Adeq
(Adrian Maciej)
13 Luty 2006 09:55
#1
Mój problem polega na tym, że gdy Windows się już włączy, widac wszystkie ikony itp, system strasznie dlugo “laduje” programy ktore sie uruchamiaja podczas wlączania systemu np. Norton. Dysk początkowo nie daje oznak życia i praktycznie nic sie nie dzieje i nic nie można zrobic. Po jakiś 5-10 min dysk rusza i wszystko wraca do normy.
Wiem, że w moim logu jest duużo niepotrzebnych śmieci, ale niechce sam ich usuwać bo jeszcze cos zepsuje. Zwracam sie do specjalistów
Logfile of HijackThis v1.99.1 Scan saved at 10:45:47, on 2006-02-13 Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe D:\Norton Internet Security\ISSVC.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe C:\Program Files\cFosSpeed\spd.exe D:\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ntvdm.exe C:\WINDOWS\System32\RunDll32.exe C:\WINDOWS\TBPanel.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe C:\Program Files\Ahead\InCD\InCD.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe C:\WINDOWS\System32\rundll32.exe C:\Program Files\cFosSpeed\cFosSpeed.exe C:\WINDOWS\System32\RUNDLL32.EXE C:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\WINDOWS\acigmc.exe C:\Program Files\SurfAccuracy\SAcc.exe C:\Program Files\Internet Optimizer\optimize.exe C:\WINDOWS\swyehqxe.exe C:\WINDOWS\System32\ctfmon.exe E:\Z dysku H\Freeware\Zegarynka\Zegarynka.exe C:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe C:\Program Files\Messenger\msmsgs.exe D:\INCRED~1\bin\IMApp.exe C:\Program Files\ISTsvc\istsvc.exe C:\Program Files\GetRight\getright.exe C:\Program Files\GetRight\getright.exe C:\Program Files\BitComet\BitComet.exe C:\Program Files\Gadu-Gadu\gg.exe C:\Program Files\Gadu-Gadu\gg.exe C:\Program Files\The Bat!\thebat.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Common Files\Symantec Shared\AdBlocking\NSMdtr.exe C:\WINDOWS\Explorer.EXE G:\Adrian\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - Default URLSearchHook is missing F3 - REG:win.ini: load=D:\YDPDict\watch.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: YourSiteBar - {86227D9C-0EFE-4f8a-AA55-30386A3F5686} - C:\Program Files\YourSiteBar\ysb.dll O4 - HKLM…\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM…\Run: [Gainward] C:\WINDOWS\TBPanel.exe /A O4 - HKLM…\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime O4 - HKLM…\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe O4 - HKLM…\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM…\Run: [nwiz] nwiz.exe /install O4 - HKLM…\Run: [RemoteControl] “C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe” O4 - HKLM…\Run: [inCD] C:\Program Files\Ahead\InCD\InCD.exe O4 - HKLM…\Run: [share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM…\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe O4 - HKLM…\Run: [OCAudioIni] C:\Program Files\One-click Audio Converter\OCAudioIni.exe O4 - HKLM…\Run: [cFosSpeed] C:\Program Files\cFosSpeed\cFosSpeed.exe O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM…\Run: [DAEMON Tools] “C:\Program Files\DAEMON Tools\daemon.exe” -lang 1033 O4 - HKLM…\Run: [ccApp] “C:\Program Files\Common Files\Symantec Shared\ccApp.exe” O4 - HKLM…\Run: [iST Service] C:\Program Files\ISTsvc\ O4 - HKLM…\Run: [numG2IXye] C:\WINDOWS\acigmc.exe O4 - HKLM…\Run: [surfAccuracy] C:\Program Files\SurfAccuracy\SAcc.exe O4 - HKLM…\Run: [internet Optimizer] “C:\Program Files\Internet Optimizer\optimize.exe” O4 - HKLM…\Run: [ReJf5vH] C:\WINDOWS\swyehqxe.exe O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU…\Run: [NBJ] “C:\Program Files\Ahead\Nero BackItUp\NBJ.exe” O4 - HKCU…\Run: [incrediMail] D:\IncrediMail\bin\IncMail.exe /c O4 - HKCU…\Run: [Zegarynka] E:\Z dysku H\Freeware\Zegarynka\Zegarynka.exe O4 - HKCU…\Run: [supelek bogiego] c:\program files\supelek bogiego\supb.exe -spr O4 - HKCU…\Run: [] C:\WINDOWS\system32\gtsys32x.exe O4 - HKCU…\Run: [PowerBar] “C:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe” /AtBootTime O4 - HKCU…\Run: [Komunikator] C:\Program Files\Tlen.pl\tlen.exe O4 - HKCU…\Run: [ares] “D:\Ares Lite Edition\Ares.exe” -h O4 - HKCU…\Run: [1qaw3edr5] C:\WINDOWS\Fotka.EXE O4 - HKCU…\Run: [WITaj!] rem – Anulowane uruchamianie programu WITaj! 2000 O4 - HKCU…\Run: [VoipBuster] “d:\VoipBuster\VoipBuster.exe” -nosplash -minimized O4 - HKCU…\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background O4 - Global Startup: Microsoft Office.lnk = D:\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: GetRight - Tray Icon.lnk = C:\Program Files\GetRight\getright.exe O8 - Extra context menu item: &Add animation to IncrediMail Style Box - D:\INCRED~1\bin\resources\WebMenuImg.htm O8 - Extra context menu item: Download with Internet TOOLS - C:\Program Files\MarBit\TOOLS\MBdownload.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Pobierz przez Net Transport - C:\Program Files\Xi\NetTransport 2\NTAddLink.html O8 - Extra context menu item: Pobierz wszystko przez Net Transport - C:\Program Files\Xi\NetTransport 2\NTAddList.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra ‘Tools’ menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O16 - DPF: {11111111-1111-1111-1111-111111113457} - file://c:\explorer.cab O16 - DPF: {112857FE-03FF-11D5-9A3F-0080C8D85044} (GameDesire Solitaires) - http://67.15.101.3/g_bin/pl/solitaire_2_0_0_18.cab O16 - DPF: {11311111-1111-1111-1111-111111111157} - file://C:\Recycled\Q678340.exe O16 - DPF: {18506D80-9B80-11D4-82C2-0080C8D7ED4A} (GameDesire Roulette) - http://67.15.101.3/g_bin/pl/roulette_2_0_0_15.cab O16 - DPF: {1A781DED-C22D-4153-3213-A3211E29DF13} (GameDesire Card Games) - http://67.15.101.3/g_bin/pl/cards_2_0_0_67.cab O16 - DPF: {37A49D66-2735-4BB9-8503-82BA5E2333D0} (MailCfg Control) - http://poczta.wp.pl/d111/mailcfg.ocx O16 - DPF: {41ACD49D-1974-791A-0981-AA9872721044} (Ganymede Board Games) - http://67.15.101.3/g_bin/pl/boards_2_0_0_20.cab O16 - DPF: {4B4513E2-4E57-43DF-9496-FCD37E9DFA64} (GameDesire Sea Battle) - http://67.15.101.3/g_bin/pl/navy_2_0_0_16.cab O16 - DPF: {5F874A6F-8B34-433D-BA4B-47AC91C0567F} (MailCfg Control) - https://poczta.wp.pl/autoryzacja/mailcfg2.ocx O16 - DPF: {67135BDA-6546-4426-BC94-BB5AF5005231} (GameDesire Checkers) - http://67.15.101.3/g_bin/pl/checkers_2_0_0_15.cab O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/softwar … launch.cab O16 - DPF: {83AFB5CA-ED35-11D4-A452-0080C8D85045} (GameDesire Poker Games) - http://67.15.101.3/g_bin/pl/poker_2_0_0_32.cab O16 - DPF: {9085316E-42BA-11D4-BAA3-0080C8D7ED4A} (GameDesire JungleHunter) - http://67.15.101.3/g_bin/pl/hunter_2_0_0_19.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan … asinst.cab O16 - DPF: {A7196C8E-35A5-4FF0-9E46-E28918B5CAF6} (GameDesire Domino) - http://67.15.101.3/g_bin/pl/domino_2_0_0_22.cab O16 - DPF: {A854AD6D-6DB5-41FB-8044-0BD38092A007} (Ganymede Sudoku) - http://67.15.101.3/g_bin/pl/sudoku_2_0_0_6.cab O16 - DPF: {A9ED6AA2-D9D4-4D71-9586-E293E2E3580B} (GameDesire Marbles&Diamonds&Runes) - http://67.15.101.3/g_bin/pl/marbles_2_0_0_23.cab O16 - DPF: {AC120B1D-9411-4111-AF52-118052D85D45} (GameDesire Darts Games) - http://67.15.101.3/g_bin/pl/darts_2_0_0_29.cab O16 - DPF: {AD7013FF-1D9A-4F36-94A6-3CD408A663F9} (GameDesire BreakOut) - http://67.15.101.3/g_bin/pl/breakout_2_0_0_17.cab O16 - DPF: {BFA1F11D-3121-AFE1-4112-894323212DAC} (GameDesire Word Games) - http://67.15.101.3/g_bin/pl/words_2_0_0_26.cab O16 - DPF: {BFA1F11D-3121-AFE1-4112-983219421AEF} (GameDesire 1Player Word Games) - http://67.15.101.3/g_bin/pl/wordssingle_2_0_0_34.cab O16 - DPF: {DCB16E44-D6DB-473E-A251-F6FBB381C1C3} (GameDesire Chess) - http://67.15.101.3/g_bin/pl/chess_2_0_0_15.cab O16 - DPF: {E23FABEE-12E3-33DA-DA12-195DAC123984} (GameDesire Mahjong) - http://67.15.101.3/g_bin/pl/mahjong_2_0_0_20.cab O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://skaner.mks.com.pl/SkanerOnline.cab O16 - DPF: {E95CF138-A587-4C54-8175-3AD80997CB14} (GINSOCCER Class) - http://67.15.101.3/g_bin/pl/soccer_2_0_0_4.cab O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IncrediMail) - http://www5.incredimail.com/contents/se … loader.cab O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool 8) - http://67.15.101.3/g_bin/pl/billard8_2_0_0_21.cab O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C4} (GameDesire Pool Training) - http://67.15.101.3/g_bin/pl/billardt_2_0_0_21.cab O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C5} (GameDesire Snooker) - http://67.15.101.3/g_bin/pl/snooker_2_0_0_21.cab O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Autodesk Licensing Service - Unknown owner - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: cFosSpeed System Service (cFosSpeedS) - Unknown owner - C:\Program Files\cFosSpeed\spd.exe" -service (file missing) O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Unknown owner - C:\WINDOWS\system32\ImapiRox.exe (file missing) O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: ISSvc (ISSVC) - Symantec Corporation - D:\Norton Internet Security\ISSVC.exe O23 - Service: LEC TranslateDotNet Server - Unknown owner - C:\Program Files\Power Translator\LogoMedia TranslateDotNet Server.exe (file missing) O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - D:\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: SAVScan - Symantec Corporation - D:\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
usuwasz
C:\Program Files\SurfAccuracy\SAcc.exe
C:\Program Files\Internet Optimizer\optimize.exe
C:\Program Files\ISTsvc\istsvc.exe
R3 - Default URLSearchHook is missing
O3 - Toolbar: YourSiteBar - {86227D9C-0EFE-4f8a-AA55-30386A3F5686} - C:\Program Files\YourSiteBar\ysb.dll
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\
O4 - HKLM\..\Run: [SurfAccuracy] C:\Program Files\SurfAccuracy\SAcc.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O16 - DPF: {11111111-1111-1111-1111-111111113457} - file://c:\explorer.cab
O16 - DPF: {11311111-1111-1111-1111-111111111157} - file://C:\Recycled\Q678340.exe
O23 - Service: cFosSpeed System Service (cFosSpeedS) - Unknown owner - C:\Program Files\cFosSpeed\spd.exe" -service (file missing)
O23 - Service: LEC TranslateDotNet Server - Unknown owner - C:\Program Files\Power Translator\LogoMedia TranslateDotNet Server.exe (file missing)
O4 - HKCU\..\Run: [] C:\WINDOWS\system32\gtsys32x.exe
kuz5
(Kuz5)
13 Luty 2006 14:48
#3
Co ty za bzury wypisujesz :evil:
Druga sprawa, twój sposób usuwania syfu jest zły, no i po trzecie omijasz syf.
Nie rób tak więcej bo grozi to ostrzeżeniem
W Dodaj/Usuń odinstaluj YourSiteBar, SurfAccuracy, Internet Optimizer
Usuń: (wszystko oczywiście robisz w trybie awaryjnym z wyłączonym przywracaniem systemu)
Znasz to ?? Jak nie to usuń:
Pliki na czerwono usun ręcznie z dysku
Posiadasz na kompie jeszcze Power Translator ?? Jak nie to usuń:
Start => Uruchom => wpisz services.msc => zatrzymaj proces LEC TranslateDotNet Server a folder usuwasz recznie z dysku
Plik gtsys32x.exe usuń programem Pocket Killbox czyli odpalasz Killboxa zaznacz opcję Delete on Reboot następnie w polu Full Path of File to Delete wklej ścieżke:
C:\WINDOWS\system32* * gtsys32x.exe**
następnie program będzie pytał o restart (oczywiście zgadzasz sie)
Opróżnij kosz
Proponuje odinstalowac Spyware Doctor
Wklej loga SilentRunners
jacolok
(Jacolok)
13 Luty 2006 15:02
#4
kuz5 czy widziałeś jego autostart? Do tego to lokomotywa jest potrzebna żeby to odpalic a nie komputer. Znam kilka wpisów z autostaru jednak zastosuje sie do twojej myśli “nie wiesz to nie pisz i nie usuwaj na raty” i zaproponuje Tobie przeczyszczenie wpisów 04 a użytkownikowi Adeq lekture o Optymalizcji XP: http://www.searchengines.pl/phpbb203/in … topic=5989
kuz5
(Kuz5)
13 Luty 2006 15:56
#5
Pisz jasnie bo nie rozumiem, mi zaproponujesz przeczyszczenie autostartu czy dla Adeq :?
A ty widziałes co on ma za syf