combofix
- Kod: Zaznacz wszystko
ComboFix 08-09-20.05 - Marcin 2008-09-21 15:10:05.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1250.1.1045.18.1142 [GMT 2:00]
Uruchomiony z: C:\Users\Marcin\Desktop\na bieľĄco\ComboFix.exe
* Utworzono nowy punkt przywracania
.
((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Recycled\Recycled
C:\Recycled\Recycled\ctfmon.exe
C:\Windows\system32\AutoRun.inf
D:\Autorun.inf
E:\Autorun.inf
F:\Autorun.inf
.
((((((((((((((((((((((((( Pliki utworzone od 2008-08-21 do 2008-09-21 )))))))))))))))))))))))))))))))
.
Nie utworzono żadnych nowych plików w tym okresie
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-21 13:03 --------- d-----w C:\Users\Marcin\AppData\Roaming\uTorrent
2008-09-21 12:22 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-09-17 17:25 --------- d-----w C:\Users\Marcin\AppData\Roaming\BearShare
2008-09-08 19:03 --------- d-----w C:\ProgramData\HP
2008-09-08 19:02 --------- d-----w C:\Program Files\Hewlett-Packard
2008-09-08 17:33 --------- d-----w C:\Users\Marcin\AppData\Roaming\HP
2008-09-08 17:18 --------- d-----w C:\Program Files\HP
2008-09-08 17:18 --------- d-----w C:\Program Files\Common Files\HP
2008-09-08 17:16 --------- d-----w C:\ProgramData\HPSSUPPLY
2008-09-08 15:25 262,144 ----a-w C:\ProgramData\ntuser.dat
2008-09-07 11:30 --------- d-----w C:\ProgramData\WEBREG
2008-09-07 10:02 --------- d-----w C:\Program Files\Common Files\Hewlett-Packard
2008-09-07 10:00 --------- d-----w C:\ProgramData\Hewlett-Packard
2008-09-06 09:23 --------- d-----w C:\Program Files\Windows Mail
2008-09-05 16:15 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-05 16:15 --------- d-----w C:\Users\Marcin\AppData\Roaming\InstallShield
2008-09-05 16:15 --------- d-----w C:\Program Files\SAGEM
2008-08-14 19:36 --------- d-----w C:\Users\Marcin\AppData\Roaming\temp
2008-08-03 15:57 --------- d-----w C:\ProgramData\Test Drive Unlimited
2008-07-31 03:34 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-07-31 03:34 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-07-31 03:34 28,160 ----a-w C:\Windows\System32\Apphlpdm.dll
2008-07-31 03:34 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-07-31 03:34 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-07-31 03:34 1,686,528 ----a-w C:\Windows\System32\gameux.dll
2008-07-30 23:47 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-07-30 23:32 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2008-07-26 17:58 --------- d-----w C:\Program Files\FlashGet
2008-07-26 17:52 --------- d-----w C:\Users\Marcin\AppData\Roaming\FlashGet
2008-07-25 08:34 81,920 ----a-w C:\Windows\System32\dpl100.dll
2008-07-25 08:34 683,520 ----a-w C:\Windows\System32\divx.dll
2008-07-23 16:50 3,596,288 ----a-w C:\Windows\System32\qt-dx331.dll
2008-07-19 05:10 53,448 ----a-w C:\Windows\System32\wuauclt.exe
2008-07-19 05:10 45,768 ----a-w C:\Windows\System32\wups2.dll
2008-07-19 05:10 36,552 ----a-w C:\Windows\System32\wups.dll
2008-07-19 05:09 563,912 ----a-w C:\Windows\System32\wuapi.dll
2008-07-19 05:09 1,811,656 ----a-w C:\Windows\System32\wuaueng.dll
2008-07-19 03:44 83,456 ----a-w C:\Windows\System32\wudriver.dll
2008-07-19 03:44 1,524,736 ----a-w C:\Windows\System32\wucltux.dll
2008-07-18 20:08 163,904 ----a-w C:\Windows\System32\wuwebv.dll
2008-07-18 18:44 31,232 ----a-w C:\Windows\System32\wuapp.exe
2008-07-15 23:48 2,048 ----a-w C:\Windows\System32\tzres.dll
2008-07-10 01:08 174 --sha-w C:\Program Files\desktop.ini
2008-06-30 19:07 98,304 ----a-w C:\Windows\System32\CmdLineExt.dll
2008-06-27 03:54 826,368 ----a-w C:\Windows\System32\wininet.dll
2008-06-27 03:54 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-06-27 03:54 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-06-27 03:54 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-06-26 00:34 7,964,672 ----a-w C:\Windows\System32\NlsLexicons0024.dll
2008-06-26 00:33 9,892,864 ----a-w C:\Windows\System32\NlsLexicons000a.dll
2007-05-18 16:13 53,329 ----a-w C:\Users\Marcin\fgmgr.dll
2006-06-01 21:57 457,216 ----a-w C:\Users\Marcin\koder-dekoder v0.4b.exe
2000-12-19 07:36 414,272 ----a-w C:\Users\Marcin\DivXc32f.dll
2000-12-19 07:36 414,272 ----a-w C:\Users\Marcin\DivXc32.dll
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-03-22 1232896]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]
"LightScribe Control Panel"="C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-08-23 455968]
"DAEMON Tools Lite"="D:\DAEMON Tools Lite\daemon.exe" [2008-04-01 486856]
"WindowsWelcomeCenter"="oobefldr.dll" [2006-11-02 C:\Windows\System32\oobefldr.dll]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]
"WinampAgent"="D:\Winamp\winampa.exe" [2007-05-19 35328]
"QuickTime Task"="D:\QuicTime 7.2\QTTask.exe" [2007-06-29 286720]
"DT PHL"="C:\Program Files\Philips Display\SmartControl II\DTHtml.exe" [2007-07-27 292352]
"Adobe Reader Speed Launcher"="D:\Adobe Reader\Reader\Reader_sl.exe" [2008-01-11 39792]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2008-05-16 13535776]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2008-05-16 92704]
"Flashget"="C:\Program Files\FlashGet\FlashGet.exe" [2007-09-25 2007088]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]
C:\Users\Marcin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Tworzenie wycink˘w ekranu i uruchamianie programu OneNote 2007.lnk - D:\Microsoft Office 2007\Office12\ONENOTEM.EXE [2006-10-26 98632]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-05-10 113664]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-01-02 210520]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{C11C61AD-4B9A-4FC4-A2E0-159934CBAED5}D:\\gadu-gadu\\gg.exe"= UDP:D:\gadu-gadu\gg.exe:Gadu-Gadu - program główny
"UDP Query User{C7B910E6-ABBE-400B-9C3F-DF945DB653A0}D:\\gadu-gadu\\gg.exe"= TCP:D:\gadu-gadu\gg.exe:Gadu-Gadu - program główny
"TCP Query User{483AA509-42CB-49F1-AEC1-586994D3174B}D:\\bitcomet\\bitcomet.exe"= UDP:D:\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"UDP Query User{87F5705B-BE59-4ACC-BCA4-15D5A5CCC287}D:\\bitcomet\\bitcomet.exe"= TCP:D:\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"TCP Query User{E5CEFD36-AFEE-4347-8BC6-0D0B18228D82}D:\\bearshare\\bearshare.exe"= UDP:D:\bearshare\bearshare.exe:BearShare
"UDP Query User{33F38E44-604B-4D43-A8DD-5A906C68FF2E}D:\\bearshare\\bearshare.exe"= TCP:D:\bearshare\bearshare.exe:BearShare
"TCP Query User{C1708581-6B71-421B-9B58-CAF8E31A53F8}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{50AE231B-36D1-46C2-A6FF-CF20151B0CDA}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"{4F8CB37B-F6F7-4C3C-93E6-C0665BAEF045}"= UDP:D:\Microsoft Office 2007\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{045546C7-0301-40F8-9EDA-7671104DC6EA}"= TCP:D:\Microsoft Office 2007\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{E8440C38-6BE2-42FE-8597-DE47E064EF2A}"= UDP:E:\LOST Zagubieni\Lost - Zagubieni\Yeti_Final_Win32.exe:Lost - Zagubieni Game
"{210D2DE3-3C63-43A6-9303-E8B2D526FD45}"= TCP:E:\LOST Zagubieni\Lost - Zagubieni\Yeti_Final_Win32.exe:Lost - Zagubieni Game
