Problem z odinstalowaniem TuneUp

Oprogramowanie komputerowe Problemy z oprogramowaniem
#1

Witam…mam problem z programem TuneUp Utilities 2008…nie mogę go odinsatlować :frowning:

Nie widać go w “Dodaj i usuń programy”,nie widzi go też Your Uninstaller 2008 :frowning:

#2

Meir , przeczytaj proszę regulamin forum i popraw tytuł na konkretny.

#3

A czy widoczny jest w :

  1. Start=>Wszystkie programy

2.Mój komputer=>Program files

#4

"A czy widoczny jest w :

  1. Start=>Wszystkie programy

2.Mój komputer=>Program files"

Tak w obu miejscach jest widoczny.

#5

Jeśli jest widoczny to w każdym z tych miejsc jest funkcja deinstalatora,którą wystarczy uruchomić.

#6

Tak…problem polega na tym,że ja chcę odinstalować TuneUp Utilities 2008 i przy nim nie ma tych funkcji w tych dwóch miejscach…

#7

Pobierz Combofix viewtopic.php?f=16&t=36654 przeskanuj system daj log

potem przeskanuj HijackThis 2.02 daj log

kolejność skanowania jak podałem

:slight_smile:

usuniemy

#8

ComboFix 09-04-24.01 - Ola 2009-04-24 15:08.1 - NTFSx86

Uruchomiony z: c:\documents and settings\Ola\Pulpit\ComboFix.exe

((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\windows\system32\pthreadGC2.dll

.

((((((((((((((((((((((((( Pliki utworzone od 2009-05-24 do 2009-4-24 )))))))))))))))))))))))))))))))

.

2009-04-19 16:04 . 2009-04-19 16:29 -------- d-----w c:\documents and settings\Ola\Dane aplikacji\Desktop Sidebar

2009-04-19 15:28 . 2009-04-19 15:28 720896 ----a-w c:\windows\iun6002.exe

2009-04-16 09:51 . 2009-04-19 13:12 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\Ad Muncher

2009-04-15 22:58 . 2009-04-15 22:58 -------- d-sh–w c:\documents and settings\Ola\IECompatCache

2009-04-12 18:05 . 2009-04-12 18:05 2560 ----a-w c:\windows_MSRSTRT.EXE

2009-04-09 20:24 . 2009-04-09 20:26 -------- d-----w c:\documents and settings\Ola\Dane aplikacji\App Launcher Gadget

2009-04-09 20:07 . 2009-04-09 20:07 -------- d-----w c:\documents and settings\Ola\Dane aplikacji\GPUMonitor

2009-04-09 14:06 . 2009-04-09 14:06 -------- d-----w c:\documents and settings\Ola\AppData

2009-04-07 12:20 . 2009-04-12 17:59 -------- d-----w c:\documents and settings\Ola\Ustawienia lokalne\Dane aplikacji\Stardock

2009-04-05 00:47 . 2009-04-05 00:57 -------- d-----w c:\documents and settings\Ola\Dane aplikacji\Hide IP NG

2009-04-05 00:44 . 2009-04-05 01:25 -------- d-----w c:\documents and settings\Ola\Dane aplikacji\HideIP

2009-04-02 00:07 . 2009-04-02 00:11 -------- d-----w c:\documents and settings\Ola\Dane aplikacji\AIMP

2009-03-31 08:39 . 2009-03-31 08:44 -------- d-----w c:\documents and settings\Ola\Dane aplikacji\COWON

2009-03-31 00:34 . 2009-03-31 00:34 -------- d–h--w c:\windows\PIF

2009-03-26 14:58 . 2009-03-26 14:58 36400 ----a-r c:\windows\system32\drivers\SymIM.sys

2009-03-26 14:58 . 2009-03-26 14:58 805 ----a-w c:\windows\system32\drivers\SYMEVENT.INF

2009-03-26 14:58 . 2009-03-26 14:58 7386 ----a-w c:\windows\system32\drivers\SYMEVENT.CAT

2009-03-26 14:58 . 2009-03-26 14:58 60808 ----a-w c:\windows\system32\S32EVNT1.DLL

2009-03-26 14:58 . 2009-03-26 14:58 124464 ----a-w c:\windows\system32\drivers\SYMEVENT.SYS

2009-03-26 14:57 . 2009-03-26 14:57 -------- d-----w c:\windows\system32\drivers\NIS

.

(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-04-24 12:52 . 2008-11-06 00:16 -------- d—a-w c:\documents and settings\All Users\Dane aplikacji\TEMP

2009-04-24 12:19 . 2008-11-08 02:13 -------- d-----r c:\program files\TuneUp Utilities 2008

2009-04-23 22:58 . 2008-11-06 00:09 -------- d-----w c:\documents and settings\Ola\Dane aplikacji\uTorrent

2009-04-22 23:48 . 2009-04-02 04:06 -------- d-----r c:\program files\SpiderPlayer

2009-04-20 22:28 . 2009-04-20 22:20 -------- d-----r c:\program files\xp-AntiSpy

2009-04-16 09:57 . 2008-11-06 00:05 -------- d-----r c:\program files\Folderico

2009-04-16 09:54 . 2009-04-16 09:51 -------- d-----r c:\program files\Ad Muncher

2009-04-15 23:26 . 2001-10-26 16:15 49492 ----a-w c:\windows\system32\perfc015.dat

2009-04-15 23:26 . 2001-10-26 16:15 355486 ----a-w c:\windows\system32\perfh015.dat

2009-04-12 18:08 . 2009-04-12 17:59 -------- d-----w c:\program files\Common Files\Stardock

2009-04-12 11:24 . 2009-04-12 11:14 -------- d-----r c:\program files\K-Lite Codec Pack

2009-04-10 19:09 . 2009-04-10 15:05 -------- d-----r c:\program files\Thoosje Vista Sidebar

2009-04-09 09:29 . 2008-11-05 22:21 16904 ----a-w c:\documents and settings\Ola\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT

2009-04-06 22:01 . 2009-01-12 21:55 -------- d-----r c:\program files\Malwarebytes’ Anti-Malware

2009-04-06 13:32 . 2009-01-12 21:55 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys

2009-04-06 13:32 . 2009-01-12 21:55 15504 ----a-w c:\windows\system32\drivers\mbam.sys

2009-04-03 10:43 . 2009-04-03 10:42 -------- d-----r c:\program files\Everest

2009-03-31 08:48 . 2008-11-05 21:08 -------- d–h--w c:\program files\InstallShield Installation Information

2009-03-27 04:57 . 2009-01-22 17:05 -------- d-----r c:\program files\SUPERAntiSpyware

2009-03-26 15:44 . 2009-03-26 14:58 -------- d-----w c:\program files\Common Files\Symantec Shared

2009-03-26 15:05 . 2009-03-26 14:58 -------- d-----r c:\program files\Symantec

2009-03-26 15:05 . 2009-03-26 14:57 -------- d-----r c:\program files\NortonInstaller

2009-03-26 14:57 . 2008-11-13 23:04 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\Symantec

2009-03-26 14:57 . 2008-11-13 22:06 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\Norton

2009-03-26 14:57 . 2008-11-13 22:06 -------- d-----r c:\program files\Norton Internet Security

2009-03-26 14:57 . 2008-11-13 22:06 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\NortonInstaller

2009-03-20 05:29 . 2009-03-20 05:24 -------- d-----r c:\program files\Hide Folders XP 2

2009-03-20 00:17 . 2009-03-20 00:14 -------- d-----r c:\program files\Hard Drive Inspector

2009-03-20 00:01 . 2009-03-20 00:01 -------- d-----w c:\documents and settings\Ola\Dane aplikacji\AltrixSoft

2009-03-18 00:18 . 2009-03-18 00:18 -------- d-----w c:\documents and settings\Ola\Dane aplikacji\TransEngPol4

2009-03-13 22:10 . 2009-02-11 03:59 -------- d-----r c:\program files\Your Uninstaller 2008

2009-03-13 22:03 . 2009-03-13 22:03 11960 —ha-w c:\windows\system32\mlfcache.dat

2009-03-13 22:02 . 2009-03-13 22:02 -------- d-----w c:\documents and settings\Ola\Dane aplikacji\Apple Computer

