Komputer wolno mi chodzi


(Daro459) #1

Wklejam logi i prosze o sprawdzenie.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 14:54:57, on 2007-09-01

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Ahead\InCD\InCDsrv.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\Explorer.EXE

C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe

C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

C:\Program Files\Ahead\InCD\InCD.exe

C:\Program Files\Analog Devices\SoundMAX\Smax4.exe

C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe

C:\WINDOWS\Mixer.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe

C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe

C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

C:\Program Files\Winamp\winampa.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\ivo\UniSpiker-2.6\uni_spiker-2.6.exe

C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Teleca Shared\Generic.exe

C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\Program Files\Gadu-Gadu\gg.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Windows Media Player\wmplayer.exe

C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Aware.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.bearshare.com/sidebar.html?src=ssb

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.bearshare.com/sidebar.html?src=ssb

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: My Global Search Bar BHO - {37B85A21-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL

O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM..\Run: [nwiz] nwiz.exe /install

O4 - HKLM..\Run: [sW20] C:\WINDOWS\system32\sw20.exe

O4 - HKLM..\Run: [sW24] C:\WINDOWS\system32\sw24.exe

O4 - HKLM..\Run: [WheelMouse] C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe

O4 - HKLM..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"

O4 - HKLM..\Run: [inCD] C:\Program Files\Ahead\InCD\InCD.exe

O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe

O4 - HKLM..\Run: [soundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray

O4 - HKLM..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"

O4 - HKLM..\Run: [C-Media Mixer] Mixer.exe /startup

O4 - HKLM..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"

O4 - HKLM..\Run: [bearShare] "C:\Program Files\BearShare\BearShare.exe" /pause

O4 - HKLM..\Run: [sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe

O4 - HKLM..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKCU..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray

O4 - HKCU..\Run: [Komunikator] C:\Program Files\Tlen.pl\tlen.exe

O4 - HKCU..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h

O4 - HKUS\S-1-5-19..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')

O4 - HKUS\S-1-5-20..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')

O4 - HKUS\S-1-5-18..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS.DEFAULT..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: UniSpiker-2.6.lnk = ?

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--

End of file - 6932 bytes


(Asterisk) #2

Proszę zastosować się do tego Tematu i edytować własnego

posta z użyciem funkcji icon_edit.gif

na konkretny oraz opisania problemu.

W przeciwnym razie topic wyląduje w Śmietniku.


(jessica) #3

Te w/w wpisy sfiksuj w Hijacku:

>>Hijack>>scan(Do a system scan only)>>zaznacz je >> Fix checked.

Jeśli nie masz jakiegoś narzędzia usuwającego, to ściągnij OTMoveIt

Do pola Paste List of Files/Folders to be Moved wklej poniższe ścieżki:

Następnie wciśnij przycisk MoveIt!

Pojawi się komunikat, że jest potrzebny restart do usunięcia podanych plików/folderów- wciśnij Yes.

Po restarcie usuń ręcznie folder C:**** _OTMoveIt (Prawoklik >>> Usuń >>> Opróżnij Kosz).

Możesz dać jeszcze log z DeckardsSS (na dole tej strony z linku) -

Log wklej na http://wklej.org/, a w poście daj tylko link.

jessi


(Daro459) #4

http://img291.imageshack.us/my.php?image=asdasdk6.jpg o co w tym chodzi?:frowning:


(jessica) #5

To wygląda tak, jakby te obiekty przeznaczone do usuwania , w rzeczywistości nie istniały.

W każdym bądź razie daj log z DeckardsSS. Zobaczymy, co jest "grane".

I popraw swego pierwszego posta, bo inaczej Moderator usunie cały temat.

jessi


(Gutek) #6

(Daro459) #7

Deckard's System Scanner v20070826.66

Run by Gosia on 2007-09-03 20:37:45

Computer is in Normal Mode.


-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.

-- Last 5 Restore Point(s) --

23: 2007-09-03 18:37:49 UTC - RP40 - Deckard's System Scanner Restore Point

22: 2007-09-01 20:57:09 UTC - RP39 - Installed Tony Hawk's American Wasteland

21: 2007-09-01 20:44:21 UTC - RP38 - SPTD setup V1.50

20: 2007-09-01 13:29:56 UTC - RP37 - Zainstalowano: Microsoft Office 2000 Professional

19: 2007-09-01 13:19:26 UTC - RP36 - Removed Microsoft Office Professional 2007

-- First Restore Point --

1: 2007-08-02 12:07:52 UTC - RP18 - Removed Sony Ericsson PC Suite 1.20.173

Backed up registry hives.

