Oto daje logi z combofixa i Hijackthis które mialem dac potym jak Kasperski znalazł Luki.
Mam nadzieję ze dobry Log daje z HiJackHisa?
- Kod: Zaznacz wszystko
ComboFix 09-04-04.01 - GRY 2009-04-10 17:06:29.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.1.1045.18.1023.585 [GMT 2:00]
Uruchomiony z: c:\documents and settings\GRY\Pulpit\ComboFix.exe
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated)
* Utworzono nowy punkt przywracania
.
((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Dane aplikacji\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Dane aplikacji\Microsoft\Network\Downloader\qmgr1.dat
----- BITS: Możliwe zainfekowane strony -----
hxxp://au.download.wj+|Cv+@J:NGD_DQ{zcxLJS@sVSL\oAOWU Client DownloadS-1-5-18`HT4?? 6VwoQZCDHM6VwoQZCDHMXurrrrr5u_cxLJS@GD_DQ{zGD_DQ{zGD_DQ{z+@J:Nj+|Cvupdate.com
.
((((((((((((((((((((((((( Pliki utworzone od 2009-03-10 do 2009-04-10 )))))))))))))))))))))))))))))))
.
2009-03-29 22:10 . 2009-03-29 22:10 <DIR> d-------- c:\documents and settings\GRY\Dane aplikacji\HTML Executable
2009-03-29 22:10 . 2009-03-29 22:12 <DIR> d-------- c:\documents and settings\GRY\Dane aplikacji\Desktopicon
2009-03-27 17:01 . 2009-03-27 17:01 <DIR> d-------- c:\windows\ERUNT
2009-03-26 16:28 . 2009-03-26 16:28 <DIR> d-------- c:\windows\Downloaded Installations
2009-03-26 00:01 . 2009-03-26 00:01 <DIR> d-------- c:\documents and settings\GRY\Dane aplikacji\23doors
2009-03-26 00:00 . 2009-03-26 00:00 <DIR> d-------- c:\documents and settings\GRY\.spidek
2009-03-25 23:14 . 2009-03-25 23:14 57 --a------ c:\windows\system32\faldon.ini
2009-03-25 13:11 . 2009-03-25 13:25 <DIR> d-------- c:\documents and settings\GRY\Dane aplikacji\Wormux
2009-03-25 11:50 . 2006-08-17 03:46 139,264 --a------ c:\windows\NeoUninstall.exe
2009-03-25 11:50 . 2009-03-25 11:50 26 --a------ c:\windows\neosetup.INI
2009-03-25 10:02 . 2009-03-25 10:25 101,287 --a------ c:\windows\system32\drivers\klin.dat
2009-03-25 10:02 . 2009-03-25 10:25 89,601 --a------ c:\windows\system32\drivers\klick.dat
2009-03-25 10:00 . 2009-03-25 10:00 <DIR> d-------- c:\program files\Kaspersky Lab
2009-03-25 10:00 . 2009-04-10 17:00 <DIR> d----c--- c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab
2009-03-25 10:00 . 2009-04-09 21:27 3,347,488 --ahs---- c:\windows\system32\drivers\fidbox.dat
2009-03-25 10:00 . 2009-04-09 21:27 450,592 --ahs---- c:\windows\system32\drivers\fidbox2.dat
2009-03-25 10:00 . 2009-04-09 21:27 28,280 --ahs---- c:\windows\system32\drivers\fidbox.idx
2009-03-25 10:00 . 2009-04-09 21:27 3,668 --ahs---- c:\windows\system32\drivers\fidbox2.idx
2009-03-24 12:58 . 2008-10-16 15:06 268,648 --a------ c:\windows\system32\mucltui.dll
2009-03-24 12:58 . 2008-10-16 15:06 208,744 --a------ c:\windows\system32\muweb.dll
2009-03-24 12:58 . 2008-10-16 15:06 27,496 --a------ c:\windows\system32\mucltui.dll.mui
2009-03-19 22:30 . 2009-03-19 22:30 <DIR> d----c--- c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files
2009-03-16 18:14 . 2009-04-09 19:31 <DIR> d-------- c:\documents and settings\GRY\Dane aplikacji\Winamp 2
2009-03-16 14:06 . 2009-03-23 17:34 <DIR> d----c--- C:\Podanie o prace i Cv Slawek
2009-03-10 15:30 . 2009-03-10 15:30 <DIR> d-------- c:\program files\Common Files\Adobe AIR
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-10 11:20 --------- d-----w c:\documents and settings\GRY\Dane aplikacji\Skype
2009-03-25 19:32 --------- d-----w c:\program files\MyPlayCity
2009-03-25 08:25 33,808 ----a-w c:\windows\system32\drivers\klbg.sys
2009-03-25 07:52 --------- dc--a-w c:\documents and settings\All Users\Dane aplikacji\TEMP
2009-03-24 03:26 --------- d-----w c:\program files\Windows Media Connect 2
2009-03-24 03:26 --------- d-----w c:\documents and settings\GRY\Dane aplikacji\skypePM
2009-03-23 11:53 --------- d-----w c:\program files\Odkurzacz
2009-03-19 19:32 --------- d-----w c:\program files\Gadu-Gadu
2009-03-19 18:32 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Skype
2009-03-19 18:32 --------- d-----r c:\program files\Skype
2009-03-16 20:18 --------- d-----w c:\program files\Common Files\Adobe
2009-03-10 16:58 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-08 20:22 --------- dc----w c:\documents and settings\All Users\Dane aplikacji\18196
2009-03-06 23:16 --------- d-----w c:\documents and settings\GRY\Dane aplikacji\Nowe Gadu-Gadu
2009-03-02 23:35 --------- d-----w c:\program files\Nowe Gadu-Gadu
2009-03-02 18:29 --------- d-----w c:\program files\SubEdit-Player
2009-02-09 14:07 1,847,040 ----a-w c:\windows\system32\win32k.sys
2009-01-15 18:24 103,736 -c--a-w c:\windows\system32\PnkBstrB.exe
2008-03-14 20:37 32 -c--a-w c:\documents and settings\All Users\Dane aplikacji\ezsid.dat
2004-10-01 14:00 40,960 ----a-w c:\program files\Uninstall_CDS.exe
2007-07-16 20:13 56 -csh--r c:\windows\system32\DABDCAE1B6.sys
2007-07-16 20:13 10,022 -csha-w c:\windows\system32\KGyGaAvL.sys
2008-09-19 21:41 32,768 --sha-w c:\windows\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\MSHist012008091920080920\index.dat
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}"= "c:\program files\MyPlayCity\tbMyP1.dll" [2009-03-25 1883672]
[HKEY_CLASSES_ROOT\clsid\{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}]
2009-03-25 21:33 1883672 --a------ c:\program files\MyPlayCity\tbMyP1.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}"= "c:\program files\MyPlayCity\tbMyP1.dll" [2009-03-25 1883672]
[HKEY_CLASSES_ROOT\clsid\{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{4724C5D8-DFA7-417A-A2F5-1EABFEE9B4AC}"= "c:\program files\MyPlayCity\tbMyP1.dll" [2009-03-25 1883672]
[HKEY_CLASSES_ROOT\clsid\{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-12-16 94208]
"ALLUpdate"="d:\program files\ALLPlayer\ALLUpdate.exe" [2008-11-24 869888]
"eMuleAutoStart"="d:\emule\emule.exe" [2009-02-22 5668864]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-04-13 69632]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-04-17 196608]
"BigDog305"="c:\windows\VM305_STI.EXE" [2005-08-05 61440]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [2009-03-25 206088]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-06-01 7618560]
"SkyTel"="SkyTel.EXE" [2006-05-16 c:\windows\SkyTel.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-07-21 c:\windows\RTHDCPL.exe]
"NvMediaCenter"="NvMCTray.dll" [2006-06-01 c:\windows\system32\nvmctray.dll]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3codecp"= l3codecp.acm
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2009-02-27 18:10 35696 c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a--c--- 2001-07-09 11:50 155648 c:\windows\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2006-06-01 11:22 7618560 c:\windows\system32\nvcpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Odkurzacz-MCD]
--a------ 2008-08-16 16:01 264704 c:\program files\Odkurzacz\odk_mcd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-11-10 06:43 136600 c:\program files\Java\jre6\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2006-06-01 11:22 1519616 c:\windows\system32\nwiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\Gry\\BATTLE\\BF2.exe"=
"c:\\Program Files\\Gadu-Gadu\\gg.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"d:\\Gry\\gry.Quake\\quake3.exe"=
"d:\\ground Control\\gcii.exe"=
"d:\\eMule\\emule.exe"=
"c:\\Program Files\\Novalogic\\Comanche 4\\c4.exe"=
"d:\\Gry\\Carbon\\NFSC.exe"=
"d:\\Gry\\panzer\\pea.exe"=
"d:\\Joint Task Force\\jtf.exe"=
"d:\\Dawn of war\\Dawn of War - Dark Crusade\\DarkCrusade.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\Nowe Gadu-Gadu\\gg.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8461:TCP"= 8461:TCP:GoD High Port
"8462:TCP"= 8462:TCP:GoD Low Port
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-01-29 33808]
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [2006-07-05 63352]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2008-04-30 24592]
R3 ZSMC0305;A4 TECH PC Camera V;c:\windows\system32\drivers\usbVM305.sys [2007-04-23 391688]
S3 uir1100a;UIR1100A;c:\windows\system32\drivers\uir1100a.sys [2007-02-18 31048]
.
- - - - USUNIĘTO PUSTE WPISY - - - -
BHO-{74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - c:\program files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT1392740
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZJfox000
IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\GRY\Dane aplikacji\Mozilla\Firefox\Profiles\u9ga2ket.default\
.
**************************************************************************
catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-10 17:09:46
Windows 5.1.2600 Dodatek Service Pack 3 NTFS
skanowanie ukrytych procesów ...
skanowanie ukrytych wpisów autostartu ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
BigDog305 = c:\windows\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)???????????????????0?????????@??????????????
skanowanie ukrytych plików ...
**************************************************************************
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
[HKEY_USERS\S-1-5-21-329068152-796845957-725345543-1005\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:ae,fa,e1,1c,64,33,87,b4,7d,81,8b,2a,12,4e,ea,d9,52,66,ea,20,04,fe,ab,
e4,8f,17,fb,7f,33,7c,26,41,df,aa,eb,00,c6,81,41,64,35,08,c1,5e,b5,7b,f1,1c,\
"??"=hex:de,d1,a7,04,80,c0,99,38,0b,ed,e2,24,29,2e,97,e1
[HKEY_USERS\S-1-5-21-329068152-796845957-725345543-1005\x^q��we�s*t*L*o*g*i*n*T*y*p*e*\Google\Google Earth Plus]
"ReverseControls"=dword:00000000
DUMPHIVE0.003 (REGF)
.
Czas ukończenia: 2009-04-10 17:14:50
ComboFix-quarantined-files.txt 2009-04-10 15:13:32
Przed: 19 323 404 288 bajtów wolnych
Po: 19,315,527,680 bajtów wolnych
183 --- E O F --- 2009-03-29 22:06:03
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:22:41, on 2009-04-10
Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\VM305_STI.EXE
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\GRY\Pulpit\HiJackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT1392740
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: MyPlayCity Toolbar - {4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac} - C:\Program Files\MyPlayCity\tbMyP1.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: MyPlayCity Toolbar - {4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac} - C:\Program Files\MyPlayCity\tbMyP1.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareMediaBar.dll (file missing)
O3 - Toolbar: MyPlayCity Toolbar - {4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac} - C:\Program Files\MyPlayCity\tbMyP1.dll
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [BigDog305] C:\WINDOWS\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ALLUpdate] "D:\Program Files\ALLPlayer\ALLUpdate.exe" "sleep"
O4 - HKCU\..\Run: [eMuleAutoStart] D:\eMule\emule.exe -AutoStart
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZJfox000
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Statystyki ochrony WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\WINDOWS\system32\sfrem01.exe
O24 - Desktop Component 0: (no name) - http://stropio.webpark.pl/wroc.gif
O24 - Desktop Component 1: (no name) - http://www.otomoto.pl/site_images/1/0/logoOtoMoto.png
--
End of file - 6443 bytes
oraz skasuj folder C:\
