Komputer Działa b. wolno.. LOG do spr. PROSZE!

Michal131 · 29 Grudzień 2009 13:23

Witam!

Jak w temacie… komputer od pewnego razu tak się zacina, że nie idzie na nim zrobic nic… montuję na nim filmy a teraz nawet 5minutowe .avi nie otwiera się płynnie… baaa zdjęcia w photoshopie nie idzie obrobić… działa masakrycznie woooolno… błagam o pomoc!

LOG z hijacka:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 13:27:51, on 2009-12-29

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

H:\WINDOWS\System32\smss.exe

H:\WINDOWS\system32\winlogon.exe

H:\WINDOWS\system32\services.exe

H:\WINDOWS\system32\lsass.exe

H:\WINDOWS\system32\Ati2evxx.exe

H:\WINDOWS\system32\svchost.exe

H:\WINDOWS\System32\svchost.exe

H:\WINDOWS\system32\Ati2evxx.exe

H:\WINDOWS\Explorer.EXE

H:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

H:\Program Files\Alwil Software\Avast4\ashServ.exe

H:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

H:\Program Files\lg_fwupdate\fwupdate.exe

H:\WINDOWS\RTHDCPL.EXE

H:\WINDOWS\SOUNDMAN.EXE

H:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

H:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

H:\WINDOWS\system32\ctfmon.exe

H:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe

H:\Program Files\DAEMON Tools Lite\DTLite.exe

H:\Program Files\GIGABYTE\ET6\GUI.exe

H:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

H:\WINDOWS\system32\spoolsv.exe

H:\Program Files\GIGABYTE\EnergySaver\GSvr.exe

H:\Program Files\Common Files\LightScribe\LSSrvc.exe

H:\WINDOWS\system32\svchost.exe

H:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

H:\Program Files\Alwil Software\Avast4\ashWebSv.exe

H:\WINDOWS\system32\wscntfy.exe

H:\Program Files\Adobe\Adobe Premiere Pro 2.0\Adobe Premiere Pro.exe

H:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

H:\DOCUME~1\SZMIGI~1\USTAWI~1\Temp\Adobelm_Cleanup.0001

H:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

R3 - URLSearchHook: DeviceVM Url Search Hook - {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - H:\WINDOWS\system32\dvmurl.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - H:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - H:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL

O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - H:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll

O4 - HKLM…\Run: [GEST] m‘|\ü

O4 - HKLM…\Run: [startCCC] “H:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe” MSRun

O4 - HKLM…\Run: [EasyTuneVI] H:\Program Files\GIGABYTE\ET6\ETcall.exe

O4 - HKLM…\Run: [NeroFilterCheck] H:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM…\Run: [LGODDFU] “H:\Program Files\lg_fwupdate\fwupdate.exe” blrun

O4 - HKLM…\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM…\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM…\Run: [AlcWzrd] ALCWZRD.EXE

O4 - HKLM…\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM…\Run: [Adobe Reader Speed Launcher] “H:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe”

O4 - HKLM…\Run: [Adobe ARM] “H:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe”

O4 - HKLM…\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM…\Run: [avast!] H:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM…\Run: [GrooveMonitor] “H:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe”

O4 - HKCU…\Run: [CTFMON.EXE] H:\WINDOWS\system32\ctfmon.exe

O4 - HKCU…\Run: [LightScribe Control Panel] H:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden

O4 - HKUS\S-1-5-19…\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User ‘USŁUGA LOKALNA’)

O4 - HKUS\S-1-5-20…\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User ‘USŁUGA SIECIOWA’)

O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’)

O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’)

O4 - Startup: Adobe Gamma.lnk = H:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = H:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O8 - Extra context menu item: Eksportuj do programu Microsoft Excel - res://H:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - H:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra ‘Tools’ menuitem: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - H:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - H:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe

O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - H:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL

O23 - Service: Adobe LM Service - Adobe Systems - H:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - H:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - H:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - H:\WINDOWS\system32\ati2sgag.exe

O23 - Service: avast! Antivirus - ALWIL Software - H:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - H:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - H:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: GEST Service for program management. (GEST Service) - Unknown owner - H:\Program Files\GIGABYTE\EnergySaver\GSvr.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - H:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - H:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: NMIndexingService - Nero AG - H:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

–

End of file - 6268 bytes

TUTAJ MAM JESZCZE LOG PO SKANOWANIU COMBOFIXEM:

ComboFix 09-12-28.05 - szmigielski 2009-12-29 15:02:21.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.2.1250.48.1045.18.3070.2630 [GMT 1:00]

Uruchomiony z: h:\documents and settings\szmigielski\Pulpit\ComboFix.exe

AV: avast! antivirus 4.8.1356 [VPS 091023-0] *On-access scanning disabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA

.

((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))

.

h:\windows\system32\ieuinit.inf

h:\windows\system32\lsprst7.dll

h:\windows\system32\ssprs.dll

J:\EXPLORER.EXE

.

((((((((((((((((((((((((( Pliki utworzone od 2009-11-28 do 2009-12-29 )))))))))))))))))))))))))))))))

.

2009-12-29 12:27 . 2009-12-29 12:27 -------- d-----w- h:\program files\Trend Micro

2009-12-29 12:27 . 2009-12-29 12:33 -------- d-----w- H:\hi jach

2009-12-29 11:50 . 2009-12-29 11:50 -------- d-----w- h:\program files\CCleaner

2009-12-20 15:13 . 2006-10-26 18:56 33104 ----a-w- h:\windows\system32\Spool\prtprocs\w32x86\msonpppr.dll

2009-12-20 15:13 . 2006-10-26 18:56 32592 ----a-w- h:\windows\system32\msonpmon.dll

2009-12-20 15:12 . 2009-12-20 15:12 -------- d-----w- h:\program files\Microsoft Works

2009-12-20 15:12 . 2009-12-20 15:12 -------- d-----w- h:\program files\MSBuild

2009-12-20 15:09 . 2009-12-20 15:09 -------- d-----w- h:\program files\Microsoft.NET

2009-12-20 15:06 . 2009-12-20 15:06 -------- d-----w- h:\program files\Microsoft Visual Studio 8

2009-12-20 15:03 . 2009-12-20 15:05 -------- d-----w- h:\windows\SHELLNEW

2009-12-20 15:03 . 2009-12-20 15:03 -------- d-----w- h:\documents and settings\szmigielski\Ustawienia lokalne\Dane aplikacji\Microsoft Help

2009-12-20 15:02 . 2009-12-20 15:13 -------- d-----w- h:\documents and settings\All Users\Dane aplikacji\Microsoft Help

2009-12-20 15:02 . 2009-12-20 15:02 -------- d-----r- H:\MSOCache

2009-12-20 14:52 . 2009-12-20 14:52 -------- d-----w- h:\program files\DAEMON Tools Toolbar

2009-12-20 14:52 . 2009-12-20 14:52 691696 ----a-w- h:\windows\system32\drivers\sptd.sys

2009-12-20 14:52 . 2009-12-20 14:52 -------- d-----w- h:\program files\DAEMON Tools Lite

2009-12-20 14:52 . 2009-12-20 14:58 -------- d-----w- h:\documents and settings\szmigielski\Dane aplikacji\DAEMON Tools Lite

2009-12-20 14:52 . 2009-12-20 14:52 -------- d-----w- h:\documents and settings\All Users\Dane aplikacji\DAEMON Tools Lite

2009-12-20 14:49 . 2009-12-20 14:49 -------- d-----w- h:\documents and settings\All Users\Dane aplikacji\CyberLink

2009-12-20 14:49 . 2009-12-20 14:49 -------- d-----w- h:\documents and settings\szmigielski\Dane aplikacji\CyberLink

2009-12-20 09:48 . 2009-09-15 11:54 52368 ----a-w- h:\windows\system32\drivers\aswTdi.sys

2009-12-20 09:48 . 2009-09-15 11:54 23152 ----a-w- h:\windows\system32\drivers\aswRdr.sys

2009-12-20 09:48 . 2009-09-15 11:53 27408 ----a-w- h:\windows\system32\drivers\aavmker4.sys

2009-12-20 09:48 . 2009-09-15 11:53 97480 ----a-w- h:\windows\system32\AvastSS.scr

2009-12-20 09:48 . 2009-09-15 11:56 93424 ----a-w- h:\windows\system32\drivers\aswmon.sys

2009-12-20 09:48 . 2009-09-15 11:56 94160 ----a-w- h:\windows\system32\drivers\aswmon2.sys

2009-12-20 09:48 . 2009-09-15 11:55 114768 ----a-w- h:\windows\system32\drivers\aswSP.sys

2009-12-20 09:48 . 2009-09-15 11:55 20560 ----a-w- h:\windows\system32\drivers\aswFsBlk.sys

2009-12-20 09:47 . 2009-09-15 11:59 1279968 ----a-w- h:\windows\system32\aswBoot.exe

2009-12-20 09:47 . 2003-03-18 21:20 1060864 ----a-w- h:\windows\system32\MFC71.dll

2009-12-20 09:47 . 2009-12-20 09:47 -------- d-----w- h:\program files\Alwil Software

2009-12-17 21:59 . 1998-06-17 23:00 89360 ----a-w- h:\windows\system32\Vb5db.dll

2009-12-17 21:59 . 1996-01-12 12:00 722192 ----a-w- h:\windows\system32\Vb40032.dll

2009-12-17 21:59 . 1999-04-12 23:00 415504 ----a-w- h:\windows\system32\Msrepl35.dll

2009-12-17 21:59 . 1999-04-12 23:00 1046288 ----a-w- h:\windows\system32\Msjet35.dll

2009-12-17 21:59 . 1998-04-23 23:00 252176 ----a-w- h:\windows\system32\Msrd2x35.dll

2009-12-17 21:59 . 1998-04-23 23:00 24848 ----a-w- h:\windows\system32\Msjter35.dll

2009-12-17 21:59 . 1998-04-23 23:00 123664 ----a-w- h:\windows\system32\Msjint35.dll

2009-12-17 21:59 . 1998-04-26 23:00 570128 ----a-w- h:\windows\system32\Dao350.dll

2009-12-17 21:56 . 1998-10-07 11:54 327168 ----a-w- h:\windows\IsUn0415.exe

2009-12-14 23:58 . 2009-12-14 23:58 -------- d-----w- h:\program files\CzasoWyłącznik

2009-12-14 17:30 . 2009-12-14 17:30 -------- d-----w- h:\documents and settings\szmigielski\Dane aplikacji\Media Player Classic

2009-12-14 17:29 . 2004-01-11 22:00 348160 ----a-w- h:\windows\system32\msvcr71.dll

2009-12-14 17:29 . 2003-03-19 03:14 499712 ----a-w- h:\windows\system32\msvcp71.dll

2009-12-14 16:54 . 2009-12-14 16:54 1025 ----a-w- h:\windows\system32\sysprs7.dll

2009-12-14 16:54 . 2009-12-14 16:54 1025 ----a-w- h:\windows\system32\clauth2.dll

2009-12-14 16:54 . 2009-12-14 16:54 1025 ----a-w- h:\windows\system32\clauth1.dll

2009-12-14 16:54 . 2009-12-14 16:54 -------- d-----w- h:\documents and settings\All Users\Dane aplikacji\Minnetonka Audio Software

2009-12-13 22:35 . 2001-05-11 12:18 420240 ----a-w- h:\windows\system32\mpg4c32.dll

2009-12-13 22:35 . 2001-05-16 16:54 309616 ----a-w- h:\windows\system32\wmv8dmod.dll

2009-12-13 22:26 . 2009-12-13 22:26 -------- d-----w- h:\program files\Codemasters

2009-12-13 13:39 . 2004-08-03 22:10 51328 -c–a-w- h:\windows\system32\dllcache\msdv.sys

2009-12-13 13:39 . 2004-08-03 22:10 51328 ----a-w- h:\windows\system32\drivers\msdv.sys

2009-12-13 13:37 . 2004-08-03 21:58 5504 -c–a-w- h:\windows\system32\dllcache\mstee.sys

2009-12-13 13:37 . 2004-08-03 21:58 5504 ----a-w- h:\windows\system32\drivers\MSTEE.sys

2009-12-13 13:37 . 2004-08-03 22:10 10880 -c–a-w- h:\windows\system32\dllcache\ndisip.sys

2009-12-13 13:37 . 2004-08-03 22:10 10880 ----a-w- h:\windows\system32\drivers\NdisIP.sys

2009-12-13 13:37 . 2004-08-03 22:10 15360 -c–a-w- h:\windows\system32\dllcache\streamip.sys

2009-12-13 13:37 . 2004-08-03 22:10 15360 ----a-w- h:\windows\system32\drivers\StreamIP.sys

2009-12-13 13:37 . 2004-08-03 22:10 11136 -c–a-w- h:\windows\system32\dllcache\slip.sys

2009-12-13 13:37 . 2004-08-03 22:10 11136 ----a-w- h:\windows\system32\drivers\SLIP.sys

2009-12-13 13:37 . 2004-08-03 22:10 19328 -c–a-w- h:\windows\system32\dllcache\wstcodec.sys

2009-12-13 13:37 . 2004-08-03 22:10 19328 ----a-w- h:\windows\system32\drivers\WSTCODEC.SYS

2009-12-11 08:06 . 2009-12-11 08:06 -------- d-----w- h:\documents and settings\szmigielski\Dane aplikacji\Ahead

2009-12-11 08:06 . 2009-12-11 08:06 -------- d-----w- h:\documents and settings\All Users\Dane aplikacji\LightScribe

2009-12-11 00:04 . 2009-12-11 00:04 -------- d-----w- h:\program files\Lavalys

.

