Prośba – sprawdzenie loga
Logfile of HijackThis v1.99.1
Scan saved at 21:21:38, on 2005–12–29
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)
Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
F:\WINDOWS\system32\spoolsv.exe
F:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
F:\Program Files\Alwil Software\Avast4\ashServ.exe
F:\WINDOWS\fwnet64.exe
F:\WINDOWS\runservice.exe
F:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
F:\WINDOWS\System32\nvsvc32.exe
F:\WINDOWS\System32\wlsass.exe
F:\Program Files\Alwil Software\Avast4\ashWebSv.exe
F:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
F:\WINDOWS\Explorer.EXE
F:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
F:\Program Files\Motherboard Monitor 5\MBM5.EXE
J:\daemon\daemon.exe
F:\Program Files\Winamp\winampa.exe
F:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
F:\WINDOWS\System32\ntx32.exe
F:\WINDOWS\System32\wlsass.exe
F:\WINDOWS\System32\ctfmon.exe
F:\Program Files\A4Tech\Mouse\Amoumain.exe
F:\Program Files\Opera\Opera.exe
F:\WINDOWS\system32\cmd.exe
J:\hijackthis\HijackThis.exe
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – F:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 – BHO: RXResultTracker Class – {59879FA4–4790–461c–A1CC–4EC4DE4CA483} – F:\PROGRA~1\RXTOOL~1\sfcont.dll (file missing)
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – F:\WINDOWS\System32\msdxm.ocx
O4 – HKLM\..\Run: [IMJPMIG8.1] F:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 – HKLM\..\Run: [MSPY2002] F:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 – HKLM\..\Run: [PHIME2002ASync] F:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 – HKLM\..\Run: [PHIME2002A] F:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 – HKLM\..\Run: [SunJavaUpdateSched] F:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 – HKLM\..\Run: [Zone Labs Client] F:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 – HKLM\..\Run: [MBM 5] "F:\Program Files\Motherboard Monitor 5\MBM5.EXE"
O4 – HKLM\..\Run: [DAEMON Tools–1033] "J:\daemon\daemon.exe" –lang 1033
O4 – HKLM\..\Run: [WinampAgent] F:\Program Files\Winamp\winampa.exe
O4 – HKLM\..\Run: [avast!] F:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 – HKLM\..\Run: [NeroFilterCheck] F:\WINDOWS\system32\NeroCheck.exe
O4 – HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 – HKLM\..\Run: [nwiz] nwiz.exe /install
O4 – HKLM\..\Run: [ntx32] F:\WINDOWS\System32\ntx32.exe
O4 – HKLM\..\Run: [wlsass] F:\WINDOWS\System32\wlsass.exe
O4 – HKLM\..\Run: [WheelMouse] F:\PROGRA~1\A4Tech\Mouse\Amoumain.exe
O4 – HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\System32\ctfmon.exe
O4 – HKCU\..\Run: [STYLEXP] F:\Program Files\TGTSoft\StyleXP\StyleXP.exe –Hide
O4 – HKCU\..\Run: [Konnekt] "j:\konekt\konnekt.exe" /autostart
O4 – Global Startup: Adobe Gamma Loader.lnk = F:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 – Global Startup: Adobe Reader Speed Launch.lnk = F:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – F:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 – Extra 'Tools' menuitem: Sun Java Console – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – F:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 – Extra button: Badanie – {92780B25–18CC–41C8–B9BE–3C9C571A8263} – F:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 – Extra button: eBay – Homepage – {EF79EAC5–3452–4E02–B8BD–BA4C89F1AC7A} – F:\Program Files\IrfanView\Ebay\Ebay.htm
O16 – DPF: {92ECE6FA–AC2E–4042–BFAE–0C8608E52A43} (SignActivX Control) – https://www.bph.pl/pi/components/SignActivX.cab
O18 – Filter: text/html – {2AB289AE–4B90–4281–B2AE–1F4BB034B647} – F:\PROGRA~1\RXTOOL~1\sfcont.dll
O23 – Service: avast! iAVS4 Control Service (aswUpdSv) – Unknown owner – F:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 – Service: avast! Antivirus – Unknown owner – F:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 – Service: avast! Mail Scanner – Unknown owner – F:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 – Service: avast! Web Scanner – Unknown owner – F:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 – Service: fwnet64 (fwnet) – Unknown owner – F:\WINDOWS\fwnet64.exe
O23 – Service: InstallDriver Table Manager (IDriverT) – Macrovision Corporation – F:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 – Service: LicCtrl Service (LicCtrlService) – Unknown owner – F:\WINDOWS\runservice.exe
O23 – Service: NVIDIA Driver Helper Service (NVSvc) – NVIDIA Corporation – F:\WINDOWS\System32\nvsvc32.exe
O23 – Service: StyleXPService – Unknown owner – F:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 – Service: TrueVector Internet Monitor (vsmon) – Zone Labs, LLC – F:\WINDOWS\system32\ZONELABS\vsmon.exe
Czasami komp sie sam resetuje.
Scan saved at 21:21:38, on 2005–12–29
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)
Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
F:\WINDOWS\system32\spoolsv.exe
F:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
F:\Program Files\Alwil Software\Avast4\ashServ.exe
F:\WINDOWS\fwnet64.exe
F:\WINDOWS\runservice.exe
F:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
F:\WINDOWS\System32\nvsvc32.exe
F:\WINDOWS\System32\wlsass.exe
F:\Program Files\Alwil Software\Avast4\ashWebSv.exe
F:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
F:\WINDOWS\Explorer.EXE
F:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
F:\Program Files\Motherboard Monitor 5\MBM5.EXE
J:\daemon\daemon.exe
F:\Program Files\Winamp\winampa.exe
F:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
F:\WINDOWS\System32\ntx32.exe
F:\WINDOWS\System32\wlsass.exe
F:\WINDOWS\System32\ctfmon.exe
F:\Program Files\A4Tech\Mouse\Amoumain.exe
F:\Program Files\Opera\Opera.exe
F:\WINDOWS\system32\cmd.exe
J:\hijackthis\HijackThis.exe
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – F:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 – BHO: RXResultTracker Class – {59879FA4–4790–461c–A1CC–4EC4DE4CA483} – F:\PROGRA~1\RXTOOL~1\sfcont.dll (file missing)
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – F:\WINDOWS\System32\msdxm.ocx
O4 – HKLM\..\Run: [IMJPMIG8.1] F:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 – HKLM\..\Run: [MSPY2002] F:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 – HKLM\..\Run: [PHIME2002ASync] F:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 – HKLM\..\Run: [PHIME2002A] F:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 – HKLM\..\Run: [SunJavaUpdateSched] F:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 – HKLM\..\Run: [Zone Labs Client] F:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 – HKLM\..\Run: [MBM 5] "F:\Program Files\Motherboard Monitor 5\MBM5.EXE"
O4 – HKLM\..\Run: [DAEMON Tools–1033] "J:\daemon\daemon.exe" –lang 1033
O4 – HKLM\..\Run: [WinampAgent] F:\Program Files\Winamp\winampa.exe
O4 – HKLM\..\Run: [avast!] F:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 – HKLM\..\Run: [NeroFilterCheck] F:\WINDOWS\system32\NeroCheck.exe
O4 – HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 – HKLM\..\Run: [nwiz] nwiz.exe /install
O4 – HKLM\..\Run: [ntx32] F:\WINDOWS\System32\ntx32.exe
O4 – HKLM\..\Run: [wlsass] F:\WINDOWS\System32\wlsass.exe
O4 – HKLM\..\Run: [WheelMouse] F:\PROGRA~1\A4Tech\Mouse\Amoumain.exe
O4 – HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\System32\ctfmon.exe
O4 – HKCU\..\Run: [STYLEXP] F:\Program Files\TGTSoft\StyleXP\StyleXP.exe –Hide
O4 – HKCU\..\Run: [Konnekt] "j:\konekt\konnekt.exe" /autostart
O4 – Global Startup: Adobe Gamma Loader.lnk = F:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 – Global Startup: Adobe Reader Speed Launch.lnk = F:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – F:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 – Extra 'Tools' menuitem: Sun Java Console – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – F:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 – Extra button: Badanie – {92780B25–18CC–41C8–B9BE–3C9C571A8263} – F:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 – Extra button: eBay – Homepage – {EF79EAC5–3452–4E02–B8BD–BA4C89F1AC7A} – F:\Program Files\IrfanView\Ebay\Ebay.htm
O16 – DPF: {92ECE6FA–AC2E–4042–BFAE–0C8608E52A43} (SignActivX Control) – https://www.bph.pl/pi/components/SignActivX.cab
O18 – Filter: text/html – {2AB289AE–4B90–4281–B2AE–1F4BB034B647} – F:\PROGRA~1\RXTOOL~1\sfcont.dll
O23 – Service: avast! iAVS4 Control Service (aswUpdSv) – Unknown owner – F:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 – Service: avast! Antivirus – Unknown owner – F:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 – Service: avast! Mail Scanner – Unknown owner – F:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 – Service: avast! Web Scanner – Unknown owner – F:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 – Service: fwnet64 (fwnet) – Unknown owner – F:\WINDOWS\fwnet64.exe
O23 – Service: InstallDriver Table Manager (IDriverT) – Macrovision Corporation – F:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 – Service: LicCtrl Service (LicCtrlService) – Unknown owner – F:\WINDOWS\runservice.exe
O23 – Service: NVIDIA Driver Helper Service (NVSvc) – NVIDIA Corporation – F:\WINDOWS\System32\nvsvc32.exe
O23 – Service: StyleXPService – Unknown owner – F:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 – Service: TrueVector Internet Monitor (vsmon) – Zone Labs, LLC – F:\WINDOWS\system32\ZONELABS\vsmon.exe
Czasami komp sie sam resetuje.
Odpowiedzi: 5
Nie mylisz plików? Jeśli usunąłeś w jakiś sposób lsass.exe (bez "w"), to faktycznie system mógł się pokaszanić.
a ten wlsass afair kiedyś usunąłem i mi system padł na amen :P
Te inne o między innymi:
BTW, mało informacji w necie o ntx32, znasz to?
F:\WINDOWS\fwnet64.exe
F:\WINDOWS\System32\wlsass.exe
F:\WINDOWS\System32\ntx32.exe
F:\WINDOWS\System32\wlsass.exe
04 – HKLM\..\Run: [ntx32] F:\WINDOWS\System32\ntx32.exe
O4 – HKLM\..\Run: [wlsass] F:\WINDOWS\System32\wlsass.exe
O23 – Service: fwnet64 (fwnet) – Unknown owner – F:\WINDOWS\fwnet64.exe
BTW, mało informacji w necie o ntx32, znasz to?
RXToolbar to adware, więc słusznie analizator pokazał "nasty". Inna sprawa, źe masz tam jeszcze nieco innych szkodników, jak EL NINO raczył zauwaźyć.
Kilka rzeczy które uznał za nasty lub unnessesary
O2 – BHO: RXResultTracker Class – {59879FA4–4790–461c–A1CC–4EC4DE4CA483} – F:\PROGRA~1\RXTOOL~1\sfcont.dll (file missing)
O18 – Filter: text/html – {2AB289AE–4B90–4281–B2AE–1F4BB034B647} – F:\PROGRA~1\RXTOOL~1\sfcont.dll
Oprócz tego oznaczył usługi avasta za niepotrzebne, nie wypisałem ich tu
Mogę się dowiedzieć co to są te rzeczy na górze? I czy moźna je usunąć
O16 – DPF: {92ECE6FA–AC2E–4042–BFAE–0C8608E52A43} (SignActivX Control) – https://www.bph.pl/pi/components/SignActivX.cab – Possibly nasty
O18 – Filter: text/html – {2AB289AE–4B90–4281–B2AE–1F4BB034B647} – F:\PROGRA~1\RXTOOL~1\sfcont.dll – Nasty
To mi wygląda na bank BPH (nr. 16) ale to drugie?
O2 – BHO: RXResultTracker Class – {59879FA4–4790–461c–A1CC–4EC4DE4CA483} – F:\PROGRA~1\RXTOOL~1\sfcont.dll (file missing)
O18 – Filter: text/html – {2AB289AE–4B90–4281–B2AE–1F4BB034B647} – F:\PROGRA~1\RXTOOL~1\sfcont.dll
Oprócz tego oznaczył usługi avasta za niepotrzebne, nie wypisałem ich tu
Mogę się dowiedzieć co to są te rzeczy na górze? I czy moźna je usunąć
O16 – DPF: {92ECE6FA–AC2E–4042–BFAE–0C8608E52A43} (SignActivX Control) – https://www.bph.pl/pi/components/SignActivX.cab – Possibly nasty
O18 – Filter: text/html – {2AB289AE–4B90–4281–B2AE–1F4BB034B647} – F:\PROGRA~1\RXTOOL~1\sfcont.dll – Nasty
To mi wygląda na bank BPH (nr. 16) ale to drugie?
Strona 1 / 1