Nagle spowolnienie,100 % CPU zuzycie, logi do sprawdzenia

gustek · 26 Kwiecień 2007 08:55

Witam,

Walcze z problemem od wczoraj i musialem sie niestety poddac. Prosze wiec o porade.

Komputer makabrycznie wolno dziala. Stalo sie to nagle raczej. Wczesniej nic nie wskazywalo na potencjalne problemy. Obciazenie procesora jest na poziomie 100 % pomimo, ze nic na komputerze nawet nie robie. Sprawdzilem kilkoma programami. Uruchamiane byly w trybie awaryjnym. Ad-aware - nic nie znalazl. AVG anti-rootkit - nic nie znalazl. AVG Anti spyware - znalazl cale mnostwo szpiegujacych cookie (wywalil tego liczbowo ponad 6 000), ale poza tym raczej nic. Komputerr ciagle dziala wolno. Laptopa zostawilem przedwczoraj wlaczonego na caly dzien z BitTorrentem wlaczonym (cos tam sie sciagalo). Po powrocie juz byl caly zamulony. Nie wiem czy to ma znaczenie, ale pisze co by pomoc w diagnozie. Poza tym z obserwacji - w katalogu glownym na dysku C pojawil sie plik delus.exe. Wczesniej jakos go nie widzialem. Profilaktywnie go skasowalem, ale nie wiec co to za twor.

Poza tym raz przy zamykaniu systemu zapytal mnie system czy chce zakonczyc dzialajacy proces “XPCOM event receiver”. Nie mam pojecia co to jest i dlaczego bylo “na chodzie”.

Ponizej logi do sprawdzenia. Prosze o pomoc.

Logfile of HijackThis v1.99.1 Scan saved at 07:23:30, on 2007-04-26 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe C:\WINDOWS\system32\crypserv.exe C:\Program Files\DCPFLICS\DCPFLICS.exe C:\WINDOWS\system32\IDispChg.exe E:\PROGRA~1\System\norton\NORTON~1\NPROTECT.EXE E:\PROGRA~1\System\norton\NORTON~1\SPEEDD~1\NOPDB.EXE C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\TFNF5.exe C:\Program Files\TOSHIBA\Program narzêdziowy TOSHIBA Zooming Utility\SmoothView.exe C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe C:\Program Files\Apoint2K\Apoint.exe C:\Program Files\Toshiba\TOSHIBA Controls\TFncKy.exe C:\Program Files\Toshiba\ConfigFree\NDSTray.exe C:\WINDOWS\system32\TPSMain.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe C:\Program Files\Logitech\QuickCam10\QuickCam10.exe E:\Program files\System\totalcmd\TOTALCMD.EXE C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe C:\Program Files\Rainlendar2\Rainlendar2.exe C:\Program Files\Apoint2K\Apntex.exe C:\WINDOWS\system32\TPSBattM.exe C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe C:\WINDOWS\System32\svchost.exe C:\DOCUME~1\Martinez\USTAWI~1\Temp_tc\HIJACK~1.EXE C:\Documents and Settings\All Users\Dane aplikacji\Prevx\PXSetup.exe E:\PROGRA~1\WWW\FIREFOX\FIREFOX.EXE R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.tiscali.co.uk R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = £¹cza O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\Program files\System\Spybot - Search & Destroy\SDHelper.dll O4 - HKLM…\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM…\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM…\Run: [000StTHK] 000StTHK.exe O4 - HKLM…\Run: [TFNF5] TFNF5.exe O4 - HKLM…\Run: [smoothView] C:\Program Files\TOSHIBA\Program narzêdziowy TOSHIBA Zooming Utility\SmoothView.exe O4 - HKLM…\Run: [sigmaTel StacMon] C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe O4 - HKLM…\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe O4 - HKLM…\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe O4 - HKLM…\Run: [TFncKy] C:\Program Files\Toshiba\TOSHIBA Controls\TFncKy.exe O4 - HKLM…\Run: [NDSTray.exe] C:\Program Files\Toshiba\ConfigFree\NDSTray.exe O4 - HKLM…\Run: [TPSMain] TPSMain.exe O4 - HKLM…\Run: [kav] “C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe” O4 - HKLM…\Run: [LogitechCommunicationsManager] “C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe” O4 - HKLM…\Run: [LogitechQuickCamRibbon] “C:\Program Files\Logitech\QuickCam10\QuickCam10.exe” /hide O4 - HKLM…\Run: [PrevxOne] “C:\Program Files\Prevx1\PXConsole.exe” O4 - HKLM…\Run: [!AVG Anti-Spyware] “C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe” /minimized O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU…\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe O4 - HKCU…\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll O9 - Extra button: Ochrona WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.tiscali.co.uk O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll O23 - Service: Autodesk Licensing Service - Unknown owner - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing) O23 - Service: Belkin Wireless USB Network Adapter (Belkin Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe O23 - Service: DCPFLICS - Unknown owner - C:\Program Files\DCPFLICS\DCPFLICS.exe O23 - Service: IDispChg Service (IDispChgService) - Unknown owner - C:\WINDOWS\system32\IDispChg.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: NBService - Nero AG - E:\Program files\System\Nero 7\Nero BackItUp\NBService.exe O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - E:\PROGRA~1\System\norton\NORTON~1\NPROTECT.EXE O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - E:\Program files\System\SiSoftware Sandra Professional 2005\RpcDataSrv.exe O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - E:\Program files\System\SiSoftware Sandra Professional 2005\RpcSandraSrv.exe O23 - Service: Speed Disk service - Symantec Corporation - E:\PROGRA~1\System\norton\NORTON~1\SPEEDD~1\NOPDB.EXE O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - E:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

I logi z Silent Runnera

“Silent Runners.vbs”, revision R50, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by “{++}” Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “CTFMON.EXE” = “C:\WINDOWS\system32\ctfmon.exe” [MS] “TOSCDSPD” = “C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe” [“TOSHIBA”] “MSMSGS” = ““C:\Program Files\Messenger\msmsgs.exe” /background” [MS] HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “IgfxTray” = “C:\WINDOWS\system32\igfxtray.exe” [“Intel Corporation”] “HotKeysCmds” = “C:\WINDOWS\system32\hkcmd.exe” [“Intel Corporation”] “000StTHK” = “000StTHK.exe” [null data] “TFNF5” = “TFNF5.exe” [“TOSHIBA Corp.”] “SmoothView” = “C:\Program Files\TOSHIBA\Program narzêdziowy TOSHIBA Zooming Utility\SmoothView.exe” [“TOSHIBA Corporation”] “SigmaTel StacMon” = “C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe” [“SigmaTel Inc.”] “Apoint” = “C:\Program Files\Apoint2K\Apoint.exe” [“Alps Electric Co., Ltd.”] “TouchED” = “C:\Program Files\TOSHIBA\TouchED\TouchED.Exe” [“TOSHIBA Corporation”] “TFncKy” = “C:\Program Files\Toshiba\TOSHIBA Controls\TFncKy.exe” [“TOSHIBA Corporation”] “NDSTray.exe” = “C:\Program Files\Toshiba\ConfigFree\NDSTray.exe” [“TOSHIBA CORPORATION”] “TPSMain” = “TPSMain.exe” [“TOSHIBA Corporation”] “kav” = ““C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe”” [“Kaspersky Lab”] “LogitechCommunicationsManager” = ““C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe”” [“Logitech Inc.”] “LogitechQuickCamRibbon” = ““C:\Program Files\Logitech\QuickCam10\QuickCam10.exe” /hide” [“Logitech Inc.”] “QD FastAndSafe” = “*n” (unwritable string) [file not found] “!AVG Anti-Spyware” = ““C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe” /minimized” [“Anti-Malware Development a.s.”] HKLM\Software\Microsoft\Active Setup\Installed Components\ >{26923b43-4d38-484f-9b9e-de460746276c}(Default) = “Internet Explorer” \StubPath = “C:\WINDOWS\system32\shmgrate.exe OCInstallUserConfigIE” [MS] >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS(Default) = “Dostosowywanie przegl¹darki” \StubPath = “RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP” [MS] >{881dd1c5-3dcf-431b-b061-f3f88e8be88a}(Default) = “Outlook Express” \StubPath = “C:\WINDOWS\system32\shmgrate.exe OCInstallUserConfigOE” [MS] {2C7339CF-2B09-4501-B3F3-F3508C9228ED}(Default) = “Themes Setup” \StubPath = “C:\WINDOWS\system32\regsvr32.exe /s /n /i:/UserInstall C:\WINDOWS\system32\themeui.dll” [MS] {44BBA840-CC51-11CF-AAFA-00AA00B6015C}(Default) = “Microsoft Outlook Express 6” \StubPath = ““C:\Program Files\Outlook Express\setup50.exe” /APP:OE /CALLER:WINNT /user /install” [MS] {44BBA842-CC51-11CF-AAFA-00AA00B6015B}(Default) = “NetMeeting 3.01” \StubPath = “rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT” [MS] {5945c046-1e7d-11d1-bc44-00c04fd912be}(Default) = “Windows Messenger 4.7” \StubPath = “rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser” [MS] {6BF52A52-394A-11d3-B153-00C04F79FAA6}(Default) = “Microsoft Windows Media Player” \StubPath = “rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub” [MS] {7790769C-0471-11d2-AF11-00C04FA35D02}(Default) = “Ksi¹¿ka adresowa 6” \StubPath = ““C:\Program Files\Outlook Express\setup50.exe” /APP:WAB /CALLER:WINNT /user /install” [MS] {89820200-ECBD-11cf-8B85-00AA005B4340}(Default) = “Aktualizacja pulpitu Windows” \StubPath = “regsvr32.exe /s /n /i:U shell32.dll” [MS] {89820200-ECBD-11cf-8B85-00AA005B4383}(Default) = “Internet Explorer 6” \StubPath = “C:\WINDOWS\system32\ie4uinit.exe” [MS] {89B4C1CD-B018-4511-B0A1-5476DBF70820}(Default) = (no title provided) \StubPath = “C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install” [MS] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided) -> {HKLM…CLSID} = “AcroIEHlprObj Class” \InProcServer32(Default) = “C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll” [“Adobe Systems Incorporated”] {53707962-6F74-2D53-2644-206D7942484F}(Default) = (no title provided) -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “E:\Program files\System\Spybot - Search & Destroy\SDHelper.dll” [“Safer Networking Limited”] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ “{88895560-9AA2-1069-930E-00AA0030EBC8}” = “Rozszerzenie ikony HyperTerminalu” -> {HKLM…CLSID} = “HyperTerminal Icon Ext” \InProcServer32(Default) = “C:\WINDOWS\system32\hticons.dll” [“Hilgraeve, Inc.”] “{C4213067-97B3-4929-9B98-B5600FBBBA13}” = “TouchED” -> {HKLM…CLSID} = “TouchShellExt Class” \InProcServer32(Default) = “C:\PROGRA~1\TOSHIBA\TouchED\TouchED.dll” [“TOSHIBA Corporation”] “{42042206-2D85-11D3-8CFF-005004838597}” = “Microsoft Office HTML Icon Handler” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\Program Files\Microsoft Office\OFFICE11\msohev.dll” [MS] “{4CCEFB41-18FA-11D3-9EF3-00A0C9E897FD}” = “Skladnik rozszerzenia powloki CorelDRAW” -> {HKLM…CLSID} = “CorelDRAW Shell Extension Component” \InProcServer32(Default) = “E:\Program files\grafika\Corel\DRAW\CDRVIEWER\CrlShell110.dll” [null data] “{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}” = “Shell Extensions for RealOne Player” -> {HKLM…CLSID} = “RealOne Player Context Menu Class” \InProcServer32(Default) = “C:\Program Files\Real\RealPlayer\rpshell.dll” [“RealNetworks, Inc.”] “{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802}” = “Adobe.Acrobat.ContextMenu” -> {HKLM…CLSID} = “Acrobat Elements Context Menu” \InProcServer32(Default) = “E:\Program Files\System\Adobe\Acrobat 6.0 CE\Acrobat Elements\ContextMenu.dll” [“Adobe Systems Inc.”] “{85E0B171-04FA-11D1-B7DA-00A0C90348D6}” = “Ochrona WWW” -> {HKLM…CLSID} = “Ochrona WWW” \InProcServer32(Default) = “C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll” [“Kaspersky Lab”] “{4FED14EE-8086-4b0c-A0DE-C27042ED1296}” = “PDFTransformer2ContextMenu” -> {HKLM…CLSID} = “PDFTransformer2.PDFTContextMenu.1” \InProcServer32(Default) = “C:\Program Files\ABBYY PDF Transformer 2.0\PDFTContextMenu.dll” [“ABBYY Software”] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\ <> “{57B86673-276A-48B2-BAE7-C6DBB3020EB8}” = “AVG Anti-Spyware 7.5” -> {HKLM…CLSID} = “CShellExecuteHookImpl Object” \InProcServer32(Default) = “C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll” [“Anti-Malware Development a.s.”] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ <> igfxcui\DLLName = “igfxsrvc.dll” [“Intel Corporation”] <> klogon\DLLName = “C:\WINDOWS\system32\klogon.dll” [“Kaspersky Lab”] HKLM\Software\Classes\PROTOCOLS\Filter\ <> text/xml\CLSID = “{807553E5-5146-11D5-A672-00B0D022E945}” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL” [MS] HKLM\Software\Classes\Folder\shellex\ColumnHandlers\ {F9DB5320-233E-11D1-9F84-707F02C10627}(Default) = “PDF Column Info” -> {HKLM…CLSID} = “PDF Shell Extension” \InProcServer32(Default) = “C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll” [“Adobe Systems, Inc.”] HKLM\Software\Classes*\shellex\ContextMenuHandlers\ Adobe.Acrobat.ContextMenu(Default) = “{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802}” -> {HKLM…CLSID} = “Acrobat Elements Context Menu” \InProcServer32(Default) = “E:\Program Files\System\Adobe\Acrobat 6.0 CE\Acrobat Elements\ContextMenu.dll” [“Adobe Systems Inc.”] AVG Anti-Spyware(Default) = “{8934FCEF-F5B8-468f-951F-78A921CD3920}” -> {HKLM…CLSID} = “CContextScan Object” \InProcServer32(Default) = “C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll” [“Anti-Malware Development a.s.”] Kaspersky Anti-Virus(Default) = “{dd230880-495a-11d1-b064-008048ec2fc5}” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\shellex.dll” [“Kaspersky Lab”] MakeFile Class(Default) = “{D8504558-278D-4A93-BCBC-75B142CAA3B3}” -> {HKLM…CLSID} = “MakeFile Class” \InProcServer32(Default) = “C:\WINDOWS\system32\vdshell.dll” [“FarStone Technology Inc.”] PDFTransformer2ContextMenu(Default) = “{4FED14EE-8086-4b0c-A0DE-C27042ED1296}” -> {HKLM…CLSID} = “PDFTransformer2.PDFTContextMenu.1” \InProcServer32(Default) = “C:\Program Files\ABBYY PDF Transformer 2.0\PDFTContextMenu.dll” [“ABBYY Software”] WinMerge(Default) = “{4E716236-AA30-4C65-B225-D68BBA81E9C2}” -> {HKLM…CLSID} = “WinMergeShell Class” \InProcServer32(Default) = “E:\Program Files\WinMerge\ShellExtensionU.dll” [empty string] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ AVG Anti-Spyware(Default) = “{8934FCEF-F5B8-468f-951F-78A921CD3920}” -> {HKLM…CLSID} = “CContextScan Object” \InProcServer32(Default) = “C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll” [“Anti-Malware Development a.s.”] WinMerge(Default) = “{4E716236-AA30-4C65-B225-D68BBA81E9C2}” -> {HKLM…CLSID} = “WinMergeShell Class” \InProcServer32(Default) = “E:\Program Files\WinMerge\ShellExtensionU.dll” [empty string] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ FolderShell Class(Default) = “{24C0824F-BC16-41DB-9845-DE545941C3B0}” -> {HKLM…CLSID} = “FolderShell Class” \InProcServer32(Default) = “C:\WINDOWS\system32\vdshell.dll” [“FarStone Technology Inc.”] Kaspersky Anti-Virus(Default) = “{dd230880-495a-11d1-b064-008048ec2fc5}” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\shellex.dll” [“Kaspersky Lab”] Group Policies {policy setting}: -------------------------------- Note: detected settings may not have any effect. HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\ “shutdownwithoutlogon” = (REG_DWORD) hex:0x00000001 {Shutdown: Allow system to be shut down without having to log on} “undockwithoutlogon” = (REG_DWORD) hex:0x00000001 {Devices: Allow undock without having to log on} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ “Wallpaper” = “C:\WINDOWS\TOSHIBA Satellite 1024x768.bmp” Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ “Wallpaper” = “C:\WINDOWS\TOSHIBA Satellite 1024x768.bmp” Enabled Screen Saver: --------------------- HKCU\Control Panel\Desktop\ “SCRNSAVE.EXE” = “C:\WINDOWS\System32\logon.scr” [MS] Enabled Scheduled Tasks: ------------------------ “Symantec Drmc” -> launches: “C:\Program Files\Common Files\Symantec Shared\SymDrmc.exe /CUSTOM /SCHEDULE” [“Symantec Corporation”] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] 000000000002\LibraryPath = “%SystemRoot%\System32\winrnr.dll” [MS] 000000000003\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 23 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Explorer Bars HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\ {182EC0BE-5110-49C8-A062-BEB1D02A220B}(Default) = (no title provided) -> {HKLM…CLSID} = “Adobe PDF” \InProcServer32(Default) = “E:\Program Files\System\Adobe\Acrobat 6.0 CE\Acrobat\AcroIEFavClient.dll” [null data] HKLM\Software\Classes\CLSID{85E0B171-04FA-11D1-B7DA-00A0C90348D6}(Default) = “Ochrona WWW” Implemented Categories{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32(Default) = “C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll” [“Kaspersky Lab”] HKLM\Software\Classes\CLSID{FF059E31-CC5A-4E2E-BF3B-96E929D65503}(Default) = “&Research” Implemented Categories{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL” [MS] Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ “MenuText” = “Sun Java Console” “CLSIDExtension” = “{08B0E5C0-4FCB-11CF-AAA5-00401C608501}” -> {HKLM…CLSID} = “Web Browser Applet Control” \InProcServer32(Default) = “C:\WINDOWS\system32\msjava.dll” [MS] {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E}\ “ButtonText” = “Ochrona WWW” {92780B25-18CC-41C8-B9BE-3C9C571A8263}\ “ButtonText” = “Research” {FB5F1910-F110-11D2-BB9E-00C04F795683}\ “ButtonText” = “Messenger” “MenuText” = “Windows Messenger” “Exec” = “C:\Program Files\Messenger\msmsgs.exe” [MS] Miscellaneous IE Hijack Points ------------------------------ C:\WINDOWS\INF\IERESET.INF (used to “Reset Web Settings”) Added lines (compared with English-language version): [strings]: START_PAGE_URL=http://www.tiscali.co.uk Missing lines (compared with English-language version): [strings]: 1 line HKLM\Software\Microsoft\Internet Explorer\AboutURLs\ <> “TuneUp” = “file://C|/Documents and Settings/All Users/Dane aplikacji/TuneUp Software/Common/base.css” [file not found] All Non-Disabled Services (Display Name, Service Name, Path {Service DLL}): --------------------------------------------------------------------------- ASP.NET State Service, aspnet_state, “C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe” [MS] Autodesk Licensing Service, Autodesk Licensing Service, ““C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe”” [null data] AVG Anti-Spyware Guard, AVG Anti-Spyware Guard, “C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe” [“Anti-Malware Development a.s.”] Belkin Wireless USB Network Adapter, Belkin Wireless USB Network Adapter Service, “C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe” [null data] Boonty Games, Boonty Games, ““C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe”” [“BOONTY”] ConfigFree Service, CFSvcs, “C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe” [“TOSHIBA CORPORATION”] Crypkey License, Crypkey License, “crypserv.exe” [“Kenonic Controls Ltd.”] DCPFLICS, DCPFLICS, “C:\Program Files\DCPFLICS\DCPFLICS.exe” [null data] IDispChg Service, IDispChgService, “C:\WINDOWS\system32\IDispChg.exe” [null data] Kaspersky Anti-Virus 6.0, AVP, ““C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe” -r” [“Kaspersky Lab”] LVSrvLauncher, LVSrvLauncher, “C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe” [“Logitech Inc.”] Macromedia Licensing Service, Macromedia Licensing Service, ““C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe”” [null data] NBService, NBService, “E:\Program files\System\Nero 7\Nero BackItUp\NBService.exe” [“Nero AG”] Norton Unerase Protection, NProtectService, “E:\PROGRA~1\System\norton\NORTON~1\NPROTECT.EXE” [“Symantec Corporation”] Office Source Engine, ose, ““C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE”” [MS] Process Monitor, LVPrcSrv, “c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe” [“Logitech Inc.”] Sandra Data Service, SandraDataSrv, “E:\Program files\System\SiSoftware Sandra Professional 2005\RpcDataSrv.exe” [“SiSoftware”] Sandra Service, SandraTheSrv, “E:\Program files\System\SiSoftware Sandra Professional 2005\RpcSandraSrv.exe” [“SiSoftware”] Speed Disk service, Speed Disk service, “E:\PROGRA~1\System\norton\NORTON~1\SPEEDD~1\NOPDB.EXE” [“Symantec Corporation”] Symantec Core LC, Symantec Core LC, “C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe” [“Symantec Corporation”] Symantec Event Manager, ccEvtMgr, ““C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe”” [“Symantec Corporation”] Symantec Password Validation, ccPwdSvc, ““C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe”” [“Symantec Corporation”] Symantec Settings Manager, ccSetMgr, ““C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe”” [“Symantec Corporation”] TrueVector Internet Monitor, vsmon, “C:\WINDOWS\system32\ZoneLabs\vsmon.exe -service” [“Zone Labs, LLC”] TuneUp WinStyler Theme Service, TUWinStylerThemeSvc, ““E:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe”” [“TuneUp Software GmbH”] Us³uga administracyjna Mened¿era dysków logicznych, dmadmin, “C:\WINDOWS\System32\dmadmin.exe /com” [“Microsoft Corp., Veritas Software”] Us³uga dostarczania sieci, xmlprov, “C:\WINDOWS\System32\svchost.exe -k netsvcs” {“C:\WINDOWS\System32\xmlprov.dll” [MS]} Us³uga numeru seryjnego multimediów przenoœnych, WmdmPmSN, “C:\WINDOWS\System32\svchost.exe -k netsvcs” {“C:\WINDOWS\system32\mspmsnsv.dll” [MS]} Zarz¹dzanie aplikacjami, AppMgmt, “C:\WINDOWS\system32\svchost.exe -k netsvcs” {“C:\WINDOWS\System32\appmgmts.dll” [file not found]} Print Monitors: --------------- HKLM\System\CurrentControlSet\Control\Print\Monitors\ Adobe PDF Port\Driver = “C:\WINDOWS\system32\AdobePDF.dll” [“Adobe Systems Incorporated.”] hpzsnt09\Driver = “hpzsnt09.dll” [“HP”] Microsoft Document Imaging Writer Monitor\Driver = “mdimon.dll” [MS] Monitor jêzyka BJ\Driver = “CNBJMON.DLL” [MS] ---------- <>: Suspicious data at a malware launch point. <>: Suspicious data at a browser hijack point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + The search for DESKTOP.INI DLL launch points on all local fixed drives took 229 seconds. ---------- (total run time: 279 seconds)

