Od dwóch dni komputer uruchamia się ok. 10 min a jak się uruchomi to chodzi bardzo wolno.

Logfile of HijackThis v1.99.1

Scan saved at 20:47:01, on 2007-06-27

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\avmwlanstick\WlanNetService.exe

C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\SLEE503.exe

C:\WINDOWS\system32\slserv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe

C:\PROGRA~1\NEOSTR~1\CnxMon.exe

C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe

C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe

C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe

C:\Program Files\avmwlanstick\wlangui.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Microsoft ActiveSync\wcescomm.exe

C:\PROGRA~1\MI3AA1~1\rapimgr.exe

C:\WINDOWS\system32\taskmgr.exe

C:\WINDOWS\system32\ntvdm.exe

C:\Program Files\Opera\Opera.exe

C:\WINDOWS\System32\svchost.exe

C:\Documents and Settings\Darek\Pulpit\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.pl/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.teltarif.de/lcr/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 218.108.64.166:80

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll

O3 - Toolbar: &Tłumaczenie - {0D704FAD-66E9-4F0A-BFED-4F665770DDB3} - C:\Program Files\Techland\Common\InternetTranslator\InternetTranslator.dll

O4 - HKLM…\Run: [kis] “C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe”

O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize

O4 - HKLM…\Run: [nwiz] nwiz.exe /install

O4 - HKLM…\Run: [intense Registry Service] IntEdReg.exe /CHECK

O4 - HKLM…\Run: [siSUSBRG] C:\WINDOWS\SiSUSBrg.exe

O4 - HKLM…\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe

O4 - HKLM…\Run: [speedTouch USB Diagnostics] “C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe” /icon

O4 - HKLM…\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe

O4 - HKLM…\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe

O4 - HKLM…\Run: [sunJavaUpdateSched] “C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe”

O4 - HKLM…\Run: [AVMWlanClient] C:\Program Files\avmwlanstick\wlangui.exe

O4 - HKLM…\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe

O4 - HKLM…\Run: [GrooveMonitor] “C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe”

O4 - HKLM…\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM…\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU…\Run: [H/PC Connection Agent] “C:\Program Files\Microsoft ActiveSync\wcescomm.exe”

O4 - HKCU…\Run: [Gadu-Gadu] “D:\Program Files\Gadu-Gadu\gg.exe” /tray

O4 - HKCU…\Run: [ProxyWay] D:\Program Files\ProxyWay\proxyway.exe

O4 - HKCU…\Run: [skype] “C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized

O4 - Startup: Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

O8 - Extra context menu item: Dodaj do Kaspersky Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\ie_banner_deny.htm

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra ‘Tools’ menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra button: Ochrona WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll

O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra ‘Tools’ menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra ‘Tools’ menuitem: Mobilen Favoriten erstellen… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {B46B0919-62BA-4D99-A5C4-916B57A6805C} - C:\Program Files\Techland\Common\InternetTranslator\InternetTranslator.dll

O9 - Extra ‘Tools’ menuitem: @C:\Program Files\Techland\Common\InternetTranslator\InternetTranslator.dll,-103 - {B46B0919-62BA-4D99-A5C4-916B57A6805C} - C:\Program Files\Techland\Common\InternetTranslator\InternetTranslator.dll

O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll

O17 - HKLM\System\CCS\Services\Tcpip…{80C1D0AE-2FF7-4056-9AE2-A5A4456C6E6C}: NameServer = 192.168.30.1

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll

O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll

O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe

O23 - Service: AVM WLAN Connection Service - AVM Berlin - C:\Program Files\avmwlanstick\WlanNetService.exe

O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" -r (file missing)

O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Steganos Live Encryption Engine (Version 503) [service] (SLEE_503_SERVICE) - Unknown owner - C:\WINDOWS\system32\SLEE503.exe

O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

Log ok. Wrzuć jeszcze ComboFix.

“Darek” - 2007-06-27 22:19:51 - ComboFix 07-06-27.7 - Dodatek Service Pack 2 NTFS

((((((((((((((((((((((((( Files Created from 2007-05-27 to 2007-06-27 )))))))))))))))))))))))))))))))

2007-06-27 22:17 49,152 --a------ C:\WINDOWS\nircmd.exe

2007-06-27 17:34 53,248 --a------ C:\WINDOWS\W_ZIPPER.EXE

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-27 20:18:09 -------- d-----w C:\DOCUME~1\Darek\DANEAP~1\Skype

2007-06-24 13:34:53 80,840 ----a-w C:\WINDOWS\system32\perfc015.dat

2007-06-24 13:34:53 460,684 ----a-w C:\WINDOWS\system32\perfh015.dat

2007-06-03 15:14:17 -------- d-----w C:\Program Files\Neostrada TP

2007-05-28 13:30:12 -------- d-----w C:\Program Files\Opera

2007-05-27 22:07:31 -------- d-----w C:\Program Files\thriXXX

2007-05-26 20:24:05 -------- d-----w C:\Program Files\F1 2006 Hybryda v2.0

2007-05-16 21:13:43 -------- d-----w C:\DOCUME~1\Darek\DANEAP~1\Real

2007-05-03 16:18:05 -------- d–h--w C:\Program Files\InstallShield Installation Information

2007-05-03 16:14:59 -------- d-----w C:\Program Files\Techland

2007-05-03 14:58:16 -------- d-----w C:\Program Files\Duolabs

2007-05-03 10:39:34 -------- d-----w C:\Program Files\Call of Duty 2 for Pocket PC

2007-04-27 05:26:25 -------- d-----w C:\Program Files\VIA Technologies, INC

2007-04-08 15:13:03 106,731 ----a-w C:\WINDOWS\SBWorkshop 3.7 demo Uninstaller.exe

2007-03-27 23:06:56 114,688 ----a-w C:\WINDOWS\system32\wdapi900.dll

2006-12-17 11:26:59 8,192 -csha-w C:\WINDOWS\o2cLicStore.bin

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll [2003-11-04 01:17]

{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}=C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL [2006-10-31 08:55]

{72853161-30C5-4D22-B7F9-0BBC1D38A37E}=C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 01:48]

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll [2006-10-12 04:25]

{AA58ED58-01DD-4d91-8333-CF10577473F7}=c:\program files\google\googletoolbar3.dll [2007-01-20 00:55]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“NvCplDaemon”=“NvQTwk” []

“nwiz”=“nwiz.exe” [2002-07-16 07:16 C:\WINDOWS\system32\nwiz.exe]

“Intense Registry Service”=“IntEdReg.exe” [2002-03-20 05:29 C:\WINDOWS\system32\intedreg.exe]

“WooCnxMon”=“C:\PROGRA~1\NEOSTR~1\CnxMon.exe” [2003-10-16 20:07]

“SpeedTouch USB Diagnostics”=“C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe” [2004-01-26 12:38]

“WOOWATCH”=“C:\PROGRA~1\NEOSTR~1\Watch.exe” [2003-10-16 20:07]

“WOOTASKBARICON”=“C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe” [2003-10-16 20:07]

“SunJavaUpdateSched”=“C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe” [2006-10-12 04:10]

“AVMWlanClient”=“C:\Program Files\avmwlanstick\wlangui.exe” [2006-07-31 02:02]

“WinampAgent”=“C:\Program Files\Winamp\winampa.exe” [2006-11-21 19:38]

“GrooveMonitor”=“C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe” [2006-10-27 01:47]

“SynTPLpr”=“C:\Program Files\Synaptics\SynTP\SynTPLpr.exe” [2002-07-05 08:57]

“SynTPEnh”=“C:\Program Files\Synaptics\SynTP\SynTPEnh.exe” [2002-07-05 08:55]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“CTFMON.EXE”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-04 02:44]

“H/PC Connection Agent”=“C:\Program Files\Microsoft ActiveSync\wcescomm.exe” [2005-11-15 21:14]

“Gadu-Gadu”=“D:\Program Files\Gadu-Gadu\gg.exe” [2007-01-30 16:58]

“ProxyWay”=“D:\Program Files\ProxyWay\proxyway.exe” []

“Skype”=“C:\Program Files\Skype\Phone\Skype.exe” [2006-10-13 18:20]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

“{B5A7F190-DDA6-4420-B3BA-52453494E6CD}”=“C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL” [2006-10-27 01:48]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

“appinit_dlls”=C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{3c0b3c44-d8a5-11db-80c7-a95911d7b471}]

AutoRun\command- E:\pushinst.exe

**************************************************************************

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net

Rootkit scan 2007-06-27 22:26:58

Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes …

scanning hidden autostart entries …

scanning hidden files …

**************************************************************************

Completion time: 2007-06-27 22:30:31

— E O F —

Przeskanuj na http://www.virustotal.com/vt/ i wklej raport po skanowaniu.

Poza tym nic więcej nie widać.

Do notatnika wklej:

Plik > zapisz jako > zmień rozszerzenie z .txt na wszystkie pliki > zapisz pod nazwą Fix.reg np na

pulpicie > dwuklik na Fix.reg > potwierdzasz > restart.

Poczytaj o zbędnikach w autostarcie.

Optymalizacja i odchudzanie Windows XP

Czyszczenie rejestru - jv16 PowerTools 2006 1.5.2.350

Obejmij proszę logi w tagi QUOTE lub CODE > użyj przycisku