Witam!
Ad-aware wykrył mi trojana i po kazdym skanowaniu wykrywana tego samego w nowej lokalizacji. Nie wiem jak je usunąć.Z góry dzieki za pomoc!
Wczesniej ad-aware wykrywał tego samego trojana za kazdym skanowaniem w innej lokalizacji a to log z ostatniego skana który o dziwo nic nie wykrył
Ad-aware
Logfile created: 2009-04-19 12:3:9
Lavasoft Ad-Aware version: 8.0.3
Extended engine version: 8.1
User performing scan: Adzik
***********************Definitions database information***********************
Lavasoft definition file: 148.11
Extended engine definition file: 8.1
********************************Scan results:*********************************
Scan profile name: Full Scan (ID: full)
Objects scanned: 118024
Objects detected: 0
Type Detected
==========================
Processes.......: 0
Registry entries: 0
Hostfile entries: 0
Files...........: 0
Folders.........: 0
LSPs............: 0
Cookies.........: 0
Browser hijacks.: 0
MRU objects.....: 0
Scan and cleaning complete: Finished correctly after 1222 seconds
***********************************Settings***********************************
Scan profile:
ID: full, enabled:1, value: Full Scan
ID: scancriticalareas, enabled:1, value: true
ID: scanrunningapps, enabled:1, value: true
ID: scanregistry, enabled:1, value: true
ID: scanlsp, enabled:1, value: true
ID: scanads, enabled:1, value: true
ID: scanhostsfile, enabled:1, value: true
ID: scanmru, enabled:1, value: true
ID: scanbrowserhijacks, enabled:1, value: true
ID: scantrackingcookies, enabled:1, value: true
ID: closebrowsers, enabled:1, value: false
ID: folderstoscan, enabled:1, value: C:\,D:\
ID: scanrootkits, enabled:1, value: true
ID: usespywareheuristics, enabled:1, value: true
ID: extendedengine, enabled:0, value: true
ID: useheuristics, enabled:0, value: true
ID: heuristicslevel, enabled:0, value: mild, domain: medium,mild,strict
ID: filescanningoptions, enabled:1
ID: archives, enabled:1, value: true
ID: onlyexecutables, enabled:1, value: false
ID: skiplargerthan, enabled:1, value: 20480
Scan global:
ID: global, enabled:1
ID: addtocontextmenu, enabled:1, value: true
ID: playsoundoninfection, enabled:1, value: false
ID: soundfile, enabled:0, value: *to be filled in automatically*\alert.wav
Scheduled scan settings:
Update settings:
ID: updates, enabled:1
ID: launchthreatworksafterscan, enabled:1, value: normal, domain: normal,off,silently
ID: displaystatus, enabled:1, value: false
ID: deffiles, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall
ID: autodetectproxy, enabled:1, value: false
ID: useautoconfigscript, enabled:1, value: false
ID: autoconfigurl, enabled:0, value:
ID: useproxy, enabled:1, value: false
ID: proxyserver, enabled:0, value:
ID: softwareupdates, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall
ID: licenseandinfo, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall
ID: schedules, enabled:1, value: true
ID: updatedaily, enabled:1, value: Daily
ID: time, enabled:1, value: Fri Apr 17 14:21:00 2009
ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: false
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: false
ID: thursday, enabled:1, value: false
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: false
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false
ID: updateweekly, enabled:1, value: Weekly
ID: time, enabled:1, value: Fri Apr 17 14:21:00 2009
ID: frequency, enabled:1, value: weekly, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: true
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: false
ID: thursday, enabled:1, value: false
ID: friday, enabled:1, value: true
ID: saturday, enabled:1, value: false
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false
Appearance settings:
ID: appearance, enabled:1
ID: skin, enabled:1, value: default.egl, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Resource
ID: showtrayicon, enabled:1, value: true
ID: language, enabled:1, value: en, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Language
Realtime protection settings:
ID: realtime, enabled:1
ID: processprotection, enabled:1, value: true
ID: registryprotection, enabled:0, value: false
ID: networkprotection, enabled:0, value: false
ID: loadatstartup, enabled:1, value: true
ID: usespywareheuristics, enabled:0, value: false
ID: extendedengine, enabled:0, value: false
ID: useheuristics, enabled:0, value: false
ID: heuristicslevel, enabled:0, value: mild, domain: medium,mild,strict
ID: infomessages, enabled:1, value: display, domain: display,dontnotify,onlyimportant
******************************System information******************************
Computer name: ANDRYSZC-DB8A8C
Processor name: Intel(R) Core(TM)2 Duo CPU E8400 @ 3.00GHz
Processor identifier: x86 Family 6 Model 23 Stepping 6
Raw info: processorarchitecture 0, processortype 586, processorlevel 6, processor revision 5894, number of processors 2
Physical memory available: 1444409344 bytes
Physical memory total: 2146676736 bytes
Virtual memory available: 2057412608 bytes
Virtual memory total: 2147352576 bytes
Memory load: 32%
Microsoft Windows XP Professional Dodatek Service Pack 3 (build 2600)
Windows startup mode:
Running processes:
PID: 636 name: \SystemRoot\System32\smss.exe owner: SYSTEM domain: ZARZĄDZANIE NT
PID: 1332 name: \??\C:\WINDOWS\system32\csrss.exe owner: SYSTEM domain: ZARZĄDZANIE NT
PID: 1420 name: \??\C:\WINDOWS\system32\winlogon.exe owner: SYSTEM domain: ZARZĄDZANIE NT
PID: 1480 name: C:\WINDOWS\system32\services.exe owner: SYSTEM domain: ZARZĄDZANIE NT
PID: 1492 name: C:\WINDOWS\system32\lsass.exe owner: SYSTEM domain: ZARZĄDZANIE NT
PID: 1660 name: C:\WINDOWS\system32\svchost.exe owner: SYSTEM domain: ZARZĄDZANIE NT
PID: 1736 name: C:\WINDOWS\system32\svchost.exe owner: USŁUGA SIECIOWA domain: ZARZĄDZANIE NT
PID: 1896 name: C:\WINDOWS\System32\svchost.exe owner: SYSTEM domain: ZARZĄDZANIE NT
PID: 144 name: C:\WINDOWS\system32\svchost.exe owner: USŁUGA SIECIOWA domain: ZARZĄDZANIE NT
PID: 208 name: C:\WINDOWS\system32\svchost.exe owner: USŁUGA LOKALNA domain: ZARZĄDZANIE NT
PID: 276 name: C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe owner: SYSTEM domain: ZARZĄDZANIE NT
PID: 592 name: C:\WINDOWS\system32\spoolsv.exe owner: SYSTEM domain: ZARZĄDZANIE NT
PID: 772 name: C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe owner: SYSTEM domain: ZARZĄDZANIE NT
PID: 896 name: C:\Program Files\Java\jre6\bin\jqs.exe owner: SYSTEM domain: ZARZĄDZANIE NT
PID: 996 name: C:\Program Files\Common Files\LightScribe\LSSrvc.exe owner: SYSTEM domain: ZARZĄDZANIE NT
PID: 1032 name: C:\WINDOWS\system32\nvsvc32.exe owner: SYSTEM domain: ZARZĄDZANIE NT
PID: 1048 name: C:\WINDOWS\system32\PnkBstrA.exe owner: SYSTEM domain: ZARZĄDZANIE NT
PID: 1100 name: C:\WINDOWS\system32\svchost.exe owner: SYSTEM domain: ZARZĄDZANIE NT
PID: 1192 name: C:\WINDOWS\Explorer.EXE owner: Adzik domain: ANDRYSZC-DB8A8C
PID: 600 name: C:\WINDOWS\system32\wbem\unsecapp.exe owner: SYSTEM domain: ZARZĄDZANIE NT
PID: 844 name: C:\WINDOWS\System32\alg.exe owner: USŁUGA LOKALNA domain: ZARZĄDZANIE NT
PID: 912 name: C:\WINDOWS\system32\wbem\wmiprvse.exe owner: SYSTEM domain: ZARZĄDZANIE NT
PID: 1028 name: C:\WINDOWS\RTHDCPL.EXE owner: Adzik domain: ANDRYSZC-DB8A8C
PID: 2084 name: C:\WINDOWS\system32\RUNDLL32.EXE owner: Adzik domain: ANDRYSZC-DB8A8C
PID: 2092 name: C:\Program Files\Microsoft IntelliPoint\ipoint.exe owner: Adzik domain: ANDRYSZC-DB8A8C
PID: 2140 name: C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe owner: Adzik domain: ANDRYSZC-DB8A8C
PID: 2148 name: C:\Program Files\Winamp\winampa.exe owner: Adzik domain: ANDRYSZC-DB8A8C
