Witam! po uruchomieniu windows XP wyskakują mi okienka “wystąpił problem z aplikacją i zostanie ona zamknięta” np. bitlord ,PowerDVD itd., skutkuje to tym iż nie mogę ich otworzyć. Mój brat instalował jakieś klucze do programów no i kłopot gotowy .Pewnie jakiś syf dostał się do systemu. proszę o pomoc, wstawiam logi z combo fix i HJT.
ComboFix 09-07-29.04 - Właściciel 2009-08-01 15:23.4.3 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1250.48.1045.18.3071.2284 [GMT 2:00] Uruchomiony z: d:\programy\ComboFix.exe AV: ESET NOD32 Antivirus 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} . ((((((((((((((((((((((((( Pliki utworzone od 2009-07-01 do 2009-08-01 ))))))))))))))))))))))))))))))) . 2009-08-01 11:46 . 2009-08-01 11:46 -------- d-----w- c:\windows\SxsCaPendDel 2009-08-01 11:43 . 2009-08-01 11:43 -------- d-----w- c:\program files\CCleaner 2009-08-01 11:34 . 2009-08-01 11:34 -------- d-----w- c:\program files\Uniblue 2009-07-30 20:06 . 2009-07-03 14:49 15688 ----a-w- c:\windows\system32\lsdelete.exe 2009-07-30 20:01 . 2009-07-03 14:49 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys 2009-07-30 20:01 . 2009-07-30 20:01 -------- dc-h–w- c:\documents and settings\All Users\Dane aplikacji{EF63305C-BAD7-4144-9208-D65528260864} 2009-07-30 20:01 . 2009-07-08 17:28 2920112 -c–a-w- c:\documents and settings\All Users\Dane aplikacji{EF63305C-BAD7-4144-9208-D65528260864}\Ad-AwareAE.exe 2009-07-30 20:01 . 2009-07-30 20:01 -------- d-----w- c:\program files\Lavasoft 2009-07-30 20:01 . 2009-07-30 20:01 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Lavasoft 2009-07-30 18:02 . 2009-02-09 11:26 2190336 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe 2009-07-30 18:02 . 2009-02-09 11:26 2146816 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe 2009-07-30 18:02 . 2009-02-09 11:26 2025472 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe 2009-07-30 17:38 . 2008-10-24 11:21 455296 -c----w- c:\windows\system32\dllcache\mrxsmb.sys 2009-07-30 17:24 . 2008-06-14 17:36 273024 -c----w- c:\windows\system32\dllcache\bthport.sys 2009-07-30 17:24 . 2008-06-14 17:36 273024 ------w- c:\windows\system32\drivers\bthport.sys 2009-07-30 15:55 . 2009-07-30 15:55 23 --sha-w- c:\windows\system32\edacded0.dat 2009-07-30 15:55 . 2009-07-30 15:55 -------- d-----w- c:\program files\jv16 PowerTools 2009 2009-07-30 15:37 . 2009-07-30 15:37 -------- d-----w- c:\program files\Trend Micro . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-08-01 11:46 . 2009-01-08 19:01 -------- d-----w- c:\program files\Common Files\ACD Systems 2009-08-01 11:46 . 2009-01-08 19:01 -------- d-----w- c:\program files\ACD Systems 2009-08-01 11:45 . 2009-01-08 19:01 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\ACD Systems 2009-07-30 20:45 . 2008-04-15 12:00 74230 ----a-w- c:\windows\system32\perfc015.dat 2009-07-30 20:45 . 2008-04-15 12:00 448004 ----a-w- c:\windows\system32\perfh015.dat 2009-07-30 20:45 . 2008-12-17 07:51 -------- d-----w- c:\program files\NAPI-PROJEKT 2009-07-30 20:45 . 2008-12-17 07:51 -------- d-----w- c:\program files\ALLPlayer 2009-07-30 20:29 . 2009-07-30 20:29 -------- d-----w- c:\program files\MSXML 4.0 2009-07-30 18:43 . 2009-01-03 15:41 -------- d-----w- c:\program files\Zylom Games 2009-07-30 18:42 . 2009-01-26 12:27 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2009-07-30 17:45 . 2009-03-21 12:40 -------- d-----w- c:\program files\PRO100 Demo 2009-07-30 17:06 . 2008-12-16 15:34 -------- d-----w- c:\program files\Neostrada TP 2009-07-30 15:07 . 2008-12-16 17:19 -------- d-----w- c:\program files\BitLord 2009-07-29 11:02 . 2009-02-18 18:57 -------- d-----w- c:\program files\IrfanView 2009-07-29 11:02 . 2009-01-21 17:53 -------- d-----w- c:\program files\DAEMON Tools Lite 2009-07-27 17:12 . 2009-07-27 17:12 361344 ----a-w- c:\windows\system32\drivers\TCPIP.SYS.ORIGINAL 2009-06-26 16:51 . 2008-04-15 12:00 669184 ----a-w- c:\windows\system32\wininet.dll 2009-06-26 16:51 . 2008-04-15 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll 2009-06-25 15:22 . 2008-12-19 09:10 -------- d-----w- c:\program files\Wru 2009-06-16 14:40 . 2008-04-15 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll 2009-06-16 14:40 . 2008-04-15 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll 2009-06-07 11:11 . 2008-12-19 14:10 -------- d-----w- c:\program files\Gadu-Gadu 2009-06-03 19:11 . 2008-04-15 12:00 1294848 ----a-w- c:\windows\system32\quartz.dll 2009-05-14 13:49 . 2009-05-14 13:49 94360 ----a-w- c:\windows\system32\drivers\epfwtdir.sys 2009-05-14 13:47 . 2009-05-14 13:47 107256 ----a-w- c:\windows\system32\drivers\ehdrv.sys 2009-05-14 13:41 . 2009-05-14 13:41 114472 ----a-w- c:\windows\system32\drivers\eamon.sys 2009-05-07 15:34 . 2008-04-15 12:00 347648 ----a-w- c:\windows\system32\localspl.dll 2009-02-16 19:50 . 2009-02-16 19:43 36052957 ----a-w- c:\program files\acdsee.exe.part 2009-02-16 19:43 . 2009-02-16 19:43 0 ----a-w- c:\program files\acdsee.exe 2008-12-16 15:59 . 2008-12-16 15:58 18108928 ----a-w- c:\program files\nod 32.msi 2007-10-14 10:11 . 2009-04-20 17:03 135495680 ----a-w- c:\program files\I.D.S…iso 2009-07-26 16:28 . 2009-04-28 19:48 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll . ((((((((((((((((((((((((((((( SnapShot@2009-07-30_18.52.44 ))))))))))))))))))))))))))))))))))))))))) . + 2008-07-29 06:05 . 2008-07-29 06:05 62976 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90rus.dll + 2008-07-29 06:05 . 2008-07-29 06:05 46080 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90kor.dll + 2008-07-29 06:05 . 2008-07-29 06:05 46592 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90jpn.dll + 2008-07-29 06:05 . 2008-07-29 06:05 64512 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90ita.dll + 2008-07-29 06:05 . 2008-07-29 06:05 66048 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90fra.dll + 2008-07-29 06:05 . 2008-07-29 06:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esp.dll + 2008-07-29 06:05 . 2008-07-29 06:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esn.dll + 2008-07-29 06:05 . 2008-07-29 06:05 56832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90enu.dll + 2008-07-29 06:05 . 2008-07-29 06:05 66560 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90deu.dll + 2008-07-29 06:05 . 2008-07-29 06:05 39936 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90cht.dll + 2008-07-29 06:05 . 2008-07-29 06:05 38912 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90chs.dll + 2008-07-29 04:07 . 2008-07-29 04:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90u.dll + 2008-07-29 04:07 . 2008-07-29 04:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90.dll + 2008-07-29 04:07 . 2008-07-29 04:07 80896 c:\windows\WinSxS\x86_Microsoft.VC90.DebugMFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_c94a3a24\mfcm90ud.dll + 2008-07-29 04:07 . 2008-07-29 04:07 80896 c:\windows\WinSxS\x86_Microsoft.VC90.DebugMFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_c94a3a24\mfcm90d.dll + 2008-09-30 14:45 . 2008-09-30 14:45 91656 c:\windows\WinSxS\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.1.0_x-ww_2a41bceb\msxml4r.dll + 2009-08-01 12:25 . 2009-08-01 12:25 16384 c:\windows\Temp\Perflib_Perfdata_728.dat + 2008-04-15 12:00 . 2008-05-09 10:56 90112 c:\windows\system32\wshext.dll - 2008-04-15 12:00 . 2008-04-15 12:00 90112 c:\windows\system32\wshext.dll + 2008-04-15 12:00 . 2008-10-23 10:06 62976 c:\windows\system32\tzchange.exe + 2008-12-13 11:44 . 2008-07-09 07:57 26488 c:\windows\system32\spupdsvc.exe + 2008-12-13 11:44 . 2007-11-30 11:21 19320 c:\windows\system32\spmsg.dll + 2008-04-15 12:00 . 2009-02-03 19:58 56832 c:\windows\system32\secur32.dll + 2008-04-15 12:00 . 2009-02-06 10:39 35328 c:\windows\system32\sc.exe - 2008-04-15 12:00 . 2009-03-29 07:15 58596 c:\windows\system32\perfc009.dat + 2008-04-15 12:00 . 2009-07-30 20:45 58596 c:\windows\system32\perfc009.dat + 2008-12-12 14:37 . 