Nie mogę uruchomić “ipconfig /all”. Po wpisaniu tej komendy na chwilę pojawia się okienko i znika. Tak samo jest gdy wpisuje inne polecenie z zakresu “ipconfig”.
Mam jeszcze jeden problem. mam uruchomionych 5 procesów svchost.exe, chyba to troszkę za dużo.
Proszę o sprawdzenie loga bo chyba mam syf na kompie.
Logfile of HijackThis v1.99.1 Scan saved at 12:46:10, on 2007-02-01 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\brsvc01a.exe C:\WINDOWS\system32\brss01a.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\WINDOWS\system32\sistray.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Alwil Software\Avast4\ashDisp.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\RaConfig.exe C:\Program Files\MicroStar\WLANUtility\WlanUtility.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\MicroStar\WLANUtility\WLAN_Service.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\gg\Gadu-Gadu\gg.exe C:\Program Files\Outlook Express\msimn.exe D:\PROGRA~1\Avant\AVANTB~1\avant.exe C:\Program Files\Winamp\winamp.exe D:\Program Files\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: Share Accelerator Toolbar - {f5c93451-2609-4723-a053-5c19516be1a8} - C:\Program Files\Share_Accelerator\tbShar.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O3 - Toolbar: Share Accelerator Toolbar - {f5c93451-2609-4723-a053-5c19516be1a8} - C:\Program Files\Share_Accelerator\tbShar.dll O4 - HKLM…\Run: [siS Tray] C:\WINDOWS\system32\sistray.EXE O4 - HKLM…\Run: [siS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe O4 - HKLM…\Run: [siSUSBRG] C:\WINDOWS\SiSUSBrg.exe O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM…\Run: [avast!] “C:\Program Files\Alwil Software\Avast4\ashDisp.exe” O4 - HKLM…\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKCU…\Run: [Yahoo! Pager] “D:\Program Files\Messenger\YahooMessenger.exe” -quiet O4 - Global Startup: RaConfig.lnk = C:\WINDOWS\system32\RaConfig.exe O4 - Global Startup: WlanUtility.lnk = C:\Program Files\MicroStar\WLANUtility\WlanUtility.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: Blokuj wszystkie obrazy z tego serwera - D:\PROGRA~1\Avant\AVANTB~1\AddAllToADBlackList.htm O8 - Extra context menu item: Dodaj do listy blokowanych reklam - D:\PROGRA~1\Avant\AVANTB~1\AddToADBlackList.htm O8 - Extra context menu item: Otwórz w nowym Avant Browser - D:\PROGRA~1\Avant\AVANTB~1\OpenInNewBrowser.htm O8 - Extra context menu item: Otwórz wszystkie adresy z tej strony… - D:\PROGRA~1\Avant\AVANTB~1\OpenAllLinks.htm O8 - Extra context menu item: Podświetl - D:\PROGRA~1\Avant\AVANTB~1\Highlight.htm O8 - Extra context menu item: Szukaj - D:\PROGRA~1\Avant\AVANTB~1\Search.htm O15 - Trusted Zone: http://skaner.mks.com.pl O16 - DPF: {92ECE6FA-AC2E-4042-BFAE-0C8608E52A43} (SignActivX Control) - https://www.bph.pl/pi/components/SignActivX.cab O17 - HKLM\System\CCS\Services\Tcpip…{19524DC6-FF31-482D-B64C-E0C2AE84897A}: NameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip…{720E7BD6-497D-4869-B8C1-A2E8DF934195}: NameServer = 192.168.0.1 O20 - Winlogon Notify: WgaLogon - WgaLogon.dll (file missing) O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
“Silent Runners.vbs”, revision 48, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by “{++}” Startup items buried in registry: --------------------------------- HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} “Yahoo! Pager” = ““D:\Program Files\Messenger\YahooMessenger.exe” -quiet” [“Yahoo! Inc.”] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} “SiS Tray” = “C:\WINDOWS\system32\sistray.EXE” [“Silicon Integrated Systems Corporation”] “SiS Windows KeyHook” = “C:\WINDOWS\system32\keyhook.exe” [“Silicon Integrated Systems Corporation”] “SiSUSBRG” = “C:\WINDOWS\SiSUSBrg.exe” [“Silicon Integrated Systems Corp.”] “NvMediaCenter” = “RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit” [MS] “NvCplDaemon” = “RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup” [MS] “avast!” = ““C:\Program Files\Alwil Software\Avast4\ashDisp.exe”” [null data] “NeroFilterCheck” = “C:\WINDOWS\system32\NeroCheck.exe” [“Ahead Software Gmbh”] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided) -> {HKLM…CLSID} = “AcroIEHlprObj Class” \InProcServer32(Default) = “C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll” [“Adobe Systems Incorporated”] {53707962-6F74-2D53-2644-206D7942484F}(Default) = (no title provided) -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\PROGRA~1\SPYBOT~1\SDHelper.dll” [“Safer Networking Limited”] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ “{0561EC90-CE54-4f0c-9C55-E226110A740C}” = “Haali Column Provider” -> {HKLM…CLSID} = “Haali Column Provider” \InProcServer32(Default) = “H:\kamera\Avi2Dvd\Programs\Filters\Haali media splitter\mmfinfo.dll” [null data] “{A155339D-CCCD-4714-85EB-3754B804C9DF}” = “a-squared Free Context Menu Shell Extension” -> {HKLM…CLSID} = “a-squared Free Context Menu” \InProcServer32(Default) = “D:\PROGRA~1\A-SQUA~1\A-SQUA~1\A2FREE~1.DLL” [“Emsi Software GmbH”] HKLM\Software\Classes\Folder\shellex\ColumnHandlers\ {0561EC90-CE54-4f0c-9C55-E226110A740C}(Default) = “Haali Column Provider” -> {HKLM…CLSID} = “Haali Column Provider” \InProcServer32(Default) = “H:\kamera\Avi2Dvd\Programs\Filters\Haali media splitter\mmfinfo.dll” [null data] HKLM\Software\Classes*\shellex\ContextMenuHandlers\ avast(Default) = “{472083B0-C522-11CF-8763-00608CC02F24}” -> {HKLM…CLSID} = “avast” \InProcServer32(Default) = “C:\Program Files\Alwil Software\Avast4\ashShell.dll” [“ALWIL Software”] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\Nowy folder\rarext.dll” [null data] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\Nowy folder\rarext.dll” [null data] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ a2FreeContMenu(Default) = “{A155339D-CCCD-4714-85EB-3754B804C9DF}” -> {HKLM…CLSID} = “a-squared Free Context Menu” \InProcServer32(Default) = “D:\PROGRA~1\A-SQUA~1\A-SQUA~1\A2FREE~1.DLL” [“Emsi Software GmbH”] avast(Default) = “{472083B0-C522-11CF-8763-00608CC02F24}” -> {HKLM…CLSID} = “avast” \InProcServer32(Default) = “C:\Program Files\Alwil Software\Avast4\ashShell.dll” [“ALWIL Software”] UnlockerShellExtension(Default) = “{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}” -> {HKLM…CLSID} = “UnlockerShellExtension” \InProcServer32(Default) = “C:\Program Files\Unlocker\UnlockerCOM.dll” [null data] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\Nowy folder\rarext.dll” [null data] Active Desktop and Wallpaper: ----------------------------- Active Desktop is disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState HKCU\Control Panel\Desktop\ “Wallpaper” = “C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp” Enabled Screen Saver: --------------------- HKCU\Control Panel\Desktop\ “SCRNSAVE.EXE” = “C:\WINDOWS\System32\logon.scr” [MS] Startup items in “user” & “All Users” startup folders: ------------------------------------------------------ C:\Documents and Settings\All Users\Menu Start\Programy\Autostart “RaConfig” -> shortcut to: “C:\WINDOWS\system32\RaConfig.exe” [“Ralink Technology, Corp.”] “WlanUtility” -> shortcut to: “C:\Program Files\MicroStar\WLANUtility\WlanUtility.exe” [empty string] Enabled Scheduled Tasks: ------------------------ “Symantec NetDetect” -> launches: “C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE” [file not found] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] 000000000002\LibraryPath = “%SystemRoot%\System32\winrnr.dll” [MS] 000000000003\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 27 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKLM\Software\Microsoft\Internet Explorer\Toolbar\ “{F5C93451-2609-4723-A053-5C19516BE1A8}” = “Share Accelerator Toolbar” -> {HKLM…CLSID} = “Share Accelerator Toolbar” \InProcServer32(Default) = “C:\Program Files\Share_Accelerator\tbShar.dll” [“Conduit Ltd.”] Explorer Bars HKCU\Software\Microsoft\Internet Explorer\Explorer Bars\ {21569614-B795-46B1-85F4-E737A8DC09AD}(Default) = (no title provided) -> {HKLM…CLSID} = “Shell Search Band” \InProcServer32(Default) = “C:\WINDOWS\system32\browseui.dll” [MS] Miscellaneous IE Hijack Points ------------------------------ HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\ Missing lines (compared with English-language version): “{f5c93451-2609-4723-a053-5c19516be1a8}” = (no title provided) -> {HKLM…CLSID} = “Share Accelerator Toolbar” \InProcServer32(Default) = “C:\Program Files\Share_Accelerator\tbShar.dll” [“Conduit Ltd.”] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ avast! Antivirus, avast! Antivirus, ““C:\Program Files\Alwil Software\Avast4\ashServ.exe”” [null data] avast! iAVS4 Control Service, aswUpdSv, ““C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe”” [null data] avast! Mail Scanner, avast! Mail Scanner, ““C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe” /service” [“ALWIL Software”] avast! Web Scanner, avast! Web Scanner, ““C:\Program Files\Alwil Software\Avast4\ashWebSv.exe” /service” [“ALWIL Software”] BrSplService, Brother XP spl Service, “C:\WINDOWS\system32\brsvc01a.exe” [“brother Industries Ltd”] NVIDIA Display Driver Service, NVSvc, “C:\WINDOWS\system32\nvsvc32.exe” [“NVIDIA Corporation”] Windows User Mode Driver Framework, UMWdf, “C:\WINDOWS\system32\wdfmgr.exe” [MS] ---------- + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + To search all directories of local fixed drives for DESKTOP.INI DLL launch points and all Registry CLSIDs for dormant Explorer Bars, use the -supp parameter or answer “No” at the first message box. ---------- (total run time: 43 seconds, including 18 seconds for message boxes)
Gutek
1 Luty 2007 12:11
#2
A wpisujesz Start >>> Uruchom >>> cmd i ipconfig /all ?
usuń wpis HJT
Juz poradzilem sobie z ipconfig /all
A co z procesami svchost.exe?
Myszak
1 Luty 2007 12:38
#4
Nic.
Nie zawsze jest 5 svchostów - czasem więcej czasem mniej ale to jest ciągle ten sam plik odpowiedzialny za różne usługi.
usunąłem wpis
Przeskanowalem on-line kompa, nie za bardzo mi to pomoglo, więc przywrócilem system do stanu sprzed 5 dni.
Teraz dziala, choć nie wiem czemu nie działało.
