REKLAMA

combofix.txt

Svhost.exe obciąża CPU 100% - podejrzenie wirusa Jeefo, analiza logów

Witam, mam problem z ciągłym przeciążeniem procka. Procesów svhost.exe mam chyba z 9. Podobno to jest wirus Jeefo, albo coś takiego. Czytałem przez kilka dni o tym, o usuwaniu w trybie awaryjnym ale coś mi nie wyszło. Podaję logi z combo fixa, hijacka i OTL. Proszę o rzucenie okiem, bo męczę się z tym problemem od dłuższego czasu, a format wszystkich partycji średnio mnie urządza. Pozdrawiam.


Pobierz plik - link do postu

ComboFix 10-03-02.02 - Mardok 2010-03-02 22:41:48.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1250.48.1045.18.3071.2638 [GMT 1:00]
Uruchomiony z: d:\documents and settings\Mardok\Moje dokumenty\Downloads\1479871.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.

((((((((((((((((((((((((((((((((((((((( Usuniêto )))))))))))))))))))))))))))))))))))))))))))))))))
.

d:\docume~1\Mardok\USTAWI~1\Temp\install_flash_player.exe

.
((((((((((((((((((((((((( Pliki utworzone od 2010-02-02 do 2010-03-02 )))))))))))))))))))))))))))))))
.

2010-03-02 20:40 . 2010-03-02 20:40 -------- d-----w- d:\documents and settings\Mardok\Dane aplikacji\Malwarebytes
2010-03-02 20:40 . 2008-10-22 15:28 15504 ----a-w- d:\windows\system32\drivers\mbam.sys
2010-03-02 20:40 . 2008-10-22 15:28 38496 ----a-w- d:\windows\system32\drivers\mbamswissarmy.sys
2010-03-02 20:40 . 2010-03-02 20:40 -------- d-----w- d:\program files\Malwarebytes' Anti-Malware
2010-03-02 20:40 . 2010-03-02 20:40 -------- d-----w- d:\documents and settings\All Users\Dane aplikacji\Malwarebytes
2010-03-01 20:34 . 2010-03-01 20:34 -------- d-----w- d:\documents and settings\Mardok\Dane aplikacji\e-Deklaracje.A1909296681C7ACEFE45687D3A64758C8659BF46.1
2010-03-01 20:34 . 2010-03-01 20:33 38784 ----a-w- d:\documents and settings\Mardok\Dane aplikacji\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-03-01 20:34 . 2010-03-01 20:34 -------- d-----w- d:\program files\e-Deklaracje
2010-03-01 20:34 . 2010-03-01 20:33 38784 ----a-w- d:\documents and settings\Default User\Dane aplikacji\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-03-01 20:34 . 2010-03-01 20:34 -------- d-----w- d:\program files\Common Files\Adobe AIR
2010-03-01 20:16 . 2010-03-01 20:56 -------- d-----w- d:\program files\Pytacz Master
2010-02-27 14:29 . 2010-02-27 14:29 -------- d-----w- d:\program files\Trend Micro
2010-02-26 23:24 . 2010-02-26 23:24 118784 ----a-w- d:\documents and settings\All Users\Dane aplikacji\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimwmp.dll
2010-02-21 18:27 . 2010-02-21 18:35 -------- d-----w- d:\program files\GordianKnot
2010-02-18 20:19 . 2010-02-18 20:19 -------- d-----w- d:\documents and settings\Mardok\Ustawienia lokalne\Dane aplikacji\HP
2010-02-16 17:51 . 2010-02-19 07:25 -------- d-----w- d:\program files\Asprate
2010-02-15 22:13 . 2010-02-15 22:54 -------- d-----w- d:\documents and settings\Mardok\Dane aplikacji\Ashampoo
2010-02-15 22:10 . 2010-02-15 22:10 -------- d-----w- d:\documents and settings\Mardok\Ustawienia lokalne\Dane aplikacji\ashampoo
2010-02-15 22:10 . 2010-02-15 22:10 -------- d-----w- d:\documents and settings\All Users\Dane aplikacji\ashampoo
2010-02-15 22:10 . 2010-02-15 22:10 -------- d-----w- d:\program files\Ashampoo
2010-02-15 22:10 . 2010-02-15 22:10 -------- d-----w- d:\documents and settings\All Users\Dane aplikacji\page
2010-02-13 17:32 . 2010-02-13 17:32 -------- d-----w- d:\windows\Cache
2010-02-11 22:59 . 2010-02-11 22:59 -------- d-----w- d:\windows\Sun
2010-02-11 21:11 . 2010-02-11 21:11 -------- d-----w- d:\documents and settings\Mardok\Ustawienia lokalne\Dane aplikacji\Pure Motion
2010-02-11 20:58 . 2010-02-11 20:58 -------- d-----w- d:\program files\Pure Motion
2010-02-11 14:19 . 2010-02-11 14:19 -------- d-----w- d:\documents and settings\Mardok\Ustawienia lokalne\Dane aplikacji\WMTools Downloaded Files
2010-02-10 13:37 . 2010-02-10 13:37 -------- d-----w- d:\documents and settings\Mardok\Dane aplikacji\Media Player Classic
2010-02-09 23:12 . 2010-02-09 23:12 -------- d-----w- d:\windows\XSxS
2010-02-09 23:12 . 2010-02-09 23:12 -------- d-----w- d:\program files\Xenocode
2010-02-09 12:09 . 2010-02-09 12:09 -------- d-----w- d:\documents and settings\Mardok\Dane aplikacji\U3
2010-02-08 10:42 . 2010-02-08 10:42 -------- d-----w- d:\program files\AidemMedia
2010-02-07 17:25 . 2010-02-07 17:25 -------- d-----w- d:\documents and settings\Mardok\Ustawienia lokalne\Dane aplikacji\Mediachance
2010-02-07 17:08 . 2010-02-07 17:25 -------- d-----w- d:\program files\EditStudio6
2010-02-06 21:38 . 2010-02-06 21:38 348160 ----a-w- d:\documents and settings\Mardok\Dane aplikacji\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-43a1f009-n\msvcr71.dll
2010-02-06 21:38 . 2010-02-06 21:38 503808 ----a-w- d:\documents and settings\Mardok\Dane aplikacji\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-43a1f009-n\msvcp71.dll
2010-02-06 21:38 . 2010-02-06 21:38 499712 ----a-w- d:\documents and settings\Mardok\Dane aplikacji\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-43a1f009-n\jmc.dll
2010-02-06 21:38 . 2010-02-06 21:38 61440 ----a-w- d:\documents and settings\Mardok\Dane aplikacji\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-3eda2ddb-n\decora-sse.dll
2010-02-06 21:38 . 2010-02-06 21:38 12800 ----a-w- d:\documents and settings\Mardok\Dane aplikacji\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-3eda2ddb-n\decora-d3d.dll
2010-02-06 21:38 . 2010-02-06 21:38 -------- d-----w- d:\program files\Common Files\Java
2010-02-06 21:37 . 2010-02-06 21:37 411368 ----a-w- d:\windows\system32\deploytk.dll
2010-02-06 21:37 . 2010-02-06 21:37 -------- d-----w- d:\program files\Java
2010-02-06 18:38 . 2010-02-06 18:41 -------- d-----w- d:\program files\DynamicPhotoHDR4
2010-02-06 18:19 . 2010-02-06 18:21 -------- d-----w- d:\documents and settings\Mardok\Dane aplikacji\Mp3tag
2010-02-06 18:19 . 2010-02-06 18:19 -------- d-----w- d:\program files\Mp3tag
2010-02-06 18:15 . 2010-02-06 18:15 -------- d-----w- d:\documents and settings\Mardok\Ustawienia lokalne\Dane aplikacji\vdownloader
2010-02-06 18:14 . 2010-02-06 18:14 -------- d-----w- d:\program files\Common Files\eBay
2010-02-05 21:45 . 2010-02-06 12:07 -------- d-----w- d:\program files\ILO
2010-02-05 21:36 . 2008-07-10 10:01 467984 ----a-w- d:\windows\system32\d3dx10_39.dll
2010-02-05 21:35 . 2010-02-05 21:35 -------- d-----w- D:\directX
2010-02-05 14:12 . 2010-02-05 21:45 -------- d-----w- d:\program files\Adventure Maker v4.5.2
2010-02-04 22:33 . 2010-02-04 22:33 -------- d-----w- d:\program files\SubEdit-Player
2010-02-04 22:15 . 2010-02-27 19:35 -------- d-----w- d:\program files\NAPI-PROJEKT
2010-02-03 19:41 . 2002-12-12 00:14 602624 ----a-w- d:\windows\system32\dx7vbC.dll
2010-02-03 19:41 . 1998-06-14 02:53 44544 ----a-w- d:\windows\system32\Gif89.dll
2010-02-03 10:15 . 1995-03-02 23:00 92576 ----a-w- d:\windows\system\Odbcinst.dll
2010-02-03 10:15 . 1995-03-02 23:00 88896 ----a-w- d:\windows\system\Odbccurs.dll
2010-02-03 10:15 . 1995-03-02 23:00 6464 ----a-w- d:\windows\system\Odbcadm.exe
2010-02-03 10:15 . 1995-03-02 23:00 5792 ----a-w- d:\windows\system\Odbc16ut.dll
2010-02-03 10:15 . 1995-03-02 23:00 5632 ----a-w- d:\windows\system\Odbccp32.dll
2010-02-03 10:15 . 1995-03-02 23:00 56240 ----a-w- d:\windows\system\Odbc.dll
2010-02-03 10:15 . 1995-03-02 23:00 3264 ----a-w- d:\windows\system\Cpn16ut.dll
2010-02-03 10:15 . 1995-03-02 23:00 12288 ----a-w- d:\windows\system\Odbc32.dll
2010-02-03 10:15 . 2010-02-03 10:15 -------- d-----w- d:\program files\Sybase
2010-02-03 10:15 . 1998-07-30 11:51 305152 ----a-w- d:\windows\IsUninst.exe
2010-02-03 10:15 . 2010-02-03 10:15 -------- d-----w- d:\documents and settings\Mardok\WINDOWS
2010-02-03 10:15 . 2010-02-03 10:15 -------- d-----w- d:\program files\Tel-Net Software
2010-02-03 10:14 . 2010-03-02 14:04 -------- d-----w- d:\documents and settings\Mardok\Ustawienia lokalne\Dane aplikacji\Adobe
2010-02-03 10:14 . 2010-03-02 13:57 -------- d-----w- d:\program files\Common Files\Adobe
2010-02-02 19:47 . 2006-10-26 18:56 33104 ----a-w- d:\windows\system32\Spool\prtprocs\w32x86\msonpppr.dll
2010-02-02 19:47 . 2006-10-26 18:56 32592 ----a-w- d:\windows\system32\msonpmon.dll
2010-02-02 19:44 . 2010-02-02 19:44 -------- d-----w- d:\program files\Microsoft Works
2010-02-02 19:44 . 2010-02-02 19:44 -------- d-----w- d:\program files\MSBuild
2010-02-02 19:42 . 2010-02-02 19:42 683801 ----a-w- d:\documents and settings\All Users\Dane aplikacji\Last.fm\Client\UninstWMP\unins000.exe
2010-02-02 19:42 . 2010-02-02 19:42 179 ----a-w- d:\documents and settings\All Users\Dane aplikacji\Last.fm\Client\uninst2.bat
2010-02-02 19:42 . 2010-02-02 19:42 -------- d-----w- d:\documents and settings\All Users\Dane aplikacji\Last.fm
2010-02-02 19:42 . 2010-02-02 19:42 683801 ----a-w- d:\documents and settings\All Users\Dane aplikacji\Last.fm\Client\UninstWA\unins000.exe
2010-02-02 19:41 . 2010-03-02 18:20 -------- d-----w- d:\documents and settings\Mardok\Ustawienia lokalne\Dane aplikacji\Last.fm
2010-02-02 19:41 . 2010-02-02 19:41 -------- d-----w- d:\program files\Last.fm
2010-02-02 19:39 . 2010-02-02 19:43 -------- d-----w- d:\windows\SHELLNEW
2010-02-02 19:39 . 2010-02-02 19:39 -------- d-----w- d:\documents and settings\Mardok\Ustawienia lokalne\Dane aplikacji\Microsoft Help
2010-02-02 19:39 . 2010-02-02 19:47 -------- d-----w- d:\documents and settings\All Users\Dane aplikacji\Microsoft Help
2010-02-02 19:39 . 2010-02-02 19:39 -------- d-----r- D:\MSOCache
2010-02-02 19:25 . 2010-02-02 19:25 -------- d-----w- d:\windows\Logs
2010-02-02 19:20 . 2009-12-12 14:15 178176 ----a-w- d:\windows\system32\unrar.dll
2010-02-02 19:20 . 2009-05-29 21:37 205824 ----a-w- d:\windows\system32\xvidvfw.dll
2010-02-02 19:20 . 2009-05-29 21:31 881664 ----a-w- d:\windows\system32\xvidcore.dll
2010-02-02 19:20 . 2004-01-25 16:18 217088 ----a-w- d:\windows\system32\yv12vfw.dll
2010-02-02 19:20 . 2010-01-05 18:00 85504 ----a-w- d:\windows\system32\ff_vfw.dll
2010-02-02 19:20 . 2010-02-02 19:21 -------- d-----w- d:\program files\K-Lite Codec Pack
2010-02-02 18:45 . 2010-02-02 18:45 -------- d-----w- d:\documents and settings\Mardok\Dane aplikacji\Gadu-Gadu
2010-02-02 18:42 . 2010-02-02 18:47 -------- d-----w- d:\documents and settings\Mardok\Gadu-Gadu
2010-02-02 18:41 . 2010-02-02 18:42 -------- d-----w- d:\program files\Gadu-Gadu
2010-02-02 15:52 . 2010-02-12 08:22 -------- d-----w- d:\program files\uTorrent
2010-02-02 15:50 . 2010-02-25 19:46 -------- d-----w- d:\documents and settings\Mardok\Dane aplikacji\uTorrent
2010-02-02 15:33 . 2010-02-02 15:33 -------- d-----w- d:\documents and settings\Mardok\Ustawienia lokalne\Dane aplikacji\cache
2010-02-02 15:28 . 2010-02-02 15:28 -------- d-----w- d:\documents and settings\All Users\Dane aplikacji\Gadu-Gadu 10
2010-02-02 15:28 . 2010-02-02 15:33 -------- d-----w- d:\documents and settings\Mardok\Dane aplikacji\Gadu-Gadu 10
2010-02-02 15:24 . 2010-02-02 15:24 -------- d-----w- d:\documents and settings\All Users\Dane aplikacji\WEBREG
2010-02-02 15:24 . 2010-02-18 20:19 -------- d-----w- d:\documents and settings\Mardok\Dane aplikacji\HP
2010-02-02 15:22 . 2009-04-16 13:08 123904 ----a-w- d:\windows\system32\hpf3l70v.dll
2010-02-02 15:22 . 2009-04-16 13:08 312832 ----a-w- d:\windows\system32\Spool\prtprocs\w32x86\hpfpp70v.dll
2010-02-02 15:19 . 2010-02-02 16:02 -------- d-----w- d:\documents and settings\Mardok\Dane aplikacji\Nowe Gadu-Gadu
2010-02-02 15:19 . 2010-02-02 15:19 -------- d-----w- d:\documents and settings\All Users\Dane aplikacji\HP Product Assistant
2010-02-02 15:16 . 2010-02-02 15:16 -------- d-----w- d:\program files\Common Files\HP
2010-02-02 15:16 . 2010-02-02 15:16 -------- d-----w- d:\program files\Common Files\Hewlett-Packard
2010-02-02 15:15 . 2010-02-02 15:24 -------- d-----w- d:\documents and settings\All Users\Dane aplikacji\HP
2010-02-02 15:15 . 2009-02-11 11:03 712704 ----a-w- d:\windows\system32\hposwia_d02c.dll
2010-02-02 15:15 . 2009-02-11 11:03 589824 ----a-w- d:\windows\system32\hpost_d02c.dll
2010-02-02 15:15 . 2009-02-11 11:03 315392 ----a-w- d:\windows\system32\hposc_d02a.dll
2010-02-02 15:15 . 2008-10-29 00:27 372736 ----a-w- d:\windows\system32\hppldcoi.dll
2010-02-02 15:15 . 2008-10-29 00:27 309760 ----a-w- d:\windows\system32\difxapi.dll
2010-02-02 15:15 . 2008-10-29 00:27 21568 ----a-w- d:\windows\system32\drivers\HPZius12.sys
2010-02-02 15:15 . 2008-10-29 00:27 16496 ----a-w- d:\windows\system32\drivers\HPZipr12.sys
2010-02-02 15:15 . 2008-10-29 00:27 49920 ----a-w- d:\windows\system32\drivers\HPZid412.sys
2010-02-02 15:15 . 2009-04-16 11:53 452408 ----a-w- d:\windows\system32\hpzids01.dll
2010-02-02 15:15 . 2010-02-02 15:15 -------- dc----w- d:\windows\system32\DRVSTORE
2010-02-02 15:14 . 2008-04-13 23:15 15104 -c--a-w- d:\windows\system32\dllcache\usbscan.sys
2010-02-02 15:14 . 2008-04-13 23:15 15104 ----a-w- d:\windows\system32\drivers\usbscan.sys
2010-02-02 15:13 . 2010-02-06 12:09 -------- d-----w- d:\program files\HP
2010-02-02 15:12 . 2010-02-02 15:24 169531 ----a-w- d:\windows\hpoins44.dat
2010-02-02 15:12 . 2009-06-11 23:30 586 ------w- d:\windows\hpomdl44.dat
2010-02-02 15:07 . 2010-02-02 15:07 932368 ----a-w- d:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\profiles-1-6.dll
2010-02-02 15:07 . 2010-02-02 15:07 678416 ----a-w- d:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\content_interpreter-1-1.dll
2010-02-02 15:07 . 2010-02-02 15:07 604688 ----a-w- d:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\gsg-3-9.dll
2010-02-02 15:07 . 2010-02-02 15:07 522768 ----a-w- d:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\database-1-5.dll

.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-26 23:24 . 2010-02-26 23:24 118784 ----a-w- d:\documents and settings\All Users\Dane aplikacji\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimswf.dll
2010-02-26 23:24 . 2010-02-26 23:24 118784 ----a-w- d:\documents and settings\All Users\Dane aplikacji\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimrp.dll
2010-02-26 23:24 . 2010-02-26 23:24 118784 ----a-w- d:\documents and settings\All Users\Dane aplikacji\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimqt.dll
2010-02-26 23:24 . 2010-02-26 23:24 300616 ----a-w- d:\documents and settings\All Users\Dane aplikacji\Real\RealPlayer\BrowserRecordPlugin\Common\rpmainbrowserrecordplugin.dll
2010-02-26 23:24 . 2010-02-26 23:24 118784 ----a-w- d:\documents and settings\All Users\Dane aplikacji\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordext.dll
2010-02-26 23:24 . 2010-02-26 23:24 118784 ----a-w- d:\documents and settings\All Users\Dane aplikacji\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
2010-02-26 23:24 . 2010-02-26 23:22 -------- d-----w- d:\program files\Common Files\Real
2010-02-26 23:23 . 2010-02-26 23:22 -------- d-----w- d:\program files\Real
2010-02-26 23:23 . 2010-02-26 23:23 -------- d-----w- d:\program files\Common Files\xing shared
2010-02-26 23:22 . 2009-05-21 19:21 499712 ----a-w- d:\windows\system32\msvcp71.dll
2010-02-26 23:22 . 2009-05-21 17:57 348160 ----a-w- d:\windows\system32\msvcr71.dll
2010-02-06 11:53 . 2010-02-02 19:22 -------- d-----w- d:\documents and settings\Mardok\Dane aplikacji\Winamp
2010-02-03 21:10 . 2001-10-26 16:15 57018 ----a-w- d:\windows\system32\perfc015.dat
2010-02-03 21:10 . 2001-10-26 16:15 385834 ----a-w- d:\windows\system32\perfh015.dat
2010-02-03 19:34 . 2010-02-02 19:22 -------- d-----w- d:\program files\Winamp
2010-02-03 17:10 . 2010-02-02 14:11 86327 ----a-w- d:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-02-02 15:06 . 2010-02-02 15:06 80400 ----a-w- d:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.736\fssync.dll
2010-02-02 15:06 . 2010-02-02 15:06 397328 ----a-w- d:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.736\oeas.dll
2010-02-02 15:06 . 2010-02-02 15:06 315408 ----a-w- d:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.736\sys\i386\5.1\klif.sys
2010-02-02 15:06 . 2010-02-02 15:06 19472 ----a-w- d:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.736\kloehk.dll
2010-02-02 15:06 . 2010-02-02 15:06 109072 ----a-w- d:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.736\mzvkbd3.dll
2010-02-02 15:06 . 2010-02-02 15:06 397328 ----a-w- d:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\oeas.dll
2010-02-02 15:06 . 2010-02-02 15:06 80400 ----a-w- d:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\fssync.dll
2010-02-02 15:06 . 2010-02-02 15:06 17936 ----a-w- d:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\kloehk.dll
2010-02-02 15:06 . 2010-02-02 15:06 109072 ----a-w- d:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\mzvkbd3.dll
2010-02-02 15:06 . 2010-02-02 15:06 315408 ----a-w- d:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\sys\i386\5.1\klif.sys
2010-02-02 14:57 . 2010-02-02 14:57 -------- d-----w- d:\program files\NVIDIA Corporation
2010-02-02 14:57 . 2010-02-02 14:57 -------- d-----w- d:\documents and settings\All Users\Dane aplikacji\NVIDIA Corporation
2010-02-02 14:24 . 2010-02-02 14:23 -------- d-----w- d:\program files\Realtek
2010-02-02 14:23 . 2010-02-02 14:23 -------- d--h--w- d:\program files\InstallShield Installation Information
2010-02-02 14:23 . 2010-02-02 14:23 552 ----a-w- d:\windows\system32\d3d8caps.dat
2010-02-02 14:23 . 2010-02-02 14:23 -------- d-----w- d:\documents and settings\Mardok\Dane aplikacji\InstallShield
2010-02-02 14:23 . 2010-02-02 14:23 -------- d-----w- d:\program files\Common Files\InstallShield
2010-02-02 14:21 . 2010-02-02 14:21 -------- d-----w- d:\program files\Intel
2010-02-02 14:12 . 2010-02-02 14:12 -------- d-----w- d:\program files\microsoft frontpage
2010-02-02 14:10 . 2010-02-02 14:10 -------- d-----w- d:\program files\Us³ugi online
2010-02-02 14:09 . 2010-02-02 14:09 21856 ----a-w- d:\windows\system32\emptyregdb.dat
2010-02-02 14:08 . 2010-02-02 14:08 -------- d-----w- d:\program files\Windows Media Connect 2
2010-01-20 12:05 . 2010-01-20 12:05 42088 ----a-w- d:\documents and settings\Mardok\Dane aplikacji\Gadu-Gadu 10\_userdata\ggbho.2.dll
2010-01-12 04:03 . 2010-02-02 14:45 61440 ----a-w- d:\windows\system32\OpenCL.dll
2010-01-12 04:03 . 2010-02-02 14:45 10276768 ----a-w- d:\windows\system32\drivers\nv4_mini.sys
2010-01-12 04:03 . 2010-02-02 14:45 14458880 ----a-w- d:\windows\system32\nvoglnt.dll
2010-01-12 04:03 . 2010-02-02 14:45 4104192 ----a-w- d:\windows\system32\nvcuda.dll
2010-01-12 04:03 . 2010-02-02 14:45 4077672 ----a-w- d:\windows\system32\nvcuvenc.dll
2010-01-12 04:03 . 2010-02-02 14:45 2259560 ----a-w- d:\windows\system32\nvcuvid.dll
2010-01-12 04:03 . 2010-02-02 14:45 182888 ----a-w- d:\windows\system32\nvcodins.dll
2010-01-12 04:03 . 2010-02-02 14:45 182888 ----a-w- d:\windows\system32\nvcod.dll
2010-01-12 04:03 . 2010-02-02 14:45 11632640 ----a-w- d:\windows\system32\nvcompiler.dll
2010-01-12 04:03 . 2010-02-02 14:45 1081344 ----a-w- d:\windows\system32\nvapi.dll
2010-01-12 04:03 . 2010-02-02 14:45 6359168 ----a-w- d:\windows\system32\nv4_disp.dll
2010-01-12 04:03 . 2010-02-02 14:45 2283526 ----a-w- d:\windows\system32\nvdata.bin
.

------- Sigcheck -------

[-] 2008-05-08 . ACCF5A9A1FFAA490F33DBA1C632B95E1 . 361344 . . [5.1.2600.5512] . . d:\windows\system32\drivers\tcpip.sys

[-] 2008-05-08 . 9F02C1CF7C3100E4AEA7DD8B6A86A01B . 1571840 . . [5.1.2600.5512] . . d:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyœlne, prawid³owe wpisy nie s¹ pokazane
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
" Gadu-Gadu " = " d:\program files\Gadu-Gadu\gg.exe " [2008-03-20 2127296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
" AVP " = " d:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe " [2009-10-20 340456]
" Adobe Reader Speed Launcher " = " d:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe " [2009-12-22 35760]
" Adobe ARM " = " d:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe " [2009-12-11 948672]
" NvCplDaemon " = " d:\windows\system32\NvCpl.dll " [2010-01-11 13666408]

[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Menu Start^Programy^Autostart^HP Digital Imaging Monitor.lnk]
path=d:\documents and settings\All Users\Menu Start\Programy\Autostart\HP Digital Imaging Monitor.lnk
backup=d:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2005-05-03 10:43 69632 ------r- d:\windows\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 20:51 15360 ------w- d:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadu-Gadu]
2008-03-20 10:04 2127296 ----a-w- d:\program files\Gadu-Gadu\gg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-02-02 14:27 135664 ----atw- d:\documents and settings\Mardok\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2006-10-26 23:47 31016 ----a-w- d:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2010-01-11 21:17 13666408 ----a-w- d:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2010-01-11 21:17 110696 ----a-w- d:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
2006-05-16 10:04 2879488 ------r- d:\windows\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-01-11 14:21 246504 ----a-w- d:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-02-26 23:22 202256 ----a-w- d:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2010-01-13 22:44 37888 ----a-w- d:\program files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
" AntiVirusOverride " =dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
" DisableMonitoring " =dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
" %windir%\\Network Diagnostic\\xpnetdiag.exe " =
" %windir%\\system32\\sessmgr.exe " =
" d:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe " =
" d:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe " =
" d:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe " =
" d:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe " =
" d:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy2.exe " =
" d:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe " =
" d:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe " =
" d:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe " =
" d:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe " =
" d:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe " =
" d:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe " =
" d:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe " =
" d:\\Program Files\\uTorrent\\utorrent.exe " =
" d:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE " =
" d:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE " =
" d:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE " =

R0 klbg;Kaspersky Lab Boot Guard Driver;d:\windows\system32\drivers\klbg.sys [2009-10-14 36880]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;d:\windows\system32\drivers\klim5.sys [2009-09-14 32272]
R3 klmouflt;Kaspersky Lab KLMOUFLT;d:\windows\system32\drivers\klmouflt.sys [2009-10-02 19472]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
ZawartoϾ folderu 'Zaplanowane zadania'

2010-02-28 d:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-682003330-1957994488-1801674531-1003Core.job
- d:\documents and settings\Mardok\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe [2010-02-02 14:27]

2010-03-02 d:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-682003330-1957994488-1801674531-1003UA.job
- d:\documents and settings\Mardok\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe [2010-02-02 14:27]

2010-03-02 d:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-682003330-1957994488-1801674531-1003.job
- d:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-09 17:38]

2010-02-27 d:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-682003330-1957994488-1801674531-1003.job
- d:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-09 17:38]
.
.
------- Skan uzupe³niaj¹cy -------
.
IE: Dodaj do blokowanych banerów - d:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
TCP: {15799242-1EE6-4975-8EBF-C8A185F5E2B8} = 192.168.2.1,192.168.2.8
.
- - - - USUNIÊTO PUSTE WPISY - - - -

MSConfigStartUp-nwiz - nwiz.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-02 22:49
Windows 5.1.2600 Dodatek Service Pack 3 NTFS

skanowanie ukrytych procesów ...

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ...

skanowanie pomyœlnie ukoñczone
ukryte pliki: 0

**************************************************************************
.
--------------------- Pliki DLL ³adowane pod uruchomionymi procesami ---------------------

- - - - - - - & gt; 'explorer.exe'(668)
d:\windows\system32\ieframe.dll
d:\windows\system32\wpdshserviceobj.dll
d:\windows\system32\portabledevicetypes.dll
d:\windows\system32\portabledeviceapi.dll
.
------------------------ Pozosta³e uruchomione procesy ------------------------
.
d:\windows\system32\nvsvc32.exe
d:\program files\Java\jre6\bin\jqs.exe
d:\windows\system32\wscntfy.exe
d:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Czas ukoñczenia: 2010-03-02 22:50:44 - komputer zosta³ uruchomiony ponownie
ComboFix-quarantined-files.txt 2010-03-02 21:50

Przed: 11 821 907 968 bajtów wolnych
Po: 18 187 538 432 bajtów wolnych

WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(3)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT= " Microsoft Windows Recovery Console " /cmdcons
multi(0)disk(0)rdisk(0)partition(3)\WINDOWS= " Microsoft Windows XP Professional " /noexecute=optin /fastdetect

- - End Of File - - 4EA606E8585B6F9617C8400D3025B4C1