main.txt

Strasznie Duże Obciązenie Procesora !

Wydaje mi sie ze to przez procesor ale sam nie wiem... Usunolem te które mowiles a teraz daje w zalaczniku to o co prosiles


Deckard's System Scanner v20070426.43
Run by Piotr on 2007-05-23 at 13:45:59
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Piotr.exe) -----------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 13:46:00, on 2007-05-23
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\NetLimiter 2 Pro\nlsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\CiDial\CiDial.exe
C:\Program Files\NetLimiter 2 Pro\NLClient.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Winamp\Winamp.exe
C:\Program Files\Opera\Opera.exe
C:\WINDOWS\System32\WScript.exe
C:\Documents and Settings\Piotr\Pulpit\dss.exe
C:\DOCUME~1\Piotr\Pulpit\HIJACK~1\Piotr.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = ??cza
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] " C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe " /icon
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] " C:\Program Files\MSN Messenger\MsnMsgr.Exe " /background
O4 - Startup: CiDial 2.3.lnk = C:\Program Files\CiDial\CiDial.exe
O8 - Extra context menu item: & Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E & ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{47D36EF5-5F64-484E-8876-CEE61E22B40B}: NameServer = 194.204.159.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{7E3B948C-64D7-4057-9606-ABE15F70AC5F}: NameServer = 194.204.152.34 217.98.63.164
O17 - HKLM\System\CCS\Services\Tcpip\..\{EFE53E27-4D20-49EF-BCC5-B63204A6E1AD}: NameServer = 194.204.159.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{47D36EF5-5F64-484E-8876-CEE61E22B40B}: NameServer = 194.204.159.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{47D36EF5-5F64-484E-8876-CEE61E22B40B}: NameServer = 194.204.159.1
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe " /h ccCommon (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NetLimiter (nlsvc) - Locktime Software - C:\Program Files\NetLimiter 2 Pro\nlsvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe


-- Files created between 2007-04-23 and 2007-05-23 -----------------------------

2007-05-20 12:35:04 0 d-------- C:\Program Files\SpywareBlaster
2007-05-16 12:49:47 0 d-------- C:\Program Files\Jasc Software Inc
2007-05-16 12:41:41 90112 --a------ C:\WINDOWS\unvise32.exe & lt; Not Verified; MindVision Software; Installer VISE & gt;
2007-05-16 12:41:38 0 d-------- C:\Program Files\SWiSH v2.01
2007-05-16 12:40:00 0 d-------- C:\Program Files\CoffeeCup Software
2007-05-15 21:15:29 0 d-------- C:\_cache
2007-05-14 16:50:00 0 d-------- C:\Program Files\thriXXX
2007-05-10 17:38:15 0 d--hs---- C:\WINDOWS\CSC
2007-05-09 00:54:28 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-05-06 22:56:21 0 d-------- C:\Phenomedia AG
2007-05-06 19:27:36 32782 --a------ C:\WINDOWS\system32\drivers\ser120.sys & lt; Not Verified; USB Com port.; USB Com port Device & gt;
2007-05-06 19:27:36 0 d-------- C:\Program Files\Usb to Serial Driver 1.12.25
2007-05-06 19:27:13 0 d-------- C:\Program Files\Microsoft Windows Script
2007-05-06 19:27:05 0 d-------- C:\Program Files\FMA 2
2007-04-25 13:05:34 0 d-------- C:\Program Files\ToniArts
2007-04-25 01:19:23 0 d-------- C:\Program Files\Audacity


