| Autor | Správa |
|---|
alfasex
Užívateľ
Založený: 28.03.2008
Príspevky: 12
 |  Zaslal: Pi 28.03.08 18:30 |   |
Dobry den,
precital som si par rad, ale ziadna mi nepomaha:(
po restarte PC, nabehne system XP v poriadku, len na systemovej casti ako keby sa nieco deje, co spomaluje pc, cca 10-15 min sa hdd ukludni
ten zvuk co ten disk vydava je ako pri defragmentacii/scandisku... prosim poradte ako to vyriesit... skusal som i CHKNTFS /X C: ale neako nezabera:(
dakujem |
| |
  |
|
Luks
Administrátor
Založený: 09.05.2005
Príspevky: 8888
Bydlisko: ~Semily
Vek: 25
| | Zaslal: Pi 28.03.08 18:38 | |
Windows Vista?Pokud ano,je to normální. |
_________________
PC1:CPU: AMD PhenomII X4 955BE 4Ghz Cooler: ThermalRight IFX-14 + 2xEnermax UCMA12 Magma MB: Gigabyte MA790X-UD4 GPU: GIGABYTE HD 6870 Ultra Durable OC 932/4800RAM:Kingston + A-DATA 8GB DDRII800 HDD1: OCZ Agility 3 120GB HDD2: WD Green 2TB HDD3:WD Green 1TB HDD4:Samsung F1 640GB HD642JJ HDD5: Samsung F3 1.5TB HDD6: WD My Book Essential Edition 2.0 640GB DVDRW: Samsung SH-222AB SATA Sound: X-Fi ExtremeGamer Fatal1ty Pro Series PSU: SEASONIC S12II-620 Case: Chieftec CH-02B-B LCD: Samsung SyncMaster P2770HD + 205BW Repro: Genius HF1250X Headphones: KOSS SB/45 TELEFON: HTC Desire HD -.¸¸.·´¯ RCMix 4.0 Energized BLUE Edition ¯´-.¸¸.-,32GB,Case-Mate Hybrid Tough Black
PC2:CPU:Athlon X2 5000+BE | MB:Gigabyte GA-M52L-S3 | RAM:4GB DDRII | VGA: Point Of View GeForce 9800GT JanoF clear version | HDD:Samsung HD200HJ | PSU:Xilence 400W | LCD:17" DELL E177FP
PC3CPU:Athlon XP 2400+ | MB:Asus A7V660 | RAM:2GB DDR333 | VGA:MSI GeForce 6600GT | HDD:Samsung HD200HJ | LCD:19" PHILIPS 190C1SB/00 | |
    |
|
alfasex
Užívateľ
Založený: 28.03.2008
Príspevky: 12
| | Zaslal: Pi 28.03.08 18:41 | |
|
|
|
Roberbo
Skúsený užívateľ
Založený: 10.07.2007
Príspevky: 1060
Bydlisko: Bratislava
|
| alfasex napísal: | Dobry den,
precital som si par rad, ale ziadna mi nepomaha:(
po restarte PC, nabehne system XP v poriadku, len na systemovej casti ako keby sa nieco deje, co spomaluje pc, cca 10-15 min sa hdd ukludni
ten zvuk co ten disk vydava je ako pri defragmentacii/scandisku... prosim poradte ako to vyriesit... skusal som i CHKNTFS /X C: ale neako nezabera:(
dakujem |
Najskor mas napadnute pc..
Pre zaciatok posli vypis z utility Hijackthis.
http://www.trendsecure.com/portal/en-US/threat_analytics/hijackthis.php
Spusti [Scan a Save log] a potom cely obsah(Ctrl+A) skopirujes(Ctrl+C) a vloz(CTrl+V) sem do fora. |
_________________
Nebo je modre, voda je mokra... | |
|
|
alfasex
Užívateľ
Založený: 28.03.2008
Príspevky: 12
| | Zaslal: So 29.03.08 12:36 | |
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:35:43, on 29.3.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
D:\APPs\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\UltraFXP\UltraFxp.exe
D:\APPs\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
D:\APPs\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\System32\alg.exe
E:\-.- MIRc -.-\mIRCescape3n\mirc.exe
D:\APPs\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\totalcmd\TOTALCMD.EXE
E:\-.- MIRc -.-\mircZzZz\mirc.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\@lfa\Local Settings\Temp\wzc363\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O2 - BHO: XTTBPos00 Class - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\Program Files\ICQToolbar\toolbaru.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file)
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - D:\APPs\FlashFXP\IEFlash.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [NvMediaCenter] "RunDLL32.exe" NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SpySweeper] "D:\APPs\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AAWTray] D:\APPs\Lavasoft\Ad-Aware 2007\AAWTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = D:\APPs\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Download All by FlashGet - D:\APPs\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - D:\APPs\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\APPs\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\APPs\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\APPs\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\APPS\FLASHGET\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\APPS\FLASHGET\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1163084506931
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.30 85.255.112.150
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.30 85.255.112.150
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - D:\APPs\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: O&O Defrag 2000 (OOD2000) - O&O Software GmbH - C:\WINDOWS\system32\OOD2000.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - D:\APPs\Webroot\Spy Sweeper\SpySweeper.exe
--
End of file - 6586 bytes |
| |
|
|
Tech
Skúsený užívateľ
Založený: 27.03.2008
Príspevky: 700
| | Zaslal: So 29.03.08 16:29 | |
|
|
|
alfasex
Užívateľ
Založený: 28.03.2008
Príspevky: 12
| | Zaslal: So 29.03.08 16:56 | |
pravidelne a najviac je to subor
services.exe:720 a robi asi toto:
services.exe:720 OPEN
services.exe:720 LOCK
services.exe:720 QUERY INFORMATION
services.exe:720 READ
services.exe:720 UNLOCK
services.exe:720 CLOSE
a tak to robi v ramci kazdeho diru na C:
 |
| |
|
|
Tech
Skúsený užívateľ
Založený: 27.03.2008
Príspevky: 700
| | Zaslal: Ne 30.03.08 16:08 | |
OK, je tam aj ďaľšia položka, že "path" s ktorou aplikáciou pracuje najviac "services.exe"? |
| |
|
|
alfasex
Užívateľ
Založený: 28.03.2008
Príspevky: 12
| | Zaslal: Po 31.03.08 12:32 | |
|
|
|
alfasex
Užívateľ
Založený: 28.03.2008
Príspevky: 12
| | Zaslal: Po 31.03.08 12:33 | |
aham jup jasne aj path... viac na prilozenych oblazkoch... som vazne uz zufaly:( |
| |
|
|
Tech
Skúsený užívateľ
Založený: 27.03.2008
Príspevky: 700
|
1) Ak máš zapojené do USB nejaké Bluetooth zariadnie, vypni ho cez windows a odpoj fyzicky, reštart. Ak nie, prípadne nepomôže, bod:
2) Vypni sieť v "sieťových pripojeniach" -> "pripojenie k miestnej sieti" -> "vypnúť", reštart. Ak PC pôjde normálne, chybu budeme hľadať tam, ak nie, bod:
3) Stiahni: http://download.sysinternals.com/Files/ProcessExplorer.zip a pozri sa, aké procesy sú spustené hneď pod "services.exe", pokým bude vyťažený na 100% klikni hore na "file" -> "save as" a textovy vycus pastni sem. |
| |
|
|
alfasex
Užívateľ
Založený: 28.03.2008
Príspevky: 12
| | Zaslal: Št 03.04.08 13:59 | |
1) nemam ziadne bluetooth
2) vypol som, po restarte znovu sa to zacalo chovat tak isto
3) stiahol a sputil som process explorer
Process PID CPU Description Company Name
System Idle Process 0
Interrupts n/a 0.97 Hardware Interrupts
DPCs n/a 0.97 Deferred Procedure Calls
System 4 0.97
smss.exe 888 Windows NT Session Manager Microsoft Corporation
csrss.exe 944 Client Server Runtime Process Microsoft Corporation
winlogon.exe 984 Windows NT Logon Application Microsoft Corporation
services.exe 1056 7.77 Services and Controller app Microsoft Corporation
svchost.exe 1332 Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1380 86.41 Generic Host Process for Win32 Services Microsoft Corporation
wuauclt.exe 2276 Automatic Updates Microsoft Corporation
svchost.exe 1436 Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1672 Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1892 Generic Host Process for Win32 Services Microsoft Corporation
spoolsv.exe 2024 Spooler SubSystem App Microsoft Corporation
CTSVCCDA.EXE 340 Creative Service for CDROM Access Creative Technology Ltd
mdm.exe 420 Machine Debug Manager Microsoft Corporation
nvsvc32.exe 464 NVIDIA Driver Helper Service, Version 93.71 NVIDIA Corporation
svchost.exe 592 Generic Host Process for Win32 Services Microsoft Corporation
alg.exe 2008 Application Layer Gateway Service Microsoft Corporation
lsass.exe 1068 LSA Shell (Export Version) Microsoft Corporation
explorer.exe 1912 2.91 Windows Explorer Microsoft Corporation
rundll32.exe 704 Run a DLL as an App Microsoft Corporation
jusched.exe 712 Java(TM) Platform SE binary Sun Microsystems, Inc.
soundman.exe 748 Realtek Sound Manager Realtek Semiconductor Corp.
realsched.exe 776 RealNetworks Scheduler RealNetworks, Inc.
ctfmon.exe 868 CTF Loader Microsoft Corporation
TeaTimer.exe 908 System settings protector Safer Networking Limited
RegistryBooster.exe 912 Uniblue Registry Booster Uniblue Software
WZQKPICK.EXE 936 WinZip Executable WinZip Computing LP
TOTALCMD.EXE 2220 Total Commander 32 bit international version, file manager replacement for Windows C. Ghisler & Co.
