cooocooo utworzono 15 czerwca 2007 utworzono 15 czerwca 2007 OD TYGODNIA WALCZE Z "svchost.exe", który obciążą procesor i pożera prawie całą pamięć. Nie pomogły aktualizacje z Microsoftu (KB927891) ani wyłączenie aktualizacji automatycznych, jak i również procesu aut. aktualizacji w menagment konsoli. Dodam, że jest to laptop Acer aspire 3610, procesor Celeron M 370 (1.5GHz), 512 MB RAM, plyta głowna: Acer Morar, karta graf: Mobile Intel 915GM/ GMS 910GML, Bios Phoenix Prosze o pomoc w rozwiązaniu problemu: e-mail: bedi79@interia.pl GG: 9840944 Logfile of HijackThis v1.99.1 Scan saved at 12:39:00, on 2007-06-15 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16473) Running processes: C:WINDOWSSystem32smss.exe C:WINDOWSsystem32winlogon.exe C:WINDOWSsystem32services.exe C:WINDOWSsystem32lsass.exe C:WINDOWSsystem32svchost.exe C:WINDOWSSystem32svchost.exe C:WINDOWSSystem32wltrysvc.exe C:WINDOWSSystem32bcmwltry.exe C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe C:Program FilesAlwil SoftwareAvast4ashServ.exe C:WINDOWSExplorer.EXE C:WINDOWSsystem32LEXBCES.EXE C:WINDOWSsystem32LEXPPS.EXE C:WINDOWSsystem32spoolsv.exe c:program filescommon fileslogishrdlvmvfmLVPrcSrv.exe D:ProgramyAd-Aware 2007aawservice.exe C:AcereManageranbmServ.exe C:PROGRA~1ALWILS~1Avast4ashDisp.exe C:Program FilesSynapticsSynTPSynTPEnh.exe C:Program FilesLaunch ManagerLaunchAp.exe C:Program FilesLaunch ManagerPowerKey.exe C:Program FilesLaunch ManagerHotkeyApp.exe C:Program FilesLaunch ManagerOSDCtrl.exe C:Program FilesLaunch ManagerWbutton.exe C:Program FilesLClockLClock.exe C:WINDOWSSOUNDMAN.EXE C:Program FilesWinampwinampa.exe C:WINDOWSsystem32hkcmd.exe C:Program FilesSony EricssonMobile2Application LauncherApplication Launcher.exe C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE C:Program FilesCommon FilesRealUpdate_OBrealsched.exe C:DOCUME~1AcerUSTAWI~1TempRtkBtMnt.EXE C:acerepmepm-dm.exe C:WINDOWSsystem32ctfmon.exe C:WINDOWSsystem32svchost.exe C:WINDOWSsystem32dllhost.exe C:Program FilesCommon FilesTeleca SharedCapabilityManager.exe C:WINDOWSSystem32vssvc.exe C:WINDOWSsystem321032dllsvchost.exe C:WINDOWSsystem321032dllprojectssetiathome.berkeley.edusvchost.exe C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe C:Program FilesAlwil SoftwareAvast4ashWebSv.exe C:WINDOWSsystem32dllhost.exe C:Program FilesCommon FilesTeleca SharedGeneric.exe C:Program FilesSony EricssonMobile2Mobile Phone Monitorepmworker.exe D:ProgramyPandopando.exe C:PROGRA~1MOZILL~1FIREFOX.EXE C:Program FilesWinRARWinRAR.exe C:DOCUME~1AcerUSTAWI~1TempRar$EX00.672HijackThis.exe R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.windowsxlive.net R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Local Page = R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Local Page = R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 6.0 CEReaderActiveXAcroIEHelper.dll O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - D:ProgramyFlashGetjccatch.dll O2 - BHO: CInterceptor Object - {38D3FE60-3D53-4F37-BB0E-C7A97A26A156} - D:ProgramyPandoPandoIEPlugin.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre1.6.0_01binssv.dll O2 - BHO: TwcToolbarBhoApp Class - {AA1F9DDB-E605-4ba6-81D4-E427DEE012AD} - C:WINDOWSsystem32TwcToolbarBho.dll O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - D:ProgramyFlashGetgetflash.dll O3 - Toolbar: The Weather Channel Toolbar - {2E5E800E-6AC0-411E-940A-369530A35E43} - C:WINDOWSsystem32TwcToolbarIe7.dll O4 - HKLM..Run: [avast!] C:PROGRA~1ALWILS~1Avast4ashDisp.exe O4 - HKLM..Run: [synTPLpr] C:Program FilesSynapticsSynTPSynTPLpr.exe O4 - HKLM..Run: [synTPEnh] C:Program FilesSynapticsSynTPSynTPEnh.exe O4 - HKLM..Run: [LaunchAp] "C:Program FilesLaunch ManagerLaunchAp.exe" O4 - HKLM..Run: [PowerKey] "C:Program FilesLaunch ManagerPowerKey.exe" O4 - HKLM..Run: [LManager] "C:Program FilesLaunch ManagerHotkeyApp.exe" O4 - HKLM..Run: [CtrlVol] "C:Program FilesLaunch ManagerCtrlVol.exe" O4 - HKLM..Run: [LMgrOSD] "C:Program FilesLaunch ManagerOSDCtrl.exe" O4 - HKLM..Run: [Wbutton] "C:Program FilesLaunch ManagerWbutton.exe" O4 - HKLM..Run: [LClock] C:Program FilesLClockLClock.exe O4 - HKLM..Run: [soundMan] SOUNDMAN.EXE O4 - HKLM..Run: [WinampAgent] C:Program FilesWinampwinampa.exe O4 - HKLM..Run: [igfxTray] C:WINDOWSsystem32igfxtray.exe O4 - HKLM..Run: [HotKeysCmds] C:WINDOWSsystem32hkcmd.exe O4 - HKLM..Run: [sony Ericsson PC Suite] "C:Program FilesSony EricssonMobile2Application LauncherApplication Launcher.exe" /startoptions O4 - HKLM..Run: [TkBellExe] "C:Program FilesCommon FilesRealUpdate_OBrealsched.exe" -osboot O4 - HKLM..Run: [NeroFilterCheck] C:Program FilesCommon FilesAheadLibNeroCheck.exe O4 - HKLM..Run: [epm-dm] c:acerepmepm-dm.exe O4 - HKLM..RunOnce: [PandoBar Uninstall] rundll32 C:PROGRA~1UNINST~1.DLL,O -3 O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe O4 - HKCU..Run: [Odkurzacz-MCD] D:ProgramyOdkurzaczodk_mcd.exe O8 - Extra context menu item: &Ściągnij przy pomocy FlashGet'a - D:ProgramyFlashGetjc_link.htm O8 - Extra context menu item: &Ściągnij wszystko przy pomocy FlashGet'a - D:ProgramyFlashGetjc_all.htm O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_01binssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_01binssv.dll O9 - Extra button: The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - (no file) O9 - Extra 'Tools' menuitem: The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - (no file) O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:ProgramyFlashGetFlashGet.exe O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:ProgramyFlashGetFlashGet.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%Network Diagnosticxpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%Network Diagnosticxpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe O11 - Options group: [iNTERNATIONAL] International* O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase8300.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1176961669984 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:PROGRA~1COMMON~1SkypeSKYPE4~1.DLL O20 - Winlogon Notify: igfxcui - C:WINDOWSSYSTEM32igfxdev.dll O20 - Winlogon Notify: WgaLogon - C:WINDOWSSYSTEM32WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:WINDOWSsystem32WPDShServiceObj.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - D:ProgramyAd-Aware 2007aawservice.exe O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:AcereManageranbmServ.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:Program FilesAlwil SoftwareAvast4ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:Program FilesAlwil SoftwareAvast4ashWebSv.exe" /service (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:Program FilesCommon FilesInstallShieldDriver1050Intel 32IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:Program FilesiPodbiniPodService.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:WINDOWSsystem32LEXBCES.EXE O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:program filescommon fileslogishrdlvmvfmLVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:Program FilesCommon FilesLogiShrdSrvLnchSrvLnch.exe O23 - Service: NBService - Nero AG - C:Program FilesNeroNero 7Nero BackItUpNBService.exe O23 - Service: NMIndexingService - Nero AG - C:Program FilesCommon FilesAheadLibNMIndexingService.exe O23 - Service: Installator Windows (windowsinstaller) - Space Sciences Laboratory - C:WINDOWSsystem321032dllsvchost.exe O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:WINDOWSSystem32wltrysvc.exe
CatchMe komentarz 16 czerwca 2007 komentarz 16 czerwca 2007 Prosta sprawa:) 1. Ściągnij: WWDC - Zmień wszystkie opcje z disable na enable i uruchom ponownie komputer. - Prawidłowy układ portów przedstawia zdjęcie: http://www.firewallleaktester.com/images_site/wwdc.jpg * NetBIOS może być żółty. Pobierz i uruchom narzędzie : The Avenger Zaznacz opcję Input script manually i kliknij na Lupkę z prawej strony. W okienku, które się otworzy wklejasz: Folders to delete: C:WINDOWSsystem321032 Drivers to unload: Installator Windows Klikasz Done, a następnie zielone światełko i zgadzasz się na restart klikając OK. Po restarcie w HijackThis usuwasz wpis/wpisy: C:WINDOWSsystem321032dllsvchost.exe C:WINDOWSsystem321032dllprojectssetiathome.berkeley.edusvchost.exe R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb O4 - HKLM..RunOnce: [PandoBar Uninstall] rundll32 C:PROGRA~1UNINST~1.DLL,O -3 O23 - Service: Installator Windows (windowsinstaller) - Space Sciences Laboratory - C:WINDOWSsystem321032dllsvchost.exe Kasujesz ręcznie z dysku plik: C:Avengerbackup.zip i wklejasz na forum raport: C:avenger.txt + log z HijackThis + log z Silent Runners + log z ComboFix
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.