Program PrevX Csi free znalazł coś


(Grzenoo) #1

Witam

od pewnego czasu komputer strasznie powoli sie uruchamia, a jak sie uruchomi to praca na nim nie należy do przyjemności tak mulii.

Zestaw składa sie z procesora intel core 2 duo 1.86, ram 1 gb, zainstalowany system to Xp z servisem 2. Przeprowadziłem skan jak w temacie i wykrył mi jakiegoś robala ale nie wiem jak go usunąc i czy może być on przyczyną takiego mulenia i spowolnienia komputera?

Zrobiłem loga programem HijackThis prosze o analizę i wskazówki co może być tego przyczyną :\

Logfile of HijackThis v1.99.1

Scan saved at 11:08:25, on 2008-03-16

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Ahead\InCD\InCDsrv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\G DATA InternetSecurity\AVKTray\AVKTray.exe

C:\WINDOWS\system32\RunDLL32.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\G DATA InternetSecurity\Firewall\GDFirewallTray.exe

C:\Program Files\PLANET\PLANET WL-U356A\WlanUtil.exe

C:\Program Files\G DATA InternetSecurity\AVK\AVKService.exe

C:\Program Files\G DATA InternetSecurity\AVK\AVKWCtl.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Common Files\G DATA\AVKProxy\AVKProxy.exe

C:\Program Files\G DATA InternetSecurity\Firewall\GDFwSvc.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Opera\Opera.exe

E:\uruchom.exe

C:\DOCUME~1\BIOTOMA\USTAWI~1\Temp\Katalog tymczasowy 1 dla hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bankbps.pl/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,c:\program files\g data internetsecurity\avkkid\avkcks.exe

O2 - BHO: G DATA WebFilter Class - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files\G DATA InternetSecurity\Webfilter\AvkWebIE.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O3 - Toolbar: G DATA WebFilter - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files\G DATA InternetSecurity\Webfilter\AvkWebIE.dll

O4 - HKLM..\Run: [AVKTray] "C:\Program Files\G DATA InternetSecurity\AVKTray\AVKTray.exe"

O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit

O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - Global Startup: NewShortcut2.lnk = ?

O4 - Global Startup: PLANET WL-U356A Utility.lnk = C:\Program Files\PLANET\PLANET WL-U356A\WlanUtil.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 9459610265

O17 - HKLM\System\CCS\Services\Tcpip..{3E975B16-A317-4AB8-8312-4C3DA98BDE25}: NameServer = 192.168.0.5

O17 - HKLM\System\CCS\Services\Tcpip..{5AA28462-E2F1-48C2-A56D-978222BEFE65}: NameServer = 194.204.159.1,80.50.50.50

O17 - HKLM\System\CCS\Services\Tcpip..{9ECCD502-39D8-4986-BD43-4FC0493AAA33}: NameServer = 192.168.0.5

O17 - HKLM\System\CS1\Services\Tcpip..{3E975B16-A317-4AB8-8312-4C3DA98BDE25}: NameServer = 192.168.0.5

O17 - HKLM\System\CS2\Services\Tcpip..{3E975B16-A317-4AB8-8312-4C3DA98BDE25}: NameServer = 192.168.0.5

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: AVKProxy - G DATA Software AG - C:\Program Files\Common Files\G DATA\AVKProxy\AVKProxy.exe

O23 - Service: AVK Service (AVKService) - G DATA Software AG - C:\Program Files\G DATA InternetSecurity\AVK\AVKService.exe

O23 - Service: Strażnik AVK (AVKWCtl) - G DATA Software AG - C:\Program Files\G DATA InternetSecurity\AVK\AVKWCtl.exe

O23 - Service: G DATA Personal Firewall (GDFwSvc) - G DATA Software AG - C:\Program Files\G DATA InternetSecurity\Firewall\GDFwSvc.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe


(Dmirecki) #2

Pokaż log z ComboFix. Opis w temacie przyklejonym do tego działu.


(Grzenoo) #3

Log z programu CoboFix na stroniie:

http://wklej.org/id/66d9da6fac

pozdrawiam


(Leon$) #4

wpis

usuń HijackThisem >> Fix checked

otwórz notatnik i wklej

zapisz jako plik.reg >> wszystkie pliki >> scal z rejestrem >> restart

b57f17008275c957m.jpg

powstanie plik o takiej ikonie

062aec4c9b51c033m.jpg

w który dwa razy klikniesz potwierdzisz chęć dodania do rejestru potem restart

Po restarcie jeśli wszystko będzie OK usuń ręcznie folder C: \Qoobox

usuń instalkę Combofix z dysku.

zrób optymalizacje autostartu http://cybertrash.netarteria.pl/cyber/index.php/topic,378.0.html

:slight_smile:


(Grzenoo) #5

A co zrobić jak nie występuje ten wpis na liście co można usuwać?

teraz jest następujący log:

Logfile of HijackThis v1.99.1

Scan saved at 15:09:57, on 2008-03-16

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Ahead\InCD\InCDsrv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\G DATA InternetSecurity\AVKTray\AVKTray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\G DATA InternetSecurity\Firewall\GDFirewallTray.exe

C:\Program Files\PLANET\PLANET WL-U356A\WlanUtil.exe

C:\Program Files\G DATA InternetSecurity\AVK\AVKService.exe

C:\Program Files\G DATA InternetSecurity\AVK\AVKWCtl.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Common Files\G DATA\AVKProxy\AVKProxy.exe

C:\Program Files\G DATA InternetSecurity\Firewall\GDFwSvc.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Opera\Opera.exe

C:\DOCUME~1\BIOTOMA\USTAWI~1\Temp\Katalog tymczasowy 3 dla hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bankbps.pl/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: G DATA WebFilter Class - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files\G DATA InternetSecurity\Webfilter\AvkWebIE.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O3 - Toolbar: G DATA WebFilter - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files\G DATA InternetSecurity\Webfilter\AvkWebIE.dll

O4 - HKLM…\Run: [AVKTray] “C:\Program Files\G DATA InternetSecurity\AVKTray\AVKTray.exe”

O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM…\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit

O4 - HKCU…\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU…\Run: [skype] “C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized

O4 - Global Startup: NewShortcut2.lnk = ?

O4 - Global Startup: PLANET WL-U356A Utility.lnk = C:\Program Files\PLANET\PLANET WL-U356A\WlanUtil.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows … 9459610265

O17 - HKLM\System\CCS\Services\Tcpip…{3E975B16-A317-4AB8-8312-4C3DA98BDE25}: NameServer = 192.168.0.5

O17 - HKLM\System\CCS\Services\Tcpip…{5AA28462-E2F1-48C2-A56D-978222BEFE65}: NameServer = 194.204.159.1,80.50.50.50

O17 - HKLM\System\CCS\Services\Tcpip…{9ECCD502-39D8-4986-BD43-4FC0493AAA33}: NameServer = 192.168.0.5

O17 - HKLM\System\CS1\Services\Tcpip…{3E975B16-A317-4AB8-8312-4C3DA98BDE25}: NameServer = 192.168.0.5

O17 - HKLM\System\CS2\Services\Tcpip…{3E975B16-A317-4AB8-8312-4C3DA98BDE25}: NameServer = 192.168.0.5

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: AVKProxy - G DATA Software AG - C:\Program Files\Common Files\G DATA\AVKProxy\AVKProxy.exe

O23 - Service: AVK Service (AVKService) - G DATA Software AG - C:\Program Files\G DATA InternetSecurity\AVK\AVKService.exe

O23 - Service: Strażnik AVK (AVKWCtl) - G DATA Software AG - C:\Program Files\G DATA InternetSecurity\AVK\AVKWCtl.exe

O23 - Service: G DATA Personal Firewall (GDFwSvc) - G DATA Software AG - C:\Program Files\G DATA InternetSecurity\Firewall\GDFwSvc.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe


(Leon$) #6

Nic nie usuwać

zrobić plik.reg jak opisałem

Log czysty

:slight_smile: