pożera coś pamięć, prosze o sprawdzenie loga

[mcgiwer]

Witam, mam problem z laptopem, coś zaczęło pożerać pamięć, czasem długo otwierają się i zamykają foldery i czasami wyskakuje monit o zbyt małej ilości pamięci zamieszczam logi z Hijacka i Combo Fixa proszę o sprawdzenie i pomoc za co z góry dziękuję

Kod: Zaznacz wszystko

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:17:01, on 2007-11-04
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\Wireless Console 2\wcourier.exe
C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe
C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe
C:\Program Files\ASUS\Splendid\ACMON.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\ACEngSvr.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\acovcnt.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
D:\zainstalowane programy\Alcohol 120\StarWind\StarWindService.exe
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wp.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: &Tłumaczenie - {0D704FAD-66E9-4F0A-BFED-4F665770DDB3} - C:\Program Files\Techland\Common\InternetTranslator\InternetTranslator.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\WINDOWS\sm56hlpr.exe
O4 - HKLM\..\Run: [ASUS Live Update] C:\Program Files\ASUS\ASUS Live Update\ALU.exe
O4 - HKLM\..\Run: [Wireless Console 2] C:\Program Files\Wireless Console 2\wcourier.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ABLKSR] C:\WINDOWS\ABLKSR\ABLKSR.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [ACMON] C:\Program Files\ASUS\Splendid\ACMON.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] "C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\wianmpa.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [CloneCDTray] "D:\zainstalowane programy\CloneCD\CloneCDTray.exe" /s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [IETI] C:\Program Files\Skype\Phone\IEPlugin\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [IETI] C:\Program Files\Skype\Phone\IEPlugin\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART (User 'Default user')
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {B46B0919-62BA-4D99-A5C4-916B57A6805C} - C:\Program Files\Techland\Common\InternetTranslator\InternetTranslator.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Techland\Common\InternetTranslator\InternetTranslator.dll,-103 - {B46B0919-62BA-4D99-A5C4-916B57A6805C} - C:\Program Files\Techland\Common\InternetTranslator\InternetTranslator.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://host.cycore.net/plugins/windows/ie/Cult3D_IE_5.3.0.228.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C41CA581-E497-46AD-A2A9-4B25D75F7CA0}: NameServer = 195.205.252.2,195.205.252.3
O17 - HKLM\System\CCS\Services\Tcpip\..\{CDA9EB1F-9586-4B15-8DAF-0B79E52F7B12}: NameServer = 195.205.252.2,195.205.252.3
O17 - HKLM\System\CCS\Services\Tcpip\..\{DAECBB7D-EAC5-43EF-B419-53934B3F1D49}: NameServer = 195.205.252.2,195.205.252.3
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Autodata Limited License Service - Unknown owner - C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender S.R.L. - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation  - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - D:\zainstalowane programy\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe

--
End of file - 12619 bytes

Kod: Zaznacz wszystko

ComboFix 07-11-01.1 - Mariusz i Basia 2007-11-04 20:12:16.1 - [color=red][b]FAT32[/b][/color]x86
Microsoft Windows XP Home Edition  5.1.2600.2.1250.1.1045.18.522 [GMT 1:00]
Running from: D:\ComboFix.exe
* Created a new restore point
.

(((((((((((((((((((((((((   Files Created from 2007-10-04 to 2007-11-04  )))))))))))))))))))))))))))))))
.

