Samo utworzono 22 listopada 2007 utworzono 22 listopada 2007 Co chwile system mi sie sypie może tutaj znajdziemy przyczynę.... Logfile of HijackThis v1.99.1Scan saved at 23:16:03, on 2007-11-22Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Alwil Software\Avast4\ashServ.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\PowerS.exeC:\Program Files\Ashampoo\Ashampoo FireWall\FireWall.exeC:\WINDOWS\system32\RUNDLL32.EXEC:\Program Files\Alwil Software\Avast4\ashMaiSv.exeC:\Program Files\Alwil Software\Avast4\ashWebSv.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\VIA\RAID\raid_tool.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Documents and Settings\Samo\Pulpit\hijackthis\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.localR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = ŁączaO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocxO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dllO2 - BHO: Expressivo - {85F685C3-20D9-4943-95E4-EB4224056C3F} - C:\Program Files\ivo\Expressivo\IH_iexplore.dllO3 - Toolbar: Expressivo - {85F685C3-20D9-4943-95E4-EB4224056C3F} - C:\Program Files\ivo\Expressivo\IH_iexplore.dllO4 - HKLM\..\Run: [PowerS] C:\WINDOWS\PowerS.exeO4 - HKLM\..\Run: [Ashampoo FireWall] "C:\Program Files\Ashampoo\Ashampoo FireWall\FireWall.exe" -TRAYO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [nwiz] nwiz.exe /installO4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInitO4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /trayO4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exeO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)O10 - Unknown file in Winsock LSP: c:\program files\ashampoo\ashampoo firewall\spi.dllO10 - Unknown file in Winsock LSP: c:\program files\ashampoo\ashampoo firewall\spi.dllO10 - Unknown file in Winsock LSP: c:\program files\ashampoo\ashampoo firewall\spi.dllO10 - Unknown file in Winsock LSP: c:\program files\ashampoo\ashampoo firewall\spi.dllO10 - Unknown file in Winsock LSP: c:\program files\ashampoo\ashampoo firewall\spi.dllO10 - Unknown file in Winsock LSP: c:\program files\ashampoo\ashampoo firewall\spi.dllO12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dllO16 - DPF: ING Bank Online - https://ssl.bsk.com.pl/bskonl/component/INGOnl.cabO16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cabO20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dllO21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dllO23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exeO23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exeO23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exeO23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exeO23 - Service: hpdj - Unknown owner - C:\DOCUME~1\Samo\USTAWI~1\Temp\hpdj.exe (file missing)O23 - Service: G DATA Keyboard Protector Service (KbdLockService) - Unknown owner - C:\WINDOWS\system32\KbdLockService.exe (file missing)O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe "Silent Runners.vbs", revision 52, http://www.silentrunners.org/Operating System: Windows XP SP2Output limited to non-default values, except where indicated by "{++}"Startup items buried in registry:---------------------------------HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}"CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS]"Gadu-Gadu" = ""C:\Program Files\Gadu-Gadu\gg.exe" /tray" ["Gadu-Gadu S.A."]HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}"PowerS" = "C:\WINDOWS\PowerS.exe" ["prolink"]"Ashampoo FireWall" = ""C:\Program Files\Ashampoo\Ashampoo FireWall\FireWall.exe" -TRAY" [null data]"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]"NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit" [MS]HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided) -> {HKLM...CLSID} = "AcroIEHlprObj Class" \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx" [empty string]{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided) -> {HKLM...CLSID} = "SSVHelper Class" \InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll" ["Sun Microsystems, Inc."]{85F685C3-20D9-4943-95E4-EB4224056C3F}\(Default) = (no title provided) -> {HKLM...CLSID} = "Expressivo" \InProcServer32\(Default) = "C:\Program Files\ivo\Expressivo\IH_iexplore.dll" ["IVO Software Sp. z o.o."]HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania" -> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania" \InProcServer32\(Default) = "deskpan.dll" [file not found]"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu" -> {HKLM...CLSID} = "HyperTerminal Icon Ext" \InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]"{4EFE464B-3D0B-4800-A5DE-2321283A3256}" = "QCD IconHandler" -> {HKLM...CLSID} = "QIconHandler Class" \InProcServer32\(Default) = "C:\Program Files\Quintessential Player\QCDIcons.dll" [empty string]"{1530F7EE-5128-43BD-9977-84A4B0FAD7DF}" = "PhotoToys" -> {HKCU...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\WINDOWS\system32\phototoys.dll" [MS]"{efb97cb8-a4a4-4357-a261-002ffaed0267}" = "CD Slideshow Powertoy" -> {HKCU...CLSID} = "CD Burn Slideshow Hook" \InProcServer32\(Default) = "C:\WINDOWS\system32\slideshow.dll" [MS]"{709C6E11-538F-4759-86AC-6ACB302AA0DE}" = "Desktop Manager" -> {HKCU...CLSID} = "Desktop Manager" \InProcServer32\(Default) = "C:\WINDOWS\system32\msvdm.dll" [null data]"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]"{472083B0-C522-11CF-8763-00608CC02F24}" = "avast" -> {HKLM...CLSID} = "avast" \InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class" -> {HKLM...CLSID} = "DesktopContext Class" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper" -> {HKLM...CLSID} = "NVIDIA CPL Extension" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer" -> {HKLM...CLSID} = "Desktop Explorer" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu" -> {HKLM...CLSID} = "nView Desktop Context Menu" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\"WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}" -> {HKLM...CLSID} = "WPDShServiceObj Class" \InProcServer32\(Default) = "C:\WINDOWS\system32\WPDShServiceObj.dll" [MS]HKLM\Software\Classes\*\shellex\ContextMenuHandlers\avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}" -> {HKLM...CLSID} = "avast" \InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}" -> {HKLM...CLSID} = "avast" \InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]Group Policies {GPedit.msc branch and setting}:-----------------------------------------------Note: detected settings may not have any effect.HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\"NoSharedDocuments" = (REG_DWORD) hex:0x00000001{User Configuration|Administrative Templates|Windows Components|Windows Explorer|Remove Shared Documents from My Computer}"NoSaveSettings" = (REG_DWORD) hex:0x00000000{User Configuration|Administrative Templates|Desktop|Don't save settings at exit}"ForceClassicControlPanel" = (REG_DWORD) hex:0x00000001{unrecognized setting}"NoSMConfigurePrograms" = (REG_DWORD) hex:0x00000001{unrecognized setting}"NoRecentDocsMenu" = (REG_DWORD) hex:0x00000001{unrecognized setting}"NoChangeKeyboardNavigationIndicators" = (REG_DWORD) hex:0x00000000{unrecognized setting}"ClassicShell" = (REG_DWORD) hex:0x00000000{User Configuration|Administrative Templates|Windows Components|Windows Explorer|Enable Classic Shell / Turn on Classic Shell}"NoLowDiskSpaceChecks" = (REG_DWORD) hex:0x00000001{unrecognized setting}HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\"NoRemoteRecursiveEvents" = (REG_DWORD) hex:0x00000001{unrecognized setting}"ClassicShell" = (REG_DWORD) hex:0x00000000{unrecognized setting}HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\"NoVisualStyleChoice" = (REG_DWORD) hex:0x00000000{unrecognized setting}"NoColorChoice" = (REG_DWORD) hex:0x00000000{unrecognized setting}"NoSizeChoice" = (REG_DWORD) hex:0x00000000{unrecognized setting}HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|Shutdown: Allow system to be shut down without having to log on}"undockwithoutlogon" = (REG_DWORD) hex:0x00000001{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|Devices: Allow undock without having to log on}"NoInternetOpenWith" = (REG_DWORD) hex:0x00000001{unrecognized setting}Active Desktop and Wallpaper:-----------------------------Active Desktop may be disabled at this entry:HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellStateDisplayed if Active Desktop enabled and wallpaper not set by Group Policy:HKCU\Software\Microsoft\Internet Explorer\Desktop\General\"Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"Displayed if Active Desktop disabled and wallpaper not set by Group Policy:HKCU\Control Panel\Desktop\"Wallpaper" = "C:\Documents and Settings\Samo\Dane aplikacji\Mozilla\Firefox\Tapeta pulpitu.bmp"Startup items in "Samo" & "All Users" startup folders:------------------------------------------------------C:\Documents and Settings\All Users\Menu Start\Programy\Autostart"VIA RAID TOOL" -> shortcut to: "C:\Program Files\VIA\RAID\raid_tool.exe" ["VIA Technologies"]Winsock2 Service Provider DLLs:-------------------------------Namespace Service ProvidersHKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]Transport Service ProvidersHKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:C:\Program Files\Ashampoo\Ashampoo FireWall\spi.dll [null data], 01 - 05, 19%SystemRoot%\system32\mswsock.dll [MS], 06 - 18, 20 - 22%SystemRoot%\system32\rsvpsp.dll [MS], 23 - 24Toolbars, Explorer Bars, Extensions:------------------------------------ToolbarsHKLM\Software\Microsoft\Internet Explorer\Toolbar\"{85F685C3-20D9-4943-95E4-EB4224056C3F}" = "Expressivo" -> {HKLM...CLSID} = "Expressivo" \InProcServer32\(Default) = "C:\Program Files\ivo\Expressivo\IH_iexplore.dll" ["IVO Software Sp. z o.o."]Extensions (Tools menu items, main toolbar menu buttons)HKLM\Software\Microsoft\Internet Explorer\Extensions\{E2E2DD38-D088-4134-82B7-F2BA38496583}\"MenuText" = "@xpsp3res.dll,-20001""Exec" = "%windir%\Network Diagnostic\xpnetdiag.exe" [MS]Miscellaneous IE Hijack Points------------------------------HKLM\Software\Microsoft\Internet Explorer\AboutURLs\<<H>> "Tabs" = "res://ieframe.dll/tabswelcome.htm" [file not found]Running Services (Display Name, Service Name, Path {Service DLL}):------------------------------------------------------------------avast! Antivirus, avast! Antivirus, ""C:\Program Files\Alwil Software\Avast4\ashServ.exe"" ["ALWIL Software"]avast! iAVS4 Control Service, aswUpdSv, ""C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"" ["ALWIL Software"]avast! Mail Scanner, avast! Mail Scanner, ""C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service" ["ALWIL Software"]avast! Web Scanner, avast! Web Scanner, ""C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service" ["ALWIL Software"]BlueSoleil Hid Service, BlueSoleil Hid Service, "C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe" [null data]NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"]Keyboard Driver Filters:------------------------HKLM\System\CurrentControlSet\Control\Class\{4D36E96B-E325-11CE-BFC1-08002BE10318}\"UpperFilters" = <<!>> "glogin" ["G DATA Software Sp. z o.o."]Print Monitors:---------------HKLM\System\CurrentControlSet\Control\Print\Monitors\hpzsnt08\Driver = "hpzsnt08.dll" ["HP"]---------- (launch time: 2007-11-22 23:17:08)<<!>>: Suspicious data at a malware launch point.<<H>>: Suspicious data at a browser hijack point.+ This report excludes default entries except where indicated.+ To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter.+ The search for DESKTOP.INI DLL launch points on all local fixed drives took 32 seconds.---------- (total run time: 57 seconds)
agresja komentarz 22 listopada 2007 komentarz 22 listopada 2007 Log czysty. Możesz zainstalować nowszą wersję Internet Explorer. Co chwile system mi sie sypie Co przez to rozumiesz ? Co się dzieje ,bo samo "sypie" niewiele wyjaśnia ... ?
Samo komentarz 23 listopada 2007 Autor komentarz 23 listopada 2007 przy odpalaniu wina wszystko sie szybciutko uruchamia do czasu aż wchodzi bez pośrednio do Windowsa (widać już pulpit i pasek startu) i tutaj win dramatycznie zwalnia uruchamianie programów trawa nawet minutę , mimo to nawet po odczekaniu i 5 min. pierwsze odpalenie programów np. firefox'a czy gg trwa "nieskończoność" itd. wszystko trwa a sam napisałeś że mój komputer nie jest jeszcze taki zły... wyłączanie komputera trwa jeszcze dłużej bo nawet od 2 do 3 minut. :/ Jestem webmasterem w pracy i mam kontakt z komputerem na co dzień i zapewniam że nie przesadzam. W pracy mam prawie że identycznego kompa i w porównaniu z tym moim prywatnym to niebo a ziemia... Skanowałem Avastem i mks_vir on-line i nic :/ po za tym wyczyściłem kopa z zbędnych programów których już dawno nie używałem. zastanawiam sie nad naprawą Windowsa z płyty bez formatowania dysku. Od formatu bronie sie rękami i nogami....
Samo komentarz 26 listopada 2007 Autor komentarz 26 listopada 2007 PŁYTA: Gigabyte GA-8I915P Dual Graphic PROCESOR: Intel Pentium 4 630, 3016 MHz (15 x 201) RAM: DIMM1: Nanya 512 MB DDR2-533 DDR2 SDRAM DIMM2: Nanya 512 MB DDR2-533 DDR2 SDRAM GRAFIKA: Gigabyte GeForce 6600 PCI-E
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.