Log problem z bezczynnością programów

[pythoonsss]

Mam problem ze zbyt często pojawiającym mi się "brak odpowiedzi" jakoś tak pare razy w ciągu godziny, skończyl mi się norton i podejrzewam, że mam jakieś świństwo. Bardzo proszę o pomoc.
log z dss

Kod: Zaznacz wszystko

Deckard's System Scanner v20071014.68
Run by Rose on 2008-08-16 15:01:44
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Rose.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:02:32, on 2008-08-16
Platform: Windows Vista  (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16711)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\ASUS\GamerOSD\GamerOSD.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\WTClient.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\DAP\DAP.EXE
C:\Windows\system32\conime.exe
C:\Windows\system32\cmd.exe
C:\327882R2FWJFW\handle.cfexe
C:\327882R2FWJFW\sed.cfexe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Rose\Downloads\harry potter i czara ognia\dss.exe
C:\Windows\system32\DllHost.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Rose.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O1 - Hosts: ::1 localhost
O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Pomocnik rejestracji usługi Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [AsusStartupHelp] C:\Program Files\ASUS\AASP\1.00.24\AsRunHelp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [ASUSGamerOSD] C:\Program Files\ASUS\GamerOSD\GamerOSD.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AdVantage Setup] C:\Program Files\DAEMON Tools\AdVantageSetup.exe
O4 - HKLM\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALuNotify.exe
O4 - HKLM\..\Run: [WTClient] WTClient.exe
O4 - HKLM\..\Run: [Corel Painter Essentials 21a] C:\Program Files\Corel\Corel Painter Essentials 2\registration.exe /title="Corel Painter Essentials 2" /date=082008 serial=PE02CBX-0000003-NMD lang=EN
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'USŁUGA SIECIOWA')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O13 - Gopher Prefix:
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: ATK Fast User Switch Service (ATKFUSService) - ASUSTeK COMPUTER INC. - C:\Windows\system32\ATKFUSService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Harmonogram automatycznej usługi LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: WinTab Service (WinTabService) - Tablet Driver - C:\Windows\System32\Drivers\WTSRV.EXE

--
End of file - 9987 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 sfsync04 (StarForce Protection Synchronization Driver (version 4.x)) - c:\windows\system32\drivers\sfsync04.sys <Not Verified; Protection Technology; StarForce Protection System>
R1 EIO - c:\windows\system32\drivers\eio.sys <Not Verified; ASUSTeK Computer Inc.; ASUS Kernel Mode Driver for NT>
R3 atkdisplf (ASUS Kernel Mode Enhanced Driver) - c:\windows\system32\drivers\atkdisplowfilter.sys <Not Verified; ASUSTeK Computer Inc.; ASUSTeK Display Lower Filter>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Bonjour Service (##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##) - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Computer, Inc.; Bonjour>
R2 WinTabService (WinTab Service) - "c:\windows\system32\drivers\wtsrv.exe" <Not Verified; Tablet Driver; Tablet Driver for Win2000/XP/Vista>

S2 ATKFUSService (ATK Fast User Switch Service) - c:\windows\system32\atkfusservice.exe <Not Verified; ASUSTeK COMPUTER INC.; ASUS Fast User Switch Service>
S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>
S3 NBService - c:\program files\nero\nero 7\nero backitup\nbservice.exe


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-08-16 14:59:59       414 --ah----- C:\Windows\Tasks\User_Feed_Synchronization-{306E418C-21E4-492D-855E-2C96B99B901C}.job
2008-08-16 14:30:24       414 --ah----- C:\Windows\Tasks\User_Feed_Synchronization-{C8EA30E9-2FC8-4317-82F7-BBF62C760E42}.job
2008-08-15 19:59:59       518 --a------ C:\Windows\Tasks\Norton Internet Security - Uruchom pełne skanowanie systemu - jan.job


-- Files created between 2008-07-16 and 2008-08-16 -----------------------------

2008-08-16 14:58:12         0 d-------- C:\327882R2FWJFW
2008-08-16 11:48:44         0 d-------- C:\Program Files\Electronic Arts
2008-08-15 22:39:35         0 d-------- C:\Program Files\AC3Filter
2008-08-15 22:29:15         0 d-------- C:\Program Files\NAPI-PROJEKT
2008-08-15 22:29:12         0 d-------- C:\Program Files\ALLPlayer
2008-08-15 21:40:20         0 d-------- C:\Users\All Users\Real
2008-08-15 21:40:20         0 d-------- C:\Program Files\Real Alternative
2008-08-15 21:38:28         0 d-------- C:\Program Files\SpeedOptimizer
2008-08-15 21:38:28         0 d-------- C:\Program Files\AskSBar
2008-08-15 21:05:17         0 d-a------ C:\Users\All Users\TEMP
2008-08-15 21:05:14         0 d-------- C:\Users\All Users\SpeedBit
2008-08-15 21:05:12     50688 --a------ C:\Windows\system32\wbhelp2.dll <Not Verified; Stardock.Net, Inc; WindowBlinds for Win32 x86 machines>
2008-08-15 21:05:11         0 d-------- C:\Program Files\DAP
2008-08-10 22:15:20         0 d-------- C:\Program Files\Lavalys
2008-08-09 23:59:02         0 d-------- C:\Program Files\Trend Micro
2008-08-06 09:13:10         0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-08-05 23:48:55         0 d-------- C:\Program Files\Artweaver 0.5
2008-08-05 23:48:00         0 d-------- C:\Program Files\3D Canvas 7
2008-08-05 23:42:52        45 ---h----- C:\Windows\dsez3734.dat
2008-08-05 23:35:45         0 d-------- C:\Program Files\PhotoFiltre Studio
2008-08-05 19:14:28         0 d-------- C:\Users\All Users\FLEXnet
2008-08-05 18:43:32         0 d-------- C:\Program Files\Bonjour
2008-08-05 18:42:50         0 d-------- C:\Windows\PCHEALTH
2008-08-05 18:38:43         0 d-------- C:\Program Files\Common Files\Macrovision Shared
2008-08-05 18:33:13         0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-08-05 18:33:08         0 d-------- C:\Program Files\Windows Live
2008-08-05 18:32:46         0 d-------- C:\Users\All Users\WLInstaller
2008-08-05 18:26:53         0 d-------- C:\Program Files\PENSUITEPRO
2008-08-05 17:36:51         0 d-------- C:\Program Files\Corel
2008-08-05 17:19:44         0 d-------- C:\Program Files\TABLET
2008-08-05 17:09:53         0 d-------- C:\Users\All Users\AppData


