x-kom hosting

Zamula komputer, gry i internet

ciałko
utworzono
utworzono

Otóż komputer momentami strasznie wolno chodzi, gry zaczęły mi zacinać i praktycznie nie mogę oglądać żadnych filmów na youtube i innych stronach (prawie jak pokaz slajdów).
Proszę o sprawdzenie logów z RSIT. Nie moge zrobić logów z OTL (zatrzymuje się w jednym miejscu i nie chce ruszyć).

log.txt
[log]Logfile of random's system information tool 1.07 (written by random/random)
Run by Właściciel at 2010-05-22 12:46:46
Microsoft Windows XP Home Edition Dodatek Service Pack 2
System drive C: has 2 GB (14%) free of 16 GB
Total RAM: 767 MB (36% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:46:49, on 10-05-22
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\OS\System32\smss.exe
C:\OS\system32\winlogon.exe
C:\OS\system32\services.exe
C:\OS\system32\lsass.exe
C:\OS\system32\Ati2evxx.exe
C:\OS\system32\svchost.exe
C:\OS\System32\svchost.exe
C:\OS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\OS\Explorer.EXE
C:\OS\system32\spoolsv.exe
C:\OS\SOUNDMAN.EXE
C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\OS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Gadu-Gadu 10\gg.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Właściciel\Moje dokumenty\Downloads\RSIT.exe
C:\Program Files\trend micro\Właściciel.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: XfireXO Toolbar - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files\XfireXO\tbXfir.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: XfireXO Toolbar - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files\XfireXO\tbXfir.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: IEPluginBHO - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Documents and Settings\All Users\Dane aplikacji\Gadu-Gadu 10\_userdata\ggbho.2.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: XfireXO Toolbar - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files\XfireXO\tbXfir.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\OS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\OS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\OS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\OS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Gadu-Gadu 10] "C:\Program Files\Gadu-Gadu 10\gg.exe"
O4 - Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Startup: OpenOffice.ux.pl 2.0.4.lnk = C:\Program Files\OpenOffice.ux.pl 2.0.4\program\quickstart.exe
O8 - Extra context menu item: Funkcja Google Sidewiki - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O22 - SharedTaskScheduler: Moduł wstępnego ładowania interfejsu Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\OS\system32\browseui.dll
O22 - SharedTaskScheduler: Demon buforu kategorii składników - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\OS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\OS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\OS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Usługa Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Inkjet Printer/Scanner Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

--
End of file - 7429 bytes

======Scheduled tasks folder======

C:\OS\tasks\GoogleUpdateTaskMachineCore.job
C:\OS\tasks\GoogleUpdateTaskMachineUA.job
C:\OS\tasks\GoogleUpdateTaskUserS-1-5-21-343818398-1035525444-725345543-1003Core.job
C:\OS\tasks\GoogleUpdateTaskUserS-1-5-21-343818398-1035525444-725345543-1003UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}]
XfireXO Toolbar - C:\Program Files\XfireXO\tbXfir.dll [2010-04-15 2515552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-02-10 279664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll [2010-02-10 812528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-02-02 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-02-02 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D}]
IEPluginBHO Class - C:\Documents and Settings\All Users\Dane aplikacji\Gadu-Gadu 10\_userdata\ggbho.2.dll [2010-04-21 42080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-02-10 279664]
{5e5ab302-7f65-44cd-8211-c1d4caaccea3} - XfireXO Toolbar - C:\Program Files\XfireXO\tbXfir.dll [2010-04-15 2515552]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"=C:\OS\IME\imjp8_1\IMJPMIG.EXE [2004-08-03 208952]
"PHIME2002ASync"=C:\OS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-03 455168]
"PHIME2002A"=C:\OS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-03 455168]
"SoundMan"=C:\OS\SOUNDMAN.EXE [2004-08-30 69632]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]
"RemoteControl"=C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe [2005-01-12 32768]
"avast5"=C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe [2010-02-11 2756488]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2010-02-02 149280]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-09-29 61440]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
"CanonSolutionMenu"=C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [2008-03-11 689488]
"CanonMyPrinter"=C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2008-03-04 1848648]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2006-10-09 139264]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2010-02-09 39408]
"ctfmon.exe"=C:\OS\system32\ctfmon.exe [2004-08-04 15360]
"Google Update"=C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe [2010-02-10 135664]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-08-04 1667584]
"Gadu-Gadu 10"=C:\Program Files\Gadu-Gadu 10\gg.exe [2010-04-21 11985504]

C:\Documents and Settings\Właściciel\Menu Start\Programy\Autostart
OpenOffice.org 3.1.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe
OpenOffice.ux.pl 2.0.4.lnk - C:\Program Files\OpenOffice.ux.pl 2.0.4\program\quickstart.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\OS\system32\Ati2evxx.dll [2009-09-30 155648]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\BearShare Applications\BearShare\BearShare.exe"="C:\Program Files\BearShare Applications\BearShare\BearShare.exe:*:Enabled:BearShare"
"C:\Program Files\EA Sports\FIFA 08\FIFA08.exe"="C:\Program Files\EA Sports\FIFA 08\FIFA08.exe:*:Enabled:FIFA08"
"D:\Program Files\Activision\Call of Duty 2\CoD2MP_s.exe"="D:\Program Files\Activision\Call of Duty 2\CoD2MP_s.exe:*:Enabled:CoD2MP_s"
"C:\Program Files\Gadu-Gadu 10\gg.exe"="C:\Program Files\Gadu-Gadu 10\gg.exe:*:Enabled:Gadu-Gadu 10"
"C:\Program Files\Xfire\Xfire.exe"="C:\Program Files\Xfire\Xfire.exe:*:Enabled:Xfire"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 3 months======

2010-05-22 12:35:50 ----D---- C:\Program Files\trend micro
2010-05-22 12:35:49 ----D---- C:\rsit
2010-05-18 17:58:06 ----D---- C:\Program Files\Conduit
2010-05-18 17:58:03 ----D---- C:\Program Files\XfireXO
2010-05-18 17:57:47 ----D---- C:\Documents and Settings\Właściciel\Dane aplikacji\Xfire
2010-05-18 17:57:37 ----D---- C:\Program Files\Xfire
2010-05-15 11:45:51 ----HD---- C:\OS\PIF
2010-05-07 21:48:14 ----A---- C:\OS\system32\xfcodec.dll
2010-05-04 22:41:35 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\OpenFM
2010-05-04 22:41:32 ----D---- C:\Documents and Settings\Właściciel\Dane aplikacji\OpenFM
2010-05-04 22:39:30 ----D---- C:\Documents and Settings\Właściciel\Dane aplikacji\ipla
2010-05-04 22:39:30 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\ipla
2010-05-04 22:39:17 ----D---- C:\Program Files\ipla
2010-05-04 22:32:38 ----A---- C:\OS\system32\mfc71.dll
2010-05-04 22:32:38 ----A---- C:\OS\system32\gdiplus.dll
2010-05-04 22:31:45 ----D---- C:\Documents and Settings\Właściciel\Dane aplikacji\Gadu-Gadu 10
2010-05-04 22:30:15 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Gadu-Gadu 10
2010-05-04 22:27:42 ----D---- C:\Program Files\Gadu-Gadu 10
2010-04-02 15:04:41 ----A---- C:\OS\game.ini
2010-03-22 13:46:40 ----SHD---- C:\OS\ftpcache
2010-03-09 19:26:42 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Windows Genuine Advantage
2010-03-03 19:41:16 ----D---- C:\OS\Sun
2010-02-25 17:32:40 ----D---- C:\Program Files\AliveMedia
2010-02-25 15:43:01 ----A---- C:\OS\system32\wmpns.dll
2010-02-25 15:36:12 ----D---- C:\Documents and Settings\Właściciel\Dane aplikacji\CyberLink
2010-02-23 17:05:31 ----D---- C:\Sounds
2010-02-23 16:59:37 ----D---- C:\Program Files\LG Electronics
2010-02-23 16:58:25 ----A---- C:\OS\system32\NMSDVDXU.dll
2010-02-23 16:58:11 ----D---- C:\Program Files\LG PC Suite II
2010-02-23 16:58:11 ----D---- C:\Documents and Settings\Właściciel\Dane aplikacji\LG Electronics
2010-02-23 16:57:31 ----D---- C:\Documents and Settings\Właściciel\Dane aplikacji\InstallShield

======List of files/folders modified in the last 3 months======

2010-05-22 12:36:00 ----D---- C:\OS\Prefetch
2010-05-22 12:35:50 ----RD---- C:\Program Files
2010-05-22 11:51:24 ----D---- C:\OS\Temp
2010-05-22 11:37:06 ----D---- C:\OS\system32\CatRoot2
2010-05-21 23:34:55 ----A---- C:\OS\SchedLgU.Txt
2010-05-21 15:14:35 ----HD---- C:\Program Files\InstallShield Installation Information
2010-05-21 15:14:16 ----SHD---- C:\OS\Installer
2010-05-21 14:15:35 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\CanonIJPLM
2010-05-18 17:58:02 ----D---- C:\OS\system32
2010-05-15 11:45:51 ----HD---- C:\OS
2010-05-13 18:51:24 ----D---- C:\OS\system32\DirectX
2010-05-06 12:12:11 ----D---- C:\OS\Help
2010-05-04 22:30:11 ----D---- C:\OS\WinSxS
2010-04-29 23:31:31 ----RSHDC---- C:\OS\system32\dllcache
2010-04-29 23:31:27 ----D---- C:\OS\system32\drivers
2010-04-26 10:47:21 ----D---- C:\Program Files\Shut Down-O-Matic
2010-04-20 15:49:04 ----D---- C:\Program Files\Winamp
2010-04-15 16:43:22 ----A---- C:\OS\win.ini
2010-04-13 21:27:23 ----D---- C:\OS\system32\config
2010-04-07 17:49:28 ----D---- C:\OS\system32\Adobe
2010-04-07 17:49:27 ----D---- C:\Documents and Settings\Właściciel\Dane aplikacji\Adobe
2010-04-07 17:48:49 ----D---- C:\OS\system32\Macromed
2010-03-28 10:09:02 ----A---- C:\OS\system32\PerfStringBackup.INI
2010-03-10 00:39:49 ----D---- C:\OS\security
2010-03-09 19:33:07 ----D---- C:\Program Files\Windows Media Player
2010-03-09 19:33:06 ----D---- C:\OS\RegisteredPackages
2010-03-09 19:32:55 ----HD---- C:\OS\inf
2010-03-07 21:41:26 ----SD---- C:\Documents and Settings\Właściciel\Dane aplikacji\Microsoft
2010-02-25 16:33:40 ----D---- C:\Documents and Settings\Właściciel\Dane aplikacji\Ahead
2010-02-23 18:04:14 ----D---- C:\Documents and Settings\Właściciel\Dane aplikacji\Mozilla

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\OS\system32\drivers\Aavmker4.sys [2010-02-11 28880]
R1 aswSP;aswSP; C:\OS\system32\drivers\aswSP.sys [2010-02-11 162512]
R1 aswTdi;avast! Network Shield Support; C:\OS\system32\drivers\aswTdi.sys [2010-02-11 46672]
R1 intelppm;Sterownik procesora Intel; C:\OS\system32\DRIVERS\intelppm.sys [2004-08-04 40320]
R1 kbdhid;Sterownik klawiatury HID; C:\OS\system32\DRIVERS\kbdhid.sys [2004-08-04 14848]
R2 aswFsBlk;aswFsBlk; C:\OS\system32\drivers\aswFsBlk.sys [2010-02-11 19024]
R2 aswMon2;avast! Standard Shield Support; C:\OS\system32\drivers\aswMon2.sys [2010-02-11 100432]
R3 ALCXSENS;Service for WDM 3D Audio Driver; C:\OS\system32\drivers\ALCXSENS.SYS [2004-02-24 400384]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\OS\system32\drivers\ALCXWDM.SYS [2004-08-30 637713]
R3 aswRdr;aswRdr; C:\OS\system32\drivers\aswRdr.sys [2010-02-11 23376]
R3 ati2mtag;ati2mtag; C:\OS\system32\DRIVERS\ati2mtag.sys [2009-09-30 3565056]
R3 HidUsb;Sterownik Microsoft klasy HID; C:\OS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 rtl8139;Sterownik NT karty Realtek RTL8139(A/B/C)-based PCI Fast Ethernet; C:\OS\system32\DRIVERS\RTL8139.SYS [2004-08-04 20992]
R3 usbccgp;Rodzajowy sterownik nadrzędny USB Microsoft; C:\OS\system32\DRIVERS\usbccgp.sys [2004-08-04 31616]
R3 usbehci;Sterownik Miniport rozszerzonego kontrolera hosta USB 2.0 Microsoft; C:\OS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;Koncentrator z obsługą USB2; C:\OS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbuhci;Sterownik Miniport uniwersalnego kontrolera hosta USB Microsoft; C:\OS\system32\DRIVERS\usbuhci.sys [2004-08-04 20480]
S3 mouhid;Sterownik myszy HID; C:\OS\system32\DRIVERS\mouhid.sys [2001-10-26 12160]
S3 usbaudio;Sterownik audio USB (WDM); C:\OS\system32\drivers\usbaudio.sys [2004-08-03 59264]
S3 usbbus;LGE Mobile Composite USB Device; C:\OS\system32\DRIVERS\lgusbbus.sys [2008-11-11 13056]
S3 UsbDiag;LGE Mobile USB Serial Port; C:\OS\system32\DRIVERS\lgusbdiag.sys [2008-11-11 19968]
S3 USBModem;LGE Mobile USB Modem; C:\OS\system32\DRIVERS\lgusbmodem.sys [2008-11-11 24832]
S3 usbprint;Klasa PRINTER USB Microsoft; C:\OS\system32\DRIVERS\usbprint.sys [2004-08-04 25856]
S3 USBSTOR;Sterownik magazynu masowego USB; C:\OS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\OS\system32\Ati2evxx.exe [2009-09-30 602112]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-02-11 40384]
R2 IJPLMSVC;Inkjet Printer/Scanner Extended Survey Program; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [2008-01-22 103808]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-02-02 153376]
R2 UMWdf;Windows User Mode Driver Framework; C:\OS\system32\wdfmgr.exe [2005-01-28 38912]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-02-11 40384]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-02-11 40384]
S2 ATI Smart;ATI Smart; C:\OS\system32\ati2sgag.exe [2009-09-29 593920]
S2 gupdate;Usługa Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-10 135664]
S3 aspnet_state;ASP.NET State Service; C:\OS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\OS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\OS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-02-09 182768]
S3 idsvc;Windows CardSpace; C:\OS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2006-10-09 724992]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\OS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------[/log]


info.txt
[log]info.txt logfile of random's system information tool 1.06 2010-05-22 12:36:05

======Uninstall list======

-->C:\OS\UNNeroBackItUp.exe /UNINSTALL
-->C:\OS\UNNeroMediaHome.exe /UNINSTALL
-->C:\OS\UNNeroShowTime.exe /UNINSTALL
-->C:\OS\UNNeroVision.exe /UNINSTALL
-->C:\OS\UNRecode.exe /UNINSTALL
-->C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\OS\INF\PCHealth.inf
7-Zip 9.10 beta-->"C:\Program Files\7-Zip\Uninstall.exe"
Acrobat.com-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe -uninstall com.adobe.mauby 4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
Acrobat.com-->MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}
Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{00203668-8170-44A0-BE44-B632FA4D780F}
Adobe Flash Player 10 ActiveX-->C:\OS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\OS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A90000000001}
Adobe Shockwave Player 11.5-->"C:\OS\system32\Adobe\Shockwave 11\uninstaller.exe"
ALLPlayer V2.3.1-->"C:\Program Files\MarBit\ALLPlayer\unins000.exe"
ASUSDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
ATI Catalyst Control Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{055EE59D-217B-43A7-ABFF-507B966405D8}\setup.exe" -l0x5c32
ATI Display Driver-->rundll32 C:\OS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
avast! Free Antivirus-->C:\Program Files\Alwil Software\Avast5\aswRunDll.exe "C:\Program Files\Alwil Software\Avast5\Setup\setiface.dll" RunSetup
Canon iP1900 series Printer Driver-->"C:\OS\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP1900_series\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP1900_series /L0x0015
Canon Utilities Easy-PhotoPrint EX-->C:\Program Files\Canon\Easy-PhotoPrint EX\uninst.exe uninst.ini
Canon Utilities My Printer-->C:\Program Files\Canon\MyPrinter\uninst.exe uninst.ini
Canon Utilities Solution Menu-->C:\Program Files\Canon\SolutionMenu\uninst.exe uninst.ini
Catalyst Control Center - Branding-->MsiExec.exe /I{1FF713E1-FE5E-4AD0-9C8C-B2E877846B45}
ClassicPro© v1.14-->"C:\Program Files\Winamp\Uninstall ClassicPro.exe"
Combined Community Codec Pack 2009-09-09-->"C:\Program Files\Combined Community Codec Pack\unins000.exe"
EA SPORTS online 2008-->C:\Program Files\EA SPORTS\EA SPORTS online\EASOUNInstaller.exe
FIFA 08-->MsiExec.exe /X{0A2A5039-B37F-489D-B1DC-A5258DF9E697}
Gadu-Gadu 10-->C:\Program Files\Gadu-Gadu 10\Uninstall.exe
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_E85CDE7661A53A6A.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\OS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Inkjet Printer/Scanner Extended Survey Program-->C:\Program Files\Canon\IJPLM\SETUP.EXE -R
Java(TM) 6 Update 16-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216016FF}
LG PC Suite II-->C:\Program Files\InstallShield Installation Information\{14DCD95A-EBA3-4BF0-B7EF-533852E99BE6}\setup.exe -runfromtemp -l0x0015 -removeonly
LG USB Modem driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C3ABE126-2BB2-4246-BFE1-6797679B3579}\setup.exe" -l0x15 LG -removeonly
Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - PLK-->MsiExec.exe /I{2AFF2951-86B1-3C53-B34D-B440F11E7D0A}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - PLK-->MsiExec.exe /I{5A0DDC27-88E5-3CAD-BC3D-28FFD05CA6B9}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 Language Pack SP1 - plk-->MsiExec.exe /I{9EFDFBA8-9174-3C61-8645-28376C5CA994}
Microsoft .NET Framework 3.5 SP1-->C:\OS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Bootvis-->MsiExec.exe /I{0F9196C6-58B4-445B-B56E-B1200FECC151}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Mozilla Firefox (3.5.7)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MP3 Joiner version 1.22-->"e:\Program Files\MP3JOINER\unins000.exe"
MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Narzędzie Software Uninstall Utility firmy ATI-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
Native Instruments Service Center-->E:\PROGRA~1\NATIVE~1\SERVIC~1\UNWISE.EXE E:\PROGRA~1\NATIVE~1\SERVIC~1\INSTALL.LOG
Nero 7 Ultra Edition-->MsiExec.exe /I{F14B8ECC-BDA0-4987-9201-D7B7DBE11045}
OpenOffice.org 3.1-->MsiExec.exe /I{D2D3D146-67BC-43D0-9015-2E7BAC2E032B}
Pakiet językowy programu Microsoft .NET Framework 3.5 z dodatkiem SP1 — PLK-->C:\OS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - plk\setup.exe
PDF-Viewer-->"C:\Program Files\Tracker Software\PDF Viewer\unins000.exe"
Poprawka dla systemu Windows XP (KB942288-v3)-->"C:\OS\$NtUninstallKB942288-v3$\spuninst\spuninst.exe"
Real Alternative 2.0.0-->"C:\Program Files\Real Alternative\unins000.exe"
Rejestracja użytkownika drukarki Canon iP1900 series-->C:\Program Files\Canon\IJEREG\iP1900 series\UNINST.EXE
Shut Down-O-Matic-->C:\Program Files\Shut Down-O-Matic\Uninstall.exe
VDownloader 2.7.333-->"e:\Program Files\VDownloader\unins000.exe"
Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Imaging Component-->"C:\OS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Installer 3.1 (KB893803)-->"C:\OS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Internet Explorer 8-->"C:\OS\ie8\spuninst\spuninst.exe"
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Player 10-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Xfire (remove only)-->"C:\Program Files\Xfire\uninst.exe"
XfireXO Toolbar-->C:\PROGRA~1\XfireXO\UNWISE.EXE /U C:\PROGRA~1\XfireXO\INSTALL.LOG
XML Paper Specification Shared Components Language Pack 1.0-->"C:\OS\$NtUninstallXPSEPSCLP$\spuninst\spuninst.exe"
Zune Desktop Theme-->MsiExec.exe /X{7E20EFE6-E604-48C6-8B39-BA4742F2CDB4}

======System event log======

Computer Name: HOM
Event Code: 7035
Message: Do usługi Usługa COM nagrywania dysków CD IMAPI został pomyślnie wysłany kod sterowania uruchom.

Record Number: 5655
Source Name: Service Control Manager
Time Written: 20100331231118.000000+120
Event Type: informacje
User: ZARZĄDZANIE NT\SYSTEM

Computer Name: HOM
Event Code: 7036
Message: Usługa Google Software Updater weszła w stan zatrzymania.

Record Number: 5654
Source Name: Service Control Manager
Time Written: 20100331194109.000000+120
Event Type: informacje
User:

Computer Name: HOM
Event Code: 7036
Message: Usługa Usługa Google Update (gupdate) weszła w stan zatrzymania.

Record Number: 5653
Source Name: Service Control Manager
Time Written: 20100331194016.000000+120
Event Type: informacje
User:

Computer Name: HOM
Event Code: 7036
Message: Usługa Usługa Google Update (gupdate) weszła w stan uruchomienia.

Record Number: 5652
Source Name: Service Control Manager
Time Written: 20100331194010.000000+120
Event Type: informacje
User:

Computer Name: HOM
Event Code: 7035
Message: Do usługi Usługa Google Update (gupdate) został pomyślnie wysłany kod sterowania uruchom.

Record Number: 5651
Source Name: Service Control Manager
Time Written: 20100331194010.000000+120
Event Type: informacje
User: ZARZĄDZANIE NT\SYSTEM

=====Application event log=====

Computer Name: HOM
Event Code: 105
Message: The service was started.

Record Number: 672
Source Name: ATI Smart
Time Written: 20100309105554.000000+060
Event Type: informacje
User:

Computer Name: HOM
Event Code: 0
Message:
Record Number: 671
Source Name: gusvc
Time Written: 20100308191445.000000+060
Event Type: informacje
User:

Computer Name: HOM
Event Code: 0
Message:
Record Number: 670
Source Name: gupdate
Time Written: 20100308191353.000000+060
Event Type: informacje
User:

Computer Name: HOM
Event Code: 0
Message:
Record Number: 669
Source Name: gupdate
Time Written: 20100308191346.000000+060
Event Type: informacje
User:

Computer Name: HOM
Event Code: 0
Message:
Record Number: 668
Source Name: gusvc
Time Written: 20100308191345.000000+060
Event Type: informacje
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 1, GenuineIntel
"PROCESSOR_REVISION"=0401
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP

-----------------EOF-----------------[/log]

Tomek01
komentarz
komentarz

Odinstaluj XfireXO Toolbar.

W HiJackThis zaznacz fajki przy podanych niżej wpisach i fix chcecked:
[code]R3 - URLSearchHook: XfireXO Toolbar - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files\XfireXO\tbXfir.dll
O2 - BHO: XfireXO Toolbar - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files\XfireXO\tbXfir.dll
O3 - Toolbar: XfireXO Toolbar - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files\XfireXO\tbXfir.dll[/code]

Do notatnika systemowego wklej taki tekst, (bez frazy kod):
[code]Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]{5e5ab302-7f65-44cd-8211-c1d4caaccea3}
{5e5ab302-7f65-44cd-8211-c1d4caaccea3}=-[/code]
Plik zapisz jako/zmień rozszerzenie na wszystkie pliki/zapisz jako fix.reg/dwuklikiem dodajesz do rejestru.

Po wykonaniu tych czynności załącz logi RSIT i OTL.

ciałko
komentarz
komentarz

Dzięki za odpowiedź.
Zrobiłem loga z RSIT ale jak mówiłem OTL nie działa. Zatrzymuje się na C:\OS\system32\Ati2evxx.exe... i nie chce dalej ruszyć więc z OTL niestety nie zrobię :(.
Oto log:

[log]Logfile of random's system information tool 1.07 (written by random/random)
Run by Właściciel at 2010-05-23 19:23:43
Microsoft Windows XP Home Edition Dodatek Service Pack 2
System drive C: has 6 GB (39%) free of 16 GB
Total RAM: 767 MB (41% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:23:47, on 10-05-23
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\OS\System32\smss.exe
C:\OS\system32\winlogon.exe
C:\OS\system32\services.exe
C:\OS\system32\lsass.exe
C:\OS\system32\Ati2evxx.exe
C:\OS\system32\svchost.exe
C:\OS\System32\svchost.exe
C:\OS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\OS\Explorer.EXE
C:\OS\system32\spoolsv.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\OS\SOUNDMAN.EXE
C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\OS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Gadu-Gadu 10\gg.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe
C:\OS\system32\svchost.exe
C:\Documents and Settings\Właściciel\Moje dokumenty\RSIT.exe
C:\Program Files\trend micro\Właściciel.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: IEPluginBHO - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Documents and Settings\All Users\Dane aplikacji\Gadu-Gadu 10\_userdata\ggbho.2.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\OS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\OS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\OS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\OS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Gadu-Gadu 10] "C:\Program Files\Gadu-Gadu 10\gg.exe"
O4 - Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Startup: OpenOffice.ux.pl 2.0.4.lnk = C:\Program Files\OpenOffice.ux.pl 2.0.4\program\quickstart.exe
O8 - Extra context menu item: Funkcja Google Sidewiki - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O22 - SharedTaskScheduler: Moduł wstępnego ładowania interfejsu Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\OS\system32\browseui.dll
O22 - SharedTaskScheduler: Demon buforu kategorii składników - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\OS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\OS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\OS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Usługa Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Inkjet Printer/Scanner Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

--
End of file - 7006 bytes

======Scheduled tasks folder======

C:\OS\tasks\GoogleUpdateTaskMachineCore.job
C:\OS\tasks\GoogleUpdateTaskMachineUA.job
C:\OS\tasks\GoogleUpdateTaskUserS-1-5-21-343818398-1035525444-725345543-1003Core.job
C:\OS\tasks\GoogleUpdateTaskUserS-1-5-21-343818398-1035525444-725345543-1003UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-02-10 279664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll [2010-02-10 812528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-02-02 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-02-02 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D}]
IEPluginBHO Class - C:\Documents and Settings\All Users\Dane aplikacji\Gadu-Gadu 10\_userdata\ggbho.2.dll [2010-04-21 42080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-02-10 279664]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"=C:\OS\IME\imjp8_1\IMJPMIG.EXE [2004-08-03 208952]
"PHIME2002ASync"=C:\OS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-03 455168]
"PHIME2002A"=C:\OS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-03 455168]
"SoundMan"=C:\OS\SOUNDMAN.EXE [2004-08-30 69632]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]
"RemoteControl"=C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe [2005-01-12 32768]
"avast5"=C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe [2010-02-11 2756488]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2010-02-02 149280]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-09-29 61440]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
"CanonSolutionMenu"=C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [2008-03-11 689488]
"CanonMyPrinter"=C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2008-03-04 1848648]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2006-10-09 139264]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2010-02-09 39408]
"ctfmon.exe"=C:\OS\system32\ctfmon.exe [2004-08-04 15360]
"Google Update"=C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe [2010-02-10 135664]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-08-04 1667584]
"Gadu-Gadu 10"=C:\Program Files\Gadu-Gadu 10\gg.exe [2010-04-21 11985504]

C:\Documents and Settings\Właściciel\Menu Start\Programy\Autostart
OpenOffice.org 3.1.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe
OpenOffice.ux.pl 2.0.4.lnk - C:\Program Files\OpenOffice.ux.pl 2.0.4\program\quickstart.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\OS\system32\Ati2evxx.dll [2009-09-30 155648]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\BearShare Applications\BearShare\BearShare.exe"="C:\Program Files\BearShare Applications\BearShare\BearShare.exe:*:Enabled:BearShare"
"C:\Program Files\EA Sports\FIFA 08\FIFA08.exe"="C:\Program Files\EA Sports\FIFA 08\FIFA08.exe:*:Enabled:FIFA08"
"D:\Program Files\Activision\Call of Duty 2\CoD2MP_s.exe"="D:\Program Files\Activision\Call of Duty 2\CoD2MP_s.exe:*:Enabled:CoD2MP_s"
"C:\Program Files\Gadu-Gadu 10\gg.exe"="C:\Program Files\Gadu-Gadu 10\gg.exe:*:Enabled:Gadu-Gadu 10"
"C:\Program Files\Xfire\Xfire.exe"="C:\Program Files\Xfire\Xfire.exe:*:Enabled:Xfire"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 3 months======

2010-05-22 12:35:50 ----D---- C:\Program Files\trend micro
2010-05-22 12:35:49 ----D---- C:\rsit
2010-05-15 11:45:51 ----HD---- C:\OS\PIF
2010-05-04 22:41:35 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\OpenFM
2010-05-04 22:41:32 ----D---- C:\Documents and Settings\Właściciel\Dane aplikacji\OpenFM
2010-05-04 22:39:30 ----D---- C:\Documents and Settings\Właściciel\Dane aplikacji\ipla
2010-05-04 22:39:30 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\ipla
2010-05-04 22:32:38 ----A---- C:\OS\system32\mfc71.dll
2010-05-04 22:32:38 ----A---- C:\OS\system32\gdiplus.dll
2010-05-04 22:31:45 ----D---- C:\Documents and Settings\Właściciel\Dane aplikacji\Gadu-Gadu 10
2010-05-04 22:30:15 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Gadu-Gadu 10
2010-05-04 22:27:42 ----D---- C:\Program Files\Gadu-Gadu 10
2010-04-02 15:04:41 ----A---- C:\OS\game.ini
2010-03-22 13:46:40 ----SHD---- C:\OS\ftpcache
2010-03-09 19:26:42 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Windows Genuine Advantage
2010-03-03 19:41:16 ----D---- C:\OS\Sun
2010-02-25 17:32:40 ----D---- C:\Program Files\AliveMedia
2010-02-25 15:43:01 ----A---- C:\OS\system32\wmpns.dll
2010-02-25 15:36:12 ----D---- C:\Documents and Settings\Właściciel\Dane aplikacji\CyberLink

======List of files/folders modified in the last 3 months======

2010-05-23 19:23:45 ----D---- C:\OS\Prefetch
2010-05-23 19:15:31 ----A---- C:\OS\setuplog.txt
2010-05-23 18:57:03 ----SHD---- C:\OS\Installer
2010-05-23 18:05:19 ----D---- C:\OS\Temp
2010-05-23 17:51:29 ----D---- C:\OS\system32\CatRoot2
2010-05-23 17:49:13 ----A---- C:\OS\SchedLgU.Txt
2010-05-23 17:44:35 ----D---- C:\Program Files\EA Sports
2010-05-22 20:46:29 ----D---- C:\Program Files\Mozilla Firefox
2010-05-22 16:17:14 ----RD---- C:\Program Files
2010-05-22 13:55:03 ----D---- C:\OS\system32
2010-05-21 15:14:35 ----HD---- C:\Program Files\InstallShield Installation Information
2010-05-21 14:15:35 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\CanonIJPLM
2010-05-15 11:45:51 ----HD---- C:\OS
2010-05-13 18:51:24 ----D---- C:\OS\system32\DirectX
2010-05-06 12:12:11 ----D---- C:\OS\Help
2010-05-04 22:30:11 ----D---- C:\OS\WinSxS
2010-04-29 23:31:31 ----RSHDC---- C:\OS\system32\dllcache
2010-04-29 23:31:27 ----D---- C:\OS\system32\drivers
2010-04-26 10:47:21 ----D---- C:\Program Files\Shut Down-O-Matic
2010-04-20 15:49:04 ----D---- C:\Program Files\Winamp
2010-04-15 16:43:22 ----A---- C:\OS\win.ini
2010-04-13 21:27:23 ----D---- C:\OS\system32\config
2010-04-07 17:49:28 ----D---- C:\OS\system32\Adobe
2010-04-07 17:49:27 ----D---- C:\Documents and Settings\Właściciel\Dane aplikacji\Adobe
2010-04-07 17:48:49 ----D---- C:\OS\system32\Macromed
2010-03-28 10:09:02 ----A---- C:\OS\system32\PerfStringBackup.INI
2010-03-27 16:15:27 ----D---- C:\Program Files\LG PC Suite II
2010-03-10 00:39:49 ----D---- C:\OS\security
2010-03-09 19:33:07 ----D---- C:\Program Files\Windows Media Player
2010-03-09 19:33:06 ----D---- C:\OS\RegisteredPackages
2010-03-09 19:32:55 ----HD---- C:\OS\inf
2010-03-07 21:41:26 ----SD---- C:\Documents and Settings\Właściciel\Dane aplikacji\Microsoft
2010-02-25 16:33:40 ----D---- C:\Documents and Settings\Właściciel\Dane aplikacji\Ahead
2010-02-24 22:54:04 ----D---- C:\Documents and Settings\Właściciel\Dane aplikacji\LG Electronics

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\OS\system32\drivers\Aavmker4.sys [2010-02-11 28880]
R1 aswSP;aswSP; C:\OS\system32\drivers\aswSP.sys [2010-02-11 162512]
R1 aswTdi;avast! Network Shield Support; C:\OS\system32\drivers\aswTdi.sys [2010-02-11 46672]
R1 intelppm;Sterownik procesora Intel; C:\OS\system32\DRIVERS\intelppm.sys [2004-08-04 40320]
R1 kbdhid;Sterownik klawiatury HID; C:\OS\system32\DRIVERS\kbdhid.sys [2004-08-04 14848]
R2 aswFsBlk;aswFsBlk; C:\OS\system32\drivers\aswFsBlk.sys [2010-02-11 19024]
R2 aswMon2;avast! Standard Shield Support; C:\OS\system32\drivers\aswMon2.sys [2010-02-11 100432]
R3 ALCXSENS;Service for WDM 3D Audio Driver; C:\OS\system32\drivers\ALCXSENS.SYS [2004-02-24 400384]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\OS\system32\drivers\ALCXWDM.SYS [2004-08-30 637713]
R3 aswRdr;aswRdr; C:\OS\system32\drivers\aswRdr.sys [2010-02-11 23376]
R3 ati2mtag;ati2mtag; C:\OS\system32\DRIVERS\ati2mtag.sys [2009-09-30 3565056]
R3 HidUsb;Sterownik Microsoft klasy HID; C:\OS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 rtl8139;Sterownik NT karty Realtek RTL8139(A/B/C)-based PCI Fast Ethernet; C:\OS\system32\DRIVERS\RTL8139.SYS [2004-08-04 20992]
R3 usbccgp;Rodzajowy sterownik nadrzędny USB Microsoft; C:\OS\system32\DRIVERS\usbccgp.sys [2004-08-04 31616]
R3 usbehci;Sterownik Miniport rozszerzonego kontrolera hosta USB 2.0 Microsoft; C:\OS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;Koncentrator z obsługą USB2; C:\OS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbuhci;Sterownik Miniport uniwersalnego kontrolera hosta USB Microsoft; C:\OS\system32\DRIVERS\usbuhci.sys [2004-08-04 20480]
S3 mouhid;Sterownik myszy HID; C:\OS\system32\DRIVERS\mouhid.sys [2001-10-26 12160]
S3 usbaudio;Sterownik audio USB (WDM); C:\OS\system32\drivers\usbaudio.sys [2004-08-03 59264]
S3 usbbus;LGE Mobile Composite USB Device; C:\OS\system32\DRIVERS\lgusbbus.sys [2008-11-11 13056]
S3 UsbDiag;LGE Mobile USB Serial Port; C:\OS\system32\DRIVERS\lgusbdiag.sys [2008-11-11 19968]
S3 USBModem;LGE Mobile USB Modem; C:\OS\system32\DRIVERS\lgusbmodem.sys [2008-11-11 24832]
S3 usbprint;Klasa PRINTER USB Microsoft; C:\OS\system32\DRIVERS\usbprint.sys [2004-08-04 25856]
S3 USBSTOR;Sterownik magazynu masowego USB; C:\OS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\OS\system32\Ati2evxx.exe [2009-09-30 602112]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-02-11 40384]
R2 IJPLMSVC;Inkjet Printer/Scanner Extended Survey Program; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [2008-01-22 103808]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-02-02 153376]
R2 UMWdf;Windows User Mode Driver Framework; C:\OS\system32\wdfmgr.exe [2005-01-28 38912]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-02-11 40384]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-02-11 40384]
S2 ATI Smart;ATI Smart; C:\OS\system32\ati2sgag.exe [2009-09-29 593920]
S2 gupdate;Usługa Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-10 135664]
S3 aspnet_state;ASP.NET State Service; C:\OS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\OS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\OS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-02-09 182768]
S3 idsvc;Windows CardSpace; C:\OS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2006-10-09 724992]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\OS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------[/log]

Tomek01
komentarz
komentarz

Nic tu specjalnego nie widać.
Z autostartu wywaliłbym na pewno Open Office'a.

Zrób pełny skan [url="http://www.dobreprogramy.pl/DrWEB-CureIt,Program,Windows,12976.html"][b]DrWebCureIt[/b][/url] oraz [url="http://www.dobreprogramy.pl/Malwarebytes-AntiMalware,Program,Windows,13117.html"][b]Mbam[/b][/url]
Załącz z nich raporty jeśli coś wykryją.

ciałko
komentarz
komentarz (edytowane)

Ok. Zrobiłem te skany (to wszystko strasznie długo trwało). Tutaj masz raporty:

DrWebCurelt:

RunMSC.dll;D:\bearshare;Adware.SearchAid.40;;
RunMSC.dll;D:\pulpit\BearShare;Adware.SearchAid.40;;

z Mbam mam loga:

[log]Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Wersja bazy: 4134

Windows 5.1.2600 Dodatek Service Pack 2
Internet Explorer 8.0.6001.18702

10-05-24 20:37:08
mbam-log-2010-05-24 (20-37-08).txt

Typ skanowania: Pełne skanowanie (C:\|D:\|E:\|)
Przeskanowano obiektów: 172157
Upłynęło: 46 minut(y), 41 sekund(y)

Zainfekowanych procesów w pamięci: 0
Zainfekowanych modułów w pamięci: 0
Zainfekowanych kluczy rejestru: 0
Zainfekowanych wartości rejestru: 0
Zainfekowane informacje rejestru systemowego: 1
Zainfekowanych folderów: 0
Zainfekowanych plików: 0

Zainfekowanych procesów w pamięci:
(Nie znaleziono zagrożeń)

Zainfekowanych modułów w pamięci:
(Nie znaleziono zagrożeń)

Zainfekowanych kluczy rejestru:
(Nie znaleziono zagrożeń)

Zainfekowanych wartości rejestru:
(Nie znaleziono zagrożeń)

Zainfekowane informacje rejestru systemowego:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Zainfekowanych folderów:
(Nie znaleziono zagrożeń)

Zainfekowanych plików:
(Nie znaleziono zagrożeń)[/log]

Od razu mówię, że wszystkie te syfy już usunąłem z kompa. I dzięki za odpowiedź :).
Jeszcze coś trzeba zrobić?

Tomek01
komentarz
komentarz

Usuń to co znalazł Mbam w trybie skanu.

Do [url="http://images.malwareremoval.com/jpshortstuff/SystemLook.exe"][color="#0000FF"][b]System Look[/b][/color][/url] wklej:

[code]:filefind
Bearshare
:regfind
Bearshare[/code]
wcisnij look, pokaż co wyskoczy.

ciałko
komentarz
komentarz (edytowane)

Usunąłem ten syf z Mbam.
W tym System Look to nic nie wyskoczyło. Próbowałem trzy razy ale nic. [URL=http://img714.imageshack.us/i/beztytuujz.png/][IMG]http://img714.imageshack.us/img714/653/beztytuujz.png[/IMG][/URL]
Ten screen jest po tym naciśnięci "Look". Zeskanowało ale nic nie wyskoczyło.
Może to dlatego, że ja usunąłem wszystkie pliki i foldery od tego BearShare.
Za to zapisało mi coś dziwnego (w załączniku). To jest chyba jakiś raport, tylko co drugą literę jest kratka (#), więc trudno to odczytać.

Tomek01
komentarz
komentarz

Mała poprawka do system look:

[code]:filefind
Bearshare*
[/code]
Look...

ciałko
komentarz
komentarz

Tak samo. Zapisał się inny plik (w załączniku)

Tomek01
komentarz
komentarz

Do notatnika systemowego wklej taki tekst, (bez frazy kod):
[code]Windows Registry Editor Version 5.00

[ -HKEY_CURRENT_USER\Software\BearShare]
[HKEY_CURRENT_USER\Software\BearShare\Inst]
"Last"=-
[HKEY_CURRENT_USER\Software\Microsoft\Search Assistant\ACMru\5603]
"000"=-
[ -HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\BearShare]
[ -HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0974BA1E-64EC-11DE-B2A5-E43756D89593}\InprocServer32]
[ -HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{27BF8F8D-58B8-D41C-F913-B7EEB57EF6F6}\InprocServer32]
[ -HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{96F7FABC-5789-EFA4-B6ED-1272F4C1D27B}\1.0\0\win32]
[ -HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{96F7FABC-5789-EFA4-B6ED-1272F4C1D27B}\1.0\HELPDIR]
[ -HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\BearShare]
[ -HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\BearShare MediaBar]
[ -HKEY_USERS\S-1-5-21-343818398-1035525444-725345543-1003\Software\BearShare]
[ -HKEY_USERS\S-1-5-21-343818398-1035525444-725345543-1003\Software\BearShare\Inst]
[HKEY_USERS\S-1-5-21-343818398-1035525444-725345543-1003\Software\Microsoft\Search Assistant\ACMru\5603]
"000"=-[/code]
Plik zapisz jako/zmień rozszerzenie na wszystkie pliki/zapisz jako fix.reg/dwuklikiem dodajesz do rejestru.



Pobierz [b][url=http://www.instalki.pl/programy/download/antyspyware/get.php?file=avenger]Avenger[/url][/b]
W polu input script here wklej taki tekst (bez frazy kod):

[code]Files to delete:
C:\DOCUME~1\WACICI~1\USTAWI~1\Temp\BearShareInstaller\nsv94.tmp.exe

Folders to delete:
C:\Program Files\BearShare Applications\MediaBar[/code]
Klikasz execute, komputer uruchamia się ponownie.

Załącz raport z Avenger'a oraz log OTL.

ciałko
komentarz
komentarz

Raport z Avenger'a jest tak samo dziwny jak te z System Look, ale jest (załącznik).
Niestety log z OTL jak się zrobić nie chciał, tak nadal nie chce. Jeśli trzeba to mogę załączyć loga z RSIT lub czegoś innego.

Tomek01
komentarz
komentarz (edytowane)

Nie trzeba teraz powinno być czysto.
W OTL użyj opcji Clean Up.
Wyłącz a następnie włącz przywracanie systemu.
Użyj ATF cleaner, zaznacz trzy pierwsze fajki a następnie empty selected.
Wykonaj pełny skan DrWebCureIt oraz Mbam. J
ak coś wykryją załącz raporty. Jak nie to znaczy że czyściutko.

ciałko
komentarz
komentarz

Po dłuuugim skanowaniu stwierdzam, że komputer jest czysty :D ALE... problem nie znikł :blink: . Nadal nie da się grać ani robić cokolwiek na necie. Komputer jest czysty, więc może coś nie tak ze sprzętem. Komp był niedawno w naprawie (wymieniany zasilacz, wiatraczek - to pamiętam). Dzięki za dotychczasową pomoc, bo coś tam jednak się poprawiło ale nie do końca :( niestety :(

Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!

Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.

×
×
  • Dodaj nową pozycję...

Powiadomienie o plikach cookie

Strona wykorzystuje pliki cookies w celu prawidłowego świadczenia usług i wygody użytkowników. Warunki przechowywania i dostępu do plików cookies możesz zmienić w ustawieniach przeglądarki.