spowolnienie internetu i systemu..

[Mati92]

Witam mam problem poniewaz strasznie ostatnio mi zwolnił internet tzn wczytywanie stron...a także system mi zamula bardzo...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:56:19, on 2008-05-26
Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AutoConnect\AutoConnect.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\DOCUME~1\Chrypek\USTAWI~1\Temp\RarSFX0\jccatch.dll (file missing)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O3 - Toolbar: &Tłumaczenie - {0D704FAD-66E9-4F0A-BFED-4F665770DDB3} - C:\Program Files\Techland\Common\InternetTranslator\InternetTranslator.dll
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AutoConnect] C:\Program Files\AutoConnect\AutoConnect.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [USDownloader] "C:\Documents and Settings\Chrypek\Pulpit\USDownloader 26-05-2008_By Chrypek\USDownloader 26-05-2008_By Chrypek\USDownloader.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O8 - Extra context menu item: &Download All with Rapidshare Downloader - C:\DOCUME~1\Chrypek\USTAWI~1\Temp\RarSFX0\jc_all.htm
O8 - Extra context menu item: &Download with Rapidshare Downloader - C:\DOCUME~1\Chrypek\USTAWI~1\Temp\RarSFX0\jc_link.htm
O8 - Extra context menu item: Download with Rapget - C:\Documents and Settings\Chrypek\Pulpit\Rapget\rapget.htm
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Statystyki dla ochrony WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {B46B0919-62BA-4D99-A5C4-916B57A6805C} - C:\Program Files\Techland\Common\InternetTranslator\InternetTranslator.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Techland\Common\InternetTranslator\InternetTranslator.dll,-103 - {B46B0919-62BA-4D99-A5C4-916B57A6805C} - C:\Program Files\Techland\Common\InternetTranslator\InternetTranslator.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{B4914076-C5D3-476A-B33A-CC41483C9F39}: NameServer = 194.204.159.1 217.98.63.164
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe

--
End of file - 6577 bytes

[Okocza]

kosmetyka w hijacku

O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\DOCUME~1\Chrypek\USTAWI~1\Temp\RarSFX0\jccatch.dll (file missing)

poproszę o log z Combofixa

[Magik]

Witam

do tego log z combofix'a, bo HJT czysty
+ klasyka tematu by okocza
1. Ściągnij OTMoveIt i go włacz i odpal go z opcji CleanUp
2. wykonaj optymalizację windowsa
3.sciagnij ATF_Cleaner
zaznacz
Windows Temp
All users Temp
Temporary internet files
Recycle Bin
i wcisnij EMPTY SELECTED
4.Wyłącz przywracanie systemu ( właściwości mój komputer-zakładka przywracanie - wyłącz przywracanie na wszystkich dyskach). Po chwili włącz je powrotem

[Mati92]

LOG z COMBOFIX

ComboFix 08-05-25.5 - Chrypek 2008-05-26 18:08:06.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1250.1.1045.18.665 [GMT 2:00]
Running from: C:\Documents and Settings\Chrypek\Pulpit\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-04-26 to 2008-05-26 )))))))))))))))))))))))))))))))
.

2008-05-25 20:49 . 2008-05-25 20:48 1,048,576 --a------ C:\WINDOWS\system32\Engine.dll
2008-05-25 20:47 . 2008-05-25 20:47 <DIR> d-------- C:\Program Files\SystemRequirementsLab
2008-05-25 20:46 . 2008-05-25 20:46 <DIR> d-------- C:\WINDOWS\Sun
2008-05-25 20:46 . 2008-05-25 20:47 <DIR> d-------- C:\Documents and Settings\Chrypek\SystemRequirementsLab
2008-05-25 20:45 . 2008-05-25 20:45 <DIR> d-------- C:\Program Files\Sun
2008-05-25 20:45 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-05-25 20:44 . 2008-05-25 20:45 <DIR> d-------- C:\Program Files\Java
2008-05-25 20:40 . 2008-05-25 20:40 <DIR> d-------- C:\Program Files\Common Files\Java
2008-05-25 19:57 . 2008-05-25 19:57 <DIR> d-------- C:\Program Files\WapSter
2008-05-25 19:57 . 2008-05-25 19:57 <DIR> d-------- C:\Documents and Settings\Chrypek\WapSter
2008-05-25 19:49 . 2008-05-25 19:49 <DIR> d-------- C:\Program Files\MyPortal
2008-05-25 19:28 . 2008-05-25 19:28 <DIR> d-------- C:\Program Files\Gadu-Gadu
2008-05-25 12:33 . 2008-05-25 12:33 <DIR> d-------- C:\Documents and Settings\NetworkService\Dane aplikacji\Xfire
2008-05-25 12:24 . 2008-05-25 19:20 <DIR> d---s---- C:\Program Files\Xfire
2008-05-25 12:24 . 2008-05-25 19:32 <DIR> d-------- C:\Documents and Settings\Chrypek\Dane aplikacji\Xfire
2008-05-25 12:23 . 2008-05-25 12:23 271,360 --a------ C:\WINDOWS\system32\drivers\atksgt.sys
2008-05-25 12:23 . 2008-05-25 12:23 18,048 --a------ C:\WINDOWS\system32\drivers\lirsgt.sys
2008-05-24 14:16 . 2008-05-24 14:16 <DIR> d-------- C:\Program Files\Techland
2008-05-24 14:14 . 2008-05-24 14:14 <DIR> d-------- C:\Program Files\DAEMON Tools Lite
2008-05-24 14:12 . 2008-05-24 14:12 <DIR> d-------- C:\Documents and Settings\Chrypek\Dane aplikacji\DAEMON Tools
2008-05-24 14:12 . 2008-05-24 14:12 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-05-23 23:00 . 2008-05-23 23:00 <DIR> d-------- C:\Program Files\Damian Pasternak
2008-05-23 10:26 . 2008-05-23 10:26 <DIR> dr-h----- C:\Documents and Settings\Chrypek\Dane aplikacji\SecuROM
2008-05-23 10:26 . 2008-05-23 10:26 108,144 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2008-05-18 19:02 . 2006-10-26 19:56 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll
2008-05-18 18:59 . 2008-05-18 18:59 <DIR> d-------- C:\Program Files\MSBuild
2008-05-18 18:59 . 2008-05-18 18:59 <DIR> d-------- C:\Program Files\Microsoft Works
2008-05-18 18:58 . 2008-05-18 18:58 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-05-18 18:50 . 2008-05-18 18:50 <DIR> d-------- C:\Program Files\Microsoft Visual Studio 8
2008-05-18 18:49 . 2008-05-18 18:59 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-05-18 18:49 . 2008-05-18 19:02 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Microsoft Help
2008-05-18 18:48 . 2008-05-18 18:48 <DIR> dr-h----- C:\MSOCache
2008-05-18 17:24 . 2008-05-18 17:24 <DIR> d-------- C:\WINDOWS\Caps
2008-05-18 12:32 . 2008-05-18 12:32 <DIR> d-------- C:\Program Files\uTorrent
2008-05-18 12:32 . 2008-05-18 12:34 <DIR> d-------- C:\Documents and Settings\Chrypek\Dane aplikacji\uTorrent
2008-05-17 19:29 . 2000-05-22 00:00 1,009,336 --a------ C:\WINDOWS\system32\Mschrt20.ocx
2008-05-17 19:29 . 2005-06-15 03:00 102,400 --a------ C:\WINDOWS\system32\tsccvid.dll
2008-05-17 19:21 . 2008-05-26 17:50 <DIR> d-------- C:\Documents and Settings\Chrypek\Dane aplikacji\foobar2000
2008-05-17 19:20 . 2008-05-17 19:21 <DIR> d-------- C:\Program Files\foobar2000
2008-05-17 18:48 . 2008-05-17 18:53 <DIR> d-------- C:\Program Files\ATITool
2008-05-17 17:59 . 2008-04-14 00:15 26,368 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2008-05-17 15:47 . 2008-05-24 10:02 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-05-17 15:36 . 2008-05-19 09:31 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-05-17 14:02 . 2008-05-17 14:02 <DIR> d-------- C:\WINDOWS\system32\URTTEMP
2008-05-17 12:56 . 2005-07-29 17:12 2,977,792 --------- C:\WINDOWS\UNNMP.exe
2008-05-17 12:56 . 2005-09-16 14:10 49,857 --------- C:\WINDOWS\UNNMP.cfg
2008-05-17 12:54 . 2008-05-17 12:54 <DIR> d-------- C:\Program Files\Common Files\Nero
2008-05-17 12:54 . 2001-07-09 11:50 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2008-05-17 12:53 . 2008-05-17 12:53 <DIR> d-------- C:\Program Files\Common Files\Ahead
2008-05-17 12:53 . 2008-05-17 12:56 <DIR> d-------- C:\Program Files\Ahead
2008-05-17 12:53 . 2008-05-17 12:53 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Ahead
2008-05-17 12:53 . 2005-07-12 19:06 2,973,696 --------- C:\WINDOWS\UNNeroVision.exe
2008-05-17 12:53 . 2004-07-26 17:16 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll
2008-05-17 12:53 . 2004-07-26 17:16 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll
2008-05-17 12:53 . 2004-07-26 17:16 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll
2008-05-17 12:53 . 2004-07-09 09:43 364,544 --------- C:\WINDOWS\system32\TwnLib4.dll
2008-05-17 12:53 . 2004-07-26 17:16 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll
2008-05-17 12:53 . 2005-09-16 14:10 154,568 --------- C:\WINDOWS\UNNeroVision.cfg
2008-05-17 12:53 . 2000-06-26 11:45 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
2008-05-17 12:53 . 2001-06-26 08:15 38,912 --------- C:\WINDOWS\system32\picn20.dll
2008-05-17 12:39 . 2008-05-17 12:39 <DIR> d-------- C:\Program Files\Kaspersky Lab
2008-05-17 12:39 . 2008-05-26 17:52 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab
2008-05-17 12:39 . 2008-05-26 18:18 4,105,504 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-05-17 12:39 . 2008-05-26 18:18 236,576 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-05-17 12:39 . 2008-05-17 12:46 96,645 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-05-17 12:39 . 2008-05-17 12:46 87,941 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-05-17 12:39 . 2008-05-26 17:51 68,288 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-05-17 12:39 . 2008-05-26 17:51 29,252 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-05-17 12:38 . 2008-05-17 12:38 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files
2008-05-17 12:37 . 2008-05-17 12:37 <DIR> d-------- C:\Program Files\Real Alternative
2008-05-17 12:37 . 2008-05-17 12:37 <DIR> d-------- C:\Program Files\MarBit
2008-05-17 12:36 . 2008-05-17 12:36 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
2008-05-17 12:34 . 2008-05-17 12:34 <DIR> d-------- C:\Documents and Settings\Chrypek\Dane aplikacji\Gadu-Gadu
2008-05-17 12:33 . 2008-05-25 20:07 <DIR> d-------- C:\Documents and Settings\Chrypek\Gadu-Gadu
2008-05-17 12:32 . 2008-05-17 12:32 <DIR> d-------- C:\Program Files\UltraISO
2008-05-17 12:32 . 2008-05-17 12:32 <DIR> d-------- C:\Program Files\Common Files\EZB Systems
2008-05-17 12:31 . 2008-05-17 12:31 0 --a------ C:\WINDOWS\nsreg.dat
2008-05-17 12:24 . 2008-05-17 12:24 <DIR> d-------- C:\Documents and Settings\Chrypek\Dane aplikacji\ATI
2008-05-17 12:24 . 2008-05-17 12:24 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\ATI
2008-05-17 12:23 . 2008-05-17 12:23 0 --a------ C:\WINDOWS\ativpsrm.bin
2008-05-17 12:16 . 2008-05-17 12:17 <DIR> d-------- C:\Program Files\ATI Technologies
2008-05-17 12:16 . 2008-03-28 21:05 593,920 --------- C:\WINDOWS\system32\ati2sgag.exe
2008-05-17 12:16 . 2008-05-17 14:01 1,026 --a------ C:\WINDOWS\unins000.dat
2008-05-17 12:15 . 2008-05-17 12:15 <DIR> d-------- C:\ATI
2008-05-17 12:07 . 2008-05-17 12:07 <DIR> d-------- C:\Program Files\Realtek Sound Manager
2008-05-17 12:07 . 2008-05-17 12:07 <DIR> d-------- C:\Program Files\AvRack
2008-05-17 12:07 . 2008-05-26 17:52 <DIR> d-------- C:\Program Files\AutoConnect
2008-05-17 12:06 . 2000-03-29 16:17 5,824 --a------ C:\WINDOWS\system32\drivers\ASUSHWIO.SYS
2008-05-17 12:06 . 2008-05-17 12:06 2,507 --a------ C:\WINDOWS\Ascd_tmp.ini
2008-05-17 12:04 . 2008-05-17 12:04 <DIR> d-------- C:\Program Files\Thomson
2008-05-17 12:04 . 2008-05-25 12:16 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2008-05-17 12:04 . 2003-12-08 11:53 70,688 --a------ C:\WINDOWS\system32\drivers\alcaudsl.sys
2008-05-17 12:04 . 2003-12-08 11:53 53,600 --a------ C:\WINDOWS\system32\drivers\alcan5wn.sys
2008-05-17 12:04 . 2003-12-08 11:53 5,606 --a------ C:\WINDOWS\system32\stci.dll
2008-05-17 12:04 . 2003-12-08 11:53 5,280 --a------ C:\WINDOWS\system32\drivers\alcawh.sys
2008-05-17 12:04 . 2003-12-08 11:53 3,968 --a------ C:\WINDOWS\system32\drivers\alcacr.sys
2008-05-17 12:03 . 2008-05-17 12:03 <DIR> d--hs---- C:\WINDOWS\ftpcache
2008-05-17 12:03 . 2008-05-24 14:15 <DIR> d-------- C:\Program Files\Common Files\InstallShield
2008-05-17 12:02 . 2008-05-26 18:17 <DIR> d--h----- C:\Documents and Settings\Chrypek\Ustawienia lokalne
2008-05-17 12:02 . 2008-05-17 12:02 <DIR> dr------- C:\Documents and Settings\Chrypek\Ulubione
2008-05-17 12:02 . 2008-05-17 11:45 <DIR> d--h----- C:\Documents and Settings\Chrypek\Szablony
2008-05-17 12:02 . 2008-05-26 18:06 <DIR> d-------- C:\Documents and Settings\Chrypek\Pulpit
2008-05-17 12:02 . 2008-05-23 21:29 <DIR> dr------- C:\Documents and Settings\Chrypek\Moje dokumenty
2008-05-17 12:02 . 2008-05-25 19:28 <DIR> dr------- C:\Documents and Settings\Chrypek\Menu Start
2008-05-17 12:02 . 2008-05-26 00:39 <DIR> dr-h----- C:\Documents and Settings\Chrypek\Dane aplikacji
2008-05-17 12:02 . 2008-05-25 20:46 <DIR> d-------- C:\Documents and Settings\Chrypek
2008-05-17 12:01 . 2008-05-17 12:01 <DIR> d---s---- C:\WINDOWS\system32\Microsoft
2008-05-17 12:01 . 2008-05-26 18:17 <DIR> d--h----- C:\Documents and Settings\LocalService\Ustawienia lokalne
2008-05-17 12:01 . 2008-05-17 12:01 <DIR> d-------- C:\Documents and Settings\LocalService\Dane aplikacji
2008-05-17 12:01 . 2008-05-17 12:01 <DIR> d--hs---- C:\Documents and Settings\LocalService
2008-05-14 03:29 . 2008-05-14 03:29 41,296 --a------ C:\WINDOWS\system32\xfcodec.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-17 09:49 --------- d-----w C:\Program Files\microsoft frontpage
2008-05-17 09:48 --------- d-----w C:\Program Files\Usługi online
2008-05-17 09:45 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-04-25 14:09 999,936 ----a-w C:\WINDOWS\system32\syssetup.dll
2008-04-25 14:09 1,571,840 ----a-w C:\WINDOWS\system32\sfcfiles.dll
2008-04-25 14:07 991,744 ----a-w C:\WINDOWS\system32\drmv2clt.dll
2008-04-15 01:04 1,246,357 ----a-r C:\WINDOWS\SET3.tmp
2008-04-15 00:56 16,825 ----a-r C:\WINDOWS\SET8.tmp
