Proszę o sprawdzenie logu -komp wolno chodzi i wiesza się

marcin2112 · 9 Czerwiec 2007 11:42

Logfile of HijackThis v1.99.1

Scan saved at 13:33:21, on 2007-06-09

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\ehome\ehtray.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\PROGRA~1\LAUNCH~1\LManager.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE

C:\WINDOWS\system32\rundll32.exe

C:\Acer\Empowering Technology\ePower\ePower_DMC.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\WINDOWS\system32\taskmgr.exe

C:\Acer\Empowering Technology\ePerformance\MemCheck.exe

c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Firebird\bin\ibguard.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Canon\CAL\CALMAIN.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\Program Files\Firebird\bin\ibserver.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\system32\wbem\unsecapp.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\Documents and Settings\marcin 1\Desktop\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O4 - HKLM…\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

O4 - HKLM…\Run: [iMJPMIG8.1] “C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE” /Spoil /RemAdvDef /Migration32

O4 - HKLM…\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

O4 - HKLM…\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM…\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM…\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM…\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe

O4 - HKLM…\Run: [ATICCC] “C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe”

O4 - HKLM…\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM…\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,BluetoothAuthenticationAgent

O4 - HKLM…\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe

O4 - HKLM…\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM…\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM…\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe

O4 - HKLM…\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe

O4 - Global Startup: BTTray.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

O4 - Global Startup: ScanPanel.lnk = C:\Program Files\ArtecUSB\ScanPanel\ScnPanel.exe

O8 - Extra context menu item: Wyślij do urządzenia &Bluetooth… - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe

O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - e:\Program Files\Ares\chatServer.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe

O23 - Service: Firebird Guardian Service (InterBaseGuardian) - Unknown owner - C:\Program.exe (file missing)

O23 - Service: Firebird Server (InterBaseServer) - Unknown owner - C:\Program.exe (file missing)

O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

qrczak13 · 9 Czerwiec 2007 14:29

Przeskanuj na http://www.virustotal.com/en/indexf.html i wklej raport.

I wrzuć jeszcze ComboFix.

marcin2112 · 9 Czerwiec 2007 21:06

“marcin 1” - 2007-06-09 22:18:37 Service Pack 2

ComboFix 07-06-3B - Running from: “C:\Program Files\Mozilla Firefox”

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\WINDOWS\system32\autorun\Drivers\LAN\WIN2000_desktop.ini

C:\WINDOWS\system32\autorun\Drivers\LAN\WIN98SE_desktop.ini

C:\WINDOWS\system32\autorun\Drivers\LAN\WINME_desktop.ini

C:\WINDOWS\system32\autorun\Drivers\LAN\WINXP_desktop.ini

((((((((((((((((((((((((( Files Created from 2007-05-09 to 2007-06-09 )))))))))))))))))))))))))))))))

2007-06-09 09:56

2007-06-04 22:46 8 --a------ C:\WINDOWS\AErroru3.dat

2007-06-04 22:46 6 --a------ C:\WINDOWS\EExpou.dat

2007-06-04 22:46 30,720 --a------ C:\WINDOWS\EWhiteu12.dat

2007-06-04 22:46 30,720 --a------ C:\WINDOWS\EDarku12.dat

2007-06-04 22:46 3 --a------ C:\WINDOWS\EOffsetu.dat

2007-06-04 22:46 3 --a------ C:\WINDOWS\EGain6.dat

2007-06-04 18:46 786,432 --ah----- C:\DOCUME~1\Guest\NTUSER.DAT

2007-06-04 18:46

2007-06-01 00:15 45,056 --a------ C:\WINDOWS\system32\drivers\A1236.DLL

2007-06-01 00:15 19,144 --a------ C:\WINDOWS\system32\drivers\A1236.SYS

2007-06-01 00:15 184,320 --a------ C:\WINDOWS\Ausba3.dll

2007-06-01 00:15 18,120 --a------ C:\WINDOWS\system32\drivers\GT680X.SYS

2007-06-01 00:15

2007-06-01 00:14 32,768 --a------ C:\WINDOWS\system32\RemovePlus.exe

2007-06-01 00:14 32,768 --a------ C:\WINDOWS\system32\Remove1236U.exe

2007-05-31 23:02

2007-05-26 09:31

2007-05-26 09:29

2007-05-22 00:10

2007-05-17 00:07 26,056 --a------ C:\WINDOWS\system32\drivers\hamachi.sys

2007-05-17 00:07

2007-05-16 23:13

2007-05-15 15:05

2007-05-10 11:46 139,536 --a------ C:\WINDOWS\system32\javaee.dll

2007-05-09 09:53 6,550 --a------ C:\WINDOWS\jautoexp.dat

2007-05-09 09:53 46,352 --a------ C:\WINDOWS\setdebug.exe

2007-05-09 09:53 313,856 --a------ C:\WINDOWS\system32\dx3j.dll

2007-05-09 09:53 171,280 --a------ C:\WINDOWS\system32\jit.dll

2007-05-09 09:52 947,472 --a------ C:\WINDOWS\system32\msjava.dll

2007-05-09 09:52 63,248 --a------ C:\WINDOWS\system32\javaprxy.dll

2007-05-09 09:52 49,424 --a------ C:\WINDOWS\system32\clspack.exe

2007-05-09 09:52 404,752 --a------ C:\WINDOWS\system32\javart.dll

2007-05-09 09:52 286,992 --a------ C:\WINDOWS\system32\vmhelper.dll

2007-05-09 09:52 21,264 --a------ C:\WINDOWS\system32\msjdbc10.dll

2007-05-09 09:52 187,152 --a------ C:\WINDOWS\system32\javacypt.dll

2007-05-09 09:52 172,304 --a------ C:\WINDOWS\system32\jview.exe

2007-05-09 09:52 171,792 --a------ C:\WINDOWS\system32\wjview.exe

2007-05-09 09:52 154,384 --a------ C:\WINDOWS\system32\msawt.dll

2007-05-09 09:52 15,120 --a------ C:\WINDOWS\system32\jdbgmgr.exe

2007-05-09 09:52 113 --a------ C:\WINDOWS\system32\zonedon.reg

2007-05-09 09:52 113 --a------ C:\WINDOWS\system32\zonedoff.reg

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-01 22:10:32 12 ----a-w C:\WINDOWS\bthservsdp.dat

2007-05-21 21:34:38 4,250 ----a-w C:\WINDOWS\mozver.dat

2007-05-07 18:50:52 -------- d-----w C:\DOCUME~1\MARCIN~1\APPLIC~1\Apple Computer

2007-05-07 18:49:34 -------- d-----w C:\Program Files\QuickTime

2007-05-07 18:49:12 -------- d-----w C:\Program Files\Apple Software Update

2007-05-06 13:30:16 1,024 —h–r C:\WINDOWS\system32\NTIBUN4.dll

2007-05-06 13:29:14 100 ----a-w C:\AUTOEXEC.BAT

2007-05-06 13:28:24 -------- d-----w C:\Program Files\Common Files\NewTech Infosystems

2007-05-06 13:27:22 1,024 —h–r C:\WINDOWS\system32\NTIMPEG2.dll

2007-05-06 13:27:22 1,024 —h–r C:\WINDOWS\system32\NTIMP3.dll

2007-05-06 13:27:22 1,024 —h–r C:\WINDOWS\system32\NTIFCD3.dll

2007-05-06 13:27:22 1,024 —h–r C:\WINDOWS\system32\NTICDMK7.dll

2007-05-06 13:27:18 6,144 ----a-w C:\WINDOWS\system32\drivers\NTIDrvr.sys

2007-05-06 13:16:48 -------- d-----w C:\Program Files\Lavalys

2007-05-06 13:07:40 970 ----a-w C:\WINDOWS\unins000.dat

2007-04-30 15:46:10 745,600 ----a-w C:\WINDOWS\system32\aswBoot.exe

2007-04-30 15:41:56 85,952 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys

2007-04-30 15:41:42 94,552 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys

2007-04-30 15:39:42 23,416 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys

2007-04-30 15:38:52 43,176 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys

2007-04-30 15:37:24 26,888 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys

2007-04-30 15:35:28 95,872 ----a-w C:\WINDOWS\system32\AVASTSS.scr

2007-04-29 17:51:46 -------- d-----w C:\Program Files\Tekst dzienny 2007

2007-04-25 21:17:06 -------- d-----w C:\Program Files\CDex_150

2007-04-25 21:16:52 -------- d-----w C:\Program Files\CDex_151

2007-04-21 21:49:50 -------- d-----w C:\Program Files\Real

2007-04-21 21:49:50 -------- d-----w C:\Program Files\Common Files\Real

2007-04-21 21:47:06 -------- d-----w C:\DOCUME~1\MARCIN~1\APPLIC~1\Real

2007-04-21 19:21:42 -------- d-----w C:\DOCUME~1\MARCIN~1\APPLIC~1\XnView

2007-04-21 19:18:46 -------- d-----w C:\Program Files\CCleaner

2007-04-21 16:02:20 -------- d-----w C:\DOCUME~1\MARCIN~1\APPLIC~1\Help

2007-04-21 10:23:20 -------- d-----w C:\DOCUME~1\MARCIN~1\APPLIC~1\gtk-2.0

2007-04-21 10:19:06 -------- d-----w C:\Program Files\GIMP-2.0

2007-04-21 09:37:50 -------- d-----w C:\Program Files\Common Files\GTK

2007-04-21 08:50:50 -------- d-----w C:\Program Files\IrfanView

2007-04-18 16:12:24 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll

2007-04-16 20:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll

2007-04-16 20:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll

2007-04-16 20:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll

2007-04-16 20:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll

2007-04-16 20:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll

2007-04-16 20:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll

2007-04-16 20:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe

2007-04-16 20:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll

2007-04-11 21:15:36 -------- d-----w C:\DOCUME~1\MARCIN~1\APPLIC~1\Ahead

2007-04-11 21:12:56 -------- d-----w C:\DOCUME~1\MARCIN~1\APPLIC~1\Google

2007-04-11 21:11:16 -------- d-----w C:\Program Files\Nero

2007-04-11 21:11:16 -------- d-----w C:\Program Files\Common Files\Ahead

2007-03-17 13:43:02 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll

2007-03-12 11:51:08 972,336 ----a-w C:\WINDOWS\UNNeroMediaHome.exe

2007-03-10 11:50:20 128 ----a-w C:\WFM.BAT

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]

{53707962-6F74-2D53-2644-206D7942484F}=E:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 01:04]

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“SynTPEnh”=“C:\Program Files\Synaptics\SynTP\SynTPEnh.exe” [2006-03-03 13:07]

“LManager”=“C:\PROGRA~1\LAUNCH~1\LManager.exe” [2006-06-23 06:59]

“ATICCC”=“C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe” [2006-05-10 11:12]

“avast!”=“C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [2007-04-30 17:42]

“BluetoothAuthenticationAgent”=“bthprops.cpl” [2004-08-10 20:00 C:\WINDOWS\system32\bthprops.cpl]

“ePower_DMC”=“C:\Acer\Empowering Technology\ePower\ePower_DMC.exe” [2006-05-30 12:11]

“RTHDCPL”=“RTHDCPL.EXE” [2006-06-28 14:54 C:\WINDOWS\RTHDCPL.exe]

“Alcmtr”=“ALCMTR.EXE” [2005-05-03 18:43 C:\WINDOWS\Alcmtr.exe]

“AzMixerSel”=“C:\Program Files\Realtek\InstallShield\AzMixerSel.exe” [2006-04-15 13:35]

“ntiMUI”=“C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe” [2005-05-11 17:15]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

“InstallVisualStyle”=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles

“InstallTheme”=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

“WinampAgent”=e:\Program Files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

bthsvcs BthServ

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs*

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{87f31228-f95f-11db-9eee-0016d4576815}]

AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe

Open(&0)\command- G:\Recycled\ctfmon.exe

Contents of the ‘Scheduled Tasks’ folder

2007-06-04 16:48:02 C:\WINDOWS\tasks\AppleSoftwareUpdate.job

Gutek · 10 Czerwiec 2007 00:40

Uwaga: Jak wklejasz loga to obejmuj go znacznikiem (tagiem) CODE lub QUOTE

Czyszczenie rejestru:

RegCleaner - http://www.dobreprogramy.pl/index.php?dz=2&t=29&id=177

możesz rejestr przelecieć albo

jv16 PowerTools - http://www.dobreprogramy.pl/index.php?dz=2&t=29&id=509

W logu nic nie widzę