Mam następujący problem z procesem explorer.exe, otóż przy starcie systemu zanim zostaną wyświetlone ikony pulpitu mija kilka minut, gdy włączam menedżera zadań, widać wyraźnie, jak explorer.exe “rozdyma” się i zajmuje ok 140 w porywach do 220 mb pamięci RAM. Z tego co zauważyłem to problem ten występuje tylko na moim koncie użytkownika.
Po wyświetleniu ikon użycie pamięci zaczyna spadać i wraca do normalnego poziomu kilkudziesięciu mb.
“Rozdęcie” explorer.exe następuje ponownie, gdy podłączam do niego odtwarzacz MP4 (Creative ZEN).
Skanowanie antywirusem nie wykryło obecności jakichkolwiek wirusów.
Zarzucam logi:
HiJackThis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:23:42, on 2009-07-08
Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\system32\svchost.exe
H:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
H:\Program Files\Alwil Software\Avast4\ashServ.exe
H:\WINDOWS\system32\spoolsv.exe
H:\WINDOWS\system32\bgsvcgen.exe
H:\WINDOWS\system32\CTsvcCDA.exe
H:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
H:\WINDOWS\system32\nvsvc32.exe
H:\WINDOWS\system32\IoctlSvc.exe
H:\WINDOWS\System32\svchost.exe
H:\Program Files\Alwil Software\Avast4\ashWebSv.exe
H:\Program Files\Vista Drive Icon\DrvIcon.exe
H:\Program Files\Alwil Software\Avast4\ashDisp.exe
H:\WINDOWS\system32\ctfmon.exe
H:\Program Files\Tlen.pl\tlen.exe
H:\Program Files\PLANET\WL-8303\RtlWake.exe
H:\WINDOWS\system32\taskmgr.exe
H:\WINDOWS\explorer.exe
H:\Program Files\Mozilla Firefox\firefox.exe
H:\WINDOWS\system32\cleanmgr.exe
H:\Program Files\Trend Micro\HijackThis\HijackThis.exe
H:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
H:\Program Files\Internet Explorer\IEXPLORE.EXE
H:\Program Files\Internet Explorer\IEXPLORE.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local 127.0.0.1 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - H:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - H:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Idea2 SidebarBrowserMonitor Class - {45AD732C-2CE2-4666-B366-B2214AD57A49} - H:\Program Files\Desktop Sidebar\sbhelp.dll
O2 - BHO: PHPNukeEN Toolbar - {dd02a4eb-4afd-4d60-99d8-e67f964ca813} - H:\Program Files\PHPNukeEN\tbPHP1.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - H:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - H:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - H:\Program Files\Styler\TB\StylerTB.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - H:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O3 - Toolbar: PHPNukeEN Toolbar - {dd02a4eb-4afd-4d60-99d8-e67f964ca813} - H:\Program Files\PHPNukeEN\tbPHP1.dll
O4 - HKLM\..\Run: [DrvIcon] H:\Program Files\Vista Drive Icon\DrvIcon.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE H:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE H:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CTCheck] H:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe
O4 - HKLM\..\Run: [avast!] "H:\Program Files\Alwil Software\Avast4\ashDisp.exe"
O4 - HKLM\..\Run: [Spik] H:\Program Files\Spik\Spik.exe -autostart
O4 - HKCU\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Komunikator] H:\Program Files\Tlen.pl\tlen.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] H:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] H:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: PLANET WL-8303.lnk = ?
O8 - Extra context menu item: &Download All with FlashGet - H:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - H:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://H:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://H:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - H:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - H:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - H:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} - http://www.mks.com.pl/skaner/SkanerOnline.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2631E958-088E-40DB-B705-FFEDD5592177}: NameServer = 194.204.152.34,194.204.159.1
O18 - Protocol: wpmsg - {2E0AC5A0-3597-11D6-B3ED-0001021DC1C3} - H:\Program Files\Spik\url_wpmsg.dll
O23 - Service: Adobe LM Service - Adobe Systems - H:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - H:\Program Files\Ares\chatServer.exe
O23 - Service: „Usługa stanu ASP.NET (aspnet_state) - Unknown owner - (no file)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - H:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - H:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - H:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - H:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - H:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - H:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Google Update Service (gupdate1c986349d982eac) (gupdate1c986349d982eac) - Google Inc. - H:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - H:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NMIndexingService - Nero AG - H:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - H:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - H:\WINDOWS\system32\IoctlSvc.exe
--
End of file - 7396 bytes
ComboFix
ComboFix 09-07-08.01 - Marek 2009-07-08 19:48.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.48.1045.18.511.116 [GMT 2:00]
Uruchomiony z: h:\documents and settings\Marek\Pulpit\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090707-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.
h:\documents and settings\Dominika\Dane aplikacji\.#
h:\documents and settings\Dominika\Dane aplikacji\.#\MBX@974@3D4198.###
h:\documents and settings\Dominika\Dane aplikacji\.#\MBX@974@3D41C8.###
h:\documents and settings\Dominika\Dane aplikacji\.#\MBX@974@3D41F8.###
h:\documents and settings\Dominika\Dane aplikacji\.#\MBX@AF4@3D4198.###
h:\documents and settings\Dominika\Dane aplikacji\.#\MBX@AF4@3D41C8.###
h:\documents and settings\Dominika\Dane aplikacji\.#\MBX@AF4@3D41F8.###
h:\windows\msvrc20.dll
h:\windows\system32\img_utils.dll
h:\windows\system32\imgscaler.dll
h:\windows\system32\rawzvpaesldi.exe
.
((((((((((((((((((((((((( Pliki utworzone od 2009-06-08 do 2009-07-08 )))))))))))))))))))))))))))))))
.
2009-07-08 17:31 . 2009-07-08 17:38 -------- d-----w- h:\program files\RegCleaner
2009-07-06 22:33 . 2009-07-06 22:33 -------- d-----w- h:\windows\Logs
2009-07-06 14:56 . 2009-07-06 14:56 -------- dc----w- h:\documents and settings\Marek\Dane aplikacji\dvdcss
2009-07-06 14:54 . 2009-07-06 15:01 -------- d-----w- h:\program files\4Movy DVD Video Converter
2009-07-06 14:54 . 2007-01-31 12:42 353280 ----a-w- h:\windows\system32\skinengine.dll
2009-07-03 20:27 . 2009-07-03 20:27 -------- d-----w- h:\program files\Paragon Software
2009-06-28 09:19 . 2009-06-28 09:19 -------- dc----w- h:\documents and settings\Marek\Dane aplikacji\Samsung
2009-06-26 19:44 . 2009-06-26 19:44 -------- dc----w- h:\documents and settings\Marek\Ustawienia lokalne\Dane aplikacji\Conduit
2009-06-26 19:44 . 2009-06-26 19:44 -------- dc----w- h:\documents and settings\Marek\Ustawienia lokalne\Dane aplikacji\PHPNukeEN
2009-06-25 23:38 . 2009-06-25 23:38 488960 -c--a-w- h:\documents and settings\Marek\Dane aplikacji\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\pmv302-0811070-0-main.dll
2009-06-25 23:38 . 2009-06-25 23:38 319488 -c--a-w- h:\documents and settings\Marek\Dane aplikacji\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe
2009-06-24 14:10 . 2009-06-24 14:10 -------- dc----w- h:\documents and settings\Dominika\Ustawienia lokalne\Dane aplikacji\Conduit
2009-06-24 14:10 . 2009-06-24 14:10 -------- dc----w- h:\documents and settings\Dominika\Ustawienia lokalne\Dane aplikacji\PHPNukeEN
2009-06-24 14:10 . 2009-06-24 14:10 -------- d-----w- h:\program files\Conduit
2009-06-24 14:10 . 2009-06-26 19:45 -------- d-----w- h:\program files\PHPNukeEN
2009-06-23 00:57 . 2009-06-23 16:36 -------- d-----w- h:\program files\ReadManiac
2009-06-20 14:55 . 2009-06-20 14:55 -------- d-----w- h:\program files\Veoh Networks
2009-06-13 19:13 . 2009-06-13 19:13 -------- dc--a-w- h:\program files\Apple Software Update
2009-06-13 19:13 . 2009-06-13 19:13 -------- dc----w- h:\documents and settings\All Users\Dane aplikacji\Apple
2009-06-12 23:54 . 2005-08-16 10:23 38422 ----a-w- h:\windows\system32\drivers\StMp3Rec.sys
2009-06-10 19:53 . 2009-06-10 19:53 -------- dc----w- h:\documents and settings\All Users\Dane aplikacji\WNR
2009-06-10 19:53 . 2009-06-10 19:53 -------- dc----w- h:\documents and settings\Dominika\Dane aplikacji\WNR
2009-06-10 19:52 . 2009-06-10 19:53 -------- dc--a-w- h:\program files\Proxy Switcher Standard
2009-06-10 18:52 . 2009-06-10 19:26 -------- dc----w- h:\documents and settings\Marek\Dane aplikacji\Any Video Converter Professional
2009-06-10 18:51 . 2009-06-10 19:26 -------- d-----w- h:\program files\Any Video Converter Professional
2009-06-10 17:06 . 2009-04-30 21:17 12800 -c----w- h:\windows\system32\dllcache\xpshims.dll
2009-06-10 17:06 . 2009-04-30 21:17 246272 -c----w- h:\windows\system32\dllcache\ieproxy.dll
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-07 21:42 . 2008-03-18 10:52 -------- dc--a-w- h:\documents and settings\Marek\Dane aplikacji\Tlen.pl
2009-07-06 22:35 . 2008-03-18 10:04 -------- dc-h--w- h:\program files\InstallShield Installation Information
2009-07-06 12:13 . 2008-04-03 23:45 -------- dc----w- h:\program files\Cell Phone Manager
2009-07-04 17:35 . 2008-03-19 19:51 -------- dc----w- h:\program files\English Translator 3
2009-07-03 16:56 . 2008-03-21 16:32 -------- dc--a-w- h:\documents and settings\Marek\Dane aplikacji\gtk-2.0
2009-06-29 17:02 . 2008-10-12 16:19 -------- dc----w- h:\documents and settings\Marek\Dane aplikacji\Any Video Converter
2009-06-13 19:19 . 2008-11-29 22:33 63528 -c-ha-w- h:\windows\system32\mlfcache.dat
2009-06-13 19:16 . 2008-11-25 22:17 -------- dc----w- h:\program files\Safari
2009-06-13 00:10 . 2008-07-09 16:54 -------- dc----w- h:\program files\Fly DVD SVCD VCD Maker 7.0
2009-06-13 00:09 . 2009-05-01 13:08 -------- dc--a-w- h:\program files\Absolute GIF Optimizer
2009-06-12 23:54 . 2008-03-18 21:44 -------- dc----w- h:\program files\Creative
2009-06-11 14:16 . 2009-03-11 21:21 -------- dc--a-w- h:\program files\seoadministrator
2009-06-11 14:15 . 2009-03-21 21:29 -------- d-----w- h:\program files\NAPI-PROJEKT
2009-06-11 14:13 . 2008-08-05 22:23 -------- dc----w- h:\program files\All Media Fixer
2009-06-10 20:53 . 2008-03-28 18:56 -------- dc--a-w- h:\documents and settings\Dominika\Dane aplikacji\Azureus
2009-06-10 19:07 . 2008-10-12 16:19 -------- dc----w- h:\program files\Any Video Converter
2009-06-10 18:58 . 2008-03-19 21:22 -------- dc--a-w- h:\documents and settings\All Users\Dane aplikacji\TEMP
2009-06-08 13:12 . 2009-06-08 13:12 69632 -c--a-w- h:\documents and settings\All Users\Dane aplikacji\Apple Computer\Installer Cache\Safari 4.30.17.0\SetupAdmin.exe
2009-06-06 18:20 . 2008-03-18 19:40 94520 -c--a-w- h:\documents and settings\Marek\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
2009-06-06 13:18 . 2009-06-06 13:18 -------- dc--a-w- h:\program files\CoffeeCup Software
2009-06-03 22:45 . 2008-08-04 17:32 -------- dc----w- h:\program files\FlashGet
2009-06-03 11:57 . 2009-06-03 11:57 -------- dc----w- h:\documents and settings\Dominika\Dane aplikacji\Jasc
2009-06-03 11:56 . 2009-06-03 11:55 -------- dc--a-w- h:\program files\Jasc Software Inc
2009-06-03 11:52 . 2009-06-03 11:51 -------- dc--a-w- h:\program files\Active GIF Creator 3.2
2009-05-23 13:06 . 2009-05-09 09:32 -------- dc----w- h:\documents and settings\Dominika\Dane aplikacji\gtk-2.0
2009-05-19 19:47 . 2008-04-30 19:06 -------- dc----w- h:\program files\Google
2009-05-19 17:11 . 2009-05-19 17:11 -------- dc----w- h:\program files\Common Files\SWF Studio
2009-05-14 22:53 . 2008-04-30 12:18 -------- dc--a-w- h:\documents and settings\Marek\Dane aplikacji\Desktop Sidebar
2009-05-13 20:18 . 2008-08-01 19:30 -------- dc----w- h:\program files\HTML Executable
2009-05-13 05:06 . 2008-03-19 19:25 915456 ----a-w- h:\windows\system32\wininet.dll
2009-05-12 15:02 . 2008-03-18 20:52 -------- dc----w- h:\program files\Gadu-Gadu Wanda
2009-05-07 15:34 . 2003-04-16 12:00 347648 ----a-w- h:\windows\system32\localspl.dll
2009-05-01 18:30 . 2009-05-01 18:30 3366912 ----a-w- h:\windows\system32\GPhotos.scr
2009-04-19 19:51 . 2003-04-16 12:00 1847424 ----a-w- h:\windows\system32\win32k.sys
2009-04-17 05:26 . 2003-04-16 12:00 79284 -c--a-w- h:\windows\system32\perfc015.dat
2009-04-17 05:26 . 2003-04-16 12:00 459926 -c--a-w- h:\windows\system32\perfh015.dat
2009-04-15 14:54 . 2004-03-06 02:21 585216 ----a-w- h:\windows\system32\rpcrt4.dll
2009-01-10 00:52 . 2009-01-10 00:51 560 -c--a-w- h:\program files\Global.sw
.
------- Sigcheck -------
[-] 2008-04-14 20:51 1577472 0B54EBC46C057B0C5A2C011017C8F817 h:\windows\explorer.exe
[-] 2007-06-13 13:12 1034752 8DB0650B211425B9CDB7D1C4A8F6B482 h:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
[-] 2008-04-14 20:51 3197440 BF87FC4410C6EBF7AC85F360C555C6E5 h:\windows\ServicePackFiles\i386\explorer.exe
[-] 2008-04-14 20:51 3197440 BF87FC4410C6EBF7AC85F360C555C6E5 h:\windows\system32\VITrans\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{dd02a4eb-4afd-4d60-99d8-e67f964ca813}]
2009-06-26 19:45 2094616 ----a-w- h:\program files\PHPNukeEN\tbPHP1.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="h:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Komunikator"="h:\program files\Tlen.pl\tlen.exe" [2008-01-15 6290944]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DrvIcon"="h:\program files\Vista Drive Icon\DrvIcon.exe" [2008-04-13 49152]
"NvCplDaemon"="h:\windows\system32\NvCpl.dll" [2008-05-03 13529088]
"NvMediaCenter"="h:\windows\system32\NvMcTray.dll" [2008-05-03 86016]
"CTCheck"="h:\program files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe" [2007-11-06 397312]
"avast!"="h:\program files\Alwil Software\Avast4\ashDisp.exe" [2009-02-05 81000]
"Spik"="h:\program files\Spik\Spik.exe" [2009-01-19 103912]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="h:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
h:\documents and settings\All Users\Menu Start\Programy\Autostart\
PLANET WL-8303.lnk - h:\program files\PLANET\WL-8303\RtlWake.exe [2008-3-18 720896]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"=hex(2):76,69,73,74,61,75,69,2e,65,78,65,00
[HKLM\~\startupfolder\H:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Device Detector 2.lnk]
backup=h:\windows\pss\Device Detector 2.lnkCommon Startup
[HKLM\~\startupfolder\H:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Device Detector 3.lnk]
backup=h:\windows\pss\Device Detector 3.lnkCommon Startup
[HKLM\~\startupfolder\H:^Documents and Settings^Marek^Menu Start^Programy^Autostart^RocketDock.lnk]
backup=h:\windows\pss\RocketDock.lnkStartup
[HKLM\~\startupfolder\H:^Documents and Settings^Marek^Menu Start^Programy^Autostart^Y'z Toolbar.lnk]
backup=h:\windows\pss\Y'z Toolbar.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Bonjour Service"=2 (0x2)
"Nero BackItUp Scheduler 3"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\rundisabled]
"nwiz"=nwiz.exe /install
"HP Software Update"=h:\program files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"h:\\Program Files\\Spik\\Spik.exe"=
"h:\\Program Files\\Tlen.pl\\tlen.exe"=
"h:\\Program Files\\Gadu-Gadu Wanda\\gg.exe"=
"h:\\totalcmd\\TOTALCMD.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"h:\\Program Files\\Azureus\\Azureus.exe"=
"h:\\WINDOWS\\system32\\dpvsetup.exe"=
"h:\\Program Files\\HTTP-Tunnel\\HTTP-TunnelClient.exe"=
"h:\\Program Files\\Ares\\Ares.exe"=
"h:\\Program Files\\Tlen.pl Wanda\\tlen.exe"=
"h:\\Program Files\\Team17\\Worms 2\\frontend.exe"=
"h:\\Program Files\\Team17\\Worms 2\\Binaries\\landgen.exe"=
"h:\\Program Files\\Opera\\opera.exe"=
"h:\\Program Files\\K-Lite Codec Pack\\Media Player Classic\\mplayerc.exe"=
"h:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"h:\\Program Files\\FlashGet\\flashget.exe"=
"h:\\Program Files\\Wru\\Wru.exe"=
"h:\\Program Files\\Gadu-Gadu\\gg.exe"=
"h:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=
"h:\\Documents and Settings\\Marek\\Dane aplikacji\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"=
"c:\the sims 3\game\bin\TS3.exe"= c:\the sims 3\game\bin\TS3.exe:127.0.0.1/255.255.255.255:Enabled:TS3.exe
"c:\the sims 3\game\bin\Sims3Launcher.exe"= c:\the sims 3\game\bin\Sims3Launcher.exe:127.0.0.1/255.255.255.255:Enabled:Sims3Launcher.exe
"h:\\Program Files\\Proxy Switcher Standard\\ProxySwitcher.exe"=
R1 aswSP;avast! Self Protection;h:\windows\system32\drivers\aswSP.sys [2008-11-23 114768]
R2 aswFsBlk;aswFsBlk;h:\windows\system32\drivers\aswFsBlk.sys [2008-11-23 20560]
R2 EAPPkt;Realtek EAPPkt Protocol;h:\windows\system32\drivers\EAPPkt.sys [2008-03-18 8576]
R3 rtl8180;PLANET WL-8303 Wireless PCI Adapter NT Driver;h:\windows\system32\drivers\RTL8180.sys [2008-03-18 184576]
S2 gupdate1c986349d982eac;Google Update Service (gupdate1c986349d982eac);h:\program files\Google\Update\GoogleUpdate.exe [2009-02-03 133104]
S3 ASPI;Advanced SCSI Programming Interface Driver;h:\windows\system32\drivers\ASPI32.SYS [2008-07-30 16512]
S3 k510bus;Sony Ericsson K510 Driver driver (WDM);h:\windows\system32\drivers\k510bus.sys [2008-03-21 58288]
S3 k510mdfl;Sony Ericsson K510 USB WMC Modem Filter;h:\windows\system32\drivers\k510mdfl.sys [2008-03-21 8336]
S3 k510mdm;Sony Ericsson K510 USB WMC Modem Driver;h:\windows\system32\drivers\k510mdm.sys [2008-03-21 94064]
S3 k510mgmt;Sony Ericsson K510 USB WMC Device Management Drivers (WDM);h:\windows\system32\drivers\k510mgmt.sys [2008-03-21 85408]
S3 k510obex;Sony Ericsson K510 USB WMC OBEX Interface;h:\windows\system32\drivers\k510obex.sys [2008-03-21 83344]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"h:\windows\system32\rundll32.exe" "h:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Zawartość folderu 'Zaplanowane zadania'
2009-07-08 h:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- h:\program files\Google\Update\GoogleUpdate.exe [2009-02-03 19:21]
2009-07-08 h:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- h:\program files\Google\Update\GoogleUpdate.exe [2009-02-03 19:21]
.
- - - - USUNIĘTO PUSTE WPISY - - - -
HKLM-Run-pnmkkjdmnofljcnqc - h:\windows\system32\xwnzssfxgestdnxrj.dll
.
------- Skan uzupełniający -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local 127.0.0.1 127.0.0.1
IE: &Download All with FlashGet - h:\program files\FlashGet\jc_all.htm
IE: &Download with FlashGet - h:\program files\FlashGet\jc_link.htm
IE: Add to Google Photos Screensa&ver - h:\windows\system32\GPhotos.scr/200
IE: E&ksport do programu Microsoft Excel - h:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {2631E958-088E-40DB-B705-FFEDD5592177} = 194.204.152.34,194.204.159.1
Handler: wpmsg - {2E0AC5A0-3597-11D6-B3ED-0001021DC1C3} - h:\program files\Spik\url_wpmsg.dll
FF - ProfilePath - h:\documents and settings\Marek\Dane aplikacji\Mozilla\Firefox\Profiles\fmwsb15h.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=utf-8&fr=megaup&p=
FF - plugin: h:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: h:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: h:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: h:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: h:\program files\Mozilla Firefox\plugins\npdjvu.dll
FF - plugin: h:\program files\Mozilla Firefox\plugins\npwpk.dll
FF - plugin: h:\program files\Opera 10 Preview\program\plugins\npdsplay.dll
FF - plugin: h:\program files\Opera 10 Preview\program\plugins\npwmsdrm.dll
FF - plugin: h:\program files\Spik\mozilla\npwpk.dll
FF - plugin: h:\program files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll
FF - plugin: h:\program files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll
FF - HiddenExtension: Java Console: No Registry Reference - h:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
---- FIREFOX - SPOSÓB POSTĘPOWANIA ----
FF - user.js: general.useragent.extra.zencast - .
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-08 20:04
Windows 5.1.2600 Dodatek Service Pack 3 NTFS
skanowanie ukrytych procesów ...
skanowanie ukrytych wpisów autostartu ...
skanowanie ukrytych plików ...
skanowanie pomyślnie ukończone
ukryte pliki: 0
**************************************************************************
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
[HKEY_USERS\S-1-5-21-57989841-1801674531-839522115-1004\Software\%s (%s)\«Ů0x >:xz|8xn9xz|8xCStringList*đł/xß0x!A:xoŢ0xn9xz|8xCMapPtrToPtr\PLK_Settings\BCGCommandManager]
"CommandsWithoutImages"=hex:00,00
"MenuUserImages"=hex:00,00
[HKEY_USERS\S-1-5-21-57989841-1801674531-839522115-1004\Software\%s (%s)\«Ů0x >:xz|8xn9xz|8xCStringList*đł/xß0x!A:xoŢ0xn9xz|8xCMapPtrToPtr\PLK_Settings\BCGControlBarVersion]
"Major"=dword:00000008
"Minor"=dword:0000003c
[HKEY_USERS\S-1-5-21-57989841-1801674531-839522115-1004\Software\%s (%s)\«Ů0x >:xz|8xn9xz|8xCStringList*đł/xß0x!A:xoŢ0xn9xz|8xCMapPtrToPtr\PLK_Settings\BCGToolbarParameters]
"Tooltips"=dword:00000001
"ShortcutKeys"=dword:00000001
"LargeIcons"=dword:00000001
"MenuAnimation"=dword:00000000
"RecentlyUsedMenus"=dword:00000001
"MenuShadows"=dword:00000001
"ShowAllMenusAfterDelay"=dword:00000001
"Look2000"=dword:00000001
"CommandsUsage"=hex:9b,00,00,00,00,00
[HKEY_USERS\S-1-5-21-57989841-1801674531-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{C9A0F11C-E717-CF96-0108-3F672E03CE2F}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|˙˙˙˙¤•€|ů•6~*]
"AB141C35E9F4BF344B9FC010BB17F68A"=""
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------
- - - - - - - > 'winlogon.exe'(728)
h:\windows\system32\cscui.dll
- - - - - - - > 'lsass.exe'(784)
h:\windows\system32\scecli.dll
.
Czas ukończenia: 2009-07-08 20:09
ComboFix-quarantined-files.txt 2009-07-08 18:09
ComboFix2.txt 2008-11-23 17:19
ComboFix3.txt 2008-11-23 17:19
Przed: 2 045 474 816 bajtów wolnych
Po: 5 652 598 784 bajtów wolnych
254 --- E O F --- 2009-06-11 01:19