Od kilku dni komp dziwnie się zachowuje… Przy starcie systemu, co ostatnio dziwnie długo trwa, dźwięk jest stłumiony i “poszarpany”… Proszę o pomoc… Log z Hijaka:
Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:38:29, on 2008-05-30 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\brsvc01a.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\brss01a.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Eset\nod32kui.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\FTRTSVC.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Spyware Doctor\sdhelp.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\System32\alg.exe C:\Program Files\neostrada tp\neostradatp.exe C:\Program Files\neostrada tp\ComComp.exe C:\PROGRA~1\NEOSTR~1\Toaster.exe C:\PROGRA~1\NEOSTR~1\Inactivity.exe C:\PROGRA~1\NEOSTR~1\PollingModule.exe C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE C:\Program Files\neostrada tp\Watch.exe E:\Internet\Gadu-Gadu\gg.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0 CE\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (file missing) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing) O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM…\Run: [nod32kui] “C:\Program Files\Eset\nod32kui.exe” /WAITSERVICE O4 - HKCU…\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU…\Run: [skype] “C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized O17 - HKLM\System\CCS\Services\Tcpip…{2EBD2848-F8BC-48A0-85DA-90910EC2FE02}: NameServer = 194.204.159.1 217.98.63.164 O17 - HKLM\System\CS1\Services\Tcpip…{2EBD2848-F8BC-48A0-85DA-90910EC2FE02}: NameServer = 194.204.159.1 217.98.63.164 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing) O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
Hmm… Próbowałam to usunąć, ale się nie da… Niby usuwa, a po restarcie znowu to jest… Postaram się zrobić tego Combofix’a…
W dniu 31.05.2008 , o godzinie 15:29 został dopisany post przez Karolina7111
Log z Combofix:
ComboFix 08-05-29.1 - Beata 2008-05-31 15:21:04.3 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1045.18.1623 [GMT 2:00] Running from: C:\Documents and Settings\Beata\Pulpit\ComboFix.exe * Created a new restore point * Resident AV is active WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED . ((((((((((((((((((((((((( Files Created from 2008-04-28 to 2008-05-31 ))))))))))))))))))))))))))))))) . 2008-05-22 17:47 . 2008-05-22 17:48 Ikony 2008-05-11 19:32 . 2008-05-11 19:31 512,096 --a------ C:\WINDOWS\system32\drivers\amon.sys 2008-05-11 19:32 . 2008-05-11 19:31 298,104 --a------ C:\WINDOWS\system32\imon.dll 2008-05-11 19:32 . 2008-05-11 19:31 15,424 --a------ C:\WINDOWS\system32\drivers\nod32drv.sys 2008-04-25 00:05 . 2008-04-25 00:05 189 --a------ C:\WINDOWS\wininit.ini 2008-04-09 17:37 . 2008-05-28 09:30 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-05-31 13:21 --------- d-----w C:\Program Files\ESET 2008-05-31 13:18 --------- d-----w C:\Program Files\neostrada tp 2008-05-31 13:10 --------- d-----w C:\Documents and Settings\Beata\Dane aplikacji\Skype 2008-05-23 09:07 --------- d-----w C:\Documents and Settings\Beata\Dane aplikacji\OpenOffice.ux.pl2 2008-03-25 04:52 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll 2008-03-25 04:52 178,976 ----a-w C:\WINDOWS\system32\msjint40.dll 2008-03-20 08:09 1,845,504 ----a-w C:\WINDOWS\system32\win32k.sys 2008-03-01 13:02 826,368 ----a-w C:\WINDOWS\system32\wininet.dll 2008-02-26 12:01 294,912 ----a-w C:\WINDOWS\system32\msctf.dll 2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll 2008-02-20 05:38 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “ctfmon.exe”=“C:\WINDOWS\system32\ctfmon.exe” [2006-03-02 14:00 15360] “Skype”=“C:\Program Files\Skype\Phone\Skype.exe” [2007-09-13 13:31 22880040] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “NvCplDaemon”=“C:\WINDOWS\system32\NvCpl.dll” [2007-03-01 07:36 7700480] “nod32kui”=“C:\Program Files\Eset\nod32kui.exe” [2008-05-11 19:31 949376] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] “vidc.yv12”= yv12vfw.dll [HKLM~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^BlueSoleil.lnk] path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\BlueSoleil.lnk backup=C:\WINDOWS\pss\BlueSoleil.lnkCommon Startup [HKLM~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Status Monitor.lnk] path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Status Monitor.lnk backup=C:\WINDOWS\pss\Status Monitor.lnkCommon Startup [HKLM~\startupfolder\C:^Documents and Settings^Beata^Menu Start^Programy^Autostart^OpenOffice.ux.pl 2.2.0.lnk] path=C:\Documents and Settings\Beata\Menu Start\Programy\Autostart\OpenOffice.ux.pl 2.2.0.lnk backup=C:\WINDOWS\pss\OpenOffice.ux.pl 2.2.0.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\36X Raid Configurer] -r------- 2006-11-17 03:05 1953792 C:\WINDOWS\system32\JMRaidSetup.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdslTaskBar] -ra------ 2006-06-02 13:01 151552 C:\WINDOWS\system32\stmctrl.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent] --a------ 2006-03-02 14:00 110592 C:\WINDOWS\system32\bthprops.cpl [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter2.0] --------- 2005-05-17 17:42 933888 C:\Program Files\Brother\ControlCenter2\brctrcen.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eyeBeam SIP Client] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gainward] --a------ 2007-02-01 18:47 2154496 C:\Program Files\VDOTool\TBPanel.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch] --a------ 2005-03-17 14:45 40960 C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JMB36X IDE Setup] -r------- 2006-10-31 06:44 36864 C:\WINDOWS\JM\JMInsIDE.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Orb] --a------ 2007-12-18 03:02 471040 C:\Program Files\Winamp Remote\bin\OrbTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD] --a------ 2005-03-17 14:25 57393 C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL] -r------- 2006-11-14 11:21 16270848 C:\WINDOWS\RTHDCPL.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetDefPrt] --------- 2005-01-26 18:02 49152 C:\Program Files\Brother\Brmfl05a\BrStDvPt.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] -ra------ 2007-09-13 13:31 22880040 C:\Program Files\Skype\Phone\Skype.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel] -r------- 2006-05-16 12:04 2879488 C:\WINDOWS\SkyTel.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate] -ra------ 2003-10-14 10:22 155648 C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2007-03-14 03:43 83608 C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] --a------ 2007-12-20 17:16 37376 C:\Program Files\Winamp\winampa.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOTASKBARICON] --------- 2004-10-14 15:55 32768 C:\PROGRA~1\NEOSTR~1\GestMaj.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOWATCH] --------- 2004-08-23 13:49 20480 C:\PROGRA~1\NEOSTR~1\Watch.exe [HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] “%windir%\system32\sessmgr.exe”= “%windir%\Network Diagnostic\xpnetdiag.exe”= “E:\BlueSoleil.exe”= “E:\Internet\Gadu-Gadu\gg.exe”= “C:\Program Files\eMule\emule.exe”= “C:\Program Files\Winamp Remote\bin\Orb.exe”= “C:\Program Files\Winamp Remote\bin\OrbTray.exe”= “C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe”= “C:\Program Files\Skype\Phone\Skype.exe”= R0 axwhisky;axwhisky;C:\WINDOWS\system32\DRIVERS\axwhisky.sys [2003-07-02 18:41] R0 axwskbus;axwskbus;C:\WINDOWS\system32\DRIVERS\axwskbus.sys [2003-07-02 17:49] R3 BrScnUsb;Brother USB Still Image driver;C:\WINDOWS\system32\Drivers\BrScnUsb.sys [2004-10-15 12:50] R3 Stmatm;ATM/ADSL miniport;C:\WINDOWS\system32\DRIVERS\stmatm.sys [2003-08-12 16:51] R3 TaurusUsb;ADSL Modem USB Service;C:\WINDOWS\system32\DRIVERS\torususb.sys [2006-05-25 17:28] S3 gdrv;gdrv;C:\WINDOWS\gdrv.sys [2007-06-15 17:24] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{8f680a74-8abb-11dc-ae17-ae2d00230040}] \Shell\AutoRun\command - J:\Autorun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{8f680a75-8abb-11dc-ae17-ae2d00230040}] \Shell\AutoRun\command - K:\Autorun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{cd5afd4f-20d5-11dc-abf1-ae2d00230040}] \Shell\AutoRun\command - J:\Autorun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{d96c4110-2d7b-11dc-ac0d-ae2d00230040}] \Shell\AutoRun\command - K:\RunGame.exe . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-05-31 15:22:47 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mchInjDrv] “ImagePath”="??\C:\WINDOWS\TEMP\mc21.tmp" . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\system32\lsass.exe - C:\Program Files\Eset\pr_imon.dll . Completion time: 2008-05-31 15:23:16 ComboFix-quarantined-files.txt 2008-05-31 13:23:14 ComboFix2.txt 2008-04-29 20:30:23 Pre-Run: 64,238,768,128 bajtów wolnych Post-Run: 64,227,479,552 bajtów wolnych 136 — E O F — 2008-05-28 07:34:07
huber2t
(huber2t)
31 Maj 2008 14:27
#4
Do wyleczenia pendrive z wirusów użyj
Perlovg Removal Tool
Flash Disinfector
lub format
otwórz notatnik i wklej
Z menu Notatnika -> Plik -> Zapisz jako -> Zmień rozszerzenie z .txt na wszystkie pliki -> zapisz pod nazwą Fix.reg
Uruchom ten plik, uruchom ponownie komputer
Oprucz tego nic nie widzę