Witam mam taki problem że dzisiaj strasznie internet zaczął wolno chodzić strony sie nie chcą wczytywać bądź bardzo wolno, wczoraj było wszystko wporządku. Zauważyłem również że pojawia się proces iexplore.exe(pomimo że wogóle nie używam IE tylko FF) zakończywszy proces w menadżerze zadań pojawia sie on znowu i zamula kompa przy okazji.Dla porównania screan procesów(otworzony IE)ma nazwe uzytkownika WozakMatu czyli ok, a ten drugi naz. użytk. SYSTEM i ciągle się pojawia jak zamykam. http://uploads.pl/uploads/73e05bb71f.jpg
Daje jeszcze logi:
Logfile of HijackThis v1.99.1
Scan saved at 20:17:35, on 2006-11-05
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
D:\Avast\ashDisp.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\WINDOWS\System32\3Com_DMI\3CDMINIC.EXE
D:\Avast\aswUpdSv.exe
D:\Avast\ashServ.exe
C:\WINDOWS\system32\crypserv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
D:\al120%\Alcohol 120\StarWind\StarWindService.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\Avast\ashWebSv.exe
C:\WINDOWS\System32\wuauclt.exe
D:\moziila\firefox.exe
C:\WINDOWS\System32\WScript.exe
C:\WINDOWS\System32\WScript.exe
C:\WINDOWS\System32\WScript.exe
F:\Instalki\HijackThis.exe
F:\Instalki\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - d:\Adobe reader\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: ClickCatcher MSIE handler - {16664845-0E00-11D2-8059-000000000000} - C:\Program Files\Common Files\ReGet Shared\Catcher.dll
O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: ReGet Bar - {17939A30-18E2-471E-9D3A-56DD725F1215} - D:\ReGetDx\iebar.dll
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [avast!] D:\Avast\ashDisp.exe
O4 - HKCU\..\Run: [AQQ] D:\AQQ\AQQ.exe
O4 - Global Startup: raid_tool.exe.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O8 - Extra context menu item: &Pobierz przez ReGet Deluxe - C:\Program Files\Common Files\ReGet Shared\CC_Link.htm
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Pobierz &wszystko przez ReGet Deluxe - C:\Program Files\Common Files\ReGet Shared\CC_All.htm
O8 - Extra context menu item: Ściągnij przy pomocy FlashGet'a - D:\flash get\FlashGet\jc_link.htm
O8 - Extra context menu item: Ściągnij wszystko przy pomocy FlashGet'a - D:\flash get\FlashGet\jc_all.htm
O16 - DPF: {5A09E43F-A0A7-4ABF-AF80-11367CF1DC8F} (MainControl Class) - http://mks.com.pl/skaner/SkanerOnline.cab
O20 - Winlogon Notify: rpcc - C:\WINDOWS\System32\rpcc.dll
O23 - Service: 3Com DMI Agent (3ComDMIService) - 3Com Corporation - C:\WINDOWS\System32\3Com_DMI\3CDMINIC.EXE
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - D:\Avast\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - D:\Avast\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - D:\Avast\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - D:\Avast\ashWebSv.exe" /service (file missing)
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - D:\al120%\Alcohol 120\StarWind\StarWindService.exe
to robie piewszy raz mam nadziej że dobrze:
"Silent Runners.vbs", revision 49, http://www.silentrunners.org/
Operating System: Windows XP
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"AQQ" = "D:\AQQ\AQQ.exe" ["AQQ Sp. z o.o."]
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ {++}
"ishost.exe" = "ishost.exe" [file not found]
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"Smapp" = "C:\Program Files\Analog Devices\SoundMAX\SMTray.exe" ["Analog Devices, Inc."]
"HP Software Update" = ""C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"" ["Hewlett-Packard"]
"HPDJ Taskbar Utility" = "C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe" ["HP"]
"HP Component Manager" = ""C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"" ["Hewlett-Packard Company"]
"DeviceDiscovery" = "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" ["Hewlett-Packard"]
"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup" [MS]
"avast!" = "D:\Avast\ashDisp.exe" [null data]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "AcroIEHlprObj Class"
\InProcServer32\(Default) = "d:\Adobe reader\Reader\ActiveX\AcroIEHelper.ocx" [empty string]
{16664845-0E00-11D2-8059-000000000000}\(Default) = (no title provided)
-> {HKLM...CLSID} = "ClickCatcher MSIE handler"
\InProcServer32\(Default) = "C:\Program Files\Common Files\ReGet Shared\Catcher.dll" ["ReGet Software"]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
-> {HKLM...CLSID} = "Desktop Explorer"
\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"
-> {HKLM...CLSID} = "nView Desktop Context Menu"
\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"
-> {HKLM...CLSID} = "Microsoft Office Outlook"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL" [MS]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"
-> {HKLM...CLSID} = "Rozszerzenie ikon plików programu Outlook"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "D:\winrar\rarext.dll" [null data]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
-> {HKLM...CLSID} = "Portable Media Devices Menu"
\InProcServer32\(Default) = "C:\WINDOWS\System32\Audiodev.dll" [MS]
"{472083B0-C522-11CF-8763-00608CC02F24}" = "avast"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "D:\Avast\ashShell.dll" ["ALWIL Software"]
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
<> rpcc\DLLName = "C:\WINDOWS\System32\rpcc.dll" [null data]
HKLM\Software\Classes\PROTOCOLS\Filter\
<> text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]
HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "D:\Avast\ashShell.dll" ["ALWIL Software"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "D:\winrar\rarext.dll" [null data]
HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "D:\winrar\rarext.dll" [null data]
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "D:\Avast\ashShell.dll" ["ALWIL Software"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "D:\winrar\rarext.dll" [null data]
Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------
Note: detected settings may not have any effect.
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
"NoLowDiskSpaceChecks" = (REG_DWORD) hex:0x00000000
{unrecognized setting}
"NoFavoritesMenu" = (REG_DWORD) hex:0x00000000
{User Configuration|Administrative Templates|Start Menu and Taskbar|
Remove Favorites menu from Start Menu}
"NoRecentDocsMenu" = (REG_DWORD) hex:0x00000000
{unrecognized setting}
"NoFind" = (REG_DWORD) hex:0x00000000
{unrecognized setting}
"NoRun" = (REG_DWORD) hex:0x00000000
{unrecognized setting}
"NoSetFolders" = (REG_DWORD) hex:0x00000000
{unrecognized setting}
"NoRealMode" = (REG_DWORD) hex:0x00000000
{unrecognized setting}
"NoClose" = (REG_DWORD) hex:0x00000000
{unrecognized setting}
"NoNetHood" = (REG_DWORD) hex:0x00000000
{unrecognized setting}
"NoActiveDesktop" = (REG_DWORD) hex:0x00000000
{User Configuration|Administrative Templates|Desktop|Desktop / Active Desktop|
Disable Active Desktop}
"ClassicShell" = (REG_DWORD) hex:0x00000000
{User Configuration|Administrative Templates|Windows Components|Windows Explorer|
Enable Classic Shell / Turn on Classic Shell}
"ForceActiveDesktopOn" = (REG_DWORD) hex:0x00000000
{User Configuration|Administrative Templates|Desktop|Desktop / Active Desktop|
Enable Active Desktop}
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\
"NoDispCPL" = (REG_DWORD) hex:0x00000000
{User Configuration|Administrative Templates|Control Panel|Display|
Remove Display in Control Panel}
"NoDispSettingsPage" = (REG_DWORD) hex:0x00000000
{unrecognized setting}
"NoDevMgrPage" = (REG_DWORD) hex:0x00000000
{unrecognized setting}
"NoSecCPL" = (REG_DWORD) hex:0x00000000
{unrecognized setting}
"NoPrintSharing" = (REG_DWORD) hex:0x00000000
{unrecognized setting}
"NoNestSetup" = (REG_DWORD) hex:0x00000000
{unrecognized setting}
"DisableTaskMgr" = (REG_DWORD) hex:0x00000000
{User Configuration|Administrative Templates|System|Ctrl+Alt+Del Options|
Remove Task Manager}
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\
"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}
"undockwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}
"DisableTaskMgr" = (REG_DWORD) hex:0x00000000
{unrecognized setting}
Active Desktop and Wallpaper:
-----------------------------
Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\Documents and Settings\WozakMatu\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"
Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\WozakMatu\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"
Enabled Screen Saver:
---------------------
HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\System32\logon.scr" [MS]
Startup items in "WozakMatu" & "All Users" startup folders:
-----------------------------------------------------------
C:\Documents and Settings\All Users\Menu Start\Programy\Autostart
"raid_tool.exe" -> shortcut to: "C:\Program Files\VIA\RAID\raid_tool.exe" ["VIA"]
Winsock2 Service Provider DLLs:
-------------------------------
Namespace Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
Transport Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 13
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05
Toolbars, Explorer Bars, Extensions:
------------------------------------
Toolbars
HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{17939A30-18E2-471E-9D3A-56DD725F1215}" = "ReGet Bar"
-> {HKLM...CLSID} = "ReGet Bar"
\InProcServer32\(Default) = "D:\ReGetDx\iebar.dll" ["ReGet Software"]
Explorer Bars
HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\
HKLM\Software\Classes\CLSID\{16664849-0E00-11D2-8059-000000000000}\(Default) = "MSIE Spy"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\Program Files\Common Files\ReGet Shared\Catcher.dll" ["ReGet Software"]
HKLM\Software\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Badanie"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL" [MS]
Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------
3Com DMI Agent, 3ComDMIService, "C:\WINDOWS\System32\3Com_DMI\3CDMINIC.EXE" ["3Com Corporation"]
avast! Antivirus, avast! Antivirus, ""D:\Avast\ashServ.exe"" [null data]
avast! iAVS4 Control Service, aswUpdSv, ""D:\Avast\aswUpdSv.exe"" [null data]
avast! Web Scanner, avast! Web Scanner, ""D:\Avast\ashWebSv.exe" /service" ["ALWIL Software"]
Crypkey License, Crypkey License, "crypserv.exe" ["Kenonic Controls Ltd."]
NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\System32\nvsvc32.exe" ["NVIDIA Corporation"]
SoundMAX Agent Service, SoundMAX Agent Service (default), "C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe" ["Analog Devices, Inc."]
StarWind iSCSI Service, StarWindService, "D:\al120%\Alcohol 120\StarWind\StarWindService.exe" ["Rocket Division Software"]
Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\System32\wdfmgr.exe" [MS]
Print Monitors:
---------------
HKLM\System\CurrentControlSet\Control\Print\Monitors\
hpzsnt09\Driver = "hpzsnt09.dll" ["HP"]
Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS]
----------
<>: Suspicious data at a malware launch point.
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points, use the -supp parameter or answer "No" at the
first message box and "Yes" at the second message box.
---------- (total run time: 416 seconds, including 18 seconds for message boxes)
z góry dziękuje za wszelką pomoc