zamulenie komputera

[VaDeMeCuM]

Kod: Zaznacz wszystko

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:57:15, on 2008-07-04
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\A4Tech\Mouse\Amoumain.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe
C:\WINDOWS\ATKKBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Analog Devices\SoundMAX\smax4.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\VADEME~1\USTAWI~1\Temp\Rar$EX00.750\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.codehook.com/pbupdate.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [AsusStartupHelp] C:\Program Files\ASUS\AASP\1.00.16\AsRunHelp.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ASUSGamerOSD] C:\Program Files\ASUS\GamerOSD\GamerOSD.exe
O4 - HKLM\..\Run: [GameFace Messenger] C:\Program Files\GameFace Messenger\GameFace.exe
O4 - HKLM\..\Run: [WheelMouse] C:\Program Files\A4Tech\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SoundMax] "C:\Program Files\Analog Devices\SoundMAX\smax4.exe" /tray
O4 - HKLM\..\RunOnce: [NoIE4StubProcessing] C:\WINDOWS\system32\reg.exe DELETE "HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" /v "NoIE4StubProcessing" /f
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [ASUS SmartDoctor] C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe  /start
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

--
End of file - 5215 bytes


Kod: Zaznacz wszystko

ComboFix 08-07-02.5 - VaDeMeCuM 2008-07-04 21:58:48.2 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.2.1250.1.1045.18.1668 [GMT 2:00]
Running from: C:\Documents and Settings\VaDeMeCuM\Pulpit\ComboFix.exe

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.

(((((((((((((((((((((((((   Files Created from 2008-06-04 to 2008-07-04  )))))))))))))))))))))))))))))))
.

2008-07-04 21:54 . 2008-07-04 21:54   <DIR>   d--------   C:\78630e2e93d6d9eda3
2008-07-04 21:53 . 2008-07-04 21:53   <DIR>   d--------   C:\WINDOWS\system32\pl-pl
2008-07-04 21:53 . 2008-07-04 21:53   759   --a------   C:\WINDOWS\system32\spupdsvc.inf
2008-07-04 21:50 . 2008-07-04 21:50   <DIR>   d--------   C:\WINDOWS\LastGood
2008-07-04 21:50 . 2008-07-04 21:52   <DIR>   d--h-----   C:\WINDOWS\$hf_mig$
2008-07-04 21:50 . 2006-03-24 06:39   49,152   --a------   C:\WINDOWS\system32\SET8.tmp
2008-07-03 22:48 . 2008-07-03 22:48   <DIR>   d--------   C:\Documents and Settings\VaDeMeCuM\Dane aplikacji\AdobeUM
2008-07-03 22:42 . 2008-07-03 22:42   <DIR>   d--------   C:\Program Files\Activision
2008-07-03 16:26 . 2004-08-03 23:08   26,496   --a--c---   C:\WINDOWS\system32\dllcache\usbstor.sys
2008-07-03 13:48 . 2008-07-03 13:48   <DIR>   d--------   C:\Program Files\Valve
2008-07-03 10:45 . 2008-07-03 10:45   271,360   --a------   C:\WINDOWS\system32\drivers\atksgt.sys
2008-07-03 10:45 . 2008-07-03 10:45   18,048   --a------   C:\WINDOWS\system32\drivers\lirsgt.sys
2008-07-03 10:25 . 2008-07-03 10:49   <DIR>   d--------   C:\Program Files\Gothic III
2008-07-02 21:45 . 2008-06-14 20:01   273,024   ---------   C:\WINDOWS\system32\drivers\bthport.sys
2008-07-02 21:45 . 2008-06-14 20:01   273,024   -----c---   C:\WINDOWS\system32\dllcache\bthport.sys
2008-07-02 21:35 . 2008-07-02 21:35   <DIR>   d--------   C:\Documents and Settings\All Users\Dane aplikacji\Codemasters
2008-07-02 21:26 . 2008-07-02 21:33   <DIR>   d--------   C:\Program Files\Winamp
2008-07-02 21:26 . 2008-07-02 21:36   <DIR>   d--------   C:\Documents and Settings\VaDeMeCuM\Dane aplikacji\Winamp
2008-07-02 18:12 . 2008-07-02 18:12   <DIR>   d--------   C:\Program Files\OpenAL
2008-07-02 18:12 . 2008-04-28 16:53   805,400   -ra------   C:\WINDOWS\system32\tmp4BDC.tmp
2008-07-02 18:12 . 2008-04-28 16:53   805,400   -ra------   C:\WINDOWS\system32\tmp4BDB.tmp
2008-07-02 18:12 . 2008-07-02 18:12   444,952   --a------   C:\WINDOWS\system32\wrap_oal.dll
2008-07-02 18:12 . 2008-07-02 18:12   109,080   --a------   C:\WINDOWS\system32\OpenAL32.dll
2008-07-02 18:03 . 2008-07-02 18:09   <DIR>   d--h-----   C:\WINDOWS\msdownld.tmp
2008-07-02 18:03 . 2008-07-02 18:03   <DIR>   d--------   C:\WINDOWS\Logs
2008-07-02 17:40 . 2008-07-02 18:12   <DIR>   d--------   C:\Program Files\TOCA - GRID
2008-07-02 12:43 . 2008-07-02 14:12   <DIR>   d--------   C:\Program Files\GameShadow
2008-07-02 12:41 . 2008-07-02 12:41   <DIR>   d--------   C:\Program Files\Eidos
2008-07-02 12:33 . 2008-07-02 12:33   <DIR>   d--------   C:\Program Files\Sports Interactive
2008-07-02 11:03 . 2008-03-03 14:25   5,702   --ah-----   C:\WINDOWS\nod32restoretemdono.reg
2008-07-02 11:02 . 2008-07-02 11:02   <DIR>   d--------   C:\Documents and Settings\All Users\Dane aplikacji\ESET
2008-07-01 21:26 . 2008-07-01 21:26   <DIR>   d--------   C:\WINDOWS\system32\LogFiles
2008-07-01 21:26 . 2008-07-01 21:26   107,832   --a------   C:\WINDOWS\system32\PnkBstrB.exe
2008-07-01 21:26 . 2008-07-01 21:26   22,328   --a------   C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-07-01 21:23 . 2008-07-02 13:37   66,872   --a------   C:\WINDOWS\system32\PnkBstrA.exe
2008-07-01 21:16 . 2008-07-01 21:16   <DIR>   d--------   C:\Program Files\Teamspeak2_RC2
2008-07-01 21:16 . 2008-07-01 21:16   <DIR>   d--------   C:\Documents and Settings\VaDeMeCuM\Dane aplikacji\teamspeak2
2008-07-01 21:16 . 2008-07-01 21:16   34,064   --a------   C:\WINDOWS\system32\lhacm.acm
2008-07-01 20:50 . 2008-07-01 20:50   <DIR>   d--------   C:\Documents and Settings\VaDeMeCuM\Dane aplikacji\Gadu-Gadu
2008-07-01 20:40 . 2008-07-01 21:53   <DIR>   d--------   C:\Documents and Settings\VaDeMeCuM\Dane aplikacji\Sports Interactive
2008-07-01 20:08 . 2008-07-01 20:08   <DIR>   d--hs----   C:\WINDOWS\ftpcache
2008-07-01 18:00 . 2008-07-01 18:00   <DIR>   d--h-----   C:\Documents and Settings\VaDeMeCuM\InstallAnywhere
2008-07-01 17:56 . 2008-07-01 17:56   <DIR>   d--------   C:\Program Files\A4Tech
2008-07-01 17:50 . 2008-07-01 17:50   <DIR>   d--------   C:\Program Files\Microsoft Works
2008-07-01 17:50 . 2006-10-26 19:56   32,592   --a------   C:\WINDOWS\system32\msonpmon.dll
2008-07-01 17:48 . 2008-07-01 17:48   <DIR>   d--------   C:\WINDOWS\SHELLNEW
2008-07-01 17:48 . 2008-07-01 17:50   <DIR>   d--------   C:\Documents and Settings\All Users\Dane aplikacji\Microsoft Help
2008-07-01 17:25 . 2008-07-01 17:46   <DIR>   d--------   C:\Program Files\GameFace Messenger
2008-07-01 17:25 . 2008-07-01 17:25   737,280   --a------   C:\WINDOWS\iun6002.exe
2008-07-01 17:24 . 2007-07-12 10:03   12,288   --a------   C:\WINDOWS\system32\drivers\EIO.sys
2008-07-01 17:18 . 2008-07-01 17:24   <DIR>   d--------   C:\WINDOWS\NV26323568.TMP
2008-07-01 17:17 . 2008-07-01 17:17   <DIR>   d--------   C:\Program Files\Gadu-Gadu
2008-07-01 17:17 . 2008-07-01 17:17   <DIR>   d--------   C:\Documents and Settings\VaDeMeCuM\Gadu-Gadu
2008-07-01 17:16 . 2008-07-01 17:16   <DIR>   d--------   C:\Program Files\My Company Name
2008-07-01 17:16 . 2007-07-12 10:03   5,422,080   --a------   C:\WINDOWS\system32\ATKOSDX32.dll
2008-07-01 17:15 . 2008-07-01 17:24   <DIR>   d--------   C:\WINDOWS\nview
2008-07-01 17:15 . 2008-07-01 17:15   <DIR>   d--------   C:\Documents and Settings\LocalService\Dane aplikacji\Xfire
2008-07-01 17:15 . 2007-06-28 18:43   356,352   --a------   C:\WINDOWS\system32\nvudisp.exe
2008-07-01 17:15 . 2008-07-01 17:24   127,254   --a------   C:\WINDOWS\system32\nvapps.xml
2008-07-01 17:15 . 2007-06-28 18:43   17,463   --a------   C:\WINDOWS\system32\nvdisp.nvu
2008-07-01 17:15 . 2007-06-28 18:43   17,254   --a------   C:\WINDOWS\system32\nvwsapps.xml
2008-07-01 17:10 . 2008-07-03 08:12   <DIR>   d--------   C:\Documents and Settings\VaDeMeCuM\Dane aplikacji\Skype
2008-07-01 17:07 . 2008-07-01 17:07   <DIR>   d--------   C:\Program Files\Analog Devices
2008-07-01 17:06 . 2006-09-06 17:43   22,752   --a------   C:\WINDOWS\system32\spupdsvc.exe
2008-07-01 17:05 . 2008-07-01 17:05   <DIR>   d--------   C:\Documents and Settings\NetworkService\Dane aplikacji\Xfire
2008-07-01 17:02 . 2008-07-01 17:02   <DIR>   d----c---   C:\WINDOWS\system32\DRVSTORE
2008-07-01 17:02 . 2008-07-01 17:02   <DIR>   d--------   C:\Program Files\DIFX
2008-07-01 17:02 . 2008-07-01 17:26   <DIR>   d--------   C:\Program Files\ASUS
2008-07-01 17:02 . 2004-02-27 00:00   962,612   --a------   C:\WINDOWS\system32\mfc42d.dll
2008-07-01 17:02 . 2004-02-17 00:00   434,252   --a------   C:\WINDOWS\system32\MSVCRTD.DLL
2008-07-01 17:02 . 2006-06-18 23:51   43,520   --a------   C:\WINDOWS\system32\drivers\AmdK8.sys
2008-07-01 17:02 . 2006-01-10 10:50   24,576   -ra------   C:\WINDOWS\system32\AsIO.dll
2008-07-01 17:02 . 2006-10-18 21:12   12,664   -ra------   C:\WINDOWS\system32\drivers\AsIO.sys
2008-07-01 17:02 . 2006-10-19 03:11   12,096   --a------   C:\WINDOWS\system32\drivers\AsInsHelp64.sys
2008-07-01 17:02 . 2006-10-19 03:11   10,304   --a------   C:\WINDOWS\system32\drivers\AsInsHelp32.sys
2008-07-01 17:01 . 2008-07-03 08:12   <DIR>   d--------   C:\Program Files\Xfire
2008-07-01 17:01 . 2008-07-04 21:44   <DIR>   d--------   C:\Documents and Settings\VaDeMeCuM\Dane aplikacji\Xfire
2008-07-01 17:01 . 2008-07-01 17:03   664   --a------   C:\WINDOWS\system32\d3d9caps.dat
2008-07-01 17:01 . 2008-07-01 17:01   552   --a------   C:\WINDOWS\system32\d3d8caps.dat
2008-07-01 16:59 . 2008-07-01 17:13   <DIR>   d--------   C:\Program Files\Common Files\InstallShield
2008-07-01 16:59 . 2006-10-04 06:10   912,654   -ra------   C:\WINDOWS\system32\SATA.bmp
2008-07-01 16:59 . 2006-10-04 06:10   912,654   -ra------   C:\WINDOWS\system32\Alert.bmp
2008-07-01 16:59 . 2006-02-21 13:38   486,400   -ra------   C:\WINDOWS\system32\AsusSetup.exe
2008-07-01 16:59 . 2006-08-29 16:27   208,896   --a------   C:\WINDOWS\system32\NVUNINST.EXE
2008-07-01 16:59 . 2008-07-01 17:09   14,288   --a------   C:\WINDOWS\Ascd_tmp.ini
2008-07-01 16:59 . 2004-08-13 04:56   5,810   -ra------   C:\WINDOWS\system32\drivers\ASACPI.sys
