Ostatnio zauwarzyłem że komp pracuje wolniej niż zwykle i cały czas pracuje dysk, nawet po wyłączeniu wszystkiego co pracuje w tle. System przeskanowałem i nie wykryło żadnych wirusów. Oto Log, sprawdźcie prosze

StartupList report, 2004-09-19, 02:18:01

StartupList version: 1.52

Started from : C:\Documents and Settings\Grzesiek\Pulpit\HijackThis.EXE

Detected: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)

Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)

* Using default options

==================================================


Running processes:


C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\AVPersonal\AVGUARD.EXE

C:\Program Files\AVPersonal\AVWUPSRV.EXE

C:\WINDOWS\system32\crypserv.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\msiexec.exe

C:\WINDOWS\System32\wuauclt.exe

C:\Program Files\AVPersonal\AVGNT.EXE

C:\Program Files\Winamp\winampa.exe

C:\Program Files\QuickTime\qttask.exe

C:\PROGRA~1\DAP\DAP.EXE

D:\ściągnięte\Temp\mul\eMule\emule.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\Grzesiek\Pulpit\HijackThis.exe


--------------------------------------------------


Listing of startup folders:


Shell folders Startup:

[C]

emule.lnk = Temp\mul\eMule\emule.exe


Shell folders Common Startup:

[C]

Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

QuickTV.lnk = C:\Program Files\AVerTV2K\QuickTV.exe


--------------------------------------------------


Checking Windows NT UserInit:


[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]

UserInit = C:\WINDOWS\system32\userinit.exe,


--------------------------------------------------


Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run


AVGCtrl = C:\Program Files\AVPersonal\AVGNT.EXE /min

WinampAgent = C:\Program Files\Winamp\winampa.exe

QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime

DownloadAccelerator = C:\PROGRA~1\DAP\DAP.EXE /STARTUP


--------------------------------------------------


Load/Run keys from C:\WINDOWS\WIN.INI:


load=*INI section not found*

run=*INI section not found*


Load/Run keys from Registry:


HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*

HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*

HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*

HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*

HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*

HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*

HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*

HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*

HKCU\..\Windows NT\CurrentVersion\Windows: load=

HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*

HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*

HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*

HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=NVDESK32.DLL


--------------------------------------------------


Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:


Shell=*INI section not found*

SCRNSAVE.EXE=*INI section not found*

drivers=*INI section not found*


Shell & screensaver key from Registry:


Shell=Explorer.exe

SCRNSAVE.EXE=*Registry value not found*

drivers=*Registry value not found*


Policies Shell key:


HKCU\..\Policies: Shell=*Registry key not found*

HKLM\..\Policies: Shell=*Registry value not found*


--------------------------------------------------



Enumerating Browser Helper Objects:


(no name) - C:\Program Files\DAP\DAPBHO.dll - {0000CC75-ACF3-4cac-A0A9-DD3868E06852}

(no name) - C:\Program Files\Adobe\Acrobat 5.0 CE\Reader\ActiveX\AcroIEHelper.ocx - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}


--------------------------------------------------


Enumerating Download Program Files:


[{10000000-1000-0000-1000-000000000000}]

CODEBASE = file://C:\Program Files\Internet Explorer\upudgxbx.exe


[{33564D57-0000-0010-8000-00AA00389B71}]

CODEBASE = http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB


[Shockwave Flash Object]

InProcServer32 = C:\WINDOWS\System32\macromed\flash\Flash.ocx

CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab


[Yahoo! Webcam Viewer Wrapper]

InProcServer32 = C:\WINDOWS\Downloaded Program Files\yvwrctl.dll

CODEBASE = http://chat.yahoo.com/cab/yvwrctl.cab


[MainControl Class]

InProcServer32 = C:\WINDOWS\System32\SkanerOnline.dll

CODEBASE = http://skaner.mks.com.pl/SkanerOnline.cab


--------------------------------------------------


Enumerating Windows NT logon/logoff scripts:

*No scripts set to run*


Windows NT checkdisk command:

BootExecute = autocheck autochk *


Windows NT 'Wininit.ini':

PendingFileRenameOperations: C:\WINDOWS\System32\SET38.tmp => C:\WINDOWS\System32\ODBC32.dll|||


--------------------------------------------------


Enumerating ShellServiceObjectDelayLoad items:


PostBootReminder: C:\WINDOWS\system32\SHELL32.dll

CDBurn: C:\WINDOWS\system32\SHELL32.dll

WebCheck: C:\WINDOWS\System32\webcheck.dll

SysTray: C:\WINDOWS\System32\stobject.dll


--------------------------------------------------

End of report, 6 188 bytes

Report generated in 1,793 seconds


Command line options:

   /verbose - to add additional info on each section

   /complete - to include empty sections and unsuspicious data

   /full - to include several rarely-important sections

   /force9x - to include Win9x-only startups even if running on WinNT

   /forcent - to include WinNT-only startups even if running on Win9x

   /forceall - to include all Win9x and WinNT startups, regardless of platform

   /history - to list version history only

Chyba masz robale w komputerze. Mi tez komputer chodził wolno i męczyłem sie dwa dni zeby je pousuwać. ściągnij sobie ad aware se(http://www.dobreprogramy.pl/index.php?dz=2&id=107&t=55).

mi sie nie podoba ten wpis w rejestrze :

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

Wiecej o robalach:

http://forum.dobreprogramy.pl/viewtopic … 0715888aa9

http://forum.dobreprogramy.pl/viewtopic … pybot+worm

http://forum.dobreprogramy.pl/viewtopic.php?t=7167

sciagasz HijackThis_v1.98.2

http://www.majorgeeks.com/downloadget.p … e6434cfc13

skanujesz potem save Log

i wklajasz na forum

loga

Przecież log już jest wklejony to po co to??

Lazikar ,ale widzisz ten log tam niema wszystkiego niech sciagnie najnowsza i dopiero wkleji

bedzie czytelnie i moze cos znajdzie wiecej

robiłem tak jak poleciła Kamcia_18

oto log:

Logfile of HijackThis v1.98.2

Scan saved at 11:51:24, on 2004-09-19

Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)


Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\AVPersonal\AVGUARD.EXE

C:\Program Files\AVPersonal\AVWUPSRV.EXE

C:\WINDOWS\system32\crypserv.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\wuauclt.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\AVPersonal\AVGNT.EXE

C:\Program Files\Winamp\winampa.exe

C:\Program Files\QuickTime\qttask.exe

C:\PROGRA~1\DAP\DAP.EXE

D:\ściągnięte\Temp\mul\eMule\emule.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\System32\wuauclt.exe

C:\Program Files\WinRAR\WinRAR.exe

C:\DOCUME~1\Grzesiek\USTAWI~1\Temp\Rar$EX00.742\HijackThis.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\Program Files\DAP\DAPBHO.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0 CE\Reader\ActiveX\AcroIEHelper.ocx

O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\Program Files\DAP\DAPIEBar.dll

O4 - HKLM\..\Run: [AVGCtrl] C:\Program Files\AVPersonal\AVGNT.EXE /min

O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [DownloadAccelerator] C:\PROGRA~1\DAP\DAP.EXE /STARTUP

O4 - Startup: emule.lnk = Temp\mul\eMule\emule.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: QuickTV.lnk = C:\Program Files\AVerTV2K\QuickTV.exe

O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm

O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm

O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\PROGRA~1\DAP\DAP.EXE

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O16 - DPF: {10000000-1000-0000-1000-000000000000} - file://C:\Program Files\Internet Explorer\upudgxbx.exe

O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab

O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://skaner.mks.com.pl/SkanerOnline.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{1DE09DBA-D6CC-48E2-B44B-BAC68B111446}: NameServer = 80.244.128.1,80.244.128.2

O17 - HKLM\System\CCS\Services\Tcpip\..\{7D43FA81-4610-4B29-83E3-06CC4D4F13A6}: NameServer = 80.244.128.1,80.244.128.2

O17 - HKLM\System\CS1\Services\Tcpip\..\{1DE09DBA-D6CC-48E2-B44B-BAC68B111446}: NameServer = 80.244.128.1,80.244.128.2