x-kom hosting

Zamulony system

piachu01

piachu01

utworzono
utworzono

Niestety nie zadbałem dobrze o mój system i teraz jest strasznie zamulony. Powoli pracuje, procesor przy kilku procesa osiąga 100%przeciążenia, a mam semptrona 2,1ghz.

Pomocy. Jak przywrócić systemowi dawną jakość bez formata?:)

viphouse

viphouse

komentarz
komentarz

Bardziej polecam EasyCleanera :P A pozatym przeskanuj system programem od spyware'u np Ad-Aware :)

WolfiK

WolfiK

komentarz
komentarz

Zrób defrgmentację dysków.

piachu01

piachu01

komentarz
  • Autor
komentarz
Bardziej polecam EasyCleanera :P A pozatym przeskanuj system programem od spyware'u np Ad-Aware :)

To już robię;)

Tylko czekałem na pomoc co jeszcze:) Szukam tego EasyCleanera;)

piachu01

piachu01

komentarz
  • Autor
komentarz

heh;/ przy sprawdzaniu ad-awarem po około 20%komp mi się restartuje;/

I co teraz?

oaza_spokoju

oaza_spokoju

komentarz
komentarz

Proponowałbym na początku przeskanować kompa na obecność wirusów, najlepiej w trybie awaryjnym bez netu..

Potem skan programami Ad-aware 2007 + AVG + jv16 PowerTools +opcjonalnie System Mechanic 7 Pro..

Jeżeli wszystko zrobisz i pousuwasz wszystkie śmieci które znajdziesz proponowałbym też sprawdzić co uruchamia się wraz ze startem systemu.

Opcjonalnie możesz użyć BootVis'a aby przyśpieszyć trochę start systemu..

Defragmentacja oczywiście wskazana ale po wywaleniu wszystkich śmieci.

Polecam System Mechanic lub Diskeeper'a.

piachu01

piachu01

komentarz
  • Autor
komentarz

Tym ad-awarem i resztą też na awaryjnym bez neta?

viphouse

viphouse

komentarz
komentarz

Nom spróbować można ;)

oaza_spokoju

oaza_spokoju

komentarz
komentarz

Tak wszystko robisz na awaryjnym..

piachu01

piachu01

komentarz
  • Autor
komentarz

Ehh:|

Zrobiłem wszystko co mówiliście na awaryjnym i dalej przy ad-aware po 20% następuje restart systemu. Mimo usunięcia wszystkich znalezionych śmieci system nadal chodzi wolno;/

Format?

viphouse

viphouse

komentarz
komentarz

Raczej.. Tylko zrób kopie ważnych danych :)

piachu01

piachu01

komentarz
  • Autor
komentarz

Fu*k;/

oaza_spokoju

oaza_spokoju

komentarz
komentarz

Sprawdź Everestem Ultimate najlepiej jak wygląda sprawa temperatur w kompie i napięć w zasilaczu bo dziwna sprawa..

Ściągnij też Hiren's BootCD masz tam antywirusa + ad-aware itd..Więc możesz zobaczyć co będzie..

CatchMe

CatchMe

komentarz
komentarz

Wklej logi z HijackThis i ComboFix - usuniemy cały syf z komputera. :) (opisy w dziale poradników).

piachu01

piachu01

komentarz
  • Autor
komentarz

ComboFix:

"Adminestrator" - 2007-07-16 10:07:05 - ComboFix 07-07-14.6 NTFS

Rootkit driver pe386 is present. ... attempting disinfection

pe386 ...... driver unloaded successfully.

ADS removed - system32: deleted 77866 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:WINDOWS17531953.exe

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

-------LEGACY_NEW_DRV

-------new_drv

((((((((((((((((((((((((( Files Created from 2007-06-16 to 2007-07-16 )))))))))))))))))))))))))))))))

2007-07-16 09:59 51,200 --a------ C:WINDOWSnircmd.exe

2007-07-16 09:55 <DIR> d----c--- C:Program FilesTrend Micro

2007-07-15 09:58 23 --ahs---- C:WINDOWSsystem32bebcbbc_r.dll

2007-07-15 00:17 <DIR> d----c--- C:Program Filesjv16 PowerTools 2007

2007-07-14 23:56 <DIR> d----c--- C:DOCUME~1ADMINE~1DANEAP~1Tibia

2007-07-14 17:19 8 -r-hs---- C:WINDOWSsystem32F337819A99.sys

2007-07-14 16:30 <DIR> d----c--- C:Program FilesLavasoft

2007-07-14 16:30 <DIR> d----c--- C:DOCUME~1ALLUSE~1DANEAP~1Lavasoft

2007-07-14 16:27 <DIR> d----c--- C:Program FilesCommon FilesWise Installation Wizard

