Proszę o sprawdzenie loga!!

[slowik76]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:29:58, on 2008-07-09
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Spik\Spik.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.eu.microsoft.com/poland/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0 CE\Reader\ActiveX\AcroIEHelper.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Spik] C:\Program Files\Spik\Spik.exe -autostart
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab
O18 - Protocol: wpmsg - {2E0AC5A0-3597-11D6-B3ED-0001021DC1C3} - C:\Program Files\Spik\url_wpmsg.dll
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 3005 bytes

[LucaS]

Czysto.
kosmetycznie możesz zfixowac:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.eu.microsoft.com/poland/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

btw co się dzieje, że dajesz log?

[slowik76]

Dzięki bardzo!!Podejrzewałem że mam wira trochę komp się przycinał przy otwieraniu programów,ale defragmentacja pomogła jeszcze raz dzięki!!!

[LucaS]

wyłącz CTFMON - zżera sporo pamięci i może zamulać kompa
jak wylaczyc masz tutaj:
http://www.instalki.pl/forum/viewtopic. ... 0529#80529

pzdr.

[slowik76]

Wyłączyłem !Czy wpis też fixnąć?

[LucaS]

Wyłączyłem !Czy wpis też fixnąć?

Jak będzie w nowym logu po resecie to też ;] Ale nie powinno być.

[slowik76]

Dzięki już jest ok!Pozdrawiam!!
To log po modyfikacji
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:10:06, on 2008-07-09
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0 CE\Reader\ActiveX\AcroIEHelper.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Spik] C:\Program Files\Spik\Spik.exe -autostart
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab
O18 - Protocol: wpmsg - {2E0AC5A0-3597-11D6-B3ED-0001021DC1C3} - C:\Program Files\Spik\url_wpmsg.dll
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 2837 bytes

[huber2t]

Pokaż log z Combofix

[slowik76]

ComboFix 08-07-08.5 - klezmer 2008-07-09 13:15:23.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.782 [GMT 2:00]
Running from: C:\Documents and Settings\klezmer\Pulpit\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-06-09 to 2008-07-09 )))))))))))))))))))))))))))))))
.

2008-07-09 12:29 . 2008-07-09 12:29 <DIR> d-------- C:\Program Files\Trend Micro
2008-07-08 12:00 . 2008-07-08 12:00 <DIR> d-------- C:\Documents and Settings\klezmer\Dane aplikacji\TuneUp Software
2008-07-07 09:36 . 2008-07-07 09:36 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2008-07-03 14:39 . 2008-07-03 14:39 <DIR> d-------- C:\WINDOWS\system32\oodag
2008-07-03 14:36 . 2008-07-03 14:36 306,432 --a------ C:\WINDOWS\system32\TuneUpDefragService.exe
2008-07-03 14:33 . 2008-07-03 14:33 <DIR> d-------- C:\Documents and Settings\klezmer\Dane aplikacji\Thinstall
2008-07-02 21:03 . 2008-07-07 10:48 <DIR> d-------- C:\Program Files\SkanerOnline
2008-07-02 16:05 . 2007-09-17 01:07 6,853,088 --a------ C:\WINDOWS\system32\drivers\nv4_mini.sys
2008-07-02 16:05 . 2007-09-17 01:07 6,853,088 --a--c--- C:\WINDOWS\system32\dllcache\nv4_mini.sys
2008-07-02 16:05 . 2007-09-17 01:07 5,783,040 --a------ C:\WINDOWS\system32\nv4_disp.dll
2008-07-02 16:05 . 2004-08-04 02:35 58,624 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2008-07-02 16:05 . 2001-08-17 23:59 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
2008-07-02 16:03 . 2008-07-09 12:54 <DIR> d-------- C:\WINDOWS\system32\CatRoot2
2008-07-02 16:03 . 2008-07-02 16:03 <DIR> dr-h----- C:\Documents and Settings\Default User\Ustawienia lokalne
2008-07-02 16:03 . 2008-07-02 16:03 <DIR> d-------- C:\Documents and Settings\Default User\Ulubione
2008-07-02 16:03 . 2008-07-02 14:07 <DIR> d--h----- C:\Documents and Settings\Default User\Szablony
2008-07-02 16:03 . 2008-07-02 16:03 <DIR> d-------- C:\Documents and Settings\Default User\Pulpit
2008-07-02 16:03 . 2008-07-02 16:03 <DIR> d-------- C:\Documents and Settings\Default User\Moje dokumenty
2008-07-02 16:03 . 2008-07-02 16:03 <DIR> dr------- C:\Documents and Settings\Default User\Menu Start
2008-07-02 16:03 . 2008-07-02 16:03 <DIR> dr-h----- C:\Documents and Settings\Default User\Dane aplikacji
2008-07-02 16:03 . 2008-07-02 16:03 <DIR> d-------- C:\Documents and Settings\All Users\Ulubione
2008-07-02 16:03 . 2008-07-02 16:03 <DIR> d--h----- C:\Documents and Settings\All Users\Szablony
2008-07-02 16:03 . 2008-07-02 14:49 <DIR> d-------- C:\Documents and Settings\All Users\Pulpit
2008-07-02 16:03 . 2008-07-02 14:12 <DIR> dr------- C:\Documents and Settings\All Users\Menu Start
2008-07-02 16:03 . 2008-07-02 14:08 <DIR> dr------- C:\Documents and Settings\All Users\Dokumenty
2008-07-02 16:03 . 2008-07-02 14:52 <DIR> dr-h----- C:\Documents and Settings\All Users\Dane aplikacji
2008-07-02 16:02 . 2008-07-02 14:12 386 --a------ C:\WINDOWS\system32\$winnt$.inf

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-09 10:24 --------- d-----w C:\Documents and Settings\klezmer\Dane aplikacji\uTorrent
2008-07-08 09:39 --------- d---a-w C:\Documents and Settings\All Users\Dane aplikacji\TEMP
2008-07-07 12:39 --------- d-----w C:\Program Files\uTorrent
2008-07-03 13:36 --------- d-----w C:\Program Files\NAPI-PROJEKT
2008-07-03 13:25 --------- d-----w C:\Program Files\Spik
2008-07-02 12:53 --------- d-----w C:\Program Files\Real Alternative
2008-07-02 12:53 --------- d-----w C:\Program Files\ffdshow
2008-07-02 12:51 --------- d-----w C:\Program Files\Your Uninstaller 2006
2008-07-02 12:50 --------- d-----w C:\Documents and Settings\klezmer\Dane aplikacji\URSoft
2008-07-02 12:49 --------- d-----w C:\Program Files\OO Software
2008-07-02 12:43 --------- d-----w C:\Program Files\CCleaner
2008-07-02 12:42 --------- d-----w C:\Program Files\RaimaRadioPro
2008-07-02 12:42 --------- d-----w C:\Documents and Settings\klezmer\Dane aplikacji\RaimaRadioPro
2008-07-02 12:40 --------- d-----w C:\Program Files\Common Files\Adobe
2008-07-02 12:40 --------- d-----w C:\Documents and Settings\klezmer\Dane aplikacji\InterTrust
2008-07-02 12:31 --------- d-----w C:\Documents and Settings\klezmer\Dane aplikacji\Spik
2008-07-02 12:24 --------- d-----w C:\Program Files\Avira
2008-07-02 12:24 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Avira
2008-07-02 12:23 --------- d-----w C:\Program Files\SubEdit-Player
2008-07-02 12:19 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-07-02 12:10 --------- d-----w C:\Program Files\microsoft frontpage
2008-07-02 12:09 --------- d-----w C:\Program Files\Usługi online
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-09-17 01:07 8491008]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-09-17 01:07 81920]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401]
"Spik"="C:\Program Files\Spik\Spik.exe" [2008-04-08 12:04 103912]
"nwiz"="nwiz.exe" [2007-09-17 01:07 1626112 C:\WINDOWS\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 01:44 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoLowDiscSpaceChecks"= 000000000000f03f

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Spik\\Spik.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=

R0 viasraid;viasraid;C:\WINDOWS\system32\drivers\viasraid.sys [2003-10-31 13:22]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-07-03 14:36]

*Newly Created Service* - CATCHME
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-09 13:15:51
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-07-09 13:16:06
ComboFix-quarantined-files.txt 2008-07-09 11:16:04

Pre-Run: 12,276,621,312 bajtów wolnych
Post-Run: 12,275,576,832 bajtów wolnych

99

[huber2t]

W logu nic nie widzę

[slowik76]

Dzięki bardzo!!