svchost.exe obciąża znacznie procesor

[luck0114]

Witam.

Mam problem ostatnio z tą aplikacją. Gdy byłem świeżo po formacie aplikacja nie szalała aż tak skacząc co chwilę z przerwami do 50% zużycia procesora (czasami więcej) nie wiem co mogło się stać. Jest to dla mnie trochę denerwujące bo grając podczas skoku zużycia procka przez tą aplikację niektóre gry w tym momencie się zacinają chodząc na chwila wolniej. Nie wiem możliwe, że jakaś aktualizacja wlazła i to przez nią. Nie wiem dlaczego tak ostatnio się dzieje.

Niżej kilka logów:

Hijackthis:

Kod: Zaznacz wszystko

Logfile of HijackThis v1.99.1
Scan saved at 18:27:26, on 2007-06-07
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
D:\Program Files\Alwil Software\Avast4\ashServ.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\RunDll32.exe
D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\DAEMON Tools\daemon.exe
D:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
D:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\Hamachi\hamachi.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\wuauclt.exe
D:\PROGRA~1\Mozilla Firefox\firefox.exe
E:\Programy - logi systemu\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [DAEMON Tools] "c:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [WinampAgent] c:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - Startup: Adobe Gamma.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Pobierz z &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: WgaLogon - D:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe


Silent Runners:

Kod: Zaznacz wszystko

"Silent Runners.vbs", revision R50, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"CTFMON.EXE" = "D:\WINDOWS\system32\ctfmon.exe" [MS]
"Gadu-Gadu" = ""C:\Program Files\Gadu-Gadu\gg.exe" /tray" ["Gadu-Gadu S.A."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]
"Cmaudio" = "RunDll32 cmicnfg.cpl,CMICtrlWnd" [MS]
"avast!" = "D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" ["ALWIL Software"]
"DAEMON Tools" = ""c:\Program Files\DAEMON Tools\daemon.exe" -lang 1033" ["DT Soft Ltd."]
"SunJavaUpdateSched" = ""D:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"" ["Sun Microsystems, Inc."]
"WinampAgent" = "c:\Program Files\Winamp\winampa.exe" [null data]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
  -> {HKLM...CLSID} = "SSVHelper Class"
                   \InProcServer32\(Default) = "D:\Program Files\Java\jre1.6.0_01\bin\ssv.dll" ["Sun Microsystems, Inc."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"
  -> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"
                   \InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"
  -> {HKLM...CLSID} = "HyperTerminal Icon Ext"
                   \InProcServer32\(Default) = "D:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
  -> {HKLM...CLSID} = "DesktopContext Class"
                   \InProcServer32\(Default) = "D:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
  -> {HKLM...CLSID} = "NVIDIA CPL Extension"
                   \InProcServer32\(Default) = "D:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
  -> {HKLM...CLSID} = "Desktop Explorer"
                   \InProcServer32\(Default) = "D:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
  -> {HKLM...CLSID} = (no title provided)
                   \InProcServer32\(Default) = "D:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"
  -> {HKLM...CLSID} = "nView Desktop Context Menu"
                   \InProcServer32\(Default) = "D:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{472083B0-C522-11CF-8763-00608CC02F24}" = "avast"
  -> {HKLM...CLSID} = "avast"
                   \InProcServer32\(Default) = "D:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
  -> {HKLM...CLSID} = "WinRAR"
                   \InProcServer32\(Default) = "D:\Program Files\WinRAR\rarext.dll" [null data]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"
  -> {HKLM...CLSID} = "Rozszerzenie ikon plików programu Outlook"
                   \InProcServer32\(Default) = "D:\PROGRA~1\MICROS~2\Office\OLKFSTUB.DLL" [MS]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
  -> {HKLM...CLSID} = "avast"
                   \InProcServer32\(Default) = "D:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
  -> {HKLM...CLSID} = "WinRAR"
                   \InProcServer32\(Default) = "D:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
  -> {HKLM...CLSID} = "WinRAR"
                   \InProcServer32\(Default) = "D:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
  -> {HKLM...CLSID} = "avast"
                   \InProcServer32\(Default) = "D:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
  -> {HKLM...CLSID} = "WinRAR"
                   \InProcServer32\(Default) = "D:\Program Files\WinRAR\rarext.dll" [null data]


Group Policies {policy setting}:
--------------------------------

Note: detected settings may not have any effect.

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\

"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001
{Shutdown: Allow system to be shut down without having to log on}

"undockwithoutlogon" = (REG_DWORD) hex:0x00000001
{Devices: Allow undock without having to log on}


Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "D:\WINDOWS\web\wallpaper\Idylla.bmp"

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "D:\WINDOWS\web\wallpaper\Idylla.bmp"


Startup items in "Łukasz" & "All Users" startup folders:
--------------------------------------------------------

D:\Documents and Settings\Łukasz\Menu Start\Programy\Autostart
"Adobe Gamma" -> shortcut to: "D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe" ["Adobe Systems, Inc."]
"hamachi" -> shortcut to: "C:\Program Files\Hamachi\hamachi.exe" ["LogMeIn Inc."]

D:\Documents and Settings\All Users\Menu Start\Programy\Autostart
"Microsoft Office" -> shortcut to: "D:\Program Files\Microsoft Office\Office\OSA9.EXE -b -l" [MS]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 15
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05


Toolbars, Explorer Bars, Extensions:
------------------------------------

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC}"
  -> {HKCU...CLSID} = "Java Plug-in 1.6.0_01"
                   \InProcServer32\(Default) = "D:\Program Files\Java\jre1.6.0_01\bin\ssv.dll" ["Sun Microsystems, Inc."]
  -> {HKLM...CLSID} = "Java Plug-in 1.6.0_01"
                   \InProcServer32\(Default) = "D:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll" ["Sun Microsystems, Inc."]

{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "D:\Program Files\Messenger\msmsgs.exe" [MS]


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

avast! Antivirus, avast! Antivirus, ""D:\Program Files\Alwil Software\Avast4\ashServ.exe"" ["ALWIL Software"]
avast! iAVS4 Control Service, aswUpdSv, ""D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"" ["ALWIL Software"]
avast! Mail Scanner, avast! Mail Scanner, ""D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service" ["ALWIL Software"]
avast! Web Scanner, avast! Web Scanner, ""D:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service" ["ALWIL Software"]
NVIDIA Display Driver Service, NVSvc, "D:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"]


----------
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
  launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
  DLL launch points, use the -supp parameter or answer "No" at the
  first message box and "Yes" at the second message box.
---------- (total run time: 60 seconds, including 18 seconds for message boxes)


ComboFix:

Kod: Zaznacz wszystko

"ťukasz" - 2007-06-07 18:28:09    Dodatek Service Pack 2  NTFS 
ComboFix 07-06-3B - Running from: "E:\Programy - logi systemu\"


(((((((((((((((((((((((((   Files Created from 2007-05-07 to 2007-06-07  )))))))))))))))))))))))))))))))


