Internet bardzo wolno chodzi, ponad 30 wirusów

K_A · 29 Sierpień 2007 18:29

avast wykrył jednego dnia ponad 30 trojanów, następnego dnia 6 trojanów, komputer bardzo bardzo wolno działa, z internetem jest jeszcze gorzej. proszę o pomoc!

[Logfile of HijackThis v1.99.1

Scan saved at 20:26:10, on 2007-08-29

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\Explorer.EXE

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\Program Files\Winamp\winampa.exe

E:\Nowy folder\daemon.exe

C:\Program Files\Gadu-Gadu\gg.exe

D:\eMule\emule.exe

C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Winamp\winamp.exe

C:\Program Files\internet explorer\iexplore.exe

C:\Program Files\WinRAR\WinRAR.exe

C:\DOCUME~1\KIARUL~1\USTAWI~1\Temp\Rar$EX00.922\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.pl/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\SPYBOT~1\SDHelper.dll

O4 - HKLM…\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM…\Run: [skyTel] SkyTel.EXE

O4 - HKLM…\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM…\Run: [RemoteControl] “C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe”

O4 - HKLM…\Run: [nwiz] nwiz.exe /install

O4 - HKLM…\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM…\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe

O4 - HKLM…\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM…\Run: [DAEMON Tools-1033] “E:\Nowy folder\daemon.exe” -lang 1033

O4 - HKCU…\Run: [VoipStunt] “C:\Program Files\VoipStunt.com\VoipStunt\VoipStunt.exe” -nosplash -minimized

O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray

O4 - HKCU…\Run: [bitComet] “C:\Program Files\BitComet\BitComet.exe” /tray

O4 - HKCU…\Run: [eMuleAutoStart] D:\eMule\emule.exe -AutoStart

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: Eksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL

O16 - DPF: {1F831FAC-42FC-11D4-95A6-0080AD30DCE1} (NOXLATE) - file://E:\AutoCad\InstFred.ocx

O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://E:\AutoCad\AcPreview.ocx

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe

O23 - Service: Klient DNS DnscacheThemes (DnscacheThemes) - Unknown owner - C:\WINDOWS\system32\adsldpb.exe (file missing)

O23 - Service: Rozpoznawanie lokalizacji w sieci (NLA) NlaDcomLaunch (NlaDcomLaunch) - Unknown owner - C:\WINDOWS\system32\1041b.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Lokalizator usługi zdalnego wywołania procedury (RPC) RpcLocatorSysmonLog (RpcLocatorSysmonLog) - Unknown owner - C:\WINDOWS\system32\acctresv.exe (file missing)

O23 - Service: Zasilacz awaryjny (UPS) UPSWebClient (UPSWebClient) - Unknown owner - C:\WINDOWS\system32\12520850x.exe (file missing)

]

[“Silent Runners.vbs”, revision R50, http://www.silentrunners.org/

Operating System: Windows XP SP2

Output limited to non-default values, except where indicated by “{++}”

Startup items buried in registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}

“VoipStunt” = ““C:\Program Files\VoipStunt.com\VoipStunt\VoipStunt.exe” -nosplash -minimized” [file not found]

“Gadu-Gadu” = ““C:\Program Files\Gadu-Gadu\gg.exe” /tray” [“Gadu-Gadu S.A.”]

“BitComet” = ““C:\Program Files\BitComet\BitComet.exe” /tray” [file not found]

“eMuleAutoStart” = “D:\eMule\emule.exe -AutoStart” [“http://www.emule-project.net”]

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}

“avast!” = “C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [“ALWIL Software”]

“NvMediaCenter” = “RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit” [MS]

“NvCplDaemon” = “RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup” [MS]

“SkyTel” = “SkyTel.EXE” [“Realtek Semiconductor Corp.”]

“RTHDCPL” = “RTHDCPL.EXE” [“Realtek Semiconductor Corp.”]

“RemoteControl” = ““C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe”” [“Cyberlink Corp.”]

“nwiz” = “nwiz.exe /install” [“NVIDIA Corporation”]

“NeroFilterCheck” = “C:\WINDOWS\system32\NeroCheck.exe” [“Ahead Software Gmbh”]

“WinampAgent” = “C:\Program Files\Winamp\winampa.exe” [null data]

“KernelFaultCheck” = “C:\WINDOWS\system32\dumprep 0 -k”

“DAEMON Tools-1033” = ““E:\Nowy folder\daemon.exe” -lang 1033” [“DAEMON’S HOME”]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided)

{HKLM…CLSID} = “AcroIEHlprObj Class”

\InProcServer32(Default) = “C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll” [“Adobe Systems Incorporated”]

{22BF413B-C6D2-4d91-82A9-A0F997BA588C}(Default) = (no title provided)

{HKLM…CLSID} = “Skype add-on (mastermind)”

\InProcServer32(Default) = “C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL” [“Skype Technologies S.A.”]

{53707962-6F74-2D53-2644-206D7942484F}(Default) = (no title provided)

{HKLM…CLSID} = (no title provided)

\InProcServer32(Default) = “C:\SPYBOT~1\SDHelper.dll” [“Safer Networking Limited”]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

“{42071714-76d4-11d1-8b24-00a0c9068ff3}” = “Rozszerzenie CPL kadrowania wyświetlania”

{HKLM…CLSID} = “Rozszerzenie CPL kadrowania wyświetlania”

\InProcServer32(Default) = “deskpan.dll” [file not found]

“{88895560-9AA2-1069-930E-00AA0030EBC8}” = “Rozszerzenie ikony HyperTerminalu”

{HKLM…CLSID} = “HyperTerminal Icon Ext”

\InProcServer32(Default) = “C:\WINDOWS\system32\hticons.dll” [“Hilgraeve, Inc.”]

“{0006F045-0000-0000-C000-000000000046}” = “Microsoft Outlook Custom Icon Handler”

{HKLM…CLSID} = “Rozszerzenie ikon plików programu Outlook”

\InProcServer32(Default) = “C:\Program Files\Microsoft Office\Office10\OLKFSTUB.DLL” [MS]

“{42042206-2D85-11D3-8CFF-005004838597}” = “Microsoft Office HTML Icon Handler”

{HKLM…CLSID} = (no title provided)

\InProcServer32(Default) = “C:\Program Files\Microsoft Office\Office10\msohev.dll” [MS]

“{B41DB860-8EE4-11D2-9906-E49FADC173CA}” = “WinRAR shell extension”

{HKLM…CLSID} = “WinRAR”

\InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data]

“{A70C977A-BF00-412C-90B7-034C51DA2439}” = “NvCpl DesktopContext Class”

{HKLM…CLSID} = “DesktopContext Class”

\InProcServer32(Default) = “C:\WINDOWS\system32\nvcpl.dll” [“NVIDIA Corporation”]

“{FFB699E0-306A-11d3-8BD1-00104B6F7516}” = “Play on my TV helper”

{HKLM…CLSID} = “NVIDIA CPL Extension”

\InProcServer32(Default) = “C:\WINDOWS\system32\nvcpl.dll” [“NVIDIA Corporation”]

“{1CDB2949-8F65-4355-8456-263E7C208A5D}” = “Desktop Explorer”

{HKLM…CLSID} = “Desktop Explorer”

\InProcServer32(Default) = “C:\WINDOWS\system32\nvshell.dll” [“NVIDIA Corporation”]

“{1E9B04FB-F9E5-4718-997B-B8DA88302A47}” = “Desktop Explorer Menu”

{HKLM…CLSID} = (no title provided)

\InProcServer32(Default) = “C:\WINDOWS\system32\nvshell.dll” [“NVIDIA Corporation”]

“{1E9B04FB-F9E5-4718-997B-B8DA88302A48}” = “nView Desktop Context Menu”

{HKLM…CLSID} = “nView Desktop Context Menu”

\InProcServer32(Default) = “C:\WINDOWS\system32\nvshell.dll” [“NVIDIA Corporation”]

“{472083B0-C522-11CF-8763-00608CC02F24}” = “avast”

{HKLM…CLSID} = “avast”

\InProcServer32(Default) = “C:\Program Files\Alwil Software\Avast4\ashShell.dll” [“ALWIL Software”]

“{0A082D00-EC93-11D0-B1E6-80580BC10627}” = “Corel Media Folder Root Menu Handler”

{HKLM…CLSID} = “Corel Media Folder Root Menu Handler”

\InProcServer32(Default) = “E:\Corel\programs\CMFFld80.dll” [empty string]

“{0FBF99C1-4127-11D1-B1E6-C17E96D9180A}” = “Folder To Corel Media Folder Menu Handler”

{HKLM…CLSID} = “Folder To Corel Media Folder Menu Handler”

\InProcServer32(Default) = “E:\Corel\programs\CMFFld80.dll” [empty string]

“{854AF161-1AE1-11D1-AB9B-00C0F00683EB}” = “Corel Media Folder”

{HKLM…CLSID} = “Corel Media Folder”

\InProcServer32(Default) = “E:\Corel\programs\CMFFld80.dll” [empty string]

“{E856F161-1AE5-11d1-AB9B-00C0F00683EB}” = “Corel Media Folder”

{HKLM…CLSID} = “Corel Media Folder”

\InProcServer32(Default) = “E:\Corel\programs\CMFFld80.dll” [empty string]

“{CDB89701-262F-11D1-AB9C-00C0F00683EB}” = “Corel Media Find Folder”

{HKLM…CLSID} = “Corel Media Find Folder”

\InProcServer32(Default) = “E:\Corel\programs\CMFFld80.dll” [empty string]

“{F8152501-455F-11D1-B1E6-444553540000}” = “Corel Media Folder Copy Hook Handler”

{HKLM…CLSID} = “Corel Media Folder Copy Hook Handler”

\InProcServer32(Default) = “E:\Corel\programs\CMFFld80.dll” [empty string]

“{8E524B0D-04F0-11D1-B74A-00A0C90646A4}” = “IconFactTemp.NSIconHandlerFactory”

{HKLM…CLSID} = (no title provided)

\InProcServer32(Default) = “E:\Corel\programs\CNSFlt80.dll” [“Corel Corporation”]

“{A2AC368A-F883-11D0-B745-00A0C90646A4}” = “NSFiltManDll.FiltManCom”

{HKLM…CLSID} = (no title provided)

\InProcServer32(Default) = “E:\Corel\programs\CNSFlt80.dll” [“Corel Corporation”]

“{B63FCD5A-2396-11D1-B762-00A0C90646A4}” = “*`” (unwritable string)

{HKLM…CLSID} = (no title provided)

\InProcServer32(Default) = “E:\Corel\programs\CMFFnd80.dll” [“Corel Corporation”]

HKLM\Software\Classes\Folder\shellex\ColumnHandlers\

{F9DB5320-233E-11D1-9F84-707F02C10627}(Default) = “PDF Column Info”

{HKLM…CLSID} = “PDF Shell Extension”

\InProcServer32(Default) = “C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll” [“Adobe Systems, Inc.”]

HKLM\Software\Classes*\shellex\ContextMenuHandlers\

avast(Default) = “{472083B0-C522-11CF-8763-00608CC02F24}”

{HKLM…CLSID} = “avast”

\InProcServer32(Default) = “C:\Program Files\Alwil Software\Avast4\ashShell.dll” [“ALWIL Software”]

VersionsMenu(Default) = “{03170921-4754-11cf-AB9A-00C0F00683EB}”

{HKLM…CLSID} = “Corel Versions”

\InProcServer32(Default) = “E:\COREL\Versions\CVersion.dll” [“Corel Corporation Limited”]

WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}”

{HKLM…CLSID} = “WinRAR”

\InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\

FolderToCorelMediaFolder(Default) = “{0FBF99C1-4127-11D1-B1E6-C17E96D9180A}”

{HKLM…CLSID} = “Folder To Corel Media Folder Menu Handler”

\InProcServer32(Default) = “E:\Corel\programs\CMFFld80.dll” [empty string]

WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}”

{HKLM…CLSID} = “WinRAR”

\InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\

avast(Default) = “{472083B0-C522-11CF-8763-00608CC02F24}”

{HKLM…CLSID} = “avast”

\InProcServer32(Default) = “C:\Program Files\Alwil Software\Avast4\ashShell.dll” [“ALWIL Software”]

VersionsMenu(Default) = “{03170921-4754-11cf-AB9A-00C0F00683EB}”

{HKLM…CLSID} = “Corel Versions”

\InProcServer32(Default) = “E:\COREL\Versions\CVersion.dll” [“Corel Corporation Limited”]

WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}”

{HKLM…CLSID} = “WinRAR”

\InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data]

Group Policies {GPedit.msc branch and setting}:

Note: detected settings may not have any effect.

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\

“shutdownwithoutlogon” = (REG_DWORD) hex:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

Shutdown: Allow system to be shut down without having to log on}

“undockwithoutlogon” = (REG_DWORD) hex:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

Devices: Allow undock without having to log on}

Active Desktop and Wallpaper:

Active Desktop may be disabled at this entry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:

HKCU\Software\Microsoft\Internet Explorer\Desktop\General\

“Wallpaper” = “C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp”

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:

HKCU\Control Panel\Desktop\

“Wallpaper” = “C:\Documents and Settings\K i A rulez\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp”

Startup items in “K i A rulez” “All Users” startup folders:

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart

“Microsoft Office” - shortcut to: “C:\Program Files\Microsoft Office\Office10\OSA.EXE -b -l” [MS]

Winsock2 Service Provider DLLs:

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}

000000000001\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS]

000000000002\LibraryPath = “%SystemRoot%\System32\winrnr.dll” [MS]

000000000003\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}

0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:

%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 17

%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05

Toolbars, Explorer Bars, Extensions:

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\

“{EF99BD32-C1FB-11D2-892F-0090271D4F88}”

{HKLM…CLSID} = “Yahoo! Toolbar”

\InProcServer32(Default) = “C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll” [file not found]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\

{77BF5300-1474-4EC7-9980-D32B190E9B07}\

“ButtonText” = “Skype”

“CLSIDExtension” = “{77BF5300-1474-4EC7-9980-D32B190E9B07}”

{HKLM…CLSID} = “Skype add-on (button)”

\InProcServer32(Default) = “C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL” [“Skype Technologies S.A.”]

Running Services (Display Name, Service Name, Path {Service DLL}):

avast! Antivirus, avast! Antivirus, ““C:\Program Files\Alwil Software\Avast4\ashServ.exe”” [“ALWIL Software”]

avast! iAVS4 Control Service, aswUpdSv, ““C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe”” [“ALWIL Software”]

avast! Mail Scanner, avast! Mail Scanner, ““C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe” /service” [“ALWIL Software”]

avast! Web Scanner, avast! Web Scanner, ““C:\Program Files\Alwil Software\Avast4\ashWebSv.exe” /service” [“ALWIL Software”]

BlueSoleil Hid Service, BlueSoleil Hid Service, “C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe” [null data]

Machine Debug Manager, MDM, ““C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe”” [MS]

NVIDIA Display Driver Service, NVSvc, “C:\WINDOWS\system32\nvsvc32.exe” [“NVIDIA Corporation”]

Windows User Mode Driver Framework, UMWdf, “C:\WINDOWS\system32\wdfmgr.exe” [MS]

This report excludes default entries except where indicated.
To see *everywhere* the script checks and *everything* it finds,

launch it from a command prompt or a shortcut with the -all parameter.

To search all directories of local fixed drives for DESKTOP.INI

DLL launch points, use the -supp parameter or answer “No” at the

first message box and “Yes” at the second message box.

---------- (total run time: 25 seconds, including 5 seconds for message boxes)]

Gutek · 29 Sierpień 2007 18:41

Pobierz program SDFix

K_A · 29 Sierpień 2007 18:50

[Deckard’s System Scanner v20070826.66

Run by K i A rulez on 2007-08-29 20:48:22

Computer is in Normal Mode.

– System Restore --------------------------------------------------------------

Successfully created a Deckard’s System Scanner Restore Point.

– Last 5 Restore Point(s) –

51: 2007-08-29 18:48:25 UTC - RP169 - Deckard’s System Scanner Restore Point

50: 2007-08-29 12:50:23 UTC - RP168 - Punkt kontrolny systemu

49: 2007-08-28 12:20:03 UTC - RP167 - Punkt kontrolny systemu

48: 2007-08-26 14:36:57 UTC - RP166 - Punkt kontrolny systemu

47: 2007-08-23 18:19:29 UTC - RP165 - Zainstalowany program DirectX 9.0

– First Restore Point –

1: 2007-05-31 14:18:08 UTC - RP119 - Punkt kontrolny systemu

Backed up registry hives.

Performed disk cleanup.

– HijackThis Clone ------------------------------------------------------------

Emulating logfile of HijackThis v1.99.1

Scan saved at 2007-08-29 20:49:17

Platform: Windows XP Dodatek Service Pack 2 (5.01.2600)

MSIE: Internet Explorer (6.00.2900.2180)

Running processes:

C:\WINDOWS\system32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Alwil Software\Avast4\ashDisp.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\Program Files\Winamp\winampa.exe

E:\Nowy folder\daemon.exe

C:\Program Files\Gadu-Gadu\gg.exe

D:\eMule\emule.exe

C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Winamp\winamp.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Documents and Settings\K i A rulez\Pulpit\dobre programy\dss.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/search?q=%s

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.pl/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie

R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Phone\IEPlugin\SkypeIEPlugin.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Spybot - Search & Destroy\SDHelper.dll

O4 - HKEY_LOCAL_MACHINE…\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKEY_LOCAL_MACHINE…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKEY_LOCAL_MACHINE…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKEY_LOCAL_MACHINE…\Run: [skyTel] SkyTel.EXE

O4 - HKEY_LOCAL_MACHINE…\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKEY_LOCAL_MACHINE…\Run: [RemoteControl] “C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe”

O4 - HKEY_LOCAL_MACHINE…\Run: [nwiz] nwiz.exe /install

O4 - HKEY_LOCAL_MACHINE…\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKEY_LOCAL_MACHINE…\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe

O4 - HKEY_LOCAL_MACHINE…\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKEY_LOCAL_MACHINE…\Run: [DAEMON Tools-1033] “E:\Nowy folder\daemon.exe” -lang 1033

O4 - HKCU…\Run: [VoipStunt] “C:\Program Files\VoipStunt.com\VoipStunt\VoipStunt.exe” -nosplash -minimized

O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray

O4 - HKCU…\Run: [bitComet] “C:\Program Files\BitComet\BitComet.exe” /tray

O4 - HKCU…\Run: [eMuleAutoStart] D:\eMule\emule.exe -AutoStart

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Phone\IEPlugin\SkypeIEPlugin.dll

O9 - Extra ‘Tools’ menuitem: (no name) - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Phone\IEPlugin\SkypeIEPlugin.dll

O16 - DPF: {1F831FAC-42FC-11D4-95A6-0080AD30DCE1} (NOXLATE) - file://E:\AutoCad\InstFred.ocx

O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://E:\AutoCad\AcPreview.ocx

O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL

O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL

O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll

O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe

O23 - Service: Klient DNS DnscacheThemes (DnscacheThemes) - Unknown owner - C:\WINDOWS\system32\adsldpb.exe srv

O23 - Service: Rozpoznawanie lokalizacji w sieci (NLA) NlaDcomLaunch (NlaDcomLaunch) - Unknown owner - C:\WINDOWS\system32\1041b.exe srv

O23 - Service: Lokalizator usługi zdalnego wywołania procedury (RPC) RpcLocatorSysmonLog (RpcLocatorSysmonLog) - Unknown owner - C:\WINDOWS\system32\acctresv.exe srv

O23 - Service: Zasilacz awaryjny (UPS) UPSWebClient (UPSWebClient) - Unknown owner - C:\WINDOWS\system32\12520850x.exe srv

– File Associations -----------------------------------------------------------

.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL “%1”,%*

.cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser “%1”,%*

– Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 BTHidMgr (Bluetooth HID Manager Service) - c:\windows\system32\drivers\bthidmgr.sys

R3 BlueletAudio (Bluetooth Audio Service) - c:\windows\system32\drivers\blueletaudio.sys

R3 BT (Bluetooth PAN Network Adapter) - c:\windows\system32\drivers\btnetdrv.sys

R3 Btcsrusb (Bluetooth USB For Bluetooth Service) - c:\windows\system32\drivers\btcusb.sys

R3 BTHidEnum (Bluetooth HID Enumerator) - c:\windows\system32\drivers\vbtenum.sys

R3 VComm (Virtual Serial port driver) - c:\windows\system32\drivers\vcomm.sys

R3 VcommMgr (Bluetooth VComm Manager Service) - c:\windows\system32\drivers\vcommmgr.sys

S0 ElbyVCD - c:\windows\system32\drivers\elbyvcd.sys (file missing)

S0 wrgrymfu - c:\windows\system32\drivers\smrfpody.sys (file missing)

S3 GVCplDrv - c:\windows\system32\drivers\gvcpldrv.sys

– Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 BlueSoleil Hid Service - c:\program files\ivt corporation\bluesoleil\btntservice.exe

S2 DnscacheThemes (Klient DNS DnscacheThemes) - c:\windows\system32\adsldpb.exe srv (file missing)

S2 NlaDcomLaunch (Rozpoznawanie lokalizacji w sieci (NLA) NlaDcomLaunch) - c:\windows\system32\1041b.exe srv (file missing)

S2 RpcLocatorSysmonLog (Lokalizator usługi zdalnego wywołania procedury (RPC) RpcLocatorSysmonLog) - c:\windows\system32\acctresv.exe srv (file missing)

S2 UPSWebClient (Zasilacz awaryjny (UPS) UPSWebClient) - c:\windows\system32\12520850x.exe srv (file missing)

– Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}

Description: nVidia WDM Video Capture (universal)

Device ID: DISPLAY\NVCAP\5&21C77905&0&CA000002&02&00

Manufacturer: nVidia

Name: nVidia WDM Video Capture (universal)

PNP Device ID: DISPLAY\NVCAP\5&21C77905&0&CA000002&02&00

Service: nvcap

– Files created between 2007-07-29 and 2007-08-29 -----------------------------

2007-08-26 15:02:55 0 d-------- C:\Spybot - Search & Destroy

2007-08-23 20:14:54 5248 --a------ C:\WINDOWS\system32\drivers\d347prt.sys

2007-08-23 20:14:54 155136 --a------ C:\WINDOWS\system32\drivers\d347bus.sys

2007-08-21 13:01:33 0 d-------- C:\Program Files\Microsoft Security Adviser

– Find3M Report ---------------------------------------------------------------

2007-08-15 17:15:58 0 d-------- C:\Documents and Settings\K i A rulez\Dane aplikacji\Skype

2007-07-14 20:02:07 0 d-------- C:\Program Files\BitComet

2007-07-09 10:13:54 0 d-------- C:\Program Files\Gadu-Gadu

2007-06-18 15:03:49 613 --a------ C:\WINDOWS\eReg.dat

2007-06-14 10:52:02 162 --ahs---- C:\WINDOWS\system32\1625399423.dat

– Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“avast!”=“C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [2007-07-28 00:03]

“NvMediaCenter”=“C:\WINDOWS\system32\NvMcTray.dll” [2006-06-01 11:22]

“NvCplDaemon”=“C:\WINDOWS\system32\NvCpl.dll” [2006-06-01 11:22]

“SkyTel”=“SkyTel.EXE” [2006-05-16 12:04 C:\WINDOWS\SkyTel.exe]

“RTHDCPL”=“RTHDCPL.EXE” [2006-05-27 04:47 C:\WINDOWS\RTHDCPL.EXE]

“RemoteControl”=“C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe” [2004-11-02 21:24]

“nwiz”=“nwiz.exe” [2006-06-01 11:22 C:\WINDOWS\system32\nwiz.exe]

“NeroFilterCheck”=“C:\WINDOWS\system32\NeroCheck.exe” [2001-07-09 12:50]

“WinampAgent”=“C:\Program Files\Winamp\winampa.exe” [2007-05-15 00:22]

“KernelFaultCheck”=“C:\WINDOWS\system32\dumprep 0 -k” []

“DAEMON Tools-1033”=“E:\Nowy folder\daemon.exe” [2004-08-22 17:05]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“VoipStunt”=“C:\Program Files\VoipStunt.com\VoipStunt\VoipStunt.exe” []

“Gadu-Gadu”=“C:\Program Files\Gadu-Gadu\gg.exe” [2007-05-10 16:36]

“BitComet”=“C:\Program Files\BitComet\BitComet.exe” []

“eMuleAutoStart”=“D:\eMule\emule.exe” [2006-09-14 16:15]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\

Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 09:01:04]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk]

path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnk

backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^BlueSoleil.lnk]

path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\BlueSoleil.lnk

backup=C:\WINDOWS\pss\BlueSoleil.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Corel MEDIA FOLDERS INDEXER 8.LNK]

path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Corel MEDIA FOLDERS INDEXER 8.LNK

backup=C:\WINDOWS\pss\Corel MEDIA FOLDERS INDEXER 8.LNKCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitComet]

“C:\Program Files\BitComet\BitComet.exe” /tray

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eMuleAutoStart]

D:\eMule\emule.exe -AutoStart

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

“C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized

– End of Deckard’s System Scanner: finished at 2007-08-29 20:50:01 ------------]

Złączono Posta : 29.08.2007 (Sro) 21:02

[

SDFix: Version 1.100

Run by K i A rulez on 2007-08-29 at 20:58

Microsoft Windows XP [Wersja 5.1.2600]

Running From: C:\SDFix

Safe Mode:

Checking Services:

Restoring Windows Registry Values

Restoring Windows Default Hosts File

Rebooting…

Normal Mode:

Checking Files:

No Trojan Files Found

Removing Temp Files…

ADS Check:

C:\WINDOWS

No streams found.

C:\WINDOWS\system32

No streams found.

C:\WINDOWS\system32\svchost.exe

No streams found.

C:\WINDOWS\system32\ntoskrnl.exe

No streams found.

Final Check:

Remaining Services:

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

“%windir%\system32\sessmgr.exe”="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

“E:\Moto GP\MotoGP2\motogp2.exe”=“E:\Moto GP\MotoGP2\motogp2.exe:*:Disabled:motogp2”

“E:\Program Files\Call of Duty\CoDMP.exe”=“E:\Program Files\Call of Duty\CoDMP.exe:*:Enabled:CoDMP”

“C:\Program Files\Gadu-Gadu\gg.exe”=“C:\Program Files\Gadu-Gadu\gg.exe:*:Enabled:Gadu-Gadu - program g˘wny”

“C:\Program Files\BitComet\BitComet.exe”=“C:\Program Files\BitComet\BitComet.exe:*:Disabled:BitComet - a BitTorrent Client”

“D:\eMule\emule.exe”=“D:\eMule\emule.exe:*:Disabled:eMule”

“C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe”=“C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe:*:Enabled:BlueSoleil”

“C:\Program Files\Skype\Phone\Skype.exe”=“C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype”

“E:\COD\CoDMP.exe”=“E:\COD\CoDMP.exe:*:Enabled:CoDMP”

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

“%windir%\system32\sessmgr.exe”="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

Remaining Files:

Files with Hidden Attributes:

Finished ]

Gutek · 29 Sierpień 2007 19:14

Już kiedys kasowaliśmy te pliki

Start >>> Uruchom >>> services.msc >>> zatrzymaj i wyłącz DnscacheThemes i NlaDcomLaunch i RpcLocatorSysmonLog oraz UPSWebClient

K_A · 29 Sierpień 2007 19:32

nie mogę wyłączyć DnscacheThemes i NlaDcomLaunch i RpcLocatorSysmonLog, pokazuje mi że jest to tryb uruchomienia Automatyczny i nie moge nic z tym zrobic.

Zatrzymałam tylko WebClient.

Gutek · 29 Sierpień 2007 19:36

Otwórz Notatnik i wklej do niego:

Plik >>> Zapisz jako >>> Zmień rozszerzenie z TXT na Wszystkie pliki >>> Zapisz pod nazwą FIX.BAT >>>

kliknij dwa razy na utworzony plik FIX.BAT >>> restart.

K_A · 29 Sierpień 2007 19:46

zrobiłam

czy teraz jest juz wszysko ok?

jesli tak to bardzo bardzo dziekuje

Gutek · 29 Sierpień 2007 19:52

Czy internet dział dobrze?

Optymalizacja XP: http://forum.dobreprogramy.pl/viewtopic.php?t=76580 +optymalizacja Autostartu

Czyszczenie rejestru:

RegCleaner - http://www.dobreprogramy.pl/index.php?dz=2&t=29&id=177

możesz rejestr przelecieć albo

jv16 PowerTools - http://www.dobreprogramy.pl/index.php?dz=2&t=29&id=509

Opis RegCleaner - http://www.agavk.p9.pl/strony/progra_regcleaner.php

Zobacz - Obsługa jv16 PowerTools

K_A · 29 Sierpień 2007 20:52

wydaje mi się ze jest już lepiej, internet działa dość dobrze, ale jeszcze troche poczyszcze komputer :!:

dziękuje za pomoc