Problem z prawidłowym funkcjonowaniem windows

[bartosz121]

Mam problem ze sprawnym funkcjonowaniem Windowsa co chwile zamyka okienka np problem z aplikacją ,z drwtsn otwieram moja muzyka problem z explorerem ---same problemy pobejżewam że to trojan albo coś podobnego proszę o przeglądnięcie moich logów z combofixa i HJ..... i z gggggggóry dziękuję

Kod: Zaznacz wszystko

ComboFix 09-01-21.04 - Bartek 2009-02-08 19:31:12.5 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.3.1250.1.1045.18.3070.2499 [GMT 1:00]
Uruchomiony z: f:\documents and settings\Bartek\Pulpit\ComboFix.exe
AV: AVG Anti-Virus plus Firewall *On-access scanning enabled* (Updated)
FW: AVG Firewall *enabled*
.
- TRYB ZREDUKOWANEJ FUNKCJONALNOŚCI -
.

(((((((((((((((((((((((((   Pliki utworzone od 2009-01-08 do 2009-02-08  )))))))))))))))))))))))))))))))
.

2009-02-08 17:51 . 2006-11-30 14:13   61,536   -ra------   f:\windows\system32\drivers\se45bus.sys
2009-02-08 17:51 . 2006-11-30 14:14   5,872   -ra------   f:\windows\system32\drivers\se45whnt.sys
2009-02-08 17:51 . 2006-11-30 14:14   5,872   -ra------   f:\windows\system32\drivers\se45wh.sys
2009-02-07 17:06 . 2009-02-07 17:06   <DIR>   d--------   f:\windows\system32\AGEIA
2009-02-07 17:06 . 2009-02-07 17:06   <DIR>   d--------   f:\program files\Common Files\Wise Installation Wizard
2009-02-07 17:06 . 2009-02-07 17:06   <DIR>   d--------   f:\program files\AGEIA Technologies
2009-02-07 15:45 . 2009-02-07 15:45   87,608   --a------   f:\documents and settings\Bartek\Dane aplikacji\inst.exe
2009-02-06 16:53 . 2009-02-06 16:53   <DIR>   d--------   f:\program files\Ubisoft
2009-01-30 23:29 . 2009-01-30 23:29   <DIR>   d--------   f:\documents and settings\Bartek\Dane aplikacji\TrojanHunter
2009-01-30 23:23 . 2009-01-30 23:23   <DIR>   d--------   f:\program files\TrojanHunter 5.0
2009-01-30 23:09 . 2009-02-08 15:59   <DIR>   d--------   f:\program files\a-squared Anti-Malware
2009-01-29 12:54 . 2009-01-29 12:54   <DIR>   d--------   f:\program files\Alcohol Soft
2009-01-29 12:43 . 2009-01-29 12:43   <DIR>   d--------   f:\documents and settings\All Users\Dane aplikacji\Electronic Arts
2009-01-22 20:32 . 2009-01-22 20:32   <DIR>   d--hs----   f:\windows\ftpcache
2009-01-22 20:31 . 2009-01-22 20:31   22,328   --a------   f:\documents and settings\Bartek\Dane aplikacji\PnkBstrK.sys
2009-01-22 20:30 . 2009-01-22 20:30   682,280   --a------   f:\windows\system32\pbsvc.exe
2009-01-22 20:21 . 2009-01-22 20:21   <DIR>   d--------   f:\program files\Activision
2009-01-18 14:49 . 2007-05-31 21:23   1,673,576   --a------   f:\windows\system32\dsetup32.dll
2009-01-18 14:49 . 2007-05-31 21:23   503,144   --a------   f:\windows\system32\DXSETUP.exe
2009-01-18 14:49 . 2007-05-31 21:23   77,160   --a------   f:\windows\system32\DSETUP.dll
2009-01-18 14:49 . 2005-03-18 17:18   58,064   --a------   f:\windows\system32\infinst.exe
2009-01-18 14:49 . 2005-03-18 17:31   7,479   --a------   f:\windows\system32\d3dx9_25_x64.cat
2009-01-18 14:49 . 2005-03-18 17:25   667   --a------   f:\windows\system32\d3dx9_25_x64.inf
2009-01-16 22:33 . 2009-01-16 22:33   <DIR>   d--h-----   f:\windows\msdownld.tmp

