Nie działa obraz w filmach (obciąża 90%+ CPU)

Fifoler · 5 Październik 2007 18:10

Świeżo po reinstalacji windows - odinstalowywane i reinstalowywane sterowniki, kodeki - ffdshowy, klite, xp codec pack i inne divxy i xvidy - wygląda to tak, iż dźwięk w filmach działa natomiast obraz nie - zawiesza się komputer itp. Robione były skany antyviramy itp.

Antyvir : Ava antyvir

Komputer: 2Ghz, radeon 6300, 512 ram. Sunbelt personal firewall.

Logi:

Hijack:

Logfile of HijackThis v1.99.1

Scan saved at 19:55:50, on 2007-10-05

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)


Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe

C:\WINDOWS\Mixer.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe

C:\WINDOWS\System32\wtmgl.exe

C:\Program Files\DAP\DAP.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\RUNDLL32.EXE

C:\Program Files\Winamp\winampa.exe

C:\WINDOWS\System32\ctfmon.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Tlen.pl\tlen.exe

C:\Program Files\DAEMON Tools\daemon.exe

C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe

C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\Program Files\AntiVir PersonalEdition Classic\sched.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe

C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe

C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Winamp\winamp.exe

C:\WINDOWS\System32\wuauclt.exe

C:\WINDOWS\System32\wpabaln.exe

C:\totalcmd\TOTALCMD.EXE

D:\programy\HijackThis.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.daemonsearch.com/intl/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup

O4 - HKLM\..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe

O4 - HKLM\..\Run: [wtmgl] wtmgl.exe

O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [Trickler] "c:\program files\divx\divx pro codec\gain_trickler_3202.exe"

O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [Komunikator] C:\Program Files\Tlen.pl\tlen.exe

O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm

O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm

O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm

O17 - HKLM\System\CCS\Services\Tcpip\..\{EBF744D1-38F6-469D-8FD4-4A6CDDDDDEFE}: NameServer = 217.30.129.149,217.30.137.200

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe

Sillent Runners :

"Silent Runners.vbs", revision 52, http://www.silentrunners.org/

Operating System: Windows XP

Output limited to non-default values, except where indicated by "{++}"



Startup items buried in registry:

---------------------------------


HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}

"CTFMON.EXE" = "C:\WINDOWS\System32\ctfmon.exe" [MS]

"MSMSGS" = ""C:\Program Files\Messenger\msmsgs.exe" /background" [MS]

"Komunikator" = "C:\Program Files\Tlen.pl\tlen.exe" ["o2.pl Sp. z o.o."]

"DAEMON Tools" = ""C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033" ["DT Soft Ltd."]

"eMuleAutoStart" = "C:\Program Files\eMule\emule.exe -AutoStart" ["http://www.emule-project.net"]


HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}

"avgnt" = ""C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min" ["Avira GmbH"]

"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup" [MS]

"C-Media Mixer" = "Mixer.exe /startup" ["C-Media Electronic Inc. (www.cmedia.com.tw)"]

"AAWTray" = "C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe" [null data]

"wtmgl" = "wtmgl.exe" ["Pentagram"]

"DownloadAccelerator" = ""C:\Program Files\DAP\DAP.EXE" /STARTUP" ["Speedbit Ltd."]

"NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]

"KernelFaultCheck" = "C:\WINDOWS\system32\dumprep 0 -k"

"NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit" [MS]

"Trickler" = ""c:\program files\divx\divx pro codec\gain_trickler_3202.exe"" [file not found]

"WinampAgent" = "C:\Program Files\Winamp\winampa.exe" [null data]


HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)

  -> {HKLM...CLSID} = "AcroIEHlprObj Class"

                   \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]


HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"

  -> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"

                   \InProcServer32\(Default) = "deskpan.dll" [file not found]

"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"

  -> {HKLM...CLSID} = "HyperTerminal Icon Ext"

                   \InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]

"{45AC2688-0253-4ED8-97DE-B5370FA7D48A}" = "Shell Extension for Malware scanning"

  -> {HKLM...CLSID} = "Shell Extension for Malware scanning"

                   \InProcServer32\(Default) = "C:\Program Files\AntiVir PersonalEdition Classic\shlext.dll" ["Avira GmbH"]

"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"

  -> {HKLM...CLSID} = "DesktopContext Class"

                   \InProcServer32\(Default) = "C:\WINDOWS\System32\nvcpl.dll" ["NVIDIA Corporation"]

"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"

  -> {HKLM...CLSID} = "Desktop Explorer"

                   \InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]

"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"

  -> {HKLM...CLSID} = (no title provided)

                   \InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]

"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"

  -> {HKLM...CLSID} = "nView Desktop Context Menu"

                   \InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]

"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"

  -> {HKLM...CLSID} = "NVIDIA CPL Extension"

                   \InProcServer32\(Default) = "C:\WINDOWS\System32\nvcpl.dll" ["NVIDIA Corporation"]


HKLM\System\CurrentControlSet\Control\Session Manager\

<> "BootExecute" = "autocheck autochk *"|"lsdelete" [null data]


HKLM\Software\Classes\Folder\shellex\ColumnHandlers\

{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"

  -> {HKLM...CLSID} = "PDF Shell Extension"

                   \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]


HKLM\Software\Classes\*\shellex\ContextMenuHandlers\

DAP_ShredMenu\(Default) = "{BED4C38B-F765-45AC-8C56-613F76BBF43E}"

  -> {HKLM...CLSID} = "DAPMenuShellExt Class"

                   \InProcServer32\(Default) = "C:\PROGRA~1\DAP\PRIVAC~1\DAPCTX~1.DLL" ["Speedbit Ltd."]

Shell Extension for Malware scanning\(Default) = "{45AC2688-0253-4ED8-97DE-B5370FA7D48A}"

  -> {HKLM...CLSID} = "Shell Extension for Malware scanning"

                   \InProcServer32\(Default) = "C:\Program Files\AntiVir PersonalEdition Classic\shlext.dll" ["Avira GmbH"]


HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\

DAP_ShredMenu\(Default) = "{BED4C38B-F765-45AC-8C56-613F76BBF43E}"

  -> {HKLM...CLSID} = "DAPMenuShellExt Class"

                   \InProcServer32\(Default) = "C:\PROGRA~1\DAP\PRIVAC~1\DAPCTX~1.DLL" ["Speedbit Ltd."]


HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\

Shell Extension for Malware scanning\(Default) = "{45AC2688-0253-4ED8-97DE-B5370FA7D48A}"

  -> {HKLM...CLSID} = "Shell Extension for Malware scanning"

                   \InProcServer32\(Default) = "C:\Program Files\AntiVir PersonalEdition Classic\shlext.dll" ["Avira GmbH"]



Group Policies {policy setting}:

--------------------------------


Note: detected settings may not have any effect.


HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\


"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001

{Shutdown: Allow system to be shut down without having to log on}


"undockwithoutlogon" = (REG_DWORD) hex:0x00000001

{Devices: Allow undock without having to log on}



Active Desktop and Wallpaper:

-----------------------------


Active Desktop may be disabled at this entry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState


Displayed if Active Desktop enabled and wallpaper not set by Group Policy:

HKCU\Software\Microsoft\Internet Explorer\Desktop\General\

"Wallpaper" = "C:\WINDOWS\web\wallpaper\Idylla.bmp"


Displayed if Active Desktop disabled and wallpaper not set by Group Policy:

HKCU\Control Panel\Desktop\

"Wallpaper" = "C:\WINDOWS\web\wallpaper\Idylla.bmp"



Enabled Screen Saver:

---------------------


HKCU\Control Panel\Desktop\

"SCRNSAVE.EXE" = "C:\WINDOWS\System32\logon.scr" [MS]



Startup items in "admin" & "All Users" startup folders:

-------------------------------------------------------


C:\Documents and Settings\All Users\Menu Start\Programy\Autostart

"Adobe Reader Speed Launch" -> shortcut to: "C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe" ["Adobe Systems Incorporated"]



Winsock2 Service Provider DLLs:

-------------------------------


Namespace Service Providers


HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}

000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]

000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]


Transport Service Providers


HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}

0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:

%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 11

%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05



Running Services (Display Name, Service Name, Path {Service DLL}):

------------------------------------------------------------------


Ad-Aware 2007 Service, aawservice, "C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe" ["Lavasoft AB"]

AntiVir PersonalEdition Classic Guard, AntiVirService, ""C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe"" ["Avira GmbH"]

AntiVir PersonalEdition Classic Scheduler, AntiVirScheduler, ""C:\Program Files\AntiVir PersonalEdition Classic\sched.exe"" ["Avira GmbH"]

NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\System32\nvsvc32.exe" ["NVIDIA Corporation"]

Sunbelt Personal Firewall 4, SPF4, "C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe" ["Sunbelt Software"]



---------- (launch time: 2007-10-05 20:06:42)

<>: Suspicious data at a malware launch point.


+ This report excludes default entries except where indicated.

+ To see *everywhere* the script checks and *everything* it finds,

  launch it from a command prompt or a shortcut with the -all parameter.

+ The search for DESKTOP.INI DLL launch points on all local fixed drives

  took 62 seconds.

---------- (total run time: 123 seconds)

Dziadek43 · 5 Październik 2007 18:54

Poczytaj to http://forum.centrumxp.pl/Default.aspx?g=posts&t=108100 ten temat explorer.exe 100% CPU może pomoże

Fifoler · 5 Październik 2007 18:58

Explorer nie zabiera cpu, tylko jakikolwiek program którym odtwarzam filmy.(z reguły zabiera równo 99%)

LostWorld · 5 Październik 2007 20:17

Pobierz program SDFix

Opis programu

Fifoler · 5 Październik 2007 21:22

SDFix: Version 1.107

Run by administrator on 2007-10-05 at 22:49

Microsoft Windows XP [Wersja 5.1.2600]

Running From: C:\SDFix

Safe Mode:

Checking Services:

Restoring Windows Registry Values

Restoring Windows Default Hosts File

Rebooting…

Normal Mode:

Checking Files:

Trojan Files Found:

C:\WINDOWS\system32\TFTP2976 - Deleted

Removing Temp Files…

ADS Check:

C:\WINDOWS

No streams found.

C:\WINDOWS\system32

No streams found.

C:\WINDOWS\system32\svchost.exe

Gutek · 5 Październik 2007 23:45

Daj log z ComboFix

Fifoler · 6 Październik 2007 08:40

ComboFix 07-10-06.3 - admin 2007-10-06 10:33:01.1 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.0.1250.1.1045.18.243 [GMT 2:00]

Running from: C:\Documents and Settings\admin\Pulpit\ComboFix.exe

* Created a new restore point

.

((((((((((((((((((((((((( Files Created from 2007-09-06 to 2007-10-06 )))))))))))))))))))))))))))))))

.

2007-10-06 10:31 51,200 --a------ C:\WINDOWS\NirCmd.exe

2007-10-06 00:35

2007-10-06 00:33 90,112 --a------ C:\WINDOWS\system32\RegDACL.exe

2007-10-06 00:33 9,006 --a------ C:\clean.bat

2007-10-06 00:33 53,248 --a------ C:\WINDOWS\system32\process.exe

2007-10-06 00:33 4,096 --a------ C:\WINDOWS\system32\reboot.exe

2007-10-05 22:49

2007-10-05 19:49

2007-10-05 19:48 765,952 --a------ C:\WINDOWS\system32\xvidcore.dll

2007-10-05 19:48 740,442 --a------ C:\WINDOWS\system32\divx.dll

2007-10-05 19:48 73,728 --a------ C:\WINDOWS\system32\dpl100.dll

2007-10-05 19:48 7,680 --a------ C:\WINDOWS\system32\ff_vfw.dll

2007-10-05 19:48 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll

2007-10-05 19:48 217,088 --a------ C:\WINDOWS\system32\yv12vfw.dll

2007-10-05 19:48 180,224 --a------ C:\WINDOWS\system32\xvidvfw.dll

2007-10-05 19:48 163,840 --a------ C:\WINDOWS\system32\unrar.dll

2007-10-05 19:48

2007-10-02 23:44

2007-10-02 23:21

2007-10-02 22:05

2007-10-02 22:04 413,760 --a------ C:\WINDOWS\system32\MPG4C32.DLL

2007-10-02 20:25

2007-10-02 20:21 56 -r-hs---- C:\WINDOWS\system32\EA0999420E.sys

2007-09-29 21:33

2007-09-29 18:41

2007-09-27 23:14

2007-09-23 20:09

2007-09-23 20:08 16,384 --a------ C:\WINDOWS\system32\FileOps.exe

2007-09-21 10:34

2007-09-20 14:00 23,040 -ra------ C:\WINDOWS\system32\drivers\GVCplDrv.sys

2007-09-19 16:45

2007-09-19 16:19

2007-09-17 21:20

2007-09-17 18:02 21,760 --a–c— C:\WINDOWS\system32\dllcache\usbstor.sys

2007-09-17 11:36 5,504 --------- C:\WINDOWS\system32\drivers\imagedrv.sys

2007-09-17 11:36 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll

2007-09-17 11:36 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll

2007-09-17 11:36 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll

2007-09-17 11:36 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe

2007-09-17 11:36 125,184 --------- C:\WINDOWS\system32\drivers\imagesrv.sys

2007-09-17 11:36 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll

2007-09-17 11:36 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll

2007-09-17 11:36

2007-09-16 18:37

2007-09-16 14:01 88 -r-hs---- C:\WINDOWS\system32\0E429909EA.sys

2007-09-16 14:01 1,682 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys

2007-09-16 13:41

2007-09-15 22:21 1,156 --a------ C:\WINDOWS\mozver.dat

2007-09-15 22:06 731,648 --a–c— C:\WINDOWS\system32\dllcache\nv4.sys

2007-09-15 22:06 731,648 --a------ C:\WINDOWS\system32\drivers\nv4.sys

2007-09-15 22:06 1,738,496 --a–c— C:\WINDOWS\system32\dllcache\nv4.dll

2007-09-15 22:06 1,738,496 --a------ C:\WINDOWS\system32\nv4.dll

2007-09-15 22:05 182,880 --a–c— C:\WINDOWS\system32\dllcache\iuengine.dll

2007-09-15 22:05 182,880 --a------ C:\WINDOWS\system32\iuengine.dll

2007-09-15 20:58

2007-09-15 20:06 984 --a------ C:\WINDOWS\system32\d3d8caps.dat

2007-09-15 20:05 306,688 --a------ C:\WINDOWS\IsUninst.exe

2007-09-15 18:56

2007-09-15 18:49 57,088 --a------ C:\WINDOWS\system32\drivers\redbook.sys

2007-09-15 18:49 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys

2007-09-15 18:49 23,070 --a------ C:\WINDOWS\system32\drivers\RTL8139.sys

2007-09-15 18:49

2007-09-15 18:48 70,144 --a------ C:\WINDOWS\system32\usbui.dll

2007-09-15 18:48

2007-09-15 18:47

2007-09-15 18:46

2007-09-15 18:28

2007-09-15 18:23

2007-09-15 18:21

2007-09-15 18:20 545 --a------ C:\WINDOWS\UC.PIF

2007-09-15 18:20 545 --a------ C:\WINDOWS\RAR.PIF

2007-09-15 18:20 545 --a------ C:\WINDOWS\PKZIP.PIF

2007-09-15 18:20 545 --a------ C:\WINDOWS\PKUNZIP.PIF

2007-09-15 18:20 545 --a------ C:\WINDOWS\NOCLOSE.PIF

2007-09-15 18:20 545 --a------ C:\WINDOWS\LHA.PIF

2007-09-15 18:20 545 --a------ C:\WINDOWS\ARJ.PIF

2007-09-15 18:20

2007-09-15 18:15 0 --a------ C:\WINDOWS\nsreg.dat

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2007-10-06 10:30 --------- d-a------ C:\Documents and Settings\All Users\Dane aplikacji\TEMP

2007-10-05 22:47 693 --a------ C:\WINDOWS\system32\drivers\fwdrv.err

2007-10-05 19:43 --------- d-------- C:\Program Files\DivX

2007-10-05 19:02 --------- d-------- C:\Program Files\SubEdit-Player

2007-10-04 08:37 --------- d-------- C:\Program Files\DAP

2007-10-02 20:22 737280 --a------ C:\WINDOWS\iun6002.exe

2007-09-15 21:15 12400 --a------ C:\WINDOWS\system32\drivers\secdrv.sys

2007-09-15 19:12 --------- d-------- C:\Program Files\directx

2007-09-15 19:11 685816 --a------ C:\WINDOWS\system32\drivers\sptd.sys

2007-09-15 19:11 50688 --a------ C:\WINDOWS\system32\wbhelp2.dll

2007-09-15 19:04 286720 --a------ C:\WINDOWS\iun506.exe

2007-09-15 19:04 --------- d-------- C:\Program Files\J-Series Tablet Driver

2007-09-15 17:55 --------- d-------- C:\Program Files\microsoft frontpage

2007-08-16 00:33 9464 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys

2007-08-16 00:33 9336 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys

2007-08-16 00:33 43528 --------- C:\WINDOWS\system32\drivers\PxHelp20.sys

2007-08-16 00:33 129784 --------- C:\WINDOWS\system32\pxafs.dll

2007-08-16 00:33 120056 --------- C:\WINDOWS\system32\pxcpyi64.exe

2007-08-16 00:33 118520 --------- C:\WINDOWS\system32\pxinsi64.exe

2007-08-09 13:26 20480 --a------ C:\WINDOWS\system32\ac3config.exe

2007-08-07 13:58 8320 --a------ C:\WINDOWS\system32\drivers\AWRTRD.sys

2007-08-07 13:56 9344 --a------ C:\WINDOWS\system32\drivers\NSDriver.sys

2001-11-23 12:08 712704 --a------ C:\WINDOWS\inf\OTHER\AUDIO3D.DLL

--------- C:\Program Files\Usługi online

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“avgnt”=“C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe” [2007-09-15 18:46]

“NvCplDaemon”=“C:\WINDOWS\System32\NvCpl.dll” [2005-07-20 15:07]

“C-Media Mixer”=“Mixer.exe” [2003-03-20 14:21 C:\WINDOWS\mixer.exe]

“AAWTray”=“C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe” [2007-08-08 15:53]

“wtmgl”=“wtmgl.exe” [2001-03-07 09:09 C:\WINDOWS\system32\wtmgl.exe]

“DownloadAccelerator”=“C:\Program Files\DAP\DAP.exe” [2007-09-16 13:40]

“NeroFilterCheck”=“C:\WINDOWS\system32\NeroCheck.exe” [2001-07-09 11:50]

“NvMediaCenter”=“C:\WINDOWS\System32\NvMcTray.dll” [2005-07-20 15:07]

“Trickler”=“c:\program files\divx\divx pro codec\gain_trickler_3202.exe” []

“WinampAgent”=“C:\Program Files\Winamp\winampa.exe” [2007-05-15 00:22]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“CTFMON.EXE”=“C:\WINDOWS\System32\ctfmon.exe” [2001-10-30 14:00]

“MSMSGS”=“C:\Program Files\Messenger\msmsgs.exe” [2001-08-02 07:14]

“Komunikator”=“C:\Program Files\Tlen.pl\tlen.exe” [2007-02-12 12:01]

“DAEMON Tools”=“C:\Program Files\DAEMON Tools\daemon.exe” [2007-08-29 17:09]

“eMuleAutoStart”=“C:\Program Files\eMule\emule.exe” [2007-05-13 16:57]

R0 avgntmgr;avgntmgr;C:\WINDOWS\System32\DRIVERS\avgntmgr.sys

R1 avgntdd;avgntdd;C:\WINDOWS\System32\DRIVERS\avgntdd.sys

R1 fwdrv;Firewall Driver;C:\WINDOWS\System32\drivers\fwdrv.sys

R1 khips;Kerio HIPS Driver;C:\WINDOWS\System32\drivers\khips.sys

R3 MGUSBTAB;USB Tablet driver;C:\WINDOWS\System32\Drivers\MGUSBTAB.sys

S2 SPF4;Sunbelt Personal Firewall 4;C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe

S3 GVCplDrv;GVCplDrv;C:\WINDOWS\System32\drivers\GVCplDrv.sys

S3 RivaTuner32;RivaTuner32;??\C:\Program Files\RivaTuner v2.04\RivaTuner32.sys

S3 RTCore32;RTCore32;??\C:\Program Files\RMClock\RTCore32.sys

*Newly Created Service* - CATCHME

.

**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-10-06 10:36:09

Windows 5.1.2600 NTFS

scanning hidden processes …

scanning hidden autostart entries …

scanning hidden files …

scan completed successfully

hidden files: 0

**************************************************************************

.

Completion time: 2007-10-06 10:38:07

.

— E O F —

Gutek · 6 Październik 2007 23:43

Uwaga: Jak wklejasz loga to obejmuj go znacznikiem (tagiem) CODE lub QUOTE

Pozdrawiam Gutek2222

W logu nic nie widzę