,184 -c--a-w D:\WINDOWS\system32\wmpns.dll
2008-04-14 20:51 176,640 ------w D:\WINDOWS\system32\napstat.exe
2008-04-14 20:49 39,424 ----a-w D:\WINDOWS\AppPatch\acadproc.dll
2008-04-14 20:49 136,192 ----a-w D:\WINDOWS\system32\aaclient.dll
2008-04-14 20:39 6,144 ------w D:\WINDOWS\system32\kbdpash.dll
2008-04-14 20:39 6,144 ------w D:\WINDOWS\system32\kbdnepr.dll
2008-04-14 20:39 6,144 ------w D:\WINDOWS\system32\kbdiultn.dll
2008-04-14 20:39 6,144 ------w D:\WINDOWS\system32\kbdbhc.dll
2008-04-14 19:52 89,600 ----a-w D:\WINDOWS\system32\msxml6r.dll
2008-04-14 19:50 80,896 ------w D:\WINDOWS\system32\msshavmsg.dll
2008-04-14 19:30 327,040 ------w D:\WINDOWS\system32\drivers\ati2mtaa.sys
2008-04-13 22:13 9,728 ------w D:\WINDOWS\system32\comsdupd.exe
2008-04-13 22:10 10,240 ------w D:\WINDOWS\system32\drivers\sffp_mmc.sys
2008-04-13 21:53 95,424 ------w D:\WINDOWS\system32\drivers\slnthal.sys
2008-04-13 21:53 685,056 ------w D:\WINDOWS\system32\drivers\hsfcxts2.sys
2008-04-13 21:53 404,990 ------w D:\WINDOWS\system32\drivers\slntamr.sys
2008-04-13 21:53 220,032 ------w D:\WINDOWS\system32\drivers\hsfbs2s2.sys
2008-04-13 21:53 180,360 ------w D:\WINDOWS\system32\drivers\ntmtlfax.sys
2008-04-13 21:53 13,776 ------w D:\WINDOWS\system32\drivers\recagent.sys
2008-04-13 21:53 13,240 ------w D:\WINDOWS\system32\drivers\slwdmsup.sys
2008-04-13 21:53 129,535 ------w D:\WINDOWS\system32\drivers\slnt7554.sys
2008-04-13 21:53 126,686 ------w D:\WINDOWS\system32\drivers\mtlmnt5.sys
2008-04-13 21:53 11,868 ------w D:\WINDOWS\system32\drivers\mdmxsdk.sys
2008-04-13 21:53 1,309,184 ------w D:\WINDOWS\system32\drivers\mtlstrm.sys
2008-04-13 21:53 1,041,536 ------w D:\WINDOWS\system32\drivers\hsfdpsp2.sys
2008-04-13 20:06 144,384 ------w D:\WINDOWS\system32\drivers\hdaudbus.sys
2008-04-09 16:49 --------- d-----w D:\Program Files\Ashampoo
2008-04-09 16:37 --------- d-----w D:\Documents and Settings\All Users\Dane aplikacji\ashampoo
2008-04-08 20:06 --------- d-----w D:\Documents and Settings\Jakub\Dane aplikacji\Expressivo
2008-04-05 22:29 --------- d-----w D:\Program Files\Smarty Uninstaller Pro
2008-04-04 11:29 --------- d-----w D:\Program Files\MIKSOFT
2008-04-04 08:27 --------- d-----w D:\Program Files\Dzielenie i laczenie plikow
2008-04-04 08:04 --------- d-----w D:\Program Files\Illustrate
2008-04-04 07:52 --------- d-----w D:\Documents and Settings\Jakub\Dane aplikacji\AccurateRip
2008-04-02 18:55 --------- d-----w D:\Documents and Settings\Jakub\Dane aplikacji\Apple Computer
2008-03-31 21:25 831,488 ----a-w D:\WINDOWS\system32\divx_xx0a.dll
2008-03-31 21:25 823,296 ----a-w D:\WINDOWS\system32\divx_xx0c.dll
2008-03-31 21:25 823,296 ----a-w D:\WINDOWS\system32\divx_xx07.dll
2008-03-31 21:25 802,816 ----a-w D:\WINDOWS\system32\divx_xx11.dll
2008-03-31 21:25 682,496 ----a-w D:\WINDOWS\system32\DivX.dll
2008-03-31 21:25 161,096 ----a-w D:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-03-31 02:55 --------- d-----w D:\Documents and Settings\Jakub\Dane aplikacji\atitray
2008-03-30 19:53 --------- d-----w D:\Documents and Settings\Jakub\Dane aplikacji\DivX
2008-03-30 19:43 --------- d-----w D:\Program Files\ivo
2008-03-30 18:27 --------- d-----w D:\Program Files\Odkurzacz
2008-03-30 18:26 --------- d-----w D:\Program Files\FireTune
2008-03-30 08:47 --------- d-----w D:\Program Files\YDP
2008-03-30 08:47 --------- d-----w D:\Program Files\Common Files\GraphBoard 1.00
2008-03-28 12:42 --------- d-----w D:\Program Files\Ubisoft
2008-03-22 21:21 --------- d-----w D:\Program Files\OrtografiaDlaDzieci
2008-03-22 19:07 --------- d-----w D:\Program Files\CDex_150
2008-03-21 20:30 524,288 ----a-w D:\WINDOWS\system32\DivXsm.exe
2008-03-21 20:30 3,596,288 ----a-w D:\WINDOWS\system32\qt-dx331.dll
2008-03-21 20:30 200,704 ----a-w D:\WINDOWS\system32\ssldivx.dll
2008-03-21 20:30 1,044,480 ----a-w D:\WINDOWS\system32\libdivx.dll
2008-03-21 20:28 81,920 ----a-w D:\WINDOWS\system32\dpl100.dll
2008-03-21 20:28 593,920 ----a-w D:\WINDOWS\system32\dpuGUI11.dll
2008-03-21 20:28 57,344 ----a-w D:\WINDOWS\system32\dpv11.dll
2008-03-21 20:28 53,248 -c--a-w D:\WINDOWS\system32\dpuGUI10.dll
2008-03-21 20:28 344,064 -c--a-w D:\WINDOWS\system32\dpus11.dll
2008-03-21 20:28 294,912 -c--a-w D:\WINDOWS\system32\dpu10.dll
2008-03-21 20:28 294,912 ----a-w D:\WINDOWS\system32\dpu11.dll
2008-03-21 20:28 196,608 -c--a-w D:\WINDOWS\system32\dtu100.dll
2008-03-21 20:28 12,288 ----a-w D:\WINDOWS\system32\DivXWMPExtType.dll
2008-03-18 13:14 --------- d-----w D:\Program Files\MP3 Player Utilities 4.00
2008-03-18 06:43 --------- d-----w D:\Program Files\Picasa2
2008-03-16 11:21 --------- d-----w D:\Program Files\Unlocker
2008-03-15 14:35 47,360 ----a-w D:\Documents and Settings\Jakub\Dane aplikacji\pcouffin.sys
2008-03-15 14:35 --------- d-----w D:\Documents and Settings\Jakub\Dane aplikacji\Vso
2008-03-15 14:29 47,360 ----a-w D:\WINDOWS\system32\drivers\pcouffin.sys
2008-03-11 19:31 --------- d-----w D:\Program Files\KartingRace
2008-03-11 19:20 --------- d-----w D:\Program Files\Radeon Omega Drivers
2008-03-11 19:09 472,576 ----a-w D:\WINDOWS\Radeon Omega Drivers v4.8.442 Uninstall.exe
2008-03-10 13:04 --------- d-----w D:\Program Files\Common Files\ACD Systems
2008-03-10 07:57 --------- d-----w D:\Documents and Settings\Jakub\Dane aplikacji\WebCompiler3
2008-03-10 07:24 --------- d-----w D:\Documents and Settings\All Users\Dane aplikacji\Kazaa Lite
2008-03-08 16:57 --------- d-----w D:\Program Files\AidemMedia
2008-03-07 18:17 --------- d-----w D:\Documents and Settings\Jakub\Dane aplikacji\AD ON Multimedia
2004-05-01 20:11 54,272 --sh--w D:\WINDOWS\old_mod_lib.dll
2007-02-16 18:36 88 -csha-r D:\WINDOWS\system32\153235FFBD.sys
2007-02-23 09:30 56 -csha-r D:\WINDOWS\system32\BDFF353215.sys
2007-02-23 09:30 5,852 -csha-w D:\WINDOWS\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="D:\Program Files\Skype\Phone\Skype.exe" [2008-02-01 18:22 21898024]
"SpybotSD TeaTimer"="D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 12:43 2097488]
"AtiTrayTools"="D:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe" [2007-11-05 09:55 570528]
"DAEMON Tools Lite"="D:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-04-01 11:39 486856]
"Gadu-Gadu"="D:\Program Files\Gadu-Gadu\gg.exe" [2008-03-20 12:04 2127296]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nod32kui"="D:\Program Files\Eset\nod32kui.exe" [2008-04-14 23:08 949376]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 15:28 577536 D:\WINDOWS\soundman.exe]
"ATIPTA"="atiptaxx.exe" [2006-02-22 03:05 344064 D:\WINDOWS\system32\atiptaxx.exe]
"Spik"="D:\Program Files\Spik\Spik.exe" [2008-04-08 12:04 103912]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="D:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:44 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousUserGroupPolicy"= 0 (0x0)
"SynchronousMachineGroupPolicy"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoFileAssociate"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 0 (0x0)
"NoBandCustomize"= 0 (0x0)
"NoMovingBands"= 0 (0x0)
"NoCloseDragDropBands"= 0 (0x0)
"NoTaskGrouping"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll
"vidc.DIV3"= DIVXc32.dll
"vidc.DIV4"= DIVXc32f.dll
"msacm.avis"= ff_acm.acm
"VIDC.MJPG"= Pvmjpg30.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli scecli
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"D:\\Program Files\\Spik\\Spik.exe"=
"D:\\Program Files\\Wolfenstein - Enemy Territory\\ET.exe"=
"D:\\Program Files\\DAP\\DAP.exe"=
"%windir%\\system32\\sessmgr.exe"=
"D:\\Program Files\\CCleaner\\ccleaner.exe"=
"D:\\Program Files\\THQ\\MotoGP URT 3\\motogp.exe"=
"D:\\Program Files\\Java\\jre1.6.0_03\\bin\\java.exe"=
"D:\\WINDOWS\\system32\\dpvsetup.exe"=
"D:\\WINDOWS\\system32\\rundll32.exe"=
"E:\\Programy\\p2p\\DC ++\\StrongDC.exe"=
"D:\\Program Files\\uTorrent\\utorrent.exe"=
"D:\\Program Files\\Corel\\DVD9\\WinDVD.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"D:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 FO_PAnt;FO_PAnt;D:\WINDOWS\system32\Drivers\FO_PAnt.sys [2003-07-17 12:56]
R0 videX32;videX32;D:\WINDOWS\system32\DRIVERS\videX32.sys [2007-03-29 11:36]
R1 atitray;atitray;D:\Program Files\Ray Adams\ATI Tray Tools\atitray.sys [2007-11-05 09:55]
R1 epfwtdir;epfwtdir;D:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2007-08-23 12:10]
R2 PSI_SVC_2;Protexis Licensing V2;"D:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe" [2007-07-24 11:15]
R2 regi;regi;D:\WINDOWS\system32\drivers\regi.sys [2007-04-17 20:09]
S3 ASPI;Advanced SCSI Programming Interface Driver;D:\WINDOWS\System32\DRIVERS\ASPI32.sys [2002-07-17 09:05]
S3 NtApm;Sterownik interfejsu NT Apm/Legacy;D:\WINDOWS\system32\DRIVERS\NtApm.sys [2001-10-26 22:03]
S3 USBSTOR;Sterownik magazynu masowego USB;D:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6ed33f05-b563-11dc-a985-001109dda0e0}]
\Shell\AutoRun\command - G:\_AUTORUN\AUTORUN.EXE
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{95321edd-df9f-11dc-81c5-001109dda0e0}]
\Shell\AutoRun\command - H:\autorun.exe
.
Contents of the 'Scheduled Tasks' folder
"2008-05-02 15:15:00 D:\WINDOWS\Tasks\1-Click Maintenance.job"
- D:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
"2008-04-21 17:42:06 D:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- D:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-06 07:29:19
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
folder error: D:\DOCUME~1\Jakub\USTAWI~1\Temp
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: D:\WINDOWS\system32\lsass.exe
-> D:\Program Files\Eset\pr_imon.dll
.
------------------------ Other Running Processes ------------------------
.
D:\WINDOWS\system32\ati2evxx.exe
D:\WINDOWS\system32\ati2evxx.exe
D:\Program Files\ESET\nod32krn.exe
D:\WINDOWS\system32\PnkBstrA.exe
D:\Program Files\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Completion time: 2008-05-06 7:33:01 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-06 05:32:56
Pre-Run: 2,889,256,960 bajtów wolnych
Post-Run: 2,777,759,744 bajt˘w wolnych
305 --- E O F --- 2007-10-05 22:12:55
Deckard's System Scanner v20071014.68
Run by Jakub on 2008-05-06 07:50:48
Computer is in Normal Mode.
--------------------------------------------------------------------------------
[color=red]Percentage of Memory in Use: 82% (more than 75%).[/color]
[color=red]System Drive D: has 2.65 GiB (less than 15%) free.[/color]
-- HijackThis (run as Jakub.exe) -----------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:50:57, on 2008-05-06
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Eset\nod32kui.exe
D:\WINDOWS\SOUNDMAN.EXE
D:\Program Files\Spik\Spik.exe
D:\Program Files\Skype\Phone\Skype.exe
D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
D:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe
D:\Program Files\DAEMON Tools Lite\daemon.exe
D:\Program Files\Gadu-Gadu\gg.exe
D:\Program Files\Eset\nod32krn.exe
D:\WINDOWS\system32\PnkBstrA.exe
D:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
D:\Program Files\Skype\Plugin Manager\skypePM.exe
D:\WINDOWS\explorer.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Documents and Settings\Jakub\Pulpit\dss.exe
D:\PROGRA~1\TRENDM~1\HIJACK~1\Jakub.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.interia.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [nod32kui] "D:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] atiptaxx.exe
O4 - HKLM\..\Run: [Spik] D:\Program Files\Spik\Spik.exe -autostart
O4 - HKCU\..\Run: [Skype] "D:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [AtiTrayTools] "D:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Gadu-Gadu] "D:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Clean Traces - D:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - D:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - D:\Program Files\DAP\dapextie2.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase4009.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wpmsg - {2E0AC5A0-3597-11D6-B3ED-0001021DC1C3} - D:\Program Files\Spik\url_wpmsg.dll
O23 - Service: Adobe LM Service - Unknown owner - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Google Updater Service (gusvc) - Google - D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: IviRegMgr - InterVideo - D:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: NMIndexingService - Unknown owner - D:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe (file missing)
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - D:\Program Files\Eset\nod32krn.exe
O23 - Service: PnkBstrA - Unknown owner - D:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - D:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
--
End of file - 6218 bytes
-- Files created between 2008-04-06 and 2008-05-06 -----------------------------
2008-05-06 07:27:30 0 d--hs---- D:\Documents and Settings\Jakub\Recent
2008-05-06 07:23:47 68096 --a------ D:\WINDOWS\zip.exe
2008-05-06 07:23:47 49152 --a------ D:\WINDOWS\VFind.exe
2008-05-06 07:23:47 161792 --a------ D:\WINDOWS\swreg.exe
2008-05-06 07:23:47 98816 --a------ D:\WINDOWS\sed.exe
2008-05-06 07:23:47 80412 --a------ D:\WINDOWS\grep.exe
2008-05-06 07:23:47 73728 --a------ D:\WINDOWS\fdsv.exe
2008-05-06 07:23:46 212480 --a------ D:\WINDOWS\swxcacls.exe
2008-05-06 07:23:46 136704 --a------ D:\WINDOWS\swsc.exe
2008-05-04 19:09:32 0 d-------- D:\Documents and Settings\Jakub\Gadu-Gadu
2008-05-04 19:09:22 0 d-------- D:\Program Files\Gadu-Gadu
2008-05-04 18:45:16 0 d-------- D:\WINDOWS\Prefetch
2008-05-02 17:51:24 139264 --a------ D:\WINDOWS\system32\atiprbxx.exe
2008-05-01 13:05:03 0 d--h----- D:\Program Files\WindowsUpdate
2008-05-01 10:09:01 0 d-------- D:\Program Files\Messenger
2008-05-01 10:08:59 9728 -----n--- D:\WINDOWS\system32\comsdupd.exe
2008-05-01 10:08:56 233472 -----n--- D:\WINDOWS\system32\azroles.dll
2008-05-01 10:08:55 651264 -----n--- D:\WINDOWS\system32\dot3ui.dll
2008-05-01 10:08:55 133632 -----n--- D:\WINDOWS\system32\dot3svc.dll
2008-05-01 10:08:55 56832 -----n--- D:\WINDOWS\system32\dot3msm.dll
2008-05-01 10:08:55 39936 -----n--- D:\WINDOWS\system32\dot3gpclnt.dll
2008-05-01 10:08:55 9216 -----n--- D:\WINDOWS\system32\dot3dlg.dll
2008-05-01 10:08:55 59904 -----n--- D:\WINDOWS\system32\dot3cfg.dll
2008-05-01 10:08:55 26112 -----n--- D:\WINDOWS\system32\dot3api.dll
2008-05-01 10:08:55 39936 -----n--- D:\WINDOWS\system32\dimsroam.dll
2008-05-01 10:08:55 19456 -----n--- D:\WINDOWS\system32\dimsntfy.dll
2008-05-01 10:08:55 48640 -----n--- D:\WINDOWS\system32\dhcpqec.dll
2008-05-01 10:08:55 12800 -----n--- D:\WINDOWS\system32\credssp.dll
2008-05-01 10:08:55 7168 -----n--- D:\WINDOWS\system32\bitsprx4.dll
2008-05-01 10:08:54 33792 -----n--- D:\WINDOWS\system32\eapsvc.dll
2008-05-01 10:08:54 59392 -----n--- D:\WINDOWS\system32\eapqec.dll
2008-05-01 10:08:54 40960 -----n--- D:\WINDOWS\system32\eappprxy.dll
2008-05-01 10:08:54 181248 -----n--- D:\WINDOWS\system32\eapphost.dll
2008-05-01 10:08:54 94720 -----n--- D:\WINDOWS\system32\eappgnui.dll
2008-05-01 10:08:54 126976 -----n--- D:\WINDOWS\system32\eappcfg.dll
2008-05-01 10:08:54 184832 -----n--- D:\WINDOWS\system32\eapp3hst.dll
2008-05-01 10:08:54 31232 -----n--- D:\WINDOWS\system32\eapolqec.dll
2008-05-01 10:08:53 6144 -----n--- D:\WINDOWS\system32\kbdiultn.dll
2008-05-01 10:08:53 6144 -----n--- D:\WINDOWS\system32\kbdbhc.dll
2008-05-01 10:08:52 86016 -----n--- D:\WINDOWS\system32\mdmxsdk.dll
2008-05-01 10:08:52 37376 -----n--- D:\WINDOWS\system32\l2gpstore.dll
2008-05-01 10:08:52 61440 -----n--- D:\WINDOWS\system32\kmsvc.dll
2008-05-01 10:08:52 6144 -----n--- D:\WINDOWS\system32\kbdpash.dll
2008-05-01 10:08:52 6144 -----n--- D:\WINDOWS\system32\kbdnepr.dll
2008-05-01 10:08:51 155136 -----n--- D:\WINDOWS\system32\mssha.dll
2008-05-01 10:08:51 33792 -----n--- D:\WINDOWS\system32\mmcperf.exe
2008-05-01 10:08:50 176640 -----n--- D:\WINDOWS\system32\napstat.exe
2008-05-01 10:08:50 196608 -----n--- D:\WINDOWS\system32\napmontr.dll
2008-05-01 10:08:50 30720 -----n--- D:\WINDOWS\system32\napipsec.dll
2008-05-01 10:08:50 80896 -----n--- D:\WINDOWS\system32\msshavmsg.dll
2008-05-01 10:08:49 293376 -----n--- D:\WINDOWS\system32\qagentrt.dll
2008-05-01 10:08:49 150528 -----n--- D:\WINDOWS\system32\qagent.dll
2008-05-01 10:08:49 144896 -----n--- D:\WINDOWS\system32\onex.dll
2008-05-01 10:08:48 32866 -----n--- D:\WINDOWS\system32\slrundll.exe
2008-05-01 10:08:48 32768 -----n--- D:\WINDOWS\system32\setupn.exe
2008-05-01 10:08:48 61952 -----n--- D:\WINDOWS\system32\rasqec.dll
2008-05-01 10:08:48 76800 -----n--- D:\WINDOWS\system32\qutil.dll
2008-05-01 10:08:48 62464 -----n--- D:\WINDOWS\system32\qcliprov.dll
2008-05-01 10:08:47 50688 -----n--- D:\WINDOWS\system32\tspkg.dll
2008-05-01 10:08:42 0 d-------- D:\WINDOWS\system32\pl
2008-05-01 10:08:41 0 d-------- D:\WINDOWS\system32\bits
2008-05-01 10:01:31 144384 -----n--- D:\WINDOWS\system32\drivers\hdaudbus.sys
2008-05-01 10:01:26 10240 -----n--- D:\WINDOWS\system32\drivers\sffp_mmc.sys
2008-05-01 08:49:21 89600 --a------ D:\WINDOWS\system32\msxml6r.dll
2008-05-01 08:49:21 1306624 --a------ D:\WINDOWS\system32\msxml6.dll
2008-05-01 08:49:19 136192 --a------ D:\WINDOWS\system32\aaclient.dll
2008-05-01 08:49:18 53248 --a------ D:\WINDOWS\system32\tsgqec.dll
2008-05-01 08:49:18 290304 --a------ D:\WINDOWS\system32\rhttpaa.dll
2008-05-01 08:49:18 412160 --a------ D:\WINDOWS\system32\photometadatahandler.dll
2008-05-01 08:49:17 276992 --a------ D:\WINDOWS\system32\wmphoto.dll
2008-05-01 08:49:17 69120 --a------ D:\WINDOWS\system32\wlanapi.dll
2008-05-01 08:49:17 346112 --a------ D:\WINDOWS\system32\windowscodecsext.dll
2008-05-01 08:49:17 712704 --a------ D:\WINDOWS\system32\windowscodecs.dll
2008-05-01 08:49:17 28672 --a------ D:\WINDOWS\system32\verclsid.exe
2008-04-28 14:40:46 174592 --a------ D:\WINDOWS\system32\framedyn.dll
2008-04-28 14:38:44 0 d-------- D:\WINDOWS\system32\Samsung_USB_Drivers
2008-04-28 14:38:11 5632 --a------ D:\WINDOWS\system32\drivers\StarOpen.sys
2008-04-24 09:13:30 10368 --a------ D:\WINDOWS\system32\drivers\iviaspi.sys
2008-04-24 09:11:58 0 d-------- D:\Program Files\Common Files\Protexis
2008-04-24 09:10:23 0 d-------- D:\Program Files\Corel
2008-04-21 23:15:49 0 d-------- D:\Program Files\SIW
2008-04-21 19:47:47 0 d-------- D:\Program Files\QuickTime
2008-04-20 11:27:00 0 d-------- D:\Program Files\DAEMON Tools Lite
2008-04-20 09:44:19 236 --ah----- D:\Program Files\Common Files\dx.reg
2008-04-20 09:44:18 167936 --a------ D:\WINDOWS\system32\dxgi.dll
2008-04-20 09:44:18 39936 --a------ D:\WINDOWS\system32\dwmapi.dll
2008-04-20 09:44:16 187392 --a------ D:\WINDOWS\system32\d3d10core.dll
2008-04-20 09:44:16 1029120 --a------ D:\WINDOWS\system32\d3d10.dll
2008-04-17 18:46:43 0 d-------- D:\Program Files\Bolek I Lolek
2008-04-17 18:39:06 0 d-------- D:\Program Files\KeyTweak
2008-04-16 19:33:30 4096 --a------ D:\WINDOWS\d3dx.dat
2008-04-16 19:32:16 0 d-------- D:\Program Files\AxySnake
2008-04-16 19:17:58 0 d-------- D:\WINDOWS\system32\Adobe
2008-04-16 08:24:32 0 d-------- D:\Program Files\avisplit
2008-04-16 07:37:44 0 d-------- D:\Documents and Settings\Jakub\WINDOWS
2008-04-14 23:08:29 298104 --a------ D:\WINDOWS\system32\imon.dll
2008-04-14 22:52:04 0 d-------- D:\Program Files\MSECACHE
2008-04-14 22:51:44 20992 -----n--- D:\WINDOWS\system32\spupdwxp.exe
2008-04-14 22:51:44 7680 --a------ D:\WINDOWS\system32\spdwnwxp.exe
2008-04-14 22:51:18 20992 -----n--- D:\WINDOWS\system32\faxpatch.exe
2008-04-13 23:01:50 0 d-------- D:\Program Files\MozBackup
2008-04-13 22:52:22 0 --a------ D:\WINDOWS\nsreg.dat
2008-04-13 21:58:01 0 d-------- D:\Program Files\DAP
2008-04-13 19:21:24 0 d-------- D:\Program Files\DAP Premium
2008-04-12 09:13:40 0 d-------- D:\Program Files\Winamp Remote
2008-04-09 20:32:28 14155776 --a------ D:\Documents and Settings\Jakub\ntuser.dat
2008-04-09 20:17:30 0 d-------- D:\Program Files\Realtek AC97
-- Find3M Report ---------------------------------------------------------------
2008-05-06 07:49:05 0 d-------- D:\Documents and Settings\Jakub\Dane aplikacji\Skype
2008-05-06 07:20:36 0 d-------- D:\Program Files\Mozilla Thunderbird
2008-05-06 07:16:05 0 d-------- D:\Documents and Settings\Jakub\Dane aplikacji\skypePM
2008-05-04 20:36:50 0 d-------- D:\Documents and Settings\Jakub\Dane aplikacji\Spik
2008-05-04 20:36:24 0 d-------- D:\Program Files\Spik
2008-05-04 18:58:41 0 d-------- D:\Documents and Settings\Jakub\Dane aplikacji\uTorrent
2008-05-04 18:48:06 503200 --a----c- D:\WINDOWS\system32\perfh015.dat
2008-05-04 18:48:06 91214 --a----c- D:\WINDOWS\system32\perfc015.dat
2008-05-04 18:31:07 0 d-------- D:\Program Files\Windows NT
2008-05-04 18:31:05 0 d-------- D:\Program Files\Movie Maker
2008-05-03 10:40:12 0 d-------- D:\Program Files\Winamp
2008-05-03 09:59:46 0 d-------- D:\Program Files\Torrent Master
2008-05-02 18:20:03 1324 --a------ D:\WINDOWS\system32\d3d9caps.dat
2008-05-02 18:19:59 552 --a------ D:\WINDOWS\system32\d3d8caps.dat
2008-05-01 13:03:01 23688 --a----c- D:\WINDOWS\system32\emptyregdb.dat
2008-05-01 10:45:44 0 d--h----- D:\Program Files\InstallShield Installation Information
2008-05-01 09:52:02 0 d-------- D:\Documents and Settings\Jakub\Dane aplikacji\Samsung
2008-05-01 09:43:10 0 d-------- D:\Program Files\Autoplay Repair
2008-04-25 17:22:10 0 d-------- D:\Documents and Settings\Jakub\Dane aplikacji\Adobe
2008-04-24 12:08:30 0 d-------- D:\Program Files\SST-GSM
2008-04-24 09:24:45 0 d-------- D:\Documents and Settings\Jakub\Dane aplikacji\Corel
2008-04-24 09:11:58 0 d-------- D:\Program Files\Common Files
2008-04-20 10:02:31 0 d-------- D:\Program Files\Direx9
2008-04-16 19:18:10 7314 --a----c- D:\WINDOWS\mozver.dat
2008-04-16 17:56:35 0 d-------- D:\Program Files\SiMoCo
2008-04-16 17:01:38 0 d-------- D:\Program Files\DivX
2008-04-14 22:51:00 221184 --a----c- D:\WINDOWS\system32\wmpns.dll
2008-04-11 15:19:54 0 d-------- D:\Documents and Settings\Jakub\Dane aplikacji\Ashampoo
2008-04-09 20:32:20 0 d-------- D:\Documents and Settings\Jakub\Dane aplikacji\InstallShield
2008-04-09 18:49:13 0 d-------- D:\Program Files\Ashampoo
2008-04-08 22:06:25 0 d-------- D:\Documents and Settings\Jakub\Dane aplikacji\Expressivo
2008-04-06 00:29:42 0 d-------- D:\Program Files\Smarty Uninstaller Pro
2008-04-04 13:29:49 0 d-------- D:\Program Files\MIKSOFT
2008-04-04 13:00:49 3008 --a------ D:\WINDOWS\system32\SpoonUninstall-dBpoweramp WavPack Codec.dat
2008-04-04 13:00:22 3152 --a------ D:\WINDOWS\system32\SpoonUninstall-dBpoweramp mp3 (Fraunhofer IIS) Codec.dat
2008-04-04 13:00:02 2930 --a------ D:\WINDOWS\system32\SpoonUninstall-dBpoweramp [Multi Encoder] Codec.dat
2008-04-04 10:27:18 0 d-------- D:\Program Files\Dzielenie i laczenie plikow
2008-04-04 10:06:02 2649 --a------ D:\WINDOWS\system32\SpoonUninstall-dBpoweramp Midi Decoder.dat
2008-04-04 10:04:54 8457 --a------ D:\WINDOWS\system32\SpoonUninstall-dBpoweramp DSP Effects.dat
2008-04-04 10:04:48 13281 --a------ D:\WINDOWS\system32\SpoonUninstall-dBpoweramp Music Converter.dat
2008-04-04 10:04:45 0 d-------- D:\Program Files\Illustrate
2008-04-04 09:52:25 0 d-------- D:\Documents and Settings\Jakub\Dane aplikacji\AccurateRip
2008-04-02 20:55:54 0 d-------- D:\Documents and Settings\Jakub\Dane aplikacji\Apple Computer
2008-03-31 23:25:48 823296 --a------ D:\WINDOWS\system32\divx_xx0c.dll
2008-03-31 23:25:48 823296 --a------ D:\WINDOWS\system32\divx_xx07.dll
2008-03-31 23:25:46 802816 --a------ D:\WINDOWS\system32\divx_xx11.dll
2008-03-31 23:25:46 831488 --a------ D:\WINDOWS\system32\divx_xx0a.dll
2008-03-31 23:25:46 682496 --a------ D:\WINDOWS\system32\DivX.dll
2008-03-31 04:55:52 0 d-------- D:\Documents and Settings\Jakub\Dane aplikacji\atitray
2008-03-30 21:53:53 0 d-------- D:\Documents and Settings\Jakub\Dane aplikacji\DivX
2008-03-30 21:43:50 0 d-------- D:\Program Files\ivo
2008-03-30 20:27:15 0 d-------- D:\Program Files\Odkurzacz
2008-03-30 20:26:28 0 d-------- D:\Program Files\FireTune
2008-03-30 10:47:43 0 d-------- D:\Program Files\Common Files\GraphBoard 1.00
2008-03-30 10:47:42 0 d-------- D:\Program Files\YDP
2008-03-28 14:42:39 0 d-------- D:\Program Files\Ubisoft
2008-03-22 23:21:43 0 d-------- D:\Program Files\OrtografiaDlaDzieci
2008-03-22 21:07:25 0 d-------- D:\Program Files\CDex_150
2008-03-21 22:30:08 3596288 --a------ D:\WINDOWS\system32\qt-dx331.dll
2008-03-21 22:28:54 196608 --a----c- D:\WINDOWS\system32\dtu100.dll
2008-03-21 22:28:54 81920 --a------ D:\WINDOWS\system32\dpl100.dll
2008-03-21 22:28:20 12288 --a------ D:\WINDOWS\system32\DivXWMPExtType.dll
2008-03-18 15:14:00 0 d-------- D:\Program Files\MP3 Player Utilities 4.00
2008-03-18 08:43:15 0 d-------- D:\Program Files\Picasa2
2008-03-15 16:35:03 0 d-------- D:\Documents and Settings\Jakub\Dane aplikacji\Vso
2008-03-15 16:35:02 47360 --a------ D:\Documents and Settings\Jakub\Dane aplikacji\pcouffin.sys
2008-03-15 16:35:02 33 --a------ D:\Documents and Settings\Jakub\Dane aplikacji\pcouffin.log
2008-03-15 16:35:02 1144 --a------ D:\Documents and Settings\Jakub\Dane aplikacji\pcouffin.inf
2008-03-15 16:35:02 7887 --a------ D:\Documents and Settings\Jakub\Dane aplikacji\pcouffin.cat
2008-03-15 16:33:28 668 --a------ D:\Documents and Settings\Jakub\Dane aplikacji\vso_ts_preview.xml
2008-03-11 21:31:26 0 d-------- D:\Program Files\KartingRace
2008-03-11 21:20:14 0 d-------- D:\Program Files\Radeon Omega Drivers
2008-03-10 15:04:09 0 d-------- D:\Program Files\Common Files\ACD Systems
2008-03-10 09:57:56 0 d-------- D:\Documents and Settings\Jakub\Dane aplikacji\WebCompiler3
2008-03-08 21:54:41 0 d-------- D:\Documents and Settings\Jakub\Dane aplikacji\Mozilla
2008-03-08 18:57:32 0 d-------- D:\Program Files\AidemMedia
2008-03-07 20:17:45 0 d-------- D:\Documents and Settings\Jakub\Dane aplikacji\AD ON Multimedia
2008-03-03 18:54:39 892928 --a------ D:\WINDOWS\system32\iconv.dll
2008-03-03 18:54:30 237568 --a------ D:\WINDOWS\system32\OggDS.dll
2008-03-03 18:54:27 921600 --a------ D:\WINDOWS\system32\vorbisenc.dll
2008-03-03 18:54:20 188416 --a------ D:\WINDOWS\system32\vorbis.dll
2008-03-03 18:54:16 45056 --a------ D:\WINDOWS\system32\ogg.dll
2008-03-03 18:54:15 1415680 --a------ D:\WINDOWS\system32\WMV9VCM.dll
2008-03-03 18:53:57 245760 --a------ D:\WINDOWS\system32\mplvpx.dll
2008-03-03 18:53:47 9216 --a------ D:\WINDOWS\system32\cpuinf32.dll
2008-03-03 18:53:20 1559040 --a------ D:\WINDOWS\system32\xvidcore.dll
2008-02-27 11:59:08 745 --a------ D:\Documents and Settings\Jakub\Dane aplikacji\AtomicAlarmClock.ini
2008-02-27 11:52:02 525 --a------ D:\Documents and Settings\Jakub\Dane aplikacji\alarms.ini
2008-02-19 23:16:14 73216 --a------ D:\WINDOWS\ST6UNST.EXE
2008-02-19 21:15:54 3440 --a------ D:\WINDOWS\unins000.dat
2008-02-19 21:05:24 691545 --a------ D:\WINDOWS\unins000.exe
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nod32kui"="D:\Program Files\Eset\nod32kui.exe" [2008-04-14 23:08]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 15:28 D:\WINDOWS\soundman.exe]
"ATIPTA"="atiptaxx.exe" [2006-02-22 03:05 D:\WINDOWS\system32\atiptaxx.exe]
"Spik"="D:\Program Files\Spik\Spik.exe" [2008-04-08 12:04]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="D:\Program Files\Skype\Phone\Skype.exe" [2008-02-01 18:22]
"SpybotSD TeaTimer"="D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 12:43]
"AtiTrayTools"="D:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe" [2007-11-05 09:55]
"DAEMON Tools Lite"="D:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-04-01 11:39]
"Gadu-Gadu"="D:\Program Files\Gadu-Gadu\gg.exe" [2008-03-20 12:04]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousUserGroupPolicy"=0 (0x0)
"SynchronousMachineGroupPolicy"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)
"NoDispBackgroundPage"=0 (0x0)
"DisableRegistryTools"=0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"=1 (0x1)
"NoPropertiesMyComputer"=0 (0x0)
"NoFileAssociate"=0 (0x0)
"NoSMHelp"=0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"=0 (0x0)
"NoSetTaskbar"=0 (0x0)
"NoToolbarsOnTaskbar"=0 (0x0)
"NoBandCustomize"=0 (0x0)
"NoMovingBands"=0 (0x0)
"NoCloseDragDropBands"=0 (0x0)
"NoTaskGrouping"=0 (0x0)
"NoRecentDocsHistory"=0 (0x0)
"ClearRecentDocsOnExit"=1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
D:\WINDOWS\System32\dimsntfy.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Notification Packages"= scecli scecli
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6ed33f05-b563-11dc-a985-001109dda0e0}]
AutoRun\command- G:\_AUTORUN\AUTORUN.EXE
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{95321edd-df9f-11dc-81c5-001109dda0e0}]
AutoRun\command- H:\autorun.exe
-- End of Deckard's System Scanner: finished at 2008-05-06 07:52:15 ------------
"Silent Runners.vbs", revision 56, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"Skype" = ""D:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized" ["Skype Technologies S.A."]
"SpybotSD TeaTimer" = "D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" ["Safer Networking Limited"]
"AtiTrayTools" = ""D:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe"" ["Ray Adams"]
"DAEMON Tools Lite" = ""D:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun" ["DT Soft Ltd"]
"Gadu-Gadu" = ""D:\Program Files\Gadu-Gadu\gg.exe" /tray" ["Gadu-Gadu S.A."]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"nod32kui" = ""D:\Program Files\Eset\nod32kui.exe" /WAITSERVICE" ["Eset "]
"SoundMan" = "SOUNDMAN.EXE" ["Realtek Semiconductor Corp."]
"ATIPTA" = "atiptaxx.exe" ["ATI Technologies, Inc."]
"Spik" = "D:\Program Files\Spik\Spik.exe -autostart" [null data]
HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}\(Default) = "Outlook Express"
\StubPath = "D:\WINDOWS\system32\shmgrate.exe OCInstallUserConfigOE" [MS]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Spybot-S&D IE Protection"
\InProcServer32\(Default) = "D:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
-> {HKLM...CLSID} = "SSVHelper Class"
\InProcServer32\(Default) = "D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll" ["Sun Microsystems, Inc."]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"
-> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "D:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "D:\Program Files\WinRAR\rarext.dll" [null data]
"{e57ce731-33e8-4c51-8354-bb4de9d215d1}" = "Uniwersalne urządzenia Plug and Play"
-> {HKLM...CLSID} = "Uniwersalne urządzenia Plug and Play"
\InProcServer32\(Default) = "D:\WINDOWS\system32\upnpui.dll" [MS]
"{CCA60260-A2C9-11D2-BA62-0020188191B2}" = "Registrar Registry Manager SHell Extension"
-> {HKLM...CLSID} = "Registrar Registry Manager SHell Extension"
\InProcServer32\(Default) = "rrShellX.dll" [null data]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "D:\Program Files\Microsoft Office\Office12\msohevi.dll" [MS]
"{993BE281-6695-4BA5-8A2A-7AACBFAAB69E}" = "Microsoft Office Metadata Handler"
-> {HKLM...CLSID} = "Microsoft Office Metadata Handler"
\InProcServer32\(Default) = "D:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS]
"{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97}" = "Microsoft Office Thumbnail Handler"
-> {HKLM...CLSID} = "Microsoft Office Thumbnail Handler"
\InProcServer32\(Default) = "D:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS]
"{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}" = "UnlockerShellExtension"
-> {HKLM...CLSID} = "UnlockerShellExtension"
\InProcServer32\(Default) = "D:\Program Files\Unlocker\UnlockerCOM.dll" [null data]
"{2C49B5D0-ACE7-4D17-9DF0-A254A6C5A0C5}" = "dBpoweramp Music Converter"
-> {HKLM...CLSID} = "dMCIShell Class"
\InProcServer32\(Default) = "D:\Program Files\Illustrate\dBpoweramp\dMCShell.dll" ["Illustrate"]
"{B089FE88-FB52-11D3-BDF1-0050DA34150D}" = "NOD32 Context Menu Shell Extension"
-> {HKLM...CLSID} = "NOD32 Context Menu Shell Extension"
\InProcServer32\(Default) = "D:\Program Files\Eset\nodshex.dll" [null data]
"{EFA24E62-B078-11d0-89E4-00C04FC9E26E}" = "History Band"
-> {HKLM...CLSID} = "History Band"
\InProcServer32\(Default) = "D:\WINDOWS\system32\shdocvw.dll" [MS]
"{B4B924A2-EBDA-11DA-95DA-00E08161165F}" = "Dodatki Spika"
-> {HKLM...CLSID} = "SpikShellExt Class"
\InProcServer32\(Default) = "D:\Program Files\Spik\shellext_wpmsg.dll" ["Wirtualna Polska"]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad"WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
-> {HKLM...CLSID} = "WPDShServiceObj Class"
\InProcServer32\(Default) = "D:\WINDOWS\system32\WPDShServiceObj.dll" [MS]
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify<> AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."]
<> dimsntfy\DLLName = "D:\WINDOWS\System32\dimsntfy.dll" [MS]
<> wzcnotif\DLLName = "wzcdlg.dll" [MS]
HKLM\SOFTWARE\Classes\PROTOCOLS\Filter<> text/xml\CLSID = "{807563E5-5146-11D5-A672-00B0D022E945}"
-> {HKLM...CLSID} = "Microsoft Office InfoPath XML Mime Filter"
\InProcServer32\(Default) = "D:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL" [MS]
HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers{FED7043D-346A-414D-ACD7-550D052499A7}\(Default) = "dBpoweramp Column Handler"
-> {HKLM...CLSID} = "dBpShell Class"
\InProcServer32\(Default) = "D:\Program Files\Illustrate\dBpoweramp\dBShell.dll" ["Illustrate"]
HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlersDAP_Menu\(Default) = "{BED4C38B-F765-45AC-8C56-613F76BBF43E}"
-> {HKLM...CLSID} = "DAPMenuShellExt Class"
\InProcServer32\(Default) = "D:\PROGRA~1\DAP\Privacy Package\DAPCtxMenuShell.dll" ["Speedbit Ltd."]
DAP_ShredMenu\(Default) = "{BED4C38B-F765-45AC-8C56-613F76BBF43E}"
-> {HKLM...CLSID} = "DAPMenuShellExt Class"
\InProcServer32\(Default) = "D:\PROGRA~1\DAP\Privacy Package\DAPCtxMenuShell.dll" ["Speedbit Ltd."]
NOD32 Context Menu Shell Extension\(Default) = "{B089FE88-FB52-11D3-BDF1-0050DA34150D}"
-> {HKLM...CLSID} = "NOD32 Context Menu Shell Extension"
\InProcServer32\(Default) = "D:\Program Files\Eset\nodshex.dll" [null data]
Spik\(Default) = "{B4B924A2-EBDA-11DA-95DA-00E08161165F}"
-> {HKLM...CLSID} = "SpikShellExt Class"
\InProcServer32\(Default) = "D:\Program Files\Spik\shellext_wpmsg.dll" ["Wirtualna Polska"]
VIDEOTRANS\(Default) = "{C8CA0A66-AF32-4D5E-879E-F0809ACEDC55}"
-> {HKLM...CLSID} = "AmvTransform Class"
\InProcServer32\(Default) = "D:\Program Files\MP3 Player Utilities 4.00\AMVConverter\AmvTransform.dll" [empty string]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "D:\Program Files\WinRAR\rarext.dll" [null data]
HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlersDAP_ShredMenu\(Default) = "{BED4C38B-F765-45AC-8C56-613F76BBF43E}"
-> {HKLM...CLSID} = "DAPMenuShellExt Class"
\InProcServer32\(Default) = "D:\PROGRA~1\DAP\Privacy Package\DAPCtxMenuShell.dll" ["Speedbit Ltd."]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "D:\Program Files\WinRAR\rarext.dll" [null data]
HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlersNOD32 Context Menu Shell Extension\(Default) = "{B089FE88-FB52-11D3-BDF1-0050DA34150D}"
-> {HKLM...CLSID} = "NOD32 Context Menu Shell Extension"
\InProcServer32\(Default) = "D:\Program Files\Eset\nodshex.dll" [null data]
Spik\(Default) = "{B4B924A2-EBDA-11DA-95DA-00E08161165F}"
-> {HKLM...CLSID} = "SpikShellExt Class"
\InProcServer32\(Default) = "D:\Program Files\Spik\shellext_wpmsg.dll" ["Wirtualna Polska"]
UnlockerShellExtension\(Default) = "{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}"
-> {HKLM...CLSID} = "UnlockerShellExtension"
\InProcServer32\(Default) = "D:\Program Files\Unlocker\UnlockerCOM.dll" [null data]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "D:\Program Files\WinRAR\rarext.dll" [null data]
HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlersUnlockerShellExtension\(Default) = "{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}"
-> {HKLM...CLSID} = "UnlockerShellExtension"
\InProcServer32\(Default) = "D:\Program Files\Unlocker\UnlockerCOM.dll" [null data]
Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------
Note: detected settings may not have any effect.
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
"NoWelcomeScreen" = (REG_DWORD) dword:0x00000000
{unrecognized setting}
"NoSetTaskbar" = (REG_DWORD) dword:0x00000000
{User Configuration|Administrative Templates|Start Menu and Taskbar|
Prevent changes to Taskbar and Start Menu Settings}
"NoToolbarsOnTaskbar" = (REG_DWORD) dword:0x00000000
{unrecognized setting}
"NoBandCustomize" = (REG_DWORD) dword:0x00000000
{User Configuration|Administrative Templates|Windows Components|Internet Explorer|Toolbars|
Disable customizing browser toolbars}
"NoMovingBands" = (REG_DWORD) dword:0x00000000
{unrecognized setting}
"NoCloseDragDropBands" = (REG_DWORD) dword:0x00000000
{unrecognized setting}
"ClassicShell" = (REG_DWORD) dword:0x00000000
{User Configuration|Administrative Templates|Windows Components|Windows Explorer|
Enable Classic Shell / Turn on Classic Shell}
"NoTaskGrouping" = (REG_DWORD) dword:0x00000000
{unrecognized setting}
"NoNetHood" = (REG_DWORD) dword:0x00000000
{unrecognized setting}
"NoCDBurning" = (REG_DWORD) dword:0x00000000
{unrecognized setting}
"NoRecentDocsHistory" = (REG_DWORD) dword:0x00000000
{unrecognized setting}
"ClearRecentDocsOnExit" = (REG_DWORD) dword:0x00000001
{unrecognized setting}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer
"NoCDBurning" = (REG_DWORD) dword:0x00000000
{unrecognized setting}
"NoResolveTrack" = (REG_DWORD) dword:0x00000001
{unrecognized setting}
"NoPropertiesMyComputer" = (REG_DWORD) dword:0x00000000
{unrecognized setting}
"NoFileAssociate" = (REG_DWORD) dword:0x00000000
{unrecognized setting}
"NoSMHelp" = (REG_DWORD) dword:0x00000000
{unrecognized setting}
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System
"HideLegacyLogonScripts" = (REG_DWORD) dword:0x00000000
{unrecognized setting}
"HideLogoffScripts" = (REG_DWORD) dword:0x00000000
{unrecognized setting}
"RunLogonScriptSync" = (REG_DWORD) dword:0x00000001
{unrecognized setting}
"RunStartupScriptSync" = (REG_DWORD) dword:0x00000001
{unrecognized setting}
"HideStartupScripts" = (REG_DWORD) dword:0x00000000
{unrecognized setting}
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer\Control Panel
"SecurityTab" = (REG_DWORD) dword:0x00000000
{Computer Configuration|Administrative Templates|Windows Components|Internet Explorer|Internet Control Panel|
Disable the Security page}
"ConnectionsTab" = (REG_DWORD) dword:0x00000000
{Computer Configuration|Administrative Templates|Windows Components|Internet Explorer|Internet Control Panel|
Disable the Connections page}
"SecChangeSettings" = (REG_DWORD) dword:0x00000000
{unrecognized setting}
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer\Restrictions
"NoBrowserOptions" = (REG_DWORD) dword:0x00000000
{Computer Configuration|Administrative Templates|Windows Components|Internet Explorer|Browser Menus|
Tools menu: Disable Internet Options... menu option}
"NoBrowserSaveAs" = (REG_DWORD) dword:0x00000000
{unrecognized setting}
"NoFavorites" = (REG_DWORD) dword:0x00000000
{unrecognized setting}
"NoFileNew" = (REG_DWORD) dword:0x00000000
{unrecognized setting}
"NoFileOpen" = (REG_DWORD) dword:0x00000000
{unrecognized setting}
"NoTheaterMode" = (REG_DWORD) dword:0x00000000
{unrecognized setting}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
"undockwithoutlogon" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}
"SynchronousUserGroupPolicy" = (REG_DWORD) dword:0x00000000
{unrecognized setting}
"SynchronousMachineGroupPolicy" = (REG_DWORD) dword:0x00000000
{unrecognized setting}
"HideLegacyLogonScripts" = (REG_DWORD) dword:0x00000000
{unrecognized setting}
"HideLogoffScripts" = (REG_DWORD) dword:0x00000000
{unrecognized setting}
"RunLogonScriptSync" = (REG_DWORD) dword:0x00000001
{unrecognized setting}
"RunStartupScriptSync" = (REG_DWORD) dword:0x00000001
{unrecognized setting}
"HideStartupScripts" = (REG_DWORD) dword:0x00000000
{unrecognized setting}
"ShutdownWithoutLogon" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}
"NoDispBackgroundPage" = (REG_DWORD) dword:0x00000000
{unrecognized setting}
"DisableRegistryTools" = (REG_DWORD) dword:0x00000000
{unrecognized setting}
Active Desktop and Wallpaper:
-----------------------------
Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General"Wallpaper" = "%APPDATA%\FastStone\FSIV\FSViewerWallPaper.bmp"
Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop"Wallpaper" = "D:\Documents and Settings\Jakub\Dane aplikacji\FastStone\FSIV\FSViewerWallPaper.bmp"
Enabled Scheduled Tasks:
------------------------
"1-Click Maintenance" -> launches: "D:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe /schedulestart" [file not found]
"AppleSoftwareUpdate" -> launches: "D:\Program Files\Apple Software Update\SoftwareUpdate.exe -task" ["Apple Inc."]
Winsock2 Service Provider DLLs:
-------------------------------
Namespace Service Providers
HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
Transport Service Providers
HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
D:\WINDOWS\system32\imon.dll ["Eset "], 01 - 05, 19
%SystemRoot%\system32\mswsock.dll [MS], 06 - 08, 11 - 18
%SystemRoot%\system32\rsvpsp.dll [MS], 09 - 10
Toolbars, Explorer Bars, Extensions:
------------------------------------
Explorer Bars
HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars
HKLM\SOFTWARE\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Poszukaj"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "D:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL" [MS]
Extensions (Tools menu items, main toolbar menu buttons)
HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions{08B0E5C0-4FCB-11CF-AAA5-00401C608501}"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}"
-> {HKCU...CLSID} = "Java Plug-in 1.6.0_03"
\InProcServer32\(Default) = "D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll" ["Sun Microsystems, Inc."]
-> {HKLM...CLSID} = "Java Plug-in 1.6.0_03"
\InProcServer32\(Default) = "D:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll" ["Sun Microsystems, Inc."]
{92780B25-18CC-41C8-B9BE-3C9C571A8263}"ButtonText" = "Research"
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}"MenuText" = "Spybot - Search & Destroy Configuration"
"CLSIDExtension" = "{53707962-6F74-2D53-2644-206D7942484F}"
-> {HKLM...CLSID} = "Spybot-S&D IE Protection"
\InProcServer32\(Default) = "D:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]
{E2E2DD38-D088-4134-82B7-F2BA38496583}"MenuText" = "@xpsp3res.dll,-20001"
"Exec" = "%windir%\Network Diagnostic\xpnetdiag.exe" [MS]
{FB5F1910-F110-11D2-BB9E-00C04F795683}"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "D:\Program Files\Messenger\msmsgs.exe" [MS]
Miscellaneous IE Hijack Points
------------------------------
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs<> "NavigationFailure" = "res://ieframe.dll/navcancl.htm" [MS]
<> "NavigationCanceled" = "res://ieframe.dll/navcancl.htm" [MS]
<> "OfflineInformation" = "res://ieframe.dll/offcancl.htm" [MS]
<> "PostNotCached" = "res://ieframe.dll/repost.htm" [MS]
<> "NoAdd-ons" = "res://ieframe.dll/noaddon.htm" [MS]
<> "NoAdd-onsInfo" = "res://ieframe.dll/noaddoninfo.htm" [MS]
<> "SecurityRisk" = "res://ieframe.dll/securityatrisk.htm" [MS]
<> "Tabs" = "res://ieframe.dll/tabswelcome.htm" [MS]
Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------
Ati HotKey Poller, Ati HotKey Poller, "D:\WINDOWS\system32\Ati2evxx.exe" ["ATI Technologies Inc."]
NOD32 Kernel Service, NOD32krn, ""D:\Program Files\Eset\nod32krn.exe"" ["Eset "]
PnkBstrA, PnkBstrA, "D:\WINDOWS\system32\PnkBstrA.exe" [null data]
Protexis Licensing V2, PSI_SVC_2, ""D:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe"" ["Protexis Inc."]
---------- (launch time: 2008-05-06 07:55:05)
<>: Suspicious data at a malware launch point.
<>: Suspicious data at a browser hijack point.
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points, use the -supp parameter or answer "No" at the
first message box and "Yes" at the second message box.
---------- (total run time: 45 seconds, including 3 seconds for message boxes)
Pokaz loga Combofixa.
Komunikat wyglada jak ikona Combo Fix i pojawia sie każdorazowo w oknie konkretnego programu jako komunikat o błędzie.Jak tu wkleić sceena nie wiem.:redface: Ja też lubię Żółtego
może tak screen komunikatu, komunikat jest w nodzie?
W logu nic niepokojącego nie widzę.
I jaki problem ze spikiem i z grafiką?
Strona 1 / 1