o to log:
chyba wszystko dobrze?
- Kod: Zaznacz wszystko
ComboFix 09-02-27.02 - Karol 2009-02-28 13:32:05.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1250.1.1045.18.2046.1543 [GMT 1:00]
Uruchomiony z: c:\documents and settings\Karol.KJ-0481A9E933AD\Pulpit\ComboFix.exe
.
((((((((((((((((((((((((( Pliki utworzone od 2009-01-28 do 2009-02-28 )))))))))))))))))))))))))))))))
.
2009-02-28 12:32 . 2009-02-28 12:32 <DIR> d-------- c:\program files\Your Company Name
2009-02-28 12:32 . 2009-02-28 12:32 <DIR> d-------- c:\documents and settings\elgy
2009-02-28 12:28 . 2009-02-28 12:44 <DIR> d-------- c:\documents and settings\Karol.KJ-0481A9E933AD\Dane aplikacji\ChessBase
2009-02-28 12:28 . 2009-02-28 12:46 208 --a------ c:\windows\ChssBase.ini
2009-02-28 11:58 . 2009-02-28 11:58 <DIR> d-------- c:\program files\Astonsoft
2009-02-28 11:57 . 2009-02-28 11:57 <DIR> d-------- C:\games
2009-02-28 11:55 . 2009-02-28 11:56 427 --a------ c:\windows\ODBC.INI
2009-02-28 11:54 . 2009-02-28 11:54 <DIR> d-------- c:\windows\ShellNew
2009-02-28 11:54 . 2009-02-28 11:54 <DIR> d-------- c:\documents and settings\Karol.KJ-0481A9E933AD\Dane aplikacji\Microsoft Web Folders
2009-02-28 11:44 . 2009-02-28 11:44 <DIR> d-------- c:\documents and settings\Karol.KJ-0481A9E933AD\Dane aplikacji\VSO
2009-02-28 11:42 . 2009-02-28 11:43 <DIR> d-------- c:\documents and settings\Karol.KJ-0481A9E933AD\Dane aplikacji\GetRightToGo
2009-02-26 14:27 . 2009-02-26 14:27 <DIR> d-------- c:\program files\ParadisePoker
2009-02-24 21:01 . 2009-02-24 21:08 <DIR> d-------- c:\program files\SopCast
2009-02-22 19:36 . 2009-02-22 19:52 <DIR> d-------- c:\program files\78uh
2009-02-21 17:09 . 2009-02-21 17:09 <DIR> d-------- C:\unzipped
2009-02-21 00:54 . 2009-02-21 00:54 <DIR> d-------- c:\documents and settings\Karol.KJ-0481A9E933AD\.gstreamer-0.10
2009-02-21 00:44 . 2009-02-21 00:44 <DIR> d-------- c:\documents and settings\Karol.KJ-0481A9E933AD\Dane aplikacji\Nowe Gadu-Gadu
2009-02-21 00:43 . 2009-02-21 00:43 <DIR> d-------- c:\program files\Nowe Gadu-Gadu
2009-02-20 17:19 . 2009-02-20 17:19 <DIR> d-------- c:\program files\KeePass Password Safe
2009-02-20 17:19 . 2009-02-20 17:19 <DIR> d-------- c:\documents and settings\Karol.KJ-0481A9E933AD\Dane aplikacji\KeePass
2009-02-19 09:24 . 2009-02-19 09:24 <DIR> d-------- c:\documents and settings\Karol.KJ-0481A9E933AD\DoctorWeb
2009-02-19 02:26 . 2009-02-19 02:26 <DIR> d-------- c:\program files\Winamp Toolbar
2009-02-19 02:26 . 2009-02-19 02:26 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Dane aplikacji\Winamp Toolbar
2009-02-19 02:23 . 2009-02-19 02:27 <DIR> d-------- c:\program files\Winamp
2009-02-19 02:01 . 2009-02-19 02:23 <DIR> d-------- c:\documents and settings\Karol.KJ-0481A9E933AD\Dane aplikacji\Winamp
2009-02-19 01:50 . 2009-02-19 01:50 <DIR> d-------- C:\Winamp
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-28 12:32 --------- d-----w c:\documents and settings\Karol.KJ-0481A9E933AD\Dane aplikacji\OpenOffice.org2
2009-02-28 11:32 --------- d-----w c:\program files\CHESSBASE
2009-02-28 10:55 --------- d-----w c:\program files\microsoft frontpage
2009-02-22 18:47 --------- d-----w c:\documents and settings\All Users.WINDOWS\Dane aplikacji\WinZip
2009-02-18 13:30 --------- d-----w c:\program files\VDOTool
2009-02-18 13:20 14,656 ----a-w c:\windows\gdrv.sys
2009-01-28 22:54 --------- d-----w c:\program files\Everest Poker
2009-01-19 20:12 --------- d-----w c:\program files\MARCOM
2009-01-19 20:12 --------- d-----w c:\documents and settings\Karol.KJ-0481A9E933AD\Dane aplikacji\MARCOM
2009-01-19 10:55 --------- d-----w c:\documents and settings\All Users.WINDOWS\Dane aplikacji\Trymedia
2009-01-17 13:06 --------- d-----w c:\program files\Betsson Tournament Director's Poker Clock
2009-01-12 21:16 --------- d-----w c:\program files\PokerStove
2009-01-08 22:14 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-08 22:13 --------- d-----w c:\documents and settings\Karol.KJ-0481A9E933AD\Dane aplikacji\InstallShield
2009-01-08 10:27 --------- d-----w c:\program files\Spin32
2009-01-07 23:22 --------- d-----w c:\documents and settings\Karol.KJ-0481A9E933AD\Dane aplikacji\PacificPoker
2009-01-07 23:21 --------- d-----w c:\program files\PacificPoker
2009-01-07 13:23 --------- d-----w c:\program files\PartyGaming
2009-01-04 21:09 5,215,311 ----a-w C:\torrentsearcher70.exe
2009-01-04 21:07 --------- d-----w c:\program files\Vuze
2009-01-04 21:05 --------- d-----w c:\documents and settings\Karol.KJ-0481A9E933AD\Dane aplikacji\Azureus
2009-01-04 20:40 --------- d-----w c:\program files\AskSBar
2009-01-04 19:52 --------- d-----w c:\program files\AskSearch
2009-01-04 19:52 --------- d-----w c:\program files\AskBarDis
2009-01-04 19:52 --------- d-----w c:\documents and settings\All Users.WINDOWS\Dane aplikacji\Azureus
2008-12-31 14:19 --------- d-----w c:\program files\WinISO
2008-12-31 14:14 --------- d-----w c:\documents and settings\All Users.WINDOWS\Dane aplikacji\ESET
2008-12-31 13:05 --------- d-----w c:\program files\free-downloads.net
2008-12-28 20:42 --------- d-----w c:\program files\Common Files\3DO Shared
2008-12-28 20:32 --------- d-----w c:\program files\DAEMON Tools Toolbar
2008-12-28 20:32 --------- d-----w c:\program files\DAEMON Tools Lite
2008-12-28 20:01 717,296 ----a-w c:\windows\system32\drivers\sptd.sys
2008-12-28 20:01 --------- d-----w c:\documents and settings\Karol.KJ-0481A9E933AD\Dane aplikacji\DAEMON Tools
2008-12-28 12:26 --------- d-----w c:\program files\OpenOffice.org 2.4
2008-12-28 12:26 --------- d-----w c:\program files\Java
2008-12-28 01:58 --------- d-----w c:\program files\Common Files\Adobe
2008-12-24 14:15 348,160 ----a-w c:\windows\system32\Msvcr71.dll
2008-12-24 14:15 1,700,352 ----a-w c:\windows\system32\gdiplus.dll
2008-12-24 14:15 1,060,864 ----a-w c:\windows\system32\mfc71.dll
2008-12-23 17:51 410,984 ----a-w c:\windows\system32\deploytk.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-02-28_13.10.17,56 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-02-28 12:23:25 181,624 ----atw c:\windows\system32\Adobe\Shockwave 11\nssstub.exe
+ 2009-02-28 12:16:26 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_794.dat
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "c:\program files\Winamp Toolbar\winamptb.dll" [2008-07-16 1266992]
"{ecdee021-0d17-467f-a1ff-c7a115230949}"= "c:\program files\free-downloads.net\tbfree.dll" [2008-09-15 1784856]
[HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]
[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-12-09 18:40 333192 --a------ c:\program files\AskBarDis\bar\bin\askBar.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ecdee021-0d17-467f-a1ff-c7a115230949}]
2008-09-15 06:47 1784856 --a------ c:\program files\free-downloads.net\tbfree.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ecdee021-0d17-467f-a1ff-c7a115230949}"= "c:\program files\free-downloads.net\tbfree.dll" [2008-09-15 1784856]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-12-09 333192]
[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{ECDEE021-0D17-467F-A1FF-C7A115230949}"= "c:\program files\free-downloads.net\tbfree.dll" [2008-09-15 1784856]
[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Gadu-Gadu"="l:\program files\GaduGadu\Gadu-Gadu\gg.exe" [2008-05-31 2127296]
"IPLA!"="c:\program files\ipla\ipla.exe" [2008-12-23 2794232]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-11-23 203720]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2008-11-10 2356088]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gainward"="c:\program files\VDOTool\TBPanel.exe" [2007-03-23 2165536]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-04-12 8429568]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-04-12 81920]
"JMB36X IDE Setup"="c:\windows\JM\JMInsIDE.exe" [2006-10-31 36864]
"36X Raid Configurer"="c:\windows\system32\JMRaidSetup.exe" [2006-11-17 1953792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-23 136600]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"nwiz"="nwiz.exe" [2007-04-12 c:\windows\system32\nwiz.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-11-14 c:\windows\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 c:\windows\SkyTel.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"NSSInstallation"="c:\windows\system32\Adobe\Shockwave 11\nssstub.exe" [2009-02-28 181624]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" [2008-04-14 c:\windows\system32\advpack.dll]
c:\documents and settings\Karol.KJ-0481A9E933AD\Menu Start\Programy\Autostart\
OpenOffice.org 2.4.lnk - c:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-01-21 393216]
c:\documents and settings\All Users.WINDOWS\Menu Start\Programy\Autostart\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-02-18 65588]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableCAD"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"l:\\Program Files\\GaduGadu\\Gadu-Gadu\\gg.exe"=
"c:\\Program Files\\Spin32\\client.exe"=
"c:\\Program Files\\Nowe Gadu-Gadu\\gg.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
R2 ASKUpgrade;ASKUpgrade;c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [2009-01-04 234888]
.
Zawartość folderu 'Zaplanowane zadania'
2009-02-28 c:\windows\Tasks\NSSstub.job
- c:\windows\system32\Adobe\Shockwave 11\nssstub.exe [2009-02-28 13:23]
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www.daemon-search.com/startpage
uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=10615&gct=&gc=1&q=%s
IE: &Winamp Search - c:\documents and settings\All Users.WINDOWS\Dane aplikacji\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
FF - ProfilePath - c:\documents and settings\Karol.KJ-0481A9E933AD\Dane aplikacji\Mozilla\Firefox\Profiles\ppa4rfcy.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampab&query=
FF - component: c:\documents and settings\Karol.KJ-0481A9E933AD\Dane aplikacji\Mozilla\Firefox\Profiles\ppa4rfcy.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll
FF - component: c:\program files\DAEMON Tools Toolbar\FirefoxDTT\components\DTToolbarFF.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-28 13:33:17
Windows 5.1.2600 Dodatek Service Pack 3 NTFS
skanowanie ukrytych procesów ...
skanowanie ukrytych wpisów autostartu ...
skanowanie ukrytych plików ...
skanowanie pomyślnie ukończone
ukryte pliki: 0
**************************************************************************
.
Czas ukończenia: 2009-02-28 13:34:28
ComboFix-quarantined-files.txt 2009-02-28 12:34:02
ComboFix2.txt 2009-02-28 12:11:12
Przed: 25,128,321,024 bajtów wolnych
Po: 25,123,061,760 bajtów wolnych
182
Jeszcze log z Hijack:
- Kod: Zaznacz wszystko
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:57:57, on 2009-02-28
Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\VDOTool\TBPanel.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
L:\Program Files\GaduGadu\Gadu-Gadu\gg.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Winamp\winamp.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=10615&gct=&gc=1&q=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://toolbar.ask.com/toolbarv/askRedirect?o=10615&gct=&gc=1&q=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll
R3 - URLSearchHook: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [Gainward] C:\Program Files\VDOTool\TBPanel.exe /A
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\JMRaidSetup.exe boot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\RunOnce: [NSSInstallation] C:\WINDOWS\system32\Adobe\Shockwave 11\nssstub.exe /RunOnce
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "L:\Program Files\GaduGadu\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [IPLA!] C:\Program Files\ipla\ipla.exe /autorun
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [AdobeUpdater] "C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Spin32 - {3497d1fd-bd47-4046-b167-4e4382228237} - C:\Documents and Settings\Karol.KJ-0481A9E933AD\Menu Start\Programy\Spin32\Spin32.lnk (HKCU)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O23 - Service: ASKUpgrade - Unknown owner - C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
O23 - Service: CiSvc - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: UPS - Unknown owner - C:\WINDOWS\System32\ups.exe (file missing)
--
End of file - 7403 bytes
