elvo86
17 Wrzesień 2006 11:10
#1
Mam taki problem:
Po załadowaniu się windowsa mniej-więcej w ciągu minuty komputer się zawiesza, tj. nie uruchamiają się żadne programy przez ok. 5 minut, po czym nagle wszystkie uruchamiają się jednocześnie. Udało mi się szybko uruchomić menedżera zadań, a gdy już się zawiesił proces o nazwie svchost.exe (nie, nie ma błędu w nazwie) wykorzystywał ok. 95% mojego procesora.
Skanowałem już system programami avast! i spybot: search & destroy ale niestety nie wykryły one żadnych problemów z tym związanych.
Tu są logi z Hijacka:
Logfile of HijackThis v1.99.1 Scan saved at 12:29:27, on 2006-09-17 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: D:\WINDOWS\System32\smss.exe D:\WINDOWS\system32\winlogon.exe D:\WINDOWS\system32\services.exe D:\WINDOWS\system32\lsass.exe D:\WINDOWS\system32\Ati2evxx.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\system32\spoolsv.exe D:\WINDOWS\system32\ASWLSVC.exe D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe D:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe D:\Program Files\Alwil Software\Avast4\ashServ.exe D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe D:\Program Files\Alwil Software\Avast4\ashWebSv.exe D:\WINDOWS\system32\Ati2evxx.exe D:\WINDOWS\Explorer.EXE D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe D:\Program Files\ASUS\WLAN Card Utilities\Center.exe D:\Program Files\Common Files{04F2AF51-0354-1045-1229-000504100030}\Update.exe D:\Program Files\Gadu-Gadu\gg.exe D:\Program Files\Skype\Phone\Skype.exe D:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe D:\WINDOWS\System32\svchost.exe D:\PROGRA~1\MOZILL~1\FIREFOX.EXE D:\WINDOWS\system32\svchost.exe D:\WINDOWS\system32\taskmgr.exe D:\Program Files\Uniblue\Registry Booster\RegistryBooster.exe D:\Program Files\WinRAR\WinRAR.exe D:\DOCUME~1\WORLDO~1\USTAWI~1\Temp\Rar$EX00.236\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://megapanel.gem.pl/q.php?s=EsCNNMj … 064511&n=1 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O1 - Hosts: AmsServer O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll O4 - HKLM…\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM…\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe O4 - HKLM…\Run: [Control Center] D:\Program Files\ASUS\WLAN Card Utilities\Center.exe O4 - HKCU…\Run: [Gadu-Gadu] “D:\Program Files\Gadu-Gadu\gg.exe” /tray O4 - HKCU…\Run: [skype] “D:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized O4 - HKCU…\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] “D:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe” O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra ‘Tools’ menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {2AF973E9-21D2-4BCE-AB51-9DE67165A7C4} (ActiveGL Control) - http://www.sulaco.co.za/opengl/ActiveGLProject.ocx O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.netsecure.pl/scan8/oscan8.cab O17 - HKLM\System\CCS\Services\Tcpip…{23DD4939-60EF-4A5F-BFD6-E4846D83AB1A}: NameServer = 194.204.152.34,194.204.159.1 O17 - HKLM\System\CCS\Services\Tcpip…{4F48C195-167D-4EF6-BBE9-40924D3D1956}: NameServer = 194.204.159.1,194.204.152.34 O17 - HKLM\System\CCS\Services\Tcpip…{69162F60-EB00-422C-8803-9BB25BB762CF}: NameServer = 194.204.159.1,194.204.152.34 O17 - HKLM\System\CCS\Services\Tcpip…{6B80FBF7-CFC4-42F6-9608-5415CC1FC55F}: NameServer = 194.204.159.1,194.204.152.34 O17 - HKLM\System\CCS\Services\Tcpip…{6E07377E-4F16-44F8-97C8-E7A4EA87A8EF}: NameServer = 194.204.159.1,194.204.152.34 O17 - HKLM\System\CCS\Services\Tcpip…{8F4A2AA6-9B5D-461D-9C72-6A1EFF708A09}: NameServer = 194.204.159.1,194.204.152.34 O17 - HKLM\System\CCS\Services\Tcpip…{DD9B8B99-30D3-411C-B5A1-D7D5C8709C33}: NameServer = 194.204.159.1,194.204.152.34 O17 - HKLM\System\CS1\Services\Tcpip…{23DD4939-60EF-4A5F-BFD6-E4846D83AB1A}: NameServer = 194.204.152.34,194.204.159.1 O17 - HKLM\System\CS2\Services\Tcpip…{23DD4939-60EF-4A5F-BFD6-E4846D83AB1A}: NameServer = 194.204.152.34,194.204.159.1 O17 - HKLM\System\CS3\Services\Tcpip…{23DD4939-60EF-4A5F-BFD6-E4846D83AB1A}: NameServer = 194.204.152.34,194.204.159.1 O20 - Winlogon Notify: winqpb32 - winqpb32.dll (file missing) O23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: ASWLSVC - Unknown owner - D:\WINDOWS\system32\ASWLSVC.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe O23 - Service: Autodesk Licensing Service - Unknown owner - D:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: avast! Antivirus - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
Proszę o pomoc
Bieniol
17 Wrzesień 2006 11:25
#2
W trybie awaryjnym z wyłączonym przywracaniem systemu usuwasz (wpisy Hijackiem, pliki/foldery na czerwono ręcznie z dysku):
Po zabiegach nowy log z Hijacka + log z Silent Runners
system
17 Wrzesień 2006 12:02
#3
1 - masz ustawione automatyczne wykrywanie sieci , i odnawianie IP ???
2 - Zawieszenie komputera w trakcie startu
Jeżeli w czasie startu system się zawiesza i przez 2-3 minut cały pasek zadań włącznie z przyciskiem Start jest niedostępny przyczyną może być jedna z usług działających w tle, a mianowicie Background Intelligent Transfer Service (Usługa inteligentnego transferu w tle). Problem powinna rozwiązać poprawka Microsoftu Q314862_WXP_SP1_x86_PLK.exe Jeśli jej zainstalowanie nie przyniesie oczekiwanego skutku usługę należy wyłączyć. Z menu Start wybieramy Uruchom i wpisujemy services.msc. Teraz trzeba odszukać usługę na liście w prawej części okna, kliknąć na nią dwukrotnie i w oknie konfiguracyjnym wybrać tryb uruchamiania - Wyłączona. Po zatwierdzeniu należy jeszcze zrestartować komputer.
http://republika.pl/elektronikjk/r5.html
elvo86
17 Wrzesień 2006 15:14
#4
Bieniol:
Zrobione
Hijack:
Logfile of HijackThis v1.99.1 Scan saved at 17:03:16, on 2006-09-17 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: D:\WINDOWS\System32\smss.exe D:\WINDOWS\system32\winlogon.exe D:\WINDOWS\system32\services.exe D:\WINDOWS\system32\lsass.exe D:\WINDOWS\system32\Ati2evxx.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\System32\svchost.exe D:\WINDOWS\system32\spoolsv.exe D:\WINDOWS\system32\Ati2evxx.exe D:\WINDOWS\Explorer.EXE D:\WINDOWS\system32\ASWLSVC.exe D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe D:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe D:\Program Files\Alwil Software\Avast4\ashServ.exe D:\WINDOWS\system32\taskmgr.exe D:\Documents and Settings\World of Warcraft\Pulpit\HijackThis.exe D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe D:\Program Files\ASUS\WLAN Card Utilities\Center.exe D:\Program Files\Gadu-Gadu\gg.exe D:\Program Files\Skype\Phone\Skype.exe D:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe D:\Program Files\Alwil Software\Avast4\ashWebSv.exe D:\WINDOWS\system32\wuauclt.exe D:\Program Files\Alwil Software\Avast4\setup\avast.setup D:\WINDOWS\system32\wuauclt.exe D:\Program Files\World of Warcraft\Launcher.exe D:\WINDOWS\system32\wscntfy.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll O4 - HKLM…\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM…\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe O4 - HKLM…\Run: [Control Center] D:\Program Files\ASUS\WLAN Card Utilities\Center.exe O4 - HKCU…\Run: [Gadu-Gadu] “D:\Program Files\Gadu-Gadu\gg.exe” /tray O4 - HKCU…\Run: [skype] “D:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized O4 - HKCU…\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] “D:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe” O4 - HKCU…\Run: [uniblue Registry Booster] D:\Program Files\Uniblue\Registry Booster\RegistryBooster.exe /S O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra ‘Tools’ menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {2AF973E9-21D2-4BCE-AB51-9DE67165A7C4} (ActiveGL Control) - http://www.sulaco.co.za/opengl/ActiveGLProject.ocx O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.netsecure.pl/scan8/oscan8.cab O17 - HKLM\System\CCS\Services\Tcpip…{23DD4939-60EF-4A5F-BFD6-E4846D83AB1A}: NameServer = 194.204.152.34,194.204.159.1 O17 - HKLM\System\CCS\Services\Tcpip…{4F48C195-167D-4EF6-BBE9-40924D3D1956}: NameServer = 194.204.159.1,194.204.152.34 O17 - HKLM\System\CCS\Services\Tcpip…{69162F60-EB00-422C-8803-9BB25BB762CF}: NameServer = 194.204.159.1,194.204.152.34 O17 - HKLM\System\CCS\Services\Tcpip…{6B80FBF7-CFC4-42F6-9608-5415CC1FC55F}: NameServer = 194.204.159.1,194.204.152.34 O17 - HKLM\System\CCS\Services\Tcpip…{6E07377E-4F16-44F8-97C8-E7A4EA87A8EF}: NameServer = 194.204.159.1,194.204.152.34 O17 - HKLM\System\CCS\Services\Tcpip…{8F4A2AA6-9B5D-461D-9C72-6A1EFF708A09}: NameServer = 194.204.159.1,194.204.152.34 O17 - HKLM\System\CCS\Services\Tcpip…{DD9B8B99-30D3-411C-B5A1-D7D5C8709C33}: NameServer = 194.204.159.1,194.204.152.34 O17 - HKLM\System\CS1\Services\Tcpip…{23DD4939-60EF-4A5F-BFD6-E4846D83AB1A}: NameServer = 194.204.152.34,194.204.159.1 O17 - HKLM\System\CS2\Services\Tcpip…{23DD4939-60EF-4A5F-BFD6-E4846D83AB1A}: NameServer = 194.204.152.34,194.204.159.1 O17 - HKLM\System\CS3\Services\Tcpip…{23DD4939-60EF-4A5F-BFD6-E4846D83AB1A}: NameServer = 194.204.152.34,194.204.159.1 O23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: ASWLSVC - Unknown owner - D:\WINDOWS\system32\ASWLSVC.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe O23 - Service: Autodesk Licensing Service - Unknown owner - D:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: avast! Antivirus - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: StarWind iSCSI Service (StarWindService) - Unknown owner - D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe (file missing)
SilentRunner:
“Silent Runners.vbs”, revision 48, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by “{++}” Startup items buried in registry: --------------------------------- HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ “{04F2AF51-0354-1045-1229-000504100030}” = ““D:\Program Files\Common Files{04F2AF51-0354-1045-1229-000504100030}\Update.exe” mc-110-12-0000272” [file not found] HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} “Gadu-Gadu” = ““D:\Program Files\Gadu-Gadu\gg.exe” /tray” [“Gadu-Gadu Sp. z oo”] “Skype” = ““D:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized” [“Skype Technologies S.A.”] “BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}” = ““D:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe”” [“Nero AG”] “Uniblue Registry Booster” = “D:\Program Files\Uniblue\Registry Booster\RegistryBooster.exe /S” [“Uniblue Registry Booster”] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} “avast!” = “D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [null data] “NWEReboot” = (empty string) “NeroFilterCheck” = “D:\WINDOWS\system32\NeroCheck.exe” [“Ahead Software Gmbh”] “Control Center” = “D:\Program Files\ASUS\WLAN Card Utilities\Center.exe” [“ASUSTeK COMPUTER INC.”] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\ {++} “HLinit” = “d:\progra~1\filesu~1\pelica~1.zip\hyperl~1.exe” [file not found] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided) -> {HKLM…CLSID} = “AcroIEHlprObj Class” \InProcServer32(Default) = “D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll” [“Adobe Systems Incorporated”] {53707962-6F74-2D53-2644-206D7942484F}(Default) = (no title provided) -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “D:\Program Files\Spybot - Search & Destroy\SDHelper.dll” [“Safer Networking Limited”] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ “{42071714-76d4-11d1-8b24-00a0c9068ff3}” = “Rozszerzenie CPL kadrowania wyświetlania” -> {HKLM…CLSID} = “Rozszerzenie CPL kadrowania wyświetlania” \InProcServer32(Default) = “deskpan.dll” [file not found] “{88895560-9AA2-1069-930E-00AA0030EBC8}” = “Rozszerzenie ikony HyperTerminalu” -> {HKLM…CLSID} = “HyperTerminal Icon Ext” \InProcServer32(Default) = “D:\WINDOWS\system32\hticons.dll” [“Hilgraeve, Inc.”] “{32020A01-506E-484D-A2A8-BE3CF17601C3}” = “AlcoholShellEx” -> {HKLM…CLSID} = “AlcoholShellEx” \InProcServer32(Default) = “D:\PROGRA~1\ALCOHO~1\ALCOHO~1\AXShlEx.dll” [“Alcohol Soft Development Team”] “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” = “WinRAR shell extension” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “D:\Program Files\WinRAR\rarext.dll” [null data] “{21569614-B795-46b1-85F4-E737A8DC09AD}” = “Shell Search Band” -> {HKLM…CLSID} = “Shell Search Band” \InProcServer32(Default) = “D:\WINDOWS\system32\browseui.dll” [MS] “{42042206-2D85-11D3-8CFF-005004838597}” = “Microsoft Office HTML Icon Handler” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “D:\Program Files\Microsoft Office\OFFICE11\msohev.dll” [MS] “{472083B0-C522-11CF-8763-00608CC02F24}” = “avast” -> {HKLM…CLSID} = “avast” \InProcServer32(Default) = “D:\Program Files\Alwil Software\Avast4\ashShell.dll” [“ALWIL Software”] “{B327765E-D724-4347-8B16-78AE18552FC3}” = “NeroDigitalIconHandler” -> {HKLM…CLSID} = “NeroDigitalIconHandler Class” \InProcServer32(Default) = “D:\Program Files\Common Files\Ahead\lib\NeroDigitalExt.dll” [“Nero AG”] “{7F1CF152-04F8-453A-B34C-E609530A9DC8}” = “NeroDigitalPropSheetHandler” -> {HKLM…CLSID} = “NeroDigitalPropSheetHandler Class” \InProcServer32(Default) = “D:\Program Files\Common Files\Ahead\lib\NeroDigitalExt.dll” [“Nero AG”] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ INFECTION WARNING! AtiExtEvent\DLLName = “Ati2evxx.dll” [“ATI Technologies Inc.”] HKLM\Software\Classes\PROTOCOLS\Filter\ INFECTION WARNING! text/xml\CLSID = “{807553E5-5146-11D5-A672-00B0D022E945}” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “D:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL” [MS] HKLM\Software\Classes\Folder\shellex\ColumnHandlers\ {7D4D6379-F301-4311-BEBA-E26EB0561882}(Default) = “NeroDigitalExt.NeroDigitalColumnHandler” -> {HKLM…CLSID} = “NeroDigitalColumnHandler Class” \InProcServer32(Default) = “D:\Program Files\Common Files\Ahead\lib\NeroDigitalExt.dll” [“Nero AG”] {F9DB5320-233E-11D1-9F84-707F02C10627}(Default) = “PDF Column Info” -> {HKLM…CLSID} = “PDF Shell Extension” \InProcServer32(Default) = “D:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll” [“Adobe Systems, Inc.”] HKLM\Software\Classes*\shellex\ContextMenuHandlers\ avast(Default) = “{472083B0-C522-11CF-8763-00608CC02F24}” -> {HKLM…CLSID} = “avast” \InProcServer32(Default) = “D:\Program Files\Alwil Software\Avast4\ashShell.dll” [“ALWIL Software”] HexWorkshopContextMenu(Default) = “{DB34D5DC-D41A-482E-A5EF-8FA0F88761DA}” -> {HKLM…CLSID} = “Hex Workshop Shell Extension” \InProcServer32(Default) = “D:\Program Files\BreakPoint Software\Hex Workshop 4.2\hwext.dll” [“BreakPoint Software, Inc.”] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “D:\Program Files\WinRAR\rarext.dll” [null data] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “D:\Program Files\WinRAR\rarext.dll” [null data] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ avast(Default) = “{472083B0-C522-11CF-8763-00608CC02F24}” -> {HKLM…CLSID} = “avast” \InProcServer32(Default) = “D:\Program Files\Alwil Software\Avast4\ashShell.dll” [“ALWIL Software”] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “D:\Program Files\WinRAR\rarext.dll” [null data] Active Desktop and Wallpaper: ----------------------------- Active Desktop is disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState HKCU\Control Panel\Desktop\ “Wallpaper” = “C:\wp.bmp” Enabled Screen Saver: --------------------- HKCU\Control Panel\Desktop\ “SCRNSAVE.EXE” = “D:\WINDOWS\System32\logon.scr” [MS] Startup items in “World of Warcraft” & “All Users” startup folders: ------------------------------------------------------------------- D:\Documents and Settings\All Users\Menu Start\Programy\Autostart “Adobe Reader Speed Launch” -> shortcut to: “D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe” [“Adobe Systems Incorporated”] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] 000000000002\LibraryPath = “%SystemRoot%\System32\winrnr.dll” [MS] 000000000003\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 29 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Explorer Bars Dormant Explorer Bars in “View, Explorer Bar” menu HKLM\Software\Classes\CLSID{FF059E31-CC5A-4E2E-BF3B-96E929D65503}(Default) = “&Badanie” Implemented Categories{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32(Default) = “D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL” [MS] Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ “MenuText” = “Sun Java Console” “CLSIDExtension” = “{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBC}” -> {HKLM…CLSID} = “Java Plug-in 1.5.0_04” \InProcServer32(Default) = “D:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll” [“Sun Microsystems, Inc.”] {85D1F590-48F4-11D9-9669-0800200C9A66}\ “MenuText” = “Uninstall BitDefender Online Scanner v8” “Exec” = “%windir%\bdoscandel.exe” [null data] {92780B25-18CC-41C8-B9BE-3C9C571A8263}\ “ButtonText” = “Badanie” {FB5F1910-F110-11D2-BB9E-00C04F795683}\ “ButtonText” = “Messenger” “MenuText” = “Windows Messenger” “Exec” = “D:\Program Files\Messenger\msmsgs.exe” [MS] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ ASWLSVC, ASWLSVC, “D:\WINDOWS\system32\ASWLSVC.exe” [null data] Ati HotKey Poller, Ati HotKey Poller, “D:\WINDOWS\system32\Ati2evxx.exe” [“ATI Technologies Inc.”] Autodesk Licensing Service, Autodesk Licensing Service, ““D:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe”” [null data] avast! Antivirus, avast! Antivirus, ““D:\Program Files\Alwil Software\Avast4\ashServ.exe”” [null data] avast! iAVS4 Control Service, aswUpdSv, ““D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe”” [null data] avast! Mail Scanner, avast! Mail Scanner, ““D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe” /service” [“ALWIL Software”] avast! Web Scanner, avast! Web Scanner, ““D:\Program Files\Alwil Software\Avast4\ashWebSv.exe” /service” [“ALWIL Software”] ---------- + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + The search for DESKTOP.INI DLL launch points on all local fixed drives took 251 seconds. + The search for all Registry CLSIDs containing dormant Explorer Bars took 59 seconds. ---------- (total run time: 405 seconds)
M@REK:
Zrobione.
Wykonałem oba zabiegi uruchomiłem ponownie komputer i znów to samo
Menedżer zadań wygląda tak:
hmm zastanawia mnie usługa ASWLSVC.exe - nie ma żadnego opisu na liscie w services.msc i unknown owner w hijacku.
Bieniol
17 Wrzesień 2006 15:18
#5
Otwórz notatnik i wklej w nim to:
Plik --> zapisz jako --> zmień rozszerzenie na wszystkie pliki --> zapisz pod nazwą FIX.REG
Odpal plik FIX.REG i potwierdź dodanie do rejestru i reset kompa
Odpal checkdiska, czyli:
Start --> uruchom --> cmd i wpisz: chkdsk c: /f /r
Gutek
17 Wrzesień 2006 15:22
#6
Otwórz Notatnik i wklej w nim to:
Plik >>> Zapisz jako >>> Ustaw rozszerzenie z TXT na Wszystkie pliki >>> zapisz pod nazwą FIX.REG >>> kliknij podwójnie zrobiony plik i potwierdź >>> reset kompa
ASWLSVC.exe proces Ok zostaw
Gutek
17 Wrzesień 2006 16:17
#8
Nowy log: