Przem_18
(Przem_18_)
10 Maj 2007 12:54
#1
Witam. Bardzo proszę o sprawdzenie poniższego Loga. Pojawiły sie nastepujące problemy: spadek szybkości pracy (zacinanie się), nie mozna uruchomic Internet Exp(chociaz np.GG chodzi, komp zamula, wyskakują popupy, mozna wejsc w Moj Komputer tylko w trybie awaryjnym itp. System zostal przeskanowany Avastem, ktory znalazl parę wirusów i je usunął (nie przeniosło to większych efektów) Skanowanie programem HitMan Pro - podobnie
Logfile of HijackThis v1.99.1 Scan saved at 19:48:18, on 2007-05-09 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\WINZIP\winzip32.exe C:\Documents and Settings\Arek\Ustawienia lokalne\Temp\HijackThis.exe R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: (no name) - {00000026-8735-428D-B81F-DD098223B25F} - (no file) O2 - BHO: (no name) - {00000250-0320-4dd4-be4f-7566d2314352} - (no file) O2 - BHO: (no name) - {000006b1-19b5-414a-849f-2a3c64ae6939} - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file) O2 - BHO: (no name) - {30000273-8230-4dd4-be4f-6889d1e74167} - (no file) O2 - BHO: (no name) - {4e1075f4-eec4-4a86-add7-cd5f52858c31} - (no file) O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {53C330D6-A4AB-419B-B45D-FD4411C1FEF4} - (no file) O2 - BHO: (no name) - {5929cd6e-2062-44a4-b2c5-2c7e78fbab38} - (no file) O2 - BHO: (no name) - {5dafd089-24b1-4c5e-bd42-8ca72550717b} - (no file) O2 - BHO: (no name) - {5fa6752a-c4a0-4222-88c2-928ae5ab4966} - (no file) O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file) O2 - BHO: (no name) - {73364D99-1240-4dff-B12A-67E448373148} - C:\WINDOWS\System32\ipv6mons.dll O2 - BHO: msdn_lib.msdn_hlp - {7C2F2C76-1489-450D-B8FB-0B9692D788F9} - C:\WINDOWS\System32\msdn_lib.dll O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file) O2 - BHO: (no name) - {965a592f-8efa-4250-8630-7960230792f1} - (no file) O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file) O2 - BHO: (no name) - {bb936323-19fa-4521-ba29-eca6a121bc78} - (no file) O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file) O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file) O2 - BHO: (no name) - {fc3a74e5-f281-4f10-ae1e-733078684f3c} - (no file) O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM…\Run: [PestPatrol Control Center] C:\PROGRA~1\PESTPA~1\PPControl.exe O4 - HKLM…\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe O4 - HKLM…\Run: [dmxze.exe] C:\WINDOWS\System32\dmxze.exe O4 - HKLM…\Run: [AVPDWIN] “C:\Program Files\Panda Software\Panda Demo\pandasft.exe” O4 - HKLM…\Run: [TkBellExe] “C:\Program Files\Common Files\Real\Update_OB\realsched.exe” -osboot O4 - HKLM…\Run: [updReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM…\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM…\Run: [Zone Labs Client] “C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe” O4 - HKLM…\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM…\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime O4 - HKLM…\Run: [uvnx] c:\windows\system32\uvnx.exe O4 - HKLM…\Run: [system] C:\WINDOWS\System32\kernels32.exe O4 - HKLM…\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll O9 - Extra ‘Tools’ menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing) O9 - Extra ‘Tools’ menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing) O16 - DPF: komentator - http://sport.onet.pl/komentator.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftup … 0885988713 O16 - DPF: {6BEA1C48-1850-486C-8F58-C7354BA3165E} (Install Class) - http://updates.lifescapeinc.com/install … nstall.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup … 0885965970 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/s … wflash.cab O17 - HKLM\System\CCS\Services\Tcpip…{0BD767F7-DB39-4C4D-B31E-59EEE9773F97}: NameServer = 85.255.116.158,85.255.112.181 O17 - HKLM\System\CCS\Services\Tcpip…{56F2FE94-0C95-4358-B4F2-B0D3201C11A9}: NameServer = 85.255.116.158,85.255.112.181 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.158 85.255.112.181 O17 - HKLM\System\CS1\Services\Tcpip…{0BD767F7-DB39-4C4D-B31E-59EEE9773F97}: NameServer = 85.255.116.158,85.255.112.181 O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.116.158 85.255.112.181 O17 - HKLM\System\CS2\Services\Tcpip…{0BD767F7-DB39-4C4D-B31E-59EEE9773F97}: NameServer = 85.255.116.158,85.255.112.181 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.158 85.255.112.181 O20 - AppInit_DLLs: C:\WINDOWS\System32\htmliwoiw.dll O20 - Winlogon Notify: rpcc - C:\WINDOWS\System32\rpcc.dll O20 - Winlogon Notify: wsmsag - wsmsag.dll (file missing) O23 - Service: A-Load - Unknown owner - C:\WINDOWS\services.exe (file missing) O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Sansa Updater Service (SansaService) - Unknown owner - C:\Program Files\SanDisk\Sansa Updater\SansaSvr.exe (file missing) O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe O23 - Service: Windows Management Service - Unknown owner - C:\WINDOWS\System32\dmpgj.exe
sdar
(sdar)
10 Maj 2007 12:56
#2
Przem_18_ Wszystkie logi umieszczane na forum powinny być obejmowane tagami
Wyłącz Pande i po problemie.
Gutek
(Gutek)
10 Maj 2007 14:33
#4
lepiej się nie wypowaiadaj :evil:
O2 - BHO: (no name) - {00000026-8735-428D-B81F-DD098223B25F} - (no file) O2 - BHO: (no name) - {00000250-0320-4dd4-be4f-7566d2314352} - (no file) O2 - BHO: (no name) - {000006b1-19b5-414a-849f-2a3c64ae6939} - (no file) O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file) O2 - BHO: (no name) - {30000273-8230-4dd4-be4f-6889d1e74167} - (no file) O2 - BHO: (no name) - {4e1075f4-eec4-4a86-add7-cd5f52858c31} - (no file) O2 - BHO: (no name) - {53C330D6-A4AB-419B-B45D-FD4411C1FEF4} - (no file) O2 - BHO: (no name) - {5929cd6e-2062-44a4-b2c5-2c7e78fbab38} - (no file) O2 - BHO: (no name) - {5dafd089-24b1-4c5e-bd42-8ca72550717b} - (no file) O2 - BHO: (no name) - {5fa6752a-c4a0-4222-88c2-928ae5ab4966} - (no file) O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file) O2 - BHO: (no name) - {73364D99-1240-4dff-B12A-67E448373148} - C:\WINDOWS\System32\ipv6mons.dll O2 - BHO: msdn_lib.msdn_hlp - {7C2F2C76-1489-450D-B8FB-0B9692D788F9} - C:\WINDOWS\System32\msdn_lib.dll O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file) O2 - BHO: (no name) - {965a592f-8efa-4250-8630-7960230792f1} - (no file) O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file) O2 - BHO: (no name) - {bb936323-19fa-4521-ba29-eca6a121bc78} - (no file) O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file) O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file) O2 - BHO: (no name) - {fc3a74e5-f281-4f10-ae1e-733078684f3c} - (no file) O4 - HKLM…\Run: [dmxze.exe] C:\WINDOWS\System32\dmxze.exe O4 - HKLM…\Run: [uvnx] c:\windows\system32\uvnx.exe O4 - HKLM…\Run: [system] C:\WINDOWS\System32\kernels32.exe O17 - HKLM\System\CCS\Services\Tcpip…{0BD767F7-DB39-4C4D-B31E-59EEE9773F97}: NameServer = 85.255.116.158,85.255.112.181 O17 - HKLM\System\CCS\Services\Tcpip…{56F2FE94-0C95-4358-B4F2-B0D3201C11A9}: NameServer = 85.255.116.158,85.255.112.181 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.158 85.255.112.181 O17 - HKLM\System\CS1\Services\Tcpip…{0BD767F7-DB39-4C4D-B31E-59EEE9773F97}: NameServer = 85.255.116.158,85.255.112.181 O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.116.158 85.255.112.181 O17 - HKLM\System\CS2\Services\Tcpip…{0BD767F7-DB39-4C4D-B31E-59EEE9773F97}: NameServer = 85.255.116.158,85.255.112.181 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.158 85.255.112.181 O20 - AppInit_DLLs: C:\WINDOWS\System32\htmliwoiw.dll O20 - Winlogon Notify: rpcc - C:\WINDOWS\System32\rpcc.dll O20 - Winlogon Notify: wsmsag - wsmsag.dll (file missing) O23 - Service: A-Load - Unknown owner - C:\WINDOWS\services.exe (file missing) O23 - Service: Windows Management Service - Unknown owner - C:\WINDOWS\System32\dmpgj.exe
Start >>> Uruchom >>> services.msc >>> zatrzymaj i wyłącz Windows Management Service
Wyłączyć Przywracanie systemu w XP.
Zastartować do trybu awaryjnego bez internetu.
Zaznaczyć wskazane wpisy w Hijacku i kliknąć Fix checked. Wpisy zostaną usunięte.
Skasować z dysku pliki i foldery, które podkreśliłem na czerwono
Dokończyć skanerami online - Skanery do wyboru
Pokazać nowe logi z HJT + Silent