ComboFix 09-06-10.02 - Daras 2009-06-11 15:07.9 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1250.48.1045.18.2943.2368 [GMT 2:00] Uruchomiony z: d:\załadowane\ComboFix.exe AV: avast! antivirus 4.8.1335 [VPS 090527-0] *On-access scanning disabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D} * Utworzono nowy punkt przywracania UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\drivers\2f300c0a.sys c:\documents and settings\Daras\Dane aplikacji\wiaserva.log c:\documents and settings\Daras\Menu Start\Programy\Autostart\rncsys32.exe . ((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_2f300c0a ((((((((((((((((((((((((( Pliki utworzone od 2009-05-11 do 2009-06-11 ))))))))))))))))))))))))))))))) . 2009-06-08 19:10 . 2009-06-08 19:10 33888 ----a-w- c:\windows\system32\drivers\qfs47a5.sys 2009-05-28 19:21 . 2009-05-28 19:21 1915520 ----a-w- c:\documents and settings\Daras\Dane aplikacji\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe 2009-05-28 18:07 . 2009-02-05 20:06 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2009-05-28 18:07 . 2009-02-05 20:06 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2009-05-28 18:07 . 2009-02-05 20:05 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys 2009-05-28 18:07 . 2009-02-05 20:08 93296 ----a-w- c:\windows\system32\drivers\aswmon.sys 2009-05-28 18:07 . 2009-02-05 20:08 94032 ----a-w- c:\windows\system32\drivers\aswmon2.sys 2009-05-28 18:07 . 2009-02-05 20:07 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys 2009-05-28 18:07 . 2009-02-05 20:07 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2009-05-28 18:07 . 2009-02-05 20:04 97480 ----a-w- c:\windows\system32\AvastSS.scr 2009-05-28 18:07 . 2009-02-05 20:11 1256296 ----a-w- c:\windows\system32\aswBoot.exe 2009-05-25 23:21 . 2009-05-25 23:21 32 --s-a-w- c:\windows\system32\4195976147.dat 2009-05-25 22:37 . 2009-05-25 22:37 390664 ----a-w- c:\documents and settings\Daras\Dane aplikacji\Real\RealPlayer\Update\RealPlayer11.exe . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-06-11 13:15 . 2004-09-20 06:20 94056 ----a-w- c:\windows\system32\perfc015.dat 2009-06-11 13:15 . 2004-09-20 06:20 515914 ----a-w- c:\windows\system32\perfh015.dat 2009-06-11 13:05 . 2008-03-25 18:15 -------- d-----w- c:\documents and settings\Daras\Dane aplikacji\foobar2000 2009-06-11 12:49 . 2008-01-28 09:06 169936 ----a-w- c:\documents and settings\Daras\Dane aplikacji\Mozilla\Firefox\Profiles\ptsyaux9.default\FlashGot.exe 2009-06-08 16:03 . 2008-01-21 18:53 -------- d-----w- c:\documents and settings\Daras\Dane aplikacji\XnView 2009-06-03 12:45 . 2008-02-02 19:16 -------- d-----w- c:\documents and settings\Daras\Dane aplikacji\Skype 2009-06-03 12:44 . 2009-02-27 10:06 -------- d-----w- c:\documents and settings\Daras\Dane aplikacji\skypePM 2009-05-21 20:07 . 2008-02-23 12:17 -------- d-----w- c:\documents and settings\Daras\Dane aplikacji\Nvu 2009-05-07 19:04 . 2008-10-29 22:44 21840 ----atw- c:\windows\system32\SIntfNT.dll 2009-05-07 19:04 . 2008-10-29 22:44 17212 ----atw- c:\windows\system32\SIntf32.dll 2009-05-07 19:04 . 2008-10-29 22:44 12067 ----atw- c:\windows\system32\SIntf16.dll 2009-04-25 22:44 . 2008-04-09 15:45 98304 ----a-w- c:\windows\system32\CmdLineExt.dll 2009-04-25 22:43 . 2009-04-25 22:43 -------- d-----w- c:\program files\directx 2009-04-25 22:36 . 2008-01-19 16:57 -------- d–h--w- c:\program files\InstallShield Installation Information 2009-04-13 18:49 . 2008-01-21 18:44 85904 ----a-w- c:\documents and settings\Daras\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT 2009-04-13 18:43 . 2008-01-19 16:57 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Microsoft Help 2009-04-13 18:43 . 2008-03-21 11:05 -------- d-----w- c:\program files\Microsoft Works 2009-04-13 15:10 . 2009-04-13 15:10 -------- d-----w- c:\documents and settings\Daras\Dane aplikacji\Bullzip 2009-04-12 23:34 . 2008-02-16 19:07 -------- d-----w- c:\documents and settings\Daras\Dane aplikacji\Vso 2009-04-12 15:19 . 2008-12-19 11:26 -------- d-----w- c:\documents and settings\Daras\Dane aplikacji\Any Video Converter 2008-01-19 09:31 . 2008-01-19 09:31 56 -csha-w- c:\windows\SMINST\hpboot.sys 2008-05-11 17:49 . 2008-05-11 17:49 88 --sh–r- c:\windows\system32\36784951B0.sys 2008-05-11 17:19 . 2008-05-11 09:38 88 --sh–r- c:\windows\system32\6B7C237EE4.sys 2008-05-11 17:49 . 2008-05-09 15:13 5070 -csha-w- c:\windows\system32\KGyGaAvL.sys . ((((((((((((((((((((((((((((( SnapShot@2009-06-09_16.53.40 ))))))))))))))))))))))))))))))))))))))))) . + 2009-06-11 12:19 . 2009-06-11 12:19 16384 c:\windows\Temp\Perflib_Perfdata_69c.dat + 2009-06-11 13:11 . 2009-06-11 13:11 16384 c:\windows\Temp\Perflib_Perfdata_65c.dat + 2009-06-11 13:11 . 2009-06-11 13:11 16384 c:\windows\Temp\Perflib_Perfdata_104.dat - 2004-09-20 06:20 . 2009-06-09 15:16 75444 c:\windows\system32\perfc009.dat + 2004-09-20 06:20 . 2009-06-11 13:15 75444 c:\windows\system32\perfc009.dat - 2004-09-20 06:20 . 2009-06-09 15:16 455582 c:\windows\system32\perfh009.dat + 2004-09-20 06:20 . 2009-06-11 13:15 455582 c:\windows\system32\perfh009.dat + 2004-08-04 08:00 . 2008-04-14 20:51 339456 c:\windows\system32\dllcache\zipfldr.dll + 2009-06-11 13:06 . 2009-06-11 13:06 396288 c:\windows\system32\CF10723.exe . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “ATnotes.exe”=“d:\programy\ATnotes\ATnotes.exe” [2005-01-05 1015808] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “SoundMAXPnP”=“c:\program files\Analog Devices\Core\smax4pnp.exe” [2007-01-05 872448] “StartCCC”=“c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe” [2006-11-10 90112] “hpWirelessAssistant”=“c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe” [2008-04-15 488752] “SynTPEnh”=“c:\program files\Synaptics\SynTP\SynTPEnh.exe” [2007-01-12 827392] “avast!”=“d:\programy\Avast\ashDisp.exe” [2009-02-05 81000] [HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“c:\windows\system32\CTFMON.EXE” [2008-04-14 15360] c:\documents and settings\Daras\Menu Start\Programy\Autostart\ CCC.lnk - c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2007-7-17 49152] c:\documents and settings\All Users\Menu Start\Programy\Autostart\ BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-2-6 561213] [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] “DisableMonitoring”=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] “DisableMonitoring”=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] “DisableMonitoring”=dword:00000001 [HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] “%windir%\system32\sessmgr.exe”= “c:\WINDOWS\system32\mqsvc.exe”= “c:\WINDOWS\SMINST\Scheduler.exe”= “d:\PROGRAMY\Konnekt\konnekt.exe”= “d:\PROGRAMY\FlashGet\flashget.exe”= “c:\Program Files\Microsoft Office\Office12\ONENOTE.EXE”= “%windir%\Network Diagnostic\xpnetdiag.exe”= “c:\WINDOWS\system32\dpvsetup.exe”= “d:\GRY\SWAT 4\ContentExpansion\System\Swat4X.exe”= “d:\GRY\SWAT 4\ContentExpansion\System\Swat4XDedicatedServer.exe”= “d:\PROGRAMY\Total Commander\TOTALCMD.EXE”= “d:\GRY\Counter-Strike 1.6\hl.exe”= “c:\WINDOWS\system32\LEXPPS.EXE”= “d:\GRY\Arcanum\Arcanum.EXE”= “d:\Programy\Skype\Phone\Skype.exe”= R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-05-28 114768] R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;d:\programy\Adobe\Photoshop Elements\PhotoshopElementsFileAgent.exe [2007-09-11 124832] R2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe -k Cognizance [2004-08-04 14336] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-05-28 20560] R2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [2007-08-07 540448] R2 SWIHPWMI;SWIHPWMI;c:\program files\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe [2006-12-04 292384] R2 Vcs;Vcs support;c:\windows\system32\drivers\Vcs.sys [2008-07-14 6852] S1 qfs47a5;qfs47a5;c:\windows\system32\drivers\qfs47a5.sys [2009-06-08 33888] S3 KS-959;Kingsun KS-959 USB Infrared Adapter;c:\windows\system32\drivers\KS-959.sys [2008-02-03 19034] S3 usb2vcom;USB to Serial Bridge Controller;c:\windows\system32\Drivers\usb2vcom.sys – c:\windows\system32\Drivers\usb2vcom.sys [?] S3 V0260VID;Live! Cam Vista IM;c:\windows\system32\drivers\V0260Vid.sys [2008-02-01 178913] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 Cognizance REG_MULTI_SZ ASBroker ASChannel hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components{10880D85-AAD9-4558-ABDC-2AB1552D831F}] “c:\program files\Common Files\LightScribe\LSRunOnce.exe” . . ------- Skan uzupełniający ------- . uStart Page = hxxp://www.hp.com/ uInternet Connection Wizard,ShellNext = hxxp://www.hp.com/ IE: Download All with FlashGet - d:\programy\FlashGet\jc_all.htm IE: Download with FlashGet - d:\programy\FlashGet\jc_link.htm IE: Eksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Wyślij do urządzenia Bluetooth… - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm FF - ProfilePath - . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-06-11 15:18 Windows 5.1.2600 Dodatek Service Pack 3 NTFS skanowanie ukrytych procesów … skanowanie ukrytych wpisów autostartu … skanowanie ukrytych plików … skanowanie pomyślnie ukończone ukryte pliki: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\pdfcDispatcher] “ImagePath”=“c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService” . --------------------- ZABLOKOWANE KLUCZE REJESTRU --------------------- [HKEY_USERS\S-1-5-21-3573236727-1969794286-313692283-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID] @Denied: (Full) (LocalSystem) @SACL= [HKEY_USERS\S-1-5-21-3573236727-1969794286-313692283-1005\Software\SecuROM!CAUTION! NEVER A OR CHANGE ANY KEY*] “??”=hex:d1,17,f7,eb,01,37,e8,72,28,77,db,fa,5b,fb,cb,f9,3f,62,42,98,2a,51,31, 8d,40,cc,b3,79,f1,59,d5,21,57,19,6e,fc,e6,c0,29,a2,87,c7,00,3c,24,51,6c,89,\ “??”=hex:aa,fe,e6,76,21,80,f5,d0,bd,e7,46,84,e9,cb,a8,78 . --------------------- Pliki DLL ładowane pod uruchomionymi procesami --------------------- - - - - - - - ‘winlogon.exe’(748) c:\windows\system32\Ati2evxx.dll - - - - - - - ‘explorer.exe’(1472) c:\windows\system32\btmmhook.dll . ------------------------ Pozostałe uruchomione procesy ------------------------ . c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe d:\programy\Avast\aswUpdSv.exe d:\programy\Avast\ashServ.exe c:\windows\system32\LEXBCES.EXE c:\windows\system32\LEXPPS.EXE c:\windows\system32\msdtc.exe c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\LightScribe\LSSrvc.exe d:\programy\Alcohol 120\StarWind\StarWindServiceAE.exe c:\program files\Hewlett-Packard\Shared\hpqWmiEx.exe c:\windows\system32\mqsvc.exe c:\windows\system32\mqtgsvc.exe d:\programy\Avast\ashWebSv.exe c:\windows\system32\CF10723.exe c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe c:\program files\Hewlett-Packard\Shared\HpqToaster.exe . ************************************************************************** . Czas ukończenia: 2009-06-11 15:21 - komputer został uruchomiony ponownie ComboFix-quarantined-files.txt 2009-06-11 13:21 ComboFix2.txt 2009-06-09 16:54 Przed: 3 112 730 624 bajtów wolnych Po: 3 095 392 256 bajtów wolnych 196 Log z HiJackThis: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:49:07, on 2009-06-11 Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\WINDOWS\system32\svchost.exe D:\PROGRAMY\Avast\aswUpdSv.exe D:\PROGRAMY\Avast\ashServ.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\Explorer.EXE C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE D:\PROGRAMY\Avast\ashDisp.exe D:\PROGRAMY\ATnotes\ATnotes.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe D:\PROGRAMY\Adobe\Photoshop Elements\PhotoshopElementsFileAgent.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Program Files\PDF Complete\pdfsvc.exe D:\Programy\Alcohol 120\StarWind\StarWindServiceAE.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\mqsvc.exe C:\Program Files\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe C:\WINDOWS\system32\mqtgsvc.exe D:\PROGRAMY\Avast\ashWebSv.exe C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe D:\PROGRAMY\foobar2000\foobar2000.exe D:\PROGRAMY\Firefox\firefox.exe C:\WINDOWS\system32\NOTEPAD.EXE D:\PROGRAMY\HiJackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hp.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - D:\PROGRAMY\FlashGet\jccatch.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Credential Manager for HP ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - D:\Programy\FlashGet\getflash.dll O4 - HKLM…\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM…\Run: [startCCC] “C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe” O4 - HKLM…\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe O4 - HKLM…\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM…\Run: [avast!] D:\PROGRAMY\Avast\ashDisp.exe O4 - HKCU…\Run: [ATnotes.exe] D:\PROGRAMY\ATnotes\ATnotes.exe O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’) O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’) O4 - S-1-5-18 Startup: CCC.lnk = ? (User ‘SYSTEM’) O4 - .DEFAULT Startup: CCC.lnk = ? (User ‘Default user’) O4 - .DEFAULT User Startup: CCC.lnk = ? (User ‘Default user’) O4 - Startup: CCC.lnk = ? O4 - Global Startup: BTTray.lnk = ? O8 - Extra context menu item: Download All with FlashGet - D:\PROGRAMY\FlashGet\jc_all.htm O8 - Extra context menu item: Download with FlashGet - D:\PROGRAMY\FlashGet\jc_link.htm O8 - Extra context menu item: Eksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Wyślij do urządzenia Bluetooth… - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra ‘Tools’ menuitem: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra ‘Tools’ menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Programy\FlashGet\FlashGet.exe O9 - Extra ‘Tools’ menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Programy\FlashGet\FlashGet.exe O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows … 9640010218 O16 - DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} (IPSUploader4 Control) - https://asp.photoprintit.de/microsite/4 … oader4.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s … wflash.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: C:\WINDOWS\system32\APSHook.dll O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - D:\PROGRAMY\Adobe\Photoshop Elements\PhotoshopElementsFileAgent.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\PROGRAMY\Avast\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - D:\PROGRAMY\Avast\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - D:\PROGRAMY\Avast\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - D:\PROGRAMY\Avast\ashWebSv.exe O23 - Service: Usługa inteligentnego transferu w tle (BITS) - Unknown owner - C:\WINDOWS\ O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - D:\Programy\Alcohol 120\StarWind\StarWindServiceAE.exe O23 - Service: SWIHPWMI - Sierra Wireless Inc. - C:\Program Files\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe O23 - Service: Aktualizacje automatyczne (wuauserv) - Unknown owner - C:\WINDOWS\ – End of file - 8930 bytes