Zamulony komputer +log z HJT


(Ziutekzul) #1

Witam potrzebuje pomocy, od jakiegos moj pecet strasznie zamula, na przyklad jak slucham muzyki i odpalam jakis inny program to muzyka zaczyna wyraznie sie zacinac co to moze być? daje logi z Hijcak`a

Logfile of HijackThis v1.99.1

Scan saved at 20:55:49, on 2007-04-21

Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)


Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Winamp\winampa.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\System32\RunDll32.exe

C:\Program Files\ewido\security suite\ewidoctrl.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Gadu-Gadu\gg.exe

C:\Documents and Settings\Kuba\Pulpit\HijackThis.exe


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.skynet.be/search

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon

O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray

O10 - Unknown file in Winsock LSP: c:\windows\system32\drwebsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\drwebsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\drwebsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\drwebsp.dll

O17 - HKLM\System\CCS\Services\Tcpip\..\{1D01457A-0B16-4876-843C-7962C2490F94}: NameServer = 85.255.114.11 85.255.112.234

O17 - HKLM\System\CCS\Services\Tcpip\..\{6B1EEF05-E540-4552-8BD1-351ECDAB7183}: NameServer = 85.255.114.11,85.255.112.234

O17 - HKLM\System\CCS\Services\Tcpip\..\{CE30052F-E4C6-4209-A166-CEB36A194236}: NameServer = 85.255.114.11,85.255.112.234

O17 - HKLM\System\CS1\Services\Tcpip\..\{1D01457A-0B16-4876-843C-7962C2490F94}: NameServer = 85.255.114.11 85.255.112.234

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe

O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\System32\oodag.exe

O23 - Service: SpIDer Guard for Windows NT (spidernt) - Doctor Web, Ltd. - C:\PROGRA~1\DrWeb\SpiderNT.exe

Prosze o jak najszybszą pomoc, dzieki z gory :wink:

Chcialbym jeszcze dodac ze uzywalem jv16 do czyszczenia rejestrow i Ccleaner'a prubowalem takze O&O Defrag'a ale nie umiem sie nim obslugiwac ;p

Złączono Posta : 21.04.2007 (Sob) 22:05

Fajnie ze ktos mi pomogl... :frowning: :frowning: :frowning:


(qrczak13) #2

Zafiksuj w HJT.

Użyj FixWareOut

Po tym daj log z SilentRunners oraz zawartość pliku c:\fixwareout\report.txt


(Ziutekzul) #3

Voila oto logi z poszczegolnych oprogramow

HJT

Logfile of HijackThis v1.99.1

Scan saved at 11:21:36, on 2007-04-22

Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)


Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\ewido\security suite\ewidoctrl.exe

C:\WINDOWS\System32\oodag.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\WINDOWS\system32\notepad.exe

C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe

C:\Program Files\Winamp\winampa.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\System32\RunDll32.exe

C:\WINDOWS\System32\WScript.exe

C:\Documents and Settings\Kuba\Pulpit\HijackThis.exe


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.skynet.be/search

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon

O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray

O10 - Unknown file in Winsock LSP: c:\windows\system32\drwebsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\drwebsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\drwebsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\drwebsp.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe

O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\System32\oodag.exe

O23 - Service: SpIDer Guard for Windows NT (spidernt) - Doctor Web, Ltd. - C:\PROGRA~1\DrWeb\SpiderNT.exe

Silent Runners

"Silent Runners.vbs", revision R50, http://www.silentrunners.org/

Operating System: Windows XP

Output limited to non-default values, except where indicated by "{++}"



Startup items buried in registry:

---------------------------------


HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}

"MsnMsgr" = ""C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background" [MS]

"Gadu-Gadu" = ""C:\Program Files\Gadu-Gadu\gg.exe" /tray" ["Gadu-Gadu S.A."]


HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}

"SpeedTouch USB Diagnostics" = ""C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon" ["THOMSON Telecom Belgium"]

"WinampAgent" = "C:\Program Files\Winamp\winampa.exe" [null data]

"avast!" = "C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" ["ALWIL Software"]

"Cmaudio" = "RunDll32 cmicnfg.cpl,CMICtrlWnd" [MS]

"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup" [MS]


HKLM\Software\Microsoft\Active Setup\Installed Components\

{306D6C21-C1B6-4629-986C-E59E1875B8AF}\(Default) = (no title provided)

                                       \StubPath = ""C:\WINDOWS\System32\rundll32.exe" "C:\Program Files\Messenger\msgsc.dll",ShowIconsUser" [MS]


HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)

  -> {HKLM...CLSID} = "AcroIEHlprObj Class"

                   \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)

  -> {HKLM...CLSID} = "SSVHelper Class"

                   \InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."]


HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"

  -> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"

                   \InProcServer32\(Default) = "deskpan.dll" [file not found]

"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"

  -> {HKLM...CLSID} = "HyperTerminal Icon Ext"

                   \InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]

"{472083B0-C522-11CF-8763-00608CC02F24}" = "avast"

  -> {HKLM...CLSID} = "avast"

                   \InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]

"{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D}" = "Messenger Sharing Folders"

  -> {HKLM...CLSID} = "Moje foldery udostępniania"

                   \InProcServer32\(Default) = "C:\Program Files\MSN Messenger\fsshext.8.0.0812.00.dll" [MS]

"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

"{e7593602-124b-47c9-9f73-a69308edc973}" = "Shell Extension for DrWeb"

  -> {HKLM...CLSID} = "Shell Extension for DrWeb"

                   \InProcServer32\(Default) = "C:\Program Files\DrWeb\drwsxtn.dll" ["Doctor Web, Ltd."]

"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"

  -> {HKLM...CLSID} = "Portable Media Devices Menu"

                   \InProcServer32\(Default) = "C:\WINDOWS\System32\Audiodev.dll" [MS]

"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"

  -> {HKLM...CLSID} = "DesktopContext Class"

                   \InProcServer32\(Default) = "C:\WINDOWS\System32\nvcpl.dll" ["NVIDIA Corporation"]

"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"

  -> {HKLM...CLSID} = "NVIDIA CPL Extension"

                   \InProcServer32\(Default) = "C:\WINDOWS\System32\nvcpl.dll" ["NVIDIA Corporation"]

"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"

  -> {HKLM...CLSID} = "Desktop Explorer"

                   \InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]

"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"

  -> {HKLM...CLSID} = (no title provided)

                   \InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]

"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"

  -> {HKLM...CLSID} = "nView Desktop Context Menu"

                   \InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]


HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\

<> "{54D9498B-CF93-414F-8984-8CE7FDE0D391}" = "ewido shell guard"

  -> {HKLM...CLSID} = "CShellExecuteHookImpl Object"

                   \InProcServer32\(Default) = "C:\Program Files\ewido\security suite\shellhook.dll" ["TODO: "]


HKLM\System\CurrentControlSet\Control\Session Manager\

<> "BootExecute" = "autocheck autochk *"|"OODBS" ["O&O Software GmbH"]


HKLM\Software\Classes\*\shellex\ContextMenuHandlers\

avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"

  -> {HKLM...CLSID} = "avast"

                   \InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]

DrWMenuHandlers\(Default) = "{e7593602-124b-47c9-9f73-a69308edc973}"

  -> {HKLM...CLSID} = "Shell Extension for DrWeb"

                   \InProcServer32\(Default) = "C:\Program Files\DrWeb\drwsxtn.dll" ["Doctor Web, Ltd."]

ewido\(Default) = "{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E}"

  -> {HKLM...CLSID} = "Ctest Object"

                   \InProcServer32\(Default) = "C:\Program Files\ewido\security suite\context.dll" ["ewido networks"]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]


HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\

ewido\(Default) = "{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E}"

  -> {HKLM...CLSID} = "Ctest Object"

                   \InProcServer32\(Default) = "C:\Program Files\ewido\security suite\context.dll" ["ewido networks"]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]


HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\

avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"

  -> {HKLM...CLSID} = "avast"

                   \InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]

DrWMenuHandlers\(Default) = "{e7593602-124b-47c9-9f73-a69308edc973}"

  -> {HKLM...CLSID} = "Shell Extension for DrWeb"

                   \InProcServer32\(Default) = "C:\Program Files\DrWeb\drwsxtn.dll" ["Doctor Web, Ltd."]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]



Group Policies {GPedit.msc branch and setting}:

-----------------------------------------------


Note: detected settings may not have any effect.


HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\


"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

Shutdown: Allow system to be shut down without having to log on}


"undockwithoutlogon" = (REG_DWORD) hex:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

Devices: Allow undock without having to log on}



Active Desktop and Wallpaper:

-----------------------------


Active Desktop may be disabled at this entry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState


Displayed if Active Desktop enabled and wallpaper not set by Group Policy:

HKCU\Software\Microsoft\Internet Explorer\Desktop\General\

"Wallpaper" = "C:\WINDOWS\Web\Wallpaper\Idylla.bmp"


Displayed if Active Desktop disabled and wallpaper not set by Group Policy:

HKCU\Control Panel\Desktop\

"Wallpaper" = "C:\WINDOWS\Web\Wallpaper\Idylla.bmp"



Enabled Screen Saver:

---------------------


HKCU\Control Panel\Desktop\

"SCRNSAVE.EXE" = "C:\WINDOWS\System32\logon.scr" [MS]



Winsock2 Service Provider DLLs:

-------------------------------


Namespace Service Providers


HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}

000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]

000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]


Transport Service Providers


HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}

0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:

%SystemRoot%\system32\DRWEBSP.DLL ["Doctor Web, Ltd."], 01 - 04

%SystemRoot%\system32\mswsock.dll [MS], 05 - 07, 10 - 21

%SystemRoot%\system32\rsvpsp.dll [MS], 08 - 09



Running Services (Display Name, Service Name, Path {Service DLL}):

------------------------------------------------------------------


avast! Antivirus, avast! Antivirus, ""C:\Program Files\Alwil Software\Avast4\ashServ.exe"" ["ALWIL Software"]

avast! iAVS4 Control Service, aswUpdSv, ""C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"" ["ALWIL Software"]

avast! Mail Scanner, avast! Mail Scanner, ""C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service" ["ALWIL Software"]

avast! Web Scanner, avast! Web Scanner, ""C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service" ["ALWIL Software"]

ewido security suite control, ewido security suite control, "C:\Program Files\ewido\security suite\ewidoctrl.exe" ["ewido networks"]

O&O Defrag, O&O Defrag, "C:\WINDOWS\System32\oodag.exe" ["O&O Software GmbH"]



----------

<>: Suspicious data at a malware launch point.


+ This report excludes default entries except where indicated.

+ To see *everywhere* the script checks and *everything* it finds,

  launch it from a command prompt or a shortcut with the -all parameter.

+ The search for DESKTOP.INI DLL launch points on all local fixed drives

  took 205 seconds.

---------- (total run time: 1732 seconds)

FixWareOut

»»»»» Misc files. 

....

»»»»» Checking for older varients.

....


Search five digit cs, dm, kd, jb, other, files.

The following files NEED TO BE SUBMITTED to one of the following URL'S for further inspection. 




Click browse, find the file then click submit.

http://www.virustotal.com/flash/index_en.html

Or http://virusscan.jotti.org/


»»»»» Other

C:\WINDOWS\Temp\kdneg.ren 63147 2002-09-20 




»»»»» Current runs 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SpeedTouch USB Diagnostics"="\"C:\\Program Files\\Thomson\\SpeedTouch USB\\Dragdiag.exe\" /icon"

"WinampAgent"="C:\\Program Files\\Winamp\\winampa.exe"

"avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"

"Cmaudio"="RunDll32 cmicnfg.cpl,CMICtrlWnd"

"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"

"Gadu-Gadu"="\"C:\\Program Files\\Gadu-Gadu\\gg.exe\" /tray"

....

Hosts file was reset, If you use a custom hosts file please replace it

»»»»» End report »»»»»

Niestety komputer dalej ciezko chodzi wystarczy ze sprawdzicie ile czasu dzialal Silent.


(adam9870) #4

Użyj programu ATF Cleaner i przeczyść TEMP'y.

Czas, w którym został wygenerowany log z Silenta tak naprawdę o niczym nie świadczy. Raz log jest tworzony pół minuty, a raz nawet 5 minut.

Przejrzyj XP - Optymalizacja, odchudzanie dla trochę bardziej zaawansowanych. Lub Optymalizacja i odchudzanie Windowsa XP dla trochę mniej zaawansowanych.


(Ziutekzul) #5

Czyli logi z Silenta i innych programow są czyste? a co do Opymalizacji XP to nie wiem bo to sie stalo tak jakos z dnia na dzien wiec nie wiem czy to cos da? :roll: tylko to mi moze pomoc?


(Joan Sunshine) #6

tak, są czyste. zrób skan ewido po update i daj raport


(Ziutekzul) #7
---------------------------------------------------------

ewido anti-spyware - Scan Report

---------------------------------------------------------


 + Created at:	19:35:53 2007-04-22


 + Scan result:	




HKLM\SOFTWARE\Classes\DirectVideo -> Adware.Generic : Cleaned.

HKLM\SOFTWARE\Classes\DirectVideo\CLSID -> Adware.Generic : Cleaned.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DirectVideo -> Adware.Generic : Cleaned.

HKU\S-1-5-21-343818398-573735546-725345543-1003\Software\DirectVideo -> Adware.Generic : Cleaned.

C:\WINDOWS\system32\lnternat.exe -> Backdoor.Rbot : Cleaned.

C:\WINDOWS\pwr.exe -> Downloader.Adload.fu : Cleaned.

C:\WINDOWS\pwrs.exe -> Downloader.Adload.fu : Cleaned.

C:\WINDOWS\system32\logon.exe -> Dropper.Pakes : Cleaned.

C:\WINDOWS\system32\nigho.exe -> Proxy.Ranky.gi : Cleaned.

:mozilla.94:C:\Documents and Settings\Kuba\Dane aplikacji\Mozilla\Firefox\Profiles\fqmc5t8e.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.60:C:\Documents and Settings\Kuba\Dane aplikacji\Mozilla\Firefox\Profiles\fqmc5t8e.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.

:mozilla.61:C:\Documents and Settings\Kuba\Dane aplikacji\Mozilla\Firefox\Profiles\fqmc5t8e.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.

:mozilla.62:C:\Documents and Settings\Kuba\Dane aplikacji\Mozilla\Firefox\Profiles\fqmc5t8e.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.

:mozilla.63:C:\Documents and Settings\Kuba\Dane aplikacji\Mozilla\Firefox\Profiles\fqmc5t8e.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.

:mozilla.64:C:\Documents and Settings\Kuba\Dane aplikacji\Mozilla\Firefox\Profiles\fqmc5t8e.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.

:mozilla.65:C:\Documents and Settings\Kuba\Dane aplikacji\Mozilla\Firefox\Profiles\fqmc5t8e.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.

:mozilla.23:C:\Documents and Settings\Kuba\Dane aplikacji\Mozilla\Firefox\Profiles\fqmc5t8e.default\cookies.txt -> TrackingCookie.Adocean : Cleaned.

:mozilla.24:C:\Documents and Settings\Kuba\Dane aplikacji\Mozilla\Firefox\Profiles\fqmc5t8e.default\cookies.txt -> TrackingCookie.Adocean : Cleaned.

:mozilla.32:C:\Documents and Settings\Kuba\Dane aplikacji\Mozilla\Firefox\Profiles\fqmc5t8e.default\cookies.txt -> TrackingCookie.Adocean : Cleaned.

:mozilla.33:C:\Documents and Settings\Kuba\Dane aplikacji\Mozilla\Firefox\Profiles\fqmc5t8e.default\cookies.txt -> TrackingCookie.Adocean : Cleaned.

:mozilla.49:C:\Documents and Settings\Kuba\Dane aplikacji\Mozilla\Firefox\Profiles\fqmc5t8e.default\cookies.txt -> TrackingCookie.Adocean : Cleaned.

:mozilla.50:C:\Documents and Settings\Kuba\Dane aplikacji\Mozilla\Firefox\Profiles\fqmc5t8e.default\cookies.txt -> TrackingCookie.Adocean : Cleaned.

:mozilla.95:C:\Documents and Settings\Kuba\Dane aplikacji\Mozilla\Firefox\Profiles\fqmc5t8e.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.

:mozilla.96:C:\Documents and Settings\Kuba\Dane aplikacji\Mozilla\Firefox\Profiles\fqmc5t8e.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.

:mozilla.7:C:\Documents and Settings\Kuba\Dane aplikacji\Mozilla\Firefox\Profiles\fqmc5t8e.default\cookies.txt -> TrackingCookie.Gemius : Cleaned.

:mozilla.8:C:\Documents and Settings\Kuba\Dane aplikacji\Mozilla\Firefox\Profiles\fqmc5t8e.default\cookies.txt -> TrackingCookie.Gemius : Cleaned.

C:\Documents and Settings\Kuba\Cookies\kuba@hit.gemius[1].txt -> TrackingCookie.Gemius : Cleaned.

:mozilla.97:C:\Documents and Settings\Kuba\Dane aplikacji\Mozilla\Firefox\Profiles\fqmc5t8e.default\cookies.txt -> TrackingCookie.Planetactive : Cleaned.

:mozilla.89:C:\Documents and Settings\Kuba\Dane aplikacji\Mozilla\Firefox\Profiles\fqmc5t8e.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.

:mozilla.90:C:\Documents and Settings\Kuba\Dane aplikacji\Mozilla\Firefox\Profiles\fqmc5t8e.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.

C:\WINDOWS\system32\~133312.exe -> Trojan.Agent.zq : Cleaned.



::Report end

Ewido :wink:


(adam9870) #8

Usuń lub przenieś do kwarantanny wszystko to, co znalazł ewido.

Dzięki przeniesieniu do kwarantanny znalezione obiekty zostaną umieszczone w specjalnym katalogu i tym samym staną się całkowicie nieszkodliwe.

Dla pewności możesz pokazać log numer 1 z narzędzia L2Mfix.


(Ziutekzul) #9
L2MFIX find log 032106

(Gutek) #10

Użyj Pocket Killbox. Zaznaczasz opcję Delete on Reboot oraz All Files i w polu Full Path of File to Delete wklejasz ścieżki

C:\WINDOWS\System32\fdbeaeec_s.dll

C:\WINDOWS\System32\rilcyafx.exe

C:\WINDOWS\System32\uaeuoqli.exe i naciskasz X czerwony. Program poprosi o reset kompa ... czyli resetujesz.


(Ziutekzul) #11

Gutek mam pytanie, czy przy kazdym pliku trzeba restartowac peceta? bo jezeli nie i tak jak ja zrobilem (czyli wszystkie za jednym razem) to komputer dalej dziala powoli, prubowalem zrobic przed chwilką kazdy osobno ale wyskakiwalo mi takie cos: 'PendingFileRenameOperations Registry Data has been Removed by External Process!' coś popsułem? :oops:


(Gutek) #12

Daj log z Combofix - http://download.bleepingcomputer.com/sUBs/ComboFix.exe


(Ziutekzul) #13
"Kuba" - 07-04-25 20:58:46 Dodatek Service Pack. 1

(adam9870) #14

Sprawdź czy masz na dysku pliki:

a jeśli tak to je usuń ręcznie w trybie awaryjnym.

Otwórz Notatnik i wklej w nim to:

Plik >>> Zapisz jako >>> Zmień rozszerzenie z TXT na Wszystkie pliki >>> Zapisz pod nazwą FIX.REG >>> kliknij dwa razy na utworzony plik FIX.REG i potwierdź dodanie do rejestru >>> restart.

Kilka miesięcy temu program ewido został wydany pod nazwą AVG Anti-Spyware dlatego proponowałbym dokonać aktualizacji.

:arrow: AVG Anti-Spyware

Po wykonaniu możesz wkleić nowy log z Combo.


(Ziutekzul) #15

Nie mam tych plikow na dysku, moze usune je programem 'killbox' ?


(adam9870) #16

Jeśli chcesz to usuń je używając Killboxa, jednak nie zdziw się jeśli pokaże się przy tym jakiś błąd ponieważ tych plików może po prostu nie być na dysku twardym komputera.


(Ziutekzul) #17

A mogłbyś mi doradzić co mam zrobić? :expressionless:


(adam9870) #18

Ściągasz program KillBox, zaznaczasz Delete on reboot , w polu full path of file wklejasz ścieżki:

Po wklejeniu każdej ścieżki z osobna klikasz na czerwonego iksa, ale dopiero po wklejeniu ostatniej zgadzasz się na restart.

Ale pamiętaj o tym, co napisałem wcześniej:


(Ziutekzul) #19

wiem bo juz prubowalem i to mnie spotkalo, co mam zrobic w takim razie? :roll: Dodalem do rejestru to co podawales wczesniej, w dodatku teraz, za kazdym razem kiedy resetuje peceta dlugo nie ma ikon i musze czekac jeszcze dluzej zeby sie zaladowal.


(Gutek) #20

Optymalizacja XP: http://forum.dobreprogramy.pl/viewtopic.php?t=76580