crooliq
(Crooliq)
8 Sierpień 2006 09:06
#1
Jak w temacie. Bardzo dlugo sie wszystko ładuje zanim bede mogl cos zrobic. Przegladalem loga ale w uruchamianiu chyba nic takiego nie siedzi, ale ja sie na tym nie znam wiec daje oddaje loga w dobre rece. Aha tak na marginesie dodam ze ciagle mam wira w32.Sality.I ktorego nie moge usunac (plik wmimgr32.dll)
Logfile of HijackThis v1.99.1 Scan saved at 10:56:47, on 2006-08-08 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\ewido anti-malware\ewidoctrl.exe C:\Program Files\MKS\Bin\mksmonsv.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\WINDOWS\mHotkey.exe C:\WINDOWS\CNYHKey.exe C:\WINDOWS\StopHid.exe C:\Program Files\Creative\Desktop Wireless\mouse_2k.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\Program Files\D-Tools\daemon.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\MSI\Core Center\CoreCenter.exe C:\Program Files\Gadu-Gadu\gg.exe C:\WINDOWS\TEMP\winaaxmgĄ.exe C:\WINDOWS\TEMP\winwthnhĄ.exe C:\Program Files\BitComet\BitComet.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Tomek\Moje dokumenty\Download\Instalki\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/firefox R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM…\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM…\Run: [ATICCC] “C:\Program Files\ATI Technologies\ATI.ACE\cli.exe” runtime O4 - HKLM…\Run: [CHotkey] mHotkey.exe O4 - HKLM…\Run: [CNYHKey] CNYHKey.exe O4 - HKLM…\Run: [stopHid] StopHid.exe O4 - HKLM…\Run: [CreativeMouse] C:\Program Files\Creative\Desktop Wireless\mouse_2k.exe O4 - HKLM…\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM…\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM…\Run: [unlockerAssistant] “C:\Program Files\Unlocker\UnlockerAssistant.exe” -H O4 - HKLM…\Run: [DAEMON Tools-1033] “C:\Program Files\D-Tools\daemon.exe” -lang 1033 O4 - HKLM…\Run: [DownloadAccelerator] “C:\Program Files\DAP\DAP.EXE” /STARTUP O4 - HKLM…\Run: [speedTouch USB Diagnostics] “C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe” /icon O4 - HKLM…\Run: [soundMan] SOUNDMAN.EXE O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray O4 - HKCU…\Run: [skype] “C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: CoreCenter.lnk = C:\Program Files\MSI\Core Center\CoreCenter.exe O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra ‘Tools’ menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O16 - DPF: {5A09E43F-A0A7-4ABF-AF80-11367CF1DC8F} (MainControl Class) - http://mks.com.pl/skaner/SkanerOnline.cab O17 - HKLM\System\CCS\Services\Tcpip…{07221A54-1D7D-4215-A199-3A61FCE3E660}: NameServer = 194.204.152.34 217.98.63.164 O17 - HKLM\System\CS2\Services\Tcpip…{07221A54-1D7D-4215-A199-3A61FCE3E660}: NameServer = 194.204.152.34 217.98.63.164 O17 - HKLM\System\CS3\Services\Tcpip…{07221A54-1D7D-4215-A199-3A61FCE3E660}: NameServer = 194.204.152.34 217.98.63.164 O23 - Service: ArcaBit NetMonitor (ABNetMon) - ArcaBit sp. z o.o. - C:\Program Files\MKS\Bin\NetMonSV.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: MkSUpdateInt - MkS Sp. z o. o. - C:\Program Files\MKS\bin\MkSUpdateInt.exe O23 - Service: MkS_Vir Monitor (MksVirMonSvc) - Unknown owner - C:\Program Files\MKS\Bin\mksmonsv.exe O23 - Service: MkS_Scan - Unknown owner - C:\Program Files\MKS\Bin\mks_scan.exe O23 - Service: Windows Update Manager (UpdateManager) - Unknown owner - C:\WINDOWS\update\updmgr.exe (file missing)
Z gory dzieki.
