Wiem, że ten temat pojawił się już na forum, ale po dokładnej analizie treści wpisów zorientowałem się iż, każdy przypadek wymaga innego spojrzenia.
U mnie okienko pojawiło się po instalacji HP DeskJet F2280 (a może to zbieg okoliczności).
Zamykanie okna jest denerwujące, a spowolnienie pracy kompa wyraźne. Zacina się.
Zrobiłem logi z Combofixa i Hijackthis. Oto one.
- Kod: Zaznacz wszystko
1.
ComboFix 08-10-17.01 - albert 2008-10-18 19:32:31.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1250.1.1045.18.661 [GMT 2:00]
Uruchomiony z: H:\serwis\ComboFix.exe
* Utworzono nowy punkt przywracania
.
((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.
H:\Documents and Settings\All Users\Dane aplikacji\Microsoft\Network\Downloader\qmgr0.dat
H:\Documents and Settings\All Users\Dane aplikacji\Microsoft\Network\Downloader\qmgr1.dat
H:\WINDOWS\IE4 Error Log.txt
----- BITS: Możliwe zainfekowane strony -----
hxxp://ftp.hp.com
.
((((((((((((((((((((((((( Pliki utworzone od 2008-09-18 do 2008-10-18 )))))))))))))))))))))))))))))))
.
2008-10-17 20:42 . 2007-10-30 11:11 729,088 -ra------ H:\WINDOWS\system32\hpowiax7.dll
2008-10-17 20:42 . 2007-10-30 11:11 581,632 -ra------ H:\WINDOWS\system32\hpotscl6.dll
2008-10-17 20:42 . 2007-10-30 11:25 372,736 -ra------ H:\WINDOWS\system32\hppldcoi.dll
2008-10-17 20:42 . 2007-10-30 11:25 309,760 -ra------ H:\WINDOWS\system32\difxapi.dll
2008-10-17 20:42 . 2007-10-30 11:11 303,104 -ra------ H:\WINDOWS\system32\hpovst15.dll
2008-10-17 20:39 . 2008-10-17 20:39 <DIR> d-------- H:\Program Files\Hewlett-Packard
2008-10-17 20:39 . 2008-10-17 20:39 <DIR> d-------- H:\Documents and Settings\All Users\Dane aplikacji\HP Product Assistant
2008-10-17 20:38 . 2008-10-17 20:38 <DIR> d-------- H:\Program Files\Common Files\HP
2008-10-17 20:35 . 2008-10-17 20:43 169,207 --a------ H:\WINDOWS\hpoins27.dat
2008-10-17 20:35 . 2008-01-18 17:56 932 --------- H:\WINDOWS\hpomdl27.dat
2008-10-17 20:24 . 2008-10-17 20:25 <DIR> d-------- H:\WINDOWS\SxsCaPendDel
2008-10-16 22:51 . 2008-09-08 12:41 333,824 -----c--- H:\WINDOWS\system32\dllcache\srv.sys
2008-10-16 22:50 . 2008-08-14 15:26 2,190,464 -----c--- H:\WINDOWS\system32\dllcache\ntoskrnl.exe
2008-10-16 22:50 . 2008-08-14 15:26 2,146,816 -----c--- H:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2008-10-16 22:50 . 2008-08-14 15:26 2,067,328 -----c--- H:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2008-10-16 22:50 . 2008-08-14 15:26 2,025,472 -----c--- H:\WINDOWS\system32\dllcache\ntkrpamp.exe
2008-10-16 22:50 . 2008-09-15 17:27 1,846,656 -----c--- H:\WINDOWS\system32\dllcache\win32k.sys
2008-10-15 22:52 . 2008-10-18 19:03 <DIR> d-------- H:\Documents and Settings\albert\Dane aplikacji\HPAppData
2008-10-14 13:36 . 2008-10-14 13:36 <DIR> d-------- H:\Documents and Settings\All Users\Dane aplikacji\WEBREG
2008-10-14 13:36 . 2008-10-14 13:36 <DIR> d-------- H:\Documents and Settings\albert\Dane aplikacji\HP
2008-10-14 13:35 . 2008-10-14 13:35 <DIR> d-------- H:\Documents and Settings\All Users\Dane aplikacji\Hewlett-Packard
2008-10-14 13:35 . 2007-11-08 16:52 271,704 -ra------ H:\WINDOWS\system32\hpzids01.dll
2008-10-14 13:35 . 2007-10-20 18:25 117,760 --a------ H:\WINDOWS\system32\hpzll5mu.dll
2008-10-14 13:35 . 2007-10-30 11:25 49,920 -ra------ H:\WINDOWS\system32\drivers\HPZid412.sys
2008-10-14 13:35 . 2007-10-30 11:25 21,568 -ra------ H:\WINDOWS\system32\drivers\HPZius12.sys
2008-10-14 13:35 . 2007-10-30 11:25 16,496 -ra------ H:\WINDOWS\system32\drivers\HPZipr12.sys
2008-10-14 13:34 . 2008-04-13 20:45 15,104 --a------ H:\WINDOWS\system32\drivers\usbscan.sys
2008-10-14 13:34 . 2008-04-13 20:45 15,104 --a--c--- H:\WINDOWS\system32\dllcache\usbscan.sys
2008-10-14 13:27 . 2008-10-14 13:27 <DIR> d-------- H:\Program Files\Common Files\Hewlett-Packard
2008-10-14 13:27 . 2008-10-17 20:39 <DIR> d-------- H:\Documents and Settings\All Users\Dane aplikacji\HP
2008-10-14 13:27 . 2008-10-14 13:27 0 --a------ H:\WINDOWS\system32\YÚYÚ
2008-10-14 13:26 . 2008-10-14 13:27 <DIR> d-------- H:\Program Files\HP
2008-10-14 13:26 . 2008-04-13 20:47 25,856 --a------ H:\WINDOWS\system32\drivers\usbprint.sys
2008-10-14 13:26 . 2008-04-13 20:47 25,856 --a--c--- H:\WINDOWS\system32\dllcache\usbprint.sys
2008-10-14 13:25 . 2008-04-13 20:45 32,128 --a------ H:\WINDOWS\system32\drivers\usbccgp.sys
2008-10-14 13:25 . 2008-04-13 20:45 32,128 --a--c--- H:\WINDOWS\system32\dllcache\usbccgp.sys
2008-10-08 19:02 . 2008-10-08 19:02 <DIR> d-------- H:\Program Files\PhotoFiltre
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-16 15:43 --------- d-----w H:\Program Files\Microsoft Works
2008-09-16 15:42 --------- d-----w H:\Program Files\Microsoft.NET
2008-09-15 15:27 1,846,656 ----a-w H:\WINDOWS\system32\win32k.sys
2008-09-14 13:02 --------- d-----w H:\Program Files\Java
2008-09-08 10:41 333,824 ----a-w H:\WINDOWS\system32\drivers\srv.sys
2008-08-28 20:42 --------- d-----w H:\Documents and Settings\albert\Dane aplikacji\Hamachi
2008-08-21 19:47 98,304 ----a-w H:\WINDOWS\DUMP38a4.tmp
2008-08-20 05:11 668,672 ----a-w H:\WINDOWS\system32\wininet.dll
2008-08-14 13:26 2,146,816 ----a-w H:\WINDOWS\system32\ntoskrnl.exe
2008-08-14 13:26 2,025,472 ----a-w H:\WINDOWS\system32\ntkrnlpa.exe
2008-07-18 20:10 94,920 ----a-w H:\WINDOWS\system32\cdm.dll
2008-07-18 20:10 53,448 ----a-w H:\WINDOWS\system32\wuauclt.exe
2008-07-18 20:10 45,768 ----a-w H:\WINDOWS\system32\wups2.dll
2008-07-18 20:10 36,552 ----a-w H:\WINDOWS\system32\wups.dll
2008-07-18 20:09 563,912 ----a-w H:\WINDOWS\system32\wuapi.dll
2008-07-18 20:09 325,832 ----a-w H:\WINDOWS\system32\wucltui.dll
2008-07-18 20:09 205,000 ----a-w H:\WINDOWS\system32\wuweb.dll
2008-07-18 20:09 1,811,656 ----a-w H:\WINDOWS\system32\wuaueng.dll
2008-05-30 21:43 67,218 ----a-w H:\Documents and Settings\albert\Uninstal.exe
2005-07-23 16:33 266,240 ----a-w H:\Documents and Settings\albert\VentriloMIX.exe
2005-07-14 10:47 933,888 ----a-w H:\Documents and Settings\albert\Ventrilo 2.3.0.exe
2004-06-03 06:52 15,360 ----a-w H:\Documents and Settings\albert\KeyPress.dll
2004-03-16 15:17 630,784 ----a-w H:\Documents and Settings\albert\Ventrilo 2.2.0.exe
2003-12-22 15:36 581,632 ----a-w H:\Documents and Settings\albert\Ventrilo 2.1.4.exe
2003-08-29 15:13 1,436,160 ----a-w H:\Documents and Settings\albert\TeamSpeakRC2 2.0.32.60.exe
2003-04-17 10:06 172,032 ----a-w H:\Documents and Settings\albert\hvdi.dll
2003-04-17 08:56 151,552 ----a-w H:\Documents and Settings\albert\libspeex.dll
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="H:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"Komunikator"="H:\Program Files\Tlen.pl\tlen.exe" [2008-01-15 6290944]
"MSMSGS"="H:\Program Files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"CTSyncU.exe"="H:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" [2007-07-17 868352]
"AdobeUpdater"="H:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 2321600]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="H:\WINDOWS\system32\NvCpl.dll" [2006-08-11 7630848]
"NvMediaCenter"="H:\WINDOWS\system32\NvMcTray.dll" [2006-08-11 86016]
"SunJavaUpdateSched"="H:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"Adobe Reader Speed Launcher"="H:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"HDAudDeck"="H:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe" [2006-11-22 704512]
"CTCheck"="H:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe" [2007-11-06 397312]
"egui"="H:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-03-13 1443072]
"Sony Ericsson PC Suite"="H:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2006-11-24 487424]
"HP Software Update"="H:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152]
"hpqSRMon"="H:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"nwiz"="nwiz.exe" [2006-08-11 H:\WINDOWS\system32\nwiz.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="H:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360]
H:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
HP Digital Imaging Monitor.lnk - H:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"H:\\Program Files\\Tlen.pl\\tlen.exe"=
"H:\\Program Files\\Valve\\Steam\\SteamApps\\xgrievousx\\counter-strike\\hl.exe"=
"I:\\WoW\\World of Warcraft\\Repair.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"H:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"H:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"H:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"H:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"H:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
R0 videX32;videX32;H:\WINDOWS\system32\DRIVERS\videX32.sys [2006-02-23 9728]
R0 xfilt;VIA SATA IDE Hot-plug Driver;H:\WINDOWS\system32\DRIVERS\xfilt.sys [2006-02-23 11264]
R1 epfwtdir;epfwtdir;H:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-03-13 33800]
S3 se44bus;Sony Ericsson Device 068 driver (WDM);H:\WINDOWS\system32\DRIVERS\se44bus.sys [2006-11-30 61536]
S3 se44mdfl;Sony Ericsson Device 068 USB WMC Modem Filter;H:\WINDOWS\system32\DRIVERS\se44mdfl.sys [2006-11-30 9360]
S3 se44mdm;Sony Ericsson Device 068 USB WMC Modem Driver;H:\WINDOWS\system32\DRIVERS\se44mdm.sys [2006-11-30 97088]
S3 se44mgmt;Sony Ericsson Device 068 USB WMC Device Management Drivers (WDM);H:\WINDOWS\system32\DRIVERS\se44mgmt.sys [2006-11-30 88624]
S3 se44nd5;Sony Ericsson Device 068 USB Ethernet Emulation SEMC44 (NDIS);H:\WINDOWS\system32\DRIVERS\se44nd5.sys [2006-11-30 18704]
S3 se44obex;Sony Ericsson Device 068 USB WMC OBEX Interface;H:\WINDOWS\system32\DRIVERS\se44obex.sys [2006-11-30 86432]
S3 se44unic;Sony Ericsson Device 068 USB Ethernet Emulation SEMC44 (WDM);H:\WINDOWS\system32\DRIVERS\se44unic.sys [2006-11-30 90800]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{60aa56cc-3f13-11dd-8ec0-001a4d696ed1}]
\Shell\AutoRun\command - J:\LaunchU3.exe -a
*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
- - - - USUNIĘTO PUSTE WPISY - - - -
HKLM-Run-zzGBK - G:\setup.exe
.
------- Skan uzupełniający -------
.
FireFox -: Profile - H:\Documents and Settings\albert\Dane aplikacji\Mozilla\Firefox\Profiles\n30c5960.default\
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-18 19:33:17
Windows 5.1.2600 Dodatek Service Pack 3 NTFS
skanowanie ukrytych procesów ...
skanowanie ukrytych wpisów autostartu ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HDAudDeck = H:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe 1????????????????????????????????????????????????
skanowanie ukrytych plików ...
H:\DOCUME~1\albert\USTAWI~1\Temp\RGI419.tmp
skanowanie pomyślnie ukończone
ukryte pliki: 1
**************************************************************************
.
Czas ukończenia: 2008-10-18 19:33:57
ComboFix-quarantined-files.txt 2008-10-18 17:33:55
Przed: 59 865 858 048 bajtów wolnych
Po: 60,389,150,720 bajtów wolnych
WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
H:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
171 --- E O F --- 2008-10-17 18:17:45
A teraz drugi.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:47:22, on 2008-10-18
Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\system32\spoolsv.exe
H:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
H:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe
H:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
H:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
H:\Program Files\HP\HP Software Update\HPWuSchd2.exe
H:\WINDOWS\system32\ctfmon.exe
H:\Program Files\Tlen.pl\tlen.exe
H:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
H:\WINDOWS\system32\CTsvcCDA.exe
H:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
H:\WINDOWS\system32\svchost.exe
H:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\system32\nvsvc32.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\system32\svchost.exe
H:\Program Files\Common Files\Teleca Shared\Generic.exe
H:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
H:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
H:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
H:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
H:\WINDOWS\system32\wscntfy.exe
H:\WINDOWS\explorer.exe
H:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - H:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - H:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - H:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - H:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE H:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE H:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "H:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "H:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HDAudDeck] H:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe 1
O4 - HKLM\..\Run: [CTCheck] H:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe
O4 - HKLM\..\Run: [egui] "H:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "H:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [HP Software Update] H:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] H:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKCU\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Komunikator] H:\Program Files\Tlen.pl\tlen.exe
O4 - HKCU\..\Run: [MSMSGS] "H:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [CTSyncU.exe] "H:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [AdobeUpdater] H:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = H:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://H:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - H:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Zaznaczanie HP Smart - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - H:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool 8) - http://67.15.101.33/g_bin/pl/billard8_2_0_0_35.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A5B6E2CD-11C8-4390-B51E-B177C25EA40E}: NameServer = 10.0.0.2
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - H:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - H:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - H:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - H:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - H:\WINDOWS\system32\nvsvc32.exe
--
End of file - 6251 bytes
Dzieki za pomoc i podpowiedź.
