Prośba O Sprawdzenie Loga

[Konar]

Otóż chodzi o mojego C2D z podpisu. Winda (SP3) włącza się szybko, bo zajmuje jej to 5-6 pasków, pulpit też wyświetla się szybko (ikony, menu start) i nagle zaczyna mielić dyskiem. Komputer nie reaguje i przez dobre 40 sekund nie można nic robić oprócz słuchania odgłosu terkotania głowic dysku. Defragmentacja, optymalizacja Bootvisem, scanowanie Spybotem, antywirusem/ami nic nie daje. Załączam loga z Hijack This.

 

» Naciśnij aby pokazać/ukryć tekst oznaczony jako spoiler « - "Klik"

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 10:57:24, on 2009-08-08

Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\CTHELPER.EXE

C:\Programy\AVG8\avgtray.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Programy\AVG8\avgwdsvc.exe

C:\Programy\Winamp\winampa.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Programy\Diskeeper Corporation\Diskeeper\DkService.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programy\AVG8\avgrsx.exe

C:\Programy\AVG8\avgnsx.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\Programy\Mozilla Firefox\firefox.exe

C:\Programy\Konnekt\konnekt.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Documents and Settings\Konar\Pulpit\HiJackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programy\AVG8\avgssie.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [OutpostMonitor] C:\Programy\Agnitum\OUTPOS~1\op_mon.exe /tray /noservice

O4 - HKLM\..\Run: [AVG8_TRAY] C:\Programy\AVG8\avgtray.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Programy\RivaTuner v2.24\RivaTuner.exe" /S

O4 - HKLM\..\Run: [WinampAgent] C:\Programy\Winamp\winampa.exe

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [OutpostFeedBack] "C:\Programy\Agnitum\Outpost Firewall Pro\feedback.exe" /dump:os_startup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Programy\DAEMON Tools Pro\DTProAgent.exe"

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\Programy\MICROS~1\Office12\EXCEL.EXE/3000

O9 - Extra button: Outpost Firewall Pro Quick Tune - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\Programy\Agnitum\Outpost Firewall Pro\ie_bar.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programy\AVG8\avgpp.dll

O20 - AppInit_DLLs: c:\programy\agnitum\outpos~1\wl_hook.dll

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O23 - Service: Agnitum Client Security Service (acssrv) - Agnitum Ltd. - C:\Programy\Agnitum\OUTPOS~1\acs.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\Programy\AVG8\avgwdsvc.exe

O23 - Service: Diskeeper - Diskeeper Corporation - C:\Programy\Diskeeper Corporation\Diskeeper\DkService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

 

--

End of file - 5555 bytes

Na wszelki wypadek wrzucam jeszcze log z silent runners

» Naciśnij aby pokazać/ukryć tekst oznaczony jako spoiler « - "klik2"

"Silent Runners.vbs", revision 59, http://www.silentrunners.org/

Operating System: Windows XP

Output limited to non-default values, except where indicated by "{++}"

 

 

Startup items buried in registry:

---------------------------------

 

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}

"CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS]

"DAEMON Tools Pro Agent" = ""C:\Programy\DAEMON Tools Pro\DTProAgent.exe"" [file not found]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" = ""C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"" [file not found]

 

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}

"Kernel and Hardware Abstraction Layer" = "KHALMNPR.EXE" ["Logitech, Inc."]

"CTHelper" = "CTHELPER.EXE" ["Creative Technology Ltd"]

"UpdReg" = "C:\WINDOWS\UpdReg.EXE" ["Creative Technology Ltd."]

"OutpostMonitor" = "C:\Programy\Agnitum\OUTPOS~1\op_mon.exe /tray /noservice" ["Agnitum Ltd."]

"AVG8_TRAY" = "C:\Programy\AVG8\avgtray.exe" ["AVG Technologies CZ, s.r.o."]

"SunJavaUpdateSched" = ""C:\Program Files\Java\jre6\bin\jusched.exe"" ["Sun Microsystems, Inc."]

"RivaTunerStartupDaemon" = ""C:\Programy\RivaTuner v2.24\RivaTuner.exe" /S" [empty string]

"WinampAgent" = "C:\Programy\Winamp\winampa.exe" [null data]

"NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit" [MS]

"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]

"OutpostFeedBack" = ""C:\Programy\Agnitum\Outpost Firewall Pro\feedback.exe" /dump:os_startup" ["Agnitum Ltd."]

"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]

 

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\(Default) = "WormRadar.com IESiteBlocker.NavFilter"

-> {HKLM...CLSID} = "AVG Safe Search"

\InProcServer32\(Default) = "C:\Programy\AVG8\avgssie.dll" ["AVG Technologies CZ, s.r.o."]

{DBC80044-A445-435b-BC74-9C25C1C588A9}\(Default) = (no title provided)

-> {HKLM...CLSID} = "Java Plug-In 2 SSV Helper"

\InProcServer32\(Default) = "C:\Program Files\Java\jre6\bin\jp2ssv.dll" ["Sun Microsystems, Inc."]

{E7E6F031-17CE-4C07-BC86-EABFE594F69C}\(Default) = "JQSIEStartDetectorImpl"

-> {HKLM...CLSID} = "JQSIEStartDetectorImpl Class"

\InProcServer32\(Default) = "C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll" ["Sun Microsystems, Inc."]

 

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"

-> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"

\InProcServer32\(Default) = "deskpan.dll" [file not found]

"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"

-> {HKLM...CLSID} = "HyperTerminal Icon Ext"

\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]

"{EFA24E62-B078-11d0-89E4-00C04FC9E26E}" = "History Band"

-> {HKLM...CLSID} = "History Band"

\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]

"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32\(Default) = "C:\Programy\WinRAR\rarext.dll" ["Alexander Roshal"]

"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"

-> {HKLM...CLSID} = "DesktopContext Class"

\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]

"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"

-> {HKLM...CLSID} = "Desktop Explorer"

\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]

"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]

"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"

-> {HKLM...CLSID} = "nView Desktop Context Menu"

\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]

"{DC70C4A5-2044-4c59-B806-DEFB9AE0DF7C}" = "Logitech Setpoint Extension"

-> {HKLM...CLSID} = "KbLogiExt Class"

\InProcServer32\(Default) = "C:\Programy\Logitech\SetPoint\kbcplext.dll" ["Logitech, Inc."]

"{B9B9F083-2B04-452A-8691-83694AC1037B}" = "Logitech Setpoint Extension"

-> {HKLM...CLSID} = "LogiExt Class"

\InProcServer32\(Default) = "C:\Programy\Logitech\SetPoint\mcplext.dll" ["Logitech, Inc."]

"{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}" = "AVG8 Shell Extension"

-> {HKLM...CLSID} = "AVG8 Shell Extension Class"

\InProcServer32\(Default) = "C:\Programy\AVG8\avgse.dll" ["AVG Technologies CZ, s.r.o."]

"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = "C:\Programy\Microsoft Office\Office12\msohevi.dll" [MS]

"{993BE281-6695-4BA5-8A2A-7AACBFAAB69E}" = "Microsoft Office Metadata Handler"

-> {HKLM...CLSID} = "Microsoft Office Metadata Handler"

\InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS]

"{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97}" = "Microsoft Office Thumbnail Handler"

-> {HKLM...CLSID} = "Microsoft Office Thumbnail Handler"

\InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS]

"{B327765E-D724-4347-8B16-78AE18552FC3}" = "NeroDigitalIconHandler"

-> {HKLM...CLSID} = "NeroDigitalIconHandler Class"

\InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]

"{7F1CF152-04F8-453A-B34C-E609530A9DC8}" = "NeroDigitalPropSheetHandler"

-> {HKLM...CLSID} = "NeroDigitalPropSheetHandler Class"

\InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]

"{11016101-E366-4D22-BC06-4ADA335C892B}" = "IE History and Feeds Shell Data Source for Windows Search"

-> {HKLM...CLSID} = "IE History and Feeds Shell Data Source for Windows Search"

\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]

"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"

-> {HKLM...CLSID} = "NVIDIA CPL Extension"

\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]

 

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\

<> LBTWlgn\DLLName = "c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll" ["Logitech, Inc."]

 

HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\

<>: Suspicious data at a malware launch point.

<>: Suspicious data at a browser hijack point.

 

+ This report excludes default entries except where indicated.

+ To see *everywhere* the script checks and *everything* it finds,

launch it from a command prompt or a shortcut with the -all parameter.

+ To search all directories of local fixed drives for DESKTOP.INI

DLL launch points, use the -supp parameter or answer "No" at the

first message box and "Yes" at the second message box.

---------- (total run time: 14 seconds, including 2 seconds for message boxes)

[Kolobos]

Po odinstalowaniu AVG8 oraz Outpost problem nadal wystepuje?

[Konar]

Nie sprawdzałem, ale zobaczę czy coś to da. Używałem jednego i drugiego już dłuższy czas i wcześniej nie było problemów. Dam znać jak wybadam.

[Kolobos]

Jezeli masz mozliwosc to moze uzyj przywracania systemu i przywroc do czasu kiedy wszystko dzialalo.

[Konar]

No to wywaliłem najpierw Outposta, później AVG i się sytuacja poprawiła. Teraz to mielenie skróciło się do kilkunastu sekund, ale nadal występuje. Przywrócić nie mam jak niestety.

 

Może mógłbyś mi przy okazji doradzić jakiegoś FW i antyvirusa z nastawieniem na efektywność i niskie zżucie zasobów systemowych?

[Kolobos]

Moze Comodo IS wersja darmowa.

[Konar]

Wszystko już wyszło na prostą, ostatnie pytanie. Otóż pasek zadań teraz jakby łapie freeza. Na przykład otwieram mój komputer, bądź włączam komunikator to muszę nie pojawiają się ani ikony w tray'u ani belki z otwartymi programami/folderami. Dzieje się tak z Comodo i bez.

[ULLISSES]

1. Sprawdź w trybie awaryjnym.

2. Wywal "Winampa.exe" (Winamp Agent) lub wyłącz w ustawieniach Winamp-a.

3. Nwiz, ctfmon i bgmonitor też możesz wyłączyć.