Witam mój problem polega na tym że komputer chodzi strasznie powoli , nie moge korzystać z internetu bo strony wczytują się w nieskończoność, w żadne gry też nie zagram , problem pojawił się niedawno.
Mój system to Windows XP Professional z 2002 r, AMD Athlon 64 Procesor 3000+, 1,8 GHz , 2,5GB Ram
Proszę o pomoc, oto mój log z Combofix
ComboFix 11-05-02.04 - Użytkownik 2011-05-06 9:42.3.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1250.48.1045.18.2558.2024 [GMT 2:00]
Uruchomiony z: c:\documents and settings\Użytkownik\Pulpit\ComboFix.exe
AV: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
.
((((((((((((((((((((((((( Pliki utworzone od 2011-04-06 do 2011-05-06 )))))))))))))))))))))))))))))))
.
.
2011-05-06 07:04 . 2011-05-06 07:04 -------- d-----w- c:\windows\system32\wbem\snmp
2011-05-06 07:04 . 2011-05-06 07:04 -------- d-----w- c:\windows\srchasst
2011-05-06 07:04 . 2011-05-06 07:04 -------- d-----w- c:\windows\system32\xircom
2011-05-06 07:04 . 2011-05-06 07:04 -------- d-----w- c:\windows\msagent
2011-05-06 07:04 . 2011-05-06 07:04 -------- d-----w- c:\program files\microsoft frontpage
2011-05-05 12:19 . 2011-05-05 12:19 -------- d–h--w- c:\windows$hf_mig$
2011-05-05 10:53 . 2011-05-05 21:52 -------- d-----w- c:\documents and settings\Użytkownik\Ustawienia lokalne\Dane aplikacji\MyAshampoo
2011-05-05 10:53 . 2011-05-05 21:52 -------- d-----w- c:\program files\MyAshampoo
2011-05-04 12:39 . 2011-05-04 12:39 -------- d-----w- c:\documents and settings\Użytkownik\Dane aplikacji\Gadu-Gadu
2011-05-04 12:31 . 2011-05-04 12:34 -------- d-----w- c:\documents and settings\Użytkownik\Gadu-Gadu
2011-05-04 12:31 . 2011-05-06 07:27 -------- d-----w- c:\program files\Gadu-Gadu
2011-05-04 10:38 . 2011-05-05 21:51 -------- d-----w- c:\documents and settings\Użytkownik\Ustawienia lokalne\Dane aplikacji\Conduit
2011-05-04 10:38 . 2011-05-04 10:38 -------- d-----w- c:\program files\Conduit
2011-05-04 10:37 . 2011-05-05 21:51 -------- d-----w- c:\documents and settings\Użytkownik\Ustawienia lokalne\Dane aplikacji\Softonic-Polska
2011-05-04 10:37 . 2011-05-05 21:51 -------- d-----w- c:\program files\Softonic-Polska
2011-05-03 15:39 . 2011-05-03 15:39 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\NVIDIA
2011-05-02 18:20 . 2008-02-28 21:39 94208 ----a-w- c:\windows\system32\ImageSearchDLL.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-29 13:46 . 2011-04-16 12:32 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
.
[-] 2010-05-25 . E248A8391D7388A0A3679D1FB33E003D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
.
[-] 2009-06-04 . A56805C20C9CD6751A3F42421F996BD2 . 559616 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
.
[-] 2009-06-04 . 1F989C8F6C31AB765CD2134E2D13F789 . 1850368 . . [6.00.2900.5512] . . c:\windows\explorer.exe
.
.
[-] 2010-12-09 . 7E8979CD5018A9927A8A2C859914ED16 . 2070656 . . [5.1.2600.6055] . . c:\windows\SoftwareDistribution\Download\b8e35ad3e22e1252f87612f76d3493f2\SP3QFE\ntkrnlpa.exe
[-] 2010-12-09 . FBAA6966A914147FE3CE95982D001F4F . 2070656 . . [5.1.2600.6055] . . c:\windows\SoftwareDistribution\Download\b8e35ad3e22e1252f87612f76d3493f2\SP3GDR\ntkrnlpa.exe
[-] 2010-05-25 . B0F19AC673EFE405407A64830AABC5F4 . 2208000 . . [5.1.2600.5938] . . c:\windows\system32\ntkrnlpa.exe
.
[-] 2010-12-09 . 8A302601BE409E59260BB8ADE7CC6BC2 . 2194048 . . [5.1.2600.6055] . . c:\windows\SoftwareDistribution\Download\b8e35ad3e22e1252f87612f76d3493f2\SP3QFE\ntoskrnl.exe
[-] 2010-12-09 . EEB63BA2A4399E34E96A69088F680FF0 . 2194048 . . [5.1.2600.6055] . . c:\windows\SoftwareDistribution\Download\b8e35ad3e22e1252f87612f76d3493f2\SP3GDR\ntoskrnl.exe
[-] 2010-05-25 . B9D12098300E57153B9E155477186CAC . 2331136 . . [5.1.2600.5938] . . c:\windows\system32\ntoskrnl.exe
.
c:\windows\System32\regsvc.dll … - brak elementu
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
“{00000000-6E41-4FD3-8538-502F5495E5FC}”= “c:\program files\Ask.com\GenericAskToolbar.dll” [2011-02-01 1487240]
“{c86eb8a9-ccc2-4b6c-b75d-73576ed591bf}”= “c:\program files\Softonic-Polska\tbSoft.dll” [2010-11-13 3913000]
“{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}”= “c:\program files\MyAshampoo\prxtbMyAs.dll” [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_CLASSES_ROOT\clsid{c86eb8a9-ccc2-4b6c-b75d-73576ed591bf}]
.
[HKEY_CLASSES_ROOT\clsid{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]
.
[HKEY_LOCAL_MACHINE~\Browser Helper Objects{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-11-13 19:58 3913000 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE~\Browser Helper Objects{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]
2011-01-17 15:54 175912 ----a-w- c:\program files\MyAshampoo\prxtbMyAs.dll
.
[HKEY_LOCAL_MACHINE~\Browser Helper Objects{c86eb8a9-ccc2-4b6c-b75d-73576ed591bf}]
2010-11-13 19:58 3913000 ----a-w- c:\program files\Softonic-Polska\tbSoft.dll
.
[HKEY_LOCAL_MACHINE~\Browser Helper Objects{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-02-01 17:17 1487240 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE~\Browser Helper Objects{DF925EF3-7A87-44E4-9CAF-8D7B280BF616}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
“{D4027C7F-154A-4066-A1AD-4243D8127440}”= “c:\program files\Ask.com\GenericAskToolbar.dll” [2011-02-01 1487240]
“{c86eb8a9-ccc2-4b6c-b75d-73576ed591bf}”= “c:\program files\Softonic-Polska\tbSoft.dll” [2010-11-13 3913000]
“{30F9B915-B755-4826-820B-08FBA6BD249D}”= “c:\program files\ConduitEngine\ConduitEngine.dll” [2010-11-13 3913000]
“{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}”= “c:\program files\MyAshampoo\prxtbMyAs.dll” [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CLASSES_ROOT\clsid{c86eb8a9-ccc2-4b6c-b75d-73576ed591bf}]
.
[HKEY_CLASSES_ROOT\clsid{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CLASSES_ROOT\clsid{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
“{D4027C7F-154A-4066-A1AD-4243D8127440}”= “c:\program files\Ask.com\GenericAskToolbar.dll” [2011-02-01 1487240]
“{C86EB8A9-CCC2-4B6C-B75D-73576ED591BF}”= “c:\program files\Softonic-Polska\tbSoft.dll” [2010-11-13 3913000]
“{A1E75A0E-4397-4BA8-BB50-E19FB66890F4}”= “c:\program files\MyAshampoo\prxtbMyAs.dll” [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CLASSES_ROOT\clsid{c86eb8a9-ccc2-4b6c-b75d-73576ed591bf}]
.
[HKEY_CLASSES_ROOT\clsid{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“DAEMON Tools Lite”=“c:\program files\DAEMON Tools Lite\DTLite.exe” [2010-04-01 357696]
“ALLUpdate”=“c:\program files\ALLPlayer\ALLUpdate.exe” [2011-02-07 1362944]
“PcSync”=“c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe” [2006-06-27 1449984]
“IPLA!”=“c:\program files\ipla\ipla.exe” [2010-11-22 18630656]
“ares”=“c:\program files\Ares\Ares.exe” [2010-07-10 1015808]
“Gadu-Gadu”=“c:\program files\Gadu-Gadu\gg.exe” [2008-03-20 2127296]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“RTHDCPL”=“RTHDCPL.EXE” [2009-06-12 17887232]
“Kernel and Hardware Abstraction Layer”=“KHALMNPR.EXE” [2009-06-17 55824]
“egui”=“c:\program files\ESET\ESET NOD32 Antivirus\egui.exe” [2010-04-07 2145000]
“WheelMouse”=“c:\program files\A4Tech\Mouse\Amoumain.exe” [2007-12-25 241664]
“WOOWATCH”=“c:\progra~1\NEOSTR~1\Watch.exe” [2004-08-23 20480]
“WOOTASKBARICON”=“c:\progra~1\NEOSTR~1\GestMaj.exe” [2004-10-14 32768]
“NvCplDaemon”=“c:\windows\system32\NvCpl.dll” [2006-10-22 7700480]
“nwiz”=“nwiz.exe” [2006-10-22 1622016]
“NvMediaCenter”=“c:\windows\system32\NvMcTray.dll” [2006-10-22 86016]
“iKeyWorks”=“c:\program files\A4Tech\Keyboard\Ikeymain.exe” [2007-06-25 65536]
“UnlockerAssistant”=“c:\program files\Unlocker\UnlockerAssistant.exe” [2010-07-04 17408]
.
[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“c:\windows\system32\CTFMON.EXE” [2008-04-15 15360]
.
[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
“_nltide_3”=“advpack.dll” [2010-05-25 128512]
.
c:\documents and settings\Uľytkownik\Menu Start\Programy\Autostart\
svhost.exe [2010-4-18 23759]
Warkeys Update.lnk - c:\program files\Warkeys\update\Warkeys Update.exe [N/A]
.
c:\documents and settings\All Users\Menu Start\Programy\Autostart\
DSLMON.lnk - c:\program files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2010-6-2 839680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
“DisableStatusMessages”= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
“NoSMHelp”= 1 (0x1)
“NoSMMyPictures”= 1 (0x1)
“NoSMConfigurePrograms”= 1 (0x1)
“NoResolveTrack”= 1 (0x1)
.
[HKEY_USERS.default\software\microsoft\windows\currentversion\policies\explorer]
“NoSMHelp”= 1 (0x1)
“NoSMMyPictures”= 1 (0x1)
“NoSMConfigurePrograms”= 1 (0x1)
“NoResolveTrack”= 1 (0x1)
.
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
“%windir%\Network Diagnostic\xpnetdiag.exe”=
“%windir%\system32\sessmgr.exe”=
“c:\Program Files\BitComet\BitComet.exe”=
“c:\Program Files\Ares\Ares.exe”=
“c:\Program Files\Mozilla Firefox\firefox.exe”=
“d:\Gry\Pro Evolution Soccer 2011\pes2011.exe”=
“d:\Gry\Warcraft III\Warcraft III.exe”=
“d:\Gry\Warcraft III\war3.exe”=
“d:\gry\Football Manager 2011\fm.exe”=
“c:\Program Files\SopCast\SopCast.exe”=
“c:\Program Files\SopCast\adv\SopAdver.exe”=
“c:\Program Files\Mozilla Firefox\plugin-container.exe”=
“d:\Gry\Metin2\metin2client.bin”=
.
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
“20346:TCP”= 20346:TCP:BitComet 20346 TCP
“20346:UDP”= 20346:UDP:BitComet 20346 UDP
“6112:TCP”= 6112:TCP:localhost
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2010-06-02 691696]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2010-04-07 95872]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};c:\program files\CyberLink\PowerDVD8\000.fcl [2008-06-27 61424]
R2 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2010-04-07 114984]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2010-04-07 810120]
R2 KMService;KMService;c:\windows\system32\srvany.exe [2010-05-28 8192]
S2 .EsetTrialReset;Eset Trial Reset;c:\windows\reset.exe [2009-03-13 357182]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2010-05-28 1684736]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
S3 WO_LiveService;Ashampoo LiveTuner Service;c:\program files\Ashampoo\Ashampoo WinOptimizer 8\LiveTunerService.exe – c:\program files\Ashampoo\Ashampoo WinOptimizer 8\LiveTunerService.exe [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
.
— Inne Usługi/Sterowniki w Pamięci —
.
*Deregistered* - uphcleanhlp
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
UPHClean REG_MULTI_SZ UPHClean
.
Zawartość folderu ‘Zaplanowane zadania’
.
2011-05-05 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2011-02-01 17:17]
.
2011-05-06 c:\windows\Tasks\User_Feed_Synchronization-{391D7B09-00B0-4E21-A62F-1E9132917945}.job
- c:\windows\system32\msfeedssync.exe [2010-05-25 18:05]
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://search.conduit.com?SearchSource= … =CT2475029
IE: Eksportuj do programu Microsoft Excel - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
IE: Pobierz wszystkie wideo za pomocą BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: Pobierz wszystko za pomocą BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: Pobierz za pomocą BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
FF - ProfilePath - c:\documents and settings\Użytkownik\Dane aplikacji\Mozilla\Firefox\Profiles\lfbot8hi.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.as … ource=3q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - interia.pl
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?clien … YYYYYPLq=
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-06 09:47
Windows 5.1.2600 Dodatek Service Pack 3 NTFS
.
skanowanie ukrytych procesów …
.
skanowanie ukrytych wpisów autostartu …
.
skanowanie ukrytych plików …
.
skanowanie pomyślnie ukończone
ukryte pliki: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
“ImagePath”="??\c:\program files\CyberLink\PowerDVD8\000.fcl"
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------
.
-
-
-
-
-
-
- ‘lsass.exe’(868)
-
-
-
-
-
c:\windows\system32\scecli.dll
.
-
-
-
-
-
-
- ‘explorer.exe’(3860)
-
-
-
-
-
c:\windows\system32\WININET.dll
c:\windows\system32\msi.dll
c:\program files\Gadu-Gadu\ggwhook.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
Czas ukończenia: 2011-05-06 09:49:02
ComboFix-quarantined-files.txt 2011-05-06 07:49
ComboFix2.txt 2011-05-06 07:23
ComboFix3.txt 2011-05-05 12:24
.
Przed: 18 473 799 680 bajtów wolnych
Po: 18 466 226 176 bajtów wolnych
.
-
- End Of File - - 2C7BAA629C980A060DFD27432E6350EE