Zainfekowany komputerek :-(

kolezkayakis · 23 Lipiec 2007 21:09

Witam wszystkich :mrgreen: od jakiegoś czasu przy starcie systemu pojawia mi sie komunikat “wystąpił błąd podczas ładowania C:\PROGRA~1\MYWEBS~1\bar\5.bin\MWSBAR.DLL Nie można odnaleźć określonego modułu” . Od czasu pojawienia sie komunikatu komputer zaczął strasznie mulić dołączam plik log z HijackThis. PROSZĘ O POMOC .

Z góry DZIĘKUJE.

Kod:

Logfile of HijackThis v1.99.1 Scan saved at 23:06:23, on 2007-07-23 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira Premium Security Suite\avguard.exe C:\Program Files\Avira Premium Security Suite\avfwsvc.exe C:\Program Files\Avira Premium Security Suite\sched.exe C:\Program Files\Avira Premium Security Suite\avesvc.exe C:\Acer\Empowering Technology\admServ.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Acer\Empowering Technology\admtray.exe C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe C:\Program Files\Acer\Acer Arcade\PCMService.exe C:\Acer\Empowering Technology\ePower\ePower_DMC.exe C:\PROGRA~1\LAUNCH~1\LManager.exe C:\Acer\Empowering Technology\eRecovery\Monitor.exe C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe C:\Program Files\FlashGet\FlashGet.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\Program Files\Avira Premium Security Suite\avgnt.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\CyberLink\Shared Files\RichVideo.exe C:\WINDOWS\system32\igfxext.exe C:\WINDOWS\system32\igfxsrvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\Avira Premium Security Suite\avmailc.exe C:\DOCUME~1\AGNIES~1\USTAWI~1\Temp\RtkBtMnt.exe C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\WINDOWS\system32\wbem\unsecapp.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Agnieszka\Pulpit\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://pl.intl.acer.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://pl.intl.acer.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\5.bin\MWSSRCAS.DLL (file missing) O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\5.bin\MWSSRCAS.DLL (file missing) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\5.bin\MWSBAR.DLL (file missing) O2 - BHO: Lexmark Pasek narzędzi - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll O3 - Toolbar: FlashGet - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\Program Files\FlashGet\fgiebar.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O3 - Toolbar: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\5.bin\MWSBAR.DLL (file missing) O3 - Toolbar: Lexmark Pasek narzędzi - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll O4 - HKLM…\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM…\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM…\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM…\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,BluetoothAuthenticationAgent O4 - HKLM…\Run: [LaunchApp] Alaunch O4 - HKLM…\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM…\Run: [skyTel] SkyTel.EXE O4 - HKLM…\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM…\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe O4 - HKLM…\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM…\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe O4 - HKLM…\Run: [ADMTray.exe] “C:\Acer\Empowering Technology\admtray.exe” O4 - HKLM…\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe O4 - HKLM…\Run: [iMJPMIG8.1] “C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE” /Spoil /RemAdvDef /Migration32 O4 - HKLM…\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM…\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM…\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM…\Run: [PCMService] “C:\Program Files\Acer\Acer Arcade\PCMService.exe” O4 - HKLM…\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe O4 - HKLM…\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot O4 - HKLM…\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe O4 - HKLM…\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe O4 - HKLM…\Run: [speedTouch USB Diagnostics] “C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe” /icon O4 - HKLM…\Run: [FlashGet] C:\Program Files\FlashGet\FlashGet.exe /min O4 - HKLM…\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM…\Run: [Adobe Photo Downloader] “C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe” O4 - HKLM…\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\5.bin\MWSBAR.DLL,S O4 - HKLM…\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\5.bin\mwsoemon.exe O4 - HKLM…\Run: [avgnt] “C:\Program Files\Avira Premium Security Suite\avgnt.exe” /min O4 - HKLM…\Run: [GrooveMonitor] “C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe” O4 - HKLM…\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup O4 - HKLM…\Run: [Adobe Reader Speed Launcher] “C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe” O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU…\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU…\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background O4 - HKCU…\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\5.bin\mwsoemon.exe O4 - HKCU…\Run: [DAEMON Tools] “C:\Program Files\DAEMON Tools\daemon.exe” -lang 1033 O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredi … p=ZRfox000 O8 - Extra context menu item: &Ściągnij przy pomocy FlashGet’a - C:\Program Files\FlashGet\jc_link.htm O8 - Extra context menu item: &Ściągnij wszystko przy pomocy FlashGet’a - C:\Program Files\FlashGet\jc_all.htm O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra ‘Tools’ menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe O9 - Extra ‘Tools’ menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Broken Internet access because of LSP provider ‘avsda.dll’ missing O17 - HKLM\System\CCS\Services\Tcpip…{94E99028-E549-4220-8CB4-E40AE6BF0C16}: NameServer = 194.204.159.1 217.98.63.164 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Avira Premium Security Suite Firewall (AntiVirFirewallService) - Avira GmbH - C:\Program Files\Avira Premium Security Suite\avfwsvc.exe O23 - Service: Avira Premium Security Suite MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira Premium Security Suite\avmailc.exe O23 - Service: Avira Premium Security Suite Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira Premium Security Suite\sched.exe O23 - Service: Avira Premium Security Suite Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira Premium Security Suite\avguard.exe O23 - Service: Avira Premium Security Suite MailGuard helper service (AVEService) - Avira GmbH - C:\Program Files\Avira Premium Security Suite\avesvc.exe O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe]

adam9870 · 23 Lipiec 2007 21:12

Korzystając z apletu Dodaj/usuń programy odinstaluj MyWebSearch Search Assistant.

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\5.bin\MWSSRCAS.DLL (file missing) O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\5.bin\MWSSRCAS.DLL (file missing) O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\5.bin\MWSBAR.DLL (file missing) O3 - Toolbar: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\5.bin\MWSBAR.DLL (file missing) O4 - HKLM…\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM…\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\5.bin\MWSBAR.DLL,S O4 - HKLM…\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\5.bin\mwsoemon.exe O4 - HKCU…\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\5.bin\mwsoemon.exe O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredi … p=ZRfox000

Folder zaznaczony na czerwono usuń ręcznie z dysku w trybie awaryjnym natomiast wpisy HijackThis.

Czy masz jeszcze zainstalowanego Nortona? Jeśli nie to uruchom wiersz polecenia (start -> uruchom -> cmd) i wydaj następujące polecenia:

Dodatkowo poczytaj o usuwaniu produktów marki Norton za pomocą narzędzia SymNRT:

Usuwanie programu marki Norton za pomocą narzędzia SymNRT

Po wykonaniu pokażlog z HijackThis plus z SilentRunners.

kolezkayakis · 23 Lipiec 2007 21:33

w apletcie Dodaj/usuń programy nie mam MyWebSearch Search Assistant.

qrczak13 · 23 Lipiec 2007 21:45

To zrób co adam9870 napisał poniżej tego i

kolezkayakis · 24 Lipiec 2007 05:18

W trybie awaryjnym nie mogę znaleźć tego katalogu a nortona odinstalowałem bez problemu.

Monczkin · 24 Lipiec 2007 07:01

kolezkayakis popraw posta z logiem i obejmij go znacznikami

adam9870 · 24 Lipiec 2007 08:46

W takim razie wykonaj i wklej nowe logi, o które prosiłem.

kolezkayakis · 24 Lipiec 2007 19:07

KOD

Logfile of HijackThis v1.99.1

Scan saved at 21:05:23, on 2007-07-24

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira Premium Security Suite\avguard.exe

C:\Program Files\Avira Premium Security Suite\avfwsvc.exe

C:\Program Files\Avira Premium Security Suite\sched.exe

C:\Program Files\Avira Premium Security Suite\avesvc.exe

C:\Acer\Empowering Technology\admServ.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe

C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe

C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\CyberLink\Shared Files\RichVideo.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Acer\Empowering Technology\admtray.exe

C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe

C:\Program Files\Acer\Acer Arcade\PCMService.exe

C:\Acer\Empowering Technology\ePower\ePower_DMC.exe

C:\PROGRA~1\LAUNCH~1\LManager.exe

C:\Program Files\Avira Premium Security Suite\avmailc.exe

C:\Acer\Empowering Technology\eRecovery\Monitor.exe

C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe

C:\Program Files\FlashGet\FlashGet.exe

C:\Program Files\Winamp\winampa.exe

C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

C:\Program Files\Avira Premium Security Suite\avgnt.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe

C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\DAEMON Tools\daemon.exe

C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe

C:\WINDOWS\system32\igfxext.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\DOCUME~1\AGNIES~1\USTAWI~1\Temp\RtkBtMnt.exe

C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

C:\WINDOWS\system32\wbem\unsecapp.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\System32\WScript.exe

C:\Documents and Settings\Agnieszka\Pulpit\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://pl.intl.acer.yahoo.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://pl.intl.acer.yahoo.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\5.bin\MWSSRCAS.DLL (file missing)

O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\5.bin\MWSSRCAS.DLL (file missing)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\5.bin\MWSBAR.DLL (file missing)

O2 - BHO: Lexmark Pasek narzędzi - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll

O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll

O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll

O3 - Toolbar: FlashGet - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\Program Files\FlashGet\fgiebar.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll

O3 - Toolbar: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\5.bin\MWSBAR.DLL (file missing)

O3 - Toolbar: Lexmark Pasek narzędzi - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll

O4 - HKLM…\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM…\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM…\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM…\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,BluetoothAuthenticationAgent

O4 - HKLM…\Run: [LaunchApp] Alaunch

O4 - HKLM…\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM…\Run: [skyTel] SkyTel.EXE

O4 - HKLM…\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM…\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe

O4 - HKLM…\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM…\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe

O4 - HKLM…\Run: [ADMTray.exe] “C:\Acer\Empowering Technology\admtray.exe”

O4 - HKLM…\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe

O4 - HKLM…\Run: [iMJPMIG8.1] “C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE” /Spoil /RemAdvDef /Migration32

O4 - HKLM…\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

O4 - HKLM…\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM…\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM…\Run: [PCMService] “C:\Program Files\Acer\Acer Arcade\PCMService.exe”

O4 - HKLM…\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe

O4 - HKLM…\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot

O4 - HKLM…\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe

O4 - HKLM…\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe

O4 - HKLM…\Run: [speedTouch USB Diagnostics] “C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe” /icon

O4 - HKLM…\Run: [FlashGet] C:\Program Files\FlashGet\FlashGet.exe /min

O4 - HKLM…\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe

O4 - HKLM…\Run: [Adobe Photo Downloader] “C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe”

O4 - HKLM…\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\5.bin\MWSBAR.DLL,S

O4 - HKLM…\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\5.bin\mwsoemon.exe

O4 - HKLM…\Run: [avgnt] “C:\Program Files\Avira Premium Security Suite\avgnt.exe” /min

O4 - HKLM…\Run: [GrooveMonitor] “C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe”

O4 - HKLM…\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup

O4 - HKLM…\Run: [Adobe Reader Speed Launcher] “C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe”

O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU…\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU…\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background

O4 - HKCU…\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\5.bin\mwsoemon.exe

O4 - HKCU…\Run: [DAEMON Tools] “C:\Program Files\DAEMON Tools\daemon.exe” -lang 1033

O4 - HKCU…\Run: [Odkurzacz-MCD] C:\Program Files\Odkurzacz\odk_mcd.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredi … p=ZRfox000

O8 - Extra context menu item: &Ściągnij przy pomocy FlashGet’a - C:\Program Files\FlashGet\jc_link.htm

O8 - Extra context menu item: &Ściągnij wszystko przy pomocy FlashGet’a - C:\Program Files\FlashGet\jc_all.htm

O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra ‘Tools’ menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe

O9 - Extra ‘Tools’ menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Broken Internet access because of LSP provider ‘avsda.dll’ missing

O17 - HKLM\System\CCS\Services\Tcpip…{94E99028-E549-4220-8CB4-E40AE6BF0C16}: NameServer = 194.204.159.1 217.98.63.164

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: Avira Premium Security Suite Firewall (AntiVirFirewallService) - Avira GmbH - C:\Program Files\Avira Premium Security Suite\avfwsvc.exe

O23 - Service: Avira Premium Security Suite MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira Premium Security Suite\avmailc.exe

O23 - Service: Avira Premium Security Suite Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira Premium Security Suite\sched.exe

O23 - Service: Avira Premium Security Suite Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira Premium Security Suite\avguard.exe

O23 - Service: Avira Premium Security Suite MailGuard helper service (AVEService) - Avira GmbH - C:\Program Files\Avira Premium Security Suite\avesvc.exe

O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe

O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe

O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe

O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

KOD

“Silent Runners.vbs”, revision R50, http://www.silentrunners.org/

Operating System: Windows XP SP2

Output limited to non-default values, except where indicated by “{++}”

Startup items buried in registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}

“CTFMON.EXE” = “C:\WINDOWS\system32\ctfmon.exe” [MS]

“swg” = “C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe” [“Google Inc.”]

“MSMSGS” = ““C:\Program Files\Messenger\msmsgs.exe” /background” [MS]

“Twoje TVN24” = “(empty string)” [file not found]

“MyWebSearch Email Plugin” = “C:\PROGRA~1\MYWEBS~1\bar\5.bin\mwsoemon.exe” [file not found]

“DAEMON Tools” = ““C:\Program Files\DAEMON Tools\daemon.exe” -lang 1033” [“DT Soft Ltd.”]

“Odkurzacz-MCD” = “C:\Program Files\Odkurzacz\odk_mcd.exe” [“Franmo Software”]

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}

“igfxtray” = “C:\WINDOWS\system32\igfxtray.exe” [“Intel Corporation”]

“igfxhkcmd” = “C:\WINDOWS\system32\hkcmd.exe” [“Intel Corporation”]

“igfxpers” = “C:\WINDOWS\system32\igfxpers.exe” [“Intel Corporation”]

“BluetoothAuthenticationAgent” = “rundll32.exe bthprops.cpl,BluetoothAuthenticationAgent” [MS]

“LaunchApp” = “Alaunch” [“Acer Inc.”]

“RTHDCPL” = “RTHDCPL.EXE” [“Realtek Semiconductor Corp.”]

“SkyTel” = “SkyTel.EXE” [“Realtek Semiconductor Corp.”]

“Alcmtr” = “ALCMTR.EXE” [“Realtek Semiconductor Corp.”]

“AzMixerSel” = “C:\Program Files\Realtek\InstallShield\AzMixerSel.exe” [“Realtek Semiconductor Corp.”]

“SynTPEnh” = “C:\Program Files\Synaptics\SynTP\SynTPEnh.exe” [“Synaptics, Inc.”]

“ntiMUI” = “C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe” [null data]

“(Default)” = “(empty string)” [file not found]

“ADMTray.exe” = ““C:\Acer\Empowering Technology\admtray.exe”” [“Avocent Inc.”]

“eDataSecurity Loader” = “C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe” [“HiTRUST”]

“IMJPMIG8.1” = ““C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE” /Spoil /RemAdvDef /Migration32” [MS]

“MSPY2002” = “C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC” [null data]

“PHIME2002ASync” = “C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC” [MS]

“PHIME2002A” = “C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName” [MS]

“PCMService” = ““C:\Program Files\Acer\Acer Arcade\PCMService.exe”” [“CyberLink Corp.”]

“ePower_DMC” = “C:\Acer\Empowering Technology\ePower\ePower_DMC.exe” [“Acer Incorporated”]

“Acer ePower Management” = “C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot” [“Acer Value Labs, Taiwan”]

“LManager” = “C:\PROGRA~1\LAUNCH~1\LManager.exe” [“Dritek System Inc.”]

“eRecoveryService” = “C:\Acer\Empowering Technology\eRecovery\Monitor.exe” [“acer Inc.”]

“SpeedTouch USB Diagnostics” = ““C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe” /icon” [“THOMSON Telecom Belgium”]

“FlashGet” = “C:\Program Files\FlashGet\FlashGet.exe /min” [“FlashGet.com”]

“WinampAgent” = “C:\Program Files\Winamp\winampa.exe” [null data]

“Adobe Photo Downloader” = ““C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe”” [“Adobe Systems Incorporated”]

“My Web Search Bar” = “rundll32 C:\PROGRA~1\MYWEBS~1\bar\5.bin\MWSBAR.DLL,S” [MS]

“MyWebSearch Email Plugin” = “C:\PROGRA~1\MYWEBS~1\bar\5.bin\mwsoemon.exe” [file not found]

“avgnt” = ““C:\Program Files\Avira Premium Security Suite\avgnt.exe” /min” [“Avira GmbH”]

“GrooveMonitor” = ““C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe”” [MS]

“PCSuiteTrayApplication” = “C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup” [“Nokia”]

“Adobe Reader Speed Launcher” = ““C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe”” [“Adobe Systems Incorporated”]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{00A6FAF1-072E-44cf-8957-5838F569A31D}(Default) = (no title provided)

-> {HKLM…CLSID} = “MyWebSearch Search Assistant BHO”

\InProcServer32(Default) = “C:\Program Files\MyWebSearch\SrchAstt\5.bin\MWSSRCAS.DLL” [file not found]

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided)

-> {HKLM…CLSID} = “Adobe PDF Reader Link Helper”

\InProcServer32(Default) = “C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll” [“Adobe Systems Incorporated”]

{07B18EA1-A523-4961-B6BB-170DE4475CCA}(Default) = “mwsBar BHO”

-> {HKLM…CLSID} = “mwsBar BHO”

\InProcServer32(Default) = “C:\Program Files\MyWebSearch\bar\5.bin\MWSBAR.DLL” [file not found]

{1017A80C-6F09-4548-A84D-EDD6AC9525F0}(Default) = (no title provided)

-> {HKLM…CLSID} = “Lexmark Pasek narzędzi”

\InProcServer32(Default) = “C:\Program Files\Lexmark Toolbar\toolband.dll” [null data]

{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}(Default) = “flashget urlcatch”

-> {HKLM…CLSID} = “FGCatchUrl”

\InProcServer32(Default) = “C:\Program Files\FlashGet\jccatch.dll” [“www.flashget.com”]

{72853161-30C5-4D22-B7F9-0BBC1D38A37E}(Default) = (no title provided)

-> {HKLM…CLSID} = “Groove GFS Browser Helper”

\InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL” [MS]

{AA58ED58-01DD-4d91-8333-CF10577473F7}(Default) = (no title provided)

-> {HKLM…CLSID} = “Google Toolbar Helper”

\InProcServer32(Default) = “c:\program files\google\googletoolbar3.dll” [“Google Inc.”]

{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}(Default) = (no title provided)

-> {HKLM…CLSID} = “Google Toolbar Notifier BHO”

\InProcServer32(Default) = “C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll” [“Google Inc.”]

{F156768E-81EF-470C-9057-481BA8380DBA}(Default) = (no title provided)

-> {HKLM…CLSID} = “FlashGet GetFlash Class”

\InProcServer32(Default) = “C:\Program Files\FlashGet\getflash.dll” [“www.flashget.com”]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

“{42071714-76d4-11d1-8b24-00a0c9068ff3}” = “Rozszerzenie CPL kadrowania wyświetlania”

-> {HKLM…CLSID} = “Rozszerzenie CPL kadrowania wyświetlania”

\InProcServer32(Default) = “deskpan.dll” [file not found]

“{88895560-9AA2-1069-930E-00AA0030EBC8}” = “Rozszerzenie ikony HyperTerminalu”

-> {HKLM…CLSID} = “HyperTerminal Icon Ext”

\InProcServer32(Default) = “C:\WINDOWS\system32\hticons.dll” [“Hilgraeve, Inc.”]

“{2F603045-309F-11CF-9774-0020AFD0CFF6}” = “Synaptics Control Panel”

-> {HKLM…CLSID} = (no title provided)

\InProcServer32(Default) = “C:\Program Files\Synaptics\SynTP\SynTPCpl.dll” [“Synaptics, Inc.”]

“{2b45bd21-71f8-4c8c-a87a-7eeb25a1a3e0}” = “EPM-PO Shell Extension”

-> {HKLM…CLSID} = “EPM-PO Shell Extensions”

\InProcServer32(Default) = “epm-po.dll” [“Acer Labs USA”]

“{23F0DC38-DC86-49D6-81EC-40C54A204212}” = “ZEN Nano Plus Media Explorer”

-> {HKLM…CLSID} = “ZEN Nano Plus Media Explorer”

\InProcServer32(Default) = “C:\Program Files\Creative\Creative ZEN Nano Plus\ZEN Nano Plus Media Explorer\CTMvnsu.dll” [“Creative Technology Ltd”]

“{cc86590a-b60a-48e6-996b-41d25ed39a1e}” = “Portable Media Devices Menu”

-> {HKLM…CLSID} = “Portable Media Devices Menu”

\InProcServer32(Default) = “C:\WINDOWS\system32\Audiodev.dll” [MS]

“{B41DB860-8EE4-11D2-9906-E49FADC173CA}” = “WinRAR shell extension”

-> {HKLM…CLSID} = “WinRAR”

\InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data]

“{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}” = “OpenOffice.org Column Handler”

-> {HKLM…CLSID} = (no title provided)

\InProcServer32(Default) = ““C:\Program Files\OpenOffice.ux.pl 2.1.0\program\shlxthdl.dll”” [“Sun Microsystems, Inc.”]

“{087B3AE3-E237-4467-B8DB-5A38AB959AC9}” = “OpenOffice.org Infotip Handler”

-> {HKLM…CLSID} = (no title provided)

\InProcServer32(Default) = ““C:\Program Files\OpenOffice.ux.pl 2.1.0\program\shlxthdl.dll”” [“Sun Microsystems, Inc.”]

“{63542C48-9552-494A-84F7-73AA6A7C99C1}” = “OpenOffice.org Property Sheet Handler”

-> {HKLM…CLSID} = (no title provided)

\InProcServer32(Default) = ““C:\Program Files\OpenOffice.ux.pl 2.1.0\program\shlxthdl.dll”” [“Sun Microsystems, Inc.”]

“{3B092F0C-7696-40E3-A80F-68D74DA84210}” = “OpenOffice.org Thumbnail Viewer”

-> {HKLM…CLSID} = (no title provided)

\InProcServer32(Default) = ““C:\Program Files\OpenOffice.ux.pl 2.1.0\program\shlxthdl.dll”” [“Sun Microsystems, Inc.”]

“{45AC2688-0253-4ED8-97DE-B5370FA7D48A}” = “Shell Extension for Malware scanning”

-> {HKLM…CLSID} = “Shell Extension for Malware scanning”

\InProcServer32(Default) = “C:\Program Files\Avira Premium Security Suite\shlext.dll” [“Avira GmbH”]

“{72853161-30C5-4D22-B7F9-0BBC1D38A37E}” = “Groove GFS Browser Helper”

-> {HKLM…CLSID} = “Groove GFS Browser Helper”

\InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL” [MS]

“{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}” = “Groove GFS Explorer Bar”

-> {HKLM…CLSID} = “Groove Folder Synchronization”

\InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL” [MS]

“{A449600E-1DC6-4232-B948-9BD794D62056}” = “Groove GFS Stub Icon Handler”

-> {HKLM…CLSID} = “Groove GFS Stub Icon Handler”

\InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL” [MS]

“{B5A7F190-DDA6-4420-B3BA-52453494E6CD}” = “Groove GFS Stub Execution Hook”

-> {HKLM…CLSID} = “Groove GFS Stub Execution Hook”

\InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL” [MS]

“{6C467336-8281-4E60-8204-430CED96822D}” = “Groove GFS Context Menu Handler”

-> {HKLM…CLSID} = “Groove GFS Context Menu Handler”

\InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL” [MS]

“{387E725D-DC16-4D76-B310-2C93ED4752A0}” = “Groove XML Icon Handler”

-> {HKLM…CLSID} = “Groove XML Icon Handler”

\InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL” [MS]

“{16F3DD56-1AF5-4347-846D-7C10C4192619}” = “Groove Explorer Icon Overlay 3 (GFS Folder)”

-> {HKLM…CLSID} = “Groove Explorer Icon Overlay 3 (GFS Folder)”

\InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL” [MS]

“{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC}” = “Groove Explorer Icon Overlay 2 (GFS Stub)”

-> {HKLM…CLSID} = “Groove Explorer Icon Overlay 2 (GFS Stub)”

\InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL” [MS]

“{2916C86E-86A6-43FE-8112-43ABE6BF8DCC}” = “Groove Explorer Icon Overlay 4 (GFS Unread Mark)”

-> {HKLM…CLSID} = “Groove Explorer Icon Overlay 4 (GFS Unread Mark)”

\InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL” [MS]

“{99FD978C-D287-4F50-827F-B2C658EDA8E7}” = “Groove Explorer Icon Overlay 1 (GFS Unread Stub)”

-> {HKLM…CLSID} = “Groove Explorer Icon Overlay 1 (GFS Unread Stub)”

\InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL” [MS]

“{920E6DB1-9907-4370-B3A0-BAFC03D81399}” = “Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)”

-> {HKLM…CLSID} = “Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)”

\InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL” [MS]

“{0006F045-0000-0000-C000-000000000046}” = “Microsoft Office Outlook Custom Icon Handler”

-> {HKLM…CLSID} = “Outlook File Icon Extension”

\InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\Office12\OLKFSTUB.DLL” [MS]

“{00020D75-0000-0000-C000-000000000046}” = “Microsoft Office Outlook Desktop Icon Handler”

-> {HKLM…CLSID} = “Microsoft Office Outlook”

\InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\Office12\MLSHEXT.DLL” [MS]

“{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C}” = “Microsoft Office OneNote Namespace Extension for Windows Desktop Search”

-> {HKLM…CLSID} = “Microsoft Office OneNote Namespace Extension for Windows Desktop Search”

\InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL” [MS]

“{42042206-2D85-11D3-8CFF-005004838597}” = “Microsoft Office HTML Icon Handler”

-> {HKLM…CLSID} = (no title provided)

\InProcServer32(Default) = “C:\Program Files\Microsoft Office\Office12\msohevi.dll” [MS]

“{993BE281-6695-4BA5-8A2A-7AACBFAAB69E}” = “Microsoft Office Metadata Handler”

-> {HKLM…CLSID} = “Microsoft Office Metadata Handler”

\InProcServer32(Default) = “C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll” [MS]

“{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97}” = “Microsoft Office Thumbnail Handler”

-> {HKLM…CLSID} = “Microsoft Office Thumbnail Handler”

\InProcServer32(Default) = “C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll” [MS]

“{416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A}” = “Nokia Phone Browser”

-> {HKLM…CLSID} = “Nokia Phone Browser”

\InProcServer32(Default) = “C:\Program Files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll” [“Nokia”]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\

<> “{B5A7F190-DDA6-4420-B3BA-52453494E6CD}” = “Groove GFS Stub Execution Hook”

-> {HKLM…CLSID} = “Groove GFS Stub Execution Hook”

\InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL” [MS]

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\

<> igfxcui\DLLName = “igfxdev.dll” [“Intel Corporation”]

HKLM\Software\Classes\PROTOCOLS\Filter\

<> text/xml\CLSID = “{807563E5-5146-11D5-A672-00B0D022E945}”

-> {HKLM…CLSID} = “Microsoft Office InfoPath XML Mime Filter”

\InProcServer32(Default) = “C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL” [MS]

HKLM\Software\Classes\Folder\shellex\ColumnHandlers\

{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}(Default) = “OpenOffice.org Column Handler”

-> {HKLM…CLSID} = (no title provided)

\InProcServer32(Default) = ““C:\Program Files\OpenOffice.ux.pl 2.1.0\program\shlxthdl.dll”” [“Sun Microsystems, Inc.”]

{F9DB5320-233E-11D1-9F84-707F02C10627}(Default) = “PDF Column Info”

-> {HKLM…CLSID} = “PDF Shell Extension”

\InProcServer32(Default) = “C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll” [“Adobe Systems, Inc.”]

HKLM\Software\Classes*\shellex\ContextMenuHandlers\

EDSshellExt(Default) = “{29FF7AB0-BE34-4992-A30B-53A9D86EE239}”

-> {HKLM…CLSID} = “eDSshlExt Class”

\InProcServer32(Default) = “C:\WINDOWS\system32\eDSshellExt.dll” [“HiTRUST”]

Shell Extension for Malware scanning(Default) = “{45AC2688-0253-4ED8-97DE-B5370FA7D48A}”

-> {HKLM…CLSID} = “Shell Extension for Malware scanning”

\InProcServer32(Default) = “C:\Program Files\Avira Premium Security Suite\shlext.dll” [“Avira GmbH”]

WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}”

-> {HKLM…CLSID} = “WinRAR”

\InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data]

XXX Groove GFS Context Menu Handler XXX(Default) = “{6C467336-8281-4E60-8204-430CED96822D}”

-> {HKLM…CLSID} = “Groove GFS Context Menu Handler”

\InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL” [MS]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\

EDSshellExt(Default) = “{29FF7AB0-BE34-4992-A30B-53A9D86EE239}”

-> {HKLM…CLSID} = “eDSshlExt Class”

\InProcServer32(Default) = “C:\WINDOWS\system32\eDSshellExt.dll” [“HiTRUST”]

WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}”

-> {HKLM…CLSID} = “WinRAR”

\InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data]

XXX Groove GFS Context Menu Handler XXX(Default) = “{6C467336-8281-4E60-8204-430CED96822D}”

-> {HKLM…CLSID} = “Groove GFS Context Menu Handler”

\InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL” [MS]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\

Shell Extension for Malware scanning(Default) = “{45AC2688-0253-4ED8-97DE-B5370FA7D48A}”

-> {HKLM…CLSID} = “Shell Extension for Malware scanning”

\InProcServer32(Default) = “C:\Program Files\Avira Premium Security Suite\shlext.dll” [“Avira GmbH”]

WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}”

-> {HKLM…CLSID} = “WinRAR”

\InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data]

XXX Groove GFS Context Menu Handler XXX(Default) = “{6C467336-8281-4E60-8204-430CED96822D}”

-> {HKLM…CLSID} = “Groove GFS Context Menu Handler”

\InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL” [MS]

HKLM\Software\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\

XXX Groove GFS Context Menu Handler XXX(Default) = “{6C467336-8281-4E60-8204-430CED96822D}”

-> {HKLM…CLSID} = “Groove GFS Context Menu Handler”

\InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL” [MS]

Group Policies {policy setting}:

Note: detected settings may not have any effect.

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\

“shutdownwithoutlogon” = (REG_DWORD) hex:0x00000001

{Shutdown: Allow system to be shut down without having to log on}

“undockwithoutlogon” = (REG_DWORD) hex:0x00000001

{Devices: Allow undock without having to log on}

Active Desktop and Wallpaper:

Active Desktop may be enabled at this entry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:

HKCU\Software\Microsoft\Internet Explorer\Desktop\General\

“Wallpaper” = “C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp”

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:

HKCU\Control Panel\Desktop\

“Wallpaper” = “C:\Documents and Settings\Agnieszka\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp”

Active Desktop web content (hidden if disabled):

HKCU\Software\Microsoft\Internet Explorer\Desktop\Components\0\

“FriendlyName” = “”

“Source” = “file:///C:/DOCUME~1/AGNIES~1/USTAWI~1/Temp/msoclip1/01/clip_image002.jpg”

“SubscribedURL” = “file:///C:/DOCUME~1/AGNIES~1/USTAWI~1/Temp/msoclip1/01/clip_image002.jpg”

Enabled Screen Saver:

HKCU\Control Panel\Desktop\

“SCRNSAVE.EXE” = “C:\WINDOWS\system32\logon.scr” [MS]

Startup items in “Agnieszka” & “All Users” startup folders:

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart

“Microsoft Office” -> shortcut to: “C:\Program Files\Microsoft Office\Office\OSA9.EXE -b -l” [MS]

Winsock2 Service Provider DLLs:

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}

000000000001\LibraryPath = “%SystemRoot%\system32\wshbth.dll” [MS]

000000000002\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS]

000000000003\LibraryPath = “%SystemRoot%\System32\winrnr.dll” [MS]

000000000004\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}

0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:

avsda.dll [“Avira GmbH”], 01 - 02, 26

%SystemRoot%\system32\mswsock.dll [MS], 03 - 23

%SystemRoot%\system32\rsvpsp.dll [MS], 24 - 25

Toolbars, Explorer Bars, Extensions:

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\

“{2318C2B1-4965-11D4-9B18-009027A5CD4F}”

-> {HKLM…CLSID} = “&Google”

\InProcServer32(Default) = “c:\program files\google\googletoolbar3.dll” [“Google Inc.”]

“{07B18EA9-A523-4961-B6BB-170DE4475CCA}”

-> {HKLM…CLSID} = (no title provided)

\InProcServer32(Default) = “C:\Program Files\MyWebSearch\bar\5.bin\MWSBAR.DLL” [file not found]

“{1017A80C-6F09-4548-A84D-EDD6AC9525F0}”

-> {HKLM…CLSID} = “Lexmark Pasek narzędzi”

\InProcServer32(Default) = “C:\Program Files\Lexmark Toolbar\toolband.dll” [null data]

HKLM\Software\Microsoft\Internet Explorer\Toolbar\

“{5CBE3B7C-1E47-477E-A7DD-396DB0476E29}” = (no title provided)

-> {HKLM…CLSID} = “Acer eDataSecurity Management”

\InProcServer32(Default) = “C:\WINDOWS\system32\eDStoolbar.dll” [“HiTRUST”]

“{E0E899AB-F487-11D5-8D29-0050BA6940E3}” = “FlashGet”

-> {HKLM…CLSID} = “FlashGet”

\InProcServer32(Default) = “C:\Program Files\FlashGet\fgiebar.dll” [“Amaze Soft”]

“{2318C2B1-4965-11D4-9B18-009027A5CD4F}” = (no title provided)

-> {HKLM…CLSID} = “&Google”

\InProcServer32(Default) = “c:\program files\google\googletoolbar3.dll” [“Google Inc.”]

“{07B18EA9-A523-4961-B6BB-170DE4475CCA}” = (no title provided)

-> {HKLM…CLSID} = (no title provided)

\InProcServer32(Default) = “C:\Program Files\MyWebSearch\bar\5.bin\MWSBAR.DLL” [file not found]

“{1017A80C-6F09-4548-A84D-EDD6AC9525F0}” = (no title provided)

-> {HKLM…CLSID} = “Lexmark Pasek narzędzi”

\InProcServer32(Default) = “C:\Program Files\Lexmark Toolbar\toolband.dll” [null data]

Explorer Bars

HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\

HKLM\Software\Classes\CLSID{1E0DE227-5CE4-4EA3-AB0C-8B03E1AA76BC}(Default) = (title not found)

Implemented Categories{00021493-0000-0000-C000-000000000046}\ [vertical bar]

InProcServer32(Default) = “C:\WINDOWS\system32\shdocvw.dll” [MS]

HKLM\Software\Classes\CLSID{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}(Default) = “Groove Folder Synchronization”

Implemented Categories{00021493-0000-0000-C000-000000000046}\ [vertical bar]

InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL” [MS]

HKLM\Software\Classes\CLSID{FF059E31-CC5A-4E2E-BF3B-96E929D65503}(Default) = “&Poszukaj”

Implemented Categories{00021493-0000-0000-C000-000000000046}\ [vertical bar]

InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL” [MS]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\

{2670000A-7350-4F3C-8081-5663EE0C6C49}\

“ButtonText” = “Wyślij do programu OneNote”

“MenuText” = “Wyślij &do programu OneNote”

“CLSIDExtension” = “{48E73304-E1D6-4330-914C-F5F514E3486C}”

-> {HKLM…CLSID} = “Send to OneNote from Internet Explorer button”

\InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll” [MS]

{92780B25-18CC-41C8-B9BE-3C9C571A8263}\

“ButtonText” = “Research”

{D6E814A0-E0C5-11D4-8D29-0050BA6940E3}\

“ButtonText” = “FlashGet”

“MenuText” = “FlashGet”

“Exec” = “C:\Program Files\FlashGet\FlashGet.exe” [“FlashGet.com”]

{FB5F1910-F110-11D2-BB9E-00C04F795683}\

“ButtonText” = “Messenger”

“MenuText” = “Windows Messenger”

“Exec” = “C:\Program Files\Messenger\msmsgs.exe” [MS]

Miscellaneous IE Hijack Points

HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\

<> “{00A6FAF6-072E-44cf-8957-5838F569A31D}” = (no title provided)

-> {HKLM…CLSID} = (no title provided)

\InProcServer32(Default) = “C:\Program Files\MyWebSearch\SrchAstt\5.bin\MWSSRCAS.DLL” [file not found]

Running Services (Display Name, Service Name, Path {Service DLL}):

AdminWorks Agent X6, AWService, ““C:\Acer\Empowering Technology\admServ.exe”” [“Avocent Inc.”]

Avira Premium Security Suite Firewall, AntiVirFirewallService, “C:\Program Files\Avira Premium Security Suite\avfwsvc.exe” [“Avira GmbH”]

Avira Premium Security Suite Guard, AntiVirService, ““C:\Program Files\Avira Premium Security Suite\avguard.exe”” [“Avira GmbH”]

Avira Premium Security Suite MailGuard, AntiVirMailService, ““C:\Program Files\Avira Premium Security Suite\avmailc.exe”” [“Avira GmbH”]

Avira Premium Security Suite MailGuard helper service, AVEService, ““C:\Program Files\Avira Premium Security Suite\avesvc.exe”” [“Avira GmbH”]

Avira Premium Security Suite Scheduler, AntiVirScheduler, ““C:\Program Files\Avira Premium Security Suite\sched.exe”” [“Avira GmbH”]

Bluetooth Support Service, BthServ, “C:\WINDOWS\system32\svchost.exe -k bthsvcs” {“C:\WINDOWS\System32\bthserv.dll” [MS]}

CyberLink Background Capture Service (CBCS), CLCapSvc, ““C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe”” [empty string]

CyberLink Media Library Service, CyberLink Media Library Service, ““C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe”” [“Cyberlink”]

Cyberlink RichVideo Service(CRVS), RichVideo, ““C:\Program Files\CyberLink\Shared Files\RichVideo.exe”” [empty string]

CyberLink Task Scheduler (CTS), CLSched, ““C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe”” [empty string]

LightScribeService Direct Disc Labeling Service, LightScribeService, ““C:\Program Files\Common Files\LightScribe\LSSrvc.exe”” [“Hewlett-Packard Company”]

ServiceLayer, ServiceLayer, ““C:\Program Files\PC Connectivity Solution\ServiceLayer.exe”” [“Nokia.”]

Windows User Mode Driver Framework, UMWdf, “C:\WINDOWS\system32\wdfmgr.exe” [MS]

Print Monitors:

HKLM\System\CurrentControlSet\Control\Print\Monitors\

Fax Lexmark 5400 Series Port\Driver = “lxctpmon.dll” [empty string]

Microsoft Shared Fax Monitor\Driver = “FXSMON.DLL” [MS]

Send To Microsoft OneNote Monitor\Driver = “msonpmon.dll” [MS]

<>: Suspicious data at a malware launch point.

<>: Suspicious data at a browser hijack point.

This report excludes default entries except where indicated.
To see *everywhere* the script checks and *everything* it finds,

launch it from a command prompt or a shortcut with the -all parameter.

To search all directories of local fixed drives for DESKTOP.INI

DLL launch points, use the -supp parameter or answer “No” at the

first message box and “Yes” at the second message box.

---------- (total run time: 74 seconds, including 6 seconds for message boxes)

Gutek · 25 Lipiec 2007 00:54

Daj log z ComboFix

Uwaga: Jak wklejasz loga to obejmuj go znacznikiem (tagiem) CODE lub QUOTE

kolezkayakis · 25 Lipiec 2007 19:48

LOG z COMBOFIX:

“Agnieszka” - 2007-07-25 21:44:29 [GMT 2:00] - ComboFix 07-07-24 - Dodatek Service Pack 2 FAT32 ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\Program Files\FunWebProducts C:\Program Files\FunWebProducts\ScreenSaver\Images\0007639A.urr C:\Program Files\FunWebProducts\Shared\Cache\CursorManiaBtn.html C:\Program Files\FunWebProducts\Shared\Cache\MailStampBtn.html C:\Program Files\FunWebProducts\Shared\Cache\MyStationeryBtn.html C:\Program Files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html ((((((((((((((((((((((((( Files Created from 2007-06-25 to 2007-07-25 ))))))))))))))))))))))))))))))) 2007-07-25 21:43 51,200 --a------ C:\WINDOWS\nircmd.exe 2007-07-24 06:33 786,432 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT 2007-07-24 06:33 2007-07-24 06:33 2007-07-24 06:33 2007-07-24 06:33 2007-07-24 06:33 2007-07-24 06:33 2007-07-24 06:33 2007-07-24 06:33 2007-07-23 23:39 2007-07-22 22:13 2007-07-12 10:30 2007-07-06 18:16 2007-07-06 12:27 2007-07-06 12:25 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcj.sys 2007-07-06 12:25 2007-07-06 12:25 2007-07-06 12:25 2007-07-06 12:25 2007-07-06 12:25 2007-07-06 12:25 2007-07-06 12:25 2007-07-06 12:24 90,624 --a------ C:\WINDOWS\system32\nmwcdcls.dll 2007-07-06 12:24 8,320 --a------ C:\WINDOWS\system32\drivers\nmwcdc.sys 2007-07-06 12:24 65,536 --a------ C:\WINDOWS\system32\nmwcdcocls.dll 2007-07-06 12:24 137,216 --a------ C:\WINDOWS\system32\drivers\nmwcd.sys 2007-07-06 12:24 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcm.sys 2007-07-06 12:24 2007-07-06 12:24 2007-07-06 12:24 2007-06-28 18:23 2007-06-25 17:35 2007-06-25 17:32 (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-07-25 18:19:00 12 ----a-w C:\WINDOWS\bthservsdp.dat 2007-07-25 16:48:00 664 ----a-w C:\WINDOWS\system32\d3d9caps.dat 2007-07-02 20:23:10 69,498 ----a-w C:\WINDOWS\system32\perfc015.dat 2007-07-02 20:23:10 441,404 ----a-w C:\WINDOWS\system32\perfh015.dat 2007-06-23 08:12:26 -------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2 2007-06-22 09:07:06 -------- d-----w C:\Program Files\Microsoft Works 2007-06-22 09:06:54 -------- d-----w C:\Program Files\MSBuild 2007-06-22 09:05:46 -------- d-----w C:\Program Files\Microsoft.NET 2007-06-22 08:59:22 -------- d-----w C:\Program Files\DAEMON Tools 2007-06-22 08:57:06 682,232 ----a-w C:\WINDOWS\system32\drivers\sptd.sys 2007-06-09 04:34:30 -------- d-----w C:\DOCUME~1\AGNIES~1\DANEAP~1\Avira Premium Security Suite 2007-06-08 20:08:02 -------- d-----w C:\Program Files\Common Files\AVSMedia 2007-06-08 20:08:00 -------- d-----w C:\Program Files\AVSMedia 2007-06-08 06:38:54 -------- d-----w C:\Program Files\Avira Premium Security Suite 2007-05-16 15:18:58 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll 2007-04-27 17:46:14 186,152 ----a-w C:\Program Files\sysprm.ppf 2007-04-26 16:23:24 7,839 ----a-w C:\WINDOWS\WinSadEUDEMO Deinstal.dat 2007-04-25 14:23:30 144,896 ----a-w C:\WINDOWS\system32\schannel.dll 2007-01-23 05:09:26 13,030 ----a-w C:\Program Files\PDOXUSRS.NET 2007-01-23 05:09:18 166,454 ----a-w C:\Program Files\Uninst.isu 2005-01-26 08:31:20 41,454 ----a-w C:\Program Files\Author.hlp 2005-01-26 08:31:20 3,262 ----a-w C:\Program Files\otwpc11.ICO 2005-01-26 08:31:20 296,448 ----a-w C:\Program Files\LANG-POL.LCF 2005-01-26 08:31:20 2,693,120 ----a-w C:\Program Files\PC-OTWPC11.EXE ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “BluetoothAuthenticationAgent”=“bthprops.cpl” [2004-08-04 00:44 C:\WINDOWS\system32\bthprops.cpl] “LaunchApp”=“Alaunch” [] “RTHDCPL”=“RTHDCPL.EXE” [2006-06-28 14:54 C:\WINDOWS\RTHDCPL.exe] “SkyTel”=“SkyTel.EXE” [2006-05-16 18:04 C:\WINDOWS\SkyTel.exe] “Alcmtr”=“ALCMTR.EXE” [2005-05-03 18:43 C:\WINDOWS\Alcmtr.exe] “AzMixerSel”=“C:\Program Files\Realtek\InstallShield\AzMixerSel.exe” [2005-12-21 15:02] “SynTPEnh”=“C:\Program Files\Synaptics\SynTP\SynTPEnh.exe” [2006-03-03 13:07] “ntiMUI”=“C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe” [2006-05-15 11:15] “@”="" [] “ADMTray.exe”=“C:\Acer\Empowering Technology\admtray.exe” [2005-10-24 16:45] “eDataSecurity Loader”=“C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe” [2005-12-27 15:50] “PCMService”=“C:\Program Files\Acer\Acer Arcade\PCMService.exe” [2006-08-09 22:29] “ePower_DMC”=“C:\Acer\Empowering Technology\ePower\ePower_DMC.exe” [2006-08-10 19:29] “Acer ePower Management”=“C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe” [2006-05-22 12:54] “LManager”=“C:\PROGRA~1\LAUNCH~1\LManager.exe” [2006-07-20 22:15] “eRecoveryService”=“C:\Acer\Empowering Technology\eRecovery\Monitor.exe” [2006-01-24 18:00] “SpeedTouch USB Diagnostics”=“C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe” [2004-01-26 11:38] “FlashGet”=“C:\Program Files\FlashGet\FlashGet.exe” [2007-01-22 11:51] “WinampAgent”=“C:\Program Files\Winamp\winampa.exe” [2006-11-21 18:38] “Adobe Photo Downloader”=“C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe” [2005-06-06 23:46] “avgnt”=“C:\Program Files\Avira Premium Security Suite\avgnt.exe” [2007-04-02 10:35] “GrooveMonitor”=“C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe” [2006-10-27 00:47] “PCSuiteTrayApplication”=“C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe” [2007-03-23 13:20] “Adobe Reader Speed Launcher”=“C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe” [2007-05-11 03:06] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-04 20:00] “swg”=“C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe” [2007-07-05 20:26] “MSMSGS”=“C:\Program Files\Messenger\msmsgs.exe” [2004-10-13 17:24] “Twoje TVN24”="" [] “DAEMON Tools”=“C:\Program Files\DAEMON Tools\daemon.exe” [2007-04-04 00:29] “Odkurzacz-MCD”=“C:\Program Files\Odkurzacz\odk_mcd.exe” [2007-05-03 10:02] [HKEY_USERS.default\software\microsoft\windows\currentversion\run] “Nokia.PCSync”=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\ Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 20:05:56] R0 agpCPQ;Filtr magistrali AGP Compaq;C:\WINDOWS\system32\DRIVERS\agpCPQ.sys R0 prohlp02;StarForce Protection Helper Driver v2;C:\WINDOWS\system32\drivers\prohlp02.sys R0 prosync1;StarForce Protection Synchronization Driver v1;C:\WINDOWS\system32\drivers\prosync1.sys R0 sfhlp01;StarForce Protection Helper Driver;C:\WINDOWS\system32\drivers\sfhlp01.sys R0 UBHelper;UBHelper;C:\WINDOWS\system32\drivers\UBHelper.sys R1 avfwot;avfwot;??\C:\WINDOWS\system32\drivers\avfwot.sys R1 avgio;avgio;??\C:\Program Files\Avira Premium Security Suite\avgio.sys R1 avipbb;avipbb;C:\WINDOWS\system32\DRIVERS\avipbb.sys R1 OsaFsLoc;OsaFsLoc;??\C:\WINDOWS\system32\drivers\OsaFsLoc.sys R1 prodrv06;StarForce Protection Environment Driver v6;C:\WINDOWS\system32\drivers\prodrv06.sys R1 ssmdrv;ssmdrv;C:\WINDOWS\system32\DRIVERS\ssmdrv.sys R1 WmiAcpi;Interfejs zarzĄdzania Microsoft Windows dla ACPI;C:\WINDOWS\system32\DRIVERS\wmiacpi.sys R2 AntiVirFirewallService;Avira Premium Security Suite Firewall;C:\Program Files\Avira Premium Security Suite\avfwsvc.exe R2 AntiVirMailService;Avira Premium Security Suite MailGuard;“C:\Program Files\Avira Premium Security Suite\avmailc.exe” R2 AVEService;Avira Premium Security Suite MailGuard helper service;“C:\Program Files\Avira Premium Security Suite\avesvc.exe” R2 BthServ;Bluetooth Support Service;C:\WINDOWS\system32\svchost.exe -k bthsvcs R2 int15.sys;int15.sys;??\C:\Acer\Empowering Technology\eRecovery\int15.sys R2 osaio;osaio;??\C:\WINDOWS\system32\drivers\osaio.sys R2 osanbm;osanbm;??\C:\WINDOWS\system32\drivers\osanbm.sys R2 U3sHlpDr;U3sHlpDr;??\C:\WINDOWS\System32\Drivers\U3sHlpDr.sys R3 alcan5wn;SpeedTouch USB ADSL PPP Networking Driver (NDISWAN);C:\WINDOWS\system32\DRIVERS\alcan5wn.sys R3 alcaudsl;SpeedTouch ADSL Modem ATM Transport;C:\WINDOWS\system32\DRIVERS\alcaudsl.sys R3 avfwim;AvFw Packet Filter Miniport;C:\WINDOWS\system32\DRIVERS\avfwim.sys R3 avgntflt;avgntflt;??\C:\Program Files\Avira Premium Security Suite\avgntflt.sys R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver;C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys R3 Cam5603D;Acer OrbiCam;C:\WINDOWS\system32\Drivers\BisonCam.sys R3 DKbFltr;Dritek Keyboard Filter Driver;C:\WINDOWS\system32\DRIVERS\DKbFltr.sys R3 EMSCR;EMSCR;C:\WINDOWS\system32\DRIVERS\EMS7SK.sys R3 ESDCR;ESDCR;C:\WINDOWS\system32\DRIVERS\ESD7SK.sys R3 ESMCR;ESMCR;C:\WINDOWS\system32\DRIVERS\ESM7SK.sys R3 HSF_DPV;HSF_DPV;C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys R3 HSFHWAZL;HSFHWAZL;C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys R3 NdisFilt;OSA NdisFilter Protocol;C:\WINDOWS\system32\Drivers\NdisFilt.sys R3 NTIDrvr;Upper Class Filter Driver;C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys R3 sdbus;sdbus;C:\WINDOWS\system32\DRIVERS\sdbus.sys R3 SynTP;Synaptics TouchPad Driver;C:\WINDOWS\system32\DRIVERS\SynTP.sys R3 usbehci;Sterownik Miniport rozszerzonego kontrolera hosta USB 2.0 Microsoft;C:\WINDOWS\system32\DRIVERS\usbehci.sys R3 usbhub;Koncentrator z obsugĄ USB2;C:\WINDOWS\system32\DRIVERS\usbhub.sys R3 usbuhci;Sterownik Miniport uniwersalnego kontrolera hosta USB Microsoft;C:\WINDOWS\system32\DRIVERS\usbuhci.sys S2 Fax;Fax;C:\WINDOWS\system32\fxssvc.exe S3 BthEnum;Sterownik Bluetooth Request Block;C:\WINDOWS\system32\DRIVERS\BthEnum.sys S3 BthPan;Bluetooth Device (Personal Area Network);C:\WINDOWS\system32\DRIVERS\bthpan.sys S3 BTHPORT;Sterownik portu Bluetooth;C:\WINDOWS\system32\Drivers\BTHport.sys S3 BTHUSB;Sterownik USB odbiornika radiowego Bluetooth;C:\WINDOWS\system32\Drivers\BTHUSB.sys S3 dtscsi;dtscsi;C:\WINDOWS\system32\Drivers\dtscsi.sys S3 HidUsb;Sterownik Microsoft klasy HID;C:\WINDOWS\system32\DRIVERS\hidusb.sys S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service;“C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe” S3 nmwcd;Nokia USB Phone Parent;C:\WINDOWS\system32\drivers\nmwcd.sys S3 nmwcdc;Nokia USB Generic;C:\WINDOWS\system32\drivers\nmwcdc.sys S3 nmwcdcj;Nokia USB Port;C:\WINDOWS\system32\drivers\nmwcdcj.sys S3 nmwcdcm;Nokia USB Modem;C:\WINDOWS\system32\drivers\nmwcdcm.sys S3 odserv;Microsoft Office Diagnostics Service;“C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE” S3 PCAMPR5;PCAMPR5 NDIS Protocol Driver;??\C:\WINDOWS\system32\PCAMPR5.SYS S3 RFCOMM;UrzĄdzenie Bluetooth (Protok˘ TDI RFCOMM);C:\WINDOWS\system32\DRIVERS\rfcomm.sys S3 SONYPVU1;Sterownik filtru USB Sony (SONYPVU1);C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS S3 usbccgp;Rodzajowy sterownik nadrz©dny USB Microsoft;C:\WINDOWS\system32\DRIVERS\usbccgp.sys S3 usbprint;Klasa PRINTER USB Microsoft;C:\WINDOWS\system32\DRIVERS\usbprint.sys S3 usbscan;Sterownik skanera USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS S3 w39n51;Intel® PRO/Wireless 3945ABG Adapter Driver;C:\WINDOWS\system32\DRIVERS\w39n51.sys [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs BthServ [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{e9620b1a-aa8e-11db-a03d-0016d45cb1d5}] AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe *Newly Created Service* - INT15.SYS ************************************************************************** catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-07-25 21:46:13 Windows 5.1.2600 Dodatek Service Pack 2 FAT NTAPI scanning hidden processes … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden files: 0 ************************************************************************** Completion time: 2007-07-25 21:46:55 C:\ComboFix-quarantined-files.txt … 2007-07-25 21:46 — E O F —

Gutek · 25 Lipiec 2007 19:53

Otwórz Notatnik i wklej w nim to:

Plik >>> Zapisz jako >>> Zmień rozszerzenie z TXT na Wszystkie pliki >>> Zapisz pod nazwą FIX.REG >>> kliknij dwa razy na utworzony plik FIX.REG i potwierdź dodanie do rejestru >>> restart.

Skan AVG Anti-Spyware 7.5 po update + raport

kolezkayakis · 25 Lipiec 2007 21:03

raporcik z AVG

--------------------------------------------------------- AVG Anti-Spyware - Scan Report --------------------------------------------------------- + Created at: 23:01:25 2007-07-25 + Scan result: :mozilla.722:C:\Documents and Settings\Agnieszka\Dane aplikacji\Mozilla\Firefox\Profiles\5g4mr9k3.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.725:C:\Documents and Settings\Agnieszka\Dane aplikacji\Mozilla\Firefox\Profiles\5g4mr9k3.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.726:C:\Documents and Settings\Agnieszka\Dane aplikacji\Mozilla\Firefox\Profiles\5g4mr9k3.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.168:C:\Documents and Settings\Agnieszka\Dane aplikacji\Mozilla\Firefox\Profiles\5g4mr9k3.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned. :mozilla.799:C:\Documents and Settings\Agnieszka\Dane aplikacji\Mozilla\Firefox\Profiles\5g4mr9k3.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned. :mozilla.96:C:\Documents and Settings\Agnieszka\Dane aplikacji\Mozilla\Firefox\Profiles\5g4mr9k3.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned. :mozilla.97:C:\Documents and Settings\Agnieszka\Dane aplikacji\Mozilla\Firefox\Profiles\5g4mr9k3.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned. :mozilla.373:C:\Documents and Settings\Agnieszka\Dane aplikacji\Mozilla\Firefox\Profiles\5g4mr9k3.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned. :mozilla.356:C:\Documents and Settings\Agnieszka\Dane aplikacji\Mozilla\Firefox\Profiles\5g4mr9k3.default\cookies.txt -> TrackingCookie.Adtech : Cleaned. :mozilla.357:C:\Documents and Settings\Agnieszka\Dane aplikacji\Mozilla\Firefox\Profiles\5g4mr9k3.default\cookies.txt -> TrackingCookie.Adtech : Cleaned. C:\Documents and Settings\Agnieszka\Cookies\agnieszka@adtech[2].txt -> TrackingCookie.Adtech : Cleaned. :mozilla.367:C:\Documents and Settings\Agnieszka\Dane aplikacji\Mozilla\Firefox\Profiles\5g4mr9k3.default\cookies.txt -> TrackingCookie.Advertising : Cleaned. :mozilla.368:C:\Documents and Settings\Agnieszka\Dane aplikacji\Mozilla\Firefox\Profiles\5g4mr9k3.default\cookies.txt -> TrackingCookie.Advertising : Cleaned. :mozilla.369:C:\Documents and Settings\Agnieszka\Dane aplikacji\Mozilla\Firefox\Profiles\5g4mr9k3.default\cookies.txt -> TrackingCookie.Advertising : Cleaned. :mozilla.370:C:\Documents and Settings\Agnieszka\Dane aplikacji\Mozilla\Firefox\Profiles\5g4mr9k3.default\cookies.txt -> TrackingCookie.Advertising : Cleaned. :mozilla.371:C:\Documents and Settings\Agnieszka\Dane aplikacji\Mozilla\Firefox\Profiles\5g4mr9k3.default\cookies.txt -> TrackingCookie.Advertising : Cleaned. :mozilla.782:C:\Documents and Settings\Agnieszka\Dane aplikacji\Mozilla\Firefox\Profiles\5g4mr9k3.default\cookies.txt -> TrackingCookie.Adviva : Cleaned. :mozilla.60:C:\Documents and Settings\Agnieszka\Dane aplikacji\Mozilla\Firefox\Profiles\5g4mr9k3.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned. :mozilla.900:C:\Documents and Settings\Agnieszka\Dane aplikacji\Mozilla\Firefox\Profiles\5g4mr9k3.default\cookies.txt -> TrackingCookie.Bbmedia : Cleaned. :mozilla.389:C:\Documents and Settings\Agnieszka\Dane aplikacji\Mozilla\Firefox\Profiles\5g4mr9k3.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned. :mozilla.390:C:\Documents and Settings\Agnieszka\Dane aplikacji\Mozilla\Firefox\Profiles\5g4mr9k3.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned. :mozilla.391:C:\Documents and Settings\Agnieszka\Dane aplikacji\Mozilla\Firefox\Profiles\5g4mr9k3.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned. :mozilla.392:C:\Documents and Settings\Agnieszka\Dane aplikacji\Mozilla\Firefox\Profiles\5g4mr9k3.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned. :mozilla.393:C:\Documents and Settings\Agnieszka\Dane aplikacji\Mozilla\Firefox\Profiles\5g4mr9k3.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned. :mozilla.394:C:\Documents and Settings\Agnieszka\Dane aplikacji\Mozilla\Firefox\Profiles\5g4mr9k3.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned. :mozilla.43:C:\Documents and Settings\Agnieszka\Dane aplikacji\Mozilla\Firefox\Profiles\5g4mr9k3.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned. :mozilla.330:C:\Documents and Settings\Agnieszka\Dane aplikacji\Mozilla\Firefox\Profiles\5g4mr9k3.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned. :mozilla.333:C:\Documents and Settings\Agnieszka\Dane aplikacji\Mozilla\Firefox\Profiles\5g4mr9k3.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned. :mozilla.483:C:\Documents and Settings\Agnieszka\Dane aplikacji\Mozilla\Firefox\Profiles\5g4mr9k3.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned. :mozilla.487:C:\Documents and Settings\Agnieszka\Dane aplikacji\Mozilla\Firefox\Profiles\5g4mr9k3.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned. :mozilla.488:C:\Documents and Settings\Agnieszka\Dane aplikacji\Mozilla\Firefox\Profiles\5g4mr9k3.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned. :mozilla.555:C:\Documents and Settings\Agnieszka\Dane aplikacji\Mozilla\Firefox\Profiles\5g4mr9k3.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned. :mozilla.450:C:\Documents and Settings\Agnieszka\Dane aplikacji\Mozilla\Firefox\Profiles\5g4mr9k3.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned. :mozilla.451:C:\Documents and Settings\Agnieszka\Dane aplikacji\Mozilla\Firefox\Profiles\5g4mr9k3.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned. :mozilla.453:C:\Documents and Settings\Agnieszka\Dane aplikacji\Mozilla\Firefox\Profiles\5g4mr9k3.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned. :mozilla.258:C:\Documents and Settings\Agnieszka\Dane aplikacji\Mozilla\Firefox\Profiles\5g4mr9k3.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned. :mozilla.259:C:\Documents and Settings\Agnieszka\Dane aplikacji\Mozilla\Firefox\Profiles\5g4mr9k3.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned. :mozilla.388:C:\Documents and Settings\Agnieszka\Dane aplikacji\Mozilla\Firefox\Profiles\5g4mr9k3.default\cookies.txt -> TrackingCookie.Information : Cleaned. C:\Documents and Settings\Agnieszka\Cookies\agnieszka@search.live[1].txt -> TrackingCookie.Live : Cleaned. :mozilla.673:C:\Documents and Settings\Agnieszka\Dane aplikacji\Mozilla\Firefox\Profiles\5g4mr9k3.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned. :mozilla.674:C:\Documents and Settings\Agnieszka\Dane aplikacji\Mozilla\Firefox\Profiles\5g4mr9k3.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned. C:\Documents and Settings\Agnieszka\Cookies\agnieszka@auto.search.msn[1].txt -> TrackingCookie.Msn : Cleaned. :mozilla.16:C:\Documents and Settings\Agnieszka\Dane aplikacji\Mozilla\Firefox\Profiles\5g4mr9k3.default\cookies.txt -> TrackingCookie.Netflame : Cleaned. :mozilla.17:C:\Documents and Settings\Agnieszka\Dane aplikacji\Mozilla\Firefox\Profiles\5g4mr9k3.default\cookies.txt -> TrackingCookie.Netflame : Cleaned. :mozilla.387:C:\Documents and Settings\Agnieszka\Dane aplikacji\Mozilla\Firefox\Profiles\5g4mr9k3.default\cookies.txt -> TrackingCookie.Revenue : Cleaned. :mozilla.283:C:\Documents and Settings\Agnieszka\Dane aplikacji\Mozilla\Firefox\Profiles\5g4mr9k3.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned. :mozilla.284:C:\Documents and Settings\Agnieszka\Dane aplikacji\Mozilla\Firefox\Profiles\5g4mr9k3.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned. :mozilla.729:C:\Documents and Settings\Agnieszka\Dane aplikacji\Mozilla\Firefox\Profiles\5g4mr9k3.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned. :mozilla.730:C:\Documents and Settings\Agnieszka\Dane aplikacji\Mozilla\Firefox\Profiles\5g4mr9k3.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned. :mozilla.731:C:\Documents and Settings\Agnieszka\Dane aplikacji\Mozilla\Firefox\Profiles\5g4mr9k3.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned. :mozilla.732:C:\Documents and Settings\Agnieszka\Dane aplikacji\Mozilla\Firefox\Profiles\5g4mr9k3.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned. :mozilla.733:C:\Documents and Settings\Agnieszka\Dane aplikacji\Mozilla\Firefox\Profiles\5g4mr9k3.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned. :mozilla.734:C:\Documents and Settings\Agnieszka\Dane aplikacji\Mozilla\Firefox\Profiles\5g4mr9k3.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned. :mozilla.155:C:\Documents and Settings\Agnieszka\Dane aplikacji\Mozilla\Firefox\Profiles\5g4mr9k3.default\cookies.txt -> TrackingCookie.Skype : Cleaned. :mozilla.156:C:\Documents and Settings\Agnieszka\Dane aplikacji\Mozilla\Firefox\Profiles\5g4mr9k3.default\cookies.txt -> TrackingCookie.Skype : Cleaned. :mozilla.375:C:\Documents and Settings\Agnieszka\Dane aplikacji\Mozilla\Firefox\Profiles\5g4mr9k3.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned. :mozilla.376:C:\Documents and Settings\Agnieszka\Dane aplikacji\Mozilla\Firefox\Profiles\5g4mr9k3.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned. :mozilla.377:C:\Documents and Settings\Agnieszka\Dane aplikacji\Mozilla\Firefox\Profiles\5g4mr9k3.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned. :mozilla.378:C:\Documents and Settings\Agnieszka\Dane aplikacji\Mozilla\Firefox\Profiles\5g4mr9k3.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned. :mozilla.379:C:\Documents and Settings\Agnieszka\Dane aplikacji\Mozilla\Firefox\Profiles\5g4mr9k3.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned. :mozilla.36:C:\Documents and Settings\Agnieszka\Dane aplikacji\Mozilla\Firefox\Profiles\5g4mr9k3.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned. :mozilla.39:C:\Documents and Settings\Agnieszka\Dane aplikacji\Mozilla\Firefox\Profiles\5g4mr9k3.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned. :mozilla.40:C:\Documents and Settings\Agnieszka\Dane aplikacji\Mozilla\Firefox\Profiles\5g4mr9k3.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned. :mozilla.41:C:\Documents and Settings\Agnieszka\Dane aplikacji\Mozilla\Firefox\Profiles\5g4mr9k3.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned. :mozilla.42:C:\Documents and Settings\Agnieszka\Dane aplikacji\Mozilla\Firefox\Profiles\5g4mr9k3.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned. C:\Documents and Settings\Agnieszka\Cookies\agnieszka@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Cleaned. :mozilla.184:C:\Documents and Settings\Agnieszka\Dane aplikacji\Mozilla\Firefox\Profiles\5g4mr9k3.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned. :mozilla.185:C:\Documents and Settings\Agnieszka\Dane aplikacji\Mozilla\Firefox\Profiles\5g4mr9k3.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned. :mozilla.186:C:\Documents and Settings\Agnieszka\Dane aplikacji\Mozilla\Firefox\Profiles\5g4mr9k3.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned. ::Report end

qrczak13 · 25 Lipiec 2007 21:10

Jest ok.

Optymalizacja i odchudzanie Windows XP

Czyszczenie rejestru - jv16 PowerTools 2006 1.5.2.350

Poczytaj o zbędnikach w autostarcie.

kolezkayakis · 25 Lipiec 2007 21:12

wspomniany w moim pierwszym poście komunikat już sie nie pojawia, ale system bardzo długo się uruchamia prosił bym o pomoc jeszcze w tej kwestii.

qrczak13 · 25 Lipiec 2007 21:20

Podałem w poprzednim poście. Naciśnij na linki i zastosuj się do porad.

Po wykonaniu komp powinien przyspieszyć.