Log ComboFix
- Kod: Zaznacz wszystko
ComboFix 09-01-21.04 - Tomasz 2009-01-30 13:58:04.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.255.98 [GMT 1:00]
Running from: d:\documents and settings\Tomasz\Pulpit\ComboFix.exe
AV: avast! antivirus 4.8.1296 [VPS 090129-0] *On-access scanning enabled* (Updated)
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
- REDUCED FUNCTIONALITY MODE -
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Autorun.inf
D:\Autorun.inf
.
((((((((((((((((((((((((( Files Created from 2008-12-28 to 2009-01-30 )))))))))))))))))))))))))))))))
.
2009-01-30 13:54 . 2008-11-06 02:03 <DIR> d-------- D:\SDFix
2009-01-30 13:51 . 2009-01-30 13:51 <DIR> d-------- d:\program files\Trend Micro
2009-01-30 13:05 . 2003-03-18 21:20 1,060,864 --a------ d:\windows\system32\MFC71.dll
2009-01-30 13:04 . 2009-01-30 13:04 <DIR> d-------- d:\program files\Alwil Software
2009-01-30 12:09 . 2009-01-30 12:10 261 --a------ d:\windows\WINCMD.INI
2009-01-30 11:57 . 2009-01-30 12:09 <DIR> d-------- d:\program files\TC PowerPack
2009-01-26 20:09 . 2009-01-29 23:32 <DIR> d-------- d:\documents and settings\Tomasz\Dane aplikacji\GanymedeNet
2009-01-26 20:08 . 2009-01-26 20:08 <DIR> d-------- d:\program files\Ganymede
2009-01-23 18:41 . 2009-01-23 18:41 <DIR> d-------- D:\BearShare
2009-01-21 16:21 . 2009-01-21 16:21 <DIR> d-------- d:\windows\Sun
2009-01-21 16:15 . 2009-01-21 16:14 410,984 --a------ d:\windows\system32\deploytk.dll
2009-01-21 16:15 . 2009-01-21 16:14 73,728 --a------ d:\windows\system32\javacpl.cpl
2009-01-21 16:14 . 2009-01-21 16:14 <DIR> d-------- d:\program files\Java
2009-01-20 15:03 . 2009-01-20 15:03 <DIR> d-------- d:\documents and settings\Tomasz\Dane aplikacji\IrfanView
2009-01-20 14:52 . 2009-01-20 14:52 <DIR> d-------- d:\documents and settings\All Users\Dane aplikacji\Installations
2009-01-19 12:25 . 2009-01-19 12:25 118 --a------ d:\windows\system32\MRT.INI
2009-01-15 20:38 . 2009-01-30 13:42 95,744 --------- d:\windows\system32\nmdfgds1.dll
2009-01-15 20:22 . 2004-08-03 23:44 70,144 --a------ d:\windows\AhnRpta.exe
2009-01-15 20:13 . 2009-01-30 13:41 95,744 --------- d:\windows\system32\nmdfgds0.dll
2009-01-06 17:03 . 2009-01-06 17:04 <DIR> d-------- d:\documents and settings\Tomasz\Dane aplikacji\Wyzo
2009-01-06 17:03 . 2009-01-06 17:03 <DIR> d-------- d:\documents and settings\Tomasz\Dane aplikacji\.wyzo
2009-01-06 17:03 . 2009-01-06 17:03 <DIR> d-------- d:\documents and settings\Tomasz\.gstreamer-0.10
2009-01-06 17:00 . 2009-01-06 17:03 <DIR> d-------- d:\program files\Wyzo
2009-01-06 14:14 . 2009-01-06 14:17 <DIR> d-------- d:\documents and settings\Tomasz\Dane aplikacji\Nowe Gadu-Gadu
2009-01-06 14:13 . 2009-01-06 14:13 <DIR> d-------- d:\program files\Nowe Gadu-Gadu
2009-01-02 12:54 . 2009-01-02 12:54 <DIR> d-------- d:\program files\IrfanView
2009-01-02 11:51 . 2009-01-02 11:51 <DIR> d-------- d:\program files\BitDownload
2008-12-26 16:23 . 2004-08-04 00:44 159,232 --a------ d:\windows\system32\ptpusd.dll
2008-12-26 16:23 . 2004-08-03 22:58 15,104 --a------ d:\windows\system32\drivers\usbscan.sys
2008-12-26 16:23 . 2004-08-03 22:58 15,104 --a--c--- d:\windows\system32\dllcache\usbscan.sys
2008-12-26 16:23 . 2001-10-26 17:29 5,632 --a------ d:\windows\system32\ptpusb.dll
2008-12-22 14:36 . 2008-12-22 14:36 <DIR> d-------- D:\4320c4ccc25fa53f7245b031
2008-12-22 14:35 . 2008-12-22 14:35 <DIR> d-------- d:\windows\system32\LogFiles
2008-12-22 14:35 . 2008-12-22 14:36 <DIR> d-------- d:\windows\system32\drivers\UMDF
2008-12-22 08:47 . 2008-12-22 08:47 <DIR> d-------- d:\program files\Dziobas Rar Player
2008-12-21 14:31 . 2008-12-21 14:34 <DIR> d-------- d:\program files\NAPI-PROJEKT
2008-12-19 08:49 . 2009-01-19 17:02 <DIR> d-------- d:\windows\system32\CatRoot_bak
2008-12-17 07:34 . 2008-06-14 19:01 273,024 --------- d:\windows\system32\drivers\bthport.sys
2008-12-17 07:34 . 2008-06-14 19:01 273,024 -----c--- d:\windows\system32\dllcache\bthport.sys
2008-12-17 07:26 . 2008-08-14 14:46 2,181,632 -----c--- d:\windows\system32\dllcache\ntoskrnl.exe
2008-12-17 07:26 . 2008-08-14 14:46 2,137,600 -----c--- d:\windows\system32\dllcache\ntkrnlmp.exe
2008-12-17 07:26 . 2008-08-14 14:46 2,059,008 -----c--- d:\windows\system32\dllcache\ntkrnlpa.exe
2008-12-17 07:26 . 2008-08-14 14:46 2,017,280 -----c--- d:\windows\system32\dllcache\ntkrpamp.exe
2008-12-17 07:25 . 2008-10-24 12:10 453,632 -----c--- d:\windows\system32\dllcache\mrxsmb.sys
2008-12-16 22:34 . 2009-01-14 21:58 <DIR> d--h----- d:\windows\$hf_mig$
2008-12-16 22:34 . 2006-09-16 01:05 23,856 --a------ d:\windows\system32\spupdsvc.exe
2008-12-16 22:27 . 2008-12-16 22:27 <DIR> d-------- d:\documents and settings\NetworkService\Menu Start
2008-12-16 17:38 . 2008-12-16 17:38 <DIR> d-------- d:\documents and settings\Tomasz\Dane aplikacji\Gadu-Gadu
2008-12-16 17:37 . 2009-01-15 18:21 <DIR> d-------- d:\documents and settings\Tomasz\Gadu-Gadu
2008-12-16 17:36 . 2009-01-02 10:41 <DIR> d-------- d:\program files\Gadu-Gadu
2008-12-16 17:35 . 2008-12-16 17:35 <DIR> d-------- d:\program files\BearShare
2008-12-16 17:35 . 2009-01-29 21:59 <DIR> d-------- D:\My Downloads
2008-12-16 17:29 . 2008-12-16 17:29 0 --a------ d:\windows\nsreg.dat
2008-12-16 17:14 . 2008-12-16 17:14 <DIR> d-------- d:\program files\SAGEM
2008-12-16 17:14 . 2005-11-04 16:55 126,976 --a------ d:\windows\system32\coclassfast.dll
2008-12-16 16:50 . 2008-12-16 16:50 <DIR> d-------- d:\documents and settings\Tomasz\Dane aplikacji\InstallShield
2008-12-16 16:16 . 2007-01-10 10:14 450,560 --a------ d:\windows\system32\drivers\WlanBZXP.sys
2008-12-16 16:15 . 2005-06-17 10:26 114,688 --a------ d:\windows\system32\WLANUTL.dll
2008-12-16 16:15 . 2005-06-17 10:26 61,440 --a------ d:\windows\system32\W32N50.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-22 13:30 --------- d-----w d:\program files\Real Alternative
2008-12-16 16:14 --------- d--h--w d:\program files\InstallShield Installation Information
2008-12-16 15:51 --------- d-----w d:\program files\Common Files\InstallShield
2008-12-11 11:57 333,184 ----a-w d:\windows\system32\drivers\srv.sys
2008-11-06 20:49 90,112 ----a-w d:\windows\DUMP2e72.tmp
2008-10-23 13:01 283,648 ----a-w d:\windows\system32\gdi32.dll
2008-10-16 13:13 202,776 ----a-w d:\windows\system32\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w d:\windows\system32\wuaueng.dll
2008-10-16 13:12 561,688 ----a-w d:\windows\system32\wuapi.dll
2008-10-16 13:12 323,608 ----a-w d:\windows\system32\wucltui.dll
2008-10-16 13:09 92,696 ----a-w d:\windows\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w d:\windows\system32\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w d:\windows\system32\wups2.dll
2008-10-16 13:08 34,328 ----a-w d:\windows\system32\wups.dll
2008-10-16 10:39 662,016 ----a-w d:\windows\system32\wininet.dll
2008-10-03 10:17 247,326 ----a-w d:\windows\system32\strmdll.dll
.
((((((((((((((((((((((((((((( snapshot@2009-01-30_12.54.03,90 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-11-26 17:21:30 1,236,208 ----a-w d:\windows\system32\aswBoot.exe
+ 2008-11-26 17:15:10 97,480 ----a-w d:\windows\system32\AvastSS.scr
+ 2008-11-26 17:15:35 26,944 ----a-w d:\windows\system32\drivers\aavmker4.sys
+ 2008-11-26 17:17:25 20,560 ----a-w d:\windows\system32\drivers\aswFsBlk.sys
+ 2008-11-26 17:18:25 93,296 ----a-w d:\windows\system32\drivers\aswmon.sys
+ 2008-11-26 17:18:18 94,032 ----a-w d:\windows\system32\drivers\aswmon2.sys
+ 2008-11-26 17:16:29 23,152 ----a-w d:\windows\system32\drivers\aswRdr.sys
+ 2008-11-26 17:17:36 111,184 ----a-w d:\windows\system32\drivers\aswSP.sys
+ 2008-11-26 17:16:38 50,864 ----a-w d:\windows\system32\drivers\aswTdi.sys
+ 2009-01-30 12:40:15 16,384 ----atw d:\windows\Temp\Perflib_Perfdata_2dc.dat
+ 2009-01-30 12:40:00 16,384 ----atw d:\windows\Temp\Perflib_Perfdata_7dc.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="d:\windows\system32\ctfmon.exe" [2004-08-03 15360]
"Gadu-Gadu"="d:\program files\Gadu-Gadu\gg.exe" [2008-03-20 2127296]
"Nowe Gadu-Gadu"="d:\program files\Nowe Gadu-Gadu\gg.exe" [2008-12-22 8966760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="d:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"NvMediaCenter"="d:\windows\system32\NvMcTray.dll" [2006-10-22 86016]
"TWCU"="d:\program files\TP-LINK\TWCU\TWCU.exe" [2006-03-29 364544]
"NeroFilterCheck"="d:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"BearShare"="d:\program files\BearShare\BearShare.exe" [2006-08-01 3313664]
"SunJavaUpdateSched"="d:\program files\Java\jre6\bin\jusched.exe" [2009-01-21 136600]
"avast!"="d:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"nwiz"="nwiz.exe" [2006-10-22 d:\windows\system32\nwiz.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="d:\windows\system32\CTFMON.EXE" [2004-08-03 15360]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\[u]0[/u]aswBoot.exe /M:37b84ec59
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\Program Files\\BearShare\\BearShare.exe"=
"d:\\Program Files\\Gadu-Gadu\\gg.exe"=
"d:\\Program Files\\Wyzo\\wyzo.exe"=
"d:\\Program Files\\Nowe Gadu-Gadu\\gg.exe"=
R1 aswSP;avast! Self Protection;d:\windows\system32\drivers\aswSP.sys [2009-01-30 111184]
R4 aswFsBlk;aswFsBlk;d:\windows\system32\drivers\aswFsBlk.sys [2009-01-30 20560]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - AAVMKER4
*NewlyCreated* - ASWFSBLK
*NewlyCreated* - ASWMON2
*NewlyCreated* - ASWRDR
*NewlyCreated* - ASWSP
*NewlyCreated* - ASWTDI
*NewlyCreated* - ASWUPDSV
*NewlyCreated* - AVAST!_ANTIVIRUS
*NewlyCreated* - AVAST!_MAIL_SCANNER
*NewlyCreated* - AVAST!_WEB_SCANNER
*Deregistered* - ACS
*Deregistered* - ALG
*Deregistered* - aswUpdSv
*Deregistered* - AudioSrv
*Deregistered* - avast! Antivirus
*Deregistered* - avast! Mail Scanner
*Deregistered* - avast! Web Scanner
*Deregistered* - Browser
*Deregistered* - CryptSvc
*Deregistered* - DcomLaunch
*Deregistered* - Dhcp
*Deregistered* - dmserver
*Deregistered* - Dnscache
*Deregistered* - ERSvc
*Deregistered* - EventSystem
*Deregistered* - FastUserSwitchingCompatibility
*Deregistered* - helpsvc
*Deregistered* - HidServ
*Deregistered* - JavaQuickStarterService
*Deregistered* - lanmanserver
*Deregistered* - lanmanworkstation
*Deregistered* - LmHosts
*Deregistered* - Netman
*Deregistered* - Nla
*Deregistered* - NVSvc
*Deregistered* - PolicyAgent
*Deregistered* - ProtectedStorage
*Deregistered* - RasMan
*Deregistered* - RemoteRegistry
*Deregistered* - RpcSs
*Deregistered* - SamSs
*Deregistered* - Schedule
*Deregistered* - seclogon
*Deregistered* - SENS
*Deregistered* - SharedAccess
*Deregistered* - ShellHWDetection
*Deregistered* - Spooler
*Deregistered* - srservice
*Deregistered* - SSDPSRV
*Deregistered* - stisvc
*Deregistered* - TapiSrv
*Deregistered* - TermService
*Deregistered* - Themes
*Deregistered* - TrkWks
*Deregistered* - W32Time
*Deregistered* - WebClient
*Deregistered* - winmgmt
*Deregistered* - WmiApSrv
*Deregistered* - wscsvc
*Deregistered* - wuauserv
*Deregistered* - WZCSVC
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{162f2488-ba56-11dd-b04f-000b6a134c6a}]
\Shell\AutoRun\command - F:\yew.bat
\Shell\explore\Command - F:\yew.bat
\Shell\open\Command - F:\yew.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{29b33cad-d8b1-11dd-b10c-001bbf503c04}]
\Shell\AutoRun\command - F:\fr.com
\Shell\explore\Command - F:\fr.com
\Shell\open\Command - F:\fr.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bbe2026a-eb9a-11dd-b17b-001bbf503c04}]
\Shell\AutoRun\command - F:\yew.bat
\Shell\explore\Command - F:\yew.bat
\Shell\open\Command - F:\yew.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{eb413560-b947-11dd-b044-000b6a134c6a}]
\Shell\AutoRun\command - F:\2w.cmd
\Shell\explore\Command - F:\2w.cmd
\Shell\open\Command - F:\2w.cmd
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.bearshare.com/pl
TCP: {1FBA8F19-2BC4-460F-88E4-494BCB34E6FF} = 192.168.1.1,194.204.152.34
FF - ProfilePath - d:\documents and settings\Tomasz\Dane aplikacji\Mozilla\Firefox\Profiles\uvjs437q.default\
FF - prefs.js: browser.startup.homepage - hxxp://pl.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:pl:official
FF - plugin: d:\program files\Mozilla Firefox\plugins\npganymedenet.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-30 13:58:37
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2009-01-30 14:00:37
ComboFix-quarantined-files.txt 2009-01-30 13:00:12
ComboFix2.txt 2009-01-30 12:04:05
ComboFix3.txt 2009-01-30 11:55:21
Pre-Run: 34 475 098 112 bajtów wolnych
Post-Run: 34,463,461,376 bajtów wolnych
245 --- E O F --- 2009-01-30 11:03:35
Log Hijackthis
- Kod: Zaznacz wszystko
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:25:43, on 2009-01-30
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
D:\Program Files\Alwil Software\Avast4\ashServ.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\system32\acs.exe
D:\Program Files\Java\jre6\bin\jqs.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\WgaTray.exe
D:\Program Files\BearShare\BearShare.exe
D:\Program Files\Java\jre6\bin\jusched.exe
D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Gadu-Gadu\gg.exe
D:\Program Files\Nowe Gadu-Gadu\gg.exe
D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
D:\WINDOWS\explorer.exe
D:\Program Files\Winamp\winamp.exe
D:\WINDOWS\system32\wscntfy.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.bearshare.com/pl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: My Global Search Bar BHO - {37B85A21-692B-4205-9CAD-2626E4993404} - D:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL (file missing)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - D:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TWCU] "D:\Program Files\TP-LINK\TWCU\TWCU.exe" -nogui
O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [BearShare] "D:\Program Files\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "D:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [Nowe Gadu-Gadu] "D:\Program Files\Nowe Gadu-Gadu\gg.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{1FBA8F19-2BC4-460F-88E4-494BCB34E6FF}: NameServer = 192.168.1.1,194.204.152.34
O17 - HKLM\System\CS1\Services\Tcpip\..\{1FBA8F19-2BC4-460F-88E4-494BCB34E6FF}: NameServer = 192.168.1.1,194.204.152.34
O17 - HKLM\System\CS2\Services\Tcpip\..\{1FBA8F19-2BC4-460F-88E4-494BCB34E6FF}: NameServer = 192.168.1.1,194.204.152.34
O17 - HKLM\System\CS3\Services\Tcpip\..\{1FBA8F19-2BC4-460F-88E4-494BCB34E6FF}: NameServer = 192.168.1.1,194.204.152.34
O23 - Service: TP-LINK Configuration Service (ACS) - Unknown owner - D:\WINDOWS\system32\acs.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
--
End of file - 5093 bytes
Proszę o pomoc