Performed disk cleanup.

-- HijackThis (run as Gosia.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 20:39:02, on 2007-09-03

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Ahead\InCD\InCDsrv.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\Explorer.EXE

C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe

C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

C:\Program Files\Ahead\InCD\InCD.exe

C:\Program Files\Analog Devices\SoundMAX\Smax4.exe

C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe

C:\WINDOWS\Mixer.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe

C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe

C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\Program Files\Winamp\winampa.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe

C:\Program Files\ivo\UniSpiker-2.6\uni_spiker-2.6.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Common Files\Teleca Shared\Generic.exe

C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

D:\Program Files\Aspyr Media, Inc\THAW\Game\THAW.exe

C:\Program Files\Gadu-Gadu\gg.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Documents and Settings\Gosia\Pulpit\dss.exe

C:\PROGRA~1\TRENDM~1\HIJACK~1\Gosia.exe

O4 - HKLM..\Run: [nwiz] nwiz.exe /install

O4 - HKLM..\Run: [sW20] C:\WINDOWS\system32\sw20.exe

O4 - HKLM..\Run: [sW24] C:\WINDOWS\system32\sw24.exe

O4 - HKLM..\Run: [WheelMouse] C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe

O4 - HKLM..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"

O4 - HKLM..\Run: [inCD] C:\Program Files\Ahead\InCD\InCD.exe

O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe

O4 - HKLM..\Run: [soundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray

O4 - HKLM..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"

O4 - HKLM..\Run: [C-Media Mixer] Mixer.exe /startup

O4 - HKLM..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"

O4 - HKLM..\Run: [bearShare] "C:\Program Files\BearShare\BearShare.exe" /pause

O4 - HKLM..\Run: [sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe

O4 - HKLM..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKCU..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray

O4 - HKCU..\Run: [Komunikator] C:\Program Files\Tlen.pl\tlen.exe

O4 - HKCU..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h

O4 - HKCU..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount

O4 - HKUS\S-1-5-19..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')

O4 - HKUS\S-1-5-20..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')

O4 - HKUS\S-1-5-18..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS.DEFAULT..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: UniSpiker-2.6.lnk = ?

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--

End of file - 6122 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups) -----------

backup-20070902-144801-105 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb

backup-20070902-144801-220 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/

backup-20070902-144801-231 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.bearshare.com/sidebar.html?src=ssb

backup-20070902-144801-372 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

backup-20070902-144801-406 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.bearshare.com/sidebar.html?src=ssb

backup-20070902-144801-554 O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

backup-20070902-144801-571 O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

backup-20070902-144801-753 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb

backup-20070902-144801-800 O3 - Toolbar: Alcohol Toolbar - {ED4BD629-C1B6-4399-8A34-02CCAA921DC9} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll

backup-20070902-144801-990 O2 - BHO: Alcohol Toolbar Helper - {8126A4A5-BFD3-46FE-BBDF-BFB5CF78E489} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll

-- File Associations -----------------------------------------------------------

.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*

.cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%*

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 Amfilter (A4Tech Mouse Filter Driver) - c:\windows\system32\drivers\amfilter.sys

R1 VIAPFD - c:\windows\system32\drivers\viapfd.sys

R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys

S3 ADIHdAudAddService (ADI UAA Function Driver for High Definition Audio Service) - c:\windows\system32\drivers\adihdaud.sys

S3 AEAudioService (AEAudio Service) - c:\windows\system32\drivers\aeaudio.sys

S3 Amusbprt (A4Tech HID-compliant Mouse Driver) - c:\windows\system32\drivers\amusbprt.sys

S3 Asushwio - c:\windows\system32\drivers\asushwio.sys

S3 GMSIPCI - f:\install\gmsipci.sys (file missing)

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 StarWindServiceAE (StarWind AE Service) - c:\program files\alcohol soft\alcohol 120\starwind\starwindserviceae.exe

S3 AresChatServer (Ares Chatroom server) - c:\program files\ares\chatserver.exe

-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}

Description: Microsoft UAA Function Driver for High Definition Audio - Adi 1986

Device ID: HDAUDIO\FUNC_01&VEN_11D4&DEV_1986&SUBSYS_1043818F&REV_1005\5&156D1A36&0&0001

Manufacturer: Microsoft

Name: Microsoft UAA Function Driver for High Definition Audio - Adi 1986

PNP Device ID: HDAUDIO\FUNC_01&VEN_11D4&DEV_1986&SUBSYS_1043818F&REV_1005\5&156D1A36&0&0001

Service: HdAudAddService

-- Files created between 2007-08-03 and 2007-09-03 -----------------------------

2007-09-01 22:50:54 229057 --a------ C:\WINDOWS\Alcohol_Toolbar_Uninstaller_2750.exe