2007-07-14 12:47 <DIR> d----c--- C:Program FilesToniArts

2007-07-14 11:52 <DIR> d----c--- C:DOCUME~1ALLUSE~1DANEAP~1Google

2007-06-21 21:48 <DIR> d-------- C:WINDOWSsystem32FlashAX

2007-06-21 15:45 <DIR> d----c--- C:Program FilesEverest Poker

2007-06-21 11:33 <DIR> d----c--- C:Program FilesDynamic Gaming Systems

2007-06-20 23:04 <DIR> d----c--- C:Program FilesPantasia

2007-06-20 22:47 <DIR> d----c--- C:Program FilesVegas007

2007-06-18 14:49 <DIR> d----c--- C:Microgaming

2007-06-17 22:29 <DIR> d----c--- C:DOCUME~1ADMINE~1DANEAP~1Microgaming

2007-06-17 22:25 <DIR> d----c--- C:Program FilescrazyvegasMPP

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-16 08:04:41 49,492 ----a-w C:WINDOWSsystem32perfc015.dat

2007-07-16 08:04:41 355,486 ----a-w C:WINDOWSsystem32perfh015.dat

2007-07-15 10:02:03 -------- dc----w C:Program Filesbwin

2007-07-15 09:51:33 -------- dc----w C:Program FilesPokerStars

2007-07-15 09:45:35 -------- dc----w C:Program FilesTibia Auto

2007-07-14 21:57:12 -------- dc----w C:Program FilesTibia

2007-07-14 17:44:38 -------- dc----w C:DOCUME~1ADMINE~1DANEAP~1MEGAUPLOADTOOLBAR

2007-07-14 16:05:23 -------- dc----w C:Program FilesSkanerOnline

2007-07-14 15:19:49 88 --sh--r C:WINDOWSsystem322CBB105450.sys

2007-07-14 15:19:49 1,990 --sha-w C:WINDOWSsystem32KGyGaAvL.sys

2007-07-14 10:46:45 -------- dc-h--w C:Program FilesInstallShield Installation Information

