System nie wykrywa antywirusa

[Mati92]

Witam mam taki problem a mianowicie gdy wyłączam gg to gdy gg już nie działa nadal słyszę dźwięk "dostępności użytkownika" i system nie wykrywa antywira choć jeszcze wczoraj go wykrywał (antywir: nod32 zaktualizowany do najnowszych baz)

oto log z combofix:

Kod: Zaznacz wszystko

ComboFix 09-01-21.04 - Chrypek 2009-01-25  8:42:33.1 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1250.1.1045.18.1023.661 [GMT 1:00]
Uruchomiony z: c:\documents and settings\Chrypek\Pulpit\ComboFix.exe
* Utworzono nowy punkt przywracania
* Resident AV is active

.

(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
(((((((((((((((((((((((((((((((((((((((   Sterowniki/Usługi   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ISODRIVE
-------\Service_ISODrive


(((((((((((((((((((((((((   Pliki utworzone od 2008-12-25 do 2009-01-25  )))))))))))))))))))))))))))))))
.

2009-01-25 08:44 . 2009-01-25 08:44   <DIR>   d--------   c:\windows\system32\xircom
2009-01-25 08:44 . 2009-01-25 08:44   <DIR>   d--------   c:\windows\srchasst
2009-01-25 08:44 . 2009-01-25 08:44   <DIR>   d--------   c:\windows\msagent
2009-01-25 08:44 . 2009-01-25 08:44   <DIR>   d--------   c:\program files\microsoft frontpage
2009-01-23 23:24 . 2007-03-27 09:26   92,032   -ra------   c:\windows\system32\drivers\hmumdm.sys
2009-01-23 23:22 . 2009-01-23 23:39   <DIR>   d--------   c:\program files\Asystent Plusfon 401i
2009-01-21 17:04 . 2009-01-21 17:04   <DIR>   d--------   c:\program files\uTorrent
2009-01-21 17:04 . 2009-01-21 17:07   <DIR>   d--------   c:\documents and settings\Chrypek\Dane aplikacji\uTorrent
2009-01-21 14:09 . 2009-01-21 14:09   <DIR>   d--------   c:\windows\Sun
2009-01-21 14:07 . 2009-01-21 14:07   <DIR>   d--------   c:\program files\Java
2009-01-21 14:07 . 2009-01-21 14:07   410,984   --a------   c:\windows\system32\deploytk.dll
2009-01-21 14:07 . 2009-01-21 14:07   73,728   --a------   c:\windows\system32\javacpl.cpl
2009-01-21 11:58 . 2009-01-21 11:58   <DIR>   d--------   c:\program files\Common Files\Apple
2009-01-21 11:58 . 2009-01-21 11:58   <DIR>   d--------   c:\program files\Apple Software Update
2009-01-21 11:58 . 2009-01-21 11:58   <DIR>   d--------   c:\documents and settings\All Users\Dane aplikacji\Apple Computer
2009-01-21 11:58 . 2009-01-21 11:58   <DIR>   d--------   c:\documents and settings\All Users\Dane aplikacji\Apple
2009-01-21 11:57 . 2009-01-21 11:57   <DIR>   d--------   c:\program files\DirectShow Pack
2009-01-21 11:36 . 2009-01-21 11:59   <DIR>   d--------   c:\program files\QuickTime
2009-01-21 11:35 . 2007-02-20 16:04   2,463,976   --a------   c:\windows\system32\NPSWF32.dll
2009-01-21 11:35 . 2007-02-20 16:04   190,696   --a------   c:\windows\system32\NPSWF32_FlashUtil.exe
2009-01-20 14:16 . 2009-01-20 14:18   <DIR>   d--------   c:\program files\Google
2009-01-20 14:16 . 2009-01-21 16:16   <DIR>   d--------   c:\documents and settings\All Users\Dane aplikacji\Google Updater
2009-01-20 13:34 . 2006-10-26 19:56   32,592   --a------   c:\windows\system32\msonpmon.dll
2009-01-20 13:33 . 2009-01-20 13:33   <DIR>   d--------   c:\program files\MSBuild
2009-01-20 13:33 . 2009-01-20 13:33   <DIR>   d--------   c:\program files\Microsoft Works
2009-01-20 13:31 . 2009-01-20 13:31   <DIR>   d--------   c:\program files\Microsoft.NET
2009-01-20 13:30 . 2009-01-20 13:30   <DIR>   d--------   c:\program files\Microsoft Visual Studio 8
2009-01-20 13:29 . 2009-01-20 13:32   <DIR>   d--------   c:\windows\SHELLNEW
2009-01-20 13:28 . 2009-01-20 13:28   <DIR>   dr-h-----   C:\MSOCache
2009-01-20 13:28 . 2009-01-20 13:34   <DIR>   d--------   c:\documents and settings\All Users\Dane aplikacji\Microsoft Help
2009-01-18 18:43 . 2009-01-18 18:43   227   --a------   c:\windows\HP_CounterReport_Update_HPSU.ini
2009-01-18 18:43 . 2009-01-18 18:43   214   --a------   c:\windows\HP_48BitScanUpdatePatch.ini
2009-01-18 18:42 . 2009-01-18 18:42   <DIR>   d--------   c:\documents and settings\All Users\Dane aplikacji\HP Product Assistant
2009-01-18 18:35 . 2009-01-18 18:35   221   --a------   c:\windows\HP_RedboxHprblog_HPSU.ini
2009-01-18 18:29 . 2009-01-24 17:00   <DIR>   d--------   c:\documents and settings\Chrypek\Dane aplikacji\Image Zone Express
2009-01-18 18:25 . 2009-01-18 18:25   <DIR>   d--------   c:\program files\Common Files\HP
2009-01-18 18:25 . 2009-01-18 18:25   <DIR>   d--------   c:\documents and settings\All Users\Dane aplikacji\HP
2009-01-18 18:23 . 2009-01-18 18:23   <DIR>   d--------   c:\program files\Common Files\Hewlett-Packard
2009-01-18 18:22 . 2005-03-08 05:43   51,120   -ra------   c:\windows\system32\drivers\HPZid412.sys
2009-01-18 18:22 . 2005-03-08 05:43   21,744   -ra------   c:\windows\system32\drivers\HPZius12.sys
2009-01-18 18:22 . 2005-03-08 05:43   16,496   -ra------   c:\windows\system32\drivers\HPZipr12.sys
2009-01-18 18:22 . 2004-08-03 22:58   15,104   --a------   c:\windows\system32\drivers\usbscan.sys
2009-01-18 18:20 . 1998-10-29 16:45   306,688   --a------   c:\windows\IsUninst.exe
2009-01-18 18:20 . 2004-09-29 12:12   278,584   --a------   c:\windows\system32\HPZidr12.dll
2009-01-18 18:20 . 2004-09-29 12:15   204,800   --a------   c:\windows\system32\HPZipr12.dll
2009-01-18 18:20 . 2004-09-29 12:09   94,208   --a------   c:\windows\system32\HPZipt12.dll
2009-01-18 18:20 . 2007-08-09 08:27   73,728   --a------   c:\windows\system32\HPZipm12.exe
2009-01-18 18:20 . 2004-09-29 12:08   61,440   --a------   c:\windows\system32\HPZinw12.exe
2009-01-18 18:20 . 2004-09-29 12:09   57,344   --a------   c:\windows\system32\HPZisn12.dll
2009-01-18 18:19 . 2009-01-18 18:46   <DIR>   d--------   c:\program files\HP
2009-01-18 18:19 . 2004-08-03 23:01   25,856   --a------   c:\windows\system32\drivers\usbprint.sys
2009-01-18 18:17 . 2009-01-18 18:17   <DIR>   d--------   c:\documents and settings\Chrypek\Dane aplikacji\HP
2009-01-18 18:17 . 2009-01-18 18:26   113,548   --a------   c:\windows\hpoins07.dat
2009-01-18 18:17 . 2005-05-24 09:22   21,124   ---------   c:\windows\hpomdl07.dat
2009-01-18 17:39 . 2009-01-18 17:39   <DIR>   d--------   c:\documents and settings\Sandra\Dane aplikacji\Media Player Classic
2009-01-18 17:39 . 2009-01-18 17:39   <DIR>   d--------   c:\documents and settings\Sandra\Dane aplikacji\DivX
2009-01-18 11:10 . 2004-08-03 23:08   31,616   --a------   c:\windows\system32\drivers\usbccgp.sys
2009-01-18 11:04 . 2009-01-18 11:04   <DIR>   d--------   c:\program files\Native Instruments
2009-01-17 21:18 . 2009-01-17 21:35   <DIR>   d--------   c:\program files\Spybot - Search & Destroy
2009-01-17 21:18 . 2009-01-25 00:47   <DIR>   d--------   c:\documents and settings\All Users\Dane aplikacji\Spybot - Search & Destroy
2009-01-17 21:13 . 2009-01-22 18:18   <DIR>   d--------   c:\documents and settings\Sandra\Gadu-Gadu
2009-01-17 21:13 . 2009-01-17 21:13   <DIR>   d--------   c:\documents and settings\Sandra\Dane aplikacji\Gadu-Gadu
2009-01-17 21:09 . 2009-01-17 01:09   <DIR>   d--h-----   c:\documents and settings\Sandra\Ustawienia lokalne
2009-01-17 21:09 . 2009-01-17 21:09   <DIR>   dr-------   c:\documents and settings\Sandra\Ulubione
2009-01-17 21:09 . 2009-01-17 00:13   <DIR>   d--h-----   c:\documents and settings\Sandra\Szablony
2009-01-17 21:09 . 2009-01-23 23:24   <DIR>   d--------   c:\documents and settings\Sandra\Pulpit
2009-01-17 21:09 . 2009-01-23 23:34   <DIR>   dr-------   c:\documents and settings\Sandra\Moje dokumenty
2009-01-17 21:09 . 2009-01-17 01:09   <DIR>   dr-------   c:\documents and settings\Sandra\Menu Start
2009-01-17 21:09 . 2009-01-17 21:09   <DIR>   d--------   c:\documents and settings\Sandra\Dane aplikacji\ESET
2009-01-17 21:09 . 2009-01-18 17:39   <DIR>   dr-h-----   c:\documents and settings\Sandra\Dane aplikacji
2009-01-17 21:09 . 2009-01-25 05:33   <DIR>   d--------   c:\documents and settings\Sandra
2009-01-17 20:54 . 2009-01-17 20:54   <DIR>   d--------   c:\documents and settings\All Users\Dane aplikacji\FLEXnet
2009-01-17 20:41 . 2009-01-17 20:41   <DIR>   d--------   c:\program files\Bonjour
2009-01-17 20:32 . 2009-01-17 20:32   <DIR>   d--------   c:\program files\Common Files\Macrovision Shared
2009-01-17 20:29 . 2009-01-18 11:03   <DIR>   d--------   c:\program files\Common Files\Adobe
2009-01-17 15:00 . 2009-01-18 00:38   <DIR>   d--------   c:\program files\ALLPlayer
2009-01-17 14:57 . 2009-01-17 14:57   <DIR>   d--------   c:\documents and settings\Chrypek\Dane aplikacji\Media Player Classic
2009-01-17 10:47 . 2009-01-17 10:47   <DIR>   d--------   c:\program files\UltraISO
2009-01-17 10:47 . 2009-01-17 10:47   <DIR>   d--------   c:\program files\Common Files\EZB Systems
2009-01-17 10:42 . 2009-01-25 00:31   <DIR>   d--------   c:\documents and settings\Chrypek\Dane aplikacji\foobar2000
2009-01-17 10:31 . 2009-01-25 08:44   <DIR>   d--------   c:\program files\AutoConnect
2009-01-17 10:26 . 2009-01-17 10:26   <DIR>   d--------   c:\documents and settings\Chrypek\Dane aplikacji\Gadu-Gadu

.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-18 17:35   139,264   ----a-w   c:\windows\system32\hpzjrd01.dll
2009-01-16 23:34   ---------   d-----w   c:\program files\Real Alternative
2009-01-16 23:33   ---------   d-----w   c:\program files\K-Lite Codec Pack
2009-01-16 23:33   ---------   d-----w   c:\program files\foobar2000
2009-01-16 23:32   ---------   d-----w   c:\program files\Gadu-Gadu
2009-01-16 23:31   ---------   d-----w   c:\program files\CCleaner
2009-01-16 23:26   ---------   d--h--w   c:\program files\InstallShield Installation Information
2009-01-16 23:26   ---------   d-----w   c:\program files\Thomson
2009-01-16 23:26   ---------   d-----w   c:\documents and settings\Chrypek\Dane aplikacji\ESET
2009-01-16 23:25   ---------   d-----w   c:\program files\ESET
2009-01-16 23:25   ---------   d-----w   c:\documents and settings\All Users\Dane aplikacji\ESET
2009-01-16 23:23   ---------   d-----w   c:\program files\Realtek Sound Manager
2009-01-16 23:23   ---------   d-----w   c:\program files\Common Files\InstallShield
2009-01-16 23:23   ---------   d-----w   c:\program files\AvRack
2009-01-16 23:21   472,576   ----a-w   c:\windows\Radeon Omega Drivers v4.8.442 Uninstall.exe
2009-01-16 23:21   ---------   d-----w   c:\program files\Radeon Omega Drivers
2009-01-16 23:21   ---------   d-----w   c:\program files\MultiRes
2009-01-16 23:15   ---------   d-----w   c:\program files\Usługi online
2009-01-16 23:13   ---------   d-----w   c:\program files\Windows Media Connect 2
2008-12-08 11:53   57,344   ----a-w   c:\windows\system32\ff_vfw.dll
2008-12-07 18:08   795,648   ----a-w   c:\windows\system32\xvidcore.dll
2008-12-07 18:08   130,048   ----a-w   c:\windows\system32\xvidvfw.dll
2008-10-28 22:35   684,032   ----a-w   c:\windows\system32\divx.dll
.

------- Sigcheck -------

2007-07-10 14:06  642560  ce594e18fe0d0af804f1f3694921ce62   c:\windows\system32\user32.dll

2008-10-16 21:33  826368  ae07c4b0da51517cffb9c20c4a6df4a3   c:\windows\SoftwareDistribution\Download\f55b8c7241a4bd71036722b6a2dd2d85\SP2GDR\wininet.dll
2008-10-16 20:49  827904  8663aad6958c7b091eb0fd6ed74559dd   c:\windows\SoftwareDistribution\Download\f55b8c7241a4bd71036722b6a2dd2d85\SP2QFE\wininet.dll
2007-07-13 23:56  814592  ce7193c5f7c01b19768e066087c1c919   c:\windows\system32\wininet.dll

2007-10-16 00:19  360576  0fb6743e937c7bb248b2530a5a77abc6   c:\windows\system32\drivers\tcpip.sys

2007-10-18 23:19  2066816  9aa8aeee2c77b68af93691758eb0a78b   c:\windows\system32\ntkrnlpa.exe

2007-10-18 23:19  2189824  1aeb1a9aa55de24bda1d441989ae4492   c:\windows\system32\ntoskrnl.exe

2007-10-17 20:30  974848  16df8a100e8966e48ba00c86f6c89972   c:\windows\explorer.exe
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"Gadu-Gadu"="c:\program files\Gadu-Gadu\gg.exe" [2008-03-20 2127296]
"ccleaner"="c:\program files\CCleaner\CCleaner.exe" [2008-12-19 1434864]
"AutoConnect"="c:\program files\AutoConnect\AutoConnect.exe" [2004-08-28 295424]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2008-06-10 1447168]
"SpeedTouch USB Diagnostics"="c:\program files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 866816]
"Rapget"="c:\documents and settings\Chrypek\Pulpit\Rapget\rapget.exe" [2008-06-03 171008]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
"nltide_3"="advpack.dll" [2007-10-09 c:\windows\system32\advpack.dll]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableStatusMessages"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMMyPictures"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"NoSMHelp"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMMyPictures"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"NoSMHelp"= 1 (0x1)

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ALLUpdate]
--a------ 2008-11-24 20:44 869888 c:\program files\ALLPlayer\ALLUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2006-10-27 00:47 31016 c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2007-05-08 16:24 54840 c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-09-06 15:09 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Rapget]
--a------ 2008-06-03 20:29 171008 c:\documents and settings\Chrypek\Pulpit\Rapget\rapget.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
--------- 2008-09-16 12:16 1833296 c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2009-01-21 14:07 136600 c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AtiPTA]
--a------ 2006-02-22 02:05 344064 c:\windows\system32\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
-ra------ 2005-05-17 11:48 77824 c:\windows\SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Gadu-Gadu\\gg.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8461:TCP"= 8461:TCP:GoD High Port
"8462:TCP"= 8462:TCP:GoD Low Port

R0 nvcchflt;NVIDIA Disk Cache Filter Driver;c:\windows\system32\drivers\nvcchflt.sys [2007-10-17 16640]
R4 ekrn;Eset Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2008-06-10 468224]
S3 MobileAdapter;Huawei Mobile Adapter USB Modem and USB Serial;c:\windows\system32\drivers\hmumdm.sys [2009-01-23 92032]
.
.
------- Skan uzupełniający -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: Download with Rapget - c:\documents and settings\Chrypek\Pulpit\Rapget\rapget.htm
IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
TCP: {38039F3B-2F3B-4E66-916D-C3235E49BFDF} = 194.204.159.1 217.98.63.164
FF - ProfilePath - c:\documents and settings\Chrypek\Dane aplikacji\Mozilla\Firefox\Profiles\hombttv1.default\
FF - plugin: c:\program files\Google\Google Updater\2.4.1439.6872\npCIDetect13.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-25 08:44:55
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

skanowanie ukrytych procesów ... 

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ... 

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------

- - - - - - - > 'winlogon.exe'(924)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\cscui.dll
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\HPZipm12.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Czas ukończenia: 2009-01-25  8:46:59 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt  2009-01-25 07:46:56

Przed: 13 089 480 704 bajtów wolnych
Po: 13,021,569,024 bajtów wolnych

WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

268

a oto log z hijackthis:

Kod: Zaznacz wszystko

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:52:56, on 2009-01-25
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20627)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AutoConnect\AutoConnect.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Chrypek\Pulpit\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office12\GRA8E1~1.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [Rapget] C:\Documents and Settings\Chrypek\Pulpit\Rapget\rapget.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - HKCU\..\Run: [AutoConnect] C:\Program Files\AutoConnect\AutoConnect.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O8 - Extra context menu item: Download with Rapget - C:\Documents and Settings\Chrypek\Pulpit\Rapget\rapget.htm
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{38039F3B-2F3B-4E66-916D-C3235E49BFDF}: NameServer = 194.204.159.1 217.98.63.164
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~1\Office12\GR99D3~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CiSvc - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 6343 bytes


[wojtas]

przeinstaluj gg i antywirusa. bo nic nie widać