COMBOFIX
- Kod: Zaznacz wszystko
ComboFix 08-06-16.5 - nnnn 2008-06-18 21:23:24.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1045.18.1650 [GMT 2:00]
Running from: C:\Documents and Settings\nnnn\Pulpit\ComboFix.exe
* Created a new restore point
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.
((((((((((((((((((((((((( Files Created from 2008-05-18 to 2008-06-18 )))))))))))))))))))))))))))))))
.
2008-06-18 19:45 . 2008-06-18 19:45 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-06-18 16:11 . 2008-06-18 21:25 <DIR> d--h----- C:\Documents and Settings\Gość\Ustawienia lokalne
2008-06-18 16:11 . 2008-06-18 21:25 <DIR> d--h----- C:\Documents and Settings\Gość\Ustawienia lokalne
2008-06-18 16:11 . 2008-06-18 16:11 <DIR> dr------- C:\Documents and Settings\Gość\Ulubione
2008-06-18 16:11 . 2008-06-18 16:11 <DIR> dr------- C:\Documents and Settings\Gość\Ulubione
2008-06-18 16:11 . 2007-11-24 01:16 <DIR> d--h----- C:\Documents and Settings\Gość\Szablony
2008-06-18 16:11 . 2007-11-24 01:16 <DIR> d--h----- C:\Documents and Settings\Gość\Szablony
2008-06-18 16:11 . 2007-11-24 02:11 <DIR> d-------- C:\Documents and Settings\Gość\Pulpit
2008-06-18 16:11 . 2007-11-24 02:11 <DIR> d-------- C:\Documents and Settings\Gość\Pulpit
2008-06-18 16:11 . 2008-06-18 16:11 <DIR> dr------- C:\Documents and Settings\Gość\Moje dokumenty
2008-06-18 16:11 . 2008-06-18 16:11 <DIR> dr------- C:\Documents and Settings\Gość\Moje dokumenty
2008-06-18 16:11 . 2007-11-24 02:11 <DIR> dr------- C:\Documents and Settings\Gość\Menu Start
2008-06-18 16:11 . 2007-11-24 02:11 <DIR> dr------- C:\Documents and Settings\Gość\Menu Start
2008-06-18 16:11 . 2008-06-18 16:11 <DIR> d-------- C:\Documents and Settings\Gość\Dane aplikacji\Logitech
2008-06-18 16:11 . 2008-06-18 16:11 <DIR> dr-h----- C:\Documents and Settings\Gość\Dane aplikacji
2008-06-18 16:11 . 2008-06-18 16:11 <DIR> dr-h----- C:\Documents and Settings\Gość\Dane aplikacji
2008-06-18 16:11 . 2008-06-18 16:12 <DIR> d-------- C:\Documents and Settings\Gość
2008-06-16 18:54 . 2008-06-16 20:25 <DIR> d-------- C:\Documents and Settings\nnnn\Dane aplikacji\Touchstone
2008-06-16 18:26 . 2008-06-16 20:25 120 --a------ C:\WINDOWS\disney.ini
2008-06-15 12:20 . 2008-06-15 12:20 96,966 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-06-15 12:20 . 2008-06-15 12:20 88,774 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-06-15 12:19 . 2008-06-15 12:19 <DIR> d-------- C:\Program Files\Kaspersky Lab
2008-06-15 12:19 . 2008-06-18 21:22 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab
2008-06-15 12:19 . 2008-06-18 21:21 4,411,936 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-06-15 12:19 . 2008-06-18 21:21 499,744 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-06-15 12:19 . 2008-06-18 21:21 37,644 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-06-15 12:19 . 2008-06-18 21:21 3,836 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-06-14 23:17 . 2008-06-14 23:49 <DIR> d-------- C:\WINDOWS\nvidia icons
2008-06-14 23:16 . 2008-06-14 23:16 <DIR> d-------- C:\NVIDIA
2008-06-14 14:35 . 2008-06-14 14:35 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-06-14 14:35 . 2008-06-14 14:35 22,328 --a------ C:\Documents and Settings\nnnn\Dane aplikacji\PnkBstrK.sys
2008-06-14 14:34 . 2008-06-14 14:34 2,337,865 --a------ C:\WINDOWS\system32\pbsvc.exe
2008-06-14 14:34 . 2008-06-14 14:34 107,832 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2008-06-14 14:34 . 2008-06-14 14:34 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2008-06-14 14:25 . 2008-06-14 14:25 <DIR> d-------- C:\Program Files\Ubisoft
2008-06-10 23:26 . 2008-06-10 23:26 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Trymedia
2008-06-06 15:38 . 2008-06-06 15:38 <DIR> d-------- C:\Documents and Settings\nnnn\Dane aplikacji\Command & Conquer 3 Tiberium Wars
2008-06-06 15:07 . 2008-06-06 15:07 <DIR> dr-h----- C:\Documents and Settings\nnnn\Dane aplikacji\SecuROM
2008-05-29 20:45 . 2008-05-29 20:45 56 --a------ C:\WINDOWS\wininit.ini
2008-05-22 22:22 . 2008-05-22 22:22 <DIR> d-------- C:\Program Files\MSBuild
2008-05-22 22:22 . 2008-05-22 22:22 <DIR> d-------- C:\Program Files\Microsoft Works
2008-05-22 22:21 . 2008-05-22 22:21 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-05-22 22:17 . 2008-05-22 22:17 <DIR> d-------- C:\Program Files\Microsoft Visual Studio 8
2008-05-22 22:16 . 2008-05-22 22:17 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-05-22 22:16 . 2008-05-22 22:16 <DIR> dr-h----- C:\MSOCache
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-18 18:12 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Spybot - Search & Destroy
2008-06-18 12:23 --------- d-----w C:\Documents and Settings\nnnn\Dane aplikacji\foobar2000
2008-06-16 18:25 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-16 16:29 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-06-16 16:28 --------- d-----w C:\Program Files\AGEIA Technologies
2008-06-15 10:17 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files
2008-06-15 10:01 --------- d---a-w C:\Documents and Settings\All Users\Dane aplikacji\TEMP
2008-06-14 21:03 --------- d-----w C:\Program Files\SystemRequirementsLab
2008-06-14 12:35 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Ubisoft
2008-06-10 18:44 --------- d-----w C:\Documents and Settings\nnnn\Dane aplikacji\Vso
2008-06-04 12:50 --------- d-----w C:\Documents and Settings\nnnn\Dane aplikacji\ContentGuard
2008-06-02 16:55 --------- d-----w C:\Program Files\CCleaner
2008-05-29 19:12 --------- d-----w C:\Documents and Settings\nnnn\Dane aplikacji\Skype
2008-05-29 18:14 --------- d-----w C:\Documents and Settings\nnnn\Dane aplikacji\skypePM
2008-05-22 20:24 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Microsoft Help
2008-05-12 19:41 --------- d-----w C:\Program Files\Picture Resize Genius
2008-05-12 18:08 --------- d-----w C:\Documents and Settings\nnnn\Dane aplikacji\EPSON
2008-05-12 17:59 --------- d-----w C:\Program Files\ABBYY FineReader 6.0 Sprint
2008-05-10 18:16 --------- d-----w C:\Documents and Settings\nnnn\Dane aplikacji\Any Video Converter
2008-05-10 17:54 --------- d-----w C:\Program Files\Sony Ericsson
2008-05-10 17:39 --------- d-----w C:\Program Files\AVI ReComp
2008-05-10 17:37 --------- d-----w C:\Program Files\Smarty Uninstaller Pro
2008-05-04 20:11 --------- d-----w C:\Program Files\DivX
2008-05-02 22:36 306,432 ----a-w C:\WINDOWS\system32\TuneUpDefragService.exe
2008-05-02 22:36 --------- d-----w C:\Program Files\TuneUp Utilities 2008
2008-05-01 18:46 --------- d-----w C:\Documents and Settings\nnnn\Dane aplikacji\Ubisoft
2008-04-30 15:27 442,368 ----a-w C:\WINDOWS\system32\NVUNINST.EXE
2008-04-25 16:22 206,088 ----a-w C:\WINDOWS\system32\klogon.dll
2008-04-25 16:21 26,964 ----a-w C:\WINDOWS\system32\drivers\klopp.dat
2008-04-12 18:06 418,480 ----a-w C:\WINDOWS\system32\wrap_oal.dll
2008-04-12 18:06 115,432 ----a-w C:\WINDOWS\system32\OpenAL32.dll
2008-02-04 20:15 88 --sh--r C:\Documents and Settings\All Users\Dane aplikacji\3C9601BDFB.sys
2008-01-29 13:15 47,360 ----a-w C:\Documents and Settings\nnnn\Dane aplikacji\pcouffin.sys
2007-12-01 21:04 32 ----a-w C:\Documents and Settings\All Users\Dane aplikacji\ezsid.dat
.
------- Sigcheck -------
2006-03-02 14:00 14336 ba98327e90022dbd6ee76490e0622e2e C:\WINDOWS\system32\svchost.exe
2006-03-02 14:00 14336 ba98327e90022dbd6ee76490e0622e2e C:\WINDOWS\system32\dllcache\svchost.exe
2006-03-02 14:00 578560 0c81764f50f32d376e6e4b9e9f4b01a0 C:\WINDOWS\system32\user32.dll
2006-03-02 14:00 578560 0c81764f50f32d376e6e4b9e9f4b01a0 C:\WINDOWS\system32\dllcache\user32.dll
2006-03-02 14:00 82944 ab82237486b727dd7dab36a76f38a3a2 C:\WINDOWS\system32\ws2_32.dll
2006-03-02 14:00 82944 ab82237486b727dd7dab36a76f38a3a2 C:\WINDOWS\system32\dllcache\ws2_32.dll
2006-03-02 14:00 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\system32\dllcache\tcpip.sys
2006-03-02 14:00 359040 6a603809f598332dbedd535bdbce313e C:\WINDOWS\system32\drivers\tcpip.sys
2007-12-17 00:15 504832 033dfd0b69af3fbc60138c0ac5c75042 C:\WINDOWS\system32\winlogon.exe
2006-03-02 14:00 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\system32\dllcache\ndis.sys
2006-03-02 14:00 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\system32\drivers\ndis.sys
2006-03-02 14:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\system32\dllcache\ip6fw.sys
2006-03-02 14:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\system32\drivers\ip6fw.sys
2006-03-02 14:00 2016768 33fdad88eec315ee4cfb147fb19fd2b6 C:\WINDOWS\system32\ntkrnlpa.exe
2006-03-02 14:00 2149888 a1b8225d45ef88fa294fe1e371bb594a C:\WINDOWS\system32\ntoskrnl.exe
2006-03-02 14:00 1033728 379098a96e6c165b659de7e4328010ea C:\WINDOWS\explorer.exe
2006-03-02 14:00 1033728 379098a96e6c165b659de7e4328010ea C:\WINDOWS\system32\dllcache\explorer.exe
2006-03-02 14:00 108544 3da8d964d2cc12ef8e8c342471a37917 C:\WINDOWS\system32\services.exe
2006-03-02 14:00 108544 3da8d964d2cc12ef8e8c342471a37917 C:\WINDOWS\system32\dllcache\services.exe
2006-03-02 14:00 13312 f485fefc8cc4fd29243d800be5d275d1 C:\WINDOWS\system32\lsass.exe
2006-03-02 14:00 13312 f485fefc8cc4fd29243d800be5d275d1 C:\WINDOWS\system32\dllcache\lsass.exe
2006-03-02 14:00 15360 cbfa30492d70ce3938d8a7783d0c0436 C:\WINDOWS\system32\ctfmon.exe
2006-03-02 14:00 15360 cbfa30492d70ce3938d8a7783d0c0436 C:\WINDOWS\system32\dllcache\ctfmon.exe
.
((((((((((((((((((((((((((((( snapshot_2008-06-16_21.47.00.54 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-16 19:44:34 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-18 19:22:42 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2004-08-03 21:59:54 49,536 ----a-w C:\WINDOWS\system32\drivers\cdrom.sys
+ 2004-08-03 20:59:54 49,536 ----a-w C:\WINDOWS\system32\drivers\cdrom.sys
- 2004-08-03 22:00:16 41,856 ----a-w C:\WINDOWS\system32\drivers\imapi.sys
+ 2004-08-03 21:00:16 41,856 ----a-w C:\WINDOWS\system32\drivers\imapi.sys
- 2004-08-03 22:15:22 140,928 ----a-w C:\WINDOWS\system32\drivers\ks.sys
+ 2004-08-03 21:15:22 140,928 ----a-w C:\WINDOWS\system32\drivers\ks.sys
- 2004-08-03 23:35:34 58,624 ----a-w C:\WINDOWS\system32\drivers\redbook.sys
+ 2004-08-03 22:35:34 58,624 ----a-w C:\WINDOWS\system32\drivers\redbook.sys
- 2004-08-03 22:08:44 57,600 ----a-w C:\WINDOWS\system32\drivers\usbhub.sys
+ 2004-08-03 21:08:44 57,600 ----a-w C:\WINDOWS\system32\drivers\usbhub.sys
- 2006-03-02 12:00:00 47,616 ----a-w C:\WINDOWS\system32\iyuv_32.dll
+ 2004-08-03 22:44:02 47,616 ----a-w C:\WINDOWS\system32\iyuv_32.dll
- 2004-08-03 23:44:02 4,096 ----a-w C:\WINDOWS\system32\ksuser.dll
+ 2004-08-03 22:44:02 4,096 ----a-w C:\WINDOWS\system32\ksuser.dll
- 2006-03-02 12:00:00 294,912 ----a-w C:\WINDOWS\system32\msh263.drv
+ 2004-08-03 22:44:32 294,912 ----a-w C:\WINDOWS\system32\msh263.drv
- 2006-03-02 12:00:00 17,408 ----a-w C:\WINDOWS\system32\msyuv.dll
+ 2004-08-03 22:44:06 17,408 ----a-w C:\WINDOWS\system32\msyuv.dll
- 2006-03-02 12:00:00 8,192 ----a-w C:\WINDOWS\system32\tsbyuv.dll
+ 2001-10-26 15:29:46 8,192 ----a-w C:\WINDOWS\system32\tsbyuv.dll
- 2004-08-03 23:44:14 54,784 ----a-w C:\WINDOWS\system32\vfwwdm32.dll
+ 2004-08-03 22:44:14 54,784 ----a-w C:\WINDOWS\system32\vfwwdm32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
2008-04-25 18:22 62728 --a------ C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2007-11-14 12:54 2131392]
"Zinio DLM"="C:\Program Files\Zinio\ZinioDeliveryManager.exe" [2006-12-13 19:47 1003590]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 14:00 15360]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 04:10 55824 C:\WINDOWS\KHALMNPR.Exe]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-03 05:46 13529088]
"nwiz"="nwiz.exe" [2008-05-03 05:46 1630208 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-05-03 05:46 86016]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2008-04-25 18:21 201992]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 14:00 15360]
C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-12-09 19:34:26 67128]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-01-09 20:25:44 784912]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll 2007-11-15 11:10 72208 c:\Program Files\Common Files\Logitech\Bluetooth\LBTWLgn.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\Ubisoft\\Tom Clancy's Rainbow Six Vegas 2\\Binaries\\R6Vegas2_Game.exe"=
"C:\\Program Files\\Ubisoft\\Tom Clancy's Rainbow Six Vegas 2\\Binaries\\R6Vegas2_Launcher.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\Documents and Settings\\All Users\\Dane aplikacji\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 2009\\Polish\\setup.exe"=
R0 klbg;Kaspersky Lab Boot Guard Driver;C:\WINDOWS\system32\drivers\klbg.sys [2008-01-29 18:29]
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2006-03-02 14:00]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;C:\WINDOWS\system32\DRIVERS\klfltdev.sys [2008-03-13 19:02]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2008-03-25 20:07]
S3 gdrv;gdrv;C:\WINDOWS\gdrv.sys [2007-11-24 03:16]
S3 ggflt;SEMC USB Flash Driver Filter;C:\WINDOWS\system32\DRIVERS\ggflt.sys [2008-02-01 21:51]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-05-03 00:36]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dced33cf-9a1f-11dc-b1d8-806d6172696f}]
\Shell\AutoRun\command - D:\autorun.exe
*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-06-13 15:52:04 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2008\OneClick.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-18 21:25:32
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-06-18 21:26:20
ComboFix-quarantined-files.txt 2008-06-18 19:26:01
ComboFix2.txt 2008-06-16 19:47:15
ComboFix3.txt 2008-06-12 20:51:17
Pre-Run: 13,891,002,368 bajtów wolnych
Post-Run: 13,879,074,816 bajtów wolnych
225
Hijackthis :
- Kod: Zaznacz wszystko
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:35:44, on 2008-06-18
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://onet.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [Zinio DLM] C:\Program Files\Zinio\ZinioDeliveryManager.exe /autostart
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: Statystyki ochrony WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O16 - DPF: {30A3CCA5-F34C-4E87-BB57-5A2F2C935E14} (AMI DicomDir TreeView Control 2.0) - file://F:\CDVIEWER\CdViewer.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
--
End of file - 6865 bytes
