Wolna praca komputera nawet po formacie!?


(Tomczas12789) #1

Komp mi wolno chodzi nawet po formacie CO TO JEST I JAK Z TYM SOBIE PORADZIC

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 15:28:50, on 2007-11-16

Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Boot mode: Normal


Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe

C:\WINDOWS\system32\dllcache\mravsc32.exe

C:\WINDOWS\system\msnrav.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\RunDll32.exe

C:\WINDOWS\System32\RUNDLL32.EXE

C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe

C:\Program Files\DAEMON Tools\daemon.exe

C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe


R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [Application Layer Gateway Service] C:\WINDOWS\System32\algs.exe

O4 - HKLM\..\Run: [Advanced DHTML Enable] C:\WINDOWS\System32\uxovnanb.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"

O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA LOKALNA')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA SIECIOWA')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe

O8 - Extra context menu item: Dodaj do blokowanych banerów - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm

O9 - Extra button: Statystyki dla ochrony WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O17 - HKLM\System\CCS\Services\Tcpip\..\{08712A71-D1EE-4743-9AB2-D82F7DDE24E4}: NameServer = 213.241.79.37 83.238.255.76

O17 - HKLM\System\CS1\Services\Tcpip\..\{08712A71-D1EE-4743-9AB2-D82F7DDE24E4}: NameServer = 213.241.79.37 83.238.255.76

O17 - HKLM\System\CS2\Services\Tcpip\..\{08712A71-D1EE-4743-9AB2-D82F7DDE24E4}: NameServer = 213.241.79.37 83.238.255.76

O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll

O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe

O23 - Service: Distributed Allocated Memory Unit - Unknown owner - C:\WINDOWS\system32\dllcache\mravsc32.exe

O23 - Service: MSN RAV - Unknown owner - C:\WINDOWS\system\msnrav.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe


--

End of file - 4148 bytes

(Gutek) #2

Zastosuj się do tego Tematu i zmień tytuł tematu na konkretny inaczej KOSZ

Pozdrawiam Gutek2222

Pobierz program SDFix

-


(Tomczas12789) #3
SDFix: Version 1.114

Run by Administrator on 2007-11-16 at 19:18

Microsoft Windows XP [Wersja 5.1.2600]

Running From: C:\SDFix

Safe Mode:

Checking Services:

Name:

Distributed Allocated Memory Unit

MSN RAV

Path:

"C:\WINDOWS\system32\dllcache\mravsc32.exe"

"C:\WINDOWS\system\msnrav.exe"

Distributed Allocated Memory Unit - Deleted

MSN RAV - Deleted

Restoring Windows Registry Values

Restoring Windows Default Hosts File

Rebooting...

Normal Mode:

Checking Files:

Trojan Files Found:

C:\WINDOWS\system\msnrav.exe - Deleted

C:\WINDOWS\system32\dllcache\mravsc32.exe - Deleted

C:\WINDOWS\system32\i - Deleted

Removing Temp Files...

ADS Check:

C:\WINDOWS

No streams found.

C:\WINDOWS\system32

No streams found.

C:\WINDOWS\system32\svchost.exe

No streams found.

C:\WINDOWS\system32\ntoskrnl.exe

No streams found.

Final Check:

catchme 0.3.1262.1 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-11-16 19:21:03

Windows 5.1.2600 Dodatek Service Pack. 1 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]

"s1"=dword:2df9c43f

"s2"=dword:110480d0

"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]

"p0"="C:\Program Files\DAEMON Tools\"

"h0"=dword:00000000

"khjeh"=hex:2d,3d,d7,bb,5c,77,8f,10,87,aa,7b,9b,66,ed,3f,66,0e,25,86,92,4c,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]

"a0"=hex:20,01,00,00,cc,f2,0d,19,7d,ba,84,0b,ec,6e,7a,1d,d0,91,4a,7e,c2,..

"khjeh"=hex:ef,5b,72,90,56,67,01,fe,72,34,59,c2,49,4f,83,10,0d,b6,39,00,7f,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]

"khjeh"=hex:3e,6e,5c,f3,87,db,a6,ce,af,4a,28,ef,7c,62,d4,63,b4,f1,a2,04,62,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]

"p0"="C:\Program Files\DAEMON Tools\"

"h0"=dword:00000000

"khjeh"=hex:2d,3d,d7,bb,5c,77,8f,10,87,aa,7b,9b,66,ed,3f,66,0e,25,86,92,4c,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]

"a0"=hex:20,01,00,00,cc,f2,0d,19,7d,ba,84,0b,ec,6e,7a,1d,d0,91,4a,7e,c2,..

"khjeh"=hex:ef,5b,72,90,56,67,01,fe,72,34,59,c2,49,4f,83,10,0d,b6,39,00,7f,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]

"khjeh"=hex:3e,6e,5c,f3,87,db,a6,ce,af,4a,28,ef,7c,62,d4,63,b4,f1,a2,04,62,..

scanning hidden registry entries ...

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\A\1\5\1c]

"Order"=hex:08,00,00,00,02,00,00,00,b8,01,00,00,01,00,00,00,04,00,00,00,8c,..

scanning hidden files ...

scan completed successfully

hidden processes: 0

hidden services: 0

hidden files: 0

Remaining Services:


Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"C:\WINDOWS\System32\wbem\scrcons32.exe"="C:\WINDOWS\System32\wbem\scrcons32.exe:*:Enabled:WMI Standard Event Consumer - Scripting"

Remaining Files:


File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes:

Fri 27 Feb 2004 233,472 A..H. --- "C:\Program Files\Image-Line\FL Studio 7\REX Shared Library.dll"

Finished!

[color=darkblue][size=75]Złączono Posta: 16.11.2007 (Pią) 19:29[/size][/color]

czy juz wszystko jest dobrze??

[color=darkblue][size=75]Złączono Posta: 16.11.2007 (Pią) 20:03[/size][/color]

[code]ComboFix 07-11-08.1 - Tomczas 2007-11-16 19:54:10.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.1.1250.1.1045.18.79 [GMT 1:00]

Running from: C:\Documents and Settings\Tomczas\Pulpit\ComboFix.exe

.

((((((((((((((((((((((((( Files Created from 2007-10-16 to 2007-11-16 )))))))))))))))))))))))))))))))

.

2007-11-16 19:27 51,200 --a------ C:\WINDOWS\NirCmd.exe

2007-11-16 19:18

2007-11-16 19:17

2007-11-16 19:17

2007-11-16 19:17

2007-11-16 19:17

2007-11-16 19:17

2007-11-16 19:17

2007-11-16 19:17

2007-11-16 15:28

2007-11-15 17:24

2007-11-15 17:23

2007-11-13 16:49

2007-11-13 16:46 21,760 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys

2007-11-13 16:45 182,880 --a------ C:\WINDOWS\system32\iuengine.dll

2007-11-13 16:45 182,880 --a--c--- C:\WINDOWS\system32\dllcache\iuengine.dll

2007-11-12 19:57

2007-11-12 19:24

2007-11-11 12:34

2007-11-11 11:34

2007-11-11 11:34 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll

2007-11-11 11:31

2007-11-11 11:31

2007-11-11 11:31

2007-11-11 11:28

2007-11-11 11:26 682,232 --a------ C:\WINDOWS\system32\drivers\sptd.sys

2007-11-10 19:47

2007-11-10 16:00

2007-11-10 15:52

2007-11-10 15:51

2007-11-10 15:50

2007-11-10 15:50

2007-11-10 13:28

2007-11-10 13:28

2007-11-09 21:33

2007-11-09 21:33

2007-11-09 21:11

2007-11-09 21:09

2007-11-09 21:09

2007-11-09 21:09

2007-11-09 21:09 1,568,768 --a------ C:\WINDOWS\system32\imagX7.dll

2007-11-09 21:09 1,060,864 --a------ C:\WINDOWS\system32\mfc71.dll

2007-11-09 21:09 1,047,552 --a------ C:\WINDOWS\system32\mfc71u.dll

2007-11-09 21:09 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll

2007-11-09 21:09 476,320 --a------ C:\WINDOWS\system32\imagXpr7.dll

2007-11-09 21:09 471,040 --a------ C:\WINDOWS\system32\imagXRA7.dll

2007-11-09 21:09 364,544 --a------ C:\WINDOWS\system32\TwnLib4.dll

2007-11-09 21:09 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll

2007-11-09 21:09 262,144 --a------ C:\WINDOWS\system32\imagXR7.dll

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2007-11-16 19:00 5,623,328 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat

2007-11-16 18:59 150,048 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat

2007-11-16 18:31 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab

2007-11-16 18:30 82,808 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx

2007-11-16 18:30 16,040 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx

2007-11-09 20:00 82,061 ----a-w C:\WINDOWS\system32\drivers\klick.dat

2007-11-09 20:00 81,549 ----a-w C:\WINDOWS\system32\drivers\klin.dat

2007-11-09 19:37 --------- d-----w C:\Program Files\Kaspersky Lab

2007-11-09 19:37 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files

2007-11-09 19:24 --------- d--h--w C:\Program Files\InstallShield Installation Information

2007-11-09 19:24 --------- d-----w C:\Program Files\Common Files\InstallShield

2007-11-09 19:18 33 ----a-w C:\WINDOWS\system32\drivers\adidsl.cfg

2007-11-09 19:17 --------- d-----w C:\Program Files\SAGEM

2007-11-09 19:17 --------- d-----w C:\Documents and Settings\Tomczas\Dane aplikacji\InstallShield

2007-11-09 19:12 --------- d-----w C:\Program Files\C-Media 3D Audio

2007-11-09 19:02 --------- d-----w C:\Program Files\microsoft frontpage

2007-11-09 19:00 --------- d-----w C:\Program Files\Usługi online

2001-11-23 04:08 712,704 ----a-w C:\WINDOWS\inf\OTHER\AUDIO3D.DLL

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Cmaudio"="cmicnfg.cpl" []

"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2004-06-10 13:52]

"nwiz"="nwiz.exe" [2004-06-10 13:52 C:\WINDOWS\system32\nwiz.exe]

"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2004-06-10 13:52]

"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [2007-06-28 12:51]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-04-03 23:29]

"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2007-07-09 08:39]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\

Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 07:05:26]

DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2007-11-09 20:17:50]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

"WMI Standard Event Consumer - Scripting"= C:\WINDOWS\System32\wbem\scrcons32.exe

R3 e4usbaw;USB ADSL2 WAN Adapter;C:\WINDOWS\System32\DRIVERS\e4usbaw.sys

R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\System32\DRIVERS\klim5.sys

S2 E4LOADER;General Purpose USB Driver (e4ldr.sys);C:\WINDOWS\System32\Drivers\e4ldr.sys

.

**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-11-16 20:00:02

Windows 5.1.2600 Dodatek Service Pack. 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

Completion time: 2007-11-16 20:00:54

.

--- E O F ---


(Gutek) #4

Uwaga: Jak wklejasz loga to obejmuj go znacznikiem (tagiem) CODE lub QUOTE

Pozdrawiam Gutek2222

Już powinno być Ok