Witam,
Podczas uruchamiania instalacji wyskoczył mi taki błąd:
logi z combofix-a:
[*]
AV: avast! antivirus 4.8.1229 [VPS 100130-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Panda Internet Security 2008 *On-access scanning disabled* (Outdated) {4570FB70-5C9E-47E9-B16C-A3A6A06C4BF0}
AV: System Antywirusowy NOD32 2.51 *On-access scanning disabled* (Outdated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: Panda Internet Security 2008 *disabled* {7B090DC0-8905-4BAF-8040-FD98A41C8FB8}
.
ADS - WINDOWS: deleted 24 bytes in 1 streams.
((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\AskSearch\bin\DefaultSearch.dll
c:\program files\Fast Browser Search
c:\program files\Fast Browser Search\IE\1.bat
c:\program files\Fast Browser Search\IE\about.html
c:\program files\Fast Browser Search\IE\affid.dat
c:\program files\Fast Browser Search\IE\basis.xml
c:\program files\Fast Browser Search\IE\basis_br.xml
c:\program files\Fast Browser Search\IE\basis_de.xml
c:\program files\Fast Browser Search\IE\basis_en.xml
c:\program files\Fast Browser Search\IE\basis_es.xml
c:\program files\Fast Browser Search\IE\basis_fr.xml
c:\program files\Fast Browser Search\IE\basis_it.xml
c:\program files\Fast Browser Search\IE\basis_nr.xml
c:\program files\Fast Browser Search\IE\basis_pt.xml
c:\program files\Fast Browser Search\IE\basis_ru.xml
c:\program files\Fast Browser Search\IE\basis_tr.xml
c:\program files\Fast Browser Search\IE\BHO.dll
c:\program files\Fast Browser Search\IE\ClearRecycleBin.exe
c:\program files\Fast Browser Search\IE\error.html
c:\program files\Fast Browser Search\IE\FBSPlugin.dll
c:\program files\Fast Browser Search\IE\fbsProtection.xml
c:\program files\Fast Browser Search\IE\FbsSearchProvider.xml
c:\program files\Fast Browser Search\IE\FbsSearchProviderIE8.exe
c:\program files\Fast Browser Search\IE\FBStoolbar.dll
c:\program files\Fast Browser Search\IE\fbstoolbar.jar
c:\program files\Fast Browser Search\IE\fbstoolbar.manifest
c:\program files\Fast Browser Search\IE\icons.bmp
c:\program files\Fast Browser Search\IE\info.txt
c:\program files\Fast Browser Search\IE\local.xml
c:\program files\Fast Browser Search\IE\logobg.bmp
c:\program files\Fast Browser Search\IE\MTWBtoolbar.html
c:\program files\Fast Browser Search\IE\search.bmp
c:\program files\Fast Browser Search\IE\search_br.bmp
c:\program files\Fast Browser Search\IE\search_de.bmp
c:\program files\Fast Browser Search\IE\search_es.bmp
c:\program files\Fast Browser Search\IE\search_fr.bmp
c:\program files\Fast Browser Search\IE\search_it.bmp
c:\program files\Fast Browser Search\IE\search_pt.bmp
c:\program files\Fast Browser Search\IE\search_ru.bmp
c:\program files\Fast Browser Search\IE\SearchAssistant.dll
c:\program files\Fast Browser Search\IE\SearchGuardPlus.exe
c:\program files\Fast Browser Search\IE\SearchGuardPlus.ico
c:\program files\Fast Browser Search\IE\SGPU.ico
c:\program files\Fast Browser Search\IE\sgpUpdater.exe
c:\program files\Fast Browser Search\IE\sgpUpdater.xml
c:\program files\Fast Browser Search\IE\SGPUpdaterS.exe
c:\program files\Fast Browser Search\IE\tbhelper.dll
c:\program files\Fast Browser Search\IE\tbs_include_script_003175.js
c:\program files\Fast Browser Search\IE\tbs_include_script_005064.js
c:\program files\Fast Browser Search\IE\tbs_include_script_012817.js
c:\program files\Fast Browser Search\IE\Toolbar Help.htm
c:\program files\Fast Browser Search\IE\ToolBarBHO.dll
c:\program files\Fast Browser Search\IE\uninstall.exe
c:\program files\Fast Browser Search\IE\uninstalSGP.exe
c:\program files\Fast Browser Search\IE\uninstalSGPU.exe
c:\program files\Fast Browser Search\IE\update.exe
c:\program files\Fast Browser Search\IE\version.txt
c:\program files\FlashGet Network
c:\program files\FlashGet Network\FlashGet universal\dbtrans_verbose.log
c:\program files\FlashGet Network\FlashGet universal\Profiles\config.dat
c:\program files\FlashGet Network\FlashGet universal\Profiles\tasks.dat
c:\program files\FlashGet Network\FlashGet universal\transaction.log
c:\program files\Search Guard Plus
c:\program files\Search Guard Plus\fbsProtection.xml
c:\program files\Search Guard Plus\fbsSearchProvider.xml
c:\program files\Search Guard Plus\FbsSearchProviderIE8.exe
c:\program files\Search Guard Plus\SearchGuardPlus.exe
c:\program files\Search Guard Plus\SearchGuardPlus.ico
c:\program files\Search Guard Plus\Thumbs.db
c:\program files\Search Guard Plus\uninstalSGP.exe
c:\program files\Search Guard PlusU
c:\program files\Search Guard PlusU\SGPU.ico
c:\program files\Search Guard PlusU\sgpUpdater.exe
c:\program files\Search Guard PlusU\sgpUpdater.xml
c:\program files\Search Guard PlusU\sgpUpdaters.exe
c:\program files\Search Guard PlusU\Thumbs.db
c:\program files\Search Guard PlusU\uninstalSGPU.exe
c:\program files\SGPSA
c:\program files\SGPSA\BHO.dll
c:\program files\SGPSA\SearchAssistant.dll
c:\windows\Fonts\MyriadPro-Regular.otf
c:\windows\system32\Ijl11.dll
c:\windows\system32\SHELLLNK.TLB
c:\windows\system32\twain_32.dll
.
((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_WINDRIVER
((((((((((((((((((((((((( Pliki utworzone od 2009-12-28 do 2010-01-30 )))))))))))))))))))))))))))))))
.
2010-01-30 09:31 . 2010-01-30 09:31 -------- d–h--w- c:\windows\PIF
2010-01-29 19:05 . 2010-01-29 19:12 -------- d-----w- c:\program files\MiniRacingOnline
2010-01-29 11:50 . 2010-01-29 11:56 -------- d-----w- C:\flexlm
2010-01-25 14:15 . 2003-04-16 00:10 110592 ----a-w- c:\windows\system32\tsccvid.dll
2010-01-25 14:13 . 2007-07-09 12:00 11136 ----a-w- c:\windows\system32\drivers\SOFTLOK.SYS
2010-01-25 14:13 . 2004-09-28 17:53 69632 ----a-w- c:\windows\system32\wdrvr.dll
2010-01-25 14:13 . 2003-12-01 02:01 110592 ----a-w- c:\windows\system32\drivers\tsccvid.dll
2010-01-25 14:13 . 2003-11-24 14:30 79260 ----a-w- c:\windows\system32\drivers\windrvr.sys
2010-01-25 14:13 . 1998-10-27 11:08 317952 ----a-w- c:\windows\system32\ROBOEX32.DLL
2010-01-25 14:13 . 1995-10-05 14:53 22528 ----a-w- c:\windows\system32\RHMMPLAY.DLL
2010-01-21 20:26 . 2010-01-21 20:26 -------- d-----w- C:\xfoil6.96
2010-01-18 15:20 . 2010-01-18 15:20 -------- d-----w- c:\documents and settings\Fijoˆek Robert
2010-01-18 14:36 . 2010-01-18 14:36 194 ----a-w- c:\windows\system32\RBDELDRV.BAT
2010-01-18 13:53 . 2002-12-17 04:41 26120 ----a-r- c:\windows\system32\drivers\SNTNLUSB.SYS
2010-01-18 13:53 . 2010-01-18 14:36 -------- d-----w- c:\windows\system32\RNBOSENT
2010-01-18 13:53 . 2010-01-18 13:53 -------- d-----w- c:\program files\Macrovision
2010-01-16 15:46 . 2010-01-16 15:46 -------- d-----w- c:\program files\Artisteer 2
2010-01-15 11:52 . 2010-01-15 11:52 -------- d-----w- c:\program files\Bradbury
2010-01-15 11:47 . 2010-01-15 11:47 -------- d-----w- c:\program files\CSS-BuMa
2010-01-15 11:43 . 2010-01-16 12:02 -------- d-----w- c:\program files\Cascade DTP V4
2010-01-09 17:17 . 2010-01-10 09:10 -------- d-----w- C:\WebSite3
2010-01-09 17:14 . 2010-01-09 17:14 -------- d-----w- C:\WebSite2
2010-01-09 15:22 . 2010-01-09 15:22 -------- d-----w- C:\WebSite1
2010-01-06 11:00 . 2010-01-06 16:52 -------- d-----w- c:\program files\KONAMI
2010-01-05 00:12 . 2010-01-30 11:24 5152 ----a-w- c:\documents and settings\LocalService\Ustawienia lokalne\Dane aplikacji\FontCache3.0.0.0.dat
2010-01-02 09:51 . 2010-01-02 09:51 -------- d-----w- c:\program files\VS Online
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-30 10:10 . 2010-01-30 09:31 2855 ----a-w- c:\windows\PIF\setup.PIF
2010-01-29 19:07 . 2009-11-21 19:41 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\OpenFM
2010-01-29 12:25 . 2008-07-22 14:27 -------- d–h--w- c:\program files\InstallShield Installation Information
2010-01-24 16:29 . 2008-11-17 13:16 -------- d—a-w- c:\documents and settings\All Users\Dane aplikacji\TEMP
2010-01-20 21:10 . 2009-09-19 14:41 -------- d-----w- c:\program files\LG PC Suite II
2010-01-19 19:07 . 2008-07-24 09:01 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Microsoft Help
2010-01-18 14:13 . 2008-07-22 16:22 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Macrovision
2010-01-16 17:35 . 2009-09-18 15:11 -------- d-----w- c:\program files\WonderWebWare CSS Menu Generator
2010-01-13 19:52 . 2009-06-13 16:24 -------- d-----w- c:\program files\Ganymede
2010-01-09 21:27 . 2009-10-25 09:55 -------- d-----w- c:\program files\Selteco
2010-01-02 10:15 . 2001-10-26 18:15 567678 ----a-w- c:\windows\system32\perfh015.dat
2010-01-02 10:15 . 2001-10-26 18:15 115690 ----a-w- c:\windows\system32\perfc015.dat
2009-12-24 06:54 . 2009-11-03 11:27 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\ipla
2009-12-22 18:57 . 2008-07-24 09:01 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2009-12-20 10:41 . 2009-09-14 17:16 -------- d-----w- c:\program files\JestemHardcorem
2009-12-18 18:18 . 2008-12-25 10:54 -------- d-----w- c:\program files\PHP
2009-12-18 17:22 . 2009-06-22 12:03 -------- d-----w- c:\program files\Multi Milionerek v2 2008
2009-12-18 17:21 . 2009-08-21 19:54 -------- d-----w- c:\program files\scourtoolbar
2009-12-18 17:21 . 2009-05-30 20:17 -------- d-----w- c:\program files\SWiSH Max2
2009-12-18 17:21 . 2009-07-10 21:19 -------- d-----w- c:\program files\Real Alternative
2009-12-18 17:21 . 2000-07-30 17:56 -------- d-----w- c:\program files\QuickTime Alternative
2009-12-18 17:21 . 2009-02-07 12:19 -------- d-----w- c:\program files\MixSense
2009-12-18 17:21 . 2009-10-04 18:29 -------- d-----w- c:\program files\Type98
2009-12-18 17:21 . 2009-02-07 17:31 -------- d-----w- c:\program files\TVUPlayer
2009-12-18 17:21 . 2009-02-03 18:10 -------- d-----w- c:\program files\FileView7
2009-12-14 05:55 . 2009-11-03 11:26 -------- d-----w- c:\program files\ipla
2009-11-11 10:04 . 2009-11-11 10:04 550 ----a-w- c:\windows\eReg.dat
2009-09-02 18:05 . 2009-09-02 18:05 16384 ----a-w- c:\program files\uik.dat
2009-09-02 18:04 . 2009-09-02 18:04 4 ----a-w- c:\program files\is.dat
2000-02-01 05:40 . 2010-01-25 14:12 557328 ----a-w- c:\program files\Common Files\DAO360.DLL
2000-07-30 14:55 . 2000-07-30 14:55 56 --sh–r- c:\windows\system32\EF167AB1BF.sys
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
“{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}”= “c:\program files\Winamp Toolbar\winamptb.dll” [2008-07-16 1266992]
“{f592709f-ff4a-4862-b659-4afabda56312}”= “c:\program files\Mininova\tbMin0.dll” [2009-11-22 2166296]
“{57cc715d-37ca-44e4-9ec2-8c2cbddb25ec}”= “c:\program files\Free_Lunch_Design\tbFre0.dll” [2009-11-23 2166296]
[HKEY_CLASSES_ROOT\clsid{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]
[HKEY_CLASSES_ROOT\clsid{f592709f-ff4a-4862-b659-4afabda56312}]
[HKEY_CLASSES_ROOT\clsid{57cc715d-37ca-44e4-9ec2-8c2cbddb25ec}]
[HKEY_LOCAL_MACHINE~\Browser Helper Objects{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-11-12 21:37 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll
[HKEY_LOCAL_MACHINE~\Browser Helper Objects{57cc715d-37ca-44e4-9ec2-8c2cbddb25ec}]
2009-11-23 17:07 2166296 ----a-w- c:\program files\Free_Lunch_Design\tbFre0.dll
[HKEY_LOCAL_MACHINE~\Browser Helper Objects{A057A204-BACC-4D26-9A9E-3AF287E2699B}]
[HKEY_LOCAL_MACHINE~\Browser Helper Objects{f592709f-ff4a-4862-b659-4afabda56312}]
2009-11-22 20:35 2166296 ----a-w- c:\program files\Mininova\tbMin0.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
“{f592709f-ff4a-4862-b659-4afabda56312}”= “c:\program files\Mininova\tbMin0.dll” [2009-11-22 2166296]
“{3041d03e-fd4b-44e0-b742-2d9b88305f98}”= “c:\program files\AskBarDis\bar\bin\askBar.dll” [2008-11-12 333192]
“{57cc715d-37ca-44e4-9ec2-8c2cbddb25ec}”= “c:\program files\Free_Lunch_Design\tbFre0.dll” [2009-11-23 2166296]
[HKEY_CLASSES_ROOT\clsid{f592709f-ff4a-4862-b659-4afabda56312}]
[HKEY_CLASSES_ROOT\clsid{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[HKEY_CLASSES_ROOT\clsid{57cc715d-37ca-44e4-9ec2-8c2cbddb25ec}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
“{F592709F-FF4A-4862-B659-4AFABDA56312}”= “c:\program files\Mininova\tbMin0.dll” [2009-11-22 2166296]
“{3041D03E-FD4B-44E0-B742-2D9B88305F98}”= “c:\program files\AskBarDis\bar\bin\askBar.dll” [2008-11-12 333192]
“{57CC715D-37CA-44E4-9EC2-8C2CBDDB25EC}”= “c:\program files\Free_Lunch_Design\tbFre0.dll” [2009-11-23 2166296]
[HKEY_CLASSES_ROOT\clsid{f592709f-ff4a-4862-b659-4afabda56312}]
[HKEY_CLASSES_ROOT\clsid{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[HKEY_CLASSES_ROOT\clsid{57cc715d-37ca-44e4-9ec2-8c2cbddb25ec}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“DAEMON Tools”=“c:\program files\DAEMON Tools\daemon.exe” [2007-09-18 171464]
“Gadu-Gadu”=“c:\program files\Gadu-Gadu\gg.exe” [2008-03-20 2127296]
“RGSC”=“d:\gry\GTA 4\Rockstar Games Social Club\RGSCLauncher.exe” [2010-01-02 306088]
“DLD.EXE”=“c:\program files\Download Direct\DLD.exe” [2007-09-06 1343488]
“Nowe Gadu-Gadu”=“c:\program files\Nowe Gadu-Gadu\gg.exe” [2009-08-31 11391592]
“IDMan”=“c:\program files\Internet Download Manager\IDMan.exe” [2008-07-15 931248]
“VS Online”=“c:\program files\VS Online\VSOnline.exe” [2009-08-05 1098752]
“ctfmon.exe”=“c:\windows\system32\ctfmon.exe” [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“avast!”=“c:\progra~1\ALWILS~1\Avast4\ashDisp.exe” [2008-07-19 78008]
“RTHDCPL”=“RTHDCPL.EXE” [2006-04-17 16143872]
[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“c:\windows\system32\CTFMON.EXE” [2008-04-14 15360]
[HKLM~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^McAfee Security Scan.lnk]
path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\McAfee Security Scan.lnk
backup=c:\windows\pss\McAfee Security Scan.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2005-06-06 21:46 57344 ----a-w- c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
2006-09-28 20:02 43520 ----a-w- c:\program files\BitTorrent\bittorrent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 20:51 15360 ------w- c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2008-11-12 14:27 133104 ----atw- c:\documents and settings\Fijołek Robert\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan]
2008-07-15 07:39 931248 ----a-w- c:\program files\Internet Download Manager\IDMan.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPLA!]
2009-12-23 16:14 14100888 ----a-w- c:\program files\ipla\ipla.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2005-08-11 14:30 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LGMobileSyncLauncher]
2009-02-11 08:48 4337664 ----a-w- c:\program files\LG PC Suite II\LG_MobileSync_Launcher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 20:51 1695232 ------w- c:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 09:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
2009-03-15 10:15 180224 ----a-w- c:\program files\PowerISO\PWRISOVM.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2003-10-31 17:42 32768 ----a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
2006-11-23 23:06 487424 ----a-r- c:\program files\Sony Ericsson\Mobile3\Application Launcher\Application Launcher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StormCodec_Helper]
2005-03-24 12:52 94770 ----a-w- c:\program files\Ringz Studio\Storm Codec\StormSet.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2008-11-17 18:09 136600 ----a-w- c:\program files\Java\jre6\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-12-21 12:51 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
“%windir%\system32\sessmgr.exe”=
“c:\WINDOWS\system32\CNAC4RPK.EXE”=
“c:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE”=
“c:\Program Files\Microsoft Office\Office12\GROOVE.EXE”=
“c:\Program Files\Microsoft Office\Office12\ONENOTE.EXE”=
“c:\WINDOWS\system32\PnkBstrA.exe”=
“c:\WINDOWS\system32\PnkBstrB.exe”=
“c:\Program Files\uTorrent\uTorrent.exe”=
“c:\Program Files\BitTorrent\bittorrent.exe”=
“d:\GRY\PES 2009\pes2009.exe”=
“c:\Program Files\FlashFXP\FlashFXP.exe”=
“c:\Program Files\PPMate\ppmate.exe”=
“c:\Program Files\PPMate\ppamnet.exe”=
“%windir%\Network Diagnostic\xpnetdiag.exe”=
“c:\Program Files\TeamViewer\Version4\TeamViewer.exe”=
“c:\Program Files\Bonjour\mDNSResponder.exe”=
“d:\GRY\Pes 10\pes2010.exe”=
“c:\Program Files\Skype\Phone\Skype.exe”=
“d:\GRY\GTA 4\Rockstar Games Social Club\RGSCLauncher.exe”=
“d:\GRY\GTA 4\Grand Theft Auto IV\LaunchGTAIV.exe”=
“c:\Program Files\MiniRacingOnline\MiniRacingOnLine.exe”=
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
“8461:TCP”= 8461:TCP:GoD High Port
“8462:TCP”= 8462:TCP:GoD Low Port
“3389:TCP”= 3389:TCP:@xpsp2res.dll,-22009
“1723:TCP”= 1723:TCP:@xpsp2res.dll,-22015
“1701:UDP”= 1701:UDP:@xpsp2res.dll,-22016
“500:UDP”= 500:UDP:@xpsp2res.dll,-22017
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2000-07-27 685816]
R0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\system32\drivers\xfilt.sys [2008-10-12 17920]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-02-06 78416]
R1 LUMDriver;LUMDriver;c:\windows\system32\drivers\LUMDriver.sys [2007-04-24 16688]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-02-06 20560]
R2 cpuz132;cpuz132;c:\windows\system32\drivers\cpuz132_x32.sys [2008-10-12 12672]
R3 bbcap;bbcap;c:\windows\system32\drivers\bbcap.sys [2008-12-06 4096]
S2 vnccom;vnccom;c:\windows\system32\drivers\vnccom.SYS [2009-02-09 6016]
S3 96EW;96EW Filter;c:\windows\system32\drivers\96EW.sys [2009-06-23 20480]
S3 NETIMFLT;PANDA NDIS IM Filter Miniport;c:\windows\system32\DRIVERS\netimflt.sys – c:\windows\system32\DRIVERS\netimflt.sys [?]
S3 SetupNTGLM7X;SetupNTGLM7X;??\e:\ntglm7x.sys – e:\NTGLM7X.sys [?]
S3 SQLAgent$AUTODESKVAULT;SQLAgent$AUTODESKVAULT;c:\mssql$autodeskvault\Binn\sqlagent.EXE -i AUTODESKVAULT – c:\mssql$autodeskvault\Binn\sqlagent.EXE -i AUTODESKVAULT [?]
.
Zawartość folderu ‘Zaplanowane zadania’
2010-01-30 c:\windows\Tasks\User_Feed_Synchronization-{44927E81-EB1C-4252-8766-EB7FB32E426A}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 03:31]
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www.tattoodle.com?tid={3D1743BE-B6FC-4ce3-A768-8D07C003AB52}
uSearchMigratedDefaultUrl = hxxp://www.mywebsearch.com/jsp/cfg_redi … searchfor={searchTerms}
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = ;*.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Search - http://edits.mywebsearch.com/toolbaredits/…html?p=ZRfox000
IE: Winamp Search - c:\documents and settings\All Users\Dane aplikacji\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: Eksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Ściągnij przez IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: Ściągnij wszystkie linki przez IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Ściągnij zawartość wideo FLV przez IDM - c:\program files\Internet Download Manager\IEGetVL.htm
TCP: {5CDA8B3F-8D6E-40AC-824E-602355EDE539} = 82.160.1.1,213.199.225.14
FF - ProfilePath - c:\documents and settings\Fijołek Robert\Dane aplikacji\Mozilla\Firefox\Profiles\o867gjje.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.fastbrowsersearch.com/result … EFv=19q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - [spam].com
FF - prefs.js: keyword.URL - hxxp://www.fastbrowsersearch.com/result … v=19tid={FF2EE799-C345-DF65-9961-4C15B38583AD}q=
FF - component: c:\documents and settings\Fijołek Robert\Dane aplikacji\IDM\idmmzcc2\components\idmmzcc.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPDARTS.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npganymedenet.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMAKAOV2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMyWebS.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPROULETTE.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPSLOTS90.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPWORDS.dll
.
-
-
-
- USUNIĘTO PUSTE WPISY - - - -
-
-
BHO-{8A9D74F9-560B-4FE7-ABEB-3B2E638E5CD6} - c:\program files\SGPSA\SearchAssistant.dll
BHO-{F0626A63-410B-45E2-99A1-3F2475B2D695} - c:\program files\SGPSA\BHO.dll
MSConfigStartUp-AdobeUpdater6 - c:\program files\Common Files\Adobe\Updater6\Adobe_Updater.exe
MSConfigStartUp-Anti Mosquito - c:\documents and settings\Fijołek Robert\Moje dokumenty\Downloads\Programs\Anti_Mosquito.exe
MSConfigStartUp-FBSearch - c:\program files\Search Guard Plus\SearchGuardPlus.exe
MSConfigStartUp-ISUSPM Startup - c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
MSConfigStartUp-SGPUpdater - c:\program files\Search Guard PlusU\sgpUpdaters.exe
AddRemove-Lekarz domowy_is1 - c:\program files\Lekarz domowy\unins000.exe
AddRemove-Logomocja-Imagine Demo_is1 - c:\program files\Logomocja Demo\unins000.exe
AddRemove-F-1 Mania 2008 - d:\gry\f1 mania 2008 PRO\Uninstall.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-30 12:44
Windows 5.1.2600 Dodatek Service Pack 3 NTFS
skanowanie ukrytych procesów …
skanowanie ukrytych wpisów autostartu …
skanowanie ukrytych plików …
skanowanie pomyślnie ukończone
ukryte pliki: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys xfilt.sys ACPI.sys hal.dll atapi.sys sptd.sys UNKNOWN [0x86F868AC]
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk - CLASSPNP.SYS @ 0xf75a5f28
\Driver\ACPI - ACPI.sys @ 0xf7316cb8
\Driver\atapi - atapi.sys @ 0xf72abb40
IoDeviceObjectType - DeleteProcedure - ntkrnlpa.exe @ 0x80579022
ParseProcedure - ntkrnlpa.exe @ 0x80577c84
\Device\Harddisk0\DR0 - DeleteProcedure - ntkrnlpa.exe @ 0x80579022
ParseProcedure - ntkrnlpa.exe @ 0x80577c84
NDIS: VIA Rhine II Fast Ethernet Adapter - SendCompleteHandler - NDIS.sys @ 0xf71b4bb0
PacketIndicateHandler - NDIS.sys @ 0xf71c1a21
SendHandler - NDIS.sys @ 0xf719f87b
user kernel MBR OK
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySql]
“ImagePath”=“c:\usr/MYSQL/bin/mysqld.exe”
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
[HKEY_USERS\S-1-5-21-1004336348-1035525444-839522115-1006\Software\SecuROM\License information*]
“datasecu”=hex:c9,b9,0f,e6,01,63,95,c9,6f,d0,c6,73,53,57,f6,5f,87,8e,aa,87,43,
f3,d7,c5,84,44,51,57,60,98,9f,77,ab,d0,06,3c,7a,8c,06,99,c9,9d,76,f3,14,1a,\
“rkeysecu”=hex:bb,48,d0,9f,2e,ff,c4,b9,37,18,14,34,cd,87,7b,29
[HKEY_LOCAL_MACHINE\software\Classes\CLSID{187551b6-92dc-4877-8c37-81d1c1b92a9d}]
@Denied: (Full) (Everyone)
“Model”=dword:0000007c
“Therad”=dword:0000000f
[HKEY_LOCAL_MACHINE\software\Classes\CLSID{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
“scansk”=hex(0):a4,0a,bb,68,fa,b9,60,9b,20,83,88,95,8a,07,5a,1c,34,af,bb,a5,be,
5e,66,83,8b,19,da,b7,f9,50,d4,02,bb,c2,7d,fc,5a,cc,5b,bd,00,00,00,00,00,00,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
“scansk”=hex(0):62,fc,e0,e1,d1,82,b7,42,73,2e,b5,91,2e,00,87,dc,67,3c,55,44,49,
e4,db,19,fb,37,11,0e,bd,cd,ba,72,51,e4,69,62,c5,e7,49,2c,00,00,00,00,00,00,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID{a55dc99c-44f1-4637-a19f-d03bef39c97b}]
@Denied: (Full) (Everyone)
“Model”=dword:0000015b
“Therad”=dword:00000030
“MData”=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,85,b1,12,f9,90,dd,23,a1,49,8c,bf,1a,9d,fe,41,71,cb,3f,46,a4,7c,ab,\
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------
-
-
-
-
-
-
- ‘winlogon.exe’(972)
-
-
-
-
-
c:\windows\system32\Ati2evxx.dll
-
-
-
-
-
-
- ‘explorer.exe’(1516)
-
-
-
-
-
c:\program files\Internet Download Manager\idmmkb.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
c:\program files\Internet Download Manager\IDMIECC.dll
c:\program files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
c:\program files\Microsoft Office\Office12\1045\GrooveIntlResource.dll
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
d:\instalowane\Program inventor\Data Management Server 5\Server\Dispatch\Connectivity.WindowsService.JobDispatch.exe
c:\windows\RTHDCPL.EXE
d:\instalowane\Program inventor\Data Management Server 5\Server\Webserver\Connectivity.EDMWS.Server.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\drivers\CDAC11BA.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\mssql$autodeskvault\Binn\sqlservr.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\usr\MYSQL\bin\mysqld.exe
c:\program files\Eset\nod32krn.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\windows\system32\CNAC4RPK.EXE
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\windows\system32\wscntfy.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\program files\Nowe Gadu-Gadu\spellchecker_gg.exe
c:\program files\Internet Download Manager\IEMonitor.exe
c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
.
**************************************************************************
.
Czas ukończenia: 2010-01-30 12:53:04 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt 2010-01-30 11:52
ComboFix2.txt 2009-04-13 19:42
ComboFix3.txt 2009-01-10 06:52
ComboFix4.txt 2008-12-11 12:23
ComboFix5.txt 2010-01-30 11:27
Przed: 4 075 298 816 bajtów wolnych
Po: 9 101 119 488 bajtów wolnych
WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT=“Microsoft Windows Recovery Console” /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS=“Microsoft Windows XP Professional” /noexecute=optin /fastdetect /usepmtimer
-
- End Of File - - 7D474BB6A9BA8B9B579E4366954CD90B
logi z hijack-a:
[*]
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:03:19, on 2010-01-30
Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
D:\instalowane\Program inventor\Data Management Server 5\Server\Dispatch\Connectivity.WindowsService.JobDispatch.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\instalowane\Program inventor\Data Management Server 5\Server\Webserver\Connectivity.EDMWS.Server.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Nowe Gadu-Gadu\gg.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\Program Files\Thoosje Vista Sidebar\Thoosje Vista Sidebar.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
C:\Program Files\Nowe Gadu-Gadu\spellchecker_gg.exe
C:\MSSQL$AUTODESKVAULT\Binn\sqlservr.exe
c:\usr\MYSQL\bin\mysqld.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\CNAC4RPK.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\xfoil6.96\bin\xfoil.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\flexlm\lmgrd.exe
C:\flexlm\msc.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\FIJOEK~1\USTAWI~1\Temp\Rar$EX00.015\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tattoodle.com?tid={3D1743BE-B6F…8-8D07C003AB52}
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll
R3 - URLSearchHook: Mininova Toolbar - {f592709f-ff4a-4862-b659-4afabda56312} - C:\Program Files\Mininova\tbMin0.dll
R3 - URLSearchHook: Free Lunch Design Toolbar - {57cc715d-37ca-44e4-9ec2-8c2cbddb25ec} - C:\Program Files\Free_Lunch_Design\tbFre0.dll
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: Free Lunch Design Toolbar - {57cc715d-37ca-44e4-9ec2-8c2cbddb25ec} - C:\Program Files\Free_Lunch_Design\tbFre0.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Scour Toolbar - {A057A204-BACC-4D26-9A9E-3AF287E2699B} - C:\PROGRA~1\SCOURT~1\SCOURT~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Mininova Toolbar - {f592709f-ff4a-4862-b659-4afabda56312} - C:\Program Files\Mininova\tbMin0.dll
O2 - BHO: XBTBPos00 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll (file missing)
O3 - Toolbar: Mininova Toolbar - {f592709f-ff4a-4862-b659-4afabda56312} - C:\Program Files\Mininova\tbMin0.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: Free Lunch Design Toolbar - {57cc715d-37ca-44e4-9ec2-8c2cbddb25ec} - C:\Program Files\Free_Lunch_Design\tbFre0.dll
O3 - Toolbar: Scour Toolbar - {A057A204-BACC-4D26-9A9E-3AF287E2699B} - C:\PROGRA~1\SCOURT~1\SCOURT~1.DLL
O3 - Toolbar: Fast Browser Search Toolbar - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll (file missing)
O4 - HKLM…\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM…\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKCU…\Run: [DAEMON Tools] “C:\Program Files\DAEMON Tools\daemon.exe” -lang 1033
O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray
O4 - HKCU…\Run: [RGSC] D:\GRY\GTA 4\Rockstar Games Social Club\RGSCLauncher.exe /silent
O4 - HKCU…\Run: [DLD.EXE] C:\Program Files\Download Direct\DLD.exe
O4 - HKCU…\Run: [Nowe Gadu-Gadu] “C:\Program Files\Nowe Gadu-Gadu\gg.exe”
O4 - HKCU…\Run: [iDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU…\Run: [VS Online] “C:\Program Files\VS Online\VSOnline.exe” /tray
O4 - HKCU…\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’)
O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’)
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: Thoosje Vista Sidebar.lnk = C:\Program Files\Thoosje Vista Sidebar\Thoosje Vista Sidebar.exe
O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
O4 - Startup: Y’z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
O8 - Extra context menu item: Winamp Search - C:\Documents and Settings\All Users\Dane aplikacji\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Eksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Ściągnij przez IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: Ściągnij wszystkie linki przez IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Ściągnij zawartość wideo FLV przez IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra ‘Tools’ menuitem: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab_srl.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip…{5CDA8B3F-8D6E-40AC-824E-602355EDE539}: NameServer = 82.160.1.1,213.199.225.14
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Autodesk Data Management Job Dispatch - Autodesk Inc - D:\instalowane\Program inventor\Data Management Server 5\Server\Dispatch\Connectivity.WindowsService.JobDispatch.exe
O23 - Service: Autodesk EDM Server - - D:\instalowane\Program inventor\Data Management Server 5\Server\Webserver\Connectivity.EDMWS.Server.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MySql - Unknown owner - c:\usr/MYSQL/bin/mysqld.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
–
End of file - 12341 bytes
– Dodane 31.01.2010 (N) 15:09 –
pomorze ktos???