svchost 100% przy starcie

[koperkuba]

Prosze o sprawdzenie loga. Przy starcie XP nic nie można zrobić przez około 1 min - 2 minut. Svchost jest na 100%, potem się normuje.
Oto log:

Kod: Zaznacz wszystko

Deckard's System Scanner v20071014.68
Run by kuba on 2008-01-30 19:51:18
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
16: 2008-01-30 18:51:22 UTC - RP27 - Deckard's System Scanner Restore Point
15: 2008-01-29 22:55:24 UTC - RP26 - Zainstalowano Windows XP KB894391.
14: 2008-01-29 22:24:54 UTC - RP25 - Zainstalowano Windows XP KB927891.
13: 2008-01-29 21:19:48 UTC - RP24 - Zainstalowano Windows XP KB921883.
12: 2008-01-28 19:32:53 UTC - RP23 - Punkt kontrolny systemu


-- First Restore Point --
1: 2008-01-18 18:15:32 UTC - RP12 - Punkt kontrolny systemu


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as kuba.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:52:31, on 2008-01-30
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Gadu-Gadu\gg.exe
C:\Documents and Settings\kuba\Pulpit\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\kuba.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -s
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {83AFB5CA-ED35-11D4-A452-0080C8D85045} (GameDesire Poker Games) - http://67.15.101.33/g_bin/pl/poker_2_0_0_49.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs:   C:\WINDOWS\system32\guard32.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 4517 bytes

-- File Associations -----------------------------------------------------------

[COLOR=red].cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*[/COLOR]
[COLOR=red].cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%*[/COLOR]


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

All drivers whitelisted.


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

All services whitelisted.


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Files created between 2007-12-30 and 2008-01-30 -----------------------------

2008-01-30 19:52:23         0 d-------- C:\Program Files\Trend Micro
2008-01-29 23:55:05         0 d-------- C:\WINDOWS\LastGood
2008-01-29 22:15:28         0 d--h----- C:\WINDOWS\$hf_mig$
2008-01-27 22:06:13         0 d-------- C:\WINDOWS\Sun
2008-01-24 23:48:02         0 d-------- C:\Program Files\EasyEclipse Desktop Java 1.2.2
2008-01-24 00:01:43         0 d-------- C:\setups
2008-01-24 00:00:00         0 d-------- C:\Program Files\createinstall free
2008-01-23 23:32:16         0 d-------- C:\Program Files\eMule
2008-01-23 22:22:08         0 d-------- C:\Program Files\COMODO
2008-01-23 21:51:24         0 d-------- C:\Program Files\Alwil Software
2008-01-23 15:49:56         0 d-------- C:\Program Files\Microsoft Silverlight
2008-01-23 15:47:44         0 d-------- C:\Program Files\Microsoft SQL Server
2008-01-23 15:44:23         0 d-------- C:\Program Files\Microsoft Synchronization Services
2008-01-23 15:44:23         0 d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2008-01-23 15:42:15         0 d-------- C:\Program Files\Microsoft.NET
2008-01-23 15:42:15         0 d-------- C:\Program Files\Microsoft Visual Studio 9.0
2008-01-23 15:41:57         0 d-------- C:\Program Files\Microsoft SDKs
2008-01-23 15:41:11         0 d-------- C:\Program Files\MSBuild
2008-01-23 15:41:05         0 d-------- C:\WINDOWS\system32\XPSViewer
2008-01-23 15:40:59         0 d-------- C:\Program Files\Reference Assemblies
2008-01-23 15:39:04         0 d-------- C:\Program Files\MSXML 6.0
2008-01-22 23:22:37         0 d-------- C:\Program Files\totalcmd
2008-01-22 21:31:19         0 d-------- C:\WINDOWS\RegisteredPackages
2008-01-22 21:30:30         0 d-------- C:\Program Files\Winamp
2008-01-18 18:18:55         0 d-------- C:\Program Files\7-Zip
2008-01-17 21:33:20         0 d-------- C:\Program Files\Skype
2008-01-17 21:33:20         0 d-------- C:\Program Files\Common Files\Skype
2008-01-15 23:30:58    157696 --a------ C:\WINDOWS\system32\unrar.dll
2008-01-15 23:30:56    217088 --a------ C:\WINDOWS\system32\xvidvfw.dll
2008-01-15 23:30:56    856064 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-01-15 23:30:56    569362 --a------ C:\WINDOWS\system32\x264vfw.dll
2008-01-15 23:30:56   1415680 --a------ C:\WINDOWS\system32\WMV9VCM.dll <Not Verified; Microsoft Corporation; Windows Media Video 9 VCM>
2008-01-15 23:30:56   3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-01-15 23:30:56    619668 --a------ C:\WINDOWS\system32\divx.dll <Not Verified; DivX, Inc.; DivX®>
2008-01-15 23:30:56    286720 --a------ C:\WINDOWS\system32\3ivxVfWCodec.dll <Not Verified; 3ivx.com; 3ivx D4 4.5.1 Pro>
2008-01-15 23:30:56   1024000 --a------ C:\WINDOWS\system32\3ivx.dll <Not Verified; 3ivx.com; 3ivx D4 4.5.1 Pro>
2008-01-15 23:30:55      5120 --a------ C:\WINDOWS\system32\ff_vfw.dll
2008-01-15 23:30:55         0 d-------- C:\Program Files\K-Lite Codec Pack
2008-01-15 23:27:37         0 d-------- C:\Program Files\MarBit
2008-01-15 19:40:29         0 d-------- C:\Program Files\Common Files\Adobe
2008-01-15 14:38:55         4 --a------ C:\WINDOWS\system32\proc-503976190.bin
2008-01-14 16:45:18         0 d-------- C:\.Trash-jkoprowski
2008-01-14 01:04:27         0 d-------- C:\Program Files\Azureus
2008-01-14 01:02:40         0 d-------- C:\Program Files\OpenOffice.org 2.3
2008-01-14 01:02:17         0 d-------- C:\Program Files\Java
2008-01-14 01:02:17         0 d-------- C:\Program Files\Common Files\Java
2008-01-14 01:01:44         0 d-------- C:\Program FilesOo
2008-01-14 00:44:30         0 d-------- C:\Program Files\Gadu-Gadu
2008-01-14 00:32:56      1167 --a------ C:\WINDOWS\mozver.dat
2008-01-14 00:29:29         0 d-------- C:\Program Files\Mozilla Thunderbird
2008-01-14 00:26:47         0 d-------- C:\Program Files\MozBackup
2008-01-14 00:26:18         0 --a------ C:\WINDOWS\nsreg.dat
2008-01-13 23:35:04         0 d-------- C:\WINDOWS\system32\NtmsData
2008-01-13 19:17:25         0 d-------- C:\WUTemp
2008-01-13 17:22:47         0 d--hs---- C:\WINDOWS\Installer
2008-01-13 17:22:47         0 d-------- C:\Program Files\Common Files\ODBC
2008-01-13 17:22:44         0 d-------- C:\Program Files\Common Files\SpeechEngines
2008-01-13 17:22:43         0 dr------- C:\Program Files
2008-01-13 17:22:43         0 d-------- C:\Program Files\Common Files
2008-01-13 17:22:05         0 d-------- C:\WINDOWS\system32\CatRoot2
2008-01-13 17:22:05         0 d-------- C:\WINDOWS\system32\CatRoot
2008-01-13 17:21:35         0 d--hs---- C:\System Volume Information
2008-01-13 17:21:35         0 d-------- C:\Documents and Settings
2008-01-13 17:16:49         0 d-------- C:\WINDOWS
2008-01-13 17:16:49         0 d-------- C:\WINDOWS\WinSxS
2008-01-13 17:16:49         0 dr------- C:\WINDOWS\Web
2008-01-13 17:16:49         0 d-------- C:\WINDOWS\twain_32
2008-01-13 17:16:49         0 d-------- C:\WINDOWS\system32
2008-01-13 17:16:49         0 d-------- C:\WINDOWS\system32\wins
2008-01-13 17:16:49         0 d-------- C:\WINDOWS\system32\wbem
2008-01-13 17:16:49         0 d-------- C:\WINDOWS\system32\usmt
2008-01-13 17:16:49         0 d-------- C:\WINDOWS\system32\spool
2008-01-13 17:16:49         0 d-------- C:\WINDOWS\system32\ShellExt
2008-01-13 17:16:49         0 d-------- C:\WINDOWS\system32\Setup
2008-01-13 17:16:49         0 d-------- C:\WINDOWS\system32\ras
2008-01-13 17:16:49         0 d-------- C:\WINDOWS\system32\oobe
2008-01-13 17:16:49         0 d-------- C:\WINDOWS\system32\npp
2008-01-13 17:16:49         0 d-------- C:\WINDOWS\system32\mui
2008-01-13 17:16:49         0 d-------- C:\WINDOWS\system32\inetsrv
2008-01-13 17:16:49         0 d-------- C:\WINDOWS\system32\IME
2008-01-13 17:16:49         0 d-------- C:\WINDOWS\system32\icsxml
2008-01-13 17:16:49         0 d-------- C:\WINDOWS\system32\ias
2008-01-13 17:16:49         0 d-------- C:\WINDOWS\system32\export
2008-01-13 17:16:49         0 d-------- C:\WINDOWS\system32\drivers
2008-01-13 17:16:49         0 d-------- C:\WINDOWS\system32\drivers\etc
2008-01-13 17:16:49         0 d-------- C:\WINDOWS\system32\drivers\disdn
2008-01-13 17:16:49         0 dr-hs--c- C:\WINDOWS\system32\dllcache
2008-01-13 17:16:49         0 d-------- C:\WINDOWS\system32\dhcp
2008-01-13 17:16:49         0 d-------- C:\WINDOWS\system32\config
2008-01-13 17:16:49         0 d-------- C:\WINDOWS\system32\3com_dmi
2008-01-13 17:16:49         0 d-------- C:\WINDOWS\system32\3076
2008-01-13 17:16:49         0 d-------- C:\WINDOWS\system32\2052
2008-01-13 17:16:49         0 d-------- C:\WINDOWS\system32\1054
2008-01-13 17:16:49         0 d-------- C:\WINDOWS\system32\1045
2008-01-13 17:16:49         0 d-------- C:\WINDOWS\system32\1042
2008-01-13 17:16:49         0 d-------- C:\WINDOWS\system32\1041
2008-01-13 17:16:49         0 d-------- C:\WINDOWS\system32\1037
2008-01-13 17:16:49         0 d-------- C:\WINDOWS\system32\1033
2008-01-13 17:16:49         0 d-------- C:\WINDOWS\system32\1031
2008-01-13 17:16:49         0 d-------- C:\WINDOWS\system32\1028
2008-01-13 17:16:49         0 d-------- C:\WINDOWS\system32\1025
2008-01-13 17:16:49         0 d-------- C:\WINDOWS\system
2008-01-13 17:16:49         0 d-------- C:\WINDOWS\security
2008-01-13 17:16:49         0 d-------- C:\WINDOWS\Resources
2008-01-13 17:16:49         0 d-------- C:\WINDOWS\repair
2008-01-13 17:16:49         0 d-------- C:\WINDOWS\Provisioning
2008-01-13 17:16:49         0 d-------- C:\WINDOWS\PeerNet
2008-01-13 17:16:49         0 d-------- C:\WINDOWS\pchealth
2008-01-13 17:16:49         0 d-------- C:\WINDOWS\mui
2008-01-13 17:16:49         0 d-------- C:\WINDOWS\msapps
2008-01-13 17:16:49         0 d-------- C:\WINDOWS\msagent
2008-01-13 17:16:49         0 d-------- C:\WINDOWS\Media
2008-01-13 17:16:49         0 d-------- C:\WINDOWS\java
2008-01-13 17:16:49         0 d--h----- C:\WINDOWS\inf
2008-01-13 17:16:49         0 d-------- C:\WINDOWS\ime
2008-01-13 17:16:49         0 d-------- C:\WINDOWS\Help
2008-01-13 17:16:49         0 dr--s---- C:\WINDOWS\Fonts
2008-01-13 17:16:49         0 d-------- C:\WINDOWS\ehome
2008-01-13 17:16:49         0 d-------- C:\WINDOWS\Driver Cache
2008-01-13 17:16:49         0 d-------- C:\WINDOWS\Debug
2008-01-13 17:16:49         0 d-------- C:\WINDOWS\Cursors
2008-01-13 17:16:49         0 d-------- C:\WINDOWS\Connection Wizard
2008-01-13 17:16:49         0 d-------- C:\WINDOWS\Config
2008-01-13 17:16:49         0 d-------- C:\WINDOWS\AppPatch
2008-01-13 17:16:49         0 d-------- C:\WINDOWS\addins
2008-01-13 17:06:24         0 d-------- C:\WINDOWS\nview
2008-01-13 17:05:59         0 d-------- C:\NVIDIA
2008-01-13 16:52:33         0 d-------- C:\WINDOWS\system32\Lang
2008-01-13 16:51:31     49152 --a------ C:\WINDOWS\system32\ChCfg.exe
2008-01-13 16:51:20         0 d-------- C:\WINDOWS\system32\RTCOM
2008-01-13 16:51:09         0 d-------- C:\Program Files\Realtek
2008-01-13 16:51:09         0 d--h----- C:\Program Files\InstallShield Installation Information
2008-01-13 16:51:08    499712 --a------ C:\WINDOWS\RtlExUpd.dll <Not Verified; Realtek Semiconductor Corp.; RtlExUpd Dynamic Link Library>
2008-01-13 16:50:51         0 d-------- C:\Program Files\DIFX
2008-01-13 16:50:50         0 d-------- C:\WINDOWS\system32\ReinstallBackups
2008-01-13 16:50:49         0 d------c- C:\WINDOWS\system32\DRVSTORE
2008-01-13 16:50:01      1428 --a------ C:\WINDOWS\system32\drivers\nvphy.bin
2008-01-13 16:49:54         0 d-------- C:\Program Files\Common Files\InstallShield
2008-01-13 16:35:55         0 d-------- C:\WINDOWS\SoftwareDistribution
2008-01-13 16:35:53         0 d-------- C:\WINDOWS\Prefetch
2008-01-13 16:35:52         0 d---s---- C:\WINDOWS\system32\Microsoft
2008-01-13 16:31:49         0 d-------- C:\WINDOWS\system32\xircom
2008-01-13 16:31:49         0 d-------- C:\Program Files\microsoft frontpage
2008-01-13 16:31:37         0 -rahs---- C:\MSDOS.SYS
2008-01-13 16:31:37         0 -rahs---- C:\IO.SYS
2008-01-13 16:31:37         0 --a------ C:\CONFIG.SYS
2008-01-13 16:31:37         0 --a------ C:\AUTOEXEC.BAT
2008-01-13 16:30:49         0 dr------- C:\WINDOWS\Offline Web Pages
2008-01-13 16:30:49         0 d---s---- C:\WINDOWS\Downloaded Program Files
2008-01-13 16:30:41         0 d--h----- C:\Program Files\WindowsUpdate
2008-01-13 16:30:39         0 d-------- C:\Program Files\Usługi online
2008-01-13 16:30:24         0 d-------- C:\WINDOWS\system32\DirectX
2008-01-13 16:29:46         0 d---s---- C:\WINDOWS\Tasks
2008-01-13 16:29:44         0 d-------- C:\Program Files\Common Files\MSSoap
2008-01-13 16:29:41         0 d-------- C:\WINDOWS\srchasst
2008-01-13 16:29:40         0 d-------- C:\WINDOWS\system32\Macromed
2008-01-13 16:29:33         0 d-------- C:\Program Files\Movie Maker
2008-01-13 16:29:25         0 d-------- C:\WINDOWS\system32\Restore
2008-01-13 16:28:54     21856 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-01-13 16:28:43         0 d-------- C:\WINDOWS\Registration
2008-01-13 16:28:33         0 d-------- C:\Program Files\Messenger
2008-01-13 16:28:30         0 d-------- C:\Program Files\MSN Gaming Zone
2008-01-13 16:27:58         0 d-------- C:\Program Files\Windows NT
2008-01-13 16:27:55         0 d-------- C:\WINDOWS\system32\MsDtc
2008-01-13 16:27:53         0 d-------- C:\WINDOWS\system32\Com


-- Find3M Report ---------------------------------------------------------------

2008-01-30 19:51:43         0 d-------- C:\Documents and Settings\kuba\Dane aplikacji\Azureus
2008-01-29 23:52:51         0 d-------- C:\Documents and Settings\kuba\Dane aplikacji\OpenOffice.org2
2008-01-29 22:38:10         0 d-------- C:\Documents and Settings\kuba\Dane aplikacji\Comodo
2008-01-29 17:50:28         0 d-------- C:\Documents and Settings\kuba\Dane aplikacji\Skype
2008-01-29 17:03:35         0 d-------- C:\Documents and Settings\kuba\Dane aplikacji\skypePM
2008-01-24 19:55:54         0 d-------- C:\Documents and Settings\kuba\Dane aplikacji\Subversion
2008-01-23 15:49:29    537860 --a------ C:\WINDOWS\system32\perfh015.dat
2008-01-23 15:49:29    101850 --a------ C:\WINDOWS\system32\perfc015.dat
2008-01-22 21:34:02         0 d-------- C:\Documents and Settings\kuba\Dane aplikacji\Winamp
2008-01-17 21:44:17         0 d-------- C:\Documents and Settings\kuba\Dane aplikacji\AdobeUM
2008-01-17 21:43:47         0 d-------- C:\Documents and Settings\kuba\Dane aplikacji\Adobe
2008-01-15 14:38:55         0 d-------- C:\Documents and Settings\kuba\Dane aplikacji\GanymedeNet
2008-01-14 01:02:09         0 d-------- C:\Documents and Settings\kuba\Dane aplikacji\Sun
2008-01-14 00:46:52         0 d-------- C:\Documents and Settings\kuba\Dane aplikacji\Gadu-Gadu
2008-01-14 00:30:48         0 d-------- C:\Documents and Settings\kuba\Dane aplikacji\Talkback
2008-01-14 00:30:46         0 d-------- C:\Documents and Settings\kuba\Dane aplikacji\Mozilla
2008-01-14 00:30:45         0 d-------- C:\Documents and Settings\kuba\Dane aplikacji\Thunderbird
2008-01-13 23:47:46         0 d-------- C:\Documents and Settings\kuba\Dane aplikacji\InstallShield
2008-01-13 17:22:17        62 --ahs---- C:\Documents and Settings\kuba\Dane aplikacji\desktop.ini
2008-01-13 16:56:03         0 d-------- C:\Documents and Settings\kuba\Dane aplikacji\Macromedia
2008-01-13 16:44:40         0 d-------- C:\Documents and Settings\kuba\Dane aplikacji\Identities
2007-12-05 01:41:00   1626112 --a------ C:\WINDOWS\system32\nwiz.exe
2007-12-05 01:41:00   1019904 --a------ C:\WINDOWS\system32\nvwimg.dll
2007-12-05 01:41:00   1703936 --a------ C:\WINDOWS\system32\nvwdmcpl.dll
2007-12-05 01:41:00    466944 --a------ C:\WINDOWS\system32\nvshell.dll
2007-12-05 01:41:00   1474560 --a------ C:\WINDOWS\system32\nview.dll
2007-12-05 01:41:00   1339392 --a------ C:\WINDOWS\system32\nvdspsch.exe
2007-12-05 01:41:00    442368 --a------ C:\WINDOWS\system32\nvappbar.exe
2007-12-05 01:41:00    425984 --a------ C:\WINDOWS\system32\keystone.exe


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-10-30 05:49 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 04:04 C:\WINDOWS\SkyTel.exe]
"Alcmtr"="ALCMTR.EXE" [2005-05-03 04:43 C:\WINDOWS\Alcmtr.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41]
"nwiz"="nwiz.exe" [2007-12-05 01:41 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-01-15 23:54]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00]
"COMODO Firewall Pro"="C:\Program Files\COMODO\Firewall\cfp.exe" [2008-01-29 22:38]

C:\Documents and Settings\kuba\Menu Start\Programy\Autostart\
OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 21:57:56]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 07:05:26]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=  C:\WINDOWS\system32\guard32.dll




-- End of Deckard's System Scanner: finished at 2008-01-30 19:53:17 ------------



Dziwi mnie to jeszcze

Kod: Zaznacz wszystko

-- Application Event Log -------------------------------------------------------

Event Record #/Type965 / Error
Event Submitted/Written: 01/29/2008 05:59:58 PM
Event ID/Source: 1000 / Application Error
Event Description:
Aplikacja powodująca błąd svchost.exe, wersja 5.1.2600.2180, moduł powodujący błąd netapi32.dll, wersja 5.1.2600.2180, adres błędu 0x0000a3c0.
Przetwarzanie zdarzenia określonego nośnika dla [svchost.exe!ws!]

Event Record #/Type923 / Error
Event Submitted/Written: 01/29/2008 03:20:01 PM
Event ID/Source: 1000 / Application Error
Event Description:
Aplikacja powodująca błąd svchost.exe, wersja 5.1.2600.2180, moduł powodujący błąd netapi32.dll, wersja 5.1.2600.2180, adres błędu 0x0000a3c0.
Przetwarzanie zdarzenia określonego nośnika dla [svchost.exe!ws!]

Event Record #/Type793 / Error
Event Submitted/Written: 01/25/2008 07:02:16 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Aplikacja zawieszająca javaw.exe, wersja 5.0.90.1, moduł zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.

Event Record #/Type767 / Error
Event Submitted/Written: 01/24/2008 07:52:35 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Aplikacja zawieszająca Skype.exe, wersja 3.6.11.244, moduł zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.

Event Record #/Type725 / Error
Event Submitted/Written: 01/24/2008 04:50:34 PM
Event ID/Source: 1000 / Application Error
Event Description:
Aplikacja powodująca błąd svchost.exe, wersja 5.1.2600.2180, moduł powodujący błąd netapi32.dll, wersja 5.1.2600.2180, adres błędu 0x0000a3c0.
Przetwarzanie zdarzenia określonego nośnika dla [svchost.exe!ws!]


[/code]

[wojtas]

Wykonaj to co jest podane w tym temacie



Zastosuj SDFix . Po pobraniu uruchom go a rozpakuje się do C:\SDFix. Uruchom komputer w trybie awaryjnym (F8 przy stracie systemu). Będąc w awaryjnym uruchom plik RunThis.bat z folderu SDFixa. Zatwierdź czyszczenie przez Y. Poczekaj aż ukończy i komputer zresetuje

Potem wejdz do folderu C:\SDFix wrzuc zawartość pliku Report.txt + log z combofixa

[koperkuba]

Kod: Zaznacz wszystko


SDFix: Version 1.133

Run by kuba on 2008-01-30 at 20:33

Microsoft Windows XP [Wersja 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files:

No Trojan Files Found






Removing Temp Files...

ADS Check:




                                 Final Check:

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-30 20:36:30
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

detected NTDLL code modification:
ZwClose

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\A\1\5\1c]
"Order"=hex:08,00,00,00,02,00,00,00,b8,01,00,00,01,00,00,00,04,00,00,00,8c,..

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:uTorrent"
"C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe:*:Enabled:Azureus"
"F:\\totalcmd\\TOTALCMD.EXE"="F:\\totalcmd\\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows"
"C:\\Program Files\\totalcmd\\TOTALCMD.EXE"="C:\\Program Files\\totalcmd\\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows"
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
"C:\\Program Files\\EasyEclipse Desktop Java 1.2.2\\jre\\bin\\javaw.exe"="C:\\Program Files\\EasyEclipse Desktop Java 1.2.2\\jre\\bin\\javaw.exe:*:Enabled:Java(TM) 2 Platform Standard Edition binary"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

Remaining Files:
---------------


Files with Hidden Attributes:


Finished!

Kod: Zaznacz wszystko

ComboFix 08-01-30.6 - kuba 2008-01-30 20:41:28.1 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1250.1.1045.18.1588 [GMT 1:00]
Running from: C:\Documents and Settings\kuba\Pulpit\ComboFix.exe
* Created a new restore point

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.
[color=purple]The following files were disabled during the run:[/color]
C:\WINDOWS\system32\guard32.dll


(((((((((((((((((((((((((   Files Created from 2007-12-28 to 2008-01-30  )))))))))))))))))))))))))))))))
.

2008-01-30 20:32 . 2008-01-30 20:32   <DIR>   d--------   C:\WINDOWS\ERUNT
2008-01-30 19:52 . 2008-01-30 19:52   <DIR>   d--------   C:\Program Files\Trend Micro
2008-01-30 19:51 . 2008-01-30 19:51   <DIR>   d--------   C:\Deckard
2008-01-29 22:38 . 2008-01-29 22:39   <DIR>   d--------   C:\Documents and Settings\All Users\Dane aplikacji\comodo
2008-01-29 22:38 . 2008-01-29 22:38   139,008   --a------   C:\WINDOWS\system32\guard32.dll.vir
2008-01-29 22:38 . 2008-01-29 22:38   81,272   --a------   C:\WINDOWS\system32\drivers\cmdGuard.sys
2008-01-29 22:38 . 2008-01-29 22:38   23,672   --a------   C:\WINDOWS\system32\drivers\cmdhlp.sys
2008-01-29 22:15 . 2008-01-29 23:24   <DIR>   d--h-----   C:\WINDOWS\$hf_mig$
2008-01-27 22:06 . 2008-01-27 22:06   <DIR>   d--------   C:\WINDOWS\Sun
2008-01-25 20:13 . 2004-08-03 23:08   26,496   --a--c---   C:\WINDOWS\system32\dllcache\usbstor.sys
2008-01-24 23:48 . 2008-01-29 23:56   <DIR>   d--------   C:\Program Files\EasyEclipse Desktop Java 1.2.2
2008-01-24 19:55 . 2008-01-24 19:55   <DIR>   d--------   C:\Documents and Settings\kuba\Dane aplikacji\Subversion
2008-01-24 00:01 . 2008-01-24 00:01   <DIR>   d--------   C:\setups
2008-01-24 00:00 . 2008-01-29 22:42   <DIR>   d--------   C:\Program Files\createinstall free
2008-01-23 23:32 . 2008-01-24 02:45   <DIR>   d--------   C:\Program Files\eMule
2008-01-23 22:22 . 2008-01-29 22:38   <DIR>   d--------   C:\Program Files\COMODO
2008-01-23 22:22 . 2008-01-29 22:38   <DIR>   d--------   C:\Documents and Settings\kuba\Dane aplikacji\Comodo
2008-01-23 21:51 . 2008-01-23 21:51   <DIR>   d--------   C:\Program Files\Alwil Software
2008-01-23 21:51 . 2003-03-18 21:20   1,060,864   --a------   C:\WINDOWS\system32\MFC71.dll
2008-01-23 21:51 . 2007-12-04 14:04   837,496   --a------   C:\WINDOWS\system32\aswBoot.exe
2008-01-23 21:51 . 2004-01-09 10:13   380,928   --a------   C:\WINDOWS\system32\actskin4.ocx
2008-01-23 21:51 . 2007-12-04 13:54   95,608   --a------   C:\WINDOWS\system32\AvastSS.scr
2008-01-23 21:51 . 2007-12-04 15:55   94,544   --a------   C:\WINDOWS\system32\drivers\aswmon2.sys
2008-01-23 21:51 . 2007-12-04 15:56   93,264   --a------   C:\WINDOWS\system32\drivers\aswmon.sys
2008-01-23 21:51 . 2007-12-04 15:51   42,912   --a------   C:\WINDOWS\system32\drivers\aswTdi.sys
2008-01-23 21:51 . 2007-12-04 15:49   26,624   --a------   C:\WINDOWS\system32\drivers\aavmker4.sys
2008-01-23 21:51 . 2007-12-04 15:53   23,152   --a------   C:\WINDOWS\system32\drivers\aswRdr.sys
2008-01-23 15:49 . 2008-01-23 15:49   <DIR>   d--------   C:\Program Files\Microsoft Silverlight
2008-01-23 15:47 . 2008-01-23 15:49   <DIR>   d--------   C:\Program Files\Microsoft SQL Server
2008-01-23 15:44 . 2008-01-23 15:44   <DIR>   d--------   C:\Program Files\Microsoft Synchronization Services
2008-01-23 15:44 . 2008-01-23 15:44   <DIR>   d--------   C:\Program Files\Microsoft SQL Server Compact Edition
2008-01-23 15:42 . 2008-01-23 15:48   <DIR>   d--------   C:\Program Files\Microsoft.NET
2008-01-23 15:42 . 2008-01-23 15:44   <DIR>   d--------   C:\Program Files\Microsoft Visual Studio 9.0
2008-01-23 15:42 . 2008-01-23 15:45   <DIR>   d--------   C:\Documents and Settings\All Users\Dane aplikacji\Microsoft Help
2008-01-23 15:41 . 2008-01-23 15:41   <DIR>   d--------   C:\WINDOWS\system32\XPSViewer
2008-01-23 15:41 . 2008-01-23 15:41   <DIR>   d--------   C:\Program Files\MSBuild
2008-01-23 15:41 . 2008-01-23 15:41   <DIR>   d--------   C:\Program Files\Microsoft SDKs
2008-01-23 15:40 . 2008-01-23 15:40   <DIR>   d--------   C:\Program Files\Reference Assemblies
2008-01-23 15:40 . 2006-06-29 13:07   14,048   ---------   C:\WINDOWS\system32\spmsg2.dll
2008-01-23 15:39 . 2008-01-23 15:39   <DIR>   d--------   C:\Program Files\MSXML 6.0
2008-01-22 23:22 . 2008-01-22 23:22   <DIR>   d--------   C:\Program Files\totalcmd
2008-01-22 21:31 . 2005-01-28 13:44   142,336   --a------   C:\WINDOWS\system32\setb3.tmp
2008-01-22 21:30 . 2008-01-22 21:31   <DIR>   d--------   C:\Program Files\Winamp
2008-01-22 21:30 . 2008-01-22 21:34   <DIR>   d--------   C:\Documents and Settings\kuba\Dane aplikacji\Winamp
2008-01-21 01:15 . 2008-01-25 20:54   175   --a------   C:\WINDOWS\wcx_ftp.ini
2008-01-21 01:12 . 2008-01-27 21:02   448   --a------   C:\WINDOWS\WINCMD.INI
2008-01-18 18:18 . 2008-01-18 18:18   <DIR>   d--------   C:\Program Files\7-Zip
2008-01-17 21:44 . 2008-01-17 21:44   <DIR>   d--------   C:\Documents and Settings\kuba\Dane aplikacji\AdobeUM
2008-01-17 21:35 . 2008-01-29 17:03   <DIR>   d--------   C:\Documents and Settings\kuba\Dane aplikacji\skypePM
2008-01-17 21:35 . 2008-01-17 21:35   32   --a------   C:\Documents and Settings\All Users\Dane aplikacji\ezsid.dat
2008-01-17 21:33 . 2008-01-17 21:33   <DIR>   d--------   C:\Program Files\Skype
2008-01-17 21:33 . 2008-01-17 21:33   <DIR>   d--------   C:\Program Files\Common Files\Skype
2008-01-17 21:33 . 2008-01-29 17:50   <DIR>   d--------   C:\Documents and Settings\kuba\Dane aplikacji\Skype
2008-01-17 21:33 . 2008-01-17 21:33   <DIR>   d--------   C:\Documents and Settings\All Users\Dane aplikacji\Skype
2008-01-15 23:30 . 2008-01-15 23:30   <DIR>   d--------   C:\Program Files\K-Lite Codec Pack
2008-01-15 23:27 . 2008-01-15 23:27   <DIR>   d--------   C:\Program Files\MarBit
2008-01-15 23:26 . 2004-08-03 23:44   221,184   --a------   C:\WINDOWS\system32\wmpns.dll
2008-01-15 19:40 . 2008-01-15 19:40   <DIR>   d--------   C:\Program Files\Common Files\Adobe
2008-01-15 14:38 . 2008-01-15 14:38   <DIR>   d--------   C:\Documents and Settings\kuba\Dane aplikacji\GanymedeNet
2008-01-15 14:38 . 2008-01-15 14:38   4   --a------   C:\WINDOWS\system32\proc-503976190.bin
2008-01-14 01:04 . 2008-01-14 01:04   <DIR>   d--------   C:\Program Files\Azureus
2008-01-14 01:04 . 2008-01-30 19:51   <DIR>   d--------   C:\Documents and Settings\kuba\Dane aplikacji\Azureus
2008-01-14 01:04 . 2008-01-14 01:04   <DIR>   d--------   C:\Documents and Settings\All Users\Dane aplikacji\Azureus
2008-01-14 01:03 . 2008-01-30 20:39   <DIR>   d--------   C:\Documents and Settings\kuba\Dane aplikacji\OpenOffice.org2
2008-01-14 01:02 . 2008-01-14 01:02   <DIR>   d--------   C:\Program Files\OpenOffice.org 2.3
2008-01-14 01:02 . 2008-01-14 01:02   <DIR>   d--------   C:\Program Files\Java
2008-01-14 01:02 . 2008-01-14 01:02   <DIR>   d--------   C:\Program Files\Common Files\Java
2008-01-14 01:02 . 2007-09-24 23:31   69,632   --a------   C:\WINDOWS\system32\javacpl.cpl
2008-01-14 01:01 . 2008-01-22 20:58   <DIR>   d--------   C:\Program FilesOo
2008-01-14 00:46 . 2008-01-14 00:46   <DIR>   d--------   C:\Documents and Settings\kuba\Dane aplikacji\Gadu-Gadu
2008-01-14 00:44 . 2008-01-14 00:44   <DIR>   d--------   C:\Program Files\Gadu-Gadu
2008-01-14 00:44 . 2008-01-14 00:45   <DIR>   d--------   C:\Documents and Settings\kuba\Gadu-Gadu
2008-01-14 00:32 . 2008-01-14 00:32   1,167   --a------   C:\WINDOWS\mozver.dat
2008-01-14 00:30 . 2008-01-14 00:30   <DIR>   d--------   C:\Documents and Settings\kuba\Dane aplikacji\Thunderbird
2008-01-14 00:30 . 2008-01-14 00:30   <DIR>   d--------   C:\Documents and Settings\kuba\Dane aplikacji\Talkback
2008-01-14 00:29 . 2008-01-30 20:10   <DIR>   d--------   C:\Program Files\Mozilla Thunderbird
2008-01-14 00:26 . 2008-01-14 00:26   <DIR>   d--------   C:\Program Files\MozBackup
2008-01-14 00:26 . 2008-01-14 00:26   0   --a------   C:\WINDOWS\nsreg.dat
2008-01-13 23:47 . 2008-01-13 23:47   <DIR>   d--------   C:\Documents and Settings\kuba\Dane aplikacji\InstallShield
2008-01-13 23:40 . 2008-01-13 17:22   <DIR>   d--h-----   C:\Documents and Settings\Administrator\Ustawienia lokalne
2008-01-13 23:40 . 2008-01-13 23:40   <DIR>   dr-------   C:\Documents and Settings\Administrator\Ulubione
2008-01-13 23:40 . 2008-01-13 16:28   <DIR>   d--h-----   C:\Documents and Settings\Administrator\Szablony
2008-01-13 23:40 . 2008-01-13 17:22   <DIR>   d--------   C:\Documents and Settings\Administrator\Pulpit
2008-01-13 23:40 . 2008-01-13 23:40   <DIR>   dr-------   C:\Documents and Settings\Administrator\Moje dokumenty
2008-01-13 23:40 . 2008-01-13 17:22   <DIR>   dr-------   C:\Documents and Settings\Administrator\Menu Start
2008-01-13 23:40 . 2008-01-13 23:40   <DIR>   dr-h-----   C:\Documents and Settings\Administrator\Dane aplikacji
2008-01-13 23:35 . 2008-01-14 00:05   <DIR>   d--------   C:\WINDOWS\system32\NtmsData
2008-01-13 19:17 . 2008-01-13 19:17   <DIR>   d--------   C:\WUTemp

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-13 22:48   ---------   d--h--w   C:\Program Files\InstallShield Installation Information
2008-01-13 15:51   ---------   d-----w   C:\Program Files\Realtek
2008-01-13 15:50   ---------   d-----w   C:\Program Files\DIFX
2008-01-13 15:49   ---------   d-----w   C:\Program Files\Common Files\InstallShield
2008-01-13 15:44   ---------   d--h--w   C:\Program Files\Uninstall Information
2008-01-13 15:31   ---------   d-----w   C:\Program Files\microsoft frontpage
2008-01-13 15:30   ---------   d-----w   C:\Program Files\Usługi online
2007-12-05 01:53   356,352   ----a-w   C:\WINDOWS\system32\NVUNINST.EXE
2007-12-05 00:41   81,920   ----a-w   C:\WINDOWS\system32\nvwddi.dll
2007-12-05 00:41   81,920   ----a-w   C:\WINDOWS\system32\nvmctray.dll
2007-12-05 00:41   8,523,776   ----a-w   C:\WINDOWS\system32\nvcpl.dll
2007-12-05 00:41   753,664   ----a-w   C:\WINDOWS\system32\nvcplui.exe
2007-12-05 00:41   7,435,392   ----a-w   C:\WINDOWS\system32\drivers\nv4_mini.sys
2007-12-05 00:41   6,901,760   ----a-w   C:\WINDOWS\system32\nvoglnt.dll
2007-12-05 00:41   6,549,504   ----a-w   C:\WINDOWS\system32\nvdisps.dll
2007-12-05 00:41   5,773,568   ----a-w   C:\WINDOWS\system32\nv4_disp.dll
2007-12-05 00:41   5,611,520   ----a-w   C:\WINDOWS\system32\nvdispsr.dll
2007-12-05 00:41   466,944   ----a-w   C:\WINDOWS\system32\nvshell.dll
2007-12-05 00:41   458,752   ----a-w   C:\WINDOWS\system32\nvmccssr.dll
2007-12-05 00:41   45,056   ----a-w   C:\WINDOWS\system32\nvmccsrs.dll
2007-12-05 00:41   442,368   ----a-w   C:\WINDOWS\system32\nvappbar.exe
2007-12-05 00:41   425,984   ----a-w   C:\WINDOWS\system32\keystone.exe
2007-12-05 00:41   385,024   ----a-w   C:\WINDOWS\system32\nvapi.dll
2007-12-05 00:41   356,352   ----a-w   C:\WINDOWS\system32\nvudisp.exe
2007-12-05 00:41   35,328   ----a-w   C:\WINDOWS\system32\nvcodins.dll
2007-12-05 00:41   35,328   ----a-w   C:\WINDOWS\system32\nvcod.dll
2007-12-05 00:41   335,872   ----a-w   C:\WINDOWS\system32\nvwrses.dll
2007-12-05 00:41   335,872   ----a-w   C:\WINDOWS\system32\nvwrsel.dll
2007-12-05 00:41   327,680   ----a-w   C:\WINDOWS\system32\nvwrsfr.dll
2007-12-05 00:41   327,680   ----a-w   C:\WINDOWS\system32\nvwrsesm.dll
2007-12-05 00:41   327,680   ----a-w   C:\WINDOWS\system32\nvrshe.dll
2007-12-05 00:41   327,680   ----a-w   C:\WINDOWS\system32\nvrsar.dll
2007-12-05 00:41   323,584   ----a-w   C:\WINDOWS\system32\nvwrspt.dll
2007-12-05 00:41   323,584   ----a-w   C:\WINDOWS\system32\nvwrsit.dll
2007-12-05 00:41   319,488   ----a-w   C:\WINDOWS\system32\nvwrsptb.dll
2007-12-05 00:41   319,488   ----a-w   C:\WINDOWS\system32\nvwrsnl.dll
2007-12-05 00:41   315,392   ----a-w   C:\WINDOWS\system32\nvwrsru.dll
2007-12-05 00:41   315,392   ----a-w   C:\WINDOWS\system32\nvwrshu.dll
2007-12-05 00:41   311,296   ----a-w   C:\WINDOWS\system32\nvwrsde.dll
2007-12-05 00:41   307,200   ----a-w   C:\WINDOWS\system32\nvexpbar.dll
2007-12-05 00:41   303,104   ----a-w   C:\WINDOWS\system32\nvwrstr.dll
2007-12-05 00:41   303,104   ----a-w   C:\WINDOWS\system32\nvwrssl.dll
2007-12-05 00:41   303,104   ----a-w   C:\WINDOWS\system32\nvwrsfi.dll
2007-12-05 00:41   3,715,072   ----a-w   C:\WINDOWS\system32\nvvitvsr.dll
2007-12-05 00:41   3,710,976   ----a-w   C:\WINDOWS\system32\nvvitvs.dll
2007-12-05 00:41   3,420,160   ----a-w   C:\WINDOWS\system32\nvgames.dll
2007-12-05 00:41   3,334,144   ----a-w   C:\WINDOWS\system32\nvgamesr.dll
2007-12-05 00:41   299,008   ----a-w   C:\WINDOWS\system32\nvwrssk.dll
2007-12-05 00:41   299,008   ----a-w   C:\WINDOWS\system32\nvwrsno.dll
2007-12-05 00:41   294,912   ----a-w   C:\WINDOWS\system32\nvwrssv.dll
2007-12-05 00:41   294,912   ----a-w   C:\WINDOWS\system32\nvwrspl.dll
2007-12-05 00:41   294,912   ----a-w   C:\WINDOWS\system32\nvwrsda.dll
2007-12-05 00:41   290,816   ----a-w   C:\WINDOWS\system32\nvwrsth.dll
2007-12-05 00:41   286,720   ----a-w   C:\WINDOWS\system32\nvwrseng.dll
2007-12-05 00:41   286,720   ----a-w   C:\WINDOWS\system32\nvwrscs.dll
2007-12-05 00:41   286,720   ----a-w   C:\WINDOWS\system32\nvnt4cpl.dll
2007-12-05 00:41   282,624   ----a-w   C:\WINDOWS\system32\nvwrsar.dll
2007-12-05 00:41   282,624   ----a-w   C:\WINDOWS\system32\nvrsfr.dll
2007-12-05 00:41   282,624   ----a-w   C:\WINDOWS\system32\nvrses.dll
2007-12-05 00:41   282,624   ----a-w   C:\WINDOWS\system32\nvrsel.dll
2007-12-05 00:41   278,528   ----a-w   C:\WINDOWS\system32\nvwrshe.dll
2007-12-05 00:41   278,528   ----a-w   C:\WINDOWS\system32\nvrsit.dll
2007-12-05 00:41   278,528   ----a-w   C:\WINDOWS\system32\nvrsde.dll
2007-12-05 00:41   274,432   ----a-w   C:\WINDOWS\system32\nvrspt.dll
2007-12-05 00:41   274,432   ----a-w   C:\WINDOWS\system32\nvrsnl.dll
2007-12-05 00:41   274,432   ----a-w   C:\WINDOWS\system32\nvrsesm.dll
2007-12-05 00:41   270,336   ----a-w   C:\WINDOWS\system32\nvrsru.dll
2007-12-05 00:41   266,240   ----a-w   C:\WINDOWS\system32\nvrsptb.dll
2007-12-05 00:41   266,240   ----a-w   C:\WINDOWS\system32\nvrsja.dll
2007-12-05 00:41   258,048   ----a-w   C:\WINDOWS\system32\nvrstr.dll
2007-12-05 00:41   258,048   ----a-w   C:\WINDOWS\system32\nvrssl.dll
2007-12-05 00:41   258,048   ----a-w   C:\WINDOWS\system32\nvrssk.dll
2007-12-05 00:41   258,048   ----a-w   C:\WINDOWS\system32\nvrsko.dll
2007-12-05 00:41   258,048   ----a-w   C:\WINDOWS\system32\nvrshu.dll
2007-12-05 00:41   253,952   ----a-w   C:\WINDOWS\system32\nvrsth.dll
2007-12-05 00:41   253,952   ----a-w   C:\WINDOWS\system32\nvrssv.dll
2007-12-05 00:41   253,952   ----a-w   C:\WINDOWS\system32\nvrspl.dll
2007-12-05 00:41   253,952   ----a-w   C:\WINDOWS\system32\nvrsno.dll
2007-12-05 00:41   253,952   ----a-w   C:\WINDOWS\system32\nvrsda.dll
2007-12-05 00:41   249,856   ----a-w   C:\WINDOWS\system32\nvrsfi.dll
2007-12-05 00:41   249,856   ----a-w   C:\WINDOWS\system32\nvrscs.dll
2007-12-05 00:41   245,760   ----a-w   C:\WINDOWS\system32\nvrseng.dll
2007-12-05 00:41   229,376   ----a-w   C:\WINDOWS\system32\nvmccs.dll
2007-12-05 00:41   225,280   ----a-w   C:\WINDOWS\system32\nvrszhc.dll
2007-12-05 00:41   212,992   ----a-w   C:\WINDOWS\system32\nvwrsja.dll
2007-12-05 00:41   2,854,912   ----a-w   C:\WINDOWS\system32\nvmoblsr.dll
2007-12-05 00:41   2,519,040   ----a-w   C:\WINDOWS\system32\nvwssr.dll
2007-12-05 00:41   2,498,560   ----a-w   C:\WINDOWS\system32\nvwss.dll
2007-12-05 00:41   196,608   ----a-w   C:\WINDOWS\system32\nvwrsko.dll
2007-12-05 00:41   188,416   ----a-w   C:\WINDOWS\system32\nvmccss.dll
2007-12-05 00:41   167,936   ----a-w   C:\WINDOWS\system32\nvwrszht.dll
2007-12-05 00:41   163,840   ----a-w   C:\WINDOWS\system32\nvwrszhc.dll
2007-12-05 00:41   155,716   ----a-w   C:\WINDOWS\system32\nvsvc32.exe
2007-12-05 00:41   147,456   ----a-w   C:\WINDOWS\system32\nvcolor.exe
2007-12-05 00:41   126,976   ----a-w   C:\WINDOWS\system32\nvrszht.dll
2007-12-05 00:41   1,703,936   ----a-w   C:\WINDOWS\system32\nvwdmcpl.dll
2007-12-05 00:41   1,626,112   ----a-w   C:\WINDOWS\system32\nwiz.exe
2007-12-05 00:41   1,474,560   ----a-w   C:\WINDOWS\system32\nview.dll
2007-12-05 00:41   1,339,392   ----a-w   C:\WINDOWS\system32\nvdspsch.exe
2007-12-05 00:41   1,228,800   ----a-w   C:\WINDOWS\system32\nvmobls.dll
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-10-30 05:49 16269312 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 04:04 2879488 C:\WINDOWS\SkyTel.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]
"nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-01-15 23:54 37376]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"COMODO Firewall Pro"="C:\Program Files\COMODO\Firewall\cfp.exe" [2008-01-29 22:38 1481472]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 23:44 15360]

C:\Documents and Settings\kuba\Menu Start\Programy\Autostart\
OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 21:57:56 393216]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=  C:\WINDOWS\system32\guard32.dll

R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;C:\WINDOWS\system32\DRIVERS\cmdguard.sys [2008-01-29 22:38]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;C:\WINDOWS\system32\DRIVERS\cmdhlp.sys [2008-01-29 22:38]
R2 SQLWriter;SQL Server VSS Writer;"C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2007-02-10 05:29]

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-30 20:41:57
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\guard32.dll

PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.2180]
-> C:\WINDOWS\system32\guard32.dll
.
Completion time: 2008-01-30 20:42:23


I nie pomogło. Niby po restarcie podczas SDFix działało normalnie, to po kolejnym działo się to samo...

Jedyne co się zmieniło to to, że mi w końcu Comodo działą normalnie, choć initializuje się długo.

[wojtas]

sciagnij killbox’a

Odpalasz Killboxa zaznacz opcję Delete on Reboot następnie w polu Full Path of File to Delete wklej ścieżkę

C:\WINDOWS\system32\setb3.tmp

i nacisnij x
Program będzie pytał o restart (oczywiście zgadzasz się)

[koperkuba]

I co on zrobi?

[wojtas]

skasuje plik

[koperkuba]

Nie wiem co to za plik miał skasować ale nie pomogło - nadal ciężko to włączyć....
Windows XP nawet nie pozwala wejść na dyski - dopiero po chwili jak już pokaże że brak odpowiedzi na ofolderze CTR+ALT+DEL odwiesza wszystko i działa. Tak to się nie uruchamiają ani Avast ani Comodo..

[wojtas]

wejdz do konsoli odzyskiwania

W linii komend wpisz polecenie:

expand X:\i386\svchost.ex_ Y:\Windows\system32\

X- litera napędu z płytką
Y- nazwa partycji gdzie masz zainstalowany system

[koperkuba]

svchost.ex_ ?

[wojtas]

tak dokladnie tak

[koperkuba]

Zrobiłem. Nadal bez zmian.

Teraz odinstalowałem i Avast i Comodo - i system działa normalnie. Ciekawe c o było przyczyną - zainstaluje jeszcze raz i zobacze jak się będzie zachowywał.