Logi do przejzenia – spowolniony komputer
Witam ostatnimi czasu komputer bardzo mi spowolnil nie wiem dlaczego wklejam logi z HijackThisa moze ktos tam sie dopatrzy jakiegos intruza :)
2gh, 256 ram, winxp sp2
Logfile of HijackThis v1.99.1
Scan saved at 16:41:38, on 2005–08–18
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Razer\razerhid.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Razer\razertra.exe
C:\Program Files\Razer\razerofa.exe
C:\Program Files\Gadu–Gadu\gg.exe
C:\PROGRA~1\Java\JRE15~1.0_0\bin\javaw.exe
C:\Program Files\BitComet\BitComet.exe
C:\WINDOWS\system32\NOTEPAD.EXE
D:\NET\DC\ANTIDOTA\HajackThis\HijackThis.exe
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 – URLSearchHook: (no name) – {CFBFAEA6–B9D4–11D0–9C78–00C04FD64497} – (no file)
O2 – BHO: IDM Helper – {0055C089–8582–441B–A0BF–17B458C2A3A8} – C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 – HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 – HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 – HKLM\..\Run: [Outpost Firewall] C:\Program Files\Agnitum\Outpost Firewall\outpost.exe /waitservice
O4 – HKLM\..\Run: [razer] C:\Program Files\Razer\razerhid.exe
O4 – HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O8 – Extra context menu item: Download All Links with IDM – C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 – Extra context menu item: Download with IDM – C:\Program Files\Internet Download Manager\IEExt.htm
O8 – Extra context menu item: E&ksport do programu Microsoft Excel – res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 – Extra 'Tools' menuitem: Sun Java Console – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 – Extra button: Ustawienia przeglądarki – {44627E97–789B–40d4–B5C2–58BD171129A1} – C:\Program Files\Agnitum\Outpost Firewall\Plugins\BrowserBar\ie_bar.dll
O9 – Extra button: Badanie – {92780B25–18CC–41C8–B9BE–3C9C571A8263} – C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O13 – DefaultPrefix:
O13 – WWW Prefix:
O13 – Home Prefix:
O13 – Mosaic Prefix:
O13 – FTP Prefix:
O13 – Gopher Prefix:
O20 – AppInit_DLLs: C:\PROGRA~1\Agnitum\OUTPOS~1\wl_hook.dll
O23 – Service: LexBce Server (LexBceS) – Lexmark International, Inc. – C:\WINDOWS\system32\LEXBCES.EXE
O23 – Service: NOD32 Kernel Service (NOD32krn) – Eset – C:\Program Files\Eset\nod32krn.exe
O23 – Service: NVIDIA Driver Helper Service (NVSvc) – NVIDIA Corporation – C:\WINDOWS\system32\nvsvc32.exe
O23 – Service: Outpost Firewall Service (OutpostFirewall) – Agnitum Ltd. – C:\PROGRA~1\Agnitum\OUTPOS~1\outpost.exe
O23 – Service: Remote Administrator Service (r_server) – Unknown owner – C:\WINDOWS\system32\r_server.exe" /service (file missing)
2gh, 256 ram, winxp sp2
Logfile of HijackThis v1.99.1
Scan saved at 16:41:38, on 2005–08–18
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Razer\razerhid.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Razer\razertra.exe
C:\Program Files\Razer\razerofa.exe
C:\Program Files\Gadu–Gadu\gg.exe
C:\PROGRA~1\Java\JRE15~1.0_0\bin\javaw.exe
C:\Program Files\BitComet\BitComet.exe
C:\WINDOWS\system32\NOTEPAD.EXE
D:\NET\DC\ANTIDOTA\HajackThis\HijackThis.exe
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 – URLSearchHook: (no name) – {CFBFAEA6–B9D4–11D0–9C78–00C04FD64497} – (no file)
O2 – BHO: IDM Helper – {0055C089–8582–441B–A0BF–17B458C2A3A8} – C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 – HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 – HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 – HKLM\..\Run: [Outpost Firewall] C:\Program Files\Agnitum\Outpost Firewall\outpost.exe /waitservice
O4 – HKLM\..\Run: [razer] C:\Program Files\Razer\razerhid.exe
O4 – HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O8 – Extra context menu item: Download All Links with IDM – C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 – Extra context menu item: Download with IDM – C:\Program Files\Internet Download Manager\IEExt.htm
O8 – Extra context menu item: E&ksport do programu Microsoft Excel – res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 – Extra 'Tools' menuitem: Sun Java Console – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 – Extra button: Ustawienia przeglądarki – {44627E97–789B–40d4–B5C2–58BD171129A1} – C:\Program Files\Agnitum\Outpost Firewall\Plugins\BrowserBar\ie_bar.dll
O9 – Extra button: Badanie – {92780B25–18CC–41C8–B9BE–3C9C571A8263} – C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O13 – DefaultPrefix:
O13 – WWW Prefix:
O13 – Home Prefix:
O13 – Mosaic Prefix:
O13 – FTP Prefix:
O13 – Gopher Prefix:
O20 – AppInit_DLLs: C:\PROGRA~1\Agnitum\OUTPOS~1\wl_hook.dll
O23 – Service: LexBce Server (LexBceS) – Lexmark International, Inc. – C:\WINDOWS\system32\LEXBCES.EXE
O23 – Service: NOD32 Kernel Service (NOD32krn) – Eset – C:\Program Files\Eset\nod32krn.exe
O23 – Service: NVIDIA Driver Helper Service (NVSvc) – NVIDIA Corporation – C:\WINDOWS\system32\nvsvc32.exe
O23 – Service: Outpost Firewall Service (OutpostFirewall) – Agnitum Ltd. – C:\PROGRA~1\Agnitum\OUTPOS~1\outpost.exe
O23 – Service: Remote Administrator Service (r_server) – Unknown owner – C:\WINDOWS\system32\r_server.exe" /service (file missing)
Odpowiedzi: 2
jak te logi na czerwono usunac i czy ten log na dole jest bezpieczny ?
http://forum.centrumxp.pl/viewtopic.php?t=37513
Pare szkodników jest :)
Pare szkodników jest :)
Strona 1 / 1