ple91
(Ple91)
20 Luty 2006 18:12
#1
Mam Windows XP i następujący problem. Dzisiaj zaczął strasznie się wieszać. Menedżer zadań nie chce się włączyć. Gdy instaluje antywirus np. avast i ponownie uruchamiam komputer antywirus nie działa. Tak samo jest z firewallem (nawet ten Windowsowski jest wyłączony).
Logfile of HijackThis v1.99.1 Scan saved at 19:12:17, on 2006-02-20 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\cisvc.exe C:\WINDOWS\system32\drivers\crauto.exe C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe C:\WINDOWS\system32\drivers\IMountSRV.exe C:\Program Files\MKS\Bin\mksmonsv.exe C:\WINDOWS\system32\oodag.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\System32\wbem\wmiapsrv.exe C:\WINDOWS\system32\ntvdm.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\Program Files\MKS\Bin\mks_scan.exe C:\Program Files\MKS\Bin\mks_menu.exe C:\Program Files\MKS\Bin\ABregmon.exe C:\Program Files\DAEMON Tools\daemon.exe C:\WINDOWS\system32\winlog.exe C:\WINDOWS\system32\anti_troj.exe C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\NCLAUNCH.EXe C:\WINDOWS\system32\winlog.exe C:\WINDOWS\system32\anti_troj.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\NetMeter\NetMeter.exe C:\Program Files\D-Link AirPlus\AirPlus.exe C:\Program Files\DoubleDesktop\dd.exe C:\Program Files\Labtec Wireless Desktop\MulMouse.exe C:\Program Files\Labtec Wireless Desktop\MagicKey.exe C:\Program Files\Microsoft Office\Office\1045\OLFSNT40.EXE C:\Program Files\Opera\Opera.exe C:\WINDOWS\SYSTEM32\cidaemon.exe C:\Program Files\MKS\Bin\procman.exe C:\WINDOWS\explorer.exe C:\Documents and Settings\123\Pulpit\Rozpakowywane\hijackthis (1)\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: Shell=explorer.exe F3 - REG:win.ini: load=c:\progra~1\programy\YDPDict\watch.exe O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\Program Files\FlashGet\jccatch.dll O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll (file missing) O4 - HKLM…\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM…\Run: [inCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe O4 - HKLM…\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM…\Run: [DiskeeperSystray] “C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe” O4 - HKLM…\Run: [MKS_MENU] C:\Program Files\MKS\Bin\mks_menu.exe O4 - HKLM…\Run: [ABREGMON] C:\Program Files\MKS\Bin\ABregmon.exe O4 - HKLM…\Run: [DAEMON Tools] “C:\Program Files\DAEMON Tools\daemon.exe” -lang 1045 O4 - HKLM…\Run: [imageShackUtil] C:\Program Files\ImageShack\ImageShack QuickShot\QuickShot.exe O4 - HKLM…\Run: [key2] C:\WINDOWS\system32\winlog.exe O4 - HKLM…\Run: [anti_troj] C:\WINDOWS\system32\anti_troj.exe O4 - HKLM…\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM…\Run: [Outpost Firewall] C:\Program Files\Agnitum\Outpost Firewall\outpost.exe /waitservice O4 - HKLM…\Run: [OutpostFeedBack] C:\Program Files\Agnitum\Outpost Firewall\feedback.exe /dump:os_startup O4 - HKCU…\Run: [Dzieńdobry!] C:\Program Files\VSD Software\Dzieńdobry!\dziendobry.exe /auto O4 - HKCU…\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EXE O4 - HKCU…\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] “C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe” O4 - HKCU…\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU…\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe O4 - HKCU…\Run: [key2] C:\WINDOWS\system32\winlog.exe O4 - HKCU…\Run: [anti_troj] C:\WINDOWS\system32\anti_troj.exe O4 - HKCU…\Run: [C] C:\Program Files\NetMeter\NetMeter.exe O4 - Startup: PowerGG.lnk = C:\Program Files\Gadu-Gadu\PowerGG.exe O4 - Global Startup: Action Manager 32.lnk = C:\Program Files\ScannerU\AM32.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: D-Link AirPlus.lnk = ? O4 - Global Startup: DoubleDesktop.lnk = C:\Program Files\DoubleDesktop\dd.exe O4 - Global Startup: Enable Labtec Wireless Desktop.lnk = C:\Program Files\Labtec Wireless Desktop\MulMouse.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: PowerGG.lnk = C:\Program Files\Gadu-Gadu\PowerGG.exe O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1045\OLFSNT40.EXE O8 - Extra context menu item: Ściągnij przy pomocy FlashGet’a - C:\Program Files\FlashGet\jc_link.htm O8 - Extra context menu item: Ściągnij wszystko przy pomocy FlashGet’a - C:\Program Files\FlashGet\jc_all.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Outpost Firewall Pro Quick Tune - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\Program Files\Agnitum\Outpost Firewall\Plugins\BrowserBar\ie_bar.dll O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe O9 - Extra ‘Tools’ menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .exe: C:\Program Files\Opera75\PLUGINS\NPFgc1.dll O12 - Plugin for .rar: C:\Program Files\Opera\PLUGINS\NPFgc1.dll O12 - Plugin for .zip: C:\Program Files\Opera\PLUGINS\NPFgc1.dll O12 - Plugin for H÷: C:\Program Files\Opera\PLUGINS\NPFgc1.dll O12 - Plugin for ôĺ: C:\Program Files\Opera\PLUGINS\NPFgc1.dll O16 - DPF: WebControlDeploy - http://grouper.com/v1/GrouperSetup.cab O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/ … 1.0.69.cab O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} - http://skaner.mks.com.pl/SkanerOnline.cab O20 - AppInit_DLLs: C:\PROGRA~1\Agnitum\OUTPOS~1\wl_hook.dll C:\PROGRA~1\Agnitum\OUTPOS~1\wl_hook.dll O20 - Winlogon Notify: ldr64 - C:\WINDOWS\SYSTEM32\ldr64.dll O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: crauto - Unknown owner - C:\WINDOWS\system32\drivers\crauto.exe O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: IMountSRV - Unknown owner - C:\WINDOWS\system32\drivers\IMountSRV.exe O23 - Service: MkSUpdateInt - MkS Sp. z o. o. - C:\Program Files\MKS\bin\MkSUpdateInt.exe O23 - Service: MkS_Vir Monitor (MksVirMonSvc) - Unknown owner - C:\Program Files\MKS\Bin\mksmonsv.exe O23 - Service: MkS_Scan - Unknown owner - C:\Program Files\MKS\Bin\mks_scan.exe O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe O23 - Service: PMounter - Unknown owner - C:\WINDOWS\system32\PMounter.exe O23 - Service: RadClock - Unknown owner - C:\WINDOWS\system32\RadClock.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing) O23 - Service: Steganos Live Encryption Engine (Version 503) [service] (SLEE_503_SERVICE) - Unknown owner - C:\WINDOWS\System32\SLEE503.exe (file missing) O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
Złączono Posta : 20.02.2006 (Pon) 19:51
Chyba znalazłem powód
usunąłem te pliki i działa już dobrze…
Gutek
(Gutek)
20 Luty 2006 20:02
#2
zna ktoś ten wpis Jak syf wygląda
kuz5
(Kuz5)
20 Luty 2006 20:20
#3
Zapewne jakis syf o losowej nazwie
Ja bym to skosił
ple91 wiesz co to jest ?? Znasz to ??
ple91
(Ple91)
20 Luty 2006 20:57
#4
Nie wiem co to…
Sprawdzę… (zapewne syf, bo nawet na google nic o tym nie ma…)
ple91
(Ple91)
21 Luty 2006 09:57
#6
Tylko jest problem… Nie ma tego, ani w C:\WINDOWS\SYSTEM32\ , ani w HijackThis
musg
(Musg)
21 Luty 2006 11:14
#7
START-> Uruchom-> wpisujesz regsvr32 /u ldr64.dll-> naciskasz OK.
musg
(Musg)
21 Luty 2006 14:20
#9
musisz to zrobic w trybie awaryjnym ,a jesli nie da sie wyrejestrowac to usun killboxem:
C:\WINDOWS\SYSTEM32\ldr64.dll