Komputer zamula,okna wolniej sie wlanczaja

Dla specjalistów Bezpieczeństwo
#1

Ogolnie zasyfiony komputer , zwolnienie wszystkich procesow , wolniejsze otwieranie sie okienek ,pliki ktorych nie da sie usunąc.Firefox wlacza mi sie z minute , okno “Moj Komputer” z 10-15 sekund

Prosze o sprawdzenie mi loga i ewentualna korekte , z gory dziekuje wszystkim ktorym sie chcialo :slight_smile:

Logfile of HijackThis v1.99.1

Scan saved at 14:44:02, on 2007-11-08

Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)


Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\Program Files\CyberLink\Shared files\RichVideo.exe

C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe

C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\Program Files\CursorXP\CursorXP.exe

C:\Program Files\NetMeter\NetMeter.exe

C:\Program Files\Gadu-Gadu\gg.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe

G:\-=Progs=-\HijackThis.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kav.exe" /minimize

O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"

O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [kiss] C:\Program Files\sdfhfgd\pingy.exe

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\RunServices: [HOT FIX] Gothic.exe

O4 - HKLM\..\RunOnce: [HOT FIX] Gothic.exe

O4 - HKCU\..\Run: [CursorXP] "C:\Program Files\CursorXP\CursorXP.exe" -s

O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide

O4 - HKCU\..\Run: [HOT FIX] Gothic.exe

O4 - HKCU\..\Run: [C] C:\Program Files\NetMeter\NetMeter.exe

O4 - HKCU\..\RunOnce: [HOT FIX] Gothic.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Kaspersky Anti-Hacker.lnk = C:\Program Files\Kaspersky Lab\Kaspersky Anti-Hacker\KAVPF.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kavsvc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe

O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
#2

daj log z combofix

#3

a Prosze

#4

Pobierz program SDFix

#5 
SDFix: Version 1.114


Run by Kondziu on 2007-11-09 at 02:44


Microsoft Windows XP [Wersja 5.1.2600]


Running From: C:\SDFix


Safe Mode:

Checking Services: 



Restoring Windows Registry Values

Restoring Windows Default Hosts File


Rebooting...



Normal Mode:

Checking Files: 


No Trojan Files Found





Removing Temp Files...


ADS Check:


C:\WINDOWS

No streams found. 


C:\WINDOWS\system32

No streams found. 


C:\WINDOWS\system32\svchost.exe

No streams found.


C:\WINDOWS\system32\ntoskrnl.exe

No streams found.




                                 Final Check:


catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-11-09 02:47:22

Windows 5.1.2600 Dodatek Service Pack. 1 NTFS


scanning hidden processes ...


scanning hidden services & system hive ...


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]

"s1"=dword:f90e9746

"s2"=dword:912bf769

"h0"=dword:00000002


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]

"p0"="C:\Program Files\Alcohol Soft\Alcohol 120\"

"h0"=dword:00000000

"ujdew"=hex:70,15,af,23,65,c8,fb,1d,6b,20,7d,5c,ec,1a,55,2e,7d,d3,54,3a,b2,..


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]

"p0"="C:\Program Files\DAEMON Tools\"

"h0"=dword:00000001

"khjeh"=hex:40,c2,99,5a,99,b1,21,b7,f9,00,7e,0d,f0,3a,e7,26,67,a6,e9,d5,4f,..


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]

"a0"=hex:20,01,00,00,a9,10,af,bb,66,11,26,47,49,e0,67,a5,17,77,a0,3d,9f,..

"khjeh"=hex:fd,42,6c,71,eb,3b,e8,f2,e6,54,e2,bb,40,3e,84,39,a1,35,e1,3f,dc,..


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]

"khjeh"=hex:4b,13,13,1e,34,a5,8f,c4,b1,ec,32,c4,f0,fb,3e,fe,ce,12,84,97,69,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]

"p0"="C:\Program Files\Alcohol Soft\Alcohol 120\"

"h0"=dword:00000000

"ujdew"=hex:70,15,af,23,65,c8,fb,1d,6b,20,7d,5c,ec,1a,55,2e,7d,d3,54,3a,b2,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]

"p0"="C:\Program Files\DAEMON Tools\"

"h0"=dword:00000001

"khjeh"=hex:40,c2,99,5a,99,b1,21,b7,f9,00,7e,0d,f0,3a,e7,26,67,a6,e9,d5,4f,..


[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]

"a0"=hex:20,01,00,00,a9,10,af,bb,66,11,26,47,49,e0,67,a5,17,77,a0,3d,9f,..

"khjeh"=hex:80,be,18,54,a1,6e,62,44,8d,f0,bf,f0,34,01,99,74,75,26,b7,c9,d4,..


[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]

"khjeh"=hex:a6,35,66,d5,a5,90,85,c5,2a,61,cc,b5,1d,e5,51,c6,48,0b,14,c7,4c,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]

"p0"="C:\Program Files\Alcohol Soft\Alcohol 120\"

"h0"=dword:00000000

"ujdew"=hex:70,15,af,23,65,c8,fb,1d,6b,20,7d,5c,ec,1a,55,2e,7d,d3,54,3a,b2,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]

"p0"="C:\Program Files\DAEMON Tools\"

"h0"=dword:00000001

"khjeh"=hex:40,c2,99,5a,99,b1,21,b7,f9,00,7e,0d,f0,3a,e7,26,67,a6,e9,d5,4f,..


[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]

"a0"=hex:20,01,00,00,a9,10,af,bb,66,11,26,47,49,e0,67,a5,17,77,a0,3d,9f,..

"khjeh"=hex:80,be,18,54,a1,6e,62,44,8d,f0,bf,f0,34,01,99,74,75,26,b7,c9,d4,..


[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]

"khjeh"=hex:a6,35,66,d5,a5,90,85,c5,2a,61,cc,b5,1d,e5,51,c6,48,0b,14,c7,4c,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]

"p0"="C:\Program Files\Alcohol Soft\Alcohol 120\"

"h0"=dword:00000000

"ujdew"=hex:70,15,af,23,65,c8,fb,1d,6b,20,7d,5c,ec,1a,55,2e,7d,d3,54,3a,b2,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]

"p0"="C:\Program Files\DAEMON Tools\"

"h0"=dword:00000001

"khjeh"=hex:40,c2,99,5a,99,b1,21,b7,f9,00,7e,0d,f0,3a,e7,26,67,a6,e9,d5,4f,..


[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]

"a0"=hex:20,01,00,00,a9,10,af,bb,66,11,26,47,49,e0,67,a5,17,77,a0,3d,9f,..

"khjeh"=hex:fd,42,6c,71,eb,3b,e8,f2,e6,54,e2,bb,40,3e,84,39,a1,35,e1,3f,dc,..


[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]

"khjeh"=hex:4b,13,13,1e,34,a5,8f,c4,b1,ec,32,c4,f0,fb,3e,fe,ce,12,84,97,69,..


scanning hidden registry entries ...


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E9F81423-211E-46B6-9AE0-38568BC5CF6F}]

"DisplayName"="Alcohol 120% (Trial Version)"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\A\1\5\1c]

"Order"=hex:08,00,00,00,02,00,00,00,b8,01,00,00,01,00,00,00,04,00,00,00,8c,..


scanning hidden files ...



scan completed successfully

hidden processes: 0

hidden services: 0

hidden files: 5293



Remaining Services:

------------------




Authorized Application Key Export:


[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]


[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]


Remaining Files:

---------------



Files with Hidden Attributes:


Sun 19 Aug 2007 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"


Finished!
#6

wpisy usuń HJT a folder i plik usuń ręcznie

Jak usuniesz to:

Otwórz Notatnik i wklej w nim to:

Plik >>> Zapisz jako >>> Zmień rozszerzenie z TXT na Wszystkie pliki >>> Zapisz pod nazwą FIX.REG >>> kliknij dwa razy na utworzony plik FIX.REG i potwierdź dodanie do rejestru >>> restart.

Po tym nowy log z HJT

#7

dziekuje bardzo

#8

Daj nowy log z Combo