przez karlol 24 Maj 2007, 17:26
- Kod: Zaznacz wszystko
"Karol" - 2007-05-24 17:04:26 Dodatek Service Pack 2
ComboFix 07-05.24.7.V - Running from: "C:\Documents and Settings\Karol\Pulpit\"
(((((((((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\system32\aloqaeqq.dll
C:\WINDOWS\system32\defrdopc.dll
C:\WINDOWS\system32\kcmoasfb.dll
C:\WINDOWS\system32\ltkwhowa.dll
C:\WINDOWS\system32\lyllhmqb.dll
C:\WINDOWS\system32\mrefcurs.dll
C:\WINDOWS\system32\nhyyfboa.dll
C:\WINDOWS\system32\qhtgfvdw.dll
C:\WINDOWS\system32\qvwfaoag.dll
C:\WINDOWS\system32\solchaxr.dll
C:\WINDOWS\system32\uljfvrvo.dll
C:\WINDOWS\system32\qqeaqola.ini
C:\WINDOWS\system32\cpodrfed.ini
C:\WINDOWS\system32\bfsaomck.ini
C:\WINDOWS\system32\bqmhllyl.ini
C:\WINDOWS\system32\srucferm.ini
C:\WINDOWS\system32\aobfyyhn.ini
C:\WINDOWS\system32\gaoafwvq.ini
C:\WINDOWS\system32\ovrvfjlu.ini
C:\WINDOWS\system32\bbadd.bak1
C:\WINDOWS\system32\bbadd.bak2
C:\WINDOWS\system32\bbadd.ini
C:\WINDOWS\system32\bbadd.ini2
C:\WINDOWS\system32\bbadd.tmp
C:\WINDOWS\system32\bbadd.bak1
C:\WINDOWS\system32\bbadd.bak2
C:\WINDOWS\system32\bbadd.ini
C:\WINDOWS\system32\bbadd.ini2
C:\WINDOWS\system32\bbadd.tmp
* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
((((((((((((((((((((((((((((((( Files Created from 2007-04-05 to 2007-05-24 ))))))))))))))))))))))))))))))))))
2007-05-23 17:03 <DIR> d-------- C:\VundoFix Backups
2007-05-23 16:15 <DIR> d-------- C:\Program Files\SAGEM
2007-05-23 11:03 <DIR> d-------- C:\WINDOWS\CSC
2007-05-21 20:59 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2007-05-20 18:48 <DIR> d-------- C:\DOCUME~1\Kasiurek\DANEAP~1\Lavasoft
2007-05-19 16:50 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DANEAP~1\nView_Profiles
2007-05-19 16:09 <DIR> d-------- C:\WINDOWS\system32\SBO
2007-05-17 20:12 <DIR> d--h----- C:\WINDOWS\PIF
2007-05-15 17:37 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DANEAP~1\Windows Genuine Advantage
2007-05-14 15:19 <DIR> d-------- C:\DOCUME~1\Karol\DANEAP~1\Help
2007-05-14 15:18 <DIR> d-------- C:\Local Publish
2007-05-12 17:09 <DIR> d-------- C:\DOCUME~1\Karol\DANEAP~1\InstallShield
2007-05-03 22:07 <DIR> d-------- C:\Program Files\BearShare Applications
2007-05-03 22:07 <DIR> d-------- C:\DOCUME~1\Kasiurek\DANEAP~1\BearShare
2007-04-25 10:12 434,252 --a------ C:\WINDOWS\system32\Msvcrtd.dll
2007-04-24 13:42 <DIR> d---s---- C:\DOCUME~1\marian\UserData
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-05-22 15:51:45 737,280 ----a-w C:\WINDOWS\iun6002.exe
2007-05-18 15:18:53 -------- d-----w C:\DOCUME~1\Karol\DANEAP~1\Skype
2007-05-12 15:12:20 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-05-12 14:50:27 -------- d-----w C:\Program Files\SAGEM WiFi manager
2007-04-30 17:10:25 -------- d-----w C:\DOCUME~1\Karol\DANEAP~1\Lavasoft
2007-04-28 14:49:25 639,224 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2007-04-17 19:07:59 -------- d-----w C:\DOCUME~1\Karol\DANEAP~1\Gadu-Gadu
2007-04-09 14:06:33 -------- d-----w C:\Program Files\SystemRequirementsLab
2007-04-04 14:56:15 271,360 ----a-w C:\WINDOWS\system32\drivers\atksgt.sys
2007-04-04 14:56:15 18,048 ----a-w C:\WINDOWS\system32\drivers\lirsgt.sys