.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-08 17:01   196,608   ----a-w   f:\windows\system32\drivers\nAsmedia.bin
2009-02-08 15:16   ---------   d-----w   f:\documents and settings\Bartek\Dane aplikacji\uTorrent
2009-02-08 14:02   ---------   d-----w   f:\program files\lg_fwupdate
2009-02-07 14:47   ---------   d-----w   f:\documents and settings\All Users\Dane aplikacji\Apple Computer
2009-02-07 14:45   47,360   ----a-w   f:\documents and settings\Bartek\Dane aplikacji\pcouffin.sys
2009-02-07 14:45   ---------   d-----w   f:\program files\VSO
2009-02-07 14:45   ---------   d-----w   f:\documents and settings\Bartek\Dane aplikacji\Vso
2009-02-07 08:40   183,112   ----a-w   f:\windows\system32\PnkBstrB.exe
2009-02-07 08:40   138,184   ----a-w   f:\windows\system32\drivers\PnkBstrK.sys
2009-02-06 15:53   ---------   d--h--w   f:\program files\InstallShield Installation Information
2009-02-05 22:21   2,516   --sha-w   f:\windows\system32\KGyGaAvL.sys
2009-01-31 01:24   2,516   --sha-w   f:\documents and settings\All Users\Dane aplikacji\KGyGaAvL.sys
2009-01-31 01:24   ---------   d-----w   f:\documents and settings\All Users\Dane aplikacji\Corel
2009-01-28 07:03   ---------   d-----w   f:\program files\uTorrent
2009-01-22 19:30   66,872   ----a-w   f:\windows\system32\PnkBstrA.exe
2009-01-16 17:05   325,128   ----a-w   f:\windows\system32\drivers\avgldx86.sys
2009-01-15 02:00   ---------   d-----w   f:\documents and settings\All Users\Dane aplikacji\Microsoft Help
2009-01-08 15:11   12,552   ----a-w   f:\windows\system32\drivers\avgrkx86.sys
2009-01-08 15:11   107,272   ----a-w   f:\windows\system32\drivers\avgtdix.sys
2009-01-08 15:11   10,520   ----a-w   f:\windows\system32\avgrsstx.dll
2009-01-08 15:11   ---------   d-----w   f:\documents and settings\All Users\Dane aplikacji\Avg8
2009-01-04 09:03   ---------   d-----w   f:\program files\Electronic Arts
2009-01-04 09:02   ---------   d-----w   f:\documents and settings\Bartek\Dane aplikacji\Leadertech
2009-01-02 15:06   ---------   d-----w   f:\documents and settings\Bartek\Dane aplikacji\Ubisoft
2009-01-02 14:52   ---------   d-----w   f:\documents and settings\All Users\Dane aplikacji\Ubisoft
2009-01-02 01:44   ---------   d-----w   f:\documents and settings\All Users\Dane aplikacji\Wru
2009-01-01 20:02   ---------   d-----w   f:\program files\Common Files\Corel
2009-01-01 11:23   ---------   d-----w   f:\program files\Wru
2009-01-01 11:23   ---------   d-----w   f:\program files\WinUAE
2009-01-01 11:21   ---------   d-----w   f:\program files\Commander
2008-12-30 13:46   8   --sh--r   f:\documents and settings\All Users\Dane aplikacji\[u]0[/u]68FE7AAEC.sys
2008-12-30 13:43   ---------   d-----w   f:\program files\Common Files\Protexis
2008-12-29 16:54   107,888   ----a-w   f:\windows\system32\CmdLineExt.dll
2008-12-29 16:48   ---------   d-----w   f:\documents and settings\All Users\Dane aplikacji\Test Drive Unlimited
2008-12-29 16:39   ---------   d-----w   f:\documents and settings\Bartek\Dane aplikacji\AVGTOOLBAR
2008-12-29 16:29   ---------   d-----w   f:\program files\Common Files\Adobe
2008-12-27 18:30   196,608   ----a-w   f:\windows\system32\drivers\nVivid.bin
2008-12-26 20:12   ---------   d--h--r   f:\documents and settings\Bartek\Dane aplikacji\SecuROM
2008-12-25 17:10   724,992   ----a-w   f:\windows\iun6002.exe
2008-12-25 08:51   ---------   d-----w   f:\program files\ReflexiveArcade
2008-12-24 22:37   ---------   d-----w   f:\documents and settings\All Users\Dane aplikacji\PopCap Games
2008-12-24 22:22   ---------   d-----w   f:\program files\Futuremark
2008-12-24 16:31   ---------   d-----w   f:\documents and settings\Bartek\Dane aplikacji\ATI
2008-12-24 16:31   ---------   d-----w   f:\documents and settings\All Users\Dane aplikacji\ATI
2008-12-24 16:26   12,288   ----a-w   f:\windows\system32\drivers\EIO64_xp.sys
2008-12-24 16:26   ---------   d-----w   f:\program files\ASUS
2008-12-24 16:23   ---------   d-----w   f:\program files\My Company Name
2008-12-24 16:22   ---------   d-----w   f:\program files\ATI Technologies
2008-12-24 16:19   ---------   d-----w   f:\program files\Common Files\ATI Technologies
2008-12-24 15:52   50,968   ----a-w   f:\windows\system32\avgfwdx.dll
2008-12-24 15:52   29,208   ----a-w   f:\windows\system32\drivers\avgfwdx.sys
2008-12-24 14:33   ---------   d-----w   f:\program files\AVG
2008-12-14 23:22   410,984   ----a-w   f:\windows\system32\deploytk.dll
2008-12-14 23:22   ---------   d-----w   f:\program files\Java
2008-12-11 10:57   333,952   ----a-w   f:\windows\system32\drivers\srv.sys
2008-11-24 22:40   270,128   ----a-w   f:\program files\utorrent.exe
2004-10-01 13:00   40,960   ----a-w   f:\program files\Uninstall_CDS.exe
2008-08-22 10:56   32,768   --sha-w   f:\windows\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\MSHist012008082220080823\index.dat
.

