Witam…mam problem z programem TuneUp Utilities 2008…nie mogę go odinsatlować
Nie widać go w “Dodaj i usuń programy”,nie widzi go też Your Uninstaller 2008
Witam…mam problem z programem TuneUp Utilities 2008…nie mogę go odinsatlować
Nie widać go w “Dodaj i usuń programy”,nie widzi go też Your Uninstaller 2008
Meir , przeczytaj proszę regulamin forum i popraw tytuł na konkretny.
A czy widoczny jest w :
2.Mój komputer=>Program files
"A czy widoczny jest w :
2.Mój komputer=>Program files"
Tak w obu miejscach jest widoczny.
Jeśli jest widoczny to w każdym z tych miejsc jest funkcja deinstalatora,którą wystarczy uruchomić.
Tak…problem polega na tym,że ja chcę odinstalować TuneUp Utilities 2008 i przy nim nie ma tych funkcji w tych dwóch miejscach…
Pobierz Combofix viewtopic.php?f=16&t=36654 przeskanuj system daj log
potem przeskanuj HijackThis 2.02 daj log
kolejność skanowania jak podałem
usuniemy
ComboFix 09-04-24.01 - Ola 2009-04-24 15:08.1 - NTFSx86
Uruchomiony z: c:\documents and settings\Ola\Pulpit\ComboFix.exe
((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\pthreadGC2.dll
.
((((((((((((((((((((((((( Pliki utworzone od 2009-05-24 do 2009-4-24 )))))))))))))))))))))))))))))))
.
2009-04-19 16:04 . 2009-04-19 16:29 -------- d-----w c:\documents and settings\Ola\Dane aplikacji\Desktop Sidebar
2009-04-19 15:28 . 2009-04-19 15:28 720896 ----a-w c:\windows\iun6002.exe
2009-04-16 09:51 . 2009-04-19 13:12 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\Ad Muncher
2009-04-15 22:58 . 2009-04-15 22:58 -------- d-sh–w c:\documents and settings\Ola\IECompatCache
2009-04-12 18:05 . 2009-04-12 18:05 2560 ----a-w c:\windows_MSRSTRT.EXE
2009-04-09 20:24 . 2009-04-09 20:26 -------- d-----w c:\documents and settings\Ola\Dane aplikacji\App Launcher Gadget
2009-04-09 20:07 . 2009-04-09 20:07 -------- d-----w c:\documents and settings\Ola\Dane aplikacji\GPUMonitor
2009-04-09 14:06 . 2009-04-09 14:06 -------- d-----w c:\documents and settings\Ola\AppData
2009-04-07 12:20 . 2009-04-12 17:59 -------- d-----w c:\documents and settings\Ola\Ustawienia lokalne\Dane aplikacji\Stardock
2009-04-05 00:47 . 2009-04-05 00:57 -------- d-----w c:\documents and settings\Ola\Dane aplikacji\Hide IP NG
2009-04-05 00:44 . 2009-04-05 01:25 -------- d-----w c:\documents and settings\Ola\Dane aplikacji\HideIP
2009-04-02 00:07 . 2009-04-02 00:11 -------- d-----w c:\documents and settings\Ola\Dane aplikacji\AIMP
2009-03-31 08:39 . 2009-03-31 08:44 -------- d-----w c:\documents and settings\Ola\Dane aplikacji\COWON
2009-03-31 00:34 . 2009-03-31 00:34 -------- d–h--w c:\windows\PIF
2009-03-26 14:58 . 2009-03-26 14:58 36400 ----a-r c:\windows\system32\drivers\SymIM.sys
2009-03-26 14:58 . 2009-03-26 14:58 805 ----a-w c:\windows\system32\drivers\SYMEVENT.INF
2009-03-26 14:58 . 2009-03-26 14:58 7386 ----a-w c:\windows\system32\drivers\SYMEVENT.CAT
2009-03-26 14:58 . 2009-03-26 14:58 60808 ----a-w c:\windows\system32\S32EVNT1.DLL
2009-03-26 14:58 . 2009-03-26 14:58 124464 ----a-w c:\windows\system32\drivers\SYMEVENT.SYS
2009-03-26 14:57 . 2009-03-26 14:57 -------- d-----w c:\windows\system32\drivers\NIS
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-24 12:52 . 2008-11-06 00:16 -------- d—a-w c:\documents and settings\All Users\Dane aplikacji\TEMP
2009-04-24 12:19 . 2008-11-08 02:13 -------- d-----r c:\program files\TuneUp Utilities 2008
2009-04-23 22:58 . 2008-11-06 00:09 -------- d-----w c:\documents and settings\Ola\Dane aplikacji\uTorrent
2009-04-22 23:48 . 2009-04-02 04:06 -------- d-----r c:\program files\SpiderPlayer
2009-04-20 22:28 . 2009-04-20 22:20 -------- d-----r c:\program files\xp-AntiSpy
2009-04-16 09:57 . 2008-11-06 00:05 -------- d-----r c:\program files\Folderico
2009-04-16 09:54 . 2009-04-16 09:51 -------- d-----r c:\program files\Ad Muncher
2009-04-15 23:26 . 2001-10-26 16:15 49492 ----a-w c:\windows\system32\perfc015.dat
2009-04-15 23:26 . 2001-10-26 16:15 355486 ----a-w c:\windows\system32\perfh015.dat
2009-04-12 18:08 . 2009-04-12 17:59 -------- d-----w c:\program files\Common Files\Stardock
2009-04-12 11:24 . 2009-04-12 11:14 -------- d-----r c:\program files\K-Lite Codec Pack
2009-04-10 19:09 . 2009-04-10 15:05 -------- d-----r c:\program files\Thoosje Vista Sidebar
2009-04-09 09:29 . 2008-11-05 22:21 16904 ----a-w c:\documents and settings\Ola\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
2009-04-06 22:01 . 2009-01-12 21:55 -------- d-----r c:\program files\Malwarebytes’ Anti-Malware
2009-04-06 13:32 . 2009-01-12 21:55 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 13:32 . 2009-01-12 21:55 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-03 10:43 . 2009-04-03 10:42 -------- d-----r c:\program files\Everest
2009-03-31 08:48 . 2008-11-05 21:08 -------- d–h--w c:\program files\InstallShield Installation Information
2009-03-27 04:57 . 2009-01-22 17:05 -------- d-----r c:\program files\SUPERAntiSpyware
2009-03-26 15:44 . 2009-03-26 14:58 -------- d-----w c:\program files\Common Files\Symantec Shared
2009-03-26 15:05 . 2009-03-26 14:58 -------- d-----r c:\program files\Symantec
2009-03-26 15:05 . 2009-03-26 14:57 -------- d-----r c:\program files\NortonInstaller
2009-03-26 14:57 . 2008-11-13 23:04 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\Symantec
2009-03-26 14:57 . 2008-11-13 22:06 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\Norton
2009-03-26 14:57 . 2008-11-13 22:06 -------- d-----r c:\program files\Norton Internet Security
2009-03-26 14:57 . 2008-11-13 22:06 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\NortonInstaller
2009-03-20 05:29 . 2009-03-20 05:24 -------- d-----r c:\program files\Hide Folders XP 2
2009-03-20 00:17 . 2009-03-20 00:14 -------- d-----r c:\program files\Hard Drive Inspector
2009-03-20 00:01 . 2009-03-20 00:01 -------- d-----w c:\documents and settings\Ola\Dane aplikacji\AltrixSoft
2009-03-18 00:18 . 2009-03-18 00:18 -------- d-----w c:\documents and settings\Ola\Dane aplikacji\TransEngPol4
2009-03-13 22:10 . 2009-02-11 03:59 -------- d-----r c:\program files\Your Uninstaller 2008
2009-03-13 22:03 . 2009-03-13 22:03 11960 —ha-w c:\windows\system32\mlfcache.dat
2009-03-13 22:02 . 2009-03-13 22:02 -------- d-----w c:\documents and settings\Ola\Dane aplikacji\Apple Computer
2009-03-13 10:08 . 2008-11-06 11:55 -------- d-----w c:\documents and settings\Ola\Dane aplikacji\Thinstall
2009-03-12 00:36 . 2009-03-12 00:36 409280 ----a-w c:\windows\system32\HDDSvc.exe
