Bardzo wolny start systemu xp professional


(Darek Jah) #1

witam wszystkich

od wczoraj nie wiem co się stało ale system bardzo długo się ładuje zanim odpali ,dysk z patrycją systemową jest przeskanowany oczyszczony z niepotrzebnych plików dopiero parę dni temu wgrałem go i ładował się bardzo szybko bez jakichkolwiek problemów a teraz nawet 5 min zanim odpali bardzo proszę o pomoc jak przyśpieszyć system jakie zmiany wprowadzić w rejestrze


(system) #2

daj log z combofix log wklej na wklej.org


(Darek Jah) #3

oto log

ComboFix 09-05-17.08 - Administrator 2009-05-18 22:16.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1250.48.1045.18.1014.634 [GMT 2:00]

Uruchomiony z: e:\pliki internet\ComboFix.exe

AV: AntiVir Desktop *On-access scanning enabled* (Updated) {11638345-E4FC-4BEE-BB73-EC754659C5F6}

FW: Avira Firewall *disabled* {11638345-E4FC-4BEE-BB73-EC754659C5F6}

.

((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Autorun.inf

c:\windows\system32\x64

.

((((((((((((((((((((((((( Pliki utworzone od 2009-04-18 do 2009-05-18 )))))))))))))))))))))))))))))))

.

2009-05-18 11:04 . 2009-05-18 11:04 -------- d-----w c:\documents and settings\Administrator\Ustawienia lokalne\Dane aplikacji\Scansoft

2009-05-18 10:55 . 2008-04-13 20:17 25856 -c--a-w c:\windows\system32\dllcache\usbprint.sys

2009-05-18 10:55 . 2008-04-13 20:17 25856 ----a-w c:\windows\system32\drivers\usbprint.sys

2009-05-18 10:54 . 2008-04-13 20:15 15104 -c--a-w c:\windows\system32\dllcache\usbscan.sys

2009-05-18 10:54 . 2008-04-13 20:15 15104 ----a-w c:\windows\system32\drivers\usbscan.sys

2009-05-18 10:54 . 2008-04-13 20:15 32128 -c--a-w c:\windows\system32\dllcache\usbccgp.sys

2009-05-18 10:54 . 2008-04-13 20:15 32128 ----a-w c:\windows\system32\drivers\usbccgp.sys

2009-05-18 10:53 . 2009-05-18 10:53 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\InstallShield

2009-05-18 10:53 . 2009-05-18 10:53 -------- d-----w c:\documents and settings\Administrator\Dane aplikacji\ScanSoft

2009-05-18 10:52 . 2009-05-18 10:53 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\ScanSoft

2009-05-18 10:52 . 2009-05-18 10:52 -------- d-----w c:\program files\Common Files\ScanSoft Shared

2009-05-18 10:50 . 2009-05-18 10:50 -------- d-----w c:\program files\ScanSoft

2009-05-18 10:47 . 1995-07-31 11:44 212480 ----a-w c:\windows\PCDLIB32.DLL

2009-05-18 10:47 . 2009-05-18 10:47 -------- d-----w c:\program files\ArcSoft

2009-05-18 10:45 . 1998-11-13 11:10 307200 ----a-w c:\windows\IsUn0415.exe

2009-05-18 10:43 . 2009-05-18 10:43 -------- d--h--w c:\documents and settings\All Users\Dane aplikacji\CanonBJ

2009-05-18 10:42 . 2006-09-12 20:00 197632 ----a-w c:\windows\system32\CNMLM85.DLL

2009-05-18 10:42 . 2009-05-18 10:42 -------- d--h--w c:\windows\system32\CanonIJ Uninstaller Information

2009-05-18 10:42 . 2006-06-29 05:29 106496 ----a-w c:\windows\system32\cnco510.dll

2009-05-18 10:42 . 2006-05-26 01:54 135168 ----a-w c:\windows\system32\CNCL510.DLL

2009-05-18 10:42 . 2006-07-20 06:51 57344 ----a-w c:\windows\system32\CNCI510.DLL

2009-05-18 10:42 . 2006-07-20 06:51 1298432 ----a-w c:\windows\system32\CNCC510.DLL

2009-05-18 10:41 . 2009-05-18 10:41 -------- d--h--w c:\program files\CanonBJ

2009-05-18 10:41 . 2009-05-18 10:56 -------- d-----w c:\program files\Canon

2009-05-17 21:54 . 2009-05-17 21:54 -------- d-----w c:\documents and settings\Administrator\Dane aplikacji\DivX

2009-05-17 21:51 . 2009-02-24 19:35 120056 ------w c:\windows\system32\pxcpyi64.exe

2009-05-17 21:51 . 2009-02-24 19:35 118520 ------w c:\windows\system32\pxinsi64.exe

2009-05-17 21:51 . 2009-05-17 21:51 -------- d-----w c:\program files\Common Files\DivX Shared

2009-05-17 21:51 . 2009-05-17 21:51 -------- d-----w c:\program files\DivX

2009-05-17 21:22 . 2009-05-17 21:22 -------- d-sh--w c:\documents and settings\LocalService\IETldCache

2009-05-17 21:19 . 2009-05-17 21:19 -------- d-----w c:\documents and settings\Administrator\Ustawienia lokalne\Dane aplikacji\bluesoleil

2009-05-17 21:16 . 2009-05-17 21:16 -------- d-----w c:\program files\IVT Corporation

2009-05-17 21:05 . 2008-04-13 20:26 12800 -c--a-w c:\windows\system32\dllcache\usb8023x.sys

2009-05-17 21:05 . 2008-04-13 20:26 12800 ----a-w c:\windows\system32\drivers\usb8023x.sys

2009-05-17 21:05 . 2008-04-13 20:26 30592 -c--a-w c:\windows\system32\dllcache\rndismpx.sys

2009-05-17 21:05 . 2008-04-13 20:26 30592 ----a-w c:\windows\system32\drivers\rndismpx.sys

2009-05-17 21:00 . 2009-05-17 21:00 -------- d-----w c:\documents and settings\Administrator\Dane aplikacji\Avira

2009-05-17 20:58 . 2009-05-17 20:58 -------- d-----w c:\program files\Microsoft ActiveSync

2009-05-17 17:17 . 2008-04-13 20:15 26112 -c--a-w c:\windows\system32\dllcache\usbser.sys

2009-05-17 17:17 . 2008-04-13 20:15 26112 ----a-w c:\windows\system32\drivers\usbser.sys

2009-05-17 17:17 . 2008-03-21 11:57 14640 ------w c:\windows\system32\spmsgXP_2k3.dll

2009-05-17 17:10 . 2009-05-17 17:20 -------- d-----w c:\documents and settings\Administrator\Dane aplikacji\Nokia

2009-05-17 17:10 . 2009-05-17 17:17 -------- d-----w c:\documents and settings\Administrator\Dane aplikacji\PC Suite

2009-05-17 17:10 . 2009-05-17 17:17 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\PC Suite

2009-05-17 17:07 . 2009-05-17 17:07 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\Installations

2009-05-17 15:59 . 2005-11-21 05:48 45056 ----a-w c:\windows\system32\WNASPI32.DLL

2009-05-17 15:59 . 2005-11-21 05:48 16512 ----a-w c:\windows\system32\drivers\ASPI32.SYS

2009-05-17 15:57 . 2009-05-17 15:57 -------- d-----w C:\Temp

2009-05-16 15:12 . 2008-08-25 15:48 40496 ----a-w c:\windows\system32\drivers\hotcore3.sys

2009-05-14 22:42 . 2009-05-14 22:42 -------- d-----w c:\documents and settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google

2009-05-14 22:20 . 2009-05-14 22:20 -------- d-----w c:\documents and settings\Administrator\Ustawienia lokalne\Dane aplikacji\Ares

2009-05-14 22:20 . 2009-05-14 22:20 -------- d-----w c:\program files\Ares

2009-05-14 22:13 . 2009-05-14 22:13 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\1E32C

2009-05-14 22:11 . 2009-05-14 22:13 -------- d-----w c:\documents and settings\Administrator\Ustawienia lokalne\Dane aplikacji\BearShare

2009-05-14 22:11 . 2009-05-14 22:11 -------- d-----w c:\program files\BearShare Applications

2009-05-14 22:09 . 2009-05-16 09:20 -------- d-----w c:\documents and settings\Administrator\Dane aplikacji\ImgBurn

2009-05-14 22:08 . 2009-05-14 22:09 -------- d-----w c:\program files\ImgBurn

2009-05-14 22:04 . 2009-05-14 22:04 -------- d-----w c:\documents and settings\Administrator\Dane aplikacji\Ashampoo

2009-05-14 22:03 . 2009-05-14 22:03 -------- d-----w c:\documents and settings\Administrator\Ustawienia lokalne\Dane aplikacji\ashampoo

2009-05-14 22:03 . 2009-05-14 22:03 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\ashampoo

2009-05-14 22:03 . 2009-05-14 22:03 -------- d-----w c:\program files\Ashampoo

2009-05-14 21:57 . 2009-05-14 21:57 48 ---ha-w c:\windows\system32\ezsidmv.dat

2009-05-14 21:57 . 2009-05-14 21:57 -------- d-----w c:\documents and settings\Administrator\Dane aplikacji\skypePM

2009-05-14 21:55 . 2009-05-14 22:19 -------- d-----w c:\documents and settings\Administrator\Dane aplikacji\Skype

2009-05-14 21:55 . 2009-05-14 21:55 -------- d-----w c:\program files\Common Files\Skype

2009-05-14 21:55 . 2009-05-14 21:55 -------- d-----r c:\program files\Skype

2009-05-14 21:55 . 2009-05-14 21:55 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\Skype

2009-05-14 21:50 . 2009-05-14 21:52 -------- d-----w c:\documents and settings\Administrator\Dane aplikacji\Nero

2009-05-14 21:30 . 2009-05-14 21:30 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\QuickTime

2009-05-14 21:30 . 2009-05-14 21:30 -------- d-----w c:\documents and settings\Administrator\Dane aplikacji\Apple Computer

2009-05-14 21:26 . 2009-05-14 21:26 66280 ----a-w c:\documents and settings\Administrator\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT

2009-05-14 21:25 . 2009-05-14 21:30 -------- d-----w c:\program files\QuickTime

2009-05-14 21:25 . 2009-05-14 21:29 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\Apple Computer

2009-05-14 21:25 . 2009-05-14 21:25 -------- d-----w c:\documents and settings\Administrator\Ustawienia lokalne\Dane aplikacji\Apple

2009-05-14 21:25 . 2009-05-14 21:25 -------- d-----w c:\program files\Apple Software Update

2009-05-14 21:25 . 2009-05-14 21:25 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\Apple

2009-05-14 21:25 . 2009-05-14 21:25 -------- d-----w c:\documents and settings\Administrator\Ustawienia lokalne\Dane aplikacji\Apple Computer

2009-05-14 21:14 . 2009-05-14 21:14 -------- d-----w c:\documents and settings\Administrator.gstreamer-0.10

2009-05-14 21:14 . 2009-05-14 22:07 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\OpenFM

2009-05-14 21:08 . 2009-05-14 21:08 -------- d-----w c:\documents and settings\Administrator\Dane aplikacji\OpenFM

2009-05-14 21:01 . 2009-05-14 21:11 -------- d-----w c:\documents and settings\Administrator\Dane aplikacji\Nowe Gadu-Gadu

2009-05-14 21:00 . 2009-05-14 21:01 -------- d-----w c:\program files\Nowe Gadu-Gadu

2009-05-14 20:58 . 2009-05-14 20:59 -------- d-----w c:\documents and settings\Administrator\Ustawienia lokalne\Dane aplikacji\Adobe

2009-05-14 20:55 . 2009-05-14 20:55 -------- d-----w c:\program files\Common Files\Adobe

2009-05-14 20:32 . 2009-05-14 20:32 -------- d-----w c:\documents and settings\Administrator\Ustawienia lokalne\Dane aplikacji\Identities

2009-05-14 10:53 . 2008-11-10 09:41 32656 ----a-w c:\windows\system32\msonpmon.dll

2009-05-14 10:52 . 2009-05-14 14:32 -------- d-----w c:\program files\Microsoft Works

2009-05-14 10:50 . 2009-05-14 10:50 -------- d-----w c:\program files\Microsoft.NET

2009-05-14 10:48 . 2009-05-14 10:48 -------- d-----w c:\program files\Microsoft Visual Studio 8

2009-05-14 10:47 . 2009-05-14 10:51 -------- d-----w c:\windows\SHELLNEW

2009-05-14 10:46 . 2009-05-14 10:46 -------- d-----w c:\documents and settings\Administrator\Ustawienia lokalne\Dane aplikacji\Microsoft Help

2009-05-14 10:46 . 2009-05-14 14:36 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\Microsoft Help

2009-05-14 10:45 . 2009-05-14 10:45 -------- d--h--r C:\MSOCache

2009-05-14 10:32 . 2009-05-14 10:32 -------- d-----w c:\documents and settings\NetworkService\Menu Start

2009-05-14 10:32 . 2008-10-16 12:06 268648 ----a-w c:\windows\system32\mucltui.dll

2009-05-13 22:28 . 2009-05-13 22:28 -------- d-----w c:\documents and settings\NeroMediaHomeUser.4\Dane aplikacji\Nero

2009-05-13 22:28 . 2009-05-13 22:28 -------- d-----w c:\documents and settings\NeroMediaHomeUser.4\Ustawienia lokalne\Dane aplikacji\Nero

2009-05-13 22:27 . 2009-05-13 22:27 -------- d-----w c:\documents and settings\Administrator\Ustawienia lokalne\Dane aplikacji\Nero

2009-05-13 21:51 . 2009-05-13 21:51 -------- d-----w c:\program files\Windows Sidebar

2009-05-13 21:39 . 2009-05-13 22:21 -------- d-----w c:\program files\Nero

2009-05-13 21:38 . 2009-05-13 22:28 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\Nero

2009-05-13 21:38 . 2009-05-13 21:47 -------- d-----w c:\program files\Common Files\Nero

2009-05-13 21:18 . 2009-05-13 21:21 -------- d-----w c:\windows\VistaMizer

2009-05-13 21:10 . 2009-05-13 21:10 -------- d-----w c:\program files\Launch Manager

2009-05-13 21:07 . 2009-05-13 21:07 -------- d-----w c:\program files\CCleaner

2009-05-13 20:58 . 2009-05-13 20:58 0 ----a-w c:\windows\nsreg.dat

2009-05-13 20:57 . 2009-05-13 20:57 -------- d-----w c:\documents and settings\Administrator\Ustawienia lokalne\Dane aplikacji\Mozilla

2009-05-13 20:40 . 2009-05-13 20:40 603904 ----a-w c:\windows\system32\TUProgSt.exe

2009-05-13 20:40 . 2008-12-11 12:31 27904 ----a-w c:\windows\system32\uxtuneup.dll

2009-05-13 20:40 . 2009-05-13 20:40 360192 ----a-w c:\windows\system32\TuneUpDefragService.exe

2009-05-13 20:40 . 2009-05-13 20:40 -------- d-----w c:\documents and settings\Administrator\Dane aplikacji\TuneUp Software

2009-05-13 20:39 . 2009-05-13 20:39 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\TuneUp Software

2009-05-13 20:39 . 2009-05-13 20:40 -------- d-----w c:\program files\TuneUp Utilities 2009

2009-05-13 20:39 . 2009-05-13 20:39 -------- d-sh--w c:\documents and settings\All Users\Dane aplikacji{55A29068-F2CE-456C-9148-C869879E2357}

2009-05-13 15:55 . 2009-05-17 17:18 -------- d-----w c:\windows\system32\LogFiles

2009-05-13 15:54 . 2009-05-13 16:01 55640 ----a-w c:\windows\system32\drivers\avgntflt.sys

2009-05-13 15:54 . 2009-05-13 16:01 97480 ----a-w c:\windows\system32\drivers\avfwot.sys

2009-05-13 15:54 . 2009-02-24 10:06 69632 ----a-w c:\windows\system32\drivers\avfwim.sys

2009-05-13 15:53 . 2009-05-13 15:53 -------- d-----w c:\program files\Avira

2009-05-13 15:53 . 2009-05-13 15:54 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\Avira

2009-05-13 15:10 . 2008-04-13 22:15 2944 ----a-w c:\windows\system32\drivers\drmkaud.sys

2009-05-13 15:10 . 2008-04-13 22:09 4992 ----a-w c:\windows\system32\drivers\MSPQM.sys

2009-05-13 15:10 . 2008-04-13 22:47 83072 ----a-w c:\windows\system32\drivers\wdmaud.sys

2009-05-13 15:10 . 2008-04-13 22:15 6272 ----a-w c:\windows\system32\drivers\splitter.sys

2009-05-13 15:10 . 2008-04-13 20:09 142592 ----a-w c:\windows\system32\drivers\aec.sys

.

(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-05-18 19:57 . 2007-10-29 12:00 90292 ----a-w c:\windows\system32\perfc015.dat

2009-05-18 19:57 . 2007-10-29 12:00 503888 ----a-w c:\windows\system32\perfh015.dat

2009-05-18 10:52 . 2009-05-13 14:08 -------- d-----w c:\program files\Common Files\InstallShield

2009-05-18 10:47 . 2009-05-13 14:08 -------- d--h--w c:\program files\InstallShield Installation Information

2009-05-17 17:17 . 2009-05-17 17:17 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf

2009-05-17 17:17 . 2009-05-17 17:17 0 ---ha-w c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf

2009-05-17 17:09 . 2009-05-17 17:09 -------- d-----w c:\program files\Common Files\PCSuite

2009-05-17 17:09 . 2009-05-17 17:09 -------- d-----w c:\program files\Common Files\Nokia

2009-05-17 17:09 . 2009-05-17 17:08 -------- d-----w c:\program files\Nokia

2009-05-17 17:09 . 2009-05-17 17:09 -------- d-----w c:\program files\DIFX

2009-05-17 17:09 . 2009-05-17 17:09 -------- d-----w c:\program files\PC Connectivity Solution

2009-05-14 21:18 . 2009-05-14 21:18 -------- d-----w c:\program files\Winamp

2009-05-14 10:52 . 2009-05-13 13:23 -------- d-----w c:\program files\MSBuild

2009-05-13 21:21 . 2008-04-14 20:50 219648 ----a-w c:\windows\system32\uxtheme.dll

2009-05-13 13:29 . 2009-05-13 13:29 -------- d-----w c:\program files\microsoft frontpage

2009-05-13 13:28 . 2009-05-13 13:28 -------- d-----w c:\program files\MSXML 4.0

2009-05-13 13:23 . 2009-05-13 13:23 -------- d-----w c:\program files\Reference Assemblies

2009-05-13 13:17 . 2009-05-13 13:17 -------- d-----w c:\program files\Usługi online

2009-05-13 13:15 . 2009-05-13 13:15 21856 ----a-w c:\windows\system32\emptyregdb.dat

2009-05-13 13:14 . 2009-05-13 13:14 -------- d-----w c:\program files\Windows Media Connect 2

2009-05-11 20:31 . 2009-05-11 20:31 1571840 ----a-w c:\windows\system32\sfcfiles.dll

2009-05-11 18:47 . 2009-05-11 18:47 74752 ----a-w c:\windows\system32\drivers\ESM7SK.sys

2009-05-11 18:47 . 2009-05-11 18:47 61056 ----a-w c:\windows\system32\drivers\EMS7SK.sys

2009-05-11 18:47 . 2009-05-11 18:47 40064 ----a-w c:\windows\system32\drivers\ESD7SK.sys

2009-05-11 18:45 . 2009-05-11 18:45 4304384 ----a-w c:\windows\system32\drivers\RtkHDAud.sys

2009-05-11 18:45 . 2009-05-11 18:45 16248320 ----a-w c:\windows\RTHDCPL.EXE

2009-05-11 18:45 . 2009-05-11 18:45 2158592 ----a-w c:\windows\MicCal.exe

2009-05-11 18:45 . 2009-05-11 18:45 2808832 ----a-w c:\windows\ALCWZRD.EXE

2009-05-11 18:45 . 2009-05-11 18:45 69632 ----a-w c:\windows\ALCMTR.EXE

2009-05-11 18:44 . 2009-05-11 18:44 424320 ----a-w c:\windows\system32\drivers\BCMWL5.SYS

2009-05-11 18:44 . 2009-05-11 20:31 4354048 ----a-w c:\windows\system32\syssetup.dll

2009-05-11 17:59 . 2001-10-26 15:30 77891 ----a-w c:\windows\system32\usrmlnka.exe

2009-05-11 17:53 . 2009-05-11 17:53 1536512 ----a-w c:\windows\system32\quartz.dll

2009-05-11 17:51 . 2009-05-11 17:51 97792 ----a-w c:\windows\system32\psbase.dll

2009-05-11 17:50 . 2009-05-11 17:50 273024 ----a-w c:\windows\system32\drivers\bthport.sys

2009-05-11 17:50 . 2009-05-13 13:16 691712 ----a-w c:\windows\system32\inetcomm.dll

2009-05-11 17:50 . 2009-05-11 17:50 253952 ----a-w c:\windows\system32\es.dll

2009-05-11 17:50 . 2009-05-11 17:50 203136 ----a-w c:\windows\system32\drivers\RMCast.sys

2009-05-11 17:49 . 2009-05-11 17:49 938496 ----a-w c:\windows\system32\wmnetmgr.dll

2009-05-11 17:49 . 2009-05-11 17:49 100864 ----a-w c:\windows\system32\logagent.exe

2009-05-11 17:48 . 2009-05-11 17:48 414720 ----a-w c:\windows\system32\msscp.dll

2009-05-11 16:40 . 2009-05-11 16:40 4096 ----a-w c:\windows\system32\wmvdmoe2.dll

2009-05-11 16:40 . 2009-05-11 16:40 4096 ----a-w c:\windows\system32\wmvdmod.dll

2009-05-11 16:40 . 2009-05-11 16:40 1329152 ----a-w c:\windows\system32\wmspdmoe.dll

2009-05-11 16:40 . 2009-05-11 16:40 99840 ----a-w c:\windows\system32\wmpshell.dll

2009-05-11 16:40 . 2009-05-11 16:40 603648 ----a-w c:\windows\system32\wmspdmod.dll

2009-05-11 16:40 . 2009-05-11 16:40 4096 ----a-w c:\windows\system32\wmsdmoe2.dll

2009-05-11 16:40 . 2009-05-11 16:40 4096 ----a-w c:\windows\system32\wmsdmod.dll

2009-05-11 16:40 . 2009-05-11 16:40 13070848 ----a-w c:\windows\system32\wmploc.dll

2009-05-11 16:40 . 2009-05-11 16:40 314880 ----a-w c:\windows\system32\wmpdxm.dll

2009-05-11 16:40 . 2009-05-11 16:40 242688 ----a-w c:\windows\system32\wmpasf.dll

2009-05-08 22:17 . 2009-05-08 22:17 147456 ----a-w c:\windows\UNINST32.EXE

2009-03-08 02:34 . 2008-04-14 20:50 1016320 ----a-w c:\windows\system32\wininet.dll

2009-03-08 02:34 . 2008-04-14 20:50 43008 ----a-w c:\windows\system32\licmgr10.dll

2009-03-08 02:33 . 2008-04-14 20:50 18944 ----a-w c:\windows\system32\corpol.dll

2009-03-08 02:33 . 2009-05-11 17:51 420352 ----a-w c:\windows\system32\vbscript.dll

2009-03-08 02:32 . 2008-04-14 20:49 107008 ----a-w c:\windows\system32\admparse.dll

2009-03-08 02:32 . 2008-04-14 20:50 71680 ----a-w c:\windows\system32\iesetup.dll

2009-03-08 02:31 . 2008-04-14 20:50 34816 ----a-w c:\windows\system32\imgutil.dll

2009-03-08 02:31 . 2008-04-14 19:32 48128 ----a-w c:\windows\system32\mshtmler.dll

2009-03-08 02:31 . 2008-04-14 20:51 94720 ----a-w c:\windows\system32\mshta.exe

2009-03-08 02:22 . 2007-10-29 12:00 156160 ----a-w c:\windows\system32\msls31.dll

2009-02-27 14:45 . 2009-02-27 14:45 9728 ----a-w c:\windows\system32\BsMonUI.dll

2009-02-27 14:45 . 2009-02-27 14:45 18432 ----a-w c:\windows\system32\BsMonSvr.dll

2009-02-27 14:45 . 2009-02-27 14:45 405589 ----a-w c:\windows\system32\BsUI.dll

2009-02-27 14:45 . 2009-02-27 14:45 57430 ----a-w c:\windows\system32\btfunc.dll

2009-02-27 14:44 . 2009-02-27 14:44 278647 ----a-w c:\windows\system32\outlookAddin.dll

2009-02-27 14:44 . 2009-02-27 14:44 53248 ----a-w c:\windows\system32\HtmPrintHelper.dll

2009-02-27 14:44 . 2009-02-27 14:44 114774 ----a-w c:\windows\system32\versit.dll

2009-02-27 14:44 . 2009-02-27 14:44 622693 ----a-w c:\windows\system32\BSShell.dll

2009-02-27 14:43 . 2009-02-27 14:43 557142 ----a-w c:\windows\system32\Bscdlg.dll

2009-02-27 14:43 . 2009-02-27 14:43 114788 ----a-w c:\windows\system32\BsProfileFunc.dll

2009-02-27 14:43 . 2009-02-27 14:43 151642 ----a-w c:\windows\system32\BsCommon.dll

2009-02-27 14:43 . 2009-02-27 14:43 94314 ----a-w c:\windows\system32\BsHelpCSps.dll

2009-02-27 14:43 . 2009-02-27 14:43 553075 ----a-w c:\windows\system32\BlueSoleilCSps.dll

2009-02-27 14:41 . 2009-02-27 14:41 28766 ----a-w c:\windows\system32\PlayerCtrl.dll

2009-02-27 14:41 . 2009-02-27 14:41 241748 ----a-w c:\windows\system32\BsSDK.dll

2009-02-27 14:41 . 2009-02-27 14:41 122976 ----a-w c:\windows\system32\BsMobileSDK.dll

2009-02-27 14:40 . 2009-02-27 14:40 28672 ----a-w c:\windows\system32\BsMobileCSps.dll

2009-02-27 14:40 . 2009-02-27 14:40 28760 ----a-w c:\windows\system32\BsTrace.dll

2009-02-27 14:38 . 2009-02-27 14:38 102499 ----a-w c:\windows\system32\Bs2Res.dll

2009-02-24 19:34 . 2009-02-24 19:34 90112 ----a-w c:\windows\system32\dpl100.dll

2009-02-24 19:34 . 2009-02-24 19:34 823296 ----a-w c:\windows\system32\divx_xx0c.dll

2009-02-24 19:34 . 2009-02-24 19:34 823296 ----a-w c:\windows\system32\divx_xx07.dll

2009-02-24 19:34 . 2009-02-24 19:34 815104 ----a-w c:\windows\system32\divx_xx0a.dll

2009-02-24 19:34 . 2009-02-24 19:34 802816 ----a-w c:\windows\system32\divx_xx11.dll

2009-02-24 19:34 . 2009-02-24 19:34 684032 ----a-w c:\windows\system32\DivX.dll

.

------- Sigcheck -------

[7] 2008-04-14 20:50 668672 0457F0AFD6EE10445D8CF721FB5FA4EB c:\windows\ie8\wininet.dll

[-] 2009-03-08 02:34 1016320 E7BCEFE492C257DE2A62D28A26AEBE6D c:\windows\system32\wininet.dll

[-] 2009-03-08 02:34 1016320 E7BCEFE492C257DE2A62D28A26AEBE6D c:\windows\system32\dllcache\wininet.dll

[7] 2009-03-08 02:34 914944 6CE32F7778061CCC5814D5E0F282D369 c:\windows\VistaMizer\old\wininet.dll

[-] 2008-04-14 20:51 549888 335813EACD16E84F3047A3326F6E5473 c:\windows\system32\winlogon.exe

[-] 2008-04-14 20:51 549888 335813EACD16E84F3047A3326F6E5473 c:\windows\system32\dllcache\winlogon.exe

[7] 2008-04-14 20:51 510464 51FD2E13D723857B9CA239AE77150F48 c:\windows\VistaMizer\old\winlogon.exe

[-] 2009-05-11 18:00 2324736 27ED4C3C243FC3896D29296848606FFF c:\windows\system32\ntkrnlpa.exe

[7] 2009-05-11 18:00 2067456 DBB713C90996F42BA3D4725B438D8332 c:\windows\VistaMizer\old\ntkrnlpa.exe

[-] 2009-05-11 17:52 2447744 8B0B0D53E014EA5E4417800AC171D2A6 c:\windows\system32\ntoskrnl.exe

[7] 2009-05-11 17:52 2190464 67DD50DFE7736999AE3C59699F9698B4 c:\windows\VistaMizer\old\ntoskrnl.exe

[-] 2008-04-14 20:51 1553408 BDA7A4169BF5E1F3EE76B017396E4F47 c:\windows\explorer.exe

[-] 2008-04-14 20:51 1553408 BDA7A4169BF5E1F3EE76B017396E4F47 c:\windows\system32\dllcache\explorer.exe

[7] 2008-04-14 20:51 1035264 C791ED9EAC5E76D9525E157B1D7A599A c:\windows\VistaMizer\old\explorer.exe

[-] 2008-04-14 20:51 25088 5336D3244305FD884215DAF84D108566 c:\windows\system32\ctfmon.exe

[-] 2008-04-14 20:51 25088 5336D3244305FD884215DAF84D108566 c:\windows\system32\dllcache\ctfmon.exe

[7] 2008-04-14 20:51 15360 1BD41EDA5B869AFC99895C39A8DE36E1 c:\windows\VistaMizer\old\ctfmon.exe

[-] 2009-05-11 20:31 1571840 8D8B5CD78BE4E9D5B4C4D68D562479EF c:\windows\system32\sfcfiles.dll

.

((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 25088]

"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2009-05-08 593920]

"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 185896]

"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 75304]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\Network Diagnostic\xpnetdiag.exe"=

"%windir%\system32\sessmgr.exe"=

"c:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe"=

"c:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"=

"c:\Program Files\Microsoft Office\Office12\GROOVE.EXE"=

"c:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"=

"c:\Program Files\Skype\Phone\Skype.exe"=

"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager

"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager

"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

"c:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [2009-01-07 20744]

R1 avfwot;avfwot;c:\windows\system32\drivers\avfwot.sys [2009-05-13 97480]

R2 AntiVirFirewallService;Avira Firewall;c:\program files\Avira\AntiVir Desktop\avfwsvc.exe [2009-05-13 388865]

R2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\Avira\AntiVir Desktop\avmailc.exe [2009-05-13 194817]

R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]

R2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\Avira\AntiVir Desktop\avwebgrd.exe [2009-05-13 432897]

R2 BsMobileCS;BsMobileCS;c:\program files\IVT Corporation\BlueSoleil\BsMobileCS.exe [2009-02-27 143467]

R2 NeroMediaHomeService.4;Nero MediaHome 4 Service;c:\program files\Nero\Nero MediaHome 4\NMMediaServerService.exe [2008-12-12 476456]

R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [2009-05-13 603904]

R3 avfwim;AvFw Packet Filter Miniport;c:\windows\system32\drivers\avfwim.sys [2009-05-13 69632]

R3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\drivers\btnetBus.sys [2008-12-07 30088]

R3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [2008-07-02 26248]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

UxTuneUp

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]

"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

.

Zawartość folderu 'Zaplanowane zadania'

2009-05-18 c:\windows\Tasks\1-Click Maintenance.job

  • c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 20:36]

2009-05-14 c:\windows\Tasks\AppleSoftwareUpdate.job

  • c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2009-05-18 c:\windows\Tasks\User_Feed_Synchronization-{49BE6734-7E5F-41C9-B85D-116791D4ED57}.job

  • c:\windows\system32\msfeedssync.exe [2009-05-13 02:31]

.

.

------- Skan uzupełniający -------

.

uStart Page = hxxp://search.bearshare.com/pl/

IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: Easy-WebPrint – Dodaj do listy drukowania - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html

IE: Easy-WebPrint – Drukuj - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html

IE: Easy-WebPrint – Drukuj z dużą szybkością - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html

IE: Easy-WebPrint – Podgląd - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html

IE: Wyslij przez wiadomosc(&M)... - c:\program files\IVT Corporation\BlueSoleil\TransSend\IE\tssms.htm

IE: Wyślij przez Bluetooth - c:\program files\IVT Corporation\BlueSoleil\TransSend\IE\tsinfo.htm

LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll

FF - ProfilePath - c:\documents and settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\kb4o6ck2.default\

FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.wp.pl/

FF - component: c:\program files\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin8.dll

FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-05-18 22:20

Windows 5.1.2600 Dodatek Service Pack 3 NTFS

skanowanie ukrytych procesów ...

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ...

skanowanie pomyślnie ukończone

ukryte pliki: 0

**************************************************************************

.

--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------

[HKEY_USERS\S-1-5-21-2000478354-1708537768-1417001333-500\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (Administrator)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,68,07,a3,7c,76,a6,fe,4a,9b,cb,98,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,68,07,a3,7c,76,a6,fe,4a,9b,cb,98,\

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\WPAEvents]

@Denied: (Full) (LocalSystem)

"OOBETimer"=hex:ff,d5,71,d6,8b,6a,8d,6f,d5,33,93,fd

.

--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------

  • > 'winlogon.exe'(1244)

c:\windows\system32\sfc_os.dll

c:\windows\system32\COMRes.dll

c:\windows\system32\cscui.dll

  • > 'lsass.exe'(1300)

c:\windows\system32\scecli.dll

c:\program files\Avira\AntiVir Desktop\avsda.dll

.

Czas ukończenia: 2009-05-18 22:23

ComboFix-quarantined-files.txt 2009-05-18 20:23

Przed: 43 727 912 960 bajtów wolnych

Po: 43 725 344 768 bajtów wolnych

WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

367


(energia04) #4

Wyczyść Autostart...