1. Logfile of Trend Micro HijackThis v2.0.2 2. Scan saved at 22:04:31, on 2007-11-20 3. Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) 4. MSIE: Internet Explorer v7.00 (7.00.6000.16544) 5. Boot mode: Normal 6. 7. Running processes: 8. C:\WINDOWS\System32\smss.exe 9. C:\WINDOWS\system32\winlogon.exe 10. C:\WINDOWS\system32\services.exe 11. C:\WINDOWS\system32\lsass.exe 12. C:\WINDOWS\system32\svchost.exe 13. C:\WINDOWS\System32\svchost.exe 14. C:\Program Files\Intel\Wireless\Bin\EvtEng.exe 15. C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe 16. C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe 17. C:\WINDOWS\Explorer.EXE 18. C:\WINDOWS\system32\spoolsv.exe 19. C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe 20. C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE 21. C:\Program Files\Eset\nod32krn.exe 22. C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe 23. C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe 24. C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe 25. C:\WINDOWS\system32\svchost.exe 26. C:\WINDOWS\ATK0100\HControl.exe 27. C:\WINDOWS\system32\igfxtray.exe 28. C:\WINDOWS\system32\hkcmd.exe 29. C:\Program Files\Synaptics\SynTP\SynTPLpr.exe 30. C:\Program Files\Synaptics\SynTP\SynTPEnh.exe 31. C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe 32. C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe 33. C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe 34. C:\WINDOWS\ATK0100\ATKOSD.exe 35. C:\Program Files\Eset\nod32kui.exe 36. C:\Program Files\Java\j2re1.4.2_10\bin\jusched.exe 37. C:\WINDOWS\system32\ctfmon.exe 38. C:\Program Files\PLANET WL-U356A\PLANET\WlanUtil.exe 39. C:\Program Files\ASUS\Asus ChkMail\ChkMail.exe 40. C:\Program Files\Outlook Express\msimn.exe 41. C:\Program Files\Gadu-Gadu\gg.exe 42. C:\PROGRA~1\MOZILL~1\FIREFOX.EXE 43. C:\Program Files\Trend Micro\HijackThis\HijackThis.exe 44. 45. R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 46. R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://v4.windowsupdate.microsoft.com/ 47. R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 48. R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 49. R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 50. R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 51. R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 52. R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza 53. R3 - URLSearchHook: Multi_Media - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media\tbMul1.dll 54. O1 - Hosts: 212.150.54.250 dv-networks.com 55. O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll 56. O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll 57. O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll 58. O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll 59. O2 - BHO: Multi_Media - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media\tbMul1.dll 60. O3 - Toolbar: Multi_Media - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media\tbMul1.dll 61. O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) 62. O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll 63. O4 - HKLM…\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe 64. O4 - HKLM…\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe 65. O4 - HKLM…\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe 66. O4 - HKLM…\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe 67. O4 - HKLM…\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe 68. O4 - HKLM…\Run: [intelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless 69. O4 - HKLM…\Run: [EOUApp] C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe 70. O4 - HKLM…\Run: [ASUS Live Update] C:\Program Files\ASUS\ASUS Live Update\ALU.exe 71. O4 - HKLM…\Run: [soundMan] SOUNDMAN.EXE 72. O4 - HKLM…\Run: [RemoteControl] “C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe” 73. O4 - HKLM…\Run: [NB Probe] C:\Program Files\ASUS\NB Probe\NBProbe.exe 74. O4 - HKLM…\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe 75. O4 - HKLM…\Run: [nod32kui] “C:\Program Files\Eset\nod32kui.exe” /WAITSERVICE 76. O4 - HKLM…\Run: [sunJavaUpdateSched] “C:\Program Files\Java\j2re1.4.2_10\bin\jusched.exe” 77. O4 - HKLM…\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe 78. O4 - HKCU…\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe 79. O4 - HKCU…\Run: [uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S 80. O4 - HKCU…\Run: [swg] C:\WINDOWS\system32\regsvr32.exe 81. O4 - HKCU…\Run: [spyBrowser] “C:\Program Files\SpyBro\SpyBro.exe” /autostart 82. O4 - HKCU…\Run: [skype] “C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized 83. O4 - HKCU…\Run: [MsnMsgr] “C:\Program Files\MSN Messenger\MsnMsgr.Exe” /background 84. O4 - HKCU…\RunOnce: [FFTI] C:\Documents and Settings\www\Dane aplikacji\Mozilla\Firefox\Profiles\m4rp4ay1.default\extensions{B13721C7-F507-4982-B2E5-502A71474FED}\ffti.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART /DestPath=“C:\Documents and Settings\www\Dane aplikacji\Mozilla\Firefox\Profiles/m4rp4ay1.default\extensions{B13721C7-F507-4982-B2E5-502A71474FED}” 85. O4 - HKUS\S-1-5-19…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘USŁUGA LOKALNA’) 86. O4 - HKUS\S-1-5-20…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘USŁUGA SIECIOWA’) 87. O4 - HKUS\S-1-5-18…\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User ‘SYSTEM’) 88. O4 - HKUS.DEFAULT…\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User ‘Default user’) 89. O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe 90. O4 - Startup: Zapu.lnk = C:\Program Files\Zapu\Zapu\wDivi.exe 91. O4 - Startup: Zapu Acceleration Engine.lnk = C:\Program Files\Zapu\Zapu\wincm.exe 92. O4 - Global Startup: PLANET WL-U356A Utility.lnk = C:\Program Files\PLANET WL-U356A\PLANET\WlanUtil.exe 93. O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe 94. O4 - Global Startup: ASUS ChkMail.lnk = C:\Program Files\ASUS\Asus ChkMail\ChkMail.exe 95. O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredi … p=ZNfox000 96. O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 97. O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_10\bin\npjpi142_10.dll 98. O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_10\bin\npjpi142_10.dll 99. O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com 100. O17 - HKLM\System\CCS\Services\Tcpip…{A3F8DB91-EBCB-4DE1-B1BC-5FF54C6B9260}: NameServer = 194.204.159.1,194.204.152.34 101. O17 - HKLM\System\CCS\Services\Tcpip…{AD1A7A84-7AEB-47C3-A5E7-1F65145A78B9}: NameServer = 194.204.159.1,194.204.152.34 102. O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL 103. O18 - Filter hijack: text/html - (no CLSID) - (no file) 104. O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe 105. O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe 106. O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe 107. O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe 108. O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe 109. O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe 110. O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe 111. O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe 112. O23 - Service: OwnershipProtocol - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe 113. O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe 114. O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe 115. O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe 116. O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe 117. O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe 118. O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe 119. 120. – 121. End of file - 9371 bytes 122. Log z combofix ComboFix 07-11-19.3 - www 2007-11-21 20:24:06.1 - FAT32x86 Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1045.18.200 [GMT 1:00] Running from: C:\Documents and Settings\www\Pulpit\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Program Files\FunWebProducts C:\Program Files\MyWebSearch C:\Program Files\MyWebSearch\bar\History\search2 C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat . ((((((((((((((((((((((((( Files Created from 2007-10-21 to 2007-11-21 ))))))))))))))))))))))))))))))) . 2007-11-20 23:12 2007-11-20 23:12 2007-11-20 22:54 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl 2007-11-20 22:03 2007-11-06 08:36 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx 2007-11-05 21:06 2007-11-05 21:06 2007-11-05 21:06 2007-11-05 21:06 2007-11-04 22:29 2007-10-30 21:40 2007-10-30 21:40 2007-10-29 23:30 298,104 --a------ C:\WINDOWS\system32\imon.dll 2007-10-29 22:33 2007-10-25 14:09 2007-10-25 13:03 2007-10-21 21:46 2007-10-21 21:45 23 --a------ C:\WINDOWS\system32\drivers\verfile.tic . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-10-29 22:33 512,096 ----a-w C:\WINDOWS\system32\drivers\amon.sys 2007-10-29 22:33 15,424 ----a-w C:\WINDOWS\system32\drivers\nod32drv.sys 2007-10-25 16:44 8,488,960 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll 2007-10-21 20:58 606,848 ----a-w C:\WINDOWS\flashax.exe 2007-10-21 20:58 503,808 ----a-w C:\WINDOWS\Asus_A6_ScreenSaver.scr 2007-10-21 20:58 12,288 ----a-w C:\WINDOWS\impborl.dll 2007-10-21 20:46 17,056 ----a-w C:\WINDOWS\system32\drivers\AegisP.sys 2007-10-20 09:16 --------- d-----w C:\Program Files\Spyware Doctor 2007-10-20 09:14 15,435,920 ----a-w C:\Program Files\sdstart.exe 2007-10-16 11:15 --------- d-----w C:\Program Files\Realtek AC97 2007-10-16 11:05 --------- d-----w C:\Program Files\WDM_A399 2007-10-15 19:28 --------- d-----w C:\Program Files\AMDAGP 2007-10-15 19:27 624,544 ----a-w C:\Program Files\AMD-533-W2KXP.EXE 2007-10-14 07:27 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\TEMP 2007-10-14 07:24 2,273,552 ----a-w C:\Program Files\au.exe 2007-10-13 20:05 --------- d-----w C:\Program Files\ASUSTeK 2007-10-13 19:50 --------- d-----w C:\Program Files\Realtek Sound Manager 2007-10-13 19:50 --------- d-----w C:\Program Files\AvRack 2007-10-08 22:11 --------- d-----w C:\Program Files\Gadu-Gadu 2007-10-07 19:57 --------- d-----w C:\Program Files\MIKSOFT 2007-10-04 16:11 29,000 ----a-w C:\WINDOWS\system32\drivers\kcom.sys 2007-10-04 16:10 79,688 ----a-w C:\WINDOWS\system32\drivers\iksyssec.sys 2007-10-04 16:10 62,280 ----a-w C:\WINDOWS\system32\drivers\iksysflt.sys 2007-10-04 16:10 41,288 ----a-w C:\WINDOWS\system32\drivers\ikfilesec.sys 2007-09-06 20:50 18,895,728 ----a-w C:\Program Files\Install_Messenger.exe 2007-09-06 11:09 801,144 ----a-w C:\WINDOWS\system32\aswBoot.exe 2007-09-06 11:00 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr 2007-08-21 07:18 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll 2007-08-21 07:18 683,520 ----a-w C:\WINDOWS\system32\dllcache\inetcomm.dll 2007-05-23 11:58 522,682 ----a-w C:\Program Files\aspi_471a2.exe 2007-04-27 19:32 14,993,976 ----a-w C:\Program Files\Google_Earth_AZXD.exe 2007-01-29 16:11 3,534,076 ----a-w C:\Program Files\eMule0.47c-Installer.exe 2006-12-16 13:32 1,410,680 ----a-w C:\Program Files\install_flash_player.exe 2006-05-31 18:24 3,833,344 ----a-w C:\Program Files\ow32enen854.exe 2006-04-14 20:45 6,200,832 ----a-w C:\Program Files\sp830_win2000_5.4b.exe 2006-04-14 14:09 2,855,080 ----a-w C:\Program Files\aawsepersonal.exe 2005-12-26 11:01 243,512 ----a-w C:\Program Files\jre-1_5_0_06-windows-i586-p-iftw.exe 2005-10-12 09:33 3,751,820 ----a-w C:\Program Files\gg70.exe 2004-12-02 21:26 557,735 ----a-w C:\Program Files\AMRcon13-setup.exe 2007-03-25 20:35 3,140 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys 2007-03-25 20:35 88 --sh–r C:\WINDOWS\system32\941CA679E3.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “ctfmon.exe”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-04 13:00] “Uniblue RegistryBooster 2”=“C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe” [] “swg”=“C:\WINDOWS\system32\regsvr32.exe” [2004-08-04 13:00] “SpyBrowser”=“C:\Program Files\SpyBro\SpyBro.exe” [] “Skype”=“C:\Program Files\Skype\Phone\Skype.exe” [2007-03-30 13:47] “MsnMsgr”=“C:\Program Files\MSN Messenger\MsnMsgr.exe” [2007-01-19 12:54] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] “FFTI”=“C:\Documents and Settings\www\Dane aplikacji\Mozilla\Firefox\Profiles\m4rp4ay1.default\extensions{B13721C7-F507-4982-B2E5-502A71474FED}\ffti.exe” [2007-03-30 13:31] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “HControl”=“C:\WINDOWS\ATK0100\HControl.exe” [2004-11-03 08:48] “IgfxTray”=“C:\WINDOWS\system32\igfxtray.exe” [2004-09-15 17:02] “HotKeysCmds”=“C:\WINDOWS\system32\hkcmd.exe” [2004-09-15 17:02] “SynTPLpr”=“C:\Program Files\Synaptics\SynTP\SynTPLpr.exe” [2004-12-16 05:55] “SynTPEnh”=“C:\Program Files\Synaptics\SynTP\SynTPEnh.exe” [2004-12-16 05:55] “IntelWireless”=“C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe” [2004-08-06 16:48] “EOUApp”=“C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe” [2004-08-06 16:52] “ASUS Live Update”=“C:\Program Files\ASUS\ASUS Live Update\ALU.exe” [2003-09-19 12:54] “SoundMan”=“SOUNDMAN.EXE” [2004-12-16 15:19 C:\WINDOWS\soundman.exe] “RemoteControl”=“C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe” [2004-11-02 20:24] “NB Probe”=“C:\Program Files\ASUS\NB Probe\NBProbe.exe” [2004-12-08 10:09] “NeroFilterCheck”=“C:\WINDOWS\system32\NeroCheck.exe” [2001-07-09 11:50] “nod32kui”=“C:\Program Files\Eset\nod32kui.exe” [2007-10-29 23:33] “SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe” [2007-09-25 01:11] “avast!”=“C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [2007-09-06 12:06] [HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] “Picasa Media Detector”=“C:\Program Files\Picasa2\PicasaMediaDetector.exe” [2007-09-28 03:17] “CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE” [2004-08-04 13:00] C:\Documents and Settings\www\Menu Start\Programy\Autostart\ Picture Motion Browser Media Check Tool.lnk - C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2007-05-13 22:02:25] C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\ PLANET WL-U356A Utility.lnk - C:\Program Files\PLANET WL-U356A\PLANET\WlanUtil.exe [2006-11-17 09:34:01] Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2007-11-04 23:42:16] ASUS ChkMail.lnk - C:\Program Files\ASUS\Asus ChkMail\ChkMail.exe [2005-08-15 05:48:17] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] “NoInstrumentation”= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless] C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 2004-08-06 16:48 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice] @="" R0 rmedia;Ricoh MediaCard Driver;C:\WINDOWS\system32\DRIVERS\rmedia.sys R3 Cam5603C;BisonCam, USB2.0;C:\WINDOWS\system32\Drivers\Bs350u2.sys R3 ZD1211U(PLANET Technology Corp.);PLANET WL-U356A Driver(PLANET Technology Corp.);C:\WINDOWS\system32\DRIVERS\zd1211u.sys S3 AMDPCI;AMDPCI;??\C:\DOCUME~1\www\USTAWI~1\Temp\AMDPCI.sys S3 Asushwio;Asushwio;??\C:\WINDOWS\system32\drivers\Asushwio.sys S3 ATMEL FVNETusbASKEY (AR)®;ATMEL FVNETusbASKEY (AR)® Service for IEEE 802.11b Wireless LAN USB Card ®;C:\WINDOWS\system32\DRIVERS\vnetusbk.sys S3 BTNetFilter;Bluetooth Network Filter;??\C:\Program Files\IVT Corporation\BlueSoleil\Device\Win2k\BTNetFilter.sys S3 ids00026;ids00026;??\C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Anti-Virus Personal\5.0\bases\ids00026.sys S3 ids0005c;ids0005c;??\C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Anti-Virus Personal\5.0\bases\ids0005c.sys S3 ids00118;ids00118;??\C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Anti-Virus Personal\5.0\bases\ids00118.sys S3 klstm;klstm;??\C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Anti-Virus Personal\5.0\bases\klstm.sys S3 PCASp50;PCASp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\PCASp50.sys S3 SEM43XX;Sony Ericsson 802.11 sterownik sieciowego adaptera SEM43XX;C:\WINDOWS\system32\DRIVERS\semwl5.sys S3 SEMWModem;Sony Ericsson SEMWModem;C:\WINDOWS\system32\DRIVERS\GCXX.sys S3 SEMWWNIC;Sony Ericsson SEMWWNIC;C:\WINDOWS\system32\DRIVERS\GCXXNet.sys S3 Sony_EricssonWWSC;Sony Ericsson SIM Card Reader;C:\WINDOWS\system32\DRIVERS\GCXXSC.sys S3 Video3D;ASUS Video3D Service;C:\WINDOWS\system32\Drivers\Video3D.sys *Newly Created Service* - CATCHME . ************************************************************************** catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-11-21 20:25:44 Windows 5.1.2600 Dodatek Service Pack 2 FAT NTAPI scanning hidden processes … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-11-21 20:26:10 . — E O F —