2008-07-01 16:59 . 2006-03-23 20:08   804   -ra------   C:\WINDOWS\system32\AsusSetup.ini
2008-07-01 16:59 . 2006-10-04 09:10   276   -ra------   C:\WINDOWS\system32\raidmgmt.ini
2008-07-01 16:58 . 2006-10-11 05:33   10,288   --a------   C:\WINDOWS\system32\drivers\ASUSHWIO.SYS
2008-07-01 16:57 . 2008-07-01 16:57   2,422   --a------   C:\WINDOWS\system32\wpa.bak
2008-07-01 16:47 . 2008-07-01 17:10   <DIR>   d--------   C:\Program Files\Common Files\Adobe
2008-07-01 16:45 . 2008-07-01 16:45   <DIR>   d---s----   C:\WINDOWS\system32\Microsoft
2008-07-01 16:45 . 2008-07-04 22:00   <DIR>   d--h-----   C:\Documents and Settings\VaDeMeCuM\Ustawienia lokalne
2008-07-01 16:45 . 2008-07-04 21:59   <DIR>   dr-------   C:\Documents and Settings\VaDeMeCuM\Ulubione
2008-07-01 16:45 . 2008-07-01 20:39   <DIR>   d--h-----   C:\Documents and Settings\VaDeMeCuM\Szablony
2008-07-01 16:45 . 2008-07-04 21:58   <DIR>   d--------   C:\Documents and Settings\VaDeMeCuM\Pulpit
2008-07-01 16:45 . 2008-07-04 21:59   <DIR>   dr-------   C:\Documents and Settings\VaDeMeCuM\Moje dokumenty
2008-07-01 16:45 . 2008-07-01 17:17   <DIR>   dr-------   C:\Documents and Settings\VaDeMeCuM\Menu Start
2008-07-01 16:45 . 2008-07-04 21:59   <DIR>   dr-h-----   C:\Documents and Settings\VaDeMeCuM\Dane aplikacji
2008-07-01 16:45 . 2008-07-01 18:00   <DIR>   d--------   C:\Documents and Settings\VaDeMeCuM
2008-07-01 16:45 . 2008-07-04 22:00   <DIR>   d--h-----   C:\Documents and Settings\LocalService\Ustawienia lokalne
2008-07-01 16:45 . 2008-07-01 16:45   <DIR>   d--------   C:\Documents and Settings\LocalService\Dane aplikacji
2008-07-01 16:45 . 2008-07-01 16:45   <DIR>   d--hs----   C:\Documents and Settings\LocalService
2008-07-01 16:43 . 2008-07-04 22:00   <DIR>   d--h-----   C:\Documents and Settings\NetworkService\Ustawienia lokalne
2008-07-01 16:43 . 2008-07-01 17:05   <DIR>   d--------   C:\Documents and Settings\NetworkService\Dane aplikacji
2008-07-01 16:43 . 2008-07-01 16:43   <DIR>   d--hs----   C:\Documents and Settings\NetworkService
2008-07-01 16:43 . 2008-07-01 16:43   8,192   --a------   C:\WINDOWS\REGLOCS.OLD
2008-07-01 00:05 . 2004-08-04 02:35   58,624   --a------   C:\WINDOWS\system32\drivers\redbook.sys
2008-07-01 00:05 . 2001-08-17 23:59   3,072   --a------   C:\WINDOWS\system32\drivers\audstub.sys
2008-07-01 00:04 . 2004-08-04 02:44   77,312   --a------   C:\WINDOWS\system32\usbui.dll
2008-07-01 00:03 . 2008-07-01 00:03   <DIR>   dr-h-----   C:\Documents and Settings\Default User\Ustawienia lokalne
2008-07-01 00:03 . 2008-07-01 00:03   <DIR>   d--------   C:\Documents and Settings\Default User\Ulubione
2008-07-01 00:03 . 2008-06-30 22:11   <DIR>   d--h-----   C:\Documents and Settings\Default User\Szablony
2008-07-01 00:03 . 2008-07-01 00:03   <DIR>   d--------   C:\Documents and Settings\Default User\Pulpit
2008-07-01 00:03 . 2008-07-01 00:03   <DIR>   d--------   C:\Documents and Settings\Default User\Moje dokumenty
2008-07-01 00:03 . 2008-07-01 00:03   <DIR>   dr-------   C:\Documents and Settings\Default User\Menu Start
2008-07-01 00:03 . 2008-07-01 00:03   <DIR>   d--------   C:\Documents and Settings\All Users\Ulubione
2008-07-01 00:03 . 2008-07-01 00:03   <DIR>   d--h-----   C:\Documents and Settings\All Users\Szablony
2008-07-01 00:03 . 2008-07-03 21:28   <DIR>   d--------   C:\Documents and Settings\All Users\Pulpit
2008-07-01 00:03 . 2008-07-02 12:51   <DIR>   dr-------   C:\Documents and Settings\All Users\Menu Start
2008-07-01 00:03 . 2008-07-01 20:40   <DIR>   dr-------   C:\Documents and Settings\All Users\Dokumenty
2008-07-01 00:01 . 2008-07-04 21:53   <DIR>   d--------   C:\WINDOWS\system32\CatRoot2
2008-07-01 00:01 . 2008-07-01 00:03   <DIR>   dr-h-----   C:\Documents and Settings\Default User\Dane aplikacji
2008-07-01 00:01 . 2008-07-02 21:33   <DIR>   dr-h-----   C:\Documents and Settings\All Users\Dane aplikacji
2008-07-01 00:00 . 2008-06-30 22:16   261   --a------   C:\WINDOWS\system32\$winnt$.inf

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-02 10:45   196,608   ----a-w   C:\WINDOWS\system32\drivers\nStandard.bin
2008-06-30 20:14   ---------   d-----w   C:\Program Files\microsoft frontpage
2008-06-30 20:13   ---------   d-----w   C:\Program Files\Usługi online
2008-05-30 12:19   507,400   ----a-w   C:\WINDOWS\system32\XAudio2_1.dll
2008-05-30 12:18   238,088   ----a-w   C:\WINDOWS\system32\xactengine3_1.dll
2008-05-30 12:17   65,032   ----a-w   C:\WINDOWS\system32\XAPOFX1_0.dll
2008-05-30 12:17   25,608   ----a-w   C:\WINDOWS\system32\X3DAudio1_4.dll
2008-05-30 12:11   467,984   ----a-w   C:\WINDOWS\system32\d3dx10_38.dll
2008-05-30 12:11   3,850,760   ----a-w   C:\WINDOWS\system32\D3DX9_38.dll
2008-05-30 12:11   1,491,992   ----a-w   C:\WINDOWS\system32\D3DCompiler_38.dll
2008-05-08 12:28   202,752   ----a-w   C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:16   1,291,264   ----a-w   C:\WINDOWS\system32\quartz.dll
2008-04-21 07:03   662,016   ------w   C:\WINDOWS\system32\wininet.dll
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00 15360]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2008-03-20 12:04 2127296]
"ASUS SmartDoctor"="C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe" [2007-07-18 15:20 1114112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AsusStartupHelp"="C:\Program Files\ASUS\AASP\1.00.16\AsRunHelp.exe" [2006-11-14 08:25 363008]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 15:34 868352]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-06-28 18:43 8466432]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-06-28 18:43 81920]
"ASUSGamerOSD"="C:\Program Files\ASUS\GamerOSD\GamerOSD.exe" [2007-07-12 10:03 380928]
"GameFace Messenger"="C:\Program Files\GameFace Messenger\GameFace.exe" [2006-11-01 14:50 2154496]
"WheelMouse"="C:\Program Files\A4Tech\Mouse\Amoumain.exe" [2006-02-17 11:14 163840]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-10-10 07:28 36352]
"nwiz"="nwiz.exe" [2007-06-28 18:43 1626112 C:\WINDOWS\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 14:00 15360]

C:\Documents and Settings\VaDeMeCuM\Menu Start\Programy\Autostart\
Xfire.lnk - C:\Program Files\Xfire\xfire.exe [2008-06-26 22:10:40 3031376]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll
"vidc.asv2"= asusasv2.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Xfire\\xfire.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe"=
"C:\\Program Files\\TOCA - GRID\\GRID.exe"=
"C:\\Program Files\\Valve\\Steam\\SteamApps\\doluse\\counter-strike\\hl.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R3 asusgsb;ASUS Virtual Video Capture Device Driver;C:\WINDOWS\system32\drivers\asusgsb.sys [2007-07-12 10:03]
R3 ASUSVRC;ASUSTeK Virtual Capture Device;C:\WINDOWS\system32\DRIVERS\AsusVRC.sys [2007-01-29 17:12]
R3 Video3D;ASUS Video3D Service;C:\WINDOWS\system32\Drivers\Video3D32.sys [2007-07-12 10:03]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0f74882b-46ef-11dd-855f-806d6172696f}]
\Shell\AutoRun\command - E:\Setup\rsrc\autorun.exe
\Shell\dinstall\command - E:\Directx\dxsetup.exe

.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-04 22:00:18
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-07-04 22:00:38
ComboFix-quarantined-files.txt  2008-07-04 20:00:36

Pre-Run: 79,384,440,832 bajtów wolnych
Post-Run: 79,376,670,720 bajtów wolnych

207   --- E O F ---   2008-07-04 19:54:58


strasznie mi koputer przymula wszystkie procesy trwaj bardzooo długo...
Czy to wina jakiegoś robaczka?

[Magik]

Witam

na fix w HJT w awaryjnym trybie:

Kod: Zaznacz wszystko

O4 - HKLM\..\RunOnce: [NoIE4StubProcessing] C:\WINDOWS\system32\reg.exe DELETE "HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" /v "NoIE4StubProcessing" /f


poza tym dla pewnosci

Zastosuj SDFix . Po pobraniu uruchom go a rozpakuje się do C:\SDFix. Uruchom komputer w trybie awaryjnym (F8 przy stracie systemu). Będąc w awaryjnym uruchom plik RunThis.bat z folderu SDFixa. Zatwierdź czyszczenie przez Y. Poczekaj aż ukończy i komputer zresetuje

Potem wejdz do folderu C:\SDFix wrzuc zawartość pliku Report.txt

na koniec
http://www.programosy.pl/program,avg-anti-spyware.html

i
http://forum.programosy.pl/optymalizacja-windowsa-xp-vt89133.html