Explorer.exe zajmuje dużo pamięci RAM

Mam następujący problem z procesem explorer.exe, otóż przy starcie systemu zanim zostaną wyświetlone ikony pulpitu mija kilka minut, gdy włączam menedżera zadań, widać wyraźnie, jak explorer.exe “rozdyma” się i zajmuje ok 140 w porywach do 220 mb pamięci RAM. Z tego co zauważyłem to problem ten występuje tylko na moim koncie użytkownika.

Po wyświetleniu ikon użycie pamięci zaczyna spadać i wraca do normalnego poziomu kilkudziesięciu mb.

“Rozdęcie” explorer.exe następuje ponownie, gdy podłączam do niego odtwarzacz MP4 (Creative ZEN).

Skanowanie antywirusem nie wykryło obecności jakichkolwiek wirusów.

Zarzucam logi:

HiJackThis

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 20:23:42, on 2009-07-08

Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal


Running processes:

H:\WINDOWS\System32\smss.exe

H:\WINDOWS\system32\winlogon.exe

H:\WINDOWS\system32\services.exe

H:\WINDOWS\system32\lsass.exe

H:\WINDOWS\system32\svchost.exe

H:\WINDOWS\System32\svchost.exe

H:\WINDOWS\system32\svchost.exe

H:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

H:\Program Files\Alwil Software\Avast4\ashServ.exe

H:\WINDOWS\system32\spoolsv.exe

H:\WINDOWS\system32\bgsvcgen.exe

H:\WINDOWS\system32\CTsvcCDA.exe

H:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

H:\WINDOWS\system32\nvsvc32.exe

H:\WINDOWS\system32\IoctlSvc.exe

H:\WINDOWS\System32\svchost.exe

H:\Program Files\Alwil Software\Avast4\ashWebSv.exe

H:\Program Files\Vista Drive Icon\DrvIcon.exe

H:\Program Files\Alwil Software\Avast4\ashDisp.exe

H:\WINDOWS\system32\ctfmon.exe

H:\Program Files\Tlen.pl\tlen.exe

H:\Program Files\PLANET\WL-8303\RtlWake.exe

H:\WINDOWS\system32\taskmgr.exe

H:\WINDOWS\explorer.exe

H:\Program Files\Mozilla Firefox\firefox.exe

H:\WINDOWS\system32\cleanmgr.exe

H:\Program Files\Trend Micro\HijackThis\HijackThis.exe

H:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

H:\Program Files\Internet Explorer\IEXPLORE.EXE

H:\Program Files\Internet Explorer\IEXPLORE.EXE


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local 127.0.0.1 127.0.0.1

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - H:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - H:\Program Files\FlashGet\jccatch.dll

O2 - BHO: Idea2 SidebarBrowserMonitor Class - {45AD732C-2CE2-4666-B366-B2214AD57A49} - H:\Program Files\Desktop Sidebar\sbhelp.dll

O2 - BHO: PHPNukeEN Toolbar - {dd02a4eb-4afd-4d60-99d8-e67f964ca813} - H:\Program Files\PHPNukeEN\tbPHP1.dll

O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - H:\Program Files\FlashGet\getflash.dll

O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - H:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll

O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - H:\Program Files\Styler\TB\StylerTB.dll

O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - H:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll

O3 - Toolbar: PHPNukeEN Toolbar - {dd02a4eb-4afd-4d60-99d8-e67f964ca813} - H:\Program Files\PHPNukeEN\tbPHP1.dll

O4 - HKLM\..\Run: [DrvIcon] H:\Program Files\Vista Drive Icon\DrvIcon.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE H:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE H:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [CTCheck] H:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe

O4 - HKLM\..\Run: [avast!] "H:\Program Files\Alwil Software\Avast4\ashDisp.exe"

O4 - HKLM\..\Run: [Spik] H:\Program Files\Spik\Spik.exe -autostart

O4 - HKCU\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Komunikator] H:\Program Files\Tlen.pl\tlen.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] H:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] H:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: PLANET WL-8303.lnk = ?

