system
13 Listopad 2005 16:35
#1
Wszystki programy bardzo wolno sie uruchamiają, nie wiem co jest z tym kompem jaka jest tego przyczyna??
Logfile of HijackThis v1.99.1
Scan saved at 17:23:27, on 2005-11-13
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\ABBYY FineReader 7.0 Professional Edition\AbbyyNewsReader.exe
D:\CloneCD\CloneCDTray.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ArcaVir\Bin\ABmenu.exe
C:\Program Files\ArcaVir\Bin\ABregmon.exe
C:\WINDOWS\ixproxy.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\RivChat2\RivChat.exe
C:\WINDOWS\system32\PDFSaver.exe
C:\Program Files\ArcaVir\Bin\NetMonSv.exe
C:\Program Files\ArcaVir\Bin\avmonsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindService.exe
C:\Program Files\ArcaVir\Bin\arcascan.exe
C:\Program Files\Avant Browser\avant.exe
C:\DOCUME~1\Marcin_\USTAWI~1\Temp\_tc\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - Default URLSearchHook is missing
F3 - REG:win.ini: load=D:\YDPDict\watch.exe
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WinDVRCtrl] C:\WINDOWS\WDVRCtrl.exe
O4 - HKLM\..\Run: [ScanRegistry] C:\W
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [FineReader7NewsReaderPro] C:\Program Files\ABBYY FineReader 7.0 Professional Edition\AbbyyNewsReader.exe
O4 - HKLM\..\Run: [CloneCDTray] "D:\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ABmenu] C:\Program Files\ArcaVir\Bin\ABmenu.exe
O4 - HKLM\..\Run: [ABREGMON] C:\Program Files\ArcaVir\Bin\ABregmon.exe
O4 - HKLM\..\Run: [ixproxy] C:\WINDOWS\ixproxy.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [RivChat] C:\Program Files\RivChat2\RivChat.exe
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [AutoUpdate] C:\Documents and Settings\Marcin_\Pulpit\Serials3k\s3k_autoupdate.exe
O4 - HKCU\..\Run: [aupd] C:\WINDOWS\System32\sysvcs.exe
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 - HKCU\..\Run: [ixproxy] C:\WINDOWS\ixproxy.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Blokuj wszystkie obrazy z tego serwera - C:\Program Files\Avant Browser\AddAllToADBlackList.htm
O8 - Extra context menu item: Dodaj do listy blokowanych reklam - C:\Program Files\Avant Browser\AddToADBlackList.htm
O8 - Extra context menu item: Otwórz wszystkie adresy z tej strony... - C:\Program Files\Avant Browser\OpenAllLinks.htm
O8 - Extra context menu item: Podświetl - C:\Program Files\Avant Browser\Highlight.htm
O8 - Extra context menu item: Szukaj - C:\Program Files\Avant Browser\Search.htm
O15 - Trusted Zone: *.skoobidoo.com
O15 - Trusted Zone: *.windupdates.com
O15 - Trusted IP range: 81.222.131.59
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1127721385421
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1127721368859
O16 - DPF: {8626DFA9-2BAC-4BDA-8663-8DAA0F942C0D} - http://megapanel.gem.pl/temp/netp/1719/7319/4049/0600/5_1719731940490600.ocx
O16 - DPF: {92ECE6FA-AC2E-4042-BFAE-0C8608E52A43} (SignActivX Control) - https://www.bph.pl/pi/components/SignActivX.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsecurity.com/trojanscan/axscan.cab
O16 - DPF: {E36C5562-C4E0-4220-BCB2-1C671E3A5916} (Seagate SeaTools English Online) - http://www.seagate.com/support/disc/asp/tools/en/bin/npseatools.cab
O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://skaner.mks.com.pl/SkanerOnline.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{61340E54-3D70-4B87-B0CF-DB83F414587B}: NameServer = 194.204.159.1,194.204.152.34
O23 - Service: ArcaBit NetMonitor (ABNetMon) - ArcaBit sp. z o.o. - C:\Program Files\ArcaVir\Bin\NetMonSv.exe
O23 - Service: ArcaVir Monitor (ArcaMonSvc) - ArcaBit - C:\Program Files\ArcaVir\Bin\avmonsv.exe
O23 - Service: ArcaScan - ArcaBit - C:\Program Files\ArcaVir\Bin\arcascan.exe
O23 - Service: arcaserv - ArcaBit Sp. z o. o. - C:\Program Files\ArcaVir\bin\arcaserv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindService.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
Gutek
13 Listopad 2005 23:55
#2
Wyłączyć Przywracanie systemu w XP TU
Zastartować do trybu awaryjnego bez internetu(opis w linku wyżej).
