Wwdc informuje o infekcji - svchost pobiera dużo ramu

**Posty:** 250 · przez **tenzin** 19 Cze 2009, 16:58

witam,
Dość często uruchamiam wwdc, ale dzisiaj pojawiła się poniższa informacja.

Po niej program uruchamia się jak zwykle wszystkie pola poza NetBIOS (żółty) są zielone.
Poza tym na pulpicie od pewnego czasu widnieje kilka wyblakłych ikon o nazwach:
CA0XY7SX.
CA5D7JRR.
CA6ZGXMD.
CAKLQRKH.
CASX85O3.
Plików nie da się usunąć, ich rozmiar wynosi 0 bajtów.

Logi:

OTL

Kod: Zaznacz wszystko: OTL logfile created on: 2009-06-19 16:35:54 - Run 1 OTL by OldTimer - Version 2.1.1.0 Folder = C:\Documents and Settings\x\Pulpit\problem Windows XP Professional Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.2180) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 511,48 Mb Total Physical Memory | 230,70 Mb Available Physical Memory | 45,10% Memory free 1,22 Gb Paging File | 0,98 Gb Available in Paging File | 80,57% Paging File free Paging file location(s): D:\pagefile.sys 766 1500 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 4,31 Gb Total Space | 0,27 Gb Free Space | 6,37% Space Free | Partition Type: NTFS Drive D: | 14,36 Gb Total Space | 0,99 Gb Free Space | 6,92% Space Free | Partition Type: FAT32 E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: XXX Current User Name: x Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Output = Standard File Age = 30 Days Company Name Whitelist: On [color=orange]========== Processes (SafeList) ==========[/color] PRC - [2006-11-10 16:18:42 | 00,859,136 | ---- | M] (Nero AG) -- D:\Programy\nero\Nero 7\InCD\InCDsrv.exe PRC - [2006-10-22 12:22:00 | 00,159,810 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe PRC - [2005-08-07 14:54:00 | 00,167,936 | ---- | M] () -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe PRC - [2004-12-13 04:34:32 | 00,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe PRC - [2004-08-11 01:45:04 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe PRC - [2007-03-14 16:42:48 | 00,321,088 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe PRC - [2004-08-04 00:44:30 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe PRC - [2006-07-07 17:15:12 | 00,348,160 | ---- | M] (Leadtek Research Inc.) -- C:\Program Files\WinFast\WFTVFM\WFWIZ.exe PRC - [2001-10-26 18:29:52 | 00,024,064 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\devldr32.exe PRC - [2008-09-03 21:11:29 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Documents and Settings\x\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe PRC - [2004-08-04 00:44:20 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2009-06-13 17:18:10 | 00,307,704 | ---- | M] (Mozilla Corporation) -- D:\Programy\Firefox2\firefox.exe PRC - [2009-06-19 16:30:57 | 00,501,760 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\x\Pulpit\problem\OTL.exe [color=orange]========== Win32 Services (SafeList) ==========[/color] SRV - [2004-08-04 00:44:08 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running]) SRV - [2005-11-14 02:06:04 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped]) SRV - [2006-11-10 16:18:42 | 00,859,136 | ---- | M] (Nero AG) -- D:\Programy\nero\Nero 7\InCD\InCDsrv.exe -- (InCDsrv [Auto | Running]) SRV - [2004-08-04 00:44:02 | 00,027,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\irmon.dll -- (Irmon [Auto | Running]) SRV - [2006-12-23 17:54:04 | 00,262,144 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService [Disabled | Stopped]) SRV - [2007-03-14 16:42:22 | 00,012,800 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe -- (nmraapache [On_Demand | Stopped]) SRV - [2007-03-14 16:42:48 | 00,321,088 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe -- (nmservice [Auto | Running]) SRV - [2006-10-22 12:22:00 | 00,159,810 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc [Auto | Running]) SRV - [2001-10-26 19:29:32 | 00,066,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ipxsap.dll -- (NwSapAgent [Auto | Running]) SRV - [2005-08-07 14:54:00 | 00,167,936 | ---- | M] () -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe -- (RichVideo [Auto | Running]) SRV - [2004-12-13 04:34:32 | 00,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper [Auto | Running]) SRV - [2004-08-11 01:45:04 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe -- (UMWdf [Auto | Running]) [color=orange]========== Driver Services (SafeList) ==========[/color] DRV - [2004-04-30 09:37:02 | 00,160,640 | ---- | M] ( ) -- C:\WINDOWS\system32\DRIVERS\a347bus.sys -- (a347bus [Boot | Running]) DRV - [2004-04-30 09:33:00 | 00,005,248 | ---- | M] ( ) -- C:\WINDOWS\System32\Drivers\a347scsi.sys -- (a347scsi [Boot | Running]) DRV - [2004-08-03 22:59:44 | 00,095,360 | ---- | M] () -- C:\WINDOWS\System32\DRIVERS\atapi.sys -- (atapi [Boot | Running]) DRV - [2004-03-08 12:55:50 | 00,013,567 | ---- | M] (B.H.A Corporation) -- C:\WINDOWS\System32\drivers\CDRBSDRV.SYS -- (cdrbsdrv [System | Running]) DRV - [2001-08-17 21:19:20 | 00,003,712 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\System32\DRIVERS\ctljystk.sys -- (ctljystk [On_Demand | Running]) DRV - [2005-06-28 09:24:00 | 00,163,584 | ---- | M] (Leadtek Research Inc.) -- C:\WINDOWS\system32\drivers\cx88vid.sys -- (CX23880 [Auto | Running]) DRV - [2005-06-28 09:21:00 | 00,009,728 | ---- | M] (Leadtek Research Inc.) -- C:\WINDOWS\system32\drivers\cxavxbar.sys -- (CXAVXBAR [On_Demand | Running]) DRV - [2005-06-28 09:22:00 | 00,030,976 | ---- | M] (Leadtek Research Inc.) -- C:\WINDOWS\system32\drivers\CX88TUNE.sys -- (CXTUNE [Auto | Running]) DRV - [2001-08-17 21:11:06 | 00,066,591 | ---- | M] (3Com Corporation) -- C:\WINDOWS\system32\DRIVERS\el90xbc5.sys -- (el90xbc [On_Demand | Running]) DRV - [2001-08-17 21:19:26 | 00,283,904 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\emu10k1m.sys -- (emu10k [On_Demand | Running]) DRV - [2001-08-17 21:19:28 | 00,006,912 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\ctlfacem.sys -- (emu10k1 [On_Demand | Running]) DRV - [2004-08-03 23:08:22 | 00,010,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\gameenum.sys -- (gameenum [On_Demand | Running]) DRV - [2006-11-10 16:15:44 | 00,102,912 | ---- | M] (Nero AG) -- C:\WINDOWS\system32\drivers\InCDFs.sys -- (InCDfs [Disabled | Running]) DRV - [2006-11-10 16:16:34 | 00,031,360 | ---- | M] (Nero AG) -- C:\WINDOWS\system32\drivers\InCDPass.sys -- (InCDPass [System | Running]) DRV - [2006-11-10 16:17:50 | 00,033,792 | ---- | M] (Nero AG) -- C:\WINDOWS\system32\drivers\InCDRm.sys -- (incdrm [System | Running]) DRV - [2005-10-09 05:26:40 | 00,019,034 | R--- | M] (Kingsun Corporation) -- C:\WINDOWS\system32\DRIVERS\KS-959.sys -- (KS-959 [On_Demand | Stopped]) DRV - [2001-08-17 23:00:04 | 00,002,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401 [On_Demand | Running]) DRV - [2006-10-22 12:22:00 | 03,994,624 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Running]) DRV - [2004-08-03 23:03:36 | 00,088,448 