2007-03-31 18:48:37 -------- d-----w C:\Program Files\Media Player Classic
2007-03-31 18:48:13 -------- d-----w C:\Program Files\Common Files\Real
2007-03-31 18:48:13 -------- d-----w C:\DOCUME~1\Karol\DANEAP~1\Real
2007-03-31 17:55:09 -------- d-----w C:\DOCUME~1\Karol\DANEAP~1\Image Zone Express
2007-03-31 11:55:33 -------- d-----w C:\DOCUME~1\Karol\DANEAP~1\Printer Info Cache
2007-03-31 11:55:11 -------- d-----w C:\Program Files\Common Files\HP
2007-03-25 10:14:54 49,492 ----a-w C:\WINDOWS\system32\perfc015.dat
2007-03-25 10:14:54 355,486 ----a-w C:\WINDOWS\system32\perfh015.dat
2007-03-24 12:23:26 502,368 ----a-w C:\WINDOWS\system32\drivers\amon.sys
2007-03-24 12:23:26 270,336 ----a-w C:\WINDOWS\system32\imon.dll
2007-03-24 11:33:57 -------- d-----w C:\Program Files\Common Files\Ahead
2007-03-17 22:55:02 -------- d-----w C:\Program Files\Apple Software Update
2007-03-17 19:44:56 -------- d-----w C:\DOCUME~1\Karol\DANEAP~1\Ahead
2007-03-16 21:53:03 -------- d-----w C:\Program Files\Real Alternative
2007-03-16 03:55:58 40,960 ----a-w C:\WINDOWS\system32\frapsvid.dll
2007-03-15 19:37:39 81 --sh--r C:\WINDOWS\CT4SET.BIN
2007-03-15 19:37:23 -------- d-----w C:\Program Files\Reallusion
2007-03-15 19:37:16 -------- d-----w C:\Program Files\Common Files\Reallusion
2007-03-15 13:26:36 -------- d-----w C:\DOCUME~1\Karol\DANEAP~1\ABBYY
2007-03-14 12:51:43 -------- d-----w C:\DOCUME~1\Karol\DANEAP~1\Mobipocket
2007-03-12 16:00:19 -------- d-----w C:\Program Files\Common Files\InstallShield
2007-03-09 11:47:02 -------- d-----w C:\Program Files\NETPLUS
2007-03-05 14:51:28 -------- d-----w C:\Program Files\Common Files\Adobe Systems Shared
2007-03-05 14:33:34 -------- d-----w C:\Program Files\Common Files\Autodesk Shared
2007-02-23 10:34:40 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-02-19 13:33:35 1,220 ----a-w C:\WINDOWS\mozver.dat
2007-02-17 21:21:41 4 ----a-w C:\WINDOWS\system32\proc20744962.bin
2007-02-09 22:00:02 601 ----a-w C:\WINDOWS\eReg.dat
2007-02-09 10:17:12 0 ----a-w C:\WINDOWS\nsreg.dat
2007-02-09 07:32:35 0 --sha-r C:\MSDOS.SYS
2007-02-09 07:32:35 0 --sha-r C:\IO.SYS
2007-02-09 07:32:35 0 ----a-w C:\CONFIG.SYS
2007-02-09 07:32:35 0 ----a-w C:\AUTOEXEC.BAT
2007-02-09 07:28:39 21,856 ----a-w C:\WINDOWS\system32\emptyregdb.dat
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=D:\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll [2003-05-12 01:47]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-06-01 11:22]
"nwiz"="nwiz.exe" [2006-06-01 11:22 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="NvMCTray.dll" [2006-06-01 11:22 C:\WINDOWS\system32\nvmctray.dll]
"SoundMan"="SOUNDMAN.EXE" []
"WinampAgent"="d:\Winamp\winampa.exe" [2006-10-25 07:37]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"QuickTime Task"="F:\QuickTime\qttask.exe" []
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-03-24 14:23]
"MsgCenterExe"="C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe" []
"Ashampoo FireWall"="D:\ashampoo firewall\FireWall.exe" [2006-09-13 13:22]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" []
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-04 01:55]
*Newly Created Service* -PROCEXP90
~ ~ ~ ~ ~ ~ ~ ~ Hijackthis Backups ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
backup-20070524-162007-955
O20 - Winlogon Notify: xxyyabc - xxyyabc.dll (file missing)
?Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\xxyyabc]
"Asynchronous"=dword:00000001
"DllName"="xxyyabc.dll"
"Impersonate"=dword:00000000
"Logon"="Logon"
"Logoff"="Logoff"
backup-20070524-162007-750
O2 - BHO: (no name) - {D651AFF4-9590-424d-BD1E-8E33E090DFB3} - C:\WINDOWS\system32\wydewftt.dll (file missing)
backup-20070524-162007-531
O2 - BHO: (no name) - {55DB983C-BDBF-426f-86F0-187B02DDA39B} - C:\WINDOWS\system32\svpfsgsf.dll (file missing)
backup-20070524-162007-114
O2 - BHO: (no name) - {7429606D-5C04-4B02-8FBA-978F7C8B8F93} - (no file)
backup-20070524-162007-928
O2 - BHO: (no name) - {B07CB267-5E6F-441F-9B3C-324EFE70F897} - (no file)
backup-20070524-162007-897
O2 - BHO: (no name) - {29CBB185-7D99-4BB4-B237-476CB9DE0767} - C:\WINDOWS\system32\ifmkdjkt.dll (file missing)
backup-20070524-162007-752
O2 - BHO: (no name) - {2A0C52E4-318F-42F8-ADCB-9D6B7354FA2a} - C:\WINDOWS\system32\ifmkdjkt.dll (file missing)
backup-20070524-161618-641
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.bearshare.com/pl/
backup-20070523-221610-671
O2 - BHO: Share Accelerator MM Toolbar - {4596013b-6c31-408b-a266-deae5c086dc2} - C:\Program Files\Share_Accelerator_MM\tbSha1.dll
backup-20070523-092117-870
O4 - HKLM\..\Run: [setup] rundll32.exe "C:\WINDOWS\system32\qvwfaoag.dll",realset
backup-20070522-184504-407
O4 - HKLM\..\Run: [setup] rundll32.exe "C:\WINDOWS\system32\defrdopc.dll",realset
backup-20070520-164530-377
O4 - HKLM\..\Run: [setup] rundll32.exe "C:\WINDOWS\system32\nhyyfboa.dll",realset
backup-20070519-161412-790
O4 - HKLM\..\Run: [setup] rundll32.exe "C:\WINDOWS\system32\mrefcurs.dll",realset
backup-20070519-100252-583
O4 - HKLM\..\Run: [setup] rundll32.exe "C:\WINDOWS\system32\uljfvrvo.dll",realset
backup-20070518-172113-203
O4 - HKLM\..\Run: [WindowsUpdate] rundll32.exe "C:\WINDOWS\system32\aloqaeqq.dll",realset
backup-20070518-130618-541
O4 - HKLM\..\Run: [WindowsUpdate] rundll32.exe "C:\WINDOWS\system32\lyllhmqb.dll",realset
backup-20070517-202149-170
O4 - HKLM\..\Run: [WindowsUpdate] rundll32.exe "C:\WINDOWS\system32\kcmoasfb.dll",realset
backup-20070516-100504-260
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
backup-20070516-100504-551
O4 - HKLM\..\Run: [WindowsUpdate] rundll32.exe "C:\WINDOWS\system32\cueiyqbr.dll",realset
backup-20070428-232709-415
O3 - Toolbar: Share Accelerator MM Toolbar - {4596013b-6c31-408b-a266-deae5c086dc2} - C:\Program Files\Share_Accelerator_MM\tbSha1.dll
backup-20070428-232709-782
R3 - URLSearchHook: Share Accelerator MM Toolbar - {4596013b-6c31-408b-a266-deae5c086dc2} - C:\Program Files\Share_Accelerator_MM\tbSha1.dll
backup-20070409-163731-929
O20 - Winlogon Notify: xxyyabc - xxyyabc.dll (file missing)
?Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\xxyyabc]
"Asynchronous"=dword:00000001
"DllName"="xxyyabc.dll"
"Impersonate"=dword:00000000
"Logon"="Logon"
"Logoff"="Logoff"
backup-20070409-163731-498
O20 - Winlogon Notify: ddabb - C:\WINDOWS\system32\ddabb.dll
?Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ddabb]
"Asynchronous"=dword:00000001
"DllName"="C:\\WINDOWS\\system32\\ddabb.dll"
"Impersonate"=dword:00000000
"Startup"="SysLogon"
"Logoff"="SysLogoff"
backup-20070409-163731-545
O2 - BHO: (no name) - {B07CB267-5E6F-441F-9B3C-324EFE70F897} - (no file)
backup-20070409-163731-808
O2 - BHO: (no name) - {7429606D-5C04-4B02-8FBA-978F7C8B8F93} - (no file)
backup-20070409-163731-329
O2 - BHO: (no name) - {57E218E6-5A80-4f0c-AB25-83598F25D7E9} - C:\WINDOWS\system32\edxuaqam.dll (file missing)
backup-20070409-163730-178
O2 - BHO: (no name) - {5784C70E-B3F1-408C-A293-D40C474C5071} - C:\WINDOWS\system32\ddabb.dll
backup-20070409-163730-306
O2 - BHO: (no name) - {29CBB185-7D99-4BB4-B237-476CB9DE0767} - (no file)
backup-20070409-163730-274
O2 - BHO: (no name) - {36DBC179-A19F-48F2-B16A-6A3E19B42A87} - (no file)
backup-20070409-163730-879
O2 - BHO: (no name) - {2A0C52E4-318F-42F8-ADCB-9D6B7354FA2a} - (no file)
backup-20070409-163730-911
O2 - BHO: (no name) - {46A4E9D9-B30E-452A-8157-DBBEC8573B03} - (no file)
backup-20070325-215241-978
O2 - BHO: (no name) - {E03C740E-BB24-4d3c-B92A-6F84DE1DD99C} - (no file)
backup-20070325-215241-220
O2 - BHO: (no name) - {918EA62B-0DB3-443D-AFA3-1541778432E1} - C:\WINDOWS\system32\ddabb.dll
backup-20070325-215241-110
O2 - BHO: (no name) - {B07CB267-5E6F-441F-9B3C-324EFE70F897} - (no file)
backup-20070325-215241-309
O2 - BHO: (no name) - {D38439EC-4A7F-42b4-90C2-D810D7778FDD} - (no file)
backup-20070325-215241-408
O2 - BHO: (no name) - {2A0C52E4-318F-42F8-ADCB-9D6B7354FA2a} - C:\WINDOWS\system32\fruqnmrv.dll (file missing)
backup-20070325-215241-583
O2 - BHO: (no name) - {46A4E9D9-B30E-452A-8157-DBBEC8573B03} - (no file)
backup-20070325-215241-188
O2 - BHO: (no name) - {36DBC179-A19F-48F2-B16A-6A3E19B42A87} - (no file)
backup-20070325-215241-491
O2 - BHO: (no name) - {29CBB185-7D99-4BB4-B237-476CB9DE0767} - C:\WINDOWS\system32\fruqnmrv.dll (file missing)
backup-20070325-215241-398
O2 - BHO: (no name) - {7429606D-5C04-4B02-8FBA-978F7C8B8F93} - C:\WINDOWS\system32\fruqnmrv.dll (file missing)
backup-20070325-213428-806
O4 - HKLM\..\Run: [SoundService] rundll32.exe "C:\WINDOWS\system32\cwwlignu.dll",setvm
backup-20070325-210430-195
O4 - HKLM\..\Run: [SoundService] rundll32.exe "C:\WINDOWS\system32\urelxdeb.dll",setvm
backup-20070324-164854-439
O4 - HKLM\..\Run: [SoundService] rundll32.exe "C:\WINDOWS\system32\ddrhdjnm.dll",setvm
backup-20070324-162741-935
O4 - HKLM\..\Run: [SoundService] rundll32.exe "C:\WINDOWS\system32\qfvfohim.dll",setvm
backup-20070324-142048-628
O20 - Winlogon Notify: xxyyabc - xxyyabc.dll (file missing)
?Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\xxyyabc]
"Asynchronous"=dword:00000001
"DllName"="xxyyabc.dll"
"Impersonate"=dword:00000000
"Logon"="Logon"
"Logoff"="Logoff"
backup-20070324-142048-266
O2 - BHO: (no name) - {B07CB267-5E6F-441F-9B3C-324EFE70F897} - C:\WINDOWS\system32\xxyyabc.dll (file missing)
backup-20070324-142048-538
O2 - BHO: (no name) - {E03C740E-BB24-4d3c-B92A-6F84DE1DD99C} - C:\WINDOWS\system32\gbuvmkkk.dll (file missing)
backup-20070324-142048-361
O3 - Toolbar: &VSAdd-in - {74DD705D-6834-439C-A735-A6DBE2677452} - C:\Program Files\VSAdd-in\VSAdd-in_1.dll (file missing)
backup-20070324-142048-724
