Wolny komputer

dilbert · 23 Sierpień 2007 14:30

Bardzo wolno pracuje mi komputer. Powtarza się sytuacja która miałem niedawno. Wklejam logi i proszę o sprawdzenie :oops: Myślę że pomożecie bo bardzo potrzebuje komputera na wieczór.

ComboFix 07-08-09.3 - “xxxx” 2007-08-23 16:12:58.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.209 [GMT 2:00] ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\WINDOWS\system32\msnav32.ax C:\WINDOWS\system32\nsb2B.dll ((((((((((((((((((((((((( Files Created from 2007-07-23 to 2007-08-23 ))))))))))))))))))))))))))))))) 2007-08-19 14:26 2007-08-19 00:02 2007-08-19 00:02 2007-08-18 19:53 102,400 --a------ C:\WINDOWS\system32\unzip32.dll 2007-08-18 19:53 2007-08-18 17:25 2007-08-18 17:19 2,314,332 --a------ C:\WINDOWS\system32\LIBMMD.DLL 2007-08-18 11:40 2007-08-18 11:28 2007-08-18 11:28 2007-08-17 23:41 2007-08-17 23:41 2007-08-17 18:58 2007-08-17 11:46 2007-08-16 16:18 2007-08-14 22:54 2007-08-14 09:06 79,186 --a------ C:\WINDOWS\system32\adssite-remove.exe 2007-08-13 12:01 51,200 --a------ C:\WINDOWS\nircmd.exe 2007-08-12 18:04 2007-08-12 10:16 143,360 --a------ C:\WINDOWS\adiras.exe 2007-08-12 10:15 64,000 --a------ C:\WINDOWS\system32\drivers\e4ldr.sys 2007-08-12 10:15 50,007 --a------ C:\WINDOWS\system32\drivers\adildr.sys 2007-08-12 10:15 46,892 --a------ C:\WINDOWS\system32\ADADIX16.DLL 2007-08-12 10:15 4,981 --a------ C:\WINDOWS\system32\ADADIX2K.DLL 2007-08-12 10:15 24,576 --a------ C:\WINDOWS\enddisk32.exe 2007-08-12 10:15 22,395 --a------ C:\WINDOWS\system32\drivers\fpga.bin 2007-08-12 10:15 176,128 --a------ C:\WINDOWS\autoclk.exe 2007-08-12 10:15 155,648 --a------ C:\WINDOWS\system32\adadix32.dll 2007-08-12 10:15 152,220 --a------ C:\WINDOWS\system32\drivers\L1E4I2.BIN 2007-08-12 10:15 152,220 --a------ C:\WINDOWS\system32\drivers\L1E4I1.BIN 2007-08-12 10:15 152,220 --a------ C:\WINDOWS\system32\drivers\L1E4I0.BIN 2007-08-12 10:15 152,132 --a------ C:\WINDOWS\system32\drivers\L1E4P2.BIN 2007-08-12 10:15 152,132 --a------ C:\WINDOWS\system32\drivers\L1E4P1.BIN 2007-08-12 10:15 152,132 --a------ C:\WINDOWS\system32\drivers\L1E4P0.BIN 2007-08-12 10:15 152,126 --a------ C:\WINDOWS\system32\drivers\L1E9P2.BIN 2007-08-12 10:15 152,126 --a------ C:\WINDOWS\system32\drivers\L1E9P1.BIN 2007-08-12 10:15 152,126 --a------ C:\WINDOWS\system32\drivers\L1E9P0.BIN 2007-08-12 10:15 152,126 --a------ C:\WINDOWS\system32\drivers\L1E9I2.BIN 2007-08-12 10:15 152,126 --a------ C:\WINDOWS\system32\drivers\L1E9I1.BIN 2007-08-12 10:15 152,126 --a------ C:\WINDOWS\system32\drivers\L1E9I0.BIN 2007-08-12 10:15 152,036 --a------ C:\WINDOWS\system32\drivers\L1E4D2.BIN 2007-08-12 10:15 152,034 --a------ C:\WINDOWS\system32\drivers\L1E4D1.BIN 2007-08-12 10:15 152,034 --a------ C:\WINDOWS\system32\drivers\L1E4D0.BIN 2007-08-12 10:15 135,168 --a------ C:\WINDOWS\system32\unaddrv.exe 2007-08-12 10:15 127,456 --a------ C:\WINDOWS\system32\IPDETECT.EXE 2007-08-12 10:15 126,976 --a------ C:\WINDOWS\system32\coclassfast.dll 2007-08-12 10:15 126,489 --a------ C:\WINDOWS\system32\drivers\adiusbaw.sys 2007-08-12 10:15 116,992 --a------ C:\WINDOWS\system32\drivers\e4usbaw.sys 2007-08-12 10:15 2007-08-12 10:13 2007-08-09 19:41 2007-07-26 20:12 2007-07-25 15:38 (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-08-23 15:42 4212 —h----- C:\WINDOWS\system32\zllictbl.dat 2007-08-20 17:17 --------- d–h----- C:\Program Files\InstallShield Installation Information 2007-08-20 17:17 --------- d-------- C:\DOCUME~1\xxxx\DANEAP~1\COWON 2007-08-18 11:28 --------- d-------- C:\Program Files\Skype 2007-08-17 20:06 --------- d-------- C:\Program Files\Ahead 2007-08-12 10:16 33 --a------ C:\WINDOWS\system32\drivers\adidsl.cfg 2007-08-05 14:46 --------- d-------- C:\DOCUME~1\xxxx\DANEAP~1\Cream Software 2007-07-28 00:07 783224 --a------ C:\WINDOWS\system32\aswBoot.exe 2007-07-28 00:02 94416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys 2007-07-28 00:02 92848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys 2007-07-28 00:00 23152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys 2007-07-27 23:59 42912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys 2007-07-27 23:58 26624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys 2007-07-27 23:57 95608 --a------ C:\WINDOWS\system32\AVASTSS.scr 2007-07-25 16:20 --------- d-------- C:\Program Files\Winamp 2007-07-17 18:28 --------- d-------- C:\Program Files\SHOUTcast 2007-07-03 21:50 --------- d-------- C:\Program Files\BearShare 2007-06-26 16:53 668160 --a–c— C:\WINDOWS\system32\dllcache\wininet.dll 2007-06-26 15:57 851968 --a–c— C:\WINDOWS\system32\dllcache\vgx.dll 2007-06-26 08:10 1104896 --a–c— C:\WINDOWS\system32\dllcache\msxml3.dll 2007-06-26 08:10 1104896 --a------ C:\WINDOWS\system32\msxml3.dll 2007-06-19 15:32 282112 --a–c— C:\WINDOWS\system32\dllcache\gdi32.dll 2007-06-19 15:32 282112 --a------ C:\WINDOWS\system32\gdi32.dll 2007-06-15 10:14 96768 --a–c— C:\WINDOWS\system32\dllcache\inseng.dll 2007-06-15 10:14 617984 --a–c— C:\WINDOWS\system32\dllcache\urlmon.dll 2007-06-15 10:14 55808 --a–c— C:\WINDOWS\system32\dllcache\extmgr.dll 2007-06-15 10:14 532480 --a–c— C:\WINDOWS\system32\dllcache\mstime.dll 2007-06-15 10:14 474112 --a–c— C:\WINDOWS\system32\dllcache\shlwapi.dll 2007-06-15 10:14 449024 --a–c— C:\WINDOWS\system32\dllcache\mshtmled.dll 2007-06-15 10:14 39424 --a–c— C:\WINDOWS\system32\dllcache\pngfilt.dll 2007-06-15 10:14 357888 --a–c— C:\WINDOWS\system32\dllcache\dxtmsft.dll 2007-06-15 10:14 3085312 --a–c— C:\WINDOWS\system32\dllcache\mshtml.dll 2007-06-15 10:14 251904 --a–c— C:\WINDOWS\system32\dllcache\iepeers.dll 2007-06-15 10:14 205824 --a–c— C:\WINDOWS\system32\dllcache\dxtrans.dll 2007-06-15 10:14 16384 --a–c— C:\WINDOWS\system32\dllcache\jsproxy.dll 2007-06-15 10:14 151552 --a–c— C:\WINDOWS\system32\dllcache\cdfview.dll 2007-06-15 10:14 1498112 --a–c— C:\WINDOWS\system32\dllcache\shdocvw.dll 2007-06-15 10:14 146432 --a–c— C:\WINDOWS\system32\dllcache\msrating.dll 2007-06-15 10:14 1055744 --a–c— C:\WINDOWS\system32\dllcache\danim.dll 2007-06-15 10:14 1022976 --a–c— C:\WINDOWS\system32\dllcache\browseui.dll 2007-06-14 12:32 18432 --a–c— C:\WINDOWS\system32\dllcache\iedw.exe 2007-06-13 15:23 1034752 --a------ C:\WINDOWS\explorer.exe 2007-06-13 15:23 1034752 -----c— C:\WINDOWS\system32\dllcache\explorer.exe 2007-05-28 15:55 64226 --a------ C:\WINDOWS\system32\perfc015.dat 2007-05-28 15:55 429612 --a------ C:\WINDOWS\system32\perfh015.dat 2001-11-23 06:08 712704 -ra–c— C:\WINDOWS\inf\OTHER\AUDIO3D.DLL 2000-01-13 09:58 59510 --------- C:\Program Files\setup.ins ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “HP Software Update”=“C:\Program Files\HP\HP Software Update\HPWuSchd2.exe” [2006-02-19 03:41] “ATICCC”=“C:\Program Files\ATI Technologies\ATI.ACE\cli.exe” [2006-01-02 17:41] “BearFlix”=“C:\Program Files\BearFlix\bearflix.exe” [] “WinampAgent”=“C:\Program Files\Winamp\winampa.exe” [2007-05-19 11:39] “Zone Labs Client”=“C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe” [2006-08-24 00:38] “SpeedTouch USB Diagnostics”=“C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe” [] “avast!”=“C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [2007-07-28 00:03] “{FE-ED-DE-E9-ZN}”=“C:\Documents and Settings\xxxx\Ustawienia lokalne\Temp\TIP2D002.exe” [2007-08-02 18:11] [HKEY_USERS.default\software\microsoft\windows\currentversion\runonce] “nlsf”=cmd.exe /C move /Y “%SystemRoot%\System32\syssetub.dll” “%SystemRoot%\System32\syssetup.dll” “nlhr”=RunDll32.exe %SystemRoot%\System32\AdvPack.Dll,LaunchINFSection %SystemRoot%\inf\nlite.inf,C “tscuninstall”=%systemroot%\system32\tscupgrd.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] “NoShellSearchButton”=0 (0x0) “NoViewContextMenu”=0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] “NoLowDiskSpaceChecks”=0 (0x0) “NoUserNameInStartMenu”=0 (0x0) “NoTrayContextMenu”=0 (0x0) R0 viamraid;viamraid;C:\WINDOWS\system32\DRIVERS\viamraid.sys R1 papycpu;papycpu;C:\WINDOWS\system32\drivers\papycpu.sys R1 papyjoy;papyjoy;C:\WINDOWS\system32\drivers\papyjoy.sys R1 UserPort;UserPort;C:\WINDOWS\system32\Drivers\UserPort.sys R2 CDRPDACC;Quinnware CDDA Driver (by InfinaDyne);??\C:\Program Files\Quintessential Player\cdrpdacc.sys R2 Vcs;Vcs support;??\C:\WINDOWS\system32\Drivers\Vcs.sys R3 cmuda;C-Media WDM Audio Interface;C:\WINDOWS\system32\drivers\cmuda.sys R3 e4usbaw;USB ADSL2 WAN Adapter;C:\WINDOWS\system32\DRIVERS\e4usbaw.sys R3 FETNDISB;VIA Rhine Family Fast Ethernet Adapter Driver Service;C:\WINDOWS\system32\DRIVERS\fetnd5b.sys S2 IKANLOADER2;General Purpose USB Driver (e4ldr.sys);C:\WINDOWS\system32\Drivers\e4ldr.sys S3 alcan5wn;SpeedTouch USB ADSL PPP Networking Driver (NDISWAN);C:\WINDOWS\system32\DRIVERS\alcan5wn.sys S3 ASFWHide;ASFWHide;??\C:\DOCUME~1\xxxx\USTAWI~1\Temp\ASFWHide S3 AvFlt;Antivirus Filter Driver;C:\WINDOWS\system32\drivers\av5flt.sys S3 FETNDIS;Sterownik NT karty VIA PCI 10/100Mb Fast Ethernet;C:\WINDOWS\system32\DRIVERS\fetnd5.sys S3 GVCplDrv;GVCplDrv;C:\WINDOWS\system32\drivers\GVCplDrv.sys S3 KS-959;Kingsun KS-959 USB Infrared Adapter;C:\WINDOWS\system32\DRIVERS\KS-959.sys S3 MSIRCOMM;Microsoft IR Communications Driver;C:\WINDOWS\system32\DRIVERS\MSIRCOMM.sys S3 NTSIM;NTSIM;??\C:\WINDOWS\system32\ntsim.sys S3 STIrUsb;Klucz szyfrujący SigmaTel USB-IrDA;C:\WINDOWS\system32\DRIVERS\irstusb.sys Contents of the ‘Scheduled Tasks’ folder 2007-07-24 12:55:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job ************************************************************************** catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-08-23 16:17:20 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes … scanning hidden registry entries … [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\A\1\5\1c] “Order”=hex:08,00,00,00,02,00,00,00,b8,01,00,00,01,00,00,00,04,00,00,00,8c,… scanning hidden files … scan completed successfully hidden files: 0 ************************************************************************** Completion time: 2007-08-23 16:19:27 - machine was rebooted C:\ComboFix-quarantined-files.txt … 2007-08-23 16:18 C:\ComboFix2.txt … 2007-08-13 12:12 — E O F —

A to logi HiJackts

Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:12:02, on 2007-08-23 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\Alwil Software\Avast4\setup\avast.setup C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.pl R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: adssite - {F31B3634-12AA-41ca-B021-0685C3B3E4CA} - C:\WINDOWS\system32\nsb2B.dll O4 - HKLM…\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM…\Run: [ATICCC] “C:\Program Files\ATI Technologies\ATI.ACE\cli.exe” runtime -Delay O4 - HKLM…\Run: [bearFlix] “C:\Program Files\BearFlix\bearflix.exe” /pause O4 - HKLM…\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM…\Run: [Zone Labs Client] “C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe” O4 - HKLM…\Run: [speedTouch USB Diagnostics] “C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe” /icon O4 - HKLM…\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM…\Run: [{FE-ED-DE-E9-ZN}] C:\Documents and Settings\xxxx\Ustawienia lokalne\Temp\TIP2D002.exe P2D002 O4 - HKUS\S-1-5-19…\RunOnce: [nlsf] cmd.exe /C move /Y “%SystemRoot%\System32\syssetub.dll” “%SystemRoot%\System32\syssetup.dll” (User ‘USŁUGA LOKALNA’) O4 - HKUS\S-1-5-19…\RunOnce: [nlhr] RunDll32.exe %SystemRoot%\System32\AdvPack.Dll,LaunchINFSection %SystemRoot%\inf\nlite.inf,C (User ‘USŁUGA LOKALNA’) O4 - HKUS\S-1-5-19…\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User ‘USŁUGA LOKALNA’) O4 - HKUS\S-1-5-20…\RunOnce: [nlsf] cmd.exe /C move /Y “%SystemRoot%\System32\syssetub.dll” “%SystemRoot%\System32\syssetup.dll” (User ‘USŁUGA SIECIOWA’) O4 - HKUS\S-1-5-18…\RunOnce: [nlsf] cmd.exe /C move /Y “%SystemRoot%\System32\syssetub.dll” “%SystemRoot%\System32\syssetup.dll” (User ‘SYSTEM’) O4 - HKUS.DEFAULT…\RunOnce: [nlsf] cmd.exe /C move /Y “%SystemRoot%\System32\syssetub.dll” “%SystemRoot%\System32\syssetup.dll” (User ‘Default user’) O4 - Startup: Internet ADSL.lnk = ? O4 - Startup: TA_Start.lnk = C:\Documents and Settings\xxxx\Ustawienia lokalne\Temp\TIP2D002.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra ‘Tools’ menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\system32\shdocvw.dll O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/ms … b31267.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Mi … b31267.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/ES-ES/a-U … E_UNO1.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me … b31267.cab O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/A … tPkMSN.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/sho … wflash.cab O17 - HKLM\System\CCS\Services\Tcpip…{7F638560-AF59-4758-B7EC-1622AC4F9D9F}: NameServer = 194.204.159.1 217.98.63.164 O17 - HKLM\System\CCS\Services\Tcpip…{FFA3DD19-5693-49AF-A486-1324EFBD2F81}: NameServer = 192.168.0.7 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe – End of file - 6610 bytes

Gutek · 23 Sierpień 2007 15:14

Pobierz program SDFix

dilbert · 23 Sierpień 2007 16:06

Zrobiłem tak jak kazałeś.

SDFix: Version 1.100 Run by Administrator on 2007-08-23 at 17:58 Microsoft Windows XP [Wersja 5.1.2600] Running From: C:\SDFix Safe Mode: Checking Services: Restoring Windows Registry Values Restoring Windows Default Hosts File Rebooting… Normal Mode: Checking Files: Trojan Files Found: C:\WINDOWS\system32\msnav32.ax - Deleted Removing Temp Files… ADS Check: C:\WINDOWS No streams found. C:\WINDOWS\system32 No streams found. C:\WINDOWS\system32\svchost.exe No streams found. C:\WINDOWS\system32\ntoskrnl.exe No streams found. Final Check: Remaining Services: ------------------ Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] Remaining Files: --------------- File Backups: - C:\SDFix\backups\backups.zip Files with Hidden Attributes: C:\WINDOWS\system32\config\SAM.tmp.LOG C:\WINDOWS\system32\config\SECURITY.tmp.LOG Finished

Gutek · 23 Sierpień 2007 16:13

Ok teraz nowy log z Combo

dilbert · 23 Sierpień 2007 16:39

Mówisz i masz:D

ComboFix 07-08-09.3 - “xxxx” 2007-08-23 18:34:33.3 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.239 [GMT 2:00] ((((((((((((((((((((((((( Files Created from 2007-07-23 to 2007-08-23 ))))))))))))))))))))))))))))))) 2007-08-23 18:09 2007-08-23 17:58 2007-08-19 14:26 2007-08-19 00:02 2007-08-19 00:02 2007-08-18 19:53 102,400 --a------ C:\WINDOWS\system32\unzip32.dll 2007-08-18 17:19 2,314,332 --a------ C:\WINDOWS\system32\LIBMMD.DLL 2007-08-18 11:40 2007-08-18 11:28 2007-08-18 11:28 2007-08-17 23:41 2007-08-17 23:41 2007-08-17 18:58 2007-08-17 11:46 2007-08-16 16:18 2007-08-14 22:54 2007-08-14 09:06 79,186 --a------ C:\WINDOWS\system32\adssite-remove.exe 2007-08-13 12:01 51,200 --a------ C:\WINDOWS\nircmd.exe 2007-08-12 18:04 2007-08-12 10:16 143,360 --a------ C:\WINDOWS\adiras.exe 2007-08-12 10:15 64,000 --a------ C:\WINDOWS\system32\drivers\e4ldr.sys 2007-08-12 10:15 50,007 --a------ C:\WINDOWS\system32\drivers\adildr.sys 2007-08-12 10:15 46,892 --a------ C:\WINDOWS\system32\ADADIX16.DLL 2007-08-12 10:15 4,981 --a------ C:\WINDOWS\system32\ADADIX2K.DLL 2007-08-12 10:15 24,576 --a------ C:\WINDOWS\enddisk32.exe 2007-08-12 10:15 22,395 --a------ C:\WINDOWS\system32\drivers\fpga.bin 2007-08-12 10:15 176,128 --a------ C:\WINDOWS\autoclk.exe 2007-08-12 10:15 155,648 --a------ C:\WINDOWS\system32\adadix32.dll 2007-08-12 10:15 152,220 --a------ C:\WINDOWS\system32\drivers\L1E4I2.BIN 2007-08-12 10:15 152,220 --a------ C:\WINDOWS\system32\drivers\L1E4I1.BIN 2007-08-12 10:15 152,220 --a------ C:\WINDOWS\system32\drivers\L1E4I0.BIN 2007-08-12 10:15 152,132 --a------ C:\WINDOWS\system32\drivers\L1E4P2.BIN 2007-08-12 10:15 152,132 --a------ C:\WINDOWS\system32\drivers\L1E4P1.BIN 2007-08-12 10:15 152,132 --a------ C:\WINDOWS\system32\drivers\L1E4P0.BIN 2007-08-12 10:15 152,126 --a------ C:\WINDOWS\system32\drivers\L1E9P2.BIN 2007-08-12 10:15 152,126 --a------ C:\WINDOWS\system32\drivers\L1E9P1.BIN 2007-08-12 10:15 152,126 --a------ C:\WINDOWS\system32\drivers\L1E9P0.BIN 2007-08-12 10:15 152,126 --a------ C:\WINDOWS\system32\drivers\L1E9I2.BIN 2007-08-12 10:15 152,126 --a------ C:\WINDOWS\system32\drivers\L1E9I1.BIN 2007-08-12 10:15 152,126 --a------ C:\WINDOWS\system32\drivers\L1E9I0.BIN 2007-08-12 10:15 152,036 --a------ C:\WINDOWS\system32\drivers\L1E4D2.BIN 2007-08-12 10:15 152,034 --a------ C:\WINDOWS\system32\drivers\L1E4D1.BIN 2007-08-12 10:15 152,034 --a------ C:\WINDOWS\system32\drivers\L1E4D0.BIN 2007-08-12 10:15 135,168 --a------ C:\WINDOWS\system32\unaddrv.exe 2007-08-12 10:15 127,456 --a------ C:\WINDOWS\system32\IPDETECT.EXE 2007-08-12 10:15 126,976 --a------ C:\WINDOWS\system32\coclassfast.dll 2007-08-12 10:15 126,489 --a------ C:\WINDOWS\system32\drivers\adiusbaw.sys 2007-08-12 10:15 116,992 --a------ C:\WINDOWS\system32\drivers\e4usbaw.sys 2007-08-12 10:15 2007-08-12 10:13 2007-08-09 19:41 2007-07-26 20:12 2007-07-25 15:38 (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-08-23 18:04 4212 —h----- C:\WINDOWS\system32\zllictbl.dat 2007-08-20 17:17 --------- d–h----- C:\Program Files\InstallShield Installation Information 2007-08-20 17:17 --------- d-------- C:\DOCUME~1\xxxx\DANEAP~1\COWON 2007-08-18 11:28 --------- d-------- C:\Program Files\Skype 2007-08-17 20:06 --------- d-------- C:\Program Files\Ahead 2007-08-12 10:16 33 --a------ C:\WINDOWS\system32\drivers\adidsl.cfg 2007-08-05 14:46 --------- d-------- C:\DOCUME~1\xxxx\DANEAP~1\Cream Software 2007-07-28 00:07 783224 --a------ C:\WINDOWS\system32\aswBoot.exe 2007-07-28 00:02 94416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys 2007-07-28 00:02 92848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys 2007-07-28 00:00 23152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys 2007-07-27 23:59 42912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys 2007-07-27 23:58 26624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys 2007-07-27 23:57 95608 --a------ C:\WINDOWS\system32\AVASTSS.scr 2007-07-25 16:20 --------- d-------- C:\Program Files\Winamp 2007-07-17 18:28 --------- d-------- C:\Program Files\SHOUTcast 2007-07-03 21:50 --------- d-------- C:\Program Files\BearShare 2007-06-26 16:53 668160 --a–c— C:\WINDOWS\system32\dllcache\wininet.dll 2007-06-26 15:57 851968 --a–c— C:\WINDOWS\system32\dllcache\vgx.dll 2007-06-26 08:10 1104896 --a–c— C:\WINDOWS\system32\dllcache\msxml3.dll 2007-06-26 08:10 1104896 --a------ C:\WINDOWS\system32\msxml3.dll 2007-06-19 15:32 282112 --a–c— C:\WINDOWS\system32\dllcache\gdi32.dll 2007-06-19 15:32 282112 --a------ C:\WINDOWS\system32\gdi32.dll 2007-06-15 10:14 96768 --a–c— C:\WINDOWS\system32\dllcache\inseng.dll 2007-06-15 10:14 617984 --a–c— C:\WINDOWS\system32\dllcache\urlmon.dll 2007-06-15 10:14 55808 --a–c— C:\WINDOWS\system32\dllcache\extmgr.dll 2007-06-15 10:14 532480 --a–c— C:\WINDOWS\system32\dllcache\mstime.dll 2007-06-15 10:14 474112 --a–c— C:\WINDOWS\system32\dllcache\shlwapi.dll 2007-06-15 10:14 449024 --a–c— C:\WINDOWS\system32\dllcache\mshtmled.dll 2007-06-15 10:14 39424 --a–c— C:\WINDOWS\system32\dllcache\pngfilt.dll 2007-06-15 10:14 357888 --a–c— C:\WINDOWS\system32\dllcache\dxtmsft.dll 2007-06-15 10:14 3085312 --a–c— C:\WINDOWS\system32\dllcache\mshtml.dll 2007-06-15 10:14 251904 --a–c— C:\WINDOWS\system32\dllcache\iepeers.dll 2007-06-15 10:14 205824 --a–c— C:\WINDOWS\system32\dllcache\dxtrans.dll 2007-06-15 10:14 16384 --a–c— C:\WINDOWS\system32\dllcache\jsproxy.dll 2007-06-15 10:14 151552 --a–c— C:\WINDOWS\system32\dllcache\cdfview.dll 2007-06-15 10:14 1498112 --a–c— C:\WINDOWS\system32\dllcache\shdocvw.dll 2007-06-15 10:14 146432 --a–c— C:\WINDOWS\system32\dllcache\msrating.dll 2007-06-15 10:14 1055744 --a–c— C:\WINDOWS\system32\dllcache\danim.dll 2007-06-15 10:14 1022976 --a–c— C:\WINDOWS\system32\dllcache\browseui.dll 2007-06-14 12:32 18432 --a–c— C:\WINDOWS\system32\dllcache\iedw.exe 2007-06-13 15:23 1034752 --a------ C:\WINDOWS\explorer.exe 2007-06-13 15:23 1034752 -----c— C:\WINDOWS\system32\dllcache\explorer.exe 2007-05-28 15:55 64226 --a------ C:\WINDOWS\system32\perfc015.dat 2007-05-28 15:55 429612 --a------ C:\WINDOWS\system32\perfh015.dat 2001-11-23 06:08 712704 -ra–c— C:\WINDOWS\inf\OTHER\AUDIO3D.DLL 2000-01-13 09:58 59510 --------- C:\Program Files\setup.ins ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “HP Software Update”=“C:\Program Files\HP\HP Software Update\HPWuSchd2.exe” [2006-02-19 03:41] “ATICCC”=“C:\Program Files\ATI Technologies\ATI.ACE\cli.exe” [2006-01-02 17:41] “WinampAgent”=“C:\Program Files\Winamp\winampa.exe” [2007-05-19 11:39] “Zone Labs Client”=“C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe” [2006-08-24 00:38] “avast!”=“C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [2007-07-28 00:03] [HKEY_USERS.default\software\microsoft\windows\currentversion\runonce] “nlsf”=cmd.exe /C move /Y “%SystemRoot%\System32\syssetub.dll” “%SystemRoot%\System32\syssetup.dll” “nlhr”=RunDll32.exe %SystemRoot%\System32\AdvPack.Dll,LaunchINFSection %SystemRoot%\inf\nlite.inf,C “tscuninstall”=%systemroot%\system32\tscupgrd.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] “NoShellSearchButton”=0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] “NoLowDiskSpaceChecks”=0 (0x0) “NoUserNameInStartMenu”=0 (0x0) “NoTrayContextMenu”=0 (0x0) R0 viamraid;viamraid;C:\WINDOWS\system32\DRIVERS\viamraid.sys R1 papycpu;papycpu;C:\WINDOWS\system32\drivers\papycpu.sys R1 papyjoy;papyjoy;C:\WINDOWS\system32\drivers\papyjoy.sys R1 UserPort;UserPort;C:\WINDOWS\system32\Drivers\UserPort.sys R2 CDRPDACC;Quinnware CDDA Driver (by InfinaDyne);??\C:\Program Files\Quintessential Player\cdrpdacc.sys R2 Vcs;Vcs support;??\C:\WINDOWS\system32\Drivers\Vcs.sys R3 cmuda;C-Media WDM Audio Interface;C:\WINDOWS\system32\drivers\cmuda.sys R3 e4usbaw;USB ADSL2 WAN Adapter;C:\WINDOWS\system32\DRIVERS\e4usbaw.sys R3 FETNDISB;VIA Rhine Family Fast Ethernet Adapter Driver Service;C:\WINDOWS\system32\DRIVERS\fetnd5b.sys S2 IKANLOADER2;General Purpose USB Driver (e4ldr.sys);C:\WINDOWS\system32\Drivers\e4ldr.sys S3 alcan5wn;SpeedTouch USB ADSL PPP Networking Driver (NDISWAN);C:\WINDOWS\system32\DRIVERS\alcan5wn.sys S3 ASFWHide;ASFWHide;??\C:\DOCUME~1\xxxx\USTAWI~1\Temp\ASFWHide S3 AvFlt;Antivirus Filter Driver;C:\WINDOWS\system32\drivers\av5flt.sys S3 FETNDIS;Sterownik NT karty VIA PCI 10/100Mb Fast Ethernet;C:\WINDOWS\system32\DRIVERS\fetnd5.sys S3 GVCplDrv;GVCplDrv;C:\WINDOWS\system32\drivers\GVCplDrv.sys S3 KS-959;Kingsun KS-959 USB Infrared Adapter;C:\WINDOWS\system32\DRIVERS\KS-959.sys S3 MSIRCOMM;Microsoft IR Communications Driver;C:\WINDOWS\system32\DRIVERS\MSIRCOMM.sys S3 NTSIM;NTSIM;??\C:\WINDOWS\system32\ntsim.sys S3 STIrUsb;Klucz szyfrujący SigmaTel USB-IrDA;C:\WINDOWS\system32\DRIVERS\irstusb.sys Contents of the ‘Scheduled Tasks’ folder 2007-07-24 12:55:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job ************************************************************************** catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-08-23 18:36:05 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes … scanning hidden registry entries … [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\A\1\5\1c] “Order”=hex:08,00,00,00,02,00,00,00,b8,01,00,00,01,00,00,00,04,00,00,00,8c,… scanning hidden files … scan completed successfully hidden files: 0 ************************************************************************** Completion time: 2007-08-23 18:37:13 C:\ComboFix-quarantined-files.txt … 2007-08-23 18:36 C:\ComboFix2.txt … 2007-08-23 16:19 C:\ComboFix3.txt … 2007-08-13 12:12 — E O F —

Gutek · 23 Sierpień 2007 16:46

Powinno być Ok