Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:29:27, on 2009-01-31
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nowe Gadu-Gadu\gg.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Nowe Gadu-Gadu] "C:\Program Files\Nowe Gadu-Gadu\gg.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab
O23 - Service: Norton2009 Reset (.norton2009Reset) - Unknown owner - C:\Program Files\Norton2009Reset.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 2621 bytes
ComboFix 09-01-21.04 - marta 2009-01-31 18:41:23.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.1023.764 [GMT 1:00]
Uruchomiony z: c:\documents and settings\marta\Pulpit\ComboFix.exe
AV: Norton Internet Security *On-access scanning disabled* (Updated)
FW: Norton Internet Security *disabled*
* Utworzono nowy punkt przywracania
UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !!
.
- TRYB ZREDUKOWANEJ FUNKCJONALNOŚCI -
.
((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.
E:\Autorun.inf
.
((((((((((((((((((((((((( Pliki utworzone od 2008-12-28 do 2009-01-31 )))))))))))))))))))))))))))))))
.
2009-01-31 17:38 . 2009-01-31 17:44 <DIR> d-------- c:\program files\SkanerOnline
2009-01-31 17:07 . 2009-01-31 17:07 <DIR> d-------- c:\program files\Symantec
2009-01-31 17:07 . 2009-01-31 17:07 <DIR> d-------- c:\program files\Common Files\Symantec Shared
2009-01-31 17:07 . 2009-01-31 17:07 124,464 --a------ c:\windows\system32\drivers\SYMEVENT.SYS
2009-01-31 17:07 . 2009-01-31 17:07 60,808 --a------ c:\windows\system32\S32EVNT1.DLL
2009-01-31 17:07 . 2009-01-31 17:07 35,888 -ra------ c:\windows\system32\drivers\SymIM.sys
2009-01-31 17:07 . 2009-01-31 17:07 10,635 --a------ c:\windows\system32\drivers\SYMEVENT.CAT
2009-01-31 17:07 . 2009-01-31 17:07 806 --a------ c:\windows\system32\drivers\SYMEVENT.INF
2009-01-31 17:06 . 2009-01-31 17:06 <DIR> d-------- c:\windows\system32\drivers\NIS
2009-01-31 17:06 . 2009-01-31 17:06 <DIR> d-------- c:\program files\Windows Sidebar
2009-01-31 17:06 . 2009-01-31 17:06 <DIR> d-------- c:\program files\NortonInstaller
2009-01-31 17:06 . 2009-01-31 17:06 <DIR> d-------- c:\program files\Norton Internet Security
2009-01-31 17:06 . 2009-01-31 17:06 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\NortonInstaller
2009-01-31 17:06 . 2009-01-31 17:07 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\Norton
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-31 15:28 --------- d-----w c:\documents and settings\marta\Dane aplikacji\Media Player Classic
2009-01-31 15:26 --------- d-----w c:\program files\K-Lite Codec Pack
2009-01-31 15:16 --------- d-----w c:\program files\Intel
2009-01-31 15:14 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-31 15:14 --------- d-----w c:\program files\Common Files\InstallShield
2009-01-31 15:11 --------- d-----w c:\program files\Lavalys
2009-01-31 14:46 --------- d-----w c:\program files\microsoft frontpage
2009-01-31 14:43 --------- d-----w c:\program files\Usługi online
2009-01-21 16:11 473,600 ----a-w c:\windows\system32\SkanerOnline.dll
2008-09-17 13:16 549,159 --sha-r c:\program files\Norton2009Reset.exe
2004-08-03 22:44 171,376 --sha-r c:\windows\system32\uhytj.dll
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]
"nwiz"="nwiz.exe" [2006-10-22 c:\windows\system32\nwiz.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"= ctwdm32.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6831:TCP"= 6831:TCP:qfxcil
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1000000.07D\SymEFA.sys [2009-01-31 309296]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\NIS\1000000.07D\BHDrvx86.sys [2009-01-31 254512]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1000000.07D\ccHPx86.sys [2009-01-31 362544]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Dane aplikacji\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20080826.006\IDSxpx86.sys [2009-01-31 274808]
R4 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe [2009-01-31 115560]
S4 .norton2009Reset;Norton2009 Reset;c:\program files\Norton2009Reset.exe [2008-09-17 549159]
S4 uqkgbzb;Update Windows;c:\windows\system32\svchost.exe -k netsvcs [2004-08-03 14336]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
uqkgbzb
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{003ac7e4-efab-11dd-8590-806d6172696f}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
.
.
------- Skan uzupełniający -------
.
DPF: {68282C51-9459-467B-95BF-3C0E89627E55} - hxxp://www.mks.com.pl/skaner/SkanerOnline.cab
FF - ProfilePath - c:\documents and settings\marta\Dane aplikacji\Mozilla\Firefox\Profiles\caqabn5q.default\
FF - component: c:\documents and settings\All Users\Dane aplikacji\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll
FF - component: c:\documents and settings\All Users\Dane aplikacji\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-31 18:41:35
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
skanowanie ukrytych procesów ...
skanowanie ukrytych wpisów autostartu ...
skanowanie ukrytych plików ...
skanowanie pomyślnie ukończone
ukryte pliki: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll\" /prefetch:1"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\uqkgbzb]
"ServiceDll"="c:\windows\system32\uhytj.dll"
.
Czas ukończenia: 2009-01-31 18:44:21
ComboFix-quarantined-files.txt 2009-01-31 17:43:50
Przed: 35 411 533 824 bajtów wolnych
Po: 35,407,101,952 bajtów wolnych
105
ComboFix 09-01-21.04 - marta 2009-01-31 18:41:23.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.1023.764 [GMT 1:00]
Uruchomiony z: c:\documents and settings\marta\Pulpit\ComboFix.exe
AV: Norton Internet Security *On-access scanning disabled* (Updated)
FW: Norton Internet Security *disabled*
* Utworzono nowy punkt przywracania
UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !!
.
- TRYB ZREDUKOWANEJ FUNKCJONALNOŚCI -
.
((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.
E:\Autorun.inf
.
((((((((((((((((((((((((( Pliki utworzone od 2008-12-28 do 2009-01-31 )))))))))))))))))))))))))))))))
.
2009-01-31 17:38 . 2009-01-31 17:44 <DIR> d-------- c:\program files\SkanerOnline
2009-01-31 17:07 . 2009-01-31 17:07 <DIR> d-------- c:\program files\Symantec
2009-01-31 17:07 . 2009-01-31 17:07 <DIR> d-------- c:\program files\Common Files\Symantec Shared
2009-01-31 17:07 . 2009-01-31 17:07 124,464 --a------ c:\windows\system32\drivers\SYMEVENT.SYS
2009-01-31 17:07 . 2009-01-31 17:07 60,808 --a------ c:\windows\system32\S32EVNT1.DLL
2009-01-31 17:07 . 2009-01-31 17:07 35,888 -ra------ c:\windows\system32\drivers\SymIM.sys
2009-01-31 17:07 . 2009-01-31 17:07 10,635 --a------ c:\windows\system32\drivers\SYMEVENT.CAT
2009-01-31 17:07 . 2009-01-31 17:07 806 --a------ c:\windows\system32\drivers\SYMEVENT.INF
2009-01-31 17:06 . 2009-01-31 17:06 <DIR> d-------- c:\windows\system32\drivers\NIS
2009-01-31 17:06 . 2009-01-31 17:06 <DIR> d-------- c:\program files\Windows Sidebar
2009-01-31 17:06 . 2009-01-31 17:06 <DIR> d-------- c:\program files\NortonInstaller
2009-01-31 17:06 . 2009-01-31 17:06 <DIR> d-------- c:\program files\Norton Internet Security
2009-01-31 17:06 . 2009-01-31 17:06 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\NortonInstaller
2009-01-31 17:06 . 2009-01-31 17:07 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\Norton
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-31 15:28 --------- d-----w c:\documents and settings\marta\Dane aplikacji\Media Player Classic
2009-01-31 15:26 --------- d-----w c:\program files\K-Lite Codec Pack
2009-01-31 15:16 --------- d-----w c:\program files\Intel
2009-01-31 15:14 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-31 15:14 --------- d-----w c:\program files\Common Files\InstallShield
2009-01-31 15:11 --------- d-----w c:\program files\Lavalys
2009-01-31 14:46 --------- d-----w c:\program files\microsoft frontpage
2009-01-31 14:43 --------- d-----w c:\program files\Usługi online
2009-01-21 16:11 473,600 ----a-w c:\windows\system32\SkanerOnline.dll
2008-09-17 13:16 549,159 --sha-r c:\program files\Norton2009Reset.exe
2004-08-03 22:44 171,376 --sha-r c:\windows\system32\uhytj.dll
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]
"nwiz"="nwiz.exe" [2006-10-22 c:\windows\system32\nwiz.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"= ctwdm32.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6831:TCP"= 6831:TCP:qfxcil
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1000000.07D\SymEFA.sys [2009-01-31 309296]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\NIS\1000000.07D\BHDrvx86.sys [2009-01-31 254512]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1000000.07D\ccHPx86.sys [2009-01-31 362544]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Dane aplikacji\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20080826.006\IDSxpx86.sys [2009-01-31 274808]
R4 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe [2009-01-31 115560]
S4 .norton2009Reset;Norton2009 Reset;c:\program files\Norton2009Reset.exe [2008-09-17 549159]
S4 uqkgbzb;Update Windows;c:\windows\system32\svchost.exe -k netsvcs [2004-08-03 14336]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
uqkgbzb
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{003ac7e4-efab-11dd-8590-806d6172696f}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
.
.
------- Skan uzupełniający -------
.
DPF: {68282C51-9459-467B-95BF-3C0E89627E55} - hxxp://www.mks.com.pl/skaner/SkanerOnline.cab
FF - ProfilePath - c:\documents and settings\marta\Dane aplikacji\Mozilla\Firefox\Profiles\caqabn5q.default\
FF - component: c:\documents and settings\All Users\Dane aplikacji\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll
FF - component: c:\documents and settings\All Users\Dane aplikacji\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-31 18:41:35
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
skanowanie ukrytych procesów ...
skanowanie ukrytych wpisów autostartu ...
skanowanie ukrytych plików ...
skanowanie pomyślnie ukończone
ukryte pliki: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll\" /prefetch:1"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\uqkgbzb]
"ServiceDll"="c:\windows\system32\uhytj.dll"
.
Czas ukończenia: 2009-01-31 18:44:21
ComboFix-quarantined-files.txt 2009-01-31 17:43:50
Przed: 35 411 533 824 bajtów wolnych
Po: 35,407,101,952 bajtów wolnych
105
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:25:34, on 2009-01-31
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nowe Gadu-Gadu\gg.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Nowe Gadu-Gadu] "C:\Program Files\Nowe Gadu-Gadu\gg.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab
O23 - Service: Norton2009 Reset (.norton2009Reset) - Unknown owner - C:\Program Files\Norton2009Reset.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 2621 bytes
c:\windows\system32\uhytj.dll
Windows Registry Editor Version 5.00
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{003ac7e4-efab-11dd-8590-806d6172696f}]
c:\windows\system32\uhytj.dll
c:\windows\system32\uhytj.dll
Użytkownicy przeglądający to forum: Brak zarejestrowanych użytkowników oraz 14 gości