-- Find3M Report ---------------------------------------------------------------

2007-05-23 10:16:34 356154 --a------ C:\WINDOWS\system32\perfh015.dat
2007-05-23 10:16:34 49724 --a------ C:\WINDOWS\system32\perfc015.dat
2007-05-22 23:14:43 0 d-------- C:\Program Files\FlashFXP
2007-05-21 17:56:40 0 d-------- C:\Program Files\DC++
2007-05-20 11:10:06 0 d-------- C:\Documents and Settings\Piotr\Dane aplikacji\FMA
2007-05-16 12:50:19 0 d-------- C:\Documents and Settings\Piotr\Dane aplikacji\Jasc
2007-05-12 00:55:15 0 d-------- C:\Program Files\VS Online
2007-05-11 11:54:29 0 d-------- C:\Program Files\Winamp
2007-05-11 00:05:18 0 d-------- C:\Documents and Settings\Piotr\Dane aplikacji\MegauploadToolbar
2007-05-06 22:56:20 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-04-25 13:35:38 0 d-------- C:\Program Files\Gadu-Gadu
2007-04-25 13:05:12 0 d-------- C:\Program Files\Common Files\InstallShield
2007-04-24 13:08:08 0 d-------- C:\Documents and Settings\Piotr\Dane aplikacji\Adobe
2007-04-22 02:57:50 0 d-------- C:\Documents and Settings\Piotr\Dane aplikacji\Gadu-Gadu
2007-04-15 21:13:07 0 d-------- C:\Program Files\Electronic Arts
2007-04-15 14:58:05 0 d-------- C:\Documents and Settings\Piotr\Dane aplikacji\Ahead
2007-04-15 14:50:28 0 d-------- C:\Program Files\Common Files\Ahead
2007-04-15 14:48:56 0 d-------- C:\Program Files\Nero
2007-04-15 14:44:40 0 d-------- C:\Program Files\Ahead
2007-04-05 16:17:15 0 d-------- C:\Documents and Settings\Piotr\Dane aplikacji\Command & Conquer 3 Tiberium Wars
2007-04-05 15:49:44 0 dr-h----- C:\Documents and Settings\Piotr\Dane aplikacji\SecuROM
2007-03-24 12:29:29 0 d-------- C:\Program Files\Image-Line
2007-03-24 12:29:21 0 d-------- C:\Program Files\VstPlugins
2007-03-05 10:56:35 737280 --a------ C:\WINDOWS\iun6002.exe & lt; Not Verified; Indigo Rose Corporation; Setup Factory 6.0 Runtime Module & gt;


-- Registry Dump ---------------------------------------------------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} C:\Program Files\Windows Live Toolbar\msntb.dll
{E5A1691B-D188-4419-AD02-90002030B8EE} C:\PROGRA~1\FlashFXP\IEFlash.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
" SpeedTouch USB Diagnostics " = " \ " C:\\Program Files\\Alcatel\\SpeedTouch USB\\Dragdiag.exe\ " /icon "
" ATIModeChange " = " Ati2mdxx.exe "

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
" CTFMON.EXE " = " C:\\WINDOWS\\system32\\ctfmon.exe "
" MsnMsgr " = " \ " C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\ " /background "

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
" CTFMON.EXE " = " C:\\WINDOWS\\system32\\CTFMON.EXE "
" DWQueuedReporting " = " \ " C:\\PROGRA~1\\COMMON~1\\MICROS~1\\DW\\dwtrig20.exe\ " -t "

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
" DisableTaskMgr " =dword:00000001

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk]
" path " = " C:\\Documents and Settings\\All Users\\Menu Start\\Programy\\Autostart\\Adobe Reader Speed Launch.lnk "
" backup " = " C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup "
" location " = " Common Startup "
" command " = " C:\\PROGRA~1\\Adobe\\ACROBA~1.0\\Reader\\READER~1.EXE "
" item " = " Adobe Reader Speed Launch "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Piotr^Menu Start^Programy^Autostart^Adobe Gamma.lnk]
" path " = " C:\\Documents and Settings\\Piotr\\Menu Start\\Programy\\Autostart\\Adobe Gamma.lnk "
" backup " = " C:\\WINDOWS\\pss\\Adobe Gamma.lnkStartup "
" location " = " Startup "
" command " = " C:\\PROGRA~1\\COMMON~1\\Adobe\\CALIBR~1\\ADOBEG~1.EXE "
" item " = " Adobe Gamma "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
" key " = " SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
" item " = " atiptaxx "
" hkey " = " HKLM "
" command " = " C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe "
" inimapping " = " 0 "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!]
" key " = " SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
" item " = " ashDisp "
" hkey " = " HKLM "
" command " = " C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe "
" inimapping " = " 0 "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
" key " = " SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
" item " = " NMBgMonitor "
" hkey " = " HKCU "
" command " = " \ " C:\\Program Files\\Common Files\\Ahead\\Lib\\NMBgMonitor.exe\ " "
" inimapping " = " 0 "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitComet]
" key " = " SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
" item " = " BitComet "
" hkey " = " HKCU "
" command " = " \ " C:\\Program Files\\BitComet\\BitComet.exe\ " "
" inimapping " = " 0 "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
" key " = " SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
" item " = " daemon "
" hkey " = " HKLM "
" command " = " \ " C:\\Program Files\\DAEMON Tools\\daemon.exe\ " -lang 1033 "
" inimapping " = " 0 "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadu-Gadu]
" key " = " SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
" item " = " gg "
" hkey " = " HKCU "
" command " = " \ " C:\\Program Files\\Gadu-Gadu\\gg.exe\ " /tray "
" inimapping " = " 0 "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
" key " = " SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
" item " = " iTunesHelper "
" hkey " = " HKLM "
" command " = " \ " C:\\Program Files\\iTunes\\iTunesHelper.exe\ " "
" inimapping " = " 0 "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
" key " = " SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
" item " = " NeroCheck "
" hkey " = " HKLM "
" command " = " C:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe "
" inimapping " = " 0 "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
" key " = " SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
" item " = " qttask "
" hkey " = " HKLM "
" command " = " \ " C:\\Program Files\\QuickTime\\qttask.exe\ " -atboottime "
" inimapping " = " 0 "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
" key " = " SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
" item " = " SOUNDMAN "
" hkey " = " HKLM "
" command " = " SOUNDMAN.EXE "
" inimapping " = " 0 "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
" key " = " SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
" item " = " AdobeUpdateManager "
" hkey " = " HKCU "
" command " = " C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe AcRdB7_0_9 "
" inimapping " = " 0 "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VS Online]
" key " = " SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
" item " = " VSOnline "
" hkey " = " HKCU "
" command " = " \ " C:\\Program Files\\VS Online\\VSOnline.exe\ " /tray "
" inimapping " = " 0 "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WhenUSearch]
" key " = " SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
" item " = " Search "
" hkey " = " HKLM "
" command " = " \ " C:\\Program Files\\WhenUSearch\\Search.exe\ " "
" inimapping " = " 0 "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WhenUSearchWHSE]
" key " = " SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
" item " = " whse "
" hkey " = " HKLM "
" command " = " \ " C:\\Program Files\\WhenUSearch\\whse.exe\ " "
" inimapping " = " 0 "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
" key " = " SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
" item " = " Winampa "
" hkey " = " HKLM "
" command " = " \ " C:\\Program Files\\Winamp\\Winampa.exe\ " "
" inimapping " = " 0 "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
" key " = " SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
" item " = " MSASCui "
" hkey " = " HKLM "
" command " = " \ " C:\\Program Files\\Windows Defender\\MSASCui.exe\ " -hide "
" inimapping " = " 0 "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOTASKBARICON]
" key " = " SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
" item " = " TaskbarIcon "
" hkey " = " HKLM "
" inimapping " = " 0 "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOWATCH]
" key " = " SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
" item " = " Watch "
" hkey " = " HKLM "
" inimapping " = " 0 "

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0



-- End of Deckard's System Scanner: finished at 2007-05-23 at 13:46:20 ---------


Download file - link to post