Wysokie uźycie procesora!!!
Hej!!!
Kompletnie sie na tym nie znam wiec prosze o łatwy język przy odpowiedziach:)SmileSmile....
Uzycie procesora jest bardzo wysokie (nowy 4–miesieczny komp, czasami siega 100%. I tak sobie skacze (np. przed chwilka): 36% 64% 97% 55% 23%, do tego komp strasznie głosno chodzi!!! Powoli sie włącza i wyłacza!
AMD Athlon(tm) 64 Processor
3000+
2,01Ghz, 512 MB RAM
Przewaznie uzywam 4 programow: Internet, gadu–gadu, bearshare, winamp.
Wyczytalam w innych postach aby zrobic HijackThis, oto efekty ponizej:
Logfile of HijackThis v1.99.1
Scan saved at 21:59:04, on 2006–02–12
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\Webshots\webshots.scr
C:\Program Files\BearShare\BearShare.exe
C:\Program Files\Gadu–Gadu\gg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\WinRAR\WinRAR.exe
F:\instalki\HijackThis.exe
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 – BHO: QUICKfind BHO Object – {C08DF07A–3E49–4E25–9AB0–D3882835F153} – C:\PROGRA~1\TEXTware\QUICKF~1\PlugIns\IEHelp.dll
O4 – HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 – HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 – HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 – HKLM\..\Run: [pdfFactory Dispatcher v2] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe" /source=HKLM
O4 – HKLM\..\Run: [KeyBoardWindow] "C:\Program Files\KeyBoardWindow\kbw.exe"
O4 – HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 – Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 – Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O8 – Extra context menu item: E&ksport do programu Microsoft Excel – res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 – Extra 'Tools' menuitem: Sun Java Console – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 – Extra button: Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O9 – Extra 'Tools' menuitem: Windows Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O12 – Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 – DPF: {3D8700FB–86A4–4CB4–B738–6F0FC016AC7D} (MainControl Class) – http://arcaonline.arcabit.com/ArcaOnline.cab
O16 – DPF: {A6916797–7ABD–4F07–93AE–098B6F543129} (CO2Player Class) – http://www.lemontv.pl/lmctrlp.cab
O17 – HKLM\System\CCS\Services\Tcpip\..\{F9F73475–AAFB–4838–B8E6–E3FCA49409B5}: NameServer = 10.0.0.1,10.0.0.2
O23 – Service: avast! iAVS4 Control Service (aswUpdSv) – Unknown owner – C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 – Service: Ati HotKey Poller – ATI Technologies Inc. – C:\WINDOWS\system32\Ati2evxx.exe
O23 – Service: ATI Smart – Unknown owner – C:\WINDOWS\system32\ati2sgag.exe
O23 – Service: avast! Antivirus – Unknown owner – C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 – Service: avast! Mail Scanner – Unknown owner – C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 – Service: avast! Web Scanner – Unknown owner – C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 – Service: InstallDriver Table Manager (IDriverT) – Macrovision Corporation – C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 – Service: iPodService – Apple Computer, Inc. – C:\Program Files\iPod\bin\iPodService.exe
Co dalej, pomozcie:)
Kompletnie sie na tym nie znam wiec prosze o łatwy język przy odpowiedziach:)SmileSmile....
Uzycie procesora jest bardzo wysokie (nowy 4–miesieczny komp, czasami siega 100%. I tak sobie skacze (np. przed chwilka): 36% 64% 97% 55% 23%, do tego komp strasznie głosno chodzi!!! Powoli sie włącza i wyłacza!
AMD Athlon(tm) 64 Processor
3000+
2,01Ghz, 512 MB RAM
Przewaznie uzywam 4 programow: Internet, gadu–gadu, bearshare, winamp.
Wyczytalam w innych postach aby zrobic HijackThis, oto efekty ponizej:
Logfile of HijackThis v1.99.1
Scan saved at 21:59:04, on 2006–02–12
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\Webshots\webshots.scr
C:\Program Files\BearShare\BearShare.exe
C:\Program Files\Gadu–Gadu\gg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\WinRAR\WinRAR.exe
F:\instalki\HijackThis.exe
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 – BHO: QUICKfind BHO Object – {C08DF07A–3E49–4E25–9AB0–D3882835F153} – C:\PROGRA~1\TEXTware\QUICKF~1\PlugIns\IEHelp.dll
O4 – HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 – HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 – HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 – HKLM\..\Run: [pdfFactory Dispatcher v2] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe" /source=HKLM
O4 – HKLM\..\Run: [KeyBoardWindow] "C:\Program Files\KeyBoardWindow\kbw.exe"
O4 – HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 – Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 – Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O8 – Extra context menu item: E&ksport do programu Microsoft Excel – res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 – Extra 'Tools' menuitem: Sun Java Console – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 – Extra button: Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O9 – Extra 'Tools' menuitem: Windows Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O12 – Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 – DPF: {3D8700FB–86A4–4CB4–B738–6F0FC016AC7D} (MainControl Class) – http://arcaonline.arcabit.com/ArcaOnline.cab
O16 – DPF: {A6916797–7ABD–4F07–93AE–098B6F543129} (CO2Player Class) – http://www.lemontv.pl/lmctrlp.cab
O17 – HKLM\System\CCS\Services\Tcpip\..\{F9F73475–AAFB–4838–B8E6–E3FCA49409B5}: NameServer = 10.0.0.1,10.0.0.2
O23 – Service: avast! iAVS4 Control Service (aswUpdSv) – Unknown owner – C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 – Service: Ati HotKey Poller – ATI Technologies Inc. – C:\WINDOWS\system32\Ati2evxx.exe
O23 – Service: ATI Smart – Unknown owner – C:\WINDOWS\system32\ati2sgag.exe
O23 – Service: avast! Antivirus – Unknown owner – C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 – Service: avast! Mail Scanner – Unknown owner – C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 – Service: avast! Web Scanner – Unknown owner – C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 – Service: InstallDriver Table Manager (IDriverT) – Macrovision Corporation – C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 – Service: iPodService – Apple Computer, Inc. – C:\Program Files\iPod\bin\iPodService.exe
Co dalej, pomozcie:)
Odpowiedzi: 20
DZIEKI JACEK:)
Raport wklej na stroniehttp://www.hijackthis.de/en i nikogo nie musisz juź prosić. :lol: Oznaczone czerwonym wykrzyknikiem do usunięcia. Żółtym znakiem zapytania sprawa do przemyślenia, moźe wyłącz procesy w menadźerze zadań (Jak pomoźe to usuń)
Sprawdź czy w trybie awaryjnym teź masz takie jazdy. Sprawdź dysk pod kątem błędów – chkdsk. Sprawdź czy dysk pracuje w trybie DMA
Tak, usunęłam ten folder:)
Ten folder C:\Program Files\Save\ usunięty masz juź ??
Na prawde nikt nie moze mi juz pomoc???
ps. Mettal zrobilam te raporty, bo Ty o nie prosiles:):) teraz ja prosze o ich omówienie – dzięki serdeczne!!!
ps. Mettal zrobilam te raporty, bo Ty o nie prosiles:):) teraz ja prosze o ich omówienie – dzięki serdeczne!!!
HEJ!!! PROSZE O ROZSZYFROWANIE TAMTYCH RAPORTOW!!!!
PLISSSSSSSSSSSSS!!!!!!!!! DZIEKI!!!!
PLISSSSSSSSSSSSS!!!!!!!!! DZIEKI!!!!
kto mi pomoze rozszyfrowac te raporty powyzej????:)
dzięki!:)
dzięki!:)
anett:
save –(nie mam??? – nie mam tego folderu)
Masz pokazane ukryte pliki i foldery ?? Jak nie to Narzędzia –> Opcje folderów –> Widok nakaź pokazywanie tych ukrytych plików i folderów oraz nakaź pokazywanie plików chronionych przez system.
Usunelam webshots, keyboard, save –(nie mam??? – nie mam tego folderu)
co z prockiem? – dalej to samo:(
co z prockiem? – dalej to samo:(
Usunelam webshots, keyboard, save –(nie mam??? – nie mam tego folderu)
co z prockiem? – dalej to samo:(
co z prockiem? – dalej to samo:(
C:\Program Files\Webshots\webshots.scr
C:\Program Files\Save\Save.exe
O4 – HKLM\..\Run: [KeyBoardWindow] "C:\Program Files\KeyBoardWindow\kbw.exe"
O4 – HKCU\..\Run: [WhenUSave] "C:\Program Files\Save\Save.exe"
O4 – Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O18 – Protocol: msnim – {828030A1–22C1–4009–854F–8E305202313F} – "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
SILENT RUNNERS
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
"WhenUSave" = ""C:\Program Files\Save\Save.exe"" [null data]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
"KeyBoardWindow" = ""C:\Program Files\KeyBoardWindow\kbw.exe"" [file not found]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714–76d4–11d1–8b24–00a0c9068ff3}" =
"{88895560–9AA2–1069–930E–00AA0030EBC8}" =
Startup items in "anetka" & "All Users" startup folders:
––––––––––––––––––––––––––––––––––––––––––––––––––––––––
C:\Documents and Settings\anetka\Menu Start\Programy\Autostart
"Webshots" –> shortcut to: "C:\Program Files\Webshots\Launcher.exe /t" [null data]
Potraktuj to kopniakiem z półobrotu :mrgreen:
Ale tak na powaźnie:
To co na czerwono usuń, to co wskazałem z Silent Runners usunąć z rejestru.[/i]
Jezeli chodzi o najwieksze Cpu no to jak pisalam wczesniej to wszytsko zmienia sie w ciagu sekundy, jest 2%, nagle 100%, 88% itd.... (pisalam o tym wczesniej)
teraz np. winamp i system zzera mi najwiecej Cpu...
