Tommekx
(Tommekx)
29 Grudzień 2007 12:32
#1
Witam
Mam problem tego typu, że komputer się “zbyt długo” uruchamia, a najprawdopodobniej dzieje się tak od wtedy, gdy spyware doctor wykrył trojana (usunął go). Wklejam log
Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 13:26:32, on 2007-12-29 Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\alg.exe D:\Programy\Grisoft\AVG Anti-Spyware 7.5\guard.exe D:\Programy\KIS\avp.exe D:\Programy\KIS\avp.exe C:\WINDOWS\System32\CTsvcCDA.exe C:\WINDOWS\System32\FTRTSVC.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe D:\Programy\Spyware Doctor\sdhelp.exe C:\Program Files\Raxco\PerfectDisk\PDSched.exe D:\Programy\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\WINDOWS\System32\ctfmon.exe D:\Programy\Gadu-Gadu\gg.exe C:\Program Files\Neostrada TP\neostradatp.exe C:\Program Files\Neostrada TP\ComComp.exe C:\PROGRA~1\NEOSTR~1\Toaster.exe C:\PROGRA~1\NEOSTR~1\Inactivity.exe C:\PROGRA~1\NEOSTR~1\PollingModule.exe C:\WINDOWS\System32\AlertModule\AlertModule.exe C:\Program Files\Neostrada TP\Watch.exe D:\Programy\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\cleanmgr.exe C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE D:\Programy\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\System32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = neostrada tp R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SearchPageURL.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Programy\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - D:\Programy\SPYWAR~1\tools\iesdsg.dll O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - D:\Programy\SPYWAR~1\tools\iesdpb.dll O2 - BHO: JBTrader.BHO.BrowserHO - {bcad1d5f-27a9-453a-85f7-7fb4b2624155} - mscoree.dll (file missing) O3 - Toolbar: JBTrader - {c0551e29-97c6-4519-98c0-36a0ae198d69} - mscoree.dll (file missing) O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM…\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe O4 - HKLM…\Run: [kis] “D:\Programy\KIS\avp.exe” O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM…\Run: [nwiz] nwiz.exe /install O4 - HKLM…\Run: [!AVG Anti-Spyware] “D:\Programy\Grisoft\AVG Anti-Spyware 7.5\avgas.exe” /minimized O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU…\Run: [Gadu-Gadu] “D:\Programy\Gadu-Gadu\gg.exe” /tray O4 - HKUS\S-1-5-19…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘USŁUGA LOKALNA’) O4 - HKUS\S-1-5-20…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘USŁUGA SIECIOWA’) O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘SYSTEM’) O4 - HKUS\S-1-5-18…\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User ‘SYSTEM’) O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘Default user’) O4 - HKUS.DEFAULT…\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User ‘Default user’) O8 - Extra context menu item: &Clean Traces - D:\Programy\DAP\Privacy Package\dapcleanerie.htm O8 - Extra context menu item: &Download with &DAP - D:\Programy\DAP\dapextie.htm O8 - Extra context menu item: Dodaj do Kaspersky Anti-Banner - D:\Programy\KIS\ie_banner_deny.htm O8 - Extra context menu item: Download &all with DAP - D:\Programy\DAP\dapextie2.htm O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://D:\Programy\office\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: Ochrona WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - D:\Programy\KIS\scieplugin.dll O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - D:\Programy\SPYWAR~1\tools\iesdpb.dll O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Programy\office\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {D7F490B1-9F5D-4f27-A44B-FE5556114FDD} - mscoree.dll (file missing) O9 - Extra ‘Tools’ menuitem: Add Auction - {D7F490B1-9F5D-4f27-A44B-FE5556114FDD} - mscoree.dll (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll ,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O17 - HKLM\System\CCS\Services\Tcpip…{19D042A0-E9F6-4D37-8BC2-B72ECB6EC7BF}: NameServer = 194.204.159.1 217.98.63.164 O17 - HKLM\System\CS3\Services\Tcpip…{19D042A0-E9F6-4D37-8BC2-B72ECB6EC7BF}: NameServer = 194.204.159.1 217.98.63.164 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\Skype4COM.dll O20 - AppInit_DLLs: D:\Programy\KIS\adialhk.dll O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - D:\Programy\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Kaspersky Lab - D:\Programy\KIS\avp.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe O23 - Service: hpdj - Unknown owner - C:\DOCUME~1\Tomek\USTAWI~1\Temp\hpdj.exe (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - D:\Programy\Spyware Doctor\sdhelp.exe – End of file - 7002 bytes
Gutek
(Gutek)
29 Grudzień 2007 16:05
#2
O2 - BHO: JBTrader.BHO.BrowserHO - {bcad1d5f-27a9-453a-85f7-7fb4b2624155} - mscoree.dll (file missing)
O3 - Toolbar: JBTrader - {c0551e29-97c6-4519-98c0-36a0ae198d69} - mscoree.dll (file missing)
O9 - Extra button: (no name) - {D7F490B1-9F5D-4f27-A44B-FE5556114FDD} - mscoree.dll (file missing)
O9 - Extra 'Tools' menuitem: Add Auction - {D7F490B1-9F5D-4f27-A44B-FE5556114FDD} - mscoree.dll (file missing)
usuń wpisy HJT
Optymalizacja XP: viewtopic.php?t=76580
Czyszczenie rejestru:
RegCleaner - http://www.dobreprogramy.pl/index.php?dz=2&t=29&id=177
możesz rejestr przelecieć albo
jv16 PowerTools - http://www.dobreprogramy.pl/index.php?dz=2&t=29&id=509
Opis RegCleaner - http://www.agavk.p9.pl/strony/progra_regcleaner.php
Zobacz - Obsługa jv16 PowerTools