- Kod: Zaznacz wszystko
ComboFix 08-10-22.05 - ppp 2008-10-23 16:41:36.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.1.1045.18.88 [GMT 2:00]
Uruchomiony z: C:\Documents and Settings\ppp\Moje dokumenty\ComboFix.exe
* Utworzono nowy punkt przywracania
[COLOR=RED][B]UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !![/B][/COLOR]
.
((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\msn.exe
C:\Program Files\iMeshBar
C:\Program Files\iMeshBar\bar\History\search
C:\WINDOWS\hosts
.
((((((((((((((((((((((((( Pliki utworzone od 2008-09-23 do 2008-10-23 )))))))))))))))))))))))))))))))
.
2008-10-23 16:23 . 2008-10-23 16:23 580,096 --a--c--- C:\WINDOWS\system32\dllcache\user32.dll
2008-10-23 16:22 . 2008-10-23 16:22 <DIR> d-------- C:\WINDOWS\ERUNT
2008-10-23 16:21 . 2008-10-23 16:43 <DIR> d--h----- C:\Documents and Settings\Administrator\Ustawienia lokalne
2008-10-23 16:21 . 2005-04-04 17:47 <DIR> d-------- C:\Documents and Settings\Administrator\Ulubione
2008-10-23 16:21 . 2005-04-04 18:21 <DIR> d--h----- C:\Documents and Settings\Administrator\Szablony
2008-10-23 16:21 . 2008-10-23 16:23 <DIR> d-------- C:\Documents and Settings\Administrator\Pulpit
2008-10-23 16:21 . 2005-04-04 17:47 <DIR> d-------- C:\Documents and Settings\Administrator\Moje dokumenty
2008-10-23 16:21 . 2005-04-04 17:47 <DIR> dr------- C:\Documents and Settings\Administrator\Menu Start
2008-10-23 16:21 . 2005-04-04 17:47 <DIR> dr-h----- C:\Documents and Settings\Administrator\Dane aplikacji
2008-10-23 16:21 . 2008-10-23 16:21 <DIR> d-------- C:\Documents and Settings\Administrator
2008-10-23 16:11 . 2008-10-23 16:35 <DIR> d-------- C:\SDFix
2008-10-22 13:45 . 2008-04-14 19:20 219,648 --a------ C:\WINDOWS\system32\uxtheme.backup
2008-10-22 12:29 . 2008-10-22 12:29 <DIR> d-------- C:\WINDOWS\system32\pl-pl
2008-10-22 12:29 . 2008-10-22 12:29 <DIR> d-------- C:\WINDOWS\system32\pl
2008-10-22 12:29 . 2008-10-22 12:29 <DIR> d-------- C:\WINDOWS\system32\bits
2008-10-22 12:29 . 2008-10-22 12:29 <DIR> d-------- C:\WINDOWS\l2schemas
2008-10-22 12:26 . 2008-10-22 12:29 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-10-16 15:27 . 2008-10-22 12:56 2,711 --a------ C:\WINDOWS\imsins.BAK
2008-10-16 14:54 . 2008-09-15 17:27 1,846,656 -----c--- C:\WINDOWS\system32\dllcache\win32k.sys
2008-10-16 14:54 . 2008-09-08 12:41 333,824 -----c--- C:\WINDOWS\system32\dllcache\srv.sys
2008-10-16 14:53 . 2008-08-14 15:26 2,190,464 -----c--- C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2008-10-16 14:53 . 2008-08-14 15:26 2,146,816 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2008-10-16 14:53 . 2008-08-14 15:26 2,067,328 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2008-10-16 14:53 . 2008-08-14 15:26 2,025,472 -----c--- C:\WINDOWS\system32\dllcache\ntkrpamp.exe
2008-10-06 16:16 . 2008-10-06 17:00 <DIR> d-------- C:\Documents and Settings\ppp\Dane aplikacji\Winamp
2008-10-05 14:53 . 2008-10-05 14:53 <DIR> d-------- C:\Documents and Settings\ppp\Dane aplikacji\gtk-2.0
2008-10-05 14:49 . 2008-10-05 14:49 <DIR> d-------- C:\Documents and Settings\ppp\.thumbnails
2008-10-05 14:45 . 2008-10-05 14:57 <DIR> d-------- C:\Documents and Settings\ppp\.gimp-2.6
2008-10-05 14:44 . 2008-10-05 14:44 <DIR> d-------- C:\Program Files\Gimp-2.0
2008-10-05 14:44 . 2008-10-05 14:45 <DIR> d-------- C:\Documents and Settings\ppp\.gegl-0.0
2008-10-01 06:17 . 2004-07-17 22:55 129,045 --------- C:\WINDOWS\system32\drivers\cxthsfs2.cty
2008-09-29 22:07 . 2008-09-29 22:07 96,976 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-09-29 22:07 . 2008-09-29 22:07 87,855 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-09-29 22:06 . 2008-10-23 16:19 2,831,392 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-09-29 22:06 . 2008-10-23 16:36 335,904 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-09-29 22:06 . 2008-10-23 16:19 25,296 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-09-29 22:06 . 2008-10-23 16:36 2,228 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-09-29 19:31 . 2008-09-29 19:31 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-09-29 19:31 . 2008-10-23 16:36 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\Kaspersky Lab
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-22 18:05 --------- d-----w C:\Program Files\eMule
2008-10-14 21:28 --------- d-----w C:\Documents and Settings\ppp\Dane aplikacji\Skype
2008-10-14 04:11 --------- d-----w C:\Program Files\NAPI-PROJEKT
2008-10-06 14:16 --------- d-----w C:\Program Files\Winamp
2008-09-29 20:06 --------- d-----w C:\Program Files\Kaspersky Lab
2008-09-29 19:11 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\Kaspersky Lab Setup Files
2008-09-14 12:58 --------- d-----w C:\Program Files\WordToPDF
2008-09-14 12:57 --------- d-----w C:\Program Files\IrfanView
2008-09-14 12:44 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-14 12:44 --------- d-----w C:\Program Files\Common Files\YDP
2008-09-08 10:41 333,824 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-03-07 11:01 21,144 ----a-w C:\Documents and Settings\ppp\Dane aplikacji\GDIPFONTCACHEV1.DAT
2001-07-15 10:12 98,816 ----a-w C:\Documents and Settings\mso\ucf2000.exe
2001-07-02 10:47 9,994,240 ----a-w C:\Documents and Settings\mso\mso.dll
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2007-11-14 2131392]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Program Files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [2008-07-29 206088]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360]
C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programy\Autostart\
QuickTV.lnk - C:\Program Files\AVERTV2K\QuickTV.exe [2004-11-15 143360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ac3filter"= ac3filter.acm
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Start^Programy^Autostart^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programy\Autostart\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Start^Programy^Autostart^Samsung Internet Keyboard.lnk]
path=C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programy\Autostart\Samsung Internet Keyboard.lnk
backup=C:\WINDOWS\pss\Samsung Internet Keyboard.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^ppp^Menu Start^Programy^Autostart^UD Agent.lnk]
path=C:\Documents and Settings\ppp\Menu Start\Programy\Autostart\UD Agent.lnk
backup=C:\WINDOWS\pss\UD Agent.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^ppp^Menu Start^Programy^Autostart^UniSpiker-2.6.lnk]
path=C:\Documents and Settings\ppp\Menu Start\Programy\Autostart\UniSpiker-2.6.lnk
backup=C:\WINDOWS\pss\UniSpiker-2.6.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2008-04-14 19:21 15360 C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadu-Gadu]
--a------ 2007-11-14 12:54 2131392 C:\Program Files\Gadu-Gadu\gg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2008-04-14 19:21 1695232 C:\Program Files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
-ra--c--- 2001-07-09 12:50 155648 C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2006-03-06 01:26 155648 C:\Program Files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
--a------ 2006-06-12 17:24 19920424 C:\Program Files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2005-11-10 14:03 36975 C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2008-08-04 01:02 36352 C:\Program Files\Winamp\winampa.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"UserAccess"=2 (0x2)
"sp_rssrv"=2 (0x2)
"PavPrSrv"=2 (0x2)
"Microsoft Agent"=2 (0x2)
"AVG Anti-Spyware Guard"=2 (0x2)
"aawservice"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"E:\\Gadu-Gadu\\gg.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\Gadu-Gadu\\gg.exe"=
"C:\\Program Files\\Gadu-Gadu\\ggphone\\ggphone.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\totalcmd\\TOTALCMD.EXE"=
"C:\\Program Files\\NAPI-PROJEKT\\napisy.exe"=
"C:\\Program Files\\SHOUTcast\\sc_serv.exe sc_leet.con.exe"=
"C:\\Program Files\\mIRC\\mirc.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
R0 klbg;Kaspersky Lab Boot Guard Driver;C:\WINDOWS\system32\drivers\klbg.sys [2008-01-29 32784]
R1 ShldDrv;Panda File Shield Driver;C:\WINDOWS\system32\drivers\ShldDrv.sys [2005-08-29 26752]
R2 BT848;AVerMedia, AVerTV WDM Video Capture;C:\WINDOWS\system32\drivers\BT848.sys [2002-05-14 261696]
R2 BTTUNER;AVerMedia, AVerTV WDM TvTuner;C:\WINDOWS\system32\drivers\BTTUNER.sys [2002-05-14 22016]
R2 BTXBAR;AVerMedia, AVerTV WDM Crossbar;C:\WINDOWS\system32\drivers\BTXBAR.sys [2002-05-14 13312]
R2 PavProc;Panda Process Protection Driver;C:\WINDOWS\system32\DRIVERS\PavProc.sys [2004-01-08 163856]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2008-04-30 24592]
S3 ATE_PROCMON;ATE_PROCMON;C:\Program Files\Anti Trojan Elite\ATEPMon.sys [ ]
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2005-08-30 58320]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2005-08-30 8304]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2005-08-30 94000]
.
- - - - USUNIĘTO PUSTE WPISY - - - -
MSConfigStartUp-!AVG Anti-Spyware - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
MSConfigStartUp-180sa - c:\program files\180search assistant\180sa.exe
MSConfigStartUp-Anti Trojan Elite - C:\Program Files\Anti Trojan Elite\TJEnder.exe
MSConfigStartUp-avast! - C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
MSConfigStartUp-avgnt - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
MSConfigStartUp-AVP - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
MSConfigStartUp-BearShare Acceleration Patch - C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programy\BearShare Acceleration Patch\BearShare Acceleration Patch.lnk
MSConfigStartUp-CafeNews - C:\Program Files\MMCafe\CafeNews\CN.exe
MSConfigStartUp-DAEMON Tools - C:\Program Files\DAEMON Tools\daemon.exe
MSConfigStartUp-Dzieńdobry! - C:\Program Files\VSD Software\Dzieńdobry!\dziendobry.exe
MSConfigStartUp-eDonkey2000 - C:\Program Files\eDonkey2000\eDonkey2000.exe
MSConfigStartUp-Expressivo - C:\Program Files\ivo\Expressivo Demo\expressivo.exe
MSConfigStartUp-Free Download Manager - C:\Program Files\Free Download Manager\fdm.exe
MSConfigStartUp-hohohhaha - C:\WINDOWS\system32\drive\calling.com
MSConfigStartUp-IncrediMail - C:\PROGRA~1\INCRED~1\bin\IncMail.exe
MSConfigStartUp-iTunesHelper - C:\Program Files\iTunes\iTunesHelper.exe
MSConfigStartUp-KAVPersonal50 - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kav.exe
MSConfigStartUp-Komunikator - C:\Program Files\Tlen.pl\tlen.exe
MSConfigStartUp-lqnov - c:\windows\lqnov.exe
MSConfigStartUp-MediaGateway - C:\Program Files\MediaGateway\MediaGateway.exe
MSConfigStartUp-msennger - C:\WINDOWS\system32\drive\calling.com
MSConfigStartUp-nod32kui - C:\Program Files\Eset\nod32kui.exe
MSConfigStartUp-Odkurzacz-MCD - C:\Program Files\Odkurzacz\odk_mcd.exe
MSConfigStartUp-P2P Networking - C:\WINDOWS\system32\P2P Networking\P2P Networking.exe
MSConfigStartUp-shhost - C:\Program Files\OutLaster\shhost.exe
MSConfigStartUp-SUPERAntiSpyware - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
MSConfigStartUp-Trickler - c:\program files\audiogalaxy satellite\fsg-ag_3102.exe
MSConfigStartUp-TrojanScanner - C:\Program Files\Trojan Remover\Trjscan.exe
MSConfigStartUp-webHancer Agent - C:\Program Files\webHancer\Programs\whAgent.exe
MSConfigStartUp-webHancer Survey Companion - C:\Program Files\webHancer\Programs\whSurvey.exe
MSConfigStartUp-WhenUSearch - C:\Program Files\WhenUSearch\Search.exe
MSConfigStartUp-WhenUSearchWHSE - C:\Program Files\WhenUSearch\whse.exe
MSConfigStartUp-WinReg - C:\WINDOWS\system32\drive\calling.com
MSConfigStartUp-ztgkjvx - c:\windows\system32\ztgkjvx.exe
MSConfigStartUp-System32 - user32.exe
.
------- Skan uzupełniający -------
.
FireFox -: Profile - C:\Documents and Settings\ppp\Dane aplikacji\Mozilla\Firefox\Profiles\ep619rd8.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - www.onet.pl
FF -: plugin - C:\Documents and Settings\ppp\Ustawienia lokalne\Dane aplikacji\Octoshape\Octoshape Streaming Services\octoprogram-L03-NMS0808050_SUA_900\npoctoshape.dll
FF -: plugin - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\browser\nppdf32.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_06\bin\NPJava11.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_06\bin\NPJava12.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_06\bin\NPJava13.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_06\bin\NPJava14.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_06\bin\NPJava32.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_06\bin\NPJPI150_06.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_06\bin\NPOJI610.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\NPBILLARD8.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npOggX.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-23 16:43:17
Windows 5.1.2600 Dodatek Service Pack 3 NTFS
skanowanie ukrytych procesów ...
skanowanie ukrytych wpisów autostartu ...
skanowanie ukrytych plików ...
skanowanie pomyślnie ukończone
ukryte pliki: 0
**************************************************************************
.
Czas ukończenia: 2008-10-23 16:45:50
ComboFix-quarantined-files.txt 2008-10-23 14:45:47
Przed: 2,030,845,952 bajtów wolnych
Po: 2,118,639,616 bajtów wolnych
229 --- E O F --- 2008-10-23 12:50:22
- Kod: Zaznacz wszystko
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:49:19, on 2008-10-23
Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\AVERTV2K\QuickTV.exe
C:\Documents and Settings\ppp\Moje dokumenty\HiJackThis.exe
C:\WINDOWS\system32\wuauclt.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: QuickTV.lnk = C:\Program Files\AVERTV2K\QuickTV.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Statystyki ochrony WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:\Program Files\IrfanView\Ebay\Ebay.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.pl/resources/virusscanner/kavwebscan_unicode.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {3D8700FB-86A4-4CB4-B738-6F0FC016AC7D} - http://arcaonline.arcabit.com/ArcaOnline.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://www.modgik.lodz.pl/Mapa/mgaxctrl.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} - http://www.mks.com.pl/skaner/SkanerOnline.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {E23FABEE-12E3-33DA-DA12-195DAC123984} (GameDesire Mahjong) - http://67.15.101.3/g_bin/pl/mahjong_2_0_0_20.cab
O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} - http://skaner.mks.com.pl/SkanerOnline.cab
O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} - http://bok.plusgsm.pl/rnt/rnl/java/RntX.cab
O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool 8) - http://67.15.101.3/g_bin/pl/billard8_2_0_0_24.cab
O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C5} (GameDesire Snooker) - http://67.15.101.3/g_bin/pl/snooker_2_0_0_24.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5ECECB0F-5246-446E-A7B2-EB6AF574CC91}: NameServer = 217.30.129.149,217.30.137.200
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O24 - Desktop Component 0: (no name) - http://www.wshe.lodz.pl/fotopatio.jpg
--
End of file - 6460 bytes
Prawdopodobnie po zainstalowaniu SP3 pojawił się błąd explorer.exe. Pojawia się tuż po uruchomieniu komputera. Po wciśnięciu opcji nie wysyłaj znikają wszystkie ikony oraz pasek zadań. Zdarza się także że bez pojawienia się raportu o błędzie znikają ikony i pasek zadań.
