SDFix
SDFix: Version 1.114
Run by ink4sent on 2007-11-08 at 18:45
Microsoft Windows XP [Wersja 5.1.2600]
Running From: F:\SDFix
Safe Mode:
Checking Services:
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting...
Normal Mode:
Checking Files:
Trojan Files Found:
F:\DOCUME~1\ink4sent\USTAWI~1\Temp\GLF3B0.tmp.dll - Deleted
Removing Temp Files...
ADS Check:
F:\WINDOWS
No streams found.
F:\WINDOWS\system32
No streams found.
F:\WINDOWS\system32\svchost.exe
No streams found.
F:\WINDOWS\system32\ntoskrnl.exe
No streams found.
Final Check:
catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-08 18:50:52
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
scanning hidden registry entries ...
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\A\1\5\1c]
"Order"=hex:08,00,00,00,02,00,00,00,b8,01,00,00,01,00,00,00,04,00,00,00,8c,..
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Remaining Services:
------------------
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"E:\\Program Files\\Konnekt\\konnekt.exe"="E:\\Program Files\\Konnekt\\konnekt.exe:*:Enabled:Konnekt - Core"
"F:\\Program Files\\BearShare\\BearShare.exe"="F:\\Program Files\\BearShare\\BearShare.exe:*:Enabled:BearShare"
"F:\\Program Files\\FlashGet\\flashget.exe"="F:\\Program Files\\FlashGet\\flashget.exe:*:Enabled:FlashGet"
"E:\\Valve\\Steam\\steamapps\\adamek20000\\counter-strike\\hl.exe"="E:\\Valve\\Steam\\steamapps\\adamek20000\\counter-strike\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\totalcmd\\TOTALCMD.EXE"="C:\\totalcmd\\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows"
"F:\\Program Files\\Gadu-Gadunowe\\gg.exe"="F:\\Program Files\\Gadu-Gadunowe\\gg.exe:*:Enabled:Gadu-Gadu - program g˘wny"
"F:\\Program Files\\NAPI-PROJEKT\\napisy.exe"="F:\\Program Files\\NAPI-PROJEKT\\napisy.exe:*:Enabled:www.napiprojekt.pl"
"F:\\Program Files\\mIRC\\mirc.exe"="F:\\Program Files\\mIRC\\mirc.exe:*:Enabled:mIRC"
"F:\\Program Files\\HLSW\\hlsw.exe"="F:\\Program Files\\HLSW\\hlsw.exe:*:Enabled:HLSW"
"F:\\Program Files\\IceChat7\\IceChat7.exe"="F:\\Program Files\\IceChat7\\IceChat7.exe:*:Enabled:Internet Relay Chat Client"
"F:\\Program Files\\MSN Messenger\\msnmsgr.exe"="F:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"F:\\Program Files\\MSN Messenger\\livecall.exe"="F:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"E:\\Valve\\Steam\\Steam.exe"="E:\\Valve\\Steam\\Steam.exe:*:Enabled:Steam"
"F:\\Program Files\\SightSpeed\\SightSpeed.exe"="F:\\Program Files\\SightSpeed\\SightSpeed.exe:*:Enabled:SightSpeed"
"F:\\WINDOWS\\system32\\dplaysvr.exe"="F:\\WINDOWS\\system32\\dplaysvr.exe:*:Disabled:Microsoft DirectPlay Helper"
"F:\\Program Files\\Cossacks\\dmcr.exe"="F:\\Program Files\\Cossacks\\dmcr.exe:*:Enabled:dmcr"
"F:\\Program Files\\Cossacks - The Art Of War\\dmcr.exe"="F:\\Program Files\\Cossacks - The Art Of War\\dmcr.exe:*:Enabled:dmcr"
"F:\\Program Files\\Winamp Remote\\bin\\Orb.exe"="F:\\Program Files\\Winamp Remote\\bin\\Orb.exe:*:Enabled:Orb"
"F:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"="F:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe:*:Enabled:OrbTray"
"F:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"="F:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe:*:Enabled:Orb Stream Client"
"F:\\Program Files\\Opera\\Opera.exe"="F:\\Program Files\\Opera\\Opera.exe:*:Enabled:Opera Internet Browser"
"F:\\Program Files\\Hamachi\\hamachi.exe"="F:\\Program Files\\Hamachi\\hamachi.exe:*:Enabled:Hamachi"
"F:\\Program Files\\Cossacks - Back To Warrrrrrrr\\dmcr.exe"="F:\\Program Files\\Cossacks - Back To Warrrrrrrr\\dmcr.exe:*:Enabled:dmcr"
"E:\\Valve\\Steam\\steamapps\\adamek20000\\dedicated server\\hlds.exe"="E:\\Valve\\Steam\\steamapps\\adamek20000\\dedicated server\\hlds.exe:*:Enabled:HLDS Launcher"
"F:\\Documents and Settings\\ink4sent\\Pulpit\\QuakeIIIArena_1.32___OSP\\QuakeIIIArena 1.32 + OSP\\quake3.exe"="F:\\Documents and Settings\\ink4sent\\Pulpit\\QuakeIIIArena_1.32___OSP\\QuakeIIIArena 1.32 + OSP\\quake3.exe:*:Enabled:quake3"
"F:\\Program Files\\Skype\\Phone\\Skype.exe"="F:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Onet.pl - Skype"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"F:\\Program Files\\MSN Messenger\\msnmsgr.exe"="F:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"F:\\Program Files\\MSN Messenger\\livecall.exe"="F:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
Remaining Files:
---------------
File Backups: - F:\SDFix\backups\backups.zip
Files with Hidden Attributes:
Finished!
COMBOFIX
ComboFix 07-11-08.1 - ink4sent 2007-11-08 18:57:43.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.150 [GMT 1:00]
Running from: F:\Documents and Settings\ink4sent\Dane aplikacji\Opera\Opera\profile\cache4\temporary_download\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
F:\WINDOWS\system32\pskill.exe
.
((((((((((((((((((((((((( Files Created from 2007-10-08 to 2007-11-08 )))))))))))))))))))))))))))))))
.
2007-11-08 18:45 <DIR> d-------- F:\WINDOWS\ERUNT
2007-11-07 17:41 <DIR> d-------- F:\Documents and Settings\ink4sent\Dane aplikacji\DAEMON Tools Pro
2007-11-07 17:41 <DIR> d-------- F:\Documents and Settings\All Users\Dane aplikacji\DAEMON Tools Pro
2007-11-07 17:40 <DIR> d-------- F:\Program Files\DAEMON Tools Pro
2007-11-03 18:08 <DIR> d-------- F:\Program Files\Cossacks - Back To Warrrrrrrr
2007-11-03 13:54 <DIR> d-------- F:\Program Files\Cossacks - The Art Of War
2007-10-28 17:02 <DIR> d-------- F:\Program Files\Xi
2007-10-28 16:51 <DIR> d-------- F:\Program Files\mget
2007-10-27 17:33 <DIR> d-------- F:\WINDOWS\system32\VIRepair
2007-10-27 17:22 <DIR> d-------- F:\Documents and Settings\ink4sent\Dane aplikacji\ViStart
2007-10-27 17:14 <DIR> d-------- F:\Program Files\ViOrb
2007-10-27 16:57 <DIR> d-------- F:\WINDOWS\system32\VITrans
2007-10-27 16:57 111,104 --a------ F:\WINDOWS\system32\Uharc.exe
2007-10-27 16:57 19,968 --a------ F:\WINDOWS\system32\reico.exe
2007-10-27 16:57 8,636 --a------ F:\WINDOWS\system32\modifype.exe
2007-10-27 16:00 <DIR> d-------- F:\Program Files\Whois-IP
2007-10-27 15:58 <DIR> d-------- F:\Program Files\SysInfoMyWork
2007-10-18 14:53 129,784 --------- F:\WINDOWS\system32\pxafs.dll
2007-10-18 13:16 4,296,704 -ra------ F:\WINDOWS\unasetup.exe
2007-10-16 15:33 <DIR> d-------- F:\Program Files\Cossacks
2007-10-08 18:32 <DIR> d-------- F:\WINDOWS\Sun
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-08 17:54 --------- d-----w F:\Program Files\FlashGet
2007-11-08 17:52 --------- d-----w F:\Program Files\AutoConnect
2007-11-08 17:44 --------- d-----w F:\Program Files\DAEMON Tools
2007-11-08 17:42 --------- d-----w F:\Documents and Settings\ink4sent\Dane aplikacji\foobar2000
2007-11-08 17:06 --------- d-----w F:\Program Files\MoorHunt
2007-11-08 17:04 --------- d-----w F:\Program Files\Creative
2007-11-08 17:04 --------- d-----w F:\Program Files\Apple Software Update
2007-11-08 15:14 --------- d--h--w F:\Program Files\InstallShield Installation Information
2007-11-08 15:06 --------- d-----w F:\Documents and Settings\ink4sent\Dane aplikacji\Hamachi
2007-11-07 16:25 278,984 ----a-w F:\WINDOWS\system32\drivers\atksgt.sys
2007-11-07 16:25 25,416 ----a-w F:\WINDOWS\system32\drivers\lirsgt.sys
2007-11-05 20:55 --------- d-----w F:\Documents and Settings\ink4sent\Dane aplikacji\Skype
2007-11-04 22:38 --------- d-----w F:\Program Files\HLSW
2007-11-03 12:34 25,280 ----a-w F:\WINDOWS\system32\drivers\hamachi.sys
2007-10-31 21:13 --------- d-----w F:\Documents and Settings\ink4sent\Dane aplikacji\teamspeak2
2007-10-22 18:08 --------- d-----w F:\Documents and Settings\ink4sent\Dane aplikacji\Creative
2007-10-18 15:08 --------- d-----w F:\Program Files\mIRC
2007-10-07 17:30 --------- d-----w F:\Program Files\Java
2007-10-05 10:09 --------- d-----w F:\Program Files\boczny pasek
2007-10-04 14:57 --------- d-----w F:\Documents and Settings\ink4sent\Dane aplikacji\Dev-Cpp
2007-10-03 18:50 --------- d-----w F:\Documents and Settings\ink4sent\Dane aplikacji\DMCache
2007-09-30 17:18 --------- d-----w F:\Documents and Settings\ink4sent\Dane aplikacji\IDM
2007-09-29 18:18 --------- d-----w F:\Program Files\Common Files\Java
2007-09-29 15:41 --------- d-----w F:\Program Files\VideoLAN
2007-09-29 15:35 1,415,680 ----a-w F:\WINDOWS\system32\WMV9VCM.dll
2007-09-29 15:34 9,216 ----a-w F:\WINDOWS\system32\cpuinf32.dll
