Witam, bardzo proszę o sprawdzenie loga
Zdaje mi się, źe mam coś nie w porządku z kompem, zawiesza się ciągle, a net chodzi bardzo wolno..., ogólnie jest w kiepskiej kondycji...;)
Dlatego proszę o pomoc, poniźej zamieszczam wynik scanu z Hijaca.
Logfile of HijackThis v1.99.1
Scan saved at 20:36:53, on 2006–04–18
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Lexmark 3300 Series\lxccmon.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\lxcccoms.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Radeon Omega Drivers\v2.6.71\ATI Tray Tools\atitray.exe
C:\Program Files\Tlen.pl\tlen.exe
C:\Program Files\Shareaza\Shareaza.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\eMule\emule.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis.exe
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O4 – HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
O4 – HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 – HKLM\..\Run: [LXCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll,_RunDLLEntry@16
O4 – HKLM\..\Run: [lxccmon.exe] "C:\Program Files\Lexmark 3300 Series\lxccmon.exe"
O4 – HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 – HKLM\..\Run: [Intense Registry Service] IntEdReg.exe /CHECK
O4 – HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 – HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 – HKLM\..\Run: [MKS_MENU] C:\Program Files\MKS\Bin\mks_menu.exe
O4 – HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 – HKCU\..\Run: [AtiTrayTools] C:\Program Files\Radeon Omega Drivers\v2.6.71\ATI Tray Tools\atitray.exe
O4 – HKCU\..\Run: [Komunikator] C:\Program Files\Tlen.pl\tlen.exe
O4 – HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" –tray
O4 – HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 – HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe –AutoStart
O4 – Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 – Extra button: Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 – Extra 'Tools' menuitem: Windows Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – C:\Program Files\Messenger\msmsgs.exe (file missing)
O10 – Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 – Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 – Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 – Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 – Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 – Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 – Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 – Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 – Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 – Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 – Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 – Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 – Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 – Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 – Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O15 – Trusted Zone: http://www.mks.com.pl
O16 – DPF: {0EB0E74A–2A76–4AB3–A7FB–9BD8C29F7F75} (CKAVWebScan Object) – http://www.kaspersky.pl/resources/virusscanner/kavwebscan_unicode.cab
O16 – DPF: {8FCDF9D9–A28B–480F–8C3D–581F119A8AB8} – http://static.zangocash.com/cab/Seekmo/ie/bridge–c570.cab
O16 – DPF: {E7544C6C–CFD6–43EA–B4E9–360CEE20BDF7} (MainControl Class) – http://www.mks.com.pl/skaner/SkanerOnline.cab
O18 – Protocol: wpmsg – {2E0AC5A0–3597–11D6–B3ED–0001021DC1C3} – C:\Program Files\Spik\url_wpmsg.dll
O20 – Winlogon Notify: WgaLogon – WgaLogon.dll (file missing)
O23 – Service: avast! iAVS4 Control Service (aswUpdSv) – Unknown owner – C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 – Service: Ati HotKey Poller – ATI Technologies Inc. – C:\WINDOWS\system32\Ati2evxx.exe
O23 – Service: ATI Smart – Unknown owner – C:\WINDOWS\system32\ati2sgag.exe
O23 – Service: ATK Keyboard Service (ATKKeyboardService) – ASUSTeK COMPUTER INC. – C:\WINDOWS\ATKKBService.exe
O23 – Service: avast! Antivirus – Unknown owner – C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 – Service: avast! Mail Scanner – Unknown owner – C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 – Service: avast! Web Scanner – Unknown owner – C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 – Service: ERMLicSrv_ATL64 – Unknown owner – C:\WINDOWS\system32\ERM\6.4\ERMLicSrv_ATL64.exe
O23 – Service: ForceWare Intelligent Application Manager (IAM) – Unknown owner – C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 – Service: Forceware Web Interface (ForcewareWebInterface) – Unknown owner – C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" –k runservice (file missing)
O23 – Service: lxcc_device – Lexmark International, Inc. – C:\WINDOWS\system32\lxcccoms.exe
O23 – Service: ForceWare IP service (nSvcIp) – NVIDIA – C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 – Service: ForceWare user log service (nSvcLog) – NVIDIA – C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
Dlatego proszę o pomoc, poniźej zamieszczam wynik scanu z Hijaca.
Logfile of HijackThis v1.99.1
Scan saved at 20:36:53, on 2006–04–18
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Lexmark 3300 Series\lxccmon.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\lxcccoms.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Radeon Omega Drivers\v2.6.71\ATI Tray Tools\atitray.exe
C:\Program Files\Tlen.pl\tlen.exe
C:\Program Files\Shareaza\Shareaza.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\eMule\emule.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis.exe
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O4 – HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
O4 – HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 – HKLM\..\Run: [LXCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll,_RunDLLEntry@16
O4 – HKLM\..\Run: [lxccmon.exe] "C:\Program Files\Lexmark 3300 Series\lxccmon.exe"
O4 – HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 – HKLM\..\Run: [Intense Registry Service] IntEdReg.exe /CHECK
O4 – HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 – HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 – HKLM\..\Run: [MKS_MENU] C:\Program Files\MKS\Bin\mks_menu.exe
O4 – HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 – HKCU\..\Run: [AtiTrayTools] C:\Program Files\Radeon Omega Drivers\v2.6.71\ATI Tray Tools\atitray.exe
O4 – HKCU\..\Run: [Komunikator] C:\Program Files\Tlen.pl\tlen.exe
O4 – HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" –tray
O4 – HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 – HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe –AutoStart
O4 – Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 – Extra button: Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 – Extra 'Tools' menuitem: Windows Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – C:\Program Files\Messenger\msmsgs.exe (file missing)
O10 – Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 – Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 – Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 – Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 – Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 – Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 – Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 – Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 – Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 – Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 – Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 – Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 – Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 – Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 – Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O15 – Trusted Zone: http://www.mks.com.pl
O16 – DPF: {0EB0E74A–2A76–4AB3–A7FB–9BD8C29F7F75} (CKAVWebScan Object) – http://www.kaspersky.pl/resources/virusscanner/kavwebscan_unicode.cab
O16 – DPF: {8FCDF9D9–A28B–480F–8C3D–581F119A8AB8} – http://static.zangocash.com/cab/Seekmo/ie/bridge–c570.cab
O16 – DPF: {E7544C6C–CFD6–43EA–B4E9–360CEE20BDF7} (MainControl Class) – http://www.mks.com.pl/skaner/SkanerOnline.cab
O18 – Protocol: wpmsg – {2E0AC5A0–3597–11D6–B3ED–0001021DC1C3} – C:\Program Files\Spik\url_wpmsg.dll
O20 – Winlogon Notify: WgaLogon – WgaLogon.dll (file missing)
O23 – Service: avast! iAVS4 Control Service (aswUpdSv) – Unknown owner – C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 – Service: Ati HotKey Poller – ATI Technologies Inc. – C:\WINDOWS\system32\Ati2evxx.exe
O23 – Service: ATI Smart – Unknown owner – C:\WINDOWS\system32\ati2sgag.exe
O23 – Service: ATK Keyboard Service (ATKKeyboardService) – ASUSTeK COMPUTER INC. – C:\WINDOWS\ATKKBService.exe
O23 – Service: avast! Antivirus – Unknown owner – C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 – Service: avast! Mail Scanner – Unknown owner – C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 – Service: avast! Web Scanner – Unknown owner – C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 – Service: ERMLicSrv_ATL64 – Unknown owner – C:\WINDOWS\system32\ERM\6.4\ERMLicSrv_ATL64.exe
O23 – Service: ForceWare Intelligent Application Manager (IAM) – Unknown owner – C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 – Service: Forceware Web Interface (ForcewareWebInterface) – Unknown owner – C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" –k runservice (file missing)
O23 – Service: lxcc_device – Lexmark International, Inc. – C:\WINDOWS\system32\lxcccoms.exe
O23 – Service: ForceWare IP service (nSvcIp) – NVIDIA – C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 – Service: ForceWare user log service (nSvcLog) – NVIDIA – C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
Odpowiedzi: 3
Jestes pewny swego, czy tylko Ci sie wydaje ?rafales:
to co czerwone to wyszukać i wywalić
ja bym się przyjrzał lepiej temu:
O4 – HKLM\..\Run: [Intense Registry Service] IntEdReg.exe /CHECK
O16 – DPF: {8FCDF9D9–A28B–480F–8C3D–581F119A8AB8} – http://static.zangocash.com/cab/Seekmo/ie/bridge–c570.cab
O18 – Protocol: wpmsg – {2E0AC5A0–3597–11D6–B3ED–0001021DC1C3} – C:\Program Files\Spik\url_wpmsg.dll
O20 – Winlogon Notify: WgaLogon – WgaLogon.dll (file missing)
O23 – Service: ERMLicSrv_ATL64 – Unknown owner – C:\WINDOWS\system32\ERM\6.4\ERMLicSrv_ATL64.exe
wyłacz przywracanie
tryb awaryjny
log
zaznacz w/w
zafiksuj
to co czerwone to wyszukać i wywalić
O4 – HKLM\..\Run: [Intense Registry Service] IntEdReg.exe /CHECK
O16 – DPF: {8FCDF9D9–A28B–480F–8C3D–581F119A8AB8} – http://static.zangocash.com/cab/Seekmo/ie/bridge–c570.cab
O18 – Protocol: wpmsg – {2E0AC5A0–3597–11D6–B3ED–0001021DC1C3} – C:\Program Files\Spik\url_wpmsg.dll
O20 – Winlogon Notify: WgaLogon – WgaLogon.dll (file missing)
O23 – Service: ERMLicSrv_ATL64 – Unknown owner – C:\WINDOWS\system32\ERM\6.4\ERMLicSrv_ATL64.exe
wyłacz przywracanie
tryb awaryjny
log
zaznacz w/w
zafiksuj
to co czerwone to wyszukać i wywalić
powalcz chwilkę samemu http://forum.centrumxp.pl/viewtopic.php?t=37513
zmienił bym firewalla;miałem przypadek ,źe niby był włączony a niczego nie blokował
zmienił bym firewalla;miałem przypadek ,źe niby był włączony a niczego nie blokował
Strona 1 / 1