Głośna praca dysku

[Butcher666]

Od niedawna strasznie glosno dysk mi pracuje tak jakby sie przesuwal i wracal na miejsce nie mam pojecia od czego ale prosze sprwadzic log 8O

 

 

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 20:47:58, on 2008-04-28

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Winamp\winampa.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe

C:\Program Files\ASUS\Ai Suite\AiGear3\CpuPowerMonitor.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Gadu-Gadu\gg.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Winamp\winamp.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [Ai Nap] "C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe"

O4 - HKLM\..\Run: [CPU Power Monitor] "C:\Program Files\ASUS\Ai Suite\AiGear3\CpuPowerMonitor.exe"

O4 - HKLM\..\Run: [Cpu Level Up help] C:\Program Files\ASUS\Ai Suite\CpuLevelUpHelp.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray

O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {3D8700FB-86A4-4CB4-B738-6F0FC016AC7D} (MainControl Class) - http://slimak.onet.pl/_m/wirusy/ArcaOnline.cab

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

[Butcher666]

log z combofix

 

ComboFix 08-04-27.3 - Paweł 2008-04-28 21:49:40.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.2808 [GMT 2:00]

Running from: C:\Documents and Settings\Paweł\Pulpit\ComboFix.exe

* Created a new restore point

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((((( Files Created from 2008-03-28 to 2008-04-28 )))))))))))))))))))))))))))))))

.

 

2008-04-28 20:47 . 2008-04-28 20:47 <DIR> d-------- C:\Program Files\Trend Micro

2008-04-27 22:37 . 2008-04-27 22:37 <DIR> d-------- C:\Documents and Settings\Paweł\Dane aplikacji\Lavasoft

2008-04-27 22:18 . 2008-04-27 22:41 <DIR> d-------- C:\Program Files\Lavasoft

2008-04-27 22:18 . 2008-04-27 22:18 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard

2008-04-27 22:18 . 2008-04-27 22:21 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Lavasoft

2008-04-27 21:19 . 2008-04-27 21:19 <DIR> d-------- C:\Program Files\Lavalys

2008-04-27 19:31 . 2008-04-27 19:31 <DIR> d-------- C:\Documents and Settings\Paweł\Dane aplikacji\ArcaBit

2008-04-27 17:53 . 2008-04-27 18:40 <DIR> d-------- C:\Program Files\ArcaMicroScan

2008-04-27 00:38 . 2008-04-27 00:38 <DIR> d-------- C:\Documents and Settings\Paweł\Dane aplikacji\OpenOfficeT72

2008-04-27 00:38 . 2008-04-27 00:38 <DIR> d-------- C:\Documents and Settings\Paweł\Dane aplikacji\MfcEmbed

2008-04-27 00:32 . 2008-04-27 00:32 <DIR> d-------- C:\Program Files\OpenOfficeT7 2.4.0

2008-04-07 23:38 . 2008-04-07 23:38 319 --a------ C:\WINDOWS\game.ini

2008-04-07 23:29 . 2008-04-07 23:29 <DIR> d-------- C:\Program Files\Activision

2008-04-07 23:21 . 2008-04-07 23:21 <DIR> d--hs---- C:\WINDOWS\ftpcache

2008-04-07 23:20 . 2008-04-07 23:20 <DIR> d-------- C:\Program Files\Alcohol Soft

2008-04-07 23:18 . 2008-04-07 23:18 716,272 --a------ C:\WINDOWS\system32\drivers\sptd.sys

2008-04-05 14:56 . 2008-04-05 14:56 1,158 --a------ C:\WINDOWS\mozver.dat

2008-04-05 14:38 . 2008-04-05 14:38 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\nView_Profiles

2008-04-05 14:37 . 2008-04-05 14:37 <DIR> d-------- C:\WINDOWS\nview

2008-04-05 14:37 . 2007-12-05 01:41 356,352 --a------ C:\WINDOWS\system32\nvudisp.exe

2008-04-05 14:37 . 2008-04-05 14:37 163,353 --a------ C:\WINDOWS\system32\nvapps.xml

2008-04-05 14:37 . 2007-12-05 01:41 17,737 --a------ C:\WINDOWS\system32\nvdisp.nvu

2008-04-05 14:35 . 2007-12-05 02:53 356,352 --a------ C:\WINDOWS\system32\NVUNINST.EXE

2008-04-05 12:17 . 2008-04-05 12:17 <DIR> d-------- C:\Program Files\ASUS

2008-04-05 12:17 . 2006-01-10 10:50 24,576 -ra------ C:\WINDOWS\system32\AsIO.dll

2008-04-05 12:17 . 2006-10-18 21:12 12,664 -ra------ C:\WINDOWS\system32\drivers\AsIO.sys

2008-04-05 12:17 . 2006-10-19 03:11 12,096 --a------ C:\WINDOWS\system32\drivers\AsInsHelp64.sys

2008-04-05 12:17 . 2006-10-19 03:11 10,304 --a------ C:\WINDOWS\system32\drivers\AsInsHelp32.sys

2008-04-05 12:17 . 2008-04-05 12:17 666 --a------ C:\WINDOWS\setup.iss

2008-04-05 12:14 . 2008-04-05 12:14 <DIR> d-------- C:\WINDOWS\ASUSInstAll

2008-04-05 12:08 . 2008-04-05 12:08 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE

2008-04-05 12:08 . 2008-04-05 12:08 <DIR> d-------- C:\WINDOWS\system32\drivers\system32

2008-04-05 12:08 . 2008-04-05 12:08 <DIR> d-------- C:\WINDOWS\system32\drivers\INF

2008-04-05 12:08 . 2008-04-05 12:08 <DIR> d-------- C:\Program Files\Intel

2008-04-05 12:07 . 2008-04-05 12:07 <DIR> d-------- C:\Intel

2008-04-05 12:07 . 2008-04-05 12:14 31,874 --a------ C:\WINDOWS\Ascd_log.ini

2008-04-05 12:00 . 2008-04-05 14:38 8 --a------ C:\WINDOWS\system32\nvModes.dat

2008-04-05 11:37 . 2008-04-05 11:37 0 --a------ C:\WINDOWS\nsreg.dat

2008-04-05 09:41 . 2005-04-15 20:58 1,351,392 --a------ C:\WINDOWS\system32\COMCTL32.OCX

2008-04-05 09:41 . 2003-08-03 22:56 1,146,184 --a------ C:\WINDOWS\system32\FM20.DLL

2008-04-05 09:41 . 2005-04-15 20:58 1,071,088 --a------ C:\WINDOWS\system32\MSCOMCTL.OCX

2008-04-05 09:41 . 2004-03-09 02:00 212,240 --a------ C:\WINDOWS\system32\RICHTX32.OCX

2008-04-05 09:41 . 2005-07-28 16:57 152,848 --a------ C:\WINDOWS\system32\COMDLG32.OCX

2008-04-05 09:41 . 2003-01-27 01:41 40,960 --a------ C:\WINDOWS\system32\SSUBTMR6.DLL

2008-04-05 09:41 . 2003-07-15 10:57 32,584 --a------ C:\WINDOWS\system32\FM20ENU.DLL

2008-04-05 09:41 . 2007-05-27 15:33 10,752 --a------ C:\WINDOWS\system32\aamd532.dll

2008-04-05 09:40 . 2008-04-05 09:41 <DIR> d-------- C:\Program Files\AutoPatcher

2008-04-05 09:21 . 2008-04-05 12:17 <DIR> d-------- C:\Program Files\Common Files\InstallShield

2008-04-05 09:21 . 2008-04-05 09:21 <DIR> d-------- C:\NVIDIA

2008-04-05 09:19 . 2008-04-05 09:19 <DIR> d-------- C:\Program Files\Driver Cleaner

2008-04-05 09:17 . 2008-04-05 09:17 <DIR> d-------- C:\Program Files\Gadu-Gadu

2008-04-05 09:17 . 2008-04-05 09:17 <DIR> d---s---- C:\Documents and Settings\Paweł\UserData

2008-04-05 09:17 . 2008-04-05 09:17 <DIR> d---s---- C:\Documents and Settings\Paweł\UserData

2008-04-05 09:17 . 2008-04-05 09:18 <DIR> d-------- C:\Documents and Settings\Paweł\Gadu-Gadu

2008-04-05 09:17 . 2008-04-05 09:18 <DIR> d-------- C:\Documents and Settings\Paweł\Gadu-Gadu

2008-04-05 09:16 . 2008-04-05 09:16 <DIR> d-------- C:\Program Files\Marvell

2008-04-05 09:16 . 2008-04-05 09:16 <DIR> d-------- C:\Documents and Settings\Paweł\Dane aplikacji\TMP

2008-04-05 09:14 . 2008-04-05 09:14 <DIR> d-------- C:\Program Files\Winamp

2008-04-05 09:10 . 2008-04-05 09:10 <DIR> d-------- C:\Program Files\K-Lite Codec Pack

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-04-08 18:29 1,297,920 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp

2008-04-07 21:38 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-04-05 08:31 --------- d-----w C:\Program Files\Alwil Software

2008-04-05 08:29 --------- d-----w C:\Program Files\Zone Labs

2008-04-05 08:08 315,392 ----a-w C:\WINDOWS\HideWin.exe

2008-04-05 08:08 --------- d-----w C:\Program Files\Realtek

2008-04-05 06:48 --------- d-----w C:\Program Files\microsoft frontpage

2008-04-05 06:47 --------- d-----w C:\Program Files\Usługi online

2008-03-26 16:37 4,713,472 ----a-w C:\WINDOWS\system32\drivers\RtkHDAud.sys

2008-03-26 14:14 16,859,136 ----a-w C:\WINDOWS\RTHDCPL.exe

2008-03-05 16:07 520,192 ----a-w C:\WINDOWS\RtlExUpd.dll

2008-03-05 14:03 479,752 ----a-w C:\WINDOWS\system32\XAudio2_0.dll

2008-03-05 14:03 238,088 ----a-w C:\WINDOWS\system32\xactengine3_0.dll

2008-03-05 14:00 25,608 ----a-w C:\WINDOWS\system32\X3DAudio1_3.dll

2008-03-05 13:56 3,786,760 ----a-w C:\WINDOWS\system32\D3DX9_37.dll

2008-03-05 13:56 1,420,824 ----a-w C:\WINDOWS\system32\D3DCompiler_37.dll

2008-02-05 21:07 462,864 ----a-w C:\WINDOWS\system32\d3dx10_37.dll

2006-06-23 12:48 32,768 ----a-w C:\WINDOWS\inf\UpdateUSB.exe

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:44 15360]

"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2004-12-28 19:02 770048]

"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-03-20 18:46 217544]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2006-11-21 19:38 35328]

"RTHDCPL"="RTHDCPL.EXE" [2008-03-26 16:14 16859136 C:\WINDOWS\RTHDCPL.exe]

"Zone Labs Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2005-07-17 23:21 980752]

"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 12:06 79224]

"Ai Nap"="C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe" [2007-09-06 11:19 1426432]

"CPU Power Monitor"="C:\Program Files\ASUS\Ai Suite\AiGear3\CpuPowerMonitor.exe" [2007-09-06 19:57 626688]

"Cpu Level Up help"="C:\Program Files\ASUS\Ai Suite\CpuLevelUpHelp.exe" [2007-09-11 10:32 880640]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]

"nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe]

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:44 15360]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.X264"= x264vfw.dll

"VIDC.3iv2"= 3ivxVfWCodec.dll

"VIDC.VP31"= vp31vfw.dll

"msacm.l3fhg"= mp3fhg.acm

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Program Files\\Gadu-Gadu\\gg.exe"=

"C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=

 

 

*Newly Created Service* - CATCHME

.

**************************************************************************

 

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-04-28 21:52:23

Windows 5.1.2600 Dodatek Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

Completion time: 2008-04-28 21:52:43

ComboFix-quarantined-files.txt 2008-04-28 19:52:38

 

Pre-Run: 224,092,041,216 bajtów wolnych

Post-Run: 224,219,967,488 bajtów wolnych

 

141