2008-06-12 14:23 91648 c:\windows\system32\mtxoci.dll - 2008-12-12 14:37 . 2008-04-15 12:00 91648 c:\windows\system32\mtxoci.dll - 2008-04-15 12:00 . 2008-04-15 12:00 66560 c:\windows\system32\mtxclu.dll + 2008-04-15 12:00 . 2008-06-12 14:23 66560 c:\windows\system32\mtxclu.dll - 2008-12-12 14:37 . 2008-04-15 12:00 58880 c:\windows\system32\msdtclog.dll + 2008-12-12 14:37 . 2008-06-12 14:23 58880 c:\windows\system32\msdtclog.dll + 2008-04-15 12:00 . 2008-06-24 16:46 74240 c:\windows\system32\mscms.dll + 2006-01-03 23:14 . 2006-01-03 23:14 20480 c:\windows\system32\Macromed\Flash\UninstFl.exe + 2006-01-21 14:01 . 2006-01-21 14:01 25088 c:\windows\system32\Macromed\Flash\genuinst.exe + 2008-04-15 12:00 . 2008-06-10 07:17 96768 c:\windows\system32\logagent.exe - 2008-04-15 12:00 . 2004-08-11 00:45 96768 c:\windows\system32\logagent.exe + 2009-07-30 20:01 . 2009-07-03 14:49 64160 c:\windows\system32\DRVSTORE\lbd_4C6E0193F967021F4DECA024CA3950BECD8BF864\Lbd.sys - 2008-04-15 12:00 . 2008-04-15 12:00 90112 c:\windows\system32\dllcache\wshext.dll + 2008-04-15 12:00 . 2008-05-09 10:56 90112 c:\windows\system32\dllcache\wshext.dll + 2008-04-15 12:00 . 2009-02-03 19:58 56832 c:\windows\system32\dllcache\secur32.dll + 2008-04-15 12:00 . 2009-02-06 10:39 35328 c:\windows\system32\dllcache\sc.exe - 2008-12-12 14:37 . 2008-04-15 12:00 91648 c:\windows\system32\dllcache\mtxoci.dll + 2008-12-12 14:37 . 2008-06-12 14:23 91648 c:\windows\system32\dllcache\mtxoci.dll - 2008-04-15 12:00 . 2008-04-15 12:00 66560 c:\windows\system32\dllcache\mtxclu.dll + 2008-04-15 12:00 . 2008-06-12 14:23 66560 c:\windows\system32\dllcache\mtxclu.dll + 2008-12-12 14:37 . 2008-06-12 14:23 58880 c:\windows\system32\dllcache\msdtclog.dll - 2008-12-12 14:37 . 2008-04-15 12:00 58880 c:\windows\system32\dllcache\msdtclog.dll + 2008-04-15 12:00 . 2008-06-24 16:46 74240 c:\windows\system32\dllcache\mscms.dll - 2008-04-15 12:00 . 2004-08-11 00:45 96768 c:\windows\system32\dllcache\logagent.exe + 2008-04-15 12:00 . 2008-06-10 07:17 96768 c:\windows\system32\dllcache\logagent.exe + 2008-04-15 12:00 . 2009-06-26 16:51 81920 c:\windows\system32\dllcache\ieencode.dll - 2008-04-15 12:00 . 2008-04-15 12:00 81920 c:\windows\system32\dllcache\ieencode.dll + 2008-04-15 12:00 . 2009-06-16 14:40 81920 c:\windows\system32\dllcache\fontsub.dll - 2008-12-12 14:44 . 2008-12-12 14:44 32768 c:\windows\system32\config\systemprofile\Ustawienia lokalne\Temporary Internet Files\Content.IE5\index.dat + 2008-12-12 14:44 . 2009-07-30 20:16 32768 c:\windows\system32\config\systemprofile\Ustawienia lokalne\Temporary Internet Files\Content.IE5\index.dat - 2008-12-12 14:44 . 2008-12-12 14:44 32768 c:\windows\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\index.dat + 2008-12-12 14:44 . 2009-07-30 20:16 32768 c:\windows\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\index.dat - 2008-12-12 14:44 . 2008-12-12 14:44 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat + 2008-12-12 14:44 . 2009-07-30 20:16 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat + 2009-07-30 20:29 . 2009-07-30 20:29 32768 c:\windows\Installer{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}\icon.exe + 2008-05-05 05:25 . 2008-05-05 05:25 3072 c:\windows\system32\xpsp4res.dll + 2008-07-29 06:05 . 2008-07-29 06:05 875520 c:\windows\WinSxS\x86_Microsoft.VC90.DebugCRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_f863c71f\msvcp90d.dll + 2008-07-29 01:54 . 2008-07-29 01:54 312832 c:\windows\WinSxS\x86_Microsoft.VC90.DebugCRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_f863c71f\msvcm90d.dll + 2008-07-29 06:05 . 2008-07-29 06:05 655872 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcr90.dll + 2008-07-29 06:05 . 2008-07-29 06:05 572928 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcp90.dll + 2008-07-29 01:54 . 2008-07-29 01:54 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcm90.dll + 2008-07-29 06:05 . 2008-07-29 06:05 161784 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_d01483b2\atl90.dll + 2008-04-15 12:00 . 2008-05-08 11:24 155648 c:\windows\system32\wscript.exe - 2008-04-15 12:00 . 2008-04-15 12:00 155648 c:\windows\system32\wscript.exe + 2008-04-15 12:00 . 2007-10-20 04:01 227328 c:\windows\system32\wmasf.dll + 2008-04-15 12:00 . 2008-12-16 12:32 354304 c:\windows\system32\winhttp.dll - 2008-04-15 12:00 . 2008-04-15 12:00 354304 c:\windows\system32\winhttp.dll + 2008-12-12 14:37 . 2009-02-06 10:10 227840 c:\windows\system32\wbem\wmiprvse.exe + 2008-12-12 14:37 . 2009-02-09 10:53 453120 c:\windows\system32\wbem\wmiprvsd.dll + 2008-12-12 14:37 . 2009-02-09 10:53 473600 c:\windows\system32\wbem\fastprox.dll + 2008-04-15 12:00 . 2008-05-09 10:56 430080 c:\windows\system32\vbscript.dll + 2008-04-15 12:00 . 2009-06-26 16:51 620032 c:\windows\system32\urlmon.dll + 2008-04-15 12:00 . 2008-10-03 10:04 247326 c:\windows\system32\strmdll.dll + 2008-04-15 12:00 . 2009-02-09 11:25 111104 c:\windows\system32\services.exe + 2008-04-15 12:00 . 2008-05-09 10:56 172032 c:\windows\system32\scrrun.dll - 2008-04-15 12:00 . 2008-04-15 12:00 172032 c:\windows\system32\scrrun.dll + 2008-04-15 12:00 . 2008-05-09 10:56 180224 c:\windows\system32\scrobj.dll - 2008-04-15 12:00 . 2008-04-15 12:00 180224 c:\windows\system32\scrobj.dll + 2008-04-15 12:00 . 2008-12-05 06:57 144896 c:\windows\system32\schannel.dll + 2008-04-15 12:00 . 2009-02-09 10:53 401408 c:\windows\system32\rpcss.dll + 2008-04-15 12:00 . 2009-04-15 14:54 585216 c:\windows\system32\rpcrt4.dll - 2008-04-15 12:00 . 2009-03-29 07:15 392296 c:\windows\system32\perfh009.dat + 2008-04-15 12:00 . 2009-07-30 20:45 392296 c:\windows\system32\perfh009.dat - 2008-04-15 12:00 . 2008-04-15 12:00 285696 c:\windows\system32\pdh.dll + 2008-04-15 12:00 . 2009-03-06 14:22 285696 c:\windows\system32\pdh.dll + 2008-04-15 12:00 . 2009-02-09 10:53 722944 c:\windows\system32\ntdll.dll + 2008-04-15 12:00 . 2008-10-15 16:36 337408 c:\windows\system32\netapi32.dll - 2008-04-15 12:00 . 2008-04-15 12:00 337408 c:\windows\system32\netapi32.dll - 2008-04-15 12:00 . 2008-04-15 12:00 246784 c:\windows\system32\mswsock.dll + 2008-04-15 12:00 . 2008-06-20 17:48 246784 c:\windows\system32\mswsock.dll - 2008-12-12 14:37 . 2008-04-15 12:00 161792 c:\windows\system32\msdtcuiu.dll + 2008-12-12 14:37 . 2008-06-12 14:23 161792 c:\windows\system32\msdtcuiu.dll + 2008-12-12 14:37 . 2008-06-12 14:23 956928 c:\windows\system32\msdtctm.dll - 2008-12-12 14:37 . 2008-04-15 12:00 956928 c:\windows\system32\msdtctm.dll + 2008-12-12 14:37 . 2008-06-12 14:23 428032 c:\windows\system32\msdtcprx.dll + 2008-04-15 12:00 . 2009-02-09 10:53 731136 c:\windows\system32\lsasrv.dll + 2008-04-15 12:00 . 2008-05-09 10:56 512000 c:\windows\system32\jscript.dll - 2008-04-15 12:00 . 2008-04-15 12:00 512000 c:\windows\system32\jscript.dll + 2008-12-12 14:39 . 2008-04-11 19:06 691712 c:\windows\system32\inetcomm.dll - 2008-12-12 14:39 . 2008-04-15 12:00 691712 c:\windows\system32\inetcomm.dll + 2008-04-15 12:00 . 2008-10-23 12:42 286720 c:\windows\system32\gdi32.dll - 2008-12-12 15:32 . 2009-02-08 20:14 113376 c:\windows\system32\FNTCACHE.DAT + 2008-12-12 15:32 . 2009-07-30 20:41 113376 c:\windows\system32\FNTCACHE.DAT + 2008-04-15 12:00 . 2008-07-07 20:29 253952 c:\windows\system32\es.dll + 2008-04-15 12:00 . 2008-06-20 11:08 225856 c:\windows\system32\drivers\tcpip6.sys + 2008-04-15 12:00 . 2008-06-20 11:51 361600 c:\windows\system32\drivers\tcpip.sys + 2008-04-15 12:00 . 2008-12-11 10:57 333952 c:\windows\system32\drivers\srv.sys + 2008-04-15 12:00 . 2008-05-08 14:02 203136 c:\windows\system32\drivers\rmcast.sys + 2008-04-15 12:00 . 2008-10-24 11:21 455296 c:\windows\system32\drivers\mrxsmb.sys + 2008-04-15 12:00 . 2008-08-14 10:04 138496 c:\windows\system32\drivers\afd.sys + 2008-04-15 12:00 . 2008-06-20 17:48 147968 c:\windows\system32\dnsapi.dll - 2008-04-15 12:00 . 2008-04-15 12:00 147968 c:\windows\system32\dnsapi.dll + 2008-04-15 12:00 . 2008-05-08 11:24 155648 c:\windows\system32\dllcache\wscript.exe - 2008-04-15 12:00 . 2008-04-15 12:00 155648 c:\windows\system32\dllcache\wscript.exe + 2008-12-12 14:38 . 2008-04-21 21:16 218112 c:\windows\system32\dllcache\wordpad.exe + 2008-12-12 14:37 . 2009-02-06 10:10 227840 c:\windows\system32\dllcache\wmiprvse.exe + 2008-12-12 14:37 . 2009-02-09 10:53 453120 c:\windows\system32\dllcache\wmiprvsd.dll + 2008-04-15 12:00 . 2007-10-20 04:01 227328 c:\windows\system32\dllcache\wmasf.dll + 2008-04-15 12:00 . 2009-06-26 16:51 669184 c:\windows\system32\dllcache\wininet.dll + 2008-04-15 12:00 . 2008-12-16 12:32 354304 c:\windows\system32\dllcache\winhttp.dll - 2008-04-15 12:00 . 2008-04-15 12:00 354304 c:\windows\system32\dllcache\winhttp.dll + 2008-04-15 12:00 . 2008-05-09 10:56 430080 c:\windows\system32\dllcache\vbscript.dll + 2008-04-15 12:00 . 2009-06-26 16:51 620032 c:\windows\system32\dllcache\urlmon.dll + 2008-04-15 12:00 . 2008-06-20 11:08 225856 c:\windows\system32\dllcache\tcpip6.sys + 2008-04-15 12:00 . 2008-06-20 11:51 361600 c:\windows\system32\dllcache\tcpip.sys + 2008-04-15 12:00 . 2009-06-16 14:40 119808 c:\windows\system32\dllcache\t2embed.dll + 2008-04-15 12:00 . 2008-10-03 10:04 247326 c:\windows\system32\dllcache\strmdll.dll + 2008-04-15 12:00 . 2008-12-11 10:57 333952 c:\windows\system32\dllcache\srv.sys + 2008-04-15 12:00 . 2009-02-09 11:25 111104 c:\windows\system32\dllcache\services.exe - 2008-04-15 12:00 . 2008-04-15 12:00 172032 c:\windows\system32\dllcache\scrrun.dll + 2008-04-15 12:00 . 2008-05-09 10:56 172032 c:\windows\system32\dllcache\scrrun.dll + 2008-04-15 12:00 . 2008-05-09 10:56 180224 c:\windows\system32\dllcache\scrobj.dll - 2008-04-15 12:00 . 2008-04-15 12:00 180224 c:\windows\system32\dllcache\scrobj.dll + 2008-04-15 12:00 . 2008-12-05 06:57 144896 c:\windows\system32\dllcache\schannel.dll + 2008-04-15 12:00 . 2009-02-09 10:53 401408 c:\windows\system32\dllcache\rpcss.dll + 2008-04-15 12:00 . 2009-04-15 14:54 585216 c:\windows\system32\dllcache\rpcrt4.dll + 2008-04-15 12:00 . 2008-05-08 14:02 203136 c:\windows\system32\dllcache\rmcast.sys + 2008-04-15 12:00 . 2009-03-06 14:22 285696 c:\windows\system32\dllcache\pdh.dll - 2008-04-15 12:00 . 2008-04-15 12:00 285696 c:\windows\system32\dllcache\pdh.dll + 2008-04-15 12:00 . 2009-02-09 10:53 722944 c:\windows\system32\dllcache\ntdll.dll - 2008-04-15 12:00 . 2008-04-15 12:00 337408 c:\windows\system32\dllcache\netapi32.dll + 2008-04-15 12:00 . 2008-10-15 16:36 337408 c:\windows\system32\dllcache\netapi32.dll - 2008-04-15 12:00 . 2008-04-15 12:00 246784 c:\windows\system32\dllcache\mswsock.dll + 2008-04-15 12:00 . 2008-06-20 17:48 246784 c:\windows\system32\dllcache\mswsock.dll + 2008-12-12 14:37 . 2008-06-12 14:23 161792 c:\windows\system32\dllcache\msdtcuiu.dll - 2008-12-12 14:37 . 2008-04-15 12:00 161792 c:\windows\system32\dllcache\msdtcuiu.dll + 2008-12-12 14:37 . 2008-06-12 14:23 956928 c:\windows\system32\dllcache\msdtctm.dll - 2008-12-12 14:37 . 2008-04-15 12:00 956928 c:\windows\system32\dllcache\msdtctm.dll + 2008-12-12 14:37 . 2008-06-12 14:23 428032 c:\windows\system32\dllcache\msdtcprx.dll - 2008-12-12 14:39 . 2008-04-15 12:00 331776 c:\windows\system32\dllcache\msadce.dll + 2008-12-12 14:39 . 2008-05-01 14:37 331776 c:\windows\system32\dllcache\msadce.dll + 2008-04-15 12:00 . 2009-02-09 10:53 731136 c:\windows\system32\dllcache\lsasrv.dll + 2008-04-15 12:00 . 2009-05-07 15:34 347648 c:\windows\system32\dllcache\localspl.dll - 2008-04-15 12:00 . 2008-04-15 12:00 512000 c:\windows\system32\dllcache\jscript.dll + 2008-04-15 12:00 . 2008-05-09 10:56 512000 c:\windows\system32\dllcache\jscript.dll - 2008-12-12 14:39 . 2008-04-15 12:00 691712 c:\windows\system32\dllcache\inetcomm.dll + 2008-12-12 14:39 . 2008-04-11 19:06 691712 c:\windows\system32\dllcache\inetcomm.dll + 2008-04-15 12:00 . 2008-10-23 12:42 286720 c:\windows\system32\dllcache\gdi32.dll + 2008-12-12 14:37 . 2009-02-09 10:53 473600 c:\windows\system32\dllcache\fastprox.dll + 2008-04-15 12:00 . 2008-07-07 20:29 253952 c:\windows\system32\dllcache\es.dll + 2008-04-15 12:00 . 2008-06-20 17:48 147968 c:\windows\system32\dllcache\dnsapi.dll - 2008-04-15 12:00 . 2008-04-15 12:00 147968 c:\windows\system32\dllcache\dnsapi.dll + 2008-04-15 12:00 . 2008-05-07 09:07 135168 c:\windows\system32\dllcache\cscript.exe + 2008-04-15 12:00 . 2008-08-14 10:04 138496 c:\windows\system32\dllcache\afd.sys + 2008-04-15 12:00 . 2009-02-09 10:53 686592 c:\windows\system32\dllcache\advapi32.dll - 2008-04-15 12:00 . 2008-04-15 12:00 686592 c:\windows\system32\dllcache\advapi32.dll + 2008-04-15 12:00 . 2008-05-07 09:07 135168 c:\windows\system32\cscript.exe + 2008-04-15 12:00 . 2009-02-09 10:53 686592 c:\windows\system32\advapi32.dll - 2008-04-15 12:00 . 2008-04-15 12:00 686592 c:\windows\system32\advapi32.dll + 2009-07-30 20:01 . 2009-07-30 20:01 236032 c:\windows\Installer\5fb137.msi + 2009-07-30 20:29 . 2009-07-30 20:29 432640 c:\windows\Installer\184bd0.msi + 2009-07-30 17:38 . 2008-10-24 11:21 455296 c:\windows\Driver Cache\i386\mrxsmb.sys + 2009-07-30 17:24 . 2008-06-14 17:36 273024 c:\windows\Driver Cache\i386\bthport.sys + 2009-07-30 17:20 . 2008-04-15 17:51 1724416 c:\windows\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.5581_x-ww_dfbc4fc4\GdiPlus.dll + 2008-07-29 06:05 . 2008-07-29 06:05 3783672 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90u.dll + 2008-07-29 06:05 . 2008-07-29 06:05 3768312 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90.dll + 2008-07-29 06:05 . 2008-07-29 06:05 5982720 c:\windows\WinSxS\x86_Microsoft.VC90.DebugMFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_c94a3a24\mfc90ud.dll + 2008-07-29 06:05 . 2008-07-29 06:05 5937144 c:\windows\WinSxS\x86_Microsoft.VC90.DebugMFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_c94a3a24\mfc90d.dll + 2008-07-29 06:05 . 2008-07-29 06:05 1180672 c:\windows\WinSxS\x86_Microsoft.VC90.DebugCRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_f863c71f\msvcr90d.dll + 2008-09-30 14:42 . 2008-09-30 14:42 1286152 c:\windows\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9870.0_x-ww_a32d74cf\msxml4.dll + 2008-04-15 12:00 . 2008-06-10 09:57 2364472 c:\windows\system32\WMVCore.dll + 2008-04-15 12:00 . 2008-06-10 09:37 1026048 c:\windows\system32\WMNetmgr.dll + 2008-04-15 12:00 . 2009-04-19 19:51 1847424 c:\windows\system32\win32k.sys + 2008-04-15 12:00 . 2008-06-17 19:03 8489984 c:\windows\system32\shell32.dll - 2008-04-15 12:00 . 2008-04-15 12:00 8489984 c:\windows\system32\shell32.dll + 2008-04-15 12:00 . 2009-07-18 16:05 1509888 c:\windows\system32\shdocvw.dll + 2008-04-15 12:00 . 2009-02-09 11:26 2146816 c:\windows\system32\ntoskrnl.exe - 2008-04-15 12:00 . 2008-04-15 12:00 2146816 c:\windows\system32\ntoskrnl.exe + 2008-04-14 21:59 . 2009-02-09 11:26 2025472 c:\windows\system32\ntkrnlpa.exe - 2008-04-14 21:59 . 2008-04-15 12:00 2025472 c:\windows\system32\ntkrnlpa.exe + 2008-04-15 12:00 . 2008-09-10 01:15 1307648 c:\windows\system32\msxml6.dll + 2008-09-30 14:43 . 2008-09-30 14:43 1286152 c:\windows\system32\msxml4.dll + 2008-04-15 12:00 . 2008-09-04 17:17 1106944 c:\windows\system32\msxml3.dll + 2008-04-15 12:00 . 2009-07-18 16:05 3090432 c:\windows\system32\mshtml.dll + 2008-04-15 12:00 . 2009-03-21 14:08 1018368 c:\windows\system32\kernel32.dll - 2008-04-15 12:00 . 2008-04-15 12:00 1018368 c:\windows\system32\kernel32.dll + 2008-04-15 12:00 . 2008-06-10 09:57 2364472 c:\windows\system32\dllcache\WMVCore.dll + 2008-04-15 12:00 . 2008-06-10 09:37 1026048 c:\windows\system32\dllcache\WMNetmgr.dll + 2008-04-15 12:00 . 2009-04-19 19:51 1847424 c:\windows\system32\dllcache\win32k.sys + 2008-04-15 12:00 . 2008-06-17 19:03 8489984 c:\windows\system32\dllcache\shell32.dll - 2008-04-15 12:00 . 2008-04-15 12:00 8489984 c:\windows\system32\dllcache\shell32.dll + 2008-04-15 12:00 . 2009-07-18 16:05 1509888 c:\windows\system32\dllcache\shdocvw.dll + 2008-04-15 12:00 . 2009-06-03 19:11 1294848 c:\windows\system32\dllcache\quartz.dll + 2009-02-10 17:09 . 2009-02-10 17:09 2067328 c:\windows\system32\dllcache\ntkrnlpa.exe + 2008-04-15 12:00 . 2008-09-10 01:15 1307648 c:\windows\system32\dllcache\msxml6.dll + 2008-04-15 12:00 . 2008-09-04 17:17 1106944 c:\windows\system32\dllcache\msxml3.dll + 2008-04-15 12:00 . 2009-07-18 16:05 3090432 c:\windows\system32\dllcache\mshtml.dll + 2008-04-15 12:00 . 2009-03-21 14:08 1018368 c:\windows\system32\dllcache\kernel32.dll - 2008-04-15 12:00 . 2008-04-15 12:00 1018368 c:\windows\system32\dllcache\kernel32.dll + 2009-07-30 20:01 . 2009-07-30 20:01 1859072 c:\windows\Installer\5fb140.msi + 2009-07-30 18:02 . 2009-02-09 11:26 2190336 c:\windows\Driver Cache\i386\ntoskrnl.exe + 2009-07-30 18:02 . 2009-02-09 11:26 2025472 c:\windows\Driver Cache\i386\ntkrpamp.exe + 2009-02-10 17:09 . 2009-02-10 17:09 2067328 c:\windows\Driver Cache\i386\ntkrnlpa.exe + 2009-07-30 18:02 . 2009-02-09 11:26 2146816 c:\windows\Driver Cache\i386\ntkrnlmp.exe . – Migawka wyzerowana – . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}”=“c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe” [2007-06-27 152872] “ALLUpdate”=“c:\program files\ALLPlayer\ALLUpdate.exe” [2008-11-24 869888] “Gadu-Gadu”=“c:\program files\Gadu-Gadu\gg.exe” [2008-03-20 2127296] “swg”=“c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe” [2009-02-21 68856] “DAEMON Tools Lite”=“c:\program files\DAEMON Tools Lite\daemon.exe” [2008-12-29 684032] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] “UniblueRegistryBooster”=“c:\program files\Uniblue\RegistryBooster 2009\launcher.exe” [2009-07-21 53760] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “UserFaultCheck”=“c:\windows\system32\dumprep 0 -u” [X] “SunJavaUpdateSched”=“c:\program files\Java\jre6\bin\jusched.exe” [2009-02-25 148888] “egui”=“c:\program files\ESET\ESET NOD32 Antivirus\egui.exe” [2009-05-14 2029640] “BDRegion”=“c:\program files\Cyberlink\Shared Files\brs.exe” [2008-02-21 91432] “StartCCC”=“c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe” [2008-08-01 61440] “RemoteControl”=“c:\program files\CyberLink\PowerDVD\PDVDServ.exe” [2008-01-22 81920] “NeroFilterCheck”=“c:\program files\Common Files\Ahead\Lib\NeroCheck.exe” [2007-03-01 153136] “LanguageShortcut”=“c:\program files\CyberLink\PowerDVD\Language\Language.exe” [2007-10-11 62760] [HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“c:\windows\system32\CTFMON.EXE” [2008-04-15 15360] c:\documents and settings\All Users\Menu Start\Programy\Autostart\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-24 48640] Ralink Wireless Utility.lnk - c:\windows\RaUI.exe [2009-3-17 598016] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @=“Service” [HKEY_LOCAL_MACHINE\software\microsoft\security center] “AntiVirusOverride”=dword:00000001 [HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile] “EnableFirewall”= 0 (0x0) [HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] “%windir%\Network Diagnostic\xpnetdiag.exe”= “%windir%\system32\sessmgr.exe”= “c:\Program Files\BitLord\BitLord.exe”= “c:\Program Files\Nero\Nero 7\Nero Home\NeroHome.exe”= R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-07-30 64160] R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-05-14 107256] R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2009-05-14 94360] R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-05-14 731840] R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-07-03 1029456] R3 AtiHdmiService;ATI Function Driver for HDMI Service;c:\windows\system32\drivers\AtiHdmi.sys [2008-12-12 89600] S3 CnxEtP;ZTE ZXDSL852 Adapter Filter Driver;c:\windows\system32\DRIVERS\CnxEtP.sys --> c:\windows\system32\DRIVERS\CnxEtP.sys [?] S3 CnxEtU;ZTE ZXDSL852 Interface Device Driver;c:\windows\system32\DRIVERS\CnxEtU.sys --> c:\windows\system32\DRIVERS\CnxEtU.sys [?] S3 CnxTgNW;ZTE ZXDSL852 WAN PPPoA Adapter Driver;c:\windows\system32\DRIVERS\CnxTgNW.sys --> c:\windows\system32\DRIVERS\CnxTgNW.sys [?] . Zawartość folderu ‘Zaplanowane zadania’ 2009-07-30 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-07-03 14:49] . . ------- Skan uzupełniający ------- . uSearch Page = hxxp://www.google.com uSearch Bar = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: { - c:\program files\Messenger\msmsgs.exe FF - ProfilePath - c:\documents and settings\Właściciel\Dane aplikacji\Mozilla\Firefox\Profiles\zwfuepls.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.as … ource=3&q= FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.as … ource=2&q= . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-08-01 15:24 Windows 5.1.2600 Dodatek Service Pack 3 NTFS skanowanie ukrytych procesów … skanowanie ukrytych wpisów autostartu … skanowanie ukrytych plików … skanowanie pomyślnie ukończone ukryte pliki: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet029\Services{95808DC4-FA4A-4C74-92FE-5B863F82066B}] “ImagePath”="??\c:\program files\CyberLink\PowerDVD\000.fcl" . --------------------- Pliki DLL ładowane pod uruchomionymi procesami --------------------- - - - - - - - > ‘winlogon.exe’(792) c:\windows\system32\Ati2evxx.dll - - - - - - - > ‘explorer.exe’(3204) c:\program files\Common Files\Ahead\Lib\NeroSearchBar.dll c:\program files\Common Files\Ahead\Lib\MFC71U.DLL c:\program files\Common Files\Ahead\Lib\BCGCBPRO860un71.dll c:\program files\Gadu-Gadu\ggwhook.dll . Czas ukończenia: 2009-08-01 15:25 ComboFix-quarantined-files.txt 2009-08-01 13:24 ComboFix2.txt 2009-07-30 18:53 ComboFix3.txt 2009-07-30 15:33 ComboFix4.txt 2009-07-03 16:35 Przed: 73 170 427 904 bajtów wolnych Po: 73 320 919 040 bajtów wolnych 378 — E O F — 2009-07-30 20:31
HJT
Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:27:00, on 2009-08-01 Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\CyberLink\Shared files\RichVideo.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe C:\Program Files\Cyberlink\Shared Files\brs.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files\Gadu-Gadu\gg.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\Program Files\Uniblue\RegistryBooster 2009\registrybooster.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\explorer.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O4 - HKLM…\Run: [sunJavaUpdateSched] “C:\Program Files\Java\jre6\bin\jusched.exe” O4 - HKLM…\Run: [egui] “C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe” /hide /waitservice O4 - HKLM…\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKLM…\Run: [bDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe O4 - HKLM…\Run: [startCCC] “C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe” MSRun O4 - HKLM…\Run: [RemoteControl] “C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe” O4 - HKLM…\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM…\Run: [LanguageShortcut] “C:\Program Files\CyberLink\PowerDVD\Language\Language.exe” O4 - HKCU…\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] “C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe” O4 - HKCU…\Run: [ALLUpdate] “C:\Program Files\ALLPlayer\ALLUpdate.exe” “sleep” O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray O4 - HKCU…\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU…\Run: [DAEMON Tools Lite] “C:\Program Files\DAEMON Tools Lite\daemon.exe” -autorun O4 - HKCU…\RunOnce: [uniblueRegistryBooster] “C:\Program Files\Uniblue\RegistryBooster 2009\launcher.exe” delay 20000 O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’) O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’) O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Ralink Wireless Utility.lnk = C:\WINDOWS\RaUI.exe O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll ,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe – End of file - 6058 bytes