no to macie raz jeszcze:
1) HIJACK
Logfile of HijackThis v1.99.1
Scan saved at 14:19:54, on 2006–02–15
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\TPSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\pavsrv51.exe
C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\AVENGINE.EXE
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
c:\program files\panda software\panda platinum 2006 internet security\firewall\PNMSRV.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PavFnSvr.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\AntiSpam\pskmssvc.exe
C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PsImSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\apvxdwin.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\Webshots\webshots.scr
C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\SRVLOAD.EXE
C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\WebProxy.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Gadu–Gadu\gg.exe
C:\Program Files\Save\Save.exe
C:\Program Files\Winamp\winamp.exe
C:\WINDOWS\system32\taskmgr.exe
F:\instalki\HijackThis.exe
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 – BHO: QUICKfind BHO Object – {C08DF07A–3E49–4E25–9AB0–D3882835F153} – C:\PROGRA~1\TEXTware\QUICKF~1\PlugIns\IEHelp.dll
O4 – HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 – HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 – HKLM\..\Run: [pdfFactory Dispatcher v2] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe" /source=HKLM
O4 – HKLM\..\Run: [KeyBoardWindow] "C:\Program Files\KeyBoardWindow\kbw.exe"
O4 – HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\APVXDWIN.EXE" /s
O4 – HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\Inicio.exe"
O4 – HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 – HKCU\..\Run: [WhenUSave] "C:\Program Files\Save\Save.exe"
O4 – Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 – Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O8 – Extra context menu item: E&ksport do programu Microsoft Excel – res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 – Extra 'Tools' menuitem: Sun Java Console – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 – Extra button: Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O9 – Extra 'Tools' menuitem: Windows Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O12 – Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 – DPF: {3D8700FB–86A4–4CB4–B738–6F0FC016AC7D} (MainControl Class) – http://arcaonline.arcabit.com/ArcaOnline.cab
O16 – DPF: {A6916797–7ABD–4F07–93AE–098B6F543129} (CO2Player Class) – http://www.lemontv.pl/lmctrlp.cab
O17 – HKLM\System\CCS\Services\Tcpip\..\{F9F73475–AAFB–4838–B8E6–E3FCA49409B5}: NameServer = 10.0.0.1,10.0.0.2
O18 – Protocol: msnim – {828030A1–22C1–4009–854F–8E305202313F} – "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 – Winlogon Notify: avldr – C:\WINDOWS\SYSTEM32\avldr.dll
O23 – Service: Ati HotKey Poller – ATI Technologies Inc. – C:\WINDOWS\system32\Ati2evxx.exe
O23 – Service: ATI Smart – Unknown owner – C:\WINDOWS\system32\ati2sgag.exe
O23 – Service: InstallDriver Table Manager (IDriverT) – Macrovision Corporation – C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 – Service: iPodService – Apple Computer, Inc. – C:\Program Files\iPod\bin\iPodService.exe
O23 – Service: Panda Function Service (PAVFNSVR) – Panda Software – C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PavFnSvr.exe
O23 – Service: Panda Process Protection Service (PavPrSrv) – Panda Software – C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 – Service: Panda anti–virus service (PAVSRV) – Panda Software – C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\pavsrv51.exe
O23 – Service: Panda Antispam Engine (pmshellsrv) – PANDA SOFTWARE – C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\AntiSpam\pskmssvc.exe
O23 – Service: Panda Network Manager (PNMSRV) – Panda Software – c:\program files\panda software\panda platinum 2006 internet security\firewall\PNMSRV.EXE
O23 – Service: Panda IManager Service (PSIMSVC) – Panda Software Internacional – C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PsImSvc.exe
O23 – Service: Panda TPSrv (TPSrv) – Panda Software – C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\TPSrv.exe
2)Jezeli chodzi o LSPFix to mam te 3 potrzebne pliki i jeszcze plik: pavlsp.dll (protocol handler)
3)"Silent Runners.vbs", revision 43, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non–default values, except where indicated by "{++}"
Startup items buried in registry:
–––––––––––––––––––––––––––––––––
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS]
"WhenUSave" = ""C:\Program Files\Save\Save.exe"" [null data]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"ATIPTA" = "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" ["ATI Technologies, Inc."]
