Witam,

Mój kompter ostatnio strasznie się tnie i to przy najprostszych czynnościach. Prędkość zmniejszyła się o połowę…a nie chcę robić formata bo to nudne Będę szalenie wdzięczna za pomoc

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 13:31:14, on 2009-02-14

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16791)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\WINDOWS\ehome\ehtray.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\vsnp2std.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\Program Files\PowerISO\PWRISOVM.EXE

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Gadu-Gadu\gg.exe

C:\Program Files\Winamp\winamp.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.pl/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM…\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

O4 - HKLM…\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM…\Run: [nwiz] nwiz.exe /install

O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM…\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM…\Run: [snp2std] C:\WINDOWS\vsnp2std.exe

O4 - HKLM…\Run: [avgnt] “C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe” /min

O4 - HKLM…\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE

O4 - HKLM…\Run: [WinampAgent] “C:\Program Files\Winamp\winampa.exe”

O4 - HKLM…\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM…\Run: [sunJavaUpdateSched] “C:\Program Files\Java\jre6\bin\jusched.exe”

O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU…\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background

O4 - HKCU…\Run: [kamsoft] C:\WINDOWS\system32\ckvo.exe

O4 - HKCU…\Run: [uTorrent] “C:\Program Files\uTorrent\uTorrent.exe”

O4 - HKUS\S-1-5-19…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘USŁUGA LOKALNA’)

O4 - HKUS\S-1-5-20…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘USŁUGA SIECIOWA’)

O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’)

O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’)

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {92ECE6FA-AC2E-4042-BFAE-0C8608E52A43} (SignActivX Control) - https://www.bph.pl/pi/components/SignActivX.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s … wflash.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

–

End of file - 5708 bytes

Infekcja z pendrive’a.

Daj log z ComboFix

Nowsza instrukcja obsługi ComboFixa >http://www.bleepingcomputer.com/combofix/pl/instrukcja-uzycia-combofix

jessi

Proszę zmienić temat na konkretny, opcja EDYTUJ i popraw.JNJN

ComboFix 09-02-12.03 - deMoniQue 2009-02-14 18:15:42.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1250.1.1033.18.511.300 [GMT 1:00]

Uruchomiony z: c:\documents and settings\deMoniQue\Desktop\ComboFix.exe

AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated)

* Utworzono nowy punkt przywracania

.

((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\autorun.inf

D:\Autorun.inf

.

((((((((((((((((((((((((( Pliki utworzone od 2009-01-14 do 2009-02-14 )))))))))))))))))))))))))))))))

.

2009-02-14 13:30 . 2009-02-14 13:30

2009-02-13 16:43 . 2009-02-13 16:44

2009-02-13 16:23 . 2009-02-13 16:23

2009-02-13 14:25 . 2009-02-13 14:25

2009-02-13 14:10 . 2006-11-29 13:06 3,426,072 --a------ c:\windows\system32\d3dx9_32.dll

2009-02-13 14:10 . 2006-09-28 16:05 2,414,360 --a------ c:\windows\system32\d3dx9_31.dll

2009-02-13 14:10 . 2006-12-08 12:02 251,672 --a------ c:\windows\system32\xactengine2_5.dll

2009-02-13 14:10 . 2006-09-28 16:05 237,848 --a------ c:\windows\system32\xactengine2_4.dll

2009-02-13 14:10 . 2006-07-28 09:30 236,824 --a------ c:\windows\system32\xactengine2_3.dll

2009-02-13 14:10 . 2006-07-28 09:30 62,744 --a------ c:\windows\system32\xinput1_2.dll

2009-02-11 10:01 . 2009-02-11 10:01

2009-02-01 16:07 . 2009-02-01 16:07

2009-01-31 18:58 . 2009-01-31 18:58

2009-01-31 18:56 . 2009-01-31 18:56

2009-01-14 19:47 . 2009-01-14 19:47

.

(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-02-14 11:43 --------- d-----w c:\documents and settings\deMoniQue\Application Data\uTorrent

2009-02-14 11:42 --------- d–h--w c:\program files\InstallShield Installation Information

2009-02-13 09:20 26,064 ----a-w c:\documents and settings\deMoniQue\Application Data\GDIPFONTCACHEV1.DAT

2009-01-12 09:45 --------- d-----w c:\documents and settings\deMoniQue\Application Data\Image Zone Express

2009-01-03 08:11 --------- d-----w c:\program files\Java

2008-12-20 23:15 826,368 ----a-w c:\windows\system32\wininet.dll

2008-12-11 07:24 107,888 ----a-w c:\windows\system32\CmdLineExt.dll

2004-10-01 13:00 40,960 ----a-w c:\program files\Uninstall_CDS.exe

2008-09-30 18:17 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008093020081001\index.dat

.

((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“CTFMON.EXE”=“c:\windows\system32\ctfmon.exe” [2008-04-14 15360]

“MSMSGS”=“c:\program files\Messenger\msmsgs.exe” [2008-04-14 1695232]

“uTorrent”=“c:\program files\uTorrent\uTorrent.exe” [2008-10-13 270128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“ehTray”=“c:\windows\ehome\ehtray.exe” [2005-08-05 64512]

“NvCplDaemon”=“c:\windows\system32\NvCpl.dll” [2005-08-02 7110656]

“NvMediaCenter”=“c:\windows\system32\NvMcTray.dll” [2005-08-02 86016]

“NeroFilterCheck”=“c:\windows\system32\NeroCheck.exe” [2001-07-09 155648]

“snp2std”=“c:\windows\vsnp2std.exe” [2006-09-15 675840]

“avgnt”=“c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe” [2008-07-18 266497]

“PWRISOVM.EXE”=“c:\program files\PowerISO\PWRISOVM.EXE” [2008-07-07 167936]

“HP Software Update”=“c:\program files\HP\HP Software Update\HPWuSchd2.exe” [2005-05-11 49152]

“SunJavaUpdateSched”=“c:\program files\Java\jre6\bin\jusched.exe” [2008-11-10 136600]

“SoundMan”=“SOUNDMAN.EXE” [2004-12-22 c:\windows\SOUNDMAN.EXE]

“nwiz”=“nwiz.exe” [2005-08-02 c:\windows\system32\nwiz.exe]

[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

“CTFMON.EXE”=“c:\windows\system32\CTFMON.EXE” [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 282624]

Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

“%windir%\system32\sessmgr.exe”=

“c:\Program Files\Messenger\msmsgs.exe”=

“c:\Program Files\uTorrent\uTorrent.exe”=

“c:\Program Files\Firaxis Games\Sid Meier’s Civilization 4\Civilization4.exe”=

“%windir%\Network Diagnostic\xpnetdiag.exe”=

“c:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe”=

“c:\Program Files\HP\Digital Imaging\bin\hpqste08.exe”=

“c:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe”=

“c:\Program Files\HP\Digital Imaging\bin\hposfx08.exe”=

“c:\Program Files\HP\Digital Imaging\bin\hposid01.exe”=

“c:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe”=

“c:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe”=

“c:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe”=

“c:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe”=

“c:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe”=

“c:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe”=

“c:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe”=

“c:\Program Files\HP\Digital Imaging\bin\hpoews01.exe”=

“c:\Program Files\Skype\Phone\Skype.exe”=

“d:\Call of Duty 4 - Modern Warfare\iw3mp.exe”=

“d:\Honor_pol\MOHAA.EXE”=

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{118b338a-7f60-11dd-8367-0014858c2110}]

\Shell\AutoRun\command - e.com

\Shell\explore\Command - e.com

\Shell\open\Command - e.com

.

• • • • USUNIĘTO PUSTE WPISY - - - -

HKLM-Run-WinampAgent - c:\program files\Winamp\winampa.exe

.

------- Skan uzupełniający -------

.

uStart Page = hxxp://google.pl/

uInternet Connection Wizard,ShellNext = iexplore

IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000

DPF: {92ECE6FA-AC2E-4042-BFAE-0C8608E52A43} - hxxps://www.bph.pl/pi/components/SignActivX.cab

FF - ProfilePath - c:\documents and settings\deMoniQue\Application Data\Mozilla\Firefox\Profiles\meckr7xx.default\

FF - prefs.js: browser.startup.homepage - hxxp://google.pl/

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-02-14 18:16:39

Windows 5.1.2600 Service Pack 3 NTFS

skanowanie ukrytych procesów …

skanowanie ukrytych wpisów autostartu …

skanowanie ukrytych plików …

skanowanie pomyślnie ukończone

ukryte pliki: 0

**************************************************************************

.

Czas ukończenia: 2009-02-14 18:17:44

ComboFix-quarantined-files.txt 2009-02-14 17:17:36

Przed: 6 402 789 376 bytes free

Po: 6,999,285,760 bajtów wolnych

Oto log z combofix

WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT=“Microsoft Windows Recovery Console” /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS=“Windows XP Media Center Edition” /noexecute=optin /fastdetect

128 — E O F — 2009-02-11 11:33:06

Otwórz notatnik i wklej

zapisz jako plik.reg >> wszystkie pliki

powstanie plik o takiej ikonie

w który dwa razy klikniesz potwierdzisz chęć dodania do rejestru potem restart

Log wygląda na czysty

Pobierz CCleaner http://www.filehippo.com/download_ccleaner/

przeskanuj nim i wyczyść rejestr.

zrób optymalizacje uruchamiania

http://cybertrash.netarteria.pl/cyber/i … 378.0.html

usuń ręcznie folder C: \Qoobox usuń instalkę Combofix z dysku.

Wyłącz I włącz przywracanie systemu na wszystkich dyskach.http://support.microsoft.com/kb/310405/pl

przeskanuj obszar Mój komputer http://www.kaspersky.pl/virusscanner.html gdy będą wirusy pokaż raport