log z hijackthis
prosilbym jezeli ma ktos wolny czas o spr.loga , chodzi mi o to ze mam kompa takiego :
2.6 ghz
512 ram
karta radeon 9550 pro
pentium 4
no i mam gre nfs most wanted ktora na 800x600 mi sie tnie...czy to wina mojego kompa? w co watpie...prosze o spr i co mam wywalic?
Logfile of HijackThis v1.99.1
Scan saved at 16:57:33, on 2005–11–24
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\BearShare\BearShare.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\RunDll32.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\Tomek\USTAWI~1\Temp\Rar$EX00.547\HijackThis.exe
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.eu.microsoft.com/poland/
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 – BHO: IeCatch2 Class – {A5366673–E8CA–11D3–9CD9–0090271D075B} – C:\PROGRA~1\FLASHGET\jccatch.dll
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:\WINDOWS\System32\msdxm.ocx
O3 – Toolbar: FlashGet Bar – {E0E899AB–F487–11D5–8D29–0050BA6940E3} – C:\PROGRA~1\FLASHGET\fgiebar.dll
O4 – HKLM\..\Run: [internat.exe] internat.exe
O4 – HKLM\..\Run: [SystemTray] SysTray.Exe
O4 – HKLM\..\Run: [ATIPTA] atiptaxx.exe
O4 – HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 – HKLM\..\Run: [KAVPersonal50] C:\Program Files\Kaspersky Lab\Kaspersky Anti–Virus Personal\kav.exe /minimize
O4 – HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 – HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
O4 – HKLM\..\Run: [WhenUSave] C:\PROGRA~1\Save\Save.exe
O4 – HKLM\..\Run: [smsrv] smsrv.exe
O4 – HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 – HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" –atboottime
O4 – HKLM\..\Run: [taskmanager] taskmanager.exe
O4 – HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 – HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 – HKLM\..\RunServices: [smsrv] smsrv.exe
O4 – HKLM\..\RunServices: [taskmanager] taskmanager.exe
O4 – HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 – HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 – HKCU\..\Run: [WeatherCast] "C:\Program Files\WeatherCast\Weather.exe" /q
O4 – HKCU\..\Run: [Gadu–Gadu] "C:\PROGRA~1\GADU–G~1\gg.exe" /tray
O4 – Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 – Extra context menu item: Download All by FlashGet – C:\Program Files\FlashGet\jc_all.htm
O8 – Extra context menu item: Download using FlashGet – C:\Program Files\FlashGet\jc_link.htm
O9 – Extra button: Related – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:\WINDOWS\web\related.htm
O9 – Extra 'Tools' menuitem: Show &Related Links – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:\WINDOWS\web\related.htm
O9 – Extra button: FlashGet – {D6E814A0–E0C5–11d4–8D29–0050BA6940E3} – C:\PROGRA~1\FLASHGET\flashget.exe
O9 – Extra 'Tools' menuitem: &FlashGet – {D6E814A0–E0C5–11d4–8D29–0050BA6940E3} – C:\PROGRA~1\FLASHGET\flashget.exe
O12 – Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 – DPF: Win32 Classes –
O17 – HKLM\System\CCS\Services\Tcpip\..\{8B4EAE43–E4D4–4950–A41D–AA2C69882B97}: NameServer = 213.227.72.1,213.227.75.1
O23 – Service: Ati HotKey Poller – ATI Technologies Inc. – C:\WINDOWS\System32\Ati2evxx.exe
O23 – Service: ATI Smart – Unknown owner – C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 – Service: kavsvc – Kaspersky Lab – C:\Program Files\Kaspersky Lab\Kaspersky Anti–Virus Personal\kavsvc.exe
O23 – Service: RadClock – Unknown owner – C:\WINDOWS\system32\RadClock.exe
O23 – Service: StarWind iSCSI Service (StarWindService) – Rocket Division Software – C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
z góry dzieki
2.6 ghz
512 ram
karta radeon 9550 pro
pentium 4
no i mam gre nfs most wanted ktora na 800x600 mi sie tnie...czy to wina mojego kompa? w co watpie...prosze o spr i co mam wywalic?
Logfile of HijackThis v1.99.1
Scan saved at 16:57:33, on 2005–11–24
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\BearShare\BearShare.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\RunDll32.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\Tomek\USTAWI~1\Temp\Rar$EX00.547\HijackThis.exe
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.eu.microsoft.com/poland/
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 – BHO: IeCatch2 Class – {A5366673–E8CA–11D3–9CD9–0090271D075B} – C:\PROGRA~1\FLASHGET\jccatch.dll
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:\WINDOWS\System32\msdxm.ocx
O3 – Toolbar: FlashGet Bar – {E0E899AB–F487–11D5–8D29–0050BA6940E3} – C:\PROGRA~1\FLASHGET\fgiebar.dll
O4 – HKLM\..\Run: [internat.exe] internat.exe
O4 – HKLM\..\Run: [SystemTray] SysTray.Exe
O4 – HKLM\..\Run: [ATIPTA] atiptaxx.exe
O4 – HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 – HKLM\..\Run: [KAVPersonal50] C:\Program Files\Kaspersky Lab\Kaspersky Anti–Virus Personal\kav.exe /minimize
O4 – HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 – HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
O4 – HKLM\..\Run: [WhenUSave] C:\PROGRA~1\Save\Save.exe
O4 – HKLM\..\Run: [smsrv] smsrv.exe
O4 – HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 – HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" –atboottime
O4 – HKLM\..\Run: [taskmanager] taskmanager.exe
O4 – HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 – HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 – HKLM\..\RunServices: [smsrv] smsrv.exe
O4 – HKLM\..\RunServices: [taskmanager] taskmanager.exe
O4 – HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 – HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 – HKCU\..\Run: [WeatherCast] "C:\Program Files\WeatherCast\Weather.exe" /q
O4 – HKCU\..\Run: [Gadu–Gadu] "C:\PROGRA~1\GADU–G~1\gg.exe" /tray
O4 – Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 – Extra context menu item: Download All by FlashGet – C:\Program Files\FlashGet\jc_all.htm
O8 – Extra context menu item: Download using FlashGet – C:\Program Files\FlashGet\jc_link.htm
O9 – Extra button: Related – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:\WINDOWS\web\related.htm
O9 – Extra 'Tools' menuitem: Show &Related Links – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:\WINDOWS\web\related.htm
O9 – Extra button: FlashGet – {D6E814A0–E0C5–11d4–8D29–0050BA6940E3} – C:\PROGRA~1\FLASHGET\flashget.exe
O9 – Extra 'Tools' menuitem: &FlashGet – {D6E814A0–E0C5–11d4–8D29–0050BA6940E3} – C:\PROGRA~1\FLASHGET\flashget.exe
O12 – Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 – DPF: Win32 Classes –
O17 – HKLM\System\CCS\Services\Tcpip\..\{8B4EAE43–E4D4–4950–A41D–AA2C69882B97}: NameServer = 213.227.72.1,213.227.75.1
O23 – Service: Ati HotKey Poller – ATI Technologies Inc. – C:\WINDOWS\System32\Ati2evxx.exe
O23 – Service: ATI Smart – Unknown owner – C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 – Service: kavsvc – Kaspersky Lab – C:\Program Files\Kaspersky Lab\Kaspersky Anti–Virus Personal\kavsvc.exe
O23 – Service: RadClock – Unknown owner – C:\WINDOWS\system32\RadClock.exe
O23 – Service: StarWind iSCSI Service (StarWindService) – Rocket Division Software – C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
z góry dzieki
Odpowiedzi: 2
Jeszcze taskmanager.exe i WeatherCast
Wiesz nie koniecznie musi to być wina zawirusowania. Zawsze naleźy sprawdzić najnowsze sterowniki, DirectX. Defragmentacja dysku, wyłączenie zbednych procesów, teź pewnie pomoźe.
usuń:
zatrzymaj usługesmsrv.exe
usuń:
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
O4 – HKLM\..\Run: [WhenUSave] C:\PROGRA~1\Save\Save.exe
O4 – HKLM\..\Run: [smsrv] smsrv.exe
O4 – HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 – HKLM\..\RunServices: [smsrv] smsrv.exe
O9 – Extra button: Related – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:\WINDOWS\web\related.htm
9 – Extra 'Tools' menuitem: Show &Related Links – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:\WINDOWS\web\related.htm
O16 – DPF: Win32 Classes –
zatrzymaj usługesmsrv.exe
Strona 1 / 1