zamulenie kompa

**Posty:** 559 · przez **lisu221** 20 Lip 2007, 18:48

Witam. Mam problem z komputerem. Najpoważniejszy jest taki, że jak gram w fifę to w grze wyłącza mi się dźwięk i strasznie ją zamula nie da się jej nawet wyłączyć, a po wyjściu z gry nie mogę odtworzyć żadnego dźwięku na komputerze. Drugi problem jest taki, że gdy mam uruchomione gadu-gadu to procent użycia jest bardzo duży ok 40%, do tego jak włącze Operę, to użycie procesora waha się w granicach 90%.

**Posty:** 18165 · przez **wojtas** 20 Lip 2007, 20:24

moze daj loga z Hijacka oraz przeinstaluj gygy oraz operke

**Posty:** 559 · przez **lisu221** 20 Lip 2007, 20:39

Przeinstalowanie tych programów niewiele pomogło. A oto log:

Kod: Zaznacz wszystko: Logfile of HijackThis v1.99.1 Scan saved at 20:35:36, on 2007-07-20 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16473) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\oodag.exe C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Gadu-Gadu\gg.exe C:\WINDOWS\system32\msiexec.exe C:\Program Files\Opera\Opera.exe C:\Documents and Settings\Mateusz\Pulpit\Czyszczenie kompa\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: (no name) - {140BD8E3-C167-11D4-B4A3-080000180323} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O2 - BHO: IECatcher Class - {B930BA63-9E5A-11D3-A288-0000E80E2EDE} - C:\Program Files\Mass Downloader\MDHELPER.DLL (file missing) O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O8 - Extra context menu item: Baixar com o Rapidown... - C:\Program Files\Rapidown\RapidownGet.htm O8 - Extra context menu item: Baixar tudo com o Rapidown... - C:\Program Files\Rapidown\RapidownGetAll.htm O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra button: Rapidown - {57E91B47-F40A-11D1-B792-444553540011} - C:\Program Files\Rapidown\Rapidown.exe O9 - Extra 'Tools' menuitem: Rapidown - {57E91B47-F40A-11D1-B792-444553540011} - C:\Program Files\Rapidown\Rapidown.exe O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\ O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe

P.S. Jeżeli miałbym coś usuwać mógłbyś napisać jak się to robi ponieważ już dawno się w to nie bawiłem i powiedzieć czy w trybie awaryjnym czy normalnie.

**Posty:** 18165 · przez **wojtas** 20 Lip 2007, 20:41

w normalnym zaznacz ten wpis w hijacku:

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\

i nacisnij fix checked

daj loga z combofixa

**Posty:** 559 · przez **lisu221** 20 Lip 2007, 20:55

Usunąłem. Log z Combofixa, mam nadzieję, że chodzi o to co utworzyło się po skanowaniu :wink:

Kod: Zaznacz wszystko: "Mateusz" - 2007-07-20 20:43:46 - ComboFix 07-07-14.6 - Dodatek Service Pack 2 NTFS ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\DOCUME~1\Mateusz\Pulpit.\internet explorer.lnk ((((((((((((((((((((((((( Files Created from 2007-06-20 to 2007-07-20 ))))))))))))))))))))))))))))))) 2007-07-20 20:42 51,200 --a------ C:\WINDOWS\nircmd.exe 2007-07-20 20:33 <DIR> d-------- C:\Program Files\Opera 2007-07-20 20:29 <DIR> d-------- C:\Program Files\Gadu-Gadu 2007-07-17 19:38 <DIR> d-------- C:\Program Files\Hamachi 2007-07-17 19:38 <DIR> d-------- C:\DOCUME~1\Mateusz\DANEAP~1\Hamachi 2007-07-14 19:09 <DIR> d-------- C:\Program Files\SystemRequirementsLab 2007-07-14 19:09 <DIR> d-------- C:\DOCUME~1\Mateusz\SystemRequirementsLab 2007-07-13 15:08 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared 2007-07-13 15:08 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DANEAP~1\Adobe Systems 2007-07-12 21:24 174,592 --a------ C:\WINDOWS\system32\framedyn.dll 2007-07-12 21:22 5,632 --a------ C:\WINDOWS\system32\drivers\StarOpen.sys 2007-07-12 19:27 8,208,692 --a------ C:\eMulev0.47c.-MorphXTv9.6-installer.exe 2007-07-12 19:16 <DIR> d-------- C:\DOCUME~1\Mateusz\DANEAP~1\ACD Systems 2007-07-12 19:14 <DIR> d-------- C:\Program Files\Common Files\ACD Systems 2007-07-12 19:14 <DIR> d-------- C:\Program Files\ACD Systems 2007-07-12 19:14 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DANEAP~1\ACD Systems 2007-07-12 18:48 <DIR> d-------- C:\Program Files\ATI Technologies 2007-07-12 18:46 520,192 --------- C:\WINDOWS\system32\ati2sgag.exe 2007-07-12 14:35 786,432 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT 2007-07-12 14:35 <DIR> dr-h----- C:\DOCUME~1\ADMINI~1\Dane aplikacji 2007-07-12 14:35 <DIR> dr------- C:\DOCUME~1\ADMINI~1\Menu Start 2007-07-12 14:35 <DIR> d--h----- C:\DOCUME~1\ADMINI~1\Ustawienia lokalne 2007-07-12 14:35 <DIR> d--h----- C:\DOCUME~1\ADMINI~1\Szablony 2007-07-12 14:35 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Ulubione 2007-07-12 14:35 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Pulpit 2007-07-12 14:35 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Moje dokumenty 2007-07-12 13:43 53,248 --a------ C:\WINDOWS\system32\Process.exe 2007-07-12 13:43 51,200 --a------ C:\WINDOWS\system32\dumphive.exe 2007-07-12 13:43 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe 2007-06-26 19:16 <DIR> d-------- C:\DOCUME~1\Mateusz\Gadu-Gadu (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-07-20 13:52:28 -------- d-----w C:\Program Files\eMule 2007-07-17 17:38:22 26,056 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys 2007-07-16 19:57:42 -------- d-----w C:\DOCUME~1\Mateusz\DANEAP~1\Skype 2007-07-12 20:24:17 -------- d-----w C:\DOCUME~1\Mateusz\DANEAP~1\uTorrent 2007-07-12 19:58:51 -------- d--h--w C:\Program Files\InstallShield Installation Information 2007-07-12 19:28:03 75,288 ----a-w C:\WINDOWS\system32\perfc015.dat 2007-07-12 19:28:03 451,668 ----a-w C:\WINDOWS\system32\perfh015.dat 2007-07-12 16:51:01 -------- d-----w C:\DOCUME~1\Mateusz\DANEAP~1\ATI 2007-07-12 16:20:34 3,095 ----a-w C:\WINDOWS\system32\drivers\fwdrv.err 2007-07-12 11:44:18 2,042 ----a-w C:\WINDOWS\system32\tmp.reg 2007-07-11 17:25:35 -------- d-----w C:\Program Files\BearShare 2007-07-05 15:05:03 -------- d-----w C:\DOCUME~1\Mateusz\DANEAP~1\BearShare 2007-06-29 19:36:52 -------- d-----w C:\Program Files\Hasła 2007-06-13 16:46:48 -------- d-----w C:\Program Files\Kalendarz XP 2007-06-13 16:37:05 -------- d-----w C:\Program Files\Creative 2007-06-13 16:20:30 -------- d-----w C:\Program Files\BearFlix 2007-06-08 17:06:49 24,576 ----a-w C:\WINDOWS\system32\VundoFixSVC.exe 2007-06-02 10:25:27 -------- d-----w C:\Program Files\Sunbelt Software 2007-05-30 16:21:24 -------- d-----w C:\Program Files\Librus 2007-05-27 17:19:24 -------- d-----w C:\Program Files\iolo 2007-05-27 17:17:02 -------- d-----w C:\Program Files\INTERIAPL 2007-05-16 15:18:58 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll 2007-05-10 16:39:28 544 ----a-w C:\WINDOWS\eReg.dat 2007-05-01 15:36:21 9,863 ----a-w C:\WINDOWS\unins000.dat 2007-04-30 15:46:10 745,600 ----a-w C:\WINDOWS\system32\aswBoot.exe 2007-04-30 15:35:28 95,872 ----a-w C:\WINDOWS\system32\AVASTSS.scr 2007-04-25 15:29:09 88 --sh--w C:\Program Files\Desktop.ini 2007-04-25 14:23:30 144,896 ----a-w C:\WINDOWS\system32\schannel.dll 2006-09-15 18:18:38 1,007 ----a-w C:\Program Files\lhiq.exe 2004-10-01 14:00:16 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{140BD8E3-C167-11D4-B4A3-080000180323}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] 2006-11-09 15:21 440056 --a------ C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B930BA63-9E5A-11D3-A288-0000E80E2EDE}] C:\Program Files\Mass Downloader\MDHELPER.DLL [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Cmaudio"="cmicnfg.cpl" [] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-04-30 17:42] "@"="" [] "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-09-25 09:12] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:44] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk] path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnk backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^ATI CATALYST – pasek zadań.lnk] path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\ATI CATALYST – pasek zadań.lnk backup=C:\WINDOWS\pss\ATI CATALYST – pasek zadań.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Kalendarz XP.lnk] path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Kalendarz XP.lnk backup=C:\WINDOWS\pss\Kalendarz XP.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] C:\Program Files\Winamp\winampa.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "VundoFixSvc"=3 (0x3) "avast! Mail Scanner"=3 (0x3) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "HTpatch"=C:\WINDOWS\htpatch.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G] AutoRun\command- G:\Autorun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{575b33dc-9cd4-11db-8383-000b6a2fd0bb}] AutoRun\command- G:\Autorun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e8ce617c-3093-11dc-8203-d96c06df048b}] AutoRun\command- H:\Diag\TCPowerPack\TCPowerPack.EXE install install- &Total Commander install\command- H:\Diag\TCPowerPack\TCPowerPack.EXE ************************************************************************** catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-07-20 20:47:51 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** Completion time: 2007-07-20 20:50:08 C:\ComboFix-quarantined-files.txt ... 2007-07-20 20:50 --- E O F ---