Wielkie dzieki, jak narazie wszystko dobrze…
Pierwsze co zrobie teraz to usune avasta… Jaki program antywirusowy warty jest polecenia ?
Log1
ComboFix 08-07-15.4 - C2D 2008-07-16 19:37:33.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.1588 [GMT 2:00]
Running from: C:\Documents and Settings\C2D\Pulpit\ComboFix.exe
Command switches used :: C:\Documents and Settings\C2D\Pulpit\CFScript.txt
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED
FILE ::
C:\WINDOWS\evgratsm.dll
C:\WINDOWS\qndsfmao.dll
C:\WINDOWS\system32\oifpjdqy.dll
C:\WINDOWS\wvremcon.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Dane aplikacji\SecuriSoft SARL\WinSpywareProtect
C:\Documents and Settings\All Users\Dane aplikacji\SecuriSoft SARL\WinSpywareProtect\LOG\20080716184400140.log
C:\Documents and Settings\All Users\Dane aplikacji\SecuriSoft SARL\WinSpywareProtect\LOG\20080716193155671.log
C:\Documents and Settings\All Users\Dane aplikacji\SecuriSoft SARL\WinSpywareProtect\wspwprtct.exe
C:\Documents and Settings\C2D\Pulpit\Error Cleaner.url
C:\Documents and Settings\C2D\Ulubione\Error Cleaner.url
C:\Documents and Settings\C2D\Ulubione\Privacy Protector.url
C:\Documents and Settings\C2D\Ulubione\SpywareMalware Protection.url
C:\WINDOWS\eprt.exe
C:\WINDOWS\evgratsm.dll
C:\WINDOWS\privacy_danger
C:\WINDOWS\privacy_danger\images\capt.gif
C:\WINDOWS\privacy_danger\images\danger.jpg
C:\WINDOWS\privacy_danger\images\down.gif
C:\WINDOWS\privacy_danger\images\spacer.gif
C:\WINDOWS\privacy_danger\index.htm
C:\WINDOWS\system32\jkkJcAPh.dll
C:\WINDOWS\system32\knnqBJlm.ini
C:\WINDOWS\system32\knnqBJlm.ini2
C:\WINDOWS\system32\mlJBqnnk.dll
C:\WINDOWS\system32\oifpjdqy.dll
C:\WINDOWS\system32\wvUmjKCr.dll
C:\WINDOWS\system32\yqdjpfio.ini
C:\WINDOWS\wvremcon.exe
.
((((((((((((((((((((((((( Files Created from 2008-06-16 to 2008-07-16 )))))))))))))))))))))))))))))))
.
2008-07-16 18:20 . 2008-07-16 18:20
2008-07-16 18:09 . 2008-07-16 14:29 102,400 --a------ C:\WINDOWS\agpqlrfm.exe
2008-07-16 18:08 . 2008-07-16 19:37
2008-07-16 18:05 . 2008-07-16 18:05
2008-07-16 18:05 . 2008-07-16 18:05
2008-07-16 18:05 . 2004-10-25 20:02 21,664 --a------ C:\WINDOWS\system32\drivers\Entech.sys
2008-07-16 18:05 . 1999-11-02 10:01 6,173 --a------ C:\WINDOWS\system32\drivers\Entech.vxd
2008-07-16 18:05 . 2004-06-22 15:44 5,632 --a------ C:\WINDOWS\system32\drivers\Entech64.sys
2008-07-16 18:05 . 2001-11-19 19:05 3,972 --a------ C:\WINDOWS\system32\drivers\PciBus.sys
2008-07-16 18:04 . 2008-07-16 18:04 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-07-16 15:18 . 2008-07-16 15:18 32 --a------ C:\WINDOWS\wowCP.ini
2008-07-16 14:56 . 2008-07-16 14:59
2008-07-16 14:56 . 2008-07-16 15:30 678 --a------ C:\WINDOWS\wincmd.ini
2008-07-16 14:56 . 2008-04-22 07:03 545 --a------ C:\WINDOWS\UC.PIF
2008-07-16 14:56 . 2008-04-22 07:03 545 --a------ C:\WINDOWS\RAR.PIF
2008-07-16 14:56 . 2008-04-22 07:03 545 --a------ C:\WINDOWS\PKZIP.PIF
2008-07-16 14:56 . 2008-04-22 07:03 545 --a------ C:\WINDOWS\PKUNZIP.PIF
