Hej.
Jak w tytule komp się zawiesza, zamula, potrafi sie nagle wyłaczyć, a jak jest wyłączony to właczyć. Wyskakują często błedy, niektóre programy nie działają prawidłowo, a wcześniej działały. Antywirus nic nie znalazł. Bardzo proszę o sprawdzenie loga i z góry dziękuję za pomoc
Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:32:09, on 2007-09-06 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\Explorer.EXE D:\Lavasoft\ad-aware\aawservice.exe C:\Program Files\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\ctfmon.exe D:\Gadu-Gadu\gg.exe C:\Program Files\Neostrada TP\NeostradaTP.exe C:\Program Files\Neostrada TP\ComComp.exe C:\Program Files\Neostrada TP\Watch.exe D:\eMule\emule.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE D:\HIJacker\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://szukaj.wp.pl R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL O2 - BHO: MyWay Search Assistant BHO - {04079851-5845-4dea-848C-3ECD647AA554} - C:\Program Files\MyWay\SrchAstt\1.bin\MYSRCHAS.DLL O4 - HKLM…\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM…\Run: [speedTouch USB Diagnostics] “C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe” /icon O4 - HKLM…\Run: [TkBellExe] “C:\Program Files\Common Files\Real\Update_OB\realsched.exe” -osboot O4 - HKLM…\Run: [TrojanScanner] D:\Trojan Remover\Trjscan.exe O4 - HKLM…\Run: [avgnt] “C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe” /min O4 - HKLM…\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU…\Run: [Gadu-Gadu] “D:\Gadu-Gadu\gg.exe” /tray O4 - HKCU…\Run: [AlcoholAutomount] “D:\Alcohol Soft\Alcohol 120\axcmd.exe” /automount O4 - HKUS\S-1-5-19…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘USŁUGA LOKALNA’) O4 - HKUS\S-1-5-20…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘USŁUGA SIECIOWA’) O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘SYSTEM’) O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘Default user’) O8 - Extra context menu item: &Search - http://speedbar.myway.com/menusearch.html?p=MG2 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll ,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O16 - DPF: {3AF4DACE-36ED-42EF-9DFC-ADC34DA30CFF} (PatchInstaller.Installer) - file://E:\content\include\XPPatchInstaller.CAB O16 - DPF: {8B1BC605-C593-4865-8F5B-05517F0CD0BB} (MSSecurityAdvisorCD Class) - file://E:\Content\include\msSecUcd.cab O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab O17 - HKLM\System\CCS\Services\Tcpip…{C3C11FF3-F20E-4636-985C-5D37DE35F964}: NameServer = 194.204.152.34 217.98.63.164 O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - D:\Lavasoft\ad-aware\aawservice.exe O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe – End of file - 4864 bytes
Dziekuję i wklejam kolejnego loga z Combo:
ComboFix 07-08-30.3 - “Magda” 2007-09-06 22:34:35.1 - FAT32x86 Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1045.18.82 [GMT 2:00] * Created a new restore point ((((((((((((((((((((((((( Files Created from 2007-08-06 to 2007-09-06 ))))))))))))))))))))))))))))))) 2007-09-06 22:33 51,200 --a------ C:\WINDOWS\nircmd.exe 2007-09-06 21:57 2007-09-06 18:20 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe 2007-09-06 18:19 1,814,528 --------- C:\WINDOWS\UNNeroVision.exe 2007-09-06 18:18 569,344 --a------ C:\WINDOWS\system32\imagr5.dll 2007-09-06 18:18 544,768 --a------ C:\WINDOWS\system32\imagx5.dll 2007-09-06 18:18 38,912 --a------ C:\WINDOWS\system32\picn20.dll 2007-09-06 18:18 283,920 --a------ C:\WINDOWS\system32\ImagXpr5.dll 2007-09-06 18:18 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll 2007-09-06 01:13 2007-09-05 16:38 2007-09-05 13:22 685,816 --a------ C:\WINDOWS\system32\drivers\sptd.sys 2007-09-04 23:16 2007-09-04 18:06 77,312 --a------ C:\WINDOWS\system32\ztvunace26.dll 2007-09-04 18:06 75,264 --a------ C:\WINDOWS\system32\unacev2.dll 2007-09-04 18:06 69,632 --a------ C:\WINDOWS\system32\ztvcabinet.dll 2007-09-04 18:06 162,304 --a------ C:\WINDOWS\system32\ztvunrar36.dll 2007-09-04 18:06 153,088 --a------ C:\WINDOWS\system32\UNRAR3.dll 2007-09-04 18:06 2007-09-04 18:06 2007-09-03 14:12 2007-08-26 19:39 2007-08-26 19:39 2007-08-26 19:37 2007-08-26 17:17 2007-08-26 16:51 2007-08-26 16:49 2007-08-20 12:29 (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\dllcache\cdm.dll 2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll 2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll 2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\dllcache\wuapi.dll 2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe 2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\dllcache\wuauclt.exe 2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll 2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll 2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\dllcache\wucltui.dll 2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll 2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\dllcache\wuweb.dll 2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll 2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\dllcache\wuaueng.dll 2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll 2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\dllcache\wups.dll 2007-07-19 08:58 3583488 --a------ C:\WINDOWS\system32\dllcache\mshtml.dll 2007-07-13 01:32 765952 --a------ C:\WINDOWS\system32\dllcache\vgx.dll 2007-06-27 16:09 823808 --a------ C:\WINDOWS\system32\dllcache\wininet.dll 2007-06-27 16:09 671232 --a------ C:\WINDOWS\system32\dllcache\mstime.dll 2007-06-27 16:09 6058496 --------- C:\WINDOWS\system32\dllcache\ieframe.dll 2007-06-27 16:09 52224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll 2007-06-27 16:09 477696 --a------ C:\WINDOWS\system32\dllcache\mshtmled.dll 2007-06-27 16:09 459264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll 2007-06-27 16:09 44544 --------- C:\WINDOWS\system32\dllcache\iernonce.dll 2007-06-27 16:09 27648 --a------ C:\WINDOWS\system32\dllcache\jsproxy.dll 2007-06-27 16:09 267776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll 2007-06-27 16:09 232960 --------- C:\WINDOWS\system32\dllcache\webcheck.dll 2007-06-27 16:09 193024 --a------ C:\WINDOWS\system32\dllcache\msrating.dll 2007-06-27 16:09 1152000 --a------ C:\WINDOWS\system32\dllcache\urlmon.dll 2007-06-27 16:09 105984 --------- C:\WINDOWS\system32\dllcache\url.dll 2007-06-27 16:09 102400 --------- C:\WINDOWS\system32\dllcache\occache.dll 2007-06-27 16:08 384512 --------- C:\WINDOWS\system32\dllcache\iedkcs32.dll 2007-06-27 16:08 383488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll 2007-06-27 16:08 230400 --------- C:\WINDOWS\system32\dllcache\ieaksie.dll 2007-06-27 16:08 153088 --------- C:\WINDOWS\system32\dllcache\ieakeng.dll 2007-06-27 16:08 132608 --a------ C:\WINDOWS\system32\dllcache\extmgr.dll 2007-06-27 16:08 124928 --------- C:\WINDOWS\system32\dllcache\advpack.dll 2007-06-27 10:30 625152 --------- C:\WINDOWS\system32\dllcache\iexplore.exe 2007-06-27 10:27 63488 --------- C:\WINDOWS\system32\dllcache\ie4uinit.exe 2007-06-27 10:27 13824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe 2007-06-27 09:00 161792 --a------ C:\WINDOWS\system32\dllcache\ieakui.dll 2007-06-26 08:10 1104896 --------- C:\WINDOWS\system32\msxml3.dll 2007-06-26 08:10 1104896 --------- C:\WINDOWS\system32\dllcache\msxml3.dll 2007-06-19 15:32 282112 --a------ C:\WINDOWS\system32\gdi32.dll 2007-06-19 15:32 282112 --------- C:\WINDOWS\system32\dllcache\gdi32.dll 2007-06-13 15:23 1034752 --a------ C:\WINDOWS\explorer.exe 2007-06-13 15:23 1034752 --------- C:\WINDOWS\system32\dllcache\explorer.exe 2006-12-24 18:53 27300950 --a------ C:\Program Files\IMGP1763.MOV 2006-09-25 13:13 933 --a------ C:\Program Files\INSTALL.LOG 2003-08-27 11:49 3424 --a------ C:\WINDOWS\inf\OTHER\cmiainfo.sys 1998-04-30 14:56 129024 --a------ C:\Program Files\UNWISE.EXE ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “Cmaudio”=“cmicnfg.cpl” [] “SpeedTouch USB Diagnostics”=“C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe” [2004-01-26 11:38] “TkBellExe”=“C:\Program Files\Common Files\Real\Update_OB\realsched.exe” [2006-12-26 14:08] “TrojanScanner”=“D:\Trojan Remover\Trjscan.exe” [2007-09-04 18:09] “avgnt”=“C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe” [2007-04-02 10:35] “NeroFilterCheck”=“C:\WINDOWS\system32\NeroCheck.exe” [2001-07-09 11:50] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-04 00:44] “Gadu-Gadu”=“D:\Gadu-Gadu\gg.exe” [2007-01-30 16:58] “AlcoholAutomount”=“D:\Alcohol Soft\Alcohol 120\axcmd.exe” [] R2 GDTdiInterceptor;GDTdiInterceptor;??\C:\WINDOWS\system32\drivers\GDTdiIcpt.sys *Newly Created Service* - CATCHME Contents of the ‘Scheduled Tasks’ folder 2007-06-23 23:04:58 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe ************************************************************************** catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-09-06 22:36:38 Windows 5.1.2600 Dodatek Service Pack 2 FAT NTAPI scanning hidden processes … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden files: 0 ************************************************************************** Completion time: 2007-09-06 22:37:34 C:\ComboFix-quarantined-files.txt … 2007-09-06 22:37 — E O F —
Gutek
(Gutek)
6 Wrzesień 2007 21:03
#4