Skocz do zawartości


Zdjęcie

[inne]Zwielokrotniony proces Svchost.exe

Rozpoczęty przez tormi , 21 03 2010 16:51

  • Zamknięty Temat jest zamknięty
10 odpowiedzi w tym temacie

#1 tormi

tormi

    Początkujący

  • 52 postów

Napisano 21 03 2010 - 16:51

Witam!
Nie będę chyba zbyt oryginalny, gdyż zadam pytanie które kilkakrotnie pojawiało się na różnych forach. Mianowicie chodzi o proces Svchost.exe. Wiem mniej więcej do czego służy ten proces, ale z tego co wiem powinny być w normalnym systemie uruchomione tylko dwa takie procesy. Ja mam ich ok 15! Każdy z nich nie zabiera dużo pamięci ale jak się zbierze 15 i każdy po 3 000K - 4 000 K to niestety potężnie zwalnia kompa. Jednak 4 z nich zabierają sporo więcej pamięci niż reszta czyli: 11 100K, 41 820K, 43 976K i najwięcej 73 236K. Przy normalnym używaniu nie jest to problemem, ale przy uruchamianiu systemu procesor przez ok 1,5 minuty pracuje na 100% i przez to bardzo wolno wszystko się uruchamia. Przeczytałem już chyba większość postów na ten temat ale niestety nie znalazłem skutecznego rozwiązania. Mam system Vista, COMODO Internet Security. Interesują mnie tylko konkretne posty z odpowiedziami lub radami, a nie takie typu: "poszukaj w google", gdyż szukałem i nic nie znalazłem.

Użytkownik #plus edytował ten post 29 03 2010 - 22:12

  • 0

#2 geronimoo

geronimoo

    Uzależniony od forum

  • 1 457 postów

Napisano 21 03 2010 - 21:50

Zrób skan przy pomocy Dr.Web CureIt oraz Malwarebytes Anti-Malware.

  • 0

#3 tormi

tormi

    Początkujący

  • 52 postów

Napisano 22 03 2010 - 20:09

Anti-Malware znalazł pare plików zainfekowanych, więc pozbyłem się usuwając wszystko:). Jadnak nic to nie pomogło przy moim problemie jak było 15 tak jest 15. Jakieś pomysły?
  • 0

#4 Hoothoot

Hoothoot

    Początkujący

  • 49 postów

Napisano 22 03 2010 - 20:36

1) Czy proces svchost znajduje się w lokalizacji:
- C:\WINDOWS\system32 - bo jeśli tak jest czysty;
- C:\WINDOWS - bo w takim razie jest wirusem
2) Podaj logi z OTL
  • 0

#5 tormi

tormi

    Początkujący

  • 52 postów

Napisano 22 03 2010 - 21:52

1.Aplikacja svchost.exe znajduje się u mnie w dwóch miejscach. Pierwszy to Windows/system32 a drugi w windows/winsxs/x86_microsoft-windows-service_(i tutaj masa liter i cyferek). Logi oczywiście wrzucę, ale czy to co powiedziałem ma jakieś znaczenie? I jeszcze jest kilka jakichś plików które mają tą svchost w nazwie np 2 pliki .mui i 3 pliki z rozszerzeniem .manifest :thumbsup:

Użytkownik tormi edytował ten post 01 04 2010 - 13:03

  • 0

#6 tormi

tormi

    Początkujący

  • 52 postów

Napisano 01 04 2010 - 13:05

2.A tu logi z OTL: 
OTL logfile created on: 2010-04-01 12:10:55 - Run 1OTL by OldTimer - Version 3.1.37.3     Folder = D:\PobieraniaWindows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstationInternet Explorer (Version = 8.0.6001.18882)Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 62,00% Memory free6,00 Gb Paging File | 5,00 Gb Available in Paging File | 82,00% Paging File freePaging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program FilesDrive C: | 144,09 Gb Total Space | 91,73 Gb Free Space | 63,66% Space Free | Partition Type: NTFSDrive D: | 144,00 Gb Total Space | 100,71 Gb Free Space | 69,94% Space Free | Partition Type: NTFSE: Drive not present or media not loadedF: Drive not present or media not loadedG: Drive not present or media not loadedH: Drive not present or media not loadedI: Drive not present or media not loaded Computer Name: MICHAŁ-PCCurrent User Name: MichałLogged in as Administrator. Current Boot Mode: NormalScan Mode: Current userCompany Name Whitelist: OffSkip Microsoft Files: OffFile Age = 30 DaysOutput = Standard ========== Processes (SafeList) ========== PRC - [2010-03-22 21:43:44 | 000,555,520 | ---- | M] (OldTimer Tools) -- D:\Pobierania\OTL.exePRC - [2010-03-12 00:14:00 | 011,792,992 | ---- | M] (GG Network S.A.) -- C:\Program Files\Gadu-Gadu 10\gg.exePRC - [2010-02-03 15:34:44 | 000,294,912 | ---- | M] () -- C:\Program Files\Samsung\Samsung Update Plus\SUPBackGround.exePRC - [2010-01-31 12:34:04 | 001,800,464 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cfp.exePRC - [2010-01-31 12:33:53 | 000,723,632 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exePRC - [2009-11-26 19:37:45 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exePRC - [2009-07-20 11:51:52 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exePRC - [2009-05-19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exePRC - [2009-04-11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exePRC - [2009-03-30 16:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXEPRC - [2009-03-30 16:28:36 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXEPRC - [2008-08-19 07:17:04 | 000,679,936 | ---- | M] (SAMSUNG Electronics) -- C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exePRC - [2008-07-10 13:42:14 | 000,819,200 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exePRC - [2008-07-10 13:12:40 | 000,466,944 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exePRC - [2008-07-08 04:27:00 | 006,273,568 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exePRC - [2008-07-02 12:22:52 | 000,565,248 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\EasySpeedUpManager\EasySpeedUpManager.exePRC - [2008-06-26 14:52:42 | 000,204,800 | ---- | M] () -- C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exePRC - [2008-04-17 08:26:46 | 000,352,256 | ---- | M] (SAMSUNG Electronics co., LTD.) -- C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exePRC - [2008-03-18 05:27:12 | 000,013,312 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exePRC - [2008-02-12 06:19:52 | 001,624,616 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exePRC - [2008-02-12 06:19:52 | 000,723,496 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exePRC - [2008-01-21 04:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exePRC - [2008-01-21 04:23:24 | 000,215,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\WindowsMobile\wmdSync.exePRC - [2007-07-05 00:41:42 | 000,045,056 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe  ========== Modules (SafeList) ========== MOD - [2010-03-22 21:43:44 | 000,555,520 | ---- | M] (OldTimer Tools) -- D:\Pobierania\OTL.exeMOD - [2010-02-02 18:05:56 | 000,171,552 | ---- | M] (COMODO) -- C:\Windows\System32\guard32.dllMOD - [2009-04-11 08:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll  ========== Win32 Services (SafeList) ========== SRV - [2010-01-31 12:33:53 | 000,723,632 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)SRV - [2009-09-25 03:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)SRV - [2009-07-20 11:51:52 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)SRV - [2009-05-19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)SRV - [2009-03-30 16:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)SRV - [2009-02-06 18:08:58 | 000,533,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)SRV - [2008-11-24 23:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)SRV - [2008-11-11 10:38:06 | 000,620,544 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)SRV - [2008-07-10 13:42:14 | 000,819,200 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)SRV - [2008-07-10 13:12:40 | 000,466,944 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)SRV - [2008-06-26 14:52:42 | 000,204,800 | ---- | M] () [Auto | Running] -- C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe -- (LinksysUpdater)SRV - [2008-05-16 06:11:44 | 000,648,504 | ---- | M] (Pure Networks, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)SRV - [2008-03-18 05:27:12 | 000,013,312 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)SRV - [2008-01-21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)SRV - [2008-01-21 04:23:24 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)SRV - [2008-01-21 04:23:24 | 000,167,936 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)  ========== Driver Services (SafeList) ========== DRV - [2010-02-02 18:05:53 | 000,130,960 | ---- | M] (COMODO) [File_System | System | Running] -- C:\Windows\System32\drivers\cmdguard.sys -- (cmdGuard)DRV - [2010-01-31 12:35:20 | 000,074,328 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\Windows\System32\drivers\inspect.sys -- (inspect)DRV - [2010-01-31 12:34:34 | 000,029,520 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\Windows\System32\drivers\cmdhlp.sys -- (cmdHlp)DRV - [2009-09-13 17:51:52 | 000,721,904 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)DRV - [2009-04-11 06:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (winusb)DRV - [2009-02-06 18:08:52 | 000,055,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\fssfltr.sys -- (fssfltr)DRV - [2008-09-15 08:56:24 | 000,017,664 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)DRV - [2008-09-15 08:56:24 | 000,008,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)DRV - [2008-08-26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)DRV - [2008-08-05 20:29:26 | 000,044,576 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)DRV - [2008-07-27 05:24:00 | 007,548,000 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)DRV - [2008-07-20 10:44:44 | 000,324,120 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iaStor.sys -- (iaStor)DRV - [2008-07-07 10:59:00 | 002,152,088 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)DRV - [2008-06-27 10:02:00 | 000,303,616 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk60x86.sys -- (yukonwlh)DRV - [2008-06-25 23:30:50 | 003,662,848 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R)DRV - [2008-06-05 09:30:28 | 000,242,048 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vmc302.sys -- (VMC302)DRV - [2008-05-02 11:58:28 | 000,008,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)DRV - [2008-05-02 11:58:14 | 000,020,864 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)DRV - [2008-03-21 05:13:00 | 001,203,776 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)DRV - [2008-02-14 01:17:10 | 000,080,424 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btwaudio.sys -- (btwaudio)DRV - [2008-01-21 04:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)DRV - [2008-01-21 04:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)DRV - [2008-01-21 04:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)DRV - [2008-01-21 04:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)DRV - [2008-01-21 04:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)DRV - [2008-01-21 04:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)DRV - [2008-01-21 04:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)DRV - [2008-01-21 04:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)DRV - [2008-01-21 04:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)DRV - [2008-01-21 04:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)DRV - [2008-01-21 04:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)DRV - [2008-01-21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)DRV - [2008-01-21 04:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)DRV - [2008-01-21 04:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)DRV - [2008-01-21 04:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)DRV - [2008-01-21 04:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)DRV - [2008-01-21 04:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)DRV - [2008-01-21 04:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)DRV - [2008-01-21 04:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)DRV - [2008-01-21 04:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)DRV - [2008-01-21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)DRV - [2008-01-21 04:23:20 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R)DRV - [2008-01-21 04:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)DRV - [2008-01-21 04:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)DRV - [2008-01-21 04:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)DRV - [2008-01-21 04:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)DRV - [2008-01-14 12:06:32 | 000,021,632 | ---- | M] (ManyCam LLC.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ManyCam.sys -- (ManyCam)DRV - [2007-10-26 07:39:08 | 000,193,456 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)DRV - [2007-07-16 00:20:26 | 000,016,168 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btwrchid.sys -- (btwrchid)DRV - [2007-07-16 00:20:24 | 000,080,936 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btwavdt.sys -- (btwavdt)DRV - [2007-05-23 10:13:10 | 000,013,312 | ---- | M] (SAMSUNG ELECTRONICS CO., LTD.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\KMDFMEMIO.sys -- (KMDFMEMIO)DRV - [2006-11-02 11:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)DRV - [2006-11-02 11:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)DRV - [2006-11-02 11:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)DRV - [2006-11-02 11:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)DRV - [2006-11-02 11:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)DRV - [2006-11-02 11:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)DRV - [2006-11-02 11:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)DRV - [2006-11-02 11:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)DRV - [2006-11-02 11:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)DRV - [2006-11-02 11:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)DRV - [2006-11-02 11:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)DRV - [2006-11-02 10:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)DRV - [2006-11-02 10:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)DRV - [2006-11-02 10:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)DRV - [2006-11-02 10:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)DRV - [2006-11-02 10:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)DRV - [2006-11-02 10:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)DRV - [2006-11-02 09:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)DRV - [2006-11-02 09:30:53 | 000,045,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)DRV - [2006-10-19 04:10:57 | 001,380,864 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\igdkmd32.sys -- (ialm)  ========== Standard Registry (SafeList) ==========  ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.samsungcomputer.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.samsungcomputer.comIE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ieIE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.comIE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.shareazaweb.com/pl/IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ieIE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ieIE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.suggest.enabled: falseFF - prefs.js..browser.search.useDBForOrder: trueFF - prefs.js..browser.startup.homepage: "http://www.google.pl/"FF - prefs.js..extensions.enabledItems: {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A}:2.0.0.54356FF - prefs.js..extensions.enabledItems: DTToolbar@toolbarnet.com:1.0.8.0552 FF - HKLM\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2009-02-21 18:05:30 | 000,000,000 | ---D | M]FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009-09-11 16:45:59 | 000,000,000 | ---D | M]FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009-11-15 19:55:24 | 000,000,000 | ---D | M]FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2009-01-15 23:18:19 | 000,000,000 | ---D | M] -- C:\Users\Michał\AppData\Roaming\mozilla\Extensions[2009-12-05 19:50:21 | 000,000,000 | ---D | M] -- C:\Users\Michał\AppData\Roaming\mozilla\Firefox\Profiles\ip3t8vr8.default\extensions[2009-06-26 10:32:27 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Michał\AppData\Roaming\mozilla\Firefox\Profiles\ip3t8vr8.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}[2009-09-13 18:00:50 | 000,000,000 | ---D | M] -- C:\Users\Michał\AppData\Roaming\mozilla\Firefox\Profiles\ip3t8vr8.default\extensions\DTToolbar@toolbarnet.com[2009-07-10 20:31:13 | 000,000,963 | ---- | M] () -- C:\Users\Michał\AppData\Roaming\Mozilla\FireFox\Profiles\ip3t8vr8.default\searchplugins\wyszukiwanie-filmw-wideo-w-youtube.xml[2009-11-26 19:38:24 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions[2009-03-21 20:57:37 | 000,000,000 | ---D | M] (BearShare MediaBar) -- C:\Program Files\Mozilla Firefox\extensions\{D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A}[2009-08-17 18:18:46 | 000,002,767 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml[2009-08-17 18:18:46 | 000,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml[2009-08-17 18:18:46 | 000,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml[2009-08-17 18:18:46 | 000,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml[2009-08-17 18:18:46 | 000,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml[2009-08-17 18:18:46 | 000,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml O1 HOSTS File: ([2006-09-18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hostsO1 - Hosts: 127.0.0.1       localhostO1 - Hosts: ::1             localhostO2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)O2 - BHO: (Shareaza Web Download Hook) - {0EEDB912-C5FA-486F-8334-57288578C627} - C:\Program Files\Shareaza\RazaWebHook32.dll (Shareaza Development Team)O2 - BHO: (RedTube To ALLPlayer) - {41F21158-4211-4D32-9E02-D57B19661561} - C:\Program Files\ALLPlayer\RedTubeToALLPlayer.dll (ALLPlayer.org)O2 - BHO: (ALLPassword Manager) - {4C7FFB7A-EEA6-43A5-8D02-6DBD648FFB05} - C:\Program Files\MarBit\ALLPassword Manager\ALLPasswordManager.dll (MarBit)O2 - BHO: (YouTube To ALLPlayer) - {61DB16C5-B733-43F4-872E-B20DC9E72740} - C:\Program Files\ALLPlayer\YouTubeToALLPlayer.dll (ALLPlayer.org)O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)O2 - BHO: (IEPluginBHO Class) - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\ProgramData\Gadu-Gadu 10\_userdata\ggbho.2.dll (GG Network S.A.)O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()O3 - HKLM\..\Toolbar: (no name) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - No CLSID value found.O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {196C3A46-4758-433D-A600-802C804AF39C} - No CLSID value found.O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)O4 - HKCU..\Run: [AdobeBridge]  File not foundO4 - HKCU..\Run: [Gadu-Gadu 10] C:\Program Files\Gadu-Gadu 10\gg.exe (GG Network S.A.)O4 - Startup: C:\Users\Michał\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Spis treści programu OneNote.onetoc2 ()O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95 00 00 00  [binary data]O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)O8 - Extra context menu item: Download with &Shareaza - C:\Program Files\Shareaza\RazaWebHook32.dll (Shareaza Development Team)O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)O8 - Extra context menu item: Wyślij obraz do urządzenia &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()O8 - Extra context menu item: Wyślij stronę do urządzenia &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()O9 - Extra Button: Wpis w blogu - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)O9 - Extra 'Tools' menuitem : &Wpis w blogu w Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)O9 - Extra Button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)O9 - Extra 'Tools' menuitem : Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()O13 - gopher Prefix: missingO16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}  (Reg Error: Value error.)O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.241.79.37 87.204.204.204O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Pure Networks, Inc.)O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)O20 - AppInit_DLLs: (C:\Windows\system32\guard32.dll) - C:\Windows\System32\guard32.dll (COMODO)O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)O24 - Desktop WallPaper: C:\Users\Michał\AppData\Roaming\Microsoft\Windows Photo Gallery\Tapeta z Galerii fotografii systemu Windows.jpgO24 - Desktop BackupWallPaper: C:\Users\Michał\AppData\Roaming\Microsoft\Windows Photo Gallery\Tapeta z Galerii fotografii systemu Windows.jpgO28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)O32 - HKLM CDRom: AutoRun - 1O32 - AutoRun File - [2006-09-18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]O33 - MountPoints2\{3a8a70c6-a07e-11de-a3e4-002119305100}\Shell - "" = AutoRunO34 - HKLM BootExecute: (autocheck autochk *) -  File not foundO35 - HKLM\..comfile [open] -- "%1" %*O35 - HKLM\..exefile [open] -- "%1" %*O37 - HKLM\...com [@ = comfile] -- "%1" %*O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010-03-28 14:05:42 | 000,000,000 | ---D | C] -- C:\Users\Michał\AppData\Local\COMODO[2010-03-26 18:43:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Gadu-Gadu 10[2010-03-26 18:43:02 | 000,000,000 | ---D | C] -- C:\Users\Michał\AppData\Roaming\Gadu-Gadu 10[2010-03-26 18:42:58 | 000,000,000 | ---D | C] -- C:\Program Files\Gadu-Gadu 10[2010-03-24 20:04:51 | 000,286,720 | ---- | C] (Indigo Rose Corporation) -- C:\Windows\iun506.exe[2010-03-24 20:04:41 | 000,000,000 | ---D | C] -- C:\Program Files\Mp3 File Editor[2010-03-24 19:59:19 | 000,000,000 | ---D | C] -- C:\Program Files\Smart MP3 Converter[2010-03-22 19:59:09 | 000,000,000 | ---D | C] -- C:\Users\Michał\DoctorWeb[2010-03-22 17:32:46 | 000,000,000 | ---D | C] -- C:\Users\Michał\AppData\Roaming\Malwarebytes[2010-03-22 17:32:31 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys[2010-03-22 17:32:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes[2010-03-22 17:32:24 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys[2010-03-22 17:32:13 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware[2010-03-22 17:29:22 | 005,115,824 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Michał\Desktop\mbam-setup.exe[2010-03-19 19:59:39 | 000,000,000 | ---D | C] -- C:\Users\Michał\Desktop\Nowy folder[2010-03-19 17:56:31 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Installer Clean Up[2010-03-19 17:55:40 | 000,000,000 | ---D | C] -- C:\Program Files\MSECACHE[2010-03-13 12:43:25 | 000,000,000 | ---D | C] -- C:\Users\Michał\Desktop\Flagi[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ][1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010-04-01 12:17:11 | 003,145,728 | -HS- | M] () -- C:\Users\Michał\NTUSER.DAT[2010-04-01 12:14:09 | 001,477,664 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI[2010-04-01 12:14:09 | 000,665,404 | ---- | M] () -- C:\Windows\System32\perfh015.dat[2010-04-01 12:14:09 | 000,587,336 | ---- | M] () -- C:\Windows\System32\perfh009.dat[2010-04-01 12:14:09 | 000,128,164 | ---- | M] () -- C:\Windows\System32\perfc015.dat[2010-04-01 12:14:09 | 000,099,348 | ---- | M] () -- C:\Windows\System32\perfc009.dat[2010-04-01 12:09:40 | 000,002,432 | ---- | M] () -- C:\Users\Michał\AppData\Local\TempVI4148.html[2010-04-01 12:09:40 | 000,002,089 | ---- | M] () -- C:\Users\Michał\AppData\Local\Tempaf4148.html[2010-04-01 12:09:12 | 000,174,196 | ---- | M] () -- C:\ProgramData\nvModes.001[2010-04-01 12:07:52 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\SupBackGroundTask.job[2010-04-01 12:07:41 | 000,004,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0[2010-04-01 12:07:40 | 000,004,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0[2010-04-01 12:07:35 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT[2010-04-01 12:07:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat[2010-04-01 12:06:52 | 3215,572,992 | -HS- | M] () -- C:\hiberfil.sys[2010-03-31 22:26:07 | 001,474,832 | ---- | M] () -- C:\Windows\System32\drivers\sfi.dat[2010-03-31 22:26:06 | 000,524,288 | -HS- | M] () -- C:\Users\Michał\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms[2010-03-31 22:26:06 | 000,065,536 | -HS- | M] () -- C:\Users\Michał\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf[2010-03-31 22:25:45 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat[2010-03-31 22:25:37 | 002,483,217 | -H-- | M] () -- C:\Users\Michał\AppData\Local\IconCache.db[2010-03-31 22:23:47 | 000,002,432 | ---- | M] () -- C:\Users\Michał\AppData\Local\TempnG5268.html[2010-03-31 22:12:06 | 000,002,432 | ---- | M] () -- C:\Users\Michał\AppData\Local\TempqW3624.html[2010-03-31 21:56:47 | 000,001,062 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-720468550-1629931877-3070721551-1003UA.job[2010-03-31 21:55:33 | 000,002,047 | ---- | M] () -- C:\Users\Michał\Desktop\Google Chrome.lnk[2010-03-31 18:41:33 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{3B47F80E-17BF-44D1-BD0B-03D84B7D8510}.job[2010-03-31 16:54:01 | 000,001,010 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-720468550-1629931877-3070721551-1003Core.job[2010-03-31 06:38:57 | 000,002,432 | ---- | M] () -- C:\Users\Michał\AppData\Local\TempPQ3796.html[2010-03-30 06:40:59 | 000,002,432 | ---- | M] () -- C:\Users\Michał\AppData\Local\Tempyd4044.html[2010-03-29 20:07:36 | 000,002,432 | ---- | M] () -- C:\Users\Michał\AppData\Local\Tempcj3896.html[2010-03-29 19:40:43 | 000,002,432 | ---- | M] () -- C:\Users\Michał\AppData\Local\TempLS2544.html[2010-03-29 07:18:03 | 000,002,432 | ---- | M] () -- C:\Users\Michał\AppData\Local\TempFd1988.html[2010-03-28 19:39:35 | 000,002,432 | ---- | M] () -- C:\Users\Michał\AppData\Local\TempAI3628.html[2010-03-28 16:14:26 | 000,002,432 | ---- | M] () -- C:\Users\Michał\AppData\Local\TempnW4056.html[2010-03-28 14:56:08 | 000,002,432 | ---- | M] () -- C:\Users\Michał\AppData\Local\TempIO4296.html[2010-03-28 14:04:10 | 000,135,680 | ---- | M] () -- C:\Users\Michał\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini[2010-03-28 00:44:28 | 000,002,432 | ---- | M] () -- C:\Users\Michał\AppData\Local\TempoR4116.html[2010-03-28 00:41:42 | 000,016,461 | ---- | M] () -- C:\Users\Michał\Desktop\schemat informatyka.docx[2010-03-27 19:52:01 | 000,002,432 | ---- | M] () -- C:\Users\Michał\AppData\Local\Tempid3816.html[2010-03-27 18:39:36 | 000,002,432 | ---- | M] () -- C:\Users\Michał\AppData\Local\Tempep6072.html[2010-03-27 18:04:17 | 000,002,432 | ---- | M] () -- C:\Users\Michał\AppData\Local\TempQV3904.html[2010-03-27 17:50:54 | 000,002,432 | ---- | M] () -- C:\Users\Michał\AppData\Local\Tempjz3380.html[2010-03-27 09:04:26 | 000,002,432 | ---- | M] () -- C:\Users\Michał\AppData\Local\TempHf2220.html[2010-03-26 23:33:22 | 000,002,432 | ---- | M] () -- C:\Users\Michał\AppData\Local\TempUQ3172.html[2010-03-26 19:16:28 | 000,002,432 | ---- | M] () -- C:\Users\Michał\AppData\Local\TempJj4736.html[2010-03-26 18:43:28 | 000,000,825 | ---- | M] () -- C:\Users\Public\Desktop\OpenFM.lnk[2010-03-26 18:43:28 | 000,000,796 | ---- | M] () -- C:\Users\Public\Desktop\Gadu-Gadu 10.lnk[2010-03-25 19:56:58 | 000,019,230 | ---- | M] () -- C:\Users\Michał\Documents\Sokół.docx[2010-03-24 20:11:44 | 007,513,088 | ---- | M] () -- C:\Users\Michał\Desktop\THE AMERIddd.ppt[2010-03-24 20:04:36 | 000,286,720 | ---- | M] (Indigo Rose Corporation) -- C:\Windows\iun506.exe[2010-03-24 20:01:58 | 000,000,000 | ---- | M] () -- C:\Users\Michał\Documents\Madonna - Like a Virgin.wav[2010-03-22 22:24:35 | 003,951,417 | ---- | M] () -- C:\Users\Michał\Desktop\jan kochanowski - piesn xxv - wyk. deer feat. laszlo.mp3[2010-03-22 21:57:11 | 000,174,196 | ---- | M] () -- C:\ProgramData\nvModes.dat[2010-03-22 17:33:23 | 034,841,128 | ---- | M] () -- C:\Users\Michał\Desktop\launch.exe[2010-03-22 17:32:35 | 000,000,818 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk[2010-03-22 17:29:49 | 005,115,824 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Michał\Desktop\mbam-setup.exe[2010-03-05 23:09:46 | 000,385,024 | ---- | M] () -- C:\Users\Michał\Documents\księżyce.accdb[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ][1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files Created - No Company Name ========== [2010-04-01 12:09:40 | 000,002,432 | ---- | C] () -- C:\Users\Michał\AppData\Local\TempVI4148.html[2010-04-01 12:09:40 | 000,002,089 | ---- | C] () -- C:\Users\Michał\AppData\Local\Tempaf4148.html[2010-03-31 22:22:12 | 000,002,432 | ---- | C] () -- C:\Users\Michał\AppData\Local\TempnG5268.html[2010-03-31 21:24:31 | 000,002,432 | ---- | C] () -- C:\Users\Michał\AppData\Local\TempqW3624.html[2010-03-31 06:29:25 | 000,002,432 | ---- | C] () -- C:\Users\Michał\AppData\Local\TempPQ3796.html[2010-03-30 06:23:24 | 000,002,432 | ---- | C] () -- C:\Users\Michał\AppData\Local\Tempyd4044.html[2010-03-29 19:49:43 | 000,002,432 | ---- | C] () -- C:\Users\Michał\AppData\Local\Tempcj3896.html[2010-03-29 17:19:08 | 000,002,432 | ---- | C] () -- C:\Users\Michał\AppData\Local\TempLS2544.html[2010-03-29 07:05:28 | 000,002,432 | ---- | C] () -- C:\Users\Michał\AppData\Local\TempFd1988.html[2010-03-28 18:11:13 | 000,002,432 | ---- | C] () -- C:\Users\Michał\AppData\Local\TempAI3628.html[2010-03-28 16:14:14 | 000,002,432 | ---- | C] () -- C:\Users\Michał\AppData\Local\TempnW4056.html[2010-03-28 13:09:33 | 000,002,432 | ---- | C] () -- C:\Users\Michał\AppData\Local\TempIO4296.html[2010-03-28 00:34:08 | 000,002,432 | ---- | C] () -- C:\Users\Michał\AppData\Local\TempoR4116.html[2010-03-27 19:26:39 | 000,002,432 | ---- | C] () -- C:\Users\Michał\AppData\Local\Tempid3816.html[2010-03-27 18:39:15 | 000,002,432 | ---- | C] () -- C:\Users\Michał\AppData\Local\Tempep6072.html[2010-03-27 17:58:34 | 000,002,432 | ---- | C] () -- C:\Users\Michał\AppData\Local\TempQV3904.html[2010-03-27 15:44:44 | 000,016,461 | ---- | C] () -- C:\Users\Michał\Desktop\schemat informatyka.docx[2010-03-27 15:02:33 | 000,002,432 | ---- | C] () -- C:\Users\Michał\AppData\Local\Tempjz3380.html[2010-03-27 08:53:58 | 000,002,432 | ---- | C] () -- C:\Users\Michał\AppData\Local\TempHf2220.html[2010-03-26 23:02:27 | 000,002,432 | ---- | C] () -- C:\Users\Michał\AppData\Local\TempUQ3172.html[2010-03-26 18:44:40 | 000,002,432 | ---- | C] () -- C:\Users\Michał\AppData\Local\TempJj4736.html[2010-03-26 18:43:28 | 000,000,825 | ---- | C] () -- C:\Users\Public\Desktop\OpenFM.lnk[2010-03-26 18:43:28 | 000,000,796 | ---- | C] () -- C:\Users\Public\Desktop\Gadu-Gadu 10.lnk[2010-03-25 19:56:57 | 000,019,230 | ---- | C] () -- C:\Users\Michał\Documents\Sokół.docx[2010-03-24 20:01:58 | 000,000,000 | ---- | C] () -- C:\Users\Michał\Documents\Madonna - Like a Virgin.wav[2010-03-24 19:04:32 | 007,513,088 | ---- | C] () -- C:\Users\Michał\Desktop\THE AMERIddd.ppt[2010-03-22 22:24:33 | 003,951,417 | ---- | C] () -- C:\Users\Michał\Desktop\jan kochanowski - piesn xxv - wyk. deer feat. laszlo.mp3[2010-03-22 17:32:35 | 000,000,818 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk[2010-03-22 17:27:09 | 034,841,128 | ---- | C] () -- C:\Users\Michał\Desktop\launch.exe[2010-02-05 13:00:01 | 000,000,680 | ---- | C] () -- C:\Users\Michał\AppData\Local\d3d9caps.dat[2009-11-28 16:44:48 | 000,000,058 | ---- | C] () -- C:\Users\Michał\AppData\Local\DonationCoder_ScreenshotCaptor_InstallInfo.dat[2009-11-10 23:48:54 | 000,000,061 | ---- | C] () -- C:\Windows\wininit.ini[2009-11-06 11:58:04 | 000,178,975 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat[2009-09-13 17:51:52 | 000,721,904 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys[2009-09-08 18:47:57 | 000,000,104 | ---- | C] () -- C:\Windows\APCBT.ini[2009-08-03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll[2009-07-27 19:22:04 | 000,258,048 | ---- | C] () -- C:\Windows\System32\libFLAC.dll[2009-07-27 19:20:13 | 000,079,360 | ---- | C] () -- C:\Windows\System32\mkzlib.dll[2009-07-10 15:51:03 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll[2009-05-29 17:47:06 | 000,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll[2009-05-29 16:52:26 | 000,130,048 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll[2009-05-21 21:35:23 | 000,000,021 | ---- | C] () -- C:\Windows\kit.ini[2009-04-08 15:18:49 | 000,000,618 | ---- | C] () -- C:\Users\Michał\AppData\Roaming\cvf.ini[2009-03-21 20:57:41 | 000,076,407 | ---- | C] () -- C:\Users\Michał\AppData\Roaming\Smiley.ico[2009-02-07 13:42:15 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat[2009-01-27 17:33:35 | 000,000,043 | -HS- | C] () -- C:\ProgramData\.zreglib[2009-01-23 19:09:18 | 000,108,032 | ---- | C] () -- C:\Windows\System32\avi.dll[2009-01-23 19:09:17 | 000,141,312 | ---- | C] () -- C:\Windows\System32\mp4.dll[2009-01-23 19:09:16 | 000,148,992 | ---- | C] () -- C:\Windows\System32\mkx.dll[2009-01-23 19:09:14 | 000,159,744 | ---- | C] () -- C:\Windows\System32\mmfinfo.dll[2009-01-23 19:09:12 | 000,120,832 | ---- | C] () -- C:\Windows\System32\ogm.dll[2009-01-23 19:09:11 | 000,163,840 | ---- | C] () -- C:\Windows\System32\ts.dll[2009-01-23 19:09:08 | 000,023,552 | ---- | C] () -- C:\Windows\System32\mkunicode.dll[2009-01-23 19:08:42 | 000,560,802 | ---- | C] () -- C:\Windows\System32\libmplayer.dll[2009-01-23 19:08:36 | 000,145,609 | ---- | C] () -- C:\Windows\System32\libmpeg2_ff.dll[2009-01-23 19:08:35 | 004,302,881 | ---- | C] () -- C:\Windows\System32\libavcodec.dll[2009-01-23 19:08:01 | 000,093,184 | ---- | C] () -- C:\Windows\System32\ff_wmv9.dll[2009-01-23 19:08:00 | 000,113,152 | ---- | C] () -- C:\Windows\System32\ff_unrar.dll[2009-01-23 19:07:58 | 000,183,296 | ---- | C] () -- C:\Windows\System32\ff_samplerate.dll[2009-01-23 19:07:56 | 000,178,688 | ---- | C] () -- C:\Windows\System32\ff_libmad.dll[2009-01-23 19:07:54 | 000,485,888 | ---- | C] () -- C:\Windows\System32\ff_libfaad2.dll[2009-01-23 19:07:50 | 000,257,024 | ---- | C] () -- C:\Windows\System32\ff_libdts.dll[2009-01-23 19:07:48 | 000,142,848 | ---- | C] () -- C:\Windows\System32\ff_liba52.dll[2009-01-23 19:07:42 | 002,041,363 | ---- | C] () -- C:\Windows\System32\x264vfw.dll[2009-01-23 19:07:25 | 000,237,568 | ---- | C] () -- C:\Windows\System32\OggDS.dll[2009-01-23 19:07:22 | 000,921,600 | ---- | C] () -- C:\Windows\System32\vorbisenc.dll[2009-01-23 19:07:14 | 000,188,416 | ---- | C] () -- C:\Windows\System32\vorbis.dll[2009-01-23 19:07:12 | 000,045,056 | ---- | C] () -- C:\Windows\System32\ogg.dll[2009-01-23 19:06:54 | 000,009,216 | ---- | C] () -- C:\Windows\System32\cpuinf32.dll[2009-01-15 23:25:12 | 000,029,239 | ---- | C] () -- C:\Users\Michał\AppData\Roaming\UserTile.png[2009-01-15 23:13:39 | 000,135,680 | ---- | C] () -- C:\Users\Michał\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini[2008-09-12 16:21:02 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest[2008-09-09 03:48:02 | 000,174,196 | ---- | C] () -- C:\ProgramData\nvModes.001[2008-09-09 03:47:45 | 000,174,196 | ---- | C] () -- C:\ProgramData\nvModes.dat[2008-09-09 03:40:39 | 000,000,135 | R--- | C] () -- C:\Windows\System32\lngEng.ini[2008-09-09 03:40:39 | 000,000,117 | ---- | C] () -- C:\Windows\System32\lngKor.ini[2008-09-09 03:33:13 | 000,001,612 | ---- | C] () -- C:\Windows\HotFixList.ini[2008-09-09 02:06:48 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll[2007-03-29 23:00:40 | 000,203,264 | ---- | C] () -- C:\Windows\System32\CddbCdda.dll[2006-11-02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll[2006-11-02 12:25:26 | 000,557,568 | ---- | C] () -- C:\Windows\System32\hpotscl1.dll[2006-11-02 12:25:21 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll[2006-11-02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini[2003-08-07 14:01:52 | 000,237,568 | ---- | C] () -- C:\Windows\System32\lame_enc.dll[2001-11-14 05:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll ========== Alternate Data Streams ========== @Alternate Data Stream - 16 bytes -> C:\Users\Michał\Documents\Shareaza Downloads:Shareaza.GUID@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:08948D52< End of report >

  • 0

#7 Gość_Andziorka_*

Gość_Andziorka_*

Napisano 01 04 2010 - 17:14

A możesz wkleić loga tu: http://www.wklej.org/ ? Bo ciężko się go czyta.
  • 0

#8 tormi

tormi

    Początkujący

  • 52 postów

Napisano 01 04 2010 - 18:10

http://www.wklej.org/id/307988/ oto i jest :wallbash:
  • 0

#9 Gość_Andziorka_*

Gość_Andziorka_*

Napisano 01 04 2010 - 18:30

O2 - BHO: (RedTube To ALLPlayer) - {41F21158-4211-4D32-9E02-D57B19661561} - C:\Program Files\ALLPlayer\RedTubeToALLPlayer.dll (ALLPlayer.org)

:wallbash: więcej pornosów oglądaj, a na pewno system będzie czysty ;)

W okienko OTL wklej poniższy skrypt i klik na Run Fix:

:Processes
explorer.exe

:OTL
O3 - HKLM\..\Toolbar: (no name) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {196C3A46-4758-433D-A600-802C804AF39C} - No CLSID value found.
O4 - HKCU..\Run: [AdobeBridge] File not found
O13 - gopher Prefix: missing
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)

:Files
C:\Users\Michał\AppData\Local\Tempid3816.html
C:\Users\Michał\AppData\Local\Tempep6072.html
C:\Users\Michał\AppData\Local\TempQV3904.html
C:\Users\Michał\AppData\Local\Tempjz3380.html
C:\Users\Michał\AppData\Local\TempHf2220.html
C:\Users\Michał\AppData\Local\TempUQ3172.html
C:\Users\Michał\AppData\Local\TempJj4736.html
C:\Users\Michał\AppData\Local\TempPQ3796.html
C:\Users\Michał\AppData\Local\Tempyd4044.html
C:\Users\Michał\AppData\Local\Tempcj3896.html
C:\Users\Michał\AppData\Local\TempLS2544.html
C:\Users\Michał\AppData\Local\TempFd1988.html
C:\Users\Michał\AppData\Local\TempAI3628.html
C:\Users\Michał\AppData\Local\TempnW4056.html
C:\Users\Michał\AppData\Local\TempIO4296.html
C:\Users\Michał\AppData\Local\TempnG5268.html
C:\Users\Michał\AppData\Local\TempqW3624.html

:Commands
[emptytemp]
[start explorer]
[Reboot]


Przeskanuj komputer tym: Malware usuń wszystko co znajdzie i daj loga po kasowaniu (loga z Malware)

Użytkownik Andziorka edytował ten post 07 04 2010 - 14:56

  • 0

#10 tormi

tormi

    Początkujący

  • 52 postów

Napisano 03 04 2010 - 19:29

Jeśli chodzi o pornosy to nie mam z tym problemu, mam lepsze sposoby na zaspokajanie swoich potrzeb. Ten program to był zainstalowany razem z alleplayer'em. Stron z pornosami nie odwiedzam dlatego tym bardziej mnie dziwi skąd w ogóle jakiś problem. A poza tym to raczej nie chodzi o wirusa ani inne infekcje bo skanuje system regularnie jak coś znajdzie to usuwam. Czym może być spowodowany mój problem jeśli nie wirusem? Nie wiem, może jakiś program, aktualizacja?
  • 0

#11 Gość_Andziorka_*

Gość_Andziorka_*

Napisano 07 04 2010 - 14:39

Ten program to był zainstalowany razem z alleplayer'em

Na pewno nie był, ile razy instalowałam Allplayera, tyle razy żadnych takich wtyczek mi nie oferował.

Wykonałeś powyższe?

  • 0
Wróć do Bezpieczeństwo (wirusy i trojany)


Użytkownicy przeglądający ten temat: 0

0 użytkowników, 0 gości, 0 anonimowych

  1. Forum Komputerowe Tweaks.pl
  2. Oprogramowanie
  3. Bezpieczeństwo (wirusy i trojany)
  4. Polityka prywatności
  5. Szukaj
  6. Regulamin Forum ·