2007-07-13 20:12:38 -------- dc----w C:Program FileseMule

2007-06-22 23:28:17 -------- dc----w C:DOCUME~1ADMINE~1DANEAP~1MyPhoneExplorer

2007-06-09 20:23:01 -------- dc----w C:Program FilesBetsson Poker

2007-06-05 20:07:04 -------- dc----w C:DOCUME~1ADMINE~1DANEAP~1DivX

2007-06-05 20:01:28 -------- dc----w C:DOCUME~1ADMINE~1DANEAP~1AdobeUM

2007-06-05 14:11:29 -------- dc----w C:Program FilesQuickTime

2007-06-04 22:59:09 -------- dc----w C:Program FilesGoogle

2007-06-04 22:58:57 -------- dc----w C:Program FilesDivX

2007-06-04 22:54:59 -------- dc----w C:DOCUME~1ADMINE~1DANEAP~1Apple Computer

2007-06-04 22:51:20 -------- dc----w C:Program FilesApple Software Update

2007-06-04 22:31:35 -------- dc----w C:Program FilesMarBit

2007-06-04 22:25:42 -------- dc----w C:Program FilesThe Playa

2007-06-04 22:25:20 -------- dc----w C:Program FilesDivXCodec

2007-06-04 22:20:58 -------- dc----w C:Program FilesXviD

2007-06-04 13:18:48 9,344 ----a-w C:WINDOWSsystem32driversNSDriver.sys

2007-06-04 13:17:02 8,320 ----a-w C:WINDOWSsystem32driversAWRTRD.sys

2007-06-04 13:14:56 6,272 ----a-w C:WINDOWSsystem32driversAWRTPD.sys

2007-06-01 20:03:17 -------- dc----w C:Program FilesOpera

2007-06-01 15:22:17 -------- dc----w C:DOCUME~1ADMINE~1DANEAP~1Corel

2007-05-31 19:57:47 -------- dc----w C:Program FilesPartyGaming

2007-05-31 19:33:09 -------- dc----w C:Program FilesRayman 3

2007-05-31 06:45:07 524,288 ----a-w C:WINDOWSsystem32DivXsm.exe

2007-05-31 06:44:55 823,296 ----a-w C:WINDOWSsystem32divx_xx07.dll

2007-05-31 06:44:54 823,296 ----a-w C:WINDOWSsystem32divx_xx0c.dll

2007-05-31 06:44:54 802,816 ----a-w C:WINDOWSsystem32divx_xx11.dll

2007-05-31 06:44:54 740,442 ----a-w C:WINDOWSsystem32DivX.dll

2007-05-30 21:06:57 -------- dc----w C:Program FilesMyPhoneExplorer

2007-05-30 20:20:36 56 --sh--r C:WINDOWSsystem32505410BB2C.sys

2007-05-30 12:48:00 -------- dc----w C:DOCUME~1ADMINE~1DANEAP~1Teleca

2007-05-30 12:42:30 -------- dc----w C:Program FilesCommon FilesTeleca Shared

2007-05-30 12:41:50 -------- dc----w C:Program FilesSony Ericsson

2007-05-30 12:38:05 5,744 ----a-w C:WINDOWSsystem32driversk750wh.sys

2007-05-30 12:38:03 6,144 ----a-w C:WINDOWSsystem32driversk750cm.sys

2007-05-30 12:32:52 -------- dc----w C:DOCUME~1ADMINE~1DANEAP~1Sony Ericsson

2007-05-28 21:55:58 -------- dc----w C:Program FilesPlay89

2007-05-27 20:46:47 -------- dc----w C:DOCUME~1ADMINE~1DANEAP~1Sports Interactive