O8 - Extra context menu item: &Download All with FlashGet - H:\Program Files\FlashGet\jc_all.htm

O8 - Extra context menu item: &Download with FlashGet - H:\Program Files\FlashGet\jc_link.htm

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://H:\WINDOWS\system32\GPhotos.scr/200

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://H:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - H:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - H:\Program Files\FlashGet\FlashGet.exe

O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - H:\Program Files\FlashGet\FlashGet.exe

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} - http://www.mks.com.pl/skaner/SkanerOnline.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{2631E958-088E-40DB-B705-FFEDD5592177}: NameServer = 194.204.152.34,194.204.159.1

O18 - Protocol: wpmsg - {2E0AC5A0-3597-11D6-B3ED-0001021DC1C3} - H:\Program Files\Spik\url_wpmsg.dll

O23 - Service: Adobe LM Service - Adobe Systems - H:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - H:\Program Files\Ares\chatServer.exe

O23 - Service: „Usługa stanu ASP.NET (aspnet_state) - Unknown owner - (no file)

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - H:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - H:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - H:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - H:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - H:\WINDOWS\system32\bgsvcgen.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - H:\WINDOWS\system32\CTsvcCDA.exe

O23 - Service: Google Update Service (gupdate1c986349d982eac) (gupdate1c986349d982eac) - Google Inc. - H:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Updater Service (gusvc) - Google - H:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: NMIndexingService - Nero AG - H:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - H:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - H:\WINDOWS\system32\IoctlSvc.exe


--

End of file - 7396 bytes

ComboFix

ComboFix 09-07-08.01 - Marek 2009-07-08 19:48.3 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.3.1250.48.1045.18.511.116 [GMT 2:00]

Uruchomiony z: h:\documents and settings\Marek\Pulpit\ComboFix.exe

AV: avast! antivirus 4.8.1335 [VPS 090707-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

.


((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))

.


h:\documents and settings\Dominika\Dane aplikacji\.#

h:\documents and settings\Dominika\Dane aplikacji\.#\MBX@974@3D4198.###

h:\documents and settings\Dominika\Dane aplikacji\.#\MBX@974@3D41C8.###

h:\documents and settings\Dominika\Dane aplikacji\.#\MBX@974@3D41F8.###

h:\documents and settings\Dominika\Dane aplikacji\.#\MBX@AF4@3D4198.###

h:\documents and settings\Dominika\Dane aplikacji\.#\MBX@AF4@3D41C8.###

h:\documents and settings\Dominika\Dane aplikacji\.#\MBX@AF4@3D41F8.###

h:\windows\msvrc20.dll

h:\windows\system32\img_utils.dll

h:\windows\system32\imgscaler.dll

h:\windows\system32\rawzvpaesldi.exe


.

((((((((((((((((((((((((( Pliki utworzone od 2009-06-08 do 2009-07-08 )))))))))))))))))))))))))))))))

.


2009-07-08 17:31 . 2009-07-08 17:38	--------	d-----w-	h:\program files\RegCleaner

2009-07-06 22:33 . 2009-07-06 22:33	--------	d-----w-	h:\windows\Logs

2009-07-06 14:56 . 2009-07-06 14:56	--------	dc----w-	h:\documents and settings\Marek\Dane aplikacji\dvdcss

2009-07-06 14:54 . 2009-07-06 15:01	--------	d-----w-	h:\program files\4Movy DVD Video Converter

2009-07-06 14:54 . 2007-01-31 12:42	353280	----a-w-	h:\windows\system32\skinengine.dll

2009-07-03 20:27 . 2009-07-03 20:27	--------	d-----w-	h:\program files\Paragon Software

2009-06-28 09:19 . 2009-06-28 09:19	--------	dc----w-	h:\documents and settings\Marek\Dane aplikacji\Samsung

2009-06-26 19:44 . 2009-06-26 19:44	--------	dc----w-	h:\documents and settings\Marek\Ustawienia lokalne\Dane aplikacji\Conduit