2007-09-29 15:34 755,200 ----a-w F:\WINDOWS\system32\ir50_32.dll
2007-09-29 15:34 740,442 ----a-w F:\WINDOWS\system32\DivX.dll
2007-09-29 15:34 245,760 ----a-w F:\WINDOWS\system32\mplvpx.dll
2007-09-29 15:33 1,559,040 ----a-w F:\WINDOWS\system32\xvidcore.dll
2007-09-29 15:29 55,949 ----a-w F:\WINDOWS\system32\x264-uninstall.exe
2007-09-28 20:44 --------- d-----w F:\Program Files\NAPI-PROJEKT
2007-09-22 18:43 --------- d-----w F:\Program Files\QuickTime
2007-09-22 18:42 --------- d-----w F:\Documents and Settings\All Users\Dane aplikacji\Apple Computer
2007-09-22 18:39 921,600 ----a-w F:\WINDOWS\system32\vorbisenc.dll
2007-09-22 18:39 45,056 ----a-w F:\WINDOWS\system32\ogg.dll
2007-09-22 18:39 237,568 ----a-w F:\WINDOWS\system32\OggDS.dll
2007-09-22 18:39 188,416 ----a-w F:\WINDOWS\system32\vorbis.dll
2007-09-22 18:30 --------- d-----w F:\Program Files\NimoCodec Pack
2007-09-22 18:29 --------- d-----w F:\Program Files\XviD
2007-09-22 18:29 --------- d-----w F:\Program Files\DivXCodec
2007-09-22 18:29 --------- d-----w F:\Program Files\DivX
2007-09-18 16:25 --------- d-----w F:\Program Files\Google
2007-09-15 17:09 --------- d-----w F:\Program Files\MediaCoder
2007-09-14 17:19 --------- d-----w F:\Program Files\Opera
2007-03-24 21:36 17,832 ----a-w F:\Documents and Settings\ink4sent\Dane aplikacji\GDIPFONTCACHEV1.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVMixerTray"="F:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-06-03 19:51]
"nwiz"="nwiz.exe" [2005-02-24 06:32 F:\WINDOWS\system32\nwiz.exe]
"nod32kui"="F:\Program Files\Eset\nod32kui.exe" [2007-05-14 21:17]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2004-12-10 11:45 F:\WINDOWS\KHALMNPR.Exe]
"NvCplDaemon"="F:\WINDOWS\system32\NvCpl.dll" [2005-02-24 06:32]
"SunJavaUpdateSched"="F:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]
"PD0620 STISvc"="P0620Pin.dll" [2005-05-10 18:03 F:\WINDOWS\system32\P0620Pin.dll]
"MSConfig"="F:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-03 23:44]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AutoConnect"="F:\Program Files\AutoConnect\AutoConnect.exe" [2004-08-28 19:27]
F:\Documents and Settings\ink4sent\Menu Start\Programy\Autostart\
SysInfoMyWork.lnk - F:\Program Files\SysInfoMyWork\SysInfoMyWork.exe [2004-09-21 17:23:27]
F:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
DSLMON.lnk - F:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2007-05-14 21:18:43]
Logitech SetPoint.lnk - F:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-06-02 16:50:27]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsHistory"=01000000
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\F:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk]
backup=F:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\F:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Synchronizer.lnk]
backup=F:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\F:^Documents and Settings^ink4sent^Menu Start^Programy^Autostart^Diskeeper 10 Professional Edition Registration.lnk]
path=F:\Documents and Settings\ink4sent\Menu Start\Programy\Autostart\Diskeeper 10 Professional Edition Registration.lnk
backup=F:\WINDOWS\pss\Diskeeper 10 Professional Edition Registration.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BearShare]
"F:\Program Files\BearShare\BearShare.exe" /pause
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Pro Agent]
"F:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DiskeeperSystray]
"F:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Flashget]
F:\Program Files\FlashGet\flashget.exe /min
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan]
F:\Program Files\Internet Download Manager\IDMan.exe /onboot
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"F:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
F:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P2kAutostart]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
F:\Program Files\Picasa2\PicasaMediaDetector.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"F:\Program Files\QuickTime\qttask.exe" -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkinClock]
F:\Program Files\Clock Tray Skins\ClockTraySkins.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViOrb]
F:\Program Files\ViOrb\ViOrb.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8f8f8524-540f-11dc-8c36-806d6172696f}]
\Shell\AutoRun\command - G:\RunGame.exe
.
**************************************************************************
catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-08 18:59:10
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-11-08 18:59:50
.
--- E O F ---
HijackThis
Logfile of HijackThis v1.99.1
Scan saved at 19:01:40, on 2007-11-08
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
F:\Program Files\Eset\nod32krn.exe
F:\WINDOWS\system32\nvsvc32.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\system32\wscntfy.exe
F:\WINDOWS\system32\notepad.exe
F:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
F:\Program Files\Eset\nod32kui.exe
F:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
F:\Program Files\AutoConnect\AutoConnect.exe
F:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
F:\Program Files\Logitech\SetPoint\SetPoint.exe
F:\Program Files\SysInfoMyWork\SysInfoMyWork.exe
F:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
F:\WINDOWS\explorer.exe
F:\WINDOWS\system32\notepad.exe
F:\Program Files\Opera\Opera.exe
D:\ALL of FORMAT\PROGRAMS\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.windowsxlive.net
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://img509.imageshack.us/img509/8924/japieolegd6.jpg
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - F:\Program Files\FlashGet\jccatch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - F:\Program Files\FlashGet\getflash.dll
O4 - HKLM\..\Run: [NVMixerTray] "F:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [nod32kui] "F:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "F:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [PD0620 STISvc] RunDLL32.exe P0620Pin.dll,RunDLL32EP 513
O4 - HKLM\..\Run: [MSConfig] F:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [AutoConnect] F:\Program Files\AutoConnect\AutoConnect.exe
O4 - Startup: SysInfoMyWork.lnk = F:\Program Files\SysInfoMyWork\SysInfoMyWork.exe
O4 - Global Startup: DSLMON.lnk = F:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: Logitech SetPoint.lnk = F:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &Ściągnij przy pomocy FlashGet'a - F:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &Ściągnij wszystko przy pomocy FlashGet'a - F:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://F:\PROGRA~1\Microsoft Office\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Pop-Up Blocker - {84536FE2-ABCD-3586-DCAB-40E286323737} - F:\Program Files\WINnerTweak3De\PopUp Blocker.exe
O9 - Extra 'Tools' menuitem: Pop-Up Blocker - {84536FE2-ABCD-3586-DCAB-40E286323737} - F:\Program Files\WINnerTweak3De\PopUp Blocker.exe
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\Microsoft Office\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - F:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - F:\Program Files\FlashGet\FlashGet.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{7833EAE8-5D06-4FE4-8D42-6997531229EF}: NameServer = 194.204.159.1 217.98.63.164
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - F:\PROGRA~1\COMMON~1\Skype\Skype4COM.dll
O23 - Service: Diskeeper - Diskeeper Corporation - F:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - F:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\system32\nvsvc32.exe
