komputer wolno chodzi, prosze o sprawdzenie logów

[borej94]

Niewiem dlaczego mój komputer wolno chodzi, proszę o sprawdzenie logów

Logfile of HijackThis v1.99.1
Scan saved at 21:17:07, on 2007-10-07
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\SYSTEM32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\Ati2evxx.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\Program Files\Eset\nod32krn.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\mqsvc.exe
F:\WINDOWS\system32\mqtgsvc.exe
F:\WINDOWS\system32\lxcccoms.exe
F:\WINDOWS\SYSTEM32\Ati2evxx.exe
F:\WINDOWS\Explorer.EXE
F:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
F:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
F:\Program Files\sXe Injected\sXe Injected.exe
F:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
F:\WINDOWS\WINLOGON.exe
F:\Program Files\Eset\nod32kui.exe
F:\WINDOWS\system32\ctfmon.exe
F:\Program Files\WinZip\WZQKPICK.EXE
F:\Program Files\Internet Explorer\iexplore.exe
F:\Documents and Settings\Mateusz.PPP-PLYSBJOOIC2\Pulpit\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gry-online.pl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
F2 - REG:system.ini: Shell=
O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - F:\WINDOWS\nem220.dll (file missing)
O2 - BHO: F1 Organizer Class - {00000EF1-0786-4633-87C6-1AA7A44296DA} - F:\WINDOWS\system32\ATPART~1.DLL (file missing)
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - F:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL (file missing)
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - F:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O2 - BHO: PK IE Plugin - {1E1B2879-88FF-11D3-8D96-D7ACAC95951A} - F:\WINDOWS\system32\bpkwb.dll (file missing)
O2 - BHO: (no name) - {6001CDF7-6F45-471b-A203-0225615E35A7} - F:\WINDOWS\DH.dll (file missing)
O2 - BHO: BHObj Class - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - F:\WINDOWS\wsem303.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - f:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - F:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: XBTP02634 - {F97DA966-F09D-4cab-BF29-75A0026986EA} - F:\PROGRA~1\BEARSH~1\BEARSH~2\MediaBar.dll (file missing)
O4 - HKLM\..\Run: [ALi5289] F:\Program Files\ULI5289\ALi5289.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] F:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [lxccmon.exe] "F:\Program Files\Lexmark 3300 Series\lxccmon.exe"
O4 - HKLM\..\Run: [Svchost] C:\windows\system\svchost.exe
O4 - HKLM\..\Run: [WooCnxMon] F:\PROGRA~1\NEOSTR~1\CnxMon.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "F:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [LXCCCATS] rundll32 F:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [FaxCenterServer] "F:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [Internet Optimizer] "F:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [Qsqfkn] C:\Program Files\Uokb\Ksbg.exe
O4 - HKLM\..\Run: [BearFlix] "F:\Program Files\BearFlix\BearFlix.exe" /pause
O4 - HKLM\..\Run: [SurfAccuracy] F:\Program Files\SurfAccuracy\SAcc.exe
O4 - HKLM\..\Run: [ReJf5vH] F:\WINDOWS\elkcha.exe
O4 - HKLM\..\Run: [My Web Search Bar] rundll32 F:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] F:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [SmartSync - ScheduleSync] F:\PROGRA~1\MOBILE~1\SMARTS~1\SCHEDU~1.EXE
O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [sXe Injected] F:\Program Files\sXe Injected\sXe Injected.exe
O4 - HKLM\..\Run: [ATIPTA] atiptaxx.exe
O4 - HKLM\..\Run: [GammaAdjuster] F:\Documents and Settings\Borex\Moje dokumenty\Pliki\GammaAdjuster.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] F:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [ISUSPM Startup] F:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "F:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [TWFJ Agent] F:\WINDOWS\system32\28463\TWFJ.exe
O4 - HKLM\..\Run: [Diagnostic] "F:\WINDOWS\WINLOGON.exe"
O4 - HKLM\..\Run: [nod32kui] "F:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = F:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = F:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitialSetup1.0.0.15-3.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.2.100.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{BDB33688-DBAD-4F7B-9556-D810BDDA6A58}: NameServer = 194.204.159.1 217.98.63.164
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - F:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter: text/html - {994D478A-45D0-4DB4-AE27-738B1E346F99} - F:\Program Files\Batty2\Batty2.dll
O20 - Winlogon Notify: WgaLogon - F:\WINDOWS\
O23 - Service: Adobe LM Service - Adobe Systems - F:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - F:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - F:\WINDOWS\system32\ati2sgag.exe (file missing)
O23 - Service: Command Service (cmdService) - Unknown owner - F:\WINDOWS\cHBw\command.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - F:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - F:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: lxcc_device - Lexmark International, Inc. - F:\WINDOWS\system32\lxcccoms.exe
O23 - Service: Network Monitor - Unknown owner - F:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - F:\Program Files\Eset\nod32krn.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd

.ini (file missing)

[Red]

do usunięcia:

F:\WINDOWS\WINLOGON.exe
F2 - REG:system.ini: Shell=
O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - F:\WINDOWS\nem220.dll (file missing)
O2 - BHO: F1 Organizer Class - {00000EF1-0786-4633-87C6-1AA7A44296DA} - F:\WINDOWS\system32\ATPART~1.DLL (file missing)
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - F:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL (file missing)
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - F:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O2 - BHO: PK IE Plugin - {1E1B2879-88FF-11D3-8D96-D7ACAC95951A} - F:\WINDOWS\system32\bpkwb.dll (file missing)
O2 - BHO: (no name) - {6001CDF7-6F45-471b-A203-0225615E35A7} - F:\WINDOWS\DH.dll (file missing)
O2 - BHO: BHObj Class - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - F:\WINDOWS\wsem303.dll (file missing)
O2 - BHO: XBTP02634 - {F97DA966-F09D-4cab-BF29-75A0026986EA} - F:\PROGRA~1\BEARSH~1\BEARSH~2\MediaBar.dll (file missing)
O4 - HKLM\..\Run: [Svchost] C:\windows\system\svchost.exe
O4 - HKLM\..\Run: [Internet Optimizer] "F:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [Qsqfkn] C:\Program Files\Uokb\Ksbg.exe
O4 - HKLM\..\Run: [BearFlix] "F:\Program Files\BearFlix\BearFlix.exe" /pause
O4 - HKLM\..\Run: [SurfAccuracy] F:\Program Files\SurfAccuracy\SAcc.exe
O4 - HKLM\..\Run: [ReJf5vH] F:\WINDOWS\elkcha.exe
O4 - HKLM\..\Run: [My Web Search Bar] rundll32 F:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] F:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [TWFJ Agent] F:\WINDOWS\system32\28463\TWFJ.exe
O4 - HKLM\..\Run: [Diagnostic] "F:\WINDOWS\WINLOGON.exe"
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBIniti alSetup1.0.0.15-3.cab
O18 - Filter: text/html - {994D478A-45D0-4DB4-AE27-738B1E346F99} - F:\Program Files\Batty2\Batty2.dll
O20 - Winlogon Notify: WgaLogon - F:\WINDOWS\
O23 - Service: Command Service (cmdService) - Unknown owner - F:\WINDOWS\cHBw\command.exe (file missing)
O23 - Service: Network Monitor - Unknown owner - F:\Program Files\Network Monitor\netmon.exe (file missing)

Nie pomyl lokalizacji z których będziesz usuwał śmieci.

[Kuba1]

Wyłącz przywracanie systemu i wejdźw tryb awaryjny.
Otwórz notatnik i wklej w nim

@echo off
sc stop "Network Monitor"
sc delete "Network Monitor"
sc stop cmdService
sc delete cmdService
DEL F:\WINDOWS\WINLOGON.exe
DEL F:\WINDOWS\nem220.dll
DEL F:\WINDOWS\system32\ATPART~1.DLL
DEL F:\WINDOWS\system32\bpkwb.dll
DEL F:\WINDOWS\wsem303.dll
DEL C:\windows\system\svchost.exe
DEL F:\WINDOWS\elkcha.exe
RD /S /Q "F:\Program Files\MyWebSearch"
RD /S /Q "F:\Program Files\Internet Optimizer"
RD /S /Q "F:\Program Files\BearFlix"
RD /S /Q "F:\Program Files\SurfAccuracy"
RD /S /Q "F:\Program Files\Uokb"
RD /S /Q "F:\Program Files\28463"
RD /S /Q "F:\Program Files\Network Monitor"
RD /S /Q "F:\Program Files\cHBw"

Plik>>zapisz jako>>zmien rozszerzenie z txt na wszystkie pliki i zapisz pod nazwą FIX.BAT uruchom powstały Fix w trybie awaryjnym


Następnie pobierz narzędzie SDFix


*Klikamy 2 krotknie na ikonę SDFix.exe,program wypakuje się domyślnie do lokalizacji C:\SDFix

*Wchodzimy do trybu awaryjnego z obsługą sieci:
>>>>>>Jak wejść do trybu awaryjnego z obsługą sieci?

*F8 podczas bootowania systemu.
*Używamy narzędzia BootSafe.exe zaznaczamy opcje Safe Mode- Networking i klikamy reboot

*Gdy już jesteśmy w trybie awaryjnym,wchodzimy do folderu SDFix i uruchamiamy narzędzie klikająć
2-krotnie na plik RunThis.bat lewym przyciskiem myszy.

*Wciskamy Y co uruchomi proces usuwania

*Kiedy proces usuwania się zakończy wciskamy dowolny klawisz>>nastąpi restart.

*Po restarcie SDFix dokończy proces usuwania,kiedy w oknie narzędzia SDFix pojawi się napis Finished
klikamy dowolny klawisz,narzędzie zakończy swoją pracę,na pulpicie załadują się ikony.

*Wchodzimy do folderu SDFix i kopiujemy zawartość pliku tekstowego Report.txt i wklejamy go na forum

Teraz zastosuj SmitFraudFix z opcji nr 2 również w trybie awaryjnym.

Następnie przeskanuj również w trybie awaryjnym OnlineScan Ewido
Usuń wszystko co znajdzie.

Po tym zastosuj ComboFix

Nastepnie uruchamiasz Hijackthis>>DO a system scan>>Zaznacz poniższe wpisy i wcisnij Fix Checked

F:\WINDOWS\WINLOGON.exe
F2 - REG:system.ini: Shell=
O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - F:\WINDOWS\nem220.dll (file missing)
O2 - BHO: F1 Organizer Class - {00000EF1-0786-4633-87C6-1AA7A44296DA} - F:\WINDOWS\system32\ATPART~1.DLL (file missing)
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - F:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL (file missing)
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - F:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O2 - BHO: PK IE Plugin - {1E1B2879-88FF-11D3-8D96-D7ACAC95951A} - F:\WINDOWS\system32\bpkwb.dll (file missing)
O2 - BHO: (no name) - {6001CDF7-6F45-471b-A203-0225615E35A7} - F:\WINDOWS\DH.dll (file missing)
O2 - BHO: BHObj Class - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - F:\WINDOWS\wsem303.dll (file missing)
O2 - BHO: XBTP02634 - {F97DA966-F09D-4cab-BF29-75A0026986EA} - F:\PROGRA~1\BEARSH~1\BEARSH~2\MediaBar.dll (file missing)
O4 - HKLM\..\Run: [Svchost] C:\windows\system\svchost.exe
O4 - HKLM\..\Run: [Internet Optimizer] "F:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [Qsqfkn] C:\Program Files\Uokb\Ksbg.exe
O4 - HKLM\..\Run: [BearFlix] "F:\Program Files\BearFlix\BearFlix.exe" /pause
O4 - HKLM\..\Run: [SurfAccuracy] F:\Program Files\SurfAccuracy\SAcc.exe
O4 - HKLM\..\Run: [ReJf5vH] F:\WINDOWS\elkcha.exe
O4 - HKLM\..\Run: [My Web Search Bar] rundll32 F:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] F:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [TWFJ Agent] F:\WINDOWS\system32\28463\TWFJ.exe
O4 - HKLM\..\Run: [Diagnostic] "F:\WINDOWS\WINLOGON.exe"
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBIniti alSetup1.0.0.15-3.cab
O18 - Filter: text/html - {994D478A-45D0-4DB4-AE27-738B1E346F99} - F:\Program Files\Batty2\Batty2.dll
O20 - Winlogon Notify: WgaLogon - F:\WINDOWS\
O23 - Service: Command Service (cmdService) - Unknown owner - F:\WINDOWS\cHBw\command.exe (file missing)
O23 - Service: Network Monitor - Unknown owner - F:\Program Files\Network Monitor\netmon.exe (file missing)

Wracasz z logiem z Hijackthis,Silentrunners,ComboFix, Raport z SDFix,raport z Ewido oraz raport ze SmitFraudFix

[borej94]

dzieki za pomoc juz wszystko ok

[wojtas]

borej94

Wracasz z logiem z Hijackthis,Silentrunners,ComboFix, Raport z SDFix,raport z Ewido oraz raport ze SmitFraudFix