spowolnienie kompa moze wirus?

**Posty:** 2691 · przez **Z@K** 07 Gru 2007, 20:06

Logfile of HijackThis v1.99.1
Scan saved at 19:09:18, on 2007-12-07
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\WINDOWS\Explorer.EXE
F:\WINDOWS\RTHDCPL.EXE
G:\utorrent.exe
F:\Program Files\Bonjour\mDNSResponder.exe
F:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
F:\WINDOWS\system32\nvsvc32.exe
F:\Program Files\Last.fm\LastFMHelper.exe
F:\DOCUME~1\User\USTAWI~1\Temp\{924FBC18-8FEB-4CB5-A71B-7B4B037ED103}\Clear Sidebar.exe
F:\WINDOWS\system32\wscntfy.exe
F:\Program Files\foobar2000\foobar2000.exe
F:\Program Files\Last.fm\LastFM.exe
F:\Program Files\Tlen.pl\tlen.exe
F:\Program Files\Opera\Opera.exe
F:\WINDOWS\system32\svchost.exe
F:\Program Files\BearShare\BearShare.exe
F:\Documents and Settings\User\Moje dokumenty\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\K-Lite Codec Pack\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] F:\Program Files\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=122107 serial=DR12WEX-1504397-KTY lang=EN
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "F:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [µTorrent] "G:\utorrent.exe"
O4 - Startup: Sidebar.lnk = F:\Documents and Settings\User\Moje dokumenty\Clear Sidebar.exe
O4 - Startup: Vista-HDMonitor-Windows.lnk = F:\Documents and Settings\User\Moje dokumenty\HD Monitor.exe
O4 - Global Startup: Last.fm Helper.lnk = F:\Program Files\Last.fm\LastFMHelper.exe
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://F:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: f:\program files\bonjour\mdnsnsp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - F:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - F:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - F:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\system32\nvsvc32.exe

proszę o sprawdzenie

)

**Posty:** 3854 · przez **Dzi@dek** 07 Gru 2007, 20:08

Wyczyść z foldera

F:\DOCUME~1\User\USTAWI~1\Temp\*.*

Najlepiej pobierz ATFCleaner i zastosuj.

Autor postu otrzymał pochwałę

**Posty:** 18165 · przez **wojtas** 07 Gru 2007, 20:09

oraz daj loga z combofixa

**Posty:** 2691 · przez **Z@K** 07 Gru 2007, 20:15

ComboFix 07-12-07.3 - User 2007-12-07 19:15:07.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.638 [GMT 1:00]
Running from: F:\Documents and Settings\User\Moje dokumenty\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2007-11-07 to 2007-12-07 )))))))))))))))))))))))))))))))
.

2007-12-02 16:42 . 2007-12-02 16:42 <DIR> dr-h----- F:\Documents and Settings\User\Dane aplikacji\SecuROM
2007-11-21 19:43 . 2007-11-21 19:43 98,304 --a------ F:\WINDOWS\system32\CmdLineExt.dll
2007-11-11 19:31 . 2007-11-11 19:31 <DIR> d-------- F:\Program Files\DAEMON Tools
2007-11-11 18:22 . 2007-11-11 18:22 <DIR> d--h----- F:\WINDOWS\PIF
2007-11-10 14:23 . 2007-11-10 14:23 <DIR> d-------- F:\Documents and Settings\User\Dane aplikacji\Gadu-Gadu
2007-11-10 14:19 . 2007-11-10 14:19 <DIR> d-------- F:\Program Files\Gadu-Gadu
2007-11-10 14:19 . 2007-11-10 14:20 <DIR> d-------- F:\Documents and Settings\User\Gadu-Gadu

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-07 18:17 --------- d-----w F:\Documents and Settings\User\Dane aplikacji\uTorrent
2007-12-07 14:35 --------- d-----w F:\Documents and Settings\User\Dane aplikacji\foobar2000
2007-12-03 19:32 --------- d-----w F:\Documents and Settings\User\Dane aplikacji\Skype
2007-12-02 17:08 --------- d--h--w F:\Program Files\InstallShield Installation Information
2007-12-02 16:56 --------- d-----w F:\Program Files\DkZ Studio
2007-11-06 15:52 --------- d-----w F:\Documents and Settings\User\Dane aplikacji\vlc
2007-11-06 15:41 --------- d-----w F:\Program Files\VideoLAN
2007-11-04 10:23 --------- d-----w F:\Program Files\Google
2007-11-03 18:16 --------- d-----w F:\Program Files\Ganymede
2007-11-03 17:05 --------- d-----w F:\Documents and Settings\User\Dane aplikacji\GanymedeNet
2007-11-01 20:54 --------- d-----w F:\Program Files\Tlen.pl
2007-10-28 15:05 --------- d-----w F:\Program Files\TVUPlayer
2007-10-28 12:38 --------- d-----w F:\Program Files\coolpro2
2007-10-25 20:35 --------- d-----w F:\Program Files\Audacity
2007-10-19 18:16 --------- d-----w F:\Program Files\Opera
2007-10-15 16:41 --------- d-----w F:\Program Files\Common Files\Adobe
2007-10-14 14:25 --------- d-----w F:\Program Files\Winamp
2007-10-13 10:16 --------- d-----w F:\Program Files\foobar2000
2007-10-07 11:43 --------- d-----w F:\Documents and Settings\User\Dane aplikacji\Corel
2007-10-07 11:41 --------- d-----w F:\Program Files\Corel
2007-10-07 11:41 --------- d-----w F:\Program Files\Common Files\InstallShield
2007-10-07 11:41 --------- d-----w F:\Program Files\Common Files\Corel
2007-10-07 09:37 --------- d-----w F:\Documents and Settings\User\Dane aplikacji\Apple Computer
2007-10-07 09:37 --------- d-----w F:\Documents and Settings\All Users\Dane aplikacji\Apple Computer
.

((((((((((((((((((((((((((((( snapshot@2007-10-15_19.01.45,45 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-11-11 18:38:20 53,248 ----a-w F:\WINDOWS\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
+ 2007-11-11 18:38:20 12,800 ----a-w F:\WINDOWS\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
+ 2007-11-11 18:38:20 473,600 ----a-w F:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
+ 2007-11-11 18:38:21 567,296 ----a-w F:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2007-11-11 18:38:21 145,920 ----a-w F:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
+ 2007-11-11 18:38:21 159,232 ----a-w F:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
+ 2007-11-11 18:38:22 364,544 ----a-w F:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
+ 2007-11-11 18:38:22 178,176 ----a-w F:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
+ 2007-11-11 18:38:20 223,232 ----a-w F:\WINDOWS\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
- 2007-09-28 07:06:08 135,168 ----a-w F:\WINDOWS\catchme.exe
+ 2007-11-27 02:58:11 140,288 ----a-w F:\WINDOWS\catchme.exe
+ 2007-11-04 10:23:17 26,694 ----a-r F:\WINDOWS\Installer\{1E04F83B-2AB9-4301-9EF7-E86307F79C72}\ARPPRODUCTICON.exe
+ 2007-11-04 10:23:17 26,694 ----a-r F:\WINDOWS\Installer\{1E04F83B-2AB9-4301-9EF7-E86307F79C72}\googleearth.exe_407B9B5CDAC54F44A756B57CAB4E6A8B.exe
+ 2007-11-04 10:23:17 26,694 ----a-r F:\WINDOWS\Installer\{1E04F83B-2AB9-4301-9EF7-E86307F79C72}\googleearth.exe1_407B9B5CDAC54F44A756B57CAB4E6A8B.exe
+ 2007-11-04 10:23:17 65,536 ----a-r F:\WINDOWS\Installer\{1E04F83B-2AB9-4301-9EF7-E86307F79C72}\NewShortcut1_407B9B5CDAC54F44A756B57CAB4E6A8B.exe
+ 2007-11-04 10:23:17 65,536 ----a-r F:\WINDOWS\Installer\{1E04F83B-2AB9-4301-9EF7-E86307F79C72}\NewShortcut2_407B9B5CDAC54F44A756B57CAB4E6A8B.exe
+ 2007-11-04 10:23:17 26,694 ----a-r F:\WINDOWS\Installer\{1E04F83B-2AB9-4301-9EF7-E86307F79C72}\UNINST_Uninstall_G_3DE5E7D47B88403CA3FD2017A8240C5B.exe
+ 2007-12-02 17:08:47 31,720 ----a-r F:\WINDOWS\Installer\{2FDFD600-7338-4738-90D5-FC4ACA08DC36}\ARPPRODUCTICON.exe
+ 2005-03-18 16:23:10 53,248 ----a-w F:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.AudioVideoPlayback.dll
+ 2005-03-18 16:23:10 12,800 ----a-w F:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.Diagnostics.dll
+ 2005-03-18 16:23:14 473,600 ----a-w F:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.Direct3D.dll
+ 2005-03-18 16:23:10 145,920 ----a-w F:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectDraw.dll
+ 2005-03-18 16:23:10 159,232 ----a-w F:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectInput.dll
+ 2005-03-18 16:23:14 364,544 ----a-w F:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectPlay.dll
+ 2005-03-18 16:23:12 178,176 ----a-w F:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectSound.dll
+ 2005-03-18 16:23:14 223,232 ----a-w F:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.dll
+ 2005-03-18 16:23:14 567,296 ----a-w F:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2905.0\Microsoft.DirectX.Direct3DX.dll
- 2007-06-16 22:11:58 51,200 ----a-w F:\WINDOWS\NirCmd.exe
+ 2007-06-16 23:11:58 51,200 ----a-w F:\WINDOWS\NirCmd.exe
- 2005-02-05 17:45:26 2,222,800 ----a-w F:\WINDOWS\system32\d3dx9_24.dll
+ 2005-02-05 18:45:26 2,222,800 ----a-w F:\WINDOWS\system32\d3dx9_24.dll
- 2005-03-18 15:19:58 2,337,488 ----a-w F:\WINDOWS\system32\d3dx9_25.dll
+ 2005-03-18 16:19:58 2,337,488 ----a-w F:\WINDOWS\system32\d3dx9_25.dll
- 2007-08-22 16:39:28 45,218 ----a-w F:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
+ 2007-11-03 15:27:45 45,218 ----a-w F:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
- 2007-09-20 13:16:27 52,900 ----a-w F:\WINDOWS\system32\perfc009.dat
+ 2007-10-28 08:16:23 53,744 ----a-w F:\WINDOWS\system32\perfc009.dat
- 2007-09-20 13:16:27 73,752 ----a-w F:\WINDOWS\system32\perfc015.dat
+ 2007-10-28 08:16:23 68,554 ----a-w F:\WINDOWS\system32\perfc015.dat
- 2007-09-20 13:16:27 380,486 ----a-w F:\WINDOWS\system32\perfh009.dat
+ 2007-10-28 08:16:23 383,390 ----a-w F:\WINDOWS\system32\perfh009.dat
- 2007-09-20 13:16:27 495,780 ----a-w F:\WINDOWS\system32\perfh015.dat
+ 2007-10-28 08:16:23 439,538 ----a-w F:\WINDOWS\system32\perfh015.dat
- 2007-10-05 08:07:31 279,552 ----a-w F:\WINDOWS\system32\swreg.exe
+ 2007-07-22 17:39:27 279,552 ----a-w F:\WINDOWS\system32\swreg.exe
+ 2006-10-18 09:32:38 807,032 ----a-w F:\WINDOWS\system32\wmv9dmod.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"µTorrent"="G:\utorrent.exe" [2007-08-09 11:09]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-05-10 11:08 F:\WINDOWS\RTHDCPL.exe]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-03 23:44 F:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2007-06-28 23:43 F:\WINDOWS\system32\nwiz.exe]
"QuickTime Task"="F:\Program Files\K-Lite Codec Pack\QuickTime\QTTask.exe" [2007-06-29 05:24]
"CorelDRAW Graphics Suite 11b"="F:\Program Files\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe" [2003-11-25 12:39]
"Adobe Reader Speed Launcher"="F:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 02:06]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="F:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 23:44]