"(Default)" = (empty string)
"ATICCC" = ""C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime" [null data]
"pdfFactory Dispatcher v2" = ""C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe" /source=HKLM" ["FinePrint Software, LLC"]
"KeyBoardWindow" = ""C:\Program Files\KeyBoardWindow\kbw.exe"" [file not found]
"APVXDWIN" = ""C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\APVXDWIN.EXE" /s" ["Panda Software International"]
"SCANINICIO" = ""C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\Inicio.exe"" ["Panda Software International"]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F–C8D7–4D59–B87D–784B7D6BE0B3}\(Default) = "AcroIEHlprObj Class" [from CLSID]
–> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx" [empty string]
{C08DF07A–3E49–4E25–9AB0–D3882835F153}\(Default) = "QUICKfind BHO Object" [from CLSID]
–> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\TEXTware\QUICKF~1\PlugIns\IEHelp.dll" [null data]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714–76d4–11d1–8b24–00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"
–> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560–9AA2–1069–930E–00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"
–> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
"{5E2121EE–0300–11D4–8D3B–444553540000}" = "Catalyst Context Menu extension"
–> {CLSID}\InProcServer32\(Default) = "C:\Program Files\ATI Technologies\ATI.ACE\atiacmxx.dll" [empty string]
"{B9E1D2CB–CCFF–4AA6–9579–D7A4754030EF}" = "iTunes"
–> {CLSID}\InProcServer32\(Default) = "C:\Program Files\iTunes\iTunesMiniPlayer.dll" ["Apple Computer, Inc."]
"{42042206–2D85–11D3–8CFF–005004838597}" = "Microsoft Office HTML Icon Handler"
–> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\msohev.dll" [MS]
"{21569614–B795–46b1–85F4–E737A8DC09AD}" = "Shell Search Band"
–> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]
"{B41DB860–8EE4–11D2–9906–E49FADC173CA}" = "WinRAR shell extension"
–> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
"{65756541–C65C–11CD–0000–4B656E696100}" = "Panda Antivirus"
–> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PAVOLE.DLL" ["Panda Software"]
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
INFECTION WARNING! AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."]
INFECTION WARNING! avldr\DLLName = "avldr.dll" ["Panda Software"]
HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
Panda Antivirus\(Default) = "{65756541–C65C–11CD–0000–4B656E696100}"
–> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PAVOLE.DLL" ["Panda Software"]
WinRAR\(Default) = "{B41DB860–8EE4–11D2–9906–E49FADC173CA}"
–> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
WinRAR\(Default) = "{B41DB860–8EE4–11D2–9906–E49FADC173CA}"
–> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
Panda Antivirus\(Default) = "{65756541–C65C–11CD–0000–4B656E696100}"
–> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PAVOLE.DLL" ["Panda Software"]
WinRAR\(Default) = "{B41DB860–8EE4–11D2–9906–E49FADC173CA}"
–> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
Active Desktop and Wallpaper:
–––––––––––––––––––––––––––––
Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\anetka\Dane aplikacji\Webshots\The Webshots Desktop\Webshots Wallpaper.bmp"
Enabled Screen Saver:
–––––––––––––––––––––
HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\system32\logon.scr" [MS]
Startup items in "anetka" & "All Users" startup folders:
––––––––––––––––––––––––––––––––––––––––––––––––––––––––
C:\Documents and Settings\anetka\Menu Start\Programy\Autostart
"Webshots" –> shortcut to: "C:\Program Files\Webshots\Launcher.exe /t" [null data]
C:\Documents and Settings\All Users\Menu Start\Programy\Autostart
"ATI CATALYST System Tray" –> shortcut to: "C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe SystemTray" [null data]
Winsock2 Service Provider DLLs:
–––––––––––––––––––––––––––––––
Namespace Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
Transport Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\pavlsp.dll ["Panda Software "], 01 – 03, 15
%SystemRoot%\system32\mswsock.dll [MS], 04 – 06, 09 – 14
%SystemRoot%\system32\rsvpsp.dll [MS], 07 – 08
Toolbars, Explorer Bars, Extensions:
––––––––––––––––––––––––––––––––––––
Extensions (Tools menu items, main toolbar menu buttons)
HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0–4FCB–11CF–AAA5–00401C608501}\
"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{CAFEEFAC–0015–0000–0005–ABCDEFFEDCBC}"
–> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll" ["Sun Microsystems, Inc."]
