Bardzo wolny start win XP

Karol_87_Blade · 24 Czerwiec 2007 11:26

Moj problem polega na bardzo wolnym uruchamianiu sie win Xp ( po nacisnieciu ikony profilu) system włącza sie ok 10 min!! Wczoraj zainstalowałem SP2 czy to moze byc powodem problemu?? Dodaje logi HiJack prosze o pomoc!!

Logfile of HijackThis v1.99.1 Scan saved at 13:00:12, on 2007-06-24 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe C:\Program Files\Microsoft SQL Server\MSSQL$INSERTGT\Binn\sqlservr.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\snmp.exe C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindService.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\ULS\VersaLaser.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Philips\Philips Device Manager\Bin\DeviceManager.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe C:\Program Files\Messenger\msmsgs.exe D:\michal\Mobile\audevicemgr.exe C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe D:\michal\Mobile\CONNEC~1\CONNMN~1.EXE d:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe C:\WINDOWS\system32\taskmgr.exe C:\DOCUME~1\Antoni\USTAWI~1\Temp\Katalog tymczasowy 1 dla hijackthis.zip\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://wp.pl/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem220.dll (file missing) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: SABHO - {21B4ACC4-8874-4AEC-AEAC-F567A249B4D4} - c:\program files\180searchassistant\saishook.dll (file missing) O2 - BHO: Alcohol Toolbar Helper - {52D06F97-5511-43FA-8FDA-C481864FD26E} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: BAHelper Class - {A3FDD654-A057-4971-9844-4ED8E67DBBB8} - C:\Program Files\SideFind\sfbho.dll (file missing) O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\System32\msbe.dll (file missing) O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file) O3 - Toolbar: ISTbar - {FAA356E4-D317-42a6-AB41-A3021C6E7D52} - C:\Program Files\ISTbar\istbarcm.dll (file missing) O3 - Toolbar: Alcohol Toolbar - {4C4E7CDB-5BFC-4D74-83E2-8AE659B7EDA2} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM…\Run: [nwiz] nwiz.exe /install O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM…\Run: [Microsoft Update] wuamkop32.exe O4 - HKLM…\Run: [iST Service] C:\Program Files\ISTsvc\istsvc.exe O4 - HKLM…\Run: [jfxU] C:\WINDOWS\qbvepxg.exe O4 - HKLM…\Run: [VersaLaser] “C:\Program Files\ULS\VersaLaser.exe” O4 - HKLM…\Run: [TkBellExe] “C:\Program Files\Common Files\Real\Update_OB\realsched.exe” -osboot O4 - HKLM…\Run: [PhilipsDM] “C:\Program Files\Philips\Philips Device Manager\Bin\DeviceManager.exe” O4 - HKLM…\Run: [AVP] “C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe” O4 - HKLM…\RunServices: [microsft Updates] msupdate32.exe O4 - HKLM…\RunServices: [Compaq Service Drivers] winsvc32.exe O4 - HKCU…\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background O4 - HKCU…\Run: [Compaq Service Drivers] winsvc32.exe O4 - HKCU…\RunServices: [Compaq Service Drivers] winsvc32.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Monitor podłączenia telefonu.lnk = ? O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra button: Statystyki ochrony WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:\Program Files\IrfanView\Ebay\Ebay.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O15 - Trusted Zone: http://ny.contentmatch.net (HKLM) O16 - DPF: {24311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab O16 - DPF: {33331111-1111-1111-1111-611111193457} - file://c:\ex.cab O16 - DPF: {33331111-1111-1111-1111-611111193458} - file://c:\ex.cab O16 - DPF: {99410CDE-6F16-42ce-9D49-3807F78F0287} (ClientInstaller Class) - http://www.180searchassistant.com/180saax.cab O20 - Winlogon Notify: klogon - C:\WINDOWS\System32\klogon.dll O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34545} - C:\WINDOWS\System32\vbsys2.dll (file missing) O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing) O23 - Service: Hardware Clock Driver (hwclock) - Unknown owner - C:\WINDOWS\System32\hwclock.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindService.exe

Z góry thx.

arekmalek · 24 Czerwiec 2007 11:30

fix w hjt w trybie awaryjnym , pliki na czerwono do usunięcia też w awaryjnym z wyłączonym przywracaniem systemu

Karol_87_Blade · 24 Czerwiec 2007 12:01

A można cos jeszcze zrobić?? bo dalej działa jak mucha w smole

qrczak13 · 24 Czerwiec 2007 12:04

Zastosuj SimtFraudFix, opcja 2 w trybie awaryjnym.

Po wykonaniu w/w daj log z ComboFix.

Karol_87_Blade · 24 Czerwiec 2007 12:22

Oto log z ComboFix

((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\Program Files\internet optimizer C:\WINDOWS\system32\msxml3a.dll ((((((((((((((((((((((((( Files Created from 2007-05-24 to 2007-06-24 ))))))))))))))))))))))))))))))) 2007-06-24 14:19 49,152 --a------ C:\WINDOWS\nircmd.exe 2007-06-24 14:15 2,220 --a------ C:\WINDOWS\system32\tmp.reg 2007-06-24 14:14 53,248 --a------ C:\WINDOWS\system32\Process.exe 2007-06-24 14:14 524,288 --ah----- C:\DOCUME~1\ADMINI~1.SER\NTUSER.DAT 2007-06-24 14:14 51,200 --a------ C:\WINDOWS\system32\dumphive.exe 2007-06-24 14:14 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe 2007-06-24 14:14 2007-06-24 14:14 2007-06-24 14:14 2007-06-24 14:14 2007-06-24 14:14 2007-06-24 14:14 2007-06-24 14:14 2007-06-23 15:53 2007-06-23 15:52 2007-06-23 15:42 221,184 --a------ C:\WINDOWS\system32\wmpns.dll 2007-06-23 15:39 9,728 --------- C:\WINDOWS\system32\proxycfg.exe 2007-06-23 15:39 60,928 --------- C:\WINDOWS\system32\logman.exe 2007-06-23 15:38 95,424 --------- C:\WINDOWS\system32\drivers\slnthal.sys 2007-06-23 15:38 88,064 --------- C:\WINDOWS\system32\p2pnetsh.dll 2007-06-23 15:38 870,784 --------- C:\WINDOWS\system32\ati3d1ag.dll 2007-06-23 15:38 86,016 --------- C:\WINDOWS\system32\p2pgasvc.dll 2007-06-23 15:38 86,016 --------- C:\WINDOWS\system32\mdmxsdk.dll 2007-06-23 15:38 81,920 --------- C:\WINDOWS\system32\ieencode.dll 2007-06-23 15:38 81,408 --------- C:\WINDOWS\system32\wscsvc.dll 2007-06-23 15:38 8,192 --------- C:\WINDOWS\system32\smbinst.exe 2007-06-23 15:38 78,464 --------- C:\WINDOWS\system32\drivers\usbvideo.sys 2007-06-23 15:38 75,776 --------- C:\WINDOWS\system32\strmfilt.dll 2007-06-23 15:38 73,832 --------- C:\WINDOWS\system32\slcoinst.dll 2007-06-23 15:38 73,796 --------- C:\WINDOWS\system32\slserv.exe 2007-06-23 15:38 73,216 --------- C:\WINDOWS\system32\drivers\atintuxx.sys 2007-06-23 15:38 71,680 --------- C:\WINDOWS\system32\blastcln.exe 2007-06-23 15:38 701,440 --------- C:\WINDOWS\system32\drivers\ati2mtag.sys 2007-06-23 15:38 7,680 --------- C:\WINDOWS\system32\kbdsmsno.dll 2007-06-23 15:38 7,680 --------- C:\WINDOWS\system32\kbdsmsfi.dll 2007-06-23 15:38 7,168 --------- C:\WINDOWS\system32\kbdukx.dll 2007-06-23 15:38 7,168 --------- C:\WINDOWS\system32\kbdno1.dll 2007-06-23 15:38 7,168 --------- C:\WINDOWS\system32\kbdfi1.dll 2007-06-23 15:38 685,056 --------- C:\WINDOWS\system32\drivers\hsfcxts2.sys 2007-06-23 15:38 67,584 --------- C:\WINDOWS\system32\drivers\sdbus.sys 2007-06-23 15:38 63,663 --------- C:\WINDOWS\system32\drivers\ati1rvxx.sys 2007-06-23 15:38 63,488 --------- C:\WINDOWS\system32\drivers\atinxsxx.sys 2007-06-23 15:38 60,416 --------- C:\WINDOWS\system32\fwcfg.dll 2007-06-23 15:38 6,656 --------- C:\WINDOWS\system32\kbdinmal.dll 2007-06-23 15:38 6,656 --------- C:\WINDOWS\system32\kbdinben.dll 2007-06-23 15:38 6,144 --------- C:\WINDOWS\system32\kbdmlt48.dll 2007-06-23 15:38 6,144 --------- C:\WINDOWS\system32\kbdmlt47.dll 2007-06-23 15:38 6,144 --------- C:\WINDOWS\system32\kbdinbe1.dll 2007-06-23 15:38 6,016 --------- C:\WINDOWS\system32\drivers\smbali.sys 2007-06-23 15:38 59,648 --------- C:\WINDOWS\system32\drivers\rfcomm.sys 2007-06-23 15:38 57,856 --------- C:\WINDOWS\system32\drivers\atinbtxx.sys 2007-06-23 15:38 56,623 --------- C:\WINDOWS\system32\drivers\ati1btxx.sys 2007-06-23 15:38 526,848 --------- C:\WINDOWS\system32\p2psvc.dll 2007-06-23 15:38 52,224 --------- C:\WINDOWS\system32\drivers\atinraxx.sys 2007-06-23 15:38 516,768 --------- C:\WINDOWS\system32\ativvaxx.dll 2007-06-23 15:38 50,688 --------- C:\WINDOWS\system32\btpanui.dll 2007-06-23 15:38 50,176 --------- C:\WINDOWS\system32\xmlprovi.dll 2007-06-23 15:38 5,632 --------- C:\WINDOWS\system32\kbdmaori.dll 2007-06-23 15:38 49,152 --------- C:\WINDOWS\system32\powercfg.exe 2007-06-23 15:38 48,640 --------- C:\WINDOWS\system32\pnrpnsp.dll 2007-06-23 15:38 46,464 --------- C:\WINDOWS\system32\drivers\gagp30kx.sys 2007-06-23 15:38 452,736 --------- C:\WINDOWS\system32\drivers\mtxparhm.sys 2007-06-23 15:38 44,928 --------- C:\WINDOWS\system32\drivers\agpcpq.sys 2007-06-23 15:38 44,672 --------- C:\WINDOWS\system32\drivers\uagp35.sys 2007-06-23 15:38 44,032 --------- C:\WINDOWS\system32\twext.dll 2007-06-23 15:38 43,008 --------- C:\WINDOWS\system32\drivers\amdagp.sys 2007-06-23 15:38 42,752 --------- C:\WINDOWS\system32\drivers\alim1541.sys 2007-06-23 15:38 42,368 --------- C:\WINDOWS\system32\drivers\agp440.sys 2007-06-23 15:38 42,240 --------- C:\WINDOWS\system32\drivers\viaagp.sys 2007-06-23 15:38 41,088 --------- C:\WINDOWS\system32\drivers\sisagp.sys 2007-06-23 15:38 404,990 --------- C:\WINDOWS\system32\drivers\slntamr.sys 2007-06-23 15:38 40,320 --------- C:\WINDOWS\system32\drivers\intelppm.sys 2007-06-23 15:38 4,255 --------- C:\WINDOWS\system32\drivers\adv01nt5.dll 2007-06-23 15:38 397,056 --------- C:\WINDOWS\system32\s3gnb.dll 2007-06-23 15:38 384,512 --------- C:\WINDOWS\system32\mp4sdmod.dll 2007-06-23 15:38 38,016 --------- C:\WINDOWS\system32\drivers\bthmodem.sys 2007-06-23 15:38 377,984 --------- C:\WINDOWS\system32\ati2dvaa.dll 2007-06-23 15:38 36,463 --------- C:\WINDOWS\system32\drivers\ati1tuxx.sys 2007-06-23 15:38 35,456 --------- C:\WINDOWS\system32\drivers\bthprint.sys 2007-06-23 15:38 34,735 --------- C:\WINDOWS\system32\drivers\ati1xsxx.sys 2007-06-23 15:38 327,040 --------- C:\WINDOWS\system32\drivers\ati2mtaa.sys 2007-06-23 15:38 32,866 --------- C:\WINDOWS\system32\slrundll.exe 2007-06-23 15:38 32,866 --------- C:\WINDOWS\slrundll.exe 2007-06-23 15:38 32,768 --------- C:\WINDOWS\system32\ativtmxx.dll 2007-06-23 15:38 32,285 --------- C:\WINDOWS\system32\hsfcisp2.dll 2007-06-23 15:38 312,320 --------- C:\WINDOWS\system32\p2pgraph.dll 2007-06-23 15:38 310,272 --------- C:\WINDOWS\system32\mp43dmod.dll 2007-06-23 15:38 31,744 --------- C:\WINDOWS\system32\drivers\atinxbxx.sys 2007-06-23 15:38 30,671 --------- C:\WINDOWS\system32\drivers\ati1raxx.sys 2007-06-23 15:38 30,208 --------- C:\WINDOWS\system32\bthserv.dll 2007-06-23 15:38 30,080 --------- C:\WINDOWS\system32\drivers\rndismpx.sys 2007-06-23 15:38 3,967 --------- C:\WINDOWS\system32\drivers\adv02nt5.dll 2007-06-23 15:38 3,901 --------- C:\WINDOWS\system32\drivers\siint5.dll 2007-06-23 15:38 3,775 --------- C:\WINDOWS\system32\drivers\adv11nt5.dll 2007-06-23 15:38 3,711 --------- C:\WINDOWS\system32\drivers\adv09nt5.dll 2007-06-23 15:38 3,647 --------- C:\WINDOWS\system32\drivers\adv07nt5.dll 2007-06-23 15:38 3,615 --------- C:\WINDOWS\system32\drivers\adv05nt5.dll 2007-06-23 15:38 3,135 --------- C:\WINDOWS\system32\drivers\adv08nt5.dll 2007-06-23 15:38 29,455 --------- C:\WINDOWS\system32\drivers\ati1xbxx.sys 2007-06-23 15:38 29,184 --------- C:\WINDOWS\system32\sdhcinst.dll (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-06-23 13:56:46 507,298 ----a-w C:\WINDOWS\system32\perfh015.dat 2007-06-23 13:56:45 97,134 ----a-w C:\WINDOWS\system32\perfc015.dat 2007-06-23 13:51:56 -------- d-----w C:\Program Files\Messenger 2007-06-23 13:51:10 96,256 ----a-w C:\WINDOWS\system32\drivers\sptd8381.sys 2007-06-23 13:38:30 -------- d-----w C:\Program Files\Movie Maker 2007-06-23 13:32:44 -------- d-----w C:\Program Files\Windows NT 2007-06-20 16:04:09 -------- d-----w C:\Program Files\Kaspersky Lab ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] {00000010-6F7D-442C-93E3-4A4827C2E4C8}=C:\WINDOWS\nem220.dll [] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx [2001-03-02 13:02] {21B4ACC4-8874-4AEC-AEAC-F567A249B4D4}=c:\program files\180searchassistant\saishook.dll [] {52D06F97-5511-43FA-8FDA-C481864FD26E}=C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll [2007-02-03 22:22] {5CA3D70E-1895-11CF-8E15-001234567890}=C:\WINDOWS\system32\dla\tfswshx.dll [2003-02-07 01:03] {A3FDD654-A057-4971-9844-4ED8E67DBBB8}=C:\Program Files\SideFind\sfbho.dll [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “nwiz”=“nwiz.exe” [2004-03-24 11:04 C:\WINDOWS\system32\nwiz.exe] “IST Service”=“C:\Program Files\ISTsvc\istsvc.exe” [] “VersaLaser”=“C:\Program Files\ULS\VersaLaser.exe” [2005-06-29 22:55] “TkBellExe”=“C:\Program Files\Common Files\Real\Update_OB\realsched.exe” [2006-05-03 12:57] “PhilipsDM”=“C:\Program Files\Philips\Philips Device Manager\Bin\DeviceManager.exe” [2006-09-28 10:33] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“C:\WINDOWS\System32\CTFMON.EXE” [2004-08-04 00:44] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices] “Compaq Service Drivers”=winsvc32.exe [HKEY_USERS.default\software\microsoft\windows\currentversion\runservices] “Compaq Service Drivers”=winsvc32.exe [HKEY_USERS.default\software\microsoft\windows\currentversion\run] “Compaq Service Drivers”=winsvc32.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] “{54645654-2225-4455-44A1-9F4543D34545}”=“C:\WINDOWS\System32\vbsys2.dll” [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Repair Registry Pro] C:\Program Files\Repair Registry Pro\RepairRegistryPro.exe -s [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Resume copy] copyfstq.exe /startup *Newly Created Service* - OSE *Newly Created Service* - VERSALDR ************************************************************************** catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-06-24 14:21:19 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes … cmd.exe [1492] scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden files: 0 ************************************************************************** Completion time: 2007-06-24 14:21:44 C:\ComboFix-quarantined-files.txt … 2007-06-24 14:21 — E O F —

Karol_87_Blade · 24 Czerwiec 2007 12:59

Thx za pomoc juz teraz jest lepiej. Pozdrawiam i jeszcze raz dzieki.

qrczak13 · 24 Czerwiec 2007 13:11

Te wpisy są ok.

Do notatnika wklej:

Windows Registry Editor Version 5.00 [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{00000010-6F7D-442C-93E3-4A4827C2E4C8}] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{21B4ACC4-8874-4AEC-AEAC-F567A249B4D4}] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{A3FDD654-A057-4971-9844-4ED8E67DBBB8}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “IST Service”=- [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices] “Compaq Service Drivers”=- [HKEY_USERS.default\software\microsoft\windows\currentversion\runservices] “Compaq Service Drivers”=- [HKEY_USERS.default\software\microsoft\windows\currentversion\run] “Compaq Service Drivers”=- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] “{54645654-2225-4455-44A1-9F4543D34545}”=-

Plik > zapisz jako > zmień rozszerzenie z .txt na wszystkie pliki > zapisz pod nazwą Fix.reg np na

pulpicie > dwuklik na Fix.reg > potwierdzasz > restart.

Karol_87_Blade · 24 Czerwiec 2007 13:20

I teraz jest Super Wielkie dzieki pozdrawiam

Gutek · 24 Czerwiec 2007 13:25

Daj kontrolnie nowy log z Combofix

dlaczego ma usuwać te pliki?

M_i_r · 24 Czerwiec 2007 14:51

Przepraszam Gutek2222 ale uważam,że arekmalek ze względów bezpieczeństwa dmucha na zimne.

Process.exe , nircmd.exe są darmowymi programami linii poleceń wykorzystywanych przez automaty do usuwania szkodników , ale

mogą być przez te szkodniki wykorzystywane.

Pliki te nie należą do systemu.

Z doświadczenia własnego wiem ,że po uruchomieniu ComboFix-a ,

który używa nircmd.exe i po usunięciu tego pliku nie można

uzyskać połączenia z internetem i trzeba to połączenie ponownie kreować.

Okazuje się ,że usunięcie nircmd.exe powoduje nadpisanie hasła do połaczenia internetowego (podwojenie) - wniosek nircmd.exe

przejmuje część funkcji systemu.

Podobnie może być z dumphive.exe i process.exe.

arekmalek mógł się kierować patrz

http://forums.majorgeeks.com/showthread.php?t=109994

http://forum.dobreprogramy.pl/viewtopic … 2cbe40c0c6

http://www.searchengines.pl/phpbb203/in … ntry416333

http://www.beyondlogic.org/solutions/pr … ssutil.htm

http://www.nirsoft.net/utils/nircmd.html

Może się mylę ale uważam ,że narzędzia nie należące do systemu -

z tytułu bezpieczeństwa ,jeżeli już są niepotrzebne, winny być usunięte.

Gutek · 24 Czerwiec 2007 20:50

a kto tak powiedział, że te pliki lecą te 3? :mrgreen:

Karol_87_Blade · 24 Czerwiec 2007 21:50

Logi kontrolne

((((((((((((((((((((((((( Files Created from 2007-05-24 to 2007-06-24 ))))))))))))))))))))))))))))))) 2007-06-24 23:23 49,152 --a------ C:\WINDOWS\nircmd.exe 2007-06-24 14:15 2,220 --a------ C:\WINDOWS\system32\tmp.reg 2007-06-24 14:14 786,432 --ah----- C:\DOCUME~1\ADMINI~1.SER\NTUSER.DAT 2007-06-24 14:14 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe 2007-06-24 14:14 2007-06-24 14:14 2007-06-24 14:14 2007-06-24 14:14 2007-06-24 14:14 2007-06-24 14:14 2007-06-24 14:14 2007-06-23 15:53 2007-06-23 15:52 2007-06-23 15:42 221,184 --a------ C:\WINDOWS\system32\wmpns.dll 2007-06-23 15:39 9,728 --------- C:\WINDOWS\system32\proxycfg.exe 2007-06-23 15:39 60,928 --------- C:\WINDOWS\system32\logman.exe 2007-06-23 15:38 95,424 --------- C:\WINDOWS\system32\drivers\slnthal.sys 2007-06-23 15:38 88,064 --------- C:\WINDOWS\system32\p2pnetsh.dll 2007-06-23 15:38 870,784 --------- C:\WINDOWS\system32\ati3d1ag.dll 2007-06-23 15:38 86,016 --------- C:\WINDOWS\system32\p2pgasvc.dll 2007-06-23 15:38 86,016 --------- C:\WINDOWS\system32\mdmxsdk.dll 2007-06-23 15:38 81,920 --------- C:\WINDOWS\system32\ieencode.dll 2007-06-23 15:38 81,408 --------- C:\WINDOWS\system32\wscsvc.dll 2007-06-23 15:38 8,192 --------- C:\WINDOWS\system32\smbinst.exe 2007-06-23 15:38 78,464 --------- C:\WINDOWS\system32\drivers\usbvideo.sys 2007-06-23 15:38 75,776 --------- C:\WINDOWS\system32\strmfilt.dll 2007-06-23 15:38 73,832 --------- C:\WINDOWS\system32\slcoinst.dll 2007-06-23 15:38 73,796 --------- C:\WINDOWS\system32\slserv.exe 2007-06-23 15:38 73,216 --------- C:\WINDOWS\system32\drivers\atintuxx.sys 2007-06-23 15:38 71,680 --------- C:\WINDOWS\system32\blastcln.exe 2007-06-23 15:38 701,440 --------- C:\WINDOWS\system32\drivers\ati2mtag.sys 2007-06-23 15:38 7,680 --------- C:\WINDOWS\system32\kbdsmsno.dll 2007-06-23 15:38 7,680 --------- C:\WINDOWS\system32\kbdsmsfi.dll 2007-06-23 15:38 7,168 --------- C:\WINDOWS\system32\kbdukx.dll 2007-06-23 15:38 7,168 --------- C:\WINDOWS\system32\kbdno1.dll 2007-06-23 15:38 7,168 --------- C:\WINDOWS\system32\kbdfi1.dll 2007-06-23 15:38 685,056 --------- C:\WINDOWS\system32\drivers\hsfcxts2.sys 2007-06-23 15:38 67,584 --------- C:\WINDOWS\system32\drivers\sdbus.sys 2007-06-23 15:38 63,663 --------- C:\WINDOWS\system32\drivers\ati1rvxx.sys 2007-06-23 15:38 63,488 --------- C:\WINDOWS\system32\drivers\atinxsxx.sys 2007-06-23 15:38 60,416 --------- C:\WINDOWS\system32\fwcfg.dll 2007-06-23 15:38 6,656 --------- C:\WINDOWS\system32\kbdinmal.dll 2007-06-23 15:38 6,656 --------- C:\WINDOWS\system32\kbdinben.dll 2007-06-23 15:38 6,144 --------- C:\WINDOWS\system32\kbdmlt48.dll 2007-06-23 15:38 6,144 --------- C:\WINDOWS\system32\kbdmlt47.dll 2007-06-23 15:38 6,144 --------- C:\WINDOWS\system32\kbdinbe1.dll 2007-06-23 15:38 6,016 --------- C:\WINDOWS\system32\drivers\smbali.sys 2007-06-23 15:38 59,648 --------- C:\WINDOWS\system32\drivers\rfcomm.sys 2007-06-23 15:38 57,856 --------- C:\WINDOWS\system32\drivers\atinbtxx.sys 2007-06-23 15:38 56,623 --------- C:\WINDOWS\system32\drivers\ati1btxx.sys 2007-06-23 15:38 526,848 --------- C:\WINDOWS\system32\p2psvc.dll 2007-06-23 15:38 52,224 --------- C:\WINDOWS\system32\drivers\atinraxx.sys 2007-06-23 15:38 516,768 --------- C:\WINDOWS\system32\ativvaxx.dll 2007-06-23 15:38 50,688 --------- C:\WINDOWS\system32\btpanui.dll 2007-06-23 15:38 50,176 --------- C:\WINDOWS\system32\xmlprovi.dll 2007-06-23 15:38 5,632 --------- C:\WINDOWS\system32\kbdmaori.dll 2007-06-23 15:38 49,152 --------- C:\WINDOWS\system32\powercfg.exe 2007-06-23 15:38 48,640 --------- C:\WINDOWS\system32\pnrpnsp.dll 2007-06-23 15:38 46,464 --------- C:\WINDOWS\system32\drivers\gagp30kx.sys 2007-06-23 15:38 452,736 --------- C:\WINDOWS\system32\drivers\mtxparhm.sys 2007-06-23 15:38 44,928 --------- C:\WINDOWS\system32\drivers\agpcpq.sys 2007-06-23 15:38 44,672 --------- C:\WINDOWS\system32\drivers\uagp35.sys 2007-06-23 15:38 44,032 --------- C:\WINDOWS\system32\twext.dll 2007-06-23 15:38 43,008 --------- C:\WINDOWS\system32\drivers\amdagp.sys 2007-06-23 15:38 42,752 --------- C:\WINDOWS\system32\drivers\alim1541.sys 2007-06-23 15:38 42,368 --------- C:\WINDOWS\system32\drivers\agp440.sys 2007-06-23 15:38 42,240 --------- C:\WINDOWS\system32\drivers\viaagp.sys 2007-06-23 15:38 41,088 --------- C:\WINDOWS\system32\drivers\sisagp.sys 2007-06-23 15:38 404,990 --------- C:\WINDOWS\system32\drivers\slntamr.sys 2007-06-23 15:38 40,320 --------- C:\WINDOWS\system32\drivers\intelppm.sys 2007-06-23 15:38 4,255 --------- C:\WINDOWS\system32\drivers\adv01nt5.dll 2007-06-23 15:38 397,056 --------- C:\WINDOWS\system32\s3gnb.dll 2007-06-23 15:38 384,512 --------- C:\WINDOWS\system32\mp4sdmod.dll 2007-06-23 15:38 38,016 --------- C:\WINDOWS\system32\drivers\bthmodem.sys 2007-06-23 15:38 377,984 --------- C:\WINDOWS\system32\ati2dvaa.dll 2007-06-23 15:38 36,463 --------- C:\WINDOWS\system32\drivers\ati1tuxx.sys 2007-06-23 15:38 35,456 --------- C:\WINDOWS\system32\drivers\bthprint.sys 2007-06-23 15:38 34,735 --------- C:\WINDOWS\system32\drivers\ati1xsxx.sys 2007-06-23 15:38 327,040 --------- C:\WINDOWS\system32\drivers\ati2mtaa.sys 2007-06-23 15:38 32,866 --------- C:\WINDOWS\system32\slrundll.exe 2007-06-23 15:38 32,866 --------- C:\WINDOWS\slrundll.exe 2007-06-23 15:38 32,768 --------- C:\WINDOWS\system32\ativtmxx.dll 2007-06-23 15:38 32,285 --------- C:\WINDOWS\system32\hsfcisp2.dll 2007-06-23 15:38 312,320 --------- C:\WINDOWS\system32\p2pgraph.dll 2007-06-23 15:38 310,272 --------- C:\WINDOWS\system32\mp43dmod.dll 2007-06-23 15:38 31,744 --------- C:\WINDOWS\system32\drivers\atinxbxx.sys 2007-06-23 15:38 30,671 --------- C:\WINDOWS\system32\drivers\ati1raxx.sys 2007-06-23 15:38 30,208 --------- C:\WINDOWS\system32\bthserv.dll 2007-06-23 15:38 30,080 --------- C:\WINDOWS\system32\drivers\rndismpx.sys 2007-06-23 15:38 3,967 --------- C:\WINDOWS\system32\drivers\adv02nt5.dll 2007-06-23 15:38 3,901 --------- C:\WINDOWS\system32\drivers\siint5.dll 2007-06-23 15:38 3,775 --------- C:\WINDOWS\system32\drivers\adv11nt5.dll 2007-06-23 15:38 3,711 --------- C:\WINDOWS\system32\drivers\adv09nt5.dll 2007-06-23 15:38 3,647 --------- C:\WINDOWS\system32\drivers\adv07nt5.dll 2007-06-23 15:38 3,615 --------- C:\WINDOWS\system32\drivers\adv05nt5.dll 2007-06-23 15:38 3,135 --------- C:\WINDOWS\system32\drivers\adv08nt5.dll 2007-06-23 15:38 29,455 --------- C:\WINDOWS\system32\drivers\ati1xbxx.sys 2007-06-23 15:38 29,184 --------- C:\WINDOWS\system32\sdhcinst.dll 2007-06-23 15:38 29,056 --------- C:\WINDOWS\system32\drivers\ip6fw.sys 2007-06-23 15:38 286,792 --------- C:\WINDOWS\system32\slextspk.dll (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-06-23 13:56:46 507,298 ----a-w C:\WINDOWS\system32\perfh015.dat 2007-06-23 13:56:45 97,134 ----a-w C:\WINDOWS\system32\perfc015.dat 2007-06-23 13:51:56 -------- d-----w C:\Program Files\Messenger 2007-06-23 13:51:10 96,256 ----a-w C:\WINDOWS\system32\drivers\sptd8381.sys 2007-06-23 13:38:30 -------- d-----w C:\Program Files\Movie Maker 2007-06-23 13:32:44 -------- d-----w C:\Program Files\Windows NT 2007-06-23 09:04:56 -------- d-----w C:\DOCUME~1\Antoni\DANEAP~1\InsERT GT 2007-06-20 16:04:09 -------- d-----w C:\Program Files\Kaspersky Lab ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx [2001-03-02 13:02] {52D06F97-5511-43FA-8FDA-C481864FD26E}=C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll [2007-02-03 22:22] {5CA3D70E-1895-11CF-8E15-001234567890}=C:\WINDOWS\system32\dla\tfswshx.dll [2003-02-07 01:03] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “nwiz”=“nwiz.exe” [2004-03-24 11:04 C:\WINDOWS\system32\nwiz.exe] “VersaLaser”=“C:\Program Files\ULS\VersaLaser.exe” [2005-06-29 22:55] “TkBellExe”=“C:\Program Files\Common Files\Real\Update_OB\realsched.exe” [2006-05-03 12:57] “PhilipsDM”=“C:\Program Files\Philips\Philips Device Manager\Bin\DeviceManager.exe” [2006-09-28 10:33] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “MSMSGS”=“C:\Program Files\Messenger\msmsgs.exe” [2004-08-04 00:44] “Compaq Service Drivers”=“winsvc32.exe” [] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runservices] “Compaq Service Drivers”=winsvc32.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] “{54645654-2225-4455-44A1-9F4543D34545}”=“C:\WINDOWS\System32\vbsys2.dll” [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Repair Registry Pro] C:\Program Files\Repair Registry Pro\RepairRegistryPro.exe -s [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Resume copy] copyfstq.exe /startup ************************************************************************** catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-06-24 23:36:15 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden files: 0 ************************************************************************** Completion time: 2007-06-24 23:39:55 C:\ComboFix-quarantined-files.txt … 2007-06-24 23:39 C:\ComboFix2.txt … 2007-06-24 14:21 — E O F —

Gutek · 24 Czerwiec 2007 22:00

Wklej do notatnika:

Plik >>> Zapisz jako >>> Ustaw rozszerzenie z TXT na Wszystkie pliki >>> zapisz pod nazwą FIX.REG >>> kliknij podwójnie zrobiony plik i potwierdź >>> reset kompa

Dokończyć skanerami online - Skanery do wyboru