Witam
mam wielka prosbe do szanownych znawcow komputerow, poniewaz dla mnie to czarna magia…
Otoz zauwazylam, ze komputer strasznie mi zamula…wiec wzielam sie w garsc i mam loga z programu combofix oraz hijackthis. Wczesniej podczas skanowania znalazlo mi kilka wirusow i trojanow (nie wchodze na barrrrdzo ciekawe strony - zeby nie bylo pozniej… ) Nie mam zielonego pojecia jak wy sie w tym wszystkim lapiecie…i mam nadzieje ze wytlumaczycie co zrobic jak dla cichociemnej Z gory za pomoc dziekuje
ComboFix 08-04-12.5 - XXX 2008-04-13 23:47:03.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.610 [GMT 1:00]
Running from: C:\Documents and Settings\XXX\Pulpit\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED
.
((((((((((((((((((((((((( Files Created from 2008-03-13 to 2008-04-13 )))))))))))))))))))))))))))))))
.
2008-04-13 21:56 . 2008-04-13 23:42 2,988 --a------ C:\rollback.ini
2008-04-13 10:07 . 2008-04-13 10:07
2008-04-13 10:06 . 2008-04-13 23:48 1,055,520 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-04-13 10:06 . 2008-04-13 20:35 14,240 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-04-13 10:04 . 2008-04-13 10:04
2008-04-13 10:02 . 2008-04-13 14:00
2008-04-13 10:02 . 2008-03-13 23:11 75,248 --a------ C:\WINDOWS\zllsputility.exe
2008-04-13 10:02 . 2004-04-27 04:40 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
2008-04-13 10:02 . 2008-04-13 20:36 4,212 —h----- C:\WINDOWS\system32\zllictbl.dat
2008-04-12 23:38 . 2007-12-10 14:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-04-12 23:38 . 2007-12-10 14:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-04-12 23:38 . 2008-02-01 12:55 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-04-12 23:38 . 2007-12-10 14:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-04-12 23:37 . 2008-04-12 23:37
2008-04-12 23:29 . 2008-04-12 23:31
2008-04-12 21:56 . 2008-04-12 21:56
2008-04-12 21:52 . 2008-04-12 21:56
2008-04-12 21:52 . 2008-04-12 21:52
2008-04-12 21:32 . 2008-04-12 21:32
2008-04-12 21:32 . 2008-04-12 21:32
2008-04-12 15:01 . 2008-04-12 15:01
2008-04-12 11:56 . 2008-04-13 23:41
2008-04-10 20:00 . 2008-04-10 20:00 145 --a------ C:\streetflyter.sav
2008-03-31 21:22 . 2008-03-31 21:22
2008-03-31 21:19 . 2008-04-12 09:22
2008-03-31 19:14 . 2008-03-31 19:15
2008-03-22 23:33 . 2008-03-22 23:33
2008-03-22 11:54 . 2008-03-22 11:54 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2008-03-22 11:54 . 2008-03-22 11:54 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-03-22 11:54 . 2008-03-22 11:54 1,406 --a------ C:\WINDOWS\system32\Help.ico
2008-03-22 11:53 . 2008-03-22 11:53
2008-03-21 21:05 . 2008-03-23 17:13
2008-03-21 21:05 . 2008-04-13 22:03
2008-03-21 21:05 . 2007-03-08 00:51 129,784 --------- C:\WINDOWS\system32\pxafs.dll
2008-03-21 21:05 . 2008-03-21 21:05 32 --a------ C:\Documents and Settings\All Users\Dane aplikacji\ezsid.dat
2008-03-21 21:04 . 2008-03-21 21:04
2008-03-21 21:04 . 2008-03-21 21:04
2008-03-21 21:04 . 2008-04-13 22:04
2008-03-21 21:04 . 2008-03-21 21:04
2008-03-21 20:50 . 2004-02-08 16:53 856,064 --a------ C:\WINDOWS\system32\mpgfiltr.ax
2008-03-21 20:50 . 2005-09-03 12:59 446,464 --a------ C:\WINDOWS\system32\SkinCrafter.dll
2008-03-21 20:50 . 2006-02-26 03:34 208,896 --a------ C:\WINDOWS\system32\VideoEdit.ocx
2008-03-21 20:50 . 2006-02-17 23:02 139,264 --a------ C:\WINDOWS\system32\viscomqtde.dll
2008-03-21 20:50 . 2003-08-19 05:31 81,920 --a------ C:\WINDOWS\system32\viscomwave.dll
2008-03-21 18:30 . 2008-03-21 18:30
2008-03-21 00:37 . 2008-03-21 00:37
2008-03-20 20:06 . 2008-03-20 20:06
2008-03-20 20:05 . 2008-04-13 14:02
2008-03-20 20:00 . 2008-03-20 20:00
2008-03-20 19:59 . 2008-03-20 20:00
2008-03-20 19:57 . 2003-06-12 23:25 7,062 --a------ C:\WINDOWS\system32\audiopid.vxd
2008-03-20 19:55 . 2000-05-22 09:58 647,872 --------- C:\WINDOWS\system32\Mscomct2.ocx
2008-03-20 19:55 . 2006-10-06 07:17 53,248 --------- C:\WINDOWS\Ctregrun.exe
2008-03-20 19:55 . 2004-08-03 22:58 5,504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys
2008-03-20 19:55 . 2004-08-03 22:58 5,504 --a–c— C:\WINDOWS\system32\dllcache\mstee.sys
2008-03-20 19:53 . 2008-03-20 19:53
2008-03-20 19:52 . 2006-08-30 07:10 158,456 --------- C:\WINDOWS\system32\pxwma.dll
2008-03-20 19:51 . 2008-03-20 19:51
2008-03-20 19:51 . 2008-03-20 19:51
2008-03-20 19:49 . 2008-03-20 19:49
2008-03-20 19:49 . 2008-03-20 19:49
2008-03-20 19:48 . 2008-03-20 19:48
2008-03-20 19:46 . 2008-03-20 19:55
2008-03-20 19:41 . 2004-08-03 23:07 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
2008-03-20 19:41 . 2004-08-03 23:07 59,264 --a–c— C:\WINDOWS\system32\dllcache\usbaudio.sys
2008-03-20 19:40 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-03-20 19:40 . 2004-08-03 23:08 31,616 --a–c— C:\WINDOWS\system32\dllcache\usbccgp.sys
2008-03-20 08:17 . 2001-08-17 21:56 7,552 --a------ C:\WINDOWS\system32\drivers\SONYPVU1.SYS
2008-03-20 08:17 . 2001-08-17 21:56 7,552 --a–c— C:\WINDOWS\system32\dllcache\sonypvu1.sys
2008-03-19 22:20 . 2008-03-19 22:20
2008-03-19 22:18 . 2006-10-05 03:42 2,560 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2008-03-19 22:18 . 2006-10-05 03:42 2,432 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2008-03-19 22:17 . 2008-03-24 14:07
2008-03-19 22:16 . 2008-03-19 22:16
2008-03-19 22:16 . 2008-03-19 22:16
2008-03-19 22:15 . 2008-03-19 22:17
2008-03-19 22:15 . 2008-03-19 22:15
2008-03-19 22:14 . 2008-03-19 22:14
2008-03-19 22:14 . 2008-04-13 13:56
2008-03-19 19:09 . 2004-08-04 00:44 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-03-15 09:30 . 2008-03-15 09:30
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-13 10:59 60,928 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp
2008-03-20 18:57 --------- d–h--w C:\Program Files\InstallShield Installation Information
2008-03-13 22:11 1,086,952 ----a-w C:\WINDOWS\system32\zpeng24.dll
2008-03-10 20:02 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Microsoft Help
2008-03-10 20:01 --------- d-----w C:\Program Files\Microsoft Works
2008-03-10 20:00 --------- d-----w C:\Program Files\MSBuild
2008-03-10 19:48 --------- d-----w C:\Documents and Settings\XXX\Dane aplikacji\Media Player Classic
2008-03-10 19:47 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Apple Computer
2008-03-10 19:46 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-03-10 19:45 --------- d-----w C:\Program Files\Alwil Software
2008-03-10 19:41 --------- d-----w C:\Documents and Settings\XXX\Dane aplikacji\Ahead
2008-03-10 19:40 --------- d-----w C:\Program Files\Nero
2008-03-10 19:40 --------- d-----w C:\Program Files\Common Files\Ahead
2008-03-10 19:39 --------- d-----w C:\Program Files\Java
2008-03-10 19:39 --------- d-----w C:\Program Files\Common Files\Java
2008-03-10 19:38 --------- d-----w C:\Program Files\MarBit
2008-03-10 19:37 --------- d-----w C:\Program Files\PowerArchiver
2008-03-10 19:20 --------- d-----w C:\Program Files\WIDCOMM
2008-03-10 19:19 --------- d-----w C:\Program Files\Atheros
2008-03-10 19:18 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-03-10 19:17 17,801 ----a-w C:\WINDOWS\system32\drivers\AegisP.sys
2008-03-10 19:16 --------- d-----w C:\Program Files\Synaptics
2008-03-10 19:16 --------- d-----w C:\Program Files\CONEXANT
2008-03-10 19:12 --------- d-----w C:\Program Files\Intel
2008-03-10 18:46 --------- d-----w C:\Program Files\microsoft frontpage
2008-03-10 18:43 --------- d-----w C:\Program Files\Usługi online
2008-02-23 02:38 43,872 ------w C:\WINDOWS\system32\drivers\pxhelp20.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE~\Browser Helper Objects{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]
2008-04-13 10:04 262144 --a------ C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
“{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}”= “C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL” [2008-04-13 10:04 262144]
[HKEY_CLASSES_ROOT\clsid{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
“{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}”= C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL [2008-04-13 10:04 262144]
[HKEY_CLASSES_ROOT\clsid{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“ctfmon.exe”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-04 00:44 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“SoundMan”=“SOUNDMAN.EXE” [2005-04-15 04:01 77824 C:\WINDOWS\SOUNDMAN.EXE]
“SynTPLpr”=“C:\Program Files\Synaptics\SynTP\SynTPLpr.exe” [2005-02-04 04:12 102490]
“SynTPEnh”=“C:\Program Files\Synaptics\SynTP\SynTPEnh.exe” [2005-02-04 04:11 708698]
“Broadcom Wireless Manager UI”=“C:\WINDOWS\system32\WLTRAY” []
“ACU”=“C:\Program Files\Atheros\ACU.exe” [2005-01-31 08:05 253952]
“SunJavaUpdateSched”=“C:\Program Files\Java\j2re1.5.0\bin\jusched.exe” [2008-03-10 20:39 32876]
“GrooveMonitor”=“C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe” [2006-10-27 00:47 31016]
“{0228e555-4f9c-4e35-a3ec-b109a192b4c2}”=“C:\Program Files\Google\Gmail Notifier\gnotify.exe” [2005-07-15 22:48 479232]
“ZoneAlarm Client”=“D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe” [2008-03-13 23:11 919016]
[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE” [2004-08-04 00:44 15360]
[HKLM~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^BTTray.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\BTTray.lnk
backup=C:\WINDOWS\pss\BTTray.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
–a------ 2007-05-11 13:06 40048 D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]
D:\Program Files\Ares\Ares.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative Live! Cam Manager]
--------- 2007-05-02 10:30 151552 C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTRegRun]
--------- 2006-10-06 07:17 53248 C:\WINDOWS\CTRegRun.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadu-Gadu]
–a------ 2008-04-07 21:54 2127296 D:\Program Files\Gadu-Gadu\gg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
-ra------ 2005-01-23 03:31 126976 C:\WINDOWS\system32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
-ra------ 2005-01-23 03:36 155648 C:\WINDOWS\system32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISTray]
–a------ 2008-02-01 12:55 1103240 D:\Program Files\Spyware Doctor\pctsTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-08-04 00:55 1667584 C:\Program Files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
–a------ 2005-09-25 19:11 155648 C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\runner1]
C:\WINDOWS\mrofinu572.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrojanScanner]
D:\Program Files\Trojan Remover\Trjscan.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TV Watcher]
D:\Program Files\TV Watcher\TV Watcher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\V0470Mon.exe]
-ra------ 2007-04-11 18:00 32768 C:\WINDOWS\V0470Mon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
D:\Program Files\Winamp\winampa.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
“AntiVirusDisableNotify”=dword:00000001
“UpdatesDisableNotify”=dword:00000001
“AntiVirusOverride”=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
“DisableMonitoring”=dword:00000001
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
“EnableFirewall”= 0 (0x0)
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
“%windir%\system32\sessmgr.exe”=
“C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE”=
“C:\Program Files\Microsoft Office\Office12\GROOVE.EXE”=
“C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE”=
“C:\Program Files\uTorrent\uTorrent.exe”=
“C:\Program Files\SightSpeed\SightSpeed.exe”=
“C:\Program Files\Avant Browser\avant.exe”=
“C:\Program Files\Skype\Phone\Skype.exe”=
R3 VF0470Vid;Live! Cam Notebook (VF0470);C:\WINDOWS\system32\DRIVERS\V0470Vid.sys [2007-04-20 18:00]
*Newly Created Service* - CATCHME
.
**************************************************************************
catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-13 23:48:36
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-04-13 23:49:12
ComboFix-quarantined-files.txt 2008-04-13 22:48:59
ComboFix2.txt 2008-04-13 10:57:40
Pre-Run: 3,397,705,728 bajtów wolnych
Post-Run: 3,389,153,280 bajtów wolnych
To teraz hijack this
Logfile of HijackThis v1.99.1
Scan saved at 00:08:21, on 2008-04-14
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Atheros\ACU.exe
C:\Program Files\Java\j2re1.5.0\bin\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WIDCOMM\Oprogramowanie interfejsu Bluetooth\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Avant Browser\avant.exe
C:\Documents and Settings\XXX\Pulpit\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O4 - HKLM…\Run: [soundMan] SOUNDMAN.EXE
O4 - HKLM…\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM…\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM…\Run: [broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM…\Run: [ACU] “C:\Program Files\Atheros\ACU.exe” -nogui
O4 - HKLM…\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.5.0\bin\jusched.exe
O4 - HKLM…\Run: [GrooveMonitor] “C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe”
O4 - HKLM…\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM…\Run: [ZoneAlarm Client] “D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe”
O4 - HKCU…\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: Eksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Wyślij do interfejsu Bluetooth - C:\Program Files\WIDCOMM\Oprogramowanie interfejsu Bluetooth\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.5.0\bin\npjpi150.dll
O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.5.0\bin\npjpi150.dll
O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra ‘Tools’ menuitem: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra ‘Tools’ menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Oprogramowanie interfejsu Bluetooth\btsendto_ie.htm
O9 - Extra ‘Tools’ menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Oprogramowanie interfejsu Bluetooth\btsendto_ie.htm
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.pl/resources/virus … nicode.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc … oscan8.cab
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Usługa konfiguracji Atheros (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Oprogramowanie interfejsu Bluetooth\bin\btwdins.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - D:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - D:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe