Spowolnione działanie komputera


(Trupek 90) #1

Witam.

Mój komputer od wczoraj zaczoł działać bardzo powoli i nie wiem co jest tego przyczyną.

Proszę o sprawdzenie loga.

Logfile of HijackThis v1.99.1

Scan saved at 16:23:59, on 2007-05-18

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)


Running processes:

D:\WINDOWS\System32\smss.exe

D:\WINDOWS\SYSTEM32\winlogon.exe

D:\WINDOWS\system32\services.exe

D:\WINDOWS\system32\lsass.exe

D:\WINDOWS\system32\svchost.exe

D:\WINDOWS\System32\svchost.exe

D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

D:\Program Files\Alwil Software\Avast4\ashServ.exe

D:\WINDOWS\system32\spoolsv.exe

D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

D:\WINDOWS\System32\nvsvc32.exe

D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

D:\WINDOWS\System32\svchost.exe

D:\Program Files\Alwil Software\Avast4\ashWebSv.exe

D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

D:\WINDOWS\Explorer.EXE

D:\Program Files\Java\jre1.5.0_11\bin\jusched.exe

D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

D:\WINDOWS\System32\ctfmon.exe

D:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

D:\WINDOWS\NCLAUNCH.EXe

D:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe

D:\WINDOWS\System32\wuauclt.exe

D:\Program Files\Winamp\winamp.exe

D:\Program Files\Gadu-Gadu\gg.exe

D:\Documents and Settings\Olek\Pulpit\dodatki\HijackThis.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - D:\Program Files\FlashGet\jccatch.dll

O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - D:\Program Files\FlashGet\getflash.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar3.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - D:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL

O3 - Toolbar: FlashGet - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - D:\Program Files\FlashGet\fgiebar.dll

O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] D:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [Gadu-Gadu] "D:\Program Files\Gadu-Gadu\gg.exe" /tray

O4 - HKCU\..\Run: [swg] D:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [NCLaunch] D:\WINDOWS\NCLAUNCH.EXe

O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "D:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"

O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O8 - Extra context menu item: &Stáhnout FlashGetem - D:\Program Files\FlashGet\jc_link.htm

O8 - Extra context menu item: &Stáhnout všechno FlashGetem - D:\Program Files\FlashGet\jc_all.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_11\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_11\bin\ssv.dll

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Program Files\FlashGet\FlashGet.exe

O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Program Files\FlashGet\FlashGet.exe

O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1165528467528

O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{14CA7946-5CB8-4B13-B861-D89A8AF6B7A0}: NameServer = 85.255.114.14,85.255.112.88

O17 - HKLM\System\CCS\Services\Tcpip\..\{B633597F-BF49-41A5-833D-EE576CDE7D55}: NameServer = 85.255.114.14,85.255.112.88

O17 - HKLM\System\CCS\Services\Tcpip\..\{F7A9D3F7-1A67-47EC-BC21-51B35692D220}: NameServer = 85.255.114.14,85.255.112.88

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.14 85.255.112.88

O17 - HKLM\System\CS1\Services\Tcpip\..\{14CA7946-5CB8-4B13-B861-D89A8AF6B7A0}: NameServer = 85.255.114.14,85.255.112.88

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.114.14 85.255.112.88

O17 - HKLM\System\CS2\Services\Tcpip\..\{14CA7946-5CB8-4B13-B861-D89A8AF6B7A0}: NameServer = 85.255.114.14,85.255.112.88

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.14 85.255.112.88

O20 - Winlogon Notify: !SASWinLogon - D:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O21 - SSODL: eitheror - {2016a466-91a2-43c6-97d8-2fd380f065ef} - (no file)

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: Google Updater Service (gusvc) - Google - D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\System32\nvsvc32.exe

O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

(adam9870) #2

Usuń wpisy HJT.

Użyj narzędzia FixWareOut + SmitFraudFix z opcji numer 2 w trybie awaryjnym.

Po wykonaniu pokaż nowy log z HijackThis, SilentRunners oraz zawartość pliku c:\rapport.txt i c:\fixwareout\report.txt


(Trupek 90) #3

Podanych logow nie ma, a Silent Runners jest wykrywany jako zgrozenie co mam robic?


(adam9870) #4

SilentRunners może być wykrywany przez programy zabezpieczające typu antyvirus jako zagrożenie ale tak nie jest. Tak więc spokojnie możesz przepuścić skrypt Silenta i wykonać loga.