XBiT utworzono 5 listopada 2007 utworzono 5 listopada 2007 Wklejam logi: HijackThis Logfile of HijackThis v1.99.1Scan saved at 20:19:01, on 2007-11-05Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\Program Użytkowe\Lavasoft\Ad-Aware 2007\aawservice.exeC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\MyPortal\Speed-X\SpeedX.exeC:\WINDOWS\system32\PnkBstrA.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Documents and Settings\Administrator\Pulpit\Nowy folder\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = ŁączaO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0 CE\Reader\ActiveX\AcroIEHelper.ocxO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dllO2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dllO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dllO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [nwiz] nwiz.exe /installO4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"O4 - HKCU\..\Run: [speedX] C:\PROGRA~1\MyPortal\Speed-X\SpeedX.exeO4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /trayO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dllO9 - Extra button: Statystyki dla ochrony WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dllO20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dllO20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dllO23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Użytkowe\Lavasoft\Ad-Aware 2007\aawservice.exeO23 - Service: Kaspersky Internet Security 7.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" -r (file missing)O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe No i Silent Runners "Silent Runners.vbs", revision 52, http://www.silentrunners.org/Operating System: Windows XP SP2Output limited to non-default values, except where indicated by "{++}"Startup items buried in registry:---------------------------------HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}"SpeedX" = "C:\PROGRA~1\MyPortal\Speed-X\SpeedX.exe" ["MyPortal.pl"]"Gadu-Gadu" = ""C:\Program Files\Gadu-Gadu\gg.exe" /tray" ["Gadu-Gadu S.A."]HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]"AVP" = ""C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"" ["Kaspersky Lab"]HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided) -> {HKLM...CLSID} = "AcroIEHlprObj Class" \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 5.0 CE\Reader\ActiveX\AcroIEHelper.ocx" [empty string]{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided) -> {HKLM...CLSID} = "SSVHelper Class" \InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll" ["Sun Microsystems, Inc."]{AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = (no title provided) -> {HKLM...CLSID} = "Google Toolbar Helper" \InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."]{E5A1691B-D188-4419-AD02-90002030B8EE}\(Default) = (no title provided) -> {HKLM...CLSID} = "FlashFXP Helper for Internet Explorer" \InProcServer32\(Default) = "C:\PROGRA~1\FlashFXP\IEFlash.dll" ["IniCom Networks, Inc."]HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania" -> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania" \InProcServer32\(Default) = "deskpan.dll" [file not found]"{3028902F-6374-48b2-8DC6-9725E775B926}" = "IE Microsoft AutoComplete" -> {HKLM...CLSID} = "IE Microsoft AutoComplete" \InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]"{EFA24E62-B078-11d0-89E4-00C04FC9E26E}" = "History Band" -> {HKLM...CLSID} = "History Band" \InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class" -> {HKLM...CLSID} = "DesktopContext Class" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper" -> {HKLM...CLSID} = "NVIDIA CPL Extension" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer" -> {HKLM...CLSID} = "Desktop Explorer" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu" -> {HKLM...CLSID} = "nView Desktop Context Menu" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Użytkowe\WinRAR\rarext.dll" [null data]"{85E0B171-04FA-11D1-B7DA-00A0C90348D6}" = "Statystyki dla ochrony WWW" -> {HKLM...CLSID} = "Statystyki dla ochrony WWW" \InProcServer32\(Default) = "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll" ["Kaspersky Lab"]HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\<<!>> "AppInit_DLLs" = "C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll" ["Kaspersky Lab"]HKLM\System\CurrentControlSet\Control\Session Manager\<<!>> "BootExecute" = "autocheck autochk *"|"lsdelete" [null data]HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\<<!>> klogon\DLLName = "C:\WINDOWS\system32\klogon.dll" ["Kaspersky Lab"]HKLM\Software\Classes\*\shellex\ContextMenuHandlers\Kaspersky Anti-Virus\(Default) = "{dd230880-495a-11d1-b064-008048ec2fc5}" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ShellEx.dll" ["Kaspersky Lab"]MyPhoneExplorer\(Default) = "{6863F1C7-E13A-481E-BF9C-5C8F01AF74E5}" -> {HKLM...CLSID} = "MyPhoneExplorer_ShellEx.ShellExt" \InProcServer32\(Default) = "C:\Program Files\MyPhoneExplorer\DLL\ShellMgr.dll" ["F.J. Wechselberger"]WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Użytkowe\WinRAR\rarext.dll" [null data]HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Użytkowe\WinRAR\rarext.dll" [null data]HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\Kaspersky Anti-Virus\(Default) = "{dd230880-495a-11d1-b064-008048ec2fc5}" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ShellEx.dll" ["Kaspersky Lab"]WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Użytkowe\WinRAR\rarext.dll" [null data]Group Policies {GPedit.msc branch and setting}:-----------------------------------------------Note: detected settings may not have any effect.HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\"NoSMHelp" = (REG_DWORD) hex:0x00000001{User Configuration|Administrative