2007-06-07 15:06   <DIR>   d--------   D:\WINDOWS\system32\CatRoot2
2007-06-06 20:54   49,152   --a------   D:\WINDOWS\nircmd.exe
2007-06-06 18:16   <DIR>   d--------   D:\WINDOWS\SoftwareDistribution
2007-06-06 17:51   <DIR>   d--------   D:\DOCUME~1\UKASZ~1\DANEAP~1\Lavasoft
2007-06-06 14:17   <DIR>   d--------   D:\WINDOWS\ShellNew
2007-06-06 14:16   <DIR>   d--------   D:\DOCUME~1\UKASZ~1\DANEAP~1\Microsoft Web Folders
2007-06-05 23:40   20,640   ---------   D:\WINDOWS\system32\drivers\PxHelp20.sys
2007-06-05 23:40   151,552   ---------   D:\WINDOWS\system32\pxwma.dll
2007-06-05 23:40   109,568   ---------   D:\WINDOWS\system32\pxinsi64.exe
2007-06-05 23:40   108,544   ---------   D:\WINDOWS\system32\pxcpyi64.exe
2007-06-05 21:35   9,600   --a------   D:\WINDOWS\system32\drivers\hidusb.sys
2007-06-04 19:55   <DIR>   d--h-----   D:\Program Files\InstallShield Installation Information
2007-06-04 14:57   344,064   --a------   D:\WINDOWS\system32\msvcr70.dll
2007-06-03 18:49   223,128   --a------   D:\WINDOWS\system32\drivers\dtscsi.sys
2007-06-03 18:47   96,256   --a------   D:\WINDOWS\system32\drivers\sptd1757.sys
2007-06-03 18:47   642,560   --a------   D:\WINDOWS\system32\drivers\sptd.sys
2007-06-03 18:32   <DIR>   d--------   D:\DOCUME~1\ALLUSE~1\DANEAP~1\Adobe Systems
2007-06-03 18:27   <DIR>   d--------   D:\Program Files\Common Files\Adobe Systems Shared
2007-06-02 20:15   25,544   --a------   D:\WINDOWS\system32\drivers\hamachi.sys
2007-06-02 20:13   <DIR>   d--------   D:\DOCUME~1\UKASZ~1\DANEAP~1\Hamachi
2007-06-02 20:06   <DIR>   d--------   D:\DOCUME~1\UKASZ~1\DANEAP~1\teamspeak2
2007-06-02 13:33   98,304   --a------   D:\WINDOWS\system32\CmdLineExt.dll
2007-06-02 00:34   1,411   --a------   D:\WINDOWS\mozver.dat
2007-06-01 22:20   <DIR>   d--------   D:\DOCUME~1\ALLUSE~1\DANEAP~1\Windows Genuine Advantage
2007-06-01 21:55   3,072   --a------   D:\WINDOWS\system32\drivers\audstub.sys
2007-06-01 21:54   77,312   --a------   D:\WINDOWS\system32\usbui.dll
2007-06-01 21:54   58,624   --a------   D:\WINDOWS\system32\drivers\redbook.sys
2007-06-01 21:54   5,504   --a------   D:\WINDOWS\system32\drivers\intelide.sys
2007-06-01 21:54   20,992   --a------   D:\WINDOWS\system32\drivers\RTL8139.sys
2007-06-01 21:54   10,624   --a------   D:\WINDOWS\system32\drivers\gameenum.sys
2007-06-01 21:53   8,192   --a------   D:\WINDOWS\system32\kbdhept.dll
2007-06-01 21:53   7,168   --a------   D:\WINDOWS\system32\kbdcz.dll
2007-06-01 21:53   6,656   --a------   D:\WINDOWS\system32\kbdycl.dll
2007-06-01 21:53   6,656   --a------   D:\WINDOWS\system32\kbdsl1.dll
2007-06-01 21:53   6,656   --a------   D:\WINDOWS\system32\kbdsl.dll
2007-06-01 21:53   6,656   --a------   D:\WINDOWS\system32\kbdhu.dll
2007-06-01 21:53   6,656   --a------   D:\WINDOWS\system32\kbdhela3.dll
2007-06-01 21:53   6,656   --a------   D:\WINDOWS\system32\kbdcz2.dll
2007-06-01 21:53   6,656   --a------   D:\WINDOWS\system32\kbdcz1.dll
2007-06-01 21:53   6,656   --a------   D:\WINDOWS\system32\kbdcr.dll
2007-06-01 21:53   6,656   --a------   D:\WINDOWS\system32\KBDAL.DLL
2007-06-01 21:53   6,144   --a------   D:\WINDOWS\system32\kbdtuq.dll
2007-06-01 21:53   6,144   --a------   D:\WINDOWS\system32\kbdtuf.dll
2007-06-01 21:53   6,144   --a------   D:\WINDOWS\system32\kbdlv1.dll
2007-06-01 21:53   6,144   --a------   D:\WINDOWS\system32\kbdlv.dll
2007-06-01 21:53   6,144   --a------   D:\WINDOWS\system32\kbdhela2.dll
2007-06-01 21:53   6,144   --a------   D:\WINDOWS\system32\kbdgkl.dll
2007-06-01 21:53   6,144   --a------   D:\WINDOWS\system32\kbdest.dll
2007-06-01 21:53   5,632   --a------   D:\WINDOWS\system32\kbdro.dll
2007-06-01 21:53   5,632   --a------   D:\WINDOWS\system32\kbdmon.dll
2007-06-01 21:53   5,632   --a------   D:\WINDOWS\system32\kbdlt1.dll
2007-06-01 21:53   5,632   --a------   D:\WINDOWS\system32\kbdlt.dll
2007-06-01 21:53   5,632   --a------   D:\WINDOWS\system32\kbdkyr.dll
2007-06-01 21:53   5,632   --a------   D:\WINDOWS\system32\kbdhu1.dll
2007-06-01 21:53   5,632   --a------   D:\WINDOWS\system32\kbdhe319.dll
2007-06-01 21:53   5,632   --a------   D:\WINDOWS\system32\kbdhe220.dll
2007-06-01 21:53   5,632   --a------   D:\WINDOWS\system32\kbdhe.dll
2007-06-01 21:53   5,632   --a------   D:\WINDOWS\system32\kbdazel.dll
2007-06-01 21:53   <DIR>   dr-------   D:\Program Files
2007-06-01 21:53   <DIR>   d--hs----   D:\WINDOWS\Installer
2007-06-01 21:53   <DIR>   d--------   D:\Program Files\Common Files\SpeechEngines
2007-06-01 21:53   <DIR>   d--------   D:\Program Files\Common Files\ODBC
2007-06-01 21:52   9,936   --a------   D:\WINDOWS\system\LZEXPAND.DLL
2007-06-01 21:52   9,168   --a------   D:\WINDOWS\system\VER.DLL
2007-06-01 21:52   85,532   --a------   D:\WINDOWS\system32\dgsetup.dll
2007-06-01 21:52   83,456   --a------   D:\WINDOWS\system\OLECLI.DLL
2007-06-01 21:52   8,704   --a------   D:\WINDOWS\system32\batt.dll
2007-06-01 21:52   75,776   --a------   D:\WINDOWS\system32\storprop.dll
2007-06-01 21:52   70,144   --a------   D:\WINDOWS\NOTEPAD.EXE
2007-06-01 21:52   70,096   --a------   D:\WINDOWS\system\AVICAP.DLL
2007-06-01 21:52   69,552   --a------   D:\WINDOWS\system\MMSYSTEM.DLL
2007-06-01 21:52   5,120   --a------   D:\WINDOWS\system\SHELL.DLL
2007-06-01 21:52   33,376   --a------   D:\WINDOWS\system\COMMDLG.DLL
2007-06-01 21:52   24,661   --a------   D:\WINDOWS\system32\spxcoins.dll
2007-06-01 21:52   24,064   --a------   D:\WINDOWS\system\OLESVR.DLL
2007-06-01 21:52   19,200   --a------   D:\WINDOWS\system\TAPI.DLL
2007-06-01 21:52   176,157   --a------   D:\WINDOWS\system32\dgrpsetu.dll
2007-06-01 21:52   15,360   --a------   D:\WINDOWS\TASKMAN.EXE
2007-06-01 21:52   13,312   --a------   D:\WINDOWS\system32\irclass.dll
2007-06-01 21:52   127,008   --a------   D:\WINDOWS\system\MSVIDEO.DLL
2007-06-01 21:52   11,264   --a------   D:\WINDOWS\system32\drivers\irenum.sys
2007-06-01 21:52   109,488   --a------   D:\WINDOWS\system\AVIFILE.DLL
2007-06-01 21:52   103,424   --a------   D:\WINDOWS\system32\EqnClass.Dll
2007-06-01 21:52   <DIR>   dr-h-----   D:\DOCUME~1\DEFAUL~1\Ustawienia lokalne
2007-06-01 21:52   <DIR>   dr-h-----   D:\DOCUME~1\DEFAUL~1\Dane aplikacji
2007-06-01 21:52   <DIR>   dr-h-----   D:\DOCUME~1\ALLUSE~1\Dane aplikacji
2007-06-01 21:52   <DIR>   dr-------   D:\DOCUME~1\DEFAUL~1\Menu Start
2007-06-01 21:52   <DIR>   dr-------   D:\DOCUME~1\ALLUSE~1\Menu Start
2007-06-01 21:52   <DIR>   dr-------   D:\DOCUME~1\ALLUSE~1\Dokumenty
2007-06-01 21:52   <DIR>   d--hs----   D:\System Volume Information
2007-06-01 21:52   <DIR>   d--h-----   D:\DOCUME~1\DEFAUL~1\Szablony
2007-06-01 21:52   <DIR>   d--h-----   D:\DOCUME~1\ALLUSE~1\Szablony
2007-06-01 21:52   <DIR>   d--------   D:\WINDOWS\system32\CatRoot2Old
2007-06-01 21:52   <DIR>   d--------   D:\WINDOWS\system32\CatRoot
2007-06-01 21:52   <DIR>   d--------   D:\Documents and Settings
2007-06-01 21:52   <DIR>   d--------   D:\DOCUME~1\DEFAUL~1\Ulubione
2007-06-01 21:52   <DIR>   d--------   D:\DOCUME~1\DEFAUL~1\Pulpit
2007-06-01 21:52   <DIR>   d--------   D:\DOCUME~1\DEFAUL~1\Moje dokumenty
2007-06-01 21:52   <DIR>   d--------   D:\DOCUME~1\ALLUSE~1\Ulubione
2007-06-01 21:52   <DIR>   d--------   D:\DOCUME~1\ALLUSE~1\Pulpit


((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-01 20:27:16   49,712   ----a-w   D:\WINDOWS\system32\perfc015.dat
2007-06-01 20:27:16   355,830   ----a-w   D:\WINDOWS\system32\perfh015.dat
2007-06-01 18:00:05   --------   d-----w   D:\Program Files\Usługi online
2007-04-18 16:14:32   2,854,400   ----a-w   D:\WINDOWS\system32\msi.dll
2007-04-16 20:45:28   92,504   ----a-w   D:\WINDOWS\system32\cdm.dll
2007-04-16 20:45:20   43,352   ----a-w   D:\WINDOWS\system32\wups2.dll
2007-03-17 13:45:36   293,376   ----a-w   D:\WINDOWS\system32\winsrv.dll
2007-03-08 15:38:47   579,072   ----a-w   D:\WINDOWS\system32\user32.dll
2007-03-08 15:38:47   40,960   ----a-w   D:\WINDOWS\system32\mf3216.dll
2007-03-08 15:38:47   281,600   ----a-w   D:\WINDOWS\system32\gdi32.dll
2007-03-08 15:37:33   1,843,840   ----a-w   D:\WINDOWS\system32\win32k.sys


(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=D:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="nwiz.exe" [2006-10-22 12:22 D:\WINDOWS\system32\nwiz.exe]
"Cmaudio"="cmicnfg.cpl" []
"avast!"="D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-04-30 17:42]
"DAEMON Tools"="c:\Program Files\DAEMON Tools\daemon.exe" [2005-12-10 16:57]
"SunJavaUpdateSched"="D:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"WinampAgent"="c:\Program Files\Winamp\winampa.exe" [2004-12-20 20:41]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="D:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2006-10-10 17:51]

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs*


**************************************************************************

catchme 0.3.692 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-07 18:29:10
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-06-07 18:29:44
D:\ComboFix2.txt ... 2007-06-06 20:54

   --- E O F ---


[wojtas]

wszystkie logi sa ok