2007-09-01 22:50:53 0 d-------- C:\Program Files\Alcohol Toolbar

2007-09-01 22:50:47 0 d-------- C:\Program Files\Alcohol Soft

2007-09-01 22:44:22 685816 --a------ C:\WINDOWS\system32\drivers\sptd.sys

2007-09-01 16:34:59 60273 --a------ C:\WINDOWS\system32\pthreadGC2.dll

2007-09-01 16:34:59 10752 --a------ C:\WINDOWS\system32\ff_vfw.dll

2007-09-01 16:34:58 0 d-------- C:\Program Files\ffdshow

2007-09-01 15:31:21 0 d-------- C:\WINDOWS\ShellNew

2007-09-01 15:06:19 0 d-------- C:!KillBox

2007-09-01 14:54:25 0 d-------- C:\Program Files\Trend Micro

2007-09-01 14:52:44 0 d-------- C:\Program Files\Lavasoft

2007-08-28 16:00:56 0 d-------- C:\Program Files\Ares

2007-08-27 15:04:12 0 d-------- C:\swsetup

2007-08-27 12:10:49 0 d-------- C:\NVIDIA

2007-08-26 21:07:57 0 d-------- C:\Program Files\Counter-Strike Source

2007-08-26 21:01:50 0 d-------- C:\Program Files\Winamp

2007-08-24 19:49:39 715 --a------ C:\WINDOWS\unins000.dat

2007-08-15 13:56:03 0 d-------- C:\WINDOWS\speech

2007-08-15 13:55:58 0 d-------- C:\Program Files\ivo

2007-08-15 12:22:48 180224 --a------ C:\WINDOWS\system32\xvidvfw.dll

2007-08-15 12:22:48 761856 --a------ C:\WINDOWS\system32\xvidcore.dll

2007-08-15 12:22:48 0 d-------- C:\Program Files\XviD

2007-08-14 15:03:16 36932 --a------ C:\WINDOWS\cmijack.dat

2007-08-14 11:21:57 1165 --a------ C:\WINDOWS\mozver.dat

2007-08-14 11:20:02 0 --a------ C:\WINDOWS\nsreg.dat

2007-08-03 16:50:21 0 d-------- C:\WINDOWS\Sun

2007-08-03 13:28:26 0 d-------- C:\Program Files\MSXML 4.0

-- Find3M Report ---------------------------------------------------------------

2007-09-03 20:23:53 53 --a------ C:\biosinfo

2007-09-03 10:25:44 0 d-------- C:\Program Files\Gadu-Gadu

2007-09-01 18:43:49 0 d-------- C:\Documents and Settings\Gosia\Dane aplikacji\Help

2007-09-01 17:34:46 0 d-------- C:\Program Files\Lexmark X1100 Series

2007-09-01 15:32:43 0 d-------- C:\Program Files\Common Files

2007-09-01 15:30:03 0 d-------- C:\Documents and Settings\Gosia\Dane aplikacji\Microsoft Web Folders

2007-09-01 15:29:50 0 d-------- C:\Program Files\microsoft frontpage

2007-09-01 14:52:49 0 d-------- C:\Documents and Settings\Gosia\Dane aplikacji\Lavasoft

2007-08-27 11:02:07 0 d-------- C:\Program Files\BearShare

2007-08-23 21:07:00 0 d-------- C:\Documents and Settings\Gosia\Dane aplikacji\CyberLink

2007-08-14 13:46:40 0 d-------- C:\Program Files\Analog Devices

2007-08-14 11:20:00 0 d-------- C:\Documents and Settings\Gosia\Dane aplikacji\Mozilla

2007-08-12 19:06:19 0 d-------- C:\Program Files\Total Video Converter

2007-08-03 20:59:21 17536 --a------ C:\Documents and Settings\Gosia\Dane aplikacji\GDIPFONTCACHEV1.DAT

2007-08-03 16:50:21 0 d-------- C:\Documents and Settings\Gosia\Dane aplikacji\Sun

2007-08-03 16:38:40 0 d-------- C:\Program Files\Java

2007-08-02 15:45:53 0 d-------- C:\Program Files\Plato Video To 3GP Converter

2007-08-02 14:10:37 0 d-------- C:\Program Files\Common Files\Teleca Shared

2007-08-02 14:10:24 0 d-------- C:\Program Files\Sony Ericsson

2007-08-02 14:04:15 0 d-------- C:\Documents and Settings\Gosia\Dane aplikacji\Teleca