2009-06-26 19:44 . 2009-06-26 19:44	--------	dc----w-	h:\documents and settings\Marek\Ustawienia lokalne\Dane aplikacji\PHPNukeEN

2009-06-25 23:38 . 2009-06-25 23:38	488960	-c--a-w-	h:\documents and settings\Marek\Dane aplikacji\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\pmv302-0811070-0-main.dll

2009-06-25 23:38 . 2009-06-25 23:38	319488	-c--a-w-	h:\documents and settings\Marek\Dane aplikacji\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe

2009-06-24 14:10 . 2009-06-24 14:10	--------	dc----w-	h:\documents and settings\Dominika\Ustawienia lokalne\Dane aplikacji\Conduit

2009-06-24 14:10 . 2009-06-24 14:10	--------	dc----w-	h:\documents and settings\Dominika\Ustawienia lokalne\Dane aplikacji\PHPNukeEN

2009-06-24 14:10 . 2009-06-24 14:10	--------	d-----w-	h:\program files\Conduit

2009-06-24 14:10 . 2009-06-26 19:45	--------	d-----w-	h:\program files\PHPNukeEN

2009-06-23 00:57 . 2009-06-23 16:36	--------	d-----w-	h:\program files\ReadManiac

2009-06-20 14:55 . 2009-06-20 14:55	--------	d-----w-	h:\program files\Veoh Networks

2009-06-13 19:13 . 2009-06-13 19:13	--------	dc--a-w-	h:\program files\Apple Software Update

2009-06-13 19:13 . 2009-06-13 19:13	--------	dc----w-	h:\documents and settings\All Users\Dane aplikacji\Apple

2009-06-12 23:54 . 2005-08-16 10:23	38422	----a-w-	h:\windows\system32\drivers\StMp3Rec.sys

2009-06-10 19:53 . 2009-06-10 19:53	--------	dc----w-	h:\documents and settings\All Users\Dane aplikacji\WNR

2009-06-10 19:53 . 2009-06-10 19:53	--------	dc----w-	h:\documents and settings\Dominika\Dane aplikacji\WNR

2009-06-10 19:52 . 2009-06-10 19:53	--------	dc--a-w-	h:\program files\Proxy Switcher Standard

2009-06-10 18:52 . 2009-06-10 19:26	--------	dc----w-	h:\documents and settings\Marek\Dane aplikacji\Any Video Converter Professional

2009-06-10 18:51 . 2009-06-10 19:26	--------	d-----w-	h:\program files\Any Video Converter Professional

2009-06-10 17:06 . 2009-04-30 21:17	12800	-c----w-	h:\windows\system32\dllcache\xpshims.dll

2009-06-10 17:06 . 2009-04-30 21:17	246272	-c----w-	h:\windows\system32\dllcache\ieproxy.dll


.

(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-07-07 21:42 . 2008-03-18 10:52	--------	dc--a-w-	h:\documents and settings\Marek\Dane aplikacji\Tlen.pl

2009-07-06 22:35 . 2008-03-18 10:04	--------	dc-h--w-	h:\program files\InstallShield Installation Information

2009-07-06 12:13 . 2008-04-03 23:45	--------	dc----w-	h:\program files\Cell Phone Manager

2009-07-04 17:35 . 2008-03-19 19:51	--------	dc----w-	h:\program files\English Translator 3

2009-07-03 16:56 . 2008-03-21 16:32	--------	dc--a-w-	h:\documents and settings\Marek\Dane aplikacji\gtk-2.0

2009-06-29 17:02 . 2008-10-12 16:19	--------	dc----w-	h:\documents and settings\Marek\Dane aplikacji\Any Video Converter

2009-06-13 19:19 . 2008-11-29 22:33	63528	-c-ha-w-	h:\windows\system32\mlfcache.dat

2009-06-13 19:16 . 2008-11-25 22:17	--------	dc----w-	h:\program files\Safari

2009-06-13 00:10 . 2008-07-09 16:54	--------	dc----w-	h:\program files\Fly DVD SVCD VCD Maker 7.0

2009-06-13 00:09 . 2009-05-01 13:08	--------	dc--a-w-	h:\program files\Absolute GIF Optimizer

2009-06-12 23:54 . 2008-03-18 21:44	--------	dc----w-	h:\program files\Creative

2009-06-11 14:16 . 2009-03-11 21:21	--------	dc--a-w-	h:\program files\seoadministrator

2009-06-11 14:15 . 2009-03-21 21:29	--------	d-----w-	h:\program files\NAPI-PROJEKT

2009-06-11 14:13 . 2008-08-05 22:23	--------	dc----w-	h:\program files\All Media Fixer

2009-06-10 20:53 . 2008-03-28 18:56	--------	dc--a-w-	h:\documents and settings\Dominika\Dane aplikacji\Azureus

2009-06-10 19:07 . 2008-10-12 16:19	--------	dc----w-	h:\program files\Any Video Converter

2009-06-10 18:58 . 2008-03-19 21:22	--------	dc--a-w-	h:\documents and settings\All Users\Dane aplikacji\TEMP

2009-06-08 13:12 . 2009-06-08 13:12	69632	-c--a-w-	h:\documents and settings\All Users\Dane aplikacji\Apple Computer\Installer Cache\Safari 4.30.17.0\SetupAdmin.exe

2009-06-06 18:20 . 2008-03-18 19:40	94520	-c--a-w-	h:\documents and settings\Marek\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT

2009-06-06 13:18 . 2009-06-06 13:18	--------	dc--a-w-	h:\program files\CoffeeCup Software

2009-06-03 22:45 . 2008-08-04 17:32	--------	dc----w-	h:\program files\FlashGet

2009-06-03 11:57 . 2009-06-03 11:57	--------	dc----w-	h:\documents and settings\Dominika\Dane aplikacji\Jasc

2009-06-03 11:56 . 2009-06-03 11:55	--------	dc--a-w-	h:\program files\Jasc Software Inc

2009-06-03 11:52 . 2009-06-03 11:51	--------	dc--a-w-	h:\program files\Active GIF Creator 3.2

2009-05-23 13:06 . 2009-05-09 09:32	--------	dc----w-	h:\documents and settings\Dominika\Dane aplikacji\gtk-2.0

2009-05-19 19:47 . 2008-04-30 19:06	--------	dc----w-	h:\program files\Google

2009-05-19 17:11 . 2009-05-19 17:11	--------	dc----w-	h:\program files\Common Files\SWF Studio

2009-05-14 22:53 . 2008-04-30 12:18	--------	dc--a-w-	h:\documents and settings\Marek\Dane aplikacji\Desktop Sidebar

2009-05-13 20:18 . 2008-08-01 19:30	--------	dc----w-	h:\program files\HTML Executable

2009-05-13 05:06 . 2008-03-19 19:25	915456	----a-w-	h:\windows\system32\wininet.dll

2009-05-12 15:02 . 2008-03-18 20:52	--------	dc----w-	h:\program files\Gadu-Gadu Wanda

2009-05-07 15:34 . 2003-04-16 12:00	347648	----a-w-	h:\windows\system32\localspl.dll

2009-05-01 18:30 . 2009-05-01 18:30	3366912	----a-w-	h:\windows\system32\GPhotos.scr

2009-04-19 19:51 . 2003-04-16 12:00	1847424	----a-w-	h:\windows\system32\win32k.sys

2009-04-17 05:26 . 2003-04-16 12:00	79284	-c--a-w-	h:\windows\system32\perfc015.dat

2009-04-17 05:26 . 2003-04-16 12:00	459926	-c--a-w-	h:\windows\system32\perfh015.dat

2009-04-15 14:54 . 2004-03-06 02:21	585216	----a-w-	h:\windows\system32\rpcrt4.dll

2009-01-10 00:52 . 2009-01-10 00:51	560	-c--a-w-	h:\program files\Global.sw

.


------- Sigcheck -------


[-] 2008-04-14 20:51	1577472	0B54EBC46C057B0C5A2C011017C8F817	h:\windows\explorer.exe

[-] 2007-06-13 13:12	1034752	8DB0650B211425B9CDB7D1C4A8F6B482	h:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe

[-] 2008-04-14 20:51	3197440	BF87FC4410C6EBF7AC85F360C555C6E5	h:\windows\ServicePackFiles\i386\explorer.exe

[-] 2008-04-14 20:51	3197440	BF87FC4410C6EBF7AC85F360C555C6E5	h:\windows\system32\VITrans\explorer.exe


.

((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  

REGEDIT4


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{dd02a4eb-4afd-4d60-99d8-e67f964ca813}]

2009-06-26 19:45	2094616	----a-w-	h:\program files\PHPNukeEN\tbPHP1.dll


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="h:\windows\system32\ctfmon.exe" [2008-04-14 15360]

"Komunikator"="h:\program files\Tlen.pl\tlen.exe" [2008-01-15 6290944]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DrvIcon"="h:\program files\Vista Drive Icon\DrvIcon.exe" [2008-04-13 49152]

"NvCplDaemon"="h:\windows\system32\NvCpl.dll" [2008-05-03 13529088]

"NvMediaCenter"="h:\windows\system32\NvMcTray.dll" [2008-05-03 86016]

"CTCheck"="h:\program files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe" [2007-11-06 397312]

"avast!"="h:\program files\Alwil Software\Avast4\ashDisp.exe" [2009-02-05 81000]

"Spik"="h:\program files\Spik\Spik.exe" [2009-01-19 103912]


[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="h:\windows\System32\CTFMON.EXE" [2008-04-14 15360]


h:\documents and settings\All Users\Menu Start\Programy\Autostart\

PLANET WL-8303.lnk - h:\program files\PLANET\WL-8303\RtlWake.exe [2008-3-18 720896]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]

"UIHost"=hex(2):76,69,73,74,61,75,69,2e,65,78,65,00


[HKLM\~\startupfolder\H:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Device Detector 2.lnk]

backup=h:\windows\pss\Device Detector 2.lnkCommon Startup


[HKLM\~\startupfolder\H:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Device Detector 3.lnk]

backup=h:\windows\pss\Device Detector 3.lnkCommon Startup


[HKLM\~\startupfolder\H:^Documents and Settings^Marek^Menu Start^Programy^Autostart^RocketDock.lnk]

backup=h:\windows\pss\RocketDock.lnkStartup


[HKLM\~\startupfolder\H:^Documents and Settings^Marek^Menu Start^Programy^Autostart^Y'z Toolbar.lnk]

backup=h:\windows\pss\Y'z Toolbar.lnkStartup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"Bonjour Service"=2 (0x2)

"Nero BackItUp Scheduler 3"=2 (0x2)


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\rundisabled]

"nwiz"=nwiz.exe /install

"HP Software Update"=h:\program files\Hewlett-Packard\HP Software Update\HPWuSchd.exe


[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"h:\\Program Files\\Spik\\Spik.exe"=

"h:\\Program Files\\Tlen.pl\\tlen.exe"=

"h:\\Program Files\\Gadu-Gadu Wanda\\gg.exe"=

"h:\\totalcmd\\TOTALCMD.EXE"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"h:\\Program Files\\Azureus\\Azureus.exe"=

"h:\\WINDOWS\\system32\\dpvsetup.exe"=

"h:\\Program Files\\HTTP-Tunnel\\HTTP-TunnelClient.exe"=

"h:\\Program Files\\Ares\\Ares.exe"=

"h:\\Program Files\\Tlen.pl Wanda\\tlen.exe"=

"h:\\Program Files\\Team17\\Worms 2\\frontend.exe"=

"h:\\Program Files\\Team17\\Worms 2\\Binaries\\landgen.exe"=

"h:\\Program Files\\Opera\\opera.exe"=

"h:\\Program Files\\K-Lite Codec Pack\\Media Player Classic\\mplayerc.exe"=

"h:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"h:\\Program Files\\FlashGet\\flashget.exe"=

"h:\\Program Files\\Wru\\Wru.exe"=

"h:\\Program Files\\Gadu-Gadu\\gg.exe"=

"h:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=

"h:\\Documents and Settings\\Marek\\Dane aplikacji\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"=

"c:\the sims 3\game\bin\TS3.exe"= c:\the sims 3\game\bin\TS3.exe:127.0.0.1/255.255.255.255:Enabled:TS3.exe

"c:\the sims 3\game\bin\Sims3Launcher.exe"= c:\the sims 3\game\bin\Sims3Launcher.exe:127.0.0.1/255.255.255.255:Enabled:Sims3Launcher.exe

"h:\\Program Files\\Proxy Switcher Standard\\ProxySwitcher.exe"=


R1 aswSP;avast! Self Protection;h:\windows\system32\drivers\aswSP.sys [2008-11-23 114768]

R2 aswFsBlk;aswFsBlk;h:\windows\system32\drivers\aswFsBlk.sys [2008-11-23 20560]

R2 EAPPkt;Realtek EAPPkt Protocol;h:\windows\system32\drivers\EAPPkt.sys [2008-03-18 8576]

R3 rtl8180;PLANET WL-8303 Wireless PCI Adapter NT Driver;h:\windows\system32\drivers\RTL8180.sys [2008-03-18 184576]

S2 gupdate1c986349d982eac;Google Update Service (gupdate1c986349d982eac);h:\program files\Google\Update\GoogleUpdate.exe [2009-02-03 133104]

S3 ASPI;Advanced SCSI Programming Interface Driver;h:\windows\system32\drivers\ASPI32.SYS [2008-07-30 16512]

S3 k510bus;Sony Ericsson K510 Driver driver (WDM);h:\windows\system32\drivers\k510bus.sys [2008-03-21 58288]

S3 k510mdfl;Sony Ericsson K510 USB WMC Modem Filter;h:\windows\system32\drivers\k510mdfl.sys [2008-03-21 8336]

S3 k510mdm;Sony Ericsson K510 USB WMC Modem Driver;h:\windows\system32\drivers\k510mdm.sys [2008-03-21 94064]

S3 k510mgmt;Sony Ericsson K510 USB WMC Device Management Drivers (WDM);h:\windows\system32\drivers\k510mgmt.sys [2008-03-21 85408]

S3 k510obex;Sony Ericsson K510 USB WMC OBEX Interface;h:\windows\system32\drivers\k510obex.sys [2008-03-21 83344]


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]

"h:\windows\system32\rundll32.exe" "h:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

.

Zawartość folderu 'Zaplanowane zadania'


2009-07-08 h:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- h:\program files\Google\Update\GoogleUpdate.exe [2009-02-03 19:21]


2009-07-08 h:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- h:\program files\Google\Update\GoogleUpdate.exe [2009-02-03 19:21]

.

- - - - USUNIĘTO PUSTE WPISY - - - -


HKLM-Run-pnmkkjdmnofljcnqc - h:\windows\system32\xwnzssfxgestdnxrj.dll



.

------- Skan uzupełniający -------

.

uStart Page = about:blank

uInternet Settings,ProxyOverride = *.local 127.0.0.1 127.0.0.1

IE: &Download All with FlashGet - h:\program files\FlashGet\jc_all.htm

IE: &Download with FlashGet - h:\program files\FlashGet\jc_link.htm

IE: Add to Google Photos Screensa&ver - h:\windows\system32\GPhotos.scr/200

IE: E&ksport do programu Microsoft Excel - h:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

TCP: {2631E958-088E-40DB-B705-FFEDD5592177} = 194.204.152.34,194.204.159.1

Handler: wpmsg - {2E0AC5A0-3597-11D6-B3ED-0001021DC1C3} - h:\program files\Spik\url_wpmsg.dll

FF - ProfilePath - h:\documents and settings\Marek\Dane aplikacji\Mozilla\Firefox\Profiles\fmwsb15h.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=utf-8&fr=megaup&p=

FF - plugin: h:\program files\Google\Picasa3\npPicasa3.dll

FF - plugin: h:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll

FF - plugin: h:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll

FF - plugin: h:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll

FF - plugin: h:\program files\Mozilla Firefox\plugins\npdjvu.dll

FF - plugin: h:\program files\Mozilla Firefox\plugins\npwpk.dll

FF - plugin: h:\program files\Opera 10 Preview\program\plugins\npdsplay.dll

FF - plugin: h:\program files\Opera 10 Preview\program\plugins\npwmsdrm.dll

FF - plugin: h:\program files\Spik\mozilla\npwpk.dll

FF - plugin: h:\program files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll

FF - plugin: h:\program files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll

FF - HiddenExtension: Java Console: No Registry Reference - h:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}


---- FIREFOX - SPOSÓB POSTĘPOWANIA ----

FF - user.js: general.useragent.extra.zencast - .


**************************************************************************


catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-07-08 20:04

Windows 5.1.2600 Dodatek Service Pack 3 NTFS


skanowanie ukrytych procesów ...  


skanowanie ukrytych wpisów autostartu ... 


skanowanie ukrytych plików ...  


skanowanie pomyślnie ukończone

ukryte pliki: 0


**************************************************************************

.

--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------


[HKEY_USERS\S-1-5-21-57989841-1801674531-839522115-1004\Software\%s (%s)\«Ů0x >:xz|8xn9xz|8xCStringList*đł/xß0x!A:xoŢ0xn9xz|8xCMapPtrToPtr\PLK_Settings\BCGCommandManager]

"CommandsWithoutImages"=hex:00,00

"MenuUserImages"=hex:00,00


[HKEY_USERS\S-1-5-21-57989841-1801674531-839522115-1004\Software\%s (%s)\«Ů0x >:xz|8xn9xz|8xCStringList*đł/xß0x!A:xoŢ0xn9xz|8xCMapPtrToPtr\PLK_Settings\BCGControlBarVersion]

"Major"=dword:00000008

"Minor"=dword:0000003c


[HKEY_USERS\S-1-5-21-57989841-1801674531-839522115-1004\Software\%s (%s)\«Ů0x >:xz|8xn9xz|8xCStringList*đł/xß0x!A:xoŢ0xn9xz|8xCMapPtrToPtr\PLK_Settings\BCGToolbarParameters]

"Tooltips"=dword:00000001

"ShortcutKeys"=dword:00000001

"LargeIcons"=dword:00000001

"MenuAnimation"=dword:00000000

"RecentlyUsedMenus"=dword:00000001

"MenuShadows"=dword:00000001

"ShowAllMenusAfterDelay"=dword:00000001

"Look2000"=dword:00000001

"CommandsUsage"=hex:9b,00,00,00,00,00


[HKEY_USERS\S-1-5-21-57989841-1801674531-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{C9A0F11C-E717-CF96-0108-3F672E03CE2F}*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)


[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|˙˙˙˙¤•€|ů•6~*]

"AB141C35E9F4BF344B9FC010BB17F68A"=""

.

--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------


- - - - - - - > 'winlogon.exe'(728)

h:\windows\system32\cscui.dll


- - - - - - - > 'lsass.exe'(784)

h:\windows\system32\scecli.dll

.

Czas ukończenia: 2009-07-08 20:09

ComboFix-quarantined-files.txt 2009-07-08 18:09

ComboFix2.txt 2008-11-23 17:19

ComboFix3.txt 2008-11-23 17:19


Przed: 2 045 474 816 bajtów wolnych

Po: 5 652 598 784 bajtów wolnych


254	--- E O F ---	2009-06-11 01:19

A jaki masz system? Jeśli Vistę z SP2 to “wypasiony” explorer.exe jest normą…

Logi wklejasz na wklej.org lub wklej.to, a w poœcie dajesz link.

Logi wyglądają na czyste.

Menu Start -> Uruchom… -> Combofix /u

PrzeczyϾ system CCleanerem.

Usuñ zbêdniki z autostartu.

Wykonaj pe³ny skan DR WEB CureIt.

Fakt - jest w logach. Moja wina ;]