Bardzo powolna praca komputera

Czaczaa · 11 Grudzień 2007 18:13

Od kilku dni zmagam sie z problemem mojego komputera. Komp chodzi bardzo wolno. Włącza sie dość długo a poźniej jeszcze wolniej włączają sie programy z autostartu, co bym nie zrobił to muszę czekać na komputer około 3-4 min aby on to wykonał. (dopiero za około 20 razem gdy włączyłem/zresetowałem, komputer uruchomił sie normalnie i pozniej jakoś chodzil, z tego wzgęldu troche boje sie go wyłączać bo później znów nie bede mogl włączyć) Gdy wejdę w Menadżer zadań pokazuje mi że użycie procesora wynosi 100 %. Wczoraj próbowałem sam naprawić to, przeskanowałem dyski większość zainfekowanych plików usunełem, ale nic to nie dało. Prosze o pomoc i sprawdzenia moich logów:

Logfile of HijackThis v1.99.1

Scan saved at 18:57:02, on 2007-12-11

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)


Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe

C:\WINDOWS\system32\Rundll32.exe

C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe

C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe

C:\Program Files\Common Files\Onet.pl\AutoUpdate.exe

C:\WINDOWS\TEMP\95F9B993.exe

C:\WINDOWS\system32\ctfmon.exe

C:\PROGRA~1\NEOSTR~1\TaskBarIcon.exe

C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\FTRTSVC.exe

C:\WINDOWS\runservice.exe

C:\WINDOWS\system32\nvsvc32.exe

D:\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe

C:\PROGRA~1\NEOSTR~1\neostradatp.exe

C:\PROGRA~1\NEOSTR~1\ComComp.exe

C:\PROGRA~1\NEOSTR~1\Toaster.exe

C:\PROGRA~1\NEOSTR~1\Inactivity.exe

C:\PROGRA~1\NEOSTR~1\PollingModule.exe

C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE

C:\PROGRA~1\NEOSTR~1\Watch.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\WINDOWS\system32\svchost.exe

D:\Program Files\Gadu-Gadu\gg.exe

D:\Program Files\Winamp\winamp.exe

C:\Program Files\Mozilla Firefox\firefox.exe

D:\Program Files\Onet\Listonosz\Listonosz.exe

D:\Program Files\WinRAR\WinRAR.exe

C:\DOCUME~1\xp\USTAWI~1\Temp\Rar$EX00.610\HijackThis.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.pl

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = neostrada tp

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL

R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\2.bin\A5SRCHAS.DLL

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\actcontroller.exe,

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {7D43A392-36EC-43C1-AAD3-61DC9BFC7CDA} - C:\WINDOWS\system32\crypt3.dll

O2 - BHO: Alcohol Toolbar Helper - {8126A4A5-BFD3-46FE-BBDF-BFB5CF78E489} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll

O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\2.bin\A5SRCHAS.DLL

O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\2.bin\ASKTBAR.DLL (file missing)

O3 - Toolbar: Alcohol Toolbar - {ED4BD629-C1B6-4399-8A34-02CCAA921DC9} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll

O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\2.bin\ASKTBAR.DLL (file missing)

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r

O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper

O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon

O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\GestMaj.exe TaskBarIcon.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [I downloaded pirated Software from P2P] Football Manager 2007

O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup

O4 - HKLM\..\Run: [Onet.pl AutoUpdate] C:\Program Files\Common Files\Onet.pl\AutoUpdate.exe /tsr

O4 - HKLM\..\Run: [fwewwqwe3] C:\WINDOWS\TEMP\95F9B993.exe

O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

O4 - HKCU\..\Run: [tlz] C:\WINDOWS\47681727.exe

O4 - HKCU\..\Run: [himem] "c:\windows\himem.exe" 3fff 8ffff

O4 - HKCU\..\Run: [] "D:\Program Files\Gadu-Gadu\gg.exe" /tray

O4 - HKCU\..\Run: [Gadu-Gadu] "D:\Program Files\Gadu-Gadu\gg.exe" /tray

O4 - Startup: hamachi.lnk = D:\Program Files\Hamachi\hamachi.exe

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{F85EBCD0-51A2-46B9-8250-13B7F8C573D4}: NameServer = 194.204.159.1 217.98.63.164

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe

O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - D:\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

Gutek · 11 Grudzień 2007 20:33

Pobierz program SDFix

Czaczaa · 12 Grudzień 2007 16:41

Po tym co mi kazałeś zrobić miałem problemy z Generic Host Process for win32 services, po włączeniu komputera internet chodził około 5 minut a poźniej przestawał działać, ale znalazłem na tym forum jak usunąć ten problem i jakoś sobie poradziłem. Po uruchomieniu komputera system chodzi normalnie, lecz pojawiają sie błędy:

Launchapplication.exe nie powiodło sie uruchomienie tej aplikacji ponieważ nie odnaleziono ConnAPI.DLL

PcSunc2.exe nie powiodło sie uruchomienie tej aplikacji ponieważ nie odnaleziono ConnAPI.DLL

log z ComboFix: http://www.wklej.org/id/44961dcb90

SDFix: Version 1.118 Run by Administrator on 2007-12-12 at 15:56 Microsoft Windows XP [Wersja 5.1.2600] Running From: C:\SDFix\SDFix Safe Mode: Checking Services: Name: runtime xpdt Path: ??\C:\WINDOWS\System32\drivers\runtime.sys ??\C:\WINDOWS\system32:xpdt.sys runtime - Deleted xpdt - Deleted Restoring Windows Registry Values Restoring Windows Default Hosts File Rebooting… Service ctl_w32 - Deleted after Reboot Service symavc32 - Deleted after Reboot Normal Mode: Checking Files: Trojan Files Found: C:\482884~1 - Deleted C:\WINDOWS\bdir\ffmiu!Tankz Battle in the City v1.1 for PalmOS.zip - Deleted C:\WINDOWS\bdir\ffmiu$Test v1.2.005.zip - Deleted C:\WINDOWS\bdir\ffmiu\1+2.zip - Deleted C:\WINDOWS\bdir\ffmiu\1-2-3 Word Search Maker v1.0.0.2.zip - Deleted C:\WINDOWS\bdir\ffmiu\1-2-3 Word Search Maker.zip - Deleted C:\WINDOWS\bdir\ffmiu\1-4-All HTML Editor 2.10.zip - Deleted C:\WINDOWS\bdir\ffmiu\12!The Series… Pyramid 1.0.zip - Deleted C:\WINDOWS\bdir\ffmiu\123 Audio CD Ripper v1.80.zip - Deleted C:\WINDOWS\bdir\ffmiu\123 Audio CD Ripper v2.10.zip - Deleted C:\WINDOWS\bdir\ffmiu\123 AVI to GIF v1.0.zip - Deleted C:\WINDOWS\bdir\ffmiu\123 CD Extractor v1.50.zip - Deleted C:\WINDOWS\bdir\ffmiu\123 CD Ripper v1.50.zip - Deleted C:\WINDOWS\bdir\ffmiu\123 CD to MP3 Ripper v1.60.zip - Deleted C:\WINDOWS\bdir\ffmiu\123 File Splitter v4.0 by LasH.zip - Deleted C:\WINDOWS\bdir\ffmiu\123 File Splitter v4.0 by RP2K.zip - Deleted C:\WINDOWS\bdir\ffmiu\123 Flash Chat v3.0.zip - Deleted C:\WINDOWS\bdir\ffmiu\123 Flash Me 2.0 build 132.zip - Deleted C:\WINDOWS\bdir\ffmiu\123 Flash Me 2.0 build 141 Keyfile.zip - Deleted C:\WINDOWS\bdir\ffmiu\123 Flash Me 2.0 build 141 Keygen.zip - Deleted C:\WINDOWS\bdir\ffmiu\123 Flash Menu v1.02.zip - Deleted C:\WINDOWS\bdir\ffmiu\123 GIF-JPG Optimizer.zip - Deleted C:\WINDOWS\bdir\ffmiu\123 Graphic Converter v1.5.zip - Deleted C:\WINDOWS\bdir\ffmiu\123 Graphic Converter v2.1.8.48.zip - Deleted C:\WINDOWS\bdir\ffmiu\123 Graphic Converter XP v3.0.0.1.zip - Deleted C:\WINDOWS\bdir\ffmiu\123 Hidden Sender v2.41.zip - Deleted C:\WINDOWS\bdir\ffmiu\123 Icon Hunter v1.0.zip - Deleted C:\WINDOWS\bdir\ffmiu\123 MP3 WAV Converter and Player v3.1.zip - Deleted C:\WINDOWS\bdir\ffmiu\123 MP3 WAV Converter v3.1 by Scorpion.zip - Deleted C:\WINDOWS\bdir\ffmiu\123 MP3 WAV Converter v3.1 by TSRH.zip - Deleted C:\WINDOWS\bdir\ffmiu\123 Outlook Express Backup Enterprise Edition v1.10.052604.zip - Deleted C:\WINDOWS\bdir\ffmiu\123 Outlook Express Backup v1.02 by Quartex.zip - Deleted C:\WINDOWS\bdir\ffmiu\123 Outlook Express Backup v1.02 by SND.zip - Deleted C:\WINDOWS\bdir\ffmiu\123 Passwords 98 v1.0.zip - Deleted C:\WINDOWS\bdir\ffmiu\123 PosiTrax v1.02.zip - Deleted C:\WINDOWS\bdir\ffmiu\123 Screensaver Maker v2.2 Crack by SND.zip - Deleted C:\WINDOWS\bdir\ffmiu\123 Screensaver Maker v2.2 Keygen by SND.zip - Deleted C:\WINDOWS\bdir\ffmiu\123 Screensaver Maker v2.2.zip - Deleted C:\WINDOWS\bdir\ffmiu\123 ScreenSaver Maker v3.0 by RP2K.zip - Deleted C:\WINDOWS\bdir\ffmiu\123 ScreenSaver Maker v3.0 by Scorpion.zip - Deleted C:\WINDOWS\bdir\ffmiu\123 ScreenSaver Maker v3.0 by TSRH.zip - Deleted C:\WINDOWS\bdir\ffmiu\123 Sound Recorder v1.60 by FFF.zip - Deleted C:\WINDOWS\bdir\ffmiu\123 Sound Recorder v1.60 by SND.zip - Deleted C:\WINDOWS\bdir\ffmiu\123 Sound Recorder v1.60.zip - Deleted C:\WINDOWS\bdir\ffmiu\123 Super Pair.zip - Deleted C:\WINDOWS\bdir\ffmiu\123 Terminal Server v1.0 Final.zip - Deleted C:\WINDOWS\bdir\ffmiu\123 Terminal Server v1.1.zip - Deleted C:\WINDOWS\bdir\ffmiu\123 Terminal Server v1.2 build 1628.zip - Deleted C:\WINDOWS\bdir\ffmiu\123 WebStory 1.04 Crack.zip - Deleted C:\WINDOWS\bdir\ffmiu\123 WebStory 1.04 Keygen.zip - Deleted C:\WINDOWS\bdir\ffmiu\123 WebStory 1.13.zip - Deleted C:\WINDOWS\bdir\ffmiu\123 XPCSpy v2.10.zip - Deleted C:\WINDOWS\bdir\ffmiu\123 ZIP! 3.0.zip - Deleted C:\WINDOWS\bdir\ffmiu\123 ZIP! v3.0.zip - Deleted C:\WINDOWS\bdir\ffmiu\123-Project Management v1.1a.zip - Deleted C:\WINDOWS\bdir\ffmiu\12345-Wizard v1.25.zip - Deleted C:\WINDOWS\bdir\ffmiu\123Backup v1.70.zip - Deleted C:\WINDOWS\bdir\ffmiu\123ColorPicker v1.01.zip - Deleted C:\WINDOWS\bdir\ffmiu\123ColorPicker v1.2 by EViDENCE.zip - Deleted C:\WINDOWS\bdir\ffmiu\123ColorPicker v1.2 by TNO.zip - Deleted C:\WINDOWS\bdir\ffmiu\123Graphic Converter v1.5.zip - Deleted C:\WINDOWS\bdir\ffmiu\123Pet v4.2.5.zip - Deleted C:\WINDOWS\bdir\ffmiu\123Pet v4.2.7.zip - Deleted C:\WINDOWS\bdir\ffmiu\123Pet v4.2.8.zip - Deleted C:\WINDOWS\bdir\ffmiu\123Pet v4.3.3.zip - Deleted C:\WINDOWS\bdir\ffmiu\123Tag v1.11 by FFF.zip - Deleted C:\WINDOWS\bdir\ffmiu\128Gamma Encryption v3.0.zip - Deleted C:\WINDOWS\bdir\ffmiu\128Gamma Encryption v3.0c.zip - Deleted C:\WINDOWS\bdir\ffmiu\12Ghosts 21.02.1c.zip - Deleted C:\WINDOWS\bdir\ffmiu\12Ghosts 21.0x.zip - Deleted C:\WINDOWS\bdir\ffmiu\12Ghosts 21.5c.zip - Deleted C:\WINDOWS\bdir\ffmiu\12Ghosts 2ndBackup 21.02e.zip - Deleted C:\WINDOWS\bdir\ffmiu\12Ghosts All Programs XP-15.zip - Deleted C:\WINDOWS\bdir\ffmiu\12Ghosts Backup.zip - Deleted C:\WINDOWS\bdir\ffmiu\12Ghosts DeskTOP 21.02e.zip - Deleted C:\WINDOWS\bdir\ffmiu\12Ghosts Desktop Utilities v2032.zip - Deleted C:\WINDOWS\bdir\ffmiu\12Ghosts DeskTOP.zip - Deleted C:\WINDOWS\bdir\ffmiu\12Ghosts HiSpirits XP.01.zip - Deleted C:\WINDOWS\bdir\ffmiu\12Ghosts HiSpirits XP.02.zip - Deleted C:\WINDOWS\bdir\ffmiu\12Ghosts HiSpirits XP.03 by LasH.zip - Deleted C:\WINDOWS\bdir\ffmiu\12Ghosts HiSpirits XP.03 by TC.zip - Deleted C:\WINDOWS\bdir\ffmiu\12Ghosts HiSpirits XP.04 by LasH.zip - Deleted C:\WINDOWS\bdir\ffmiu\12Ghosts HiSpirits XP.04 by TC.zip - Deleted C:\WINDOWS\bdir\ffmiu\12Ghosts HiSpirits XP.06 by PuZo.zip - Deleted C:\WINDOWS\bdir\ffmiu\12Ghosts HiSpirits XP.08 by Eclipse.zip - Deleted C:\WINDOWS\bdir\ffmiu\12Ghosts HiSpirits XP.08 by PuZo.zip - Deleted C:\WINDOWS\bdir\ffmiu\12Ghosts HiSpirits XP.10 by PuZo.zip - Deleted C:\WINDOWS\bdir\ffmiu\12Ghosts HiSpirits XP.11.zip - Deleted C:\WINDOWS\bdir\ffmiu\12Ghosts HiSpirits XP.20.zip - Deleted C:\WINDOWS\bdir\ffmiu\12Ghosts JumpReg 21.02e.zip - Deleted C:\WINDOWS\bdir\ffmiu\12Ghosts Notepad 21.02e.zip - Deleted C:\WINDOWS\bdir\ffmiu\12Ghosts Office Pro v2032.zip - Deleted C:\WINDOWS\bdir\ffmiu\12Ghosts Pro + all 12 single Programs v21.5.1.2.zip - Deleted C:\WINDOWS\bdir\ffmiu\12Ghosts Pro + all 12 single Programs v21.5.20.zip - Deleted C:\WINDOWS\bdir\ffmiu\12Ghosts Pro v21.02e.zip - Deleted C:\WINDOWS\bdir\ffmiu\12Ghosts Pro v21.03c.zip - Deleted C:\WINDOWS\bdir\ffmiu\12Ghosts Pro v21.52.zip - Deleted C:\WINDOWS\bdir\ffmiu\12Ghosts Pro v21.53.zip - Deleted C:\WINDOWS\bdir\ffmiu\12Ghosts Pro v21.54.zip - Deleted C:\WINDOWS\bdir\ffmiu\12Ghosts Pro v21.60.zip - Deleted C:\WINDOWS\bdir\ffmiu\12Ghosts ProfileCopy 21.02e.zip - Deleted C:\WINDOWS\bdir\ffmiu\12Ghosts ProfileCopy.zip - Deleted C:\WINDOWS\bdir\ffmiu\12Ghosts Quickstart 21.02e.zip - Deleted C:\WINDOWS\bdir\ffmiu\12Ghosts ReplaceInFiles 21.02e.zip - Deleted C:\WINDOWS\bdir\ffmiu\12Ghosts SaveLayout 21.02e.zip - Deleted C:\WINDOWS\bdir\ffmiu\12Ghosts ScreenSavMan 21.02e.zip - Deleted C:\WINDOWS\bdir\ffmiu\12Ghosts Security System 2032.zip - Deleted C:\WINDOWS\bdir\ffmiu\12Ghosts SetTextColor 21.02e.zip - Deleted C:\WINDOWS\bdir\ffmiu\12Ghosts ShellX 21.02e.zip - Deleted C:\WINDOWS\bdir\ffmiu\12Ghosts ShowTime 21.02e.zip - Deleted C:\WINDOWS\bdir\ffmiu\12Ghosts Shredder 21.02e.zip - Deleted C:\WINDOWS\bdir\ffmiu\12Ghosts ShutDown 21.02e.zip - Deleted C:\WINDOWS\bdir\ffmiu\12Ghosts SuperGee v7.0.4.3821.zip - Deleted C:\WINDOWS\bdir\ffmiu\12Ghosts SuperGee v7.0.5.3878 Multilanguage.zip - Deleted C:\WINDOWS\bdir\ffmiu\12Ghosts SuperGee v7.0.6.3928.zip - Deleted C:\WINDOWS\bdir\ffmiu\12Ghosts.zip - Deleted C:\WINDOWS\bdir\ffmiu\13 Photos de Sandra Bullock Denudee ScreenSaver.zip - Deleted C:\WINDOWS\bdir\ffmiu\1475 Leonardo da Vinci Calculator v1.21 by Raid.zip - Deleted C:\WINDOWS\bdir\ffmiu\1475 Leonardo da Vinci Calculator v1.21 by TNT.zip - Deleted C:\WINDOWS\bdir\ffmiu\1475 Leonardo da Vinci Calculator v1.22.zip - Deleted C:\WINDOWS\bdir\ffmiu\15 Slide 1.00.zip - Deleted C:\WINDOWS\bdir\ffmiu\15-Pack v1.25 by Core.zip - Deleted C:\WINDOWS\bdir\ffmiu\15-Pack v1.25 by RP2K.zip - Deleted C:\WINDOWS\bdir\ffmiu\15-Pack v1.25 by TSRH.zip - Deleted C:\WINDOWS\bdir\ffmiu\15-Pack v1.29.zip - Deleted C:\WINDOWS\bdir\ffmiu\168 Digital Mixer Editor.zip - Deleted C:\WINDOWS\bdir\ffmiu\18 Wheels Of Steel Pedal To The Metal by iND.zip - Deleted C:\WINDOWS\bdir\ffmiu\18 Wheels Of Steel Pedal To The Metal by Revelation.zip - Deleted C:\WINDOWS\bdir\ffmiu\18 Wheels of Steel Pedal to the Metal v1.07.zip - Deleted C:\WINDOWS\bdir\ffmiu\1939 BattleFleet v1.20.7.zip - Deleted C:\WINDOWS\bdir\ffmiu\1939 BattleFleet v1.55.zip - Deleted C:\WINDOWS\bdir\ffmiu\1941 Operation Typhoon v1.0c.zip - Deleted C:\WINDOWS\bdir\ffmiu@Spider v1.1.0.zip - Deleted C:\WINDOWS\bdir\ffmiu@Spider v1.18.zip - Deleted C:\WINDOWS\bdir\ffmiu@Spider v1.19.zip - Deleted C:\WINDOWS\bdir\ffmiu@Spider v1.2.zip - Deleted C:\WINDOWS\bdir\ffmiu@Spider v1.20 by DBC.zip - Deleted C:\WINDOWS\bdir\ffmiu@Spider v1.20 by Elila.zip - Deleted C:\WINDOWS\bdir\ffmiu@Spider v1.21.zip - Deleted C:\WINDOWS\bdir\ffmiu@Spider v1.22.zip - Deleted C:\WINDOWS\bdir\ffmiu@Spider v1.23.zip - Deleted C:\WINDOWS\bdir\ffmiu@Spider v1.5.5.zip - Deleted C:\WINDOWS\bdir\ffmiu@stake LC 5 v5.02.zip - Deleted C:\WINDOWS\bdir\ffmiu@stake LC4 by Dr. Noserial.zip - Deleted C:\WINDOWS\bdir\ffmiu@Stake LC4 v4.00 by Damn.zip - Deleted C:\WINDOWS\bdir\ffmiu@Stake LC4 v4.00 by JustJack.zip - Deleted C:\WINDOWS\bdir\ffmiu@stake LC5 5.03.zip - Deleted C:\WINDOWS\bdir\ffmiu@stake LC5 v5.00 by GasFed.zip - Deleted C:\WINDOWS\bdir\ffmiu@stake LC5 v5.00 by Nabyl King.zip - Deleted C:\WINDOWS\bdir\ffmiu@stake LC5 v5.00 by Xoclipse.zip - Deleted C:\WINDOWS\bdir\ffmiu@stake LC5 v5.04.zip - Deleted C:\WINDOWS\bdir\ffmiu@stake LC5.zip - Deleted C:\WINDOWS\bdir\ffmiu@udio Organizer v1.11 German.zip - Deleted C:\WINDOWS\bdir\ffmiu@udio Organizer v1.5 German.zip - Deleted C:\WINDOWS\bdir\ffmiu@uto-M@iler 2001 v1.0.24.zip - Deleted C:\WINDOWS\bdir\ffmiu\v1.5.6.zip - Deleted C:\WINDOWS\system32\0_exception.nls - Deleted C:\WINDOWS\Temp\startdrv.exe - Deleted C:\WINDOWS\system32\drivers\ctl_w32.sys - Deleted Folder C:\WINDOWS\bdir - Removed Removing Temp Files… ADS Check: C:\WINDOWS No streams found. C:\WINDOWS\system32 :xpdt.sys 54046 Total size: 54046 bytes. system32: deleted 54046 bytes in 1 streams. Checking for remaining Streams C:\WINDOWS\system32 No streams found. C:\WINDOWS\system32\svchost.exe : ADS Found! svchost.exe: deleted 24064 bytes in 1 streams. Checking for remaining Streams C:\WINDOWS\system32\svchost.exe No streams found. C:\WINDOWS\system32\ntoskrnl.exe No streams found. Final Check: catchme 0.3.1262.1 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-12-12 16:00:43 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes … scanning hidden services & system hive … [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04] “h0”=dword:00000000 “ujdew”=hex:90,f1,01,cd,b7,8d,49,54,95,30,25,09,04,cd,bd,ce,87,05,d1,9a,21,… “p0”=“D:\Alcohol Soft\Alcohol 120” [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg] “s1”=dword:5c396cb3 “s2”=dword:79bba7ee “h0”=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04] “h0”=dword:00000000 “ujdew”=hex:90,f1,01,cd,b7,8d,49,54,95,30,25,09,04,cd,bd,ce,87,05,d1,9a,21,… “p0”=“D:\Alcohol Soft\Alcohol 120” [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04] “h0”=dword:00000000 “ujdew”=hex:90,f1,01,cd,b7,8d,49,54,95,30,25,09,04,cd,bd,ce,87,05,d1,9a,21,… “p0”=“D:\Alcohol Soft\Alcohol 120” scanning hidden registry entries … [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\A\1\5\1c] “Order”=hex:08,00,00,00,02,00,00,00,b8,01,00,00,01,00,00,00,04,00,00,00,8c,… scanning hidden files … scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 Remaining Services: ------------------ Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] “%windir%\system32\sessmgr.exe”="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" “D:\Program Files\Gadu-Gadu\gg.exe”=“D:\Program Files\Gadu-Gadu\gg.exe:*:Enabled:Gadu-Gadu - program g˘wny” “C:\WINDOWS\system32\dpvsetup.exe”=“C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test” “C:\WINDOWS\system32\rundll32.exe”=“C:\WINDOWS\system32\rundll32.exe:*:Enabled:Uruchamia plik DLL jako aplikacj©” “C:\Documents and Settings\xp\Ustawienia lokalne\Temp\Rar$EX00.343\eMule0.47c\emule.exe”=“C:\Documents and Settings\xp\Ustawienia lokalne\Temp\Rar$EX00.343\eMule0.47c\emule.exe:*:Enabled:eMule” “C:\Documents and Settings\xp\Ustawienia lokalne\Temp\Rar$EX96.171\eMule0.47c\emule.exe”=“C:\Documents and Settings\xp\Ustawienia lokalne\Temp\Rar$EX96.171\eMule0.47c\emule.exe:*:Enabled:eMule” “D:\Instalki\eMule0.47c\eMule0.47c\emule.exe”=“D:\Instalki\eMule0.47c\eMule0.47c\emule.exe:*:Enabled:eMule” “D:\eMule0.47c\eMule0.47c\emule.exe”=“D:\eMule0.47c\eMule0.47c\emule.exe:*:Enabled:eMule” “D:\Program Files\Electronic Arts\Need for Speed Carbon\nfscs.exe”=“D:\Program Files\Electronic Arts\Need for Speed Carbon\nfscs.exe:*:Enabled:nfscs” “c:\windows\system32\nvsvct7.exe”=“c:\windows\system32\nvsvct7.exe:*:Enabled:nvsvct7” “D:\Program Files\Sports Interactive\Football Manager 2007\fm crack.exe”=“D:\Program Files\Sports Interactive\Football Manager 2007\fm crack.exe:*:Enabled:Football Manager 2007” “C:\Documents and Settings\xp\Pulpit\uTorrent.exe”=“C:\Documents and Settings\xp\Pulpit\uTorrent.exe:*:Enabled:uTorrent” “C:\Program Files\uTorrent\uTorrent.exe”=“C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:uTorrent.exe” “D:\Program Files\SopCast\SopCast.exe”=“D:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application” “C:\Documents and Settings\xp\Dane aplikacji\SopCast\adv\SopAdver.exe”=“C:\Documents and Settings\xp\Dane aplikacji\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver” “D:\Program Files\EA SPORTS\FIFA 08\FIFA08.exe”=“D:\Program Files\EA SPORTS\FIFA 08\FIFA08.exe:*:Enabled:FIFA08” “D:\Program Files\TVAnts\Tvants.exe”=“D:\Program Files\TVAnts\Tvants.exe:*:Enabled:TVAnts” “D:\Program Files\Hamachi\hamachi.exe”=“D:\Program Files\Hamachi\hamachi.exe:*:Enabled:Hamachi Client” “C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe”=“C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe:*:Enabled:Nokia Software Updater” “C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe”=“C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process " “D:\PC Pro Evolution Soccer 2008 [ENG] [dopeman]\PES08\Pro Evolution Soccer 2008\PES2008.exe”=“D:\PC Pro Evolution Soccer 2008 [ENG] [dopeman]\PES08\Pro Evolution Soccer 2008\PES2008.exe:*:Enabled:Pro Evolution Soccer 2008” “C:\Program Files\Skype\Phone\Skype.exe”=“C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath " “C:\WINDOWS\system32\svchost.exe”=“C:\WINDOWS\system32\svchost.exe:*:Enabled:svchost” [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] “%windir%\system32\sessmgr.exe”=”%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019” Remaining Files: --------------- File Backups: - C:\SDFix\SDFix\backups\backups.zip Files with Hidden Attributes: Sun 27 Aug 2006 1,015,973 A.SHR — “C:\Program Files\serial.zip” Sat 7 Oct 2006 390,023 A.SHR — “C:\Program Files\wunauclt.zip” Wed 12 Dec 2007 625 A.SH. — “C:\WINDOWS\system32\mmf.sys” Finished!

Gutek · 12 Grudzień 2007 23:27

Wklej do Notatnika:

>>Plik>>Zapisz jako… >>> CFScript (najwygodniej będzie, jeśli zapiszesz w takiej lokalizacji, by ikonka CFScript.txt znalazła się obok ikonki ComboFix.exe )

Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe (czyli ikonkę CFScript.txt na ikonkę ComboFix.exe )

– podobnie jak na tym obrazku –>

(jeśli pojawi się pytanie " 1 or 2" - to wpisz 1 i naciśnij ENTER) Ma się rozpocząć usuwanie. (i powstanie log)

Po restarcie usuń ręcznie folder C: ** Qoobox**.

Po tym nowy log z Combo

Czaczaa · 14 Grudzień 2007 14:00

http://www.wklej.org/id/d435265a76 - Log z COmboFIX

Gutek · 14 Grudzień 2007 23:20

W folderze C:\WINDOWS\Tasks\ usuń wszystkie At…