Myszak
(Myszonus)
8 Sierpień 2006 09:14
#2
Przeczyść katalog temp w trybie awaryjnym : start --> uruchom --> %TEMP% i wywal zawartość tego katalogu.
start --> uruchom --> cmd i wklep :
Start --> Uruchom --> Wpisz polecenie msconfig --> Zakładka Uruchamianie i odhacz twoim zdaniem niepotrzebne aplikacje.
crooliq
(Crooliq)
8 Sierpień 2006 09:37
#3
ok wyczyscilem tamte rzeczy. czasami w tempie mam full takich smiesznych execow, staram sie na bierzaco wywalac. Bo u mnie problem chyba lezy w takim programie CoreCenter (najogolniej mowiac wycisza kompa) i dopoki on sie nie wlaczy to troche system wisi, tyle co moge po folderach polazic. Sprobuje go przeinstalwoac. Dzieki za pomoc. na wszelki wypadek daje czystego loga
Logfile of HijackThis v1.99.1 Scan saved at 11:34:49, on 2006-08-08 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\MKS\Bin\NetMonSV.exe C:\Program Files\ewido anti-malware\ewidoctrl.exe C:\Program Files\MKS\Bin\mksmonsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\WINDOWS\mHotkey.exe C:\WINDOWS\CNYHKey.exe C:\WINDOWS\StopHid.exe C:\Program Files\Creative\Desktop Wireless\mouse_2k.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\Program Files\D-Tools\daemon.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe C:\Program Files\MSI\Core Center\CoreCenter.exe C:\Program Files\Gadu-Gadu\gg.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Tomek\Moje dokumenty\Download\Instalki\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/firefox R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM…\Run: [ATICCC] “C:\Program Files\ATI Technologies\ATI.ACE\cli.exe” runtime O4 - HKLM…\Run: [CHotkey] mHotkey.exe O4 - HKLM…\Run: [CNYHKey] CNYHKey.exe O4 - HKLM…\Run: [stopHid] StopHid.exe O4 - HKLM…\Run: [CreativeMouse] C:\Program Files\Creative\Desktop Wireless\mouse_2k.exe O4 - HKLM…\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM…\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM…\Run: [DAEMON Tools-1033] “C:\Program Files\D-Tools\daemon.exe” -lang 1033 O4 - HKLM…\Run: [soundMan] SOUNDMAN.EXE O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: CoreCenter.lnk = C:\Program Files\MSI\Core Center\CoreCenter.exe O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra ‘Tools’ menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O16 - DPF: {5A09E43F-A0A7-4ABF-AF80-11367CF1DC8F} (MainControl Class) - http://mks.com.pl/skaner/SkanerOnline.cab O17 - HKLM\System\CCS\Services\Tcpip…{07221A54-1D7D-4215-A199-3A61FCE3E660}: NameServer = 194.204.152.34 217.98.63.164 O17 - HKLM\System\CS2\Services\Tcpip…{07221A54-1D7D-4215-A199-3A61FCE3E660}: NameServer = 194.204.152.34 217.98.63.164 O17 - HKLM\System\CS3\Services\Tcpip…{07221A54-1D7D-4215-A199-3A61FCE3E660}: NameServer = 194.204.152.34 217.98.63.164 O17 - HKLM\System\CS5\Services\Tcpip…{07221A54-1D7D-4215-A199-3A61FCE3E660}: NameServer = 194.204.152.34 217.98.63.164 O23 - Service: ArcaBit NetMonitor (ABNetMon) - ArcaBit sp. z o.o. - C:\Program Files\MKS\Bin\NetMonSV.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: MkSUpdateInt - MkS Sp. z o. o. - C:\Program Files\MKS\bin\MkSUpdateInt.exe O23 - Service: MkS_Vir Monitor (MksVirMonSvc) - Unknown owner - C:\Program Files\MKS\Bin\mksmonsv.exe O23 - Service: MkS_Scan - Unknown owner - C:\Program Files\MKS\Bin\mks_scan.exe
crooliq
(Crooliq)
8 Sierpień 2006 10:19
#5
OK, dzieki za pomoc. Usune tamto przy okazji jak bede w awaryjnym niestety tamta aplikacja nadal sie tak dlugo uruchamia. Moze zrobie sobie nowy, czysty profil a ten wywale.
x-awier
(x-awier)
8 Sierpień 2006 10:23
#6
A zrobiłeś
:roll:
Poza tym poczytaj o Optymilizacji systemu
A tu dla bardziej zaawansowanych
crooliq
(Crooliq)
8 Sierpień 2006 10:28
#7
No w uruchamianiu mam mało rzeczy, dlatego mnie to tym bardziej dziwi. Poczytam