(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-12-29 14:09 . 2009-12-10 23:25 24944 ----a-w- h:\windows\system32\drivers\GVTDrv.sys

2009-12-29 14:08 . 2009-12-10 22:36 16608 ----a-w- h:\windows\gdrv.sys

2009-12-29 14:08 . 2009-12-10 23:41 -------- d-----w- h:\program files\lg_fwupdate

2009-12-20 20:21 . 2009-12-10 22:53 68456 ----a-w- h:\documents and settings\szmigielski\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT

2009-12-20 15:27 . 2009-12-10 23:01 -------- d-----w- h:\program files\Common Files\Adobe

2009-12-20 15:24 . 2009-12-10 22:37 -------- d–h--w- h:\program files\InstallShield Installation Information

2009-12-14 17:30 . 2009-12-14 17:29 -------- d-----w- h:\program files\K-Lite Codec Pack

2009-12-11 18:00 . 2009-12-14 17:29 85504 ----a-w- h:\windows\system32\ff_vfw.dll

2009-12-10 23:39 . 2009-12-10 23:39 -------- d-----w- h:\program files\Common Files\LightScribe

2009-12-10 23:38 . 2009-12-10 23:38 -------- d-----w- h:\program files\Common Files\Ahead

2009-12-10 23:38 . 2009-12-10 23:38 -------- d-----w- h:\program files\Nero

2009-12-10 23:38 . 2009-12-10 23:38 -------- d-----w- h:\documents and settings\All Users\Dane aplikacji\Nero

2009-12-10 23:35 . 2009-12-10 23:34 -------- d-----w- h:\program files\CyberLink

2009-12-10 23:25 . 2009-12-10 22:37 -------- d-----w- h:\program files\GIGABYTE

2009-12-10 23:25 . 2009-12-10 22:37 -------- d-----w- h:\program files\Common Files\InstallShield

2009-12-10 23:08 . 2009-12-10 23:08 -------- d-----w- h:\documents and settings\All Users\Dane aplikacji\Adobe Systems

2009-12-10 23:02 . 2009-12-10 23:02 -------- d-----w- h:\program files\Common Files\Adobe Systems Shared

2009-12-10 23:01 . 2009-12-10 23:01 82432 ----a-w- h:\windows\system32\msxml4r.dll

2009-12-10 23:01 . 2009-12-10 23:01 1233920 ----a-w- h:\windows\system32\msxml4.dll

2009-12-10 23:00 . 2009-12-10 23:01 20016 ------w- h:\windows\system32\drivers\pxhelp20.sys

2009-12-10 22:53 . 2009-12-10 22:53 -------- d-----w- h:\documents and settings\szmigielski\Dane aplikacji\ATI

2009-12-10 22:53 . 2009-12-10 22:53 -------- d-----w- h:\documents and settings\All Users\Dane aplikacji\ATI

2009-12-10 22:53 . 2009-12-10 22:53 0 ----a-w- h:\windows\ativpsrm.bin

2009-12-10 22:51 . 2009-12-10 22:45 -------- d-----w- h:\program files\ATI Technologies

2009-12-10 22:49 . 2009-12-10 22:49 9158 ----a-r- h:\documents and settings\szmigielski\Dane aplikacji\Microsoft\Installer{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}\ARPPRODUCTICON.exe

2009-12-10 22:49 . 2009-12-10 22:49 -------- d-----w- h:\program files\Common Files\ATI Technologies

2009-12-10 22:49 . 2001-10-26 16:15 74450 ----a-w- h:\windows\system32\perfc015.dat

2009-12-10 22:49 . 2001-10-26 16:15 448348 ----a-w- h:\windows\system32\perfh015.dat

2009-12-10 22:46 . 2009-12-10 22:28 86327 ----a-w- h:\windows\pchealth\helpctr\OfflineCache\index.dat

2009-12-10 22:42 . 2009-12-10 22:40 -------- d-----w- h:\program files\Realtek

2009-12-10 22:42 . 2009-12-10 22:42 -------- d-----w- h:\documents and settings\szmigielski\Dane aplikacji\InstallShield

2009-12-10 22:40 . 2009-12-10 22:40 315392 ----a-w- h:\windows\HideWin.exe

2009-12-10 22:37 . 2009-12-10 22:37 -------- d-----w- h:\program files\Intel

2009-12-10 22:37 . 2009-12-10 22:37 -------- d-----w- h:\program files\Browser Configuration Utility

2009-12-10 22:29 . 2009-12-10 22:29 -------- d-----w- h:\program files\microsoft frontpage

2009-12-10 22:28 . 2009-12-10 22:28 -------- d-----w- h:\program files\Usługi online

2009-12-10 22:26 . 2009-12-10 22:26 21856 ----a-w- h:\windows\system32\emptyregdb.dat

.

((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“LightScribe Control Panel”=“h:\program files\Common Files\LightScribe\LightScribeControlPanel.exe” [2008-07-30 2363392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“GEST”=“m‘|\ü” [X]

“StartCCC”=“h:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe” [2008-08-01 61440]

“EasyTuneVI”=“h:\program files\GIGABYTE\ET6\ETcall.exe” [2007-07-26 20480]

“NeroFilterCheck”=“h:\program files\Common Files\Ahead\Lib\NeroCheck.exe” [2008-07-14 570664]

“LGODDFU”=“h:\program files\lg_fwupdate\fwupdate.exe” [2006-08-17 249856]

“RTHDCPL”=“RTHDCPL.EXE” [2008-06-27 16875008]

“SoundMan”=“SOUNDMAN.EXE” [2008-06-18 77824]

“AlcWzrd”=“ALCWZRD.EXE” [2008-06-19 2808832]

“Adobe Reader Speed Launcher”=“h:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe” [2009-10-03 35696]

“Adobe ARM”=“h:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe” [2009-09-04 935288]

“avast!”=“h:\progra~1\ALWILS~1\Avast4\ashDisp.exe” [2009-09-15 81000]

“GrooveMonitor”=“h:\program files\Microsoft Office\Office12\GrooveMonitor.exe” [2006-10-26 31016]

[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

“CTFMON.EXE”=“h:\windows\system32\CTFMON.EXE” [2004-08-03 15360]

h:\documents and settings\szmigielski\Menu Start\Programy\Autostart\

Adobe Gamma.lnk - h:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

h:\documents and settings\All Users\Menu Start\Programy\Autostart\

Adobe Gamma Loader.lnk - h:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]

2009-10-30 11:57 369200 ----a-w- h:\program files\DAEMON Tools Lite\DTLite.exe

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

“%windir%\system32\sessmgr.exe”=

“h:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE”=

“h:\Program Files\Microsoft Office\Office12\GROOVE.EXE”=

“h:\Program Files\Microsoft Office\Office12\ONENOTE.EXE”=

R0 sptd;sptd;h:\windows\system32\drivers\sptd.sys [2009-12-20 691696]

R1 aswSP;avast! Self Protection;h:\windows\system32\drivers\aswSP.sys [2009-12-20 114768]

R2 aswFsBlk;aswFsBlk;h:\windows\system32\drivers\aswFsBlk.sys [2009-12-20 20560]

R2 GEST Service;GEST Service for program management.;h:\program files\GIGABYTE\EnergySaver\GSvr.exe [2009-12-10 80392]

R3 GVTDrv;GVTDrv;h:\windows\system32\drivers\GVTDrv.sys [2009-12-11 24944]

S3 EverestDriver;Lavalys EVEREST Kernel Driver;h:\program files\Lavalys\EVEREST Home Edition\kerneld.wnt [2005-08-18 7168]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2008-07-30 09:39 451872 ----a-w- h:\program files\Common Files\LightScribe\LSRunOnce.exe

.

------- Skan uzupełniający -------

.

IE: Eksportuj do programu Microsoft Excel - h:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-12-29 15:09

Windows 5.1.2600 Dodatek Service Pack 2 NTFS

skanowanie ukrytych procesów …

skanowanie ukrytych wpisów autostartu …

skanowanie ukrytych plików …

skanowanie pomyślnie ukończone

ukryte pliki: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully

user: MBR read successfully

called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll UNKNOWN [0x8A56C1F8]

kernel: MBR read successfully

detected MBR rootkit hooks:

\Driver\Disk - CLASSPNP.SYS @ 0xf74ebfc3

\Driver\ACPI - ACPI.sys @ 0xf7252cb8

\Driver\atapi - 0x8a56c1f8

IoDeviceObjectType - DeleteProcedure - ntkrnlpa.exe @ 0x8058236c

ParseProcedure - ntkrnlpa.exe @ 0x8058146a

\Device\Harddisk0\DR0 - DeleteProcedure - ntkrnlpa.exe @ 0x8058236c

ParseProcedure - ntkrnlpa.exe @ 0x8058146a

NDIS: Realtek RTL8168C§/8111C§ PCI-E Gigabit Ethernet NIC - SendCompleteHandler - NDIS.sys @ 0xf70f1ba0

PacketIndicateHandler - NDIS.sys @ 0xf70e0a0b

SendHandler - NDIS.sys @ 0xf70f4b31

Warning: possible MBR rootkit infection !

user kernel MBR OK

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EverestDriver]

“ImagePath”="??\h:\program files\Lavalys\EVEREST Home Edition\kerneld.wnt"

.

--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]

“Version”=hex:9d,ba,37,58,8c,32,85,57,be,66,57,b9,a8,44,ab,48,21,3b,59,8e,2f,

e6,64,d4,01,81,20,be,0e,57,c8,3f,7c,4e,62,5e,e6,e1,f0,6b,17,c2,ab,c6,6d,f5,\

[HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]

“Version”=hex:9d,ba,37,58,8c,32,85,57,be,66,57,b9,a8,44,ab,48,21,3b,59,8e,2f,

e6,64,d4,01,81,20,be,0e,57,c8,3f,7c,4e,62,5e,e6,e1,f0,6b,17,c2,ab,c6,6d,f5,\

.

--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------

- - - - ‘winlogon.exe’(808)

h:\windows\system32\Ati2evxx.dll

- - - - ‘explorer.exe’(3088)

h:\windows\system32\msi.dll

.

------------------------ Pozostałe uruchomione procesy ------------------------

.

h:\windows\system32\Ati2evxx.exe

h:\program files\Alwil Software\Avast4\aswUpdSv.exe

h:\program files\Alwil Software\Avast4\ashServ.exe

h:\windows\system32\Ati2evxx.exe

h:\program files\Common Files\LightScribe\LSSrvc.exe

h:\windows\system32\wdfmgr.exe

h:\program files\Alwil Software\Avast4\ashMaiSv.exe

h:\program files\Alwil Software\Avast4\ashWebSv.exe

h:\windows\system32\wscntfy.exe

h:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

h:\program files\GIGABYTE\ET6\GUI.exe

h:\windows\RTHDCPL.EXE

h:\windows\SOUNDMAN.EXE

h:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

.

**************************************************************************

.

Czas ukończenia: 2009-12-29 15:11:18 - komputer został uruchomiony ponownie

ComboFix-quarantined-files.txt 2009-12-29 14:11

Przed: 145 906 139 136 bajtów wolnych

Po: 146 525 081 600 bajtów wolnych

- End Of File - - B04FD27C7DCBD5A293E243BC326F7E92

Agaton · 29 Grudzień 2009 17:23

Michal131 ,

Proszę poprawić pisownię w opisie problemu. W celu dokonania korekty proszę użyć przycisku Edytuj przy poście otwierającym ten temat.

Zignorowanie zalecenia będzie skutkowało usunięciem tematu do Kosza.

Wklejanie logów na forum - przeczytaj i zastosuj się do zaleceń

Michal131 · 31 Grudzień 2009 14:41

POMOCY!

Gutek · 31 Grudzień 2009 16:25

Wklej do Notatnika:

>>Plik>>Zapisz jako… >>> CFScript (najwygodniej będzie, jeśli zapiszesz w takiej lokalizacji, by ikonka CFScript.txt znalazła się obok ikonki ComboFix.exe )

Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe (czyli ikonkę CFScript.txt na ikonkę ComboFix.exe )

– podobnie jak na tym obrazku –>

(jeśli pojawi się pytanie " 1 or 2" - to wpisz 1 i naciśnij ENTER) Ma się rozpocząć usuwanie. (i powstanie log)

Po restarcie usuń ręcznie folder C: ** Qoobox**.

Optymalizacja XP: viewtopic.php?t=76580

Optymalizacja autostartu: http://www.bezpieczenstwosystemow.pl/in … opic=116.0

Czyszczenie rejestru:

CCleaner http://www.dobreprogramy.pl/CCleaner,Pr … 13061.html