Problem z uruchomieniem systemu w trybie normalnym- Wirus?

Dla specjalistów Bezpieczeństwo
#1

Witam

Po uruchomieniu komputera, system …stawał na , stronie powitalnej’’. Po dwukrotnym restarcie…było tak samo… Otworzył się dopiero w trybie awaryjnym, w którym to użyłam przywracania systemu. Następnie zeskanowałam kompa avastą- wersja 4.8 Home Edition. Antywirus wykrył wirusy. Usunęłam je…jednak komp dalej szwankuje. Wklejam log z RSIT i ślicznie proszę o jego sprawdzenie i ewentualne porady. Dodam, że moja wersja systemu operacyjnego to - Microsoft Windows XP Home Edition.

Wersja: 5.1.2600 Dodatek Service Pack: 3.0

Z góry dziękuje!

Logfile of random’s system information tool 1.06 (written by random/random)

Run by abcd at 2010-03-27 15:33:11

Microsoft Windows XP Home Edition Dodatek Service Pack 3

System drive C: has 18 GB (46%) free of 38 GB

Total RAM: 1791 MB (29% free)

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 15:34:12, on 2010-03-27

Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Ahead\InCD\InCDsrv.exe

C:\Program Files\avast! 4.8.1335 Home Edition PL\aswUpdSv.exe

C:\Program Files\avast! 4.8.1335 Home Edition PL\ashServ.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\CTsvcCDA.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PSIService.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\avast! 4.8.1335 Home Edition PL\ashMaiSv.exe

C:\Program Files\avast! 4.8.1335 Home Edition PL\ashWebSv.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe

C:\Program Files\Lexmark 3300 Series\lxccmon.exe

C:\PROGRA~1\AVAST!~1.133\ashDisp.exe

E:\Winamp\winampa.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

C:\WINDOWS\system32\lxcccoms.exe

C:\Program Files\Ahead\InCD\InCD.exe

C:\Program Files\Vista Drive Icon\DrvIcon.exe

C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Documents and Settings\abcd\Pulpit\RSIT.exe

C:\Program Files\trend micro\abcd.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.mywebsearch.com/index.jhtml … n=77ce826a

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: IEPluginBHO - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Documents and Settings\abcd\Dane aplikacji\Nowe Gadu-Gadu_userdata\ggbho.1.dll

O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM…\Run: [nwiz] nwiz.exe /install

O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM…\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe 1

O4 - HKLM…\Run: [lxccmon.exe] “C:\Program Files\Lexmark 3300 Series\lxccmon.exe”

O4 - HKLM…\Run: [FaxCenterServer] “C:\Program Files\Lexmark Fax Solutions\fm3032.exe” /s

O4 - HKLM…\Run: [avast!] C:\PROGRA~1\AVAST!~1.133\ashDisp.exe

O4 - HKLM…\Run: [WinampAgent] E:\Winamp\winampa.exe

O4 - HKLM…\Run: [sunJavaUpdateSched] “C:\Program Files\Java\jre6\bin\jusched.exe”

O4 - HKLM…\Run: [RemoteControl] “C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe”

O4 - HKLM…\Run: [inCD] C:\Program Files\Ahead\InCD\InCD.exe

O4 - HKLM…\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM…\Run: [QuickTime Task] “F:\QuickTime 7.62\qttask.exe” -atboottime

O4 - HKLM…\Run: [DrvIcon] C:\Program Files\Vista Drive Icon\DrvIcon.exe

O4 - HKLM…\Run: [TkBellExe] “C:\Program Files\Common Files\Real\Update_OB\realsched.exe” -osboot

O4 - HKLM…\Run: [LXCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll,_RunDLLEntry@16

O4 - HKCU…\Run: [CTSyncU.exe] “C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe”

O4 - HKCU…\Run: [Nowe Gadu-Gadu] “E:\GaduGadu\Nowe Gadu-Gadu\gg.exe”

O4 - HKCU…\Run: [ALLUpdate] “F:\ALLPlayer 4.0\ALLPlayer\ALLUpdate.exe” “sleep”

O4 - HKCU…\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU…\Run: [Odkurzacz-MCD] E:\Odkurzacz 11.0.0108\Odkurzacz\odk_mcd.exe

O4 - HKCU…\Run: [swg] “C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe”

O4 - HKCU…\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background

O4 - HKCU…\Run: [hayeh] C:\Documents and Settings\abcd\hayeh.exe

O4 - HKCU…\Run: [eMuleAutoStart] E:\eMule v0. 49c\eMule\emule.exe -AutoStart

O8 - Extra context menu item: Funkcja Google Sidewiki - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O15 - Trusted Zone: http://www.mks.com.pl

O17 - HKLM\System\CCS\Services\Tcpip…{160D00C2-9717-4A8C-8484-B572826EE8E6}: NameServer = 194.204.152.34 194.204.159.1

O17 - HKLM\System\CS1\Services\Tcpip…{160D00C2-9717-4A8C-8484-B572826EE8E6}: NameServer = 194.204.152.34 194.204.159.1

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\avast! 4.8.1335 Home Edition PL\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\avast! 4.8.1335 Home Edition PL\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\avast! 4.8.1335 Home Edition PL\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\avast! 4.8.1335 Home Edition PL\ashWebSv.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe

O23 - Service: Usługa Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: lxcc_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcccoms.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe

O23 - Service: FrontLine Drivers Auto Removal (v2) (sfrem02) - Protection Technology (StarForce) - C:\WINDOWS\system32\sfrem02.exe

End of file - 8441 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx [2001-03-02 37808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{3049C3E9-B461-4BC5-8870-4C09146192CA}]

RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2009-12-12 329312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{AA58ED58-01DD-4d91-8333-CF10577473F7}]

Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-01-31 279664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]

Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll [2010-01-31 812528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-07-16 41368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]

JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-07-16 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D}]

IEPluginBHO Class - C:\Documents and Settings\abcd\Dane aplikacji\Nowe Gadu-Gadu_userdata\ggbho.1.dll [2009-05-28 42088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - StylerToolBar - C:\Program Files\Styler\TB\StylerTB.dll [2006-05-02 102400]

{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-01-31 279664]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

“NvCplDaemon”=C:\WINDOWS\system32\NvCpl.dll [2009-01-21 13680640]

“nwiz”=nwiz.exe /install []

“NvMediaCenter”=C:\WINDOWS\system32\NvMcTray.dll [2009-01-21 86016]

“HDAudDeck”=C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe [2009-02-27 33599488]

“lxccmon.exe”=C:\Program Files\Lexmark 3300 Series\lxccmon.exe [2005-07-21 192512]

“FaxCenterServer”=C:\Program Files\Lexmark Fax Solutions\fm3032.exe [2005-07-12 299008]

“avast!”=C:\PROGRA~1\AVAST!~1.133\ashDisp.exe [2009-11-25 81000]

“WinampAgent”=E:\Winamp\winampa.exe [2009-07-01 37888]

“SunJavaUpdateSched”=C:\Program Files\Java\jre6\bin\jusched.exe [2009-07-16 148888]

“RemoteControl”=C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe [2003-12-08 32768]

“InCD”=C:\Program Files\Ahead\InCD\InCD.exe [2004-09-07 1400944]

“NeroFilterCheck”=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]

“QuickTime Task”=F:\QuickTime 7.62\qttask.exe [2009-05-26 413696]

“DrvIcon”=C:\Program Files\Vista Drive Icon\DrvIcon.exe [2008-04-13 49152]

“TkBellExe”=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2009-12-12 198160]

“LXCCCATS”=rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll,_RunDLLEntry@16 []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

“CTSyncU.exe”=C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe [2007-05-30 868352]

“Nowe Gadu-Gadu”=E:\GaduGadu\Nowe Gadu-Gadu\gg.exe [2009-08-31 11391592]

“ALLUpdate”=F:\ALLPlayer 4.0\ALLPlayer\ALLUpdate.exe [2009-06-04 869888]

“ctfmon.exe”=C:\WINDOWS\system32\ctfmon.exe [2008-04-15 15360]

“Odkurzacz-MCD”=E:\Odkurzacz 11.0.0108\Odkurzacz\odk_mcd.exe [2008-01-04 265216]

“swg”=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-11-01 39408]

“MSMSGS”=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]

“hayeh”=C:\Documents and Settings\abcd\hayeh.exe []

“eMuleAutoStart”=E:\eMule v0. 49c\eMule\emule.exe [2009-02-22 5668864]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

“dontdisplaylastusername”=0

“legalnoticecaption”=

“legalnoticetext”=

“shutdownwithoutlogon”=1

“undockwithoutlogon”=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

“NoDriveTypeAutoRun”=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

“HonorAutoRunSetting”=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

“%windir%\Network Diagnostic\xpnetdiag.exe”="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

“%windir%\system32\sessmgr.exe”="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

“E:\GaduGadu\Nowe Gadu-Gadu\gg.exe”=“E:\GaduGadu\Nowe Gadu-Gadu\gg.exe:*:Disabled:Nowe Gadu-Gadu”

“E:\eMule\emule.exe”=“E:\eMule\emule.exe:*:Disabled:eMule”

“E:\Tlen\Tlen.pl\tlen.exe”=“E:\Tlen\Tlen.pl\tlen.exe:*:Disabled:Komunikator Tlen.pl”

“E:\eMule v0. 49c\eMule\emule.exe”=“E:\eMule v0. 49c\eMule\emule.exe:*:Disabled:eMule”

“C:\Program Files\Mozilla Firefox\firefox.exe”=“C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Mozilla Firefox”

“F:\Blobby\volley.exe”=“F:\Blobby\volley.exe:*:Disabled:volley”

“C:\Program Files\Skype\Phone\Skype.exe”=“C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype”

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

“%windir%\Network Diagnostic\xpnetdiag.exe”="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

“%windir%\system32\sessmgr.exe”="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{a6bb0ab4-09b8-11df-b572-001966d18b15}]

shell\AutoRun\command - G:\c2e.exe

shell\open\command - G:\c2e.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{d95cb076-0693-11df-b568-001966d18b15}]

shell\AutoRun\command - G:\9xf8.exe

shell\open\command - G:\9xf8.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{d99cba08-f6cf-11de-b526-001966d18b15}]

shell\AutoRun\command - G:\nhx.exe

shell\open\command - G:\nhx.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{db1321fc-8b1e-11de-b3d2-001966d18b15}]

shell\AutoRun\command - H:\anoataly.exe

shell\open\command - H:\anoataly.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{e389a146-6bed-11de-b4ad-806d6172696f}]

shell\AutoRun\command - c2e.exe

shell\open\command - c2e.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{e389a147-6bed-11de-b4ad-806d6172696f}]

shell\AutoRun\command - c2e.exe

shell\open\command - c2e.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{e389a148-6bed-11de-b4ad-806d6172696f}]

shell\AutoRun\command - c2e.exe

shell\open\command - c2e.exe

======List of files/folders created in the last 1 months======

2010-03-27 15:33:11 ----D---- C:\rsit

2010-03-27 15:33:11 ----D---- C:\Program Files\trend micro

2010-03-27 10:56:57 ----A---- C:\WINDOWS\ntbtlog.txt

2010-03-25 13:58:52 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Gadu-Gadu 10

2010-03-25 13:58:38 ----D---- C:\Documents and Settings\abcd\Dane aplikacji\Gadu-Gadu 10

2010-03-25 13:58:29 ----D---- C:\Program Files\Gadu-Gadu 10

2010-03-10 21:49:54 ----HDC---- C:\WINDOWS$NtUninstallKB975561$

2010-03-06 18:04:23 ----N---- C:\WINDOWS\system32\browserchoice.exe

2010-02-28 22:28:24 ----D---- C:\Program Files\PlayReady

======List of files/folders modified in the last 1 months======

2010-03-27 15:33:11 ----D---- C:\Program Files

2010-03-27 15:15:44 ----D---- C:\WINDOWS\Help

2010-03-27 15:12:55 ----A---- C:\WINDOWS\VPlayer.INI

2010-03-27 15:07:38 ----D---- C:\WINDOWS\Temp

2010-03-27 14:17:38 ----D---- C:\WINDOWS\Prefetch

2010-03-27 13:21:16 ----D---- C:\Documents and Settings\abcd\Dane aplikacji\OpenOffice.org2

2010-03-27 11:03:00 ----D---- C:\WINDOWS\system32\CatRoot2

2010-03-27 11:01:57 ----D---- C:\WINDOWS\system32\config

2010-03-27 11:01:48 ----D---- C:\WINDOWS\system32\wbem

2010-03-27 11:01:48 ----D---- C:\WINDOWS\Registration

2010-03-27 11:01:35 ----D---- C:\Documents and Settings\abcd\Dane aplikacji\gtk-2.0

2010-03-27 11:01:34 ----D---- C:\Program Files\Mozilla Firefox

2010-03-27 10:57:09 ----D---- C:\Documents and Settings

2010-03-27 10:56:57 ----D---- C:\WINDOWS

2010-03-26 19:33:21 ----A---- C:\WINDOWS\SchedLgU.Txt

2010-03-25 13:58:46 ----SHD---- C:\WINDOWS\Installer

2010-03-24 22:28:48 ----D---- C:\Documents and Settings\abcd\Dane aplikacji\Winamp

2010-03-23 20:37:10 ----A---- C:\WINDOWS\NeroDigital.ini

2010-03-22 03:15:58 ----D---- C:\WINDOWS\system32\VIRepair

2010-03-21 18:07:40 ----D---- C:\WINDOWS\WinSxS

2010-03-21 18:07:40 ----D---- C:\WINDOWS\system32\drivers

2010-03-21 14:36:28 ----D---- C:\WINDOWS\system32

2010-03-20 17:05:27 ----D---- C:\WINDOWS\pchealth

2010-03-15 14:50:59 ----A---- C:\WINDOWS\win.ini

2010-03-15 14:14:02 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\OpenFM

2010-03-13 19:59:20 ----D---- C:\Documents and Settings\abcd\Dane aplikacji\Any Video Converter

2010-03-10 21:49:59 ----HD---- C:\WINDOWS\inf

2010-03-10 21:49:56 ----RSHDC---- C:\WINDOWS\system32\dllcache

2010-03-10 21:49:56 ----D---- C:\Program Files\Movie Maker

2010-03-10 21:49:51 ----HD---- C:\WINDOWS$hf_mig$

2010-03-10 16:40:30 ----D---- C:\Documents and Settings\abcd\Dane aplikacji\ipla

2010-03-08 00:04:52 ----D---- C:\Documents and Settings\abcd\Dane aplikacji\skypePM

2010-03-07 15:47:51 ----D---- C:\Documents and Settings\abcd\Dane aplikacji\Skype

2010-03-07 14:55:49 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Real

2010-03-07 14:55:27 ----D---- C:\Documents and Settings\abcd\Dane aplikacji\Real

2010-03-05 19:16:46 ----A---- C:\WINDOWS\cdplayer.ini

2010-03-05 06:28:19 ----D---- C:\Program Files\Lx_cats

2010-03-02 06:30:12 ----A---- C:\WINDOWS\system32\MRT.exe

2010-02-28 22:34:50 ----D---- C:\WINDOWS\Minidump

2010-02-28 22:28:29 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\ipla

2010-02-28 22:28:24 ----SD---- C:\Documents and Settings\All Users\Dane aplikacji\Microsoft

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-11-25 27408]

R1 AmdPPM;Sterownik procesora AMD HwPState; C:\WINDOWS\system32\DRIVERS\AmdPPM.sys [2007-04-16 33792]

R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-11-25 114768]

R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-11-25 48560]

R1 InCDPass;InCDPass; C:\WINDOWS\System32\DRIVERS\InCDPass.sys [2004-09-07 28544]

R1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2009-07-28 5632]

R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-11-25 20560]

R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-11-25 94160]

R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-11-25 23120]

R3 HDAudBus;Sterownik magistrali Microsoft UAA dla High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-15 144384]

R3 HidUsb;Sterownik Microsoft klasy HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]

R3 M1000Srv;M5603C USB2.0 Camera Driver; C:\WINDOWS\System32\Drivers\M1000KNT.sys [2005-07-01 276930]

R3 monfilt;monfilt; C:\WINDOWS\system32\drivers\monfilt.sys [2008-02-14 1389056]

R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2009-01-21 6305472]

R3 NVENETFD;NVIDIA nForce 10/100 Mbps Ethernet ; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2008-03-25 54400]

R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2008-03-25 22016]

R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-12-05 10368]

R3 usbccgp;Rodzajowy sterownik nadrzędny USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]

R3 usbehci;Sterownik Miniport rozszerzonego kontrolera hosta USB 2.0 Microsoft; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-15 30208]

R3 usbhub;Koncentrator z obsługą USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-15 59520]

R3 usbohci;Sterownik Miniport otwartego kontrolera hosta USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-15 17152]

R3 usbprint;Klasa PRINTER USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]

R3 usbscan;Sterownik skanera USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]

R3 VIAHdAudAddService;VIA High Definition Audio Driver Service; C:\WINDOWS\system32\drivers\viahduaa.sys [2009-02-16 1057024]

R4 InCDfs;InCD File System; C:\WINDOWS\system32\drivers\InCDfs.sys [2004-09-07 91136]

S3 CCDECODE;Dekoder napisów; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]

S3 MemStPCI;Kontroler modułów pamięci Memory Stick Sony (PCI); C:\WINDOWS\system32\DRIVERS\MemStPCI.SYS [2008-04-13 26112]

S3 MSTEE;Konwerter strumieni Tee/Sink-to-Sink Microsoft Streaming; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]

S3 NABTSFEC;Koder-dekoder NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]

S3 NdisIP;Połączenie TV/wideo firmy Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]

S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]

S3 sscdbus;SAMSUNG USB Composite Device driver (WDM); C:\WINDOWS\system32\DRIVERS\sscdbus.sys [2007-07-03 80552]

S3 sscdmdfl;SAMSUNG Mobile Modem Filter; C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys [2007-07-03 11944]

S3 sscdmdm;SAMSUNG Mobile Modem Drivers; C:\WINDOWS\system32\DRIVERS\sscdmdm.sys [2007-07-03 106792]

S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]

S3 USBSTOR;Sterownik magazynu masowego USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]

S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2005-01-28 18944]

S3 WSTCODEC;Kodery-dekodery teletekstu w standardzie światowym; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]

S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\avast! 4.8.1335 Home Edition PL\aswUpdSv.exe [2009-11-25 18752]

R2 avast! Antivirus;avast! Antivirus; C:\Program Files\avast! 4.8.1335 Home Edition PL\ashServ.exe [2009-11-25 138680]

R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\system32\CTsvcCDA.exe [1999-12-13 44032]

R2 InCDsrv;InCD Helper; C:\Program Files\Ahead\InCD\InCDsrv.exe [2004-09-07 1151090]

R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-07-16 152984]

R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2009-01-21 163908]

R2 ProtexisLicensing;ProtexisLicensing; C:\WINDOWS\system32\PSIService.exe [2007-06-05 177704]

R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]

R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\avast! 4.8.1335 Home Edition PL\ashMaiSv.exe [2009-11-25 254040]

R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\avast! 4.8.1335 Home Edition PL\ashWebSv.exe [2009-11-25 352920]

R3 lxcc_device;lxcc_device; C:\WINDOWS\system32\lxcccoms.exe [2005-07-06 466944]

S2 gupdate;Usługa Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-01-31 135664]

S2 sfrem02;FrontLine Drivers Auto Removal (v2); C:\WINDOWS\system32\sfrem02.exe [2006-05-11 358008]

S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-11-01 182768]

-----------------EOF-----------------

#2

log wkleja się na wklej.org lub na podobnych stronach awasta zaktualizuj bo jest już wersja 5 a z tym szwankowaniem dokładniej opisz (chodzi wolno, wyłącza się itd)

#3

Przepraszam! :? ![-o<

Link do loga - http://wklej.org/id/304975/

A co do rodzaju szwankowania, to poza problemem z uruchomieniem systemu…no cóż… Wolno chodzi, zamula. Ma problem z prawidłowym zamknięciem różnych aplikacji i programów i…co szczególnie…irytujące i znaczące…jakiś czas temu klikając na ,Mój komputer’’ i chcąc otworzyć którykolwiek z dysków głównych- tak jak dotychczas, dwuklikiem-otwierało się się okienko z ,Otwórz za pomocą’’. W rezultacie dyski mogłam otwierać za pomocą- Eksploruj

#4

tak na szybko mógł byś przeskanować kompa za pomocą malwarebytes antimalware i powywalać pare zbędnych programów z autostartu to przyspieszy start co do logu

C:\Documents and Settings\abcd\Pulpit\RSIT.exe

C:\Program Files\trend micro\abcd.exe

wyglądają dla mnie troche dziwnie ale przyznam że nie jestem expertem. weż tę pliki i przeskanuj na http://www.virustotal.com/pl/ tak dla pewności.

najlepiej niech ktoś jeszcze wypowie się na ten temat tak dla upewnienia.

mam nadzieje że pomoże

#5

C:\Documents and Settings\abcd\Pulpit\RSIT.exe to program o nazwie RSIT :slight_smile:

C:\Program Files\trend micro\abcd.exe na pewno też nic szkodliwego, bo jest od trend micro poza tym, to jest nazwa użytkownika. Widocznie user zmienił nazwę HJT na np nazwę swojego użytkownika :slight_smile:

#6

RSIT.exe wyglądał dla mnie dziwnie ponieważ jest uruchomiony na pulpicie a pulpit jest w folderze abcd może to być przypadek ale ogólnie jeżeli coś się automatycznie uruchamia a jest na pulpicie to jest to jakiś virus

#7

Bo abcd to użytkownik.

#8

trochę nietypowa nazwa użytkownika ale zgodzisz się chyba z tym że normalnie pliki z pulpitu nie powinny się automatycznie uruchamiać?

#9

Użyj - http://www.bezpieczenstwosystemow.pl/in … pic=1647.0

- Flash Disinfector

- BitDefender Pica Removal Tool

- PRT (Perlovga Removal Tool)

- Panda USB Vaccine

Optymalizacja XP: viewtopic.php?t=76580

Optymalizacja autostartu: http://www.bezpieczenstwosystemow.pl/in … opic=116.0

Czyszczenie rejestru:

CCleaner http://www.dobreprogramy.pl/CCleaner,Pr … 13061.html