Proszę o sprawdzenie loga - powolne działanie systemu

**Posty:** 1850 · przez **Tomaszu** 19 Maj 2010, 18:38

Witam.
Od wczoraj mam dziwny problem. Od włączenia komputera do załadowania puplitu i programów mija nieco ponad 5 minut gdy wcześniej nie zajmowało to dłużej niż minutę. Poza tym foldery i różne programy wczytują się długo. Za długo. Nawet kursor myszki nie działa płynnie. Muzyka co chwilę spowalnia tempo i wyraźnie się tnie. Nie mam bladego pojęcia co mogło się stać. Wykluczam syf, bo mam ciągle włączonego antywira, ale wszystko przecież jest możliwe.

Combofix:

Kod: Zaznacz wszystko: ComboFix 09-10-19.04 - Tomek 2010-05-19 15:52.4.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.48.1045.18.2046.1528 [GMT 2:00] Uruchomiony z: c:\documents and settings\Tomek\Pulpit\Różne rzeczy\Programy\ComboFix.exe AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} . - TRYB ZREDUKOWANEJ FUNKCJONALNOŚCI - . ((((((((((((((((((((((((( Pliki utworzone od 2010-04-19 do 2010-05-19 ))))))))))))))))))))))))))))))) . 2010-05-19 08:57 . 2010-05-19 08:57 -------- d-----w- c:\program files\Pocket Tanks Deluxe 2010-05-18 12:59 . 2010-05-18 12:59 -------- d-----w- c:\program files\Common Files\DirectX 2010-05-18 12:49 . 2010-05-18 12:49 -------- d-----w- c:\program files\Max Soft 2010-05-18 11:09 . 2010-05-18 11:09 -------- d-----w- c:\program files\Pocket Tanks 2010-05-18 11:09 . 2010-05-18 11:09 -------- d-----w- c:\windows\Pocket Tanks 2010-05-15 11:51 . 2010-05-15 11:51 -------- d-----w- c:\documents and settings\Tomek\Dane aplikacji\Apple Computer 2010-05-13 13:04 . 2010-05-13 13:04 -------- d-----w- c:\documents and settings\Tomek\Dane aplikacji\GHISLER 2010-05-13 13:04 . 2010-05-13 13:04 -------- d-----w- C:\totalcmd 2010-05-13 13:04 . 2009-09-24 05:50 545 ----a-w- c:\windows\UC.PIF 2010-05-13 13:04 . 2009-09-24 05:50 545 ----a-w- c:\windows\RAR.PIF 2010-05-13 13:04 . 2009-09-24 05:50 545 ----a-w- c:\windows\PKZIP.PIF 2010-05-13 13:04 . 2009-09-24 05:50 545 ----a-w- c:\windows\PKUNZIP.PIF 2010-05-13 13:04 . 2009-09-24 05:50 545 ----a-w- c:\windows\NOCLOSE.PIF 2010-05-13 13:04 . 2009-09-24 05:50 545 ----a-w- c:\windows\LHA.PIF 2010-05-13 13:04 . 2009-09-24 05:50 545 ----a-w- c:\windows\ARJ.PIF 2010-05-12 17:20 . 2010-05-12 17:20 -------- d-----w- c:\program files\Xenocode 2010-05-12 17:20 . 2010-05-12 17:20 -------- d-----w- c:\documents and settings\Tomek\Ustawienia lokalne\Dane aplikacji\Xenocode 2010-05-12 17:20 . 2010-05-12 17:20 -------- d-----w- c:\windows\XSxS 2010-05-12 16:50 . 2010-05-12 16:51 -------- d-----w- c:\documents and settings\Tomek\Dane aplikacji\eXPert PDF 6 2010-05-12 13:57 . 2010-05-12 13:58 -------- d-----w- c:\program files\QuickTime 2010-05-12 13:57 . 2010-05-12 13:57 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Apple Computer 2010-05-12 13:56 . 2010-05-12 13:56 -------- d-----w- c:\program files\Common Files\Apple 2010-05-12 13:56 . 2010-05-12 13:56 -------- d-----w- c:\documents and settings\Tomek\Ustawienia lokalne\Dane aplikacji\Apple 2010-05-12 13:56 . 2010-05-12 13:56 -------- d-----w- c:\program files\Apple Software Update 2010-05-12 13:56 . 2010-05-12 13:56 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Apple 2010-05-12 13:56 . 2010-05-12 13:56 -------- d-----w- c:\documents and settings\Tomek\Ustawienia lokalne\Dane aplikacji\Apple Computer 2010-05-12 13:38 . 2010-05-12 13:52 -------- d-----w- c:\documents and settings\Tomek\Dane aplikacji\WebcamZoneTrigger 2010-05-12 13:37 . 2010-05-12 13:38 -------- d-----w- c:\program files\Webcam Zone Trigger 2 2010-05-11 17:03 . 2010-05-11 17:03 -------- d-----w- c:\documents and settings\Tomek\Dane aplikacji\Toolbar4 2010-05-11 17:03 . 2010-05-11 17:03 -------- d-----w- c:\program files\Splitcam Toolbar 2010-05-11 17:03 . 2010-05-11 17:03 -------- d-----w- c:\program files\AutocompletePro 2010-05-11 17:02 . 2010-05-11 17:02 13824 ----a-w- c:\windows\system32\drivers\splitcam.sys 2010-05-11 17:02 . 2010-05-14 09:09 -------- d-----w- c:\program files\SplitCam 2010-05-10 18:00 . 2010-05-10 18:00 -------- d-----w- c:\program files\Common Files\Skype 2010-05-10 18:00 . 2010-05-10 18:00 -------- d-----r- c:\program files\Skype 2010-05-09 11:47 . 2010-05-09 11:47 -------- d-----w- c:\documents and settings\Tomek\Dane aplikacji\Ventrilo 2010-05-09 11:47 . 2010-05-09 11:47 -------- d-----w- c:\program files\Ventrilo 2010-05-09 11:47 . 2010-05-09 11:47 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2010-05-07 19:52 . 2010-05-07 19:52 41872 ----a-w- c:\windows\system32\xfcodec.dll 2010-05-06 15:39 . 2010-05-06 15:39 -------- d-----w- c:\documents and settings\NetworkService\Dane aplikacji\Xfire Plus 2010-05-06 10:07 . 2005-05-18 08:55 32768 ----a-w- c:\windows\VMZoom.exe 2010-05-06 10:07 . 2005-05-18 08:54 24576 ----a-w- c:\windows\VMPipe.dll 2010-05-06 10:07 . 2000-10-31 10:00 307200 ----a-w- c:\windows\vidcap32.Exe 2010-05-06 10:07 . 2005-04-30 16:46 81920 ----a-w- c:\windows\system32\VM303STI.dll 2010-05-06 10:07 . 2005-06-23 09:13 61440 ----a-w- c:\windows\VM303_STI.EXE 2010-05-06 10:07 . 2005-05-02 14:45 53248 ----a-w- c:\windows\Sti303.exe 2010-05-06 10:07 . 2005-04-30 16:46 102400 ----a-w- c:\windows\VM303Cap.exe 2010-05-06 10:07 . 2005-05-03 13:51 176128 ----a-w- c:\windows\amcap.exe 2010-05-06 10:07 . 2010-05-06 10:07 -------- d-----w- c:\windows\EffectResources 2010-05-06 10:07 . 2010-05-06 10:07 -------- d-----w- c:\windows\CatRoot 2010-05-06 10:07 . 2010-05-06 10:07 -------- d-----w- c:\program files\Vimicro 2010-05-06 10:07 . 2005-07-14 10:59 389788 ----a-w- c:\windows\system32\drivers\usbVM303.sys 2010-05-06 10:05 . 2010-05-06 10:08 -------- d-----w- C:\VP-EYE 2010-05-04 14:46 . 2010-05-04 14:46 -------- d-----w- c:\program files\Windows Media Components 2010-05-04 14:45 . 2010-05-04 14:46 -------- d--h--w- c:\windows\msdownld.tmp 2010-05-04 14:45 . 2010-05-04 14:45 -------- d-----w- c:\windows\speech 2010-05-04 14:44 . 2003-02-10 13:07 77824 ----a-w- c:\windows\system32\eJ_Enumerator.dll 2010-05-04 14:44 . 2002-04-18 17:33 159744 ----a-w- c:\windows\system32\DartSock.dll 2010-05-04 14:44 . 2002-04-18 17:33 106496 ----a-w- c:\windows\system32\DartWeb.dll 2010-05-04 14:44 . 2002-05-24 13:10 29696 ----a-w- c:\windows\system32\pthread.dll 2010-05-04 14:44 . 2001-11-02 15:45 236032 ----a-w- c:\windows\system32\devil.dll 2010-05-04 14:44 . 2002-11-28 12:18 36864 ----a-w- c:\windows\system32\eJayWMExport.dll 2010-05-04 14:44 . 2010-05-04 14:44 -------- d-----w- C:\eJay 2010-05-04 14:44 . 2000-05-01 21:02 97280 ----a-w- c:\windows\system32\ccrpbds5.dll 2010-05-02 12:12 . 2010-05-02 12:12 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\TrackMania 2010-05-02 12:05 . 2010-05-02 12:08 -------- d-----w- c:\program files\TmNationsForever 2010-04-28 07:38 . 2010-04-29 14:47 -------- d-----w- c:\documents and settings\Tomek\Dane aplikacji\TeraCopy 2010-04-27 11:26 . 2010-04-12 15:29 411368 ----a-w- c:\windows\system32\deployJava1.dll 2010-04-26 14:21 . 2010-04-27 08:45 287 ----a-w- c:\windows\EReg072.dat 2010-04-26 14:20 . 2010-04-26 14:20 -------- d-----w- c:\program files\Electronic Arts 2010-04-25 09:50 . 2010-04-25 09:50 -------- d-----w- c:\program files\directx 2010-04-23 08:16 . 2010-04-23 08:16 -------- d-----w- c:\temp\Snapshot 2010-04-23 08:16 . 2010-04-23 08:16 -------- d-----w- c:\program files\Nidesoft Studio 2010-04-23 08:09 . 2010-04-23 08:09 -------- d-----w- c:\documents and settings\Tomek\Dane aplikacji\AnvSoft 2010-04-22 17:21 . 2010-04-22 17:21 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\GoldWave 2010-04-22 15:12 . 2010-04-22 15:12 -------- d-----w- C:\tmpDownload 2010-04-22 15:12 . 2010-05-18 13:04 -------- d-----w- C:\YouTubeGet . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-05-19 13:47 . 2009-07-29 10:18 -------- d-----w- c:\program files\neostrada tp 2010-05-18 13:16 . 2009-08-20 20:27 -------- d-----w- c:\documents and settings\Tomek\Dane aplikacji\Skype 2010-05-18 12:19 . 2009-08-20 20:27 -------- d-----w- c:\documents and settings\Tomek\Dane aplikacji\skypePM 2010-05-17 18:58 . 2009-08-02 10:33 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Soulseek 2010-05-17 17:40 . 2009-07-30 08:00 -------- d-----w- c:\documents and settings\Tomek\Dane aplikacji\Tlen.pl 2010-05-17 10:55 . 2010-04-12 16:19 -------- d-----w- c:\program files\Gadu-Gadu 10 2010-05-16 13:21 . 2009-08-10 09:49 -------- d-----w- c:\documents and settings\Tomek\Dane aplikacji\uTorrent 2010-05-15 08:01 . 2009-08-01 10:33 -------- d-----w- c:\program files\Google 2010-05-13 09:02 . 2009-10-21 18:05 -------- d-----w- c:\documents and settings\Tomek\Dane aplikacji\GanymedeNet 2010-05-11 18:13 . 2010-02-15 11:27 -------- d-----w- c:\documents and settings\Tomek\Dane aplikacji\Xfire 2010-05-11 17:02 . 2009-07-29 10:08 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-05-11 13:36 . 2009-10-21 18:05 -------- d-----w- c:\program files\Ganymede 2010-05-11 09:04 . 2010-02-15 11:27 -------- d-----w- c:\program files\Xfire 2010-05-11 08:06 . 2009-10-28 18:57 -------- d-----w- c:\program files\MilkyTracker 2010-05-10 18:00 . 2009-08-20 20:27 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Skype 2010-05-10 08:09 . 2009-11-05 18:18 -------- d-----w- c:\program files\lbreakout2 2010-05-09 19:08 . 2010-02-25 10:24 -------- d-----w- c:\program files\Teamspeak2_RC2 2010-05-06 10:06 . 2009-07-29 10:08 -------- d-----w- c:\program files\Common Files\InstallShield 2010-05-02 12:33 . 2010-02-20 16:29 -------- d-----w- c:\program files\MP3Gain 2010-05-02 09:07 . 2009-08-03 12:00 -------- d-----w- c:\program files\VstPlugins 2010-04-28 13:35 . 2010-02-14 19:04 -------- d-----w- c:\program files\Gore 2010-04-27 11:26 . 2009-07-29 10:19 -------- d-----w- c:\program files\Java 2010-04-25 09:49 . 2010-03-15 08:32 -------- d-----w- c:\program files\Rockstar Games 2010-04-12 16:19 . 2010-04-12 16:19 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Gadu-Gadu 10 2010-04-12 16:19 . 2010-04-12 16:19 -------- d-----w- c:\documents and settings\Tomek\Dane aplikacji\Gadu-Gadu 10 2010-04-12 16:19 . 2009-08-04 12:47 -------- d-----w- c:\program files\Nowe Gadu-Gadu 2010-04-10 15:40 . 2010-04-10 15:40 -------- d-----w- c:\documents and settings\LocalService\Dane aplikacji\Xfire Plus 2010-04-09 07:24 . 2010-04-09 07:24 -------- d-----w- c:\program files\microsoft frontpage 2010-04-09 07:19 . 2009-10-27 13:27 -------- d-----w- c:\program files\Cheat Engine 2010-04-08 13:52 . 2010-04-08 13:52 -------- d-----w- c:\program files\Z8Games 2010-04-07 17:15 . 2010-04-07 17:15 -------- d-----w- c:\documents and settings\Tomek\Dane aplikacji\Xfire Plus 2010-04-07 17:15 . 2010-04-07 17:15 -------- d-----w- c:\program files\Xfire Plus 2010-04-07 17:12 . 2010-04-07 17:12 -------- d-----w- c:\program files\Common Files\Java 2010-04-07 08:35 . 2010-04-07 08:35 -------- d-----w- c:\documents and settings\Tomek\Dane aplikacji\FastStone 2010-04-06 08:37 . 2010-04-06 08:37 -------- d-----w- c:\program files\GoldWave 2010-04-05 15:12 . 2009-07-30 07:48 -------- d-----w- c:\program files\Winamp 2010-04-04 19:03 . 2010-01-04 19:53 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\OpenFM 2010-04-04 19:01 . 2009-08-04 12:47 -------- d-----w- c:\documents and settings\Tomek\Dane aplikacji\Nowe Gadu-Gadu 2010-03-30 09:19 . 2010-03-28 19:30 -------- d-----w- c:\program files\All2WAV Recorder 2010-03-28 19:21 . 2001-10-26 18:15 83880 ----a-w- c:\windows\system32\perfc015.dat 2010-03-28 19:21 . 2001-10-26 18:15 490628 ----a-w- c:\windows\system32\perfh015.dat 2010-03-25 12:29 . 2010-03-25 12:29 574 ----a-w- c:\windows\eReg.dat 2010-03-25 12:28 . 2010-03-25 12:28 -------- d-----w- c:\program files\EACOM 2010-03-25 12:28 . 2009-08-11 22:14 -------- d-----w- c:\program files\EA SPORTS 2010-03-15 09:47 . 2010-03-15 09:47 98304 ----a-w- c:\windows\system32\CmdLineExt.dll 2010-02-27 14:49 . 2009-08-01 20:10 15048 ----a-w- c:\documents and settings\Tomek\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT . ((((((((((((((((((((((((((((( SnapShot@2010-04-09_07.20.01 ))))))))))))))))))))))))))))))))))))))))) . + 2009-07-11 18:54 . 2009-07-11 18:54 65536 c:\windows\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e79c4723\vcomp.dll + 2009-07-11 18:32 . 2009-07-11 18:32 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80KOR.dll + 2009-07-11 18:32 . 2009-07-11 18:32 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80JPN.dll + 2009-07-11 18:32 . 2009-07-11 18:32 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80ITA.dll + 2009-07-11 18:32 . 2009-07-11 18:32 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80FRA.dll + 2009-07-11 18:32 . 2009-07-11 18:32 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80ESP.dll + 2009-07-11 18:32 . 2009-07-11 18:32 57344 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80ENU.dll + 2009-07-11 18:32 . 2009-07-11 18:32 65536 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80DEU.dll + 2009-07-11 18:32 . 2009-07-11 18:32 45056 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80CHT.dll + 2009-07-11 18:32 . 2009-07-11 18:32 40960 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80CHS.dll + 2009-07-11 23:07 . 2009-07-11 23:07 57856 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfcm80u.dll + 2009-07-11 23:19 . 2009-07-11 23:19 69632 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfcm80.dll + 2009-07-11 17:41 . 2009-07-11 17:41 97280 c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_473666fd\ATL80.dll + 2001-05-01 15:04 . 2001-05-01 15:04 66048 c:\windows\system32\WMErrENU.dll + 2010-05-06 10:12 . 2006-09-13 16:18 54784 c:\windows\system32\vfwwdm32.dll + 2006-09-13 16:32 . 2009-03-21 13:58 56880 c:\windows\system32\scvideo.dll + 2009-07-30 09:56 . 2010-04-15 13:29 84661 c:\windows\system32\Macromed\Flash\uninstall_plugin.exe - 2009-07-30 09:56 . 2009-07-30 09:56 84661 c:\windows\system32\Macromed\Flash\uninstall_plugin.exe + 2010-05-06 10:12 . 2006-09-13 16:18 19328 c:\windows\system32\drivers\WSTCODEC.SYS + 2010-05-06 10:12 . 2006-09-13 16:18 15360 c:\windows\system32\drivers\StreamIP.sys + 2010-05-06 10:12 . 2006-09-13 16:18 11136 c:\windows\system32\drivers\SLIP.sys + 2010-05-06 10:12 . 2006-09-13 16:18 10880 c:\windows\system32\drivers\NdisIP.sys + 2010-05-06 10:12 . 2006-09-13 16:19 85376 c:\windows\system32\drivers\NABTSFEC.sys + 2010-05-06 10:12 . 2006-09-13 16:18 17024 c:\windows\system32\drivers\CCDECODE.sys + 2010-05-06 10:12 . 2006-09-13 16:18 19328 c:\windows\system32\DllCache\wstcodec.sys + 2010-05-06 10:12 . 2006-09-13 16:18 54784 c:\windows\system32\DllCache\vfwwdm32.dll + 2010-05-06 10:12 . 2006-09-13 16:18 15360 c:\windows\system32\DllCache\streamip.sys + 2006-09-13 18:18 . 2006-09-13 16:18 48640 c:\windows\system32\DllCache\stream.sys + 2010-05-06 10:12 . 2006-09-13 16:18 11136 c:\windows\system32\DllCache\slip.sys + 2010-05-06 10:12 . 2006-09-13 16:18 10880 c:\windows\system32\DllCache\ndisip.sys + 2010-05-06 10:12 . 2006-09-13 16:19 85376 c:\windows\system32\DllCache\nabtsfec.sys - 2009-11-27 17:11 . 2009-11-27 17:11 17920 c:\windows\system32\DllCache\msyuv.dll + 2006-09-13 18:18 . 2009-11-27 17:11 17920 c:\windows\system32\DllCache\msyuv.dll + 2006-09-13 18:18 . 2009-11-27 16:40 48128 c:\windows\system32\DllCache\iyuv_32.dll - 2009-11-27 16:40 . 2009-11-27 16:40 48128 c:\windows\system32\DllCache\iyuv_32.dll + 2010-05-06 10:12 . 2006-09-13 16:18 17024 c:\windows\system32\DllCache\ccdecode.sys + 1999-08-09 12:39 . 2001-03-02 18:52 15360 c:\windows\system32\asfsipc.dll + 1999-01-12 09:35 . 1999-01-12 09:35 53760 c:\windows\speech\WrapSAPI.dll + 2002-04-03 05:50 . 2002-04-03 05:50 57344 c:\windows\rmvpeye.exe + 2010-04-08 18:41 . 2009-10-25 04:11 77312 c:\windows\MBR.exe + 2010-05-15 08:01 . 2010-05-15 08:01 25214 c:\windows\Installer\{F7B0939E-58DF-11DF-B3A6-005056806466}\UNINST_Uninstall_G_F6A848FB884248E6A4CDCBDCF41F6A74_1.exe + 2010-05-15 08:01 . 2010-05-15 08:01 25214 c:\windows\Installer\{F7B0939E-58DF-11DF-B3A6-005056806466}\UNINST_Uninstall_G_F6A848FB884248E6A4CDCBDCF41F6A74.exe + 2010-05-15 08:01 . 2010-05-15 08:01 25214 c:\windows\Installer\{F7B0939E-58DF-11DF-B3A6-005056806466}\ShortcutOGL_EB071909B9884F8CBF3D6115D4ADEE5E.exe + 2010-05-15 08:01 . 2010-05-15 08:01 25214 c:\windows\Installer\{F7B0939E-58DF-11DF-B3A6-005056806466}\ShortcutDX_EB071909B9884F8CBF3D6115D4ADEE5E.exe + 2010-05-15 08:01 . 2010-05-15 08:01 25214 c:\windows\Installer\{F7B0939E-58DF-11DF-B3A6-005056806466}\googleearth.exe1_F6A848FB884248E6A4CDCBDCF41F6A74.exe + 2010-05-15 08:01 . 2010-05-15 08:01 25214 c:\windows\Installer\{F7B0939E-58DF-11DF-B3A6-005056806466}\googleearth.exe_F6A848FB884248E6A4CDCBDCF41F6A74.exe + 2010-05-15 08:01 . 2010-05-15 08:01 25214 c:\windows\Installer\{F7B0939E-58DF-11DF-B3A6-005056806466}\ARPPRODUCTICON.exe + 2010-05-12 13:56 . 2010-05-12 13:56 27136 c:\windows\Installer\{6956856F-B6B3-4BE0-BA0B-8F495BE32033}\AppleSoftwareUpdateIco.exe + 2010-04-12 18:59 . 2010-04-12 18:59 25214 c:\windows\Installer\{08C0729E-3E50-11DF-9D81-005056806466}\UNINST_Uninstall_G_F6A848FB884248E6A4CDCBDCF41F6A74_1.exe + 2010-05-06 10:07 . 2004-05-19 14:38 25600 c:\windows\EffectResources\VM0303\borlndmm.dll + 2010-05-06 10:07 . 2002-07-25 15:13 24576 c:\windows\Downloaded Program Files\dwusplay.dll + 2010-05-02 12:08 . 2010-05-02 12:08 12800 c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll - 2009-08-24 10:02 . 2009-08-24 10:02 12800 c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll + 2010-05-02 12:08 . 2010-05-02 12:08 53248 c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll - 2009-08-24 10:02 . 2009-08-24 10:02 53248 c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll + 2001-03-02 18:52 . 2001-03-02 18:52 8704 c:\windows\system32\npwmsdrm.dll + 2010-05-06 10:12 . 2006-09-13 16:19 5504 c:\windows\system32\drivers\MSTEE.sys + 2006-09-13 18:18 . 2009-11-27 16:40 8704 c:\windows\system32\DllCache\tsbyuv.dll - 2009-11-27 16:40 . 2009-11-27 16:40 8704 c:\windows\system32\DllCache\tsbyuv.dll + 2010-05-06 10:12 . 2006-09-13 16:19 5504 c:\windows\system32\DllCache\mstee.sys + 1999-01-12 09:39 . 1999-01-12 09:39 6656 c:\windows\delttsul.exe + 2009-07-11 23:12 . 2009-07-11 23:12 632656 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll + 2009-07-11 23:09 . 2009-07-11 23:09 554832 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcp80.dll + 2009-07-11 23:08 . 2009-07-11 23:08 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcm80.dll - 2009-10-12 13:20 . 1996-11-05 14:13 299008 c:\windows\uninst.exe + 2009-10-12 13:20 . 1998-05-01 11:39 299008 c:\windows\uninst.exe + 2001-05-09 14:50 . 2001-05-09 14:50 446464 c:\windows\system32\wmvdmoe.dll + 2001-05-09 14:47 . 2001-05-09 14:47 466944 c:\windows\system32\wmv8dmoe.dll + 2001-05-09 15:40 . 2001-05-09 15:40 309584 c:\windows\system32\wmv8dmod.dll + 2010-05-12 17:25 . 2005-06-25 11:16 480256 c:\windows\system32\spool\drivers\w32x86\3\PSCRIPT5.DLL + 2010-05-12 17:25 . 2005-06-25 11:16 138240 c:\windows\system32\spool\drivers\w32x86\3\PS5UI.DLL + 2006-09-13 18:19 . 2006-09-13 16:19 294912 c:\windows\system32\msh263.drv - 2006-09-13 18:19 . 2006-09-13 17:13 294912 c:\windows\system32\msh263.drv + 2010-01-27 01:07 . 2010-01-27 01:07 256280 c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe + 2010-04-27 11:26 . 2010-04-12 15:29 153376 c:\windows\system32\javaws.exe - 2010-04-07 17:12 . 2010-03-09 02:28 153376 c:\windows\system32\javaws.exe + 2010-04-27 11:26 . 2010-04-12 15:29 145184 c:\windows\system32\javaw.exe - 2010-04-07 17:12 . 2010-03-09 02:28 145184 c:\windows\system32\javaw.exe - 2010-04-07 17:12 . 2010-03-09 02:28 145184 c:\windows\system32\java.exe + 2010-04-27 11:26 . 2010-04-12 15:29 145184 c:\windows\system32\java.exe + 2006-09-13 18:19 . 2006-09-13 16:19 140928 c:\windows\system32\DllCache\ks.sys + 1999-01-12 13:19 . 1999-01-12 13:19 195584 c:\windows\speech\Xvoice.dll + 1999-01-12 13:19 . 1999-01-12 13:19 203776 c:\windows\speech\XTel.Dll + 1999-01-12 13:19 . 1999-01-12 13:19 208896 c:\windows\speech\Xlisten.dll + 1999-01-12 13:19 . 1999-01-12 13:19 128000 c:\windows\speech\Xcommand.dll + 1999-01-12 13:19 . 1999-01-12 13:19 173056 c:\windows\speech\VText.dll + 1999-01-12 13:19 . 1999-01-12 13:19 179712 c:\windows\speech\Vdict.dll + 1999-01-12 13:19 . 1999-01-12 13:19 156160 c:\windows\speech\vcmshl.dll + 1999-01-12 13:09 . 1999-01-12 13:09 380928 c:\windows\speech\vcmd.exe + 1999-01-12 13:19 . 1999-01-12 13:19 562176 c:\windows\speech\speech.dll + 1999-01-12 13:19 . 1999-01-12 13:19 248832 c:\windows\speech\spchtel.dll + 2010-05-18 11:09 . 2010-05-18 11:09 472576 c:\windows\Pocket Tanks\uninstall.exe + 2000-05-07 03:47 . 2000-05-07 03:47 102400 c:\windows\mmvem.exe + 2001-06-24 09:32 . 2001-06-24 09:32 172032 c:\windows\japi2.dll + 2002-05-28 01:52 . 2002-05-28 01:52 106496 c:\windows\japi.dll + 2010-04-12 16:20 . 2010-04-12 16:20 424960 c:\windows\Installer\fb70ce.msi + 2010-05-09 11:47 . 2010-05-09 11:47 683520 c:\windows\Installer\72bd2e.msi + 2010-05-12 13:57 . 2010-05-12 13:57 791552 c:\windows\Installer\352477.msi + 2010-05-10 18:00 . 2010-05-10 18:00 371272 c:\windows\Installer\{D103C4BA-F905-437A-8049-DB24763BBE36}\SkypeIcon.exe + 2010-05-06 10:07 . 2005-06-22 11:52 612352 c:\windows\EffectResources\VM0303\FrameWizard.exe + 2010-05-06 10:07 . 2002-07-25 15:05 172032 c:\windows\Downloaded Program Files\isusweb.dll + 2010-05-06 10:07 . 2002-07-25 15:13 196608 c:\windows\Downloaded Program Files\dwusplay.exe - 2009-08-24 10:02 . 2009-08-24 10:02 223232 c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll + 2010-05-02 12:08 . 2010-05-02 12:08 223232 c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll - 2009-08-24 10:02 . 2009-08-24 10:02 178176 c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll + 2010-05-02 12:09 . 2010-05-02 12:09 178176 c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll + 2010-05-02 12:09 . 2010-05-02 12:09 364544 c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll - 2009-08-24 10:02 . 2009-08-24 10:02 364544 c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll + 2010-05-02 12:09 . 2010-05-02 12:09 159232 c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll - 2009-08-24 10:02 . 2009-08-24 10:02 159232 c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll - 2009-08-24 10:02 . 2009-08-24 10:02 145920 c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll + 2010-05-02 12:08 . 2010-05-02 12:08 145920 c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll - 2009-08-24 10:02 . 2009-08-24 10:02 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll + 2010-05-02 12:08 . 2010-05-02 12:08 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll - 2009-08-24 10:02 . 2009-08-24 10:02 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll + 2010-05-02 12:08 . 2010-05-02 12:08 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll + 2010-05-02 12:08 . 2010-05-02 12:08 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll - 2009-08-24 10:02 . 2009-08-24 10:02 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll + 2010-05-02 12:08 . 2010-05-02 12:08 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll - 2009-08-24 10:02 . 2009-08-24 10:02 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll + 2010-05-02 12:08 . 2010-05-02 12:08 577024 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll - 2009-08-24 10:02 . 2009-08-24 10:02 577024 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll - 2009-08-24 10:02 . 2009-08-24 10:02 576000 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll + 2010-05-02 12:08 . 2010-05-02 12:08 576000 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll + 2010-05-02 12:08 . 2010-05-02 12:08 567296 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll - 2009-08-24 10:02 . 2009-08-24 10:02 567296 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll + 2010-05-02 12:08 . 2010-05-02 12:08 563712 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll - 2009-08-24 10:02 . 2009-08-24 10:02 563712 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll - 2009-08-24 10:02 . 2009-08-24 10:02 473600 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll + 2010-05-02 12:08 . 2010-05-02 12:08 473600 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll + 2009-07-11 18:46 . 2009-07-11 18:46 1093120 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfc80u.dll + 2009-07-11 18:46 . 2009-07-11 18:46 1105920 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfc80.dll + 2001-10-26 19:29 . 2002-10-30 15:23 1355776 c:\windows\system32\Msvbvm50.dll - 2001-10-26 19:29 . 2001-10-26 19:29 1355776 c:\windows\system32\msvbvm50.dll + 2010-01-27 01:07 . 2010-01-27 01:07 3884312 c:\windows\system32\Macromed\Flash\NPSWF32.dll + 2010-05-10 18:00 . 2010-05-10 18:00 1575936 c:\windows\Installer\38f9d4.msi + 2010-05-12 13:57 . 2010-05-12 13:57 9472000 c:\windows\Installer\35247b.msi + 2010-05-12 13:56 . 2010-05-12 13:56 1549312 c:\windows\Installer\352472.msi + 2010-05-15 08:01 . 2010-05-15 08:01 1235968 c:\windows\Installer\12eb60.msi + 2010-05-06 10:07 . 2004-05-19 14:38 1496064 c:\windows\EffectResources\VM0303\cc3250mt.dll - 2009-08-24 10:02 . 2009-08-24 10:02 2846720 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll + 2010-05-02 12:08 . 2010-05-02 12:08 2846720 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll + 2010-05-02 12:08 . 2010-05-02 12:08 2676224 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll - 2009-08-24 10:02 . 2009-08-24 10:02 2676224 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll . -- Migawka wyzerowana -- . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0FB6A909-6086-458F-BD92-1F8EE10042A0}] 2010-05-10 08:05 97760 ----a-w- c:\program files\AutocompletePro\AutocompletePro.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{338B4DFE-2E2C-4338-9E41-E176D497299E}"= "c:\program files\Splitcam Toolbar\tbcore3.dll" [2010-02-16 2495488] [HKEY_CLASSES_ROOT\clsid\{338b4dfe-2e2c-4338-9e41-e176d497299e}] [HKEY_CLASSES_ROOT\SMTTB2009.SMTTB2009.3] [HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}] [HKEY_CLASSES_ROOT\SMTTB2009.SMTTB2009] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{338B4DFE-2E2C-4338-9E41-E176D497299E}"= "c:\program files\Splitcam Toolbar\tbcore3.dll" [2010-02-16 2495488] [HKEY_CLASSES_ROOT\clsid\{338b4dfe-2e2c-4338-9e41-e176d497299e}] [HKEY_CLASSES_ROOT\SMTTB2009.SMTTB2009.3] [HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}] [HKEY_CLASSES_ROOT\SMTTB2009.SMTTB2009] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "c:\program files\NetMeter\NetMeter.exe"="c:\program files\NetMeter\NetMeter.exe" [2007-08-11 331264] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656] "Paseczek"="c:\program files\Paseczek\Paseczek.exe" [2008-03-07 1616384] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-08-01 39408] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-04-19 7700480] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-04-19 86016] "WOOWATCH"="c:\progra~1\NEOSTR~1\Watch.exe" [2004-08-23 20480] "WOOTASKBARICON"="c:\progra~1\NEOSTR~1\GestMaj.exe" [2004-10-14 32768] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 49152] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888] "RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-09-19 16844800] "nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2007-04-19 1626112] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360] c:\documents and settings\All Users\Menu Start\Programy\Autostart\ find11.exe [2006-6-25 195461] frame11.exe [2006-6-25 195461] pbnsxfs.exe [2006-6-25 195461] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\windows\system32\wbsys.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Tlen.pl\\tlen.exe"= "c:\\Program Files\\SoulseekNS\\slsk.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Real Alternative\\Media Player Classic\\mplayerc.exe"= "c:\\Program Files\\VirtualDJ\\virtualdj.exe"= "c:\\Program Files\\Xfire\\Xfire.exe"= "c:\\Program Files\\Gadu-Gadu 10\\gg.exe"= "c:\\Program Files\\TmNationsForever\\TmForever.exe"= "c:\\Program Files\\Ventrilo\\Ventrilo.exe"= "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= "c:\\Program Files\\Webcam Zone Trigger 2\\ZoneTrigger.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-07-30 108289] R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [2009-10-29 1074568] R3 e4usbaw;USB ADSL2 WAN Adapter;c:\windows\system32\drivers\e4usbaw.sys [2009-07-29 116992] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-12-22 135664] S2 IKANLOADER2;General Purpose USB Driver (e4ldr.sys);c:\windows\system32\drivers\e4ldr.sys [2009-07-29 64000] S3 XDva341;XDva341;\??\c:\windows\system32\XDva341.sys --> c:\windows\system32\XDva341.sys [?] S3 XDva342;XDva342;\??\c:\windows\system32\XDva342.sys --> c:\windows\system32\XDva342.sys [?] S3 XDva343;XDva343;\??\c:\windows\system32\XDva343.sys --> c:\windows\system32\XDva343.sys [?] S3 XDva344;XDva344;\??\c:\windows\system32\XDva344.sys --> c:\windows\system32\XDva344.sys [?] S3 XDva345;XDva345;\??\c:\windows\system32\XDva345.sys --> c:\windows\system32\XDva345.sys [?] S3 XDva346;XDva346;\??\c:\windows\system32\XDva346.sys --> c:\windows\system32\XDva346.sys [?] S3 XDva347;XDva347;\??\c:\windows\system32\XDva347.sys --> c:\windows\system32\XDva347.sys [?] S3 XDva348;XDva348;\??\c:\windows\system32\XDva348.sys --> c:\windows\system32\XDva348.sys [?] S3 XDva349;XDva349;\??\c:\windows\system32\XDva349.sys --> c:\windows\system32\XDva349.sys [?] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1717f162-3594-11df-9a9d-4d6564696130}] \Shell\AutoRun\command - E:\husyu8n.exe \Shell\open\Command - E:\husyu8n.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{271ecfe1-7c67-11de-bad1-001d7dd23fd1}] \Shell\AutoRun\command - E:\husyu8n.exe \Shell\open\Command - E:\husyu8n.exe . Zawartość folderu 'Zaplanowane zadania' 2010-05-19 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-08-01 10:33] 2010-05-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-12-22 09:24] 2010-05-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-12-22 09:24] 2010-05-19 c:\windows\Tasks\WGASetup.job - c:\windows\system32\KB905474\wgasetup.exe [2009-08-09 20:18] . . ------- Skan uzupełniający ------- . uStart Page = about:blank uSearch Page = hxxp://www.google.com uSearch Bar = hxxp://www.google.com/ie mStart Page = hxxp://www.bigseekpro.com/splitcam/{B1F65924-1433-4C0A-A44C-BE4640214A88} uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: &Save Flash In This Page by Flash Saver - c:\progra~1\FLASHS~1\save.htm IE: { - c:\program files\Messenger\msmsgs.exe . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-05-19 15:54 Windows 5.1.2600 Dodatek Service Pack 2 NTFS skanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ... skanowanie pomyślnie ukończone ukryte pliki: 0 ************************************************************************** . --------------------- Pliki DLL ładowane pod uruchomionymi procesami --------------------- - - - - - - - > 'explorer.exe'(3912) c:\program files\Paseczek\AppBarGuard.dll c:\windows\system32\browselc.dll c:\windows\system32\ODBC32.dll c:\progra~1\NEOSTR~1\Inactivity.dll . Czas ukończenia: 2010-05-19 16:00 ComboFix-quarantined-files.txt 2010-05-19 13:59 ComboFix2.txt 2010-04-11 15:45 ComboFix3.txt 2010-04-09 07:21 Przed: 7 724 847 104 bajtów wolnych Po: 7 789 871 104 bajtów wolnych - - End Of File - - 0941C593E6465650BE84F979B41D4139

Gmer:

Kod: Zaznacz wszystko: GMER 1.0.15.15281 - http://www.gmer.net Rootkit scan 2010-05-19 18:28:54 Windows 5.1.2600 Dodatek Service Pack 2 Running: d1rebifq.exe; Driver: C:\DOCUME~1\Tomek\USTAWI~1\Temp\fwroypog.sys ---- System - GMER 1.0.15 ---- SSDT BAF288FE ZwCreateKey SSDT BAF288F4 ZwCreateThread SSDT BAF28903 ZwDeleteKey SSDT BAF2890D ZwDeleteValueKey SSDT BAF28912 ZwLoadKey SSDT BAF288E0 ZwOpenProcess SSDT BAF288E5 ZwOpenThread SSDT BAF2891C ZwReplaceKey SSDT BAF28917 ZwRestoreKey SSDT BAF28908 ZwSetValueKey SSDT BAF288EF ZwTerminateProcess ---- Kernel code sections - GMER 1.0.15 ---- .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xBA1D6360, 0x24CB9D, 0xE8000020] ---- Services - GMER 1.0.15 ---- Service C:\WINDOWS\system32\svchost.exe (*** hidden *** ) [AUTO] BITS <-- ROOTKIT !!! ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x38 0x8C 0xEC 0x63 ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x1B 0xF1 0x98 0xEC ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x68 0xBB 0x4F 0xCD ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x44 0x6F 0x1C 0x7D ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2@hdf12 0x7F 0x98 0x15 0x2D ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xAC 0x8E 0x3E 0x3F ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xD9 0xF2 0x23 0x75 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xC4 0xF3 0xBB 0x34 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x67 0x24 0x28 0x87 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2@hdf12 0xF2 0x8A 0x1C 0xDB ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xAC 0x8E 0x3E 0x3F ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xD9 0xF2 0x23 0x75 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xC4 0xF3 0xBB 0x34 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x67 0x24 0x28 0x87 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2@hdf12 0xF2 0x8A 0x1C 0xDB ... Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\89\Shell@MinPos1024x768(1).x -32000 Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\89\Shell@MinPos1024x768(1).y -32028 Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\89\Shell@WinPos1024x768(1).left 138 Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\89\Shell@WinPos1024x768(1).top 117 Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\89\Shell@WinPos1024x768(1).right 906 Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\89\Shell@WinPos1024x768(1).bottom 647 Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\89\Shell@WFlags 0 Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\89\Shell@ShowCmd 1 Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\89\Shell@ScrollPos1024x768(1).y 2

gmer jeszcze skanuje, ale raczej nic więcej nie znajdzie. Przeskanowałem antywirusem, ale te skanowanie dysku to była porażka. Ponad 70% dysku skanowało ponad 4 godziny. Wielokrotnie większą ilość danych skanowało w mniej niż 30 minut. Musiałbym czekać rok zanim by zeskanowało wszystko ;-)

Liczę na Waszą pomoc.

**Posty:** 18165 · przez **wojtas** 19 Maj 2010, 18:46

według obowiązkowych zasad w dziale bezpieczeństwo nie używamy Combofixa jako startowy program

Po drugie został użyty stara wersja Combo. Proszę zastosować się do obowiązkowych zasad w dziale bezpieczeństwo . Wstaw log z Gmera tylko przed tworzeniem usuń programy emulujące + sptd.sys + 2 logi z OTL

**Posty:** 1850 · przez **Tomaszu** 21 Maj 2010, 09:08

GMER - niestety cały nie został przeskanowany, bo robi to niemiłosiernie długo. Wczoraj skanowało ponad 2 godziny i niestety musiałem wyłączyć kompa..

http://wklej.org/id/337662/
Otl
http://wklej.org/id/337663/
Extras
http://wklej.org/id/337664/

Nie da się normalnie korzystać z tego kompa, nie mam pojęcia co sie stało.

**Posty:** 18165 · przez **wojtas** 21 Maj 2010, 17:56

Uruchom OTL i w oknie Custom Scans/Fixes wklej :

:OTL
O2 - BHO: (SMTTB2009 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Splitcam Toolbar\tbcore3.dll ()
O2 - BHO: (My Global Search Bar BHO) - {37B85A21-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL File not found
O3 - HKLM\..\Toolbar: (My Global Search Bar) - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL File not found
O3 - HKU\S-1-5-21-1491950412-2009852829-4049741679-1003\..\Toolbar\WebBrowser: (Splitcam Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files\Splitcam Toolbar\tbcore3.dll ()
O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\find11.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\frame11.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\pbnsxfs.exe ()
O33 - MountPoints2\{1717f162-3594-11df-9a9d-4d6564696130}\Shell\AutoRun\command - "" = E:\husyu8n.exe -- File not found
O33 - MountPoints2\{1717f162-3594-11df-9a9d-4d6564696130}\Shell\open\Command - "" = E:\husyu8n.exe -- File not found
O33 - MountPoints2\{271ecfe1-7c67-11de-bad1-001d7dd23fd1}\Shell\AutoRun\command - "" = E:\husyu8n.exe -- File not found
O33 - MountPoints2\{271ecfe1-7c67-11de-bad1-001d7dd23fd1}\Shell\open\Command - "" = E:\husyu8n.exe -- File not found

:Files
C:\Program Files\MyGlobalSearch
C:\Documents and Settings\Tomek\Dane aplikacji\Toolbar4
C:\Program Files\Splitcam Toolbar

:Reg
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2]

:Commands
[emptytemp]
[clearallrestorepoints]

Kliknij w Run Fix. I potwierdź reset komputera .

Następnie uruchamiasz OTL z opcją Run Scan. Pokazujesz nowy log OTL.txt oraz raport z czyszczenia komputera

**Posty:** 4 · przez **kasper486** 21 Maj 2010, 18:11

Witam

Posiadam podobny problem jak poprzednicy,komputer działa wolną czesto staje.Przy wlaczeniu windowsa wyskakuje uciążliwy błąd exception processing message.Prosze o pomoc nie wiem jak sie ztym uporac format nie pomaga.

Oto logi:

Kod: Zaznacz wszystko: COMBOFIX ComboFix 10-05-20.A0 - PAWEŁ 2010-05-21 17:44:50.3.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1250.48.1045.18.1023.640 [GMT 2:00] Uruchomiony z: c:\documents and settings\PAWEŁ\Moje dokumenty\Pobieranie\ComboFix.exe * Rezydentny antywirus jest aktywny . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . . ((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_ABP470N5 -------\Service_abp470n5 ((((((((((((((((((((((((( Pliki utworzone od 2010-04-21 do 2010-05-21 ))))))))))))))))))))))))))))))) . 2010-05-21 09:50 . 2010-05-21 09:50 -------- d-----w- C:\9c1cbe73d66dafd73a22bce5f6 2010-05-21 09:50 . 2010-05-21 09:50 -------- d-----w- C:\12c32cd02f8917b0068a2c 2010-05-21 07:04 . 2010-05-21 07:04 -------- d-----w- c:\documents and settings\NetworkService\Ustawienia lokalne\Dane aplikacji\ESET 2010-05-21 06:53 . 2010-05-21 06:53 -------- d-----w- c:\program files\ESET 2010-05-21 06:53 . 2010-05-21 06:53 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\ESET 2010-05-21 04:50 . 2010-05-21 04:50 -------- d-----w- c:\program files\MSXML 4.0 2010-05-20 20:17 . 2010-05-20 20:17 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\ACD Systems 2010-05-20 20:17 . 2010-05-20 20:17 -------- d-----w- c:\program files\Common Files\ACD Systems 2010-05-20 20:17 . 2010-05-20 20:17 -------- d-----w- c:\program files\ACD Systems 2010-05-20 20:16 . 2010-02-04 08:01 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll 2010-05-20 20:16 . 2010-02-04 08:01 528216 ----a-w- c:\windows\system32\XAudio2_6.dll 2010-05-20 20:16 . 2010-02-04 08:01 238936 ----a-w- c:\windows\system32\xactengine3_6.dll 2010-05-20 20:16 . 2010-02-04 08:01 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll 2010-05-20 20:16 . 2009-09-04 15:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll 2010-05-20 20:16 . 2009-09-04 15:44 238936 ----a-w- c:\windows\system32\xactengine3_5.dll 2010-05-20 20:16 . 2009-09-04 15:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll 2010-05-20 20:16 . 2009-09-04 15:29 235344 ----a-w- c:\windows\system32\d3dx11_42.dll 2010-05-20 20:16 . 2009-09-04 15:29 5501792 ----a-w- c:\windows\system32\d3dcsx_42.dll 2010-05-20 20:16 . 2009-09-04 15:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll 2010-05-20 20:15 . 2010-05-21 07:27 -------- d-----w- C:\w`1ww 2010-05-20 20:02 . 2010-05-20 20:02 -------- d-----w- c:\program files\MSBuild 2010-05-20 20:02 . 2010-05-20 20:02 58552 ----a-w- c:\documents and settings\LocalService\Ustawienia lokalne\Dane aplikacji\FontCache3.0.0.0.dat 2010-05-20 20:00 . 2010-05-20 20:03 -------- d-----w- c:\windows\system32\XPSViewer 2010-05-20 19:59 . 2010-05-20 19:59 -------- d-----w- c:\program files\Reference Assemblies 2010-05-20 19:59 . 2006-10-14 14:43 27648 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll 2010-05-20 19:59 . 2006-06-29 11:07 14048 ------w- c:\windows\system32\spmsg2.dll 2010-05-20 19:57 . 2008-03-05 13:56 3786760 ----a-w- c:\windows\system32\D3DX9_37.dll 2010-05-20 19:57 . 2008-03-05 13:56 1420824 ----a-w- c:\windows\system32\D3DCompiler_37.dll 2010-05-20 19:57 . 2008-02-05 21:07 462864 ----a-w- c:\windows\system32\d3dx10_37.dll 2010-05-20 19:57 . 2007-04-04 16:53 81768 ----a-w- c:\windows\system32\xinput1_3.dll 2010-05-20 19:57 . 2010-05-20 19:57 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE 2010-05-20 19:57 . 2010-05-20 19:57 -------- d-----w- c:\windows\system32\xlive 2010-05-20 19:56 . 2010-05-21 07:19 -------- d-----w- C:\R5 2010-05-20 11:39 . 2010-05-20 11:39 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\LightScribe 2010-05-20 10:57 . 2010-05-20 10:57 -------- d-----w- c:\program files\Windows Sidebar 2010-05-20 10:50 . 2010-05-20 10:58 -------- d-----w- c:\program files\Nero 2010-05-20 10:50 . 2010-05-20 11:06 -------- d-----w- c:\program files\Common Files\Nero 2010-05-20 10:50 . 2010-05-20 10:54 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Nero 2010-05-20 10:50 . 2010-05-21 07:09 -------- d-----w- c:\program files\Common Files\LightScribe 2010-05-20 07:33 . 2010-05-20 07:33 -------- d-----w- c:\program files\Alcohol Soft 2010-05-20 07:22 . 2009-12-31 16:50 353792 ------w- c:\windows\system32\dllcache\srv.sys 2010-05-20 07:21 . 2009-11-21 16:03 471552 ------w- c:\windows\system32\dllcache\aclayers.dll 2010-05-20 07:20 . 2009-10-15 16:33 81920 ------w- c:\windows\system32\dllcache\fontsub.dll 2010-05-20 07:20 . 2009-10-15 16:33 119808 ------w- c:\windows\system32\dllcache\t2embed.dll 2010-05-20 07:20 . 2009-06-21 21:48 153088 ------w- c:\windows\system32\dllcache\triedit.dll 2010-05-20 07:17 . 2009-05-07 15:34 347648 ------w- c:\windows\system32\dllcache\localspl.dll 2010-05-20 07:17 . 2008-05-01 14:37 331776 ------w- c:\windows\system32\dllcache\msadce.dll 2010-05-20 07:13 . 2009-08-05 09:01 205312 ------w- c:\windows\system32\dllcache\mswebdvd.dll 2010-05-20 07:12 . 2008-10-15 16:36 337408 ------w- c:\windows\system32\dllcache\netapi32.dll 2010-05-20 07:12 . 2009-08-13 15:24 512000 ------w- c:\windows\system32\dllcache\jscript.dll 2010-05-19 21:33 . 2008-07-09 07:57 26488 ----a-w- c:\windows\system32\spupdsvc.exe 2010-05-19 17:00 . 2008-08-14 10:34 138496 ------w- c:\windows\system32\dllcache\afd.sys 2010-05-19 16:57 . 2010-01-29 15:01 691712 ------w- c:\windows\system32\dllcache\inetcomm.dll 2010-05-19 16:53 . 2010-05-20 07:32 691696 ----a-w- c:\windows\system32\drivers\sptd.sys 2010-05-19 16:22 . 2008-05-09 10:56 90112 ------w- c:\windows\system32\dllcache\wshext.dll 2010-05-19 16:22 . 2008-05-09 10:56 180224 ------w- c:\windows\system32\dllcache\scrobj.dll 2010-05-19 16:22 . 2008-05-09 10:56 172032 ------w- c:\windows\system32\dllcache\scrrun.dll 2010-05-19 16:22 . 2008-05-09 08:45 135168 ------w- c:\windows\system32\dllcache\cscript.exe 2010-05-19 16:22 . 2008-05-08 11:24 155648 ------w- c:\windows\system32\dllcache\wscript.exe 2010-05-19 16:22 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe 2010-05-19 16:07 . 2010-02-26 12:50 30536 ----a-w- c:\windows\system32\TURegOpt.exe 2010-05-19 16:07 . 2010-02-26 12:43 30024 ----a-w- c:\windows\system32\uxtuneup.dll 2010-05-19 16:07 . 2010-05-21 07:17 -------- d-----w- c:\program files\TuneUp Utilities 2010 2010-05-19 16:07 . 2010-05-19 16:07 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\TuneUp Software 2010-05-19 16:07 . 2010-05-19 16:07 -------- d-sh--w- c:\documents and settings\All Users\Dane aplikacji\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC} 2010-05-19 15:53 . 2010-05-21 07:10 -------- d-----w- c:\program files\Gadu-Gadu 10 2010-05-19 15:46 . 2009-09-04 21:05 58880 ------w- c:\windows\system32\dllcache\msasn1.dll 2010-05-19 15:37 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-05-19 15:37 . 2010-05-21 07:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-05-19 15:37 . 2010-05-19 15:37 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Malwarebytes 2010-05-19 15:37 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-05-19 15:22 . 2010-05-19 15:22 -------- d-----w- c:\program files\Trend Micro 2010-05-19 14:35 . 2010-05-19 14:35 954 ----a-w- c:\documents and settings\All Users\Dane aplikacji\SecTaskMan\icn_C839E3454CDB33946A211092936948F5.dll 2010-05-19 14:35 . 2010-05-19 14:35 5653 ----a-w- c:\documents and settings\All Users\Dane aplikacji\SecTaskMan\icn_42C2662EE13B94340A4823BE678E7B06.dll 2010-05-19 14:35 . 2010-05-19 14:35 125 ----a-w- c:\documents and settings\All Users\Dane aplikacji\SecTaskMan\icn_5149C053C7D38EE4AB9A00CB3B5D2472.dll 2010-05-19 14:35 . 2010-05-19 14:35 112 ----a-w- c:\documents and settings\All Users\Dane aplikacji\SecTaskMan\icn_34036E1FCF45B924BAC213FAF9ABB47C.dll 2010-05-19 14:35 . 2010-05-19 14:35 10 ----a-w- c:\documents and settings\All Users\Dane aplikacji\SecTaskMan\icn_1F8E917D13964b04CAB0F52E0C799F59.dll 2010-05-19 14:35 . 2008-04-14 20:50 686592 ----a-w- c:\documents and settings\All Users\Dane aplikacji\SecTaskMan\_entreelist.dll 2010-05-19 14:35 . 2008-04-14 20:49 714240 ----a-w- c:\documents and settings\All Users\Dane aplikacji\SecTaskMan\_enviewlist.dll 2010-05-19 14:35 . 2010-05-19 15:20 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\SecTaskMan 2010-05-19 14:33 . 2010-05-19 14:40 -------- d---a-w- c:\documents and settings\All Users\Dane aplikacji\TEMP 2010-05-19 14:31 . 2010-05-19 14:31 -------- d-----w- c:\windows\system32\xircom 2010-05-19 14:31 . 2010-05-19 14:31 -------- d-----w- c:\windows\system32\wbem\snmp 2010-05-19 14:31 . 2010-05-19 14:31 -------- d-----w- c:\windows\system32\npp 2010-05-19 14:31 . 2010-05-19 14:31 -------- d-----w- c:\windows\srchasst 2010-05-19 14:31 . 2010-05-19 14:31 -------- d-----w- c:\program files\microsoft frontpage 2010-05-19 14:13 . 2010-02-24 13:11 455680 ------w- c:\windows\system32\dllcache\mrxsmb.sys 2010-05-19 14:13 . 2009-07-31 04:35 1172480 ------w- c:\windows\system32\dllcache\msxml3.dll 2010-05-19 14:09 . 2010-05-19 14:09 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\ipla 2010-05-19 14:09 . 2010-05-21 07:11 -------- d-----w- c:\program files\ipla 2010-05-19 14:09 . 2010-05-19 14:09 1700352 ----a-w- c:\windows\system32\gdiplus.dll 2010-05-19 14:09 . 2010-05-19 14:09 1060864 ----a-w- c:\windows\system32\mfc71.dll 2010-05-19 14:04 . 2010-05-19 14:04 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Gadu-Gadu 10 2010-05-19 14:01 . 2010-05-21 07:18 -------- d-----w- c:\program files\uTorrent . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-05-21 07:18 . 2010-05-19 11:01 -------- d-----w- c:\program files\Windows Media Connect 2 2010-05-19 14:07 . 2010-05-19 12:03 -------- d-----w- c:\program files\Winamp 2010-05-19 11:56 . 2010-05-19 11:35 -------- d-----w- c:\program files\Ahead 2010-05-19 11:50 . 2010-05-19 11:49 -------- d-----w- c:\program files\SubEdit-Player 2010-05-19 11:49 . 2010-05-19 11:49 0 ----a-w- c:\windows\nsreg.dat 2010-05-19 11:49 . 2010-05-19 11:49 -------- d-----w- c:\program files\Real Alternative 2010-05-19 11:49 . 2010-05-19 11:48 -------- d-----w- c:\program files\K-Lite Codec Pack 2010-05-19 11:42 . 2010-05-19 11:42 21035 ----a-w- c:\windows\system32\drivers\AegisP.sys 2010-05-19 11:42 . 2010-05-19 11:42 -------- d-----w- c:\program files\Nonbrand 2010-05-19 11:42 . 2010-05-19 11:13 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-05-19 11:42 . 2010-05-19 11:13 -------- d-----w- c:\program files\Common Files\InstallShield 2010-05-19 11:35 . 2010-05-19 11:35 -------- d-----w- c:\program files\Common Files\Ahead 2010-05-19 11:30 . 2010-05-19 11:18 -------- d-----w- c:\program files\HP 2010-05-19 11:30 . 2010-05-19 11:19 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\HP 2010-05-19 11:24 . 2010-05-19 11:24 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\WEBREG 2010-05-19 11:23 . 2010-05-19 11:23 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Hewlett-Packard 2010-05-19 11:19 . 2010-05-19 11:19 -------- d-----w- c:\program files\Common Files\HP 2010-05-19 11:19 . 2010-05-19 11:19 -------- d-----w- c:\program files\Common Files\Hewlett-Packard 2010-05-19 11:13 . 2010-05-19 11:13 -------- d-----w- c:\program files\Realtek 2010-05-19 11:11 . 2010-05-19 11:11 -------- d-----w- c:\program files\Intel 2010-05-19 11:11 . 2010-05-19 11:11 -------- d-----w- c:\program files\Yahoo! 2010-05-19 11:09 . 2001-10-26 17:15 47782 ----a-w- c:\windows\system32\perfc015.dat 2010-05-19 11:09 . 2001-10-26 17:15 352436 ----a-w- c:\windows\system32\perfh015.dat 2010-05-19 11:02 . 2010-05-19 11:02 21856 ----a-w- c:\windows\system32\emptyregdb.dat 2010-05-04 14:05 . 2010-05-04 14:05 11776 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Gadu-Gadu 10\_userdata\npgg.2.dll 2010-04-07 19:09 . 2010-04-07 19:09 95872 ----a-w- c:\windows\system32\drivers\epfwtdir.sys 2010-04-07 19:08 . 2010-04-07 19:08 114984 ----a-w- c:\windows\system32\drivers\ehdrv.sys 2010-04-07 19:05 . 2010-04-07 19:05 140216 ----a-w- c:\windows\system32\drivers\eamon.sys 2010-03-11 12:35 . 2008-04-23 07:20 832512 ----a-w- c:\windows\system32\wininet.dll 2010-03-11 12:35 . 2008-07-24 20:33 78336 ----a-w- c:\windows\system32\ieencode.dll 2010-03-11 12:35 . 2008-07-24 20:33 17408 ----a-w- c:\windows\system32\corpol.dll 2010-03-09 11:11 . 2008-04-14 20:50 430080 ----a-w- c:\windows\system32\vbscript.dll 2010-02-24 13:11 . 2008-04-13 22:47 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys . ------- Sigcheck ------- [-] 2008-07-25 . 1F39C7BDBA4C5F3F01C4EABF7EDBF4B3 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys [-] 2008-07-25 . 8CD81261DA6BD4BCFBD857A25220A1FB . 689152 . . [5.82] . . c:\windows\system32\comctl32.dll [-] 2008-07-25 . 5F1CCDF37F28A88D0473B0C9EA1E0D58 . 487424 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll [-] 2008-07-25 . B49A80A502FD86B2F05BC7BBD723DDAB . 1528832 . . [6.00.2900.5512] . . c:\windows\explorer.exe [-] 2008-07-25 . AD58E980CBCC1B8980D16D91408EB57A . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll [-] 2008-07-25 . 0277E1A3E8B337555A45943808451981 . 40448 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe [-] 2008-07-24 20:56 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\mspmsnsv.dll c:\windows\System32\wscntfy.exe ... - brak elementu !! c:\windows\System32\regsvc.dll ... - brak elementu !! . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-05 8523776] "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-04-07 2145000] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoSMConfigurePrograms"= 1 (0x1) "NoResolveTrack"= 1 (0x1) [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoSMHelp"= 1 (0x1) "NoSMConfigurePrograms"= 1 (0x1) "NoResolveTrack"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "AntiVirusOverride"=dword:00000001 "AntiVirusDisableNotify"=dword:00000001 "FirewallDisableNotify"=dword:00000001 "FirewallOverride"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 "UacDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) "DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Nonbrand\\802.11g Wireless LAN PCI Card Driver and Utility\\RtWLan.exe"= c:\\Program Files\\Nonbrand\\802.11g Wireless LAN PCI Card Driver and Utility\\RtWlan.exe "c:\\WINDOWS\\system32\\nwiz.exe"= "c:\\Program Files\\ipla\\ipla.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\WINDOWS\\system32\\wuauclt.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\TuneUp Utilities 2010\\TuneUpUtilitiesApp32.exe"= "c:\\Program Files\\TuneUp Utilities 2010\\Integrator.exe"= "c:\\Program Files\\Gadu-Gadu 10\\gg.exe"= "c:\\R5\\RE5DX9.EXE"= "c:\\R5\\RE5DX10.EXE"= "c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"= "c:\\Program Files\\ACD Systems\\ACDSee Pro\\3.0\\ACDSeeQVPro3.exe"= "c:\\WINDOWS\\system32\\KB905474\\wgasetup.exe"= R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2010-05-19 691696] R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2010-04-07 114984] R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2010-04-07 95872] R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2010-04-07 810120] R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [2010-02-26 1047880] R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [2010-02-24 10064] S3 SjyPkt;SjyPkt;c:\windows\system32\drivers\SjyPkt.sys [2010-05-19 13532] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2008-06-09 08:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe . Zawartość folderu 'Zaplanowane zadania' 2010-05-21 c:\windows\Tasks\WGASetup.job - c:\windows\system32\KB905474\wgasetup.exe [2010-05-21 20:18] . . ------- Skan uzupełniający ------- . uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 FF - ProfilePath - c:\documents and settings\PAWEŁ\Dane aplikacji\Mozilla\Firefox\Profiles\0g4srvqo.default\ FF - plugin: c:\documents and settings\All Users\Dane aplikacji\Gadu-Gadu 10\_userdata\npgg.2.dll FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll ---- FIREFOX - SPOSÓB POSTĘPOWANIA ---- FF - user.js: network.http.max-persistent-connections-per-server - 4 FF - user.js: nglayout.initialpaint.delay - 600 FF - user.js: content.notify.interval - 600000 FF - user.js: content.max.tokenizing.time - 1800000 FF - user.js: content.switch.threshold - 600000 c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-05-21 17:48 Windows 5.1.2600 Dodatek Service Pack 3 NTFS skanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ... skanowanie pomyślnie ukończone ukryte pliki: 0 ************************************************************************** Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net device: opened successfully user: MBR read successfully called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys spxa.sys >>UNKNOWN [0x86789938]<< kernel: MBR read successfully detected MBR rootkit hooks: \Driver\Disk -> CLASSPNP.SYS @ 0xf7872f28 \Driver\ACPI -> ACPI.sys @ 0xf76d9cb8 \Driver\atapi -> atapi.sys @ 0xf766eb40 IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805e710a ParseProcedure -> ntoskrnl.exe @ 0x80578f7a \Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805e710a ParseProcedure -> ntoskrnl.exe @ 0x80578f7a NDIS: Realtek RTL8169/8110 Family Gigabit Ethernet NIC -> SendCompleteHandler -> NDIS.sys @ 0xf7577bb0 PacketIndicateHandler -> NDIS.sys @ 0xf7566a0d SendHandler -> NDIS.sys @ 0xf757ab40 user & kernel MBR OK ************************************************************************** . --------------------- Pliki DLL ładowane pod uruchomionymi procesami --------------------- - - - - - - - > 'winlogon.exe'(904) c:\windows\system32\SETUPAPI.dll c:\windows\system32\sfc_os.dll - - - - - - - > 'lsass.exe'(980) c:\windows\system32\setupapi.dll - - - - - - - > 'explorer.exe'(2364) c:\windows\system32\SHDOCVW.dll c:\windows\system32\WININET.dll c:\windows\system32\COMRes.dll c:\windows\system32\ntshrui.dll c:\windows\system32\LINKINFO.dll c:\windows\system32\wpdshserviceobj.dll c:\windows\system32\SETUPAPI.dll c:\windows\system32\portabledevicetypes.dll c:\windows\system32\portabledeviceapi.dll c:\windows\system32\NETSHELL.dll c:\windows\system32\credui.dll c:\windows\system32\MSVCP60.dll . ------------------------ Pozostałe uruchomione procesy ------------------------ . c:\program files\Common Files\LightScribe\LSSrvc.exe c:\windows\system32\nvsvc32.exe c:\program files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe . ************************************************************************** . Czas ukończenia: 2010-05-21 17:50:03 - komputer został uruchomiony ponownie ComboFix-quarantined-files.txt 2010-05-21 15:50 Przed: 22 360 182 784 bajtów wolnych Po: 23 783 464 960 bajtów wolnych - - End Of File - - E5AAFECB0ACF0DA8637515461E4E2878

