Voidan
(Musashi Maru)
20 Marzec 2007 13:57
#1
Witam!
Avant browser się nie otwiera, internet explorer ledwo. Jak już się otworzy, to nie działają niektóre funkcje poczty (np. nie przenosi wiadomości do folderów).
Komputer dziwnie zwalnia. Menager zadań mówi, że 99% CPU przypada na proces bezczynności, a komp się rusza, jakby szedł tyłem na czworakach…
Poniżej logi (silent runners nie chciał się włączyć, więc zrobiłem go w trybie awaryjnym):
HijackThis:
Logfile of HijackThis v1.99.1 Scan saved at 12:20:31, on 2007-03-20 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\Explorer.EXE C:\Program Files\MKS\Bin\ABregmon.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Gadu-Gadu\gg.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\wdfmgr.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe d:\Moje dokumenty\Przemek\Antyviry\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O4 - HKLM…\Run: [MKS_MENU] C:\Program Files\MKS\Bin\mks_menu.exe O4 - HKLM…\Run: [ABREGMON] C:\Program Files\MKS\Bin\ABregmon.exe O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM…\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray O8 - Extra context menu item: Blokuj wszystkie obrazy z tego serwera - C:\Program Files\Avant Browser\AddAllToADBlackList.htm O8 - Extra context menu item: Dodaj do listy blokowanych reklam - C:\Program Files\Avant Browser\AddToADBlackList.htm O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Otwórz w nowym Avant Browser - C:\Program Files\Avant Browser\OpenInNewBrowser.htm O8 - Extra context menu item: Otwórz wszystkie adresy z tej strony… - C:\Program Files\Avant Browser\OpenAllLinks.htm O8 - Extra context menu item: Podświetl - C:\Program Files\Avant Browser\Highlight.htm O8 - Extra context menu item: Szukaj - C:\Program Files\Avant Browser\Search.htm O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll O12 - Plugin for .mpg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
Silent Runners:
“Silent Runners.vbs”, revision 48, http://www.silentrunners.org/ Operating System: Windows XP Output limited to non-default values, except where indicated by “{++}” Startup items buried in registry: --------------------------------- HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} “Gadu-Gadu” = ““C:\Program Files\Gadu-Gadu\gg.exe” /tray” [“Gadu-Gadu S.A.”] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} “MKS_MENU” = “C:\Program Files\MKS\Bin\mks_menu.exe” [“MKS Sp. z o.o.”] “ABREGMON” = “C:\Program Files\MKS\Bin\ABregmon.exe” [“ArcaBit”] “NvCplDaemon” = “RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup” [MS] “avast!” = “C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [null data] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided) -> {HKLM…CLSID} = “Adobe PDF Reader Link Helper” \InProcServer32(Default) = “C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll” [“Adobe Systems Incorporated”] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}(Default) = (no title provided) -> {HKLM…CLSID} = “SSVHelper Class” \InProcServer32(Default) = “C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll” [“Sun Microsystems, Inc.”] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ “{42071714-76d4-11d1-8b24-00a0c9068ff3}” = “Rozszerzenie CPL kadrowania wyświetlania” -> {HKLM…CLSID} = “Rozszerzenie CPL kadrowania wyświetlania” \InProcServer32(Default) = “deskpan.dll” [file not found] “{88895560-9AA2-1069-930E-00AA0030EBC8}” = “Rozszerzenie ikony HyperTerminalu” -> {HKLM…CLSID} = “HyperTerminal Icon Ext” \InProcServer32(Default) = “C:\WINDOWS\System32\hticons.dll” [“Hilgraeve, Inc.”] “{0006F045-0000-0000-C000-000000000046}” = “Microsoft Outlook Custom Icon Handler” -> {HKLM…CLSID} = “Rozszerzenie ikon plików programu Outlook” \InProcServer32(Default) = “C:\Program Files\Microsoft Office\Office10\OLKFSTUB.DLL” [MS] “{42042206-2D85-11D3-8CFF-005004838597}” = “Microsoft Office HTML Icon Handler” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\Program Files\Microsoft Office\Office10\msohev.dll” [MS] “{0A082D00-EC93-11D0-B1E6-80580BC10627}” = “Corel Media Folder Root Menu Handler” -> {HKLM…CLSID} = “Corel Media Folder Root Menu Handler” \InProcServer32(Default) = “C:\Corel\Graphics8\programs\CMFFld80.dll” [empty string] “{0FBF99C1-4127-11D1-B1E6-C17E96D9180A}” = “Folder To Corel Media Folder Menu Handler” -> {HKLM…CLSID} = “Folder To Corel Media Folder Menu Handler” \InProcServer32(Default) = “C:\Corel\Graphics8\programs\CMFFld80.dll” [empty string] “{854AF161-1AE1-11D1-AB9B-00C0F00683EB}” = “Corel Media Folder” -> {HKLM…CLSID} = “Corel Media Folder” \InProcServer32(Default) = “C:\Corel\Graphics8\programs\CMFFld80.dll” [empty string] “{E856F161-1AE5-11d1-AB9B-00C0F00683EB}” = “Corel Media Folder” -> {HKLM…CLSID} = “Corel Media Folder” \InProcServer32(Default) = “C:\Corel\Graphics8\programs\CMFFld80.dll” [empty string] “{CDB89701-262F-11D1-AB9C-00C0F00683EB}” = “Corel Media Find Folder” -> {HKLM…CLSID} = “Corel Media Find Folder” \InProcServer32(Default) = “C:\Corel\Graphics8\programs\CMFFld80.dll” [empty string] “{F8152501-455F-11D1-B1E6-444553540000}” = “Corel Media Folder Copy Hook Handler” -> {HKLM…CLSID} = “Corel Media Folder Copy Hook Handler” \InProcServer32(Default) = “C:\Corel\Graphics8\programs\CMFFld80.dll” [empty string] “{8E524B0D-04F0-11D1-B74A-00A0C90646A4}” = “IconFactTemp.NSIconHandlerFactory” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\Corel\Graphics8\programs\CNSFlt80.dll” [“Corel Corporation”] “{A2AC368A-F883-11D0-B745-00A0C90646A4}” = “NSFiltManDll.FiltManCom” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\Corel\Graphics8\programs\CNSFlt80.dll” [“Corel Corporation”] “{B63FCD5A-2396-11D1-B762-00A0C90646A4}” = “*” (unwritable string) -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\Corel\Graphics8\programs\CMFFnd80.dll” [“Corel Corporation”] “{E0D79304-84BE-11CE-9641-444553540000}” = “WinZip” -> {HKLM…CLSID} = “WinZip” \InProcServer32(Default) = “C:\PROGRA~1\WinZip\WZSHLSTB.DLL” [“WinZip Computing, Inc.”] “{E0D79305-84BE-11CE-9641-444553540000}” = “WinZip” -> {HKLM…CLSID} = “WinZip” \InProcServer32(Default) = “C:\PROGRA~1\WinZip\WZSHLSTB.DLL” [“WinZip Computing, Inc.”] “{E0D79306-84BE-11CE-9641-444553540000}” = “WinZip” -> {HKLM…CLSID} = “WinZip” \InProcServer32(Default) = “C:\PROGRA~1\WinZip\WZSHLSTB.DLL” [“WinZip Computing, Inc.”] “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” = “WinRAR shell extension” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] “{1CDB2949-8F65-4355-8456-263E7C208A5D}” = “Desktop Explorer” -> {HKLM…CLSID} = “Desktop Explorer” \InProcServer32(Default) = “C:\WINDOWS\System32\nvshell.dll” [“NVIDIA Corporation”] “{1E9B04FB-F9E5-4718-997B-B8DA88302A47}” = “Desktop Explorer Menu” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\WINDOWS\System32\nvshell.dll” [“NVIDIA Corporation”] “{A70C977A-BF00-412C-90B7-034C51DA2439}” = “NvCpl DesktopContext Class” -> {HKLM…CLSID} = “DesktopContext Class” \InProcServer32(Default) = “C:\WINDOWS\System32\nvcpl.dll” [“NVIDIA Corporation”] “{1E9B04FB-F9E5-4718-997B-B8DA88302A48}” = “nView Desktop Context Menu” -> {HKLM…CLSID} = “nView Desktop Context Menu” \InProcServer32(Default) = “C:\WINDOWS\System32\nvshell.dll” [“NVIDIA Corporation”] “{FFB699E0-306A-11d3-8BD1-00104B6F7516}” = “Play on my TV helper” -> {HKLM…CLSID} = “NVIDIA CPL Extension” \InProcServer32(Default) = “C:\WINDOWS\System32\nvcpl.dll” [“NVIDIA Corporation”] “{640167b4-59b0-47a6-b335-a6b3c0695aea}” = “Portable Media Devices” -> {HKLM…CLSID} = “Portable Media Devices” \InProcServer32(Default) = “C:\WINDOWS\System32\Audiodev.dll” [MS] “{cc86590a-b60a-48e6-996b-41d25ed39a1e}” = “Portable Media Devices Menu” -> {HKLM…CLSID} = “Portable Media Devices Menu” \InProcServer32(Default) = “C:\WINDOWS\System32\Audiodev.dll” [MS] “{7C9D5882-CB4A-4090-96C8-430BFE8B795B}” = “Webroot Spy Sweeper Context Menu Integration” -> {HKLM…CLSID} = “Webroot Spy Sweeper Context Menu Integration” \InProcServer32(Default) = “C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll” [file not found] “{472083B0-C522-11CF-8763-00608CC02F24}” = “avast” -> {HKLM…CLSID} = “avast” \InProcServer32(Default) = “C:\Program Files\Alwil Software\Avast4\ashShell.dll” [“ALWIL Software”] HKLM\Software\Classes\Folder\shellex\ColumnHandlers\ {F9DB5320-233E-11D1-9F84-707F02C10627}(Default) = “PDF Column Info” -> {HKLM…CLSID} = “PDF Shell Extension” \InProcServer32(Default) = “C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll” [“Adobe Systems, Inc.”] HKLM\Software\Classes*\shellex\ContextMenuHandlers\ avast(Default) = “{472083B0-C522-11CF-8763-00608CC02F24}” -> {HKLM…CLSID} = “avast” \InProcServer32(Default) = “C:\Program Files\Alwil Software\Avast4\ashShell.dll” [“ALWIL Software”] MkS_Vir(Default) = “{CC4245C0-D511-11D0-8918-444553540000}” -> {HKLM…CLSID} = “MkS_Vir Shell Extension” \InProcServer32(Default) = “C:\Program Files\MKS\Bin\MkSShell.dll” [null data] VersionsMenu(Default) = “{03170921-4754-11cf-AB9A-00C0F00683EB}” -> {HKLM…CLSID} = “Corel Versions” \InProcServer32(Default) = “C:\COREL\Versions\CVersion.dll” [“Corel Corporation Limited”] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] WinZip(Default) = “{E0D79304-84BE-11CE-9641-444553540000}” -> {HKLM…CLSID} = “WinZip” \InProcServer32(Default) = “C:\PROGRA~1\WinZip\WZSHLSTB.DLL” [“WinZip Computing, Inc.”] WS_FTP(Default) = “{797F3885-5429-11D4-8823-0050DA59922B}” -> {HKLM…CLSID} = “RtClkCtxMenu Class” \InProcServer32(Default) = “d:\Moje dokumenty\Przemek\My eBooks\Small niche system\Adsense pages\auto_hits_machine\Ipswitch\WS_FTP Professional\wsftpsi.dll” [“Ipswitch, Inc. 10 Maguire Road - Suite 220 Lexington, MA 02421”] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ FolderToCorelMediaFolder(Default) = “{0FBF99C1-4127-11D1-B1E6-C17E96D9180A}” -> {HKLM…CLSID} = “Folder To Corel Media Folder Menu Handler” \InProcServer32(Default) = “C:\Corel\Graphics8\programs\CMFFld80.dll” [empty string] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] WinZip(Default) = “{E0D79304-84BE-11CE-9641-444553540000}” -> {HKLM…CLSID} = “WinZip” \InProcServer32(Default) = “C:\PROGRA~1\WinZip\WZSHLSTB.DLL” [“WinZip Computing, Inc.”] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ avast(Default) = “{472083B0-C522-11CF-8763-00608CC02F24}” -> {HKLM…CLSID} = “avast” \InProcServer32(Default) = “C:\Program Files\Alwil Software\Avast4\ashShell.dll” [“ALWIL Software”] MkS_Vir(Default) = “{CC4245C0-D511-11D0-8918-444553540000}” -> {HKLM…CLSID} = “MkS_Vir Shell Extension” \InProcServer32(Default) = “C:\Program Files\MKS\Bin\MkSShell.dll” [null data] SpySweeper(Default) = “{7C9D5882-CB4A-4090-96C8-430BFE8B795B}” -> {HKLM…CLSID} = “Webroot Spy Sweeper Context Menu Integration” \InProcServer32(Default) = “C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll” [file not found] VersionsMenu(Default) = “{03170921-4754-11cf-AB9A-00C0F00683EB}” -> {HKLM…CLSID} = “Corel Versions” \InProcServer32(Default) = “C:\COREL\Versions\CVersion.dll” [“Corel Corporation Limited”] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] WinZip(Default) = “{E0D79304-84BE-11CE-9641-444553540000}” -> {HKLM…CLSID} = “WinZip” \InProcServer32(Default) = “C:\PROGRA~1\WinZip\WZSHLSTB.DLL” [“WinZip Computing, Inc.”] WS_FTP(Default) = “{797F3885-5429-11D4-8823-0050DA59922B}” -> {HKLM…CLSID} = “RtClkCtxMenu Class” \InProcServer32(Default) = “d:\Moje dokumenty\Przemek\My eBooks\Small niche system\Adsense pages\auto_hits_machine\Ipswitch\WS_FTP Professional\wsftpsi.dll” [“Ipswitch, Inc. 10 Maguire Road - Suite 220 Lexington, MA 02421”] Active Desktop and Wallpaper: ----------------------------- Active Desktop is disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState HKCU\Control Panel\Desktop\ “Wallpaper” = “C:\Documents and Settings\Przemek Sowa\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp” Enabled Screen Saver: --------------------- HKCU\Control Panel\Desktop\ “SCRNSAVE.EXE” = “C:\WINDOWS\System32\AVASTSS.scr” [“ALWIL Software”] Enabled Scheduled Tasks: ------------------------ “MkSUpdate” -> launches: “C:\Program Files\MKS\bin\mks_upd.exe Task” [“MkS Sp. z o. o.”] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] 000000000002\LibraryPath = “%SystemRoot%\System32\winrnr.dll” [MS] 000000000003\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 13 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\ “{2318C2B1-4965-11D4-9B18-009027A5CD4F}” -> {HKLM…CLSID} = “&Google” \InProcServer32(Default) = “c:\program files\google\googletoolbar4.dll” [file not found] HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ “{2318C2B1-4965-11D4-9B18-009027A5CD4F}” -> {HKLM…CLSID} = “&Google” \InProcServer32(Default) = “c:\program files\google\googletoolbar4.dll” [file not found] All Non-Disabled Services (Display Name, Service Name, Path {Service DLL}): --------------------------------------------------------------------------- avast! Antivirus, avast! Antivirus, ““C:\Program Files\Alwil Software\Avast4\ashServ.exe”” [null data] avast! iAVS4 Control Service, aswUpdSv, ““C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe”” [null data] avast! Web Scanner, avast! Web Scanner, ““C:\Program Files\Alwil Software\Avast4\ashWebSv.exe” /service” [“ALWIL Software”] InstallDriver Table Manager, IDriverT, “C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe” [“Macrovision Corporation”] Karta wydajności WMI, WmiApSrv, “C:\WINDOWS\System32\wbem\wmiapsrv.exe” [MS] LexBce Server, LexBceS, “C:\WINDOWS\system32\LEXBCES.EXE” [“Lexmark International, Inc.”] Machine Debug Manager, MDM, ““C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe”” [MS] NVIDIA Display Driver Service, NVSvc, “C:\WINDOWS\System32\nvsvc32.exe” [“NVIDIA Corporation”] Portable Media Serial Number Service, WmdmPmSN, “C:\WINDOWS\System32\svchost.exe -k netsvcs” {“C:\WINDOWS\System32\MsPMSNSv.dll” [MS]} Usługa administracyjna Menedżera dysków logicznych, dmadmin, “C:\WINDOWS\System32\dmadmin.exe /com” [“Microsoft Corp., Veritas Software”] Windows User Mode Driver Framework, UMWdf, “C:\WINDOWS\System32\wdfmgr.exe” [MS] Print Monitors: --------------- HKLM\System\CurrentControlSet\Control\Print\Monitors\ Lexmark Network Port\Driver = “LEXLMPM.DLL” [“Lexmark International, Inc.”] ---------- + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + To search all directories of local fixed drives for DESKTOP.INI DLL launch points and all Registry CLSIDs for dormant Explorer Bars, use the -supp parameter or answer “No” at the first message box. ---------- (total run time: 2300 seconds, including 6 seconds for message boxes)
Voidan
(Musashi Maru)
20 Marzec 2007 20:33
#3
W takim razie co z nim mogę zrobić? Avant browser nie działa komp zwalnia a co czas jakiś wyskakuje komunikat, że “pamięć nie może być read…”???
Złączono Posta : 20.03.2007 (Wto) 21:34
Aha - przywracanie systemu też nie działa…
Uzi
(Uzi)
20 Marzec 2007 20:56
#4
1.Przeprowadzić testy programami do testowania pamięci RAM Klik
2.Problemem również mogą być wadliwe lub źle zainstalowane sterowniki urządzeń, kodeki.
3.W miarę możliwości korzystać z usługi Windows Update-Microsoft często po zaobserwowaniu lub przedłożeniu mu jakiegoś konkretnego problemu wypuszcza updaty
Voidan
(Musashi Maru)
20 Marzec 2007 22:48
#5
Dowcip polega na tym, że nie instalowałem ostatnio żadnych sterowników/kodeków. Miałem za to sporo wirusów/spyware’ów (jakieś 3-4 dni temu). Wysiekłem co się dało używając avasta i ad-aware’a, które mam na kompie oraz mks online i ewido antyspyware online. Najwidoczniej jednak coś mi zostało, bo od tych kilku dni mam problemy. Sprawdźcie może jeszcze sturtuplist z hijackthis. Może w services mam coś nachrzanione?? Więcej wam tym głowy nie zawrócę, bo skończyły mi się programy diagnostyczne… :twisted:
Jeszcze tylko pytanie - dlaczego przywracanie systemu nie działa? Włącza się, ale na końcu mówi, że się nie powiodło, bo nie mogło przywrócić do wybranego punktu (wybieram punkty kontrolne systemu) i nie dokonało żadnych zmian…?
Sturtuplist z HijackThis:
StartupList report, 2007-03-20, 23:25:11 StartupList version: 1.52.2 Started from : d:\Moje dokumenty\Przemek\Antyviry\hijackthis\HijackThis.EXE Detected: Windows XP (WinNT 5.01.2600) Detected: Internet Explorer v6.00 SP1 (6.00.2600.0000) * Using default options * Including empty and uninteresting sections * Showing rarely important sections ================================================== Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\LEXPPS.EXE C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\wdfmgr.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\System32\taskmgr.exe C:\Program Files\Alwil Software\Avast4\ashSimpl.exe d:\Moje dokumenty\Przemek\Antyviry\hijackthis\HijackThis.exe -------------------------------------------------- Listing of startup folders: Shell folders Startup: [C] *No files* Shell folders AltStartup: *Folder not found* User shell folders Startup: *Folder not found* User shell folders AltStartup: *Folder not found* Shell folders Common Startup: [C] *No files* Shell folders Common AltStartup: *Folder not found* User shell folders Common Startup: *Folder not found* User shell folders Alternate Common Startup: *Folder not found* -------------------------------------------------- Checking Windows NT UserInit: [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] UserInit = C:\WINDOWS\system32\userinit.exe, [HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon] *Registry key not found* [HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] *Registry value not found* [HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon] *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\Run MKS_MENU = C:\Program Files\MKS\Bin\mks_menu.exe ABREGMON = C:\Program Files\MKS\Bin\ABregmon.exe NvCplDaemon = RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup avast! = C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce *No values found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx *No values found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices *No values found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\Run Gadu-Gadu = “C:\Program Files\Gadu-Gadu\gg.exe” /tray -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce *No values found* -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx *No values found* -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices *No values found* -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\Run [OptionalComponents] *No values found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\Run *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run *Registry key not found* -------------------------------------------------- File association entry for .EXE: HKEY_CLASSES_ROOT\exefile\shell\open\command (Default) = “%1” %* -------------------------------------------------- File association entry for .COM: HKEY_CLASSES_ROOT\comfile\shell\open\command (Default) = “%1” %* -------------------------------------------------- File association entry for .BAT: HKEY_CLASSES_ROOT\batfile\shell\open\command (Default) = “%1” %* -------------------------------------------------- File association entry for .PIF: HKEY_CLASSES_ROOT\piffile\shell\open\command (Default) = “%1” %* -------------------------------------------------- File association entry for .SCR: HKEY_CLASSES_ROOT\scrfile\shell\open\command (Default) = “%1” /S -------------------------------------------------- File association entry for .HTA: HKEY_CLASSES_ROOT\htafile\shell\open\command (Default) = C:\WINDOWS\System32\mshta.exe “%1” %* -------------------------------------------------- File association entry for .TXT: HKEY_CLASSES_ROOT\txtfile\shell\open\command (Default) = %SystemRoot%\system32\NOTEPAD.EXE %1 -------------------------------------------------- Enumerating Active Setup stub paths: HKLM\Software\Microsoft\Active Setup\Installed Components (* = disabled by HKCU twin) [>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP [>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] * StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP [{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] * StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll [{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] * StubPath = “%ProgramFiles%\Outlook Express\setup50.exe” /APP:OE /CALLER:WINNT /user /install [{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] * StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT [{5945c046-1e7d-11d1-bc44-00c04fd912be}] * StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.Install.PerUser [{6BF52A52-394A-11d3-B153-00C04F79FAA6}] * StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub [{7790769C-0471-11d2-AF11-00C04FA35D02}] * StubPath = “%ProgramFiles%\Outlook Express\setup50.exe” /APP:WAB /CALLER:WINNT /user /install [{89820200-ECBD-11cf-8B85-00AA005B4340}] * StubPath = regsvr32.exe /s /n /i:U shell32.dll [{89820200-ECBD-11cf-8B85-00AA005B4383}] * StubPath = %SystemRoot%\System32\ie4uinit.exe [{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}] * StubPath = %SystemRoot%\System32\updcrl.exe -e -u %SystemRoot%\System32\verisignpub1.crl [{ACC563BC-4266-43f0-B6ED-9D38C4202C7E}] * StubPath = rundll32 iesetup.dll,IEAccessUserInst -------------------------------------------------- Enumerating ICQ Agent Autostart apps: HKCU\Software\Mirabilis\ICQ\Agent\Apps *Registry key not found* -------------------------------------------------- Load/Run keys from C:\WINDOWS\WIN.INI: load=*INI section not found* run=*INI section not found* Load/Run keys from Registry: HKLM…\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found* HKLM…\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found* HKLM…\Windows\CurrentVersion\WinLogon: load=*Registry key not found* HKLM…\Windows\CurrentVersion\WinLogon: run=*Registry key not found* HKCU…\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found* HKCU…\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found* HKCU…\Windows\CurrentVersion\WinLogon: load=*Registry key not found* HKCU…\Windows\CurrentVersion\WinLogon: run=*Registry key not found* HKCU…\Windows NT\CurrentVersion\Windows: load= HKCU…\Windows NT\CurrentVersion\Windows: run=*Registry value not found* HKLM…\Windows NT\CurrentVersion\Windows: load=*Registry value not found* HKLM…\Windows NT\CurrentVersion\Windows: run=*Registry value not found* HKLM…\Windows NT\CurrentVersion\Windows: AppInit_DLLs= -------------------------------------------------- Shell & screensaver key from C:\WINDOWS\SYSTEM.INI: Shell=*INI section not found* SCRNSAVE.EXE=*INI section not found* drivers=*INI section not found* Shell & screensaver key from Registry: Shell=explorer.exe SCRNSAVE.EXE=C:\WINDOWS\System32\AVASTSS.scr drivers=*Registry value not found* Policies Shell key: HKCU…\Policies: Shell=*Registry value not found* HKLM…\Policies: Shell=*Registry value not found* -------------------------------------------------- Checking for EXPLORER.EXE instances: C:\WINDOWS\Explorer.exe: PRESENT! C:\Explorer.exe: not present C:\WINDOWS\Explorer\Explorer.exe: not present C:\WINDOWS\System\Explorer.exe: not present C:\WINDOWS\System32\Explorer.exe: not present C:\WINDOWS\Command\Explorer.exe: not present C:\WINDOWS\Fonts\Explorer.exe: not present -------------------------------------------------- Checking for superhidden extensions: .lnk: HIDDEN! (arrow overlay: yes) .pif: HIDDEN! (arrow overlay: yes) .exe: not hidden .com: not hidden .bat: not hidden .hta: not hidden .scr: not hidden .shs: HIDDEN! .shb: HIDDEN! .vbs: not hidden .vbe: not hidden .wsh: not hidden .scf: HIDDEN! (arrow overlay: NO!) .url: HIDDEN! (arrow overlay: yes) .js: not hidden .jse: not hidden -------------------------------------------------- Verifying REGEDIT.EXE integrity: - Regedit.exe found in C:\WINDOWS - .reg open command is normal (regedit.exe %1) - Company name OK: ‘Microsoft Corporation’ - Original filename OK: ‘REGEDIT.EXE’ - File description: ‘Edytor rejestru’ Registry check passed -------------------------------------------------- Enumerating Browser Helper Objects: (no name) - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (no name) - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -------------------------------------------------- Enumerating Task Scheduler jobs: MkSUpdate.job -------------------------------------------------- Enumerating Download Program Files: [{0000000A-9980-0010-8000-00AA00389B71}] CODEBASE = http://download.microsoft.com/download/ … sp9dmo.cab [shockwave ActiveX Control] InProcServer32 = C:\WINDOWS\system32\Macromed\Director\SwDir.dll CODEBASE = http://fpdownload.macromedia.com/get/sh … tor/sw.cab [ewidoOnlineScan Control] InProcServer32 = C:\WINDOWS\DOWNLO~1\EWIDOO~1.DLL CODEBASE = http://downloads.ewido.net/ewidoOnlineScan.cab [{3334504D-9980-0010-8000-00AA00389B71}] CODEBASE = http://download.microsoft.com/download/ … p43dmo.CAB [{33564D57-0000-0010-8000-00AA00389B71}] CODEBASE = http://download.microsoft.com/download/ … mv9VCM.CAB [{33564D57-9980-0010-8000-00AA00389B71}] CODEBASE = http://download.microsoft.com/download/ … mv9dmo.cab [Office Update Installation Engine] InProcServer32 = C:\WINDOWS\opuc.dll CODEBASE = http://office.microsoft.com/officeupdat … /opuc3.cab [MksSkanerOnline Class] InProcServer32 = C:\WINDOWS\System32\SkanerOnline.dll CODEBASE = http://www.mks.com.pl/skaner/SkanerOnline.cab [Java Plug-in] InProcServer32 = C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll CODEBASE = http://java.sun.com/update/1.5.0/jinsta … s-i586.cab [Java Plug-in] InProcServer32 = C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll CODEBASE = http://java.sun.com/update/1.5.0/jinsta … s-i586.cab [Java Plug-in] InProcServer32 = C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll CODEBASE = http://java.sun.com/update/1.5.0/jinsta … s-i586.cab [Java Plug-in 1.5.0_06] InProcServer32 = C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll CODEBASE = http://java.sun.com/update/1.5.0/jinsta … s-i586.cab [shockwave Flash Object] InProcServer32 = C:\WINDOWS\System32\Macromed\Flash\Flash8.ocx CODEBASE = http://fpdownload.macromedia.com/pub/sh … wflash.cab -------------------------------------------------- Enumerating Winsock LSP files: NameSpace #1: C:\WINDOWS\System32\mswsock.dll NameSpace #2: C:\WINDOWS\System32\winrnr.dll NameSpace #3: C:\WINDOWS\System32\mswsock.dll Protocol #1: C:\WINDOWS\system32\mswsock.dll Protocol #2: C:\WINDOWS\system32\mswsock.dll Protocol #3: C:\WINDOWS\system32\mswsock.dll Protocol #4: C:\WINDOWS\system32\rsvpsp.dll Protocol #5: C:\WINDOWS\system32\rsvpsp.dll Protocol #6: C:\WINDOWS\system32\mswsock.dll Protocol #7: C:\WINDOWS\system32\mswsock.dll Protocol #8: C:\WINDOWS\system32\mswsock.dll Protocol #9: C:\WINDOWS\system32\mswsock.dll Protocol #10: C:\WINDOWS\system32\mswsock.dll Protocol #11: C:\WINDOWS\system32\mswsock.dll Protocol #12: C:\WINDOWS\system32\mswsock.dll Protocol #13: C:\WINDOWS\system32\mswsock.dll -------------------------------------------------- Enumerating Windows NT/2000/XP services ArcaBit NetMonitor: C:\Program Files\MKS\Bin\NetMonSV.exe (disabled) ABTDI: ??\C:\Program Files\MKS\Bin\ABTDI.sys (system) Sterownik Microsoft ACPI: System32\DRIVERS\ACPI.sys (system) Microsoft Kernel Acoustic Echo Canceller: system32\drivers\aec.sys (manual start) Środowisko obsługi sieci AFD: \SystemRoot\System32\drivers\afd.sys (autostart) Urządzenie alarmowe: %SystemRoot%\System32\svchost.exe -k LocalService (manual start) Usługa bramy warstwy aplikacji: %SystemRoot%\System32\alg.exe (manual start) Zarządzanie aplikacjami: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start) avast! iAVS4 Control Service: “C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe” (autostart) Sterownik multimediów asynchronicznych RAS: System32\DRIVERS\asyncmac.sys (manual start) Standardowy kontroler dysku twardego IDE/ESDI: System32\DRIVERS\atapi.sys (system) ati: System32\DRIVERS\ati.sys (manual start) Protokół klienta ARP ATM: System32\DRIVERS\atmarpc.sys (manual start) Windows Audio: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Sterownik Audio Stub: System32\DRIVERS\audstub.sys (manual start) avast! Antivirus: “C:\Program Files\Alwil Software\Avast4\ashServ.exe” (autostart) avast! Web Scanner: “C:\Program Files\Alwil Software\Avast4\ashWebSv.exe” /service (manual start) Usługa inteligentnego transferu w tle: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Przeglądarka komputera: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Sterownik stacji dysków CD-ROM: System32\DRIVERS\cdrom.sys (system) Usługa indeksowania: C:\WINDOWS\System32\cisvc.exe (manual start) ClipBook: %SystemRoot%\system32\clipsrv.exe (manual start) Aplikacja systemowa modelu COM+: C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start) Usługi kryptograficzne: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) CsdDriver: ??\C:\WINDOWS\System32\CsdDriver.sys (manual start) Klient DHCP: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Sterownik dysku: System32\DRIVERS\disk.sys (system) Usługa administracyjna Menedżera dysków logicznych: %SystemRoot%\System32\dmadmin.exe /com (manual start) dmboot: System32\drivers\dmboot.sys (disabled) Sterownik Menedżera dysków logicznych: System32\drivers\dmio.sys (system) dmload: System32\drivers\dmload.sys (system) Menedżer dysków logicznych: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Syntezator Microsoft Kernel DLS: system32\drivers\DMusic.sys (manual start) Klient DNS: %SystemRoot%\System32\svchost.exe -k NetworkService (autostart) Microsoft Kernel DRM Audio Descrambler: system32\drivers\drmkaud.sys (manual start) Usługa raportowania błędów: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Dziennik zdarzeń: %SystemRoot%\system32\services.exe (autostart) System zdarzeń COM+: C:\WINDOWS\System32\svchost.exe -k netsvcs (manual start) EXAMPLE: ??\C:\WINDOWS\System32\main.sys (system) EXAMPLE1: ??\C:\WINDOWS\System32\ksys.sys (manual start) Zgodność szybkiego przełączania użytkowników: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled) Sterownik kontrolera stacji dyskietek: System32\DRIVERS\fdc.sys (manual start) Sterownik stacji dyskietek: System32\DRIVERS\flpydisk.sys (manual start) Sterownik Menedżera woluminów: System32\DRIVERS\ftdisk.sys (system) Licznik portów gier: System32\DRIVERS\gameenum.sys (manual start) Remote Procedure Call (RPC) Extensions: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled) GDI kernel srvc: ??\C:\WINDOWS\System32\gdiw2k.sys (system) Rodzajowy klasyfikator pakietu: System32\DRIVERS\msgpc.sys (manual start) Pomoc i obsługa techniczna: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Dostęp do urządzeń interfejsu HID: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled) Sterownik portu klawiatury i8042 i myszy PS/2: System32\DRIVERS\i8042prt.sys (system) InstallDriver Table Manager: C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe (manual start) Usługa COM nagrywania dysków CD IMAPI: C:\WINDOWS\System32\imapi.exe (manual start) Sterownik filtru ruchu IP: System32\DRIVERS\ipfltdrv.sys (manual start) Sterownik IP w tunelu IP: System32\DRIVERS\ipinip.sys (manual start) Translator adresów sieciowych IP: System32\DRIVERS\ipnat.sys (manual start) Sterownik IPSEC: System32\DRIVERS\ipsec.sys (system) Usługa wyliczania IR: System32\DRIVERS\irenum.sys (manual start) Sterownik PnP magistrali ISA/EISA: System32\DRIVERS\isapnp.sys (system) Sterownik klasy klawiatury: System32\DRIVERS\kbdclass.sys (system) Microsoft Kernel Wave Audio Mixer: system32\drivers\kmixer.sys (manual start) Serwer: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Stacja robocza: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) LexBce Server: C:\WINDOWS\system32\LEXBCES.EXE (autostart) Pomoc TCP/IP NetBIOS: %SystemRoot%\System32\svchost.exe -k LocalService (autostart) Machine Debug Manager: “C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe” (autostart) Posłaniec: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled) MkS_Mon Kernel Engine: ??\C:\Program Files\MKS\Bin\MksMonEn.sys (manual start) MkS_Mon Kernel Events: ??\C:\Program Files\MKS\Bin\MksMonEv.sys (manual start) MkS_Mon Kernel Filter Driver: ??\C:\Program Files\MKS\Bin\MksMonFd.sys (manual start) MkSUpdateInt: C:\Program Files\MKS\bin\MkSUpdateInt.exe (disabled) MkS_Vir Monitor: C:\Program Files\MKS\Bin\mksmonsv.exe (disabled) MkS_Scan: C:\Program Files\MKS\Bin\mks_scan.exe (disabled) NetMeeting Remote Desktop Sharing: C:\WINDOWS\System32\mnmsrvc.exe (manual start) Sterownik klasy myszy: System32\DRIVERS\mouclass.sys (system) Readresator klienta WebDav: System32\DRIVERS\mrxdav.sys (manual start) MRXSMB: System32\DRIVERS\mrxsmb.sys (system) Distributed Transaction Coordinator: C:\WINDOWS\System32\msdtc.exe (manual start) Instalator Windows: C:\WINDOWS\System32\msiexec.exe /V (manual start) Serwer proxy usługi Microsoft Streaming: system32\drivers\MSKSSRV.sys (manual start) Serwer proxy zegara Microsoft Streaming: system32\drivers\MSPCLOCK.sys (manual start) Serwer proxy menedżera jakości Microsoft Streaming: system32\drivers\MSPQM.sys (manual start) Sterownik usługi Dostęp zdalny NDIS TAPI: System32\DRIVERS\ndistapi.sys (manual start) Protokół We/Wy trybu użytkownika NDIS: System32\DRIVERS\ndisuio.sys (manual start) Sterownik usługi Dostęp zdalny NDIS WAN: System32\DRIVERS\ndiswan.sys (manual start) Interfejs NetBIOS: System32\DRIVERS\netbios.sys (system) NetBios przez TCP/IP: System32\DRIVERS\netbt.sys (system) DDE sieci: %SystemRoot%\system32\netdde.exe (manual start) DSDM DDE sieci: %SystemRoot%\system32\netdde.exe (manual start) Logowanie do sieci: %SystemRoot%\System32\lsass.exe (manual start) Połączenia sieciowe: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) Rozpoznawanie lokalizacji w sieci (NLA): %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) ntio256: ??\C:\WINDOWS\System32\ntio256.sys (autostart) Usługa NT LM Security Support Provider: %SystemRoot%\System32\lsass.exe (manual start) Magazyn wymienny: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start) nv: System32\DRIVERS\nv4_mini.sys (manual start) nv4: System32\DRIVERS\nv4.sys (manual start) NVIDIA Display Driver Service: %SystemRoot%\System32\nvsvc32.exe (autostart) Sterownik filtru ruchu IPX: System32\DRIVERS\nwlnkflt.sys (manual start) Sterownik usług przesyłania dalej ruchu IPX: System32\DRIVERS\nwlnkfwd.sys (manual start) Sterownik portu równoległego: System32\DRIVERS\parport.sys (manual start) Sterownik magistrali PCI: System32\DRIVERS\pci.sys (system) Plug and Play: %SystemRoot%\system32\services.exe (autostart) Usługi IPSEC: %SystemRoot%\System32\lsass.exe (autostart) WAN Miniport (PPTP): System32\DRIVERS\raspptp.sys (manual start) Sterownik procesora: System32\DRIVERS\processr.sys (system) Magazyn chroniony: %SystemRoot%\system32\lsass.exe (autostart) Harmonogram pakietów QoS: System32\DRIVERS\psched.sys (manual start) Sterownik bezpośredniego połączenia kablowego: System32\DRIVERS\ptilink.sys (manual start) FPU mainboard extention: ??\C:\WINDOWS\System32\ramvxt.sys (system) Sterownik automatycznego połączenia dostępu zdalnego: System32\DRIVERS\rasacd.sys (system) Menedżer autopołączenia dostępu zdalnego: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) WAN Miniport (L2TP): System32\DRIVERS\rasl2tp.sys (manual start) Menedżer połączeń usługi Dostęp zdalny: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) Sterownik usługi Dostęp zdalny PPPOE: System32\DRIVERS\raspppoe.sys (manual start) Bezpośrednie połączenie kablowe: System32\DRIVERS\raspti.sys (manual start) Rdbss: System32\DRIVERS\rdbss.sys (system) RDPCDD: System32\DRIVERS\RDPCDD.sys (system) Sterownik przekierowania urządzenia serwera terminali: System32\DRIVERS\rdpdr.sys (manual start) Menedżer sesji pomocy pulpitu zdalnego: C:\WINDOWS\system32\sessmgr.exe (manual start) Sterownik filtru odtwarzania audio cyfrowych dysków CD: System32\DRIVERS\redbook.sys (system) Routing i dostęp zdalny: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled) Rejestr zdalny: %SystemRoot%\system32\svchost.exe -k LocalService (manual start) Lokalizator usługi zdalnego wywołania procedury (RPC): %SystemRoot%\System32\locator.exe (manual start) Zdalne wywoływanie procedur (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart) QoS RSVP: %SystemRoot%\System32\rsvp.exe (manual start) Runtime: ??\C:\WINDOWS\System32\drivers\runtime.sys (manual start) Menedżer kont zabezpieczeń: %SystemRoot%\system32\lsass.exe (autostart) Pomocnik karty inteligentnej: %SystemRoot%\System32\SCardSvr.exe (manual start) Karta inteligentna: %SystemRoot%\System32\SCardSvr.exe (manual start) Harmonogram zadań: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Secdrv: System32\DRIVERS\secdrv.sys (autostart) Logowanie pomocnicze: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled) Zawiadomienie o zdarzeniu systemowym: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) Sterownik filtru Serenum: System32\DRIVERS\serenum.sys (manual start) Sterownik portu szeregowego: System32\DRIVERS\serial.sys (system) Sterownik myszy szeregowej: System32\DRIVERS\sermouse.sys (manual start) Zapora połączenia internetowego / Udostępnianie połączenia internetowego: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled) Wykrywanie sprzętu powłoki: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Microsoft Kernel Audio Splitter: system32\drivers\splitter.sys (manual start) Bufor wydruku: %SystemRoot%\system32\spoolsv.exe (autostart) Sterownik filtru Przywracania systemu: System32\DRIVERS\sr.sys (system) Usługa przywracania systemu: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Srv: System32\DRIVERS\srv.sys (manual start) Usługa odnajdywania SSDP: %SystemRoot%\System32\svchost.exe -k LocalService (manual start) Windows Image Acquisition (WIA): %SystemRoot%\System32\svchost.exe -k imgsvc (manual start) Sterownik magistrali programowej: System32\DRIVERS\swenum.sys (manual start) Syntezator tablicy dźwięków WAVE Microsoft Kernel GS: system32\drivers\swmidi.sys (manual start) MS Software Shadow Copy Provider: C:\WINDOWS\System32\dllhost.exe /Processid:{3DD99F26-71E5-400A-8644-51D1FE16544D} (manual start) Urządzenie audio Microsoft Kernel System: system32\drivers\sysaudio.sys (manual start) Dzienniki wydajności i alerty: %SystemRoot%\system32\smlogsvc.exe (manual start) Telefonia: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) Sterownik protokołu TCP/IP: System32\DRIVERS\tcpip.sys (system) Sterownik urządzenia terminalu: System32\DRIVERS\termdd.sys (system) Usługi terminalowe: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled) Kompozycje: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Telnet: C:\WINDOWS\System32\tlntsvr.exe (disabled) Klient śledzenia łączy rozproszonych: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) Windows User Mode Driver Framework: C:\WINDOWS\System32\wdfmgr.exe (autostart) Sterownik Microcode Update: System32\DRIVERS\update.sys (manual start) Menedżer przekazywania: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Host uniwersalnego urządzenia Plug and Play: %SystemRoot%\System32\svchost.exe -k LocalService (manual start) Zasilacz awaryjny (UPS): %SystemRoot%\System32\ups.exe (manual start) Koncentrator z obsługą USB2: System32\DRIVERS\usbhub.sys (manual start) Klasa PRINTER USB Microsoft: System32\DRIVERS\usbprint.sys (manual start) Sterownik magazynu masowego USB: System32\DRIVERS\USBSTOR.SYS (manual start) Sterownik Miniport uniwersalnego kontrolera hosta USB Microsoft: System32\DRIVERS\usbuhci.sys (manual start) Arris Remote NDIS Network Device Driver: System32\DRIVERS\usb8023.sys (manual start) VgaSave: \SystemRoot\System32\drivers\vga.sys (system) Filtr magistrali AGP VIA: System32\DRIVERS\viaagp.sys (system) ViaIde: System32\DRIVERS\viaide.sys (system) Kontroler VIA AC’97 Audio (WDM): system32\drivers\ac97via.sys (manual start) Kopiowanie woluminów w tle: %SystemRoot%\System32\vssvc.exe (manual start) Usługa Czas systemu Windows: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Sterownik usługi Dostęp zdalny IP ARP: System32\DRIVERS\wanarp.sys (manual start) Sterownik zgodności audio Microsoft WINMM WDM: system32\drivers\wdmaud.sys (manual start) WebClient: %SystemRoot%\System32\svchost.exe -k LocalService (autostart) wincom32: ??\C:\WINDOWS\System32\wincom32.sys (autostart) Instrumentacja zarządzania Windows: %systemroot%\system32\svchost.exe -k netsvcs (autostart) Portable Media Serial Number Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) Rozszerzenia sterownika Instrumentacji zarządzania Windows: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) Karta wydajności WMI: C:\WINDOWS\System32\wbem\wmiapsrv.exe (manual start) Aktualizacje automatyczne: %systemroot%\system32\svchost.exe -k netsvcs (manual start) Konfiguracja zerowej sieci bezprzewodowej: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) -------------------------------------------------- Enumerating Windows NT logon/logoff scripts: *No scripts set to run* Windows NT checkdisk command: BootExecute = autocheck autochk * Windows NT ‘Wininit.ini’: PendingFileRenameOperations: *Registry value not found* -------------------------------------------------- Enumerating ShellServiceObjectDelayLoad items: PostBootReminder: C:\WINDOWS\system32\SHELL32.dll CDBurn: C:\WINDOWS\system32\SHELL32.dll WebCheck: C:\WINDOWS\System32\webcheck.dll SysTray: C:\WINDOWS\System32\stobject.dll -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run *No values found* -------------------------------------------------- End of report, 32 496 bytes Report generated in 6,820 seconds Command line options: /verbose - to add additional info on each section /complete - to include empty sections and unsuspicious data /full - to include several rarely-important sections /force9x - to include Win9x-only startups even if running on WinNT /forcent - to include WinNT-only startups even if running on Win9x /forceall - to include all Win9x and WinNT startups, regardless of platform /history - to list version history only
Złączono Posta : 21.03.2007 (Sro) 12:10
Właśnie zauważyłem, że avant browser odpala się sam razem ze startem kompa (nie widać go, ale menedżer zadań pokazuje, że żre 60 - 80 procent CPU). Dodatkowo w menedżerze zadań przestała wyświetlać się nazwa użytkownika…
HELP :evil: