LOG z SDFix : i z SDFixa wyświetlił mi sie taki błąd Nie można załądować obsługi IPX/VDM
SDFix: Version 1.186
Run by Mikoaj on 2008-05-29 at 21:38
Microsoft Windows XP [Wersja 5.1.2600]
Running From: C:\SDFix
Checking Services :
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting
Checking Files :
No Trojan Files Found
Removing Temp Files
ADS Check :
Final Check :
catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-29 21:43:29
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]
"h0"=dword:00000000
"hdf12"=hex:5a,00,44,ca,90,db,fb,37,14,cb,8f,36,6b,ec,8f,74,d2,f7,c6,32,fd,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000001
"khjeh"=hex:76,02,68,09,d7,76,ef,b0,c8,cf,9a,af,7e,7b,f6,76,45,82,0e,c8,00,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,d6,0c,39,26,7e,57,6b,9f,8a,08,70,ca,c6,0a,08,ee,98,..
"khjeh"=hex:75,4b,71,fc,7e,90,f3,5d,82,b8,1f,37,4d,7a,f1,0a,fe,5f,99,45,4a,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:eb,2f,dd,ee,67,e8,e2,68,35,f4,41,a1,40,35,ee,2a,7b,c7,c7,84,26,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]
"h0"=dword:00000000
"hdf12"=hex:5a,00,44,ca,90,db,fb,37,14,cb,8f,36,6b,ec,8f,74,d2,f7,c6,32,fd,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000001
"khjeh"=hex:76,02,68,09,d7,76,ef,b0,c8,cf,9a,af,7e,7b,f6,76,45,82,0e,c8,00,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,d6,0c,39,26,7e,57,6b,9f,8a,08,70,ca,c6,0a,08,ee,98,..
"khjeh"=hex:75,4b,71,fc,7e,90,f3,5d,82,b8,1f,37,4d,7a,f1,0a,fe,5f,99,45,4a,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:eb,2f,dd,ee,67,e8,e2,68,35,f4,41,a1,40,35,ee,2a,7b,c7,c7,84,26,..
scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
"DeviceNotSelectedTimeout"="15"
"GDIProcessHandleQuota"=dword:00002710
"Spooler"="yes"
"swapdisk"=""
"TransmissionRetryTimeout"="90"
"USERProcessHandleQuota"=dword:00002710
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Remaining Services :
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Gadu-Gadu\\gg.exe"="C:\\Program Files\\Gadu-Gadu\\gg.exe:*:Enabled:Gadu-Gadu - program g˘wny"
"C:\\Program Files\\Valve\\hlds.exe"="C:\\Program Files\\Valve\\hlds.exe:*:Enabled:HLDS Launcher"
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
"C:\\Program Files\\Opera\\Opera.exe"="C:\\Program Files\\Opera\\Opera.exe:*:Enabled:Opera Internet Browser"
"D:\\Gry\\Atari\\Test Drive Unlimited\\TestDriveUnlimited.exe"="D:\\Gry\\Atari\\Test Drive Unlimited\\TestDriveUnlimited.exe:*:Enabled:Test Drive Unlimited"
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe:*:Enabled:Azureus"
"D:\\Gry\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"="D:\\Gry\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe:*:Enabled:Crysis_32"
"D:\\Gry\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"="D:\\Gry\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe:*:Enabled:Assassin's Creed Dx9"
"D:\\Gry\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"="D:\\Gry\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe:*:Enabled:Assassin's Creed Dx10"
"D:\\Gry\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"="D:\\Gry\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe:*:Enabled:Assassin's Creed Update"
"C:\\Program Files\\BearShare\\BearShare.exe"="C:\\Program Files\\BearShare\\BearShare.exe:*:Enabled:BearShare"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:uTorrent"
"D:\\Gry\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"="D:\\Gry\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe:*:Disabled:CrysisDedicatedServer_32"
"C:\\Program Files\\DAEMON Tools Pro\\DTPro.exe"="C:\\Program Files\\DAEMON Tools Pro\\DTPro.exe:*:Disabled:DAEMON Tools Pro"
"C:\\Program Files\\DAEMON Tools Pro\\DTProAgent.exe"="C:\\Program Files\\DAEMON Tools Pro\\DTProAgent.exe:*:Disabled:DAEMON Tools Pro Agent"
"C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"="C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe:*:Disabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Valve\\hl.exe"="C:\\Program Files\\Valve\\hl.exe:*:Disabled:Half-Life Launcher"
"D:\\Gry\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"="D:\\Gry\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe:*:Disabled:iw3mp"
"C:\\WINDOWS\\system32\\PnkBstrA.exe"="C:\\WINDOWS\\system32\\PnkBstrA.exe:*:Disabled:PnkBstrA"
"C:\\WINDOWS\\system32\\PnkBstrB.exe"="C:\\WINDOWS\\system32\\PnkBstrB.exe:*:Disabled:PnkBstrB"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
Remaining Files :
File Backups: - C:\SDFix\backups\backups.zip
Files with Hidden Attributes :
Sat 24 May 2008 23 A.SH. --- "C:\WINDOWS\system32\adafcfcecbc3_z.dll"
Thu 8 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\05030212059e1b9876d47b8cf2fa5e95\BIT1C.tmp"
Wed 21 May 2008 1,301 ...HR --- "C:\Documents and Settings\Mikoaj\Dane aplikacji\SecuROM\UserData\securom_v7_01.bak"
Finished!
z Combo :
ComboFix 08-05-29.1 - Mikołaj 2008-05-29 22:07:37.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.1587 [GMT 2:00]
Running from: C:\Documents and Settings\Mikołaj\Pulpit\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\adafcfcecbc3_z.dll
.
---- Previous Run -------
.
C:\Program Files\myglobalsearch
C:\Program Files\myglobalsearch\bar\1.bin\M9FFXTBR.JAR
C:\Program Files\myglobalsearch\bar\1.bin\M9FFXTBR.MANIFEST
C:\Program Files\myglobalsearch\bar\1.bin\M9NTSTBR.JAR
C:\Program Files\myglobalsearch\bar\1.bin\M9NTSTBR.MANIFEST
C:\Program Files\myglobalsearch\bar\1.bin\M9PLUGIN.DLL
C:\Program Files\myglobalsearch\bar\1.bin\MGSBAR.DLL
C:\Program Files\myglobalsearch\bar\1.bin\NPMYGLSH.DLL
C:\Program Files\myglobalsearch\bar\Cache\00069405.qeRZQ
C:\Program Files\myglobalsearch\bar\Cache\000697FD.bin
C:\Program Files\myglobalsearch\bar\Cache\00069C90.bin
C:\Program Files\myglobalsearch\bar\Cache\00069ED3.bin
C:\Program Files\myglobalsearch\bar\Cache\001D6AC3
C:\Program Files\myglobalsearch\bar\Cache\files.ini
C:\Program Files\myglobalsearch\bar\History\search
C:\Program Files\myglobalsearch\bar\Settings\prevcfg.htm
.
((((((((((((((((((((((((( Files Created from 2008-04-28 to 2008-05-29 )))))))))))))))))))))))))))))))
.
2008-05-29 21:31 . 2008-05-29 21:45 <DIR> d-------- C:\SDFix
2008-05-28 21:41 . 2008-05-28 21:41 <DIR> d-------- C:\Program Files\DAEMON Tools Lite
2008-05-28 21:39 . 2008-05-28 21:39 <DIR> d-------- C:\Documents and Settings\Mikołaj\Dane aplikacji\DAEMON Tools
2008-05-28 20:43 . 2008-02-07 17:10 <DIR> d--h----- C:\ckis
2008-05-26 00:14 . 2008-05-28 21:09 <DIR> d-------- C:\Program Files\Kaspersky Lab
2008-05-26 00:14 . 2008-05-29 22:06 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab
2008-05-26 00:14 . 2008-05-29 22:09 3,734,560 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-05-26 00:14 . 2008-05-28 21:39 96,966 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-05-26 00:14 . 2008-05-29 20:11 88,774 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-05-26 00:14 . 2008-05-29 21:33 50,840 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-05-26 00:14 . 2008-05-29 21:49 40,736 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-05-26 00:14 . 2008-05-29 21:33 5,648 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-05-26 00:13 . 2008-05-26 00:13 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files
2008-05-25 00:31 . 2007-04-20 00:05 356,352 --a------ C:\WINDOWS\system32\nvudisp.exe
2008-05-25 00:31 . 2007-04-20 00:05 115,998 --a------ C:\WINDOWS\system32\nvapps.xml
2008-05-25 00:31 . 2007-04-20 00:05 17,177 --a------ C:\WINDOWS\system32\nvdisp.nvu
2008-05-25 00:16 . 2008-05-25 00:28 <DIR> d-------- C:\WINDOWS\nvidia icons
2008-05-24 20:23 . 2008-05-25 00:01 <DIR> d-------- C:\Program Files\The Witcher
2008-05-24 13:53 . 2008-05-24 13:53 <DIR> d-------- C:\Program Files\Lavalys
2008-05-24 12:30 . 2008-05-24 12:30 278,984 --a------ C:\WINDOWS\system32\drivers\atksgt.sys
2008-05-24 12:30 . 2008-05-24 12:30 25,416 --a------ C:\WINDOWS\system32\drivers\lirsgt.sys
2008-05-24 11:52 . 2008-05-24 11:53 <DIR> d-------- C:\Documents and Settings\Mikołaj\Dane aplikacji\DAEMON Tools Pro
2008-05-24 11:48 . 2008-05-28 21:39 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-05-24 01:08 . 2008-05-24 01:08 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\MailFrontier
2008-05-24 01:08 . 2004-04-27 05:40 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
2008-05-24 01:08 . 2008-05-24 01:10 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-05-24 01:07 . 2008-05-26 00:02 <DIR> d-------- C:\WINDOWS\Internet Logs
2008-05-24 01:02 . 2008-05-24 01:02 <DIR> d-------- C:\Program Files\jv16 PowerTools 2008
2008-05-24 01:02 . 2008-05-24 01:02 23 --a------ C:\WINDOWS\system32\abdecbea3_z.ocx
2008-05-24 00:10 . 2008-05-26 00:01 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Avira
2008-05-23 23:18 . 2008-05-23 23:18 <DIR> d-------- C:\Program Files\uTorrent
2008-05-23 23:18 . 2008-05-28 20:26 <DIR> d-------- C:\Documents and Settings\Mikołaj\Dane aplikacji\uTorrent
2008-05-23 23:05 . 2008-05-28 22:04 <DIR> d-------- C:\Fraps
2008-05-21 14:32 . 2008-05-21 14:38 <DIR> d-------- C:\Program Files\NFS
2008-05-17 13:53 . 2008-05-17 13:56 <DIR> d-------- C:\Program Files\BearShare
2008-05-17 13:53 . 2008-05-17 22:55 <DIR> d-------- C:\My Downloads
2008-05-14 22:03 . 2008-05-14 22:18 <DIR> d-------- C:\Program Files\Samsung
2008-05-10 20:35 . 2008-05-10 20:35 <DIR> d-------- C:\Documents and Settings\Mikołaj\Dane aplikacji\Ubisoft
2008-05-10 20:34 . 2008-05-10 20:34 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Ubisoft
2008-05-10 20:33 . 2007-10-12 15:14 3,734,536 --a------ C:\WINDOWS\system32\d3dx9_36.dll
2008-05-10 20:33 . 2007-10-12 15:14 1,374,232 --a------ C:\WINDOWS\system32\D3DCompiler_36.dll
2008-05-10 20:33 . 2007-10-02 09:56 444,776 --a------ C:\WINDOWS\system32\d3dx10_36.dll
2008-05-10 20:33 . 2007-10-22 03:39 267,272 --a------ C:\WINDOWS\system32\xactengine2_10.dll
2008-05-10 20:33 . 2007-07-20 00:57 267,112 --a------ C:\WINDOWS\system32\xactengine2_9.dll
2008-05-10 10:21 . 2008-05-10 10:22 <DIR> d-------- C:\WINDOWS\ERUNT
2008-05-09 22:39 . <DIR> C:\Documents and Settings\Miko-aj
2008-05-05 20:54 . 2003-06-19 01:31 17,920 --a------ C:\WINDOWS\system32\mdimon.dll
2008-05-05 20:52 . 2008-05-05 20:53 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-05-05 20:52 . 2008-05-05 20:52 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-05-05 20:50 . 2008-05-05 20:50 <DIR> dr-h----- C:\MSOCache
2008-05-03 22:17 . 2008-05-03 22:17 <DIR> d-------- C:\Program Files\MadOnion.com
2008-05-03 20:25 . 2008-05-03 20:25 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2008-05-03 20:25 . 2008-05-03 20:25 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2008-05-03 20:25 . 2008-05-03 20:25 1,406 --a------ C:\WINDOWS\system32\Help.ico
2008-05-03 14:12 . 2008-05-03 14:12 <DIR> d-------- C:\Documents and Settings\Mikołaj\Dane aplikacji\HP
2008-05-03 14:12 . 2008-05-03 14:12 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\WEBREG
2008-05-03 14:09 . 2008-05-03 14:09 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Hewlett-Packard
2008-05-03 14:09 . 2007-03-30 17:29 267,864 -ra------ C:\WINDOWS\system32\hpzids01.dll
2008-05-03 14:09 . 2007-03-28 14:01 118,272 --a------ C:\WINDOWS\system32\hpz3l5ha.dll
2008-05-03 14:00 . 2008-05-03 14:00 <DIR> d-------- C:\Documents and Settings\Mikołaj\Dane aplikacji\HPAppData
2008-05-03 14:00 . 2008-05-03 14:00 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\HPSSUPPLY
2008-05-03 13:58 . 2008-05-03 13:58 <DIR> d-------- C:\Program Files\Hewlett-Packard
2008-05-03 13:58 . 2008-05-03 13:58 <DIR> d-------- C:\Program Files\Common Files\HP
2008-05-03 13:58 . 2008-05-03 13:58 <DIR> d-------- C:\Program Files\Common Files\Hewlett-Packard
2008-05-03 13:58 . 2008-05-03 13:58 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\HP Product Assistant
2008-05-03 13:58 . 2008-05-03 13:59 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\HP
2008-05-03 13:57 . 2008-05-03 14:00 <DIR> d-------- C:\Program Files\HP
2008-05-03 13:57 . 2007-03-08 06:20 49,920 -ra------ C:\WINDOWS\system32\drivers\HPZid412.sys
2008-05-03 13:57 . 2004-08-04 07:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-05-03 13:57 . 2004-08-04 07:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2008-05-03 13:57 . 2007-03-08 06:20 21,568 -ra------ C:\WINDOWS\system32\drivers\HPZius12.sys
2008-05-03 13:57 . 2007-03-08 06:20 16,496 -ra------ C:\WINDOWS\system32\drivers\HPZipr12.sys
2008-05-03 13:56 . 2008-05-03 14:12 152,108 --a------ C:\WINDOWS\hpoins15.dat
2008-05-03 13:56 . 2007-09-20 22:05 1,039 --------- C:\WINDOWS\hpomdl15.dat
2008-05-03 13:52 . 2007-03-17 08:39 958,464 -ra------ C:\WINDOWS\system32\hpotiop4.dll
2008-05-03 13:52 . 2007-03-17 08:39 675,840 -ra------ C:\WINDOWS\system32\hpowiax4.dll
2008-05-03 13:52 . 2007-03-08 06:20 364,544 -ra------ C:\WINDOWS\system32\hppldcoi.dll
2008-05-03 13:52 . 2007-03-08 06:20 309,760 -ra------ C:\WINDOWS\system32\difxapi.dll
2008-05-03 13:52 . 2007-03-17 08:39 303,104 -ra------ C:\WINDOWS\system32\hpovst11.dll
2008-05-03 13:52 . 2004-08-04 06:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-05-03 13:52 . 2004-08-04 06:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2008-04-30 23:59 . 2008-05-01 00:00 <DIR> d-------- C:\Program Files\TweakNow RegCleaner Professional
2008-04-30 23:59 . 2008-04-30 23:59 <DIR> d-------- C:\Documents and Settings\Mikołaj\Dane aplikacji\TweakNow RegCleaner Professional
2008-04-29 20:06 . 2008-04-29 20:07 <DIR> d-------- C:\WINDOWS\system32\URTTemp
2008-04-29 20:05 . 2007-07-19 18:14 3,727,720 --a------ C:\WINDOWS\system32\d3dx9_35.dll
2008-04-29 20:05 . 2007-07-19 18:14 1,358,192 --a------ C:\WINDOWS\system32\D3DCompiler_35.dll
2008-04-29 20:05 . 2008-04-29 20:05 669,184 --a------ C:\WINDOWS\system32\pbsvc.exe
2008-04-29 20:05 . 2007-07-19 18:14 444,776 --a------ C:\WINDOWS\system32\d3dx10_35.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-28 20:04 --------- d---a-w C:\Documents and Settings\All Users\Dane aplikacji\TEMP
2008-05-28 19:53 --------- d-----w C:\Program Files\Gadu-Gadu
2008-05-28 19:45 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-28 19:39 112,144 ----a-w C:\WINDOWS\system32\drivers\kl1.sys
2008-05-28 17:20 --------- d-----w C:\Documents and Settings\Mikołaj\Dane aplikacji\Azureus
2008-05-28 17:10 --------- d-----w C:\Program Files\eMule
2008-05-28 13:40 --------- d-----w C:\Program Files\Neostrada TP
2008-05-28 11:57 --------- d-----w C:\Program Files\AIMP2
2008-05-27 17:09 --------- d-----w C:\Documents and Settings\Mikołaj\Dane aplikacji\Tibia
2008-05-26 21:40 --------- d-----w C:\Program Files\SpeedFan
2008-05-24 21:45 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-05-24 21:45 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-05-23 22:03 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Spybot - Search & Destroy
2008-05-21 18:03 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2008-05-21 13:04 --------- d-----w C:\Program Files\Electronic Arts
2008-05-19 20:10 --------- d-----w C:\Documents and Settings\Mikołaj\Dane aplikacji\AdobeUM
2008-05-13 20:34 --------- d-----w C:\Program Files\Tibia
2008-05-10 10:29 --------- d-----w C:\Program Files\Azureus
2008-04-29 18:05 22,328 ----a-w C:\Documents and Settings\Mikołaj\Dane aplikacji\PnkBstrK.sys
2008-04-20 18:49 --------- d-----w C:\Program Files\AidemMedia
2008-04-14 19:07 --------- d-----w C:\Program Files\Dziobas Rar Player
2008-04-09 21:19 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Test Drive Unlimited
2008-04-05 22:25 64,851 ----a-w C:\WINDOWS\BricoPackUninst.cmd
2008-04-05 22:25 6,120 ----a-w C:\WINDOWS\BricoPackFoldersDelete.cmd
2008-04-05 22:25 219,648 ----a-w C:\WINDOWS\system32\uxtheme.dll
2008-04-03 21:45 --------- d-----w C:\Program Files\SubEdit-Player
2008-04-02 19:44 23 ----a-w C:\WINDOWS\system32\drivers\adidsl.cfg
2008-04-02 19:43 --------- d-----w C:\Program Files\SAGEM
2008-04-02 19:43 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-03-31 20:14 --------- d-----w C:\Program Files\Asprate
2008-03-30 22:18 --------- d-----w C:\Program Files\Alwil Software
2008-03-30 22:11 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Avg7
2008-03-30 18:22 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-03-27 18:55 127,034 ------r C:\WINDOWS\bwUnin-8.1.1.50-8876480SL.exe
2008-03-25 04:52 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:52 178,976 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-20 08:09 1,845,504 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-15 21:15 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
.
------- Sigcheck -------
2007-06-13 15:23 976896 e74ef52c79f3347a0b105b0b92bfed38 C:\WINDOWS\explorer.exe
2007-06-13 15:12 1034752 8db0650b211425b9cdb7d1c4a8f6b482 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2002-09-20 19:05 1005568 f4af85d918e83d71341fce2aa5318181 C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
2004-08-04 09:44 1033728 379098a96e6c165b659de7e4328010ea C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
2007-06-13 15:23 976896 e74ef52c79f3347a0b105b0b92bfed38 C:\WINDOWS\ServicePackFiles\i386\explorer.exe
2007-06-13 15:23 1034752 029a562e81bbee088c61d418bf408f44 C:\WINDOWS\system32\dllcache\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= "C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL" [ ]
[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL [ ]
[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-05-04 11:39 149040]
"LightScribe Control Panel"="C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-04-19 14:26 484904]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-04-01 11:39 486856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EasyTuneV"="C:\Program Files\Gigabyte\ET5\ETcall.exe" [2006-12-15 15:13 31552]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-05-04 11:59 161328]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 10:30 249856]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 10:30 81920]
"WooCnxMon"="C:\PROGRA~1\NEOSTR~1\CnxMon.exe" [2003-10-16 20:07 24576]
"WOOWATCH"="C:\PROGRA~1\NEOSTR~1\Watch.exe" [2003-10-16 20:07 20480]
"WOOTASKBARICON"="C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe" [2003-10-16 20:07 53248]
"RTHDCPL"="RTHDCPL.EXE" [2006-11-14 11:21 16270848 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 12:04 2879488 C:\WINDOWS\SkyTel.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 16:32 56080 C:\WINDOWS\KHALMNPR.Exe]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 21:34 49152]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-04-20 00:05 8429568]
"nwiz"="nwiz.exe" [2007-04-20 00:05 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-04-20 00:05 81920]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 09:44 15360]
C:\Documents and Settings\Mikoaj\Menu Start\Programy\Autostart\
GIGABYTE VGA Utility.lnk - C:\Documents and Settings\Mikoaj\Dane aplikacji\Microsoft\Installer\{D27BDB5D-3B4C-44F0-A648-BD00B0E79B39}\Utility.exe2_D27BDB5D3B4C44F0A648BD00B0E79B39.exe [2007-12-29 21:10:48 40960]
RocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-19 00:05:02 630784]
TransBar.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe [2005-06-01 21:41:18 65536]
UberIcon.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe [2006-05-21 09:43:08 180224]
Y'z Shadow.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe [2006-05-21 09:43:14 155648]
C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
AGC.lnk - C:\Program Files\AGC\agc.exe [2005-03-19 02:05:00 100864]
DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2008-04-02 21:44:05 962661]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 21:26:24 210520]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-03-27 20:55:24 67128]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-03-27 20:53:14 692224]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoConnect]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
C:\Program Files\D-Tools\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-10-13 18:24 1694208 C:\Program Files\Messenger\MSMSGS.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Gadu-Gadu\\gg.exe"=
"C:\\Program Files\\Valve\\hlds.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\Opera\\Opera.exe"=
"D:\\Gry\\Atari\\Test Drive Unlimited\\TestDriveUnlimited.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"D:\\Gry\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=
"D:\\Gry\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=
"D:\\Gry\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=
"D:\\Gry\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=
"C:\\Program Files\\BearShare\\BearShare.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"D:\\Gry\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Valve\\hl.exe"=
"D:\\Gry\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-12-13 13:28]
R3 MarkFun_NT;MarkFun_NT;C:\Program Files\Gigabyte\ET5\markfun.w32 [2006-11-21 21:20]
S3 gdrv;gdrv;C:\WINDOWS\gdrv.sys [2008-02-10 21:52]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
*Newly Created Service* - MARKFUN_NT
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-29 22:09:10
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\MarkFun_NT]
"ImagePath"="\??\C:\Program Files\Gigabyte\ET5\markfun.w32"
.
Completion time: 2008-05-29 22:10:45
ComboFix-quarantined-files.txt 2008-05-29 20:10:42
Pre-Run: 110,300,598,272 bajtów wolnych
Post-Run: 110,336,618,496 bajtów wolnych
270 --- E O F --- 2008-05-16 21:05:51
z HJ:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:12:06, on 2008-05-29
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\NEOSTR~1\CnxMon.exe
C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Gigabyte\ET5\GUI.exe
C:\Program Files\AGC\agc.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\GIGABYTE\VGA Utility Manager\Utility.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: My Global Search Bar BHO - {37B85A21-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL (file missing)
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll
O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL (file missing)
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL (file missing)
O4 - HKLM\..\Run: [EasyTuneV] C:\Program Files\Gigabyte\ET5\ETcall.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: GIGABYTE VGA Utility.lnk = ?
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
O4 - Global Startup: AGC.lnk = C:\Program Files\AGC\agc.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Kolekcja wycinków HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Zaznaczanie HP Smart - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} - http://www.mks.com.pl/skaner/SkanerOnline.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
--
End of file - 10069 bytes