Zaznaczyć wskazane wpisy w Hijacku i kliknąć Fix checked. Wpisy zostaną usunięte. Dodatkowo O15 może będzie stawiać opór więc ściągnij KillTrusted 0.7
Skasować z dysku pliki i foldery, które podkreśliłem na czerwono
Dokończyć skanerami online - Scanery do wyboru
Pokazać nowy log
Poczytaj o usuwaniu SpySheriff
system
14 Listopad 2005 07:26
#3
Usunięte ale nadal jest problem.
Problem jest w tym, że proses svchost.exe używa prawie 100% procesora.
Dopiero po jego wyłączeniu komp zaczyna poprawnie pracować.
Jak sie tego pozbyć.
Z góry dziekuję za pomoc.
Logfile of HijackThis v1.99.1
Scan saved at 08:20:30, on 2005-11-14
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\ABBYY FineReader 7.0 Professional Edition\AbbyyNewsReader.exe
D:\CloneCD\CloneCDTray.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ArcaVir\Bin\ABmenu.exe
C:\Program Files\ArcaVir\Bin\ABregmon.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\RivChat2\RivChat.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\ArcaVir\Bin\avmonsv.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindService.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Program Files\ArcaVir\Bin\arcascan.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Avant Browser\avant.exe
C:\totalcmd\TOTALCMD.EXE
C:\DOCUME~1\Marcin_\USTAWI~1\Temp\_tc\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
F2 - REG:system.ini: Shell=explorer.exe
F3 - REG:win.ini: load=D:\YDPDict\watch.exe
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WinDVRCtrl] C:\WINDOWS\WDVRCtrl.exe
O4 - HKLM\..\Run: [ScanRegistry] C:\W
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [FineReader7NewsReaderPro] C:\Program Files\ABBYY FineReader 7.0 Professional Edition\AbbyyNewsReader.exe
O4 - HKLM\..\Run: [CloneCDTray] "D:\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ABmenu] C:\Program Files\ArcaVir\Bin\ABmenu.exe
O4 - HKLM\..\Run: [ABREGMON] C:\Program Files\ArcaVir\Bin\ABregmon.exe
O4 - HKLM\..\Run: [adtech2005] C:\windows\adtech2005.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [RivChat] C:\Program Files\RivChat2\RivChat.exe
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [AutoUpdate] C:\Documents and Settings\Marcin_\Pulpit\Serials3k\s3k_autoupdate.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Blokuj wszystkie obrazy z tego serwera - C:\Program Files\Avant Browser\AddAllToADBlackList.htm
O8 - Extra context menu item: Dodaj do listy blokowanych reklam - C:\Program Files\Avant Browser\AddToADBlackList.htm
O8 - Extra context menu item: Otwórz wszystkie adresy z tej strony... - C:\Program Files\Avant Browser\OpenAllLinks.htm
O8 - Extra context menu item: Podświetl - C:\Program Files\Avant Browser\Highlight.htm
O8 - Extra context menu item: Szukaj - C:\Program Files\Avant Browser\Search.htm
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1127721385421
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1127721368859
O16 - DPF: {8626DFA9-2BAC-4BDA-8663-8DAA0F942C0D} - http://megapanel.gem.pl/temp/netp/1719/7319/4049/0600/5_1719731940490600.ocx
O16 - DPF: {92ECE6FA-AC2E-4042-BFAE-0C8608E52A43} (SignActivX Control) - https://www.bph.pl/pi/components/SignActivX.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsecurity.com/trojanscan/axscan.cab
O16 - DPF: {E36C5562-C4E0-4220-BCB2-1C671E3A5916} (Seagate SeaTools English Online) - http://www.seagate.com/support/disc/asp/tools/en/bin/npseatools.cab
O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://skaner.mks.com.pl/SkanerOnline.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{61340E54-3D70-4B87-B0CF-DB83F414587B}: NameServer = 194.204.159.1,194.204.152.34
O21 - SSODL: SysTray.Exys - {7368D5FC-6F5C-4f5b-B964-E67214F67852} - C:\WINDOWS\System32\lnhjembh.dll
O23 - Service: ArcaBit NetMonitor (ABNetMon) - Unknown owner - C:\Program Files\ArcaVir\Bin\NetMonSv.exe (file missing)
O23 - Service: ArcaVir Monitor (ArcaMonSvc) - ArcaBit - C:\Program Files\ArcaVir\Bin\avmonsv.exe
O23 - Service: ArcaScan - ArcaBit - C:\Program Files\ArcaVir\Bin\arcascan.exe
O23 - Service: arcaserv - ArcaBit Sp. z o. o. - C:\Program Files\ArcaVir\bin\arcaserv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindService.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
system
15 Listopad 2005 06:51
#5
Problem jest dalej
Logfile of HijackThis v1.99.1
Scan saved at 07:50:30, on 2005-11-15
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\ABBYY FineReader 7.0 Professional Edition\AbbyyNewsReader.exe
D:\CloneCD\CloneCDTray.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ArcaVir\Bin\ABmenu.exe
C:\Program Files\ArcaVir\Bin\ABregmon.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\RivChat2\RivChat.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\ArcaVir\Bin\avmonsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindService.exe
C:\totalcmd\TOTALCMD.EXE
C:\Program Files\ArcaVir\Bin\arcascan.exe
C:\WINDOWS\System32\wuauclt.exe
C:\DOCUME~1\Marcin_\USTAWI~1\Temp\_tc\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
F3 - REG:win.ini: load=D:\YDPDict\watch.exe
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WinDVRCtrl] C:\WINDOWS\WDVRCtrl.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [FineReader7NewsReaderPro] C:\Program Files\ABBYY FineReader 7.0 Professional Edition\AbbyyNewsReader.exe
O4 - HKLM\..\Run: [CloneCDTray] "D:\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ABmenu] C:\Program Files\ArcaVir\Bin\ABmenu.exe
O4 - HKLM\..\Run: [ABREGMON] C:\Program Files\ArcaVir\Bin\ABregmon.exe
O4 - HKLM\..\Run: [adtech2005] C:\windows\adtech2005.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [RivChat] C:\Program Files\RivChat2\RivChat.exe
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [AutoUpdate] C:\Documents and Settings\Marcin_\Pulpit\Serials3k\s3k_autoupdate.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1127721385421
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1127721368859
O16 - DPF: {8626DFA9-2BAC-4BDA-8663-8DAA0F942C0D} - http://megapanel.gem.pl/temp/netp/1719/7319/4049/0600/5_1719731940490600.ocx
O16 - DPF: {92ECE6FA-AC2E-4042-BFAE-0C8608E52A43} (SignActivX Control) - https://www.bph.pl/pi/components/SignActivX.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsecurity.com/trojanscan/axscan.cab
O16 - DPF: {E36C5562-C4E0-4220-BCB2-1C671E3A5916} (Seagate SeaTools English Online) - http://www.seagate.com/support/disc/asp/tools/en/bin/npseatools.cab
O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://skaner.mks.com.pl/SkanerOnline.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{61340E54-3D70-4B87-B0CF-DB83F414587B}: NameServer = 194.204.159.1,194.204.152.34
O23 - Service: ArcaBit NetMonitor (ABNetMon) - Unknown owner - C:\Program Files\ArcaVir\Bin\NetMonSv.exe (file missing)
O23 - Service: ArcaVir Monitor (ArcaMonSvc) - ArcaBit - C:\Program Files\ArcaVir\Bin\avmonsv.exe
O23 - Service: ArcaScan - ArcaBit - C:\Program Files\ArcaVir\Bin\arcascan.exe
O23 - Service: arcaserv - ArcaBit Sp. z o. o. - C:\Program Files\ArcaVir\bin\arcaserv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindService.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
Gutek
15 Listopad 2005 13:44
#6
Start >>> Programy >>> Autostart >>> kasacja z prawokliku.
Start >>> Uruchom >>> msconfig >>> w zakładce Uruchamianie wyłącz te wpisy.
Panel sterowania >>> Ustawienia regionalne >>> Języki >>> Detale >>> Zaawansowane >>> odznaczyć usługi tekstowe, zrób tak jeżeli nie używasz innych języków przy pisaniu
Defragmentacja kiedy była robiona?
system
15 Listopad 2005 14:37
#7
Nic nie pomogło dalej dopóki w menadzeże zadań nie wyłącze tego svchost.exe (zajmuje ok.90%CPU) wszystko tak zwalnia, że nic nie da się nic zrobić na kompie.
Defrag. była robiona z 2 miesiace temu.
Logfile of HijackThis v1.99.1
Scan saved at 15:34:37, on 2005-11-15
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\ABBYY FineReader 7.0 Professional Edition\AbbyyNewsReader.exe
C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ArcaVir\Bin\ABmenu.exe
C:\Program Files\ArcaVir\Bin\ABregmon.exe
C:\Program Files\RivChat2\RivChat.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\ArcaVir\Bin\avmonsv.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindService.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\ArcaVir\Bin\arcascan.exe
C:\Documents and Settings\Marcin_\Pulpit\HijackThis.exe
C:\WINDOWS\System32\wuauclt.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
F3 - REG:win.ini: load=D:\YDPDict\watch.exe
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [FineReader7NewsReaderPro] C:\Program Files\ABBYY FineReader 7.0 Professional Edition\AbbyyNewsReader.exe
O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ABmenu] C:\Program Files\ArcaVir\Bin\ABmenu.exe
O4 - HKLM\..\Run: [ABREGMON] C:\Program Files\ArcaVir\Bin\ABregmon.exe
O4 - HKLM\..\Run: [adtech2005] C:\windows\adtech2005.exe
O4 - HKCU\..\Run: [RivChat] C:\Program Files\RivChat2\RivChat.exe
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1127721385421
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1127721368859
O16 - DPF: {7C559105-9ECF-42B8-B3F7-832E75EDD959} (Installer Class) - http://www.tbcode.com/ist/softwares/v4.0/0006_regular.cab
O16 - DPF: {8626DFA9-2BAC-4BDA-8663-8DAA0F942C0D} - http://megapanel.gem.pl/temp/netp/1719/7319/4049/0600/5_1719731940490600.ocx
O16 - DPF: {92ECE6FA-AC2E-4042-BFAE-0C8608E52A43} (SignActivX Control) - https://www.bph.pl/pi/components/SignActivX.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsecurity.com/trojanscan/axscan.cab
O16 - DPF: {E36C5562-C4E0-4220-BCB2-1C671E3A5916} (Seagate SeaTools English Online) - http://www.seagate.com/support/disc/asp/tools/en/bin/npseatools.cab
O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://skaner.mks.com.pl/SkanerOnline.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{61340E54-3D70-4B87-B0CF-DB83F414587B}: NameServer = 194.204.159.1,194.204.152.34
O23 - Service: ArcaBit NetMonitor (ABNetMon) - Unknown owner - C:\Program Files\ArcaVir\Bin\NetMonSv.exe (file missing)
O23 - Service: ArcaVir Monitor (ArcaMonSvc) - ArcaBit - C:\Program Files\ArcaVir\Bin\avmonsv.exe
O23 - Service: ArcaScan - ArcaBit - C:\Program Files\ArcaVir\Bin\arcascan.exe
O23 - Service: arcaserv - ArcaBit Sp. z o. o. - C:\Program Files\ArcaVir\bin\arcaserv.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindService.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
Gutek
15 Listopad 2005 18:19
#8
system
15 Listopad 2005 20:32
#9
No niestety jeszcze cos musi być bo dalej jest to samo
Gutek
15 Listopad 2005 20:37
#10
Własnie że nie ma syfu, ale na wszelki wypadek daj LOG z Silent Runners
system
15 Listopad 2005 20:48
#11
A oto log z Silent Runners:
"Silent Runners.vbs", revision 41, http://www.silentrunners.org/
Operating System: Windows XP
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"RivChat" = "C:\Program Files\RivChat2\RivChat.exe" [null data]
"STYLEXP" = "C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide" [empty string]
"Gadu-Gadu" = ""C:\Program Files\Gadu-Gadu\gg.exe" /tray" ["sms-express.com"]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup" [MS]
"NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit" [MS]
"FineReader7NewsReaderPro" = "C:\Program Files\ABBYY FineReader 7.0 Professional Edition\AbbyyNewsReader.exe" ["ABBYY (BIT Software)"]
"WinFast Schedule" = "C:\Program Files\WinFast\WFTVFM\WFWIZ.exe" ["Leadtek Research Inc."]
"SoundMan" = "SOUNDMAN.EXE" ["Realtek Semiconductor Corp."]
"ABmenu" = "C:\Program Files\ArcaVir\Bin\ABmenu.exe" ["ArcaBit"]
"ABREGMON" = "C:\Program Files\ArcaVir\Bin\ABregmon.exe" ["ArcaBit"]
"adtech2005" = "C:\windows\adtech2005.exe" [file not found]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx\ {++}
"Flag" = 2
HKLM\Software\Microsoft\Active Setup\Installed Components\
{306D6C21-C1B6-4629-986C-E59E1875B8AF}\(Default) = (no title provided)
\StubPath = ""C:\WINDOWS\System32\rundll32.exe" "C:\Program Files\Messenger\msgsc.dll",ShowIconsUser" [MS]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"
-> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\nvcpl.dll" ["NVIDIA Corporation"]
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\nvcpl.dll" ["NVIDIA Corporation"]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
"{32020A01-506E-484D-A2A8-BE3CF17601C3}" = "AlcoholShellEx"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\ALCOHO~1\ALCOHO~1\AXShlEx.dll" ["Alcohol Soft Development Team"]
"{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\Audiodev.dll" [MS]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\Audiodev.dll" [MS]
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\
INFECTION WARNING! "load" = "D:\YDPDict\watch.exe" [null data]
HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
ArcaVir\(Default) = "{39D48A26-EB1E-494c-973B-DDF4B2BEFE3F}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\ArcaVir\Bin\ArcaShl.dll" [null data]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
ArcaVir\(Default) = "{39D48A26-EB1E-494c-973B-DDF4B2BEFE3F}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\ArcaVir\Bin\ArcaShl.dll" [null data]
FineReader\(Default) = "{AC0DD14A-8F29-4F88-BE1D-0F0ED1B06C9F}"
-> {CLSID}\InProcServer32\(Default) = "c:\program files\abbyy finereader 7.0 professional edition\fecmenu.dll" ["ABBYY (BIT Software)"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
Active Desktop and Wallpaper:
-----------------------------
Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\Marcin_\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"
Enabled Screen Saver:
---------------------
HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\System32\logon.scr" [MS]
Winsock2 Service Provider DLLs:
-------------------------------
Namespace Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
Transport Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 13
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05
Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------
ArcaScan, ArcaScan, "C:\Program Files\ArcaVir\Bin\arcascan.exe" ["ArcaBit"]
ArcaVir Monitor, ArcaMonSvc, "C:\Program Files\ArcaVir\Bin\avmonsv.exe" ["ArcaBit"]
Kerio Personal Firewall 4, KPF4, ""C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe"" ["Kerio Technologies"]
NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\System32\nvsvc32.exe" ["NVIDIA Corporation"]
SoundMAX Agent Service, SoundMAX Agent Service (default), "C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe" ["Analog Devices, Inc."]
StarWind iSCSI Service, StarWindService, "C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindService.exe" ["Rocket Division Software"]
StyleXPService, StyleXPService, ""C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe"" [empty string]
Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\System32\wdfmgr.exe" [MS]
Print Monitors:
---------------
HKLM\System\CurrentControlSet\Control\Print\Monitors\
PDF-XChange\Driver = "pxc25pm.dll" ["Tracker Software"]
----------
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points and all Registry CLSIDs for dormant Explorer Bars,
use the -supp parameter or answer "No" at the first message box.
---------- (total run time: 56 seconds, including 9 seconds for message boxes)
Gutek
15 Listopad 2005 20:57
#12
No juz nie wiem co moze jeszcze byc, komp czysty
A jakie masz parametry, znaczy się sprzęt?
Gutek
15 Listopad 2005 21:28
#14
MOżemy jeszcze aby nie jadł pamieci wyłaczyć: Start >>> Uruchom >>> services.msc >>> zatrzymaj i wyłącz StarWind iSCSI Service i StyleXPService
system
16 Listopad 2005 09:40
#15
Bedę musiał za każdym razem wyłączać tego svchosta, gdy uruchamiam kompa, no ale jak nie mam na to rady
ok. dzieki za pomoc