------- Sigcheck -------

2008-04-14 18:21  977408  f042e3426d45d86d9bb55f6a79ab441a   f:\windows\explorer.exe
2006-03-02 13:00  975872  196c130d31317fe53de984220b5e13b9   f:\windows\$NtServicePackUninstall$\explorer.exe
2008-04-14 18:21  977408  f042e3426d45d86d9bb55f6a79ab441a   f:\windows\ServicePackFiles\i386\explorer.exe
.
(((((((((((((((((((((((((((((   snapshot_2009-01-30_22.46.51,35   )))))))))))))))))))))))))))))))))))))))))
.
- 2009-01-29 23:02:05   53,248   ----a-w   f:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
+ 2009-02-07 16:09:32   53,248   ----a-w   f:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
- 2009-01-29 23:02:05   12,800   ----a-w   f:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
+ 2009-02-07 16:09:32   12,800   ----a-w   f:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
- 2009-01-29 23:02:05   473,600   ----a-w   f:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
+ 2009-02-07 16:09:32   473,600   ----a-w   f:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
- 2009-01-29 23:02:02   2,676,224   ----a-w   f:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-02-07 16:09:30   2,676,224   ----a-w   f:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-01-29 23:02:02   2,846,720   ----a-w   f:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-02-07 16:09:30   2,846,720   ----a-w   f:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-01-29 23:02:03   563,712   ----a-w   f:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-02-07 16:09:31   563,712   ----a-w   f:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-01-29 23:02:03   567,296   ----a-w   f:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-02-07 16:09:31   567,296   ----a-w   f:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-01-29 23:02:03   576,000   ----a-w   f:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-02-07 16:09:31   576,000   ----a-w   f:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-01-29 23:02:03   577,024   ----a-w   f:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-02-07 16:09:31   577,024   ----a-w   f:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-01-29 23:02:04   577,536   ----a-w   f:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-02-07 16:09:31   577,536   ----a-w   f:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-01-29 23:02:04   577,536   ----a-w   f:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-02-07 16:09:32   577,536   ----a-w   f:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-01-29 23:02:04   578,560   ----a-w   f:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-02-07 16:09:32   578,560   ----a-w   f:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-01-29 23:02:05   578,560   ----a-w   f:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-02-07 16:09:33   578,560   ----a-w   f:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-01-29 23:02:05   145,920   ----a-w   f:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
+ 2009-02-07 16:09:33   145,920   ----a-w   f:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
- 2009-01-29 23:02:05   159,232   ----a-w   f:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
+ 2009-02-07 16:09:33   159,232   ----a-w   f:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
- 2009-01-29 23:02:05   364,544   ----a-w   f:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
+ 2009-02-07 16:09:33   364,544   ----a-w   f:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
- 2009-01-29 23:02:05   178,176   ----a-w   f:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
+ 2009-02-07 16:09:33   178,176   ----a-w   f:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
- 2009-01-29 23:02:04   223,232   ----a-w   f:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
+ 2009-02-07 16:09:32   223,232   ----a-w   f:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
+ 2009-02-07 16:16:54   302,430   ----a-r   f:\windows\Installer\{AEDBD563-24BB-4EE3-8366-A654DAC2D988}\ME_Icon.exe
+ 2008-10-07 08:13:20   58,648   ----a-w   f:\windows\system32\AgCPanelFrench.dll
+ 2008-10-07 08:13:20   58,648   ----a-w   f:\windows\system32\AgCPanelGerman.dll
+ 2008-10-07 08:13:20   58,648   ----a-w   f:\windows\system32\AgCPanelJapanese.dll
+ 2008-10-07 08:13:20   58,648   ----a-w   f:\windows\system32\AgCPanelKorean.dll
+ 2008-10-07 08:13:20   58,648   ----a-w   f:\windows\system32\AgCPanelPortugese.dll
+ 2008-10-07 08:13:20   58,648   ----a-w   f:\windows\system32\AgCPanelSimplifiedChinese.dll
+ 2008-10-07 08:13:20   58,648   ----a-w   f:\windows\system32\AgCPanelSpanish.dll
+ 2008-10-07 08:13:20   58,648   ----a-w   f:\windows\system32\AgCPanelSwedish.dll
+ 2008-10-07 08:13:22   58,648   ----a-w   f:\windows\system32\AgCPanelTraditionalChinese.dll
+ 2008-10-07 08:13:18   199,885   ----a-w   f:\windows\system32\AGEIA\AG1011\app.bin
+ 2008-10-07 08:13:20   119,473   ----a-w   f:\windows\system32\AGEIA\AG1011\diag.bin
+ 2008-10-07 08:13:20   214,629   ----a-w   f:\windows\system32\AGEIA\AG1021\app.bin
+ 2008-10-07 08:13:20   116,977   ----a-w   f:\windows\system32\AGEIA\AG1021\diag.bin
- 2009-01-28 21:36:21   74,137   ----a-w   f:\windows\system32\Macromed\Flash\uninstall_activeX.exe
+ 2009-02-07 16:18:14   74,137   ----a-w   f:\windows\system32\Macromed\Flash\uninstall_activeX.exe
+ 2008-10-15 08:04:28   288,024   ----a-w   f:\windows\system32\PhysXCompatCplUI.exe
+ 2008-10-15 08:04:28   288,024   ----a-w   f:\windows\system32\PhysXCplUI.exe
+ 2008-10-07 08:13:30   197,912   ----a-w   f:\windows\system32\physxcudart_20.dll
+ 2008-10-07 08:13:28   23,320   ----a-w   f:\windows\system32\PhysXDevice.dll
+ 2008-10-17 08:29:00   70,936   ----a-w   f:\windows\system32\PhysXLoader.dll
+ 2009-01-30 22:23:15   59,392   ------r   f:\windows\system32\streamhlp.dll
+ 2009-02-08 14:01:45   16,384   ----atw   f:\windows\temp\Perflib_Perfdata_300.dat
.
-- Migawka wyzerowana --
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="f:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="f:\windows\JM\JMInsIDE.exe" [2006-10-31 36864]
"36X Raid Configurer"="f:\windows\system32\JMRaidSetup.exe" [2006-11-17 1953792]
"WinFast Schedule"="f:\program files\WinFast\WFTVFM\WFWIZ.exe" [2006-07-07 348160]
"LGODDFU"="f:\program files\lg_fwupdate\fwupdate.exe" [2005-04-12 229376]
"HP Software Update"="f:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"SunJavaUpdateSched"="f:\program files\Java\jre6\bin\jusched.exe" [2008-12-15 136600]
"GrooveMonitor"="f:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"AVG8_TRAY"="f:\progra~1\AVG\AVG8\avgtray.exe" [2009-01-08 1601304]
"StartCCC"="f:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"Corel File Shell Monitor"="e:\corel photo shop pro x2\CorelIOMonitor.exe" [2008-01-15 16200]
"a-squared"="f:\program files\A-SQUARED ANTI-MALWARE\a2guard.exe" [2009-01-27 2784912]
"MSConfig"="f:\windows\pchealth\helpctr\Binaries\MSCONFIG.EXE" [2008-04-14 171520]
"Corel Photo Downloader"="f:\program files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" [2007-12-14 531784]
"SkyTel"="SkyTel.EXE" [2006-12-12 f:\windows\SkyTel.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-12-12 f:\windows\RTHDCPL.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="f:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoFileAssociate"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-01-08 16:11 10520 f:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.iac2"= f:\progra~2\ACEMEG~1\SystemS\Intel\iac25_32.ax
"vidc.avrn"= f:\progra~2\ACEMEG~1\SystemS\AVIDAV~1.DLL
"vidc.advj"= f:\progra~2\ACEMEG~1\SystemS\AVIDAV~1.DLL
"vidc.mszh"= f:\progra~2\ACEMEG~1\SystemS\avimszh.dll
"vidc.zlib"= f:\progra~2\ACEMEG~1\SystemS\avizlib.dll
"vidc.cscd"= f:\progra~2\ACEMEG~1\SystemS\camcodec.dll
"vidc.cvid"= f:\progra~2\ACEMEG~1\SystemS\iccvid.dll
"msacm.trspch"= f:\progra~2\ACEMEG~1\SystemS\tssoft32.acm
"vidc.em2v"= f:\progra~2\ACEMEG~1\SystemS\etxcodec.dll
"vidc.mkvc"= f:\progra~2\ACEMEG~1\SystemS\kmvidc32.dll
"vidc.hfyu"= f:\progra~2\ACEMEG~1\SystemS\huffyuv.dll
"msacm.lameacm"= f:\progra~2\ACEMEG~1\SystemS\lameacm.acm
"msacm.lhacm"= f:\progra~2\ACEMEG~1\SystemS\lhacm.acm
"msacm.l3acm"= f:\progra~2\ACEMEG~1\SystemS\l3codecp.acm
"vidc.sjpg"= f:\progra~2\ACEMEG~1\SystemS\pmjpeg32.dll
"vidc.dmb2"= f:\progra~2\ACEMEG~1\SystemS\pmjpeg32.dll
"vidc.gepj"= f:\progra~2\ACEMEG~1\SystemS\pmjpeg32.dll
"vidc.qpeg"= f:\progra~2\ACEMEG~1\SystemS\Qpeg32.dll
"vidc.q1.0"= f:\progra~2\ACEMEG~1\SystemS\Qpeg32.dll
"msacm.sl_anet"= f:\progra~2\ACEMEG~1\SystemS\sl_anet.acm
"vidc.tscc"= f:\progra~2\ACEMEG~1\SystemS\tsccvid.dll
"vidc.vifp"= f:\progra~2\ACEMEG~1\SystemS\vfcodec.dll
"vidc.wrpr"= f:\progra~2\ACEMEG~1\SystemS\aviwrap.dll
"vidc.wnv1"= f:\progra~2\ACEMEG~1\SystemS\wnvplay1.dll
"vidc.3ivx"= f:\progra~2\ACEMEG~1\SystemS\3ivx\3IVXVF~1.DLL
"vidc.3iv0"= f:\progra~2\ACEMEG~1\SystemS\3ivx\3IVXVF~1.DLL
"vidc.3iv1"= f:\progra~2\ACEMEG~1\SystemS\3ivx\3IVXVF~1.DLL
"vidc.3iv2"= f:\progra~2\ACEMEG~1\SystemS\3ivx\3IVXVF~1.DLL
"vidc.3ivd"= f:\progra~2\ACEMEG~1\SystemS\3ivx\3IVXVF~1.DLL
"vidc.advs"= f:\progra~2\ACEMEG~1\SystemS\Adaptec\Dvc.dll
"vidc.aflc"= f:\progra~2\ACEMEG~1\SystemS\Autodesk\FLCCOD~1.DLL
"vidc.afli"= f:\progra~2\ACEMEG~1\SystemS\Autodesk\FLCCOD~1.DLL
"vidc.aasc"= f:\progra~2\ACEMEG~1\SystemS\Autodesk\Aasc32.dll
"vidc.aas4"= f:\progra~2\ACEMEG~1\SystemS\Autodesk\Aasc32.dll
"vidc.asv1"= f:\progra~2\ACEMEG~1\SystemS\ASUS\asusasv1.dll
"vidc.asv2"= asusasv2.dll
"vidc.asvx"= f:\progra~2\ACEMEG~1\SystemS\ASUS\asusasv2.dll
"vidc.vcr1"= f:\progra~2\ACEMEG~1\SystemS\ATI\ativcr1.dll
"vidc.vcr2"= f:\progra~2\ACEMEG~1\SystemS\ATI\ativcr2.dll
"vidc.yv12"= f:\progra~2\ACEMEG~1\SystemS\ATI\atiyuv12.DLL
"vidc.mwv1"= f:\progra~2\ACEMEG~1\SystemS\Aware\icmw_32.dll
"vidc.bt20"= f:\progra~2\ACEMEG~1\SystemS\BROOKT~1\btvvc32.drv
"vidc.y41p"= f:\progra~2\ACEMEG~1\SystemS\BROOKT~1\btvvc32.drv
"msacm.pcdv"= f:\progra~2\ACEMEG~1\SystemS\Canopus\pcdv.acm
"vidc.cdvc"= f:\progra~2\ACEMEG~1\SystemS\Canopus\CSCCDVC.DLL
"vidc.ddvc"= f:\progra~2\ACEMEG~1\SystemS\Canopus\CSCdvsd.DLL
"vidc.png1"= f:\progra~2\ACEMEG~1\SystemS\Core\COREPN~1.DLL
"msacm.CoreFLAC_ACM"= f:\progra~2\ACEMEG~1\SystemS\Core\COREFL~1.ACM
"vidc.davc"= f:\progra~2\ACEMEG~1\SystemS\dicas\davcvfw.dll
"vidc.div3"= f:\progra~2\ACEMEG~1\SystemS\DivX\DivXc32.dll
"vidc.div5"= f:\progra~2\ACEMEG~1\SystemS\DivX\DivXc32.dll
"vidc.mpg3"= f:\progra~2\ACEMEG~1\SystemS\DivX\DivXc32.dll
"vidc.div4"= f:\progra~2\ACEMEG~1\SystemS\DivX\DivXc32f.dll
"vidc.div6"= f:\progra~2\ACEMEG~1\SystemS\DivX\DivXc32f.dll
"vidc.ap41"= f:\progra~2\ACEMEG~1\SystemS\DivX\DivXc32f.dll
"vidc.dvx4"= f:\progra~2\ACEMEG~1\SystemS\DivX\divx4.dll
"vidc.divx"= f:\progra~2\ACEMEG~1\SystemS\DivX\DivX520.dll
"msacm.divxa32"= msaud32_divx.acm
"vidc.frwd"= f:\progra~2\ACEMEG~1\SystemS\Forward\frwd.dll
"vidc.frwt"= f:\progra~2\ACEMEG~1\SystemS\Forward\frwd.dll
"vidc.frwa"= f:\progra~2\ACEMEG~1\SystemS\Forward\frwt.dll
"vidc.frwu"= f:\progra~2\ACEMEG~1\SystemS\Forward\frwu.dll
"vidc.glzw"= f:\progra~2\ACEMEG~1\SystemS\Gabest\GLZW.dll
"vidc.gpeg"= f:\progra~2\ACEMEG~1\SystemS\Gabest\GPEG.dll
"vidc.i263"= f:\progra~2\ACEMEG~1\SystemS\Intel\i263_32.drv
"vidc.iv30"= f:\progra~2\ACEMEG~1\SystemS\Intel\ir32_32.dll
