Problem z zasobnikiem systemowym


(Tiutia) #1

Pomocy! Wcięło mi zasobnik systemowy.Nie mogę również otworzyć regedit.Okno otwiera się na moment i znika. Win XP:-(


(Stachan) #2

a przywracanie systemu?


(Tiutia) #3

Nie ma punktu przywracania z powodu miejsca na dysku.


(lazikar) #4

andrew spokojnie opisz problem dokładnie podając wszystkie informacje. Chodzi mi o ewentualne info które się pojawia i czy stało to się po czymś czy tak samo z siebie.


(Tiutia) #5

To się stało po próbie otwarcia aplikacji ściągniętej Shareazą :frowning:


(JNJN) #6

Podgląd zdarzeń i jakie błędy zobacz.

Podejrzewam szkodniki scan kompa.

http://www.centrumxp.pl/forum/viewtopic ... 533#159533

Później z uruchom komenda sfc /scannow ,po sfc spacja.

Włóż płyte z XP do napędu.


(Tiutia) #7

Zero reakcji po tych zabiegach.

Może to jakaś wskazówka w autostarcie (CodeStufStarter) nie ma żadnego wpisu z systray.exe tak jak w Win98.

Załączam log hijackhits:

Logfile of HijackThis v1.99.0

Scan saved at 22:35:53, on 2005-01-15

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:

D:\WINDOWS\System32\smss.exe

D:\WINDOWS\SYSTEM32\winlogon.exe

D:\WINDOWS\system32\services.exe

D:\WINDOWS\system32\lsass.exe

D:\WINDOWS\system32\svchost.exe

D:\WINDOWS\System32\svchost.exe

D:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

D:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

D:\WINDOWS\Explorer.EXE

D:\WINDOWS\system32\spoolsv.exe

c:\windows\system32\srvany.exe

c:\windows\system32\scvhost.exe

E:\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe

D:\PROGRA~1\A4Tech\Mouse\Amoumain.exe

D:\WINDOWS\System32\RUNDLL32.EXE

D:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe

D:\Program Files\SlySoft\CloneCD\CloneCDTray.exe

D:\program files\antydialer tp\antydialertp.exe

E:\NORTON~2\NORTON~1\NPROTECT.EXE

D:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe

D:\Program Files\cFosSpeed\cFosSpeed.exe

D:\Program Files\Common Files\Symantec Shared\ccApp.exe

D:\WINDOWS\System32\nvsvc32.exe

D:\WINDOWS\System32\cmd64.exe

D:\WINDOWS\winIogon.exe

E:\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE

D:\Program Files\Shareaza\Shareaza.exe

D:\WINDOWS\System32\svchost.exe

D:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

D:\Program Files\ScannerU\AM32.exe

D:\PROGRA~1\INCRED~1\bin\IMAPP.EXE

D:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe

D:\Program Files\WinZip\WZQKPICK.EXE

D:\Program Files\GetRight\getright.exe

D:\Program Files\GetRight\getright.exe

D:\Program Files\Corel\Graphics9\Register\Remind32.exe

C:\WINDOWS\SYSTEM32\WinIogon.exe

C:\WINDOWS\system32\winlogin.exe

C:\WINDOWS\SYSTEM32\Winapp32.exe

D:\Program Files\Microsoft Office\Office\1045\msoffice.exe

D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

D:\WINDOWS\System32\wuauclt.exe

D:\Program Files\MYIE2\MyIE.exe

E:\Norton SystemWorks\Norton AntiVirus\navapsvc.exe

D:\WINDOWS\explorer.exe

F:\DLL\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.couldnotfind.com/search_page ... _id=138256

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.couldnotfind.com/search_page ... _id=138256

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.couldnotfind.com/search_page ... _id=138256

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.komputerswiat.pl/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

R3 - Default URLSearchHook is missing

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - D:\Program Files\GetRight\xx2gr.dll

O2 - BHO: Local Spool Net support DLL - {41943050-65CC-454B-81E4-9C8A9D7CBAEA} - D:\WINDOWS\System32\localsplnet.dll

O2 - BHO: ohb - {4D568F0F-8AC9-40AB-88B7-415134C78777} - (no file)

O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - D:\Program Files\FlashGet\jccatch.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar1.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - E:\Norton SystemWorks\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - D:\PROGRA~1\FLASHGET\fgiebar.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar1.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: (no name) - {52FE5233-367C-4EFB-BDD7-0BE4D212C107} - (no file)

O3 - Toolbar: Underground Toolbar - {CCA00000-0000-0000-0000-000000000000} - D:\PROGRA~1\UNDERG~1\update.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - E:\Norton SystemWorks\Norton AntiVirus\NavShExt.dll

O4 - HKLM..\Run: [WheelMouse] D:\PROGRA~1\A4Tech\Mouse\Amoumain.exe

O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM..\Run: [AdaptecDirectCD] "D:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"

O4 - HKLM..\Run: [CloneCDTray] "D:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s

O4 - HKLM..\Run: [AntyDialerTP] "d:\program files\antydialer tp\antydialertp.exe" tray

O4 - HKLM..\Run: [VirtualCloneDrive] "D:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s

O4 - HKLM..\Run: [cFosSpeed] D:\Program Files\cFosSpeed\cFosSpeed.exe

O4 - HKLM..\Run: [ccApp] "D:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM..\Run: [sSC_UserPrompt] D:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe

O4 - HKLM..\Run: [symantec NetDriver Monitor] D:\PROGRA~1\SYMNET~1\SNDMon.exe

O4 - HKLM..\Run: [ControlPanel] D:\WINDOWS\System32\cmd64.exe internat.dll,LoadKeyboardProfile

O4 - HKLM..\Run: [winIogon] winIogon.exe

O4 - HKCU..\Run: [incrediMail] D:\PROGRA~1\INCRED~1\bin\IncMail.exe /c

O4 - HKCU..\Run: [shareaza] "D:\Program Files\Shareaza\Shareaza.exe" -tray

O4 - HKCU..\Run: [Norton SystemWorks] "E:\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz

O4 - Startup: Rejestrowanie produktów Corela.lnk = D:\Program Files\Corel\Graphics9\Register\Remind32.exe

O4 - Startup: Favorites.lnk = C:\WINDOWS\SYSTEM32\WinIogon.exe

O4 - Startup: History.lnk = C:\WINDOWS\system32\winlogin.exe

O4 - Startup: Internet Explorer.lnk = C:\WINDOWS\SYSTEM32\Winapp32.exe

O4 - Startup: Windows Media Player.lnk = C:\WINDOWS\SYSTEM32\sc.bat

O4 - Global Startup: Action Manager 32.lnk = D:\Program Files\ScannerU\AM32.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: DSLMON.lnk = D:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe

O4 - Global Startup: WinZip Quick Pick.lnk = D:\Program Files\WinZip\WZQKPICK.EXE

O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: GetRight - Tray Icon.lnk = D:\Program Files\GetRight\getright.exe

O8 - Extra context menu item: &Add animation to IncrediMail Style Box - D:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm

O8 - Extra context menu item: &Google Search - res://D:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: &Szukaj w NetSprint.pl - res://D:\Program Files\NetSprint Toolbar\toolbar.dll/SEARCH.HTML

O8 - Extra context menu item: Backward &Links - res://D:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Cac&hed Snapshot of Page - res://D:\Program Files\Google\GoogleToolbar1.dll/cmcache.html

O8 - Extra context menu item: Download with GetRight - D:\Program Files\GetRight\GRdownload.htm

O8 - Extra context menu item: Open with GetRight Browser - D:\Program Files\GetRight\GRbrowse.htm

O8 - Extra context menu item: Si&milar Pages - res://D:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Translate into English - res://D:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html

O8 - Extra context menu item: Ściągnij przy pomocy FlashGet'a - D:\Program Files\FlashGet\jc_link.htm

O8 - Extra context menu item: Ściągnij wszystko przy pomocy FlashGet'a - D:\Program Files\FlashGet\jc_all.htm

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINDOWS\web\related.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINDOWS\web\related.htm

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Program Files\FlashGet\flashget.exe

O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Program Files\FlashGet\flashget.exe

O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {07E9CDF4-20D2-46B1-B681-663968F527CE} - http://www.begin2search.com/toolbar/bar/winb2s32.cab

O16 - DPF: {11111111-1111-1111-1111-111191113457} -

O16 - DPF: {11111111-1111-1111-1111-511111193457} -

O16 - DPF: {11111111-1111-1111-1111-511111193458} -

O16 - DPF: {14A3221B-1678-1982-A355-7263B1281987} -

O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/Downl ... ge-c11.cab

O16 - DPF: {386A771C-E96A-421F-8BA7-32F1B706892F} - http://www.xxxtoolbar.com/ist/softwares ... _adult.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v ... 3566284056

O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://skaner.mks.com.pl/SkanerOnline.cab

O17 - HKLM\System\CCS\Services\Tcpip..{FC27C0E7-E66A-4829-B69E-706413743A36}: NameServer = 194.204.152.34 217.98.63.164

O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34545} - D:\WINDOWS\System32\vbsys2.dll

O23 - Service: Symantec Event Manager - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: Norton AntiVirus Auto-Protect Service - Symantec Corporation - E:\Norton SystemWorks\Norton AntiVirus\navapsvc.exe

O23 - Service: NetManager - Unknown - c:\windows\system32\srvany.exe

O23 - Service: Norton AntiVirus Firewall Monitor Service - Symantec Corporation - E:\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe

O23 - Service: Norton Unerase Protection - Symantec Corporation - E:\NORTON~2\NORTON~1\NPROTECT.EXE

O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - D:\WINDOWS\System32\nvsvc32.exe

O23 - Service: SAVScan - Symantec Corporation - E:\Norton SystemWorks\Norton AntiVirus\SAVScan.exe

O23 - Service: ScriptBlocking Service - Symantec Corporation - D:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: Symantec Network Drivers Service - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Speed Disk service - Symantec Corporation - E:\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE

O23 - Service: Symantec Core LC - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe


(Damian) #8

No pięnie zapuszczony komputer :? :?

Te usuń ręcznie:

c:\windows\system32\scvhost.exe

C:\WINDOWS\system32\winlogin.exe

C:\WINDOWS\SYSTEM32\Winapp32.exe

O4 - Startup: History.lnk = C:\WINDOWS\system32\winlogin.exe(start>uruchom>msconfig>uruchamianie>odhaczykuj wpis)

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.couldnotfind.com/search_page.html?&account_id=138256

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.couldnotfind.com/search_page.html?&account_id=138256

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.couldnotfind.com/search_page.html?&account_id=138256

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.komputerswiat.pl/

R3 - Default URLSearchHook is missing

O2 - BHO: Local Spool Net support DLL - {41943050-65CC-454B-81E4-9C8A9D7CBAEA} - D:\WINDOWS\System32\localsplnet.dll

O2 - BHO: ohb - {4D568F0F-8AC9-40AB-88B7-415134C78777} - (no file)

O3 - Toolbar: (no name) - {52FE5233-367C-4EFB-BDD7-0BE4D212C107} - (no file)

O4 - Startup: Internet Explorer.lnk = C:\WINDOWS\SYSTEM32\Winapp32.exe

O4 - Startup: Windows Media Player.lnk = C:\WINDOWS\SYSTEM32\sc.bat

O8 - Extra context menu item: &Szukaj w NetSprint.pl - res://D:\Program Files\NetSprint Toolbar\toolbar.dll/SEARCH.HTML

O16 - DPF: {07E9CDF4-20D2-46B1-B681-663968F527CE} - http://www.begin2search.com/toolbar/bar/winb2s32.cab

O16 - DPF: {11111111-1111-1111-1111-111191113457} -

O16 - DPF: {11111111-1111-1111-1111-511111193457} -

O16 - DPF: {11111111-1111-1111-1111-511111193458} -

O16 - DPF: {14A3221B-1678-1982-A355-7263B1281987} -

O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/DownloadsUnlimited/ie/bridge-c11.cab

O16 - DPF: {386A771C-E96A-421F-8BA7-32F1B706892F} - http://www.xxxtoolbar.com/ist/softwares/v4.0/0006_adult.cab

O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34545} - D:\WINDOWS\System32\vbsys2.dll

Tego nie znam:

D:\WINDOWS\System32\cmd64.exe

O4 - HKLM..\Run: [ControlPanel] D:\WINDOWS\System32\cmd64.exe internat.dll,LoadKeyboardProfile

Ten też chyba jakiś fałszywy:

C:\WINDOWS\SYSTEM32\WinIogon.exe

O4 - HKLM..\Run: [winIogon] winIogon.exe

O4 - Startup: Favorites.lnk = C:\WINDOWS\SYSTEM32\WinIogon.exe

Jak usuniesz co podałem to konieczny skan tymi:

:arrow: CWShredder 2.1

:arrow: Spybot Search & Destroy 1.3

:arrow: Ad-aware SE Personal 1.05

Potem wklej jeszcze raz loga.

I zainstaluj sobie człowieku jakiegoś Service Packa :roll:

Najlepiej SP2


(Tiutia) #9

Bardzo dziękuję wszystkim! Poddałem się i zrobiłem reinstall. :? :? :?