Mam taki problem jak wcześniej przed formatem.Format robiłem 2 tygodnie temu i z dnia na dzień co raz wolniej odpalał,film z partycji na partycję trwa po 5 minut lub więcej fakt ,że z dysku na drugi dysk bo mam 2 ale to nigdy mu nie przeszkadzało,strony internetowe raz chodzą raz nie,dziś mi nie chciał się włączyć monitor czy czeka mnie następny format.Już nie wiem co z nim mam robić nowy nie jest ale nie stać mnie na nowy.Wyczyściłem go CCleaner i nic lepiej.A to dane z Everest.

System operacyjny Microsoft Windows XP Professional

Dodatek service pack systemu operacyjnego Dodatek Service Pack 2

Typ procesora Intel Pentium 4, 2579 MHz (13 x 198)

Pamięć fizyczna 512 MB (PC3200 DDR SDRAM)

Karta wideo RADEON 9200 SE Family (Microsoft Corporation) (128 MB)

A oto login i prośba o sprawdzenie.

Logfile of HijackThis v1.99.1

Scan saved at 18:28:20, on 2008-07-14

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16674)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\RunDll32.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\Program Files\ivo\UniSpiker-2.6\uni_spiker-2.6.exe

C:\Program Files\NAPI-PROJEKT\napisy.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Gadu-Gadu\gg.exe

C:\Program Files\Winamp\winamp.exe

C:\Program Files\Lavalys\EVEREST Home Edition\everest.bin

H:\Instalki ostatnie\hikackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM…\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM…\Run: [GrooveMonitor] “C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe”

O4 - HKLM…\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM…\Run: [!AVG Anti-Spyware] “C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe” /minimized

O4 - HKLM…\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU…\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background

O4 - HKCU…\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Dane aplikacji\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html

O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra ‘Tools’ menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

W logu nic nie widzę

Pokaż log z Combofix

W dniu 14.07.2008 , o godzinie 19:03 został dopisany post przez huber2t

W logu nic nie widzę

Pokaż log z Combofix

Daj log z -----> ComboFix

W logu nic nie widzę

Pokaż log z Combofix

Za chwilę dam tylko się podszkolę w tym

W dniu 14.07.2008 , o godzinie 20:17 został dopisany post przez Błażej69

Przepraszam ale stanął mi cały system i nic nie można było zrobić.Przesyłam log

ComboFix 08-07-13.14 - Andrzej 2008-07-14 20:08:52.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.159 [GMT 2:00]

Running from: C:\Documents and Settings\Andrzej\Pulpit\ComboFix.exe

* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED

.

ADS - svchost.exe: deleted 68 bytes in 1 streams.

ADS - ntoskrnl.exe: deleted 36 bytes in 1 streams.

ADS - explorer.exe: deleted 36 bytes in 1 streams.

((((((((((((((((((((((((( Files Created from 2008-06-14 to 2008-07-14 )))))))))))))))))))))))))))))))

.

2008-07-14 18:26 . 2008-07-14 18:26

2008-07-14 18:26 . 1999-01-20 05:01 210,032 --a------ C:\WINDOWS\system32\DBCLIENT.DLL

2008-07-14 18:26 . 1999-11-12 05:11 183,808 --a------ C:\WINDOWS\system32\BDEADMIN.CPL

2008-07-14 18:16 . 2008-07-14 18:16

2008-07-13 18:46 . 2008-07-13 18:46

2008-07-13 18:46 . 2008-07-13 18:46

2008-07-13 08:56 . 2008-07-13 08:56

2008-07-10 13:39 . 2008-07-10 13:39

2008-07-10 03:03 . 2008-07-10 03:03

2008-07-09 19:45 . 2008-07-09 19:55

2008-07-09 19:45 . 2008-07-12 22:35

2008-07-09 16:46 . 2008-07-09 16:47

2008-07-08 22:23 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll

2008-07-08 22:23 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll

2008-07-08 22:23 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui

2008-07-08 19:39 . 2008-07-08 19:39

2008-07-08 19:39 . 2008-07-08 19:39

2008-07-07 22:11 . 2008-07-07 22:11

2008-07-07 22:11 . 2008-07-07 22:11

2008-07-07 22:11 . 2007-05-30 14:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys

2008-07-07 22:10 . 2008-07-07 22:10

2008-07-07 17:39 . 2004-08-03 23:08 26,496 --a–c— C:\WINDOWS\system32\dllcache\usbstor.sys

2008-07-06 07:29 . 2008-07-06 07:29

2008-07-05 18:03 . 2008-07-05 18:11

2008-07-05 14:54 . 2008-07-05 17:08

2008-07-05 14:52 . 2008-07-05 14:52

2008-07-05 14:52 . 2008-07-05 14:52

2008-07-05 14:52 . 2004-01-25 17:49 303,104 --a------ C:\WINDOWS\system32\RealMediaSplitter.ax

2008-07-05 12:14 . 2006-10-26 19:56 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll

2008-07-05 12:12 . 2008-07-05 12:12

2008-07-05 12:12 . 2008-07-05 12:12

2008-07-05 12:08 . 2008-07-05 12:12

2008-07-05 12:08 . 2008-07-10 03:05

2008-07-05 12:07 . 2008-07-05 12:07

2008-07-04 23:07 . 2008-07-04 23:07

2008-07-04 23:07 . 2008-07-04 23:07 4 --a------ C:\WINDOWS\system32\proc625010911.bin

2008-07-04 13:44 . 2008-07-04 13:44

2008-07-04 13:43 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys

2008-07-04 13:43 . 2004-08-03 23:01 25,856 --a–c— C:\WINDOWS\system32\dllcache\usbprint.sys

2008-07-03 12:10 . 2007-04-17 11:32 2,455,488 -----c— C:\WINDOWS\system32\dllcache\ieapfltr.dat

2008-07-03 12:10 . 2007-03-08 07:11 1,036,288 -----c— C:\WINDOWS\system32\dllcache\ieframe.dll.mui

2008-07-03 12:10 . 2008-04-23 09:20 459,264 -----c— C:\WINDOWS\system32\dllcache\msfeeds.dll

2008-07-03 12:10 . 2008-04-23 09:20 383,488 -----c— C:\WINDOWS\system32\dllcache\ieapfltr.dll

2008-07-03 12:10 . 2008-04-23 09:20 267,776 -----c— C:\WINDOWS\system32\dllcache\iertutil.dll

2008-07-03 12:10 . 2008-04-22 09:39 13,824 -----c— C:\WINDOWS\system32\dllcache\ieudinit.exe

2008-07-03 12:09 . 2008-04-23 09:20 6,066,176 -----c— C:\WINDOWS\system32\dllcache\ieframe.dll

2008-07-03 12:09 . 2008-04-23 09:20 63,488 -----c— C:\WINDOWS\system32\dllcache\icardie.dll

2008-07-03 12:09 . 2008-04-23 09:20 52,224 -----c— C:\WINDOWS\system32\dllcache\msfeedsbs.dll

2008-07-02 20:00 . 2008-07-02 20:00

2008-07-02 19:06 . 2008-07-04 23:07 1,670 --a------ C:\WINDOWS\mozver.dat

2008-07-02 19:03 . 2008-07-02 19:03 0 --a------ C:\WINDOWS\nsreg.dat

2008-07-02 18:43 . 2008-07-02 18:43

2008-07-02 17:34 . 2008-07-02 17:34

2008-07-02 17:34 . 2008-07-02 17:34

2008-07-02 17:32 . 2008-07-02 17:35

2008-07-02 17:32 . 2008-07-02 17:36

2008-07-02 14:59 . 2008-07-02 14:59

2008-07-02 14:56 . 2008-06-14 20:01 273,024 --------- C:\WINDOWS\system32\drivers\bthport.sys

2008-07-02 14:56 . 2008-06-14 20:01 273,024 -----c— C:\WINDOWS\system32\dllcache\bthport.sys

2008-07-02 14:36 . 2008-07-09 09:02

2008-07-02 14:36 . 2006-09-06 17:43 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe

2008-07-02 14:32 . 2008-07-02 14:32

2008-07-02 14:28 . 2007-04-10 14:01 337,792 -----c— C:\WINDOWS\system32\dllcache\WgaTray.exe

2008-07-02 14:28 . 2007-04-10 14:01 236,928 -----c— C:\WINDOWS\system32\dllcache\WgaLogon.dll

2008-07-02 14:25 . 2008-07-02 14:41

2008-07-02 14:13 . 2008-07-02 14:13

2008-07-02 14:09 . 2008-07-02 14:09

2008-07-02 14:09 . 2008-07-02 14:09

2008-07-02 14:08 . 2008-07-06 07:31

2008-07-02 14:07 . 2008-07-05 12:00

2008-07-02 14:07 . 2008-07-03 20:07

2008-07-02 14:04 . 2008-07-05 18:30

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-07-07 20:10 --------- d-----w C:\Program Files\Common Files\Symantec Shared

2008-07-07 20:06 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Symantec

2008-07-02 13:56 --------- d-----w C:\Documents and Settings\Andrzej\Dane aplikacji\Symantec

2008-07-02 13:45 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files

2008-07-02 13:17 --------- d-----w C:\Program Files\ffdshow

2008-07-02 13:06 --------- d-----w C:\Program Files\ivo

2008-07-02 11:57 --------- d–h--w C:\Program Files\InstallShield Installation Information

2008-07-02 11:57 --------- d-----w C:\Program Files\Common Files\InstallShield

2008-07-02 11:57 --------- d-----w C:\Program Files\C-Media 3D Audio

2008-07-02 11:54 --------- d-----w C:\Program Files\Intel

2008-07-02 11:45 --------- d-----w C:\Program Files\microsoft frontpage

2008-07-02 11:43 --------- d-----w C:\Program Files\Usługi online

2008-06-20 17:42 246,784 ----a-w C:\WINDOWS\system32\mswsock.dll

2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys

2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys

2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys

2008-05-07 05:16 1,291,264 ----a-w C:\WINDOWS\system32\quartz.dll

2008-04-23 07:20 826,368 ----a-w C:\WINDOWS\system32\wininet.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“CTFMON.EXE”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-04 00:44 15360]

“MSMSGS”=“C:\Program Files\Messenger\msmsgs.exe” [2004-10-13 18:24 1694208]

“swg”=“C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe” [2008-07-02 14:32 171448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“GrooveMonitor”=“C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe” [2006-10-27 00:47 31016]

“avast!”=“C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [2008-05-16 01:19 79224]

“!AVG Anti-Spyware”=“C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe” [2007-06-11 11:25 6731312]

[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

“CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE” [2004-08-04 00:44 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

“AntiVirusOverride”=dword:00000001

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

“%windir%\system32\sessmgr.exe”=

“C:\Program Files\Gadu-Gadu\gg.exe”=

“%windir%\Network Diagnostic\xpnetdiag.exe”=

“C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE”=

“C:\Program Files\Microsoft Office\Office12\GROOVE.EXE”=

“C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE”=

“C:\Program Files\WapSter\AQQ\AQQ.exe”=

“C:\PROGRA~1\WapSter\AQQ\AQQ.exe”=

“C:\Program Files\uTorrent\uTorrent.exe”=

“C:\Program Files\Ares\Ares.exe”=

“C:\Program Files\Messenger\msmsgs.exe”=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20]

R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]

*Newly Created Service* - CATCHME

.

• • • • ORPHANS REMOVED - - - -

HKLM-Run-Cmaudio - cmicnfg.cpl

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-07-14 20:10:37

Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes …

scanning hidden autostart entries …

scanning hidden files …

**************************************************************************

.

Completion time: 2008-07-14 20:12:52

ComboFix-quarantined-files.txt 2008-07-14 18:11:46

Pre-Run: 38,449,942,528 bajtów wolnych

Post-Run: 38,443,048,960 bajtów wolnych

153

Pobierz ComboFix, ale nie uruchamiaj

Wklej do notatnika:

Folder::

C:\found.000

Plik -> zapisz jako -> CFScript.txt (najwygodniej będzie, jeśli zapiszesz w takiej lokalizacji, by ikonka CFScript.txt znalazła się obok ikonki ComboFix.exe )

Przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe tak jak tu ->

Rozpocznie się usuwanie i powstanie log, który dasz na forum.

Logi dajesz na http://wklejto.pl a w poście dajesz tylko link