Witam Wszystkich… MADAX82pl
Mam problem z systemem XP Profesional… Wyjaśniam o co chodzi otóż:
- uruchamianie systemu czy wyłanczanie i restrat dział bez zarzutu
Natomiat uruchamiam neta i chwile pracuje i kursor się zatrzymuje i koniec zabawy wszystko się zawiesza i tylko ta sytuacje ratuje restart… Nie wiem co się dzieje… Również przy uruchomionych kilku programach system tez się zawiesza…
Sytuacja powstała od pewnego czasu jak ogladałem filmy, obraz się zaczął zacinać i blokować powodujący zawieszanie się systemu, do dzisiaj nie mogę oglądać filmów tzn. uruchamiają się ale po pewnym czasie wszystko się zawiesza…
Nie wiem co robić nigdy mi sie to nie zdażało.
Przy tym zawieszaniu zauważyłem ze procesor jest wysilony na 100% a plik tronnicowania (pamięć wurtualna) nie jest do końca przeciążana, choć czasem zdaża się… Ustawiłem czysczenie tego pliku przy wyłanczaniu kompa i szybciej się uruchamia, ale zawieszanie się nadal wystepuje…
NIE WIEM CO ROBIĆ
może to też ma wpływ albo za mało RAM’u albo coś z tymi ustawieniami:
Przy 256 RAM mam ustawienie pliku stronicowania: main. wartość dysku 384 MB - max wartość dysku 758// nie wiem czy to jest prawidłowe ustawienie…
Może na podstawie LOGINU pomożecie wyłapać co jest nie tak…:
Dołanczam kod Logfile of HijackThis v1.99.1 - który wygenerowałem oraz kod wygenerowany przez “Silent Runners.vbs”, revision R50, http://www.silentrunners.org/
Logfile of HijackThis v1.99.1
Scan saved at 16:57:27, on 2007-03-08
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\system32\spoolsv.exe
H:\Programy Files II\Alwil Software\Avast4\aswUpdSv.exe
H:\Programy Files II\Alwil Software\Avast4\ashServ.exe
H:\WINDOWS\system32\drivers\CDAC11BA.EXE
H:\WINDOWS\system32\inetsrv\inetinfo.exe
H:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
H:\WINDOWS\system32\nvsvc32.exe
H:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
H:\WINDOWS\System32\svchost.exe
H:\Programy Files II\Alwil Software\Avast4\ashMaiSv.exe
H:\Programy Files II\Alwil Software\Avast4\ashWebSv.exe
H:\WINDOWS\Explorer.EXE
H:\PROGRA~2\ALWILS~1\Avast4\ashDisp.exe
H:\WINDOWS\system32\ctfmon.exe
H:\WINDOWS\system32\RUNDLL32.EXE
H:\WINDOWS\system32\rundll32.exe
H:\Program Files\Messenger\msmsgs.exe
E:\Programy ściągnięte Legal\Naprawa XP i kompa\HijackThis pl\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - H:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
O2 - BHO: IE 4.x-5.x BHO in ObjectPascal - {49E0E0F0-5C30-11D4-945D-000000000000} - H:\Program Files\Neostrada TP\Audience\IEHelper.dll
O4 - HKLM\..\Run: [avast!] H:\PROGRA~2\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE H:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKCU\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE H:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [MSMSGS] "H:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Gadu-Gadu] "H:\Program Files\Gadu-Gadu\gg.exe" /tray
O8 - Extra context menu item: Download with Internet TOOLS - H:\Program Files\MarBit\TOOLS\MBdownload.htm
O8 - Extra context menu item: Eksport do programu Microsoft Excel - res://H:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - H:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - H:\Programy Files II\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - H:\Programy Files II\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - H:\Programy Files II\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - H:\Programy Files II\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: C-DillaCdaC11BA - Macrovision - H:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - H:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - H:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - H:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - H:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - H:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
Oraz
"Silent Runners.vbs", revision R50, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"CTFMON.EXE" = "H:\WINDOWS\system32\ctfmon.exe" [MS]
"NvMediaCenter" = "RUNDLL32.EXE H:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit" [MS]
"NVIEW" = "rundll32.exe nview.dll,nViewLoadHook" [MS]
"MSMSGS" = ""H:\Program Files\Messenger\msmsgs.exe" /background" [MS]
"Gadu-Gadu" = ""H:\Program Files\Gadu-Gadu\gg.exe" /tray" ["Gadu-Gadu S.A."]
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"avast!" = "H:\PROGRA~2\ALWILS~1\Avast4\ashDisp.exe" [null data]
"NvCplDaemon" = "RUNDLL32.EXE H:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]
"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{49E0E0F0-5C30-11D4-945D-000000000000}\(Default) = (no title provided)
- {HKLM...CLSID} = "IE 4.x-5.x BHO in ObjectPascal"
\InProcServer32\(Default) = "H:\Program Files\Neostrada TP\Audience\IEHelper.dll" [empty string]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"
- {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "H:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"
- {HKLM...CLSID} = "Microsoft Office Outlook"
\InProcServer32\(Default) = "H:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL" [MS]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"
- {HKLM...CLSID} = "Rozszerzenie ikon plików programu Outlook"
\InProcServer32\(Default) = "H:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
- {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "H:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
- {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "H:\Program Files\WinRAR\rarext.dll" [null data]
"{23170F69-40C1-278A-1000-000100020000}" = "7-Zip Shell Extension"
- {HKLM...CLSID} = "7-Zip Shell Extension"
\InProcServer32\(Default) = "H:\Program Files\7-Zip\7-zip.dll" ["Igor Pavlov"]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
- {HKLM...CLSID} = "Portable Media Devices Menu"
\InProcServer32\(Default) = "H:\WINDOWS\system32\Audiodev.dll" [MS]
"{AC1DB655-4F9A-4c39-8AD2-A65324A4C446}" = "Autodesk Drawing Preview"
- {HKLM...CLSID} = "ACTHUMBNAIL"
\InProcServer32\(Default) = "H:\Program Files\Common Files\Autodesk Shared\Thumbnail\AcThumbnail16.dll" ["Autodesk"]
"{36A21736-36C2-4C11-8ACB-D4136F2B57BD}" = "Ikona obsługi nakładki Podpisów cyfrowych AutoCAD"
- {HKLM...CLSID} = "AcSignIcon"
\InProcServer32\(Default) = "H:\WINDOWS\system32\AcSignIcon.dll" ["Autodesk"]
"{E0D79304-84BE-11CE-9641-444553540000}" = "WinZip"
- {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "H:\PROGRA~1\WinZip\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{E0D79305-84BE-11CE-9641-444553540000}" = "WinZip"
- {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "H:\PROGRA~1\WinZip\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{E0D79306-84BE-11CE-9641-444553540000}" = "WinZip"
- {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "H:\PROGRA~1\WinZip\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{472083B0-C522-11CF-8763-00608CC02F24}" = "avast"
- {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "H:\Programy Files II\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Eksplorator pulpitów"
- {HKLM...CLSID} = "Eksplorator pulpitów"
\InProcServer32\(Default) = "H:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
- {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "H:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
HKLM\Software\Classes\PROTOCOLS\Filter\
text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"
- {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "H:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]
HKLM\Software\Classes\Folder\shellex\ColumnHandlers\
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
- {HKLM...CLSID} = "PDF Shell Extension"
\InProcServer32\(Default) = "H:\Programy Files II\Adobe Rearder 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]
HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
7-Zip\(Default) = "{23170F69-40C1-278A-1000-000100020000}"
- {HKLM...CLSID} = "7-Zip Shell Extension"
\InProcServer32\(Default) = "H:\Program Files\7-Zip\7-zip.dll" ["Igor Pavlov"]
avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
- {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "H:\Programy Files II\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
- {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "H:\Program Files\WinRAR\rarext.dll" [null data]
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
- {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "H:\PROGRA~1\WinZip\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
7-Zip\(Default) = "{23170F69-40C1-278A-1000-000100020000}"
- {HKLM...CLSID} = "7-Zip Shell Extension"
\InProcServer32\(Default) = "H:\Program Files\7-Zip\7-zip.dll" ["Igor Pavlov"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
- {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "H:\Program Files\WinRAR\rarext.dll" [null data]
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
- {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "H:\PROGRA~1\WinZip\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
- {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "H:\Programy Files II\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
- {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "H:\Program Files\WinRAR\rarext.dll" [null data]
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
- {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "H:\PROGRA~1\WinZip\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
Default executables:
--------------------
HKCU\Software\Classes\.scr\(Default) = "AutoCADScriptFile"
HKCU\Software\Classes\AutoCADScriptFile\shell\open\command\(Default) = ""H:\WINDOWS\system32\NOTEPAD.EXE" "%1"" [MS]
Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------
Note: detected settings may not have any effect.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\
"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}
"undockwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}
Active Desktop and Wallpaper:
-----------------------------
Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "H:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"
Enabled Screen Saver:
---------------------
HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "H:\WINDOWS\System32\logon.scr" [MS]
Enabled Scheduled Tasks:
------------------------
"Symantec NetDetect" - launches: "H:\Program Files\Symantec\LiveUpdate\NDETECT.EXE" ["Symantec Corporation"]
Winsock2 Service Provider DLLs:
-------------------------------
Namespace Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
Transport Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 17
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05
Toolbars, Explorer Bars, Extensions:
------------------------------------
Explorer Bars
HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\
HKLM\Software\Classes\CLSID\{01002DB2-8170-4D9B-A8B1-DDC9DD114E03}\(Default) = "Volet Wanadoo"
Implemented Categories\{00021494-0000-0000-C000-000000000046}\ [horizontal bar]
InProcServer32\(Default) = "H:\PROGRA~1\NEOSTR~1\audience\audience.dll" [empty string]
HKLM\Software\Classes\CLSID\{3BAF4A27-C764-4E1A-A6F4-62F7A7E5E51C}\(Default) = "ToolBand Class"
Implemented Categories\{00021494-0000-0000-C000-000000000046}\ [horizontal bar]
InProcServer32\(Default) = "H:\PROGRA~1\NEOSTR~1\audience\audience.dll" [empty string]
HKLM\Software\Classes\CLSID\{5BF498C0-931E-4A4F-B33F-456D07137EAA}\(Default) = "Volet Wanadoo"
Implemented Categories\{00021494-0000-0000-C000-000000000046}\ [horizontal bar]
InProcServer32\(Default) = "H:\PROGRA~1\NEOSTR~1\audience\audience.dll" [empty string]
HKLM\Software\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "Badanie"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "H:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL" [MS]
Extensions (Tools menu items, main toolbar menu buttons)
HKLM\Software\Microsoft\Internet Explorer\Extensions\
{92780B25-18CC-41C8-B9BE-3C9C571A8263}\
"ButtonText" = "Badanie"
Miscellaneous IE Hijack Points
------------------------------
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\
"{08C06D61-F1F3-4799-86F8-BE1A89362C85}" = (no title provided)
- {HKLM...CLSID} = "Search Class"
\InProcServer32\(Default) = "H:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL" [empty string]
Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------
avast! Antivirus, avast! Antivirus, ""H:\Programy Files II\Alwil Software\Avast4\ashServ.exe"" [null data]
avast! iAVS4 Control Service, aswUpdSv, ""H:\Programy Files II\Alwil Software\Avast4\aswUpdSv.exe"" [null data]
avast! Mail Scanner, avast! Mail Scanner, ""H:\Programy Files II\Alwil Software\Avast4\ashMaiSv.exe" /service" ["ALWIL Software"]
avast! Web Scanner, avast! Web Scanner, ""H:\Programy Files II\Alwil Software\Avast4\ashWebSv.exe" /service" ["ALWIL Software"]
C-DillaCdaC11BA, C-DillaCdaC11BA, "H:\WINDOWS\system32\drivers\CDAC11BA.EXE" ["Macrovision"]
Norton Unerase Protection, NProtectService, "H:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE" ["Symantec Corporation"]
NVIDIA Driver Helper Service, NVSvc, "H:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"]
Speed Disk service, Speed Disk service, "H:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe" ["Symantec Corporation"]
Windows User Mode Driver Framework, UMWdf, "H:\WINDOWS\system32\wdfmgr.exe" [MS]
Print Monitors:
---------------
HKLM\System\CurrentControlSet\Control\Print\Monitors\
Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS]
PDFCreator\Driver = "pdfcmnnt.dll" [null data]
----------
: Suspicious data at a malware launch point.
: Suspicious data at a browser hijack point.
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
took 65 seconds.
---------- (total run time: 120 seconds)
Bede wdzięczny za każdą pomoc i wskazówki - pozdrawiam MADAX82pl
Z systemu jestem zielony, a pisze prace a komp mi jest bardzo potrzebny…