Ochrona protokołu HTTP plik http: //banksguard.com/picxxx/file.php?del - prawdopodobnie odmiana wirusa Win32/Statik aplikacja - połączenie zostało zakończone - poddany kwarantannie - Wykryto zagrożenie podczas uzyskiwania dostępu do stron internetowych przez aplikację: C:\WINDOWS\system32\svchost.exe.
Co zrobić, żeby komputer nie łączył się z tą stroną? Nie wiem, czy to prawidłowy sposób podania problemu...
- Kod: Zaznacz wszystko
ComboFix 09-02-17.02 - offer 2009-02-18 18:28:15.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1250.1.1033.18.1279.983 [GMT 1:00]
Uruchomiony z: f:\instalki, sterowniki, programy, system\Programy\ComboFix.exe
* Utworzono nowy punkt przywracania
* Resident AV is active
UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !!
.
((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\offer\Application Data\EurekaLog
c:\documents and settings\offer\Application Data\EurekaLog\EurekaLog.ini
c:\windows\system32\twain32
c:\windows\system32\twain32\local.ds
c:\windows\system32\twain32\user.ds
c:\windows\system32\twex.exe
----- BITS: Możliwe zainfekowane strony -----
hxxp://banksguard.com
.
((((((((((((((((((((((((( Pliki utworzone od 2009-01-18 do 2009-02-18 )))))))))))))))))))))))))))))))
.
2009-02-18 18:32 . 2009-02-18 18:32 <DIR> d--hs---- c:\windows\system32\twain32
2009-02-18 13:43 . 2009-02-18 14:37 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-18 13:43 . 2009-02-18 13:43 <DIR> d-------- c:\documents and settings\offer\Application Data\Malwarebytes
2009-02-18 13:43 . 2009-02-18 13:43 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-02-18 13:43 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-18 13:43 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-02-17 11:07 . 2008-04-14 04:42 26,112 --a------ c:\windows\system32\stu2.exe
2009-02-04 07:57 . 2009-02-04 07:57 <DIR> d-------- c:\program files\iTunes
2009-02-04 07:57 . 2009-02-04 07:57 <DIR> d-------- c:\program files\iPod
2009-02-04 07:57 . 2009-02-04 07:57 <DIR> d-------- c:\program files\Bonjour
2009-02-04 07:57 . 2009-02-04 07:57 <DIR> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-02-04 07:57 . 2008-04-17 13:12 107,368 --a------ c:\windows\system32\GEARAspi.dll
2009-02-04 07:57 . 2008-04-17 13:12 15,464 --a------ c:\windows\system32\drivers\GEARAspiWDM.sys
2009-02-04 07:56 . 2009-02-04 07:56 <DIR> d-------- c:\program files\QuickTime
2009-02-04 07:56 . 2009-02-04 07:56 <DIR> d-------- c:\documents and settings\All Users\Application Data\Apple Computer
2009-02-04 07:55 . 2009-02-04 07:57 <DIR> d----c--- c:\windows\system32\DRVSTORE
2009-02-04 07:55 . 2009-02-04 07:55 <DIR> d-------- c:\program files\Common Files\Apple
2009-02-02 13:16 . 2009-02-11 11:58 <DIR> d-------- c:\windows\system32\IOSUBSYS
2009-01-24 23:20 . 2009-01-24 23:20 <DIR> d-------- c:\program files\UnH Solutions
2009-01-22 18:19 . 2009-01-24 23:06 <DIR> d-------- C:\TEMP
2009-01-21 20:19 . 2009-01-21 20:19 <DIR> d-------- c:\documents and settings\offer\Application Data\VSRevoGroup
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-18 17:27 81,920 ----a-w c:\windows\DUMP3c20.tmp
2009-02-17 18:58 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-02-17 10:06 8,704 ----a-w c:\windows\system32\userinit.exe
2009-02-12 15:26 --------- d-----r c:\program files\Aston
2009-02-04 20:58 --------- d-----w c:\program files\Google
2009-02-04 06:57 --------- d-----w c:\documents and settings\offer\Application Data\Apple Computer
2009-02-02 12:16 --------- d-----w c:\program files\Programy
2009-01-29 21:57 --------- d-----w c:\documents and settings\offer\Application Data\Skype
2009-01-29 21:17 --------- d-----w c:\documents and settings\offer\Application Data\skypePM
2009-01-16 20:35 3,594,752 ------w c:\windows\system32\dllcache\mshtml.dll
2009-01-16 13:01 410,984 ----a-w c:\windows\system32\deploytk.dll
2009-01-16 13:01 --------- d-----w c:\program files\Java
2009-01-16 00:53 --------- d-----w c:\documents and settings\All Users\Application Data\SpeedBit
2009-01-11 01:28 --------- d-----w c:\program files\AskSBar
2009-01-11 01:26 --------- d-----w c:\program files\DAP
2009-01-11 01:21 50,688 ----a-w c:\windows\system32\wbhelp2.dll
2009-01-07 02:02 --------- d-----w c:\program files\Gadu-Gadu
2009-01-05 22:33 3,751,995 ----a-w c:\windows\system32\GPhotos.scr
2009-01-03 22:54 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-03 22:54 --------- d-----w c:\program files\LizardTech
2008-12-25 00:37 --------- d-----w c:\documents and settings\offer\Application Data\AdobeUM
2008-12-23 00:18 22,776 ----a-w c:\documents and settings\offer\Application Data\GDIPFONTCACHEV1.DAT
2008-12-19 09:10 70,656 ------w c:\windows\system32\dllcache\ie4uinit.exe
2008-12-19 09:10 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe
2008-12-19 05:25 634,024 ------w c:\windows\system32\dllcache\iexplore.exe
2008-12-19 05:23 161,792 ------w c:\windows\system32\dllcache\ieakui.dll
2008-12-11 10:57 333,952 ------w c:\windows\system32\dllcache\srv.sys
2005-03-31 20:17 40,960 ----a-w c:\program files\Uninstall_CDS.exe
.
------- Sigcheck -------
2009-02-17 11:06 8704 8d82c411cb3748dfefcbd4277db7fbfd c:\windows\system32\userinit.exe
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{E312764E-7706-43F1-8DAB-FCDD2B1E416D}"= "c:\program files\Search Settings\kb127\SearchSettings.dll" [2008-06-12 1111904]
[HKEY_CLASSES_ROOT\clsid\{e312764e-7706-43f1-8dab-fcdd2b1e416d}]
[HKEY_CLASSES_ROOT\SearchSettings.BHO.1]
[HKEY_CLASSES_ROOT\TypeLib\{CD082CCA-086F-4FD8-8FD7-247A0DBBD1CC}]
[HKEY_CLASSES_ROOT\SearchSettings.BHO]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}]
2008-06-12 15:57 1111904 --a------ c:\program files\Search Settings\kb127\SearchSettings.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"EVEREST AutoStart"="c:\program files\Programy\Everest Ultimate Edition 2007\everest.exe" [2007-04-04 2141544]
"Gadu-Gadu"="c:\program files\Gadu-Gadu\gg.exe" [2008-12-27 2127296]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\Programy\ESET NOD32 Antivirus\egui.exe" [2008-03-13 1443072]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-03-24 3309568]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2004-03-24 46080]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-16 136600]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" [2008-12-21 c:\windows\system32\advpack.dll]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\winlogon]
"shell"="c:\progra~1\Aston\aston.exe ,svchost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="c:\windows\system32\userinit.exe,c:\windows\system32\twex.exe,"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"= ctwdm32.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerBar]
--------- 2004-04-21 09:26 86016 c:\program files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 2003-12-08 16:35 32768 c:\program files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\WapSter\\WapSter AQQ\\AQQ.exe"=
"c:\\Program Files\\Programy\\eMule\\emule.exe"=
"c:\\Program Files\\Gadu-Gadu\\gg.exe"=
"c:\\Program Files\\Ares\\Ares.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2008-03-13 33800]
R2 ekrn;Eset Service;c:\program files\Programy\ESET NOD32 Antivirus\ekrn.exe [2008-03-13 472320]
R3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\program files\Programy\Everest Ultimate Edition 2007\kerneld.wnt [2008-08-13 20856]
S2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe [2001-08-23 3584]
--- Inne Usługi/Sterowniki w Pamięci ---
*NewlyCreated* - HELPSVC
.
Zawartość folderu 'Zaplanowane zadania'
2009-02-17 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
2009-01-31 c:\windows\Tasks\ErrorKiller Scheduled Scan.job
- c:\program files\Programy\ErrorKiller\ErrorKiller.exe []
2009-01-31 c:\windows\Tasks\ErrorKiller Scheduled Scan.job
- c:\program files\Programy\ErrorKiller []
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://search.speedbit.com/
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\DAP\dapextie.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Compare Prices with &Dealio - c:\documents and settings\offer\Application Data\Dealio\kb127\res\DealioSearch.html
IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm
IE: E&ksport do programu Microsoft Excel - c:\progra~1\Programy\MICROS~1\Office10\EXCEL.EXE/3000
Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll
Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll
FF - ProfilePath - c:\documents and settings\offer\Application Data\Mozilla\Firefox\Profiles\v3siseyh.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?source=gama&hl=pl
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?btnI=I%27m+Feeling+Lucky&ie=UTF-8&oe=UTF-8&q=
FF - plugin: c:\program files\Microsoft Silverlight\npctrl.1.0.20816.0.dll
FF - plugin: c:\program files\Programy\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF - plugin: c:\program files\Programy\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Programy\Mozilla Firefox\plugins\npdjvu.dll
FF - plugin: c:\program files\Programy\Mozilla Firefox\plugins\NPMyrMus.dll
FF - plugin: c:\program files\Programy\Opera\program\plugins\npdjvu.dll
FF - plugin: c:\program files\Programy\Opera\program\plugins\npdsplay.dll
FF - plugin: c:\program files\Programy\Opera\program\plugins\npqtplugin.dll
FF - plugin: c:\program files\Programy\Opera\program\plugins\npqtplugin2.dll
FF - plugin: c:\program files\Programy\Opera\program\plugins\npqtplugin3.dll
FF - plugin: c:\program files\Programy\Opera\program\plugins\npqtplugin4.dll
FF - plugin: c:\program files\Programy\Opera\program\plugins\npqtplugin5.dll
FF - plugin: c:\program files\Programy\Opera\program\plugins\npqtplugin6.dll
FF - plugin: c:\program files\Programy\Opera\program\plugins\npqtplugin7.dll
FF - plugin: c:\program files\Programy\Opera\program\plugins\npwmsdrm.dll
---- FIREFOX - SPOSÓB POSTĘPOWANIA ----
pref(dom.disable_open_during_load, false);
FF - user.js: capability.policy.policynames - allowclipboard
FF - user.js: capability.policy.allowclipboard.sites - hxxp://www.chomikuj.pl
FF - user.js: capability.policy.allowclipboard.Clipboard.cutcopy - allAccess
FF - user.js: capability.policy.allowclipboard.Clipboard.paste - allAccess.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-18 18:32:12
Windows 5.1.2600 Service Pack 3 NTFS
skanowanie ukrytych procesów ...
skanowanie ukrytych wpisów autostartu ...
skanowanie ukrytych plików ...
skanowanie pomyślnie ukończone
ukryte pliki: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EverestDriver]
"ImagePath"="\??\c:\program files\Programy\Everest Ultimate Edition 2007\kerneld.wnt"
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Programy\FolderSize\FolderSizeSvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\progra~1\Aston\Aston.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\devldr32.exe
.
**************************************************************************
.
Czas ukończenia: 2009-02-18 18:37:06 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt 2009-02-18 17:37:03
Przed: 6,228,918,272 bytes free
Po: 6,425,591,808 bytes free
219 --- E O F --- 2009-02-11 17:38:06
jeszcze ten..
- Kod: Zaznacz wszystko
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:23:37, on 2009-02-18
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
Running processes:
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Programy\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Programy\FolderSize\FolderSizeSvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\Aston\aston.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Programy\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Programy\Everest Ultimate Edition 2007\everest.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Programy\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\NOTEPAD.EXE
F:\Instalki, Sterowniki, Programy, System\Programy\do logów\Hijackthis\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.speedbit.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\twex.exe,
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Programy\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - (no file)
O4 - HKLM\..\Run: [egui] "C:\Program Files\Programy\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EVEREST AutoStart] C:\Program Files\Programy\Everest Ultimate Edition 2007\everest.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Documents and Settings\offer\Application Data\Dealio\kb127\res\DealioSearch.html
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\Programy\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\WINDOWS\system32\shdocvw.dll
O12 - Plugin for .mu3: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll
O12 - Plugin for .mus: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll
O12 - Plugin for .mxl: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll
O12 - Plugin for .mya: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll
O12 - Plugin for .myr: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll
O12 - Plugin for .myt: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll
O12 - Plugin for .xmz: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CiSvc - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\Programy\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\Programy\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Folder Size (FolderSize) - Brio - C:\Program Files\Programy\FolderSize\FolderSizeSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Usługa iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: UPS - Unknown owner - C:\WINDOWS\System32\ups.exe (file missing)
--
End of file - 7390 bytes
Hmm...