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys -- (NwlnkIpx [Auto | Running]) DRV - [2001-08-17 23:54:18 | 00,063,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\nwlnknb.sys -- (NwlnkNb [Auto | Running]) DRV - [2001-08-17 23:54:18 | 00,055,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys -- (NwlnkSpx [Auto | Running]) DRV - [2007-03-14 23:55:02 | 00,025,792 | ---- | M] (Pure Networks, Inc.) -- C:\WINDOWS\system32\DRIVERS\pnarp.sys -- (pnarp [Auto | Running]) DRV - [2001-08-17 23:49:56 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running]) DRV - [2007-03-14 23:55:18 | 00,026,944 | ---- | M] (Pure Networks, Inc.) -- C:\WINDOWS\system32\DRIVERS\purendis.sys -- (purendis [Auto | Running]) DRV - [2007-03-08 01:51:00 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running]) DRV - [2008-05-16 12:33:12 | 00,089,256 | R--- | M] (MCCI Corporation) -- C:\WINDOWS\system32\DRIVERS\s0016bus.sys -- (s0016bus [On_Demand | Stopped]) DRV - [2009-02-15 11:50:52 | 00,163,644 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [Auto | Running]) DRV - [2001-08-17 21:19:34 | 00,036,480 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\sfmanm.sys -- (sfman [On_Demand | Running]) DRV - [2009-01-16 19:42:27 | 00,114,048 | ---- | M] (Acronis) -- C:\WINDOWS\system32\DRIVERS\snapman.sys -- (snapman [Boot | Running]) DRV - [2005-08-16 12:23:10 | 00,038,422 | ---- | M] (Generic) -- C:\WINDOWS\System32\Drivers\StMp3Rec.sys -- (StMp3Rec [On_Demand | Stopped]) DRV - [2004-08-03 23:04:34 | 00,012,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\usb8023.sys -- (USB_RNDIS [On_Demand | Stopped]) DRV - [2005-01-06 16:55:38 | 00,009,446 | ---- | M] (Leadtek Research Inc.) -- C:\Program Files\WinFast\WFTVFM\WFIOCTL.SYS -- (WFIOCTL [On_Demand | Running]) [color=orange]========== Standard Registry (SafeList) ==========[/color] [color=orange]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-842925246-436374069-1957994488-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKU\S-1-5-21-842925246-436374069-1957994488-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1 IE - HKU\S-1-5-21-842925246-436374069-1957994488-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch IE - HKU\S-1-5-21-842925246-436374069-1957994488-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\S-1-5-21-842925246-436374069-1957994488-1003\S-1-5-21-842925246-436374069-1957994488-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=orange]========== FireFox ==========[/color] FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.0 FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.11 FF - prefs.js..extensions.enabledItems: {07b2a769-ed19-4483-87ce-c643914c81bb}:3.0.0.34 FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Components: D:\PROGRAMY\FIREFOX2\COMPONENTS [2007-05-07 20:29:22 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Plugins: D:\PROGRAMY\FIREFOX2\PLUGINS [2007-05-07 20:29:22 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.16\extensions\\Components: D:\PROGRAMS\MOZILLA THUNDERBIRD\COMPONENTS [2008-08-29 09:42:52 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.16\extensions\\Plugins: D:\PROGRAMS\MOZILLA THUNDERBIRD\PLUGINS [2008-12-05 16:25:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\x\Dane aplikacji\mozilla\Extensions [2008-12-05 16:25:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\x\Dane aplikacji\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} [2009-06-19 09:50:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\x\Dane aplikacji\mozilla\Firefox\Profiles\i7g7mm11.default\extensions [2009-04-30 20:43:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\x\Dane aplikacji\mozilla\Firefox\Profiles\i7g7mm11.default\extensions\{07b2a769-ed19-4483-87ce-c643914c81bb} [2007-07-31 21:31:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\x\Dane aplikacji\mozilla\Firefox\Profiles\i7g7mm11.default\extensions\{9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e} [2008-12-05 16:07:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\x\Dane aplikacji\mozilla\Firefox\Profiles\i7g7mm11.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} O1 HOSTS File: (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Programy\adobe\Acrobat 7\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.) O4 - HKLM..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto (Microsoft Corporation) O4 - HKLM..\Run: [OSSelectorReinstall] C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe () O4 - HKLM..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFTVFM\WFWIZ.exe (Leadtek Research Inc.) O4 - HKU\S-1-5-21-842925246-436374069-1957994488-1003..\Run: [AQQ] D:\Program2\Wapster\AQQ\WAPSTE~1\AQQ.exe (Creative Team S.A.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-842925246-436374069-1957994488-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-842925246-436374069-1957994488-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\S-1-5-21-842925246-436374069-1957994488-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-21-842925246-436374069-1957994488-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-21-842925246-436374069-1957994488-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsMenu = 1 O7 - HKU\S-1-5-21-842925246-436374069-1957994488-1003_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll (Sun Microsystems, Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [Protokół transportowy zgodny z NWLink IPX/SPX/NetBIOS] - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation) O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone. O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05) O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.) O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\puresp3.dll (Pure Networks, Inc.) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation) O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2007-05-04 22:42:04 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2009-01-28 17:08:50 | 00,000,000 | ---D | M] - C:\autorun.inf -- [ NTFS ] O32 - AutoRun File - [2009-01-28 16:08:52 | 00,000,000 | ---D | M] - D:\autorun.inf -- [ FAT32 ] O33 - MountPoints2\{fa6db7a1-2be8-11dd-b378-0015569e6253}\Shell\AutoRun\command - "" = G:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ine32.exe -- File not found O33 - MountPoints2\{fa6db7a1-2be8-11dd-b378-0015569e6253}\Shell\open\command - "" = G:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ine32.exe -- File not found O34 - HKLM BootExecute: (autocheck) - File not found O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation) O34 - HKLM BootExecute: (*) - * [2007-05-07 20:29:22 | 00,000,000 | ---D | M] [color=orange]========== Files/Folders - Created Within 30 Days ==========[/color] [3 C:\WINDOWS\*.tmp files] File not found -- C:\Documents and Settings\x\Pulpit\CASX85O3. File not found -- C:\Documents and Settings\x\Pulpit\CAKLQRKH. File not found -- C:\Documents and