Witam.Od dwoch dni strasznie wolno chodzi mi komputer oraz internet.Robie skany avastem oraz Spyware Doctor i wirusy niby sie usuwaja lecz komp nadal sie scina i jest powolny.Nie znam sie na tego typu zeczach i prosze o pomoc.
Log z HJT…
SDFix…
SDFix: Version 1.117
Run by Krychu on 2007-12-10 at 18:44
Microsoft Windows XP [Wersja 5.1.2600]
Running From: C:\SDFix
Safe Mode:
Checking Services:
C:\WINDOWS\system32\Microsoft\backup.ftp Found
C:\WINDOWS\system32\Microsoft\backup.tftp Found
Checking files:
Genuine:
C:\WINDOWS\system32\Microsoft\backup.ftp
C:\WINDOWS\system32\Microsoft\backup.tftp
Dummy:
C:\WINDOWS\system32\ftp.exe
C:\WINDOWS\system32\tftp.exe
C:\WINDOWS\system32\dllcache\ftp.exe
C:\WINDOWS\system32\dllcache\tftp.exe
Files copied to SDFix\Backups
Restoring files if backups are found
Final Check:
Genuine:
C:\WINDOWS\system32\Microsoft\backup.ftp
C:\WINDOWS\system32\Microsoft\backup.tftp
C:\WINDOWS\system32\ftp.exe
C:\WINDOWS\system32\tftp.exe
C:\WINDOWS\system32\dllcache\ftp.exe
C:\WINDOWS\system32\dllcache\tftp.exe
Dummy:
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting…
Normal Mode:
Checking Files:
Trojan Files Found:
C:\Program Files\Common Files\Carlson\carlton - Deleted
C:\WINDOWS\system32\Microsoft\backup.ftp - Deleted
C:\WINDOWS\system32\Microsoft\backup.tftp - Deleted
C:\WINDOWS\system32\o - Deleted
C:\WINDOWS\system32\WinSecUp.exe - Deleted
Folder C:\Program Files\Common Files\Carlson - Removed
Removing Temp Files…
ADS Check:
C:\WINDOWS
No streams found.
C:\WINDOWS\system32
No streams found.
C:\WINDOWS\system32\svchost.exe
No streams found.
C:\WINDOWS\system32\ntoskrnl.exe
No streams found.
Final Check:
catchme 0.3.1262.1 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-10 18:48:42
Windows 5.1.2600 Dodatek Service Pack. 1 NTFS
scanning hidden processes …
scanning hidden services & system hive …
scanning hidden registry entries …
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\A\1\5\1c]
“Order”=hex:08,00,00,00,02,00,00,00,b8,01,00,00,01,00,00,00,04,00,00,00,8c,…
scanning hidden files …
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Remaining Services:
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
“C:\WINDOWS\System32\msmsngers.exe”=“C:\WINDOWS\System32\msmsngers.exe:*:Enabled:Internet”
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
Remaining Files:
File Backups: - C:\SDFix\backups\backups.zip
Files with Hidden Attributes:
Sat 8 Dec 2007 10,884 A…H. — “C:\WINDOWS\system32\hgwdsa.exe”
Mon 23 Sep 2002 436,224 …SHR — “C:\WINDOWS\system32\msmsngers.exe”
Sat 8 Dec 2007 64,902 A…H. — “C:\WINDOWS\system32\wbnvdjj.exe”
Sun 9 Dec 2007 53,072 A…H. — “C:\WINDOWS\system32\wonscgdf.exe”
Sat 8 Dec 2007 3,508 A…H. — “C:\WINDOWS\system32\yenyexe.exe”
Sat 8 Dec 2007 64,902 A…H. — “C:\WINDOWS\system32\znpwq.exe”
Sat 8 Dec 2007 495,616 …SHR — “C:\WINDOWS\system32\dllcache\windmns.exe”
Finished!
Złączono Posta : 10.12.2007 (Pon) 19:14
jak zrobic Log z ComboFix???
Masz przyklejone w temacie przecież…
Log z ComboFix…
Zastosuj się do tego Tematu i zmień tytuł tematu na konkretny inaczej KOSZ
Pozdrawiam Gutek2222