Elektroda.pl
Elektroda.pl
X
Elektroda.pl
Proszę, dodaj wyjątek dla www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

svchost.exe zużywa 50% procesora

16 Sty 2010 07:45 5164 6
  • Poziom 8  
    Witam jest to mój pierwszy post na tym forum mam problem polegający na tym, że od wczoraj komputer zaczął mi się mulić w Menadżerze zadań wyskakuje ze svchost.exe pobiera 50% CPU. Nie wiem co mam z tym zrobić proszę o pomoc.

    log z OTL:
    Cytat:
    OTL logfile created on: 2010-01-16 07:38:01 - Run 4
    OTL by OldTimer - Version 3.1.20.1 Folder = C:\Documents and Settings\-\Moje dokumenty\Pobieranie
    Windows XP Home Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 6.0.2900.5512)
    Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

    2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 60,00% Memory free
    4,00 Gb Paging File | 3,00 Gb Available in Paging File | 82,00% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 78,13 Gb Total Space | 59,57 Gb Free Space | 76,24% Space Free | Partition Type: NTFS
    Drive D: | 244,14 Gb Total Space | 236,06 Gb Free Space | 96,69% Space Free | Partition Type: NTFS
    Drive E: | 273,89 Gb Total Space | 273,82 Gb Free Space | 99,97% Space Free | Partition Type: NTFS
    Drive F: | 0,38 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded

    Computer Name: 3CA22E290C80400
    Current User Name: -
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Company Name Whitelist: Off
    Skip Microsoft Files: Off
    File Age = 30 Days
    Output = Standard

    ========== Processes (All) ==========

    PRC - [2009-12-29 19:35:30 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\-\Moje dokumenty\Pobieranie\OTL.exe
    PRC - [2009-12-23 07:29:15 | 01,217,808 | ---- | M] (Valve Corporation) -- D:\Program Files\Steam\Steam.exe
    PRC - [2009-12-22 18:49:58 | 00,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
    PRC - [2009-12-09 18:04:38 | 00,576,080 | ---- | M] (ArcaBit) -- C:\Program Files\ArcaBit\ArcaVir\AVMenu.exe
    PRC - [2009-12-09 18:04:38 | 00,121,424 | ---- | M] (ArcaBit) -- C:\Program Files\ArcaBit\ArcaUpdate\update.exe
    PRC - [2009-07-01 17:37:06 | 00,037,888 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe
    PRC - [2009-05-22 09:46:48 | 00,270,336 | ---- | M] () -- C:\Program Files\ArcaBit\ArcaAgent\ArcaRemoteSvc.exe
    PRC - [2009-04-29 10:02:01 | 00,270,336 | R--- | M] (LG Electronics) -- C:\Documents and Settings\-\Bluebirds\BlueBirds.exe
    PRC - [2009-04-16 15:29:38 | 00,059,912 | ---- | M] (ArcaBit) -- C:\Program Files\ArcaBit\ArcaVir\FileMonSV.exe
    PRC - [2009-02-10 17:09:56 | 00,100,872 | ---- | M] (ArcaBit) -- C:\Program Files\ArcaBit\ArcaVir\NetMonSV.exe
    PRC - [2009-02-09 12:25:57 | 00,111,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\services.exe
    PRC - [2008-12-09 07:23:58 | 18,063,872 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.EXE
    PRC - [2008-09-17 08:52:46 | 00,090,112 | ---- | M] (ArcaBit) -- C:\Program Files\ArcaBit\Common\ArcaTasksService.exe
    PRC - [2008-07-30 12:52:37 | 02,865,152 | ---- | M] () -- C:\Program Files\OSCAR Editor\OscarEditor.exe
    PRC - [2008-04-15 13:00:00 | 01,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2008-04-15 13:00:00 | 00,510,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winlogon.exe
    PRC - [2008-04-15 13:00:00 | 00,057,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spoolsv.exe
    PRC - [2008-04-15 13:00:00 | 00,050,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\smss.exe
    PRC - [2008-04-15 13:00:00 | 00,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\alg.exe
    PRC - [2008-04-15 13:00:00 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe
    PRC - [2008-04-15 13:00:00 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ctfmon.exe
    PRC - [2008-04-15 13:00:00 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [RPCSS]
    PRC - [2008-04-15 13:00:00 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [NETWORKSERVICE]
    PRC - [2008-04-15 13:00:00 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [NETSVCS]
    PRC - [2008-04-15 13:00:00 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [LOCALSERVICE]
    PRC - [2008-04-15 13:00:00 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [LOCALSERVICE]
    PRC - [2008-04-15 13:00:00 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [IMGSVC]
    PRC - [2008-04-15 13:00:00 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [DCOMLAUNCH]
    PRC - [2008-04-15 13:00:00 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\lsass.exe
    PRC - [2008-04-15 13:00:00 | 00,006,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\csrss.exe
    PRC - [2008-01-30 01:34:18 | 00,200,704 | ---- | M] (ArcaBit) -- C:\Program Files\ArcaBit\Common\ArcaBit.Core.Configurator2.exe
    PRC - [2007-12-12 09:29:48 | 00,323,584 | ---- | M] (TODO: A4 Tech) -- C:\Program Files\OSCAR Editor\OscarData\Tools\MyShowMessage.exe
    PRC - [2007-11-26 13:54:22 | 01,629,480 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
    PRC - [2007-11-26 13:54:12 | 01,554,728 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
    PRC - [2007-11-26 13:54:02 | 01,057,064 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\InCD\InCD.exe
    PRC - [2006-10-31 07:35:00 | 00,155,715 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
    PRC - [2005-03-06 21:16:18 | 00,366,080 | ---- | M] () -- C:\Program Files\MultiKeyboard Driver\KbdDrv.exe
    PRC - [2004-08-11 00:45:04 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe


    ========== Modules (All) ==========

    MOD - [2009-12-29 19:35:30 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\-\Moje dokumenty\Pobieranie\OTL.exe
    MOD - [2009-06-25 09:27:54 | 00,056,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\secur32.dll
    MOD - [2009-04-15 15:54:38 | 00,585,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rpcrt4.dll
    MOD - [2009-03-21 15:08:59 | 01,018,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\kernel32.dll
    MOD - [2009-02-09 11:53:44 | 00,686,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\advapi32.dll
    MOD - [2009-02-09 11:53:43 | 00,722,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntdll.dll
    MOD - [2008-10-23 13:42:41 | 00,286,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\gdi32.dll
    MOD - [2008-06-17 20:03:15 | 08,489,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shell32.dll
    MOD - [2008-04-15 13:00:00 | 01,287,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ole32.dll
    MOD - [2008-04-15 13:00:00 | 01,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
    MOD - [2008-04-15 13:00:00 | 00,997,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\setupapi.dll
    MOD - [2008-04-15 13:00:00 | 00,732,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\userenv.dll
    MOD - [2008-04-15 13:00:00 | 00,580,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\user32.dll
    MOD - [2008-04-15 13:00:00 | 00,551,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\oleaut32.dll
    MOD - [2008-04-15 13:00:00 | 00,474,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shlwapi.dll
    MOD - [2008-04-15 13:00:00 | 00,343,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcrt.dll
    MOD - [2008-04-15 13:00:00 | 00,297,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\MSCTF.dll
    MOD - [2008-04-15 13:00:00 | 00,219,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\uxtheme.dll
    MOD - [2008-04-15 13:00:00 | 00,185,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\framedyn.dll
    MOD - [2008-04-15 13:00:00 | 00,146,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winspool.drv
    MOD - [2008-04-15 13:00:00 | 00,084,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\olepro32.dll
    MOD - [2008-04-15 13:00:00 | 00,067,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\srclient.dll
    MOD - [2008-04-15 13:00:00 | 00,023,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\psapi.dll
    MOD - [2008-04-15 13:00:00 | 00,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\version.dll


    ========== Win32 Services (SafeList) ==========

    SRV - [2009-12-09 18:04:38 | 00,121,424 | ---- | M] (ArcaBit) [Auto | Running] -- C:\Program Files\ArcaBit\ArcaUpdate\update.exe -- (AVUpdate)
    SRV - [2009-06-02 09:10:08 | 00,637,952 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
    SRV - [2009-05-22 09:46:48 | 00,270,336 | ---- | M] () [Auto | Running] -- C:\Program Files\ArcaBit\ArcaAgent\ArcaRemoteSvc.exe -- (ArcaRemoteService)
    SRV - [2009-04-16 15:29:38 | 00,059,912 | ---- | M] (ArcaBit) [Auto | Running] -- C:\Program Files\ArcaBit\ArcaVir\FileMonSV.exe -- (ABFileMon)
    SRV - [2009-02-10 17:09:56 | 00,100,872 | ---- | M] (ArcaBit) [Auto | Running] -- C:\Program Files\ArcaBit\ArcaVir\NetMonSV.exe -- (ABNetMon)
    SRV - [2008-09-17 08:52:46 | 00,090,112 | ---- | M] (ArcaBit) [Auto | Running] -- C:\Program Files\ArcaBit\Common\ArcaTasksService.exe -- (AVTasks2)
    SRV - [2008-09-05 22:21:56 | 00,241,664 | ---- | M] (ArcaBit) [On_Demand | Stopped] -- C:\Program Files\ArcaBit\Common\ArcaBit.Core.LoggingService.exe -- (ArcaBit.Core.LoggingService)
    SRV - [2008-01-30 01:34:18 | 00,200,704 | ---- | M] (ArcaBit) [On_Demand | Running] -- C:\Program Files\ArcaBit\Common\ArcaBit.Core.Configurator2.exe -- (ArcaBit.Core.Configurator)
    SRV - [2007-11-26 13:54:12 | 01,554,728 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe -- (InCDsrv)
    SRV - [2007-09-17 08:36:18 | 00,800,040 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe -- (NBService)
    SRV - [2007-06-27 17:04:00 | 00,279,848 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService)
    SRV - [2006-10-31 07:35:00 | 00,155,715 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc)


    ========== Driver Services (SafeList) ==========

    DRV - [2009-08-20 11:16:20 | 00,016,608 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\gdrv.sys -- (gdrv)
    DRV - [2009-04-28 21:20:06 | 00,044,944 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
    DRV - [2009-02-09 07:37:56 | 00,007,808 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
    DRV - [2009-02-09 07:37:48 | 00,007,808 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
    DRV - [2009-02-09 07:37:46 | 00,022,016 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
    DRV - [2009-02-09 07:37:46 | 00,017,664 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
    DRV - [2008-12-11 10:24:20 | 04,959,232 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
    DRV - [2008-08-26 09:26:12 | 00,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
    DRV - [2008-04-15 13:00:00 | 00,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
    DRV - [2008-04-15 13:00:00 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
    DRV - [2008-04-15 13:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
    DRV - [2008-04-15 13:00:00 | 00,014,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\asyncmac.sys -- (AsyncMac)
    DRV - [2008-04-13 23:15:38 | 00,026,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser.sys -- (usbser)
    DRV - [2008-04-13 21:09:24 | 00,142,592 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\aec.sys -- (aec)
    DRV - [2008-02-26 14:45:10 | 00,051,208 | ---- | M] (ArcaBit) [Kernel | System | Running] -- C:\Program Files\ArcaBit\ArcaVir\ABTDI.sys -- (ABTDI)
    DRV - [2007-12-10 13:37:28 | 00,037,896 | ---- | M] (ArcaBit) [File_System | On_Demand | Running] -- C:\Program Files\ArcaBit\ArcaVir\ABFLT.sys -- (ABFLT)
    DRV - [2007-11-26 13:54:12 | 00,038,440 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDRm.sys -- (incdrm)
    DRV - [2007-11-26 13:54:12 | 00,036,776 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDPass.sys -- (InCDPass)
    DRV - [2007-11-26 13:54:02 | 00,118,952 | ---- | M] (Nero AG) [File_System | Disabled | Running] -- C:\WINDOWS\system32\drivers\InCDfs.sys -- (InCDfs)
    DRV - [2007-04-16 15:46:34 | 00,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM)
    DRV - [2006-11-27 15:33:54 | 00,019,968 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
    DRV - [2006-11-27 15:33:50 | 00,058,368 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
    DRV - [2006-10-31 07:35:00 | 03,964,256 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
    DRV - [2006-10-18 15:31:38 | 00,105,472 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata)
    DRV - [2006-05-25 18:28:44 | 00,684,265 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\torususb.sys -- (TaurusUsb)
    DRV - [2004-02-01 04:53:20 | 00,026,166 | ---- | M] (Compuware Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbfilt.sys -- (Usbfilt)
    DRV - [2003-08-12 17:51:00 | 00,060,255 | R--- | M] (STMicroelectronics ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\stmatm.sys -- (Stmatm)
    DRV - [2003-08-04 12:22:44 | 00,016,128 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\PCANDIS5.SYS -- (PCANDIS5)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.pl
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.startup.homepage: "http://google.pl"

    FF - HKLM\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: D:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2009-10-04 12:04:41 | 00,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-01-15 23:40:40 | 00,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-01-15 23:40:22 | 00,000,000 | ---D | M]

    [2010-01-15 23:40:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\-\Dane aplikacji\Mozilla\Extensions
    [2010-01-15 23:40:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\-\Dane aplikacji\Mozilla\Firefox\Profiles\xprllvzx.default\extensions
    [2010-01-15 23:40:23 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
    [2009-12-22 04:48:34 | 00,002,767 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml
    [2009-12-22 04:48:34 | 00,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml
    [2009-12-22 04:48:34 | 00,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml
    [2009-12-22 04:48:34 | 00,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml
    [2009-12-22 04:48:34 | 00,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml
    [2009-12-22 04:48:34 | 00,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml

    O1 HOSTS File: (742 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (IEPluginBHO Class) - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Documents and Settings\-\Dane aplikacji\Gadu-Gadu 10\_userdata\ggbho.2.dll (GG Network S.A.)
    O4 - HKLM..\Run: [ABRegmon] C:\Program Files\ArcaBit\ArcaVir\ABregmon.exe (ArcaBit)
    O4 - HKLM..\Run: [AdslTaskBar] C:\WINDOWS\System32\stmctrl.dll (STMicroelectronics )
    O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
    O4 - HKLM..\Run: [ArcaCheck] C:\Program Files\ArcaBit\ArcaVir\ArcaCheck.exe (ArcaBit)
    O4 - HKLM..\Run: [AvMenu] C:\Program Files\ArcaBit\ArcaVir\AVMenu.exe (ArcaBit)
    O4 - HKLM..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe (Nero AG)
    O4 - HKLM..\Run: [KernelFaultCheck] File not found
    O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
    O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
    O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
    O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
    O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)
    O4 - HKLM..\Run: [SecurDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe (Nero AG)
    O4 - HKLM..\Run: [sysgif32] C:\WINDOWS\Temp\~TM10E.tmp ()
    O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
    O4 - HKCU..\Run: [ALLUpdate] D:\Program Files\ALLPlayer\ALLUpdate.exe ()
    O4 - HKCU..\Run: [bluebirds] C:\Documents and Settings\-\Bluebirds\BlueBirds.exe (LG Electronics)
    O4 - HKCU..\Run: [Odkurzacz-MCD] D:\Program Files\Odkurzacz\odk_mcd.exe (Franmo Software)
    O4 - HKCU..\Run: [OscarEditor] C:\Program Files\OSCAR Editor\OscarEditor.exe ()
    O4 - Startup: C:\Documents and Settings\-\Menu Start\Programy\Autostart\MutiKeyboard Driver.lnk = C:\Program Files\MultiKeyboard Driver\KbdDrv.exe ()
    O4 - Startup: C:\Documents and Settings\-\Menu Start\Programy\Autostart\siszyd32.exe ()
    O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95 00 00 00 [binary data]
    O9 - Extra Button: ArcaVir >> - {40525A66-DB98-480D-BCF9-7AF88C1AF438} - C:\Program Files\ArcaBit\WebExtensions\ie\ArcaIEExt.dll (ArcaBit sp. z o.o)
    O9 - Extra 'Tools' menuitem : ArcaVir >> - {40525A66-DB98-480D-BCF9-7AF88C1AF438} - C:\Program Files\ArcaBit\WebExtensions\ie\ArcaIEExt.dll (ArcaBit sp. z o.o)
    O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/products/plugin/autodl/jinstall-1_4_0_03-win.cab (Java Plug-in 1.4.0_03)
    O16 - DPF: {CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-1_4_0_03-win.cab (Java Plug-in 1.4.0_03)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2009-08-20 11:03:38 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O32 - Unable to obtain root file information for disk F:\
    O33 - MountPoints2\{07453542-8d80-11de-90a8-806d6172696f}\Shell - "" = AutoRun
    O33 - MountPoints2\{07453542-8d80-11de-90a8-806d6172696f}\Shell\AutoRun\command - "" = F:\Run.exe -- File not found
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - comfile [open] -- "%1" %*
    O35 - exefile [open] -- "%1" %*

    NetSvcs: 6to4 - File not found
    NetSvcs: Ias - C:\WINDOWS\system32\ias [2009-08-20 12:48:09 | 00,000,000 | ---D | M]
    NetSvcs: Iprip - File not found
    NetSvcs: Irmon - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
    NetSvcs: WmdmPmSp - File not found


    SafeBootMin: Base - Driver Group
    SafeBootMin: Boot Bus Extender - Driver Group
    SafeBootMin: Boot file system - Driver Group
    SafeBootMin: File system - Driver Group
    SafeBootMin: Filter - Driver Group
    SafeBootMin: PCI Configuration - Driver Group
    SafeBootMin: PNP Filter - Driver Group
    SafeBootMin: Primary disk - Driver Group
    SafeBootMin: SCSI Class - Driver Group
    SafeBootMin: sermouse.sys - Driver
    SafeBootMin: System Bus Extender - Driver Group
    SafeBootMin: vga.sys - Driver
    SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
    SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
    SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
    SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
    SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
    SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
    SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
    SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
    SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
    SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
    SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
    SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
    SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

    SafeBootNet: Base - Driver Group
    SafeBootNet: Boot Bus Extender - Driver Group
    SafeBootNet: Boot file system - Driver Group
    SafeBootNet: File system - Driver Group
    SafeBootNet: Filter - Driver Group
    SafeBootNet: NDIS Wrapper - Driver Group
    SafeBootNet: NetBIOSGroup - Driver Group
    SafeBootNet: NetDDEGroup - Driver Group
    SafeBootNet: Network - Driver Group
    SafeBootNet: NetworkProvider - Driver Group
    SafeBootNet: PCI Configuration - Driver Group
    SafeBootNet: PNP Filter - Driver Group
    SafeBootNet: PNP_TDI - Driver Group
    SafeBootNet: Primary disk - Driver Group
    SafeBootNet: SCSI Class - Driver Group
    SafeBootNet: sermouse.sys - Driver
    SafeBootNet: Streams Drivers - Driver Group
    SafeBootNet: System Bus Extender - Driver Group
    SafeBootNet: TDI - Driver Group
    SafeBootNet: vga.sys - Driver
    SafeBootNet: {1a3e09be-1e45-494b-9174-d7385b45bbf5} -
    SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
    SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
    SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
    SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
    SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
    SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
    SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
    SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
    SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
    SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
    SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
    SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
    SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
    SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
    SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
    SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
    SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

    ========== Files/Folders - Created Within 30 Days ==========

    [2010-01-16 07:41:21 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
    [2010-01-16 07:21:56 | 00,000,000 | ---D | C] -- C:\WINDOWS\LastGood
    [2010-01-16 07:18:16 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\-\Recent
    [2010-01-15 23:40:21 | 00,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
    [2010-01-07 06:34:16 | 00,000,000 | ---D | C] -- C:\Program Files\ALLConverter
    [2010-01-01 12:38:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\-\.gstreamer-0.10
    [2010-01-01 12:38:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\OpenFM
    [2010-01-01 12:38:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\-\Dane aplikacji\OpenFM
    [2010-01-01 12:35:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\-\Dane aplikacji\Gadu-Gadu 10
    [2009-12-29 05:30:12 | 00,000,000 | ---D | C] -- C:\_OTL
    [2009-12-29 05:20:24 | 00,000,000 | ---D | C] -- C:\Program Files\Ventrilo
    [2009-12-28 13:25:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\-\Dane aplikacji\Uniblue
    [2009-12-28 12:39:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\Minidump
    [2009-12-22 11:03:07 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\InsFiles
    [2009-12-22 11:03:06 | 00,446,464 | R--- | C] (STMicroelectronics ) -- C:\WINDOWS\System32\stmadsl.cpl
    [2009-12-22 11:03:06 | 00,102,400 | R--- | C] (STMicroelectronics ) -- C:\WINDOWS\stmtrace.exe
    [2009-12-22 11:03:06 | 00,065,536 | R--- | C] (STMicroelectronics) -- C:\WINDOWS\DSLTest.exe
    [2009-12-22 11:03:05 | 00,060,255 | R--- | C] (STMicroelectronics ) -- C:\WINDOWS\System32\drivers\stmatm.sys
    [2009-12-22 11:02:05 | 00,425,984 | R--- | C] (STMicroelectronics ) -- C:\WINDOWS\System32\stmcfg32.dll
    [2009-12-22 11:02:05 | 00,151,552 | R--- | C] (STMicroelectronics ) -- C:\WINDOWS\System32\stmctrl.dll
    [2009-12-22 11:02:00 | 00,000,000 | ---D | C] -- C:\Program Files\ZTE ZXDSL 852
    [2009-09-01 14:46:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Dane aplikacji\ArcaBit
    [2009-08-20 11:09:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Microsoft
    [2009-08-20 11:05:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Microsoft
    [2009-08-20 11:03:36 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Dane aplikacji\Microsoft
    [2009-08-20 11:03:36 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Dane aplikacji\Microsoft
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2010-01-16 07:42:32 | 00,763,904 | ---- | M] () -- C:\WINDOWS\System32\drivers\Changer.sys
    [2010-01-16 07:41:22 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\-\Pulpit\HijackThis.lnk
    [2010-01-16 07:29:34 | 00,002,129 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Steam.lnk
    [2010-01-16 07:21:49 | 00,081,496 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
    [2010-01-16 07:21:48 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
    [2010-01-16 07:21:46 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2010-01-16 07:21:03 | 07,077,888 | -H-- | M] () -- C:\Documents and Settings\-\NTUSER.DAT
    [2010-01-16 07:21:03 | 00,000,188 | -HS- | M] () -- C:\Documents and Settings\-\ntuser.ini
    [2010-01-15 23:40:25 | 00,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Mozilla Firefox.lnk
    [2010-01-15 22:43:05 | 05,863,494 | -H-- | M] () -- C:\Documents and Settings\-\Ustawienia lokalne\Dane aplikacji\IconCache.db
    [2010-01-15 22:35:23 | 00,000,004 | ---- | M] () -- C:\Documents and Settings\-\Dane aplikacji\avdrn.dat
    [2010-01-12 16:53:54 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2010-01-11 20:56:01 | 00,000,528 | ---- | M] () -- C:\WINDOWS\win.ini
    [2010-01-08 22:20:01 | 00,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
    [2010-01-07 06:34:17 | 00,000,755 | ---- | M] () -- C:\Documents and Settings\-\Moje dokumenty\ALLConverter to PSP.lnk
    [2010-01-07 06:34:14 | 00,000,530 | ---- | M] () -- C:\Documents and Settings\-\Pulpit\ALLPlayer V4.2.lnk
    [2010-01-04 13:40:00 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
    [2010-01-02 22:20:06 | 00,012,328 | ---- | M] () -- C:\Documents and Settings\-\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
    [2009-12-29 05:12:48 | 00,000,808 | ---- | M] () -- C:\Documents and Settings\-\Moje dokumenty\HijackThis.lnk
    [2009-12-29 05:00:31 | 00,093,480 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2009-12-23 07:32:37 | 00,000,732 | ---- | M] () -- C:\Documents and Settings\-\Pulpit\Counter-Strike.lnk
    [2009-12-22 11:03:29 | 00,003,242 | ---- | M] () -- C:\WINDOWS\stsetup.htm
    [2009-12-22 11:03:26 | 00,001,414 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\ZTE ZXDSL 852.lnk
    [2009-12-21 16:53:24 | 00,000,452 | ---- | M] () -- C:\Documents and Settings\-\Moje dokumenty\spider.sav
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2010-01-16 07:41:21 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\-\Pulpit\HijackThis.lnk
    [2010-01-15 23:40:25 | 00,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Mozilla Firefox.lnk
    [2010-01-15 22:36:23 | 00,763,904 | ---- | C] () -- C:\WINDOWS\System32\drivers\Changer.sys
    [2010-01-15 22:35:23 | 00,000,004 | ---- | C] () -- C:\Documents and Settings\-\Dane aplikacji\avdrn.dat
    [2010-01-07 06:34:17 | 00,000,755 | ---- | C] () -- C:\Documents and Settings\-\Moje dokumenty\ALLConverter to PSP.lnk
    [2010-01-07 06:34:14 | 00,000,530 | ---- | C] () -- C:\Documents and Settings\-\Pulpit\ALLPlayer V4.2.lnk
    [2009-12-29 05:12:48 | 00,000,808 | ---- | C] () -- C:\Documents and Settings\-\Moje dokumenty\HijackThis.lnk
    [2009-12-23 07:32:37 | 00,000,732 | ---- | C] () -- C:\Documents and Settings\-\Pulpit\Counter-Strike.lnk
    [2009-12-23 07:28:37 | 00,002,129 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Steam.lnk
    [2009-12-22 11:03:26 | 00,001,414 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\ZTE ZXDSL 852.lnk
    [2009-12-22 11:03:07 | 00,000,161 | R--- | C] () -- C:\WINDOWS\DSLSetup.ini
    [2009-12-22 11:03:06 | 00,036,864 | R--- | C] () -- C:\WINDOWS\System32\stmclean.exe
    [2009-12-22 11:03:06 | 00,018,498 | R--- | C] () -- C:\WINDOWS\System32\CSALogo.bmp
    [2009-12-22 11:03:06 | 00,000,902 | R--- | C] () -- C:\WINDOWS\System32\setup.ini
    [2009-12-22 11:03:06 | 00,000,766 | R--- | C] () -- C:\WINDOWS\System32\icStop.ico
    [2009-12-22 11:03:06 | 00,000,766 | R--- | C] () -- C:\WINDOWS\System32\icShTx.ico
    [2009-12-22 11:03:06 | 00,000,766 | R--- | C] () -- C:\WINDOWS\System32\icShTR.ico
    [2009-12-22 11:03:06 | 00,000,766 | R--- | C] () -- C:\WINDOWS\System32\icShRx.ico
    [2009-12-22 11:03:06 | 00,000,766 | R--- | C] () -- C:\WINDOWS\System32\icShow.ico
    [2009-12-22 11:03:06 | 00,000,766 | R--- | C] () -- C:\WINDOWS\System32\icNoMo.ico
    [2009-12-22 11:03:06 | 00,000,766 | R--- | C] () -- C:\WINDOWS\System32\icInit.ico
    [2009-12-22 11:03:05 | 00,684,265 | R--- | C] () -- C:\WINDOWS\System32\drivers\torususb.sys
    [2009-12-22 11:01:54 | 00,003,242 | ---- | C] () -- C:\WINDOWS\stsetup.htm
    [2009-12-19 11:06:22 | 00,000,452 | ---- | C] () -- C:\Documents and Settings\-\Moje dokumenty\spider.sav
    [2009-09-28 18:27:11 | 00,000,041 | ---- | C] () -- C:\WINDOWS\2pic.ini
    [2009-09-20 15:57:02 | 00,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
    [2009-09-13 15:14:21 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
    [2009-09-13 15:14:20 | 00,004,608 | ---- | C] () -- C:\Documents and Settings\-\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2009-09-01 16:21:30 | 00,041,068 | ---- | C] () -- C:\WINDOWS\System32\ActPanel.dll
    [2009-08-20 11:17:32 | 00,168,448 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
    [2009-08-20 11:17:31 | 00,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
    [2009-08-20 11:17:31 | 00,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
    [2009-08-20 11:17:30 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
    [2009-08-20 11:17:30 | 00,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
    [2009-08-20 11:17:30 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
    [2009-08-20 11:17:29 | 00,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
    [2009-08-20 11:15:17 | 00,142,592 | ---- | C] () -- C:\WINDOWS\System32\drivers\aec.sys
    [2008-04-15 13:00:00 | 00,014,336 | ---- | C] () -- C:\WINDOWS\System32\drivers\asyncmac.sys
    [2006-10-31 07:35:00 | 01,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
    [2006-10-31 07:35:00 | 01,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
    [2006-10-31 07:35:00 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
    [2006-10-31 07:35:00 | 00,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
    [2006-10-31 07:35:00 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
    [2006-10-31 07:35:00 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
    [2006-10-31 07:35:00 | 00,196,608 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
    [2004-06-09 21:38:01 | 00,184,320 | ---- | C] () -- C:\WINDOWS\System32\JPeg32.dll
    [1996-04-03 20:33:26 | 00,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

    ========== Custom Scans ==========


    < %systemdrive%\*.* >
    [2009-08-20 11:03:38 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
    [2009-08-20 11:14:34 | 00,000,223 | RHS- | M] () -- C:\boot.ini
    [2008-04-15 13:00:00 | 00,004,952 | RHS- | M] () -- C:\Bootfont.bin
    [2009-08-20 11:03:38 | 00,000,000 | ---- | M] () -- C:\CONFIG.SYS
    [2009-08-20 11:15:21 | 00,000,206 | ---- | M] () -- C:\csb.log
    [2009-08-20 11:03:38 | 00,000,000 | RHS- | M] () -- C:\IO.SYS
    [2009-08-20 11:03:38 | 00,000,000 | RHS- | M] () -- C:\MSDOS.SYS
    [2008-04-15 13:00:00 | 00,047,564 | RHS- | M] () -- C:\NTDETECT.COM
    [2008-04-15 13:00:00 | 00,251,152 | RHS- | M] () -- C:\ntldr
    [2010-01-16 07:21:44 | 21,453,86496 | -HS- | M] () -- C:\pagefile.sys
    [2009-08-20 11:15:21 | 00,001,530 | ---- | M] () -- C:\RHDSetup.log

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:05EE1EEF
    < End of report >


    Log z HijackThis:
    Cytat:
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 13:09:48, on 2010-01-16
    Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\ArcaBit\Common\ArcaBit.Core.Configurator2.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
    C:\Program Files\Nero\Nero 7\InCD\InCD.exe
    C:\Program Files\ArcaBit\ArcaVir\AVMenu.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Documents and Settings\-\Bluebirds\BlueBirds.exe
    C:\Program Files\ArcaBit\ArcaAgent\ArcaRemoteSvc.exe
    C:\Program Files\OSCAR Editor\OscarEditor.exe
    C:\PROGRA~1\ArcaBit\Common\ARCATA~1.EXE
    C:\PROGRA~1\ArcaBit\ARCAUP~1\update.exe
    C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\wdfmgr.exe
    C:\Program Files\MultiKeyboard Driver\KbdDrv.exe
    C:\Program Files\OSCAR Editor\OscarData\Tools\MyShowMessage.exe
    C:\Program Files\ArcaBit\ArcaVir\FileMonSV.exe
    C:\Program Files\ArcaBit\ArcaVir\NetMonSV.exe
    C:\WINDOWS\System32\alg.exe
    D:\Program Files\Steam\Steam.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\WINDOWS\system32\NOTEPAD.EXE
    D:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.pl
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: IEPluginBHO - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Documents and Settings\-\Dane aplikacji\Gadu-Gadu 10\_userdata\ggbho.2.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
    O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
    O4 - HKLM\..\Run: [AvMenu] C:\Program Files\ArcaBit\ArcaVir\AVMenu.exe
    O4 - HKLM\..\Run: [ABRegmon] C:\Program Files\ArcaBit\ArcaVir\abregmon.exe
    O4 - HKLM\..\Run: [ArcaCheck] C:\Program Files\ArcaBit\ArcaVir\ArcaCheck.exe /startup
    O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
    O4 - HKLM\..\Run: [sysgif32] C:\WINDOWS\TEMP\~TM10E.tmp
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [ALLUpdate] "D:\Program Files\ALLPlayer\ALLUpdate.exe" "sleep"
    O4 - HKCU\..\Run: [bluebirds] C:\Documents and Settings\-\Bluebirds\BlueBirds.exe
    O4 - HKCU\..\Run: [OscarEditor] "C:\Program Files\OSCAR Editor\OscarEditor.exe" Minimum
    O4 - HKCU\..\Run: [Odkurzacz-MCD] D:\Program Files\Odkurzacz\odk_mcd.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: MutiKeyboard Driver.lnk = C:\Program Files\MultiKeyboard Driver\KbdDrv.exe
    O4 - Startup: siszyd32.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O9 - Extra button: ArcaVir >> - {40525A66-DB98-480D-BCF9-7AF88C1AF438} - C:\Program Files\ArcaBit\WebExtensions\ie\ArcaIEExt.dll
    O9 - Extra 'Tools' menuitem: ArcaVir >> - {40525A66-DB98-480D-BCF9-7AF88C1AF438} - C:\Program Files\ArcaBit\WebExtensions\ie\ArcaIEExt.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O17 - HKLM\System\CCS\Services\Tcpip\..\{F915B961-C3DF-4174-B746-B48FDCA272A0}: NameServer = 213.241.79.37 83.238.255.76
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O23 - Service: ArcaBit FileMonitor (ABFileMon) - ArcaBit - C:\Program Files\ArcaBit\ArcaVir\FileMonSV.exe
    O23 - Service: ArcaBit NetMonitor (ABNetMon) - ArcaBit - C:\Program Files\ArcaBit\ArcaVir\NetMonSV.exe
    O23 - Service: ArcaBit.Core.Configurator - ArcaBit - C:\Program Files\ArcaBit\Common\ArcaBit.Core.Configurator2.exe
    O23 - Service: ArcaBit.Core.LoggingService - ArcaBit - C:\Program Files\ArcaBit\Common\ArcaBit.Core.LoggingService.exe
    O23 - Service: ArcaBit Control (ArcaRemoteService) - Unknown owner - C:\Program Files\ArcaBit\ArcaAgent\ArcaRemoteSvc.exe
    O23 - Service: ArcaBit Tasks Service (AVTasks2) - ArcaBit - C:\PROGRA~1\ArcaBit\Common\ARCATA~1.EXE
    O23 - Service: ArcaBit Update Service (AVUpdate) - ArcaBit - C:\PROGRA~1\ArcaBit\ARCAUP~1\update.exe
    O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

    --
    End of file - 6659 bytes
  • Poziom 14  
    Witam.Ściągnij Process Explorer i go uruchom,

    najedź wskaźnikiem na svchost, który obciąża Ci procesor. Po chwili powinno pokazać się co jest do niego podpięte.
    Być może w ten sposób uzyskasz jakąś wskazówkę.

    Pozdrawiam.
  • Poziom 8  
    Jest napisane że " Program uruchamiający proces serwera DCOM. Usługi terminalowe"
    Co to może znaczyć?
  • Spec od komputerów
    Masz zainfekowany system. Odinstaluj ArcaVir, zrob skan przy pomocy cureit oraz mbam i usun infekcje. Nastepnie daj log z combofix.
  • Poziom 8  
    Log z ComboFix

    Cytat:
    ComboFix 10-01-15.05 - - 2010-01-16 15:05:38.1.2 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1250.48.1045.18.1983.1510 [GMT 1:00]
    Uruchomiony z: c:\documents and settings\-\Moje dokumenty\Pobieranie\ComboFix.exe
    .

    ((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\windows\system32\ieuinit.inf
    c:\windows\system32\setup.ini

    .
    ((((((((((((((((((((((((( Pliki utworzone od 2009-12-16 do 2010-01-16 )))))))))))))))))))))))))))))))
    .

    2010-01-16 13:28 . 2010-01-16 13:28 5115823 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
    2010-01-16 13:28 . 2010-01-16 13:28 -------- d-----w- c:\documents and settings\-\Dane aplikacji\Malwarebytes
    2010-01-16 13:27 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-01-16 13:27 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-01-16 13:27 . 2010-01-16 13:27 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Malwarebytes
    2010-01-16 13:21 . 2010-01-16 13:21 -------- d-----w- c:\documents and settings\-\DoctorWeb
    2010-01-16 06:41 . 2010-01-16 06:41 -------- d-----w- c:\program files\Trend Micro
    2009-12-22 10:03 . 2009-12-22 10:03 -------- d-----w- c:\windows\system32\InsFiles
    2009-12-22 10:03 . 2006-06-06 17:20 102400 ----a-r- c:\windows\stmtrace.exe
    2009-12-22 10:03 . 2005-07-07 19:02 65536 ----a-r- c:\windows\DSLTest.exe
    2009-12-22 10:03 . 2004-07-27 20:18 36864 ----a-r- c:\windows\system32\stmclean.exe
    2009-12-22 10:03 . 2006-05-25 17:28 684265 ----a-r- c:\windows\system32\drivers\torususb.sys
    2009-12-22 10:03 . 2003-08-12 16:51 60255 ----a-r- c:\windows\system32\drivers\stmatm.sys
    2009-12-22 10:02 . 2006-06-02 20:38 425984 ----a-r- c:\windows\system32\stmcfg32.dll
    2009-12-22 10:02 . 2006-06-02 13:01 151552 ----a-r- c:\windows\system32\stmctrl.dll
    2009-12-22 10:02 . 2009-12-22 10:02 -------- d-----w- c:\program files\ZTE ZXDSL 852
    2009-12-21 13:47 . 2009-12-21 13:47 37376 ----a-w- c:\documents and settings\-\Dane aplikacji\Gadu-Gadu 10\_userdata\ggbho.2.dll
    2009-12-21 13:47 . 2009-12-21 13:47 11776 ----a-w- c:\documents and settings\-\Dane aplikacji\Gadu-Gadu 10\_userdata\npgg.2.dll

    .
    (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-01-16 13:13 . 2009-09-01 13:33 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
    2010-01-16 13:13 . 2009-09-01 13:35 -------- d-----w- c:\program files\ArcaBit
    2010-01-15 22:25 . 2009-08-20 10:18 -------- d-----w- c:\program files\NAPI-PROJEKT
    2010-01-15 21:35 . 2010-01-15 21:35 16 ----a-w- c:\windows\system32\config\systemprofile\Dane aplikacji\fvgqad.dat
    2010-01-14 17:13 . 2010-01-01 11:38 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\OpenFM
    2010-01-08 07:20 . 2009-08-20 10:14 -------- d--h--w- c:\program files\InstallShield Installation Information
    2010-01-07 05:34 . 2010-01-07 05:34 -------- d-----w- c:\program files\ALLConverter
    2010-01-05 10:20 . 2009-08-20 10:18 -------- d-----w- c:\documents and settings\-\Dane aplikacji\Winamp
    2010-01-02 21:20 . 2009-09-01 13:07 12328 ----a-w- c:\documents and settings\-\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
    2010-01-01 11:40 . 2010-01-01 11:35 -------- d-----w- c:\documents and settings\-\Dane aplikacji\Gadu-Gadu 10
    2010-01-01 11:38 . 2010-01-01 11:38 -------- d-----w- c:\documents and settings\-\Dane aplikacji\OpenFM
    2009-12-29 04:21 . 2009-12-29 04:20 -------- d-----w- c:\program files\Ventrilo
    2009-12-28 12:59 . 2009-12-03 14:02 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Lavasoft
    2009-12-28 12:25 . 2009-12-28 12:25 -------- d-----w- c:\documents and settings\-\Dane aplikacji\Uniblue
    2009-12-23 06:30 . 2009-09-01 13:48 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\ArcaBit
    2009-12-15 15:32 . 2009-09-01 15:20 -------- d-----w- c:\program files\neostrada tp
    2009-12-11 03:56 . 2008-04-15 12:00 49696 ----a-w- c:\windows\system32\perfc015.dat
    2009-12-11 03:56 . 2008-04-15 12:00 355816 ----a-w- c:\windows\system32\perfh015.dat
    2009-12-03 13:14 . 2009-09-19 13:49 -------- d-----w- c:\documents and settings\-\Dane aplikacji\skypePM
    2009-11-21 16:03 . 2008-04-15 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
    2009-10-29 05:26 . 2008-04-15 12:00 669696 ----a-w- c:\windows\system32\wininet.dll
    2009-10-21 05:40 . 2008-04-15 12:00 75776 ----a-w- c:\windows\system32\strmfilt.dll
    2009-10-21 05:40 . 2008-04-15 12:00 25088 ----a-w- c:\windows\system32\httpapi.dll
    2009-10-20 16:20 . 2008-04-15 12:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
    .

    ------- Sigcheck -------

    [7] 2008-04-15 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\asyncmac.sys
    [-] 2008-04-15 12:00 . B211778B80F6D441B6CF61ADA776FC6D . 14336 . . [------] . . c:\windows\system32\drivers\asyncmac.sys

    [7] 2008-04-13 20:09 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\system32\dllcache\aec.sys
    [-] 2008-04-13 20:09 . 3E81C4B57E1A1FB18B82ACA9AC6EBD3C . 142592 . . [------] . . c:\windows\system32\drivers\aec.sys
    .
    ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ALLUpdate"="d:\program files\ALLPlayer\ALLUpdate.exe" [2009-11-11 870400]
    "bluebirds"="c:\documents and settings\-\Bluebirds\BlueBirds.exe" [2009-04-29 270336]
    "OscarEditor"="c:\program files\OSCAR Editor\OscarEditor.exe" [2008-07-30 2865152]
    "Odkurzacz-MCD"="d:\program files\Odkurzacz\odk_mcd.exe" [2008-08-16 264704]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-31 7634944]
    "nwiz"="nwiz.exe" [2006-10-31 1622016]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-31 86016]
    "RTHDCPL"="RTHDCPL.EXE" [2008-12-09 18063872]
    "WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-07-01 37888]
    "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
    "SecurDisc"="c:\program files\Nero\Nero 7\InCD\NBHGui.exe" [2007-11-26 1629480]
    "InCD"="c:\program files\Nero\Nero 7\InCD\InCD.exe" [2007-11-26 1057064]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360]

    c:\documents and settings\-\Menu Start\Programy\Autostart\
    MutiKeyboard Driver.lnk - c:\program files\MultiKeyboard Driver\KbdDrv.exe [2009-9-16 366080]

    c:\documents and settings\All Users\Menu Start\Programy\Autostart\
    Adobe Reader Speed Launch.lnk - d:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "d:\\Program Files\\Gadu-Gadu\\gg.exe"=
    "d:\\Program Files\\Steam\\steamapps\\karol79846\\counter-strike\\hl.exe"=
    "d:\\Program Files\\Ares\\Ares.exe"=
    "d:\\Program Files\\Steam\\steamapps\\torrellas\\counter-strike source\\hl2.exe"=
    "d:\\Program Files\\mIRC\\mirc.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "d:\\Program Files\\Steam\\Steam.exe"=
    "d:\\Program Files\\Gadu-Gadu 10\\gg.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "50001:TCP"= 50001:TCP:ArcaVir CommunicationPort (S)
    "50000:TCP"= 50000:TCP:ArcaVir CommunicationPort (A)

    R3 Stmatm;ATM/ADSL miniport;c:\windows\system32\drivers\stmatm.sys [2009-12-22 60255]
    R3 TaurusUsb;ADSL Modem USB Service;c:\windows\system32\drivers\torususb.sys [2009-12-22 684265]
    S2 AVTasks2;ArcaBit Tasks Service;c:\progra~1\ArcaBit\Common\ARCATA~1.EXE --> c:\progra~1\ArcaBit\Common\ARCATA~1.EXE [?]
    S3 Usbfilt;UsbFilt;c:\windows\system32\drivers\usbfilt.sys [2009-09-16 26166]
    .
    .
    ------- Skan uzupełniający -------
    .
    uStart Page = hxxp://www.neostrada.pl
    IE: {{40525A66-DB98-480D-BCF9-7AF88C1AF438} - {40525A66-DB98-480D-BCF9-7AF88C1AF438} - c:\program files\ArcaBit\WebExtensions\ie\ArcaIEExt.dll
    TCP: {F915B961-C3DF-4174-B746-B48FDCA272A0} = 213.241.79.37 83.238.255.76
    FF - ProfilePath - c:\documents and settings\-\Dane aplikacji\Mozilla\Firefox\Profiles\xprllvzx.default\
    FF - prefs.js: browser.startup.homepage - hxxp://google.pl
    FF - plugin: c:\documents and settings\-\Dane aplikacji\Gadu-Gadu 10\_userdata\npgg.2.dll
    FF - plugin: c:\program files\Java\j2re1.4.0_03\bin\NPJava11.dll
    FF - plugin: c:\program files\Java\j2re1.4.0_03\bin\NPJava12.dll
    FF - plugin: c:\program files\Java\j2re1.4.0_03\bin\NPJava13.dll
    FF - plugin: c:\program files\Java\j2re1.4.0_03\bin\NPJava32.dll
    FF - plugin: c:\program files\Java\j2re1.4.0_03\bin\NPJPI140_03.dll
    FF - plugin: c:\program files\Java\j2re1.4.0_03\bin\NPOJI610.dll
    FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
    FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
    FF - plugin: d:\program files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-01-16 15:07
    Windows 5.1.2600 Dodatek Service Pack 3 NTFS

    skanowanie ukrytych procesów ...

    skanowanie ukrytych wpisów autostartu ...

    skanowanie ukrytych plików ...

    skanowanie pomyślnie ukończone
    ukryte pliki: 0

    **************************************************************************
    .
    Czas ukończenia: 2010-01-16 15:07:43
    ComboFix-quarantined-files.txt 2010-01-16 14:07

    Przed: 63 790 075 904 bajtów wolnych
    Po: 63 997 747 200 bajtów wolnych

    WindowsXP-KB310994-SP2-Home-BootDisk-PLK.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /usepmtimer

    - - End Of File - - 40C1E0288AFE4FACF34115952C4F33B2
  • Spec od komputerów
    Z infekcji zostal do kasacji jeszcze ten jeden plik, usun go recznie:
    c:\windows\system32\config\systemprofile\Dane aplikacji\fvgqad.dat

    Po ArcaVir'ze zostalo wiecej smieci, jak chcesz to uzyj CFScript.txt z combofix:

    Folder::
    c:\program files\ArcaBit
    c:\documents and settings\All Users\Dane aplikacji\ArcaBit

    Registry::
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "50001:TCP"=-
    "50000:TCP"=-

    Driver::
    AVTasks2


    Po wszystkim zainstaluj Avire, Avast lub Avg.
  • Poziom 8  
    Dzięki bardzo pomogło komputer znowu chodzi tak jak trzeba. A Arcavir do niczego sie nie nadaje bo ja mam wykupioną licencję na ponad pół roku jeszcze.