O2 - BHO: (no name) - {D38439EC-4A7F-42b4-90C2-D810D7778FDD} - C:\WINDOWS\system32\xuuuubdm.dll (file missing)
backup-20070324-142048-487
O2 - BHO: (no name) - {46A4E9D9-B30E-452A-8157-DBBEC8573B03} - C:\Program Files\VSAdd-in\VSAdd-in_1.dll (file missing)
backup-20070324-142048-569
O2 - BHO: (no name) - {36DBC179-A19F-48F2-B16A-6A3E19B42A87} - C:\WINDOWS\system32\ipv6monl.dll (file missing)
Contents of the 'Scheduled Tasks' folder
2007-03-17 22:55:03 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
********************************************************************
catchme 0.3.681 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-05-24 17:05:34
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
********************************************************************
Completion time: 2007-05-24 17:05:58
C:\ComboFix-quarantined-files.txt ... 2007-05-24 17:05
--- E O F ---
- Kod: Zaznacz wszystko
Logfile of HijackThis v1.99.1
Scan saved at 17:07:02, on 2007-05-24
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\SOUNDMAN.EXE
D:\Winamp\winampa.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Eset\nod32kui.exe
D:\ashampoo firewall\FireWall.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\rundll32.exe
D:\Gadu-Gadu\gg.exe
d:\Mozilla Firefox\firefox.exe
d:\Winamp\winamp.exe
C:\WINDOWS\explorer.exe
D:\programy\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.neostrada.pl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [WinampAgent] d:\Winamp\winampa.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "F:\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [MsgCenterExe] "C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe" -osboot
O4 - HKLM\..\Run: [Ashampoo FireWall] "D:\ashampoo firewall\FireWall.exe" -TRAY
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: d:\ashampoo firewall\spi.dll
O10 - Unknown file in Winsock LSP: d:\ashampoo firewall\spi.dll
O10 - Unknown file in Winsock LSP: d:\ashampoo firewall\spi.dll
O10 - Unknown file in Winsock LSP: d:\ashampoo firewall\spi.dll
O10 - Unknown file in Winsock LSP: d:\ashampoo firewall\spi.dll
O10 - Unknown file in Winsock LSP: d:\ashampoo firewall\spi.dll
O10 - Unknown file in Winsock LSP: d:\ashampoo firewall\spi.dll
O10 - Unknown file in Winsock LSP: d:\ashampoo firewall\spi.dll
O10 - Unknown file in Winsock LSP: d:\ashampoo firewall\spi.dll
O10 - Unknown file in Winsock LSP: d:\ashampoo firewall\spi.dll
O10 - Unknown file in Winsock LSP: d:\ashampoo firewall\spi.dll
O10 - Unknown file in Winsock LSP: d:\ashampoo firewall\spi.dll
O16 - DPF: {1A781DED-C22D-4153-3213-A3211E29DF13} (GameDesire Card Games) - http://67.15.101.3/g_bin/pl/cards_2_0_0_73.cab
O16 - DPF: {BFA1F11D-3121-AFE1-4112-894323212DAC} (GameDesire Word Games) - http://67.15.101.3/g_bin/pl/words_2_0_0_47.cab
O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool 8) - http://67.15.101.3/g_bin/pl/billard8_2_0_0_30.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - D:\3DSMAX\mentalray\satellite\raysat_3dsmax8server.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - d:\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
Dzięki wam za pomoc. Reklamy już się nie pojawiają... 