{FB5F1910–F110–11D2–BB9E–00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]
Running Services (Display Name, Service Name, Path {Service DLL}):
––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––
Ati HotKey Poller, Ati HotKey Poller, "C:\WINDOWS\system32\Ati2evxx.exe" ["ATI Technologies Inc."]
Panda anti–virus service, PAVSRV, ""C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\pavsrv51.exe"" ["Panda Software"]
Panda Antispam Engine, pmshellsrv, "C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\AntiSpam\pskmssvc.exe" ["PANDA SOFTWARE"]
Panda Function Service, PAVFNSVR, ""C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PavFnSvr.exe"" ["Panda Software"]
Panda IManager Service, PSIMSVC, ""C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PsImSvc.exe"" ["Panda Software Internacional"]
Panda Network Manager, PNMSRV, ""c:\program files\panda software\panda platinum 2006 internet security\firewall\PNMSRV.EXE"" ["Panda Software"]
Panda Process Protection Service, PavPrSrv, ""C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe"" ["Panda Software"]
Panda TPSrv, TPSrv, ""C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\TPSrv.exe"" ["Panda Software"]
Print Monitors:
–––––––––––––––
HKLM\System\CurrentControlSet\Control\Print\Monitors\
FPP2:\Driver = "fppmon2.dll" ["FinePrint Software, LLC"]
––––––––––
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the –all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points and all Registry CLSIDs for dormant Explorer Bars,
use the –supp parameter or answer "No" at the first message box.
–––––––––– (total run time: 48 seconds, including 26 seconds for message boxes)
Natomiast, nie wiem, czy czytalisie na stronie 1 ( ostatnią moją wiadomosc – czy to moze jest przyczyna??? – przeczytajcie!!!!)
Jezeli chodzi o webshots (ktos wyzej o tym wspomnial) to procek zaczal wariowac jeszcze przed instalacja tego programu.... A keybord juz odinstalowalam...
Jezeli chodzi o bearshare'a to zeby go moc uzywac to z nim instaluje sie tez spyware...
I teraz przy tych raportach ( o ktorych odczytaniu nie mam zielonego pojecia:) winamp jest najaktywniejszy....
Teraz skanuje panda – w tym momencie – i najaktywnniejszy jest pavjobs.exe – procesor 50, 96, 99,100, 99, 74, 99, 100, 24, 79, 100, 80, 96, 88,71, 99,.............%
Wielkie dzieki za pomoc!!!! :):):)
teraz np. winamp i system zzera mi najwiecej Cpu...
no to macie raz jeszcze:
1) HIJACK
Logfile of HijackThis v1.99.1
Scan saved at 14:19:54, on 2006–02–15
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\TPSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\pavsrv51.exe
C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\AVENGINE.EXE
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
c:\program files\panda software\panda platinum 2006 internet security\firewall\PNMSRV.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PavFnSvr.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\AntiSpam\pskmssvc.exe
C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PsImSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\apvxdwin.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\Webshots\webshots.scr
C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\SRVLOAD.EXE
C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\WebProxy.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Gadu–Gadu\gg.exe
C:\Program Files\Save\Save.exe
C:\Program Files\Winamp\winamp.exe
C:\WINDOWS\system32\taskmgr.exe
F:\instalki\HijackThis.exe
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 – BHO: QUICKfind BHO Object – {C08DF07A–3E49–4E25–9AB0–D3882835F153} – C:\PROGRA~1\TEXTware\QUICKF~1\PlugIns\IEHelp.dll
O4 – HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 – HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 – HKLM\..\Run: [pdfFactory Dispatcher v2] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe" /source=HKLM
O4 – HKLM\..\Run: [KeyBoardWindow] "C:\Program Files\KeyBoardWindow\kbw.exe"
O4 – HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\APVXDWIN.EXE" /s
O4 – HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\Inicio.exe"
O4 – HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 – HKCU\..\Run: [WhenUSave] "C:\Program Files\Save\Save.exe"
O4 – Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 – Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O8 – Extra context menu item: E&ksport do programu Microsoft Excel – res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 – Extra 'Tools' menuitem: Sun Java Console – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 – Extra button: Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O9 – Extra 'Tools' menuitem: Windows Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O12 – Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 – DPF: {3D8700FB–86A4–4CB4–B738–6F0FC016AC7D} (MainControl Class) – http://arcaonline.arcabit.com/ArcaOnline.cab