2007-11-04 20:10   51,200   --a------   C:\WINDOWS\NirCmd.exe
2007-11-04 08:37   <DIR>   d--------   C:\Documents and Settings\Mariusz i Basia\Dane aplikacji\ImgBurn
2007-11-03 20:37   223,128   --a------   C:\WINDOWS\system32\drivers\vaxscsi.sys
2007-11-03 15:54   <DIR>   d--------   C:\Documents and Settings\Mariusz i Basia\Dane aplikacji\IDM
2007-11-03 15:54   <DIR>   d--------   C:\Documents and Settings\Mariusz i Basia\Dane aplikacji\DMCache
2007-11-02 12:36   1,156   --a------   C:\WINDOWS\mozver.dat
2007-11-02 12:30   0   --a------   C:\WINDOWS\nsreg.dat
2007-10-28 18:30   <DIR>   d--------   C:\Program Files\Nero
2007-10-28 18:30   <DIR>   d--------   C:\Program Files\Common Files\Nero
2007-10-14 10:00   81,984   --a------   C:\WINDOWS\system32\bdod.bin
2007-10-14 09:59   <DIR>   d--------   C:\Program Files\BitDefender
2007-10-14 09:59   <DIR>   d--------   C:\Documents and Settings\Mariusz i Basia\Dane aplikacji\Bitdefender
2007-10-14 09:59   <DIR>   d--------   C:\Documents and Settings\All Users\Dane aplikacji\BitDefender
2007-10-14 09:58   <DIR>   d--------   C:\Program Files\Common Files\BitDefender
2007-10-14 09:48   <DIR>   d--------   C:\Documents and Settings\All Users\Dane aplikacji\Avg7
2007-10-13 20:34   <DIR>   d--------   C:\Documents and Settings\Mariusz i Basia\Phone Browser
2007-10-13 20:34   <DIR>   d--------   C:\Documents and Settings\Mariusz i Basia\Dane aplikacji\Nokia Multimedia Player
2007-10-13 20:30   <DIR>   d--------   C:\Documents and Settings\All Users\Dane aplikacji\Nokia
2007-10-13 20:30   137,216   --a------   C:\WINDOWS\system32\drivers\nmwcd.sys
2007-10-13 20:30   65,536   --a------   C:\WINDOWS\system32\nmwcdcocls.dll
2007-10-13 20:30   12,288   --a------   C:\WINDOWS\system32\drivers\nmwcdcm.sys
2007-10-13 20:30   12,288   --a------   C:\WINDOWS\system32\drivers\nmwcdcj.sys
2007-10-13 20:30   8,320   --a------   C:\WINDOWS\system32\drivers\nmwcdc.sys
2007-10-13 19:59   <DIR>   d--------   C:\Program Files\DIFX
2007-10-13 19:59   <DIR>   d--------   C:\Program Files\Common Files\PCSuite
2007-10-13 19:59   <DIR>   d--------   C:\Program Files\Common Files\Nokia
2007-10-13 19:59   <DIR>   d--------   C:\Documents and Settings\Mariusz i Basia\Dane aplikacji\PC Suite
2007-10-13 19:59   <DIR>   d--------   C:\Documents and Settings\Mariusz i Basia\Dane aplikacji\Nokia
2007-10-13 19:59   <DIR>   d--------   C:\Documents and Settings\All Users\Dane aplikacji\PC Suite
2007-10-13 19:59   831,048   --a------   C:\WINDOWS\system32\WudfUpdate_01005.dll
2007-10-13 19:58   <DIR>   d--------   C:\Program Files\PC Connectivity Solution
2007-10-13 19:58   <DIR>   d--------   C:\Program Files\Nokia
2007-10-13 19:38   <DIR>   d--------   C:\Documents and Settings\All Users\Dane aplikacji\Installations
2007-10-11 20:27   <DIR>   d--------   C:\Program Files\Alcohol Soft
2007-10-11 20:08   <DIR>   d--------   C:\Program Files\Trend Micro
2007-10-10 16:05   582,656   ---------   C:\WINDOWS\system32\dllcache\rpcrt4.dll

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-04 18:52   45,056   ----a-w   C:\WINDOWS\system32\acovcnt.exe
2007-11-02 18:01   10   ----a-w   C:\Program Files\.autoreg
2007-11-01 18:44   87,952   ------w   C:\WINDOWS\system32\drivers\bdfndisf.sys
2007-10-11 19:25   685,816   ----a-w   C:\WINDOWS\system32\drivers\sptd.sys
2007-09-24 19:07   ---------   d-----w   C:\Program Files\MSBuild
2007-09-24 19:07   ---------   d-----w   C:\Program Files\Microsoft Works
2007-09-24 19:05   ---------   d-----w   C:\Program Files\Microsoft.NET
2007-09-24 19:02   ---------   d-----w   C:\Program Files\Microsoft Visual Studio 8
2007-09-24 19:01   ---------   d-----w   C:\Documents and Settings\All Users\Dane aplikacji\Microsoft Help
2007-09-24 08:05   132,904   ----a-w   C:\WINDOWS\system32\drivers\imagesrv.sys
2007-09-24 08:05   11,304   ----a-w   C:\WINDOWS\system32\drivers\imagedrv.sys
2007-09-21 20:41   ---------   d-----w   C:\Program Files\Real Alternative
2007-09-20 08:59   972,072   ----a-w   C:\WINDOWS\UNRecode.exe
2007-09-20 08:55   972,072   ----a-w   C:\WINDOWS\UNNeroMediaHome.exe
2007-09-20 08:55   95,600   ----a-w   C:\WINDOWS\system32\NeroCo.dll
2007-09-17 20:45   ---------   d-----w   C:\Documents and Settings\Mariusz i Basia\Dane aplikacji\Nero
2007-09-17 20:42   ---------   d-----w   C:\Documents and Settings\All Users\Dane aplikacji\Nero
2007-09-15 18:01   ---------   d-----w   C:\Program Files\MSXML 6.0
2007-09-14 22:16   ---------   d-----w   C:\Program Files\Common Files\Wise Installation Wizard
2007-08-21 07:18   683,520   ----a-w   C:\WINDOWS\system32\inetcomm.dll
2007-08-21 07:18   683,520   ------w   C:\WINDOWS\system32\dllcache\inetcomm.dll
2007-08-20 11:01   824,832   ------w   C:\WINDOWS\system32\dllcache\wininet.dll
2007-08-20 11:01   671,232   ------w   C:\WINDOWS\system32\dllcache\mstime.dll
2007-08-20 11:01   63,488   ------w   C:\WINDOWS\system32\dllcache\icardie.dll
2007-08-20 11:01   6,058,496   ------w   C:\WINDOWS\system32\dllcache\ieframe.dll
2007-08-20 11:01   52,224   ------w   C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-08-20 11:01   477,696   ------w   C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-08-20 11:01   459,264   ------w   C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-08-20 11:01   44,544   ------w   C:\WINDOWS\system32\dllcache\iernonce.dll
2007-08-20 11:01   384,512   ------w   C:\WINDOWS\system32\dllcache\iedkcs32.dll
2007-08-20 11:01   383,488   ------w   C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-08-20 11:01   3,584,512   ------w   C:\WINDOWS\system32\dllcache\mshtml.dll
2007-08-20 11:01   27,648   ------w   C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-08-20 11:01   267,776   ------w   C:\WINDOWS\system32\dllcache\iertutil.dll
2007-08-20 11:01   232,960   ------w   C:\WINDOWS\system32\dllcache\webcheck.dll
2007-08-20 11:01   230,400   ------w   C:\WINDOWS\system32\dllcache\ieaksie.dll
2007-08-20 11:01   214,528   ------w   C:\WINDOWS\system32\dllcache\dxtrans.dll
2007-08-20 11:01   193,024   ------w   C:\WINDOWS\system32\dllcache\msrating.dll
2007-08-20 11:01   153,088   ------w   C:\WINDOWS\system32\dllcache\ieakeng.dll
2007-08-20 11:01   132,608   ------w   C:\WINDOWS\system32\dllcache\extmgr.dll
2007-08-20 11:01   124,928   ------w   C:\WINDOWS\system32\dllcache\advpack.dll
2007-08-20 11:01   105,984   ------w   C:\WINDOWS\system32\dllcache\url.dll
2007-08-20 11:01   102,400   ------w   C:\WINDOWS\system32\dllcache\occache.dll
2007-08-20 11:01   1,152,000   ------w   C:\WINDOWS\system32\dllcache\urlmon.dll
2007-08-17 11:24   63,488   ------w   C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-08-17 11:24   625,152   ------w   C:\WINDOWS\system32\dllcache\iexplore.exe
2007-08-17 11:24   13,824   ------w   C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-08-17 08:34   161,792   ------w   C:\WINDOWS\system32\dllcache\ieakui.dll
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{381FFDE8-2394-4f90-B10D-FC6124A40F8C}"= C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll [2007-11-01 19:44 86016]