Od razu dodam, ze na codzien uzywam tylko antywirusa AVP i czasem skanuje komputer programem antispyware. Teraz doinstalowalem kilka innych programow co by komputer sprawdzic.

Licze na pomoc,

Pozdrawiam,

Marcin

Złączono Posta : 26.04.2007 (Czw) 19:24

Lekkie uzupelnienie do postu powyzej. Przeskanowalem komputer raz jeszcze AVG Anti spyware. Poza roznymi trackerami (cookie) znalazl mi takze Trojan Feutelav oraz downloader.small.ddp. Uzusalem to programem. Wyczytalem gdzies takze, aby logi Hijacka byly generowane kiedy nie jest od odpalany z katalogu tymczasowego. Dla pewnosci wiec ponizej aktualny log. Problemy ciagle te same. Komputer zamulony jak nigdy.

Logfile of HijackThis v1.99.1 Scan saved at 18:19:04, on 2007-04-26 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe C:\WINDOWS\system32\crypserv.exe C:\Program Files\DCPFLICS\DCPFLICS.exe C:\WINDOWS\system32\IDispChg.exe E:\PROGRA~1\System\norton\NORTON~1\NPROTECT.EXE E:\PROGRA~1\System\norton\NORTON~1\SPEEDD~1\NOPDB.EXE C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\TFNF5.exe C:\Program Files\TOSHIBA\Program narzędziowy TOSHIBA Zooming Utility\SmoothView.exe C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe C:\Program Files\Apoint2K\Apoint.exe C:\Program Files\Toshiba\TOSHIBA Controls\TFncKy.exe C:\Program Files\Toshiba\ConfigFree\NDSTray.exe C:\WINDOWS\system32\TPSMain.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe C:\Program Files\Logitech\QuickCam10\QuickCam10.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Apoint2K\Apntex.exe C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe C:\Program Files\Rainlendar2\Rainlendar2.exe C:\WINDOWS\system32\TPSBattM.exe C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe E:\Program files\System\totalcmd\TOTALCMD.EXE C:\DOCUME~1\Martinez\USTAWI~1\Temp_tc\PrcView.exe E:\Program files\System\norton\Norton Utilities\ndd32.exe E:\Program files\www\Firefox\firefox.exe C:\WINDOWS\System32\svchost.exe c:\hjt\HijackThis.exe R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\Program files\System\Spybot - Search & Destroy\SDHelper.dll O4 - HKLM…\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM…\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM…\Run: [000StTHK] 000StTHK.exe O4 - HKLM…\Run: [TFNF5] TFNF5.exe O4 - HKLM…\Run: [smoothView] C:\Program Files\TOSHIBA\Program narzędziowy TOSHIBA Zooming Utility\SmoothView.exe O4 - HKLM…\Run: [sigmaTel StacMon] C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe O4 - HKLM…\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe O4 - HKLM…\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe O4 - HKLM…\Run: [TFncKy] C:\Program Files\Toshiba\TOSHIBA Controls\TFncKy.exe O4 - HKLM…\Run: [NDSTray.exe] C:\Program Files\Toshiba\ConfigFree\NDSTray.exe O4 - HKLM…\Run: [TPSMain] TPSMain.exe O4 - HKLM…\Run: [kav] “C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe” O4 - HKLM…\Run: [LogitechCommunicationsManager] “C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe” O4 - HKLM…\Run: [LogitechQuickCamRibbon] “C:\Program Files\Logitech\QuickCam10\QuickCam10.exe” /hide O4 - HKLM…\Run: [!AVG Anti-Spyware] “C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe” /minimized O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU…\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe O4 - HKCU…\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll O9 - Extra button: Ochrona WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.tiscali.co.uk O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll O23 - Service: Autodesk Licensing Service - Unknown owner - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing) O23 - Service: Belkin Wireless USB Network Adapter (Belkin Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe O23 - Service: DCPFLICS - Unknown owner - C:\Program Files\DCPFLICS\DCPFLICS.exe O23 - Service: IDispChg Service (IDispChgService) - Unknown owner - C:\WINDOWS\system32\IDispChg.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - E:\PROGRA~1\System\norton\NORTON~1\NPROTECT.EXE O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - E:\Program files\System\SiSoftware Sandra Professional 2005\RpcDataSrv.exe O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - E:\Program files\System\SiSoftware Sandra Professional 2005\RpcSandraSrv.exe O23 - Service: Speed Disk service - Symantec Corporation - E:\PROGRA~1\System\norton\NORTON~1\SPEEDD~1\NOPDB.EXE O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - E:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe

Licze wciaz na pomoc. Pozdrawiam

Marcin