2009-03-11 11:50 . 2009-03-11 11:50 -------- d-----w c:\documents and settings\Ola\Dane aplikacji\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2009-03-11 11:50 . 2009-03-11 11:43 -------- d-----w c:\program files\Common Files\Adobe AIR
2009-03-11 11:43 . 2009-03-11 11:43 -------- d-----w c:\program files\Common Files\Adobe
2009-03-08 03:34 . 2008-05-08 18:01 914944 ----a-w c:\windows\system32\wininet.dll
2009-03-08 03:34 . 2008-05-08 18:01 43008 ----a-w c:\windows\system32\licmgr10.dll
2009-03-08 03:33 . 2008-05-08 18:01 18944 ----a-w c:\windows\system32\corpol.dll
2009-03-08 03:33 . 2008-04-14 20:50 420352 ----a-w c:\windows\system32\vbscript.dll
2009-03-08 03:32 . 2008-05-08 18:01 72704 ----a-w c:\windows\system32\admparse.dll
2009-03-08 03:32 . 2008-05-08 18:01 71680 ----a-w c:\windows\system32\iesetup.dll
2009-03-08 03:31 . 2008-05-08 18:01 34816 ----a-w c:\windows\system32\imgutil.dll
2009-03-08 03:31 . 2008-05-08 18:01 48128 ----a-w c:\windows\system32\mshtmler.dll
2009-03-08 03:31 . 2008-05-08 18:01 45568 ----a-w c:\windows\system32\mshta.exe
2009-03-08 03:22 . 2008-05-08 18:01 156160 ----a-w c:\windows\system32\msls31.dll
2009-03-06 14:22 . 2008-04-14 20:50 285696 ----a-w c:\windows\system32\pdh.dll
2009-03-02 22:12 . 2009-03-02 22:10 -------- d-----r c:\program files\Babelen
2009-03-02 18:10 . 2009-04-12 11:14 67584 ----a-w c:\windows\system32\ff_vfw.dll
2009-02-28 13:42 . 2008-11-06 10:46 -------- d-----w c:\documents and settings\Ola\Dane aplikacji\Bioshock
2009-02-16 21:08 . 2009-02-16 21:08 15086 --sh–w c:\program files\Common Files\ShedkoFolderico3_183457358.ico
2009-02-16 21:08 . 2008-11-06 03:24 90 --sh–w c:\program files\Common Files\desktop.ini
2009-02-09 14:07 . 2008-04-14 19:35 1847040 ----a-w c:\windows\system32\win32k.sys
2009-02-09 11:25 . 2008-04-14 20:51 111104 ----a-w c:\windows\system32\services.exe
2009-02-09 10:53 . 2008-04-14 20:50 401408 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 10:53 . 2008-04-14 20:50 731136 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 10:53 . 2008-04-14 20:50 686592 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 10:53 . 2008-04-14 20:49 722944 ----a-w c:\windows\system32\ntdll.dll
2009-02-06 10:39 . 2001-10-26 17:30 35328 ----a-w c:\windows\system32\sc.exe
2009-02-03 19:58 . 2008-04-14 20:50 56832 ----a-w c:\windows\system32\secur32.dll
2009-01-30 04:33 . 2009-01-30 04:33 977408 ----a-w c:\windows\Explorer.EXE
2008-11-06 03:16 . 2008-11-06 03:16 90 --sh–w c:\program files\desktop.ini
2008-11-06 03:16 . 2008-11-06 03:16 7406 --sh–w c:\program files\ShedkoFolderico3_545813433.ico
2008-11-05 21:01 . 2008-11-05 21:01 16384 --sha-w c:\windows\system32\config\systemprofile\Cookies\index.dat
2008-11-05 21:01 . 2008-11-05 21:01 32768 --sha-w c:\windows\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\index.dat
2008-11-05 21:01 . 2008-11-05 21:01 32768 --sha-w c:\windows\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\MSHist012008110520081106\index.dat
2008-11-05 21:01 . 2008-11-05 21:01 32768 --sha-w c:\windows\system32\config\systemprofile\Ustawienia lokalne\Temporary Internet Files\Content.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“NvCplDaemon”=“c:\windows\system32\NvCpl.dll” [2009-02-09 13680640]