Templates|Start Menu and Taskbar|Remove Help menu from Start Menu}"NoSharedDocuments" = (REG_DWORD) hex:0x00000001{User Configuration|Administrative Templates|Windows Components|Windows Explorer|Remove Shared Documents from My Computer}"ClearRecentDocsOnExit" = (REG_DWORD) hex:0x00000001{unrecognized setting}"NoRecentDocsMenu" = (REG_DWORD) hex:0x00000001{unrecognized setting}"NoRecentDocsHistory" = (REG_DWORD) hex:0x00000001{unrecognized setting}"NoWindowsUpdate" = (REG_DWORD) hex:0x00000001{User Configuration|Administrative Templates|Start Menu and Taskbar|Remove links and access to Windows Update}"NoResolveTrack" = (REG_DWORD) hex:0x00000001{unrecognized setting}"LinkResolveIgnoreLinkInfo " = (REG_DWORD) hex:0x00000001{unrecognized setting}"NoLowDiskSpaceChecks" = (REG_DWORD) hex:0x00000001{unrecognized setting}"NoInstrumentation" = (REG_DWORD) hex:0x00000001{unrecognized setting}"NoSMMyDocs" = (REG_DWORD) hex:0x00000001{User Configuration|Administrative Templates|Start Menu and Taskbar|Remove Documents menu from Start Menu}"NoSMConfigurePrograms" = (REG_DWORD) hex:0x00000001{unrecognized setting}HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\"NoDesktopCleanupWizard" = (REG_DWORD) hex:0x00000001{unrecognized setting}"ForceClassicControlPanel" = (REG_DWORD) hex:0x00000001{unrecognized setting}HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|Shutdown: Allow system to be shut down without having to log on}"undockwithoutlogon" = (REG_DWORD) hex:0x00000001{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|Devices: Allow undock without having to log on}"DisableStatusMessages" = (REG_DWORD) hex:0x00000000{unrecognized setting}"VerboseStatus" = (REG_DWORD) hex:0x00000000{unrecognized setting}Active Desktop and Wallpaper:-----------------------------Active Desktop may be disabled at this entry:HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellStateDisplayed if Active Desktop enabled and wallpaper not set by Group Policy:HKCU\Software\Microsoft\Internet Explorer\Desktop\General\"Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"Displayed if Active Desktop disabled and wallpaper not set by Group Policy:HKCU\Control Panel\Desktop\"Wallpaper" = "C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"Enabled Screen Saver:---------------------HKCU\Control Panel\Desktop\"SCRNSAVE.EXE" = "C:\WINDOWS\system32\logon.scr" [MS]Winsock2 Service Provider DLLs:-------------------------------Namespace Service ProvidersHKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]Transport Service ProvidersHKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 11%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05Toolbars, Explorer Bars, Extensions:------------------------------------ToolbarsHKLM\Software\Microsoft\Internet Explorer\Toolbar\"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = (no title provided) -> {HKLM...CLSID} = "&Google" \InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."]Explorer BarsHKLM\Software\Microsoft\Internet Explorer\Explorer Bars\HKLM\Software\Classes\CLSID\{85E0B171-04FA-11D1-B7DA-00A0C90348D6}\(Default) = "Statystyki dla ochrony WWW"Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]InProcServer32\(Default) = "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll" ["Kaspersky Lab"]Extensions (Tools menu items, main toolbar menu buttons)HKLM\Software\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\"MenuText" = "Sun Java Console""CLSIDExtension" = "{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}" -> {HKCU...CLSID} = "Java Plug-in 1.6.0_03" \InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll" ["Sun Microsystems, Inc."] -> {HKLM...CLSID} = "Java Plug-in 1.6.0_03" \InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll" ["Sun Microsystems, Inc."]{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E}\"ButtonText" = "Statystyki dla ochrony WWW"Running Services (Display Name, Service Name, Path {Service DLL}):------------------------------------------------------------------Ad-Aware 2007 Service, aawservice, ""C:\Program Użytkowe\Lavasoft\Ad-Aware 2007\aawservice.exe"" ["Lavasoft AB"]PnkBstrA, PnkBstrA, "C:\WINDOWS\system32\PnkBstrA.exe" [null data]Print Monitors:---------------HKLM\System\CurrentControlSet\Control\Print\Monitors\BJ Language Monitor\Driver = "cnbjmon.dll" [file not found]PJL Language Monitor\Driver = "pjlmon.dll" [file not found]---------- (launch time: 2007-11-05 20:21:30)<<!>>: Suspicious data at a malware launch point.+ This report excludes default entries except where indicated.+ To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter.+ The search for DESKTOP.INI DLL launch points on all local fixed drives took 15 seconds.---------- (total run time: -575 seconds) Proszę o sprawdzenie
agresja komentarz 5 listopada 2007 komentarz 5 listopada 2007 Log z HijackThis jest czysty ,szukaj przyczyny gdzie indziej
GoBi komentarz 6 listopada 2007 komentarz 6 listopada 2007 Tez jest ok.. Widze że masz dużo aplikacji powłanczanych. Spróbuj przed otwarciem gry pozamykać wszystkie niepotrzebne programy. Zajrzyj do tematu Optymalizacja ustawień Windowsa XP bo z czasem system jak wiadomo bedzie sie zamulał niepotrzebnymi plikami itd. Ale warto jeśli Ci bardzo muli sprawdzić temp. sprzętu - Ale to juz nie moja brocha
XBiT komentarz 8 listopada 2007 Autor komentarz 8 listopada 2007 Ze startem systemu uruchamia mi się tylko GG, Kasperky, Speed-X (nic nie zamula) i coś od sterów z NVidii... ps. Wyłączałem. I nic
wojtek-pl1 komentarz 9 listopada 2007 komentarz 9 listopada 2007 przeczyść pc i rejestr CCleanerem. Wejdź w uruchom wpisz msconfig zakładka uruchamianie wyłącz niepotrzebne pliki. Jak nie pomoże to jeszcze odpowiem.
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.