-- Find3M Report ---------------------------------------------------------------

2008-08-16 11:00:58    535330 --a------ C:\Windows\system32\perfh015.dat
2008-08-16 11:00:58     86210 --a------ C:\Windows\system32\perfc015.dat
2008-08-15 22:22:51         0 d-------- C:\Users\Rose\AppData\Roaming\Winamp
2008-08-15 22:20:12         0 d-------- C:\Program Files\Winamp
2008-08-15 21:40:55         0 d-------- C:\Users\Rose\AppData\Roaming\Media Player Classic
2008-08-15 21:40:20         0 d-------- C:\Users\Rose\AppData\Roaming\Real
2008-08-15 21:38:58         0 d-------- C:\Users\Rose\AppData\Roaming\SpeedBit
2008-08-14 09:46:45         0 d-------- C:\Program Files\Windows Mail
2008-08-11 14:12:29         0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-08-08 13:37:44         0 d-------- C:\Users\Rose\AppData\Roaming\AdobeUM
2008-08-05 23:49:17         0 d-------- C:\Users\Rose\AppData\Roaming\Artweaver
2008-08-05 23:26:12         0 d-------- C:\Users\Rose\AppData\Roaming\Adobe
2008-08-05 23:22:49         0 d-------- C:\Users\Rose\AppData\Roaming\WinRAR
2008-08-05 19:06:14         0 d-------- C:\Program Files\Common Files\Adobe
2008-08-05 18:38:43         0 d-------- C:\Program Files\Common Files
2008-08-05 17:11:40         0 d-------- C:\Users\Rose\AppData\Roaming\Macromedia
2008-08-04 19:31:54       174 --ahs---- C:\Program Files\desktop.ini
2008-08-04 19:26:59         0 d-------- C:\Program Files\Windows Sidebar
2008-07-07 19:18:30         0 d-------- C:\Program Files\Norton Internet Security


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]
2008-08-15 21:38   66912   --a------   C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]
2008-08-15 21:38   262144   --a------   C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL [2008-08-15 21:38 262144]

[-HKEY_CLASSES_ROOT\CLSID\{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-08-16 10:08]
"AsusStartupHelp"="C:\Program Files\ASUS\AASP\1.00.24\AsRunHelp.exe" [2006-12-29 10:54]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-09 18:53]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-10-25 01:08]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2006-10-27 02:18]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-08-04 01:02]
"ASUSGamerOSD"="C:\Program Files\ASUS\GamerOSD\GamerOSD.exe" [2007-07-23 12:48]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 15:34]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-07-06 20:15]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-07-06 20:15]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-07-06 20:15]
"AdVantage Setup"="C:\Program Files\DAEMON Tools\AdVantageSetup.exe" [2007-08-13 15:53]
"ALUAlert"="C:\Program Files\Symantec\LiveUpdate\ALuNotify.exe" [2006-11-24 14:03]
"WTClient"="WTClient.exe" [2007-04-11 18:27 C:\Windows\System32\WTClient.exe]
"Corel Painter Essentials 21a"="C:\Program Files\Corel\Corel Painter Essentials 2\registration.exe" [2004-03-18 14:38]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 17:38]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-08-04 19:04]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 14:35]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 13:49]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2007-07-09 09:39]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 14:36]
"DownloadAccelerator"="C:\Program Files\DAP\DAP.exe" [2008-08-15 21:05]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 07:05:26]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"disableregistrytools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted   hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum

*Newly Created Service* - COMHOST

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- End of Deckard's System Scanner: finished at 2008-08-16 15:03:45 ------------



log z hi jack this

Kod: Zaznacz wszystko

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:02:32, on 2008-08-16
Platform: Windows Vista  (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16711)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\ASUS\GamerOSD\GamerOSD.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\WTClient.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\DAP\DAP.EXE
C:\Windows\system32\conime.exe
C:\Windows\system32\cmd.exe
C:\327882R2FWJFW\handle.cfexe
C:\327882R2FWJFW\sed.cfexe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Rose\Downloads\harry potter i czara ognia\dss.exe
C:\Windows\system32\DllHost.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Rose.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O1 - Hosts: ::1 localhost
O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Pomocnik rejestracji usługi Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [AsusStartupHelp] C:\Program Files\ASUS\AASP\1.00.24\AsRunHelp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [ASUSGamerOSD] C:\Program Files\ASUS\GamerOSD\GamerOSD.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AdVantage Setup] C:\Program Files\DAEMON Tools\AdVantageSetup.exe
O4 - HKLM\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALuNotify.exe
O4 - HKLM\..\Run: [WTClient] WTClient.exe
O4 - HKLM\..\Run: [Corel Painter Essentials 21a] C:\Program Files\Corel\Corel Painter Essentials 2\registration.exe /title="Corel Painter Essentials 2" /date=082008 serial=PE02CBX-0000003-NMD lang=EN
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'USŁUGA SIECIOWA')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O13 - Gopher Prefix:
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: ATK Fast User Switch Service (ATKFUSService) - ASUSTeK COMPUTER INC. - C:\Windows\system32\ATKFUSService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Harmonogram automatycznej usługi LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: WinTab Service (WinTabService) - Tablet Driver - C:\Windows\System32\Drivers\WTSRV.EXE

--
End of file - 9987 bytes


[wojtas]

Wykonaj to co jest podane w tym temacie

Zastosuj SDFix . Po pobraniu uruchom go a rozpakuje się do C:\SDFix. Uruchom komputer w trybie awaryjnym (F8 przy stracie systemu). Będąc w awaryjnym uruchom plik RunThis.bat z folderu SDFixa. Zatwierdź czyszczenie przez Y. Poczekaj aż ukończy i komputer zresetuje

Potem wejdz do folderu C:\SDFix wrzuc zawartość pliku Report.txt + log z combofixa oraz daj loga z hijacka

Autor postu otrzymał pochwałę

[pythoonsss]

z tego tematu nie udało mi się nic wykonać niestety nie wiem jak ale nie udało natomiast gdy zainstalowałam sdfixa to gdy w awaryjnym uruchamialam to pojawialo mi sie to czarne okinko na ułamki sekund i znikało czekałam parę razy troche dłużej a nuż coś się stanie odpali niestety nic sie nie zrobiło...

[wojtas]

ok to sprobuj combofixa dac ) oraz skasuj wpisy + pogrubiony folder do kosza

R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL

[pythoonsss]

udało mi się usunąć tylko to R3... ten pogrubiony folder nie chce się usunąć, gdy probuję to po wielokrotnych zapytaniach (źle skonfugurowana vista chyba, że tak mnie męczy) mówi mi, że nie mam
uprawnień ( robię to z administratora oczywiście )
combofix:

Kod: Zaznacz wszystko

ComboFix 08-08-15.04 - Rose 2008-08-16 17:01:29.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium   6.0.6000.0.1250.1.1045.18.1307 [GMT 2:00]
Running from: C:\Users\Rose\Downloads\harry potter i czara ognia\ComboFix.exe
.

(((((((((((((((((((((((((   Files Created from 2008-07-16 to 2008-08-16 

)))))))))))))))))))))))))))))))
.

