Wirusy; svchost.exe 100%cpu; problemy przy starcie cpu

Dla specjalistów Bezpieczeństwo
#1

Witam, zacznę od początku, tak więc najpierw avast! jakiś czas temu wykrył " Win32:KeyLogger-ABK [spy] " - trafił pod kwarantanne i został usunięty (za pomocą tegoż antywira, ale czy efektywnie - nie wiem).

Następne co się działo, to komputer zaczął stopniowo zwalniać swą prace, aż sam się wyłączał gdy zużycie procesora dochodziło do 100% i utrzymywało się przez jakiś czas.

potem wyskoczył ten oto błąd:

blad1k.jpg

  • powiedzmy, że w miare zrozumiałe powody.

Ale… nie mogłam znaleźć nowszych sterowników a nie miałam czasu na dłuższe szukanie, więc nic z tym nie zrobiłam.

Ostatnio avast! znalazł mi w sterownikach karty graficznej około 63 ROOTKIT’ów - dokładnej ich nazwy nie pamiętam. Wszystkie zostały przeniesione do kwarantanny po czym usunięte ( chyba ).

W momencie znalezienia tych robali proces " svchost.exe " się konkretnie uaktywnił zżerając 100% cpu… i tak zostało do tej pory.

Po restarcie komputera (lub najzwyczajniej - włączeniu), kiedy pojawia się pulpit wszystko jest ok (przez krótki czas z którego zbawiennie korzystam), nawet zużycie procesora jest w normie, do momentu kiedy jest, że tak powiem “odświeżenie pulpitu po uruchomieniu startowych aplikacji itd”, wtedy znikają ikonki i cały pasek narzędzi.

Zostawiłam tak i po czasie - ponad godzina - nic się nie zmieniło, więc restart. Jest tak za każdym razem więc zaraz po włączeniu komputera uruchamiam “menedżera zadań”.

Elementy pulpitu wraz znikają ale przynajmniej mogę zrobić cokolwiek. Wszystko uruchamiam tworząc nowe aplikacje w tymże menedżerze.

Przestawiłam sterowniki na starsze, które były w komputerze żeby możliwie nie korzystać z tamtych, które były zainfekowane - na wszelki wypadek hehe.

Jeśli chodzi o ponowny skan komputera to myślę, że to wręcz nie możliwe, gdyż przez svchost.exe i zużycie 100% trwałoby to pare dni.

Próbowałam przeskanować F-PROT’em, ale skanu nie dokończyłam (bo za długo by to trwało…), F-PROT zdążył znaleźć 2 wirusy “W32/Threat-HILLYE!Eldorado” i dwa “CVE-2004-0200”

Wracając do svchost to w programie Active Ports jest połączenie z portem 135, dwa razy identyczne… gdzieś mi się widziało przeczytać, że to może być trojan.

Przepraszam jeśli nie zrozumiale ujęłam problem.

HJT log

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 21:23:39, on 2010-02-15

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Boot mode: Normal


Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\System32\WF2K.EXE

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\Winamp\winampa.exe

C:\Program Files\FRISK Software\F-PROT Antivirus for Windows\FProtTray.exe

C:\WINDOWS\System32\RUNDLL32.EXE

C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe

C:\Program Files\FRISK Software\F-PROT Antivirus for Windows\FPAVServer.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe


R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=101699gct=gc=1q=

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://toolbar.ask.com/toolbarv/askRedirect?o=101699gct=gc=1q=%s

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: IEPluginBHO - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Documents and Settings\beata\Dane aplikacji\Nowe Gadu-Gadu\_userdata\ggbho.1.dll

O3 - Toolbar: Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [WinFast_2K] C:\WINDOWS\System32\WF2K.EXE

O4 - HKLM\..\Run: [WinFast2KLoadDefault] rundll32.exe wf2kcpl.dll,DllLoadDefaultSettings

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"

O4 - HKLM\..\Run: [F-PROT Antivirus Tray application] C:\Program Files\FRISK Software\F-PROT Antivirus for Windows\FProtTray.exe

O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit

O4 - HKUS\S-1-5-21-1645522239-790525478-725345543-1003\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit (User '?')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - S-1-5-21-1645522239-790525478-725345543-1003 Startup: netuza32.exe (User '?')

O4 - Startup: netuza32.exe

O8 - Extra context menu item: Eksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra 'Tools' menuitem: Show Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O15 - Trusted Zone: http://asia.msi.com.tw

O15 - Trusted Zone: http://global.msi.com.tw

O15 - Trusted Zone: http://www.msi.com.tw

O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.msi.com.tw/autobios/LOnline/install.cab

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe

O23 - Service: F-PROT Antivirus for Windows system (FPAVServer) - FRISK Software International - C:\Program Files\FRISK Software\F-PROT Antivirus for Windows\FPAVServer.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe


--

End of file - 5250 bytes
#2

Daj log z ComboFix albo z Daj log z OTL

jessi

#3

niestety :frowning: ale trzeba by wrócić (według mnie) do stanu przed usunięciem wirusów :stuck_out_tongue: ,dlatego bo avast jest dość za wrażliwy :?

#4

jessica - te dwa wpisy usuwam, ale po kolejnym skanie nadal są. A trybie awaryjnym skanowałam to ich nie ma.

log z OTL

OTL logfile created on: 2010-02-16 10:22:52 - Run 1

OTL by OldTimer - Version 3.1.28.0 Folder = C:\Documents and Settings\beata\Pulpit

Windows XP Professional Edition (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2600.0000)

Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd


767,00 Mb Total Physical Memory | 417,00 Mb Available Physical Memory | 54,00% Memory free

2,00 Gb Paging File | 2,00 Gb Available in Paging File | 82,00% Paging File free

Paging file location(s): c:\pagefile.sys 1152 2304 [binary data]


%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 37,26 Gb Total Space | 3,20 Gb Free Space | 8,58% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded


Computer Name: ANDA

Current User Name: beata

Logged in as Administrator.


Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: On

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard


[color=#E56717]========== Processes (SafeList) ==========[/color]


PRC - [2010-02-16 10:17:09 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\beata\Pulpit\OTL.exe

PRC - [2009-11-25 00:51:40 | 000,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe

PRC - [2009-11-25 00:51:35 | 000,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe

PRC - [2009-11-25 00:51:21 | 000,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

PRC - [2009-11-25 00:48:48 | 000,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

PRC - [2009-11-25 00:43:56 | 000,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

PRC - [2009-08-27 16:26:02 | 000,075,424 | ---- | M] (FRISK Software International) -- C:\Program Files\FRISK Software\F-PROT Antivirus for Windows\FPAVServer.exe

PRC - [2009-07-01 17:37:06 | 000,037,888 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe

PRC - [2006-11-17 05:42:52 | 000,577,536 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE

PRC - [2005-04-06 16:03:28 | 000,110,592 | ---- | M] () -- C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe

PRC - [2001-10-26 18:29:52 | 001,002,496 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2001-10-23 09:57:48 | 002,191,360 | ---- | M] (Leadtek Research Inc.) -- C:\WINDOWS\system32\Wf2k.exe



[color=#E56717]========== Modules (SafeList) ==========[/color]


MOD - [2010-02-16 10:17:09 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\beata\Pulpit\OTL.exe

MOD - [2001-08-18 07:37:18 | 000,921,088 | R--- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll



[color=#E56717]========== Win32 Services (SafeList) ==========[/color]


SRV - [2009-11-25 00:51:35 | 000,138,680 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)

SRV - [2009-11-25 00:51:21 | 000,254,040 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)

SRV - [2009-11-25 00:48:48 | 000,352,920 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)

SRV - [2009-11-25 00:43:56 | 000,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)

SRV - [2009-08-27 16:26:02 | 000,075,424 | ---- | M] (FRISK Software International) [Auto | Running] -- C:\Program Files\FRISK Software\F-PROT Antivirus for Windows\FPAVServer.exe -- (FPAVServer)

SRV - [2008-02-06 16:42:07 | 000,107,832 | ---- | M] () [Disabled | Stopped] -- C:\WINDOWS\system32\PnkBstrB.exe -- (PnkBstrB)

SRV - [2008-01-31 17:48:12 | 000,066,872 | ---- | M] () [Disabled | Stopped] -- C:\WINDOWS\system32\PnkBstrA.exe -- (PnkBstrA)

SRV - [2005-04-06 16:03:28 | 000,110,592 | ---- | M] () [Auto | Running] -- C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe -- (BlueSoleil Hid Service)

SRV - [2003-10-06 15:16:00 | 000,081,920 | ---- | M] (NVIDIA Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc)

SRV - [2003-07-28 19:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)



[color=#E56717]========== Driver Services (SafeList) ==========[/color]


DRV - [2009-11-25 00:50:59 | 000,094,160 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2)

DRV - [2009-11-25 00:50:12 | 000,114,768 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)

DRV - [2009-11-25 00:49:07 | 000,048,560 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)

DRV - [2009-11-25 00:48:57 | 000,023,120 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)

DRV - [2009-11-25 00:47:54 | 000,027,408 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4)

DRV - [2009-08-27 16:25:54 | 000,682,840 | ---- | M] (FRISK Software International) [File_System | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\FStopW.sys -- (FPAV_RTP)

DRV - [2009-04-28 21:20:06 | 000,044,944 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)

DRV - [2008-12-06 13:56:40 | 000,012,464 | ---- | M] (Macrovision Europe Ltd) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)

DRV - [2006-12-04 17:11:46 | 004,025,984 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)

DRV - [2006-02-27 05:46:20 | 000,081,408 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)

DRV - [2005-05-31 15:40:20 | 000,020,480 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\blueletaudio.sys -- (BlueletAudio)

DRV - [2005-04-30 14:50:24 | 000,011,736 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VHIDMini.sys -- (VHidMinidrv)

DRV - [2005-04-30 14:50:20 | 000,011,860 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vbtenum.sys -- (BTHidEnum)

DRV - [2005-04-30 14:50:10 | 000,028,271 | ---- | M] (IVT Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\BTHidMgr.sys -- (BTHidMgr)

DRV - [2005-03-25 17:18:48 | 000,082,148 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VcommMgr.sys -- (VcommMgr)

DRV - [2004-10-19 13:37:38 | 000,061,312 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VComm.sys -- (VComm)

DRV - [2003-12-11 16:54:14 | 000,391,424 | ---- | M] (Sensaura Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS -- (ALCXSENS)

DRV - [2003-10-06 15:16:00 | 001,550,043 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)

DRV - [2001-10-30 05:30:00 | 000,003,033 | ---- | M] (VIA Technologies. Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\VIAPFD.SYS -- (VIAPFD)

DRV - [2001-09-06 17:50:44 | 000,010,652 | ---- | M] (Leadtek Research Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wfsys.sys -- (WFsys)

DRV - [2001-08-17 22:57:36 | 000,005,888 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rootmdm.sys -- (ROOTMODEM)

DRV - [2001-08-17 22:49:56 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)



[color=#E56717]========== Standard Registry (SafeList) ==========[/color]



[color=#E56717]========== Internet Explorer ==========[/color]


IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=101699&gct=&gc=1&q=


IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


[color=#E56717]========== FireFox ==========[/color]


FF - prefs.js..browser.search.defaultenginename: "Ask"

FF - prefs.js..browser.search.order.1: "Ask"

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..extensions.enabledItems: {eaf8a4ef-d221-45ca-9deb-d0934b45fa34}:1.3.0.3

FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.5.1

FF - prefs.js..extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.0.7

FF - prefs.js..keyword.URL: "http://toolbar.ask.com/toolbarv/askRedirect?o=101699&gct=&gc=1&q="


FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-01-25 17:43:54 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-01-08 15:19:05 | 000,000,000 | ---D | M]


[2008-09-02 14:17:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\beata\Dane aplikacji\Mozilla\Extensions

[2010-02-15 20:05:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\beata\Dane aplikacji\Mozilla\Firefox\Profiles\zijrpplk.default\extensions

[2009-11-10 16:23:54 | 000,000,000 | ---D | M] (Stylish) -- C:\Documents and Settings\beata\Dane aplikacji\Mozilla\Firefox\Profiles\zijrpplk.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}

[2009-05-22 10:02:40 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\beata\Dane aplikacji\Mozilla\Firefox\Profiles\zijrpplk.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}

[2009-05-15 17:42:10 | 000,000,000 | ---D | M] (OggX (powered by TIME S.A.)) -- C:\Documents and Settings\beata\Dane aplikacji\Mozilla\Firefox\Profiles\zijrpplk.default\extensions\{eaf8a4ef-d221-45ca-9deb-d0934b45fa34}

[2010-02-09 20:16:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\beata\Dane aplikacji\Mozilla\Firefox\Profiles\zijrpplk.default\extensions\personas@christopher.beard

[2009-05-22 11:02:24 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\beata\Dane aplikacji\Mozilla\Firefox\Profiles\zijrpplk.default\searchplugins\ask.xml

[2008-06-27 16:36:26 | 000,001,196 | ---- | M] () -- C:\Documents and Settings\beata\Dane aplikacji\Mozilla\Firefox\Profiles\zijrpplk.default\searchplugins\winamp-search.xml

[2010-02-15 20:05:33 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

[2009-05-22 10:01:41 | 000,072,960 | ---- | M] (Foxit Software Company) -- C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll

[2009-11-03 02:54:10 | 000,002,767 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml

[2009-11-03 02:54:10 | 000,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml

[2009-11-03 02:54:10 | 000,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml

[2009-11-03 02:54:10 | 000,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml

[2009-11-03 02:54:10 | 000,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml

[2009-11-03 02:54:10 | 000,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml


O1 HOSTS File: ([2009-11-05 10:07:29 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (IEPluginBHO Class) - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Documents and Settings\beata\Dane aplikacji\Nowe Gadu-Gadu\_userdata\ggbho.1.dll (GG Network S.A.)

O3 - HKLM\..\Toolbar: (&Radio) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx (Microsoft Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {B9D1647F-A66A-4695-B249-07901A45FF59} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - No CLSID value found.

O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)

O4 - HKLM..\Run: [F-PROT Antivirus Tray application] C:\Program Files\FRISK Software\F-PROT Antivirus for Windows\FProtTray.exe (FRISK Software International)

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)

O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()

O4 - HKLM..\Run: [WinFast_2K] C:\WINDOWS\system32\Wf2k.exe (Leadtek Research Inc.)

O4 - HKLM..\Run: [WinFast2KLoadDefault] C:\WINDOWS\System32\WF2KCPL.dll (Leadtek Research Inc.)

O4 - HKCU..\Run: [NvMediaCenter] C:\WINDOWS\System32\NVMCTRAY.DLL (NVIDIA Corporation)

O4 - Startup: C:\Documents and Settings\beata\Menu Start\Programy\Autostart\netuza32.exe ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)

O9 - Extra Button: @shdoclc.dll,-866 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\Web\related.htm ()

O9 - Extra 'Tools' menuitem : @shdoclc.dll,-864 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\Web\related.htm ()

O15 - HKCU\..Trusted Domains: com.tw ([asia.msi] http in Zaufane witryny)

O15 - HKCU\..Trusted Domains: com.tw ([global.msi] http in Zaufane witryny)

O15 - HKCU\..Trusted Domains: com.tw ([www.msi] http in Zaufane witryny)

O15 - HKCU\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.

O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} http://liveupdate.msi.com.tw/autobios/LOnline/install.cab (WebSDev Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)

O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O18 - Protocol\Handler\vnd.ms.radio {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\WINDOWS\system32\msdxm.ocx (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home

O24 - Desktop WallPaper: C:\Documents and Settings\beata\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\beata\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2008-12-27 22:08:43 | 000,000,098 | ---- | M] () - C:\AUTOEXEC.BAT -- [NTFS]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - comfile [open] -- "%1" %*

O35 - exefile [open] -- "%1" %*


[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]


[2010-02-16 10:21:52 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\beata\Recent

[2010-02-16 10:16:16 | 000,549,376 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\beata\Pulpit\OTL.exe

[2010-02-15 21:23:03 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro

[2010-02-15 21:14:03 | 000,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\beata\Pulpit\HJTInstall.exe

[2010-02-15 19:05:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\beata\Dane aplikacji\FRISK Software

[2010-02-15 18:55:11 | 000,682,840 | ---- | C] (FRISK Software International) -- C:\WINDOWS\System32\drivers\FStopW.sys

[2010-02-15 18:53:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\FRISK Software

[2010-02-15 18:53:34 | 000,000,000 | ---D | C] -- C:\Program Files\FRISK Software

[2010-02-14 19:36:33 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\i2omgmt.sys

[2010-02-14 19:36:05 | 000,007,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\changer.sys

[2010-02-14 19:36:05 | 000,007,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\changer.sys

[2010-02-08 19:38:44 | 000,000,000 | ---D | C] -- C:\Program Files\Guitar Pro 5

[2010-02-08 13:38:03 | 000,107,888 | ---- | C] (Sony DADC Austria AG.) -- C:\WINDOWS\System32\CmdLineExt.dll

[2010-02-08 13:33:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\nView_Profiles

[2010-02-08 13:30:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NVSYS

[2010-02-07 19:21:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\beata\Moje dokumenty\Bethesda

[2010-02-07 19:02:45 | 000,000,000 | ---D | C] -- C:\Program Files\Bethesda Softworks

[2010-01-17 21:59:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\beata\Dane aplikacji\AccurateRip

[2010-01-17 21:59:03 | 000,000,000 | ---D | C] -- C:\Program Files\Illustrate

[2008-01-15 23:57:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Microsoft

[2008-01-15 23:57:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Microsoft

[2008-01-15 23:41:09 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Dane aplikacji\Microsoft

[2008-01-15 23:41:09 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Dane aplikacji\Microsoft

[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp ->]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp ->]


[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]


[2010-02-16 10:17:09 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\beata\Pulpit\OTL.exe

[2010-02-16 09:42:01 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010-02-16 09:36:01 | 004,194,304 | -H-- | M] () -- C:\Documents and Settings\beata\NTUSER.DAT

[2010-02-16 09:13:49 | 000,000,190 | -HS- | M] () -- C:\Documents and Settings\beata\ntuser.ini

[2010-02-16 09:13:38 | 001,578,542 | -H-- | M] () -- C:\Documents and Settings\beata\Ustawienia lokalne\Dane aplikacji\IconCache.db

[2010-02-16 09:12:26 | 000,009,448 | ---- | M] () -- C:\WINDOWS\system.ini

[2010-02-16 09:12:26 | 000,000,713 | ---- | M] () -- C:\WINDOWS\win.ini

[2010-02-16 09:12:26 | 000,000,264 | RHS- | M] () -- C:\boot.ini

[2010-02-16 09:08:18 | 000,002,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\winsock.dll

[2010-02-16 09:08:18 | 000,002,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winsock.dll

[2010-02-15 23:38:43 | 000,036,556 | ---- | M] () -- C:\Documents and Settings\beata\Pulpit\blad1.jpg

[2010-02-15 21:23:04 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\beata\Pulpit\HijackThis.lnk

[2010-02-15 21:14:36 | 000,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\beata\Pulpit\HJTInstall.exe

[2010-02-15 18:55:49 | 000,001,900 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\F-PROT Antivirus dla Windows.lnk

[2010-02-15 18:35:24 | 026,205,696 | ---- | M] () -- C:\Documents and Settings\beata\Pulpit\fp6(2).msi

[2010-02-15 18:34:34 | 026,205,696 | ---- | M] () -- C:\Documents and Settings\beata\Pulpit\fp6.msi

[2010-02-14 19:32:30 | 000,000,116 | ---- | M] () -- C:\WINDOWS\System32\fjhdyfhsn.bat

[2010-02-14 19:32:21 | 000,000,004 | ---- | M] () -- C:\Documents and Settings\beata\Dane aplikacji\avdrn.dat

[2010-02-14 19:16:29 | 000,088,566 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml

[2010-02-14 19:16:03 | 000,002,184 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2010-02-09 15:22:05 | 000,121,336 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2010-02-08 19:44:45 | 000,040,960 | ---- | M] () -- C:\Documents and Settings\beata\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010-02-08 19:43:22 | 000,020,392 | ---- | M] () -- C:\Documents and Settings\beata\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT

[2010-02-08 19:39:08 | 000,000,619 | ---- | M] () -- C:\Documents and Settings\beata\Pulpit\Guitar Pro 5.lnk

[2010-02-08 13:38:03 | 000,107,888 | ---- | M] (Sony DADC Austria AG.) -- C:\WINDOWS\System32\CmdLineExt.dll

[2010-02-07 19:16:40 | 000,001,065 | ---- | M] () -- C:\Documents and Settings\beata\Pulpit\Mroczne Zakątki Świata.lnk

[2010-01-17 22:02:33 | 000,003,663 | ---- | M] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp m4a Codec.dat

[2010-01-17 22:02:18 | 000,033,846 | ---- | M] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp m4a Codec.bmp

[2010-01-17 22:00:31 | 001,085,616 | ---- | M] () -- C:\WINDOWS\System32\SpoonUninstall.exe

[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp ->]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp ->]


[color=#E56717]========== Files Created - No Company Name ==========[/color]


[2010-02-15 23:38:43 | 000,036,556 | ---- | C] () -- C:\Documents and Settings\beata\Pulpit\blad1.jpg

[2010-02-15 21:23:03 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\beata\Pulpit\HijackThis.lnk

[2010-02-15 18:55:49 | 000,001,900 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\F-PROT Antivirus dla Windows.lnk

[2010-02-15 18:34:57 | 026,205,696 | ---- | C] () -- C:\Documents and Settings\beata\Pulpit\fp6(2).msi

[2010-02-15 17:33:03 | 026,205,696 | ---- | C] () -- C:\Documents and Settings\beata\Pulpit\fp6.msi

[2010-02-14 19:32:30 | 000,000,116 | ---- | C] () -- C:\WINDOWS\System32\fjhdyfhsn.bat

[2010-02-14 19:32:21 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\beata\Dane aplikacji\avdrn.dat

[2010-02-08 19:39:08 | 000,000,619 | ---- | C] () -- C:\Documents and Settings\beata\Pulpit\Guitar Pro 5.lnk

[2010-02-07 19:16:40 | 000,001,065 | ---- | C] () -- C:\Documents and Settings\beata\Pulpit\Mroczne Zakątki Świata.lnk

[2010-01-17 22:02:33 | 000,033,846 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp m4a Codec.bmp

[2010-01-17 22:02:33 | 000,003,663 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp m4a Codec.dat

[2010-01-17 21:59:15 | 001,085,616 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall.exe

[2010-01-04 21:16:08 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll

[2010-01-04 21:16:08 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll

[2010-01-04 21:16:07 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll

[2009-07-25 22:45:38 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini

[2009-07-24 16:14:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Irremote.ini

[2009-07-24 16:02:19 | 000,000,042 | ---- | C] () -- C:\Documents and Settings\beata\Dane aplikacji\default.pls

[2009-06-20 17:31:34 | 000,000,020 | ---- | C] () -- C:\WINDOWS\mafosav.INI

[2009-02-01 18:38:13 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\fsgscom.dll

[2009-01-21 19:59:13 | 000,000,761 | ---- | C] () -- C:\WINDOWS\m3jp2k.ini

[2009-01-21 19:59:13 | 000,000,702 | ---- | C] () -- C:\WINDOWS\mmtvmj.ini

[2009-01-21 19:59:12 | 000,000,714 | ---- | C] () -- C:\WINDOWS\m3jpeg.ini

[2009-01-21 19:59:09 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll

[2009-01-21 19:59:07 | 000,152,064 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll

[2009-01-21 19:59:05 | 000,761,856 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll

[2009-01-19 14:54:36 | 000,013,304 | ---- | C] () -- C:\WINDOWS\System32\drivers\BTNetFilter.sys

[2009-01-19 14:54:36 | 000,011,860 | ---- | C] () -- C:\WINDOWS\System32\drivers\vbtenum.sys

[2008-11-18 20:00:10 | 000,040,960 | ---- | C] () -- C:\Documents and Settings\beata\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2008-10-12 13:00:32 | 000,033,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\oreans32.sys

[2008-06-12 17:44:49 | 000,000,421 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2008-04-19 18:02:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI

[2008-04-19 17:58:37 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\CNMVS6e.DLL

[2008-02-09 13:48:32 | 000,000,172 | ---- | C] () -- C:\WINDOWS\WBLOCKER.INI

[2008-01-31 17:48:24 | 000,022,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\pnkbstrk.sys

[2008-01-31 03:03:26 | 000,054,608 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll

[2008-01-21 14:29:06 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll

[2008-01-16 00:54:36 | 000,000,204 | ---- | C] () -- C:\WINDOWS\RtlRack.ini

[2008-01-16 00:46:11 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll

[2007-12-14 09:21:32 | 000,009,216 | ---- | C] () -- C:\WINDOWS\System32\drivers\FlashSys.sys

[2006-10-22 12:22:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll

[2006-10-22 12:22:00 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll

[2006-10-22 12:22:00 | 000,225,280 | ---- | C] () -- C:\WINDOWS\System32\nvwrsda.dll

[2006-10-22 12:22:00 | 000,212,992 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll

[2004-05-31 07:02:04 | 000,220,672 | ---- | C] () -- C:\WINDOWS\System32\B4FM.dll

[2004-03-05 10:39:48 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\unacev2.dll

[2003-10-06 15:16:00 | 000,027,136 | ---- | C] () -- C:\WINDOWS\System32\nvcod.dll

[1997-06-14 00:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll

< End of report >

bibut - z przywracaniem zaczekam, może da się jeszcze coś zrobić. :slight_smile:

#5

oraz:

Ja patrzę na logi wyłącznie pod kątem infekcji, nie obchodzą mnie inne problemy. Ale jeśli Avast usunął sterowniki karty graficznej, to może rzeczywiście “Przywracanie” jest dobrym pomysłem, a dopiero potem usuwanie infekcji?

Sama nie wiem.

W każdym razie ja zajmę się tylko usuwaniem infekcji:

Uruchom OTL i w oknie Custom Scans/Fixes wklej to:

Kliknij w Run Fix. Zatwierdź restart komputera. Zapisz raport, który pokaże się po restarcie.

Następnie uruchom OTL ponownie, tym razem kliknij “Run Scan”.

Pokaż nowy log OTL.txt oraz raport z usuwania.

Ciekawi mnie, dlaczego te powyższe pliki pojawiły się w logu (zwykle ich nie widuje się w logu OTL).

Czyżby zostały zarażone?

Sprawdź je na --> JOTTI/ albo na VIRUSTOTAL.

jessi

#6

Nawet jeśli avast! usunął sterowniki, to usunął tamte z których teraz nie korzystam - przestawiłam sterowniki na poprzednie.

Powiem, że chyba ten fix troszkę pomógł. Po restarcie komputera nie znikają już ikonki itd., zostaje jedynie zawieszony pasek narzędzi przez jakieś 25 - 30 minut, potem dopiero jest ten windowsowy dźwięk po uruchomieniu i wszystko ładnie chodzi. " svchost.exe " już jest w normie. Bynajmniej na razie :slight_smile:

All processes killed

========== OTL ==========

HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\Default_Search_URL| /E : value set successfully!

Prefs.js: "Ask" removed from browser.search.defaultenginename

Prefs.js: "Ask" removed from browser.search.order.1

Prefs.js: "http://toolbar.ask.com/toolbarv/askRedirect?o=101699&gct=&gc=1&q=" removed from keyword.URL

C:\Documents and Settings\beata\Dane aplikacji\Mozilla\Firefox\Profiles\zijrpplk.default\searchplugins\ask.xml moved successfully.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{B9D1647F-A66A-4695-B249-07901A45FF59} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B9D1647F-A66A-4695-B249-07901A45FF59}\ not found.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}\ not found.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A}\ not found.

File move failed. C:\Documents and Settings\beata\Menu Start\Programy\Autostart\netuza32.exe scheduled to be moved on reboot.

C:\WINDOWS\system32\fjhdyfhsn.bat moved successfully.

C:\Documents and Settings\beata\Dane aplikacji\avdrn.dat moved successfully.

========== COMMANDS ==========


[EMPTYTEMP]


User: Administrator

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->FireFox cache emptied: 2506846 bytes


User: All Users


User: beata

->Temp folder emptied: 650049 bytes

->Temporary Internet Files folder emptied: 32768 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 57789245 bytes


User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 67 bytes


User: LocalService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 32902 bytes


User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 67 bytes


%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 2199722 bytes

%systemroot%\System32 .tmp files removed: 2596 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 65536 bytes

RecycleBin emptied: 0 bytes


Total Files Cleaned = 60,00 mb



OTL by OldTimer - Version 3.1.28.0 log created on 02162010_115807


Files\Folders moved on Reboot...

C:\Documents and Settings\beata\Menu Start\Programy\Autostart\netuza32.exe moved successfully.


Registry entries deleted on Reboot...

I nowy log

OTL logfile created on: 2010-02-16 13:09:52 - Run 3

OTL by OldTimer - Version 3.1.28.0 Folder = C:\Documents and Settings\beata\Pulpit

Windows XP Professional Edition (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2600.0000)

Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd


767,00 Mb Total Physical Memory | 311,00 Mb Available Physical Memory | 41,00% Memory free

2,00 Gb Paging File | 1,00 Gb Available in Paging File | 75,00% Paging File free

Paging file location(s): c:\pagefile.sys 1152 2304 [binary data]


%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 37,26 Gb Total Space | 3,22 Gb Free Space | 8,63% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded


Computer Name: ANDA

Current User Name: beata

Logged in as Administrator.


Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard


[color=#E56717]========== Processes (SafeList) ==========[/color]


PRC - [2010-02-16 10:17:09 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\beata\Pulpit\OTL.exe

PRC - [2010-01-08 15:18:58 | 000,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe

PRC - [2009-11-25 00:51:40 | 000,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe

PRC - [2009-11-25 00:51:35 | 000,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe

PRC - [2009-11-25 00:51:21 | 000,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

PRC - [2009-11-25 00:48:48 | 000,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

PRC - [2009-11-25 00:43:56 | 000,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

PRC - [2009-08-27 16:26:02 | 001,597,832 | ---- | M] (FRISK Software International) -- C:\Program Files\FRISK Software\F-PROT Antivirus for Windows\FProtTray.exe

PRC - [2009-08-27 16:26:02 | 000,075,424 | ---- | M] (FRISK Software International) -- C:\Program Files\FRISK Software\F-PROT Antivirus for Windows\FPAVServer.exe

PRC - [2009-07-01 17:38:40 | 001,481,056 | ---- | M] (Nullsoft) -- C:\Program Files\Winamp\winamp.exe

PRC - [2009-07-01 17:37:06 | 000,037,888 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe

PRC - [2006-11-17 05:42:52 | 000,577,536 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE

PRC - [2005-04-06 16:03:28 | 000,110,592 | ---- | M] () -- C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe

PRC - [2001-10-26 18:29:52 | 001,002,496 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2001-10-23 09:57:48 | 002,191,360 | ---- | M] (Leadtek Research Inc.) -- C:\WINDOWS\system32\Wf2k.exe



[color=#E56717]========== Modules (SafeList) ==========[/color]


MOD - [2010-02-16 10:17:09 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\beata\Pulpit\OTL.exe

MOD - [2001-08-18 07:37:18 | 000,921,088 | R--- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll



[color=#E56717]========== Win32 Services (SafeList) ==========[/color]


SRV - [2009-11-25 00:51:35 | 000,138,680 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)

SRV - [2009-11-25 00:51:21 | 000,254,040 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)

SRV - [2009-11-25 00:48:48 | 000,352,920 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)

SRV - [2009-11-25 00:43:56 | 000,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)

SRV - [2009-08-27 16:26:02 | 000,075,424 | ---- | M] (FRISK Software International) [Auto | Running] -- C:\Program Files\FRISK Software\F-PROT Antivirus for Windows\FPAVServer.exe -- (FPAVServer)

SRV - [2008-02-06 16:42:07 | 000,107,832 | ---- | M] () [Disabled | Stopped] -- C:\WINDOWS\system32\PnkBstrB.exe -- (PnkBstrB)

SRV - [2008-01-31 17:48:12 | 000,066,872 | ---- | M] () [Disabled | Stopped] -- C:\WINDOWS\system32\PnkBstrA.exe -- (PnkBstrA)

SRV - [2005-04-06 16:03:28 | 000,110,592 | ---- | M] () [Auto | Running] -- C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe -- (BlueSoleil Hid Service)

SRV - [2003-10-06 15:16:00 | 000,081,920 | ---- | M] (NVIDIA Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc)

SRV - [2003-07-28 19:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)



[color=#E56717]========== Driver Services (SafeList) ==========[/color]


DRV - [2009-11-25 00:50:59 | 000,094,160 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2)

DRV - [2009-11-25 00:50:12 | 000,114,768 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)

DRV - [2009-11-25 00:49:07 | 000,048,560 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)

DRV - [2009-11-25 00:48:57 | 000,023,120 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)

DRV - [2009-11-25 00:47:54 | 000,027,408 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4)

DRV - [2009-08-27 16:25:54 | 000,682,840 | ---- | M] (FRISK Software International) [File_System | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\FStopW.sys -- (FPAV_RTP)

DRV - [2009-04-28 21:20:06 | 000,044,944 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)

DRV - [2008-12-06 13:56:40 | 000,012,464 | ---- | M] (Macrovision Europe Ltd) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)

DRV - [2006-12-04 17:11:46 | 004,025,984 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)

DRV - [2006-02-27 05:46:20 | 000,081,408 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)

DRV - [2005-05-31 15:40:20 | 000,020,480 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\blueletaudio.sys -- (BlueletAudio)

DRV - [2005-04-30 14:50:24 | 000,011,736 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VHIDMini.sys -- (VHidMinidrv)

DRV - [2005-04-30 14:50:20 | 000,011,860 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vbtenum.sys -- (BTHidEnum)

DRV - [2005-04-30 14:50:10 | 000,028,271 | ---- | M] (IVT Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\BTHidMgr.sys -- (BTHidMgr)

DRV - [2005-03-25 17:18:48 | 000,082,148 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VcommMgr.sys -- (VcommMgr)

DRV - [2004-10-19 13:37:38 | 000,061,312 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VComm.sys -- (VComm)

DRV - [2003-12-11 16:54:14 | 000,391,424 | ---- | M] (Sensaura Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS -- (ALCXSENS)

DRV - [2003-10-06 15:16:00 | 001,550,043 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)

DRV - [2001-10-30 05:30:00 | 000,003,033 | ---- | M] (VIA Technologies. Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\VIAPFD.SYS -- (VIAPFD)

DRV - [2001-09-06 17:50:44 | 000,010,652 | ---- | M] (Leadtek Research Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wfsys.sys -- (WFsys)

DRV - [2001-08-17 22:57:36 | 000,005,888 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rootmdm.sys -- (ROOTMODEM)

DRV - [2001-08-17 22:49:56 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)



[color=#E56717]========== Standard Registry (SafeList) ==========[/color]



[color=#E56717]========== Internet Explorer ==========[/color]


IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = 


IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


[color=#E56717]========== FireFox ==========[/color]


FF - prefs.js..browser.search.defaultenginename: ""

FF - prefs.js..browser.search.order.1: ""

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..extensions.enabledItems: {eaf8a4ef-d221-45ca-9deb-d0934b45fa34}:1.3.0.3

FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.5.1

FF - prefs.js..extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.0.7


FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-01-25 17:43:54 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-01-08 15:19:05 | 000,000,000 | ---D | M]


[2008-09-02 14:17:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\beata\Dane aplikacji\Mozilla\Extensions

[2010-02-15 20:05:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\beata\Dane aplikacji\Mozilla\Firefox\Profiles\zijrpplk.default\extensions

[2009-11-10 16:23:54 | 000,000,000 | ---D | M] (Stylish) -- C:\Documents and Settings\beata\Dane aplikacji\Mozilla\Firefox\Profiles\zijrpplk.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}

[2009-05-22 10:02:40 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\beata\Dane aplikacji\Mozilla\Firefox\Profiles\zijrpplk.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}

[2009-05-15 17:42:10 | 000,000,000 | ---D | M] (OggX (powered by TIME S.A.)) -- C:\Documents and Settings\beata\Dane aplikacji\Mozilla\Firefox\Profiles\zijrpplk.default\extensions\{eaf8a4ef-d221-45ca-9deb-d0934b45fa34}

[2010-02-09 20:16:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\beata\Dane aplikacji\Mozilla\Firefox\Profiles\zijrpplk.default\extensions\personas@christopher.beard

[2008-06-27 16:36:26 | 000,001,196 | ---- | M] () -- C:\Documents and Settings\beata\Dane aplikacji\Mozilla\Firefox\Profiles\zijrpplk.default\searchplugins\winamp-search.xml

[2010-02-15 20:05:33 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

[2009-05-22 10:01:41 | 000,072,960 | ---- | M] (Foxit Software Company) -- C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll

[2009-11-03 02:54:10 | 000,002,767 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml

[2009-11-03 02:54:10 | 000,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml

[2009-11-03 02:54:10 | 000,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml

[2009-11-03 02:54:10 | 000,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml

[2009-11-03 02:54:10 | 000,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml

[2009-11-03 02:54:10 | 000,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml


O1 HOSTS File: ([2009-11-05 10:07:29 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (IEPluginBHO Class) - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Documents and Settings\beata\Dane aplikacji\Nowe Gadu-Gadu\_userdata\ggbho.1.dll (GG Network S.A.)

O3 - HKLM\..\Toolbar: (&Radio) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx (Microsoft Corporation)

O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)

O4 - HKLM..\Run: [F-PROT Antivirus Tray application] C:\Program Files\FRISK Software\F-PROT Antivirus for Windows\FProtTray.exe (FRISK Software International)

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)

O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()

O4 - HKLM..\Run: [WinFast_2K] C:\WINDOWS\system32\Wf2k.exe (Leadtek Research Inc.)

O4 - HKLM..\Run: [WinFast2KLoadDefault] C:\WINDOWS\System32\WF2KCPL.dll (Leadtek Research Inc.)

O4 - HKCU..\Run: [NvMediaCenter] C:\WINDOWS\System32\NVMCTRAY.DLL (NVIDIA Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)

O9 - Extra Button: @shdoclc.dll,-866 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\Web\related.htm ()

O9 - Extra 'Tools' menuitem : @shdoclc.dll,-864 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\Web\related.htm ()

O15 - HKCU\..Trusted Domains: com.tw ([asia.msi] http in Zaufane witryny)

O15 - HKCU\..Trusted Domains: com.tw ([global.msi] http in Zaufane witryny)

O15 - HKCU\..Trusted Domains: com.tw ([www.msi] http in Zaufane witryny)

O15 - HKCU\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.

O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} http://liveupdate.msi.com.tw/autobios/LOnline/install.cab (WebSDev Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)

O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O18 - Protocol\Handler\vnd.ms.radio {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\WINDOWS\system32\msdxm.ocx (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home

O24 - Desktop WallPaper: C:\Documents and Settings\beata\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\beata\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2008-12-27 22:08:43 | 000,000,098 | ---- | M] () - C:\AUTOEXEC.BAT -- [NTFS]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - comfile [open] -- "%1" %*

O35 - exefile [open] -- "%1" %*


[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]


[2010-02-16 12:27:37 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\beata\Recent

[2010-02-16 11:58:07 | 000,000,000 | ---D | C] -- C:\_OTL

[2010-02-16 10:16:16 | 000,549,376 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\beata\Pulpit\OTL.exe

[2010-02-15 21:23:03 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro

[2010-02-15 21:14:03 | 000,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\beata\Pulpit\HJTInstall.exe

[2010-02-15 19:05:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\beata\Dane aplikacji\FRISK Software

[2010-02-15 18:55:11 | 000,682,840 | ---- | C] (FRISK Software International) -- C:\WINDOWS\System32\drivers\FStopW.sys

[2010-02-15 18:53:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\FRISK Software

[2010-02-15 18:53:34 | 000,000,000 | ---D | C] -- C:\Program Files\FRISK Software

[2010-02-14 21:22:21 | 001,470,537 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvwdmcpl.dll

[2010-02-14 21:22:21 | 001,126,400 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nview.dll

[2010-02-14 21:22:21 | 000,741,376 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nwiz.exe

[2010-02-14 21:22:21 | 000,430,152 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvshell.dll

[2010-02-14 21:22:21 | 000,073,728 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvtuicpl.cpl

[2010-02-14 21:22:20 | 000,393,216 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvappbar.exe

[2010-02-14 21:22:20 | 000,290,816 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\keystone.exe

[2010-02-14 19:37:17 | 000,033,408 | ---- | C] (Toshiba Corp.) -- C:\WINDOWS\System32\drivers\lbrtfdc.sys

[2010-02-14 19:37:17 | 000,033,408 | ---- | C] (Toshiba Corp.) -- C:\WINDOWS\System32\dllcache\lbrtfdc.sys

[2010-02-14 19:36:33 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\i2omgmt.sys

[2010-02-14 19:36:05 | 000,007,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\changer.sys

[2010-02-14 19:36:05 | 000,007,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\changer.sys

[2010-02-08 19:38:44 | 000,000,000 | ---D | C] -- C:\Program Files\Guitar Pro 5

[2010-02-08 13:38:03 | 000,107,888 | ---- | C] (Sony DADC Austria AG.) -- C:\WINDOWS\System32\CmdLineExt.dll

[2010-02-08 13:33:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\nView_Profiles

[2010-02-08 13:30:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NVSYS

[2010-02-07 19:21:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\beata\Moje dokumenty\Bethesda

[2010-02-07 19:02:45 | 000,000,000 | ---D | C] -- C:\Program Files\Bethesda Softworks

[2010-01-17 21:59:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\beata\Dane aplikacji\AccurateRip

[2010-01-17 21:59:03 | 000,000,000 | ---D | C] -- C:\Program Files\Illustrate

[2008-01-15 23:57:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Microsoft

[2008-01-15 23:57:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Microsoft

[2008-01-15 23:41:09 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Dane aplikacji\Microsoft

[2008-01-15 23:41:09 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Dane aplikacji\Microsoft


[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]


[2010-02-16 12:05:39 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010-02-16 11:59:33 | 004,194,304 | -H-- | M] () -- C:\Documents and Settings\beata\NTUSER.DAT

[2010-02-16 11:59:33 | 000,000,190 | -HS- | M] () -- C:\Documents and Settings\beata\ntuser.ini

[2010-02-16 10:17:09 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\beata\Pulpit\OTL.exe

[2010-02-16 09:13:38 | 001,578,542 | -H-- | M] () -- C:\Documents and Settings\beata\Ustawienia lokalne\Dane aplikacji\IconCache.db

[2010-02-16 09:12:26 | 000,009,448 | ---- | M] () -- C:\WINDOWS\system.ini

[2010-02-16 09:12:26 | 000,000,713 | ---- | M] () -- C:\WINDOWS\win.ini

[2010-02-16 09:12:26 | 000,000,264 | RHS- | M] () -- C:\boot.ini

[2010-02-16 09:08:18 | 000,002,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\winsock.dll

[2010-02-16 09:08:18 | 000,002,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winsock.dll

[2010-02-15 23:38:43 | 000,036,556 | ---- | M] () -- C:\Documents and Settings\beata\Pulpit\blad1.jpg

[2010-02-15 21:23:04 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\beata\Pulpit\HijackThis.lnk

[2010-02-15 21:14:36 | 000,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\beata\Pulpit\HJTInstall.exe

[2010-02-15 18:55:49 | 000,001,900 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\F-PROT Antivirus dla Windows.lnk

[2010-02-15 18:35:24 | 026,205,696 | ---- | M] () -- C:\Documents and Settings\beata\Pulpit\fp6(2).msi

[2010-02-15 18:34:34 | 026,205,696 | ---- | M] () -- C:\Documents and Settings\beata\Pulpit\fp6.msi

[2010-02-14 19:16:29 | 000,088,566 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml

[2010-02-14 19:16:03 | 000,002,184 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2010-02-09 15:22:05 | 000,121,336 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2010-02-08 19:44:45 | 000,040,960 | ---- | M] () -- C:\Documents and Settings\beata\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010-02-08 19:43:22 | 000,020,392 | ---- | M] () -- C:\Documents and Settings\beata\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT

[2010-02-08 19:39:08 | 000,000,619 | ---- | M] () -- C:\Documents and Settings\beata\Pulpit\Guitar Pro 5.lnk

[2010-02-08 13:38:03 | 000,107,888 | ---- | M] (Sony DADC Austria AG.) -- C:\WINDOWS\System32\CmdLineExt.dll

[2010-02-07 19:16:40 | 000,001,065 | ---- | M] () -- C:\Documents and Settings\beata\Pulpit\Mroczne Zakątki Świata.lnk

[2010-01-17 22:02:33 | 000,003,663 | ---- | M] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp m4a Codec.dat

[2010-01-17 22:02:18 | 000,033,846 | ---- | M] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp m4a Codec.bmp

[2010-01-17 22:00:31 | 001,085,616 | ---- | M] () -- C:\WINDOWS\System32\SpoonUninstall.exe


[color=#E56717]========== Files Created - No Company Name ==========[/color]


[2010-02-15 23:38:43 | 000,036,556 | ---- | C] () -- C:\Documents and Settings\beata\Pulpit\blad1.jpg

[2010-02-15 21:23:03 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\beata\Pulpit\HijackThis.lnk

[2010-02-15 18:55:49 | 000,001,900 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\F-PROT Antivirus dla Windows.lnk

[2010-02-15 18:34:57 | 026,205,696 | ---- | C] () -- C:\Documents and Settings\beata\Pulpit\fp6(2).msi

[2010-02-15 17:33:03 | 026,205,696 | ---- | C] () -- C:\Documents and Settings\beata\Pulpit\fp6.msi

[2010-02-08 19:39:08 | 000,000,619 | ---- | C] () -- C:\Documents and Settings\beata\Pulpit\Guitar Pro 5.lnk

[2010-02-07 19:16:40 | 000,001,065 | ---- | C] () -- C:\Documents and Settings\beata\Pulpit\Mroczne Zakątki Świata.lnk

[2010-01-17 22:02:33 | 000,033,846 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp m4a Codec.bmp

[2010-01-17 22:02:33 | 000,003,663 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp m4a Codec.dat

[2010-01-17 21:59:15 | 001,085,616 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall.exe

[2010-01-04 21:16:08 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll

[2010-01-04 21:16:08 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll

[2010-01-04 21:16:07 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll

[2009-07-25 22:45:38 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini

[2009-07-24 16:14:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Irremote.ini

[2009-07-24 16:02:19 | 000,000,042 | ---- | C] () -- C:\Documents and Settings\beata\Dane aplikacji\default.pls

[2009-06-20 17:31:34 | 000,000,020 | ---- | C] () -- C:\WINDOWS\mafosav.INI

[2009-02-01 18:38:13 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\fsgscom.dll

[2009-01-21 19:59:13 | 000,000,761 | ---- | C] () -- C:\WINDOWS\m3jp2k.ini

[2009-01-21 19:59:13 | 000,000,702 | ---- | C] () -- C:\WINDOWS\mmtvmj.ini

[2009-01-21 19:59:12 | 000,000,714 | ---- | C] () -- C:\WINDOWS\m3jpeg.ini

[2009-01-21 19:59:09 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll

[2009-01-21 19:59:07 | 000,152,064 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll

[2009-01-21 19:59:05 | 000,761,856 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll

[2009-01-19 14:54:36 | 000,013,304 | ---- | C] () -- C:\WINDOWS\System32\drivers\BTNetFilter.sys

[2009-01-19 14:54:36 | 000,011,860 | ---- | C] () -- C:\WINDOWS\System32\drivers\vbtenum.sys

[2008-11-18 20:00:10 | 000,040,960 | ---- | C] () -- C:\Documents and Settings\beata\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2008-10-12 13:00:32 | 000,033,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\oreans32.sys

[2008-06-12 17:44:49 | 000,000,421 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2008-04-19 18:02:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI

[2008-04-19 17:58:37 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\CNMVS6e.DLL

[2008-02-09 13:48:32 | 000,000,172 | ---- | C] () -- C:\WINDOWS\WBLOCKER.INI

[2008-01-31 17:48:24 | 000,022,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\pnkbstrk.sys

[2008-01-31 03:03:26 | 000,054,608 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll

[2008-01-21 14:29:06 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll

[2008-01-16 00:54:36 | 000,000,204 | ---- | C] () -- C:\WINDOWS\RtlRack.ini

[2008-01-16 00:46:11 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll

[2007-12-14 09:21:32 | 000,009,216 | ---- | C] () -- C:\WINDOWS\System32\drivers\FlashSys.sys

[2006-10-22 12:22:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll

[2006-10-22 12:22:00 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll

[2006-10-22 12:22:00 | 000,225,280 | ---- | C] () -- C:\WINDOWS\System32\nvwrsda.dll

[2006-10-22 12:22:00 | 000,212,992 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll

[2004-05-31 07:02:04 | 000,220,672 | ---- | C] () -- C:\WINDOWS\System32\B4FM.dll

[2004-03-05 10:39:48 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\unacev2.dll

[2003-10-06 15:16:00 | 000,027,136 | ---- | C] () -- C:\WINDOWS\System32\nvcod.dll

[1997-06-14 00:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll

< End of report >

winsock.dll skanowałam - nic nie wykryło.

#7

Przynajmniej jedna dobra wiadomość.

W logu nie widać nic szkodliwego.

To może nie mieć związku z infekcją, ale nie można też tego wykluczyć.

Użyj jeszcze >http://www.dobreprogramy.pl/Malwarebytes-AntiMalware,Program,Windows,13117.html

Jeśli coś wykryje, to pokażesz raport.

jessi

#8

Malwarebytes nic nie wykrył i pasek po uruchomieniu nadal się zawiesza na jakieś 20 minut :frowning:

w każdym razie - dziękuje za odpowiedzi i pomoc :slight_smile: