Spowolnienie systemu ->log HijackThis

maciekhar · 11 Wrzesień 2007 20:32

Kilka dni temu postawiłem sobie system i wszystko chodziło jak trzeba dopóki nie zainstalowałem sobie DVDFAB… Komp mi tak zwolnił ze nie można odtworzyć nawet mp3. Skanowałem Spy Sweeper i w sumie już 46 infekcji usunęło w tym kilkanaście POWAŻNYCH i Znacznych czy jakoś tak… Nie jest dobrze. Jak odtwarzało tak i odtwarza dalej. Zrobiłem loga HijackThis

Logfile of HijackThis v1.99.1 Scan saved at 22:26:01, on 2007-09-11 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16414) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\WinFast\WFTVFM\WFWIZ.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Spyware Doctor\SDTrayApp.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\WapSter\AQQ\AQQ.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Spyware Doctor\svcntaux.exe C:\Program Files\Spyware Doctor\swdsvc.exe C:\Program Files\Spyware Doctor\swdoctor.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - Default URLSearchHook is missing O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll O2 - BHO: Expressivo - {85F685C3-20D9-4943-95E4-EB4224056C3F} - C:\Program Files\ivo\Expressivo\IH_iexplore.dll O3 - Toolbar: Expressivo - {85F685C3-20D9-4943-95E4-EB4224056C3F} - C:\Program Files\ivo\Expressivo\IH_iexplore.dll O4 - HKLM…\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM…\Run: [WinFast Schedule] C:\Program Files\WinFast\WFTVFM\WFWIZ.exe O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM…\Run: [nwiz] nwiz.exe /install O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM…\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM…\Run: [iTunesHelper] “C:\Program Files\iTunes\iTunesHelper.exe” O4 - HKLM…\Run: [sDTray] “C:\Program Files\Spyware Doctor\SDTrayApp.exe” O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU…\Run: [AQQ] C:\PROGRA~1\WapSter\AQQ\AQQ.exe O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O11 - Options group: [iNTERNATIONAL] International* O11 - Options group: [TABS] Tabbed Browsing O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: Usługa iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe

Proszę pomóżcie, bo nie chcę znowu stawiać systemu

Tak ma to wyglądać

Asterisk

asterisk · 11 Wrzesień 2007 22:14

Proszę zastosować się do tego Tematu i edytować własnego

posta z użyciem funkcji

na konkretny .

W przeciwnym razie topic wyląduje w Śmietniku.

Gutek · 11 Wrzesień 2007 23:13

Daj log z ComboFix

Optymalizacja XP: http://forum.dobreprogramy.pl/viewtopic.php?t=76580 + optymalizacja Autostartu

Czyszczenie rejestru:

RegCleaner - http://www.dobreprogramy.pl/index.php?dz=2&t=29&id=177

możesz rejestr przelecieć albo

jv16 PowerTools - http://www.dobreprogramy.pl/index.php?dz=2&t=29&id=509

Opis RegCleaner - http://www.agavk.p9.pl/strony/progra_regcleaner.php

Zobacz - Obsługa jv16 PowerTools

maciekhar · 12 Wrzesień 2007 05:58

AVAST wykazał mi że tu jest Virus Win32:Dadobra-EY [Trj]

Log z ComboFix ComboFix 07-09-10.6 - “User” 2007-09-12 8:02:36.1 - FAT32x86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.133 [GMT 2:00] * Created a new restore point . ((((((((((((((((((((((((( Files Created from 2007-08-12 to 2007-09-12 ))))))))))))))))))))))))))))))) . 2007-09-12 07:55 2007-09-12 07:40 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-09-11 17:20 2007-09-11 17:10 83,024 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys 2007-09-11 17:10 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll 2007-09-11 17:10 57,424 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys 2007-09-11 17:10 53,840 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys 2007-09-11 17:10 39,376 --a------ C:\WINDOWS\system32\drivers\ikfileflt.sys 2007-09-11 17:10 29,264 --a------ C:\WINDOWS\system32\drivers\kcom.sys 2007-09-11 17:10 2007-09-11 17:10 2007-09-11 16:24 2007-09-11 01:50 2007-09-11 01:50 2007-09-11 01:43 2007-09-11 01:11 87,608 --a------ C:\DOCUME~1\User\DANEAP~1\inst.exe 2007-09-11 01:11 47,360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys 2007-09-11 01:11 47,360 --a------ C:\DOCUME~1\User\DANEAP~1\pcouffin.sys 2007-09-11 01:11 2007-09-11 00:09 2007-09-10 23:37 2007-09-10 23:02 476,320 --a------ C:\WINDOWS\system32\imagXpr7.dll 2007-09-10 23:02 471,040 --a------ C:\WINDOWS\system32\imagXRA7.dll 2007-09-10 23:02 364,544 --a------ C:\WINDOWS\system32\TwnLib4.dll 2007-09-10 23:02 262,144 --a------ C:\WINDOWS\system32\imagXR7.dll 2007-09-10 23:02 1,568,768 --a------ C:\WINDOWS\system32\imagX7.dll 2007-09-10 23:02 1,047,552 --a------ C:\WINDOWS\system32\mfc71u.dll 2007-09-10 23:02 2007-09-10 23:02 2007-09-10 23:02 2007-09-10 15:50 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys 2007-09-10 09:12 2007-09-10 09:12 2007-09-10 09:12 2007-09-10 09:12 2007-09-10 09:12 2007-09-10 00:01 2,560 --a------ C:\WINDOWS\system32\bitcometres.dll 2007-09-07 01:10 2007-09-07 01:10 2007-09-07 01:00 2007-09-07 00:59 2007-09-07 00:59 2007-09-07 00:59 2007-09-07 00:59 2007-09-07 00:59 2007-09-07 00:58 2007-09-07 00:58 2007-09-06 21:35 15,872 --a------ C:\WINDOWS\system32\drivers\vd_filedisk.sys 2007-09-06 21:35 2007-09-06 21:34 2007-09-06 21:33 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll 2007-09-06 21:33 2007-09-06 21:25 2007-09-06 21:24 2007-09-06 20:07 17,920 --a------ C:\WINDOWS\system32\mdimon.dll 2007-09-06 20:07 2007-09-06 20:06 2007-09-06 20:00 2007-09-06 19:58 2007-09-06 19:28 2007-09-06 18:50 2007-09-06 18:45 2007-09-06 18:45 2007-09-06 18:45 2007-09-06 18:39 2007-09-06 17:00 2007-09-06 15:16 2007-09-06 14:49 2007-09-06 14:34 2007-09-06 14:33 2007-09-06 14:33 2007-09-06 14:33 2007-09-06 08:41 2007-09-06 08:41 2007-09-06 08:39 2007-09-06 00:39 1,770 --a------ C:\WINDOWS\mozver.dat 2007-09-06 00:38 2007-09-06 00:08 2007-09-05 23:59 172,032 --a------ C:\WINDOWS\system32\nvudisp.exe 2007-09-05 23:59 2007-09-05 23:56 2007-09-05 23:56 2007-09-05 23:54 0 --a------ C:\WINDOWS\nsreg.dat 2007-09-05 23:53 309,616 --a------ C:\WINDOWS\system32\wmv8dmod.dll 2007-09-05 23:53 2007-09-05 23:53 2007-09-05 23:52 49,152 --------- C:\WINDOWS\system32\TempDel.EXE 2007-09-05 23:52 2007-09-05 23:52 2007-09-05 23:52 2007-09-05 23:51 2007-09-05 23:50 82,944 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys 2007-09-05 23:50 6,272 --a------ C:\WINDOWS\system32\drivers\splitter.sys 2007-09-05 23:50 54,272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys 2007-09-05 23:50 52,864 --a------ C:\WINDOWS\system32\drivers\DMusic.sys 2007-09-05 23:49 2007-09-05 23:49 2007-09-05 23:48 2007-09-05 23:46 2007-09-05 23:44 306,688 --a------ C:\WINDOWS\IsUninst.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-07-28 00:07 783224 --a------ C:\WINDOWS\system32\aswBoot.exe 2007-07-28 00:02 94416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys 2007-07-28 00:02 92848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys 2007-07-28 00:00 23152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys 2007-07-27 23:59 42912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys 2007-07-27 23:58 26624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys 2007-07-27 23:57 95608 --a------ C:\WINDOWS\system32\AVASTSS.scr . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “SoundMan”=“SOUNDMAN.EXE” [2004-05-14 09:47 C:\WINDOWS\SOUNDMAN.EXE] “WinFast Schedule”=“C:\Program Files\WinFast\WFTVFM\WFWIZ.exe” [2004-08-02 15:32] “NvCplDaemon”=“C:\WINDOWS\system32\NvCpl.dll” [2004-05-05 16:34] “nwiz”=“nwiz.exe” [2004-05-05 16:34 C:\WINDOWS\system32\nwiz.exe] “NvMediaCenter”=“C:\WINDOWS\system32\NvMcTray.dll” [2004-05-05 16:34] “avast!”=“C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [2007-07-28 00:03] “SDTray”=“C:\Program Files\Spyware Doctor\SDTrayApp.exe” [2007-09-11 17:13] “MSConfig”=“C:\WINDOWS\system32\msconfig.exe” [2007-05-10 14:33] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-04 00:44] “AQQ”=“C:\PROGRA~1\WapSter\AQQ\AQQ.exe” [2007-02-28 14:18] [HKEY_USERS.default\software\microsoft\windows\currentversion\runonce] “nltide_2”=regsvr32 /s /n /i:U shell32 “nltide_3”=rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,4,N [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] “DisableCAD”=1 (0x1) “DisableStatusMessages”=1 (0x1) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] “NoSMHelp”=1 (0x1) “NoSMMyPictures”=1 (0x1) “NoSMConfigurePrograms”=1 (0x1) “NoRecentDocsMenu”=1 (0x1) “NoRecentDocsHistory”=1 (0x1) “NoInstrumentation”=1 (0x1) “NoStartMenuMFUprogramsList”=1 (0x1) “NoResolveTrack”=1 (0x1) “NoResolveSearch”=1 (0x1) [HKEY_USERS.default\software\microsoft\windows\currentversion\policies\explorer] “NoSMHelp”=1 (0x1) “NoSMMyPictures”=1 (0x1) “NoSMConfigurePrograms”=1 (0x1) “NoRecentDocsMenu”=1 (0x1) “NoRecentDocsHistory”=1 (0x1) “NoInstrumentation”=1 (0x1) “NoStartMenuMFUprogramsList”=1 (0x1) “NoResolveTrack”=1 (0x1) “NoResolveSearch”=1 (0x1) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^InterVideo WinCinema Manager.lnk] path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\InterVideo WinCinema Manager.lnk backup=C:\WINDOWS\pss\InterVideo WinCinema Manager.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] “C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares] “C:\Program Files\Ares\Ares.exe” -h [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] “C:\Program Files\iTunes\iTunesHelper.exe” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] “C:\Program Files\QuickTime\QTTask.exe” -atboottime R1 VD_FileDisk;VD_FileDisk;C:\WINDOWS\system32\drivers\VD_FileDisk.sys R2 BT848;WinFast TV2000 XP WDM Video Capture;C:\WINDOWS\system32\drivers\wf2kvcap.sys R2 tv2ktunr;WinFast TV2000 XP WDM TVTuner;C:\WINDOWS\system32\drivers\wf2ktunr.sys R2 Tv2kXbar;WinFast TV2000 XP WDM Crossbar;C:\WINDOWS\system32\drivers\wf2kxbar.sys R3 Pronaut_WBD;Pronaut WaveBridge Device (WDM);C:\WINDOWS\system32\drivers\pnwbd.sys R3 WFIOCTL;WFIOCTL;\Pytajnik\C:\Program Files\WinFast\WFTVFM\WFIOCTL.SYS S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS S3 Xponaut_WBD;Xponaut WaveBridge Device (WDM);C:\WINDOWS\system32\drivers\xpntwbd.sys [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalService WebClient LmHosts RemoteRegistry upnphost SSDPSRV [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I] AutoRun\command- I:\Autorun.exe *Newly Created Service* - CATCHME

Złączono Posta : 12.09.2007 (Sro) 16:07

pomoże ktoś?

jessica · 13 Wrzesień 2007 10:03

Log jest w zasadzie czysty, tylko dysk " I" jest chyba nie w porządku:

Możesz jeszcze użyć SDFix

Uwaga: Da się go uruchomić tylko w Trybie Awaryjnym.

Pokaż Report.txt znajdujący się w folderze SDFix.

jessi