Logi:
ComboFix
- Kod: Zaznacz wszystko
ComboFix 08-11-09.04 - Kombajn 2008-11-10 16:57:41.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.2911 [GMT 1:00]
Uruchomiony z: d:\instals\ComboFix.exe
* Utworzono nowy punkt przywracania
* Resident AV is active
[COLOR=RED][B]UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !![/B][/COLOR]
.
((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\amvo0.dll
D:\install.exe
.
((((((((((((((((((((((((( Pliki utworzone od 2008-10-10 do 2008-11-10 )))))))))))))))))))))))))))))))
.
2008-11-10 16:48 . 2008-11-10 16:48 <DIR> d-------- c:\windows\system32\xircom
2008-11-10 16:48 . 2008-11-10 16:48 <DIR> d-------- c:\windows\srchasst
2008-11-10 16:48 . 2008-11-10 16:48 <DIR> d-------- c:\windows\msagent
2008-11-10 16:48 . 2008-11-10 16:48 <DIR> d-------- c:\program files\microsoft frontpage
2008-11-10 16:46 . 2008-11-10 16:46 642,560 --a------ c:\windows\system32\dllcache\user32.dll
2008-11-10 16:44 . 2008-11-10 16:49 <DIR> d-------- C:\SDFix
2008-11-10 16:42 . 2008-11-10 16:45 <DIR> d-------- c:\windows\ERUNT
2008-11-10 16:42 . 2008-11-10 16:42 <DIR> d-------- C:\ERDNT
2008-11-10 16:42 . 2008-11-10 16:52 <DIR> d-------- C:\!FixIEDef
2008-11-10 16:40 . 2008-11-10 16:40 <DIR> d-------- c:\documents and settings\Kombajn\Dane aplikacji\ESET
2008-11-10 16:40 . 2008-01-07 14:29 352 --ah----- c:\windows\nod32fixtemdono.reg
2008-11-10 16:39 . 2008-11-10 16:39 <DIR> d-------- c:\program files\ESET
2008-11-10 16:39 . 2008-11-10 16:39 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\ESET
2008-11-09 02:56 . 2008-11-09 02:56 <DIR> d-------- c:\windows\system32\LogFiles
2008-11-09 02:56 . 2008-11-09 02:56 682,280 --a------ c:\windows\system32\pbsvc.exe
2008-11-09 02:56 . 2008-11-10 16:27 138,464 --a------ c:\windows\system32\drivers\PnkBstrK.sys
2008-11-09 02:56 . 2008-11-10 16:27 111,928 --a------ c:\windows\system32\PnkBstrB.exe
2008-11-09 02:56 . 2008-11-09 02:56 66,872 --a------ c:\windows\system32\PnkBstrA.exe
2008-11-08 22:34 . 2008-11-08 22:34 <DIR> d-------- c:\documents and settings\Kombajn\Dane aplikacji\Nero
2008-11-05 10:14 . 2008-11-05 10:14 <DIR> d-------- c:\program files\IrfanView
2008-11-03 12:48 . 2008-11-03 12:48 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\Adobe Systems
2008-11-03 12:43 . 2008-11-03 12:43 <DIR> d-------- c:\program files\Common Files\Adobe Systems Shared
2008-11-03 09:52 . 2008-11-03 12:49 <DIR> d-------- c:\program files\Common Files\Adobe
2008-11-03 09:52 . 2008-11-03 09:52 <DIR> d-------- c:\documents and settings\Kombajn\Dane aplikacji\AdobeUM
2008-11-03 09:46 . 2008-11-03 09:46 <DIR> d-------- c:\program files\NOS
2008-11-03 09:46 . 2008-11-03 09:47 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\NOS
2008-11-02 02:20 . 2008-11-02 02:20 <DIR> d-------- c:\program files\Medieval Software
2008-11-02 00:56 . 2008-05-08 02:03 453,632 --a------ c:\windows\system32\SetACL.ocx
2008-11-01 11:17 . 2008-11-01 11:17 <DIR> d-------- c:\program files\Teamspeak2_RC2
2008-11-01 11:17 . 2008-11-10 01:53 <DIR> d-------- c:\documents and settings\Kombajn\Dane aplikacji\teamspeak2
2008-11-01 11:17 . 2008-11-01 11:17 34,064 --a------ c:\windows\system32\lhacm.acm
2008-10-31 22:13 . 2008-10-31 22:13 <DIR> d--hs---- c:\windows\ftpcache
2008-10-31 20:55 . 2008-10-31 20:55 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\Codemasters
2008-10-31 16:25 . 2008-10-31 16:25 <DIR> d-------- c:\documents and settings\Kombajn\Dane aplikacji\BESTplayer
2008-10-31 16:18 . 2008-10-31 16:18 <DIR> d-------- c:\program files\K-Lite Codec Pack
2008-10-31 15:46 . 2008-10-31 15:46 <DIR> d--h----- c:\windows\system32\GroupPolicy
2008-10-31 15:33 . 2008-10-31 15:40 <DIR> d-------- c:\documents and settings\Kombajn\Dane aplikacji\Ulead Systems
2008-10-31 15:32 . 2008-10-31 15:32 <DIR> d-------- c:\program files\Windows Media Components
2008-10-31 15:32 . 2008-10-31 15:32 <DIR> d-------- c:\program files\Ulead Systems
2008-10-31 15:32 . 2008-10-31 15:32 <DIR> d-------- c:\program files\Common Files\Ulead Systems
2008-10-31 15:32 . 2008-10-31 15:32 <DIR> d-------- c:\program files\Common Files\InterVideo
2008-10-31 15:32 . 2008-10-31 15:33 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\Ulead Systems
2008-10-31 15:32 . 2008-10-31 15:32 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\InterVideo
2008-10-31 15:32 . 2007-03-27 19:56 210,456 --a------ c:\windows\system32\IVIresizeW7.dll
2008-10-31 15:32 . 2007-03-27 19:56 206,360 --a------ c:\windows\system32\IVIresizeA6.dll
2008-10-31 15:32 . 2007-03-27 19:56 198,168 --a------ c:\windows\system32\IVIresizeP6.dll
2008-10-31 15:32 . 2007-03-27 19:56 198,168 --a------ c:\windows\system32\IVIresizeM6.dll
2008-10-31 15:32 . 2007-03-27 19:56 194,072 --a------ c:\windows\system32\IVIresizePX.dll
2008-10-31 15:32 . 2007-03-27 19:56 26,136 --a------ c:\windows\system32\IVIresize.dll
2008-10-31 15:13 . 2008-10-31 15:13 <DIR> d-------- c:\program files\MarBit
2008-10-31 14:28 . 2008-10-31 14:29 <DIR> d-------- c:\program files\OpenLibraries
2008-10-31 14:28 . 2008-10-31 14:28 <DIR> d-------- c:\program files\mlt
2008-10-31 14:28 . 2008-10-31 14:32 <DIR> d-------- c:\program files\Jahshaka
2008-10-31 14:28 . 2008-10-31 14:28 <DIR> d-------- c:\program files\gtk2
2008-10-31 14:28 . 2008-10-31 14:28 262,144 --a------ c:\windows\system32\wrap_oal.dll
2008-10-31 14:28 . 2008-10-31 14:28 86,016 --a------ c:\windows\system32\OpenAL32.dll
2008-10-31 12:15 . 2004-01-11 23:00 348,160 --a------ c:\windows\system32\msvcr71.dll
2008-10-31 12:11 . 2008-10-31 12:11 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\Fallout3
2008-10-31 12:10 . 2008-10-31 12:10 <DIR> d-------- c:\program files\MSBuild
2008-10-31 12:08 . 2008-10-31 12:08 <DIR> d-------- c:\windows\system32\XPSViewer
2008-10-31 12:08 . 2008-10-31 12:08 <DIR> d-------- c:\program files\Reference Assemblies
2008-10-31 12:08 . 2006-06-29 13:07 14,048 --------- c:\windows\system32\spmsg2.dll
2008-10-31 12:07 . 2008-10-31 12:07 <DIR> d-------- c:\windows\system32\xlive
2008-10-31 12:07 . 2006-10-16 16:10 23,856 --a------ c:\windows\system32\spupdsvc.exe
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-10 15:57 --------- d---a-w c:\documents and settings\All Users\Dane aplikacji\TEMP
2008-11-10 15:57 --------- d-----w c:\documents and settings\Kombajn\Dane aplikacji\SharpReader
2008-11-10 15:56 --------- d-----w c:\documents and settings\Kombajn\Dane aplikacji\uTorrent
2008-11-09 01:56 22,328 ----a-w c:\documents and settings\Kombajn\Dane aplikacji\PnkBstrK.sys
2008-11-09 01:56 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-06 21:32 --------- d-----w c:\documents and settings\Kombajn\Dane aplikacji\Hamachi
2008-10-31 21:13 --------- d-----w c:\program files\Common Files\InstallShield
2008-10-31 07:57 --------- d-----w c:\program files\uTorrent
2008-10-31 07:56 --------- d-----w c:\program files\DAEMON Tools Toolbar
2008-10-31 07:56 --------- d-----w c:\program files\DAEMON Tools Lite
2008-10-31 07:51 717,296 ----a-w c:\windows\system32\drivers\sptd.sys
2008-10-31 07:49 --------- d-----w c:\documents and settings\Kombajn\Dane aplikacji\Xfire
2008-10-31 07:49 --------- d-----w c:\documents and settings\Kombajn\Dane aplikacji\winamp
2008-10-31 07:49 --------- d-----w c:\documents and settings\Kombajn\Dane aplikacji\VMware
2008-10-31 07:49 --------- d-----w c:\documents and settings\Kombajn\Dane aplikacji\Ubisoft
2008-10-31 07:49 --------- d-----w c:\documents and settings\Kombajn\Dane aplikacji\Typograf
2008-10-31 07:49 --------- d-----w c:\documents and settings\Kombajn\Dane aplikacji\Touchstone
2008-10-31 07:49 --------- d-----w c:\documents and settings\Kombajn\Dane aplikacji\skypePM
2008-10-31 07:49 --------- d-----w c:\documents and settings\Kombajn\Dane aplikacji\Skype
2008-10-31 07:49 --------- d-----w c:\documents and settings\Kombajn\Dane aplikacji\Microsoft Games
2008-10-31 07:47 --------- d-----w c:\documents and settings\Kombajn\Dane aplikacji\Gadu-Gadu
2008-10-31 07:46 --------- d-----w c:\program files\Gadu-Gadu
2008-10-31 07:39 --------- d-----w c:\program files\Bobyte
2008-10-31 07:35 25,280 ----a-w c:\windows\system32\drivers\hamachi.sys
2008-10-31 07:35 --------- d-----w c:\program files\Hamachi
2008-10-31 07:31 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-10-31 07:31 --------- d-----w c:\program files\AGEIA Technologies
2008-10-31 07:30 315,392 ----a-w c:\windows\HideWin.exe
2008-10-31 07:30 --------- d-----w c:\program files\Realtek
2008-10-31 07:30 --------- d-----w c:\program files\Intel
2008-10-31 07:19 --------- d-----w c:\program files\Usługi online
2008-10-31 07:17 --------- d-----w c:\program files\Windows Media Connect 2
2008-09-16 20:27 453,152 ----a-w c:\windows\system32\NVUNINST.EXE
2008-09-16 00:14 3,596,288 ----a-w c:\windows\system32\qt-dx331.dll
2008-09-16 00:12 81,920 ----a-w c:\windows\system32\dpl100.dll
2008-09-16 00:11 683,520 ----a-w c:\windows\system32\divx.dll
2008-09-04 08:31 288,024 ----a-w c:\windows\system32\PhysXCplUI.exe
2008-08-29 07:57 70,936 ----a-w c:\windows\system32\PhysXLoader.dll
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"Fraps"="c:\fraps\FRAPS.EXE" [2008-01-14 3182248]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13574144]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-17 86016]
"UVS11 Preload"="c:\program files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe" [2007-09-12 340136]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2007-12-21 1443072]
"nwiz"="nwiz.exe" [2008-09-17 c:\windows\system32\nwiz.exe]
"RTHDCPL"="RTHDCPL.EXE" [2007-01-30 c:\windows\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 c:\windows\SkyTel.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
"nltide_3"="advpack.dll" [2007-10-09 c:\windows\system32\advpack.dll]
c:\documents and settings\Kombajn\Menu Start\Programy\Autostart\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]
SharpReader.lnk - e:\programy\SharpReader\SharpReader.exe [2008-09-20 630784]
uTorrent.lnk - c:\program files\uTorrent\uTorrent.exe [2008-10-31 270128]
c:\documents and settings\All Users\Menu Start\Programy\Autostart\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 29696]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableStatusMessages"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMMyPictures"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"NoSMHelp"= 1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMMyPictures"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"NoSMHelp"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= c:\progra~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm
"msacm.MPEGacm"= c:\progra~1\COMMON~1\ULEADS~1\MPEG\MPEGacm.acm
"msacm.ulmp3acm"= c:\progra~1\COMMON~1\ULEADS~1\MPEG\ulmp3acm.acm
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"d:\\q3\\quake3.exe"=
"e:\\Programy\\AQQ2z\\AQQ.exe"=
"d:\\grid\\GRID.exe"=
"d:\\Quake 4\\Quake4.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"e:\\Programy\\BearShare Pro\\Bearshare.exe"=
"d:\\LOST PLANET\\LostPlanetDx9.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"d:\\CALL OF DUTY- WORLD AT WAR FFS\\CoDWaWmp.exe"=
"d:\\CALL OF DUTY- WORLD AT WAR FFS\\CoDWaW.exe"=
S3 ALLOW-IO;ALLOW-IO;F:\ALLOW-IO.sys [ ]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2008-08-29 33752]
S3 USBSTOR;Sterownik magazynu masowego USB;c:\windows\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{af3c3560-a984-11dd-8877-00508db7ee26}]
\Shell\AutoRun\command - H:\xyw9tmdj.com
\Shell\explore\Command - H:\xyw9tmdj.com
\Shell\open\Command - H:\xyw9tmdj.com
*Newly Created Service* - PROCEXP90
.
.
------- Skan uzupełniający -------
.
FireFox -: Profile - c:\documents and settings\Kombajn\Dane aplikacji\Mozilla\Firefox\Profiles\91wb6whw.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - file:///C:/Documents%20and%20Settings/Kombajn/Pulpit/s.html
FF -: plugin - c:\documents and settings\Kombajn\Dane aplikacji\Mozilla\Firefox\Profiles\91wb6whw.default\extensions\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}\plugins\np_gp.dll
FF -: plugin - c:\program files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF -: plugin - e:\programy\FireFox3\plugins\np_gp.dll
FF -: plugin - e:\programy\FireFox3\plugins\npnul32.dll
FF -: plugin - e:\programy\FireFox3\plugins\NPOFFICE.DLL
FF -: plugin - e:\programy\FireFox3\plugins\nppl3260.dll
FF -: plugin - e:\programy\FireFox3\plugins\nprpjplug.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-10 16:58:23
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
skanowanie ukrytych procesów ...
skanowanie ukrytych wpisów autostartu ...
skanowanie ukrytych plików ...
skanowanie pomyślnie ukończone
ukryte pliki: 0
**************************************************************************
.
Czas ukończenia: 2008-11-10 16:58:35
ComboFix-quarantined-files.txt 2008-11-10 15:58:33
Przed: 44 045 676 544 bajtów wolnych
Po: 44,308,303,872 bajtów wolnych
216
Hijack
- Kod: Zaznacz wszystko
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:59:38, on 2008-11-10
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20627)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
E:\Programy\FireFox3\firefox.exe
D:\Instals\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [UVS11 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Fraps] C:\FRAPS\FRAPS.EXE
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: SharpReader.lnk = E:\Programy\SharpReader\SharpReader.exe
O4 - Startup: µTorrent.lnk = C:\Program Files\uTorrent\uTorrent.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Indexing Service (CiSvc) - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
--
End of file - 4708 bytes