"vidc.iv31"= f:\progra~2\ACEMEG~1\SystemS\Intel\ir32_32.dll
"vidc.iv32"= f:\progra~2\ACEMEG~1\SystemS\Intel\ir32_32.dll
"vidc.iv33"= f:\progra~2\ACEMEG~1\SystemS\Intel\ir32_32.dll
"vidc.iv34"= f:\progra~2\ACEMEG~1\SystemS\Intel\ir32_32.dll
"vidc.iv35"= f:\progra~2\ACEMEG~1\SystemS\Intel\ir32_32.dll
"vidc.iv36"= f:\progra~2\ACEMEG~1\SystemS\Intel\ir32_32.dll
"vidc.iv37"= f:\progra~2\ACEMEG~1\SystemS\Intel\ir32_32.dll
"vidc.iv38"= f:\progra~2\ACEMEG~1\SystemS\Intel\ir32_32.dll
"vidc.iv39"= f:\progra~2\ACEMEG~1\SystemS\Intel\ir32_32.dll
"vidc.iv40"= f:\progra~2\ACEMEG~1\SystemS\Intel\ir41_32.dll
"vidc.iv41"= f:\progra~2\ACEMEG~1\SystemS\Intel\ir41_32.dll
"vidc.iv42"= f:\progra~2\ACEMEG~1\SystemS\Intel\ir41_32.dll
"vidc.iv43"= f:\progra~2\ACEMEG~1\SystemS\Intel\ir41_32.dll
"vidc.iv44"= f:\progra~2\ACEMEG~1\SystemS\Intel\ir41_32.dll
"vidc.iv45"= f:\progra~2\ACEMEG~1\SystemS\Intel\ir41_32.dll
"vidc.iv46"= f:\progra~2\ACEMEG~1\SystemS\Intel\ir41_32.dll
"vidc.iv47"= f:\progra~2\ACEMEG~1\SystemS\Intel\ir41_32.dll
"vidc.iv48"= f:\progra~2\ACEMEG~1\SystemS\Intel\ir41_32.dll
"vidc.iv49"= f:\progra~2\ACEMEG~1\SystemS\Intel\ir41_32.dll
"vidc.iv50"= f:\progra~2\ACEMEG~1\SystemS\Intel\ir50_32.dll
"vidc.ir21"= f:\progra~2\ACEMEG~1\SystemS\Intel\IR21_R.DLL
"vidc.rt21"= f:\progra~2\ACEMEG~1\SystemS\Intel\IR21_R.DLL
"msacm.imc"= f:\progra~2\ACEMEG~1\SystemS\Intel\IMC32.ACM
"vidc.lead"= f:\progra~2\ACEMEG~1\SystemS\LEAD\LCODCCMP.DLL
"vidc.dvsd"= f:\progra~2\ACEMEG~1\SystemS\MAINCO~1\MCDVD_32.DLL
"vidc.dvc"= f:\progra~2\ACEMEG~1\SystemS\MAINCO~1\MCDVD_32.DLL
"vidc.dvcs"= f:\progra~2\ACEMEG~1\SystemS\MAINCO~1\MCDVD_32.DLL
"vidc.dcmj"= f:\progra~2\ACEMEG~1\SystemS\MAINCO~1\MCMJPG32.DLL
"vidc.avi1"= f:\progra~2\ACEMEG~1\SystemS\MAINCO~1\MCMJPG32.DLL
"vidc.avi2"= f:\progra~2\ACEMEG~1\SystemS\MAINCO~1\MCMJPG32.DLL
"vidc.dv25"= f:\progra~2\ACEMEG~1\SystemS\Matrox\DigiVCap.dll
"vidc.dv50"= f:\progra~2\ACEMEG~1\SystemS\Matrox\DigiVCap.dll
"vidc.msmc"= f:\progra~2\ACEMEG~1\SystemS\Matrox\DigiVCap.dll
"vidc.mmjp"= f:\progra~2\ACEMEG~1\SystemS\Matrox\DigiVCap.dll
"vidc.mtx1"= f:\progra~2\ACEMEG~1\SystemS\Matrox\DigiVCap.dll
"vidc.mtx2"= f:\progra~2\ACEMEG~1\SystemS\Matrox\DigiVCap.dll
"vidc.mtx3"= f:\progra~2\ACEMEG~1\SystemS\Matrox\DigiVCap.dll
"vidc.mtx4"= f:\progra~2\ACEMEG~1\SystemS\Matrox\DigiVCap.dll
"vidc.mtx5"= f:\progra~2\ACEMEG~1\SystemS\Matrox\DigiVCap.dll
"vidc.mtx6"= f:\progra~2\ACEMEG~1\SystemS\Matrox\DigiVCap.dll
"vidc.mtx7"= f:\progra~2\ACEMEG~1\SystemS\Matrox\DigiVCap.dll
"vidc.mtx8"= f:\progra~2\ACEMEG~1\SystemS\Matrox\DigiVCap.dll
"vidc.mtx9"= f:\progra~2\ACEMEG~1\SystemS\Matrox\DigiVCap.dll
"vidc.mmes"= f:\progra~2\ACEMEG~1\SystemS\Matrox\DigiVCap.dll
"msacm.msadpcm"= f:\progra~2\ACEMEG~1\SystemS\MICROS~1\msadp32.acm
"msacm.imaadpcm"= f:\progra~2\ACEMEG~1\SystemS\MICROS~1\imaadp32.acm
"msacm.msg711"= f:\progra~2\ACEMEG~1\SystemS\MICROS~1\msg711.acm
"msacm.msg723"= f:\progra~2\ACEMEG~1\SystemS\MICROS~1\msg723.acm
"msacm.msgsm610"= f:\progra~2\ACEMEG~1\SystemS\MICROS~1\msgsm32.acm
"vidc.m261"= f:\progra~2\ACEMEG~1\SystemS\MICROS~1\msh261.drv
"vidc.m263"= f:\progra~2\ACEMEG~1\SystemS\MICROS~1\msh263.drv
"vidc.mrle"= f:\progra~2\ACEMEG~1\SystemS\MICROS~1\msrle32.dll
"vidc.msvc"= f:\progra~2\ACEMEG~1\SystemS\MICROS~1\msvidc32.dll
"vidc.cram"= f:\progra~2\ACEMEG~1\SystemS\MICROS~1\msvidc32.dll
"vidc.mpg4"= f:\progra~2\ACEMEG~1\SystemS\MICROS~1\mpg4c32.dll
"vidc.mp41"= f:\progra~2\ACEMEG~1\SystemS\MICROS~1\mpg4c32.dll
"vidc.mp42"= f:\progra~2\ACEMEG~1\SystemS\MICROS~1\mpg4c32.dll
"vidc.mp43"= f:\progra~2\ACEMEG~1\SystemS\MICROS~1\mpg4c32.dll
"vidc.mp4s"= f:\progra~2\ACEMEG~1\SystemS\MICROS~1\mpg4c32.dll
"vidc.mp4v"= f:\progra~2\ACEMEG~1\SystemS\MICROS~1\mpg4c32.dll
"vidc.wmv3"= f:\progra~2\ACEMEG~1\SystemS\MICROS~1\WMV9VCM.dll
"msacm.msaudio1"= f:\progra~2\ACEMEG~1\SystemS\MICROS~1\msaud32.acm
"vidc.vixl"= f:\progra~2\ACEMEG~1\SystemS\Miro\miroxl32.dll
"vidc.nt00"= f:\progra~2\ACEMEG~1\SystemS\Newtek\ntcodec.dll
"msacm.vorbis"= f:\progra~2\ACEMEG~1\SystemS\OGG\vorbis.acm
"vidc.vp30"= f:\progra~2\ACEMEG~1\SystemS\ON2TEC~1\vp31vfw.dll
"vidc.vp31"= f:\progra~2\ACEMEG~1\SystemS\ON2TEC~1\vp31vfw.dll
"vidc.vp60"= f:\progra~2\ACEMEG~1\SystemS\ON2TEC~1\vp6vfw.dll
"vidc.vp61"= f:\progra~2\ACEMEG~1\SystemS\ON2TEC~1\vp6vfw.dll
"vidc.pdvc"= f:\progra~2\ACEMEG~1\SystemS\PANASO~1\idvcodec.dll
"vidc.ipdv"= f:\progra~2\ACEMEG~1\SystemS\PANASO~1\idvcodec.dll
"vidc.pvw2"= f:\progra~2\ACEMEG~1\SystemS\Pegasus\pvwv220.dll
"vidc.pimj"= f:\progra~2\ACEMEG~1\SystemS\Pegasus\pvljpg20.dll
"vidc.mjpx"= f:\progra~2\ACEMEG~1\SystemS\Pegasus\pvmjpg21.dll
"vidc.miro"= f:\progra~2\ACEMEG~1\SystemS\Pinnacle\MIRODV~1.DLL
"vidc.dcap"= f:\progra~2\ACEMEG~1\SystemS\Pinnacle\MIRODV~1.DLL
"vidc.mjpa"= f:\progra~2\ACEMEG~1\SystemS\Pinnacle\RTMJPG~1.DLL
"vidc.gpjm"= f:\progra~2\ACEMEG~1\SystemS\Pinnacle\RTMJPG~1.DLL
"vidc.pim1"= f:\progra~2\ACEMEG~1\SystemS\Pinnacle\pclepim1.dll
"msacm.qmpeg"= f:\progra~2\ACEMEG~1\SystemS\QDesign\qmpeg.acm
"vidc.rmp4"= f:\progra~2\ACEMEG~1\SystemS\REALMA~1\rmp4.dll
"vidc.rud0"= f:\progra~2\ACEMEG~1\SystemS\Rududu\rududu.dll
"msacm.at3"= f:\progra~2\ACEMEG~1\SystemS\SONY\atrac3.acm
"vidc.sony"= f:\progra~2\ACEMEG~1\SystemS\SONY\sonydv.dll
"vidc.dvcp"= f:\progra~2\ACEMEG~1\SystemS\SONY\sonydv.dll
"vidc.s422"= f:\progra~2\ACEMEG~1\SystemS\Tekram\tekyuv.dll
"vidc.t420"= f:\progra~2\ACEMEG~1\SystemS\Toshiba\tsbyuv.dll
"vidc.y411"= f:\progra~2\ACEMEG~1\SystemS\Toshiba\tsbyuv.dll
"vidc.vssv"= f:\progra~2\ACEMEG~1\SystemS\VANGUA~1\vsscodec.dll
"msacm.voxacm160"= f:\progra~2\ACEMEG~1\SystemS\VoxWare\vct3216.acm

[HKLM\~\startupfolder\F:^Documents and Settings^All Users^Menu Start^Programy^Autostart^HP Digital Imaging Monitor.lnk]
path=f:\documents and settings\All Users\Menu Start\Programy\Autostart\HP Digital Imaging Monitor.lnk
backup=f:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\F:^Documents and Settings^Bartek^Menu Start^Programy^Autostart^OpenOffice.org 2.4.lnk]
path=f:\documents and settings\Bartek\Menu Start\Programy\Autostart\OpenOffice.org 2.4.lnk
backup=f:\windows\pss\OpenOffice.org 2.4.lnkStartup

[HKLM\~\startupfolder\F:^Documents and Settings^Bartek^Menu Start^Programy^Autostart^Picture Motion Browser Media Check Tool.lnk]
path=f:\documents and settings\Bartek\Menu Start\Programy\Autostart\Picture Motion Browser Media Check Tool.lnk
backup=f:\windows\pss\Picture Motion Browser Media Check Tool.lnkStartup

[HKLM\~\startupfolder\F:^Documents and Settings^Bartek^Menu Start^Programy^Autostart^RocketDock.lnk]
path=f:\documents and settings\Bartek\Menu Start\Programy\Autostart\RocketDock.lnk
backup=f:\windows\pss\RocketDock.lnkStartup

[HKLM\~\startupfolder\F:^Documents and Settings^Bartek^Menu Start^Programy^Autostart^Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk]
path=f:\documents and settings\Bartek\Menu Start\Programy\Autostart\Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk
backup=f:\windows\pss\Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnkStartup

[HKLM\~\startupfolder\F:^Documents and Settings^Bartek^Menu Start^Programy^Autostart^Xfire.lnk]
path=f:\documents and settings\Bartek\Menu Start\Programy\Autostart\Xfire.lnk
backup=f:\windows\pss\Xfire.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-06-12 01:38 34672 f:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
--a------ 2008-11-23 01:36 203720 f:\program files\Alcohol Soft\Alcohol 120\AxCmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
--a------ 2008-07-22 19:42 116040 f:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS SmartDoctor]
--a------ 2008-06-30 15:22 1150976 c:\program files\ASUS\SmartDoctor\SmartDoctor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUSGamerOSD]
--a------ 2008-06-26 11:51 380928 f:\program files\ASUS\GamerOSD\GamerOSD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
--a------ 2008-08-08 13:11 490952 f:\programy bartek\damon tools\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core]
--a------ 2009-01-09 21:11 3321856 f:\program files\Electronic Arts\EADM\Core.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EasyTuneV]
--a------ 2007-01-04 16:05 24576 f:\program files\Gigabyte\ET5\ETcall.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
--------- 2006-11-02 07:55 1397760 f:\program files\Ahead\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 09:50 155648 f:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 2004-11-02 19:24 32768 f:\programy bartek\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\THGuard]
--a------ 2008-10-24 13:23 1056928 f:\program files\TrojanHunter 5.0\THGuard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wru]
--a------ 2008-11-20 17:10 2167808 f:\program files\Wru\Wru.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"f:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"f:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"f:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"f:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"f:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"f:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"f:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"f:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"f:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"f:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\emule\\emule.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"f:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"f:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"f:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"f:\\Program Files\\uTorrent\\uTorrent.exe"=
"f:\\Program Files\\Wru\\Wru.exe"=
"f:\\Program Files\\AVG\\AVG8\\avgam.exe"=
"f:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"f:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"e:\\assasins 1\\AssassinsCreed_Dx9.exe"=
"e:\\assasins 1\\AssassinsCreed_Dx10.exe"=
"e:\\assasins 1\\AssassinsCreed_Launcher.exe"=
"f:\\WINDOWS\\system32\\PnkBstrA.exe"=
"f:\\WINDOWS\\system32\\PnkBstrB.exe"=
"f:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"=
"f:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW.exe"=
"d:\\mirrirs edge\\Binaries\\MirrorsEdge.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"25541:TCP"= 25541:TCP:BitComet 25541 TCP
"25541:UDP"= 25541:UDP:BitComet 25541 UDP

R0 AvgRkx86;avgrkx86.sys;f:\windows\system32\drivers\avgrkx86.sys [2008-12-24 12552]
R1 AvgLdx86;AVG AVI Loader Driver x86;f:\windows\system32\drivers\avgldx86.sys [2008-12-24 325128]
R1 AvgTdiX;AVG8 Network Redirector;f:\windows\system32\drivers\avgtdix.sys [2008-12-24 107272]
R3 AtiHdmiService;ATI Function Driver for HDMI Service;f:\windows\system32\drivers\AtiHdmi.sys [2008-12-24 93696]
R3 Avgfwdx;Avgfwdx;f:\windows\system32\drivers\avgfwdx.sys [2008-12-24 29208]
R3 WFIOCTL;WFIOCTL;f:\program files\WinFast\WFTVFM\WFIOCTL.sys [2008-08-21 9446]
R4 avg8wd;AVG8 WatchDog;f:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-12-24 298264]
R4 avgfws8;AVG8 Firewall;f:\progra~1\AVG\AVG8\avgfws8.exe [2008-12-24 1339600]
S3 Avgfwfd;AVG network filter service;f:\windows\system32\drivers\avgfwdx.sys [2008-12-24 29208]
S3 MarkFun_NT;MarkFun_NT;f:\program files\Gigabyte\ET5\MARKFUN.W32 [2008-08-23 19776]
S3 PSI;PSI;f:\windows\system32\drivers\psi_mf.sys [2008-06-16 7808]
S3 SunkFilt6;Alcor Micro Corp - 6360;\??\f:\windows\System32\Drivers\sunkfilt6.sys --> f:\windows\System32\Drivers\sunkfilt6.sys [?]
S3 SunkFilt62;Alcor Micro Corp - 6362;\??\f:\windows\System32\Drivers\sunkfilt62.sys --> f:\windows\System32\Drivers\sunkfilt62.sys [?]

--- Inne Usługi/Sterowniki w Pamięci ---

*Deregistered* - mchInjDrv

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12   REG_MULTI_SZ      Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt   REG_MULTI_SZ      hpqcxs08 hpqddsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{88e51e8b-6ef0-11dd-8970-806d6172696f}]
\Shell\AutoRun\command - K:\Run.exe
.
Zawartość folderu 'Zaplanowane zadania'

2008-08-31 f:\windows\Tasks\AppleSoftwareUpdate.job
- f:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57]
.
- - - - USUNIĘTO PUSTE WPISY - - - -

MSConfigStartUp-QuickTime Task - f:\program files\QuickTime\QTTask.exe


.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www.daemon-search.com/startpage
IE: E&ksportuj do programu Microsoft Excel - f:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: { - f:\program files\Messenger\msmsgs.exe
FF - ProfilePath - f:\documents and settings\Bartek\Dane aplikacji\Mozilla\Firefox\Profiles\5kllfmfa.default\
FF - plugin: f:\programy bartek\ACE Mega CoDecS Pack\SystemS\RealMedia\Browser\plugins\nppl3260.dll
FF - plugin: f:\programy bartek\ACE Mega CoDecS Pack\SystemS\RealMedia\Browser\plugins\nprpjplug.dll

---- FIREFOX - SPOSÓB POSTĘPOWANIA ----
FF - user.js: network.prefetch-next - true
FF - user.js: nglayout.initialpaint.delay - 50
FF - user.js: layout.spellcheckDefault - 1
FF - user.js: browser.urlbar.autoFill - false
FF - user.js: browser.search.openintab - false
FF - user.js: browser.tabs.closeButtons - 1
FF - user.js: browser.tabs.opentabfor.middleclick - true
FF - user.js: browser.tabs.tabMinWidth - 100
FF - user.js: browser.urlbar.hideGoButton - true
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-08 19:31:24
Windows 5.1.2600 Dodatek Service Pack 3 NTFS

skanowanie ukrytych procesów ... 

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ... 

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MarkFun_NT]
"ImagePath"="\??\f:\program files\Gigabyte\ET5\markfun.w32"
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------

[HKEY_USERS\S-1-5-21-507921405-1547161642-725345543-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:c3,3b,40,4c,65,cd,34,98,c4,db,6e,ea,b3,75,8e,ed,00,f3,35,1b,a1,a2,34,
   e0,86,d2,d3,7f,b4,0f,d2,96,ab,00,20,2c,95,0f,d8,c1,1c,d0,34,85,65,17,b6,84,\
"??"=hex:59,e5,97,70,47,08,a5,1e,f6,13,83,cc,52,0d,a6,6c

[HKEY_USERS\S-1-5-21-507921405-1547161642-725345543-1004\Software\SecuROM\License information*]
"datasecu"=hex:75,dc,da,45,fe,f7,f4,42,47,f5,42,9f,29,17,ee,d4,ff,dc,21,33,b0,
   88,f4,7e,35,50,e1,15,2e,3e,c9,30,1d,63,0f,0f,22,fa,b0,b4,2d,ba,9e,ba,fa,96,\
"rkeysecu"=hex:91,3b,7a,79,f8,fa,a4,05,76,53,5d,cb,8d,12,53,97
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------

- - - - - - - > 'winlogon.exe'(996)
f:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(1052)
f:\windows\system32\scecli.dll
.
Czas ukończenia: 2009-02-08 19:32:33
ComboFix-quarantined-files.txt  2009-02-08 18:32:31
ComboFix2.txt  2009-01-30 21:47:29
ComboFix3.txt  2008-11-24 22:11:27

Przed: 910 299 136 bajtów wolnych
Po: 906,973,184 bajtów wolnych

513   --- E O F ---   2009-01-15 02:00:47


a także HJ...

Kod: Zaznacz wszystko

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:35:06, on 2009-02-08
Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\Ati2evxx.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\Program Files\Ahead\InCD\InCDsrv.exe
F:\WINDOWS\system32\Ati2evxx.exe
F:\WINDOWS\system32\spoolsv.exe
F:\Program Files\a-squared Anti-Malware\a2service.exe
F:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
F:\WINDOWS\ATKKBService.exe
F:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
F:\PROGRA~1\AVG\AVG8\avgfws8.exe
F:\WINDOWS\system32\svchost.exe
F:\Program Files\Java\jre6\bin\jqs.exe
F:\Program Files\Common Files\LightScribe\LSSrvc.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\PnkBstrA.exe
F:\WINDOWS\system32\PSIService.exe
F:\PROGRA~1\AVG\AVG8\avgam.exe
F:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
F:\PROGRA~1\AVG\AVG8\avgrsx.exe
F:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\RTHDCPL.EXE
F:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
F:\PROGRA~1\AVG\AVG8\avgnsx.exe
F:\Program Files\WinFast\WFTVFM\WFWIZ.exe
F:\Program Files\HP\HP Software Update\HPWuSchd2.exe
F:\Program Files\Java\jre6\bin\jusched.exe
F:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
F:\PROGRA~1\AVG\AVG8\avgtray.exe
F:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
E:\corel photo shop pro x2\CorelIOMonitor.exe
F:\WINDOWS\system32\ctfmon.exe
F:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
F:\WINDOWS\explorer.exe
F:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - F:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - F:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - F:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - F:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - F:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - F:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - F:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - F:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [JMB36X IDE Setup] F:\WINDOWS\JM\JMInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] F:\WINDOWS\system32\JMRaidSetup.exe boot
O4 - HKLM\..\Run: [WinFast Schedule] F:\Program Files\WinFast\WFTVFM\WFWIZ.exe
O4 - HKLM\..\Run: [LGODDFU] "F:\Program Files\lg_fwupdate\fwupdate.exe"
O4 - HKLM\..\Run: [HP Software Update] F:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "F:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "F:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] F:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [StartCCC] "F:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Corel File Shell Monitor] E:\corel photo shop pro x2\CorelIOMonitor.exe
O4 - HKLM\..\Run: [a-squared] "F:\PROGRAM FILES\A-SQUARED ANTI-MALWARE\a2guard.exe" /d=60
O4 - HKLM\..\Run: [MSConfig] F:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto
O4 - HKLM\..\Run: [Corel Photo Downloader] "F:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup
O4 - HKCU\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://F:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - F:\programy Bartek\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - F:\programy Bartek\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Kolekcja wycinków HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - F:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Zaznaczanie HP Smart - {700259D7-1666-479a-93B1-3250410481E8} - F:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O12 - Plugin for .spop: F:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - F:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - F:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - F:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - F:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: Apple Mobile Device - Apple Inc. - F:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - F:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - F:\WINDOWS\ATKKBService.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - F:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - F:\PROGRA~1\AVG\AVG8\avgfws8.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - F:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - F:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - F:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - F:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: PnkBstrA - Unknown owner - F:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ProtexisLicensing - Unknown owner - F:\WINDOWS\system32\PSIService.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - F:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - F:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - F:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - F:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 9240 bytes


z góry dziękuję za pomoc.......

[wojtas]

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present

skasuj w hijacku

1. Ściągnij OTMoveIt i go włacz i odpal go z opcji CleanUp oraz skasuj folder C:\Qoobox
2. wykonaj optymalizację windowsa
3.sciagnij ATF_Cleaner
zaznacz
Windows Temp
All users Temp
Temporary internet files
Recycle Bin
i wcisnij EMPTY SELECTED
4.Wyłącz przywracanie systemu ( właściwości mój komputer-zakładka przywracanie - wyłącz przywracanie na wszystkich dyskach). Po chwili włącz je powrotem
5. Wykonaj skan Dr. Web CureIt
6. Przeskanuj obszar mojego komputera http://www.kaspersky.pl/virusscanner.html (uruchom przez IE) Daj raport z niego na forum.

i tym:

FixIEDef.