Dss before connection:

Deckard's System Scanner v20071014.68
Run by Administrator on 2008-06-30 11:53:24
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Administrator.exe) ---------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:53:26, on 2008-06-30
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Ad Muncher\AdMunch.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Administrator\Pulpit\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\ADMINI~1.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 211.142.211.39:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Ad Muncher] "C:\Program Files\Ad Muncher\AdMunch.exe" /bt
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Block frame with Ad Muncher - http://www.admuncher.com/request_wil...=menu_ie_frame
O8 - Extra context menu item: Block image with Ad Muncher - http://www.admuncher.com/request_wil...=menu_ie_image
O8 - Extra context menu item: Block link with Ad Muncher - http://www.admuncher.com/request_wil...d=menu_ie_link
O8 - Extra context menu item: Don't filter page with Ad Muncher - http://www.admuncher.com/request_wil...enu_ie_exclude
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Pobierz plik wideo we Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Pobierz w Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Pobierz wszystkie pliki w Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Pobierz z &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm
O8 - Extra context menu item: Pobierz zaznaczone w Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Report page to the Ad Muncher developers - http://www.admuncher.com/request_wil...menu_ie_report
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 5196 bytes

-- Files created between 2008-05-30 and 2008-06-30 -----------------------------

2008-06-22 12:57:22 0 d-------- C:\WINDOWS\ERUNT
2008-06-20 08:22:10 0 d-------- C:\WINDOWS\BDOSCAN8
2008-06-18 20:54:16 0 drahs---- C:\autorun.inf
2008-06-18 13:16:00 690 --a------ C:\WINDOWS\system32\tmp.reg
2008-06-18 13:15:34 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-06-18 13:15:34 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2008-06-18 13:15:34 86528 --a------ C:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-06-18 13:15:34 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-06-18 13:15:34 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2008-06-18 13:15:34 82944 --a------ C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-06-18 13:15:34 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-06-18 13:15:34 81920 --a------ C:\WINDOWS\system32\404Fix.exe <Not Verified; S!Ri.URZ; 404Fix>
2008-06-17 11:40:12 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-16 14:10:31 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-06-16 12:42:43 0 d-------- C:\Program Files\Common Files\Download Manager
2008-06-15 19:59:37 68096 --a------ C:\WINDOWS\zip.exe
2008-06-15 19:59:37 49152 --a------ C:\WINDOWS\VFind.exe
2008-06-15 19:59:37 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-06-15 19:59:37 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-06-15 19:59:37 98816 --a------ C:\WINDOWS\sed.exe
2008-06-15 19:59:37 80412 --a------ C:\WINDOWS\grep.exe
2008-06-15 19:59:37 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-06-15 12:25:25 0 d-------- C:\Program Files\Trend Micro
2008-06-11 16:16:34 0 d-------- C:\Program Files\Free Download Manager
2008-06-07 20:09:49 0 d-------- C:\Program Files\AutoConnect
2008-06-07 20:04:13 0 d-------- C:\Program Files\Ad Muncher


-- Find3M Report ---------------------------------------------------------------

2008-06-24 15:19:22 0 d-------- C:\Program Files\kmp
2008-06-21 16:30:25 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-21 16:18:02 0 d-------- C:\Program Files\Common Files
2008-06-20 21:52:19 669184 --a------ C:\WINDOWS\system32\pbsvc.exe
2008-06-20 21:30:41 0 d-------- C:\Program Files\Electronic Arts
2008-06-17 11:40:14 0 d-------- C:\Documents and Settings\Administrator\Dane aplikacji\Malwarebytes
2008-06-16 12:44:19 494652 --a------ C:\WINDOWS\system32\perfh015.dat
2008-06-16 12:44:19 87188 --a------ C:\WINDOWS\system32\perfc015.dat
2008-06-15 13:47:00 0 d-------- C:\Program Files\FlashGet
2008-06-11 16:17:39 0 d-------- C:\Documents and Settings\Administrator\Dane aplikacji\Free Download Manager
2008-06-06 21:57:23 0 d-------- C:\Program Files\Soulseek
2008-05-22 21:09:41 0 d-------- C:\Program Files\OO Software
2008-05-22 17:32:48 0 d-------- C:\Program Files\Kaspersky Lab
2008-05-21 21:58:51 0 d-------- C:\Program Files\CD Catalog Expert
2008-05-17 18:29:39 0 d-------- C:\Documents and Settings\Administrator\Dane aplikacji\Ubisoft
2008-05-17 18:02:43 0 d-------- C:\Program Files\Ubisoft
2008-05-17 18:02:42 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-10 21:11:33 0 d-------- C:\Program Files\Dziobas Rar Player
2008-05-07 20:36:48 0 d-------- C:\Documents and Settings\Administrator\Dane aplikacji\SolidDocuments
2008-05-07 15:36:10 279172 --a------ C:\amt1
2008-05-05 21:12:59 0 d-------- C:\Documents and Settings\Administrator\Dane aplikacji\Media Player Classic
2008-05-03 05:46:00 1630208 --a------ C:\WINDOWS\system32\nwiz.exe
2008-05-03 05:46:00 1019904 --a------ C:\WINDOWS\system32\nvwimg.dll
2008-05-03 05:46:00 1703936 --a------ C:\WINDOWS\system32\nvwdmcpl.dll
2008-05-03 05:46:00 466944 --a------ C:\WINDOWS\system32\nvshell.dll
2008-05-03 05:46:00 1486848 --a------ C:\WINDOWS\system32\nview.dll
2008-05-03 05:46:00 1339392 --a------ C:\WINDOWS\system32\nvdspsch.exe
2008-05-03 05:46:00 442368 --a------ C:\WINDOWS\system32\nvappbar.exe
2008-05-03 05:46:00 425984 --a------ C:\WINDOWS\system32\keystone.exe
2008-04-30 18:37:12 0 d-------- C:\Program Files\Medieval Software


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2006-06-20 23:42 C:\WINDOWS\soundman.exe]
"Ad Muncher"="C:\Program Files\Ad Muncher\AdMunch.exe" [2007-11-03 06:48]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-03 05:46]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2008-01-23 22:29]
"RocketDock"="C:\Program Files\RocketDock\RocketDock.exe" [2007-09-02 14:58]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:44]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Administrator^Menu Start^Programy^Autostart^Adobe Gamma.lnk]
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FrameWork 2.5]
FrameWork.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FreeCall]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
%systemroot%\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\QTTask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RocketDock]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrayServer]
C:\Program Files\MAGIX\Movie_Edit_Pro_12_e-version\TrayServer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VoipCheapCom]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WengoPhoneNG]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zoneLINK MultiCore Optimizer]
"C:\Program Files\zoneLINK\MultiCore Optimizer\MultiCoreOptimizer.exe" -TRAY

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wuauserv"=3 (0x3)
"WebClient"=2 (0x2)
"TlntSvr"=3 (0x3)
"SharedAccess"=3 (0x3)
"seclogon"=2 (0x2)
"SCardSvr"=3 (0x3)
"RSVP"=3 (0x3)
"RDSessMgr"=3 (0x3)
"idsvc"=3 (0x3)
"FirebirdServerMAGIXInstance"=3 (0x3)
"CryptSvc"=3 (0x3)
"Adobe LM Service"=3 (0x3)
"aawservice"=2 (0x2)
"UTSCSI"=2 (0x2)
"UleadBurningHelper"=2 (0x2)
"TuneUp.Defrag"=3 (0x3)
"O&O Defrag"=2 (0x2)
"ERSvc"=2 (0x2)
"AVP"=3 (0x3)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx scan


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{03f8e539-4d99-11dc-ad6b-4d6564696130}]
AutoRun\command- G:\
open\Command- rundll32.exe .\desktop.dll,InstallM

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2708cd15-2bfb-11dd-bff5-4d6564696130}]
AutoRun\command- G:\
open\Command- rundll32.exe .\desktop.dll,InstallM

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7b0c8f62-1dcc-11dd-9277-4d6564696130}]
AutoRun\command- G:\
open\Command- rundll32.exe .\desktop.dll,InstallM

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a7eb314c-b535-11dc-9002-4d6564696130}]
AutoRun\command- G:\
open\Command- rundll32.exe .\desktop.dll,InstallM

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b3b59ac6-324e-11dd-a603-4d6564696130}]
AutoRun\command- G:\
open\Command- rundll32.exe .\desktop.dll,InstallM

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e0a35061-ca86-11dc-9072-4d6564696130}]
AutoRun\command- H:\
open\Command- rundll32.exe .\desktop.dll,InstallM




-- End of Deckard's System Scanner: finished at 2008-06-30 11:53:57 ------------

And after:

Deckard's System Scanner v20071014.68
Run by Administrator on 2008-06-30 11:55:34
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Administrator.exe) ---------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:55:34, on 2008-06-30
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Ad Muncher\AdMunch.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Administrator\Pulpit\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\ADMINI~1.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Ad Muncher] "C:\Program Files\Ad Muncher\AdMunch.exe" /bt
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Block frame with Ad Muncher - http://www.admuncher.com/request_wil...=menu_ie_frame
O8 - Extra context menu item: Block image with Ad Muncher - http://www.admuncher.com/request_wil...=menu_ie_image
O8 - Extra context menu item: Block link with Ad Muncher - http://www.admuncher.com/request_wil...d=menu_ie_link
O8 - Extra context menu item: Don't filter page with Ad Muncher - http://www.admuncher.com/request_wil...enu_ie_exclude
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Pobierz plik wideo we Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Pobierz w Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Pobierz wszystkie pliki w Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Pobierz z &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm
O8 - Extra context menu item: Pobierz zaznaczone w Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Report page to the Ad Muncher developers - http://www.admuncher.com/request_wil...menu_ie_report
O17 - HKLM\System\CCS\Services\Tcpip\..\{3C08CBDB-2261-4A71-A965-34F67B93A9F9}: NameServer = 85.255.113.78 85.255.112.36
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 5213 bytes

-- Files created between 2008-05-30 and 2008-06-30 -----------------------------

2008-06-22 12:57:22 0 d-------- C:\WINDOWS\ERUNT
2008-06-20 08:22:10 0 d-------- C:\WINDOWS\BDOSCAN8
2008-06-18 20:54:16 0 drahs---- C:\autorun.inf
2008-06-18 13:16:00 690 --a------ C:\WINDOWS\system32\tmp.reg
2008-06-18 13:15:34 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-06-18 13:15:34 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2008-06-18 13:15:34 86528 --a------ C:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-06-18 13:15:34 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-06-18 13:15:34 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2008-06-18 13:15:34 82944 --a------ C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-06-18 13:15:34 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-06-18 13:15:34 81920 --a------ C:\WINDOWS\system32\404Fix.exe <Not Verified; S!Ri.URZ; 404Fix>
2008-06-17 11:40:12 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-16 14:10:31 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-06-16 12:42:43 0 d-------- C:\Program Files\Common Files\Download Manager
2008-06-15 19:59:37 68096 --a------ C:\WINDOWS\zip.exe
2008-06-15 19:59:37 49152 --a------ C:\WINDOWS\VFind.exe
2008-06-15 19:59:37 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-06-15 19:59:37 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-06-15 19:59:37 98816 --a------ C:\WINDOWS\sed.exe
2008-06-15 19:59:37 80412 --a------ C:\WINDOWS\grep.exe
2008-06-15 19:59:37 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-06-15 12:25:25 0 d-------- C:\Program Files\Trend Micro
2008-06-11 16:16:34 0 d-------- C:\Program Files\Free Download Manager
2008-06-07 20:09:49 0 d-------- C:\Program Files\AutoConnect
2008-06-07 20:04:13 0 d-------- C:\Program Files\Ad Muncher


-- Find3M Report ---------------------------------------------------------------

2008-06-24 15:19:22 0 d-------- C:\Program Files\kmp
2008-06-21 16:30:25 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-21 16:18:02 0 d-------- C:\Program Files\Common Files
2008-06-20 21:52:19 669184 --a------ C:\WINDOWS\system32\pbsvc.exe
2008-06-20 21:30:41 0 d-------- C:\Program Files\Electronic Arts
2008-06-17 11:40:14 0 d-------- C:\Documents and Settings\Administrator\Dane aplikacji\Malwarebytes
2008-06-16 12:44:19 494652 --a------ C:\WINDOWS\system32\perfh015.dat
2008-06-16 12:44:19 87188 --a------ C:\WINDOWS\system32\perfc015.dat
2008-06-15 13:47:00 0 d-------- C:\Program Files\FlashGet
2008-06-11 16:17:39 0 d-------- C:\Documents and Settings\Administrator\Dane aplikacji\Free Download Manager
2008-06-06 21:57:23 0 d-------- C:\Program Files\Soulseek
2008-05-22 21:09:41 0 d-------- C:\Program Files\OO Software
2008-05-22 17:32:48 0 d-------- C:\Program Files\Kaspersky Lab
2008-05-21 21:58:51 0 d-------- C:\Program Files\CD Catalog Expert
2008-05-17 18:29:39 0 d-------- C:\Documents and Settings\Administrator\Dane aplikacji\Ubisoft
2008-05-17 18:02:43 0 d-------- C:\Program Files\Ubisoft
2008-05-17 18:02:42 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-10 21:11:33 0 d-------- C:\Program Files\Dziobas Rar Player
2008-05-07 20:36:48 0 d-------- C:\Documents and Settings\Administrator\Dane aplikacji\SolidDocuments
2008-05-07 15:36:10 279172 --a------ C:\amt1
2008-05-05 21:12:59 0 d-------- C:\Documents and Settings\Administrator\Dane aplikacji\Media Player Classic
2008-05-03 05:46:00 1630208 --a------ C:\WINDOWS\system32\nwiz.exe
2008-05-03 05:46:00 1019904 --a------ C:\WINDOWS\system32\nvwimg.dll
2008-05-03 05:46:00 1703936 --a------ C:\WINDOWS\system32\nvwdmcpl.dll
2008-05-03 05:46:00 466944 --a------ C:\WINDOWS\system32\nvshell.dll
2008-05-03 05:46:00 1486848 --a------ C:\WINDOWS\system32\nview.dll
2008-05-03 05:46:00 1339392 --a------ C:\WINDOWS\system32\nvdspsch.exe
2008-05-03 05:46:00 442368 --a------ C:\WINDOWS\system32\nvappbar.exe
2008-05-03 05:46:00 425984 --a------ C:\WINDOWS\system32\keystone.exe
2008-04-30 18:37:12 0 d-------- C:\Program Files\Medieval Software


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2006-06-20 23:42 C:\WINDOWS\soundman.exe]
"Ad Muncher"="C:\Program Files\Ad Muncher\AdMunch.exe" [2007-11-03 06:48]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-03 05:46]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2008-01-23 22:29]
"RocketDock"="C:\Program Files\RocketDock\RocketDock.exe" [2007-09-02 14:58]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:44]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Administrator^Menu Start^Programy^Autostart^Adobe Gamma.lnk]
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FrameWork 2.5]
FrameWork.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FreeCall]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
%systemroot%\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\QTTask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RocketDock]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrayServer]
C:\Program Files\MAGIX\Movie_Edit_Pro_12_e-version\TrayServer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VoipCheapCom]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WengoPhoneNG]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zoneLINK MultiCore Optimizer]
"C:\Program Files\zoneLINK\MultiCore Optimizer\MultiCoreOptimizer.exe" -TRAY

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wuauserv"=3 (0x3)
"WebClient"=2 (0x2)
"TlntSvr"=3 (0x3)
"SharedAccess"=3 (0x3)
"seclogon"=2 (0x2)
"SCardSvr"=3 (0x3)
"RSVP"=3 (0x3)
"RDSessMgr"=3 (0x3)
"idsvc"=3 (0x3)
"FirebirdServerMAGIXInstance"=3 (0x3)
"CryptSvc"=3 (0x3)
"Adobe LM Service"=3 (0x3)
"aawservice"=2 (0x2)
"UTSCSI"=2 (0x2)
"UleadBurningHelper"=2 (0x2)
"TuneUp.Defrag"=3 (0x3)
"O&O Defrag"=2 (0x2)
"ERSvc"=2 (0x2)
"AVP"=3 (0x3)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx scan


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{03f8e539-4d99-11dc-ad6b-4d6564696130}]
AutoRun\command- G:\
open\Command- rundll32.exe .\desktop.dll,InstallM

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2708cd15-2bfb-11dd-bff5-4d6564696130}]
AutoRun\command- G:\
open\Command- rundll32.exe .\desktop.dll,InstallM

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7b0c8f62-1dcc-11dd-9277-4d6564696130}]
AutoRun\command- G:\
open\Command- rundll32.exe .\desktop.dll,InstallM

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a7eb314c-b535-11dc-9002-4d6564696130}]
AutoRun\command- G:\
open\Command- rundll32.exe .\desktop.dll,InstallM

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b3b59ac6-324e-11dd-a603-4d6564696130}]
AutoRun\command- G:\
open\Command- rundll32.exe .\desktop.dll,InstallM

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e0a35061-ca86-11dc-9072-4d6564696130}]
AutoRun\command- H:\
open\Command- rundll32.exe .\desktop.dll,InstallM




-- End of Deckard's System Scanner: finished at 2008-06-30 11:55:52 ------------