Settings\x\Pulpit\CA6ZGXMD. File not found -- C:\Documents and Settings\x\Pulpit\CA5D7JRR. File not found -- C:\Documents and Settings\x\Pulpit\CA0XY7SX. [2009-06-19 09:58:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\x\Dane aplikacji\Opera [2009-06-17 10:15:08 | 00,000,547 | ---- | C] () -- C:\Documents and Settings\x\Pulpit\Applian FLV Player.lnk [2009-06-17 10:15:07 | 00,000,000 | ---D | C] -- C:\WINDOWS\Applian FLV Player [2009-06-13 09:32:46 | 00,000,000 | ---D | C] -- C:\film [2009-06-11 17:50:14 | 00,000,426 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Color Wheel Pro.lnk [2009-06-11 17:50:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Color Wheel Pro [2009-06-10 18:37:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\x\Dane aplikacji\avidemux [2009-06-10 18:37:31 | 00,000,497 | ---- | C] () -- C:\Documents and Settings\x\Pulpit\Avidemux 2.4 Qt4.lnk [2009-06-10 18:25:22 | 09,492,480 | ---- | C] () -- C:\CAPTURE.AVI [2009-06-05 18:47:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\x\Dane aplikacji\Macromedia [2009-06-04 18:54:53 | 00,000,000 | ---D | C] -- C:\Program Files\RAR Recovery Toolbox [2009-06-01 09:47:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\x\Moje dokumenty\Downloads [2009-05-28 19:22:49 | 00,048,128 | ---- | C] () -- C:\Documents and Settings\x\Pulpit\ChrzeĹ›cijaĹ„skie przeĹĽywanie niedzieli i dni Ĺ›wiÄ…tecznych.doc [2009-05-28 19:22:06 | 00,044,032 | ---- | C] () -- C:\Documents and Settings\x\Pulpit\Kopia zapasowa 3.wbk [2009-05-21 22:13:48 | 00,340,790 | ---- | C] () -- C:\Documents and Settings\x\Pulpit\Jezus_i_Jego_ojczyzna_-_Palestyna.zip [2009-05-20 20:23:14 | 00,089,256 | R--- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\s0016bus.sys [2009-05-20 20:23:14 | 00,012,200 | R--- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\s0016whnt.sys [2009-05-20 20:23:14 | 00,012,200 | R--- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\s0016wh.sys [2009-02-06 18:52:05 | 00,000,000 | ---- | C] () -- C:\WINDOWS\Pool.INI [2009-02-05 21:35:02 | 00,000,094 | -H-- | C] () -- C:\WINDOWS\System32\spv1_WCssg.ini [2009-01-05 11:32:07 | 00,000,091 | ---- | C] () -- C:\WINDOWS\wininit.ini [2008-05-03 17:30:28 | 00,160,640 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\a347bus.sys [2008-05-03 17:30:28 | 00,005,248 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\a347scsi.sys [2008-01-07 13:54:36 | 00,000,056 | ---- | C] () -- C:\WINDOWS\Kulki.ini [2007-09-06 19:43:52 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2007-07-16 15:52:33 | 00,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI [2007-07-10 13:50:04 | 00,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll [2007-06-26 19:51:40 | 00,000,021 | ---- | C] () -- C:\WINDOWS\FH_setup.ini [2007-05-31 19:27:36 | 00,000,239 | ---- | C] () -- C:\WINDOWS\WINCMD.INI [2007-05-19 20:57:44 | 00,172,032 | R--- | C] () -- C:\WINDOWS\ESUSDX.DLL [2007-05-19 20:57:44 | 00,077,824 | R--- | C] () -- C:\WINDOWS\ESUSD.DLL [2007-05-16 20:31:28 | 00,000,054 | ---- | C] () -- C:\WINDOWS\JascCmdFile.INI [2007-05-07 21:39:19 | 00,000,427 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2007-05-07 19:29:01 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI [2007-05-04 22:59:11 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll [2006-10-22 12:22:00 | 01,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll [2006-10-22 12:22:00 | 01,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll [2006-10-22 12:22:00 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll [2006-10-22 12:22:00 | 00,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll [2006-10-22 12:22:00 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll [2006-10-22 12:22:00 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll [2006-10-22 12:22:00 | 00,212,992 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll [2005-10-14 11:56:50 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll [2005-10-14 11:56:50 | 00,921,600 | ---- | C] () -- C:\WINDOWS\System32\VorbisEnc.dll [2005-10-14 11:56:50 | 00,761,856 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2005-10-14 11:56:50 | 00,344,064 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll [2005-10-14 11:56:50 | 00,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll [2005-10-14 11:56:50 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll [2005-10-14 11:56:50 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll [2002-08-29 01:27:50 | 00,095,360 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sys [2001-07-31 09:17:12 | 00,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR.DLL [2001-07-22 00:16:20 | 00,000,702 | ---- | C] () -- C:\WINDOWS\win.ini [2001-07-22 00:15:52 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini [1999-01-22 18:46:58 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL [color=orange]========== Files - Modified Within 30 Days ==========[/color] [1 C:\WINDOWS\System32\*.tmp files] [3 C:\WINDOWS\*.tmp files] File not found -- C:\Documents and Settings\x\Pulpit\CASX85O3. File not found -- C:\Documents and Settings\x\Pulpit\CAKLQRKH. File not found -- C:\Documents and Settings\x\Pulpit\CA6ZGXMD. File not found -- C:\Documents and Settings\x\Pulpit\CA5D7JRR. File not found -- C:\Documents and Settings\x\Pulpit\CA0XY7SX. [2009-06-19 16:21:49 | 00,000,702 | ---- | M] () -- C:\WINDOWS\win.ini [2009-06-19 16:21:49 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini [2009-06-19 16:21:49 | 00,000,211 | -HS- | M] () -- C:\boot.ini [2009-06-19 15:56:31 | 00,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2009-06-19 14:29:03 | 00,001,064 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-842925246-436374069-1957994488-1003.job [2009-06-19 14:10:23 | 00,088,566 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml [2009-06-19 14:10:03 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2009-06-19 14:10:02 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\x\Ustawienia lokalne\desktop.ini [2009-06-19 14:10:00 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2009-06-19 14:09:58 | 53,639,9872 | -HS- | M] () -- C:\hiberfil.sys [2009-06-17 10:15:08 | 00,000,547 | ---- | M] () -- C:\Documents and Settings\x\Pulpit\Applian FLV Player.lnk [2009-06-11 17:50:14 | 00,000,426 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Color Wheel Pro.lnk [2009-06-10 18:37:31 | 00,000,497 | ---- | M] () -- C:\Documents and Settings\x\Pulpit\Avidemux 2.4 Qt4.lnk [2009-06-10 18:26:07 | 09,492,480 | ---- | M] () -- C:\CAPTURE.AVI [2009-06-05 07:49:41 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2009-05-28 19:22:50 | 00,048,128 | ---- | M] () -- C:\Documents and Settings\x\Pulpit\ChrzeĹ›cijaĹ„skie przeĹĽywanie niedzieli i dni Ĺ›wiÄ…tecznych.doc [2009-05-28 19:22:07 | 00,044,032 | ---- | M] () -- C:\Documents and Settings\x\Pulpit\Kopia zapasowa 3.wbk [2009-05-21 22:13:49 | 00,340,790 | ---- | M] () -- C:\Documents and Settings\x\Pulpit\Jezus_i_Jego_ojczyzna_-_Palestyna.zip [color=orange]========== LOP Check ==========[/color] [2007-05-04 23:32:39 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji [2007-05-04 22:41:38 | 00,000,000 | --SD | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\Microsoft [2009-06-11 17:50:13 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Dane aplikacji [2007-05-24 18:26:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\ABBYY [2009-01-16 20:04:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Acronis [2007-05-19 21:18:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Adobe [2009-05-07 20:59:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\AlawarWrapper [2009-06-11 17:50:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Color Wheel Pro [2007-08-25 19:29:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\CyberLink [2009-02-05 20:52:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\EA [2007-05-16 20:04:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\InstallShield [2008-09-12 09:11:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab [2007-08-25 10:30:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files [2009-02-03 21:37:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Malwarebytes [2007-05-15 07:14:16 | 00,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Microsoft [2008-05-28 08:04:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\n7-89-o9-3r-4t-r9 [2007-09-06 16:59:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Nero [2009-05-02 18:11:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\NVIDIA [2009-05-02 18:11:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\nView_Profiles [2009-02-05 20:51:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Oberon Media [2009-02-20 11:27:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Pure Networks [2008-02-15 21:58:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Real [2009-02-05 21:44:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Sandlot Games [2007-12-06 10:44:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\SBT [2008-11-05 17:01:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Spybot - Search & Destroy [2008-05-19 14:42:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\TEMP [2007-09-10 18:07:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Ulead Systems [2007-05-04 23:32:39 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Default User\Dane aplikacji [2007-05-04 22:41:38 | 00,000,000 | --SD | M] -- C:\Documents and Settings\Default User\Dane aplikacji\Microsoft [2007-05-04 22:44:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Dane aplikacji [2007-05-04 22:44:14 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Dane aplikacji\Microsoft [2007-05-04 22:44:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Dane aplikacji [2007-05-04 22:44:14 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Dane aplikacji\Microsoft [2009-06-19 09:58:24 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\x\Dane aplikacji [2007-05-24 18:17:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\x\Dane aplikacji\ABBYY [2008-10-08 09:02:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\x\Dane aplikacji\Adobe [2007-05-26 21:51:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\x\Dane aplikacji\AdobeUM [2007-09-06 17:17:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\x\Dane aplikacji\Ahead [2008-05-05 11:31:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\x\Dane aplikacji\Alawar [2007-06-26 19:52:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\x\Dane aplikacji\ArcSoft [2009-06-10 18:56:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\x\Dane aplikacji\avidemux [2009-06-01 11:24:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\x\Dane aplikacji\BESTplayer [2008-05-07 18:00:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\x\Dane aplikacji\Big Fish Games [2007-09-06 19:41:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\x\Dane aplikacji\CyberLink [2007-05-10 22:09:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\x\Dane aplikacji\FUJIFILM [2007-05-08 08:16:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\x\Dane aplikacji\Gadu-Gadu [2008-06-13 13:40:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\x\Dane aplikacji\GameHouse [2007-05-21 19:27:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\x\Dane aplikacji\Help [2007-05-04 22:46:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\x\Dane aplikacji\Identities [2009-02-05 21:24:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\x\Dane aplikacji\Incredible Ink [2007-05-16 20:03:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\x\Dane aplikacji\Jasc Software Inc [2009-06-05 18:47:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\x\Dane aplikacji\Macromedia [2009-02-03 21:37:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\x\Dane aplikacji\Malwarebytes [2008-02-15 21:57:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\x\Dane aplikacji\Media Player Classic [2008-06-24 19:51:55 | 00,000,000 | --SD | M] -- C:\Documents and Settings\x\Dane aplikacji\Microsoft [2007-05-07 21:35:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\x\Dane aplikacji\Microsoft Web Folders [2009-05-07 16:19:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\x\Dane aplikacji\MobileAction [2008-12-05 16:25:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\x\Dane aplikacji\Mozilla [2009-06-19 09:58:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\x\Dane aplikacji\Opera [2008-02-15 21:58:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\x\Dane aplikacji\Real [2008-08-03 15:36:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\x\Dane aplikacji\Skype [2008-08-28 13:43:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\x\Dane aplikacji\Sun [2007-09-06 13:01:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\x\Dane aplikacji\SUPERAntiSpyware.com [2007-05-07 20:29:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\x\Dane aplikacji\Talkback [2008-01-04 11:48:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\x\Dane aplikacji\TC PowerPack [2007-06-22 09:56:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\x\Dane aplikacji\Thunderbird [2009-01-28 17:24:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\x\Dane aplikacji\U3 [2008-09-10 14:01:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\x\Dane aplikacji\vlc [2007-12-12 19:00:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\x\Dane aplikacji\Winamp [2008-12-27 23:51:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\x\Dane aplikacji\Winamp5 [2001-07-22 00:17:50 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini [2009-06-19 14:29:03 | 00,001,064 | ---- | M] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-842925246-436374069-1957994488-1003.job [2009-06-19 14:10:03 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT [color=orange]========== Purity Check ==========[/color] < End of report >

Extras
http://wklej.org/id/108702/

RSIT

Kod: Zaznacz wszystko: Logfile of random's system information tool 1.06 (written by random/random) Run by x at 2009-06-19 16:38:27 Microsoft Windows XP Professional Dodatek Service Pack 2 System drive C: has 278 MB (6%) free of 4 GB Total RAM: 511 MB (41% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:38:29, on 2009-06-19 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe D:\Programy\nero\Nero 7\InCD\InCDsrv.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\CyberLink\Shared Files\RichVideo.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\WinFast\WFTVFM\WFWIZ.exe C:\WINDOWS\system32\devldr32.exe C:\WINDOWS\System32\svchost.exe C:\Documents and Settings\x\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe C:\WINDOWS\explorer.exe D:\Programy\Firefox2\firefox.exe C:\Documents and Settings\x\Pulpit\problem\OTL.exe C:\Documents and Settings\x\Pulpit\problem\RSIT.exe D:\Programs\HijackThis\x.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Programy\adobe\Acrobat 7\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFTVFM\WFWIZ.exe O4 - HKLM\..\Run: [OSSelectorReinstall] C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto O4 - HKCU\..\Run: [AQQ] D:\Program2\Wapster\AQQ\WAPSTE~1\AQQ.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - D:\Programy\nero\Nero 7\InCD\InCDsrv.exe O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- End of file - 3906 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-842925246-436374069-1957994488-1003.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] AcroIEHlprObj Class - D:\Programy\adobe\Acrobat 7\ActiveX\AcroIEHelper.dll [2005-09-24 63136] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] SSVHelper Class - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll [2008-02-22 509328] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "WinFast Schedule"=C:\Program Files\WinFast\WFTVFM\WFWIZ.exe [2006-07-07 348160] "OSSelectorReinstall"=C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe [2007-03-09 2223985] "MSConfig"=C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE [2004-08-04 159744] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "AQQ"=D:\Program2\Wapster\AQQ\WAPSTE~1\AQQ.exe [2009-06-12 5047808] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FineReader7NewsReaderPro] D:\Programy\abbyy\AbbyyNewsReader.exe [2003-08-05 278528] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update] C:\Documents and Settings\x\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe [2008-09-03 133104] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD] D:\Programy\nero\Nero 7\InCD\InCD.exe [2006-11-10 1051648] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut] D:\Programy\CyberLink\PowerDVD\Language\Language.exe [2006-12-05 54832] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nmapp] C:\Program Files\Pure Networks\Network Magic\nmapp.exe [2007-03-14 321088] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] C:\WINDOWS\system32\NvCpl.dll [2006-10-22 7700480] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] C:\WINDOWS\system32\NvMcTray.dll [2006-10-22 86016] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] nwiz.exe /install [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE [2002-02-04 53248] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] D:\Programy\CyberLink\PowerDVD\PDVDServ.exe [2006-11-23 56928] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Exif Launcher.lnk] D:\Programy\FINEPI~1\QuickDCF.exe [2005-04-05 282624] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDrives"=0 "NoDriveAutoRun"=67108863 "NoDriveTypeAutoRun"=323 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"= "NoDrives"= "NoDriveAutoRun"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "D:\Program2\Wapster\AQQ\AQQ.exe"="D:\Program2\Wapster\AQQ\AQQ.exe:*:Enabled:P2P AQQ" "C:\Program Files\Gadu-Gadu\gg.exe"="C:\Program Files\Gadu-Gadu\gg.exe:*:Enabled:Gadu-Gadu - program główny" "C:\Program Files\Common Files\Ahead\Nero Web\SetupX.exe"="C:\Program Files\Common Files\Ahead\Nero Web\SetupX.exe:*:Disabled:Nero ProductSetup" "D:\Program2\eMule\EMULE.EXE"="D:\Program2\eMule\EMULE.EXE:*:Disabled:eMule" "C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019" "D:\Program2\Wapster\AQQ\WapSter AQQ\AQQ.exe"="D:\Program2\Wapster\AQQ\WapSter AQQ\AQQ.exe:*:Enabled:AQQ" "D:\Programy\Skype\Phone\Skype.exe"="D:\Programy\Skype\Phone\Skype.exe:*:Disabled:Skype" "D:\Gry\Quake2\r1q2.exe"="D:\Gry\Quake2\r1q2.exe:*:Disabled:R1Q2 - Enhanced Quake II Client/Server" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fa6db7a1-2be8-11dd-b378-0015569e6253}] shell\AutoRun\command - G:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ine32.exe shell\open\command - G:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ine32.exe ======List of files/folders created in the last 1 months====== 2009-06-19 16:38:27 ----D---- C:\rsit 2009-06-19 09:58:24 ----D---- C:\Documents and Settings\x\Dane aplikacji\Opera 2009-06-17 10:15:07 ----D---- C:\WINDOWS\Applian FLV Player 2009-06-13 09:32:46 ----D---- C:\film 2009-06-11 17:50:13 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Color Wheel Pro 2009-06-10 18:37:36 ----D---- C:\Documents and Settings\x\Dane aplikacji\avidemux 2009-06-05 18:47:37 ----D---- C:\Documents and Settings\x\Dane aplikacji\Macromedia 2009-06-04 18:54:53 ----D---- C:\Program Files\RAR Recovery Toolbox ======List of files/folders modified in the last 1 months====== 2009-06-19 16:38:03 ----D---- C:\WINDOWS\temp 2009-06-19 16:37:18 ----D---- C:\WINDOWS\Prefetch 2009-06-19 16:21:49 ----ASH---- C:\boot.ini 2009-06-19 16:21:49 ----A---- C:\WINDOWS\win.ini 2009-06-19 16:21:49 ----A---- C:\WINDOWS\system.ini 2009-06-19 15:56:31 ----A---- C:\WINDOWS\NeroDigital.ini 2009-06-19 13:41:42 ----A---- C:\WINDOWS\SchedLgU.Txt 2009-06-19 09:58:23 ----SHD---- C:\WINDOWS\Installer 2009-06-17 10:15:07 ----D---- C:\WINDOWS 2009-06-12 14:26:33 ----D---- C:\WINDOWS\system32\CatRoot2 2009-06-11 17:50:22 ----HD---- C:\WINDOWS\inf 2009-06-04 18:54:53 ----RD---- C:\Program Files 2009-06-03 10:17:46 ----D---- C:\WINDOWS\system32\Restore 2009-06-01 19:17:52 ----D---- C:\Program Files\Common Files\Sandlot Shared 2009-06-01 16:20:47 ----SHD---- C:\System Volume Information 2009-06-01 11:24:59 ----D---- C:\Documents and Settings\x\Dane aplikacji\BESTplayer 2009-05-31 18:29:55 ----D---- C:\WINDOWS\system32\Macromed 2009-05-31 16:33:15 ----SD---- C:\WINDOWS\Downloaded Program Files 2009-05-20 20:23:14 ----D---- C:\WINDOWS\system32\drivers ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 AmdK7;Sterownik procesora AMD K7; C:\WINDOWS\System32\DRIVERS\amdk7.sys [2004-08-04 41472] R1 cdrbsdrv;cdrbsdrv; C:\WINDOWS\system32\drivers\cdrbsdrv.sys [2004-03-08 13567] R1 InCDPass;InCDPass; C:\WINDOWS\system32\drivers\InCDPass.sys [2006-11-10 31360] R1 incdrm;InCD Reader; C:\WINDOWS\system32\drivers\InCDRm.sys [2006-11-10 33792] R2 CX23880;WinFast CX2388x WDM Video Capture.; C:\WINDOWS\system32\drivers\cx88vid.sys [2005-06-28 163584] R2 CXTUNE;WinFast CX2388x WDM TVTuner.; C:\WINDOWS\system32\drivers\CX88TUNE.sys [2005-06-28 30976] R2 irda;Protokół IrDA; C:\WINDOWS\system32\DRIVERS\irda.sys [2004-08-03 87424] R2 NwlnkIpx;Protokół transportowy zgodny z NWLink IPX/SPX/NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2004-08-03 88448] R2 NwlnkNb;System NetBIOS NWLink; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2001-08-17 63232] R2 NwlnkSpx;Protokół NWLink SPX/SPXII; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2001-08-17 55936] R2 pnarp;Network Magic Device Discovery Driver; C:\WINDOWS\system32\DRIVERS\pnarp.sys [2007-03-14 25792] R2 purendis;Network Magic Wireless Driver; C:\WINDOWS\system32\DRIVERS\purendis.sys [2007-03-14 26944] R3 ctljystk;Port gier dla karty Creative SB Live!; C:\WINDOWS\System32\DRIVERS\ctljystk.sys [2001-08-17 3712] R3 CXAVXBAR;WinFast CX2388x WDM Crossbar.; C:\WINDOWS\system32\drivers\cxavxbar.sys [2005-06-28 9728] R3 el90xbc;Sterownik karty 3Com EtherLink XL 90XB/C; C:\WINDOWS\system32\DRIVERS\el90xbc5.sys [2001-08-17 66591] R3 emu10k;Creative SB Live! (WDM); C:\WINDOWS\system32\drivers\emu10k1m.sys [2001-08-17 283904] R3 emu10k1;Sterownik Creative Interface Manager (WDM); C:\WINDOWS\system32\drivers\ctlfacem.sys [2001-08-17 6912] R3 ms_mpu401;Sterownik portu MIDI UART Microsoft MPU-401; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944] R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2006-10-22 3994624] R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\System32\DRIVERS\rasirda.sys [2001-08-17 19584] R3 sfman;Sterownik Creative SoundFont Manager (WDM); C:\WINDOWS\system32\drivers\sfmanm.sys [2001-08-17 36480] R3 usbehci;Sterownik Miniport rozszerzonego kontrolera hosta USB 2.0 Microsoft; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624] R3 usbhub;Koncentrator z obsługą USB2; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-03 57600] R3 usbuhci;Sterownik Miniport uniwersalnego kontrolera hosta USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2004-08-03 20480] R3 WFIOCTL;WFIOCTL; \??\C:\Program Files\WinFast\WFTVFM\WFIOCTL.SYS [] R4 InCDfs;InCD File System; C:\WINDOWS\system32\drivers\InCDFs.sys [2006-11-10 102912] S1 kbdhid;Sterownik klawiatury HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-04 14848] S3 CCDECODE;Dekoder napisów; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024] S3 HidUsb;Sterownik Microsoft klasy HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600] S3 KS-959;Kingsun KS-959 USB Infrared Adapter; C:\WINDOWS\system32\DRIVERS\KS-959.sys [2005-10-09 19034] S3 mouhid;Sterownik myszy HID; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-10-26 12160] S3 MSIRCOMM;Microsoft IR Communications Driver; C:\WINDOWS\system32\DRIVERS\MSIRCOMM.sys [2004-08-03 22016] S3 MSTEE;Konwerter strumieni Tee/Sink-to-Sink Microsoft Streaming; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504] S3 NABTSFEC;Koder-dekoder NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376] S3 NdisIP;Połączenie TV/wideo firmy Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880] S3 s0016bus;Sony Ericsson Device 0016 driver (WDM); C:\WINDOWS\system32\DRIVERS\s0016bus.sys [2008-05-16 89256] S3 sermouse;Sterownik myszy szeregowej; C:\WINDOWS\System32\DRIVERS\sermouse.sys [2001-10-26 17920] S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136] S3 StMp3Rec;Player Recovery Device Control Driver; C:\WINDOWS\System32\Drivers\StMp3Rec.sys [2005-08-16 38422] S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360] S3 USB_RNDIS;ADI Remote NDIS Network Device Driver; C:\WINDOWS\system32\DRIVERS\usb8023.sys [2004-08-03 12672] S3 usbccgp;Rodzajowy sterownik nadrzędny USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-04 31616] S3 usbprint;Klasa PRINTER USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856] S3 usbscan;Sterownik skanera USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104] S3 USBSTOR;Sterownik magazynu masowego USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496] S3 WSTCODEC;Kodery-dekodery teletekstu w standardzie światowym; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328] S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 InCDsrv;InCD Helper; D:\Programy\nero\Nero 7\InCD\InCDsrv.exe [2006-11-10 859136] R2 Irmon;Monitor podczerwieni; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336] R2 nmservice;Pure Networks Network Magic Service; C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe [2007-03-14 321088] R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-10-22 159810] R2 NwSapAgent;Agent SAP; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336] R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2005-08-07 167936] R2 UleadBurningHelper;Ulead Burning Helper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [2004-12-13 49152] R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912] S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632] S3 nmraapache;Pure Networks Net2Go Service; C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe [2007-03-14 12800] S4 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2006-12-23 262144] -----------------EOF-----------------

EDIT:
Ilość ramu używanego przez svchost rośnie, dorzucam screena procesów:

Pozdrawiam,

**Posty:** 8001 · przez **Okocza** 19 Cze 2009, 18:59

Wykonaj to co jest podane w tym temacie

Zastosuj SDFix . Po pobraniu uruchom go a rozpakuje się do C:\SDFix. Uruchom komputer w trybie awaryjnym (F8 przy stracie systemu). Będąc w awaryjnym uruchom plik RunThis.bat z folderu SDFixa. Zatwierdź czyszczenie przez Y. Poczekaj aż ukończy i komputer zresetuje

Potem wejdz do folderu C:\SDFix wrzuc zawartość pliku Report.txt + log z dss'a oraz daj loga z hijacka

1. tym programem przejdź komputer)
2. wykonaj optymalizację windowsa
3.sciagnij ATF_Cleaner
zaznacz
Windows Temp
All users Temp
Temporary internet files
Recycle Bin
i wcisnij EMPTY SELECTED
4.Wyłącz przywracanie systemu ( właściwości mój komputer-zakładka przywracanie - wyłącz przywracanie na wszystkich dyskach). Po chwili włącz je powrotem
5. Przeskanuj komputer pod względem Trojanów tym programem
6. Wstaw na forum screen z zakładki uruchamianie (start – uruchom – msconfig – uruchamianie) może uda się cos wyrzucic stamtąd.
7. Przeskanuj obszar mojego komputera http://www.kaspersky.pl/virusscanner.html (uruchom przez IE) Daj raport z niego na forum.

**Posty:** 250 · przez **tenzin** 20 Cze 2009, 18:44

Dziękuję za odpowiedź.
Narazie zastosowałem tylko SDfixa, DSS, Hijackthis.
Logi:

Kod: Zaznacz wszystko: [b]SDFix: Version 1.240 [/b] Run by Administrator on 2009-06-19 at 19:16 Microsoft Windows XP [Wersja 5.1.2600] Running From: C:\SDFix\SDFix [b]Checking Services [/b]: Restoring Default Security Values Restoring Default Hosts File Rebooting [b]Checking Files [/b]: No Trojan Files Found Removing Temp Files [b]ADS Check [/b]: [b]Final Check [/b]: catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-06-19 19:18:45 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes ... scanning hidden services & system hive ... [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\a347scsi\Config\jdgg40] "ujdew"=hex:20,02,00,00,64,bc,99,70,8e,02,19,f8,74,a7,40,cf,85,43,bf,f4,03,.. "ljej40"=hex:4d,e3,76,d6,cb,fb,56,bb,e3,1f,a8,80,90,fa,0d,bf,38,b3,8a,83,cf,.. scanning hidden registry entries ... [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E9F81423-211E-46B6-9AE0-38568BC5CF6F}] "DisplayName"="Alcohol 120%" scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 [b]Remaining Services [/b]: Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "D:\\Program2\\Wapster\\AQQ\\AQQ.exe"="D:\\Program2\\Wapster\\AQQ\\AQQ.exe:*:Enabled:P2P AQQ" "C:\\Program Files\\Gadu-Gadu\\gg.exe"="C:\\Program Files\\Gadu-Gadu\\gg.exe:*:Enabled:Gadu-Gadu - program główny" "C:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"="C:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe:*:Disabled:Nero ProductSetup" "D:\\Program2\\eMule\\EMULE.EXE"="D:\\Program2\\eMule\\EMULE.EXE:*:Disabled:eMule" "C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019" "D:\\Program2\\Wapster\\AQQ\\WapSter AQQ\\AQQ.exe"="D:\\Program2\\Wapster\\AQQ\\WapSter AQQ\\AQQ.exe:*:Enabled:AQQ" "D:\\Programy\\Skype\\Phone\\Skype.exe"="D:\\Programy\\Skype\\Phone\\Skype.exe:*:Disabled:Skype" "D:\\Gry\\Quake2\\r1q2.exe"="D:\\Gry\\Quake2\\r1q2.exe:*:Disabled:R1Q2 - Enhanced Quake II Client/Server" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" [b]Remaining Files [/b]: [b]Files with Hidden Attributes [/b]: Wed 22 Oct 2008 949,072 A.SHR --- "C:\Program Files\File Scanner Library (Spybot - Search & Destroy)\advcheck.dll" Wed 4 Aug 2004 1,667,584 ..SH. --- "C:\Program Files\Messenger\msmsgs.exe" Wed 22 Oct 2008 962,896 A.SHR --- "C:\Program Files\Misc. Support Library (Spybot - Search & Destroy)\Tools.dll" Wed 4 Aug 2004 60,928 A.SH. --- "C:\Program Files\Outlook Express\msimn.exe" Sat 2 May 2009 234,496 ...H. --- "C:\Documents and Settings\x\Dane aplikacji\Microsoft\Word\~WRL0001.tmp" Tue 8 May 2007 45,056 ...H. --- "C:\Documents and Settings\x\Dane aplikacji\Microsoft\Word\~WRL0004.tmp" Sat 2 May 2009 75,264 ...H. --- "C:\Documents and Settings\x\Dane aplikacji\Microsoft\Word\~WRL0005.tmp" Sat 2 May 2009 75,264 ...H. --- "C:\Documents and Settings\x\Dane aplikacji\Microsoft\Word\~WRL0625.tmp" Sat 2 May 2009 76,288 ...H. --- "C:\Documents and Settings\x\Dane aplikacji\Microsoft\Word\~WRL1065.tmp" Sat 2 May 2009 76,288 ...H. --- "C:\Documents and Settings\x\Dane aplikacji\Microsoft\Word\~WRL1117.tmp" Sat 8 Dec 2007 21,504 ...H. --- "C:\Documents and Settings\x\Dane aplikacji\Microsoft\Word\~WRL1442.tmp" Sat 8 Dec 2007 20,480 ...H. --- "C:\Documents and Settings\x\Dane aplikacji\Microsoft\Word\~WRL1872.tmp" Tue 8 May 2007 65,536 ...H. --- "C:\Documents and Settings\x\Dane aplikacji\Microsoft\Word\~WRL2363.tmp" Sat 8 Dec 2007 22,016 ...H. --- "C:\Documents and Settings\x\Dane aplikacji\Microsoft\Word\~WRL2579.tmp" Sat 9 Aug 2008 1,571,328 ...H. --- "C:\Documents and Settings\x\Dane aplikacji\Microsoft\Word\~WRL2590.tmp" Tue 8 May 2007 221,184 ...H. --- "C:\Documents and Settings\x\Dane aplikacji\Microsoft\Word\~WRL2789.tmp" Tue 23 Oct 2007 3,350,528 A..H. --- "C:\Documents and Settings\x\Dane aplikacji\U3\temp\Launchpad Removal.exe" [b]Finished![/b]

DDS

Kod: Zaznacz wszystko: DDS (Ver_09-05-14.01) - NTFSx86 Run by x at 18:38:02,92 on 2009-06-20 Internet Explorer: 6.0.2900.2180 Microsoft Windows XP Professional 5.1.2600.2.1250.48.1045.18.511.248 [GMT 2:00] ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe D:\Programy\nero\Nero 7\InCD\InCDsrv.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\CyberLink\Shared Files\RichVideo.exe C:\WINDOWS\System32\svchost.exe -k imgsvc C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\WinFast\WFTVFM\WFWIZ.exe C:\WINDOWS\system32\devldr32.exe D:\Programy\Firefox2\firefox.exe C:\Documents and Settings\x\Pulpit\problem\Nowy folder\dds.scr ============== Pseudo HJT Report =============== uStart Page = about:blank BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - d:\programy\adobe\acrobat 7\activex\AcroIEHelper.dll BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_05\bin\ssv.dll EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File uRun: [AQQ] d:\program2\wapster\aqq\wapste~1\AQQ.exe mRun: [WinFast Schedule] c:\program files\winfast\wftvfm\WFWIZ.exe mRun: [OSSelectorReinstall] c:\program files\common files\acronis\acronis disk director\oss_reinstall.exe mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_05\bin\ssv.dll DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\puresp3.dll ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\x\daneap~1\mozilla\firefox\profiles\i7g7mm11.default\ FF - plugin: c:\documents and settings\x\ustawienia lokalne\dane aplikacji\google\update\1.2.145.5\npGoogleOneClick8.dll FF - plugin: d:\programs\opera\program\plugins\npdsplay.dll FF - plugin: d:\programs\opera\program\plugins\npwmsdrm.dll FF - plugin: d:\programy\adobe\acrobat 7\reader\browser\nppdf32.dll ============= SERVICES / DRIVERS =============== R2 NwSapAgent;Agent SAP;c:\windows\system32\svchost.exe -k netsvcs [2001-10-26 14336] R3 WFIOCTL;WFIOCTL;c:\program files\winfast\wftvfm\WFIOCTL.sys [2007-9-10 9446] S3 KS-959;Kingsun KS-959 USB Infrared Adapter;c:\windows\system32\drivers\KS-959.sys [2009-5-7 19034] S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [2009-5-20 89256] =============== Created Last 30 ================ 2009-06-20 18:37 <DIR> --d-h--- c:\windows\PIF 2009-06-19 19:06 <DIR> --d----- C:\SDFix 2009-06-17 10:15 <DIR> --d----- c:\windows\Applian FLV Player 2009-06-13 09:32 <DIR> --d----- C:\film 2009-06-11 17:50 <DIR> --d----- c:\docume~1\alluse~1\daneap~1\Color Wheel Pro 2009-06-10 18:37 <DIR> --d----- c:\docume~1\x\daneap~1\avidemux 2009-06-04 18:54 <DIR> --d----- c:\program files\RAR Recovery Toolbox ==================== Find3M ==================== 2009-04-28 20:25 249,856 -------- c:\windows\Setup1.exe 2009-04-28 20:25 73,216 a------- c:\windows\ST6UNST.EXE 2009-03-29 08:48 355,830 a------- c:\windows\system32\perfh015.dat 2009-03-29 08:48 49,712 a------- c:\windows\system32\perfc015.dat ============= FINISH: 18:38:21,43 ===============

Attach
http://wklej.org/id/109179/

Hijackthis

Kod: Zaznacz wszystko: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:39:37, on 2009-06-20 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe D:\Programy\nero\Nero 7\InCD\InCDsrv.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\CyberLink\Shared Files\RichVideo.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\WinFast\WFTVFM\WFWIZ.exe C:\WINDOWS\system32\devldr32.exe D:\Programy\Firefox2\firefox.exe D:\Programs\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Programy\adobe\Acrobat 7\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFTVFM\WFWIZ.exe O4 - HKLM\..\Run: [OSSelectorReinstall] C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKCU\..\Run: [AQQ] D:\Program2\Wapster\AQQ\WAPSTE~1\AQQ.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - D:\Programy\nero\Nero 7\InCD\InCDsrv.exe O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- End of file - 3683 bytes

Pozdrawiam,

**Posty:** 18165 · przez **wojtas** 20 Cze 2009, 19:45

1.Uruchom OTL z opcji CleanUp
2. wykonaj optymalizację windowsa
3.Wyłącz przywracanie systemu ( właściwości mój komputer-zakładka przywracanie - wyłącz przywracanie na wszystkich dyskach). Po chwili włącz je powrotem
4. Wykonaj skan Dr. Web CureIt
5. Przeskanuj obszar mojego komputera http://www.kaspersky.pl/virusscanner.html (uruchom przez IE) Daj raport z niego na forum.

i tym (skasuj co znajdzie)

Malwarebytes Anti-Malware

**Posty:** 250 · przez **tenzin** 11 Lip 2009, 16:16

witam ponownie,
wykonałem wszystkie czynności i żaden z programów nie wykrył infekcji.
Pozostaje problem powolnego działania komputera. Po uruchomieniu Menedżera zadań niektóre procesy stale obciążają procesor. Np. Firefox.exe nawet przy ruchu myszką wykazuje kilkunastoprocentowy wzrost CPU.
Taskmgr.exe praktycznie stale pobiera od 01 do kilkudziesięciu procent.
Updejtowałem praktycznie wszystko: javę, dodatki do firefoxa, sterowniki karty graficznej itd. i nic.
Mam kompa 1,8 Athlon XP 512Mb Ramu i wcześniej wszystko chodziło bardzo dobrze.
Wszelkie wskazówki mile widziane.
Pozdrawiam,

**Posty:** 18165 · przez **wojtas** 13 Lip 2009, 17:57

przeinstaluj moze ff, nie wiem dlaczego tak Ci obciaza to niestety bo system czysty