PID: 2188 name: C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe owner: Adzik domain: ANDRYSZC-DB8A8C
PID: 2208 name: C:\Program Files\Java\jre6\bin\jusched.exe owner: Adzik domain: ANDRYSZC-DB8A8C
PID: 2284 name: C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe owner: Adzik domain: ANDRYSZC-DB8A8C
PID: 2524 name: C:\WINDOWS\system32\ctfmon.exe owner: Adzik domain: ANDRYSZC-DB8A8C
PID: 2560 name: C:\Program Files\EXPERTool\TBPanel.exe owner: Adzik domain: ANDRYSZC-DB8A8C
PID: 2576 name: C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe owner: Adzik domain: ANDRYSZC-DB8A8C
PID: 2612 name: D:\DAEMON Tools Lite\daemon.exe owner: Adzik domain: ANDRYSZC-DB8A8C
PID: 2712 name: D:\program files\valve\steam.exe owner: Adzik domain: ANDRYSZC-DB8A8C
PID: 2904 name: C:\Documents and Settings\Adzik\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe owner: Adzik domain: ANDRYSZC-DB8A8C
PID: 3148 name: D:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe owner: Adzik domain: ANDRYSZC-DB8A8C
PID: 3336 name: D:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe owner: Adzik domain: ANDRYSZC-DB8A8C
PID: 1484 name: D:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe owner: Adzik domain: ANDRYSZC-DB8A8C
PID: 2384 name: D:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe owner: Adzik domain: ANDRYSZC-DB8A8C
PID: 3648 name: C:\WINDOWS\system32\rundll32.exe owner: Adzik domain: ANDRYSZC-DB8A8C
PID: 1864 name: C:\Program Files\Mozilla Firefox\firefox.exe owner: Adzik domain: ANDRYSZC-DB8A8C
PID: 3568 name: C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe owner: Adzik domain: ANDRYSZC-DB8A8C
Startup items:
Name: RTHDCPL
imagepath: RTHDCPL.EXE
Name: Alcmtr
imagepath: ALCMTR.EXE
Name: NvCplDaemon
imagepath: RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
Name: nwiz
imagepath: nwiz.exe /install
Name: NvMediaCenter
imagepath: RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
Name: IntelliPoint
imagepath: "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
Name: GrooveMonitor
imagepath: "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
Name: WinampAgent
imagepath: C:\Program Files\Winamp\winampa.exe
Name: NeroFilterCheck
imagepath: C:\WINDOWS\system32\NeroCheck.exe
Name: egui
imagepath: "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
Name: SunJavaUpdateSched
imagepath: "C:\Program Files\Java\jre6\bin\jusched.exe"
Name: Ad-Watch
imagepath: C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
Name: PostBootReminder
imagepath: {7849596a-48ea-486e-8937-a2a3009f31a9}
Name: CDBurn
imagepath: {fbeb8a05-beee-4442-804e-409d6c4515e9}
Name: WebCheck
imagepath: {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
Name: SysTray
imagepath: {35CEC8A3-2BE6-11D2-8773-92E220524153}
Name: WPDShServiceObj
imagepath: {AAA288BA-9A4C-45B0-95D7-94D524869DB5}
Name: {438755C2-A8BA-11D1-B96B-00A0C90312E1}
imagepath: Moduł wstępnego ładowania interfejsu Browseui
Name: {8C7461EF-2B13-11d2-BE35-3078302C2030}
imagepath: Demon buforu kategorii składników
Name: CTFMON.EXE
imagepath: C:\WINDOWS\system32\CTFMON.EXE
Name:
imagepath: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\desktop.ini
Name:
location: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\hpoddt01.exe.lnk
imagepath: D:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
Name:
location: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\hp psc 1000 series.lnk
imagepath: D:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
Name:
imagepath: C:\Documents and Settings\Default User\Menu Start\Programy\Autostart\desktop.ini
Bootexecute items:
Name:
imagepath: autocheck autochk *
Name:
imagepath: lsdelete
Running services:
Name: ALG
displayname: Usługa bramy warstwy aplikacji
Name: AudioSrv
displayname: Windows Audio
Name: BITS
displayname: Usługa inteligentnego transferu w tle
Name: CryptSvc
displayname: Usługi kryptograficzne
Name: DcomLaunch
displayname: Program uruchamiający proces serwera DCOM
Name: Dhcp
displayname: Klient DHCP
Name: dmserver
displayname: Menedżer dysków logicznych
Name: Dnscache
displayname: Klient DNS
Name: ekrn
displayname: Eset Service
Name: ERSvc
displayname: Usługa raportowania błędów
Name: Eventlog
displayname: Dziennik zdarzeń
Name: EventSystem
displayname: System zdarzeń COM+
Name: FastUserSwitchingCompatibility
displayname: Zgodność szybkiego przełączania użytkowników
Name: helpsvc
displayname: Pomoc i obsługa techniczna
Name: JavaQuickStarterService
displayname: Java Quick Starter
Name: lanmanserver
displayname: Serwer
Name: lanmanworkstation
displayname: Stacja robocza
Name: Lavasoft Ad-Aware Service
displayname: Lavasoft Ad-Aware Service
Name: LightScribeService
displayname: LightScribeService Direct Disc Labeling Service
Name: LmHosts
displayname: Pomoc TCP/IP NetBIOS
Name: Netman
displayname: Połączenia sieciowe
Name: Nla
displayname: Rozpoznawanie lokalizacji w sieci (NLA)
Name: NVSvc
displayname: NVIDIA Display Driver Service
Name: PlugPlay
displayname: Plug and Play
Name: PnkBstrA
displayname: PnkBstrA
Name: ProtectedStorage
displayname: Magazyn chroniony
Name: RpcSs
displayname: Zdalne wywoływanie procedur (RPC)
Name: SamSs
displayname: Menedżer kont zabezpieczeń
Name: Schedule
displayname: Harmonogram zadań
Name: SENS
displayname: Zawiadomienie o zdarzeniu systemowym
Name: SharedAccess
displayname: Zapora systemu Windows/Udostępnianie połączenia internetowego
Name: ShellHWDetection
displayname: Wykrywanie sprzętu powłoki
Name: Spooler
displayname: Bufor wydruku
Name: srservice
displayname: Usługa przywracania systemu
Name: SSDPSRV
displayname: Usługa odnajdywania SSDP
Name: stisvc
displayname: Windows Image Acquisition (WIA)
Name: TermService
displayname: Usługi terminalowe
Name: Themes
displayname: Kompozycje
Name: TrkWks
displayname: Klient śledzenia łączy rozproszonych
Name: UxTuneUp
displayname: TuneUp Theme Extension
Name: W32Time
displayname: Usługa Czas systemu Windows
Name: winmgmt
displayname: Instrumentacja zarządzania Windows
Name: wscsvc
displayname: Centrum zabezpieczeń
Name: wuauserv
displayname: Aktualizacje automatyczne
Name: WZCSVC
displayname: Konfiguracja zerowej sieci bezprzewodowej
Hijackthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:25:15, on 2009-04-19
Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\EXPERTool\TBPanel.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
D:\DAEMON Tools Lite\daemon.exe
D:\program files\valve\steam.exe
C:\Documents and Settings\Adzik\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe
D:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
D:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
D:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
D:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wscntfy.exe
D:\adrian\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60327
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60327
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60327
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60327
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60327
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [GAINWARD] C:\Program Files\EXPERTool\TBPanel.exe /A
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Steam] "d:\program files\valve\steam.exe" -silent
O4 - HKCU\..\Run: [Nowe Gadu-Gadu] "C:\Program Files\Nowe Gadu-Gadu\gg.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Adzik\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: hp psc 1000 series.lnk = ?
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Program Files\ICQ6\ICQ.exe
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
--
End of file - 8043 bytes