procexp.exe 2324 Sysinternals Process Explorer Sysinternals - www.sysinternals.com |
| |
|
|
alfasex
Užívateľ
Založený: 28.03.2008
Príspevky: 12
| | Zaslal: Št 03.04.08 14:15 | |
respektive cca po 5minutach vypis:
Process PID CPU Description Company Name
System Idle Process 0 44.66
Interrupts n/a 1.94 Hardware Interrupts
DPCs n/a Deferred Procedure Calls
System 4 1.94
smss.exe 880 Windows NT Session Manager Microsoft Corporation
csrss.exe 936 Client Server Runtime Process Microsoft Corporation
winlogon.exe 976 Windows NT Logon Application Microsoft Corporation
services.exe 1048 38.83 Services and Controller app Microsoft Corporation
svchost.exe 1316 Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1412 Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1552 Generic Host Process for Win32 Services Microsoft Corporation
wuauclt.exe 3460 Automatic Updates Microsoft Corporation
svchost.exe 1608 Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1716 Generic Host Process for Win32 Services Microsoft Corporation
spoolsv.exe 220 Spooler SubSystem App Microsoft Corporation
CTSVCCDA.EXE 1488 Creative Service for CDROM Access Creative Technology Ltd
mdm.exe 1524 Machine Debug Manager Microsoft Corporation
nvsvc32.exe 1604 NVIDIA Driver Helper Service, Version 93.71 NVIDIA Corporation
svchost.exe 1712 1.94 Generic Host Process for Win32 Services Microsoft Corporation
alg.exe 2116 Application Layer Gateway Service Microsoft Corporation
lsass.exe 1060 LSA Shell (Export Version) Microsoft Corporation
explorer.exe 2020 0.97 Windows Explorer Microsoft Corporation
rundll32.exe 460 Run a DLL as an App Microsoft Corporation
jusched.exe 468 Java(TM) Platform SE binary Sun Microsystems, Inc.
soundman.exe 484 Realtek Sound Manager Realtek Semiconductor Corp.
realsched.exe 500 RealNetworks Scheduler RealNetworks, Inc.
ctfmon.exe 508 CTF Loader Microsoft Corporation
TeaTimer.exe 516 1.94 System settings protector Safer Networking Limited
RegistryBooster.exe 572 Uniblue Registry Booster Uniblue Software
WZQKPICK.EXE 668 WinZip Executable WinZip Computing LP
TOTALCMD.EXE 2608 Total Commander 32 bit international version, file manager replacement for Windows C. Ghisler & Co.
procexp.exe 2628 2.91 Sysinternals Process Explorer Sysinternals - www.sysinternals.com
MIRC.EXE 2772 0.97 mIRC mIRC Co. Ltd.
firefox.exe 2680 3.88 Firefox Mozilla Corporation
UltraFxp.exe 2700
DAMN_N~1.EXE 3572 DAMN NFO Viewer DAMN |
| |
|
|
Tech
Skúsený užívateľ
Založený: 27.03.2008
Príspevky: 700
| | Zaslal: Št 03.04.08 20:25 | |
Vždy pokroč na ďaľší bod ak nepomôže predošlí. Ak máš zapnutú funkciu "obnovovanie systému" môžeš vytvoriť bod obnovy pred menením nastavení.
1) Skús vypnúť "povoliť indexovanie pre tento disk" vo vlastnostiach toho konkrétneho disku ak to máš zapnuté, reštart. Ak to nepomôže, mal si to zapnuté a často ani nehľadáš súbory na disku tak to ani nezapínaj.
2) Skús úplne vypnúť automatické aktualizácie pre XP, reštart.
3) Choď do -> "štart" -> "spustiť" -> napíš: "services.msc" -> tam nájdi: "Nvidia Display Driver Service" -> "vlastnosti" -> "typ spustenia" -> "zakázať", reštart ako obyčajne.
4) Pri bootovaní XP stlač F8 a zvoľ núdzový režim, prejavuje sa symptóm?
Všetky body okrem 1. (ľubovoľne) a 4. vráť späť ak sa nič nezmení.
Skús si spomenúť aké zmeny (nastavenie, inštalácia...) si vykonal pred tým ako sa to začalo prejavovať... Ak žiadny z bodov nepomôže, nemôžeme vylúčiť infekciu PC.
Čakám na výsledok. |
| |
|
|
alfasex
Užívateľ
Založený: 28.03.2008
Príspevky: 12
| | Zaslal: Pi 04.04.08 18:07 | |
1) indexovanie som vypol ... zmena sa neprejavila
2) automaticke aktualizacie XP, mam vypnute cez Control Panel/Windows Security Center/ Automatic Updates (automatic updates is turned off) .. to je snad uplne
3) Nvidia som vypol ... zmena sa neprejavila
4) skusil som safe mode, a v tom mi to nerobi
inak som skusal i adware/spybot nieco nasli fixol som ale stale mi to robi to iste... zufalstvo je uz slaby pojem:( |
| |
|
|
|
, pôvodne je od sysinternals. No a hneď po štarte ju spusti a sleduj čo spôsobuje to zaťaženie disku.