kkaramucki
(Krzysztyof Karamucki)
13 Czerwiec 2007 19:39
#1
mam taki problem że zawiesza mi sie komputer na 2-3 sekund tak jagby myszka sie zacinała naciskam i za chwile sie otwiera (szybko sie otwiera) tylko sie zastanawia przerywa tesz muzyke czy filmy tak jagby byla porysowana płyta
dam loga
Logfile of HijackThis v1.99.1
Scan saved at 21:38:54, on 2007-06-13
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\NEOSTR~1\CnxMon.exe
C:\Program Files\Neostrada TP\taskbaricon.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\WINDOWS\system32\nvraidservice.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\gg\Gadu-Gadu\gg.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Neostrada TP\NeostradaTP.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Neostrada TP\ComComp.exe
C:\Program Files\Neostrada TP\Watch.exe
C:\WINDOWS\system32\taskmgr.exe
D:\mozilla\firefox.exe
D:\win rar\WinRAR.exe
C:\DOCUME~1\KRZY~1\USTAWI~1\Temp\Rar$EX00.468\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gazeta.pl/0,0.html?p=3
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SearchPageURL.dll
R3 - URLSearchHook: Multi_Media toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media\tbMul0.dll
O1 - Hosts: 127.255.255.255 serial.alcohol-soft.com
O1 - Hosts: 127.255.255.255 www.alcohol-soft.com
O1 - Hosts: 127.255.255.255 images.alcohol-soft.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Multi_Media toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media\tbMul0.dll
O3 - Toolbar: Multi_Media toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media\tbMul0.dll
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\Program Files\Neostrada TP\taskbaricon.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [Gadu-Gadu] "D:\gg\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [µTorrent] "D:\bit torer 2\utorrent.exe"
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://E:\OFFICE~1\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{2E8DE39C-00F6-4299-96C1-1264AF00C39F}: NameServer = 194.204.159.1 217.98.63.164
O17 - HKLM\System\CS2\Services\Tcpip\..\{2E8DE39C-00F6-4299-96C1-1264AF00C39F}: NameServer = 194.204.159.1 217.98.63.164
O17 - HKLM\System\CS5\Services\Tcpip\..\{2E8DE39C-00F6-4299-96C1-1264AF00C39F}: NameServer = 194.204.159.1 217.98.63.164
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
adam9870
(adam9870)
13 Czerwiec 2007 19:44
#2
Korzystając z apletu Dodaj/usuń programy odinstaluj Multi_Media toolbar.
Folder zaznaczony na czerwono usuń ręcznie z dysku natomiast wpisy HijackThis.
Po wykonaniu wklej log z ComboFix . Aby zrobić w nim log należy go uruchomić => nacisnąć klawisz Y => czekać cierpliwie i log powinien być w formie pliku .txt o nazwie combofix na partycji C.
kkaramucki
(Krzysztyof Karamucki)
13 Czerwiec 2007 20:00
#3
ComboFix 07-06-13.3 - C:\Documents and Settings\krzy\Pulpit\ComboFix.exe “krzy” - 2007-06-13 21:57:30 - Dodatek Service Pack 2 NTFS ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\WINDOWS\system32\paytime.exe C:\WINDOWS\tool1.exe C:\WINDOWS\tool2.exe C:\WINDOWS\tool3.exe C:\WINDOWS\tool4.exe ((((((((((((((((((((((((( Files Created from 2007-05-13 to 2007-06-13 ))))))))))))))))))))))))))))))) 2007-06-13 21:55 49,152 --a------ C:\WINDOWS\nircmd.exe 2007-06-10 10:19 2007-06-10 09:13 652 --ah----- C:\DOCUME~1\KRZY~1\hpothb07.dat 2007-06-04 20:07 2007-06-04 20:05 291,600 --a------ C:\WINDOWS\system\wininet.dll 2007-06-04 20:04 231,936 --a------ C:\WINDOWS\system32\SNWValid.dll 2007-06-04 20:04 1,022,976 --a------ C:\WINDOWS\system32\SierraNW.dll 2007-06-04 20:04 2007-06-04 19:56 2,016 --a------ C:\WINDOWS\system32\drivers\papycpu2.sys 2007-06-04 19:56 1,984 --a------ C:\WINDOWS\system32\drivers\papycpu.sys 2007-06-04 19:56 1,888 --a------ C:\WINDOWS\system32\drivers\papyjoy.sys 2007-05-27 22:03 (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-06-13 19:51:15 -------- d-----w C:\DOCUME~1\KRZY~1\DANEAP~1\uTorrent 2007-06-13 19:51:05 -------- d-----w C:\Program Files\Neostrada TP 2007-06-13 19:49:42 -------- d-----w C:\Program Files\Multi_Media 2007-06-10 13:58:56 -------- d–h--w C:\Program Files\InstallShield Installation Information 2007-06-10 07:58:45 -------- d-----w C:\Program Files\Google 2007-06-10 07:13:41 1,194 —ha-w C:\hpothb07.dat 2007-05-11 17:26:40 163,644 -c–a-w C:\WINDOWS\system32\drivers\secdrv.sys 2007-05-11 17:26:26 -------- d-----w C:\DOCUME~1\KRZY~1\DANEAP~1\Activision 2007-05-11 17:05:46 -------- d-----w C:\Program Files\Activision 2007-05-05 15:52:33 -------- d-----w C:\Program Files\Open Kart PL 2007-05-05 14:17:46 4,096 ----a-w C:\WINDOWS\d3dx.dat 2007-05-05 14:15:26 -------- d-----w C:\Program Files\ReflexiveArcade 2007-04-30 15:46:10 745,600 ----a-w C:\WINDOWS\system32\aswBoot.exe 2007-04-30 15:41:55 85,952 -c–a-w C:\WINDOWS\system32\drivers\aswmon.sys 2007-04-30 15:41:42 94,552 -c–a-w C:\WINDOWS\system32\drivers\aswmon2.sys 2007-04-30 15:39:41 23,416 -c–a-w C:\WINDOWS\system32\drivers\aswRdr.sys 2007-04-30 15:38:51 43,176 -c–a-w C:\WINDOWS\system32\drivers\aswTdi.sys 2007-04-30 15:37:23 26,888 -c–a-w C:\WINDOWS\system32\drivers\aavmker4.sys 2007-04-30 15:35:28 95,872 -c–a-w C:\WINDOWS\system32\AVASTSS.scr 2007-03-25 08:52:47 7,956 -c–a-w C:\WINDOWS\system32\perfc015.dat 2007-03-25 08:52:47 22,286 -c–a-w C:\WINDOWS\system32\perfh015.dat 2007-03-14 18:25:53 4 -c–a-w C:\WINDOWS\system32\micr0st.dll ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll [2003-11-04 00:17] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “WooCnxMon”=“C:\PROGRA~1\NEOSTR~1\CnxMon.exe” [2003-10-16 20:07] “WOOWATCH”=“C:\PROGRA~1\NEOSTR~1\Watch.exe” [2003-10-16 20:07] “WOOTASKBARICON”=“C:\Program Files\Neostrada TP\taskbaricon.exe” [2003-10-16 20:07] “nwiz”=“nwiz.exe” [2006-08-11 22:43 C:\WINDOWS\system32\nwiz.exe] “SpeedTouch USB Diagnostics”=“C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe” [2004-01-26 11:38] “SoundMan”=“SOUNDMAN.EXE” [2005-05-17 12:48 C:\WINDOWS\soundman.exe] “TkBellExe”=“C:\Program Files\Common Files\Real\Update_OB\realsched.exe” [2006-02-12 11:09] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “Gadu-Gadu”=“D:\gg\Gadu-Gadu\gg.exe” [2004-09-06 13:09] “µTorrent”=“D:\bit torer 2\utorrent.exe” [2007-02-15 22:17] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] “NoRemoteRecursiveEvents”=1 (0x1) “ClearRecentDocsOnExit”=1 (0x1) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] “NoSaveSettings”=0 (0x0) “ClearRecentDocsOnExit”=1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Microsoft Office.lnk] backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^VIA RAID TOOL.lnk] path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\VIA RAID TOOL.lnk backup=C:\WINDOWS\pss\VIA RAID TOOL.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^krzyś^Menu Start^Programy^Autostart^UniSpiker-2.6.lnk] backup=C:\WINDOWS\pss\UniSpiker-2.6.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadwin PrintScreen 3.1] D:\rzut ekran\PrintScreen\PrintScreen.exe /nosplash [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Glass2k] C:\Program Files\Glass2k\Glass2k.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KEMailKb] C:\PROGRA~1\KEMailKb\KEMailKb.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE] E:\iso 2\PowerISO\PWRISOVM.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] “KPF4”=2 (0x2) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{f1416fa3-a047-11db-924a-806d6172696f}] AutoRun\command- F:\Bin\assetup.exe Contents of the ‘Scheduled Tasks’ folder 2007-05-18 15:15:00 C:\WINDOWS\tasks\1-Click Maintenance.job 2007-06-08 17:48:00 C:\WINDOWS\tasks\At3.job 2007-06-07 17:48:00 C:\WINDOWS\tasks\At5.job 2007-05-15 17:48:00 C:\WINDOWS\tasks\At6.job 2005-10-09 07:51:20 C:\WINDOWS\tasks\FRU Task #Hewlett-Packard #hp psc 1200 series#1128844257.job ************************************************************************** catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-06-13 21:58:37 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes … cmd.exe [3112] scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden files: 0 ************************************************************************** Completion time: 2007-06-13 21:59:07 C:\ComboFix-quarantined-files.txt … 2007-06-13 21:58 — E O F —
Złączono Posta : 13.06.2007 (Sro) 22:04
powiedz mi co to bo sie próbowałem tego pozbyć(Glass2k)
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Glass2k]
C:\Program Files\Glass2k\Glass2k.exe
Gutek
(Gutek)
18 Czerwiec 2007 14:15
#4
Użyj SmitFraudFix wybierz opcji nr 2 , oczywiście w trybie awaryjnym i po tym nowe logi z HJT i Silenta
Po tym nowy log z COMBO