Zamulony PC Logi

przez **VampirLord** » 05 Mar 2009, 20:18

HIJACKTHIS

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:23:51, on 2009-03-05
Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWareService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\cFosSpeed\spd.exe
C:\Program Files\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWare2Guard.exe
C:\Program Files\cFosSpeed\cFosSpeed.exe
C:\Program Files\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Kalendarz XP\Kalendarz.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\Fraps\fraps.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\VLC Media Player\vlc.exe
C:\Program Files\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\siteadvisor\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\siteadvisor\mcieplg.dll
O4 - HKLM\..\Run: [AntiSpyWare2Guard] C:\Program Files\Ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWare2Guard.exe
O4 - HKLM\..\Run: [cFosSpeed] C:\Program Files\cFosSpeed\cFosSpeed.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Ashampoo FireWall] "C:\Program Files\Ashampoo FireWall\FireWall.exe" -TRAY
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - Global Startup: Kalendarz XP.lnk = C:\Program Files\Kalendarz XP\Kalendarz.exe
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\Microsoft Office\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint – Dodaj do listy drukowania - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint – Drukuj - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint – Drukuj z dużą szybkością - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint – Podgląd - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Pobierz z &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm
O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\Microsoft Office\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\siteadvisor\mcieplg.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ashampoo AntiSpyWare 2 Service (AASW2_Service) - Unknown owner - C:\Program Files\Ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWareService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: cFosSpeed System Service (cFosSpeedS) - cFos Software GmbH - C:\Program Files\cFosSpeed\spd.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 6813 bytes

COMBOFIX

ComboFix 09-03-04.01 - VampirLord 2009-03-05 18:49:58.1 - NTFSx86
Uruchomiony z: c:\documents and settings\VampirLord\Pulpit\ComboFix.exe
* Resident AV is active

UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !!
.

((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\mfc45.dll

.
((((((((((((((((((((((((( Pliki utworzone od 2009-02-05 do 2009-03-05 )))))))))))))))))))))))))))))))
.

2009-03-05 13:07 . 2009-03-05 13:07 <DIR> d-------- c:\program files\K-Lite Codec Pack
2009-03-05 13:07 . 2008-09-19 22:57 3,596,288 --a------ c:\windows\system32\qt-dx331.dll
2009-03-05 13:07 . 2008-09-24 19:41 839,680 --a------ c:\windows\system32\lameACM.acm
2009-03-05 13:07 . 2008-12-07 19:08 795,648 --a------ c:\windows\system32\xvidcore.dll
2009-03-05 13:07 . 2008-10-28 23:35 684,032 --a------ c:\windows\system32\divx.dll
2009-03-05 13:07 . 2004-01-25 17:18 217,088 --a------ c:\windows\system32\yv12vfw.dll
2009-03-05 13:07 . 2008-09-16 20:23 168,448 --a------ c:\windows\system32\unrar.dll
2009-03-05 13:07 . 2008-12-07 19:08 130,048 --a------ c:\windows\system32\xvidvfw.dll
2009-03-05 13:07 . 2007-09-21 01:52 118,784 --a------ c:\windows\system32\ac3acm.acm
2009-03-05 13:07 . 2008-09-25 09:03 81,920 --a------ c:\windows\system32\dpl100.dll
2009-03-05 13:07 . 2008-12-08 12:53 57,344 --a------ c:\windows\system32\ff_vfw.dll
2009-03-05 13:07 . 2007-07-10 17:10 547 --a------ c:\windows\system32\ff_vfw.dll.manifest
2009-03-05 13:07 . 2008-10-03 13:30 414 --a------ c:\windows\system32\lame_acm.xml
2009-03-01 14:48 . 2009-03-01 14:48 <DIR> d-------- c:\windows\Sun
2009-03-01 14:39 . 2009-03-01 14:39 <DIR> d-------- c:\program files\Java
2009-03-01 14:39 . 2009-03-01 14:39 410,984 --a------ c:\windows\system32\deploytk.dll
2009-03-01 14:39 . 2009-03-01 14:39 73,728 --a------ c:\windows\system32\javacpl.cpl
2009-02-27 17:39 . 2009-02-27 17:39 <DIR> d-------- c:\documents and settings\VampirLord\Dane aplikacji\Pointstone
2009-02-27 17:37 . 2009-02-27 17:40 <DIR> d-------- c:\program files\System Cleaner 5
2009-02-27 17:37 . 2009-02-27 17:37 <DIR> d-------- c:\program files\Common Files\Pointstone
2009-02-27 17:25 . 2009-02-27 17:25 406 --a------ c:\windows\system32\ioloBootDefrag.cfg
2009-02-27 17:23 . 2009-02-27 17:23 <DIR> d-------- c:\documents and settings\LocalService\Dane aplikacji\iolo
2009-02-27 16:11 . 2009-02-27 17:25 <DIR> d-------- c:\documents and settings\VampirLord\Dane aplikacji\iolo
2009-02-27 16:11 . 2009-02-27 17:25 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\iolo
2009-02-26 20:16 . 2009-02-26 20:16 <DIR> d-------- c:\program files\Hamachi
2009-02-26 20:16 . 2009-02-26 20:16 10,345 --a------ c:\windows\system32\drivers\hamachi.sys
2009-02-26 20:14 . 2009-02-26 20:14 126,976 --a------ c:\windows\War3Unin.exe
2009-02-26 20:14 . 2009-02-26 20:14 16,489 --a------ c:\windows\War3Unin.dat
2009-02-26 20:14 . 2009-02-26 20:14 2,829 --a------ c:\windows\War3Unin.pif
2009-02-26 17:26 . 2009-02-27 17:39 <DIR> d-------- c:\program files\Ashampoo FireWall
2009-02-26 10:21 . 2009-02-26 17:24 <DIR> d-------- c:\program files\ESET NOD32 Antivirus
2009-02-19 21:17 . 2009-02-26 17:24 <DIR> d-------- c:\program files\Drogowa Mapa Polski
2009-02-07 13:51 . 2009-02-27 09:50 <DIR> d-------- c:\documents and settings\VampirLord\Dane aplikacji\Canon
2009-02-06 21:19 . 2009-02-06 21:19 4 --a------ c:\windows\system32\proc-503976190.bin
2009-02-06 17:27 . 2008-07-03 18:04 732,376 -ra------ c:\windows\system32\drivers\cfosspeed.sys
2009-02-06 17:25 . 2009-03-05 18:51 <DIR> d-------- c:\program files\cFosSpeed
2009-02-06 17:25 . 2008-07-03 18:04 290,008 --a------ c:\windows\system32\cfosspeed.dll

.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-05 16:29 --------- d-----w c:\program files\Kalendarz XP
2009-03-02 15:04 --------- d-----w c:\program files\Gadu-Gadu
2009-03-01 21:49 --------- d-----w c:\program files\Fraps
2009-03-01 12:14 --------- d-----w c:\documents and settings\VampirLord\Dane aplikacji\Skype
2009-03-01 11:41 --------- d-----w c:\documents and settings\VampirLord\Dane aplikacji\skypePM
2009-03-01 08:59 --------- d-----w c:\program files\SpeedFan
2009-02-28 20:09 --------- d-----w c:\program files\SubEdit-Player
2009-02-27 16:39 --------- d-----w c:\program files\Xfire
2009-02-27 16:39 --------- d-----w c:\program files\PhotoStudio 5.5
2009-02-26 08:03 --------- d-----w c:\program files\Usługi online
2009-02-17 21:08 --------- d-----w c:\program files\Common Files\Symantec Shared
2009-02-04 10:15 108,144 ----a-w c:\windows\system32\CmdLineExt.dll
2009-02-04 10:15 --------- d--h--r c:\documents and settings\VampirLord\Dane aplikacji\SecuROM
2009-01-31 16:53 --------- d-----w c:\documents and settings\LocalService\Dane aplikacji\Xfire
2009-01-31 16:18 --------- d-----w c:\documents and settings\NetworkService\Dane aplikacji\Xfire
2009-01-30 20:50 --------- d-----w c:\documents and settings\VampirLord\Dane aplikacji\CyberLink
2009-01-30 15:08 --------- d-----w c:\program files\Microsoft.NET
2009-01-30 15:08 --------- d-----w c:\program files\Microsoft Visual Studio .NET 2003
2009-01-30 12:40 --------- d-----w c:\program files\McAfee
2009-01-29 21:18 --------- d-----w c:\documents and settings\VampirLord\Dane aplikacji\DMCache
2009-01-27 17:44 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-27 11:11 --------- d-----w c:\documents and settings\VampirLord\Dane aplikacji\InstallShield
2009-01-26 12:41 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\ESET
2009-01-23 22:34 259 ----a-w c:\documents and settings\VampirLord\kopy.bat
2009-01-23 22:13 225 ----a-w C:\kopy.bat
2009-01-23 01:18 42,320 ----a-w c:\windows\system32\xfcodec.dll
2009-01-22 19:50 78,848 ----a-w c:\windows\system32\drivers\SSHDRV85.sys
2009-01-19 15:32 278,984 ----a-w c:\windows\system32\drivers\atksgt.sys
2009-01-19 15:32 25,416 ----a-w c:\windows\system32\drivers\lirsgt.sys
2009-01-17 09:31 --------- d-----w c:\documents and settings\LocalService\Dane aplikacji\SACore
2009-01-17 09:29 --------- d-----w c:\program files\RootkitRevealer
2009-01-17 09:28 --------- d-----w c:\program files\Common Files\McAfee
2009-01-17 09:28 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\McAfee
2009-01-17 02:00 --------- d-----w c:\program files\MSXML 4.0
2009-01-16 20:27 --------- d-----w c:\program files\Common Files\Adobe
2009-01-16 20:23 --------- d-----w c:\program files\Common Files\Macrovision Shared
2009-01-16 19:14 --------- d-----w c:\program files\Common Files\Jasc Software Inc
2009-01-16 19:14 --------- d-----w c:\documents and settings\VampirLord\Dane aplikacji\Jasc Software Inc
2009-01-16 14:45 --------- d-----w c:\documents and settings\VampirLord\Dane aplikacji\BitSpirit
2009-01-16 14:25 --------- d-----w c:\program files\Creative Labs
2009-01-16 14:13 --------- d-----w c:\program files\Skype
2009-01-16 14:13 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Skype
2009-01-16 13:22 --------- d-----w c:\documents and settings\VampirLord\Dane aplikacji\Gadu-Gadu
2009-01-16 12:38 --------- d-----w c:\program files\Ashampoo
2009-01-16 11:54 --------- d-----w c:\program files\Realtek
2009-01-16 11:48 717,296 ----a-w c:\windows\system32\drivers\sptd.sys
2009-01-16 11:32 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files
2009-01-16 11:22 --------- d-----w c:\program files\Common Files\Logitech
2009-01-16 11:21 --------- d-----w c:\program files\NVIDIA
2009-01-16 11:21 --------- d-----w c:\program files\Logitech
2009-01-16 11:21 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Logitech
2009-01-16 11:19 --------- d-----w c:\program files\CyberLink
2009-01-16 11:19 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\CyberLink
2009-01-16 11:16 --------- d-----w c:\program files\Nero
2009-01-16 11:16 --------- d-----w c:\program files\Common Files\Ahead
2009-01-16 11:14 --------- d-----w c:\program files\Canon
2009-01-16 11:13 --------- d-----w c:\program files\Common Files\ScanSoft Shared
2009-01-16 11:13 --------- d-----w c:\program files\Common Files\InstallShield
2009-01-16 11:13 --------- d-----w c:\documents and settings\VampirLord\Dane aplikacji\ScanSoft
2009-01-16 11:13 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\ScanSoft
2009-01-16 11:13 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\InstallShield
2009-01-16 11:10 --------- d--h--w c:\program files\CanonBJ
2009-01-16 11:10 --------- d--h--w c:\documents and settings\All Users\Dane aplikacji\CanonBJ
2009-01-16 11:00 --------- d-----w c:\program files\microsoft frontpage
.

------- Sigcheck -------

2008-06-20 12:59 361600 ad978a1b783b5719720cff204b666c8e c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
2004-08-04 13:00 359040 9f4b36614a0fc234525ba224957de55c c:\windows\$NtServicePackUninstall$\tcpip.sys
2008-04-14 00:50 361344 93ea8d04ec73a85db02eb8805988f733 c:\windows\ServicePackFiles\i386\tcpip.sys
2008-06-20 12:51 361600 9aefa14bd6b182d61e3119fa5f436d3d c:\windows\system32\dllcache\tcpip.sys
2008-06-20 12:51 361600 4afb3b0919649f95c1964aa1fad27d73 c:\windows\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AntiSpyWare2Guard"="c:\program files\Ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWare2Guard.exe" [2008-03-13 2316632]
"cFosSpeed"="c:\program files\cFosSpeed\cFosSpeed.exe" [2008-07-03 867544]
"egui"="c:\program files\ESET NOD32 Antivirus\egui.exe" [2008-07-01 1447168]
"Ashampoo FireWall"="c:\program files\Ashampoo FireWall\FireWall.exe" [2007-04-05 3251800]

c:\documents and settings\All Users\Menu Start\Programy\Autostart\
Kalendarz XP.lnk - c:\program files\Kalendarz XP\Kalendarz.exe [2009-01-16 882176]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoFileAssociate"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\BitSpirit\\BitSpirit.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"d:\\Gry PC\\Sacred\\sacred.exe"=
"c:\\Program Files\\Xfire\\xfire.exe"=
"d:\\Gry PC\\Sacred\\gameserver.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2008-07-01 34312]
R1 SSHDRV85;SSHDRV85;c:\windows\system32\drivers\SSHDRV85.sys [2009-01-22 78848]
R2 AASW2_Service;Ashampoo AntiSpyWare 2 Service;c:\program files\Ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWareService.exe [2009-01-16 730968]
R2 ekrn;Eset Service;c:\program files\ESET NOD32 Antivirus\ekrn.exe [2008-07-01 468224]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2009-01-17 203280]
R2 PStrip;PSTRIP;c:\windows\system32\drivers\pstrip.sys [2007-07-15 27992]
S3 CrystalSysInfo;CrystalSysInfo;c:\windows\system32\sysinfo.sys [2009-01-25 8192]
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www.google.pl/
uInternet Settings,ProxyOverride = *.local
IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\Microsoft Office\Office12\EXCEL.EXE/3000
IE: Easy-WebPrint – Dodaj do listy drukowania - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
IE: Easy-WebPrint – Drukuj - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
IE: Easy-WebPrint – Drukuj z dużą szybkością - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
IE: Easy-WebPrint – Podgląd - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
IE: Pobierz z &BitSpirit - c:\program files\BitSpirit\bsurl.htm
IE: ÓĂ±ČĚŘľ«ÁéĎÂÔŘ(&B)
LSP: c:\program files\Ashampoo FireWall\spi.dll
FF - ProfilePath - c:\documents and settings\VampirLord\Dane aplikacji\Mozilla\Firefox\Profiles\v2vfejz9.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.pl/
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - plugin: c:\program files\Adobe Reader\Reader\browser\nppdf32.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPCARDS.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npganymedenet.dll

---- FIREFOX - SPOSÓB POSTĘPOWANIA ----
FF - user.js: network.prefetch-next - true
FF - user.js: nglayout.initialpaint.delay - 250
FF - user.js: layout.spellcheckDefault - 1
FF - user.js: browser.urlbar.autoFill - false
FF - user.js: browser.search.openintab - false
FF - user.js: browser.tabs.closeButtons - 1
FF - user.js: browser.tabs.opentabfor.middleclick - true
FF - user.js: browser.tabs.tabMinWidth - 100
FF - user.js: browser.urlbar.hideGoButton - false
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-05 18:51:05
Windows 5.1.2600 Dodatek Service Pack 3 NTFS

skanowanie ukrytych procesów ...

c:\program files\Ashampoo FireWall\FireWall.exe [816] 0x8A0DCBD8

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ...

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ASFWHide]
"ImagePath"="\??\c:\docume~1\VAMPIR~1\USTAWI~1\Temp\ASFWHide"
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------

- - - - - - - > 'winlogon.exe'(1320)
c:\program files\Ashampoo\Ashampoo AntiSpyWare 2\Guard.dll

- - - - - - - > 'lsass.exe'(1376)
c:\program files\Ashampoo FireWall\spi.dll
c:\program files\Ashampoo\Ashampoo AntiSpyWare 2\Guard.dll

- - - - - - - > 'csrss.exe'(1296)
c:\program files\Ashampoo\Ashampoo AntiSpyWare 2\Guard.dll
.
Czas ukończenia: 2009-03-05 18:51:49
ComboFix-quarantined-files.txt 2009-03-05 17:51:47

Przed: 28 857 597 952 bajtów wolnych
Po: 28,851,363,840 bajtów wolnych

222 --- E O F --- 2009-02-25 20:45:42

Od kiedy zmieniłem RAM na lepszy komputer mi zwolnił zamiast przyspieszyć zamula się jak każe wywołać okienko z programami z startu.W ogóle to musżę NOD32 wyłanczać by Gra mi odpalła się normalnie bo inaczej to proces z Nod32 wciąga mi całego procka i się muli wszystko. Nie wiem czy to ma znaczenie ale Pamięci mi stykają z radiatorem od karty graficznej nie wiem czy to jest źródło że komputer muli wcześniej jak nie miałem wypasionych ramów to komp nie mulił.

Zamulony PC Logi

Zamulony PC Logi

Kto jest na forum