ple91
(Ple91)
24 Styczeń 2006 10:15
#1
Od pewnego czasu (ok. miesiąca) po uruchomieniu windowsa bardzo długo czekam, zanim mogę działać.(np. gdy otwieram folder i muszę czekać ok. minuty aż się otworzy, (po jakimś casie jest już normalnie)).
Logfile of HijackThis v1.99.1 Scan saved at 11:12:14, on 2006-01-24 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\SYSTEM32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\cisvc.exe C:\Program Files\CPUCooL\CooLSrv.exe C:\WINDOWS\system32\drivers\crauto.exe C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe C:\WINDOWS\system32\drivers\IMountSRV.exe C:\Program Files\MKS\Bin\mksmonsv.exe C:\WINDOWS\system32\oodag.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\WINDOWS\System32\wbem\wmiapsrv.exe C:\Program Files\MKS\Bin\mks_scan.exe C:\WINDOWS\system32\ntvdm.exe C:\Program Files\Java\jre1.5.0\bin\jusched.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\MKS\Bin\mks_menu.exe C:\Program Files\MKS\Bin\ABregmon.exe C:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\NetMeter\NetMeter.exe C:\Program Files\ScannerU\AM32.exe C:\Program Files\D-Link AirPlus\AirPlus.exe C:\Program Files\DoubleDesktop\dd.exe C:\Program Files\Labtec Wireless Desktop\MulMouse.exe C:\Program Files\Labtec Wireless Desktop\MagicKey.exe C:\Program Files\Gadu-Gadu\gg.exe C:\Program Files\Microsoft Office\Office\1045\OLFSNT40.EXE C:\WINDOWS\SYSTEM32\cidaemon.exe C:\Program Files\Opera\Opera.exe C:\Program Files\Adobe\Photoshop 7.0 CE\Photoshop.exe C:\DOCUME~1\123\USTAWI~1\Temp\Rar$EX00.234\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - Default URLSearchHook is missing F3 - REG:win.ini: load=c:\progra~1\programy\YDPDict\watch.exe F2 - REG:system.ini: UserInit=C:\WINDOWS\svchost32.exe,C:\WINDOWS\system32\userinit.exe, O2 - BHO: Local Spool support DLL - {00C9D850-244D-10E1-B3C9-10805E499D95} - C:\WINDOWS\system32\lclsplnt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: URLLink - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet7_14.dll O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\Program Files\FlashGet\jccatch.dll O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll O4 - HKLM…\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM…\Run: [inCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe O4 - HKLM…\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime O4 - HKLM…\Run: [DAEMON Tools-1033] “C:\Program Files\D-Tools\daemon.exe” -lang 1045 O4 - HKLM…\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe O4 - HKLM…\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,ClientStartup -s O4 - HKLM…\Run: [DiskeeperSystray] “C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe” O4 - HKLM…\Run: [MKS_MENU] C:\Program Files\MKS\Bin\mks_menu.exe O4 - HKLM…\Run: [ABREGMON] C:\Program Files\MKS\Bin\ABregmon.exe O4 - HKLM…\Run: [DAEMON Tools] “C:\Program Files\DAEMON Tools\daemon.exe” -lang 1045 O4 - HKCU…\Run: [Dzieńdobry!] C:\Program Files\VSD Software\Dzieńdobry!\dziendobry.exe /auto O4 - HKCU…\Run: [ATI Launchpad] C:\Program Files\ATI Multimedia\main\launchpd.exe O4 - HKCU…\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EXE O4 - HKCU…\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] “C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe” O4 - HKCU…\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU…\Run: [Microsoft iexplore] explorer.exe O4 - HKCU…\Run: [C] C:\Program Files\NetMeter\NetMeter.exe O4 - Startup: PowerGG.lnk = C:\Program Files\Gadu-Gadu\PowerGG.exe O4 - Startup: PowerReg Scheduler.exe O4 - Global Startup: Action Manager 32.lnk = C:\Program Files\ScannerU\AM32.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: D-Link AirPlus.lnk = ? O4 - Global Startup: DoubleDesktop.lnk = C:\Program Files\DoubleDesktop\dd.exe O4 - Global Startup: Enable Labtec Wireless Desktop.lnk = C:\Program Files\Labtec Wireless Desktop\MulMouse.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: PowerGG.lnk = C:\Program Files\Gadu-Gadu\PowerGG.exe O4 - Global Startup: Screenshot Pilot.lnk = C:\Program Files\Screenshot Pilot\ScrPlt.exe O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1045\OLFSNT40.EXE O8 - Extra context menu item: Ściągnij przy pomocy FlashGet’a - C:\Program Files\FlashGet\jc_link.htm O8 - Extra context menu item: Ściągnij wszystko przy pomocy FlashGet’a - C:\Program Files\FlashGet\jc_all.htm O9 - Extra button: Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Program Files\VisualRoute\vrie.dll O9 - Extra ‘Tools’ menuitem: VisualRoute Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Program Files\VisualRoute\vrie.dll O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe O9 - Extra ‘Tools’ menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O12 - Plugin for .exe: C:\Program Files\Opera75\PLUGINS\NPFgc1.dll O12 - Plugin for .rar: C:\Program Files\Opera\PLUGINS\NPFgc1.dll O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O12 - Plugin for .zip: C:\Program Files\Opera\PLUGINS\NPFgc1.dll O12 - Plugin for H÷: C:\Program Files\Opera\PLUGINS\NPFgc1.dll O12 - Plugin for ôĺ: C:\Program Files\Opera\PLUGINS\NPFgc1.dll O16 - DPF: WebControlDeploy - http://grouper.com/v1/GrouperSetup.cab O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/ … 1.0.69.cab O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} - http://skaner.mks.com.pl/SkanerOnline.cab O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: CPUCooLServer Service (CPUCooLServer) - Unknown owner - C:\Program Files\CPUCooL\CooLSrv.exe O23 - Service: crauto - Unknown owner - C:\WINDOWS\system32\drivers\crauto.exe O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: IMountSRV - Unknown owner - C:\WINDOWS\system32\drivers\IMountSRV.exe O23 - Service: MkSUpdateInt - MkS Sp. z o. o. - C:\Program Files\MKS\bin\MkSUpdateInt.exe O23 - Service: MkS_Vir Monitor (MksVirMonSvc) - Unknown owner - C:\Program Files\MKS\Bin\mksmonsv.exe O23 - Service: MkS_Scan - Unknown owner - C:\Program Files\MKS\Bin\mks_scan.exe O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe O23 - Service: PMounter - Unknown owner - C:\WINDOWS\system32\PMounter.exe O23 - Service: RadClock - Unknown owner - C:\WINDOWS\system32\RadClock.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing) O23 - Service: Steganos Live Encryption Engine (Version 503) [service] (SLEE_503_SERVICE) - Unknown owner - C:\WINDOWS\System32\SLEE503.exe (file missing) O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
Gutek
(Gutek)
24 Styczeń 2006 10:28
#2
R3 - Default URLSearchHook is missing F2 - REG:system.ini: UserInit=C:\WINDOWS\svchost32.exe,C:\WINDOWS\system32\userinit.exe, O2 - BHO: Local Spool support DLL - {00C9D850-244D-10E1-B3C9-10805E499D95} - C:\WINDOWS\system32\lclsplnt.dll O2 - BHO: URLLink - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet7_14.dll O4 - HKLM…\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,ClientStartup -s O4 - HKCU…\Run: [Microsoft iexplore] explorer.exe O4 - Startup: PowerReg Scheduler.exe
Wyłączyć Przywracanie systemu w XP TU
Zastartować do trybu awaryjnego bez internetu(opis w linku wyżej).
Zaznaczyć wskazane wpisy w Hijacku i kliknąć Fix checked. Wpisy zostaną usunięte.
Skasować z dysku pliki i folder, które podkreśliłem na czerwono
Dokończyć skanerami online - Scanery do wyboru
Pokazać nowy log
Odpal LSP-Fix zaznacz “I know what I’m doing” następnie w okienku Keep zaznacz plik newdotnet7_14.dll i za pomocą strzałki (>>) przenieś go do okienka Remover i kliknij Finish
Gutek
(Gutek)
24 Styczeń 2006 11:21
#4
Jest Ok pomijam zbedniki w autostarcie
ple91
(Ple91)
24 Styczeń 2006 12:11
#5
Autostartem już się zająłem.
Dzięki za sprawdzenie mojego loga.