“MagicKey”=“c:\progra~1\MEDIAK~1\MagicKey.exe” [2009-01-30 45056]
“NvMediaCenter”=“c:\windows\system32\NvMcTray.dll” [2009-02-09 86016]
“Adobe Reader Speed Launcher”=“c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe” [2009-02-27 35696]
“HDInspector.exe”=“c:\program files\Hard Drive Inspector\HDInspector.exe” [2009-03-15 1031168]
“Malwarebytes’ Anti-Malware”=“c:\program files\Malwarebytes’ Anti-Malware\mbamgui.exe” [2009-04-06 401040]
“Ad Muncher”=“c:\program files\Ad Muncher\AdMunch.exe” [2009-04-16 779776]
“RTHDCPL”=“RTHDCPL.EXE” - c:\windows\RTHDCPL.exe [2006-06-01 16208384]
“SkyTel”=“SkyTel.EXE” - c:\windows\SkyTel.exe [2006-05-16 2879488]
“nwiz”=“nwiz.exe” - c:\windows\system32\nwiz.exe [2009-02-09 1657376]
[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
“nltide_2”=“shell32” [X]
c:\documents and settings\Ola\Menu Start\Programy\Autostart\
RocketDock.lnk - c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2009-1-30 630784]
Thoosje Sidebar.lnk - c:\program files\Thoosje Vista Sidebar\Thoosje Sidebar.exe [2008-8-18 605696]
UberIcon.lnk - c:\windows\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe [2006-5-21 180224]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
“{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}”= “c:\program files\SUPERAntiSpyware\SASSEH.DLL” [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify!SASWinLogon]
2008-12-22 10:05 356352 ----a-w c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@=“FSFilter Activity Monitor”
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@=“Driver”
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
“EnableFirewall”= 0 (0x0)
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
“%windir%\Network Diagnostic\xpnetdiag.exe”=
“%windir%\system32\sessmgr.exe”=
“c:\Program Files\uTorrent\uTorrent.exe”=
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-01-15 7408]
R3 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [2008-10-23 92464]
S0 HFXP2;HFXP2;c:\windows\SYSTEM32\DRIVERS\HFXP2.SYS [2007-01-22 17264]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1005000.086\SYMEFA.SYS [2009-03-26 310320]
S1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\NIS\1005000.086\BHDrvx86.sys [2009-03-26 258608]
S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1005000.086\ccHPx86.sys [2009-03-26 482352]
S1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Dane aplikacji\Norton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20090414.001\IDSxpx86.sys [2009-03-26 276344]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2009-03-27 9968]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2009-01-15 55024]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes’ Anti-Malware\mbamservice.exe [2009-04-06 179856]
S2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Norton Internet Security\Engine\16.5.0.134\ccSvcHst.exe [2009-03-26 115560]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-03-26 101936]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-04-06 15504]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
“c:\windows\system32\rundll32.exe” “c:\windows\system32\iedkcs32.dll”,BrandIEActiveSetup SIGNUP
.
Zawartość folderu ‘Zaplanowane zadania’
2009-04-24 c:\windows\Tasks\Konserwacja jednym kliknięciem.job
2009-04-23 c:\windows\Tasks\Malwarebytes’ Scheduled Update for Ola.job
2009-04-18 c:\windows\Tasks\Norton Internet Security - Ola - Systemowa.job
2009-04-24 c:\windows\Tasks\User_Feed_Synchronization-{FEBB494D-D6AB-44A9-8462-C6F54C7E8388}.job
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://google.pl/
uInternet Settings,ProxyServer = socks=
FF - ProfilePath - c:\documents and settings\Ola\Dane aplikacji\Mozilla\Firefox\Profiles\vr209cac.default\
FF - component: c:\documents and settings\All Users\Dane aplikacji\Norton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll
FF - component: c:\documents and settings\All Users\Dane aplikacji\Norton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-24 15:11
Windows 5.1.2600 Dodatek Service Pack 3 NTFS
skanowanie ukrytych procesów …
skanowanie ukrytych wpisów autostartu …
skanowanie ukrytych plików …
c:\documents and settings\Ola\Dane aplikacji\Mozilla\Firefox\Profiles\vr209cac.default\sessionstore.js 337 bytes
skanowanie pomyślnie ukończone
ukryte pliki: 1
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Norton Internet Security]
“ImagePath”="“c:\program files\Norton Internet Security\Norton Internet Security\Engine\16.5.0.134\ccSvcHst.exe” /s “Norton Internet Security” /m “c:\program files\Norton Internet Security\Norton Internet Security\Engine\16.5.0.134\diMaster.dll” /prefetch:1"
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
[HKEY_USERS\S-1-5-21-789336058-117609710-1801674531-1003\Software\SecuROM!CAUTION! NEVER A OR CHANGE ANY KEY*]
“??”=hex:4f,ae,f2,18,bd,6c,d1,9e,61,db,53,c9,33,81,5e,7c,33,3d,b8,32,ae,00,8e,
55,eb,90,7b,77,97,fb,e8,04,73,35,fd,69,93,e7,14,89,4b,a6,2c,2e,dd,b5,ff,9a,\
“??”=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50
[HKEY_USERS\S-1-5-21-789336058-117609710-1801674531-1003\Software\SecuROM\License information*]
“datasecu”=hex:55,92,53,0c,4c,cb,e0,c4,0a,37,56,12,85,6f,e7,fa,58,d1,bc,9e,c4,
cf,ee,dd,3d,c9,6d,2f,89,9e,73,d8,64,46,83,36,05,d8,57,39,24,e8,f6,c5,5c,57,\
“rkeysecu”=hex:44,0b,44,9a,88,1e,a7,df,ae,0c,02,a0,33,69,69,34
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
“OODEFRAG11.00.00.01WORKSTATION”=“06B33D7E289A80A1E4112EA8E9D7E543B412228E8487C4025638A64EB8F699DE737AFC3A4E27C4F6F16E15EF2E8B69F02E0BCB91CA4BFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79335D575E7D6A3B9808FEBC9E127BECC74CBA7FD869164D67944F64DC117E2EBFD37D3E440B49C909FB6A70B5497062F118D5AFB82AFEEFC328A97B1792F1E5F0815EFC9CB27E5FFA98A009AA51A264305555AA92AA8F3DADF9DCB7CB5CDA553C1CB982F1E880A9F4A3F20F17C0BD50416C59DF5FE7B08899618DD0779CCC5BA4BDE080541AA2521E4AFD4ABE67F1380F39EBD238340EE9568BD0A1A9C693BA80061749E7FC6C65F03B54287C5922915B9D8A294B22096289A83228850F2B9B789793D6E30615D2BBAAF9B83BEEE534387DA8AB5C8DB452AC70B008426F46880C9883C396F08E6FA150E6B17F4409DF0D422CC94090DA818B9A40082A2948F10B3487CEDEBEF8731967896BDBB88A3497586D156110F7194666C6139DBA4E2A9C19325E31AFAB7C6D2F43E2FA711EB6E5AF3CC23F2E3C29D393A0B78FEC2269B9790DF816CCB2083DEBE7391AD62C51DD3E59ADE9D48CA3FAE99A29874848CB300B13CA29614AFCFA66C1B30A14CED1357BFB528AB180DD59B17A3F211BF3CEA28A34A39CFBE6A26EE70C3AB01A56E8F7644DD3D8B66692DFB9F4F20AF8105606B55477B2EFACA631C1F85B859CC5AC067AEAF72496BCDF53D2B6E308B6B9ABA4CE4CDE4453F7973247AE461814D51514416728CECC39C94B525D56EF6EC2771C1DE714BD82586B35CFC35188BBF00129C0C972CF154336B513FC2F2E7F30CBDD6B67F71F1D0D7A50B747738C15B73121880B892FF1796E53719CFA428A3C1AAF867D8EFD840FFE6DDDB9CB6D64FC4BABA598428EA72A21B8CF36E7BE76D3B9ACC3D30080E1081CCC268E1A873047584DAF56171D3F5BE04F93B9C7CA6D98E7C0F70617649ED75581F731424D4653475CBC98252205452552A68993245D5FC2AEFEA2C5F96B8F13EFBF7DCF433590E6866CA930F80DD3C654F6FD65967933CD0B36301D24B97521556CC46D8352A2EDC95DC89B0EA82984B875E0FB8636D0704281A5D75D42852FBFF1CBEC3B3560F6FAB3277365F417023918F1B9EC4FAAF58F466D5030006CD411474B432BBA567EC199E9E4144B2844625864A6D241E40E8670E9073D318F8701697009280343E319BBAC4145CF19369334DD6CD9CF59CB8B6DED1FB9D902241AD75DFA9B719AEF52497CFDB666D8A603ACF9DA3300952759314260EC4090EB3B15A57A04AE844A8F78DB37B9378DC7BA48C864A69CDBFBFB3222B7B370398297A9D30DF1A65C7F4980BF2937318E2E95104C200F33A087D7E9BDB47DB8AD71B42063590A893182CB9F9336”
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\scecli.dll
.
Czas ukończenia: 2009-04-24 15:13
ComboFix-quarantined-files.txt 2009-04-24 13:13
Przed: 43,217,879,040 bajtów wolnych
Po: 43,204,919,296 bajtów wolnych
Current=3 Default=3 Failed=2 LastKnownGood=4 Sets=1,2,3,4
218 — E O F — 2009-04-17 09:20
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:58, on 2009-04-24
Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\MEDIAK~1\MagicKey.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Hard Drive Inspector\HDInspector.exe
C:\Program Files\Ad Muncher\AdMunch.exe
C:\PROGRA~1\MEDIAK~1\OSD.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\Program Files\Thoosje Vista Sidebar\Thoosje Sidebar.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
C:\Program Files\Malwarebytes’ Anti-Malware\mbamservice.exe
C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.5.0.134\ccSvcHst.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\system32\HDDSvc.exe
C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.5.0.134\ccSvcHst.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Ola\Pulpit\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks=
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.5.0.134\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.5.0.134\IPSBHO.DLL
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.5.0.134\coIEPlg.dll
O4 - HKLM…\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM…\Run: [skyTel] SkyTel.EXE
O4 - HKLM…\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM…\Run: [nwiz] nwiz.exe /install
O4 - HKLM…\Run: [MagicKey] C:\PROGRA~1\MEDIAK~1\MagicKey.exe
O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM…\Run: [Adobe Reader Speed Launcher] “C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe”
O4 - HKLM…\Run: [HDInspector.exe] C:\Program Files\Hard Drive Inspector\HDInspector.exe
O4 - HKLM…\Run: [Malwarebytes’ Anti-Malware] “C:\Program Files\Malwarebytes’ Anti-Malware\mbamgui.exe” /starttray
O4 - HKLM…\Run: [Ad Muncher] “C:\Program Files\Ad Muncher\AdMunch.exe” /bt
O4 - HKUS\S-1-5-19…\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User ‘USŁUGA LOKALNA’)
O4 - HKUS\S-1-5-20…\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User ‘USŁUGA SIECIOWA’)
O4 - HKUS\S-1-5-18…\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User ‘SYSTEM’)
O4 - HKUS.DEFAULT…\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User ‘Default user’)
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: Thoosje Sidebar.lnk = C:\Program Files\Thoosje Vista Sidebar\Thoosje Sidebar.exe
O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s … wflash.cab
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.5.0.134\coIEPlg.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: HDD Information Service (HDDSvc) - AltrixSoft (http://www.altrixsoft.com/) - C:\WINDOWS\system32\HDDSvc.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes’ Anti-Malware\mbamservice.exe