"{3F913C93-B077-46ED-B27D-94B184D77E44}"= UDP:E:\LOST Zagubieni\Lost - Zagubieni\gu.exe:Lost - Zagubieni Updater
"{D1E05415-3705-4CB3-9A22-1441C1F6754F}"= TCP:E:\LOST Zagubieni\Lost - Zagubieni\gu.exe:Lost - Zagubieni Updater
"{1C1B7231-5EBD-42E1-B622-71B61CA19300}"= UDP:E:\LOST Zagubieni\Lost - Zagubieni\detection\Launcher.exe:Lost - Zagubieni Requirements Tool
"{ECA83DF6-DB36-40F4-9CC8-11354BACE5D3}"= TCP:E:\LOST Zagubieni\Lost - Zagubieni\detection\Launcher.exe:Lost - Zagubieni Requirements Tool
"TCP Query User{3C9E02AD-DA05-424C-8810-C28E46F9C054}C:\\programdata\\kaspersky lab setup files\\kaspersky internet security 2009\\polish\\setup.exe"= UDP:C:\programdata\kaspersky lab setup files\kaspersky internet security 2009\polish\setup.exe:Kaspersky Internet Security 2009 Setup
"UDP Query User{AE9253F2-7E9A-4C18-83DE-BC94A9C14B6C}C:\\programdata\\kaspersky lab setup files\\kaspersky internet security 2009\\polish\\setup.exe"= TCP:C:\programdata\kaspersky lab setup files\kaspersky internet security 2009\polish\setup.exe:Kaspersky Internet Security 2009 Setup
"TCP Query User{2E1A5C2C-FBB1-4C81-A4DD-DC43E141F393}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{FA6A9F03-16BA-4834-A30F-E089705F5A00}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent
"TCP Query User{65FC929C-5131-4647-BB1B-82A936C09C7C}E:\\lost - zagubieni\\yeti_final_win32.exe"= UDP:E:\lost - zagubieni\yeti_final_win32.exe:Lost
"UDP Query User{EDD1F751-7CD4-46F3-AE29-2199AC4A0B6E}E:\\lost - zagubieni\\yeti_final_win32.exe"= TCP:E:\lost - zagubieni\yeti_final_win32.exe:Lost
"TCP Query User{FABC1FDA-83D6-4DB2-BEE1-F29A2AF0F2B4}C:\\users\\marcin\\flashget.exe"= UDP:C:\users\marcin\flashget.exe:flashget.exe
"UDP Query User{0B34D834-958E-4108-88C8-E2A094F34BBE}C:\\users\\marcin\\flashget.exe"= TCP:C:\users\marcin\flashget.exe:flashget.exe
"TCP Query User{296F9E6B-13E7-47A7-A2F9-9BBECFC33167}C:\\program files\\flashget\\flashget.exe"= UDP:C:\program files\flashget\flashget.exe:FlashGet
"UDP Query User{D25E1510-708F-4796-88BD-0EBF67030243}C:\\program files\\flashget\\flashget.exe"= TCP:C:\program files\flashget\flashget.exe:FlashGet
"{D7BDDA2D-378C-4E7C-89A5-83F98EDC5DF6}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{38154FCB-FF3E-4463-9A3A-6D5AE642B559}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"TCP Query User{F4B60052-C840-4A66-95D4-7163F4F2C5B2}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{A909226E-309D-4749-9684-C802B1D47DCD}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
R3 athrusb;Atheros Wireless LAN USB device driver;C:\Windows\system32\DRIVERS\athrusb.sys [2006-12-22 449536]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{03415590-07f1-11dd-bf84-001a4d5161b8}]
\shell\AutoRun\command - H:\Autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{15c498bd-2d9e-11dd-ac2f-001a4d5161b8}]
\shell\AutoRun\command - M:\software.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{27344b12-f848-11dc-97d9-001a4d5161b8}]
\shell\AutoRun\command - F:\autorun.exe
\shell\install\command - F:\autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{869b94da-014b-11dd-95f8-001a4d5161b8}]
\shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
\shell\Open(&0)\command - Recycled\ctfmon.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{abcc5409-7dd2-11dd-8a0c-001a4d5161b8}]
\shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
\shell\Open(&0)\command - Recycled\ctfmon.exe
*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
Zawartość folderu 'Zaplanowane zadania'
.
- - - - USUNIĘTO PUSTE WPISY - - - -
HKCU-Run-BitComet - D:\BitComet\BitComet.exe
.
------- Skan uzupełniający -------
.
FireFox -: Profile - C:\Users\Marcin\AppData\Roaming\Mozilla\Firefox\Profiles\w5es8op3.default\
FF -: plugin - D:\Adobe Reader\Reader\browser\nppdf32.dll
FF -: plugin - D:\QuicTime 7.2\Plugins\npqtplugin.dll
FF -: plugin - D:\QuicTime 7.2\Plugins\npqtplugin2.dll
FF -: plugin - D:\QuicTime 7.2\Plugins\npqtplugin3.dll
FF -: plugin - D:\QuicTime 7.2\Plugins\npqtplugin4.dll
FF -: plugin - D:\QuicTime 7.2\Plugins\npqtplugin5.dll
FF -: plugin - D:\QuicTime 7.2\Plugins\npqtplugin6.dll
FF -: plugin - D:\QuicTime 7.2\Plugins\npqtplugin7.dll
FF -: plugin - D:\Real Alternative\browser\plugins\nppl3260.dll
FF -: plugin - D:\Real Alternative\browser\plugins\nprpjplug.dll
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-21 15:12:37
Windows 6.0.6000 NTFS
skanowanie ukrytych procesów ...
skanowanie ukrytych wpisów autostartu ...
skanowanie ukrytych plików ...
skanowanie pomyślnie ukończone
ukryte pliki: 0
**************************************************************************
.
Czas ukończenia: 2008-09-21 15:14:15
ComboFix-quarantined-files.txt 2008-09-21 13:14:05
Przed: System nie moľe znale«† komunikatu dla numeru komunikatu 0x2379 w pliku komunikat˘w dla Application.
Po: 151,426,920,448 bajt˘w wolnych
193 --- E O F --- 2008-09-18 20:40:00
hijack this:
- Kod: Zaznacz wszystko
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:17:59, on 2008-09-21
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16711)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
D:\Winamp\winampa.exe
C:\Program Files\Philips Display\SmartControl II\dthtml.exe
C:\Program Files\FlashGet\flashget.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
D:\DAEMON Tools Lite\daemon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
D:\Microsoft Office 2007\Office12\ONENOTEM.EXE
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Windows\Explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://onet.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareMediaBar.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [WinampAgent] D:\Winamp\winampa.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\QuicTime 7.2\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [DT PHL] C:\Program Files\Philips Display\SmartControl II\DTHtml.exe -startup_folder
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Adobe Reader\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Flashget] "C:\Program Files\FlashGet\FlashGet.exe" /min
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\DAEMON Tools Lite\daemon.exe" -autorun
O4 - Startup: Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk = D:\Microsoft Office 2007\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Ściągnij przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &Ściągnij wszystko przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://D:\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: (no name) - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra button: (no name) - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (no file)
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://D:\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing)
O9 - Extra button: (no name) - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - (no file)
O13 - Gopher Prefix:
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
--
End of file - 5855 bytes