2008-04-15 00:56 1,088,840 ----a-r C:\WINDOWS\SET4.tmp
2008-04-14 23:16 1,804 ----a-w C:\WINDOWS\system32\Dcache.bin
2008-04-14 22:56 332,288 ----a-w C:\WINDOWS\system32\netsetup.exe
2008-04-14 22:52 92,424 ----a-w C:\WINDOWS\system32\rdpdd.dll
2008-04-14 22:52 87,176 ----a-w C:\WINDOWS\system32\rdpwsx.dll
2008-04-14 22:52 299,520 ----a-w C:\WINDOWS\system32\drmclien.dll
2008-04-14 22:52 21,896 ----a-w C:\WINDOWS\system32\drivers\tdtcp.sys
2008-04-14 22:52 139,656 ----a-w C:\WINDOWS\system32\drivers\rdpwd.sys
2008-04-14 22:52 12,168 ----a-w C:\WINDOWS\system32\tsddd.dll
2008-04-14 22:52 12,040 ----a-w C:\WINDOWS\system32\drivers\tdpipe.sys
2008-04-14 22:50 997,888 ----a-w C:\WINDOWS\system32\setupapi.dll
2008-04-14 22:49 98,304 ----a-w C:\WINDOWS\system32\actxprxy.dll
2008-04-14 22:48 5,632 ----a-w C:\WINDOWS\system32\wmi.dll
2008-04-14 22:48 1,449,472 ----a-w C:\WINDOWS\system32\winntbbu.dll
2008-04-14 22:47 57,375 ----a-w C:\WINDOWS\system32\odbcji32.dll
2008-04-14 22:47 103,424 ----a-w C:\WINDOWS\system32\dpcdll.dll
2008-04-14 22:43 4,126 ----a-w C:\WINDOWS\system32\msdxmlc.dll
2008-04-14 22:42 3,584 ----a-w C:\WINDOWS\system32\msafd.dll
2008-04-14 22:36 3,584 ----a-w C:\WINDOWS\system32\icmp.dll
2008-04-14 22:35 9,344 ----a-w C:\WINDOWS\system32\framebuf.dll
2008-04-14 22:35 569,856 ----a-w C:\WINDOWS\system32\gpedit.dll
2008-04-14 22:33 3,072 ----a-w C:\WINDOWS\system32\dpnlobby.dll
2008-04-14 22:33 3,072 ----a-w C:\WINDOWS\system32\dpnaddr.dll
2008-04-14 22:33 24,064 ----a-w C:\WINDOWS\system32\pidgen.dll
2008-04-14 22:31 16,896 ----a-w C:\WINDOWS\system32\cfgmgr32.dll
2008-04-14 22:30 285,696 ----a-w C:\WINDOWS\system32\atmfd.dll
2008-04-14 22:04 73,472 ----a-w C:\WINDOWS\system32\drivers\sr.sys
2008-04-14 22:03 68,608 ----a-w C:\WINDOWS\system32\drivers\pci.sys
2008-04-14 22:03 120,320 ----a-w C:\WINDOWS\system32\drivers\pcmcia.sys
2008-04-14 22:00 2,190,336 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-04-14 21:55 4,096 ----a-w C:\WINDOWS\system32\dsprpres.dll
2008-04-14 21:52 89,600 ----a-w C:\WINDOWS\system32\msxml6r.dll
2008-04-14 21:52 800,000 ----a-w C:\WINDOWS\system32\drivers\dmboot.sys
2008-04-14 21:52 153,856 ----a-w C:\WINDOWS\system32\drivers\dmio.sys
2008-04-14 21:50 80,896 ----a-w C:\WINDOWS\system32\msshavmsg.dll
2008-04-14 21:50 24,960 ----a-w C:\WINDOWS\system32\drivers\kbdclass.sys
2008-04-14 21:48 37,632 ----a-w C:\WINDOWS\system32\drivers\isapnp.sys
2008-04-14 21:46 40,448 ----a-w C:\WINDOWS\system32\drivers\intelppm.sys
2008-04-14 21:45 49,664 ----a-w C:\WINDOWS\system32\inetres.dll
2008-04-14 21:43 563,200 ----a-w C:\WINDOWS\system32\shdoclc.dll
2008-04-14 21:41 65,280 ----a-w C:\WINDOWS\system32\drivers\serial.sys
2008-04-14 21:41 53,248 ----a-w C:\WINDOWS\system32\drivers\i8042prt.sys
2008-04-14 21:37 10,240 ----a-w C:\WINDOWS\system32\gpkrsrc.dll
2008-04-14 21:35 67,584 ----a-w C:\WINDOWS\system32\browselc.dll
2008-04-14 21:35 58,880 ----a-w C:\WINDOWS\system32\drivers\redbook.sys
2008-04-14 21:35 1,845,888 ----a-w C:\WINDOWS\system32\win32k.sys
2008-04-14 21:33 44,672 ----a-w C:\WINDOWS\system32\drivers\fips.sys
2008-04-14 21:31 52,864 ----a-w C:\WINDOWS\system32\drivers\volsnap.sys
2008-04-14 21:24 69,552 ----a-w C:\WINDOWS\system32\mmsystem.dll
2008-04-14 21:24 188,544 ----a-w C:\WINDOWS\system32\drivers\acpi.sys
2008-04-14 20:52 40,840 ----a-w C:\WINDOWS\system32\drivers\termdd.sys
2008-04-14 20:51 294,912 ----a-w C:\WINDOWS\system32\msh263.drv
2008-04-14 20:51 23,552 ----a-w C:\WINDOWS\system32\wdmaud.drv
2008-04-14 20:50 4,096 ----a-w C:\WINDOWS\system32\ksuser.dll
2008-04-14 00:58 175,744 ----a-w C:\WINDOWS\system32\drivers\rdbss.sys
2008-04-14 00:51 162,816 ----a-w C:\WINDOWS\system32\drivers\netbt.sys
2008-04-14 00:50 91,520 ----a-w C:\WINDOWS\system32\drivers\ndiswan.sys
2008-04-14 00:50 361,344 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-04-14 00:50 182,656 ----a-w C:\WINDOWS\system32\drivers\ndis.sys
2008-04-14 00:49 75,264 ----a-w C:\WINDOWS\system32\drivers\ipsec.sys
2008-04-14 00:49 51,328 ----a-w C:\WINDOWS\system32\drivers\rasl2tp.sys
2008-04-14 00:49 48,384 ----a-w C:\WINDOWS\system32\drivers\raspptp.sys
2008-04-14 00:49 138,112 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-04-14 00:47 456,576 ----a-w C:\WINDOWS\system32\drivers\mrxsmb.sys
2008-04-14 00:47 105,344 ----a-w C:\WINDOWS\system32\drivers\mup.sys
2008-04-14 00:46 49,536 ----a-w C:\WINDOWS\system32\drivers\classpnp.sys
2008-04-14 00:45 574,976 ----a-w C:\WINDOWS\system32\drivers\ntfs.sys
2008-04-14 00:45 334,848 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-04-14 00:44 63,744 ----a-w C:\WINDOWS\system32\drivers\cdfs.sys
2008-04-14 00:44 143,744 ----a-w C:\WINDOWS\system32\drivers\fastfat.sys
2008-04-14 00:30 225,664 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-04-14 00:30 19,072 ----a-w C:\WINDOWS\system32\drivers\tdi.sys
2008-04-14 00:27 41,472 ----a-w C:\WINDOWS\system32\drivers\raspppoe.sys
2008-04-14 00:27 40,576 ----a-w C:\WINDOWS\system32\drivers\ndproxy.sys
2008-04-14 00:27 34,560 ----a-w C:\WINDOWS\system32\drivers\wanarp.sys
2008-04-14 00:27 20,864 ----a-w C:\WINDOWS\system32\drivers\ipinip.sys
2008-04-14 00:27 152,832 ----a-w C:\WINDOWS\system32\drivers\ipnat.sys
2008-04-14 00:27 14,336 ----a-w C:\WINDOWS\system32\drivers\asyncmac.sys
2008-04-14 00:27 10,112 ----a-w C:\WINDOWS\system32\drivers\ndistapi.sys
2008-04-14 00:26 88,320 ----a-w C:\WINDOWS\system32\drivers\nwlnkipx.sys
2008-04-14 00:26 69,120 ----a-w C:\WINDOWS\system32\drivers\psched.sys
2008-04-14 00:26 35,072 ----a-w C:\WINDOWS\system32\drivers\msgpc.sys
2008-04-14 00:26 34,688 ----a-w C:\WINDOWS\system32\drivers\netbios.sys
2008-04-14 00:26 30,592 ----a-w C:\WINDOWS\system32\drivers\rndismp.sys
2008-04-14 00:26 12,800 ----a-w C:\WINDOWS\system32\drivers\usb8023.sys
2008-04-14 00:25 202,624 ----a-w C:\WINDOWS\system32\drivers\RMCast.sys
2008-04-14 00:24 11,264 ----a-w C:\WINDOWS\system32\drivers\irenum.sys
2008-04-14 00:23 71,552 ----a-w C:\WINDOWS\system32\drivers\bridge.sys
2008-04-14 00:23 40,320 ----a-w C:\WINDOWS\system32\drivers\nmnt.sys
2008-04-14 00:23 36,608 ----a-w C:\WINDOWS\system32\drivers\ip6fw.sys
2008-04-14 00:23 264,832 ----a-w C:\WINDOWS\system32\drivers\http.sys
2008-04-14 00:21 59,904 ----a-w C:\WINDOWS\system32\drivers\atmarpc.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-15 00:51 15360]
"AutoConnect"="C:\Program Files\AutoConnect\AutoConnect.exe" [2004-08-28 20:27 295424]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2008-03-20 12:04 2127296]
"USDownloader"="C:\Documents and Settings\Chrypek\Pulpit\USDownloader 26-05-2008_By Chrypek\USDownloader 26-05-2008_By Chrypek\USDownloader.exe" [2008-01-26 12:39 528384]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 11:38 866816]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-15 00:51 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="regsvr32 /s /n /i:U shell32" []

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll
"VIDC.XFR1"= xfcodec.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Chrypek^Menu Start^Programy^Autostart^Xfire.lnk]
path=C:\Documents and Settings\Chrypek\Menu Start\Programy\Autostart\Xfire.lnk
backup=C:\WINDOWS\pss\Xfire.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AQQ]
--a------ 2007-02-28 14:18 2351864 C:\PROGRA~1\WapSter\AQQ\AQQ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
--a------ 2008-04-01 11:39 486856 C:\Program Files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Flashget]
C:\DOCUME~1\Chrypek\USTAWI~1\Temp\RarSFX0\rd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadu-Gadu]
--a------ 2008-03-20 12:04 2127296 C:\Program Files\Gadu-Gadu\gg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2006-10-27 00:47 31016 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
-ra------ 2005-05-17 12:48 77824 C:\WINDOWS\SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
--a------ 2008-01-21 12:17 61440 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-03-25 04:28 144784 C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USDownloader]
C:\Documents and Settings\Chrypek\Pulpit\USDownloader+updater\USDownloader.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Documents and Settings\\All Users\\Dane aplikacji\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.325\\Polish\\setup.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Xfire\\Xfire.exe"=
"C:\\Program Files\\Gadu-Gadu\\gg.exe"=
"C:\\Program Files\\WapSter\\AQQ\\AQQ.exe"=

R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-12-13 13:28]

*Newly Created Service* - CATCHME
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-26 18:18:28
Windows 5.1.2600 Dodatek Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-05-26 18:20:22
ComboFix-quarantined-files.txt 2008-05-26 16:19:44

Pre-Run: 15,406,686,208 bajtów wolnych
Post-Run: 15,276,167,168 bajtów wolnych

304 --- E O F --- 2008-05-26 14:40:20

[Okocza]

logi są ok - może dostawca zawinił

[Mati92]

a jak to sprawdzic..?? nie chce mi sie znowu do tych ....... dzwonic..

[Okocza]

trzeba

dzwonic..

możesz jeszcze:

Wykonaj to co jest podane w tym temacie

Zastosuj SDFix . Po pobraniu uruchom go a rozpakuje się do C:\SDFix. Uruchom komputer w trybie awaryjnym (F8 przy stracie systemu). Będąc w awaryjnym uruchom plik RunThis.bat z folderu SDFixa. Zatwierdź czyszczenie przez Y. Poczekaj aż ukończy i komputer zresetuje