O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.5.0.134\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PDAgent - Unknown owner - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe (file missing)
O23 - Service: PDEngine - Unknown owner - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe (file missing)
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe
–
End of file - 6666 bytes
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:58, on 2009-04-24
Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\MEDIAK~1\MagicKey.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Hard Drive Inspector\HDInspector.exe
C:\Program Files\Ad Muncher\AdMunch.exe
C:\PROGRA~1\MEDIAK~1\OSD.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\Program Files\Thoosje Vista Sidebar\Thoosje Sidebar.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
C:\Program Files\Malwarebytes’ Anti-Malware\mbamservice.exe
C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.5.0.134\ccSvcHst.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\system32\HDDSvc.exe
C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.5.0.134\ccSvcHst.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Ola\Pulpit\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks=
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.5.0.134\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.5.0.134\IPSBHO.DLL
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.5.0.134\coIEPlg.dll
O4 - HKLM…\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM…\Run: [skyTel] SkyTel.EXE
O4 - HKLM…\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM…\Run: [nwiz] nwiz.exe /install
O4 - HKLM…\Run: [MagicKey] C:\PROGRA~1\MEDIAK~1\MagicKey.exe
O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM…\Run: [Adobe Reader Speed Launcher] “C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe”
O4 - HKLM…\Run: [HDInspector.exe] C:\Program Files\Hard Drive Inspector\HDInspector.exe
O4 - HKLM…\Run: [Malwarebytes’ Anti-Malware] “C:\Program Files\Malwarebytes’ Anti-Malware\mbamgui.exe” /starttray
O4 - HKLM…\Run: [Ad Muncher] “C:\Program Files\Ad Muncher\AdMunch.exe” /bt
O4 - HKUS\S-1-5-19…\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User ‘USŁUGA LOKALNA’)
O4 - HKUS\S-1-5-20…\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User ‘USŁUGA SIECIOWA’)
O4 - HKUS\S-1-5-18…\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User ‘SYSTEM’)
O4 - HKUS.DEFAULT…\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User ‘Default user’)
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: Thoosje Sidebar.lnk = C:\Program Files\Thoosje Vista Sidebar\Thoosje Sidebar.exe
O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s … wflash.cab
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.5.0.134\coIEPlg.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: HDD Information Service (HDDSvc) - AltrixSoft (http://www.altrixsoft.com/) - C:\WINDOWS\system32\HDDSvc.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes’ Anti-Malware\mbamservice.exe
O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.5.0.134\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PDAgent - Unknown owner - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe (file missing)
O23 - Service: PDEngine - Unknown owner - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe (file missing)
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe
–
End of file - 6666 bytes
Żadnych skanów ComboFix i HijackThis …zainstalowałem jeszcze raz TuneUp Utilities 2008…i wtedy się wszędzie pojawił …odinstalowałem bez problemu
Ale dziękuję za wskazówki