ComboScan v20070306.20 run by griszk@ on 2007-03-21 at 10:12:42 Computer is in Normal Mode. -------------------------------------------------------------------------------- – HijackThis (run as griszk@.exe) --------------------------------------------- Logfile of HijackThis v1.99.1 Scan saved at 10:12:55, on 2007-03-21 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\SYSTEM32\RUNDLL2000.EXE C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system\REM0REG.EXE C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\system32\Svchost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\3076\zghkegj.exe C:\WINDOWS\Explorer.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe C:\Program Files\Common Files\Onet.pl\AutoUpdate.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\3076\tkckikk.exe C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe C:\Program Files\Gadu-Gadu\gg.exe C:\Program Files\Skype\Phone\Skype.exe C:\WINDOWS\system32\MSRundll.exe C:\WINDOWS\system32\DirectX\yheefhi.exe C:\Program Files\Common Files\Teleca Shared\Generic.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe C:\Documents and Settings\griszk@\Pulpit\Look2Me-Destroyer.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Documents and Settings\griszk@\Pulpit\comboscan.exe C:\PROGRA~1\HIJACK~1\griszk@.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.kzdh.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://caiyi8.com F2 - REG:system.ini: Shell=Explorer.exe realshed.exe O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O2 - BHO: TBSB04694 - {F943309C-4AF4-4D85-8064-FD20184B99EA} - C:\PROGRA~1\AB12~1\cneqiso.dll O3 - Toolbar: ??? - {5558D3F3-87EB-4335-BE71-C6E8E468D166} - C:\Program Files\Ň»ĆđËŃ\cneqiso.dll O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM…\Run: [sony Ericsson PC Suite] “C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe” /startoptions O4 - HKLM…\Run: [Onet.pl AutoUpdate] C:\Program Files\Common Files\Onet.pl\AutoUpdate.exe /tsr O4 - HKLM…\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM…\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM…\Run: [system] C:\Program Files\Common Files\System\Updaterun.exe O4 - HKLM…\Run: [tkckikk] C:\WINDOWS\system32\3076\tkckikk.exe O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray O4 - HKCU…\Run: [skype] “C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized O4 - Startup: Yahoo! Widget Engine.lnk = D:\Yahoo! Widget Engine\YahooWidgetEngine.exe O4 - Global Startup: ruango.lnk = ? O4 - Global Startup: WanSo.lnk = ? O4 - Global Startup: yheefh.lnk = C:\WINDOWS\system32\DirectX\yheefhi.exe O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra button: ˛Ć¸»Í¨ - {C1F0024B-8278-4999-B7E6-2718426D9FE6} - C:\Program Files\˛Ć¸»Í¨\caif.dll (file missing) (HKCU) O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: 6CA2043C - Unknown owner - C:\WINDOWS\system32\6CA2043C.EXE (file missing) O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: REM0TE REGISTRY (REM0TEREGISTRY) - Unknown owner - C:\WINDOWS\system\REM0REG.EXE O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe – Files created between 2007-02-21 and 2007-03-21 ----------------------------- 2007-03-20 20:59:20 0 --a------ C:\WINDOWS\system32\apilogs.dll 2007-03-20 16:42:54 46866 --a------ C:\WINDOWS\system32\431174405370.dat<4324DA~1.DAT> 2007-03-20 14:51:12 3968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2007-03-20 14:51:06 0 d-------- C:\Program Files\Grisoft 2007-03-20 11:28:59 46848 --a------ C:\WINDOWS\system32\431174386536.dat<4345C6~1.DAT> 2007-03-20 10:44:03 39 --a------ C:\WINDOWS\system32\ELRZHNVBJPWCJQX.DLL 2007-03-18 21:12:09 0 d-------- C:\Program Files\Ň»ĆđËŃ 2007-03-18 09:12:46 46450 --a------ C:\WINDOWS\system32\431174205553.dat<433ACA~1.DAT> 2007-03-17 14:11:30 17254 --a------ C:\WINDOWS\system32\adfweradfweds3.exe 2007-03-17 14:10:24 45734 --a------ C:\WINDOWS\system32\431174137005.dat<431174~4.DAT> 2007-03-17 14:10:05 25904 --a------ C:\WINDOWS\system32\cdsdf.exe 2007-03-17 14:06:09 242114 --a------ C:\WINDOWS\system32\117413676810.exe<116D21~1.EXE> 2007-03-17 14:02:45 57344 --a------ C:\WINDOWS\g3.exe 2007-03-17 14:01:27 20480 --a------ C:\WINDOWS\system32\11741364862.exe<11A7B6~1.EXE> 2007-03-17 14:00:39 183560 --a------ C:\WINDOWS\system32\11741364231.exe<1197A0~1.EXE> 2007-03-17 14:00:31 67 --a------ C:\WINDOWS\system32\ZSMFBVO.DLL 2007-03-17 14:00:29 1281 --a------ C:\WINDOWS\system32\mPe1aD0J.dll 2007-03-17 14:00:24 375296 --a------ C:\WINDOWS\system32\realshed.exe 2007-03-17 14:00:24 910336 --a------ C:\WINDOWS\system32\ntd11.dll 2007-03-17 13:57:51 445440 --a------ C:\WINDOWS\system32\117413626813.exe<117D2C~1.EXE> 2007-03-17 13:54:56 3712 --a------ C:\WINDOWS\system32\11741360957.exe<119DC0~1.EXE> 2007-03-17 13:42:13 145672 --a------ C:\WINDOWS\system32\117413533113.exe<117413~4.EXE> 2007-03-17 13:42:08 22 --a------ C:\WINDOWS\system32\drivers\MS396.sys 2007-03-17 13:42:08 86016 --a------ C:\WINDOWS\system\REM0REG.EXE 2007-03-17 13:42:06 106496 --a------ C:\WINDOWS\system32\MSa18.exe 2007-03-17 13:42:06 106496 --a------ C:\WINDOWS\system\MFS0FT.DLL 2007-03-17 13:42:06 417792 --a------ C:\WINDOWS\MSf4.dll 2007-03-17 13:42:05 417792 --a------ C:\WINDOWS\system\AV1CAP.dll 2007-03-17 13:42:05 0 d-------- C:\WINDOWS\cursor 2007-03-17 13:40:40 16384 --a------ C:\WINDOWS\system32\msinst.exe 2007-03-17 13:40:39 135168 --a------ C:\WINDOWS\system32\11741352349.exe<117413~3.EXE> 2007-03-17 13:40:15 3712 --a------ C:\WINDOWS\system32\11741352077.exe<117413~1.EXE> 2007-03-17 13:39:48 33280 --a------ C:\WINDOWS\system32\MSRundll.exe 2007-03-17 13:39:48 0 d-------- C:\Program Files\Common Files\Ruango 2007-03-17 13:38:40 0 d-------- C:\Program Files\superutilbar 2007-03-17 13:38:37 278151 --a------ C:\WINDOWS\bar.exe 2007-03-17 13:38:15 57344 --a------ C:\WINDOWS\f2.exe 2007-03-17 13:38:13 38400 -r------- C:\WINDOWS\system32\drivers\fkwld.sys 2007-03-17 13:38:03 0 d-------- C:\Program Files\Common Files\WANSO 2007-03-17 13:34:33 20480 --a------ C:\WINDOWS\system32\11741348712.exe<117413~2.EXE> 2007-03-17 13:33:11 14336 --a------ C:\WINDOWS\system32\6CA2043C.DLL 2007-03-17 13:33:09 20082 --a------ C:\WINDOWS\system32\6CA2043CT.EXE<6CA204~1.EXE> 2007-03-17 12:28:04 45734 --a------ C:\WINDOWS\system32\431174130867.dat<431174~3.DAT> 2007-03-17 11:24:18 15808 --a------ C:\WINDOWS\system32\431174127052.dat<431174~2.DAT> 2007-03-17 10:23:55 179083 --a------ C:\WINDOWS\system32\adfweradfweds4.exe 2007-03-16 22:25:45 45988 --a------ C:\WINDOWS\system32\431174080340.dat<431174~1.DAT> 2007-03-16 20:51:13 0 d-------- C:\Program Files\Common Files\CPUSH 2007-03-16 17:24:40 213284 --a------ C:\WINDOWS\system32\drivers\acpidisk.sys 2007-03-16 17:24:17 179083 --a------ C:\WINDOWS\system32\adfweradfweds7.exe 2007-03-16 17:23:44 92164 --a------ C:\WINDOWS\system32\adfweradfweds6.exe 2007-03-16 17:22:38 20480 --a------ C:\WINDOWS\system32\adfweradfweds1.exe 2007-03-15 10:45:02 89604 --a------ C:\WINDOWS\system32\adfweds2.exe 2007-03-14 12:26:05 204288 --a------ C:\WINDOWS\system32\mopeljjlekn.dll 2007-03-14 12:25:10 44428 --a------ C:\WINDOWS\system32\431173871503.dat<431173~2.DAT> 2007-03-14 10:54:29 183560 --a------ C:\WINDOWS\system32\adfweds5.exe 2007-03-14 10:54:18 179083 --a------ C:\WINDOWS\system32\adfweds4.exe 2007-03-14 09:18:03 179083 --a------ C:\WINDOWS\system32\adfweds3.exe 2007-03-14 09:17:35 111971 --a------ C:\WINDOWS\system32\adfweds1.exe 2007-03-13 19:06:21 20480 --a------ C:\WINDOWS\system32\todayws5.exe 2007-03-13 19:05:11 204288 --a------ C:\WINDOWS\system32\cuhyjymtuex.dll 2007-03-13 16:33:11 204288 --a------ C:\WINDOWS\system32\opfrwwwwokn.dll 2007-03-13 14:21:42 0 d-------- C:\Program Files\Common Files\Skype 2007-03-13 14:21:22 0 d-------- C:\Program Files\Skype 2007-03-13 14:20:51 0 --a------ C:\WINDOWS\ntters.dll 2007-03-13 14:07:43 0 d-------- C:\WINDOWS\system32\MDserivces 2007-03-13 14:07:29 179237 --a------ C:\WINDOWS\system32\todayws3.exe 2007-03-13 14:07:23 89604 --a------ C:\WINDOWS\system32\todayws2.exe 2007-03-13 14:07:15 111976 --a------ C:\WINDOWS\system32\todayws1.exe 2007-03-12 16:09:49 112034 --a------ C:\WINDOWS\system32\ssfwss2.exe 2007-03-12 16:09:28 179237 --a------ C:\WINDOWS\system32\ssfwss1.exe 2007-03-12 16:09:20 36605 --a------ C:\WINDOWS\system32\bdrrdf.dll 2007-03-12 16:09:19 42859 --a------ C:\WINDOWS\system32\fgdfsdf.exe 2007-03-08 20:53:20 190932 --a------ C:\WINDOWS\winlogin.exe 2007-03-08 11:23:32 108106 --a------ C:\WINDOWS\system32\mcdirs1.exe 2007-03-06 14:35:05 26386 --a------ C:\WINDOWS\system32\431173188093.dat<431173~1.DAT> 2007-03-03 18:27:43 65419 --a------ C:\WINDOWS\system32\jjgfst1.exe 2007-03-02 21:03:32 26130 --a------ C:\WINDOWS\system32\ffudf.exe 2007-03-02 18:34:45 655 --a------ C:\WINDOWS\gmer.reg 2007-03-02 18:18:49 80 --a------ C:\WINDOWS\gmer_uninstall.cmd 2007-03-01 21:55:04 0 d------c- C:!KillBox 2007-02-28 21:11:16 42636 --a------ C:\WINDOWS\system32\jsds3utj.dat 2007-02-28 10:13:35 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard 2007-02-27 19:03:51 1 --a------ C:\WINDOWS\system32\index.dat 2007-02-27 18:40:11 23 --a------ C:\WINDOWS\temp.exe 2007-02-27 18:33:05 0 d------c- C:\temp 2007-02-27 11:22:14 0 d-------- C:\WINDOWS\system32\system 2007-02-27 11:22:01 206797 --a------ C:\WINDOWS\system32\12.exe 2007-02-26 20:05:26 285584 --a------ C:\WINDOWS\system32\dufs1.exe 2007-02-26 20:04:03 87535 --a------ C:\WINDOWS\system32\1010s.exe 2007-02-26 20:03:42 244 --a------ C:\WINDOWS\system32\B11E4BF2.dat 2007-02-21 17:26:07 434252 --a------ C:\WINDOWS\system32\Msvcrtd.dll – Find3M Report --------------------------------------------------------------- 2007-03-21 09:53:20 0 d-------- C:\Documents and Settings\griszk@\Dane aplikacji\Skype 2007-03-15 16:40:33 0 d-------- C:\Program Files\Real 2007-03-12 18:33:07 0 d-------- C:\Program Files\Google 2007-03-06 22:14:27 0 d-------- C:\Documents and Settings\griszk@\Dane aplikacji\ppstream 2007-03-06 22:14:12 0 d-------- C:\Program Files\PPStream 2007-02-28 10:14:06 0 d-------- C:\Documents and Settings\griszk@\Dane aplikacji\Lavasoft 2007-02-21 17:26:15 0 d-------- C:\Documents and Settings\griszk@\Dane aplikacji\SmartShopper 2007-02-18 09:15:03 0 d-------- C:\Program Files\DivX 2007-02-17 19:59:24 0 d-------- C:\Program Files\MarBit 2007-02-17 19:13:49 0 d-------- C:\Documents and Settings\griszk@\Dane aplikacji\Media Player Classic 2007-02-17 19:08:55 0 d-------- C:\Documents and Settings\griszk@\Dane aplikacji\Real 2007-02-16 22:34:18 0 d-------- C:\Program Files\Ski Jump International 2007-02-16 17:21:00 10752 --a------ C:\WINDOWS\system32\ff_vfw.dll 2007-02-16 11:23:35 0 d-------- C:\Documents and Settings\griszk@\Dane aplikacji\Apple Computer 2007-02-16 11:23:15 0 d–h----- C:\Program Files\InstallShield Installation Information 2007-02-16 11:22:57 0 d-------- C:\Program Files\QuickTime 2007-02-02 23:07:44 0 d-------- C:\Documents and Settings\griszk@\Dane aplikacji\Azureus 2007-02-02 19:42:40 65448 --a------ C:\Documents and Settings\griszk@\Dane aplikacji\GDIPFONTCACHEV1.DAT 2007-02-01 05:56:06 639066 --a------ C:\WINDOWS\system32\divx.dll 2007-01-31 18:32:46 0 d-------- C:\Program Files\BearShare 2007-01-30 06:03:42 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll 2007-01-30 06:03:28 200704 --a------ C:\WINDOWS\system32\ssldivx.dll 2007-01-30 06:03:28 1044480 --a------ C:\WINDOWS\system32\libdivx.dll 2007-01-30 05:56:58 196608 --a------ C:\WINDOWS\system32\dtu100.dll 2007-01-30 05:56:58 73728 --a------ C:\WINDOWS\system32\dpl100.dll 2007-01-28 22:59:22 0 d-------- C:\Program Files\Yahoo! 2007-01-28 21:32:14 0 d-------- C:\Program Files\Ahead 2007-01-28 21:30:02 0 d-------- C:\Program Files\ffdshow 2007-01-25 20:39:40 0 d-------- C:\Program Files\Mozilla Firefox 2007-01-21 23:12:37 0 d-------- C:\Program Files\Common Files\Onet.pl 2007-01-21 23:12:25 0 d-------- C:\Documents and Settings\griszk@\Dane aplikacji\Onet 2007-01-21 23:12:25 0 d-------- C:\Documents and Settings\griszk@\Dane aplikacji\MozillaControl 2007-01-21 23:12:22 0 d-------- C:\Documents and Settings\griszk@\Dane aplikacji\Listonosz 2007-01-21 23:12:21 0 d-------- C:\Documents and Settings\griszk@\Dane aplikacji\AutoUpdate 2007-01-20 21:26:06 1565480 --a------ C:\WINDOWS\system32\wmv9vcm.dll 2007-01-15 18:32:07 689280 --a------ C:\WINDOWS\system32\aswBoot.exe 2007-01-15 18:23:20 90112 --a------ C:\WINDOWS\system32\AVASTSS.scr 2007-01-11 14:21:45 439528 --a----c- C:\WINDOWS\system32\perfh015.dat 2007-01-11 14:21:45 68450 --a----c- C:\WINDOWS\system32\perfc015.dat 2006-12-25 14:15:07 2938 --a----c- C:\WINDOWS\mozver.dat 2006-12-23 22:30:58 28672 --a------ C:\WINDOWS\kmouse32.dll 2006-12-23 22:30:57 4557470 --a------ C:\WINDOWS\WISŁA_6.exe 2006-12-23 22:30:52 86568 --a------ C:\WINDOWS\WISŁA_6.scr – Registry Dump --------------------------------------------------------------- [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] “Gadu-Gadu”="“C:\Program Files\Gadu-Gadu\gg.exe” /tray" “Skype”="“C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] “NvCplDaemon”=“RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup” @="" “Sony Ericsson PC Suite”="“C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe” /startoptions" “Onet.pl AutoUpdate”=“C:\Program Files\Common Files\Onet.pl\AutoUpdate.exe /tsr” “avast!”=“C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” “KernelFaultCheck”=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\ 65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b,00 “System”=“C:\Program Files\Common Files\System\Updaterun.exe” “tkckikk”=“C:\WINDOWS\system32\3076\tkckikk.exe” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL] “Installed”=“1” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI] “Installed”=“1” “NoChange”=“1” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS] “Installed”=“1” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks] “{57B86673-276A-48B2-BAE7-C6DBB3020EB8}”=“AVG Anti-Spyware 7.5” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] “DisableTaskMgr”=dword:00000000 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] “DisableTaskMgr”=dword:00000000 “NoDispAppearancePage”=dword:00000000 “NoColorChoice”=dword:00000000 “NoSizeChoice”=dword:00000000 “NoDispBackgroundPage”=dword:00000000 “NoDispScrSavPage”=dword:00000000 “NoDispCPL”=dword:00000000 “NoVisualStyleChoice”=dword:00000000 “NoDispSettingsPage”=dword:00000000 “DisableRegistryTools”=dword:00000000 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] “NoActiveDesktopChanges”=dword:00000000 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run] “StubPath”=“C:\WINDOWS\NETSVR32.EXE” [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] “NoActiveDesktop”=dword:00000000 “NoSaveSettings”=dword:00000000 “NoThemesTab”=dword:00000000 “ForceActiveDesktopOn”=dword:00000000 [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] “SecurityProviders”=“msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll” [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] HTTPFilter REG_MULTI_SZ HTTPFilter\0\0 LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService REG_MULTI_SZ DnsCache\0\0 DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0 rpcss REG_MULTI_SZ RpcSs\0\0 imgsvc REG_MULTI_SZ StiSvc\0\0 termsvcs REG_MULTI_SZ TermService\0\0 WmdmPMD REG_MULTI_SZ WmdmPMD\0 [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2{70237cf1-1d61-11db-b9db-00138f291aa7}] Shell\AutoRun\command G:\Autorun.exe [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2{8e2a953c-82cc-11db-bb23-00138f291aa7}] Shell\AutoRun\command F:\autorun.exe – End of ComboScan: finished at 2007-03-21 at 10:13:25 ------------------------ “Silent Runners.vbs”, revision R50, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by “{++}” Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “Gadu-Gadu” = ““C:\Program Files\Gadu-Gadu\gg.exe” /tray” [“Gadu-Gadu Sp. z oo”] “Skype” = ““C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized” [“Skype Technologies S.A.”] HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ {++} “StubPath” = “C:\WINDOWS\NETSVR32.EXE” [file not found] HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “NvCplDaemon” = “RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup” [MS] “(Default)” = “(empty string)” [file not found] “Sony Ericsson PC Suite” = ““C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe” /startoptions” [“Sony Ericsson Mobile Communications AB”] “Onet.pl AutoUpdate” = “C:\Program Files\Common Files\Onet.pl\AutoUpdate.exe /tsr” [“Onet.pl”] “avast!” = “C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [null data] “KernelFaultCheck” = “C:\WINDOWS\system32\dumprep 0 -k” “System” = “C:\Program Files\Common Files\System\Updaterun.exe” [file not found] “tkckikk” = “C:\WINDOWS\system32\3076\tkckikk.exe” [null data] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}(Default) = (no title provided) -> {HKLM…CLSID} = “SSVHelper Class” \InProcServer32(Default) = “C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll” [“Sun Microsystems, Inc.”] {F943309C-4AF4-4D85-8064-FD20184B99EA}(Default) = “TBSB04694” -> {HKLM…CLSID} = “TBSB04694 Class” \InProcServer32(Default) = “C:\PROGRA~1\AB12~1\cneqiso.dll” [empty string] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ “{42071714-76d4-11d1-8b24-00a0c9068ff3}” = “Rozszerzenie CPL kadrowania wyświetlania” -> {HKLM…CLSID} = “Rozszerzenie CPL kadrowania wyświetlania” \InProcServer32(Default) = “deskpan.dll” [file not found] “{88895560-9AA2-1069-930E-00AA0030EBC8}” = “Rozszerzenie ikony HyperTerminalu” -> {HKLM…CLSID} = “HyperTerminal Icon Ext” \InProcServer32(Default) = “C:\WINDOWS\system32\hticons.dll” [“Hilgraeve, Inc.”] “{A70C977A-BF00-412C-90B7-034C51DA2439}” = “NvCpl DesktopContext Class” -> {HKLM…CLSID} = “DesktopContext Class” \InProcServer32(Default) = “C:\WINDOWS\system32\nvcpl.dll” [“NVIDIA Corporation”] “{FFB699E0-306A-11d3-8BD1-00104B6F7516}” = “Play on my TV helper” -> {HKLM…CLSID} = “NVIDIA CPL Extension” \InProcServer32(Default) = “C:\WINDOWS\system32\nvcpl.dll” [“NVIDIA Corporation”] “{1CDB2949-8F65-4355-8456-263E7C208A5D}” = “Desktop Explorer” -> {HKLM…CLSID} = “Desktop Explorer” \InProcServer32(Default) = “C:\WINDOWS\system32\nvshell.dll” [“NVIDIA Corporation”] “{1E9B04FB-F9E5-4718-997B-B8DA88302A47}” = “Desktop Explorer Menu” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\WINDOWS\system32\nvshell.dll” [“NVIDIA Corporation”] “{1E9B04FB-F9E5-4718-997B-B8DA88302A48}” = “nView Desktop Context Menu” -> {HKLM…CLSID} = “nView Desktop Context Menu” \InProcServer32(Default) = “C:\WINDOWS\system32\nvshell.dll” [“NVIDIA Corporation”] “{32020A01-506E-484D-A2A8-BE3CF17601C3}” = “AlcoholShellEx” -> {HKLM…CLSID} = “AlcoholShellEx” \InProcServer32(Default) = “C:\PROGRA~1\ALCOHO~1\ALCOHO~1\AxShlex.dll” [“Alcohol Soft Development Team”] “{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}” = “Shell Extensions for RealOne Player” -> {HKLM…CLSID} = “RealOne Player Context Menu Class” \InProcServer32(Default) = “C:\Program Files\Real\RealPlayer\rpshell.dll” [“RealNetworks, Inc.”] “{0006F045-0000-0000-C000-000000000046}” = “Microsoft Outlook Custom Icon Handler” -> {HKLM…CLSID} = “Rozszerzenie ikon plików programu Outlook” \InProcServer32(Default) = “C:\Program Files\Microsoft Office\Office10\OLKFSTUB.DLL” [MS] “{42042206-2D85-11D3-8CFF-005004838597}” = “Microsoft Office HTML Icon Handler” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\Program Files\Microsoft Office\Office10\msohev.dll” [MS] “{A5110426-177D-4e08-AB3F-785F10B4439C}” = “Sony Ericsson File Manager” -> {HKLM…CLSID} = “Sony Ericsson File Manager” \InProcServer32(Default) = “C:\Program Files\Sony Ericsson\Mobile2\File Manager\fmgrgui.dll” [“Sony Ericsson Mobile Communications AB”] “{472083B0-C522-11CF-8763-00608CC02F24}” = “avast” -> {HKLM…CLSID} = “avast” \InProcServer32(Default) = “C:\Program Files\Alwil Software\Avast4\ashShell.dll” [“ALWIL Software”] “{A155339D-CCCD-4714-85EB-3754B804C9DF}” = “a-squared Free Context Menu Shell Extension” -> {HKLM…CLSID} = “a-squared Free Context Menu” \InProcServer32(Default) = “D:\A-SQUA~1\A2FREE~1.DLL” [file not found] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\ <> “{57B86673-276A-48B2-BAE7-C6DBB3020EB8}” = “AVG Anti-Spyware 7.5” -> {HKLM…CLSID} = “CShellExecuteHookImpl Object” \InProcServer32(Default) = “C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll” [“Anti-Malware Development a.s.”] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\ <> “Shell” = “Explorer.exe realshed.exe” [MS], [null data] HKLM\System\CurrentControlSet\Control\Session Manager\ <> “BootExecute” = “autocheck autochk *”|“aswBoot.exe /M:6ebcd1b4” [null data] HKLM\Software\Classes\Folder\shellex\ColumnHandlers\ {F9DB5320-233E-11D1-9F84-707F02C10627}(Default) = “PDF Column Info” -> {HKLM…CLSID} = “PDF Shell Extension” \InProcServer32(Default) = “C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll” [“Adobe Systems, Inc.”] HKLM\Software\Classes*\shellex\ContextMenuHandlers\ avast(Default) = “{472083B0-C522-11CF-8763-00608CC02F24}” -> {HKLM…CLSID} = “avast” \InProcServer32(Default) = “C:\Program Files\Alwil Software\Avast4\ashShell.dll” [“ALWIL Software”] AVG Anti-Spyware(Default) = “{8934FCEF-F5B8-468f-951F-78A921CD3920}” -> {HKLM…CLSID} = “CContextScan Object” \InProcServer32(Default) = “C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll” [“Anti-Malware Development a.s.”] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ AVG Anti-Spyware(Default) = “{8934FCEF-F5B8-468f-951F-78A921CD3920}” -> {HKLM…CLSID} = “CContextScan Object” \InProcServer32(Default) = “C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll” [“Anti-Malware Development a.s.”] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ a2FreeContMenu(Default) = “{A155339D-CCCD-4714-85EB-3754B804C9DF}” -> {HKLM…CLSID} = “a-squared Free Context Menu” \InProcServer32(Default) = “D:\A-SQUA~1\A2FREE~1.DLL” [file not found] avast(Default) = “{472083B0-C522-11CF-8763-00608CC02F24}” -> {HKLM…CLSID} = “avast” \InProcServer32(Default) = “C:\Program Files\Alwil Software\Avast4\ashShell.dll” [“ALWIL Software”] HKLM\Software\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\ a2FreeContMenu(Default) = “{A155339D-CCCD-4714-85EB-3754B804C9DF}” -> {HKLM…CLSID} = “a-squared Free Context Menu” \InProcServer32(Default) = “D:\A-SQUA~1\A2FREE~1.DLL” [file not found] Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\ “NoActiveDesktop” = (REG_DWORD) hex:0x00000000 {User Configuration|Administrative Templates|Desktop|Desktop / Active Desktop| Disable Active Desktop} “NoSaveSettings” = (REG_DWORD) hex:0x00000000 {User Configuration|Administrative Templates|Desktop| Don’t save settings at exit} “ClassicShell” = (REG_DWORD) hex:0x00000000 {User Configuration|Administrative Templates|Windows Components|Windows Explorer| Enable Classic Shell / Turn on Classic Shell} “NoThemesTab” = (REG_DWORD) hex:0x00000000 {unrecognized setting} “ForceActiveDesktopOn” = (REG_DWORD) hex:0x00000000 {User Configuration|Administrative Templates|Desktop|Desktop / Active Desktop| Enable Active Desktop} HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\ “NoActiveDesktopChanges” = (REG_DWORD) hex:0x00000000 {unrecognized setting} HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\ “DisableTaskMgr” = (REG_DWORD) hex:0x00000000 {User Configuration|Administrative Templates|System|Ctrl+Alt+Del Options| Remove Task Manager} “NoDispAppearancePage” = (REG_DWORD) hex:0x00000000 {unrecognized setting} “NoColorChoice” = (REG_DWORD) hex:0x00000000 {unrecognized setting} “NoSizeChoice” = (REG_DWORD) hex:0x00000000 {unrecognized setting} “NoDispBackgroundPage” = (REG_DWORD) hex:0x00000000 {User Configuration|Administrative Templates|Control Panel|Display| Hide Desktop tab} “NoDispScrSavPage” = (REG_DWORD) hex:0x00000000 {unrecognized setting} “NoDispCPL” = (REG_DWORD) hex:0x00000000 {User Configuration|Administrative Templates|Control Panel|Display| Remove Display in Control Panel} “NoVisualStyleChoice” = (REG_DWORD) hex:0x00000000 {unrecognized setting} “NoDispSettingsPage” = (REG_DWORD) hex:0x00000000 {unrecognized setting} “DisableRegistryTools” = (REG_DWORD) hex:0x00000000 {User Configuration|Administrative Templates|System| Prevent access to registry editing tools} HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\ “shutdownwithoutlogon” = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Shutdown: Allow system to be shut down without having to log on} “undockwithoutlogon” = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Devices: Allow undock without having to log on} “DisableTaskMgr” = (REG_DWORD) hex:0x00000000 {unrecognized setting} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ “Wallpaper” = “C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp” Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ “Wallpaper” = “C:\Documents and Settings\griszk@\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp” Enabled Screen Saver: --------------------- HKCU\Control Panel\Desktop\ “SCRNSAVE.EXE” = “C:\WINDOWS\WISA_6~1.SCR” (WISŁA_6.scr) [null data] Startup items in “griszk@” & “All Users” startup folders: --------------------------------------------------------- C:\Documents and Settings\griszk@\Menu Start\Programy\Autostart “Yahoo! Widget Engine” -> shortcut to: “D:\Yahoo! Widget Engine\YahooWidgetEngine.exe” [file not found] C:\Documents and Settings\All Users\Menu Start\Programy\Autostart “ruango” -> shortcut to: “C:\WINDOWS\system32\MSRundll.exe C:\PROGRA~1\COMMON~1\Ruango\Player.dll,Always” [MS] “WanSo” -> shortcut to: “C:\WINDOWS\system32\RunDll32.exe C:\PROGRA~1\COMMON~1\WANSO\Player.dll,Always” [MS] “yheefh” -> shortcut to: “C:\WINDOWS\system32\DirectX\yheefhi.exe” [null data] Enabled Scheduled Tasks: ------------------------ “At3” -> launches: “C:\DOCUME~1\griszk@\Pulpit\Look2Me-Destroyer.exe /task” [“Atribune.org”] “vfnAFyyBcggeUiHJyJBH” -> launches: “C:\WINDOWS\system32\3076\zghkegj.exe” [null data] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] 000000000002\LibraryPath = “%SystemRoot%\System32\winrnr.dll” [MS] 000000000003\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 04, 07 - 16 %SystemRoot%\system32\rsvpsp.dll [MS], 05 - 06 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ “{2318C2B1-4965-11D4-9B18-009027A5CD4F}” -> {HKLM…CLSID} = “&Google” \InProcServer32(Default) = “c:\program files\google\googletoolbar4.dll” [“Google Inc.”] “{5558D3F3-87EB-4335-BE71-C6E8E468D166}” -> {HKLM…CLSID} = “???” \InProcServer32(Default) = “C:\Program Files\Ň»ĆđËŃ\cneqiso.dll” [empty string] HKLM\Software\Microsoft\Internet Explorer\Toolbar\ “{5558D3F3-87EB-4335-BE71-C6E8E468D166}” = (no title provided) -> {HKLM…CLSID} = “???” \InProcServer32(Default) = “C:\Program Files\Ň»ĆđËŃ\cneqiso.dll” [empty string] Explorer Bars HKCU\Software\Microsoft\Internet Explorer\Explorer Bars\ {197A85BC-BD97-4404-A702-95E556E4DAEB}(Default) = (no title provided) -> {HKLM…CLSID} = “Kwso” \InProcServer32(Default) = “C:\Program Files\Common Files\WANSO\SoBar.dll” [" “] HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\ {197A85BC-BD97-4404-A702-95E556E4DAEB}(Default) = (no title provided) -> {HKLM…CLSID} = “Kwso” \InProcServer32(Default) = “C:\Program Files\Common Files\WANSO\SoBar.dll” [” "] Extensions (Tools menu items, main toolbar menu buttons) HKCU\Software\Microsoft\Internet Explorer\Extensions\ {C1F0024B-8278-4999-B7E6-2718426D9FE6}\ “ButtonText” = “˛Ć¸»Í¨” “CLSIDExtension” = “{E36884E3-42E9-4A8E-A7F8-6DE700903E5C}” -> {HKLM…CLSID} = “CaiFuCOM Class” \InProcServer32(Default) = “C:\Program Files\˛Ć¸»Í¨\caif.dll” [file not found] HKLM\Software\Microsoft\Internet Explorer\Extensions\ {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ “MenuText” = “Sun Java Console” “CLSIDExtension” = “{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBC}” -> {HKCU…CLSID} = “Java Plug-in 1.5.0_09” \InProcServer32(Default) = “C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll” [“Sun Microsystems, Inc.”] -> {HKLM…CLSID} = “Java Plug-in 1.5.0_09” \InProcServer32(Default) = “C:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll” [“Sun Microsystems, Inc.”] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ avast! Antivirus, avast! Antivirus, ““C:\Program Files\Alwil Software\Avast4\ashServ.exe”” [null data] avast! iAVS4 Control Service, aswUpdSv, ““C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe”” [null data] avast! Mail Scanner, avast! Mail Scanner, ““C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe” /service” [“ALWIL Software”] avast! Web Scanner, avast! Web Scanner, ““C:\Program Files\Alwil Software\Avast4\ashWebSv.exe” /service” [“ALWIL Software”] AVG Anti-Spyware Guard, AVG Anti-Spyware Guard, “C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe” [“Anti-Malware Development a.s.”] Machine Debug Manager, MDM, ““C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE”” [MS] Microsoft Update Service, BKMARKS, “C:\WINDOWS\SYSTEM32\RUNDLL2000.EXE C:\WINDOWS\SYSTEM32\WBEM\PPQYD.DLL,Export 1087” [MS] NVIDIA Display Driver Service, NVSvc, “C:\WINDOWS\system32\nvsvc32.exe” [“NVIDIA Corporation”] Portable Media, WmdmPMD, “C:\WINDOWS\system32\Svchost.exe -k WmdmPMD” {“C:\WINDOWS\system32\MDserivces\services\svchost.dll” [MS]} REM0TE REGISTRY, REM0TEREGISTRY, “C:\WINDOWS\system\REM0REG.EXE” [null data] StarWind iSCSI Service, StarWindService, “C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe” [“Rocket Division Software”] ---------- <>: Suspicious data at a malware launch point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + The search for DESKTOP.INI DLL launch points on all local fixed drives took 131 seconds. ---------- (total run time: 228 seconds) GMER 1.0.12.12086 - http://www.gmer.net Rootkit scan 2007-03-21 10:31:56 Windows 5.1.2600 Dodatek Service Pack 2 ---- Services - GMER 1.0.12 ---- Service .NET CLR Data Service .NET CLR Networking Service .NETFramework Service C:\WINDOWS\system32\6CA2043C.EXE [AUTO] 6CA2043C Service [sYSTEM] Aavmker4 Service [DISABLED] Abiosdsk Service [DISABLED] abp480n5 Service C:\WINDOWS\system32\DRIVERS\ACPI.sys [bOOT] ACPI Service C:\WINDOWS\system32\drivers\acpidisk.sys [AUTO] acpidisk Service [DISABLED] ACPIEC Service [DISABLED] adpu160m Service C:\WINDOWS\system32\drivers\aec.sys [MANUAL] aec Service C:\WINDOWS\System32\drivers\afd.sys [sYSTEM] AFD Service C:\WINDOWS\system32\DRIVERS\agp440.sys [bOOT] agp440 Service [DISABLED] Aha154x Service [DISABLED] aic78u2 Service [DISABLED] aic78xx Service C:\WINDOWS\system32\drivers\ALCXWDM.SYS [MANUAL] ALCXWDM Service C:\WINDOWS\system32\svchost.exe [DISABLED] Alerter Service C:\WINDOWS\System32\alg.exe [MANUAL] ALG Service [DISABLED] AliIde Service [DISABLED] amsint Service C:\WINDOWS\system32\svchost.exe [MANUAL] AppMgmt Service [DISABLED] asc Service [DISABLED] asc3350p Service [DISABLED] asc3550 Service ASP.NET Service ASP.NET_1.1.4322 Service C:\WINDOWS\System32\drivers\aspi32.sys [AUTO] Aspi32 Service C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [MANUAL] aspnet_state Service [AUTO] aswMon2 Service [MANUAL] aswRdr Service [sYSTEM] aswTdi Service C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [AUTO] aswUpdSv Service C:\WINDOWS\system32\DRIVERS\asyncmac.sys [MANUAL] AsyncMac Service C:\WINDOWS\system32\DRIVERS\atapi.sys [bOOT] atapi Service [DISABLED] Atdisk Service C:\WINDOWS\system32\DRIVERS\atmarpc.sys [MANUAL] Atmarpc Service C:\WINDOWS\System32\svchost.exe [AUTO] AudioSrv Service C:\WINDOWS\system32\DRIVERS\audstub.sys [MANUAL] audstub Service C:\Program Files\Alwil Software\Avast4\ashServ.exe [AUTO] avast! Antivirus Service C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [MANUAL] avast! Mail Scanner Service C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [MANUAL] avast! Web Scanner Service C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe [AUTO] AVG Anti-Spyware Guard Service C:\WINDOWS\System32\DRIVERS\AvgAsCln.sys [sYSTEM] AvgAsCln Service C:\WINDOWS\system32\B11E4BF2.EXE [DISABLED] B11E4BF2 Service BattC Service [sYSTEM] Beep Service C:\WINDOWS\system32\svchost.exe [MANUAL] BITS Service C:\WINDOWS\SYSTEM32\RUNDLL2000.EXE [AUTO] BKMARKS Service C:\WINDOWS\system32\svchost.exe [AUTO] Browser Service [DISABLED] cbidf2k Service [DISABLED] cd20xrnt Service [sYSTEM] Cdaudio Service [DISABLED] Cdfs Service C:\DOCUME~1\griszk@\USTAWI~1\Temp\cdiskdun.sys [MANUAL] cdiskdun Service C:\WINDOWS\system32\DRIVERS\cdrom.sys [sYSTEM] Cdrom Service [sYSTEM] Changer Service C:\WINDOWS\system32\cisvc.exe [MANUAL] CiSvc Service C:\WINDOWS\system32\clipsrv.exe [DISABLED] ClipSrv Service [DISABLED] CmdIde Service C:\WINDOWS\system32\dllhost.exe [MANUAL] COMSysApp Service ContentFilter Service ContentIndex Service [DISABLED] Cpqarray Service C:\WINDOWS\system32\svchost.exe [AUTO] CryptSvc Service [DISABLED] dac2w2k Service [DISABLED] dac960nt Service C:\WINDOWS\system32\svchost.exe [AUTO] DcomLaunch Service C:\WINDOWS\system32\svchost.exe [AUTO] Dhcp Service C:\WINDOWS\system32\DRIVERS\disk.sys [bOOT] Disk Service C:\WINDOWS\System32\dmadmin.exe [MANUAL] dmadmin Service C:\WINDOWS\System32\drivers\dmboot.sys [DISABLED] dmboot Service C:\WINDOWS\System32\drivers\dmio.sys [bOOT] dmio Service C:\WINDOWS\System32\drivers\dmload.sys [bOOT] dmload Service C:\WINDOWS\System32\svchost.exe [AUTO] dmserver Service C:\WINDOWS\system32\drivers\DMusic.sys [MANUAL] DMusic Service C:\WINDOWS\system32\svchost.exe [AUTO] Dnscache Service [DISABLED] dpti2o Service C:\WINDOWS\system32\drivers\drmkaud.sys [MANUAL] drmkaud Service System32\Drivers\dtscsi.sys [MANUAL] dtscsi Service C:\WINDOWS\system32\fgdfsdf.exe [AUTO] edfscv Service C:\WINDOWS\system32\services.exe [AUTO] Eventlog Service C:\WINDOWS\system32\svchost.exe [MANUAL] EventSystem Service [DISABLED] Fastfat Service C:\WINDOWS\System32\svchost.exe [MANUAL] FastUserSwitchingCompatibility Service C:\WINDOWS\system32\DRIVERS\fdc.sys [MANUAL] Fdc Service [sYSTEM] Fips Service C:\WINDOWS\system32\drivers\fkwld.sys [sYSTEM] fkwld Service C:\WINDOWS\system32\DRIVERS\flpydisk.sys [MANUAL] Flpydisk Service C:\WINDOWS\system32\DRIVERS\fltMgr.sys [bOOT] FltMgr Service [sYSTEM] Fs_Rec Service C:\WINDOWS\system32\DRIVERS\ftdisk.sys [bOOT] Ftdisk Service C:\WINDOWS\system32\DRIVERS\gameenum.sys [MANUAL] gameenum Service C:\WINDOWS\system32\drivers\GDTdiIcpt.sys [AUTO] GDTdiInterceptor Service C:\WINDOWS\System32\DRIVERS\gmer.sys [MANUAL] gmer Service C:\WINDOWS\system32\DRIVERS\msgpc.sys [MANUAL] Gpc Service C:\WINDOWS\System32\DRIVERS\gvkgaf87.sys [bOOT] gvkgaf87 Service C:\WINDOWS\system32\DRIVERS\hamachi.sys [MANUAL] hamachi Service C:\WINDOWS\System32\svchost.exe [AUTO] helpsvc Service C:\WINDOWS\System32\svchost.exe [DISABLED] HidServ Service C:\WINDOWS\system32\DRIVERS\hidusb.sys [MANUAL] HidUsb Service [DISABLED] hpn Service C:\WINDOWS\System32\Drivers\HTTP.sys [MANUAL] HTTP Service C:\WINDOWS\System32\svchost.exe [MANUAL] HTTPFilter Service [sYSTEM] i2omgmt Service [DISABLED] i2omp Service C:\WINDOWS\system32\DRIVERS\i8042prt.sys [sYSTEM] i8042prt Service C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [MANUAL] IDriverT Service C:\WINDOWS\system32\DRIVERS\imapi.sys [sYSTEM] Imapi Service C:\WINDOWS\system32\imapi.exe [MANUAL] ImapiService Service inetaccs Service [DISABLED] ini910u Service Inport Service C:\WINDOWS\system32\DRIVERS\intelide.sys [bOOT] IntelIde Service C:\WINDOWS\system32\DRIVERS\intelppm.sys [sYSTEM] intelppm Service C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys [MANUAL] Ip6Fw Service C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys [MANUAL] IpFilterDriver Service C:\WINDOWS\system32\DRIVERS\ipinip.sys [MANUAL] IpInIp Service C:\WINDOWS\system32\DRIVERS\ipnat.sys [MANUAL] IpNat Service C:\WINDOWS\system32\DRIVERS\ipsec.sys [sYSTEM] IPSec Service C:\WINDOWS\system32\DRIVERS\irda.sys [AUTO] irda Service C:\WINDOWS\system32\DRIVERS\irenum.sys [MANUAL] IRENUM Service C:\WINDOWS\system32\svchost.exe [AUTO] Irmon Service C:\WINDOWS\system32\DRIVERS\irsir.sys [MANUAL] irsir Service ISAPISearch Service C:\WINDOWS\system32\DRIVERS\isapnp.sys [bOOT] isapnp Service C:\WINDOWS\system32\DRIVERS\k750bus.sys [MANUAL] k750bus Service C:\WINDOWS\system32\DRIVERS\k750mdfl.sys [MANUAL] k750mdfl Service C:\WINDOWS\system32\DRIVERS\k750mdm.sys [MANUAL] k750mdm Service C:\WINDOWS\system32\DRIVERS\k750mgmt.sys [MANUAL] k750mgmt Service C:\WINDOWS\system32\DRIVERS\k750obex.sys [MANUAL] k750obex Service C:\WINDOWS\system32\DRIVERS\kbdclass.sys [sYSTEM] Kbdclass Service C:\WINDOWS\system32\DRIVERS\kbdhid.sys [sYSTEM] kbdhid Service C:\WINDOWS\system32\drivers\kmixer.sys [MANUAL] kmixer Service [bOOT] KSecDD Service C:\WINDOWS\system32\svchost.exe [AUTO] lanmanserver Service C:\WINDOWS\system32\svchost.exe [AUTO] lanmanworkstation Service [sYSTEM] lbrtfdc Service ldap Service LicenseService Service C:\WINDOWS\system32\svchost.exe [AUTO] LmHosts Service C:\WINDOWS\system32\DRIVERS\MA-620.sys [MANUAL] MA-620 Service C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [AUTO] MDM Service C:\WINDOWS\system32\svchost.exe [DISABLED] Messenger Service [sYSTEM] mnmdd Service C:\WINDOWS\system32\mnmsrvc.exe [MANUAL] mnmsrvc Service [MANUAL] Modem Service C:\WINDOWS\system32\DRIVERS\mouclass.sys [sYSTEM] Mouclass Service [bOOT] MountMgr Service [DISABLED] mraid35x Service C:\WINDOWS\system32\DRIVERS\mrxdav.sys [MANUAL] MRxDAV Service C:\WINDOWS\system32\DRIVERS\mrxsmb.sys [sYSTEM] MRxSmb Service C:\WINDOWS\system32\msdtc.exe [MANUAL] MSDTC Service [sYSTEM] Msfs Service C:\WINDOWS\system32\DRIVERS\MSIRCOMM.sys [MANUAL] MSIRCOMM Service C:\WINDOWS\system32\msiexec.exe [MANUAL] MSIServer Service C:\WINDOWS\system32\drivers\MSKSSRV.sys [MANUAL] MSKSSRV Service C:\WINDOWS\system32\drivers\MSPCLOCK.sys [MANUAL] MSPCLOCK Service C:\WINDOWS\system32\drivers\MSPQM.sys [MANUAL] MSPQM Service C:\WINDOWS\system32\drivers\msqmx.sys [AUTO] msqmx Service C:\WINDOWS\system32\DRIVERS\mssmbios.sys [MANUAL] mssmbios Service C:\WINDOWS\system32\drivers\msmpu401.sys [MANUAL] ms_mpu401 Service [bOOT] Mup Service [bOOT] NDIS Service ndisrd Service C:\WINDOWS\system32\DRIVERS\ndistapi.sys [MANUAL] NdisTapi Service C:\WINDOWS\system32\DRIVERS\ndisuio.sys [MANUAL] Ndisuio Service C:\WINDOWS\system32\DRIVERS\ndiswan.sys [MANUAL] NdisWan Service [MANUAL] NDProxy Service C:\WINDOWS\system32\DRIVERS\netbios.sys [sYSTEM] NetBIOS Service C:\WINDOWS\system32\DRIVERS\netbt.sys [MANUAL] NetBT Service C:\WINDOWS\system32\netdde.exe [DISABLED] NetDDE Service C:\WINDOWS\system32\netdde.exe [DISABLED] NetDDEdsdm Service C:\WINDOWS\system32\lsass.exe [MANUAL] Netlogon Service C:\WINDOWS\System32\svchost.exe [MANUAL] Netman Service C:\WINDOWS\system32\svchost.exe [MANUAL] Nla Service [sYSTEM] Npfs Service C:\WINDOWS\system32\npptNT2.sys [sYSTEM] NPPTNT2 Service [DISABLED] Ntfs Service C:\WINDOWS\system32\lsass.exe [MANUAL] NtLmSsp Service C:\WINDOWS\system32\svchost.exe [MANUAL] NtmsSvc Service [sYSTEM] Null Service C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [MANUAL] nv Service C:\WINDOWS\system32\nvsvc32.exe [AUTO] NVSvc Service C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys [MANUAL] NwlnkFlt Service C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys [MANUAL] NwlnkFwd Service Outlook Service C:\WINDOWS\system32\DRIVERS\parport.sys [MANUAL] Parport Service [bOOT] PartMgr Service [AUTO] ParVdm Service C:\WINDOWS\system32\DRIVERS\pci.sys [bOOT] PCI Service [sYSTEM] PCIDump Service [bOOT] PCIIde Service [DISABLED] Pcmcia Service [MANUAL] PDCOMP Service [MANUAL] PDFRAME Service [MANUAL] PDRELI Service [MANUAL] PDRFRAME Service [DISABLED] perc2 Service [DISABLED] perc2hib Service PerfDisk Service PerfNet Service PerfOS Service PerfProc Service C:\WINDOWS\system32\services.exe [AUTO] PlugPlay Service C:\WINDOWS\system32\lsass.exe [AUTO] PolicyAgent Service C:\WINDOWS\system32\DRIVERS\raspptp.sys [MANUAL] PptpMiniport Service C:\WINDOWS\system32\lsass.exe [AUTO] ProtectedStorage Service C:\WINDOWS\system32\DRIVERS\psched.sys [MANUAL] PSched Service C:\WINDOWS\system32\DRIVERS\ptilink.sys [MANUAL] Ptilink Service C:\WINDOWS\System32\Drivers\PxHelp20.sys [bOOT] PxHelp20 Service [DISABLED] ql1080 Service [DISABLED] Ql10wnt Service [DISABLED] ql12160 Service [DISABLED] ql1240 Service [DISABLED] ql1280 Service C:\WINDOWS\system32\DRIVERS\rasacd.sys [sYSTEM] RasAcd