Spowolniony komputer-Log do sprawdzenia

Marco7 · 22 Lipiec 2007 21:57

Proszę o sprawdzenie loga ponieważ ostatnio mój komputer zaczął wolniej działać

Logfile of HijackThis v1.99.1

Scan saved at 23:57:06, on 2007-07-22

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)


Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\System32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\VIA\RAID\raid_tool.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Documents and Settings\Mariusz\Pulpit\HijackThis.exe


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll

O2 - BHO: XBTP02634 - {F97DA966-F09D-4cab-BF29-75A0026986EA} - (no file)

O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)

O4 - HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: Dodaj do blokowanych banerów - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\ie_banner_deny.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O15 - Trusted Zone: *.0.0.0.0

O15 - Trusted Zone: http://mks.com.pl

O15 - Trusted Zone: http://www.mks.com.pl

O16 - DPF: {5A09E43F-A0A7-4ABF-AF80-11367CF1DC8F} - http://mks.com.pl/skaner/SkanerOnline.cab

O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: bgg - Unknown owner - (no file)

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

squeet · 22 Lipiec 2007 22:51

Proszę o lekturę poniższych tematów:

http://forum.dobreprogramy.pl/viewtopic.php?t=36654

http://forum.dobreprogramy.pl/viewtopic.php?t=66889

1. Proszę zmienić tytuł swojego tematu na konkretny, mówiący o problemie.

Gutek · 23 Lipiec 2007 00:29

usuń wpisy HJT

Daj log z ComboFix

Marco7 · 23 Lipiec 2007 09:56

Skasowałem te wpisy

Teraz daje log z ComboFix:

“Mariusz” - 2007-07-23 11:53:03 - ComboFix 07-07-23.6 - Dodatek Service Pack 2 NTFS ((((((((((((((((((((((((( Files Created from 2007-06-23 to 2007-07-23 ))))))))))))))))))))))))))))))) 2007-07-23 11:52 51,200 --a------ C:\WINDOWS\nircmd.exe 2007-07-23 00:40 2007-07-22 14:31 95,872 --a–c— C:\WINDOWS\system32\AVASTSS.scr 2007-07-22 14:31 94,552 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys 2007-07-22 14:31 85,952 --a------ C:\WINDOWS\system32\drivers\aswmon.sys 2007-07-22 14:31 745,600 --a–c— C:\WINDOWS\system32\aswBoot.exe 2007-07-22 14:31 43,176 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys 2007-07-22 14:31 26,888 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys 2007-07-22 14:31 23,416 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys 2007-07-22 14:31 2007-07-22 14:09 2007-07-21 13:43 6,426,624 --a------ C:\DOCUME~1\Mariusz\ntuser.dat 2007-07-21 11:18 4,608 --a------ C:\WINDOWS\system32\W95Inf32.DLL 2007-07-21 11:18 2,272 --a------ C:\WINDOWS\system32\W95Inf16.DLL 2007-07-20 21:45 2007-07-17 17:19 2007-07-17 09:29 2007-07-16 17:58 (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-07-23 09:12:22 -------- d-----w C:\Program Files\HLSW 2007-07-20 15:17:20 -------- d-----w C:\Program Files\Sierra On-Line 2007-07-16 16:09:41 -------- d-----w C:\Program Files\Cheating-Death 2007-07-15 14:41:06 -------- d–h--w C:\Program Files\InstallShield Installation Information 2007-07-09 11:07:46 -------- d-----w C:\Program Files\Gadu-Gadu 2007-07-07 10:09:01 -------- d-----w C:\Program Files\Common Files\InstallShield 2007-06-07 19:36:51 1,386,496 ----a-w C:\WINDOWS\system32\msvbvm60.dll 2007-06-04 18:20:00 -------- d-----w C:\DOCUME~1\Mariusz\DANEAP~1\Image Zone Express 2007-04-25 14:23:30 144,896 ----a-w C:\WINDOWS\system32\schannel.dll ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “RaidTool”=“C:\Program Files\VIA\RAID\raid_tool.exe” [2005-06-20 12:53] “avast!”=“C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [2007-04-30 17:42] C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\ HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 04:21:22] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] “NoInstrumentation”=0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\rundisabled] “SoundMan”=SOUNDMAN.EXE “HP Software Update”=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe R0 gagp30kx;Filtr rodzajowy AGPv3.0 firmy Microsoft dla platform procesora K8;C:\WINDOWS\system32\DRIVERS\gagp30kx.sys R0 viamraid;viamraid;C:\WINDOWS\system32\DRIVERS\viamraid.sys R3 viagfx;viagfx;C:\WINDOWS\system32\DRIVERS\vtmini.sys S3 FETNDIS;Sterownik NT karty VIA PCI 10/100Mb Fast Ethernet;C:\WINDOWS\system32\DRIVERS\fetnd5.sys S3 SerialKeys;SerialKeys;C:\WINDOWS\system32\skeys.exe S3 sermouse;Sterownik myszy szeregowej;C:\WINDOWS\system32\DRIVERS\sermouse.sys [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{c79fbc48-9f49-11db-b229-00142adbe06d}] AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe Open(&0)\command- Recycled\ctfmon.exe ************************************************************************** catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-07-23 11:54:02 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes … scanning hidden registry entries … [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\A\1\5\1c] “Order”=hex:08,00,00,00,02,00,00,00,54,01,00,00,01,00,00,00,03,00,00,00,8c,… scanning hidden files … scan completed successfully hidden files: 0 ************************************************************************** Completion time: 2007-07-23 11:54:48 — E O F —

jessica · 23 Lipiec 2007 11:45

Log w zasadzie czysty.

Masz za to infekcję na pendrive.

Z dysku jest chyba chwilowo usunięta, ale będzie powracać po każdym użyciu pendrive.

Na “teraz” zrób to:

Do Notatnika wklej:

Windows Registry Editor Version 5.00


[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c79fbc48-9f49-11db-b229-00142adbe06d}]

Z menu Notatnika >>> Plik >>> Zapisz jako >>> Ustaw rozszerzenie na Wszystkie pliki >>> Zapisz jako FIX.REG >>>

plik uruchom (dwuklik i OK).

Zrestartuj komputer.

Daj nowy log z Combo (lub wklej na http://wklej.org/, a tu daj tylko link).

.

Marco7 · 23 Lipiec 2007 12:45

Nowy log z Combo:

"Mariusz" - 2007-07-23 14:42:52 - ComboFix 07-07-23.6 - Dodatek Service Pack 2 NTFS

jessica · 23 Lipiec 2007 14:55

Tak - ten zainfekowany klucz rejestru zniknął.

Ale na jak długo?

Powtarzam: to była infekcja z pendrive.

.

Marco7 · 23 Lipiec 2007 21:46

Ok dzięki za pomoc