Kod: Zaznacz wszystko: Hijackthis Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:09:38, on 2010-05-21 Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.17023) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\explorer.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice O17 - HKLM\System\CCS\Services\Tcpip\..\{4BB1B399-6382-49A6-B865-B1062D469F62}: NameServer = 217.30.129.149 217.30.137.200 O23 - Service: CiSvc - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing) O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe -- End of file - 2876 bytes

**Posty:** 18165 · przez **wojtas** 21 Maj 2010, 18:13

kasper486, załóż swój temat zgodnie z zasadami... NIE podpinamy się

obowiązkowych zasad w dziale bezpieczeństwo

- 3 logi
- opis problemu
- tagi code..

**Posty:** 1850 · przez **Tomaszu** 22 Maj 2010, 14:19

Zrobiłem jak napisałeś.
Dziś przeskanowałem ponownie i niestety musiałem znowu przerwać, bo muliło jak cholera, ale od dłuższego czasu nie pokazywało nic nowego.

Kod: Zaznacz wszystko: GMER 1.0.15.15281 - http://www.gmer.net Rootkit scan 2010-05-22 13:03:00 Windows 5.1.2600 Dodatek Service Pack 2 Running: d1rebifq.exe; Driver: C:\DOCUME~1\Tomek\USTAWI~1\Temp\fwroypog.sys ---- System - GMER 1.0.15 ---- SSDT BAF70996 ZwCreateKey SSDT BAF7098C ZwCreateThread SSDT BAF7099B ZwDeleteKey SSDT BAF709A5 ZwDeleteValueKey SSDT BAF709AA ZwLoadKey SSDT BAF70978 ZwOpenProcess SSDT BAF7097D ZwOpenThread SSDT BAF709B4 ZwReplaceKey SSDT BAF709AF ZwRestoreKey SSDT BAF709A0 ZwSetValueKey SSDT BAF70987 ZwTerminateProcess ---- Kernel code sections - GMER 1.0.15 ---- .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xBA1A5360, 0x24CB9D, 0xE8000020] ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x38 0x8C 0xEC 0x63 ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x1B 0xF1 0x98 0xEC ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x68 0xBB 0x4F 0xCD ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x44 0x6F 0x1C 0x7D ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2@hdf12 0x7F 0x98 0x15 0x2D ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xAC 0x8E 0x3E 0x3F ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xAC 0x8E 0x3E 0x3F ...

Nie ma żadnych zmian niestety

Sądze, że to dysk mi siadł..

**Posty:** 18165 · przez **wojtas** 22 Maj 2010, 16:22

a gdzie raport z czyszczenia ? gdzie nowy OTL?

**Posty:** 1850 · przez **Tomaszu** 22 Maj 2010, 20:17

Oh sorki, ;/ zapomniałem że wygenerowało loga. Zalecane działanie zrobiłem wczoraj, a skanowanie dziś rano.

Kod: Zaznacz wszystko: All processes killed ========== OTL ========== Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}\ deleted successfully. C:\Program Files\Splitcam Toolbar\tbcore3.dll moved successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{37B85A21-692B-4205-9CAD-2626E4993404}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{37B85A21-692B-4205-9CAD-2626E4993404}\ deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{37B85A29-692B-4205-9CAD-2626E4993404} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{37B85A29-692B-4205-9CAD-2626E4993404}\ deleted successfully. Registry value HKEY_USERS\S-1-5-21-1491950412-2009852829-4049741679-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{338B4DFE-2E2C-4338-9E41-E176D497299E} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{338B4DFE-2E2C-4338-9E41-E176D497299E}\ deleted successfully. File C:\Program Files\Splitcam Toolbar\tbcore3.dll not found. C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\find11.exe moved successfully. C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\frame11.exe moved successfully. C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\pbnsxfs.exe moved successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1717f162-3594-11df-9a9d-4d6564696130}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1717f162-3594-11df-9a9d-4d6564696130}\ not found. File E:\husyu8n.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1717f162-3594-11df-9a9d-4d6564696130}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1717f162-3594-11df-9a9d-4d6564696130}\ not found. File E:\husyu8n.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{271ecfe1-7c67-11de-bad1-001d7dd23fd1}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{271ecfe1-7c67-11de-bad1-001d7dd23fd1}\ not found. File E:\husyu8n.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{271ecfe1-7c67-11de-bad1-001d7dd23fd1}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{271ecfe1-7c67-11de-bad1-001d7dd23fd1}\ not found. File E:\husyu8n.exe not found. ========== FILES ========== File\Folder C:\Program Files\MyGlobalSearch not found. C:\Documents and Settings\Tomek\Dane aplikacji\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\include_files folder moved successfully. C:\Documents and Settings\Tomek\Dane aplikacji\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache folder moved successfully. C:\Documents and Settings\Tomek\Dane aplikacji\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E} folder moved successfully. C:\Documents and Settings\Tomek\Dane aplikacji\Toolbar4 folder moved successfully. C:\Program Files\Splitcam Toolbar folder moved successfully. ========== REGISTRY ========== Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\ deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes User: LocalService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 32902 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Tomek ->Temp folder emptied: 3025259 bytes ->Temporary Internet Files folder emptied: 8924218 bytes ->Java cache emptied: 0 bytes ->Opera cache emptied: 38454571 bytes ->Flash cache emptied: 10162 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 2114584 bytes %systemroot%\System32 .tmp files removed: 2596 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 0 bytes RecycleBin emptied: 14274828 bytes Total Files Cleaned = 64,00 mb Restore points cleared and new OTL Restore Point set! OTL by OldTimer - Version 3.2.5.0 log created on 05212010_222411 Files\Folders moved on Reboot... Registry entries deleted on Reboot...

A ten po czyszczeniu to ten wyżej, ale nie ma możliwości by dokończyło skanować

Dziś skanowało ponad 2 godziny i byłem zmuszony przerwać ;/ Sądzę, że nie potrzebnie zawracam gitarę z tym tematem. To raczej awaria dysku

**Posty:** 18165 · przez **wojtas** 23 Maj 2010, 10:40

Klikasz prawym przyciskiem myszy na Mój komputer => Właściwości => Sprzęt => Menadżer urządzeń => Kontrolery IDE ATA/ATAPI => Podstawowy kanał IDE => Ustawienia zaawansowane i sprawdź czy dysk pracuje w trybie PIO czy DMA. Sprawdź tez w pomocniczym kanale IDE. Jeśli w którymś kanale jest tryb PIO to klikasz na niego PPM i Odinstaluj. Po restarcie sprawdź czy jest lepiej

i daj logi

Kto jest na forum