2009-03-13 10:08 . 2008-11-06 11:55 -------- d-----w c:\documents and settings\Ola\Dane aplikacji\Thinstall

2009-03-12 00:36 . 2009-03-12 00:36 409280 ----a-w c:\windows\system32\HDDSvc.exe

2009-03-11 11:50 . 2009-03-11 11:50 -------- d-----w c:\documents and settings\Ola\Dane aplikacji\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

2009-03-11 11:50 . 2009-03-11 11:43 -------- d-----w c:\program files\Common Files\Adobe AIR

2009-03-11 11:43 . 2009-03-11 11:43 -------- d-----w c:\program files\Common Files\Adobe

2009-03-08 03:34 . 2008-05-08 18:01 914944 ----a-w c:\windows\system32\wininet.dll

2009-03-08 03:34 . 2008-05-08 18:01 43008 ----a-w c:\windows\system32\licmgr10.dll

2009-03-08 03:33 . 2008-05-08 18:01 18944 ----a-w c:\windows\system32\corpol.dll

2009-03-08 03:33 . 2008-04-14 20:50 420352 ----a-w c:\windows\system32\vbscript.dll

2009-03-08 03:32 . 2008-05-08 18:01 72704 ----a-w c:\windows\system32\admparse.dll

2009-03-08 03:32 . 2008-05-08 18:01 71680 ----a-w c:\windows\system32\iesetup.dll

2009-03-08 03:31 . 2008-05-08 18:01 34816 ----a-w c:\windows\system32\imgutil.dll

2009-03-08 03:31 . 2008-05-08 18:01 48128 ----a-w c:\windows\system32\mshtmler.dll

2009-03-08 03:31 . 2008-05-08 18:01 45568 ----a-w c:\windows\system32\mshta.exe

2009-03-08 03:22 . 2008-05-08 18:01 156160 ----a-w c:\windows\system32\msls31.dll

2009-03-06 14:22 . 2008-04-14 20:50 285696 ----a-w c:\windows\system32\pdh.dll

2009-03-02 22:12 . 2009-03-02 22:10 -------- d-----r c:\program files\Babelen

2009-03-02 18:10 . 2009-04-12 11:14 67584 ----a-w c:\windows\system32\ff_vfw.dll

2009-02-28 13:42 . 2008-11-06 10:46 -------- d-----w c:\documents and settings\Ola\Dane aplikacji\Bioshock

2009-02-16 21:08 . 2009-02-16 21:08 15086 --sh–w c:\program files\Common Files\ShedkoFolderico3_183457358.ico

2009-02-16 21:08 . 2008-11-06 03:24 90 --sh–w c:\program files\Common Files\desktop.ini

2009-02-09 14:07 . 2008-04-14 19:35 1847040 ----a-w c:\windows\system32\win32k.sys

2009-02-09 11:25 . 2008-04-14 20:51 111104 ----a-w c:\windows\system32\services.exe

2009-02-09 10:53 . 2008-04-14 20:50 401408 ----a-w c:\windows\system32\rpcss.dll

2009-02-09 10:53 . 2008-04-14 20:50 731136 ----a-w c:\windows\system32\lsasrv.dll

2009-02-09 10:53 . 2008-04-14 20:50 686592 ----a-w c:\windows\system32\advapi32.dll

2009-02-09 10:53 . 2008-04-14 20:49 722944 ----a-w c:\windows\system32\ntdll.dll

2009-02-06 10:39 . 2001-10-26 17:30 35328 ----a-w c:\windows\system32\sc.exe

2009-02-03 19:58 . 2008-04-14 20:50 56832 ----a-w c:\windows\system32\secur32.dll

2009-01-30 04:33 . 2009-01-30 04:33 977408 ----a-w c:\windows\Explorer.EXE

2008-11-06 03:16 . 2008-11-06 03:16 90 --sh–w c:\program files\desktop.ini

2008-11-06 03:16 . 2008-11-06 03:16 7406 --sh–w c:\program files\ShedkoFolderico3_545813433.ico

2008-11-05 21:01 . 2008-11-05 21:01 16384 --sha-w c:\windows\system32\config\systemprofile\Cookies\index.dat

2008-11-05 21:01 . 2008-11-05 21:01 32768 --sha-w c:\windows\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\index.dat

2008-11-05 21:01 . 2008-11-05 21:01 32768 --sha-w c:\windows\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\MSHist012008110520081106\index.dat

2008-11-05 21:01 . 2008-11-05 21:01 32768 --sha-w c:\windows\system32\config\systemprofile\Ustawienia lokalne\Temporary Internet Files\Content.IE5\index.dat

.

((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“NvCplDaemon”=“c:\windows\system32\NvCpl.dll” [2009-02-09 13680640]

“MagicKey”=“c:\progra~1\MEDIAK~1\MagicKey.exe” [2009-01-30 45056]

“NvMediaCenter”=“c:\windows\system32\NvMcTray.dll” [2009-02-09 86016]

“Adobe Reader Speed Launcher”=“c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe” [2009-02-27 35696]

“HDInspector.exe”=“c:\program files\Hard Drive Inspector\HDInspector.exe” [2009-03-15 1031168]

“Malwarebytes’ Anti-Malware”=“c:\program files\Malwarebytes’ Anti-Malware\mbamgui.exe” [2009-04-06 401040]

“Ad Muncher”=“c:\program files\Ad Muncher\AdMunch.exe” [2009-04-16 779776]

“RTHDCPL”=“RTHDCPL.EXE” - c:\windows\RTHDCPL.exe [2006-06-01 16208384]

“SkyTel”=“SkyTel.EXE” - c:\windows\SkyTel.exe [2006-05-16 2879488]

“nwiz”=“nwiz.exe” - c:\windows\system32\nwiz.exe [2009-02-09 1657376]

[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

“nltide_2”=“shell32” [X]

c:\documents and settings\Ola\Menu Start\Programy\Autostart\

RocketDock.lnk - c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2009-1-30 630784]

Thoosje Sidebar.lnk - c:\program files\Thoosje Vista Sidebar\Thoosje Sidebar.exe [2008-8-18 605696]

UberIcon.lnk - c:\windows\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe [2006-5-21 180224]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

“{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}”= “c:\program files\SUPERAntiSpyware\SASSEH.DLL” [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify!SASWinLogon]

2008-12-22 10:05 356352 ----a-w c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]

@=“FSFilter Activity Monitor”

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@=“Driver”

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

“EnableFirewall”= 0 (0x0)

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

“%windir%\Network Diagnostic\xpnetdiag.exe”=

“%windir%\system32\sessmgr.exe”=

“c:\Program Files\uTorrent\uTorrent.exe”=

R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-01-15 7408]

R3 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [2008-10-23 92464]

S0 HFXP2;HFXP2;c:\windows\SYSTEM32\DRIVERS\HFXP2.SYS [2007-01-22 17264]

S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1005000.086\SYMEFA.SYS [2009-03-26 310320]

S1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\NIS\1005000.086\BHDrvx86.sys [2009-03-26 258608]

S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1005000.086\ccHPx86.sys [2009-03-26 482352]

S1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Dane aplikacji\Norton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20090414.001\IDSxpx86.sys [2009-03-26 276344]

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2009-03-27 9968]

S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2009-01-15 55024]

S2 MBAMService;MBAMService;c:\program files\Malwarebytes’ Anti-Malware\mbamservice.exe [2009-04-06 179856]

S2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Norton Internet Security\Engine\16.5.0.134\ccSvcHst.exe [2009-03-26 115560]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-03-26 101936]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-04-06 15504]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

UxTuneUp

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]

“c:\windows\system32\rundll32.exe” “c:\windows\system32\iedkcs32.dll”,BrandIEActiveSetup SIGNUP

.

Zawartość folderu ‘Zaplanowane zadania’

2009-04-24 c:\windows\Tasks\Konserwacja jednym kliknięciem.job

  • c:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2008-08-27 11:09]

2009-04-23 c:\windows\Tasks\Malwarebytes’ Scheduled Update for Ola.job

  • c:\program files\Malwarebytes’ Anti-Malware\mbam.exe [2009-01-12 13:32]

2009-04-18 c:\windows\Tasks\Norton Internet Security - Ola - Systemowa.job

  • c:\program files\Norton Internet Security\Norton Internet Security\Engine\16.5.0.134\Navw32.exe [2009-03-26 14:58]

2009-04-24 c:\windows\Tasks\User_Feed_Synchronization-{FEBB494D-D6AB-44A9-8462-C6F54C7E8388}.job

  • c:\windows\system32\msfeedssync.exe [2008-05-08 03:31]

.