2008-07-16 14:56 . 2008-04-22 07:03 545 --a------ C:\WINDOWS\NOCLOSE.PIF
2008-07-16 14:56 . 2008-04-22 07:03 545 --a------ C:\WINDOWS\LHA.PIF
2008-07-16 14:56 . 2008-04-22 07:03 545 --a------ C:\WINDOWS\ARJ.PIF
2008-07-16 14:27 . 2008-07-16 14:27
2008-07-16 14:24 . 2008-07-16 14:24 685,816 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-07-16 13:09 . 2008-07-16 13:14
2008-07-16 13:09 . 2008-07-16 13:09
2008-07-16 12:51 . 2008-07-16 12:52
2008-07-16 09:41 . 2008-07-16 19:42
2008-07-16 09:41 . 2008-07-16 09:41
2008-07-16 09:41 . 1998-06-24 00:00 115,016 --------- C:\WINDOWS\system32\MSINET.OCX
2008-07-16 09:41 . 1998-07-22 00:00 102,912 --------- C:\WINDOWS\system32\Vb6stkit.dll
2008-07-16 09:41 . 1998-07-22 00:00 102,160 --------- C:\WINDOWS\system32\VB6KO.DLL
2008-07-16 09:41 . 2005-03-09 16:16 16,384 --a------ C:\WINDOWS\system32\lgfwunis.exe
2008-07-16 09:41 . 2008-07-16 19:42 259 --a------ C:\WINDOWS\lgfwup.ini
2008-07-16 09:40 . 2004-07-26 16:16 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll
2008-07-16 09:40 . 2004-07-26 16:16 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll
2008-07-16 09:40 . 2004-07-26 16:16 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll
2008-07-16 09:40 . 2004-07-09 08:43 364,544 --------- C:\WINDOWS\system32\TwnLib4.dll
2008-07-16 09:40 . 2004-07-26 16:16 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll
2008-07-16 09:40 . 2001-07-09 10:50 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2008-07-16 09:40 . 2000-06-26 10:45 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
2008-07-16 09:39 . 2008-07-16 09:39
2008-07-16 09:39 . 2008-07-16 09:40
2008-07-16 09:39 . 2008-07-16 09:40
2008-07-16 09:39 . 2006-11-02 08:55 2,973,696 --------- C:\WINDOWS\NuNinst.exe
2008-07-16 09:39 . 2005-07-08 16:17 99,584 --------- C:\WINDOWS\system32\drivers\InCDfs.sys
2008-07-16 09:39 . 2006-11-02 08:55 59,042 --------- C:\WINDOWS\NuNinst.cfg
2008-07-16 09:39 . 2005-07-08 16:17 29,696 --------- C:\WINDOWS\system32\drivers\InCDpass.sys
2008-07-16 09:39 . 2006-11-02 08:55 28,672 --------- C:\WINDOWS\system32\drivers\InCDrm.sys
2008-07-16 09:39 . 2005-07-08 16:17 8,704 --------- C:\WINDOWS\system32\drivers\InCDrec.sys
2008-07-16 09:38 . 2008-07-16 09:39
2008-07-16 09:38 . 2008-07-16 09:38
2008-07-16 09:38 . 2008-07-16 09:38
2008-07-16 09:38 . 2004-10-01 15:00 40,960 --a------ C:\Program Files\Uninstall_CDS.exe
2008-07-15 19:07 . 2008-07-15 19:07
2008-07-15 18:06 . 2003-08-15 18:31 353,024 -ra------ C:\WINDOWS\system32\drivers\Cap7134.sys
2008-07-15 17:16 . 2008-07-15 17:16
2008-07-15 17:16 . 2006-10-26 19:56 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll
2008-07-15 17:15 . 2008-07-15 17:15
2008-07-15 17:09 . 2008-07-15 17:09
2008-07-15 17:09 . 2008-07-15 17:16
2008-07-15 17:08 . 2008-07-15 17:08
2008-07-15 15:17 . 2008-07-15 15:42
2008-07-15 09:43 . 2008-07-16 14:27
2008-07-14 17:28 . 2008-07-14 17:28
2008-07-14 17:27 . 2006-02-04 03:50 5,174 --a------ C:\WINDOWS\system32\nppt9x.vxd
2008-07-14 17:27 . 2006-02-04 03:50 4,682 --a------ C:\WINDOWS\system32\npptNT2.sys
2008-07-14 17:22 . 2008-07-14 17:22
2008-07-14 17:19 . 2008-07-14 17:19
2008-07-14 15:24 . 2008-07-14 15:24 0 -ra------ C:\logwmemory.bin
2008-07-14 15:23 . 2008-07-14 15:23
2008-07-14 15:23 . 2008-07-14 15:23
2008-07-14 12:18 . 2008-07-14 12:19
2008-07-14 09:27 . 2008-07-14 09:27 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2008-07-14 08:50 . 2008-07-14 08:50
2008-07-14 08:50 . 2008-07-14 08:50
2008-07-14 08:50 . 2008-07-14 08:50
2008-07-14 08:50 . 2001-12-10 17:42 204,800 --a------ C:\WINDOWS\system32\IVIresizeW7.dll
2008-07-14 08:50 . 2001-12-10 17:42 200,704 --a------ C:\WINDOWS\system32\IVIresizeA6.dll
2008-07-14 08:50 . 2001-12-10 17:42 192,512 --a------ C:\WINDOWS\system32\IVIresizeP6.dll
2008-07-14 08:50 . 2001-12-10 17:42 192,512 --a------ C:\WINDOWS\system32\IVIresizeM6.dll
2008-07-14 08:50 . 2001-12-10 17:42 188,416 --a------ C:\WINDOWS\system32\IVIresizePX.dll
2008-07-14 08:50 . 2001-12-10 17:42 20,480 --a------ C:\WINDOWS\system32\IVIresize.dll
2008-07-14 08:46 . 2005-01-11 06:56 78,336 --a------ C:\WINDOWS\system32\SilSupp.cpl
2008-07-14 08:46 . 2005-01-19 11:30 67,200 -ra------ C:\WINDOWS\system32\drivers\SI3132.sys
2008-07-14 08:46 . 2004-11-01 08:21 10,368 -ra------ C:\WINDOWS\system32\drivers\SiWinAcc.sys
2008-07-14 08:44 . 2006-06-17 14:36 83,968 -ra------ C:\WINDOWS\system32\drivers\Rtenicxp.sys
2008-07-14 08:43 . 2005-06-21 16:47 6,016 --------- C:\WINDOWS\system32\drivers\ALLOW-IO.SYS
2008-07-14 08:31 . 2008-07-14 09:16
2008-07-14 08:31 . 2008-07-16 19:35
2008-07-14 08:31 . 2008-07-14 08:31 2,560 --a------ C:\WINDOWS\system32\bitcometres.dll
2008-07-14 08:13 . 2008-07-16 18:10
2008-07-14 08:06 . 2008-07-14 08:06
2008-07-14 08:06 . 2008-07-14 08:06 940,794 --a------ C:\WINDOWS\system32\LoopyMusic.wav
2008-07-14 08:06 . 2008-07-14 08:06 146,650 --a------ C:\WINDOWS\system32\BuzzingBee.wav
2008-07-14 08:06 . 2008-07-14 08:06 73,728 --a------ C:\WINDOWS\ALCFDRTM.EXE
2008-07-14 08:04 . 2007-11-14 15:18 553 --a------ C:\WINDOWS\USetup.iss
2008-07-14 08:02 . 2008-07-14 08:02
2008-07-14 08:02 . 2008-07-16 18:05
2008-07-14 08:00 . 2008-07-14 08:00
2008-07-14 08:00 . 2008-07-14 08:01
2008-07-14 08:00 . 2004-08-03 23:08 26,496 --a–c— C:\WINDOWS\system32\dllcache\usbstor.sys
2008-07-13 22:16 . 2008-07-13 22:16
2008-07-13 22:16 . 2008-07-13 22:16
2008-07-13 22:15 . 2008-07-13 22:15
2008-07-13 22:14 . 2008-07-13 22:14
2008-07-13 22:14 . 2008-05-16 11:48 446,464 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2008-07-13 22:14 . 2008-05-16 14:01 446,464 --a------ C:\WINDOWS\system32\nvudisp.exe
2008-07-13 22:14 . 2008-07-16 19:42 186,500 --a------ C:\WINDOWS\system32\nvapps.xml
2008-07-13 22:14 . 2008-05-16 14:01 18,070 --a------ C:\WINDOWS\system32\nvdisp.nvu
2008-07-13 22:13 . 2008-07-14 08:47
2008-07-13 22:13 . 2008-07-13 22:13
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-16 17:36 --------- d-----w C:\Program Files\Neostrada TP
2008-07-14 06:02 315,392 ----a-w C:\WINDOWS\HideWin.exe
2008-07-13 19:53 --------- d-----w C:\Program Files\ZTE Corporation
2008-07-13 19:48 --------- d-----w C:\Program Files\microsoft frontpage
2008-07-13 19:46 --------- d-----w C:\Program Files\Usługi online
2008-05-16 12:01 6,557,408 ----a-w C:\WINDOWS\system32\drivers\nv4_mini.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-04 00:44 15360]
"Gadu-Gadu"=“C:\Program Files\Gadu-Gadu\gg.exe” [2008-03-20 12:04 2127296]
"AlcoholAutomount"=“C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe” [2007-07-02 12:29 220544]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CnxDslTaskBar"=“C:\Program Files\ZTE Corporation\ZXDSL852\CnxDslTb.exe” [2005-07-21 20:52 278528]
"WOOWATCH"=“C:\PROGRA~1\NEOSTR~1\Watch.exe” [2005-07-21 08:33 20480]
"WOOTASKBARICON"=“C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe” [2005-07-21 08:33 53248]
"NvCplDaemon"=“C:\WINDOWS\system32\NvCpl.dll” [2008-05-16 14:01 13529088]
"NvMediaCenter"=“C:\WINDOWS\system32\NvMcTray.dll” [2008-05-16 14:01 86016]
"WinDVR SchSvr"=“C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe” [2004-09-08 20:51 106496]
"GrooveMonitor"=“C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe” [2006-10-27 00:47 31016]
"RemoteControl"=“C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe” [2004-11-02 20:24 32768]
"InCD"=“C:\Program Files\Ahead\InCD\InCD.exe” [2006-11-02 08:55 1397760]
"NeroFilterCheck"=“C:\WINDOWS\system32\NeroCheck.exe” [2001-07-09 10:50 155648]
"LGODDFU"=“C:\Program Files\lg_fwupdate\fwupdate.exe” [2005-04-12 10:11 229376]
"nwiz"=“nwiz.exe” [2008-05-16 14:01 1630208 C:\WINDOWS\system32\nwiz.exe]
"RTHDCPL"=“RTHDCPL.EXE” [2008-03-26 16:14 16859136 C:\WINDOWS\RTHDCPL.exe]
[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=“C:\WINDOWS\system32\CTFMON.EXE” [2004-08-04 00:44 15360]
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe"=
"C:\Documents and Settings\C2D\Pulpit\1\Repair.exe"=
"C:\Program Files\BitComet\BitComet.exe"=
"C:\Soldat\Soldat.exe"=
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"=
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"=
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"=
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"12226:TCP"= 12226:TCP:BitComet 12226 TCP
"12226:UDP"= 12226:UDP:BitComet 12226 UDP
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-12 18:36]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-12 18:38]
R3 Cap7134;%Cap7134.DeviceDescProt%;C:\WINDOWS\system32\DRIVERS\Cap7134.sys [2003-08-15 18:31]
R3 CnxEtP;ZTE ZXDSL852 Adapter Filter Driver;C:\WINDOWS\system32\DRIVERS\CnxEtP.sys [2005-05-20 18:27]
R3 CnxEtU;ZTE ZXDSL852 Interface Device Driver;C:\WINDOWS\system32\DRIVERS\CnxEtU.sys [2005-05-20 18:27]
R3 CnxTgNW;ZTE ZXDSL852 WAN PPPoA Adapter Driver;C:\WINDOWS\system32\DRIVERS\CnxTgNW.sys [2005-05-20 18:28]
R3 PhTvTune;WDM TVTuner;C:\WINDOWS\system32\DRIVERS\PhTvTune.sys [2003-08-15 18:33]
.
- - - - ORPHANS REMOVED - - - -
Toolbar-{264BFEF2-1935-497C-9FD4-6EEF1FAA2764} - C:\WINDOWS\qndsfmao.dll
HKCU-Run-s9201 - C:\Documents and Settings\All Users\Dane aplikacji\SecuriSoft SARL\WinSpywareProtect\wspwprtct.exe
HKLM-Run-wvremcon - C:\WINDOWS\wvremcon.exe
HKLM-Run-38991291 - C:\WINDOWS\system32\oifpjdqy.dll
SSODL-evgratsm-{718328C9-E163-4FD8-9ABB-55774973E880} - C:\WINDOWS\evgratsm.dll
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-16 19:42:24
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
C:\ComboFix\temp00
scan completed successfully
hidden files: 1
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\ALCFDRTM.EXE
C:\PROGRA~1\NEOSTR~1\NeostradaTP.exe
C:\PROGRA~1\NEOSTR~1\ComComp.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
.
**************************************************************************
.
Completion time: 2008-07-16 19:44:41 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-16 17:43:44
Pre-Run: 199,928,463,360 bajtów wolnych
Post-Run: 199,914,180,608 bajt˘w wolnych
246 — E O F — 2008-07-15 07:43:24
Log2
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:47, on 2008-07-16
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ZTE Corporation\ZXDSL852\CnxDslTb.exe
C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\lg_fwupdate\fwupdate.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\WINDOWS\ALCFDRTM.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\NEOSTR~1\NeostradaTP.exe
C:\PROGRA~1\NEOSTR~1\ComComp.exe
C:\PROGRA~1\NEOSTR~1\Watch.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\BitComet\BitComet.exe
C:\Program Files\BitComet\tools\UPNP.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\C2D\USTAWI~1\Temp\Rar$EX00.578\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.pl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O4 - HKLM…\Run: [CnxDslTaskBar] “C:\Program Files\ZTE Corporation\ZXDSL852\CnxDslTb.exe” "ZTE Corporation\ZXDSL852"
O4 - HKLM…\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe
O4 - HKLM…\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM…\Run: [nwiz] nwiz.exe /install
O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM…\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM…\Run: [WinDVR SchSvr] "C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe"
O4 - HKLM…\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM…\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM…\Run: [inCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM…\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM…\Run: [LGODDFU] "C:\Program Files\lg_fwupdate\fwupdate.exe"
O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray
O4 - HKCU…\Run: [AlcoholAutomount] “C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe” /automount
O4 - HKUS\S-1-5-19…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘USŁUGA LOKALNA’)
O4 - HKUS\S-1-5-20…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘USŁUGA SIECIOWA’)
O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’)
O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’)
O8 - Extra context menu item: Download with BitComet - res://C** :\Program Files\BitComet\BitComet.exe/AddLink.htm**
O8 - Extra context menu item: Download all video with BitComet - res://C** :\Program Files\BitComet\BitComet.exe/AddVideo.htm**
O8 - Extra context menu item: Download all with BitComet - res://C** :\Program Files\BitComet\BitComet.exe/AddAllLink.htm**
O8 - Extra context menu item: Eksportuj do programu Microsoft Excel - res://C** :\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000**
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra ‘Tools’ menuitem: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C** :\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)**
O17 - HKLM\System\CCS\Services\Tcpip…{21783BC8-DB1F-4F8D-9DF9-7B971BAF3CB5}: NameServer = 194.204.159.1 217.98.63.164
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
–
End of file - 6860 bytes