No new files created in this timespan

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   

))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-16 15:14   ---------   d---a-w   C:\ProgramData\TEMP
2008-08-16 14:27   ---------   d-----w   C:\Users\Rose\AppData\Roaming\OpenOfficeT72
2008-08-16 12:37   ---------   d-----w   C:\Users\jan\AppData\Roaming\OpenOfficeT72
2008-08-16 09:48   ---------   d-----w   C:\Program Files\Electronic Arts
2008-08-15 20:39   ---------   d-----w   C:\Program Files\AC3Filter
2008-08-15 20:29   ---------   d-----w   C:\Program Files\NAPI-PROJEKT
2008-08-15 20:29   ---------   d-----w   C:\Program Files\ALLPlayer
2008-08-15 20:22   ---------   d-----w   C:\Users\Rose\AppData\Roaming\Winamp
2008-08-15 20:20   ---------   d-----w   C:\Program Files\Winamp
2008-08-15 19:40   ---------   d-----w   C:\Users\Rose\AppData\Roaming\Media Player Classic
2008-08-15 19:40   ---------   d-----w   C:\Program Files\Real Alternative
2008-08-15 19:39   ---------   d-----w   C:\ProgramData\SpeedBit
2008-08-15 19:38   ---------   d-----w   C:\Users\Rose\AppData\Roaming\SpeedBit
2008-08-15 19:38   ---------   d-----w   C:\Program Files\SpeedOptimizer
2008-08-15 19:38   ---------   d-----w   C:\Program Files\AskSBar
2008-08-15 19:06   ---------   d-----w   C:\Program Files\DAP
2008-08-15 19:05   50,688   ----a-w   C:\Windows\System32\wbhelp2.dll
2008-08-14 19:05   ---------   d-----w   C:\ProgramData\Symantec
2008-08-14 07:46   ---------   d-----w   C:\Program Files\Windows Mail
2008-08-11 12:12   ---------   d-----w   C:\Program Files\Common Files\Symantec Shared
2008-08-10 20:15   ---------   d-----w   C:\Program Files\Lavalys
2008-08-09 21:59   ---------   d-----w   C:\Program Files\Trend Micro
2008-08-08 11:37   ---------   d-----w   C:\Users\Rose\AppData\Roaming\AdobeUM
2008-08-06 22:19   ---------   d-----w   C:\Users\jan\AppData\Roaming\Artweaver
2008-08-06 07:13   ---------   d-----w   C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-08-05 21:49   ---------   d-----w   C:\Users\Rose\AppData\Roaming\Artweaver
2008-08-05 21:49   ---------   d-----w   C:\Program Files\Artweaver 0.5
2008-08-05 21:48   ---------   d-----w   C:\Program Files\3D Canvas 7
2008-08-05 21:43   ---------   d-----w   C:\Program Files\PhotoFiltre Studio
2008-08-05 17:14   ---------   d-----w   C:\ProgramData\FLEXnet
2008-08-05 17:06   ---------   d-----w   C:\Program Files\Common Files\Adobe
2008-08-05 16:43   ---------   d-----w   C:\Program Files\Bonjour
2008-08-05 16:42   ---------   dcsh--w   C:\Program Files\Common Files\WindowsLiveInstaller
2008-08-05 16:42   ---------   d-----w   C:\Program Files\Windows Live
2008-08-05 16:38   ---------   d-----w   C:\Program Files\Common Files\Macrovision Shared
2008-08-05 16:32   ---------   d-----w   C:\ProgramData\WLInstaller
2008-08-05 16:26   ---------   d-----w   C:\Program Files\PENSUITEPRO
2008-08-05 15:36   ---------   d-----w   C:\Program Files\Corel
2008-08-05 15:20   ---------   d-----w   C:\Program Files\TABLET
2008-08-05 15:09   ---------   d-----w   C:\ProgramData\AppData
2008-08-04 17:35   428,032   ----a-w   C:\Windows\System32\EncDec.dll
2008-08-04 17:35   292,352   ----a-w   C:\Windows\System32\psisdecd.dll
2008-08-04 17:35   1,244,672   ----a-w   C:\Windows\System32\mcmde.dll
2008-08-04 17:31   174   --sha-w   C:\Program Files\desktop.ini
2008-08-04 17:26   ---------   d-----w   C:\Program Files\Windows Sidebar
2008-08-04 17:08   194,560   ----a-w   C:\Windows\System32\WebClnt.dll
2008-08-04 17:08   110,080   ----a-w   C:\Windows\system32\drivers\mrxdav.sys
2008-08-04 17:07   45,112   ----a-w   C:\Windows\system32\drivers\pciidex.sys
2008-08-04 17:07   41,984   ----a-w   C:\Windows\system32\drivers\monitor.sys
2008-08-04 17:07   3,504,696   ----a-w   C:\Windows\System32\ntkrnlpa.exe
2008-08-04 17:07   3,470,392   ----a-w   C:\Windows\System32\ntoskrnl.exe
2008-08-04 17:07   211,000   ----a-w   C:\Windows\system32\drivers\volsnap.sys
2008-08-04 17:07   21,560   ----a-w   C:\Windows\system32\drivers\atapi.sys
2008-08-04 17:07   20,024   ----a-w   C:\Windows\system32\drivers\viaide.sys
2008-08-04 17:07   154,624   ----a-w   C:\Windows\system32\drivers\nwifi.sys
2008-08-04 17:07   109,624   ----a-w   C:\Windows\system32\drivers\ataport.sys
2008-08-04 17:07   1,060,920   ----a-w   C:\Windows\system32\drivers\ntfs.sys
2008-08-04 17:06   803,328   ----a-w   C:\Windows\system32\drivers\tcpip.sys
2008-08-04 17:06   24,064   ----a-w   C:\Windows\System32\netcfg.exe
2008-08-04 17:06   22,016   ----a-w   C:\Windows\System32\netiougc.exe
2008-08-04 17:06   216,632   ----a-w   C:\Windows\system32\drivers\netio.sys
2008-08-04 17:06   167,424   ----a-w   C:\Windows\System32\tcpipcfg.dll
2008-08-04 17:06   1,585,664   ----a-w   C:\Windows\System32\setupapi.dll
2008-08-04 17:04   9,728   ----a-w   C:\Windows\System32\LAPRXY.DLL
2008-08-04 17:04   296,448   ----a-w   C:\Windows\System32\gdi32.dll
2008-08-04 17:04   223,232   ----a-w   C:\Windows\System32\WMASF.DLL
2008-08-04 17:04   2,048   ----a-w   C:\Windows\System32\asferror.dll
2008-08-04 17:04   14,848   ----a-w   C:\Windows\System32\wshrm.dll
2008-08-04 17:04   113,664   ----a-w   C:\Windows\system32\drivers\rmcast.sys
2008-08-04 17:04   11,776   ----a-w   C:\Windows\System32\sbunattend.exe
2008-08-04 17:03   83,968   ----a-w   C:\Windows\System32\dnsrslvr.dll
2008-08-04 17:03   537,600   ----a-w   C:\Windows\AppPatch\AcLayers.dll
2008-08-04 17:03   449,536   ----a-w   C:\Windows\AppPatch\AcSpecfc.dll
2008-08-04 17:03   4,247,552   ----a-w   C:\Windows\System32\GameUXLegacyGDFs.dll
2008-08-04 17:03   24,576   ----a-w   C:\Windows\System32\dnscacheugc.exe
2008-08-04 17:03   2,560   ----a-w   C:\Windows\AppPatch\AcRes.dll
2008-08-04 17:03   2,144,256   ----a-w   C:\Windows\AppPatch\AcGenral.dll
2008-08-04 17:03   173,056   ----a-w   C:\Windows\AppPatch\AcXtrnal.dll
2008-08-04 17:03   1,686,528   ----a-w   C:\Windows\System32\gameux.dll
2008-08-04 17:02   84,992   ----a-w   C:\Windows\system32\drivers\srvnet.sys
2008-08-04 17:02   58,368   ----a-w   C:\Windows\system32\drivers\mrxsmb20.sys
2008-08-04 17:02   130,048   ----a-w   C:\Windows\system32\drivers\srv2.sys
2008-08-04 17:02   101,888   ----a-w   C:\Windows\system32\drivers\mrxsmb.sys
2008-08-04 17:02   1,327,104   ----a-w   C:\Windows\System32\quartz.dll
2008-07-15 23:48   2,048   ----a-w   C:\Windows\System32\tzres.dll
2008-07-07 17:18   ---------   d-----w   C:\Program Files\Norton Internet Security
2008-06-27 03:54   826,368   ----a-w   C:\Windows\System32\wininet.dll
2008-06-27 03:54   56,320   ----a-w   C:\Windows\System32\iesetup.dll
2008-06-27 03:54   52,736   ----a-w   C:\Windows\AppPatch\iebrshim.dll
2008-06-27 03:54   26,624   ----a-w   C:\Windows\System32\ieUnatt.exe
2008-06-19 03:25   61,440   ----a-w   C:\Windows\System32\winipsec.dll
2008-06-19 03:25   361,984   ----a-w   C:\Windows\System32\IPSECSVC.DLL
2008-06-19 03:25   28,672   ----a-w   C:\Windows\System32\FwRemoteSvr.dll
2008-06-19 03:25   272,896   ----a-w   C:\Windows\System32\polstore.dll
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   

))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2}"= "C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL"

[2008-08-15 21:38 66912]

[HKEY_CLASSES_ROOT\clsid\{0579b4b6-0293-4d73-b02d-5ebb0ba0f0a2}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]
2008-08-15 21:38   66912   --a------   C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-08-04 19:04 1232896]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 14:35 125440]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common

Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 13:49 153136]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2007-07-09 09:39 2119104]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 14:36 201728]
"DownloadAccelerator"="C:\Program Files\DAP\DAP.EXE" [2008-08-15 21:05 3065344]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AsusStartupHelp"="C:\Program Files\ASUS\AASP\1.00.24\AsRunHelp.exe" [2006-12-29 10:54 363008]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-09 18:53 153136]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-10-25 01:08 107112]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2006-10-27 02:18 22696]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-08-04 01:02 36352]
"ASUSGamerOSD"="C:\Program Files\ASUS\GamerOSD\GamerOSD.exe" [2007-07-23 12:48 380928]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 15:34 868352]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-07-06 20:15 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-07-06 20:15 8466432]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-07-06 20:15 81920]
"AdVantage Setup"="C:\Program Files\DAEMON Tools\AdVantageSetup.exe" [2007-08-13 15:53 120832]
"ALUAlert"="C:\Program Files\Symantec\LiveUpdate\ALuNotify.exe" [2006-11-24 14:03 112320]
"Corel Painter Essentials 21a"="C:\Program Files\Corel\Corel Painter Essentials 2\registration.exe"

[2004-03-18 14:38 733184]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-

2F227FCA9A08}\PIFSvc.exe" [2008-01-29 17:38 583048]
"WTClient"="WTClient.exe" [2007-04-11 18:27 40960 C:\Windows\System32\WTClient.exe]

C:\Users\jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOfficeT7 2.3.lnk - C:\Program Files\OpenOfficeT7 2.3\program\quickstart.exe [2007-09-20 14:51:54

393216]

C:\Users\Rose\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOfficeT7 2.3.lnk - C:\Program Files\OpenOfficeT7 2.3\program\quickstart.exe [2007-09-20 14:51:54

393216]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24

07:05:26 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ac3filter"= ac3filter.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{6B61E432-9237-43B1-A9D3-B1508F544D1F}"= UDP:C:\Program Files\EA GAMES\The Sims 2\TSBin\Sims2.exe:The

Sims 2
"{43238D00-CF11-4BD5-9BE6-704FC82A8C1A}"= TCP:C:\Program Files\EA GAMES\The Sims 2\TSBin\Sims2.exe:The

Sims 2
"{CD25A274-8C7F-4940-8A5B-217F11567040}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows

Live Messenger (Phone)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R0 videX32;videX32;C:\Windows\system32\DRIVERS\videX32.sys [2006-10-17 14:22]
R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1

\SymcData\idsdefs\20061025.029\IDSvix86.sys [2006-10-20 06:10]
R2 TabletInputService;Usługa wprowadzania na komputerze typu Tablet;C:\Windows\System32\svchost.exe

[2006-11-02 11:45]
R3 asusgsb;ASUS Virtual Video Capture Device Driver;C:\Windows\system32\drivers\asusgsb.sys [2007-07-

23 12:48]
R3 atkdisplf;ASUS Kernel Mode Enhanced Driver;C:\Windows\system32\drivers\ATKDispLowFilter.sys [2007-

07-23 13:01]
R3 PTSimBus;PenTablet Bus Enumerator;C:\Windows\system32\DRIVERS\PTSimBus.sys [2007-06-07 19:16]
R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2006-10-24 15:40]
S2 ATKFUSService;ATK Fast User Switch Service;C:\Windows\system32\ATKFUSService.exe [2007-07-23 12:48]
S3 PTSimHid;PenTablet Simulated HID MiniDriver;C:\Windows\system32\DRIVERS\PTSimHid.sys [2007-04-23

17:28]

*Newly Created Service* - CATCHME
*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder

2008-08-15 C:\Windows\Tasks\Norton Internet Security - Uruchom pełne skanowanie systemu - jan.job
- C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exe [2006-11-07 19:48]

2008-08-16 C:\Windows\Tasks\User_Feed_Synchronization-{306E418C-21E4-492D-855E-2C96B99B901C}.job
- C:\Windows\system32\msfeedssync.exe [2006-11-02 11:45]

2008-08-16 C:\Windows\Tasks\User_Feed_Synchronization-{C8EA30E9-2FC8-4317-82F7-BBF62C760E42}.job
- C:\Windows\system32\msfeedssync.exe [2006-11-02 11:45]
.
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://google.pl/
O8 -: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 -: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 -: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O18 -: Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - C:\PROGRA~1

\DAP\dapie.dll
O18 -: Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - C:\PROGRA~1

\DAP\dapie.dll


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-16 17:18:57
Windows 6.0.6000  NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-08-16 17:20:25
ComboFix-quarantined-files.txt  2008-08-16 15:20:08

Pre-Run: System nie może znaleźć komunikatu dla numeru komunikatu 0x2379 w pliku komunikatów dla

Application.
Post-Run: 207,755,386,880 bajtów wolnych

212   --- E O F ---   2008-08-14 07:49:43


[wojtas]

Otworz notatnik i wklej w nim to:

Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2}"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdVantage Setup"=-
[-HKEY_CLASSES_ROOT\clsid\{0579b4b6-0293-4d73-b02d-5ebb0ba0f0a2}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]

Folder::
C:\Program Files\AskSBar

>>Plik>>Zapisz jako... >>> CFScript
Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe
-->
Ma się rozpocząć usuwanie. (i powstanie log).Daj ten log, który powstanie w trakcie usuwania.

[pythoonsss]

mam nadzieje że dobrze zrobiłam

Kod: Zaznacz wszystko

ComboFix 08-08-15.04 - Rose 2008-08-17 15:28:24.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium   6.0.6000.0.1250.1.1045.18.1399 [GMT 2:00]
Running from: C:\Users\Rose\Downloads\harry potter i czara ognia\ComboFix.exe
Command switches used :: C:\Users\Rose\Desktop\CFScript.txt
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\AskSBar
C:\Program Files\AskSBar\bar\1.bin\A2FFXTBR.JAR
C:\Program Files\AskSBar\bar\1.bin\A2FFXTBR.MANIFEST
C:\Program Files\AskSBar\bar\1.bin\A2HIGHIN.EXE
C:\Program Files\AskSBar\bar\1.bin\A2NTSTBR.JAR
C:\Program Files\AskSBar\bar\1.bin\A2NTSTBR.MANIFEST
C:\Program Files\AskSBar\bar\1.bin\A2PLUGIN.DLL
C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
C:\Program Files\AskSBar\bar\1.bin\NPASKSBR.DLL
C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL

.
(((((((((((((((((((((((((   Files Created from 2008-07-17 to 2008-08-17  )))))))))))))))))))))))))))))))
.

No new files created in this timespan

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-17 13:16   ---------   d---a-w   C:\ProgramData\TEMP
2008-08-17 13:16   ---------   d-----w   C:\Users\Rose\AppData\Roaming\OpenOfficeT72
2008-08-17 02:01   ---------   d-----w   C:\Users\jan\AppData\Roaming\OpenOfficeT72
2008-08-16 15:32   ---------   d-----w   C:\ProgramData\SpeedBit
2008-08-16 09:48   ---------   d-----w   C:\Program Files\Electronic Arts
2008-08-15 20:39   ---------   d-----w   C:\Program Files\AC3Filter
2008-08-15 20:29   ---------   d-----w   C:\Program Files\NAPI-PROJEKT
2008-08-15 20:29   ---------   d-----w   C:\Program Files\ALLPlayer
2008-08-15 20:22   ---------   d-----w   C:\Users\Rose\AppData\Roaming\Winamp
2008-08-15 20:20   ---------   d-----w   C:\Program Files\Winamp
2008-08-15 19:40   ---------   d-----w   C:\Users\Rose\AppData\Roaming\Media Player Classic
2008-08-15 19:40   ---------   d-----w   C:\Program Files\Real Alternative
2008-08-15 19:06   ---------   d-----w   C:\Program Files\DAP
2008-08-15 19:05   50,688   ----a-w   C:\Windows\System32\wbhelp2.dll
2008-08-14 19:05   ---------   d-----w   C:\ProgramData\Symantec
2008-08-14 07:46   ---------   d-----w   C:\Program Files\Windows Mail
2008-08-11 12:12   ---------   d-----w   C:\Program Files\Common Files\Symantec Shared
2008-08-10 20:15   ---------   d-----w   C:\Program Files\Lavalys
2008-08-09 21:59   ---------   d-----w   C:\Program Files\Trend Micro
2008-08-08 11:37   ---------   d-----w   C:\Users\Rose\AppData\Roaming\AdobeUM
2008-08-06 22:19   ---------   d-----w   C:\Users\jan\AppData\Roaming\Artweaver
2008-08-06 07:13   ---------   d-----w   C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-08-05 21:49   ---------   d-----w   C:\Users\Rose\AppData\Roaming\Artweaver
2008-08-05 21:49   ---------   d-----w   C:\Program Files\Artweaver 0.5
2008-08-05 21:48   ---------   d-----w   C:\Program Files\3D Canvas 7
2008-08-05 21:43   ---------   d-----w   C:\Program Files\PhotoFiltre Studio
2008-08-05 17:14   ---------   d-----w   C:\ProgramData\FLEXnet
2008-08-05 17:06   ---------   d-----w   C:\Program Files\Common Files\Adobe
2008-08-05 16:43   ---------   d-----w   C:\Program Files\Bonjour
2008-08-05 16:42   ---------   dcsh--w   C:\Program Files\Common Files\WindowsLiveInstaller
2008-08-05 16:42   ---------   d-----w   C:\Program Files\Windows Live
2008-08-05 16:38   ---------   d-----w   C:\Program Files\Common Files\Macrovision Shared
2008-08-05 16:32   ---------   d-----w   C:\ProgramData\WLInstaller
2008-08-05 16:26   ---------   d-----w   C:\Program Files\PENSUITEPRO
2008-08-05 15:36   ---------   d-----w   C:\Program Files\Corel
2008-08-05 15:20   ---------   d-----w   C:\Program Files\TABLET
2008-08-05 15:09   ---------   d-----w   C:\ProgramData\AppData
2008-08-04 17:35   428,032   ----a-w   C:\Windows\System32\EncDec.dll
2008-08-04 17:35   292,352   ----a-w   C:\Windows\System32\psisdecd.dll
2008-08-04 17:35   1,244,672   ----a-w   C:\Windows\System32\mcmde.dll
2008-08-04 17:31   174   --sha-w   C:\Program Files\desktop.ini
2008-08-04 17:26   ---------   d-----w   C:\Program Files\Windows Sidebar
2008-08-04 17:08   194,560   ----a-w   C:\Windows\System32\WebClnt.dll
2008-08-04 17:08   110,080   ----a-w   C:\Windows\system32\drivers\mrxdav.sys
2008-08-04 17:07   45,112   ----a-w   C:\Windows\system32\drivers\pciidex.sys
2008-08-04 17:07   41,984   ----a-w   C:\Windows\system32\drivers\monitor.sys
2008-08-04 17:07   3,504,696   ----a-w   C:\Windows\System32\ntkrnlpa.exe
2008-08-04 17:07   3,470,392   ----a-w   C:\Windows\System32\ntoskrnl.exe
2008-08-04 17:07   211,000   ----a-w   C:\Windows\system32\drivers\volsnap.sys
2008-08-04 17:07   21,560   ----a-w   C:\Windows\system32\drivers\atapi.sys
2008-08-04 17:07   20,024   ----a-w   C:\Windows\system32\drivers\viaide.sys
2008-08-04 17:07   154,624   ----a-w   C:\Windows\system32\drivers\nwifi.sys
2008-08-04 17:07   109,624   ----a-w   C:\Windows\system32\drivers\ataport.sys
2008-08-04 17:07   1,060,920   ----a-w   C:\Windows\system32\drivers\ntfs.sys
2008-08-04 17:06   803,328   ----a-w   C:\Windows\system32\drivers\tcpip.sys
2008-08-04 17:06   24,064   ----a-w   C:\Windows\System32\netcfg.exe
2008-08-04 17:06   22,016   ----a-w   C:\Windows\System32\netiougc.exe
2008-08-04 17:06   216,632   ----a-w   C:\Windows\system32\drivers\netio.sys
2008-08-04 17:06   167,424   ----a-w   C:\Windows\System32\tcpipcfg.dll
2008-08-04 17:06   1,585,664   ----a-w   C:\Windows\System32\setupapi.dll
2008-08-04 17:04   9,728   ----a-w   C:\Windows\System32\LAPRXY.DLL
2008-08-04 17:04   296,448   ----a-w   C:\Windows\System32\gdi32.dll
2008-08-04 17:04   223,232   ----a-w   C:\Windows\System32\WMASF.DLL
2008-08-04 17:04   2,048   ----a-w   C:\Windows\System32\asferror.dll
2008-08-04 17:04   14,848   ----a-w   C:\Windows\System32\wshrm.dll
2008-08-04 17:04   113,664   ----a-w   C:\Windows\system32\drivers\rmcast.sys
2008-08-04 17:04   11,776   ----a-w   C:\Windows\System32\sbunattend.exe
2008-08-04 17:03   83,968   ----a-w   C:\Windows\System32\dnsrslvr.dll
2008-08-04 17:03   537,600   ----a-w   C:\Windows\AppPatch\AcLayers.dll
2008-08-04 17:03   449,536   ----a-w   C:\Windows\AppPatch\AcSpecfc.dll
2008-08-04 17:03   4,247,552   ----a-w   C:\Windows\System32\GameUXLegacyGDFs.dll
2008-08-04 17:03   24,576   ----a-w   C:\Windows\System32\dnscacheugc.exe
2008-08-04 17:03   2,560   ----a-w   C:\Windows\AppPatch\AcRes.dll
2008-08-04 17:03   2,144,256   ----a-w   C:\Windows\AppPatch\AcGenral.dll
2008-08-04 17:03   173,056   ----a-w   C:\Windows\AppPatch\AcXtrnal.dll
2008-08-04 17:03   1,686,528   ----a-w   C:\Windows\System32\gameux.dll
2008-08-04 17:02   84,992   ----a-w   C:\Windows\system32\drivers\srvnet.sys
2008-08-04 17:02   58,368   ----a-w   C:\Windows\system32\drivers\mrxsmb20.sys
2008-08-04 17:02   130,048   ----a-w   C:\Windows\system32\drivers\srv2.sys
2008-08-04 17:02   101,888   ----a-w   C:\Windows\system32\drivers\mrxsmb.sys
2008-08-04 17:02   1,327,104   ----a-w   C:\Windows\System32\quartz.dll
2008-07-15 23:48   2,048   ----a-w   C:\Windows\System32\tzres.dll
2008-07-07 17:18   ---------   d-----w   C:\Program Files\Norton Internet Security
2008-06-27 03:54   826,368   ----a-w   C:\Windows\System32\wininet.dll
2008-06-27 03:54   56,320   ----a-w   C:\Windows\System32\iesetup.dll
2008-06-27 03:54   52,736   ----a-w   C:\Windows\AppPatch\iebrshim.dll
2008-06-27 03:54   26,624   ----a-w   C:\Windows\System32\ieUnatt.exe
2008-06-19 03:25   61,440   ----a-w   C:\Windows\System32\winipsec.dll
2008-06-19 03:25   361,984   ----a-w   C:\Windows\System32\IPSECSVC.DLL
2008-06-19 03:25   28,672   ----a-w   C:\Windows\System32\FwRemoteSvr.dll
2008-06-19 03:25   272,896   ----a-w   C:\Windows\System32\polstore.dll
.

(((((((((((((((((((((((((((((   snapshot@2008-08-16_17.19.30.53   )))))))))))))))))))))))))))))))))))))))))
.
- 2008-08-16 14:25:52   2,048   --sha-w   C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-08-17 13:16:17   2,048   --sha-w   C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2008-08-16 14:25:52   2,048   --sha-w   C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2008-08-17 13:16:17   2,048   --sha-w   C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-08-16 14:27:20   262,144   --sha-w   C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-08-17 13:18:17   262,144   --sha-w   C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-08-17 13:18:17   262,144   ---ha-w   C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-08-15 20:43:29   16,384   --sha-w   C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-08-16 15:42:53   16,384   --sha-w   C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-08-15 20:43:29   32,768   --sha-w   C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-08-16 15:42:53   32,768   --sha-w   C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-08-15 20:43:29   16,384   --sha-w   C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-08-16 15:42:53   16,384   --sha-w   C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-08-16 14:27:15   262,144   --sha-w   C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-08-17 13:18:12   262,144   --sha-w   C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-08-17 13:18:12   262,144   ---ha-w   C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-08-16 14:31:07   16,384   --sha-w   C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-08-17 13:21:58   16,384   --sha-w   C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-08-16 14:31:07   32,768   --sha-w   C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-08-17 13:21:58   32,768   --sha-w   C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-08-16 14:31:07   16,384   --sha-w   C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-08-17 13:21:58   16,384   --sha-w   C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-08-16 14:30:25   103,726   ----a-w   C:\Windows\System32\perfc009.dat
+ 2008-08-17 13:21:19   101,178   ----a-w   C:\Windows\System32\perfc009.dat
- 2008-08-16 14:30:25   86,210   ----a-w   C:\Windows\System32\perfc015.dat
+ 2008-08-17 13:21:19   86,210   ----a-w   C:\Windows\System32\perfc015.dat
- 2008-08-16 14:30:25   609,944   ----a-w   C:\Windows\System32\perfh009.dat
+ 2008-08-17 13:21:19   607,396   ----a-w   C:\Windows\System32\perfh009.dat
- 2008-08-16 14:30:25   535,330   ----a-w   C:\Windows\System32\perfh015.dat
+ 2008-08-17 13:21:19   535,330   ----a-w   C:\Windows\System32\perfh015.dat
- 2008-08-16 14:27:43   4,086   ----a-w   C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3757177117-3087335413-4238760117-1003_UserData.bin
+ 2008-08-17 13:18:39   4,326   ----a-w   C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3757177117-3087335413-4238760117-1003_UserData.bin
- 2008-08-16 14:27:43   71,076   ----a-w   C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-08-17 13:18:39   71,162   ----a-w   C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-08-16 14:27:42   34,674   ----a-w   C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-08-17 13:18:37   34,690   ----a-w   C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
-- Snapshot reset to current date --
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-08-04 19:04 1232896]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 14:35 125440]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 13:49 153136]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2007-07-09 09:39 2119104]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 14:36 201728]
"DownloadAccelerator"="C:\Program Files\DAP\DAP.EXE" [2008-08-15 21:05 3065344]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AsusStartupHelp"="C:\Program Files\ASUS\AASP\1.00.24\AsRunHelp.exe" [2006-12-29 10:54 363008]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-09 18:53 153136]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-10-25 01:08 107112]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2006-10-27 02:18 22696]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-08-04 01:02 36352]
"ASUSGamerOSD"="C:\Program Files\ASUS\GamerOSD\GamerOSD.exe" [2007-07-23 12:48 380928]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 15:34 868352]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-07-06 20:15 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-07-06 20:15 8466432]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-07-06 20:15 81920]
"ALUAlert"="C:\Program Files\Symantec\LiveUpdate\ALuNotify.exe" [2006-11-24 14:03 112320]
"Corel Painter Essentials 21a"="C:\Program Files\Corel\Corel Painter Essentials 2\registration.exe" [2004-03-18 14:38 733184]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 17:38 583048]
"WTClient"="WTClient.exe" [2007-04-11 18:27 40960 C:\Windows\System32\WTClient.exe]

C:\Users\jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOfficeT7 2.3.lnk - C:\Program Files\OpenOfficeT7 2.3\program\quickstart.exe [2007-09-20 14:51:54 393216]

C:\Users\Rose\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOfficeT7 2.3.lnk - C:\Program Files\OpenOfficeT7 2.3\program\quickstart.exe [2007-09-20 14:51:54 393216]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 07:05:26 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ac3filter"= ac3filter.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{6B61E432-9237-43B1-A9D3-B1508F544D1F}"= UDP:C:\Program Files\EA GAMES\The Sims 2\TSBin\Sims2.exe:The Sims 2
"{43238D00-CF11-4BD5-9BE6-704FC82A8C1A}"= TCP:C:\Program Files\EA GAMES\The Sims 2\TSBin\Sims2.exe:The Sims 2
"{CD25A274-8C7F-4940-8A5B-217F11567040}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R0 videX32;videX32;C:\Windows\system32\DRIVERS\videX32.sys [2006-10-17 14:22]
R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20061025.029\IDSvix86.sys [2006-10-20 06:10]
R2 TabletInputService;Usługa wprowadzania na komputerze typu Tablet;C:\Windows\System32\svchost.exe [2006-11-02 11:45]
R3 asusgsb;ASUS Virtual Video Capture Device Driver;C:\Windows\system32\drivers\asusgsb.sys [2007-07-23 12:48]
R3 atkdisplf;ASUS Kernel Mode Enhanced Driver;C:\Windows\system32\drivers\ATKDispLowFilter.sys [2007-07-23 13:01]
R3 PTSimBus;PenTablet Bus Enumerator;C:\Windows\system32\DRIVERS\PTSimBus.sys [2007-06-07 19:16]
R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2006-10-24 15:40]
S2 ATKFUSService;ATK Fast User Switch Service;C:\Windows\system32\ATKFUSService.exe [2007-07-23 12:48]
S3 PTSimHid;PenTablet Simulated HID MiniDriver;C:\Windows\system32\DRIVERS\PTSimHid.sys [2007-04-23 17:28]

*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder

2008-08-15 C:\Windows\Tasks\Norton Internet Security - Uruchom pełne skanowanie systemu - jan.job
- C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exe [2006-11-07 19:48]

2008-08-17 C:\Windows\Tasks\User_Feed_Synchronization-{306E418C-21E4-492D-855E-2C96B99B901C}.job
- C:\Windows\system32\msfeedssync.exe [2006-11-02 11:45]

2008-08-17 C:\Windows\Tasks\User_Feed_Synchronization-{C8EA30E9-2FC8-4317-82F7-BBF62C760E42}.job
- C:\Windows\system32\msfeedssync.exe [2006-11-02 11:45]
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-17 15:45:54
Windows 6.0.6000  NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-08-17 15:47:13
ComboFix-quarantined-files.txt  2008-08-17 13:47:08
ComboFix2.txt  2008-08-16 15:20:25

Pre-Run: System nie może znaleźć komunikatu dla numeru komunikatu 0x2379 w pliku komunikatów dla Application.
Post-Run: 208,731,500,544 bajtów wolnych

249   --- E O F ---   2008-08-14 07:49:43


[wojtas]

Czysto, wykonaj:

1. Ściągnij OTMoveIt i go włacz i odpal go z opcji CleanUp
2. wykonaj optymalizację windowsa
3.sciagnij ATF_Cleaner
zaznacz
Windows Temp
All users Temp
Temporary internet files
Recycle Bin
i wcisnij EMPTY SELECTED
4.Wyłącz przywracanie systemu ( właściwości mój komputer-zakładka przywracanie - wyłącz przywracanie na wszystkich dyskach). Po chwili włącz je powrotem

[pythoonsss]

wykonałam wszystkie trzy ostatnie punkty tylko nie mogłam pierwszego wyskakiwało mi okienko "file acces denied" dziękuję za pomoc