F:\Documents and Settings\User\Menu Start\Programy\Autostart\
Sidebar.lnk - F:\Documents and Settings\User\Moje dokumenty\Clear Sidebar.exe [2007-10-06 21:52:49]

F:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
Last.fm Helper.lnk - F:\Program Files\Last.fm\LastFMHelper.exe [2007-08-24 20:49:50]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMConfigurePrograms"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMConfigurePrograms"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\F:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Gamma Loader.lnk]
path=F:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Gamma Loader.lnk
backup=F:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\F:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Last.fm Helper.lnk]
path=F:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Last.fm Helper.lnk
backup=F:\WINDOWS\pss\Last.fm Helper.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
ALCMTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadu-Gadu]
F:\Program Files\Gadu-Gadu\gg.exe /tray

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gainward]
F:\Program Files\VDOTool\TBPanel.exe /A

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Glass2k]
F:\Program Files\Glass2k\Glass2k.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LClock]
F:\Program Files\LClock\LClock.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 10:50 155648 --a------ F:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
RUNDLL32.EXE F:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\µTorrent]
2007-08-09 11:09 109568 --a------ G:\utorrent.exe

S3 SetupNTGLM7X;SetupNTGLM7X;\??\H:\NTGLM7X.sys
S3 USBSTOR;Sterownik magazynu masowego USB;F:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

.
Contents of the 'Scheduled Tasks' folder
"2007-08-28 19:24:04 F:\WINDOWS\Tasks\Norton Security Scan.job"
- F:\Program Files\Norton Security Scan\Nss.exe
.
**************************************************************************

catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-07 19:17:39
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-07 19:18:09
F:\ComboFix2.txt ... 2007-10-15 18:02
.
--- E O F ---

combofix

**Posty:** 18165 · przez **wojtas** 07 Gru 2007, 20:16

czysto jak łza

Autor postu otrzymał pochwałę

spowolnienie kompa moze wirus?

Spowolnienie kompa moze wirus?

Kto jest na forum