ania125
(Aniazielinska126)
12 Luty 2007 14:24
#1
mój poprzedni temat który wylondował w koszu trochę pomógł bo już nie 100% ale chcem sprawdzić czy jeszcze czegaś tam nie ma więc wklejam loga z HJT
Logfile of HijackThis v1.99.1 Scan saved at 15:12:07, on 2007-02-12 Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe C:\Program Files\cFosSpeed\spd.exe D:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe C:\Program Files\cFosSpeed\cFosSpeed.exe C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe D:\Program Files\TuneUp Utilities 2007\MemOptimizer.exe H:\Program Files\RocketDock\RocketDock.exe C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe C:\WINDOWS\System32\nvsvc32.exe D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\wbem\wmiapsrv.exe C:\Program Files\Mozilla Firefox\firefox.exe D:\Program Files\tlen.pl\tlen.exe D:\Program Files\Gadu-Gadu\gg.exe D:\Program Files\Gadu-Gadu\gg.exe C:\WINDOWS\System32\WScript.exe C:\Documents and Settings\Anka\Pulpit\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.bearshare.com/sidebar.html?src=ssb R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.windowsxlive.net R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = IE R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM…\Run: [Lexmark X1100 Series] “C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe” O4 - HKLM…\Run: [iSUSScheduler] “C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe” -start O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM…\Run: [nwiz] nwiz.exe /install O4 - HKLM…\Run: [kav] “D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe” O4 - HKLM…\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM…\Run: [cFosSpeed] C:\Program Files\cFosSpeed\cFosSpeed.exe O4 - HKCU…\Run: [TuneUp MemOptimizer] “D:\Program Files\TuneUp Utilities 2007\MemOptimizer.exe” autostart O4 - HKCU…\Run: [RocketDock] “H:\Program Files\RocketDock\RocketDock.exe” O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O8 - Extra context menu item: E&xport to Microsoft Excel - d:\program files\microsoft office\office\excel.exe O8 - Extra context menu item: Pobierz z &BitSpirit - D:\BitSpirit\bsurl.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Ochrona WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll O9 - Extra button: (no name) - {B46B0919-62BA-4D99-A5C4-916B57A6805C} - C:\WINDOWS\System32\shdocvw.dll O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - D:\Program Files\IrfanView\Ebay\Ebay.htm O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda … 1508436669 O18 - Protocol: wpmsg - {2E0AC5A0-3597-11D6-B3ED-0001021DC1C3} - D:\Program Files\Spik\url_wpmsg.dll O20 - Winlogon Notify: klogon - C:\WINDOWS\System32\klogon.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AshampooDefragService - - H:\Program Files\Ashampoo\Ashampoo Magical Defrag\bin\aDefragService.exe O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing) O23 - Service: cFosSpeed System Service (cFosSpeedS) - Unknown owner - C:\Program Files\cFosSpeed\spd.exe" -service (file missing) O23 - Service: Diskeeper - Diskeeper Corporation - D:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
i SR
“Silent Runners.vbs”, revision R50, http://www.silentrunners.org/ Operating System: Windows XP Output limited to non-default values, except where indicated by “{++}” Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “TuneUp MemOptimizer” = ““D:\Program Files\TuneUp Utilities 2007\MemOptimizer.exe” autostart” [“TuneUp Software GmbH”] “RocketDock” = ““H:\Program Files\RocketDock\RocketDock.exe”” [null data] HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “Lexmark X1100 Series” = ““C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe”” [“Lexmark International, Inc.”] “ISUSScheduler” = ““C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe” -start” [“InstallShield Software Corporation”] “NvCplDaemon” = “RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup” [MS] “nwiz” = “nwiz.exe /install” [“NVIDIA Corporation”] “kav” = ““D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe”” [“Kaspersky Lab”] “NeroFilterCheck” = “C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe” [“Nero AG”] “cFosSpeed” = “C:\Program Files\cFosSpeed\cFosSpeed.exe” [“cFos Software GmbH”] HKLM\Software\Microsoft\Active Setup\Installed Components\ >{881dd1c5-3dcf-431b-b061-f3f88e8be88a}(Default) = “Outlook Express” \StubPath = “C:\WINDOWS\system32\shmgrate.exe OCInstallUserConfigOE” [MS] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided) -> {HKLM…CLSID} = “AcroIEHlprObj Class” \InProcServer32(Default) = “D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll” [“Adobe Systems Incorporated”] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}(Default) = (no title provided) -> {HKLM…CLSID} = “SSVHelper Class” \InProcServer32(Default) = “C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll” [“Sun Microsystems, Inc.”] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ “{8D1636FD-CA49-4B4E-90E4-0A20E03A15E8}” = “jetAudio” -> {HKLM…CLSID} = “JetFlExt” \InProcServer32(Default) = “D:\Program Files\JetAudio\JetFlExt.dll” [“JetAudio, Inc.”] “{85E0B171-04FA-11D1-B7DA-00A0C90348D6}” = “Ochrona WWW” -> {HKLM…CLSID} = “Ochrona WWW” \InProcServer32(Default) = “D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll” [“Kaspersky Lab”] “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” = “WinRAR shell extension” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] “{32020A01-506E-484D-A2A8-BE3CF17601C3}” = “AlcoholShellEx” -> {HKLM…CLSID} = “AlcoholShellEx” \InProcServer32(Default) = “D:\PROGRA~1\ALCOHO~1\ALCOHO~1\axshlex.dll” [“Alcohol Soft Development Team”] “{44440D00-FF19-4AFC-B765-9A0970567D97}” = “TuneUp Theme Extension” -> {HKLM…CLSID} = “TuneUp Theme Extension” \InProcServer32(Default) = “C:\WINDOWS\system32\uxtuneup.dll” [“TuneUp Software GmbH”] “{B4B924A2-EBDA-11DA-95DA-00E08161165F}” = “Dodatki Spika” -> {HKLM…CLSID} = “SpikShellExt Class” \InProcServer32(Default) = “D:\Program Files\Spik\shellext_wpmsg.dll” [“Wirtualna Polska S.A.”] “{B327765E-D724-4347-8B16-78AE18552FC3}” = “NeroDigitalIconHandler” -> {HKLM…CLSID} = “NeroDigitalIconHandler Class” \InProcServer32(Default) = “C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll” [“Nero AG”] “{7F1CF152-04F8-453A-B34C-E609530A9DC8}” = “NeroDigitalPropSheetHandler” -> {HKLM…CLSID} = “NeroDigitalPropSheetHandler Class” \InProcServer32(Default) = “C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll” [“Nero AG”] “{BB7DF450-F119-11CD-8465-00AA00425D90}” = “Microsoft Access Custom Icon Handler” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “D:\Program Files\Microsoft Office\Office\soa800.dll” [MS] “{59850401-6664-101B-B21C-00AA004BA90B}” = “Microsoft Office Binder Explode” -> {HKLM…CLSID} = “Microsoft Office Binder Explode” \InProcServer32(Default) = “D:\Program Files\Microsoft Office\Office\UNBIND.DLL” [MS] “{4858E7D9-8E12-45a3-B6A3-1CD128C9D403}” = “TuneUp Shredder Shell Extension” -> {HKLM…CLSID} = “TuneUp Shredder Shell Extension” \InProcServer32(Default) = “D:\Program Files\TuneUp Utilities 2007\SDShelEx-win32.dll” [“TuneUp Software GmbH”] “{B8323370-FF27-11D2-97B6-204C4F4F5020}” = “SmartFTP Shell Extension DLL” -> {HKLM…CLSID} = “SmartFTP Shell Extension DLL” \InProcServer32(Default) = “C:\Program Files\SmartFTP Client 2.0\smarthook.dll” [“SmartFTP”] “{A155339D-CCCD-4714-85EB-3754B804C9DF}” = “a-squared Free Context Menu Shell Extension” -> {HKLM…CLSID} = “a-squared Free Context Menu” \InProcServer32(Default) = “H:\PROGRA~1\A-SQUA~1\A2FREE~1.DLL” [“Emsi Software GmbH”] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ <> klogon\DLLName = “C:\WINDOWS\System32\klogon.dll” [“Kaspersky Lab”] HKLM\Software\Classes\Folder\shellex\ColumnHandlers\ {7D4D6379-F301-4311-BEBA-E26EB0561882}(Default) = “NeroDigitalExt.NeroDigitalColumnHandler” -> {HKLM…CLSID} = “NeroDigitalColumnHandler Class” \InProcServer32(Default) = “C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll” [“Nero AG”] {F9DB5320-233E-11D1-9F84-707F02C10627}(Default) = “PDF Column Info” -> {HKLM…CLSID} = “PDF Shell Extension” \InProcServer32(Default) = “D:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll” [“Adobe Systems, Inc.”] HKLM\Software\Classes*\shellex\ContextMenuHandlers\ Kaspersky Anti-Virus(Default) = “{dd230880-495a-11d1-b064-008048ec2fc5}” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\shellex.dll” [“Kaspersky Lab”] Spik(Default) = “{B4B924A2-EBDA-11DA-95DA-00E08161165F}” -> {HKLM…CLSID} = “SpikShellExt Class” \InProcServer32(Default) = “D:\Program Files\Spik\shellext_wpmsg.dll” [“Wirtualna Polska S.A.”] TuneUp Shredder Shell Extension(Default) = “{4858E7D9-8E12-45a3-B6A3-1CD128C9D403}” -> {HKLM…CLSID} = “TuneUp Shredder Shell Extension” \InProcServer32(Default) = “D:\Program Files\TuneUp Utilities 2007\SDShelEx-win32.dll” [“TuneUp Software GmbH”] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ jetAudio(Default) = “{8D1636FD-CA49-4B4E-90E4-0A20E03A15E8}” -> {HKLM…CLSID} = “JetFlExt” \InProcServer32(Default) = “D:\Program Files\JetAudio\JetFlExt.dll” [“JetAudio, Inc.”] TuneUp Shredder Shell Extension(Default) = “{4858E7D9-8E12-45a3-B6A3-1CD128C9D403}” -> {HKLM…CLSID} = “TuneUp Shredder Shell Extension” \InProcServer32(Default) = “D:\Program Files\TuneUp Utilities 2007\SDShelEx-win32.dll” [“TuneUp Software GmbH”] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] {D7B7A5AE-9D19-4F9E-9C6F-46C82D22D71C}(Default) = “{D7B7A5AE-9D19-4F9E-9C6F-46C82D22D71C}” -> {HKLM…CLSID} = “Wyślij na Fotosik.pl” \InProcServer32(Default) = “D:\PROGRA~1\FOTOSI~1\FOTOSI~1.DLL” [null data] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ a2FreeContMenu(Default) = “{A155339D-CCCD-4714-85EB-3754B804C9DF}” -> {HKLM…CLSID} = “a-squared Free Context Menu” \InProcServer32(Default) = “H:\PROGRA~1\A-SQUA~1\A2FREE~1.DLL” [“Emsi Software GmbH”] jetAudio(Default) = “{8D1636FD-CA49-4B4E-90E4-0A20E03A15E8}” -> {HKLM…CLSID} = “JetFlExt” \InProcServer32(Default) = “D:\Program Files\JetAudio\JetFlExt.dll” [“JetAudio, Inc.”] Kaspersky Anti-Virus(Default) = “{dd230880-495a-11d1-b064-008048ec2fc5}” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\shellex.dll” [“Kaspersky Lab”] Spik(Default) = “{B4B924A2-EBDA-11DA-95DA-00E08161165F}” -> {HKLM…CLSID} = “SpikShellExt Class” \InProcServer32(Default) = “D:\Program Files\Spik\shellext_wpmsg.dll” [“Wirtualna Polska S.A.”] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] HKLM\Software\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\ a2FreeContMenu(Default) = “{A155339D-CCCD-4714-85EB-3754B804C9DF}” -> {HKLM…CLSID} = “a-squared Free Context Menu” \InProcServer32(Default) = “H:\PROGRA~1\A-SQUA~1\A2FREE~1.DLL” [“Emsi Software GmbH”] Default executables: -------------------- HKCU\Software\Classes\batfile\ HKCU\Software\Classes\cmdfile\ Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\ “NoRecentDocsHistory” = (REG_DWORD) hex:0x00000001 {unrecognized setting} “ClearRecentDocsOnExit” = (REG_DWORD) hex:0x00000000 {unrecognized setting} “NoSMBalloonTip” = (REG_DWORD) hex:0x00000000 {unrecognized setting} “NoSaveSettings” = (REG_DWORD) hex:0x00000000 {User Configuration|Administrative Templates|Desktop| Don’t save settings at exit} HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions\ “No_LaunchMediaBar” = (REG_DWORD) hex:0x00000001 {unrecognized setting}
a poza tym od mojego komputera jest szybszy ślimak i chce cos z tym zrobić
adam9870
(adam9870)
12 Luty 2007 14:34
#2
Usuń wpisy HJT.
Proponuję zainstalować dodatek Service Pack 2. Poprawia on bezpieczeństwo w systemie etc. Więcej na jego temat znajdziesz tutaj:
http://xp.net.pl/art/xpsp2.html
http://xp.net.pl/art/windowsxp_sp2.html
Zastosuj Unhookexec.inf . Prawy klawisz myszki na link => zapisz element docelowy jako => wskaż gdzie chcesz zapisać (np. na pulpit) => po pobraniu prawy klawisz myszki na plik => instaluj.
Kosmetyka:
Start => uruchom => msconfig => zakładka Uruchamianie => możesz odznaczyć w/w.
Start => programy => autostart => kasacja z prawokliku.
Czy sam ustawiałeś te restrykcje? Jeśli nie to usuń wpis HJT.
Dodatkowo możesz przejrzeć Optymalizacja i odchudzanie Windowsa XP .
System najbardziej spowalnia Ci Diskeeper dlatego proponowałbym pomyśleć o czymś innym jeśli chcesz przyśpieszyć działanie systemu.
ania125
(Aniazielinska126)
12 Luty 2007 15:09
#3
dzięki wielkie pomogło juz całkowicie na svchost’a.exe dzięki wielkie jeszcze raz, pozdro