ComboFix 08-07-15.4 - x 2008-09-16 23:04:11.1 - NTFSx86 NETWORK
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.596 [GMT 2:00]
Running from: C:\Documents and Settings\x\Pulpit\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED
.
- REDUCED FUNCTIONALITY MODE -
.
((((((((((((((((((((((((( Files Created from 2008-08-16 to 2008-09-16 )))))))))))))))))))))))))))))))
.
2008-09-16 18:43 . 2008-09-16 18:43
2008-09-16 18:12 . 2008-09-16 19:57 613,626 —hs---- C:\WINDOWS\system32\iwgbanrf.ini
2008-09-16 18:11 . 2008-09-16 23:04 367,595 --ahs---- C:\WINDOWS\system32\MmTBdccf.ini2
2008-09-16 18:11 . 2008-09-16 23:04 367,595 --ahs---- C:\WINDOWS\system32\MmTBdccf.ini
2008-09-16 18:11 . 2008-09-16 18:11 322,816 --a------ C:\WINDOWS\system32\fccdBTmM.dll
2008-09-16 17:10 . 2008-09-16 17:44 143 --a------ C:\WINDOWS\system32\mcrh.tmp
2008-09-16 15:49 . 2008-09-16 15:49
2008-09-16 15:49 . 2008-09-16 15:49
2008-09-16 12:10 . 2008-09-16 17:27 613,907 —hs---- C:\WINDOWS\system32\hirkmcqb.ini
2008-09-16 11:30 . 2008-09-16 17:47 7,229 --ahs---- C:\WINDOWS\system32\hgQpYJlm.ini2
2008-09-16 11:30 . 2008-09-16 17:49 7,229 --ahs---- C:\WINDOWS\system32\hgQpYJlm.ini
2008-09-16 11:24 . 2008-09-16 11:24 33,152 --a------ C:\WINDOWS\system32\khfFWqPf.dll
2008-09-16 11:22 . 2008-07-17 06:24 471,040 --a------ C:\WINDOWS\kgxmotapnwo.dll
2008-09-16 11:22 . 2008-07-17 06:24 372,736 --a------ C:\WINDOWS\kvxqmtre.dll
2008-09-16 11:22 . 2008-07-17 06:24 339,968 --a------ C:\WINDOWS\evgratsm.dll
2008-09-16 11:22 . 2008-07-17 06:24 163,840 --a------ C:\WINDOWS\etqk.exe
2008-09-16 11:22 . 2008-07-17 06:24 159,744 --a------ C:\WINDOWS\qndsfmao.dll
2008-09-16 11:22 . 2008-07-17 06:24 102,400 --a------ C:\WINDOWS\agpqlrfm.exe
2008-09-09 16:02 . 2008-09-09 16:02
2008-09-09 15:21 . 2008-09-09 15:21
2008-08-23 16:00 . 2008-08-29 12:22 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-08-23 16:00 . 2008-08-23 16:00 1,409 --a------ C:\WINDOWS\QTFont.for
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2060-08-18 18:02 1,496,064 ------w C:\WINDOWS\system32\CC3250MT.DLL
2060-08-18 17:40 909,824 ------w C:\WINDOWS\system32\cp3245mt.dll
2060-08-18 17:40 24,064 ------w C:\WINDOWS\system32\borlndmm.dll
2008-09-16 17:57 --------- d-----w C:\Program Files\neostrada tp
2008-09-16 17:57 --------- d-----w C:\Documents and Settings\x\Dane aplikacji\Skype
2008-09-16 15:16 --------- d-----w C:\Documents and Settings\x\Dane aplikacji\DNA
2008-09-16 10:09 --------- d-----w C:\Documents and Settings\x\Dane aplikacji\skypePM
2008-09-16 09:28 --------- d-----w C:\Documents and Settings\x\Dane aplikacji\uTorrent
2008-09-09 14:01 --------- d-----w C:\Program Files\Java
2008-08-22 10:42 --------- d-----w C:\Program Files\Common Files\Adobe
2008-06-20 17:37 246,784 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-02-25 20:29 32 -c–a-w C:\Documents and Settings\All Users\Dane aplikacji\ezsid.dat
2008-03-20 15:42 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\MSHist012008032020080321\index.dat
.
------- Sigcheck -------
2004-08-04 01:44 14336 ba98327e90022dbd6ee76490e0622e2e C:\WINDOWS\ServicePackFiles\i386\svchost.exe
2006-03-02 14:00 14336 ba98327e90022dbd6ee76490e0622e2e C:\WINDOWS\system32\svchost.exe
2004-08-04 01:44 82944 ab82237486b727dd7dab36a76f38a3a2 C:\WINDOWS\ServicePackFiles\i386\ws2_32.dll
2006-03-02 14:00 82944 ab82237486b727dd7dab36a76f38a3a2 C:\WINDOWS\system32\ws2_32.dll
2004-08-04 01:44 504832 0344407089b08548d4feba62bb0f32d0 C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
2006-03-02 14:00 504832 0344407089b08548d4feba62bb0f32d0 C:\WINDOWS\system32\winlogon.exe
2004-08-04 00:14 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\ServicePackFiles\i386\ndis.sys
2006-03-02 14:00 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\system32\drivers\ndis.sys
2004-08-04 00:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\ServicePackFiles\i386\ip6fw.sys
2006-03-02 14:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\system32\drivers\ip6fw.sys
2004-08-04 01:44 108544 3da8d964d2cc12ef8e8c342471a37917 C:\WINDOWS\ServicePackFiles\i386\services.exe
2006-03-02 14:00 108544 3da8d964d2cc12ef8e8c342471a37917 C:\WINDOWS\system32\services.exe
2004-08-04 01:44 13312 f485fefc8cc4fd29243d800be5d275d1 C:\WINDOWS\ServicePackFiles\i386\lsass.exe
2006-03-02 14:00 13312 f485fefc8cc4fd29243d800be5d275d1 C:\WINDOWS\system32\lsass.exe
2004-08-04 01:44 15360 cbfa30492d70ce3938d8a7783d0c0436 C:\WINDOWS\ServicePackFiles\i386\ctfmon.exe
2006-03-02 14:00 15360 cbfa30492d70ce3938d8a7783d0c0436 C:\WINDOWS\system32\ctfmon.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE~\Browser Helper Objects{401086F0-209B-4E07-B4ED-9FB774E3132D}]
2008-07-17 06:24 471040 --a------ C:\WINDOWS\kgxmotapnwo.dll
[HKEY_LOCAL_MACHINE~\Browser Helper Objects{8EA479BF-A910-4B14-8BB1-CD195871F947}]
2008-09-16 11:24 33152 --a------ C:\WINDOWS\system32\khfFWqPf.dll
[HKEY_LOCAL_MACHINE~\Browser Helper Objects{FDF0E7CD-9587-4062-A1A3-9FE1AC54D18D}]
2008-09-16 18:11 322816 --a------ C:\WINDOWS\system32\fccdBTmM.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
“{3C0FFA71-2DBF-491D-84CD-C48738B44FB2}”= “C:\WINDOWS\qndsfmao.dll” [2008-07-17 06:24 159744]
[HKEY_CLASSES_ROOT\clsid{3c0ffa71-2dbf-491d-84cd-c48738b44fb2}]
[HKEY_CLASSES_ROOT\qndsfmao.1]
[HKEY_CLASSES_ROOT\TypeLib{C9F3DBA8-DFF9-44D5-B68C-8B271E23F182}]
[HKEY_CLASSES_ROOT\qndsfmao]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“C:\WINDOWS\system32\ctfmon.exe” [2006-03-02 14:00 15360]
“Gadu-Gadu”=“C:\Program Files\Gadu-Gadu\gg.exe” [2007-11-14 12:54 2131392]
“Skype”=“C:\Program Files\Skype\Phone\Skype.exe” [2008-02-06 19:24 21898024]
“BitTorrent DNA”=“C:\Program Files\DNA\btdna.exe” [2008-05-08 12:24 289088]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“egui”=“C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe” [2007-11-23 22:51 1410304]
“NvCplDaemon”=“C:\WINDOWS\system32\NvCpl.dll” [2007-10-04 18:14 8491008]
“SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe” [2008-06-10 04:27 144784]
“WOOWATCH”=“C:\PROGRA~1\NEOSTR~1\Watch.exe” [2004-08-23 14:49 20480]
“WOOTASKBARICON”=“C:\PROGRA~1\NEOSTR~1\GestMaj.exe” [2004-10-14 16:55 32768]
“HP Software Update”=“C:\Program Files\HP\HP Software Update\HPWuSchd2.exe” [2005-05-12 00:12 49152]
“QuickTime Task”=“C:\Program Files\QuickTime\qttask.exe” [2007-10-19 21:16 286720]
“WinampAgent”=“F:\instalki\winamp\winampa.exe” [2008-01-16 00:54 37376]
“DAEMON Tools”=“F:\temp\DAEMON Tools\daemon.exe” [2005-11-09 00:00 128920]
“Adobe Reader Speed Launcher”=“C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe” [2008-01-11 22:16 39792]
“avgnt”=“C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe” [2008-06-12 14:28 266497]
“SoundMan”=“SOUNDMAN.EXE” [2006-08-03 06:12 577536 C:\WINDOWS\soundman.exe]
“AdslTaskBar”=“stmctrl.dll” [2006-06-02 13:01 151552 C:\WINDOWS\system32\stmctrl.dll]
“nwiz”=“nwiz.exe” [2007-10-04 18:14 1626112 C:\WINDOWS\system32\nwiz.exe]
[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE” [2006-03-02 14:00 15360]
C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-12 00:23:26 282624]
HP Image Zone - szybkie uruchamianie.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2005-05-12 01:49:24 73728]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
“{8EA479BF-A910-4B14-8BB1-CD195871F947}”= “C:\WINDOWS\system32\khfFWqPf.dll” [2008-09-16 11:24 33152]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
“evgratsm”= {DC809CBA-C02D-4B5A-9D01-1BFA4DEC8542} - C:\WINDOWS\evgratsm.dll [2008-07-17 06:24 339968]
“kvxqmtre”= {A2AF7F88-1413-4194-ADEB-94D4C8ABA806} - C:\WINDOWS\kvxqmtre.dll [2008-07-17 06:24 372736]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\khfFWqPf]
2008-09-16 11:24 33152 C:\WINDOWS\system32\khfFWqPf.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
“vidc.ffds”= ffdshow.ax
“msacm.l3codec”= l3codecp.acm
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\system32\fccdBTmM
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nTrayFw]
–a--c— 2005-09-30 15:04 270336 C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nTrayFw.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
“AntiVirusDisableNotify”=dword:00000001
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
“EnableFirewall”= 0 (0x0)
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
“%windir%\system32\sessmgr.exe”=
“C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe”=
“%windir%\Network Diagnostic\xpnetdiag.exe”=
“C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe”=
“C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe”=
“C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe”=
“C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe”=
“C:\Program Files\HP\Digital Imaging\bin\hposid01.exe”=
“C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe”=
“C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe”=
“C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe”=
“C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe”=
“C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe”=
“C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe”=
“C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe”=
“C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe”=
“C:\Program Files\Gadu-Gadu\gg.exe”=
“C:\Program Files\DNA\btdna.exe”=
“C:\Program Files\Internet Explorer\iexplore.exe”=
“E:\fm8\fm.exe”=
“C:\Program Files\uTorrent\uTorrent.exe”=
“C:\Program Files\Skype\Phone\Skype.exe”=
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
“7279:TCP”= 7279:TCP:BitComet 7279 TCP
“7279:UDP”= 7279:UDP:BitComet 7279 UDP
R0 hotcore;hotcore;C:\WINDOWS\system32\drivers\hotcore.sys [2005-02-07 14:43]
R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2007-11-23 22:52]
R3 Stmatm;ATM/ADSL miniport;C:\WINDOWS\system32\DRIVERS\stmatm.sys [2003-08-12 16:51]
R3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]
S3 TaurusUsb;ADSL Modem USB Service;C:\WINDOWS\system32\DRIVERS\torususb.sys [2006-05-25 17:28]
S3 usbscan;Sterownik skanera USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 23:58]
.
BHO-{E58CD3B2-10E4-4C67-B530-A51D765A4540} - C:\WINDOWS\system32\mlJYpQgh.dll
HKCU-Run-Steam - F:\Program Files\Steam\Steam.exe
HKCU-Run-DriverUpdaterPro - C:\Program Files\XPC Tools\Driver Updater Pro\DriverUpdaterPro.exe
HKLM-Run-SpeedTouch USB Diagnostics - C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
HKLM-Run-DelayLoad - C:\DOCUME~1\x\USTAWI~1\Temp\atmadm2.exe
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-16 23:04:33
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\winlogon.exe
- C:\WINDOWS\system32\khfFWqPf.dll
PROCESS: C:\WINDOWS\system32\lsass.exe
- C:\WINDOWS\system32\fccdBTmM.dll
.
Completion time: 2008-09-16 23:05:19
ComboFix-quarantined-files.txt 2008-09-16 21:05:10
Pre-Run: 8,963,588,096 bajtów wolnych
Post-Run: 8,978,825,216 bajtów wolnych
186 — E O F — 2008-09-08 15:14:06
W dniu 17.07.2008 , o godzinie 23:26 został dopisany post przez mo1
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:08: VIRUS ALERT!, on 2008-09-16
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Safe mode
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wm … Ojg5lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = neostrada tp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
O3 - Toolbar: Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: qndsfmao - {3C0FFA71-2DBF-491D-84CD-C48738B44FB2} - C:\WINDOWS\qndsfmao.dll
O4 - HKLM…\Run: [egui] “C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe” /hide /waitservice
O4 - HKLM…\Run: [soundMan] SOUNDMAN.EXE
O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM…\Run: [sunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe”
O4 - HKLM…\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe
O4 - HKLM…\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\GestMaj.exe TaskBarIcon.exe
O4 - HKLM…\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM…\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM…\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime
O4 - HKLM…\Run: [nwiz] nwiz.exe /install
O4 - HKLM…\Run: [WinampAgent] F:\instalki\winamp\winampa.exe
O4 - HKLM…\Run: [DAEMON Tools] “F:\temp\DAEMON Tools\daemon.exe” -lang 1033
O4 - HKLM…\Run: [Adobe Reader Speed Launcher] “C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe”
O4 - HKLM…\Run: [avgnt] “C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe” /min
O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray
O4 - HKCU…\Run: [skype] “C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized
O4 - HKCU…\Run: [bitTorrent DNA] “C:\Program Files\DNA\btdna.exe”
O4 - HKCU…\Run: [steam] F:\Program Files\Steam\Steam.exe -silent
O4 - HKCU…\Run: [DriverUpdaterPro] C:\Program Files\XPC Tools\Driver Updater Pro\DriverUpdaterPro.exe -t
O4 - HKUS\S-1-5-20…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘USŁUGA SIECIOWA’)
O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’)
O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’)
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: Eksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O21 - SSODL: evgratsm - {DC809CBA-C02D-4B5A-9D01-1BFA4DEC8542} - C:\WINDOWS\evgratsm.dll
O21 - SSODL: kvxqmtre - {A2AF7F88-1413-4194-ADEB-94D4C8ABA806} - C:\WINDOWS\kvxqmtre.dll
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: OO Defrag - OO Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
–
End of file - 6667 bytes