2007-05-25 14:53:38 -------- dc----w C:DOCUME~1ADMINE~1DANEAP~1Opera

2007-05-25 11:30:29 -------- dc----w C:DOCUME~1ADMINE~1DANEAP~1Gadu-Gadu

2007-05-25 11:29:25 -------- dc----w C:Program FilesMessenger

2007-05-22 17:18:07 -------- dc----w C:Program FilesGadu-Gadu

2007-05-19 08:26:06 -------- dc----w C:Program Filesse

2007-04-30 15:46:10 745,600 ----a-w C:WINDOWSsystem32aswBoot.exe

2007-04-30 15:35:28 95,872 -c--a-w C:WINDOWSsystem32AVASTSS.scr

2007-04-23 00:15:29 3,596,288 ----a-w C:WINDOWSsystem32qt-dx331.dll

2007-04-23 00:15:24 129,784 ------w C:WINDOWSsystem32pxafs.dll

2007-04-23 00:15:24 118,520 ------w C:WINDOWSsystem32pxinsi64.exe

2007-04-23 00:15:24 116,472 ------w C:WINDOWSsystem32pxcpyi64.exe

2007-04-23 00:15:18 200,704 ----a-w C:WINDOWSsystem32ssldivx.dll

2007-04-23 00:15:18 1,044,480 ----a-w C:WINDOWSsystem32libdivx.dll

2007-04-23 00:02:34 73,728 ----a-w C:WINDOWSsystem32dpl100.dll

2007-04-23 00:02:34 196,608 ----a-w C:WINDOWSsystem32dtu100.dll

2007-04-23 00:02:33 53,248 ----a-w C:WINDOWSsystem32dpuGUI10.dll

2007-04-23 00:02:31 593,920 ----a-w C:WINDOWSsystem32dpuGUI11.dll

2007-04-23 00:02:31 57,344 ----a-w C:WINDOWSsystem32dpv11.dll

2007-04-23 00:02:31 344,064 ----a-w C:WINDOWSsystem32dpus11.dll

2007-04-23 00:02:31 294,912 ----a-w C:WINDOWSsystem32dpu11.dll

2007-04-23 00:02:31 294,912 ----a-w C:WINDOWSsystem32dpu10.dll

2007-04-23 00:01:47 12,288 ----a-w C:WINDOWSsystem32DivXWMPExtType.dll

2007-04-23 00:01:46 124,472 ----a-w C:WINDOWSsystem32DivXCodecUpdateChecker.exe

2007-04-16 20:47:36 33,624 ----a-w C:WINDOWSsystem32wups.dll

2007-04-16 20:45:54 1,710,936 ----a-w C:WINDOWSsystem32wuaueng.dll

2007-04-16 20:45:48 549,720 ----a-w C:WINDOWSsystem32wuapi.dll

2007-04-16 20:45:42 325,976 ----a-w C:WINDOWSsystem32wucltui.dll

2007-04-16 20:45:36 203,096 ----a-w C:WINDOWSsystem32wuweb.dll

2007-04-16 20:45:28 92,504 ----a-w C:WINDOWSsystem32cdm.dll

2007-04-16 20:45:20 53,080 ----a-w C:WINDOWSsystem32wuauclt.exe

2007-04-16 20:45:20 43,352 ----a-w C:WINDOWSsystem32wups2.dll

2006-08-31 18:15:46 35,123 -c--a-w C:Program FilesINSTALL.LOG

2002-07-26 15:02:06 153,088 -c--a-w C:Program FilesUNWISE.EXE

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE~Browser Helper Objects{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll

[HKEY_LOCAL_MACHINE~Browser Helper Objects{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}]

2006-10-31 08:55 1803720 --a--c--- C:PROGRA~1MEGAUP~1MEGAUP~1.DLL

[HKEY_LOCAL_MACHINE~Browser Helper Objects{53707962-6F74-2D53-2644-206D7942484F}]

2005-05-31 01:04 853672 --a--c--- C:Program FilesSpybot - Search & DestroySDHelper.dll

[HKEY_LOCAL_MACHINE~Browser Helper Objects{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

2006-12-15 04:23 440056 --a--c--- C:Program FilesJavajre1.5.0_11binssv.dll

[HKEY_LOCAL_MACHINE~Browser Helper Objects{A5366673-E8CA-11D3-9CD9-0090271D075B}]

2002-01-16 19:12 65536 --a--c--- C:PROGRA~1FlashGetjccatch.dll

[HKEY_LOCAL_MACHINE~Browser Helper Objects{E5A1691B-D188-4419-AD02-90002030B8EE}]

2004-07-29 18:39 190616 --a--c--- C:PROGRA~1FlashFXPIEFlash.dll

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]

"avast!"="C:PROGRA~1ALWILS~1Avast4ashDisp.exe" [2007-04-30 17:42]

"WinampAgent"="C:Program FilesWinampwinampa.exe" [2006-06-09 02:17]

"DAEMON Tools-1033"="C:Program FilesD-Toolsdaemon.exe" [2004-08-22 17:05]

"Anti-Blaxx Manager"="C:Program FilesAnti-BlaxxAnti-Blaxx.exe" [2005-10-08 21:08]

"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:Program FilesGoogleGmail Notifiergnotify.exe" [2005-07-15 23:48]

"@"="" []

"Google Desktop Search"="C:Program FilesGoogleGoogle Desktop SearchGoogleDesktop.exe" [2007-06-05 00:59]

"AVG7_CC"="C:PROGRA~1GrisoftAVG7avgcc.exe" [2007-07-15 00:16]

"NvCplDaemon"="C:WINDOWSSystem32NvCpl.dll" [2006-03-09 15:29]

[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]

"CTFMON.EXE"="C:WINDOWSSystem32ctfmon.exe" [2001-10-26 19:29]

"MSMSGS"="C:Program FilesMessengermsmsgs.exe" [2001-08-02 07:14]

"Gadu-Gadu"="C:Program FilesGadu-Gadugg.exe" [2007-05-10 16:36]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwindows]

"appinit_dlls"=C:PROGRA~1GoogleGOOGLE~2GOEC62~1.DLL

[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetcontrolsafebootminimalaawservice]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupfolderC:^Documents and Settings^Adrian^Menu Start^Programy^Autostart^Registration Brothers In Arms.LNK]

path=C:Documents and SettingsAdrianMenu StartProgramyAutostartRegistration Brothers In Arms.LNK

backup=C:WINDOWSpssRegistration Brothers In Arms.LNKStartup

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupfolderC:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk]

path=C:Documents and SettingsAll UsersMenu StartProgramyAutostartAdobe Reader Speed Launch.lnk

backup=C:WINDOWSpssAdobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupfolderC:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Microsoft Office.lnk]

path=C:Documents and SettingsAll UsersMenu StartProgramyAutostartMicrosoft Office.lnk

backup=C:WINDOWSpssMicrosoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupfolderC:^Documents and Settings^Piachu^Menu Start^Programy^Autostart^Xfire.lnk]

path=C:Documents and SettingsPiachuMenu StartProgramyAutostartXfire.lnk

backup=C:WINDOWSpssXfire.lnkStartup

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregBearShare]

"C:Program FilesBearShareBearShare.exe" /pause

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregCTFMON.EXE]

C:WINDOWSSystem32ctfmon.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregEdHTML]

C:Program FilesBinboyEdHTMLv5.0EdHTML.exe /none

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregInternetCalls]

"C:program filesinternetcalls.cominternetcallsinternetcalls.exe" -nosplash -minimized

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregMSMSGS]

"C:Program FilesMessengermsmsgs.exe" /background

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregNvMediaCenter]

RUNDLL32.EXE C:WINDOWSSystem32NvMcTray.dll,NvTaskbarInit

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregnwiz]

nwiz.exe /install

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSkype]

"C:Program FilesSkypePhoneSkype.exe" /nosplash /minimized

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSony Ericsson PC Suite]

"C:Program FilesSony EricssonMobile2Application LauncherApplication Launcher.exe" /startoptions

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSunJavaUpdateSched]

"C:Program FilesJavajre1.5.0_11binjusched.exe"

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregzango]

"c:program fileszangozango.exe"

HKEY_LOCAL_MACHINEsoftwaremicrosoftactive setupinstalled components{ACC563BC-4266-43f0-B6ED-9D38C4202C7E}

rundll32 iesetup.dll,IEAccessUserInst

Contents of the 'Scheduled Tasks' folder

2007-07-02 12:27:07 C:WINDOWStasksAppleSoftwareUpdate.job

**************************************************************************

catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net

Rootkit scan 2007-07-16 10:25:11

Windows 5.1.2600 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

Completion time: 2007-07-16 10:30:53 - machine was rebooted

C:ComboFix-quarantined-files.txt ... 2007-07-16 10:30

--- E O F ---

HiJackThis:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 14:55:47, on 2007-07-16

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Boot mode: Normal

Running processes:

C:WINDOWSSystem32smss.exe

C:WINDOWSsystem32winlogon.exe

C:WINDOWSsystem32services.exe

C:WINDOWSsystem32lsass.exe

C:WINDOWSsystem32svchost.exe

C:WINDOWSSystem32svchost.exe

C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe

C:Program FilesAlwil SoftwareAvast4ashServ.exe

C:WINDOWSsystem32spoolsv.exe

C:Program FilesLavasoftAd-Aware 2007aawservice.exe

C:PROGRA~1GrisoftAVG7avgamsvr.exe

C:PROGRA~1GrisoftAVG7avgupsvc.exe

C:PROGRA~1GrisoftAVG7avgemc.exe

C:Program FilesCommon FilesMicrosoft SharedVS7Debugmdm.exe

C:WINDOWSSystem32nvsvc32.exe

C:Program FilesAlwil SoftwareAvast4ashWebSv.exe

C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe

C:WINDOWSExplorer.EXE

C:WINDOWSSystem32wuauclt.exe

C:PROGRA~1ALWILS~1Avast4ashDisp.exe

C:Program FilesWinampwinampa.exe

C:Program FilesD-Toolsdaemon.exe

C:Program FilesAnti-BlaxxAnti-Blaxx.exe

C:Program FilesGoogleGmail Notifiergnotify.exe

C:PROGRA~1GrisoftAVG7avgcc.exe

C:WINDOWSSystem32ctfmon.exe

C:Program FilesMessengermsmsgs.exe

C:Program FilesMozilla Firefoxfirefox.exe

C:Program FilesGadu-Gadugg.exe

C:WINDOWSsystem32NOTEPAD.EXE

C:Program FilesTrend MicroHijackThisHijackThis.exe

R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = about:blank

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Local Page =

R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll (file missing)

O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:PROGRA~1MEGAUP~1MEGAUP~1.DLL

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:Program FilesSpybot - Search & DestroySDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre1.5.0_11binssv.dll

O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:PROGRA~1FlashGetjccatch.dll

O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:PROGRA~1FlashFXPIEFlash.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:WINDOWSSystem32msdxm.ocx

O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:PROGRA~1FlashGetfgiebar.dll

O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:PROGRA~1MEGAUP~1MEGAUP~1.DLL

O4 - HKLM..Run: [avast!] C:PROGRA~1ALWILS~1Avast4ashDisp.exe

O4 - HKLM..Run: [WinampAgent] C:Program FilesWinampwinampa.exe

O4 - HKLM..Run: [DAEMON Tools-1033] "C:Program FilesD-Toolsdaemon.exe" -lang 1033

O4 - HKLM..Run: [Anti-Blaxx Manager] C:Program FilesAnti-BlaxxAnti-Blaxx.exe

O4 - HKLM..Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:Program FilesGoogleGmail Notifiergnotify.exe

O4 - HKLM..Run: [Google Desktop Search] "C:Program FilesGoogleGoogle Desktop SearchGoogleDesktop.exe" /startup

O4 - HKLM..Run: [AVG7_CC] C:PROGRA~1GrisoftAVG7avgcc.exe /STARTUP

O4 - HKCU..Run: [CTFMON.EXE] C:WINDOWSSystem32ctfmon.exe

O4 - HKCU..Run: [MSMSGS] "C:Program FilesMessengermsmsgs.exe" /background

O4 - HKCU..Run: [Gadu-Gadu] "C:Program FilesGadu-Gadugg.exe" /tray

O4 - HKUSS-1-5-19..Run: [CTFMON.EXE] C:WINDOWSSystem32CTFMON.EXE (User 'USŁUGA LOKALNA')

O4 - HKUSS-1-5-19..Run: [AVG7_Run] C:PROGRA~1GrisoftAVG7avgw.exe /RUNONCE (User 'USŁUGA LOKALNA')

O4 - HKUSS-1-5-20..Run: [CTFMON.EXE] C:WINDOWSSystem32CTFMON.EXE (User 'USŁUGA SIECIOWA')

O4 - HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSSystem32CTFMON.EXE (User 'SYSTEM')

O4 - HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSSystem32CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:PROGRA~1MICROS~3Office10EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.5.0_11binssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.5.0_11binssv.dll

O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:Program FilesTitan Pokercasino.exe

O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:Program FilesTitan Pokercasino.exe

O9 - Extra button: Crazy Poker - {8A8A3162-B5FA-4c54-A862-4E62CBE8A255} - C:Program FilescrazyvegasMPPMPPoker.exe

O9 - Extra button: CDPoker - {A68FC757-51CF-4f3c-B13A-BFB8CA69BB99} - C:PokerCDPokercasino.exe

O9 - Extra 'Tools' menuitem: CDPoker - {A68FC757-51CF-4f3c-B13A-BFB8CA69BB99} - C:PokerCDPokercasino.exe

O9 - Extra button: PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:Program FilesPartyGamingPartyCasinoRunCasino.exe

O9 - Extra 'Tools' menuitem: PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:Program FilesPartyGamingPartyCasinoRunCasino.exe

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:Program FilesPartyGamingPartyPokerRunApp.exe

O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:Program FilesPartyGamingPartyPokerRunApp.exe

O9 - Extra button: Unibet Poker - {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:MicrogamingPokerUnibetpokerMPPMPPoker.exe

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:PROGRA~1FlashGetflashget.exe

O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:PROGRA~1FlashGetflashget.exe

O9 - Extra button: NordicBet Poker - {E6073F93-9541-4be4-9800-109D378EB99B} - C:MicrogamingPokernordicbetMPPMPPoker.exe

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwa...ash/swflash.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:PROGRA~1COMMON~1SkypeSKYPE4~1.DLL

O20 - AppInit_DLLs: C:PROGRA~1GoogleGOOGLE~2GOEC62~1.DLL

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:Program FilesLavasoftAd-Aware 2007aawservice.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:Program FilesAlwil SoftwareAvast4ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:Program FilesAlwil SoftwareAvast4ashWebSv.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:PROGRA~1GrisoftAVG7avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:PROGRA~1GrisoftAVG7avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:PROGRA~1GrisoftAVG7avgemc.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:WINDOWSsystem32LEXBCES.EXE

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:WINDOWSSystem32nvsvc32.exe

--

End of file - 7594 bytes

I jak?

CatchMe

CatchMe

komentarz
komentarz

Miałeś rootkita - restarty.

Pogrubiony folder usuń a wpisy skasuj w HijackThis:

O9 - Extra button: PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:Program FilesPartyGamingPartyCasinoRunCasino.exe

O9 - Extra 'Tools' menuitem: PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:Program FilesPartyGamingPartyCasinoRunCasino.exe

Jeżeli tego nie znasz to tak samo usuwasz z dysku a wpisy kasujesz w HijackThis:

O9 - Extra button: Unibet Poker - {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:MicrogamingPokerUnibetpokerMPPMPPoker.exe

O9 - Extra button: NordicBet Poker - {E6073F93-9541-4be4-9800-109D378EB99B} - C:MicrogamingPokernordicbetMPPMPPoker.exe

- Następnie wklej nowy log z HijackThis

piachu01

piachu01

komentarz
  • Autor
komentarz

Usunąć? przecież to tylko clienty pokera i kasyna

Sean

Sean

komentarz
komentarz

no to co...usuń i wklej te logi jak mówi CatchMe :)

piachu01

piachu01

komentarz
  • Autor
komentarz

Usunąłem

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 22:01:44, on 2007-07-17

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Boot mode: Normal

Running processes:

C:WINDOWSSystem32smss.exe

C:WINDOWSsystem32winlogon.exe

C:WINDOWSsystem32services.exe

C:WINDOWSsystem32lsass.exe

C:WINDOWSsystem32svchost.exe

C:WINDOWSSystem32svchost.exe

C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe

C:Program FilesAlwil SoftwareAvast4ashServ.exe

C:WINDOWSsystem32LEXBCES.EXE

C:WINDOWSsystem32spoolsv.exe

C:Program FilesLavasoftAd-Aware 2007aawservice.exe

C:PROGRA~1GrisoftAVG7avgamsvr.exe

C:PROGRA~1GrisoftAVG7avgupsvc.exe

C:PROGRA~1GrisoftAVG7avgemc.exe

C:Program FilesCommon FilesMicrosoft SharedVS7Debugmdm.exe

C:WINDOWSSystem32nvsvc32.exe

C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe

C:Program FilesAlwil SoftwareAvast4ashWebSv.exe

C:WINDOWSsystem32winlogon.exe

C:WINDOWSExplorer.EXE

C:PROGRA~1ALWILS~1Avast4ashDisp.exe

C:Program FilesWinampwinampa.exe

C:Program FilesD-Toolsdaemon.exe

C:Program FilesAnti-BlaxxAnti-Blaxx.exe

C:Program FilesGoogleGmail Notifiergnotify.exe

C:PROGRA~1GrisoftAVG7avgcc.exe

C:WINDOWSSystem32lexpps.exe

C:WINDOWSSystem32ctfmon.exe

C:Program FilesMessengermsmsgs.exe

C:Program FilesGadu-Gadugg.exe

C:Program FilesMozilla Firefoxfirefox.exe

C:Program FilesTrend MicroHijackThisHijackThis.exe

R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = about:blank

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Local Page =

R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll (file missing)

O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:PROGRA~1MEGAUP~1MEGAUP~1.DLL

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:Program FilesSpybot - Search & DestroySDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre1.5.0_11binssv.dll

O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:PROGRA~1FlashGetjccatch.dll

O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:PROGRA~1FlashFXPIEFlash.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:WINDOWSSystem32msdxm.ocx

O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:PROGRA~1FlashGetfgiebar.dll

O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:PROGRA~1MEGAUP~1MEGAUP~1.DLL

O4 - HKLM..Run: [avast!] C:PROGRA~1ALWILS~1Avast4ashDisp.exe

O4 - HKLM..Run: [WinampAgent] C:Program FilesWinampwinampa.exe

O4 - HKLM..Run: [DAEMON Tools-1033] "C:Program FilesD-Toolsdaemon.exe" -lang 1033

O4 - HKLM..Run: [Anti-Blaxx Manager] C:Program FilesAnti-BlaxxAnti-Blaxx.exe

O4 - HKLM..Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:Program FilesGoogleGmail Notifiergnotify.exe

O4 - HKLM..Run: [Google Desktop Search] "C:Program FilesGoogleGoogle Desktop SearchGoogleDesktop.exe" /startup

O4 - HKLM..Run: [AVG7_CC] C:PROGRA~1GrisoftAVG7avgcc.exe /STARTUP

O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSSystem32NvCpl.dll,NvStartup

O4 - HKCU..Run: [CTFMON.EXE] C:WINDOWSSystem32ctfmon.exe

O4 - HKCU..Run: [MSMSGS] "C:Program FilesMessengermsmsgs.exe" /background

O4 - HKCU..Run: [Gadu-Gadu] "C:Program FilesGadu-Gadugg.exe" /tray

O4 - HKUSS-1-5-19..Run: [CTFMON.EXE] C:WINDOWSSystem32CTFMON.EXE (User 'USŁUGA LOKALNA')

O4 - HKUSS-1-5-19..Run: [AVG7_Run] C:PROGRA~1GrisoftAVG7avgw.exe /RUNONCE (User 'USŁUGA LOKALNA')

O4 - HKUSS-1-5-20..Run: [CTFMON.EXE] C:WINDOWSSystem32CTFMON.EXE (User 'USŁUGA SIECIOWA')

O4 - HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSSystem32CTFMON.EXE (User 'SYSTEM')

O4 - HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSSystem32CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:PROGRA~1MICROS~3Office10EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.5.0_11binssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.5.0_11binssv.dll

O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:Program FilesTitan Pokercasino.exe

O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:Program FilesTitan Pokercasino.exe

O9 - Extra button: Crazy Poker - {8A8A3162-B5FA-4c54-A862-4E62CBE8A255} - C:Program FilescrazyvegasMPPMPPoker.exe

O9 - Extra button: CDPoker - {A68FC757-51CF-4f3c-B13A-BFB8CA69BB99} - C:PokerCDPokercasino.exe

O9 - Extra 'Tools' menuitem: CDPoker - {A68FC757-51CF-4f3c-B13A-BFB8CA69BB99} - C:PokerCDPokercasino.exe

O9 - Extra button: PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:Program FilesPartyGamingPartyCasinoRunCasino.exe (file missing)

O9 - Extra 'Tools' menuitem: PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:Program FilesPartyGamingPartyCasinoRunCasino.exe (file missing)

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:Program FilesPartyGamingPartyPokerRunApp.exe

O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:Program FilesPartyGamingPartyPokerRunApp.exe

O9 - Extra button: Unibet Poker - {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:MicrogamingPokerUnibetpokerMPPMPPoker.exe (file missing)

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:PROGRA~1FlashGetflashget.exe

O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:PROGRA~1FlashGetflashget.exe

O9 - Extra button: NordicBet Poker - {E6073F93-9541-4be4-9800-109D378EB99B} - C:MicrogamingPokernordicbetMPPMPPoker.exe (file missing)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwa...ash/swflash.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:PROGRA~1COMMON~1SkypeSKYPE4~1.DLL

O20 - AppInit_DLLs: C:PROGRA~1GoogleGOOGLE~2GOEC62~1.DLL

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:Program FilesLavasoftAd-Aware 2007aawservice.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:Program FilesAlwil SoftwareAvast4ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:Program FilesAlwil SoftwareAvast4ashWebSv.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:PROGRA~1GrisoftAVG7avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:PROGRA~1GrisoftAVG7avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:PROGRA~1GrisoftAVG7avgemc.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:WINDOWSsystem32LEXBCES.EXE

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:WINDOWSSystem32nvsvc32.exe

--

End of file - 7773 bytes

CatchMe

CatchMe

komentarz
komentarz

Kosmetycznie w HijackThis usuń:

O9 - Extra button: PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:Program FilesPartyGamingPartyCasinoRunCasino.exe (file missing)

O9 - Extra 'Tools' menuitem: PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:Program FilesPartyGamingPartyCasinoRunCasino.exe (file missing)

O9 - Extra button: Unibet Poker - {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:MicrogamingPokerUnibetpokerMPPMPPoker.exe (file missing)

O9 - Extra button: NordicBet Poker - {E6073F93-9541-4be4-9800-109D378EB99B} - C:MicrogamingPokernordicbetMPPMPPoker.exe (file missing)

Poza tym jest już czysto.

piachu01

piachu01

komentarz
  • Autor
komentarz

Czysto-a zamula tak jak zamulalo;/

oaza_spokoju

oaza_spokoju

komentarz
komentarz

Ile masz pamięci i ile zżera zaraz po starcie systemu?

Tak samo jak jest z pamięcią wirtualną?

Kiedy stawiałeś nowy system?

Napisz coś dokładniej o sprzęcie..

Na wszelki wypadek sprawdź temp i napięcia zasilacza, no chyba że już restartów nie miewasz, bo tego nie napisałeś..

Czy po usunięciu z logów możesz normalnie skanować ad-aware ?

Masz zaznaczony automatyczny rozruch?

Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!

Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.

Zadaj pytanie bez logowania
Przejdź do listy tematów
×
×
  • Dodaj nową pozycję...

Powiadomienie o plikach cookie

Strona wykorzystuje pliki cookies w celu prawidłowego świadczenia usług i wygody użytkowników. Warunki przechowywania i dostępu do plików cookies możesz zmienić w ustawieniach przeglądarki.

  Akceptuję