[HKEY_CLASSES_ROOT\CLSID\{381FFDE8-2394-4f90-B10D-FC6124A40F8C}]
[HKEY_CLASSES_ROOT\BitDefender Toolbar]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HControl"="C:\WINDOWS\ATK0100\HControl.exe" [2006-04-17 05:24]
"SMSERIAL"="C:\WINDOWS\sm56hlpr.exe" []
"ASUS Live Update"="C:\Program Files\ASUS\ASUS Live Update\ALU.exe" [2006-02-21 15:20]
"Wireless Console 2"="C:\Program Files\Wireless Console 2\wcourier.exe" [2005-10-17 17:09]
"ATKMEDIA"="C:\Program Files\ASUS\ATK Media\DMEDIA.EXE" [2006-02-15 10:38]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-10-21 02:26]
"ABLKSR"="C:\WINDOWS\ABLKSR\ABLKSR.exe" [2006-01-02 21:14]
"RemoteControl"="C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe" [2005-01-12 03:01]
"Power_Gear"="C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe" [2006-03-14 17:46]
"ACMON"="C:\Program Files\ASUS\Splendid\ACMON.exe" [2006-02-21 19:36]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-04-14 11:51]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-04-14 11:52]
"EOUApp"="C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe" [2006-04-14 11:56]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-02-07 01:39]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-02-06 19:36]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-02-06 19:40]
"SigmatelSysTrayApp"="stsystra.exe" [2006-02-13 10:23 C:\WINDOWS\STSYSTRA.EXE]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-11-15 18:17]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" []
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 09:51]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47]
"WinampAgent"="C:\Program Files\Winamp\wianmpa.exe" []
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 13:20]
"BitDefender Antiphishing Helper"="C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe" [2007-11-01 19:44]
"BDAgent"="C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe" [2007-11-01 19:44]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 15:57]
"CloneCDTray"="D:\zainstalowane programy\CloneCD\CloneCDTray.exe" [2005-05-19 14:47]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" []
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-09-20 15:35]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2007-05-10 16:36]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"IETI"=C:\Program Files\Skype\Phone\IEPlugin\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Nokia.PCSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
"Picasa Media Detector"=D:\zainstalowane programy\Picasa2\PicasaMediaDetector.exe

R1 bdftdif;bdftdif;\??\C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3;C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;C:\WINDOWS\system32\DRIVERS\bdfndisf.sys
R3 bdfsfltr;bdfsfltr;C:\WINDOWS\system32\DRIVERS\bdfsfltr.sys
R3 BDSelfPr;BDSelfPr;\??\C:\Program Files\BitDefender\BitDefender 2008\bdselfpr.sys
R3 scan;BitDefender Threat Scanner;C:\WINDOWS\System32\svchost.exe -kbdx
S3 AR5523;WLAN USB Wireless Network Adapter Service;C:\WINDOWS\system32\DRIVERS\ar5523.sys
S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx   scan

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1c3b1682-c653-11db-99f7-00026f445fd7}]
\Shell\AutoRun\command - F:\setup.exe

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2007-10-29 19:00:02 C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - Mariusz i Basia.job"
- C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exe
.
**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-04 20:13:23
Windows 5.1.2600 Dodatek Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\bdfsfltr]
"ImagePath"=hex:73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,\
.
Completion time: 2007-11-04 20:13:51
.
   --- E O F ---

[wojtas]

Start>uruchom>msconfig>zakladka uruchamianie> wylacz progsy które nie chcesz żeby startowaly z systemem przyspieszy Ci to wlaczanie kompa

po za tym czysto

Autor postu otrzymał pochwałę

[mcgiwer]

Dziękuję Ci bardzo za pomoc wojtas19162 ale mam jeszcze jedno pytanie, jak rozpoznać które programy można bezpiecznie wyłączyć z uruchamiania z systemem i pytanie drugie wyłączyłem te których jestem pewien że mogę wyłączyć np., Winamp i teraz wyskakuje mi przy każdym starcie systemu okno narzędzi konfiguracji i pokazuje bym zmienił uruchamianie na normalne by startowały wszystkie programy, co z tym zrobić, jak dam na uruchamianie normalne to znowu będą wszystkie programy uruchamiana jak selektywne to będzie wyskakiwać okno narzędzi. Jak to rozwiązać i do czego jest ten rejestr FIX który utwożyłem, on powodował takie błędy o braku pamięci??

[wojtas]

te mozesz odachaczyc w msconfig... tamten fix czyscil rejestr..

O4 - HKLM\..\Run: [SMSERIAL] C:\WINDOWS\sm56hlpr.exe
O4 - HKLM\..\Run: [ASUS Live Update] C:\Program Files\ASUS\ASUS Live
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [ACMON] C:\Program Files\ASUS\Splendid\ACMON.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [CloneCDTray] "D:\zainstalowane programy\CloneCD\CloneCDTray.exe" /s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"

[mcgiwer]

Ok. Jeszcze raz dziękuję Ci bardzo za pomoc, żeczywiście teraz dużo lepiej