.

------- Skan uzupełniający -------

.

uStart Page = hxxp://google.pl/

uInternet Settings,ProxyServer = socks=

FF - ProfilePath - c:\documents and settings\Ola\Dane aplikacji\Mozilla\Firefox\Profiles\vr209cac.default\

FF - component: c:\documents and settings\All Users\Dane aplikacji\Norton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll

FF - component: c:\documents and settings\All Users\Dane aplikacji\Norton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll

FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll

FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-04-24 15:11

Windows 5.1.2600 Dodatek Service Pack 3 NTFS

skanowanie ukrytych procesów …

skanowanie ukrytych wpisów autostartu …

skanowanie ukrytych plików …

c:\documents and settings\Ola\Dane aplikacji\Mozilla\Firefox\Profiles\vr209cac.default\sessionstore.js 337 bytes

skanowanie pomyślnie ukończone

ukryte pliki: 1

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Norton Internet Security]

“ImagePath”="“c:\program files\Norton Internet Security\Norton Internet Security\Engine\16.5.0.134\ccSvcHst.exe” /s “Norton Internet Security” /m “c:\program files\Norton Internet Security\Norton Internet Security\Engine\16.5.0.134\diMaster.dll” /prefetch:1"

.

--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------

[HKEY_USERS\S-1-5-21-789336058-117609710-1801674531-1003\Software\SecuROM!CAUTION! NEVER A OR CHANGE ANY KEY*]

“??”=hex:4f,ae,f2,18,bd,6c,d1,9e,61,db,53,c9,33,81,5e,7c,33,3d,b8,32,ae,00,8e,

55,eb,90,7b,77,97,fb,e8,04,73,35,fd,69,93,e7,14,89,4b,a6,2c,2e,dd,b5,ff,9a,\

“??”=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50

[HKEY_USERS\S-1-5-21-789336058-117609710-1801674531-1003\Software\SecuROM\License information*]

“datasecu”=hex:55,92,53,0c,4c,cb,e0,c4,0a,37,56,12,85,6f,e7,fa,58,d1,bc,9e,c4,

cf,ee,dd,3d,c9,6d,2f,89,9e,73,d8,64,46,83,36,05,d8,57,39,24,e8,f6,c5,5c,57,\

“rkeysecu”=hex:44,0b,44,9a,88,1e,a7,df,ae,0c,02,a0,33,69,69,34

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]

“OODEFRAG11.00.00.01WORKSTATION”=“06B33D7E289A80A1E4112EA8E9D7E543B412228E8487C4025638A64EB8F699DE737AFC3A4E27C4F6F16E15EF2E8B69F02E0BCB91CA4BFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79335D575E7D6A3B9808FEBC9E127BECC74CBA7FD869164D67944F64DC117E2EBFD37D3E440B49C909FB6A70B5497062F118D5AFB82AFEEFC328A97B1792F1E5F0815EFC9CB27E5FFA98A009AA51A264305555AA92AA8F3DADF9DCB7CB5CDA553C1CB982F1E880A9F4A3F20F17C0BD50416C59DF5FE7B08899618DD0779CCC5BA4BDE080541AA2521E4AFD4ABE67F1380F39EBD238340EE9568BD0A1A9C693BA80061749E7FC6C65F03B54287C5922915B9D8A294B22096289A83228850F2B9B789793D6E30615D2BBAAF9B83BEEE534387DA8AB5C8DB452AC70B008426F46880C9883C396F08E6FA150E6B17F4409DF0D422CC94090DA818B9A40082A2948F10B3487CEDEBEF8731967896BDBB88A3497586D156110F7194666C6139DBA4E2A9C19325E31AFAB7C6D2F43E2FA711EB6E5AF3CC23F2E3C29D393A0B78FEC2269B9790DF816CCB2083DEBE7391AD62C51DD3E59ADE9D48CA3FAE99A29874848CB300B13CA29614AFCFA66C1B30A14CED1357BFB528AB180DD59B17A3F211BF3CEA28A34A39CFBE6A26EE70C3AB01A56E8F7644DD3D8B66692DFB9F4F20AF8105606B55477B2EFACA631C1F85B859CC5AC067AEAF72496BCDF53D2B6E308B6B9ABA4CE4CDE4453F7973247AE461814D51514416728CECC39C94B525D56EF6EC2771C1DE714BD82586B35CFC35188BBF00129C0C972CF154336B513FC2F2E7F30CBDD6B67F71F1D0D7A50B747738C15B73121880B892FF1796E53719CFA428A3C1AAF867D8EFD840FFE6DDDB9CB6D64FC4BABA598428EA72A21B8CF36E7BE76D3B9ACC3D30080E1081CCC268E1A873047584DAF56171D3F5BE04F93B9C7CA6D98E7C0F70617649ED75581F731424D4653475CBC98252205452552A68993245D5FC2AEFEA2C5F96B8F13EFBF7DCF433590E6866CA930F80DD3C654F6FD65967933CD0B36301D24B97521556CC46D8352A2EDC95DC89B0EA82984B875E0FB8636D0704281A5D75D42852FBFF1CBEC3B3560F6FAB3277365F417023918F1B9EC4FAAF58F466D5030006CD411474B432BBA567EC199E9E4144B2844625864A6D241E40E8670E9073D318F8701697009280343E319BBAC4145CF19369334DD6CD9CF59CB8B6DED1FB9D902241AD75DFA9B719AEF52497CFDB666D8A603ACF9DA3300952759314260EC4090EB3B15A57A04AE844A8F78DB37B9378DC7BA48C864A69CDBFBFB3222B7B370398297A9D30DF1A65C7F4980BF2937318E2E95104C200F33A087D7E9BDB47DB8AD71B42063590A893182CB9F9336”

.

--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------

              • > ‘winlogon.exe’(1160)

c:\program files\SUPERAntiSpyware\SASWINLO.dll

              • > ‘lsass.exe’(1240)

c:\windows\system32\scecli.dll

.

Czas ukończenia: 2009-04-24 15:13

ComboFix-quarantined-files.txt 2009-04-24 13:13

Przed: 43,217,879,040 bajtów wolnych

Po: 43,204,919,296 bajtów wolnych

Current=3 Default=3 Failed=2 LastKnownGood=4 Sets=1,2,3,4

218 — E O F — 2009-04-17 09:20

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 14:58, on 2009-04-24

Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\RTHDCPL.EXE

C:\PROGRA~1\MEDIAK~1\MagicKey.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\Hard Drive Inspector\HDInspector.exe

C:\Program Files\Ad Muncher\AdMunch.exe

C:\PROGRA~1\MEDIAK~1\OSD.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe

C:\Program Files\Thoosje Vista Sidebar\Thoosje Sidebar.exe

C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe

C:\Program Files\Malwarebytes’ Anti-Malware\mbamservice.exe

C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.5.0.134\ccSvcHst.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\UAService7.exe

C:\WINDOWS\system32\HDDSvc.exe

C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.5.0.134\ccSvcHst.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Ola\Pulpit\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.pl/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks=

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.5.0.134\coIEPlg.dll

O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.5.0.134\IPSBHO.DLL

O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.5.0.134\coIEPlg.dll

O4 - HKLM…\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM…\Run: [skyTel] SkyTel.EXE

O4 - HKLM…\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM…\Run: [nwiz] nwiz.exe /install

O4 - HKLM…\Run: [MagicKey] C:\PROGRA~1\MEDIAK~1\MagicKey.exe

O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM…\Run: [Adobe Reader Speed Launcher] “C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe”

O4 - HKLM…\Run: [HDInspector.exe] C:\Program Files\Hard Drive Inspector\HDInspector.exe

O4 - HKLM…\Run: [Malwarebytes’ Anti-Malware] “C:\Program Files\Malwarebytes’ Anti-Malware\mbamgui.exe” /starttray

O4 - HKLM…\Run: [Ad Muncher] “C:\Program Files\Ad Muncher\AdMunch.exe” /bt

O4 - HKUS\S-1-5-19…\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User ‘USŁUGA LOKALNA’)

O4 - HKUS\S-1-5-20…\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User ‘USŁUGA SIECIOWA’)

O4 - HKUS\S-1-5-18…\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User ‘SYSTEM’)

O4 - HKUS.DEFAULT…\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User ‘Default user’)

O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe

O4 - Startup: Thoosje Sidebar.lnk = C:\Program Files\Thoosje Vista Sidebar\Thoosje Sidebar.exe

O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.eu/buxus/docs/OnlineScanner.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s … wflash.cab

O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.5.0.134\coIEPlg.dll

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: HDD Information Service (HDDSvc) - AltrixSoft (http://www.altrixsoft.com/) - C:\WINDOWS\system32\HDDSvc.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes’ Anti-Malware\mbamservice.exe

O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.5.0.134\ccSvcHst.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PDAgent - Unknown owner - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe (file missing)

O23 - Service: PDEngine - Unknown owner - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe (file missing)

O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe

End of file - 6666 bytes

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 14:58, on 2009-04-24

Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\RTHDCPL.EXE

C:\PROGRA~1\MEDIAK~1\MagicKey.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\Hard Drive Inspector\HDInspector.exe

C:\Program Files\Ad Muncher\AdMunch.exe

C:\PROGRA~1\MEDIAK~1\OSD.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe

C:\Program Files\Thoosje Vista Sidebar\Thoosje Sidebar.exe

C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe

C:\Program Files\Malwarebytes’ Anti-Malware\mbamservice.exe

C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.5.0.134\ccSvcHst.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\UAService7.exe

C:\WINDOWS\system32\HDDSvc.exe

C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.5.0.134\ccSvcHst.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Ola\Pulpit\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.pl/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks=

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.5.0.134\coIEPlg.dll

O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.5.0.134\IPSBHO.DLL

O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.5.0.134\coIEPlg.dll

O4 - HKLM…\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM…\Run: [skyTel] SkyTel.EXE

O4 - HKLM…\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM…\Run: [nwiz] nwiz.exe /install

O4 - HKLM…\Run: [MagicKey] C:\PROGRA~1\MEDIAK~1\MagicKey.exe

O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM…\Run: [Adobe Reader Speed Launcher] “C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe”

O4 - HKLM…\Run: [HDInspector.exe] C:\Program Files\Hard Drive Inspector\HDInspector.exe

O4 - HKLM…\Run: [Malwarebytes’ Anti-Malware] “C:\Program Files\Malwarebytes’ Anti-Malware\mbamgui.exe” /starttray

O4 - HKLM…\Run: [Ad Muncher] “C:\Program Files\Ad Muncher\AdMunch.exe” /bt

O4 - HKUS\S-1-5-19…\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User ‘USŁUGA LOKALNA’)

O4 - HKUS\S-1-5-20…\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User ‘USŁUGA SIECIOWA’)

O4 - HKUS\S-1-5-18…\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User ‘SYSTEM’)

O4 - HKUS.DEFAULT…\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User ‘Default user’)

O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe

O4 - Startup: Thoosje Sidebar.lnk = C:\Program Files\Thoosje Vista Sidebar\Thoosje Sidebar.exe

O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.eu/buxus/docs/OnlineScanner.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s … wflash.cab

O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.5.0.134\coIEPlg.dll

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: HDD Information Service (HDDSvc) - AltrixSoft (http://www.altrixsoft.com/) - C:\WINDOWS\system32\HDDSvc.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes’ Anti-Malware\mbamservice.exe

O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.5.0.134\ccSvcHst.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PDAgent - Unknown owner - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe (file missing)

O23 - Service: PDEngine - Unknown owner - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe (file missing)

O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe

End of file - 6666 bytes

#9

Użyj narzędzia Windows Installer CleanUp.

#10

Żadnych skanów ComboFix i HijackThis :smiley: …zainstalowałem jeszcze raz TuneUp Utilities 2008…i wtedy się wszędzie pojawił :slight_smile: …odinstalowałem bez problemu :slight_smile:

Ale dziękuję za wskazówki :slight_smile: