Proszę o sprawdzenie loga


(system) #1

Wszystki programy bardzo wolno sie uruchamiają, nie wiem co jest z tym kompem jaka jest tego przyczyna??

Logfile of HijackThis v1.99.1

Scan saved at 17:23:27, on 2005-11-13

Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)


Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\SYSTEM32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\ntvdm.exe

C:\Program Files\Analog Devices\SoundMAX\SMTray.exe

C:\Program Files\ABBYY FineReader 7.0 Professional Edition\AbbyyNewsReader.exe

D:\CloneCD\CloneCDTray.exe

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\Program Files\Winamp\winampa.exe

C:\Program Files\WinFast\WFTVFM\WFWIZ.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\ArcaVir\Bin\ABmenu.exe

C:\Program Files\ArcaVir\Bin\ABregmon.exe

C:\WINDOWS\ixproxy.exe

C:\WINDOWS\System32\ctfmon.exe

C:\Program Files\RivChat2\RivChat.exe

C:\WINDOWS\system32\PDFSaver.exe

C:\Program Files\ArcaVir\Bin\NetMonSv.exe

C:\Program Files\ArcaVir\Bin\avmonsv.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindService.exe

C:\Program Files\ArcaVir\Bin\arcascan.exe

C:\Program Files\Avant Browser\avant.exe

C:\DOCUME~1\Marcin_\USTAWI~1\Temp\_tc\HijackThis.exe


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

R3 - Default URLSearchHook is missing

F3 - REG:win.ini: load=D:\YDPDict\watch.exe

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [WinDVRCtrl] C:\WINDOWS\WDVRCtrl.exe

O4 - HKLM\..\Run: [ScanRegistry] C:\W

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [FineReader7NewsReaderPro] C:\Program Files\ABBYY FineReader 7.0 Professional Edition\AbbyyNewsReader.exe

O4 - HKLM\..\Run: [CloneCDTray] "D:\CloneCD\CloneCDTray.exe" /s

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe

O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFTVFM\WFWIZ.exe

O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [ABmenu] C:\Program Files\ArcaVir\Bin\ABmenu.exe

O4 - HKLM\..\Run: [ABREGMON] C:\Program Files\ArcaVir\Bin\ABregmon.exe

O4 - HKLM\..\Run: [ixproxy] C:\WINDOWS\ixproxy.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [RivChat] C:\Program Files\RivChat2\RivChat.exe

O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide

O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray

O4 - HKCU\..\Run: [AutoUpdate] C:\Documents and Settings\Marcin_\Pulpit\Serials3k\s3k_autoupdate.exe

O4 - HKCU\..\Run: [aupd] C:\WINDOWS\System32\sysvcs.exe

O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe

O4 - HKCU\..\Run: [ixproxy] C:\WINDOWS\ixproxy.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O8 - Extra context menu item: Blokuj wszystkie obrazy z tego serwera - C:\Program Files\Avant Browser\AddAllToADBlackList.htm

O8 - Extra context menu item: Dodaj do listy blokowanych reklam - C:\Program Files\Avant Browser\AddToADBlackList.htm

O8 - Extra context menu item: Otwórz wszystkie adresy z tej strony... - C:\Program Files\Avant Browser\OpenAllLinks.htm

O8 - Extra context menu item: Podświetl - C:\Program Files\Avant Browser\Highlight.htm

O8 - Extra context menu item: Szukaj - C:\Program Files\Avant Browser\Search.htm

O15 - Trusted Zone: *.skoobidoo.com

O15 - Trusted Zone: *.windupdates.com

O15 - Trusted IP range: 81.222.131.59

O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab

O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1127721385421

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1127721368859

O16 - DPF: {8626DFA9-2BAC-4BDA-8663-8DAA0F942C0D} - http://megapanel.gem.pl/temp/netp/1719/7319/4049/0600/5_1719731940490600.ocx

O16 - DPF: {92ECE6FA-AC2E-4042-BFAE-0C8608E52A43} (SignActivX Control) - https://www.bph.pl/pi/components/SignActivX.cab

O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsecurity.com/trojanscan/axscan.cab

O16 - DPF: {E36C5562-C4E0-4220-BCB2-1C671E3A5916} (Seagate SeaTools English Online) - http://www.seagate.com/support/disc/asp/tools/en/bin/npseatools.cab

O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://skaner.mks.com.pl/SkanerOnline.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{61340E54-3D70-4B87-B0CF-DB83F414587B}: NameServer = 194.204.159.1,194.204.152.34

O23 - Service: ArcaBit NetMonitor (ABNetMon) - ArcaBit sp. z o.o. - C:\Program Files\ArcaVir\Bin\NetMonSv.exe

O23 - Service: ArcaVir Monitor (ArcaMonSvc) - ArcaBit - C:\Program Files\ArcaVir\Bin\avmonsv.exe

O23 - Service: ArcaScan - ArcaBit - C:\Program Files\ArcaVir\Bin\arcascan.exe

O23 - Service: arcaserv - ArcaBit Sp. z o. o. - C:\Program Files\ArcaVir\bin\arcaserv.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindService.exe

O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

(Gutek) #2
  1. Wyłączyć Przywracanie systemu w XP TU

  2. Zastartować do trybu awaryjnego bez internetu(opis w linku wyżej).

  3. Zaznaczyć wskazane wpisy w Hijacku i kliknąć Fix checked. Wpisy zostaną usunięte. Dodatkowo O15 może będzie stawiać opór więc ściągnij KillTrusted 0.7

  4. Skasować z dysku pliki i foldery, które podkreśliłem na czerwono

  5. Dokończyć skanerami online - Scanery do wyboru

  6. Pokazać nowy log :stuck_out_tongue:

Poczytaj o usuwaniu SpySheriff


(system) #3

Usunięte ale nadal jest problem.

Problem jest w tym, że proses svchost.exe używa prawie 100% procesora.

Dopiero po jego wyłączeniu komp zaczyna poprawnie pracować.

Jak sie tego pozbyć.

Z góry dziekuję za pomoc.

Logfile of HijackThis v1.99.1

Scan saved at 08:20:30, on 2005-11-14

Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)


Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\SYSTEM32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\ntvdm.exe

C:\Program Files\ABBYY FineReader 7.0 Professional Edition\AbbyyNewsReader.exe

D:\CloneCD\CloneCDTray.exe

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\Program Files\Winamp\winampa.exe

C:\Program Files\WinFast\WFTVFM\WFWIZ.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\ArcaVir\Bin\ABmenu.exe

C:\Program Files\ArcaVir\Bin\ABregmon.exe

C:\WINDOWS\System32\ctfmon.exe

C:\Program Files\RivChat2\RivChat.exe

C:\Program Files\Gadu-Gadu\gg.exe

C:\Program Files\ArcaVir\Bin\avmonsv.exe

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindService.exe

C:\WINDOWS\System32\wdfmgr.exe

C:\Program Files\ArcaVir\Bin\arcascan.exe

C:\WINDOWS\System32\wuauclt.exe

C:\Program Files\Avant Browser\avant.exe

C:\totalcmd\TOTALCMD.EXE

C:\DOCUME~1\Marcin_\USTAWI~1\Temp\_tc\HijackThis.exe


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

F2 - REG:system.ini: Shell=explorer.exe 

F3 - REG:win.ini: load=D:\YDPDict\watch.exe

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [WinDVRCtrl] C:\WINDOWS\WDVRCtrl.exe

O4 - HKLM\..\Run: [ScanRegistry] C:\W

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [FineReader7NewsReaderPro] C:\Program Files\ABBYY FineReader 7.0 Professional Edition\AbbyyNewsReader.exe

O4 - HKLM\..\Run: [CloneCDTray] "D:\CloneCD\CloneCDTray.exe" /s

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe

O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFTVFM\WFWIZ.exe

O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [ABmenu] C:\Program Files\ArcaVir\Bin\ABmenu.exe

O4 - HKLM\..\Run: [ABREGMON] C:\Program Files\ArcaVir\Bin\ABregmon.exe

O4 - HKLM\..\Run: [adtech2005] C:\windows\adtech2005.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [RivChat] C:\Program Files\RivChat2\RivChat.exe

O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide

O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray

O4 - HKCU\..\Run: [AutoUpdate] C:\Documents and Settings\Marcin_\Pulpit\Serials3k\s3k_autoupdate.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O8 - Extra context menu item: Blokuj wszystkie obrazy z tego serwera - C:\Program Files\Avant Browser\AddAllToADBlackList.htm

O8 - Extra context menu item: Dodaj do listy blokowanych reklam - C:\Program Files\Avant Browser\AddToADBlackList.htm

O8 - Extra context menu item: Otwórz wszystkie adresy z tej strony... - C:\Program Files\Avant Browser\OpenAllLinks.htm

O8 - Extra context menu item: Podświetl - C:\Program Files\Avant Browser\Highlight.htm

O8 - Extra context menu item: Szukaj - C:\Program Files\Avant Browser\Search.htm

O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab

O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1127721385421

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1127721368859

O16 - DPF: {8626DFA9-2BAC-4BDA-8663-8DAA0F942C0D} - http://megapanel.gem.pl/temp/netp/1719/7319/4049/0600/5_1719731940490600.ocx

O16 - DPF: {92ECE6FA-AC2E-4042-BFAE-0C8608E52A43} (SignActivX Control) - https://www.bph.pl/pi/components/SignActivX.cab

O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsecurity.com/trojanscan/axscan.cab

O16 - DPF: {E36C5562-C4E0-4220-BCB2-1C671E3A5916} (Seagate SeaTools English Online) - http://www.seagate.com/support/disc/asp/tools/en/bin/npseatools.cab

O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://skaner.mks.com.pl/SkanerOnline.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{61340E54-3D70-4B87-B0CF-DB83F414587B}: NameServer = 194.204.159.1,194.204.152.34

O21 - SSODL: SysTray.Exys - {7368D5FC-6F5C-4f5b-B964-E67214F67852} - C:\WINDOWS\System32\lnhjembh.dll

O23 - Service: ArcaBit NetMonitor (ABNetMon) - Unknown owner - C:\Program Files\ArcaVir\Bin\NetMonSv.exe (file missing)

O23 - Service: ArcaVir Monitor (ArcaMonSvc) - ArcaBit - C:\Program Files\ArcaVir\Bin\avmonsv.exe

O23 - Service: ArcaScan - ArcaBit - C:\Program Files\ArcaVir\Bin\arcascan.exe

O23 - Service: arcaserv - ArcaBit Sp. z o. o. - C:\Program Files\ArcaVir\bin\arcaserv.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindService.exe

O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

(Gutek) #4
  1. Wyłączyć Przywracanie systemu w XP TU

  2. Zastartować do trybu awaryjnego bez internetu(opis w linku wyżej).

  3. Zaznaczyć wskazane wpisy w Hijacku i kliknąć Fix checked. Wpisy zostaną usunięte.

  4. Skasować z dysku pliki, które podkreśliłem na czerwono

  5. Pokazać nowy log :stuck_out_tongue:


(system) #5

Problem jest dalej :frowning:

Logfile of HijackThis v1.99.1

Scan saved at 07:50:30, on 2005-11-15

Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)


Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\SYSTEM32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\ntvdm.exe

C:\Program Files\ABBYY FineReader 7.0 Professional Edition\AbbyyNewsReader.exe

D:\CloneCD\CloneCDTray.exe

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\Program Files\Winamp\winampa.exe

C:\Program Files\WinFast\WFTVFM\WFWIZ.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\ArcaVir\Bin\ABmenu.exe

C:\Program Files\ArcaVir\Bin\ABregmon.exe

C:\WINDOWS\System32\ctfmon.exe

C:\Program Files\RivChat2\RivChat.exe

C:\Program Files\Gadu-Gadu\gg.exe

C:\Program Files\ArcaVir\Bin\avmonsv.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindService.exe

C:\totalcmd\TOTALCMD.EXE

C:\Program Files\ArcaVir\Bin\arcascan.exe

C:\WINDOWS\System32\wuauclt.exe

C:\DOCUME~1\Marcin_\USTAWI~1\Temp\_tc\HijackThis.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

F3 - REG:win.ini: load=D:\YDPDict\watch.exe

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [WinDVRCtrl] C:\WINDOWS\WDVRCtrl.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [FineReader7NewsReaderPro] C:\Program Files\ABBYY FineReader 7.0 Professional Edition\AbbyyNewsReader.exe

O4 - HKLM\..\Run: [CloneCDTray] "D:\CloneCD\CloneCDTray.exe" /s

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe

O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFTVFM\WFWIZ.exe

O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [ABmenu] C:\Program Files\ArcaVir\Bin\ABmenu.exe

O4 - HKLM\..\Run: [ABREGMON] C:\Program Files\ArcaVir\Bin\ABregmon.exe

O4 - HKLM\..\Run: [adtech2005] C:\windows\adtech2005.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [RivChat] C:\Program Files\RivChat2\RivChat.exe

O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide

O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray

O4 - HKCU\..\Run: [AutoUpdate] C:\Documents and Settings\Marcin_\Pulpit\Serials3k\s3k_autoupdate.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab

O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1127721385421

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1127721368859

O16 - DPF: {8626DFA9-2BAC-4BDA-8663-8DAA0F942C0D} - http://megapanel.gem.pl/temp/netp/1719/7319/4049/0600/5_1719731940490600.ocx

O16 - DPF: {92ECE6FA-AC2E-4042-BFAE-0C8608E52A43} (SignActivX Control) - https://www.bph.pl/pi/components/SignActivX.cab

O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsecurity.com/trojanscan/axscan.cab

O16 - DPF: {E36C5562-C4E0-4220-BCB2-1C671E3A5916} (Seagate SeaTools English Online) - http://www.seagate.com/support/disc/asp/tools/en/bin/npseatools.cab

O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://skaner.mks.com.pl/SkanerOnline.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{61340E54-3D70-4B87-B0CF-DB83F414587B}: NameServer = 194.204.159.1,194.204.152.34

O23 - Service: ArcaBit NetMonitor (ABNetMon) - Unknown owner - C:\Program Files\ArcaVir\Bin\NetMonSv.exe (file missing)

O23 - Service: ArcaVir Monitor (ArcaMonSvc) - ArcaBit - C:\Program Files\ArcaVir\Bin\avmonsv.exe

O23 - Service: ArcaScan - ArcaBit - C:\Program Files\ArcaVir\Bin\arcascan.exe

O23 - Service: arcaserv - ArcaBit Sp. z o. o. - C:\Program Files\ArcaVir\bin\arcaserv.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindService.exe

O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

(Gutek) #6

Start >>> Programy >>> Autostart >>> kasacja z prawokliku.

Start >>> Uruchom >>> msconfig >>> w zakładce Uruchamianie wyłącz te wpisy.

Panel sterowania >>> Ustawienia regionalne >>> Języki >>> Detale >>> Zaawansowane >>> odznaczyć usługi tekstowe, zrób tak jeżeli nie używasz innych języków przy pisaniu

Defragmentacja kiedy była robiona?


(system) #7

Nic nie pomogło dalej dopóki w menadzeże zadań nie wyłącze tego svchost.exe (zajmuje ok.90%CPU) wszystko tak zwalnia, że nic nie da się nic zrobić na kompie.:frowning: :frowning:

Defrag. była robiona z 2 miesiace temu.

Logfile of HijackThis v1.99.1

Scan saved at 15:34:37, on 2005-11-15

Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)


Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\SYSTEM32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\ntvdm.exe

C:\Program Files\ABBYY FineReader 7.0 Professional Edition\AbbyyNewsReader.exe

C:\Program Files\WinFast\WFTVFM\WFWIZ.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\ArcaVir\Bin\ABmenu.exe

C:\Program Files\ArcaVir\Bin\ABregmon.exe

C:\Program Files\RivChat2\RivChat.exe

C:\Program Files\Gadu-Gadu\gg.exe

C:\Program Files\ArcaVir\Bin\avmonsv.exe

C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindService.exe

C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe

C:\Program Files\ArcaVir\Bin\arcascan.exe

C:\Documents and Settings\Marcin_\Pulpit\HijackThis.exe

C:\WINDOWS\System32\wuauclt.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

F3 - REG:win.ini: load=D:\YDPDict\watch.exe

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [FineReader7NewsReaderPro] C:\Program Files\ABBYY FineReader 7.0 Professional Edition\AbbyyNewsReader.exe

O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFTVFM\WFWIZ.exe

O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [ABmenu] C:\Program Files\ArcaVir\Bin\ABmenu.exe

O4 - HKLM\..\Run: [ABREGMON] C:\Program Files\ArcaVir\Bin\ABregmon.exe

O4 - HKLM\..\Run: [adtech2005] C:\windows\adtech2005.exe

O4 - HKCU\..\Run: [RivChat] C:\Program Files\RivChat2\RivChat.exe

O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide

O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray

O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab

O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1127721385421

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1127721368859

O16 - DPF: {7C559105-9ECF-42B8-B3F7-832E75EDD959} (Installer Class) - http://www.tbcode.com/ist/softwares/v4.0/0006_regular.cab

O16 - DPF: {8626DFA9-2BAC-4BDA-8663-8DAA0F942C0D} - http://megapanel.gem.pl/temp/netp/1719/7319/4049/0600/5_1719731940490600.ocx

O16 - DPF: {92ECE6FA-AC2E-4042-BFAE-0C8608E52A43} (SignActivX Control) - https://www.bph.pl/pi/components/SignActivX.cab

O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsecurity.com/trojanscan/axscan.cab

O16 - DPF: {E36C5562-C4E0-4220-BCB2-1C671E3A5916} (Seagate SeaTools English Online) - http://www.seagate.com/support/disc/asp/tools/en/bin/npseatools.cab

O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://skaner.mks.com.pl/SkanerOnline.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{61340E54-3D70-4B87-B0CF-DB83F414587B}: NameServer = 194.204.159.1,194.204.152.34

O23 - Service: ArcaBit NetMonitor (ABNetMon) - Unknown owner - C:\Program Files\ArcaVir\Bin\NetMonSv.exe (file missing)

O23 - Service: ArcaVir Monitor (ArcaMonSvc) - ArcaBit - C:\Program Files\ArcaVir\Bin\avmonsv.exe

O23 - Service: ArcaScan - ArcaBit - C:\Program Files\ArcaVir\Bin\arcascan.exe

O23 - Service: arcaserv - ArcaBit Sp. z o. o. - C:\Program Files\ArcaVir\bin\arcaserv.exe

O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindService.exe

O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

(Gutek) #8

tylko jeszcze błachostka do usunięcia

Poczytaj http://www.searchengines.pl/phpbb203/in … topic=5989


(system) #9

No niestety jeszcze cos musi być bo dalej jest to samo :frowning: :frowning:


(Gutek) #10

Własnie że nie ma syfu, ale na wszelki wypadek daj LOG z Silent Runners


(system) #11

A oto log z Silent Runners:

"Silent Runners.vbs", revision 41, http://www.silentrunners.org/

Operating System: Windows XP

Output limited to non-default values, except where indicated by "{++}"



Startup items buried in registry:

---------------------------------


HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}

"RivChat" = "C:\Program Files\RivChat2\RivChat.exe" [null data]

"STYLEXP" = "C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide" [empty string]

"Gadu-Gadu" = ""C:\Program Files\Gadu-Gadu\gg.exe" /tray" ["sms-express.com"]


HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}

"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup" [MS]

"NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit" [MS]

"FineReader7NewsReaderPro" = "C:\Program Files\ABBYY FineReader 7.0 Professional Edition\AbbyyNewsReader.exe" ["ABBYY (BIT Software)"]

"WinFast Schedule" = "C:\Program Files\WinFast\WFTVFM\WFWIZ.exe" ["Leadtek Research Inc."]

"SoundMan" = "SOUNDMAN.EXE" ["Realtek Semiconductor Corp."]

"ABmenu" = "C:\Program Files\ArcaVir\Bin\ABmenu.exe" ["ArcaBit"]

"ABREGMON" = "C:\Program Files\ArcaVir\Bin\ABregmon.exe" ["ArcaBit"]

"adtech2005" = "C:\windows\adtech2005.exe" [file not found]


HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx\ {++}

"Flag" = 2


HKLM\Software\Microsoft\Active Setup\Installed Components\

{306D6C21-C1B6-4629-986C-E59E1875B8AF}\(Default) = (no title provided)

                                       \StubPath = ""C:\WINDOWS\System32\rundll32.exe" "C:\Program Files\Messenger\msgsc.dll",ShowIconsUser" [MS]


HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"

  -> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found]

"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]

"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\nvcpl.dll" ["NVIDIA Corporation"]

"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\nvcpl.dll" ["NVIDIA Corporation"]

"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]

"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]

"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]

"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"

  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

"{32020A01-506E-484D-A2A8-BE3CF17601C3}" = "AlcoholShellEx"

  -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\ALCOHO~1\ALCOHO~1\AXShlEx.dll" ["Alcohol Soft Development Team"]

"{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\Audiodev.dll" [MS]

"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\Audiodev.dll" [MS]


HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\

INFECTION WARNING! "load" = "D:\YDPDict\watch.exe" [null data]


HKLM\Software\Classes\*\shellex\ContextMenuHandlers\

ArcaVir\(Default) = "{39D48A26-EB1E-494c-973B-DDF4B2BEFE3F}"

  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\ArcaVir\Bin\ArcaShl.dll" [null data]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]


HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]


HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\

ArcaVir\(Default) = "{39D48A26-EB1E-494c-973B-DDF4B2BEFE3F}"

  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\ArcaVir\Bin\ArcaShl.dll" [null data]

FineReader\(Default) = "{AC0DD14A-8F29-4F88-BE1D-0F0ED1B06C9F}"

  -> {CLSID}\InProcServer32\(Default) = "c:\program files\abbyy finereader 7.0 professional edition\fecmenu.dll" ["ABBYY (BIT Software)"]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]



Active Desktop and Wallpaper:

-----------------------------


Active Desktop is disabled at this entry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState


HKCU\Control Panel\Desktop\

"Wallpaper" = "C:\Documents and Settings\Marcin_\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"



Enabled Screen Saver:

---------------------


HKCU\Control Panel\Desktop\

"SCRNSAVE.EXE" = "C:\WINDOWS\System32\logon.scr" [MS]



Winsock2 Service Provider DLLs:

-------------------------------


Namespace Service Providers


HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}

000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]

000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]


Transport Service Providers


HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}

0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:

%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 13

%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05



Running Services (Display Name, Service Name, Path {Service DLL}):

------------------------------------------------------------------


ArcaScan, ArcaScan, "C:\Program Files\ArcaVir\Bin\arcascan.exe" ["ArcaBit"]

ArcaVir Monitor, ArcaMonSvc, "C:\Program Files\ArcaVir\Bin\avmonsv.exe" ["ArcaBit"]

Kerio Personal Firewall 4, KPF4, ""C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe"" ["Kerio Technologies"]

NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\System32\nvsvc32.exe" ["NVIDIA Corporation"]

SoundMAX Agent Service, SoundMAX Agent Service (default), "C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe" ["Analog Devices, Inc."]

StarWind iSCSI Service, StarWindService, "C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindService.exe" ["Rocket Division Software"]

StyleXPService, StyleXPService, ""C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe"" [empty string]

Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\System32\wdfmgr.exe" [MS]



Print Monitors:

---------------


HKLM\System\CurrentControlSet\Control\Print\Monitors\

PDF-XChange\Driver = "pxc25pm.dll" ["Tracker Software"]



----------

+ This report excludes default entries except where indicated.

+ To see *everywhere* the script checks and *everything* it finds,

  launch it from a command prompt or a shortcut with the -all parameter.

+ To search all directories of local fixed drives for DESKTOP.INI

  DLL launch points and all Registry CLSIDs for dormant Explorer Bars,

  use the -supp parameter or answer "No" at the first message box.

---------- (total run time: 56 seconds, including 9 seconds for message boxes)

(Gutek) #12

No juz nie wiem co moze jeszcze byc, komp czysty :frowning:

A jakie masz parametry, znaczy się sprzęt?


(system) #13

Athlon xp 2400

pamiec 256Mb

dysk 80 Caviar

Asus A7V8X

gf4 mx 440

ale co to ma do tego


(Gutek) #14

MOżemy jeszcze aby nie jadł pamieci wyłaczyć: Start >>> Uruchom >>> services.msc >>> zatrzymaj i wyłącz StarWind iSCSI Service i StyleXPService


(system) #15

Bedę musiał za każdym razem wyłączać tego svchosta, gdy uruchamiam kompa, no ale jak nie mam na to rady

ok. dzieki za pomoc :slight_smile: