Nie jest poprawną aplikacją systemu Win32


(Pawelziom93) #1

Witam,

Podczas uruchamiania instalacji wyskoczył mi taki błąd:

8a465b965579.jpg

logi z combofix-a:

[\*]

AV: avast! antivirus 4.8.1229 [VPS 100130-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

AV: Panda Internet Security 2008 *On-access scanning disabled* (Outdated) {4570FB70-5C9E-47E9-B16C-A3A6A06C4BF0}

AV: System Antywirusowy NOD32 2.51 *On-access scanning disabled* (Outdated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

FW: Panda Internet Security 2008 *disabled* {7B090DC0-8905-4BAF-8040-FD98A41C8FB8}

.

ADS - WINDOWS: deleted 24 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\program files\AskSearch\bin\DefaultSearch.dll

c:\program files\Fast Browser Search

c:\program files\Fast Browser Search\IE\1.bat

c:\program files\Fast Browser Search\IE\about.html

c:\program files\Fast Browser Search\IE\affid.dat

c:\program files\Fast Browser Search\IE\basis.xml

c:\program files\Fast Browser Search\IE\basis_br.xml

c:\program files\Fast Browser Search\IE\basis_de.xml

c:\program files\Fast Browser Search\IE\basis_en.xml

c:\program files\Fast Browser Search\IE\basis_es.xml

c:\program files\Fast Browser Search\IE\basis_fr.xml

c:\program files\Fast Browser Search\IE\basis_it.xml

c:\program files\Fast Browser Search\IE\basis_nr.xml

c:\program files\Fast Browser Search\IE\basis_pt.xml

c:\program files\Fast Browser Search\IE\basis_ru.xml

c:\program files\Fast Browser Search\IE\basis_tr.xml

c:\program files\Fast Browser Search\IE\BHO.dll

c:\program files\Fast Browser Search\IE\ClearRecycleBin.exe

c:\program files\Fast Browser Search\IE\error.html

c:\program files\Fast Browser Search\IE\FBSPlugin.dll

c:\program files\Fast Browser Search\IE\fbsProtection.xml

c:\program files\Fast Browser Search\IE\FbsSearchProvider.xml

c:\program files\Fast Browser Search\IE\FbsSearchProviderIE8.exe

c:\program files\Fast Browser Search\IE\FBStoolbar.dll

c:\program files\Fast Browser Search\IE\fbstoolbar.jar

c:\program files\Fast Browser Search\IE\fbstoolbar.manifest

c:\program files\Fast Browser Search\IE\icons.bmp

c:\program files\Fast Browser Search\IE\info.txt

c:\program files\Fast Browser Search\IE\local.xml

c:\program files\Fast Browser Search\IE\logobg.bmp

c:\program files\Fast Browser Search\IE\MTWBtoolbar.html

c:\program files\Fast Browser Search\IE\search.bmp

c:\program files\Fast Browser Search\IE\search_br.bmp

c:\program files\Fast Browser Search\IE\search_de.bmp

c:\program files\Fast Browser Search\IE\search_es.bmp

c:\program files\Fast Browser Search\IE\search_fr.bmp

c:\program files\Fast Browser Search\IE\search_it.bmp

c:\program files\Fast Browser Search\IE\search_pt.bmp

c:\program files\Fast Browser Search\IE\search_ru.bmp

c:\program files\Fast Browser Search\IE\SearchAssistant.dll

c:\program files\Fast Browser Search\IE\SearchGuardPlus.exe

c:\program files\Fast Browser Search\IE\SearchGuardPlus.ico

c:\program files\Fast Browser Search\IE\SGPU.ico

c:\program files\Fast Browser Search\IE\sgpUpdater.exe

c:\program files\Fast Browser Search\IE\sgpUpdater.xml

c:\program files\Fast Browser Search\IE\SGPUpdaterS.exe

c:\program files\Fast Browser Search\IE\tbhelper.dll

c:\program files\Fast Browser Search\IE\tbs_include_script_003175.js

c:\program files\Fast Browser Search\IE\tbs_include_script_005064.js

c:\program files\Fast Browser Search\IE\tbs_include_script_012817.js

c:\program files\Fast Browser Search\IE\Toolbar Help.htm

c:\program files\Fast Browser Search\IE\ToolBarBHO.dll

c:\program files\Fast Browser Search\IE\uninstall.exe

c:\program files\Fast Browser Search\IE\uninstalSGP.exe

c:\program files\Fast Browser Search\IE\uninstalSGPU.exe

c:\program files\Fast Browser Search\IE\update.exe

c:\program files\Fast Browser Search\IE\version.txt

c:\program files\FlashGet Network

c:\program files\FlashGet Network\FlashGet universal\dbtrans_verbose.log

c:\program files\FlashGet Network\FlashGet universal\Profiles\config.dat

c:\program files\FlashGet Network\FlashGet universal\Profiles\tasks.dat

c:\program files\FlashGet Network\FlashGet universal\transaction.log

c:\program files\Search Guard Plus

c:\program files\Search Guard Plus\fbsProtection.xml

c:\program files\Search Guard Plus\fbsSearchProvider.xml

c:\program files\Search Guard Plus\FbsSearchProviderIE8.exe

c:\program files\Search Guard Plus\SearchGuardPlus.exe

c:\program files\Search Guard Plus\SearchGuardPlus.ico

c:\program files\Search Guard Plus\Thumbs.db

c:\program files\Search Guard Plus\uninstalSGP.exe

c:\program files\Search Guard PlusU

c:\program files\Search Guard PlusU\SGPU.ico

c:\program files\Search Guard PlusU\sgpUpdater.exe

c:\program files\Search Guard PlusU\sgpUpdater.xml

c:\program files\Search Guard PlusU\sgpUpdaters.exe

c:\program files\Search Guard PlusU\Thumbs.db

c:\program files\Search Guard PlusU\uninstalSGPU.exe

c:\program files\SGPSA

c:\program files\SGPSA\BHO.dll

c:\program files\SGPSA\SearchAssistant.dll

c:\windows\Fonts\MyriadPro-Regular.otf

c:\windows\system32\Ijl11.dll

c:\windows\system32\SHELLLNK.TLB

c:\windows\system32\twain_32.dll

.

((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_WINDRIVER

((((((((((((((((((((((((( Pliki utworzone od 2009-12-28 do 2010-01-30 )))))))))))))))))))))))))))))))

.

2010-01-30 09:31 . 2010-01-30 09:31 -------- d--h--w- c:\windows\PIF

2010-01-29 19:05 . 2010-01-29 19:12 -------- d-----w- c:\program files\MiniRacingOnline

2010-01-29 11:50 . 2010-01-29 11:56 -------- d-----w- C:\flexlm

2010-01-25 14:15 . 2003-04-16 00:10 110592 ----a-w- c:\windows\system32\tsccvid.dll

2010-01-25 14:13 . 2007-07-09 12:00 11136 ----a-w- c:\windows\system32\drivers\SOFTLOK.SYS

2010-01-25 14:13 . 2004-09-28 17:53 69632 ----a-w- c:\windows\system32\wdrvr.dll

2010-01-25 14:13 . 2003-12-01 02:01 110592 ----a-w- c:\windows\system32\drivers\tsccvid.dll

2010-01-25 14:13 . 2003-11-24 14:30 79260 ----a-w- c:\windows\system32\drivers\windrvr.sys

2010-01-25 14:13 . 1998-10-27 11:08 317952 ----a-w- c:\windows\system32\ROBOEX32.DLL

2010-01-25 14:13 . 1995-10-05 14:53 22528 ----a-w- c:\windows\system32\RHMMPLAY.DLL

2010-01-21 20:26 . 2010-01-21 20:26 -------- d-----w- C:\xfoil6.96

2010-01-18 15:20 . 2010-01-18 15:20 -------- d-----w- c:\documents and settings\Fijoˆek Robert

2010-01-18 14:36 . 2010-01-18 14:36 194 ----a-w- c:\windows\system32\RBDELDRV.BAT

2010-01-18 13:53 . 2002-12-17 04:41 26120 ----a-r- c:\windows\system32\drivers\SNTNLUSB.SYS

2010-01-18 13:53 . 2010-01-18 14:36 -------- d-----w- c:\windows\system32\RNBOSENT

2010-01-18 13:53 . 2010-01-18 13:53 -------- d-----w- c:\program files\Macrovision

2010-01-16 15:46 . 2010-01-16 15:46 -------- d-----w- c:\program files\Artisteer 2

2010-01-15 11:52 . 2010-01-15 11:52 -------- d-----w- c:\program files\Bradbury

2010-01-15 11:47 . 2010-01-15 11:47 -------- d-----w- c:\program files\CSS-BuMa

2010-01-15 11:43 . 2010-01-16 12:02 -------- d-----w- c:\program files\Cascade DTP V4

2010-01-09 17:17 . 2010-01-10 09:10 -------- d-----w- C:\WebSite3

2010-01-09 17:14 . 2010-01-09 17:14 -------- d-----w- C:\WebSite2

2010-01-09 15:22 . 2010-01-09 15:22 -------- d-----w- C:\WebSite1

2010-01-06 11:00 . 2010-01-06 16:52 -------- d-----w- c:\program files\KONAMI

2010-01-05 00:12 . 2010-01-30 11:24 5152 ----a-w- c:\documents and settings\LocalService\Ustawienia lokalne\Dane aplikacji\FontCache3.0.0.0.dat

2010-01-02 09:51 . 2010-01-02 09:51 -------- d-----w- c:\program files\VS Online

.

(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-01-30 10:10 . 2010-01-30 09:31 2855 ----a-w- c:\windows\PIF\setup.PIF

2010-01-29 19:07 . 2009-11-21 19:41 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\OpenFM

2010-01-29 12:25 . 2008-07-22 14:27 -------- d--h--w- c:\program files\InstallShield Installation Information

2010-01-24 16:29 . 2008-11-17 13:16 -------- d---a-w- c:\documents and settings\All Users\Dane aplikacji\TEMP

2010-01-20 21:10 . 2009-09-19 14:41 -------- d-----w- c:\program files\LG PC Suite II

2010-01-19 19:07 . 2008-07-24 09:01 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Microsoft Help

2010-01-18 14:13 . 2008-07-22 16:22 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Macrovision

2010-01-16 17:35 . 2009-09-18 15:11 -------- d-----w- c:\program files\WonderWebWare CSS Menu Generator

2010-01-13 19:52 . 2009-06-13 16:24 -------- d-----w- c:\program files\Ganymede

2010-01-09 21:27 . 2009-10-25 09:55 -------- d-----w- c:\program files\Selteco

2010-01-02 10:15 . 2001-10-26 18:15 567678 ----a-w- c:\windows\system32\perfh015.dat

2010-01-02 10:15 . 2001-10-26 18:15 115690 ----a-w- c:\windows\system32\perfc015.dat

2009-12-24 06:54 . 2009-11-03 11:27 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\ipla

2009-12-22 18:57 . 2008-07-24 09:01 -------- d-----w- c:\program files\Microsoft Visual Studio 8

2009-12-20 10:41 . 2009-09-14 17:16 -------- d-----w- c:\program files\JestemHardcorem

2009-12-18 18:18 . 2008-12-25 10:54 -------- d-----w- c:\program files\PHP

2009-12-18 17:22 . 2009-06-22 12:03 -------- d-----w- c:\program files\Multi Milionerek v2 2008

2009-12-18 17:21 . 2009-08-21 19:54 -------- d-----w- c:\program files\scourtoolbar

2009-12-18 17:21 . 2009-05-30 20:17 -------- d-----w- c:\program files\SWiSH Max2

2009-12-18 17:21 . 2009-07-10 21:19 -------- d-----w- c:\program files\Real Alternative

2009-12-18 17:21 . 2000-07-30 17:56 -------- d-----w- c:\program files\QuickTime Alternative

2009-12-18 17:21 . 2009-02-07 12:19 -------- d-----w- c:\program files\MixSense

2009-12-18 17:21 . 2009-10-04 18:29 -------- d-----w- c:\program files\Type98

2009-12-18 17:21 . 2009-02-07 17:31 -------- d-----w- c:\program files\TVUPlayer

2009-12-18 17:21 . 2009-02-03 18:10 -------- d-----w- c:\program files\FileView7

2009-12-14 05:55 . 2009-11-03 11:26 -------- d-----w- c:\program files\ipla

2009-11-11 10:04 . 2009-11-11 10:04 550 ----a-w- c:\windows\eReg.dat

2009-09-02 18:05 . 2009-09-02 18:05 16384 ----a-w- c:\program files\uik.dat

2009-09-02 18:04 . 2009-09-02 18:04 4 ----a-w- c:\program files\is.dat

2000-02-01 05:40 . 2010-01-25 14:12 557328 ----a-w- c:\program files\Common Files\DAO360.DLL

2000-07-30 14:55 . 2000-07-30 14:55 56 --sh--r- c:\windows\system32\EF167AB1BF.sys

.

((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "c:\program files\Winamp Toolbar\winamptb.dll" [2008-07-16 1266992]

"{f592709f-ff4a-4862-b659-4afabda56312}"= "c:\program files\Mininova\tbMin0.dll" [2009-11-22 2166296]

"{57cc715d-37ca-44e4-9ec2-8c2cbddb25ec}"= "c:\program files\Free_Lunch_Design\tbFre0.dll" [2009-11-23 2166296]

[HKEY_CLASSES_ROOT\clsid{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]

[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]

[HKEY_CLASSES_ROOT\TypeLib{538CD77C-BFDD-49b0-9562-77419CAB89D1}]

[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]

[HKEY_CLASSES_ROOT\clsid{f592709f-ff4a-4862-b659-4afabda56312}]

[HKEY_CLASSES_ROOT\clsid{57cc715d-37ca-44e4-9ec2-8c2cbddb25ec}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects{201f27d4-3704-41d6-89c1-aa35e39143ed}]

2008-11-12 21:37 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects{57cc715d-37ca-44e4-9ec2-8c2cbddb25ec}]

2009-11-23 17:07 2166296 ----a-w- c:\program files\Free_Lunch_Design\tbFre0.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects{A057A204-BACC-4D26-9A9E-3AF287E2699B}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects{f592709f-ff4a-4862-b659-4afabda56312}]

2009-11-22 20:35 2166296 ----a-w- c:\program files\Mininova\tbMin0.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{f592709f-ff4a-4862-b659-4afabda56312}"= "c:\program files\Mininova\tbMin0.dll" [2009-11-22 2166296]

"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-11-12 333192]

"{57cc715d-37ca-44e4-9ec2-8c2cbddb25ec}"= "c:\program files\Free_Lunch_Design\tbFre0.dll" [2009-11-23 2166296]

[HKEY_CLASSES_ROOT\clsid{f592709f-ff4a-4862-b659-4afabda56312}]

[HKEY_CLASSES_ROOT\clsid{3041d03e-fd4b-44e0-b742-2d9b88305f98}]

[HKEY_CLASSES_ROOT\TypeLib{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CLASSES_ROOT\clsid{57cc715d-37ca-44e4-9ec2-8c2cbddb25ec}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{F592709F-FF4A-4862-B659-4AFABDA56312}"= "c:\program files\Mininova\tbMin0.dll" [2009-11-22 2166296]

"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-11-12 333192]

"{57CC715D-37CA-44E4-9EC2-8C2CBDDB25EC}"= "c:\program files\Free_Lunch_Design\tbFre0.dll" [2009-11-23 2166296]

[HKEY_CLASSES_ROOT\clsid{f592709f-ff4a-4862-b659-4afabda56312}]

[HKEY_CLASSES_ROOT\clsid{3041d03e-fd4b-44e0-b742-2d9b88305f98}]

[HKEY_CLASSES_ROOT\TypeLib{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CLASSES_ROOT\clsid{57cc715d-37ca-44e4-9ec2-8c2cbddb25ec}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2007-09-18 171464]

"Gadu-Gadu"="c:\program files\Gadu-Gadu\gg.exe" [2008-03-20 2127296]

"RGSC"="d:\gry\GTA 4\Rockstar Games Social Club\RGSCLauncher.exe" [2010-01-02 306088]

"DLD.EXE"="c:\program files\Download Direct\DLD.exe" [2007-09-06 1343488]

"Nowe Gadu-Gadu"="c:\program files\Nowe Gadu-Gadu\gg.exe" [2009-08-31 11391592]

"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2008-07-15 931248]

"VS Online"="c:\program files\VS Online\VSOnline.exe" [2009-08-05 1098752]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]

"RTHDCPL"="RTHDCPL.EXE" [2006-04-17 16143872]

[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk]

path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnk

backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^McAfee Security Scan.lnk]

path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\McAfee Security Scan.lnk

backup=c:\windows\pss\McAfee Security Scan.lnkCommon Startup

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]

2005-06-06 21:46 57344 ----a-w- c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]

2006-09-28 20:02 43520 ----a-w- c:\program files\BitTorrent\bittorrent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]

2008-04-14 20:51 15360 ------w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]

2008-11-12 14:27 133104 ----atw- c:\documents and settings\Fijołek Robert\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan]

2008-07-15 07:39 931248 ----a-w- c:\program files\Internet Download Manager\IDMan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPLA!]

2009-12-23 16:14 14100888 ----a-w- c:\program files\ipla\ipla.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]

2005-08-11 14:30 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LGMobileSyncLauncher]

2009-02-11 08:48 4337664 ----a-w- c:\program files\LG PC Suite II\LG_MobileSync_Launcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

2008-04-14 20:51 1695232 ------w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

2001-07-09 09:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]

2009-03-15 10:15 180224 ----a-w- c:\program files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

2003-10-31 17:42 32768 ----a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]

2006-11-23 23:06 487424 ----a-r- c:\program files\Sony Ericsson\Mobile3\Application Launcher\Application Launcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StormCodec_Helper]

2005-03-24 12:52 94770 ----a-w- c:\program files\Ringz Studio\Storm Codec\StormSet.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2008-11-17 18:09 136600 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

2008-12-21 12:51 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\system32\sessmgr.exe"=

"c:\WINDOWS\system32\CNAC4RPK.EXE"=

"c:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"=

"c:\Program Files\Microsoft Office\Office12\GROOVE.EXE"=

"c:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"=

"c:\WINDOWS\system32\PnkBstrA.exe"=

"c:\WINDOWS\system32\PnkBstrB.exe"=

"c:\Program Files\uTorrent\uTorrent.exe"=

"c:\Program Files\BitTorrent\bittorrent.exe"=

"d:\GRY\PES 2009\pes2009.exe"=

"c:\Program Files\FlashFXP\FlashFXP.exe"=

"c:\Program Files\PPMate\ppmate.exe"=

"c:\Program Files\PPMate\ppamnet.exe"=

"%windir%\Network Diagnostic\xpnetdiag.exe"=

"c:\Program Files\TeamViewer\Version4\TeamViewer.exe"=

"c:\Program Files\Bonjour\mDNSResponder.exe"=

"d:\GRY\Pes 10\pes2010.exe"=

"c:\Program Files\Skype\Phone\Skype.exe"=

"d:\GRY\GTA 4\Rockstar Games Social Club\RGSCLauncher.exe"=

"d:\GRY\GTA 4\Grand Theft Auto IV\LaunchGTAIV.exe"=

"c:\Program Files\MiniRacingOnline\MiniRacingOnLine.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"8461:TCP"= 8461:TCP:GoD High Port

"8462:TCP"= 8462:TCP:GoD Low Port

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015

"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016

"500:UDP"= 500:UDP:@xpsp2res.dll,-22017

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2000-07-27 685816]

R0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\system32\drivers\xfilt.sys [2008-10-12 17920]

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-02-06 78416]

R1 LUMDriver;LUMDriver;c:\windows\system32\drivers\LUMDriver.sys [2007-04-24 16688]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-02-06 20560]

R2 cpuz132;cpuz132;c:\windows\system32\drivers\cpuz132_x32.sys [2008-10-12 12672]

R3 bbcap;bbcap;c:\windows\system32\drivers\bbcap.sys [2008-12-06 4096]

S2 vnccom;vnccom;c:\windows\system32\drivers\vnccom.SYS [2009-02-09 6016]

S3 96EW;96EW Filter;c:\windows\system32\drivers\96EW.sys [2009-06-23 20480]

S3 NETIMFLT;PANDA NDIS IM Filter Miniport;c:\windows\system32\DRIVERS\netimflt.sys -- c:\windows\system32\DRIVERS\netimflt.sys [?]

S3 SetupNTGLM7X;SetupNTGLM7X;\??\e:\ntglm7x.sys -- e:\NTGLM7X.sys [?]

S3 SQLAgent$AUTODESKVAULT;SQLAgent$AUTODESKVAULT;c:\mssql$autodeskvault\Binn\sqlagent.EXE -i AUTODESKVAULT -- c:\mssql$autodeskvault\Binn\sqlagent.EXE -i AUTODESKVAULT [?]

.

Zawartość folderu 'Zaplanowane zadania'

2010-01-30 c:\windows\Tasks\User_Feed_Synchronization-{44927E81-EB1C-4252-8766-EB7FB32E426A}.job

  • c:\windows\system32\msfeedssync.exe [2009-03-08 03:31]

.

.

------- Skan uzupełniający -------

.

uStart Page = hxxp://www.tattoodle.com?tid={3D1743BE-B6FC-4ce3-A768-8D07C003AB52}

uSearchMigratedDefaultUrl = hxxp://www.mywebsearch.com/jsp/cfg_redi ... searchfor={searchTerms}

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = ;*.local

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Search - http://edits.mywebsearch.com/toolbaredits/...html?p=ZRfox000

IE: Winamp Search - c:\documents and settings\All Users\Dane aplikacji\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html

IE: Eksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: Ściągnij przez IDM - c:\program files\Internet Download Manager\IEExt.htm

IE: Ściągnij wszystkie linki przez IDM - c:\program files\Internet Download Manager\IEGetAll.htm

IE: Ściągnij zawartość wideo FLV przez IDM - c:\program files\Internet Download Manager\IEGetVL.htm

TCP: {5CDA8B3F-8D6E-40AC-824E-602355EDE539} = 82.160.1.1,213.199.225.14

FF - ProfilePath - c:\documents and settings\Fijołek Robert\Dane aplikacji\Mozilla\Firefox\Profiles\o867gjje.default\

FF - prefs.js: browser.search.defaulturl - hxxp://www.fastbrowsersearch.com/result ... EFv=19q=

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - [spam].com

FF - prefs.js: keyword.URL - hxxp://www.fastbrowsersearch.com/result ... v=19tid={FF2EE799-C345-DF65-9961-4C15B38583AD}q=

FF - component: c:\documents and settings\Fijołek Robert\Dane aplikacji\IDM\idmmzcc2\components\idmmzcc.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\NPDARTS.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npganymedenet.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMAKAOV2.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMyWebS.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\NPROULETTE.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\NPSLOTS90.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\NPWORDS.dll

.

  • USUNIĘTO PUSTE WPISY - - - -

BHO-{8A9D74F9-560B-4FE7-ABEB-3B2E638E5CD6} - c:\program files\SGPSA\SearchAssistant.dll

BHO-{F0626A63-410B-45E2-99A1-3F2475B2D695} - c:\program files\SGPSA\BHO.dll

MSConfigStartUp-AdobeUpdater6 - c:\program files\Common Files\Adobe\Updater6\Adobe_Updater.exe

MSConfigStartUp-Anti Mosquito - c:\documents and settings\Fijołek Robert\Moje dokumenty\Downloads\Programs\Anti_Mosquito.exe

MSConfigStartUp-FBSearch - c:\program files\Search Guard Plus\SearchGuardPlus.exe

MSConfigStartUp-ISUSPM Startup - c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

MSConfigStartUp-SGPUpdater - c:\program files\Search Guard PlusU\sgpUpdaters.exe

AddRemove-Lekarz domowy_is1 - c:\program files\Lekarz domowy\unins000.exe

AddRemove-Logomocja-Imagine Demo_is1 - c:\program files\Logomocja Demo\unins000.exe

AddRemove-F-1 Mania 2008 - d:\gry\f1 mania 2008 PRO\Uninstall.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-01-30 12:44

Windows 5.1.2600 Dodatek Service Pack 3 NTFS

skanowanie ukrytych procesów ...

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ...

skanowanie pomyślnie ukończone

ukryte pliki: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully

user: MBR read successfully

called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys xfilt.sys ACPI.sys hal.dll atapi.sys sptd.sys UNKNOWN [0x86F868AC]

kernel: MBR read successfully

detected MBR rootkit hooks:

\Driver\Disk - CLASSPNP.SYS @ 0xf75a5f28

\Driver\ACPI - ACPI.sys @ 0xf7316cb8

\Driver\atapi - atapi.sys @ 0xf72abb40

IoDeviceObjectType - DeleteProcedure - ntkrnlpa.exe @ 0x80579022

ParseProcedure - ntkrnlpa.exe @ 0x80577c84

\Device\Harddisk0\DR0 - DeleteProcedure - ntkrnlpa.exe @ 0x80579022

ParseProcedure - ntkrnlpa.exe @ 0x80577c84

NDIS: VIA Rhine II Fast Ethernet Adapter - SendCompleteHandler - NDIS.sys @ 0xf71b4bb0

PacketIndicateHandler - NDIS.sys @ 0xf71c1a21

SendHandler - NDIS.sys @ 0xf719f87b

user kernel MBR OK

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySql]

"ImagePath"="c:\usr/MYSQL/bin/mysqld.exe"

.

--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------

[HKEY_USERS\S-1-5-21-1004336348-1035525444-839522115-1006\Software\SecuROM\License information*]

"datasecu"=hex:c9,b9,0f,e6,01,63,95,c9,6f,d0,c6,73,53,57,f6,5f,87,8e,aa,87,43,

f3,d7,c5,84,44,51,57,60,98,9f,77,ab,d0,06,3c,7a,8c,06,99,c9,9d,76,f3,14,1a,\

"rkeysecu"=hex:bb,48,d0,9f,2e,ff,c4,b9,37,18,14,34,cd,87,7b,29

[HKEY_LOCAL_MACHINE\software\Classes\CLSID{187551b6-92dc-4877-8c37-81d1c1b92a9d}]

@Denied: (Full) (Everyone)

"Model"=dword:0000007c

"Therad"=dword:0000000f

[HKEY_LOCAL_MACHINE\software\Classes\CLSID{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]

@Denied: (Full) (Everyone)

"scansk"=hex(0):a4,0a,bb,68,fa,b9,60,9b,20,83,88,95,8a,07,5a,1c,34,af,bb,a5,be,

5e,66,83,8b,19,da,b7,f9,50,d4,02,bb,c2,7d,fc,5a,cc,5b,bd,00,00,00,00,00,00,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]

@Denied: (Full) (Everyone)

"scansk"=hex(0):62,fc,e0,e1,d1,82,b7,42,73,2e,b5,91,2e,00,87,dc,67,3c,55,44,49,

e4,db,19,fb,37,11,0e,bd,cd,ba,72,51,e4,69,62,c5,e7,49,2c,00,00,00,00,00,00,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID{a55dc99c-44f1-4637-a19f-d03bef39c97b}]

@Denied: (Full) (Everyone)

"Model"=dword:0000015b

"Therad"=dword:00000030

"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,

38,95,44,85,b1,12,f9,90,dd,23,a1,49,8c,bf,1a,9d,fe,41,71,cb,3f,46,a4,7c,ab,\

.

--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------

  • 'winlogon.exe'(972)

c:\windows\system32\Ati2evxx.dll

  • 'explorer.exe'(1516)

c:\program files\Internet Download Manager\idmmkb.dll

c:\windows\system32\msi.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

c:\program files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll

c:\program files\Internet Download Manager\IDMIECC.dll

c:\program files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

c:\program files\Microsoft Office\Office12\1045\GrooveIntlResource.dll

.

------------------------ Pozostałe uruchomione procesy ------------------------

.

c:\windows\system32\Ati2evxx.exe

c:\windows\system32\Ati2evxx.exe

c:\program files\Alwil Software\Avast4\aswUpdSv.exe

c:\program files\Alwil Software\Avast4\ashServ.exe

d:\instalowane\Program inventor\Data Management Server 5\Server\Dispatch\Connectivity.WindowsService.JobDispatch.exe

c:\windows\RTHDCPL.EXE

d:\instalowane\Program inventor\Data Management Server 5\Server\Webserver\Connectivity.EDMWS.Server.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\windows\system32\drivers\CDAC11BA.EXE

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

c:\mssql$autodeskvault\Binn\sqlservr.exe

c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe

c:\usr\MYSQL\bin\mysqld.exe

c:\program files\Eset\nod32krn.exe

c:\windows\system32\PnkBstrA.exe

c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe

c:\windows\system32\CNAC4RPK.EXE

c:\program files\Alwil Software\Avast4\ashMaiSv.exe

c:\windows\system32\wscntfy.exe

c:\program files\Alwil Software\Avast4\ashWebSv.exe

c:\program files\Nowe Gadu-Gadu\spellchecker_gg.exe

c:\program files\Internet Download Manager\IEMonitor.exe

c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

.

**************************************************************************

.

Czas ukończenia: 2010-01-30 12:53:04 - komputer został uruchomiony ponownie

ComboFix-quarantined-files.txt 2010-01-30 11:52

ComboFix2.txt 2009-04-13 19:42

ComboFix3.txt 2009-01-10 06:52

ComboFix4.txt 2008-12-11 12:23

ComboFix5.txt 2010-01-30 11:27

Przed: 4 075 298 816 bajtów wolnych

Po: 9 101 119 488 bajtów wolnych

WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer

  • End Of File - - 7D474BB6A9BA8B9B579E4366954CD90B

logi z hijack-a:

[\*]

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 19:03:19, on 2010-01-30

Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

D:\instalowane\Program inventor\Data Management Server 5\Server\Dispatch\Connectivity.WindowsService.JobDispatch.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

D:\instalowane\Program inventor\Data Management Server 5\Server\Webserver\Connectivity.EDMWS.Server.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Nowe Gadu-Gadu\gg.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Internet Download Manager\IDMan.exe

C:\WINDOWS\system32\drivers\CDAC11BA.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe

C:\Program Files\Thoosje Vista Sidebar\Thoosje Vista Sidebar.exe

C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe

C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe

C:\Program Files\Nowe Gadu-Gadu\spellchecker_gg.exe

C:\MSSQL$AUTODESKVAULT\Binn\sqlservr.exe

c:\usr\MYSQL\bin\mysqld.exe

C:\Program Files\Eset\nod32krn.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\CNAC4RPK.EXE

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Internet Download Manager\IEMonitor.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Opera\opera.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\xfoil6.96\bin\xfoil.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\flexlm\lmgrd.exe

C:\flexlm\msc.exe

C:\Program Files\WinRAR\WinRAR.exe

C:\DOCUME~1\FIJOEK~1\USTAWI~1\Temp\Rar$EX00.015\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tattoodle.com?tid={3D1743BE-B6F...8-8D07C003AB52}

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll

R3 - URLSearchHook: Mininova Toolbar - {f592709f-ff4a-4862-b659-4afabda56312} - C:\Program Files\Mininova\tbMin0.dll

R3 - URLSearchHook: Free Lunch Design Toolbar - {57cc715d-37ca-44e4-9ec2-8c2cbddb25ec} - C:\Program Files\Free_Lunch_Design\tbFre0.dll

O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll

O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll

O2 - BHO: Free Lunch Design Toolbar - {57cc715d-37ca-44e4-9ec2-8c2cbddb25ec} - C:\Program Files\Free_Lunch_Design\tbFre0.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL

O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: Scour Toolbar - {A057A204-BACC-4D26-9A9E-3AF287E2699B} - C:\PROGRA~1\SCOURT~1\SCOURT~1.DLL

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll

O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: Mininova Toolbar - {f592709f-ff4a-4862-b659-4afabda56312} - C:\Program Files\Mininova\tbMin0.dll

O2 - BHO: XBTBPos00 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll (file missing)

O3 - Toolbar: Mininova Toolbar - {f592709f-ff4a-4862-b659-4afabda56312} - C:\Program Files\Mininova\tbMin0.dll

O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll

O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O3 - Toolbar: Free Lunch Design Toolbar - {57cc715d-37ca-44e4-9ec2-8c2cbddb25ec} - C:\Program Files\Free_Lunch_Design\tbFre0.dll

O3 - Toolbar: Scour Toolbar - {A057A204-BACC-4D26-9A9E-3AF287E2699B} - C:\PROGRA~1\SCOURT~1\SCOURT~1.DLL

O3 - Toolbar: Fast Browser Search Toolbar - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll (file missing)

O4 - HKLM..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKCU..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKCU..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray

O4 - HKCU..\Run: [RGSC] D:\GRY\GTA 4\Rockstar Games Social Club\RGSCLauncher.exe /silent

O4 - HKCU..\Run: [DLD.EXE] C:\Program Files\Download Direct\DLD.exe

O4 - HKCU..\Run: [Nowe Gadu-Gadu] "C:\Program Files\Nowe Gadu-Gadu\gg.exe"

O4 - HKCU..\Run: [iDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot

O4 - HKCU..\Run: [VS Online] "C:\Program Files\VS Online\VSOnline.exe" /tray

O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS.DEFAULT..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe

O4 - Startup: Thoosje Vista Sidebar.lnk = C:\Program Files\Thoosje Vista Sidebar\Thoosje Vista Sidebar.exe

O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe

O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe

O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe

O8 - Extra context menu item: Winamp Search - C:\Documents and Settings\All Users\Dane aplikacji\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html

O8 - Extra context menu item: Eksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Ściągnij przez IDM - C:\Program Files\Internet Download Manager\IEExt.htm

O8 - Extra context menu item: Ściągnij wszystkie linki przez IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm

O8 - Extra context menu item: Ściągnij zawartość wideo FLV przez IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm

O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab_srl.cab

O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O17 - HKLM\System\CCS\Services\Tcpip..{5CDA8B3F-8D6E-40AC-824E-602355EDE539}: NameServer = 82.160.1.1,213.199.225.14

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Autodesk Data Management Job Dispatch - Autodesk Inc - D:\instalowane\Program inventor\Data Management Server 5\Server\Dispatch\Connectivity.WindowsService.JobDispatch.exe

O23 - Service: Autodesk EDM Server - - D:\instalowane\Program inventor\Data Management Server 5\Server\Webserver\Connectivity.EDMWS.Server.exe

O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: MySql - Unknown owner - c:\usr/MYSQL/bin/mysqld.exe

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--

End of file - 12341 bytes

-- Dodane 31.01.2010 (N) 15:09 --

pomorze ktos???


(K M K2) #2

1.Takie logi wklejamy na wklej.org albo wklej.to

  1. Prawdopodobnie program jest na wersję x64 / został niepoprawnie napisany

3.Sprawdź, czy działa na innym komputerze.


(Reksio009) #3

Pobierz http://www.dobreprogramy.pl/Malwarebyte ... 13117.html i przeskanuj jeszcze raz komputer.

Użyj też kontrolera plików systemowych i przeskanuj system.


(Pawelziom93) #4

juz to probowalem, ale nie pomoglo.


(Reksio009) #5

Pamięci ram sprawdź jeszcze.