O16 – DPF: {A6916797–7ABD–4F07–93AE–098B6F543129} (CO2Player Class) – http://www.lemontv.pl/lmctrlp.cab
O17 – HKLM\System\CCS\Services\Tcpip\..\{F9F73475–AAFB–4838–B8E6–E3FCA49409B5}: NameServer = 10.0.0.1,10.0.0.2
O18 – Protocol: msnim – {828030A1–22C1–4009–854F–8E305202313F} – "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 – Winlogon Notify: avldr – C:\WINDOWS\SYSTEM32\avldr.dll
O23 – Service: Ati HotKey Poller – ATI Technologies Inc. – C:\WINDOWS\system32\Ati2evxx.exe
O23 – Service: ATI Smart – Unknown owner – C:\WINDOWS\system32\ati2sgag.exe
O23 – Service: InstallDriver Table Manager (IDriverT) – Macrovision Corporation – C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 – Service: iPodService – Apple Computer, Inc. – C:\Program Files\iPod\bin\iPodService.exe
O23 – Service: Panda Function Service (PAVFNSVR) – Panda Software – C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PavFnSvr.exe
O23 – Service: Panda Process Protection Service (PavPrSrv) – Panda Software – C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 – Service: Panda anti–virus service (PAVSRV) – Panda Software – C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\pavsrv51.exe
O23 – Service: Panda Antispam Engine (pmshellsrv) – PANDA SOFTWARE – C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\AntiSpam\pskmssvc.exe
O23 – Service: Panda Network Manager (PNMSRV) – Panda Software – c:\program files\panda software\panda platinum 2006 internet security\firewall\PNMSRV.EXE
O23 – Service: Panda IManager Service (PSIMSVC) – Panda Software Internacional – C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PsImSvc.exe
O23 – Service: Panda TPSrv (TPSrv) – Panda Software – C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\TPSrv.exe
2)Jezeli chodzi o LSPFix to mam te 3 potrzebne pliki i jeszcze plik: pavlsp.dll (protocol handler)
3)"Silent Runners.vbs", revision 43, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non–default values, except where indicated by "{++}"
Startup items buried in registry:
–––––––––––––––––––––––––––––––––
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS]
"WhenUSave" = ""C:\Program Files\Save\Save.exe"" [null data]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"ATIPTA" = "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" ["ATI Technologies, Inc."]
"(Default)" = (empty string)
"ATICCC" = ""C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime" [null data]
"pdfFactory Dispatcher v2" = ""C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe" /source=HKLM" ["FinePrint Software, LLC"]
"KeyBoardWindow" = ""C:\Program Files\KeyBoardWindow\kbw.exe"" [file not found]
"APVXDWIN" = ""C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\APVXDWIN.EXE" /s" ["Panda Software International"]
"SCANINICIO" = ""C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\Inicio.exe"" ["Panda Software International"]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F–C8D7–4D59–B87D–784B7D6BE0B3}\(Default) = "AcroIEHlprObj Class" [from CLSID]
–> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx" [empty string]
{C08DF07A–3E49–4E25–9AB0–D3882835F153}\(Default) = "QUICKfind BHO Object" [from CLSID]
–> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\TEXTware\QUICKF~1\PlugIns\IEHelp.dll" [null data]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714–76d4–11d1–8b24–00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"
–> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560–9AA2–1069–930E–00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"
–> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
"{5E2121EE–0300–11D4–8D3B–444553540000}" = "Catalyst Context Menu extension"
–> {CLSID}\InProcServer32\(Default) = "C:\Program Files\ATI Technologies\ATI.ACE\atiacmxx.dll" [empty string]
"{B9E1D2CB–CCFF–4AA6–9579–D7A4754030EF}" = "iTunes"
–> {CLSID}\InProcServer32\(Default) = "C:\Program Files\iTunes\iTunesMiniPlayer.dll" ["Apple Computer, Inc."]
"{42042206–2D85–11D3–8CFF–005004838597}" = "Microsoft Office HTML Icon Handler"
–> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\msohev.dll" [MS]
"{21569614–B795–46b1–85F4–E737A8DC09AD}" = "Shell Search Band"
–> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]
"{B41DB860–8EE4–11D2–9906–E49FADC173CA}" = "WinRAR shell extension"
–> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
"{65756541–C65C–11CD–0000–4B656E696100}" = "Panda Antivirus"
–> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PAVOLE.DLL" ["Panda Software"]
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
INFECTION WARNING! AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."]
INFECTION WARNING! avldr\DLLName = "avldr.dll" ["Panda Software"]
HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
Panda Antivirus\(Default) = "{65756541–C65C–11CD–0000–4B656E696100}"
–> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PAVOLE.DLL" ["Panda Software"]
WinRAR\(Default) = "{B41DB860–8EE4–11D2–9906–E49FADC173CA}"
–> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
WinRAR\(Default) = "{B41DB860–8EE4–11D2–9906–E49FADC173CA}"
–> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
Panda Antivirus\(Default) = "{65756541–C65C–11CD–0000–4B656E696100}"
–> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PAVOLE.DLL" ["Panda Software"]
WinRAR\(Default) = "{B41DB860–8EE4–11D2–9906–E49FADC173CA}"
–> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
Active Desktop and Wallpaper:
–––––––––––––––––––––––––––––
Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\anetka\Dane aplikacji\Webshots\The Webshots Desktop\Webshots Wallpaper.bmp"
Enabled Screen Saver:
–––––––––––––––––––––
HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\system32\logon.scr" [MS]
Startup items in "anetka" & "All Users" startup folders:
––––––––––––––––––––––––––––––––––––––––––––––––––––––––
C:\Documents and Settings\anetka\Menu Start\Programy\Autostart
"Webshots" –> shortcut to: "C:\Program Files\Webshots\Launcher.exe /t" [null data]
C:\Documents and Settings\All Users\Menu Start\Programy\Autostart
"ATI CATALYST System Tray" –> shortcut to: "C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe SystemTray" [null data]
Winsock2 Service Provider DLLs:
–––––––––––––––––––––––––––––––
Namespace Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
Transport Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\pavlsp.dll ["Panda Software "], 01 – 03, 15
%SystemRoot%\system32\mswsock.dll [MS], 04 – 06, 09 – 14
%SystemRoot%\system32\rsvpsp.dll [MS], 07 – 08
Toolbars, Explorer Bars, Extensions:
––––––––––––––––––––––––––––––––––––
Extensions (Tools menu items, main toolbar menu buttons)
HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0–4FCB–11CF–AAA5–00401C608501}\
"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{CAFEEFAC–0015–0000–0005–ABCDEFFEDCBC}"
–> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll" ["Sun Microsystems, Inc."]
{FB5F1910–F110–11D2–BB9E–00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]
Running Services (Display Name, Service Name, Path {Service DLL}):
––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––
Ati HotKey Poller, Ati HotKey Poller, "C:\WINDOWS\system32\Ati2evxx.exe" ["ATI Technologies Inc."]
Panda anti–virus service, PAVSRV, ""C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\pavsrv51.exe"" ["Panda Software"]
Panda Antispam Engine, pmshellsrv, "C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\AntiSpam\pskmssvc.exe" ["PANDA SOFTWARE"]
Panda Function Service, PAVFNSVR, ""C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PavFnSvr.exe"" ["Panda Software"]
Panda IManager Service, PSIMSVC, ""C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PsImSvc.exe"" ["Panda Software Internacional"]
Panda Network Manager, PNMSRV, ""c:\program files\panda software\panda platinum 2006 internet security\firewall\PNMSRV.EXE"" ["Panda Software"]
Panda Process Protection Service, PavPrSrv, ""C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe"" ["Panda Software"]
Panda TPSrv, TPSrv, ""C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\TPSrv.exe"" ["Panda Software"]
Print Monitors:
–––––––––––––––
HKLM\System\CurrentControlSet\Control\Print\Monitors\
FPP2:\Driver = "fppmon2.dll" ["FinePrint Software, LLC"]
––––––––––
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the –all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points and all Registry CLSIDs for dormant Explorer Bars,
use the –supp parameter or answer "No" at the first message box.
–––––––––– (total run time: 48 seconds, including 26 seconds for message boxes)
Natomiast, nie wiem, czy czytalisie na stronie 1 ( ostatnią moją wiadomosc – czy to moze jest przyczyna??? – przeczytajcie!!!!)
Jezeli chodzi o webshots (ktos wyzej o tym wspomnial) to procek zaczal wariowac jeszcze przed instalacja tego programu.... A keybord juz odinstalowalam...
Jezeli chodzi o bearshare'a to zeby go moc uzywac to z nim instaluje sie tez spyware...
I teraz przy tych raportach ( o ktorych odczytaniu nie mam zielonego pojecia:) winamp jest najaktywniejszy....
Teraz skanuje panda – w tym momencie – i najaktywnniejszy jest pavjobs.exe – procesor 50, 96, 99,100, 99, 74, 99, 100, 24, 79, 100, 80, 96, 88,71, 99,.............%
Wielkie dzieki za pomoc!!!! :):):)
A sprawdz ile 'C ma procek, dysk, grafa, u mnie jest na poziomie 25–29'C (procek i grafa).
A co ma temperatura procesora, a tym bardziej grafiki do zuzycia zasobow procka ? :shock:
anett – jak juz piszesz ze zuzycie jest wysokie, to wysil sie troche i napisz ktory to proces, bo masz ich pewnie z 40, a pewnie jeden, gora dwa zrzeraja procaka. My zgadywac nie bedziemy...
Jesli to proces Pandy, to mozliwe tak jak pisal EL NINO ze masz jakis syf w kompie i natywiry proboja z tym walczyc, przeskanuj kompa jakims skanerem Online (np. mks) zrob log w Hijack This i Silent Runners. Tu masz opis jak to zrobic http://forum.centrumxp.pl/viewtopic.php?t=19974
http://forum.centrumxp.pl/viewtopic.php?t=35349
A sprawdz ile 'C ma procek, dysk, grafa, u mnie jest na poziomie 25–29'C (procek i grafa).
POMOZCIE prosze!!!!
Teraz mam Pande, ale dalej to samo... :(
Teraz mam Pande, ale dalej to samo... :(
Wiecie co ja chyba wiem o co chodzi:) ale to tylko moje domysly;)
Na samym poczatku istnienia kompa, po podlaczeniu do sieci, do hub'a (chyba jakis ferelny) dzialo sie cos dziwnego z kompem, chyba nastapilo jakies zwarcie, bo:
1) z jednej strony wyskakiwalo mi przy polaczeniu sieciwym: Połaczenie lokalne polaczono
2) z drugiej strony wyskakiwalo kabel sieciowy odlaczony
i tak sobie te okienka migaly przez jakis czas dopoki komputer nie doszedl do siebie (wtedy tez nie chcial sie wylaczyc), jak juz doszedl to byl internet, ale potem jeszcze z dwa razy doszlo do tych a'la zwarc:)
teraz z tym wyzej jest ok (nowy switch)
Ale czy ten hub moze byc przyczyna ze ten procek teraz tak chodzi??? nie znam sie na tym....
Na samym poczatku istnienia kompa, po podlaczeniu do sieci, do hub'a (chyba jakis ferelny) dzialo sie cos dziwnego z kompem, chyba nastapilo jakies zwarcie, bo:
1) z jednej strony wyskakiwalo mi przy polaczeniu sieciwym: Połaczenie lokalne polaczono
2) z drugiej strony wyskakiwalo kabel sieciowy odlaczony
i tak sobie te okienka migaly przez jakis czas dopoki komputer nie doszedl do siebie (wtedy tez nie chcial sie wylaczyc), jak juz doszedl to byl internet, ale potem jeszcze z dwa razy doszlo do tych a'la zwarc:)
teraz z tym wyzej jest ok (nowy switch)
Ale czy ten hub moze byc przyczyna ze ten procek teraz tak chodzi??? nie znam sie na tym....
Hmm, dziwne.. Ja mam wlaczonego WinAmpa–tego nowego co ponoc tak muli kompa, BitDefendera (FireWall, AntyVir) Anty Spyware, GG, BearShare, DC i zuzycie procka wynosi okolo 4%. :shock: Ale wszystko sie szybko otwiera i zamyka, a komp startuje mi w kilkanascie sekund. :shock: Czy to jest normalne, czy cos za szybko chodzi i moze sie szybko przegrzac? Nie podkrecalem kompa. Procesor Sempron 3400+, 1GHz Ram. Pomozcie!
Zasoby sa chyba zzerane dlatego, ze antywiry "walcza" z jakimis smieciami.
Coz to jest C:\Program Files\KeyBoardWindow\kbw.exe, albo C:\Program Files\Webshots\webshots.scr czy C:\Program Files\Webshots\Launcher.exe ?
anett, jestes za toto pewna ?
Coz to jest C:\Program Files\KeyBoardWindow\kbw.exe, albo C:\Program Files\Webshots\webshots.scr czy C:\Program Files\Webshots\Launcher.exe ?
anett, jestes za toto pewna ?
Panda teź zźera duźo zasobów i uźycia procka.
Wgraj NOD32. To jest ideał.
Wgraj NOD32. To jest ideał.