2007-08-01 19:41:41 0 d--h----- C:\Program Files\InstallShield Installation Information

2007-08-01 19:41:41 0 d-------- C:\Program Files\Ashampoo

2007-08-01 14:30:53 0 d-------- C:\Program Files\Audacity

2007-08-01 12:18:37 0 d-------- C:\Documents and Settings\Gosia\Dane aplikacji\LimeWire

2007-07-27 23:02:14 0 d-------- C:\Program Files\BearShare Applications

2007-07-26 23:52:42 0 d-------- C:\Program Files\LimeWire

2007-07-26 23:45:47 0 d-------- C:\Program Files\Common Files\Java

2007-07-25 12:54:34 0 d-------- C:\Program Files\Tlen.pl

2007-07-25 11:48:48 0 d-------- C:\Documents and Settings\Gosia\Dane aplikacji\Tlen.pl

2007-07-23 23:20:15 355486 --a------ C:\WINDOWS\system32\perfh015.dat

2007-07-23 23:20:15 49492 --a------ C:\WINDOWS\system32\perfc015.dat

2007-07-23 18:06:06 0 d-------- C:\Documents and Settings\Gosia\Dane aplikacji\Macromedia

2007-07-23 18:04:24 0 d-------- C:\Documents and Settings\Gosia\Dane aplikacji\Gadu-Gadu

2007-07-23 18:03:00 0 d-------- C:\Program Files\MarBit

2007-07-23 17:37:24 0 d-------- C:\Program Files\Alwil Software

2007-07-23 17:11:38 4608 --a------ C:\WINDOWS\system32\w95inf32.dll

2007-07-23 17:11:38 2272 --a------ C:\WINDOWS\system32\w95inf16.dll

2007-07-23 17:11:30 0 d-------- C:\Program Files\PCI Audio Applications

2007-07-23 17:10:15 0 d-------- C:\Program Files\C-Media

2007-07-23 17:05:23 0 d-------- C:\Program Files\ABBYY FineReader 5.0 Sprint

2007-07-23 17:05:09 0 d-------- C:\Program Files\ABBYY FineReader 6.0

2007-07-23 17:04:53 0 d-------- C:\Program Files\FaxTools

2007-07-23 11:42:29 0 d-------- C:\Program Files\Messenger

2007-07-22 22:55:18 0 d-------- C:\Program Files\Common Files\ODBC

2007-07-22 22:55:14 0 d-------- C:\Program Files\Common Files\SpeechEngines

2007-07-22 22:54:41 62 --ahs---- C:\Documents and Settings\Gosia\Dane aplikacji\desktop.ini

2007-07-22 21:42:26 0 d-------- C:\Program Files\VIA

2007-07-22 21:42:15 0 d-------- C:\Program Files\Common Files\InstallShield

2007-07-22 21:34:27 0 d-------- C:\Program Files\Ahead

2007-07-22 21:34:10 0 d-------- C:\Program Files\Common Files\Ahead

2007-07-22 21:33:19 0 d-------- C:\Program Files\CyberLink

2007-07-22 21:33:17 0 d-------- C:\Program Files\CyberLink DVD Solution

2007-07-22 21:30:10 0 d-------- C:\Program Files\A4Tech

2007-07-22 21:18:20 0 d-------- C:\Documents and Settings\Gosia\Dane aplikacji\Identities

2007-07-22 21:07:30 0 -rahs---- C:\MSDOS.SYS

2007-07-22 21:07:30 0 -rahs---- C:\IO.SYS

2007-07-22 21:07:30 0 --a------ C:\CONFIG.SYS

2007-07-22 21:07:30 0 --a------ C:\AUTOEXEC.BAT

2007-07-22 21:05:52 0 d--h----- C:\Program Files\WindowsUpdate

2007-07-22 21:05:48 0 d-------- C:\Program Files\Usługi online

2007-07-22 21:04:44 0 d-------- C:\Program Files\Common Files\MSSoap

2007-07-22 21:04:33 0 d-------- C:\Program Files\Movie Maker

2007-07-22 21:03:33 21856 --a------ C:\WINDOWS\system32\emptyregdb.dat

2007-07-22 21:02:58 0 d-------- C:\Program Files\MSN Gaming Zone

2007-07-22 21:02:45 0 d-------- C:\Program Files\Windows NT

2007-06-29 00:43:00 1626112 --a------ C:\WINDOWS\system32\nwiz.exe

2007-06-29 00:43:00 1019904 --a------ C:\WINDOWS\system32\nvwimg.dll

2007-06-29 00:43:00 1703936 --a------ C:\WINDOWS\system32\nvwdmcpl.dll

2007-06-29 00:43:00 466944 --a------ C:\WINDOWS\system32\nvshell.dll

2007-06-29 00:43:00 1474560 --a------ C:\WINDOWS\system32\nview.dll

2007-06-29 00:43:00 1339392 --a------ C:\WINDOWS\system32\nvdspsch.exe

2007-06-29 00:43:00 442368 --a------ C:\WINDOWS\system32\nvappbar.exe

2007-06-29 00:43:00 425984 --a------ C:\WINDOWS\system32\keystone.exe

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"nwiz"="nwiz.exe" [2007-06-29 00:43 C:\WINDOWS\system32\nwiz.exe]

"SW20"="C:\WINDOWS\system32\sw20.exe" [2005-08-26 09:44]

"SW24"="C:\WINDOWS\system32\sw24.exe" [2005-08-26 09:45]

"WheelMouse"="C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe" [2004-08-25 07:35]

"RemoteControl"="C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2003-12-08 17:35]

"InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2005-07-08 16:25]

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]

"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 15:21 C:\WINDOWS\system32\HdAShCut.exe]

"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2005-09-07 15:35]

"Lexmark X1100 Series"="C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" [2003-08-19 17:09]

"C-Media Mixer"="Mixer.exe" [2002-07-12 16:33 C:\WINDOWS\mixer.exe]

"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-07-28 00:03]

"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" []

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]

"BearShare"="C:\Program Files\BearShare\BearShare.exe" []

"@"="" []

"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 16:17]

"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2006-05-25 19:35]

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-06-29 00:43]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-06-29 00:43]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2007-05-10 16:36]

"Komunikator"="C:\Program Files\Tlen.pl\tlen.exe" []

"ares"="C:\Program Files\Ares\Ares.exe" [2007-05-04 02:32]

"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-07-02 12:27]

C:\Documents and Settings\Gosia\Menu Start\Programy\Autostart\

UniSpiker-2.6.lnk - C:\Program Files\ivo\UniSpiker-2.6\uni_spiker-2.6.exe [2006-07-25 13:16:56]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\

Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 20:05:56]

-- End of Deckard's System Scanner: finished at 2007-09-03 20:39:47 ------------


(Gutek) #8

Ile można pisać !!

Uwaga: Jak wklejasz loga to obejmuj go znacznikiem (tagiem) CODE lub QUOTE

Pobierz program SDFix

-


(Daro459) #9
Final Check:


Remaining Services:

------------------




Authorized Application Key Export:


[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\\Program Files\\Gadu-Gadu\\gg.exe"="C:\\Program Files\\Gadu-Gadu\\gg.exe:*:Enabled:Gadu-Gadu - program g˘wny"

"D:\\Program Files\\Steam\\SteamApps\\dawid516\\counter-strike\\hl.exe"="D:\\Program Files\\Steam\\SteamApps\\dawid516\\counter-strike\\hl.exe:*:Enabled:Half-Life Launcher"

"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"

"C:\\Program Files\\BearShare\\BearShare.exe"="C:\\Program Files\\BearShare\\BearShare.exe:*:Enabled:BearShare"

"C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"

"C:\\Program Files\\Counter-Strike Source\\hl2.exe"="C:\\Program Files\\Counter-Strike Source\\hl2.exe:*:Enabled:hl2"

"C:\\Program Files\\Ares\\Ares.exe"="C:\\Program Files\\Ares\\Ares.exe:*:Enabled:Ares p2p for windows"


[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"


Remaining Files:

---------------


File Backups: - C:\SDFix\backups\backups.zip


Files with Hidden Attributes:


C:\Deckard\System Scanner\backup\DOCUME~1\Gosia\USTAWI~1\Temp\~6.tmp

C:\Deckard\System Scanner\backup\DOCUME~1\Gosia\USTAWI~1\Temp\~A.tmp


                                 Finished

(Gutek) #10

Daj log z ComboFix


(Daro459) #11


(Gutek) #12

Czyszczenie rejestru:

RegCleaner - http://www.dobreprogramy.pl/index.php?dz=2&t=29&id=177

możesz rejestr przelecieć albo

jv16 PowerTools - http://www.dobreprogramy.pl/index.php?dz=2&t=29&id=509

Opis RegCleaner - http://www.agavk.p9.pl/strony/progra_regcleaner.php

Zobacz - Obsługa jv16 PowerTools

Optymalizacja XP: http://forum.dobreprogramy.pl/viewtopic.php?t=76580